Mark Martinec mark.martinec...@ijs.si writes:
The only place that such loss can be prevented is to check
that the sending domain has its MX or A or record,
right away while the message is being received.
It is prudent to reject such unbouncible mail right away,
before even accepting it.
Benny Pedersen m...@junc.org writes:
On Thu 25 Feb 2010 10:31:16 PM CET, Kai Schaetzl wrote
I don't know to what you disagree, but SPF is not an anti-spam tool. Full
stop.
oh so what is spf then ?
It is an anti-forgery tool.
Since upgrading to SA 3.3.0, botnet (version 0.8) is showing a false
positive on every email I receive via IPv6.
Brian J. Murrell [EMAIL PROTECTED] writes:
If I get a spam and I need to have SA learn that it's spam with
sa-learn, wouldn't it be useful to also skew the AWL for that sender so
that future uses of the AWL for that spammer will push the overall spam
score up?
And also useful[1] for the
mouss [EMAIL PROTECTED] writes:
I personally don't care of such spam (spam sent to MLs) unless there
is a lotof it. Ideally, it should be stopped by the list server.
Unfortunately there often is, and the servers do not stop it. I notice
it especially with some sourceforge list where nearly all
Michael Scheidell [EMAIL PROTECTED] writes:
From: Kai Schaetzl [EMAIL PROTECTED]
AFAIR, with SQL I do the expire myself, SA won't do it, right?
No, sa-learn --force-expire works fine.
As does the 'normal' Bayes expiry mechanism of triggering (or
attempting) an expire when the number of
Ralf Hildebrandt [EMAIL PROTECTED] writes:
* Robert Schetterer [EMAIL PROTECTED]:
thats could be seen as a security risk
cause in rare cases you may recieve legal mails
i.e at an network outage etc
How? He tempfails all mails.
Because some senders erroneously treat a tempfail as a permfail
ram [EMAIL PROTECTED] writes:
That is not practical.
Atleast in India, Banks use third party servers to send their mailers
often. And the ips have PTR's HELO's which dont match the banks',
because these dont belong to the bank
Which practice does nothing at all to combat phishing. Banks and
mouss [EMAIL PROTECTED] writes:
ahuh? how would spf fix the problem if spam gets out from an
authorized client (yahoo, google, hotmail, aol, ...). however you
respond, you'll find out that such (ougoing) spam problem isn't fixed
_by_ SPF. In particular, don't tell me they will fix their
dvesely [EMAIL PROTECTED] writes:
What's the best way to setup bounce notification?
The best way is to not bounce at all but reject with a 5xx code during
the SMPT conversation. Though be careful to only do this at 'border'
MTAs (those listed in the MX records for the destination domain) not on
Ken A [EMAIL PROTECTED] writes:
RFCs say:
1. helo should be a fqdn.
2. you should not reject based on helo.
Not quite. The RFC only says that you should not reject if the helo does
not match the connecting IP address. It says nothing about rejecting the
helo for other reasons - such as not
Byung-Hee HWANG [EMAIL PROTECTED] writes:
Well, for now, i don't think SA developers like IPv6. If IPv6 users
increase more than now, then this bug will be fixed by SA developers.
Just i will wait until then.
I do not think that the SA developers have any way of telling how many
of us IPv6
Loren Wilton [EMAIL PROTECTED] writes:
If tokens are expired from the DB based on time, and assuming *all*
tokens older than some date are expired, wouldn't it be reasonable to
prune bayes_seen to the expiry date after the expiry run?
You cannot assume that all tokens earlier than some date
Marc Perkel [EMAIL PROTECTED] writes:
Yes it does break email forwarding because if you have restrictive SPF and it
gets forwarded then the forwarding server
isn't a valid server. Thus if the receiving server enforces SPF rules then it
bounces the forwared message.
No. Once it has been
Jason Bertoch [EMAIL PROTECTED] writes:
I think it's safe to say I'm not in the minority when I receive SPF-Compliant
spam. I'm looking for opinions on what we can honestly derive from such
messages regarding the sending server's IP and the sending address' domain
name.
Is it wise to
Theo Van Dinter [EMAIL PROTECTED] writes:
They're both done manually. 3.2 used to automatic, now it's 3.3 that's
automatic. It follows the development tree.
Pardon me for saying so, but is that not backwards? People following the
development branch (which I have done in the past) normally
John Rudd [EMAIL PROTECTED] writes:
However, it still leaves the problems of:
1) A user sends me a technical question. I answer, and get back a
Challenge, forcing me to jump through hoops to get their answer to
them.
That sounds like a very badly designed system. While I do not like C/R
[EMAIL PROTECTED] writes:
hello,
I am trying to run sa-update from cron but each time I try I get
error: gpg required but not found!
I checked and gpg is available in /usr/local/bin/gpg on my FreeBSD 6.2
system. What can be the problem here? Advice greatly appreciated!
Do not forget
Stefan Jakobs [EMAIL PROTECTED] writes:
To me it seams as though spamassassin uses allways dccproc. And it
competes with dccifd.
If it is available, spamassassin will use dccifd in preference to
dccproc.
Nix [EMAIL PROTECTED] writes:
(And, let's be blunt, the pure this-word-is-spammy recognition part of
FuzzyOCR is much less smart than the Bayesian system already present
in SA: FuzzyOCR should really use the Bayesian system to determine the
spamminess of words, I suppose...)
Or even just act
I am using spamassassin 3.2.0 and Postgresql 8.2.4 for bayes and awl.
I am seeing several messages from Postgresql like the following
spamd[18408]: WARNING: nonstandard use of \\ in a string literal
spamd[18408]: LINE 1: select
put_tokens(1,'{003272260274052...
spamd[18408]:
Matt Kettler [EMAIL PROTECTED] writes:
This apparently is fixed in perl 5.8.8, but still happens in 5.8.6,
5.8.5, etc.
I see it in perl 5.8.8
John Wilcock [EMAIL PROTECTED] writes:
No doubt it is justified by the fact that the corpora used to
determine SpamAssassin scores don't contain enough
non-English-language content.
So maybe there needs to be 'recruitment' drive to get more people who
receive non-English emails to submit to
Steven W. Orr [EMAIL PROTECTED] writes:
I just don't know what it is that I should expect to see. Should I see
messages automatically going to spamcop.net? (I don't)
No. But when you run 'spamassassin -r' to report spam, it will send the
report to spamcop.
Sandeep Agarwal [EMAIL PROTECTED] writes:
above errors are just samples, the log is full of these messages. is
there some bug is PGSQL implementaion
I am running SA with psql and the only log messages are autovacuum
ones, so it is not a general problem.
Graham Murray [EMAIL PROTECTED] writes:
Or even filter on the List-ID: or other RFC2191 headers.
Ooops RFC 2919
Theo Van Dinter [EMAIL PROTECTED] writes:
Doesn't SA have at least 3 of those already? Razor, DCC, and Pyzor.
Not quite. Those show how many times *others* have seen it, not how
many times *I* have seen it. Also, these have hysteresis so if you are
unfortunately to be at the start of the spam
Theo Van Dinter [EMAIL PROTECTED] writes:
Actually, I pushed an update yesterday evening. :P
I have just run sa-update on my 3.1.7 system and it fails lint tests.
First it makes several complaints about rules needing version 3.2,
then warnings about scores set for nonexistent rules, lastly lots
Giampaolo Tomassoni [EMAIL PROTECTED] writes:
From: Rose, Bobby [mailto:[EMAIL PROTECTED]
The last time I checked, the most common reason for spamcop lists is due to
messages being sent
to their spam traps.
Which means they registered to the list: this list mandates a double opt-in
to
John Andersen [EMAIL PROTECTED] writes:
On the one hand they (apache.org) refuses mail from perfectly RFC compliant
Linux boxes insisting you send through your ISP, and then they refuse mail
from the ISP because ONE spammer in some backwater managed to get one
piece of spam into some spamtrap
Ben Lentz [EMAIL PROTECTED] writes:
So, as you might guess, I'm confused. sa-update was, to my knowledge,
working in 3.1.3, but with 3.1.6 it seems that it's having a tough
time finding my sys rules directory.
I apologize if I'm being thick about this, but any pointers and/or
enlightenment
Paul Tenfjord [EMAIL PROTECTED] writes:
In Norway there is strict law rules concerning sending spam, which
in fact works very well. Therefor we have no Norwegian incoming
spam. I was wondering if there is a feature that lowers the score
for mails that is in the Norwegian language. The way I
Tom Ray [EMAIL PROTECTED] writes:
I also totally agree with this practice, if they are going to be on
the hook for something their users did then they need to keep a
watchful eye on their customers.
But the ISPs should not be 'on the hook' for something their users
did. What is needed is for
Kenneth Porter [EMAIL PROTECTED] writes:
Interesting idea. It's my understanding that dynamic addresses are
used due to the IPv4 shortage, so if we can push for more IPv6
deployment, we get the technical means to get rid of dynamic
addresses.
I do not think so, at least in the case of ADSL.
John D. Hardin [EMAIL PROTECTED] writes:
I think that's a big problem right there. Since when did guaranteed
delivery become part of email?
Never, but the relative newcomers to email probably do not realise
that. Email delivery has always been best endeavour.
Rolf Kraeuchi [EMAIL PROTECTED] writes:
Hmm, SOFTFAIL scores higher than FAIL??
Maybe because some (many?) people reject SPF fail at SMTP time, so
spam with SPF fail is not presented to SpamAssassin.
Ramprasad [EMAIL PROTECTED] writes:
A lot of banks/legitimate bulk email senders change their relay
server. Many reasons for that. The most common is that they use a third
party to relay their mails and these would keep changing
Especially for banks and other high risk phishing targets, it
Michael Scheidell [EMAIL PROTECTED] writes:
Also, and if you require all mail servers to only take mail from
xxx.bank.com, what good is that? doesn't that break how everyone
receives email?
No. It just rings very loud alarm bells when an email claiming to be
from the bank comes from a server
Jim Hermann - UUN Hostmaster [EMAIL PROTECTED] writes:
SPF is not enough. It does not eliminate the zombie or spambot.
It is if you set your SPF record to allow your mailer(s) and hard fail
on all others *and* the recipient of the forged email checks against
SPF. The problems come when
Michael Monnerie [EMAIL PROTECTED] writes:
Do it like Spamcop does with SPAM: Contact *everybody* in the chain, and
complain to them. Some sort of SPFcop would be nice for that..
Or even use SpamCop itself. Bounces to forged emails are now
considered legitimate for reporting to spamcop. This
Matt Kettler [EMAIL PROTECTED] writes:
All that said, I can't see why you'd want to do anything else with DCC.
The FP rate on DCC, even with the defaults of |99 for fuzz counts,
is significant. In the SA 3.1.0 set3 mass-checks, DCC_CHECK had a S/O
of| 0.979, meaning that 2.1% of email
Tristan Miller [EMAIL PROTECTED] writes:
Problem is, SuSE's System Services (Runlevel) editor doesn't let you
specify the order in which services are run. When you enable or disable a
service, it seems to assign the S and K numbers using its own internal
logic; I can't find any configuration
Robert Nicholson [EMAIL PROTECTED] writes:
Hi,
Is there a rule that says that any message without a message-id is SPAM ie.
one who's SCORE I can increase.
I've got a spammer sending messagegs without message-id's.
Just change the score for MSGID_FROM_MTA_ID. This rule will be hit
when the
Matt Kettler [EMAIL PROTECTED] writes:
The last mass-checks for 3.1.0 gave it a S/O of about 0.980, but I'm
seeing more like 0.900 out of DCC at my site. Could just be the nature
of my site, but about a dozen common subscriber newsletters at my site
consistently hit it.
Which is why it is a
jdow [EMAIL PROTECTED] writes:
Don't bother to try to report spam with that header placement if you
expect outfits that use DCC to respond. Placing the headers at the
bottom that way will screw up the DCC hash they can use to identify
the message details as truth.
But does spamassassin -r
Daryl C. W. O'Shea [EMAIL PROTECTED] writes:
Of course, my business DSL provider could be less brain dead and not
set a 30 min TTL for their entire forward zone (and 1 day for their
reverse zone), but I suspect there are lots of people out there in the
same situation.
Where the provider
The DCC checkers, dccproc and dccifd, not only check the mail but also
increment the 'bulkiness' counts at the server. Spamassassin and spamd
use one of these (if dcc checking is enabled) when scoring the
mail. So is it correct for spamassassin -r to re-submit the mail to
the DCC servers? My
Matt Kettler [EMAIL PROTECTED] writes:
My guess is that your cron job is running as a different user than is used to
scan your mail. So you're training into one database, but scanning using a
different database.
Or the cron job is only learning spam and the auto-learn has not yet
learnt
Danie Marais [EMAIL PROTECTED] writes:
Well in SA v3.0 when Bayes score 99-100% it only adds 1.9 to the score as
opposed to the 5.4 it added in v2.6. Sure you can override the score, but
what I'm trying to say is it seems the new SA does not rely that heavily on
Bayes any more.
Comparing
49 matches
Mail list logo
