Matus UHLAR - fantomas wrote:
Please, configure your mailer to wrap lines below 80 characters per line.
72 to 76 is OK.
On 09.09.08 11:49, Rosenbaum, Larry M. wrote:
For the past few days I have noticed SpamAssassin takes much longer to
process messages between about 10:00am and 1:00pm EDT.
Lars Ebeling wrote:
So my mail was considered as Spam only and only because of it contained
opy/20_porn.cf of this M$ Antigen.
or maybe also because it contained PORN_URL_MISC in the headers.
but whether it considered it spam is less problematic than bouncing it
to you. bounces should be
David Carvalho wrote:
Hi !
Is it possible to redirect classified spam to another file, just after
classification, instead of
appending to the user regular mail file (like /var/mail/usermail) ?
sure. use maildrop, procmail, dovecot sieve, amavisd-new, postfix,
etc. SA is not involved
patrickbaer wrote:
Hi all,
I'm looking for some regex to find a list of strings in the body,
independent where they are and so on.
Example:
i am Nice Girl good looking girl who is looking to chat with you.
email me back at [EMAIL PROTECTED]
i will reply back with some really nice pics or
Jesse Stroik wrote:
Karl,
Ease of setup and use are not the primary reason for purchasing any
product, IMO.
Yes, but you aren't the common user. Many commercial products *must*
have oversimplified setups if they want the largest possible customer
base.
It's more than a common user
Felix Buenemann wrote:
Hi,
is it possible to skip scanning with spamc for large mails? (eg. 1MB)
I receive lots of huge mail (15-30MByte) on my server an the scanning
takes very long for those mails, that will be ham anyways.
1MB is probably too large. There is not much spam with such
Gene Heskett wrote:
There are rumors floating around that the python being shipped by
redhat/fedora is about 100x slower than python installed from the tarballs.
python? do you mean perl?
Can this be confirmed?
See the recent thread using RHEL / CentOS / Fedora perl?
I have reduced
RobertH wrote:
From: mouss
1MB is probably too large. There is not much spam with such size
(although few ones were reported here).
What has the studies of the average and realistic maximum of spam email
sizes concluded?
Was the conclusion the SA default size?
I am not aware of any
Martin.Hepworth wrote:
Depends on you call SA.. Mailscanner for one has this feature.
sorry, I don't understand what feature you are talking about.
my point was that the number of large spam messages is too low for me to
spend SA processing on it.
The samples I looked at could easily be
jpff wrote:
I have a user of a mailing list who is sending from a Verizon system,
and is being marked as spam. Some is use of HTML etc but
* 2.0 BOTNET_CLIENT Relay has a client-like hostname
* =20
[botnet_client,ip=206.46.173.1,hostname=vms173001pub.verizon.net,
John Hardin wrote:
On Sun, 2008-09-14 at 14:43 +0200, mouss wrote:
verizon.net SPF record includes 206.46.0.0/16.
Verizon SPF'd a class-B space?? Please don't tell me that covers part of
their dynamic address pool...
If they block port 25 except for responsible users, I have no problem
Gene Heskett wrote:
On Sunday 14 September 2008, mouss wrote:
John Hardin wrote:
On Sun, 2008-09-14 at 14:43 +0200, mouss wrote:
verizon.net SPF record includes 206.46.0.0/16.
Verizon SPF'd a class-B space?? Please don't tell me that covers part of
their dynamic address pool
Rosenbaum, Larry M. wrote:
From: mouss [mailto:[EMAIL PROTECTED]
The samples I looked at could easily be stopped otherwise (I don't
usuall get a lot of lottery mail with a large .tif from a gmail
address!!). but it's not worth the pain. if spammers start sending
large
messages, things
Michael Hutchinson wrote:
Hello Matt,
So, does anyone have a clue as to why the E-Mail in question was
delivered to our domain? Or even, why would our servers try to
deliver
a message who's recipients don't exist here?
I see nothing in those headers that would indicate who the recipients
Lars Ebeling wrote:
Dear all,
should I run sa-learn on mails that already are classified as spam?
nobody knows :)
- some people train on error. this is what I do.
- others train on everything. the problem here is to get the
everything to use for training.=, since you should only train on
not007 wrote:
I am using cpanel 11 and being told that I can't get spamassassin to rewrite
the subject of emails that are spam. Spam assassin IS adding info in the
header like:
X-Spam-Subject: [SPAM] test message
X-Spam-Status: Yes, score=1002.4
X-Spam-Score: 10024
X-Spam-Bar:
Skip wrote:
What can I do to increase my chances on spammies like this one:
http://pastebin.com/m5f5d11e0
maybe
header _CTYPE_PLAIN Content-Type =~ m|text/plain|
header _CTRANSFER_B64 Content-Transfer-Encoding =~ m|base64|
...
[EMAIL PROTECTED] wrote:
Oh no oh no, man Mail::SpamAssassin::Conf says
Whitespace in the files is not significant, but please note that
starting a line with whitespace is deprecated, as we reserve its use
for multi-line rule definitions, at some point in the future.
OK, sorry. I regret my
Skip Morrow wrote:
On Thu, September 18, 2008 8:55 am, mouss wrote:
Skip wrote:
What can I do to increase my chances on spammies like this one:
http://pastebin.com/m5f5d11e0
maybe
header _CTYPE_PLAIN Content-Type =~ m|text/plain| header _CTRANSFER_B64
Content-Transfer-Encoding =~ m|base64
Skip Morrow wrote:
On Thu, September 18, 2008 9:33 am, John Hardin wrote:
On Thu, 18 Sep 2008, Skip wrote:
What can I do to increase my chances on spammies like this one:
http://pastebin.com/m5f5d11e0
(1) train your bayes with it
I am using bayes, but it didn't catch it. I was quite
Skip Morrow wrote:
Sorry about the double post--operator error.
fire operator :)
Skip Morrow wrote:
I am using bayes, but it didn't catch it. I was quite surprised at
that.
h...
Content analysis details: (6.3 points, 5.0 required)
pts rule name description --
--
3.5 BAYES_99
John Hardin wrote:
On Thu, 18 Sep 2008, mouss wrote:
(2) try the sought fraud ruleset that Justin is generating
http://svn.apache.org/viewvc/spamassassin/rules/trunk/sandbox/jm/20_sough
t_fraud.cf
I'm using that too, and again no joy there. It may be time for an
sa-update though
Jules Yasuna wrote:
Ok - that explains it - thank you very much. Really, many thanks !
But, is there a way to still not run BIND locally, and continue to
benefit from the RBL filters?
Perhaps there is a timeout associated with the RBL filters that can be
increased? I understand that if
such
Evan Platt wrote:
Bob Proulx wrote:
Nabble! Bad Nabble! Let me be yet another voice complaining about
how terrible Nabble is for mailing lists. AFAIK Nabble allows the
user to modify sent messages. Every time they modify the message it
sends the message again using the same Message-Id: as
Kate Kleinschafer wrote:
Hi all,
I have a new install of MailScanner / Postfix / Spamassassin
when I run sudo -u postfix spamassassin -p
/etc/MailScanner/spam.assassin.prefs.conf -t message.MAI
I get the following error:
warn config path /root/ .spamassassin is inaccessible permission denied
Kate Kleinschafer wrote:
I don't think I want to run it as root do I?
run the test command as root, not mailscanner. you have the error while
running the test command. you don't have an error while running
mailscanner.
(MailScanner is set to use user postfix)
I Don't use MS so I have no
Kate Kleinschafer wrote:
I am almost 100% certain that I need to be able to run this command as
postfix.
then find out how to override root environment. try:
sudo postfix HOME=/var/spool/postfix spamassassin ...
Len Conrad wrote:
For the same period of about 4.5 hours, zen had about 110 hits, while
b.barracuda had about 165.
What about overlap? Were the barracuda hits only those that skipped by
zen? Thanks.
for the same period, zen = 153 hits, barracuda = 226 hits
when I comm the two sorted files,
McDonald, Dan wrote:
I'm having trouble with a correspondent who is using SPF, is sending
from a host allowed in policy, but the SPF rule is not matching.
Their spf record (obfuscated) is:
example.com.3600IN TXT v=spf1 mx ptr ip4:a.a.a.0/24
ip4:b.b.b.0/24 a:mailrelay
Justin Piszcz wrote:
Hmm I signed up for this 1-2 days ago but never got a confirmation
e-mail from them? What is the RBL name?
They send from an IP without rDNS.
Received: from barracudacentral.org (unknown [216.129.105.40])
you may have rejected or quarantined it.
mouss wrote:
Justin Piszcz wrote:
Hmm I signed up for this 1-2 days ago but never got a confirmation
e-mail from them? What is the RBL name?
They send from an IP without rDNS.
Received: from barracudacentral.org (unknown [216.129.105.40])
you may have rejected or quarantined
Henrik K wrote:
On Mon, Sep 22, 2008 at 09:23:45AM -0500, Daniel J McDonald wrote:
On Mon, 2008-09-22 at 10:14 -0400, Justin Piszcz wrote:
On Mon, 22 Sep 2008, Daniel J McDonald wrote:
On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
We're trying it today.
Hmm I signed up for this 1-2
Joseph Brennan wrote:
Ralf Hildebrandt [EMAIL PROTECTED] wrote:
My top rejections for today are:
x28 smtp-out.orange.net[193.252.22.118]:
Orange is a major ISP. Their mail-sending hosts are in 193.252.22 and
80.12.242. Mail from Orange runs about 85 to 90% spam here. The
minority
Jesse Stroik wrote:
Kris Deugau wrote:
Jesse Stroik wrote:
There are plenty of places still using mail gateways where the mail
server used for sending is still on an internal network, for a
variety of legitimate reasons, and those mail servers may resolve to
a private address. If you
Jesse Stroik wrote:
Bowie,
What does having the mail gateway on an internal network have to do with
anything? If it is going to send mail to the Internet, then it must
have a public IP address in order to do so. This address may be local
to the machine or it may be translated by a router or
Jason Bertoch wrote:
-Original Message-
From: Kris Deugau [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 3:27 PM
To: users
Subject: Re: New free blacklist: BRBL - Barracuda Reputation Block List
IMO there's little excuse not to have *some* kind of rDNS on
every single IP
[EMAIL PROTECTED] wrote:
On Wed, 24 Sep 2008, [EMAIL PROTECTED] wrote:
I was actually hoping to use it like I use zen.spamhaus.org and
dul.sorbs.net and just reject emails listed on those. It is very rare
that I get a false positive from either, but their efficacy isn't what
it used to be,
Rasmus Haslund wrote:
anyway,
- zen is widely used. so even if it has an FP, the originator will have
problems sending to a lot of places, and has enough incentives to get
delisted. In other words, the FPs caused by zen are passed to the
originator and are no more our FPs! (I hope you see what
Todd Adamson wrote:
Would I be correct or incorrect that this will get updated to our rules
through sa-update. If this does get corrected, what kind of time frame
are we guessing at? And in the short term, if we zero the score for
RCVD_IN_DSBL, will that properly disable the test?
I have
Todd Adamson a écrit :
If dsbl has been down for awhile, since around June, why hasn't it
been removed from the configuration via sa-update before now? That's
one of the purposes of sa-update.
Querying their dns server is certainly a waste of time, but isn't really
a critical issue. At the
Michelle Konzack wrote:
[snip]
but unfortunately the two/four lookups with
host ${RECEIVIP2REV}.zen.spamhaus.org
host ${RECEIVIP2REV}.list.dsbl.org
are very slow...
My idea was already if I do not direct filtering, I could catch the IPs,
put it into a cache file, sort and unify it
Justin Mason wrote:
[snip]
In fairness -- if you drop mail with no rDNS, you are dropping 3.6% of
legit email in general, going by the test results for our RDNS_NONE
rule... ;)
It just came to my mind that RDNS_NONE does not mean the client does not
have a reverse DNS, be it confirmed or
Michael Scheidell wrote:
...and I bet there are still commercial anti-spam products using
dsbl.org because they haven't figured it out either :-)
Wasn't there a standard at one time, return something different (test) if
you queries 2.0.0.127.{dnsblacklist}?
There's a draft or two that
ram wrote:
419 scammers are abusing the Yahoos I have a new email announce
service
https://ecm.netcore.co.in/tmp/scam1.eml.txt
According to the Received headers, it travelled via: GB, India, Korea,
US, then Taiwan before getting to its destination (munged by you for I
don't know what
Jimmy Stewpot wrote:
Hi There,
I have recently been getting a huge increase in the number of emails
which are being marked as spam. In those emails I see that the headers
say RDNS_NONE.
unless you modified the score, this is irrelevant. the default is
score RDNS_NONE 0.1
Justin Mason wrote:
mouss writes:
Justin Mason wrote:
[snip]
In fairness -- if you drop mail with no rDNS, you are dropping 3.6% of
legit email in general, going by the test results for our RDNS_NONE
rule... ;)
It just came to my mind that RDNS_NONE does not mean the client does
Jason Voorhees wrote:
Hi all:
I'm learning a bit of SpamAssassin and its plugins. I'm not pretty sure
if some of them are really working (i.e. SPF plugin) so I run:
# spamassassin --lint -D 21 | less
... looking for error/warning messages and I found some of them.
I would specially like to
Benny Pedersen wrote:
On Tue, September 30, 2008 16:10, LEVEAU Stanislas wrote:
or maiamailguard with amavisd : http://www.maiamailguard.com/maia/wiki
i olso read my private mail, no need to post on maillist to get my attention
I don't understand this.
stupid mua that send cc and post
Don Saklad wrote:
How do you setup things so that
all messages from users@spamassassin.apache.org
include identifying headers that begin something like
Subject: [usersspamassassin]
don't play with the subject. the subject is set by the sender for the
recipient to see what the message is
Michelle Konzack wrote:
Am 2008-09-22 11:36:39, schrieb Joseph Brennan:
Ralf Hildebrandt [EMAIL PROTECTED] wrote:
My top rejections for today are:
x28 smtp-out.orange.net[193.252.22.118]:
Orange is a major ISP. Their mail-sending hosts are in 193.252.22 and
80.12.242. Mail from
Don Saklad wrote:
It would be better to have the header something like
Subject: [EMAIL PROTECTED]
No. It is more efficient to use better mail software. This has already
been discussed here and on other lists (search the archives).
See also:
http://www.w3.org/Mail/subject-tagging
Matt Kettler wrote:
Don Saklad wrote:
Of the many many subscriptions this is the only subscription that
doesn't have a bracketed list name inserted in the header subject.
Programming solutions don't work for users not programmers!
This shouldn't be a programing solution. It's the RFC
James Wilkinson wrote:
mouss wrote:
in which sublist? xbl, sbl or pbl? and when you say a lot, how many?
can you show an example of an IP that you consider as an FP?
Well, since you asked…
I’m not the Original Poster, but I consider most of
http://www.spamhaus.org/sbl/sbl.lasso?query
dawa wrote:
Hello!
System: Debian 4.0
SpamAssassin version: 3.2.2
MTA: Postfix with Amavis and ClamAV
- - - - - - - - - - - -
We have the problem that some very obvious spam mail come through (example:
http://pastebin.com/m606b1420).
it now hits URIBL_BLACK.
Here, RCVD_IN_PBL is set to 4.0.
nik600 wrote:
I'm experiencing a strange problem with RDNS_NONE.
On the same sender host, sometimes it is marked with RDNS_NONE, and
sometimes not.
The host has a reverse dns!
Example:
Received: from dadosoftware.com (dns2.dadosoftware.com [217.199.13.2]) - OK
Received: from dadosoftware.com
Benny Pedersen wrote:
On Thu, October 2, 2008 16:28, Ray Jette wrote:
Good morning,
evening here :)
it keeps changing here :)
The SPF_PASS and SPF_HELO_PASS rules hit several hundred messages a day.
I am doing SPF lockup's at the MTA. How do I go about stopping these
tests from within
Kris Deugau wrote:
[EMAIL PROTECTED] wrote:
Hello,
i want to start my own local uribl.
Spamassassin should read a raw-textfile for example
/home/spamblack.txt where some url's are in
wunschurlaub.biz
euromillion.de
and another..
If match one of these entries, the Mail should marked
dawa wrote:
Thanks all for the hints they were very helpful !!
@mouss-2: What do you mean with
Here, RCVD_IN_PBL is set to 4.0.
I can't find this option in my config - or do you mean I should increase
this score!??
Yes. but don't listen to me. make sure it's ok for you before changing
Kiran Awad wrote:
Hi,
We are having an ERP server which broadcasts email to various users on daily
basis, We are facing problem that email sent by these particular email id
doesn't get delivered to users. Below is log on mail server
Sep 30 18:19:01 qualityg sendmail[5046]:
[EMAIL PROTECTED] wrote:
Hello,
I want to write my own rules - in this case my own rules for Uribl.
If this pattern is in the mail, the score should be XX.
I enabled my own rules in local.cf in /etc/mail/spamassassin with
allow_user_rules 1
The spamassassin --lint -D shows me
[16656] dbg:
Kai Schaetzl wrote:
Greg Troxel wrote on Sun, 05 Oct 2008 12:19:15 -0400:
I got a FP on mail to the discuss-gnuradio list and found that DOB was
firing on gnuradio.org. Now it seems to be firing on gnu.org as well:
gnuradio.org.dob.sibl.support-intelligence.net. 249 IN A 127.0.0.2
Kai Schaetzl wrote:
Mouss wrote on Sun, 05 Oct 2008 19:56:58 +0200:
I couldn't even find a website. www.support-intelligence.net doesn't
exist.
it does from here.
From various locations in Germany:
host www.support-intelligence.net
Host www.support-intelligence.net not found: 3(NXDOMAIN
SM a écrit :
At 11:00 05-10-2008, Ralf Hildebrandt wrote:
python.org is also listed:
same for ietf.org (duh!), postfix.org, debian.org, netbsd.org,
dovecot.org, ., and anything org.
looks like a parser added org (and thus all its subdomains).
Domain Name:PYTHON.ORG
Created
Rasmus Haslund a écrit :
We do business all over the world and I see a lot of fp's on Zen.
in which sublist? xbl, sbl or pbl? and when you say a lot, how
many?
can you show an example of an IP that you consider as an FP?
I am interested in to, since I had
Matus UHLAR - fantomas a écrit :
Hello,
did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
I have patch into PHP that inserts IP address into that header, and looking
in dnsbl for spam sources could help me filter out spam posted through HTTP.
you'd need a plugin for that.
David B Funk wrote:
I recently noticed that DNS_FROM_SECURITYSAGE was hitting everything.
Zed's dead, baby. Zed's dead.
They list the universe so that people stop querying their zones.
A quick check revealed:
# host hp.com.blackhole.securitysage.com.
hp.com.blackhole.securitysage.com
Karsten Bräckelmann wrote:
Can this off-topic thread please die already? It has been quite for
days. I prefer it like that.
+1
guenther
Suffering from a backscatter wave,
same here, started yesterday.
and haven't even got sufficient
caffeine. Your email was quarantined due to an
John Hardin a écrit :
All:
I've recently come across some anomalous behavior in Vista and Win2k3
when confronted with a host's rDNS returning localhost. It seems
Vista and Win2k3 replace this with the local hostname. To illustrate:
ping -a 123.30.74.2
AFAIK, -a doesn't change how ping
John Hardin a écrit :
On Wed, 8 Oct 2008, mouss wrote:
John Hardin a écrit :
I've recently come across some anomalous behavior in Vista and Win2k3
when confronted with a host's rDNS returning localhost. It seems
Vista and Win2k3 replace this with the local hostname. To illustrate:
ping
Tomasz Chmielewski wrote:
Duane Hill schrieb:
On Thu, 9 Oct 2008, Tomasz Chmielewski wrote:
McDonald, Dan schrieb:
On Thu, 2008-10-09 at 12:07 +0200, Tomasz Chmielewski wrote:
I have a mail setup, where the SMTP server (Postfix) is running on
a machine with a public IP address, and
Liam-PrintingAutomation a écrit :
I'm noticing we're getting a lot of spam coming through with a from
address of our own domain. This gives spamassassin an automatic -100 on
the score pretty much guaranteeing that it'll not get flagged as spam.
Please repost you mail correctly. do not
Liam-PrintingAutomation a écrit :
Sorry. I didn't realize I was hijacking anything since I completely
replaced the subject line and used all new text body.
I had no idea that doing that was somehow not creating a new message
for all intents and purposes.
now you know ;-p google for thread
Karl Pearson a écrit :
On Sat, 11 Oct 2008, Matus UHLAR - fantomas wrote:
On Fri, October 10, 2008 17:05, Liam-PrintingAutomation wrote:
any email with a FROM as coming from our domain but is not a user
(left
of @ sign) that isn't one of these X addresses?
On 10.10.08 21:01, Benny Pedersen
Joseph Brennan a écrit :
any email with a FROM as coming from our domain but is not a user (left
of @ sign)
You might be able to get your MTA to check that, the same as it does
for recipients. You know what addresses are valid @ your own domain,
so it's reasonable to refuse mail from any
NeoSHNIK a écrit :
Hello,
I am writing a plugin for SA which needs to treat outbound and incoming
emails differently. So ideally if the message is outbound I call one
subroutine in my plugin, if not I call another.
So is there any way to check what type of email it is in SA? I couldn't find
Michelle Konzack a écrit :
Hi *;
Am 2008-10-08 18:53:00, schrieb Karsten Bräckelmann:
On Wed, 2008-10-08 at 17:39 +0200, mouss wrote:
I am learning foreign languages. it would be nice if backscatterers
change the bounce text so that I learn more :-{
DIES IST NUR EINE WARNUNG
Matt Kettler a écrit :
Kate Kleinschafer wrote:
Hi all,
Just wondering what the permissions should be on the
/root/.spamassassin folder.
When I run a message by the command
sudo -u postfix spamassassin -p
/etc/MailScanner/spam.assassin.prefs.conf -t message.MAI
I am getting the error
Matthias Schmidt a écrit :
Am/On Sat, 18 Oct 2008 05:20:03 -0700 schrieb/wrote cfgerty:
One sample of these mails:
http://pastebin.com/m1e3d6b5d
German Language Rulesets are applied.
this message doesn't come from a mail-server with a resolving reverse pointer.
We don't accept such
cfgerty a écrit :
Hello,
the same here. Typical thing here is that the links are typical written with
blanks like
www . something . org
Has anyone a rule which is able to validate this kind of URL's against a BL?
are there any legitimate uses of such spacings?
Otherwise, you could
Burton Windle a écrit :
Sorry for the off-topic post, but I can't think of a better list with
more sharp email server admins.
I've just taken a new job with a company that does some (legit, opt-in,
with-working-remove-link, only sending to our paying customers) email
marketing. I'm seeing
Lucio Chiappetti a écrit :
We have been very happily running spamassassin 3.0.4 under amavisd-new
milter on Suse 9.2 since a couple of years, using the standard
configuration recommended by the Italian GARR network.
Please avoid comments on old version or so, we are planning an overall
Brent Clark a écrit :
Hiya
I would like to know, what are the implications of using / enabling
shortcircuit.
Other than speeding up the scan processing, from my side, I cant see a
downgrade in spam detection.
if you don't have performance issues, don't shortcircuit. The more you
check,
Michael Scheidell a écrit :
we arn't arguing rfc's, and by '99% of the time', actually, it works
100% of the time unless you use the rfc-ignorant blacklists.
rfc means 'request for comment'. and rfc's change as technology changes.
I don't know if, or, since you are the expert in this,
Jean-Paul Natola a écrit :
Hi all,
I've been out of the loop for a couple of months do a rollout, so I came back
to my SA today as I have seen A LOT more spam coming in than normal, I
upgraded to 3.2.5 today, and ran sa-update but , i dont seem to see any new
rules, and i;m getting
Jim Knuth a écrit :
Am 24.10.2008 1:31 Uhr, schrieb mouss:
Jean-Paul Natola a écrit :
Hi all,
I've been out of the loop for a couple of months do a rollout, so I came
back
to my SA today as I have seen A LOT more spam coming in than normal, I
upgraded to 3.2.5 today, and ran sa-update
Benny Pedersen a écrit :
On Thu, October 23, 2008 20:43, mouss wrote:
subdomains, as used to be the case when all the internet was unix,
but this is no more the case).
lets hope thay are deploying dkim next then, it was newer meant to rewrite
any header from sender to tecipient, but still
asai a écrit :
Greetings,
I've been trying to stop Spamassassin from sending any more spam notices to
me, so I changed it in /etc/mail/spamassassin/local.cf but I'm still getting
messages sent to the same email address...what am I missing here?
SA does not send, block, or route mail. it is
Luis Croker a écrit :
Hi...
I have a mail server with FreeBSD 7.0,
postfix+amavis-new+spamassassin. We are an ISP and I need to filter the
spam that our susbribers are sending to internet, the PCs have some
malware or are botnets. These PCs generates a lot of spam each day.
The
Luis Croker a écrit :
I have updated the SARE rules... how often should I update them ? Daily ?
no. they don't change often. (I don't update them anymore, so I don't
know when they were last updated...).
JM_SOUGHT rules get updated often.
asai a écrit :
Ok, thank you.
I'm using Postfix, Amavisd-new, ClamAV and SQLGrey. Do you know where I
would enable or disable receiving this notice in any of these? I've been
looking and looking and I can't seem to find anything...
you should aks on the amavisd users list. but you'll
Daniel J McDonald wrote:
On Wed, 2008-10-22 at 23:59 +0200, Jonas Eckerman wrote:
Matus UHLAR - fantomas wrote:
In my understanding, these are different concepts. In particular, RMX
doesn't hijack the TXT record, which is one of the major sins of SPF.
Yes, but they both were designed to do
Chris Arnold wrote:
We use zimbra OSS on SLES10 SP1. Zimbra has spamassassin built-in. At
the present time, my mailbox is filled with backscatter; getting around
10 a minute since 4:30 today. I have postfix backscatter rules in
postfix of zimbra,
Michael Scheidell wrote:
I need a domain registry who won't spam me every two weeks with crap and
argue that since I am a client of theirs, its not a violation of
can-spam laws to spam me and refuse to stop. And, no, I can't change
the email address because then we won't get REALLY important
Per Jessen wrote:
Greg Troxel wrote:
Asking someone to change their domain name to match an SA rule seems
a bit extreme to me! Why not propose that de establish a gmbh 2nd
level for companies, and make him rss.gmbh.de?
FROM_DOMAIN_NOVOWEL was logged for only 3 messages here
Matthias Leisi wrote:
mouss schrieb:
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org. do you get a lot of such mail?
Benny Pedersen wrote:
On Sun, November 2, 2008 19:14, mouss wrote:
PS. don't think SPF will help. this has been discussed here and
elsewhere before.
SPF helps if its used from the sites that does use spf in mta stage, if not
used it will turn over to be a backscatter site itself
yes
Sahil Tandon wrote:
Matthias Leisi [EMAIL PROTECTED] wrote:
mouss schrieb:
reject_backscatter =
reject_rbl_client ips.backscatterer.org
Which will very likely result in a lot of false positives.
an FP here would mostly be: a bounce from a 3d party that is listed on
backscatterer.org
Jeff Chan wrote:
On Thursday, October 30, 2008, 12:56:53 PM, Micah Anderson wrote:
I keep getting hit by phishing attacks, and they aren't being stopped by
anything I've thrown up in front of them:
[...]
I've got spamassassin 3.2.5 with URIBL plugin loaded (which I understand
pulls in the
Micah Anderson wrote:
* Kelson [EMAIL PROTECTED] [2008-10-30 17:29-0400]:
Micah Anderson wrote:
reject_rbl_client list.dsbl.org,
DSBL has shut down, and you should remove the query from your list. It
won't help with the phishing, but it'll free up some network resources.
901 - 1000 of 1228 matches
Mail list logo