Michele Neylon :: Blacknight wrote:
Maybe they're better suited to one of the other lists such as spam-l?
May I suggest news.admin.net-abuse.email
--
Andreas
D.J. wrote:
Hi all. So I've got a DNSBL I want to use with SpamAssassin that
wasn't included in the stock install. My question (and there's an
alarming lack of anything useful in this area... wiki anyone on the SA
site?) is if my syntax and placement are correct for what I've done.
In my
Steven Dickenson wrote:
On Oct 31, 2006, at 6:09 AM, John Rudd wrote:
I've considered the exact opposite (adding static to the check for
keywords). My rules are really looking more for is this a _client_
host, not is this a dynamic host. That one check looks for
dynamic, but I'm not
Jeff Chan wrote:
Generally speaking whois queries is a poor way to determine
domain age, at least for client applications. The whois
infrastructure is simply not designed to support the volume of
queries required, even if locally cached.
Perhaps CRISP is part of the answer to this problem.
Chris Santerre wrote:
Just curious, but how many people see spam being sent to usersnames
with the fisrt letter dropped? I see a ton in my logs. I believe
spammers figure [EMAIL PROTECTED] will also have a [EMAIL PROTECTED] Too bad
for them...they do not. :)
Same here. I've also had lots
Andreas Pettersson wrote:
Same here. I've also had lots of spam to addresses with various
amounts of trailing d or n in local part. Like [EMAIL PROTECTED]
Seems to be fewer of these today though.
I meant tailing.
--
Andreas
Robert Swan wrote:
Is there anyway to get points added if the sending mail server has no
PTR record *(unknown [196.211.162.65])?*
I am using Redhat Fedora and Spamassassin 3.1.2 and Postfix
I was looking for the same thing some time ago, but I couldn't easily
find a way to do that in SA.
Thomas Lindell wrote:
but whas is the CID . Is that some sort of alternate notation for an
ip address?
It's a reference to an attached image.
--
Andreas
Thomas Lindell wrote:
I don't see anything attached to the message though.
Even when I view the source I don't see a mime attachment.
Well, the attachment is missing then.
Come to think of it, that would be some excellent rule :-]
--
Andreas
Paul29 wrote:
Hi all,
in the last days there were more and more SPAM mails where I found no
bayesian scoring in the header. This lets me guess it did not take place at
all. Is that conclusion right?
I have not been able to find a common property in these mails to tell which
mails are scanned
I use Exim with the integrated SA ACL.
I'm really pleased with how it works.
http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch40.html
/Andreas
Stuart Johnston wrote:
Theo Van Dinter wrote:
On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote:
undetected). Wouldn't it be better to inject the detected text back
to SA? There should be enough variants of spam worlds to let SA
fuzzily catch the ones from images.
I think so.
Jürgen Herz wrote:
What I still get and not understand is
warn: bayes: cannot open bayes databases /var/spool/exim4/.spamassa
ssin/bayes_* R/W: lock failed: File exists
Make sure the file permissions hasn't changed when you ran the manual
expire.
Regards,
Andreas
Andreas Pettersson wrote:
In case anybody is interrested, I've compiled a config file for the
geo zone at TQM http://tqmcube.com/worldzone.php
It might not be of great use, but it is interresting to gather some
statistics of where the mails come from.
Files found here
http://anp.ath.cx
Bret Miller wrote:
I used to have problems with bayes locking and journaling. When it
finally corrupted the database, I decided it was time to put it into a
real SQL database instead of using DB_File. Haven't had a single problem
with bayes CPU or locking since.
Maybe it's time you consider
Ken A wrote:
It looks like you are listed in spamcop and apparently Comcast is
either using spamcop or they have their own list that is blocking you.
Comcast themselves are using a spam filter?
(Let me taste that line one more time...)
Comcast themselves are using a spam filter?
Then why
Bret Miller wrote:
I used to have problems with bayes locking and journaling. When it
finally corrupted the database, I decided it was time to put
it into a
real SQL database instead of using DB_File. Haven't had a
single problem
with bayes CPU or locking since.
?
Is it normal to have an bayes_journal.old laying around?
What more can I do to find the cause?
If the core dump (22 MB) is of any interrest, I'll upload it somewhere.
Best regards,
Andreas
Andreas Pettersson wrote:
Ok, more information here.
I found in spamd.log this line when the problem started
my problems
started. But if the hogging continues even with bayes_auto_expire set to
0, then where should I be looking instead?
Regards,
Andreas
Andreas Pettersson wrote:
Me again. Since I'm not getting any responses I better keep posting
more information as I've made some more
Bret Miller wrote:
I used to have problems with bayes locking and journaling. When it
finally corrupted the database, I decided it was time to put it into a
real SQL database instead of using DB_File. Haven't had a single problem
with bayes CPU or locking since.
Maybe it's time you consider
Jonas Eckerman wrote:
Andreas Pettersson wrote:
Bus error (core dumped)
This *can* be the symnptom of a hardware problem, such as bad memory
or a bad disk.
If you have a disk thats going bad, the symptoms often are corrupt
files and extremeley slow writes (because the disk controller
Bret Miller wrote:
Are you sure you have enough RAM to handle the number of threads you are
running?
Yes, I'm pretty sure 512MB is enough.
No swapping going on, and I only scan msgs smaller than 500 KB.
Avg scan time is about 3-4 sec and I scan less than 1 a day.
Regards,
Andreas
Logan Shaw wrote:
One thing you could try is running db4_recover (or db_recover,
depending on how it's installed) on the Bayes database.
Seems like something to try. But I don't understand the utility:
usage: db_recover [-ceVv] [-h home] [-P password] [-t [[CC]YY]MMDDhhmm[.SS]]
How can I
Ok, more information here.
I found in spamd.log this line when the problem started:
Fri Sep 22 19:55:22 2006 [74581] warn: bayes: expire_old_tokens: child
processing timeout at /usr/local/bin/spamd line 1082
which was followed by lots of these:
Fri Sep 22 19:55:52 2006 [74581] warn: bayes:
Hi.
Since yesterday I am having problem with spamd processes hogging cpu.
All is fine until suddenly spamd keeps using 95% cpu forever. I noticed
that bayes.lock also contains the pid of the hogging process. After some
minutes I kill the pid and removes bayes.lock by hand, but it only takes
of time to process
one mail at a time.
Regards,
Andreas
Andreas Pettersson wrote:
Hi.
Since yesterday I am having problem with spamd processes hogging cpu.
All is fine until suddenly spamd keeps using 95% cpu forever. I
noticed that bayes.lock also contains the pid of the hogging process
Hi, me again ;)
I'm pretty confident that the hogging occurs when SA is trying to sync
the bayes. The bayes_journal is cleared exactly when the hogging begins.
And when I run sa-learn --sync I get the very same hogging effect.
The permissions seems ok, doesn't it?
-rw--- 1 spamd wheel
Steve Thomas wrote:
/htt(?:p|ps):\/\/.*?\/.*\.com$/i
Why not /https?:\/\/.*?\/.*\.com$/i
?
mouss wrote:
How does/would this compare to using RELAY_COUNTRY?
are they similar (so one should only use one of them) or complementary?
I don't know. I haven't used RELAY_COUNTRY, but now that I'm aware of
its existense I'll have a look at it :)
Regards,
Andreas
Andreas Pettersson wrote:
I don't know. I haven't used RELAY_COUNTRY, but now that I'm aware of
its existense I'll have a look at it :)
Ok, I've had a quick look now. RelayCountry presents the country code of
the last relay either as a separate header, or as the _RELAYCOUNTRY_
header
In case anybody is interrested, I've compiled a config file for the geo
zone at TQM http://tqmcube.com/worldzone.php
It might not be of great use, but it is interresting to gather some
statistics of where the mails come from.
Files found here
http://anp.ath.cx/tqmcube/
Regards,
Andreas
I need some help with understanding why some of the below rules
triggered on these headers..
Received: from baym-sm1.msgr.hotmail.com ([207.46.1.190])
by mail.mydomain.com with esmtp
(envelope-from [EMAIL PROTECTED])
id 1GJcP7-00063q-JH
for [EMAIL PROTECTED]; Sat, 02 Sep 2006
Hi. I got a mail with this Date header:
Date: Mon, 28 Aug 2006 09:23:11 +0200
which triggered this rule:
2.2 INVALID_DATEInvalid Date: header (not RFC 2822)
What's wrong with it? The ?
Regards,
Andreas
Anders Norrbring wrote:
I just got rediciously confused..
I sent a mail to myself, testing some stuff, and of course it's in the
same domain and network as the server.
I got:
9.6 AWL AWL: From: address is in the auto white-list
Shouldn't mail in the AWL get a *negative* score? Or did I
SysAdmin wrote:
I wrote the following rule in an attempt to catch these but I've
obviously made some error. Can someone give me a little guidance as
to where I went awry?
rawbody SWF_r_AMPGFX1 /\.(com|net)/\w+/\?90\amp/i
The forward slashes need to be escaped as well.
Regards,
Andreas
Andreas Pettersson wrote:
SysAdmin wrote:
I wrote the following rule in an attempt to catch these but I've
obviously made some error. Can someone give me a little guidance as
to where I went awry?
rawbody SWF_r_AMPGFX1 /\.(com|net)/\w+/\?90\amp/i
The forward slashes need
Hi.
I keep seeing suggestions to use sa-update quite often on this list, but
I thought it was no use doing so between releases according to this page:
http://wiki.apache.org/spamassassin/VirusScannerTypeUpdates
with these exact words in the end:
Daily and/or weekly updates aren't practical,
Theo Van Dinter wrote:
On Mon, Aug 21, 2006 at 05:46:19PM +0200, Andreas Pettersson wrote:
I keep seeing suggestions to use sa-update quite often on this list, but
I thought it was no use doing so between releases according to this page:
http://wiki.apache.org/spamassassin
Ole Nomann Thomsen wrote:
I run a qmail frontend for a FirstClass system. The qmail accepts mail
for
about 500 domains, hosted on the FirstClass system, and scans them
with SA.
In then injects them into FirstClass. If the domain is known, but the
user is
wrong (as in [EMAIL PROTECTED]) the
Ole Nomann Thomsen wrote:
Den 15.08.2006 kl. 12:01 skrev Andreas Pettersson [EMAIL PROTECTED]:
While I don't really see why ldap isn't an option, even with an 99%
load, callout might be the solution.
However, I don't run qmail but here's how it works with exim
http://www.exim.org/exim-html
Hi all.
I've noticed a problem. We receive a few legit mails that has travelled
through a forwarder. That causes some problems for the SPF check.
Since the mail claiming to be from hotmail clearly doesn't arrive
directly from one of the machines listed in hotmail's spf record, the
Loren Wilton wrote:
I've noticed a problem. We receive a few legit mails that has
travelled through a forwarder. That causes some problems for the SPF
check.
Since the mail claiming to be from hotmail clearly doesn't arrive
directly from one of the machines listed in hotmail's spf record, the
42 matches
Mail list logo
