Adam Katz schrieb:
I've had myriads of falsely whitelisted messages hit DNSWL (.org) and
Did you report them to us? If there are *myriads*, there must be some
serious error which we need to fix (IPs/ranges falsely listed,
inappropriate trust levels listed, sometimes also errors in eg how
wild_oscar schrieb:
I might leave it at that. The problem that I've been scratching my head
about is why does it work when using the nameserver directly but not when
using the router's IP address, which is forwarding to the same address.
It might be a problem with the router, although it is
Henrik K schrieb:
IMO a centralized rsync datasource for all the mass checked BLs would be
nice. Wonder if someone had the connections to pull it off? It would save
resources from all and speed up the checks. Spamhaus etc would only need to
donate the data once a week.
We don't see any
Rob McEwen schrieb:
Just what I said. If an IP whitelist cause too many spams to get a free
pass, then instead of using that whitelist as a free pass to the
inbox... instead... use it to bypass all checking of the sender IPs
against blacklists, but still do content spam filtering on the
dnswl.org does offer trusted_networks-formatted files (separated by our trust
levels), but beware of bug 5931 for older versions of SA:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5931
-- Matthias
Am 18.12.2009 um 10:17 schrieb Benny Pedersen:
On fre 18 dec 2009 10:07:55 CET,
Am 19.12.09 04:18, schrieb Warren Togami:
DNSWL
To my surprise, Matthias has begun to implement my recommendations of
improved manual abuse reporting, and automated abuse reporting. Their
accuracy even without automated abuse detection isn't too bad.
In the current testing phase, the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[This question may be more appropriate for the dev-list, please move as
required]
Hi list,
When I originally wrote the experimental ASN plugin (since then
SpamAssassin-ized and improved by the dev team), my impression was that
headers added by an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luis Hernán Otegui schrieb:
In a spammail I found this rule :
RCVD_IN_DNSWL_MED=-4
[..]
good reputation (or a medium one, lithe the header says). IMHO, you
should report this message to the admin of that server, to alert him
about the event.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan Mahoney, System Admin schrieb:
dnswl.org is either full of it, or not well maintained.
I've gotten at least 20 spams which I see are listed in dnswl.org as
low trust (which still merits -1.0).
All different IP addresses or some specific
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan Mahoney, System Admin schrieb:
My point was more along the lines of the fact that there's no method
(other than manual notification) of doing Active Correction. DNSWL is
a cool idea, but could we also come up with some sort of reporting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan Mahoney, System Admin schrieb:
I forwarded over 200 of them earlier today (as an attachment -- total
email size was about one meg).
OK, I now could have a look at them (well, a sample of them, not each of
the 200 individually).
All samples
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan Mahoney, System Admin schrieb:
Livejournal's purely a mail forwarding service (i.e. there's no way to
POP/IMAP that account)
As far as I know, there are mails originating from LJ itself (eg
notifications etc)?
and if they can't effect
Now I added IPs to trusted_networks and that causes another problem: The
trusted_network IPs are in the DNSWL and therefore get a positive bonus
from SA.
Hm, somehow I can't follow what you're trying to do. Can you post the
relevant parts of your configuration?
I did not find a solution to
ram wrote:
header __TO_CC_PHARMA_COMPANY ToCc =~ /[EMAIL PROTECTED]/i
if( __TO_CC_PHARMA_COMPANY ) { How to do this
body ALLOW_MEDS /viagra/
descibe this company recieves such legal mails , so give a negative
score to offset the others
score ALLOW_MEDS -2
}
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alex Woick schrieb:
[Spamcop]
I understand the two step reporting process too, and I too find it
annoying and timeconsuming to ack my (manually reviewed) 50 spams per
day to them, so I ceased to do it. There exist scripts for ack'ing
Is there any way to tweak the score used to trigger autolearning for HAM ?
Diego
Ah, SA version is 3.2.1
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.html
--- cut ---
The following configuration settings are used to control auto-learning:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tony Baker schrieb:
Everything seems fine,
then yesterday I replied to an external piece of mail and CC'd a couple
of colleagues on the reply.
The mail was marked as SPAM
Which copy of mail was marked as SPAM - the one that went to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler wrote:
Comparatively speaking, 6 might be inadequate. I don't know how much of
that scale is really necessary for minimal operation, and how much is
just needed for scalability against DDoS attacks.
dnswl.org runs on 10 servers(*).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kris Deugau schrieb:
| I appreciate the advice to hack our DNS configuration, but I'd prefer
| to keep all my SpamAssassin tweaks in the SpamAssassin config file and
| not have to document and (subsequently remember to actually look at
| the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Scheidell schrieb:
| Postini uses it for their clients.
|
| They set up 4 'real' mx records (priority 100,200,300,400) that point to
| real postini servers. They set up priority 500 that points to the
| (firewalled) smtp server of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Micah Anderson schrieb:
| [surprisingly low scores]
| The spams can be pulled from here: http://micah.riseup.net/spams
Most (all?) of the samples are forwarded through some debian.org
mechanism. In order for blacklists to take full effect, you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
mouss schrieb:
| Does Postfix allow you to use white lists? If so - what's the syntax?
| I'm about to publish my whitelist for Postfix.
|
|
| No. DNSWL offer an rsync access.
That's the exact reason we offer rsync access *to a specially formatted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A side note:
| I have this in my cron to update the rules:
| 00 * * * * /usr/bin/sa-update --gpgkey 6C6191E3 --channel
sought.rules.yerp.org --gpgkey D1C035168C1EBC08464946DA258CDB3ABDE9DC10
- --channel saupdates.openprotect.com --channel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list,
FPs on the DNSWL.org rules can be handled best if sent to admins -at-
dnswl.org.
I took up this one, should be resolved shortly (or the entry disabled,
depending on the actual value of shortly...).
Thanks,
- -- Matthias
-BEGIN PGP
Matus UHLAR - fantomas [EMAIL PROTECTED] wrote (to someone else):
And, please, do NOT send me private copies. I do not need nor want them.
I noticed I have to keep editing the To field every time I reply.
Why doesn't the list insert a Reply-to directing replies to the list?
Reply-To
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[sent only to the original poster by accident - reply-to considered
needs brain ;) ]
| [skipped the debug output]
A couple of notes:
1) This advice:
| Tue Jun 10 14:55:36 2008 [72096] dbg: conf: trusted_networks are not
| configured; it is
Consequently I disabled the checks. Now, using spamhaus.org and spamcop
the
overload has disappeared.
Be careful with using the Spamcop blacklist to reject messages -- while it
is perfectly fine as a blacklist to use in a scoring scheme such as
SpamAssassin, I found it to have too many false
Rob McEwen schrieb:
http://www.dnsbl.com/2007/05/spamcop-bl-another-look-its-accurate.html
Therefore, when you said, too many false positives, are you referring
to FPs from *before* that transformation of SpamCop? Or, are these
*recent* FPs, spotted after that transformation?
It's
Matus UHLAR - fantomas schrieb:
On 12.06.08 18:51, Matthias Leisi wrote:
On the company mailserver, we take a very conservative approach, and
only Spamhaus SBL+XBL are used at the MTA level.
you should switch to ZEN in such case, SBL+XBL is obsolete now.
We use a local feed, so querying
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NGSS schrieb:
| I am losing confident in SA, the training process is pretty slow or it
| doesn?t seem to be learning.
I don't think training is your first and foremost problem.
It seems that you are not running network tests [1] (esp. RBLs),
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jo Rhett schrieb:
| Why not allow me to say I trust everything from this host no matter
what?
Why would you run the mails through SpamAssassin if you trust everything
from that host? A whitelist entry in the MTA would avoid wasting
resources on
[snip code + explanation]
Very nice :)
It would be nice to see something like this built into SA in the future,
possibly even distributing all the entries daily with sa-update.
We can produce almost any export format of dnswl.org data, also in a way
that it would fit for some sa-update
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kathryn Kleinschafer schrieb:
| Am I supposed to reload a service or is there something else I have
missed?
Yes, every change to a *.cf or *.pre file requires a restart of spamd
(as opposed to the standalone spamassassin binary, which will read
Am 16.02.10 21:23, schrieb Kris Deugau:
*nod* This is the biggest question I still see remaining; who
maintains the blacklist? How many spams can come from an MTX-approved
IP before it can/should be blacklisted?
It does not necessarily or exclusively need to be a manually maintained
Karsten,
Am 26.02.10 22:53, schrieb Karsten Bräckelmann:
code? Then this would seem to be a general sketch: Write the plugin,
while keeping DNSWL tightly in the loop to sync the process. Submit the
Actually, Darxus is editor at dnswl.org and contributes a nameserver -
he is very much in the
Hello all,
dnswl.org has been running as a pure volunteer project since 2006.
However, given the changing anti-spam industry and the challenges
ahead, we decided that we need some sound financial basis. In a number
of steps, we will introduce a subscription model for heavy users and
vendors of
Hi all,
I'm not sure whether that would be more appropriate for the dev list,
but I guess this is relevant/of interest to the SpamAssassin project,
and I don't know whether this has caught attention here yet.
John in his draft mentioned below is very right to point out that
simply applying the
On Wed, Dec 29, 2010 at 9:26 PM, David F. Skoll d...@roaringpenguin.com wrote:
I'm not sure I agree with that. The smallest unit of IPv6 address
space allocated by a provider (even to an end-user) is likely to be a
/64, so I don't see why whitelists can't list /64's too. Essentially,
I
On Wed, Dec 29, 2010 at 9:52 PM, David F. Skoll d...@roaringpenguin.com wrote:
and shared hosting providers may
allocate smaller ranges to their customers (why not an individual IP
to each customer?).
Because then your routing table gets insane.
They may allocate the IPs in a virtualisation
On Thu, Dec 30, 2010 at 12:42 AM, Ted Mittelstaedt t...@ipinc.net wrote:
Thus, we can safely make the assumption that any mailserver is going
to follow the model of a single host per /64. Thus it will ALSO be
just as useful for whitelists to have the same granularity - a /64 -
as it would be
(Sorry, sent to David only by error)
On Thu, Dec 30, 2010 at 8:05 PM, Matthias Leisi matth...@leisi.net wrote:
On Thu, Dec 30, 2010 at 7:26 PM, David F. Skoll d...@roaringpenguin.com
wrote:
The real problem is the human effort needed to monitor the enormous IPv6
address spave for abuse. I
(Same error on this mail, I should pay more attention to To: and the
reply button. Sorry for the mess)
On Thu, Dec 30, 2010 at 8:10 PM, Matthias Leisi matth...@leisi.net wrote:
On Thu, Dec 30, 2010 at 7:43 PM, John Levine jo...@taugh.com wrote:
Any protocol that makes lookups in a huge adress
(3) A shifting of focus on whitelists is important... but some of those
shouldn't really be whitelists in the traditional sense. Instead, they
should merely indicate that an IP is a candidate for sending mail.
This one I agree with. The Spamhaus whitelist is intended only for
very virtuous
John, I agree that your draft is clever. But I think it's really
stretching DNS way beyond what it was designed for and it might be
time to look at a different approach. To paraphrase the old saying,
when all you have is DNS, every problem looks like a lookup.
To be honest, my first
On Tue, Jan 4, 2011 at 8:27 AM, Jason Haar jason.h...@trimble.co.nz wrote:
This is a great topic! Is this been discussed at the IETF level? This is
much bigger than SA. From the sounds of this thread, spam under ipv6 is
going to be almost an *infinitely* bigger problem than ipv4. What about
On Tue, Jan 4, 2011 at 9:24 PM, David F. Skoll d...@roaringpenguin.com wrote:
(Spamhaus could greatly lower the load on its servers by using much
bigger TTLs, especially for lists that don't change often like the PBL.
But as another posted mentioned, sometimes DNSBL owners want to see
the
On Sun, Feb 20, 2011 at 4:22 PM, Pasi Hirvonen p...@iki.fi wrote:
Hello,
I just recently moved our mail setup to new hardware and I've been
paying close attention to what gets marked as spam and what
doesn't.
Looking at my spam folder, I have received roughly 550 spam emails
to my email
On Sun, Feb 20, 2011 at 8:11 PM, Michelle Konzack
linux4miche...@tamay-dogan.net wrote:
Looking at my spam folder, I have received roughly 550 spam emails
to my email account since last tuesday (15th). Out of those 550,
*345* have been downscored by RCVD_IN_DNSWL_MED. Annoyingly, a
This issue
On Sun, Feb 20, 2011 at 7:51 PM, Warren Togami Jr. wtog...@gmail.com wrote:
Matthias, we really need a method to auto-report violations of DNSWL. My
spam traps receive dozens or more every week.
At what score? Any noteworthy patterns?
But I don't have time to file
a web form every time it
On Mon, Feb 21, 2011 at 1:54 PM, Michelle Konzack
linux4miche...@tamay-dogan.net wrote:
Pkte Regelname Beschreibung
-- --
2.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
medium
On Mon, Feb 21, 2011 at 6:56 PM, dar...@chaosreigns.com wrote:
Create account here: http://www.dnswl.org/registerreporter.pl
( http//www.dnswl.org / Report Abuse, Register as Reporter )
Just realized that the signup process is broken. Should be fixed later today.
Sorry for the
On Mon, Feb 21, 2011 at 8:56 PM, Matthias Leisi matth...@leisi.net wrote:
On Mon, Feb 21, 2011 at 6:56 PM, dar...@chaosreigns.com wrote:
Create account here: http://www.dnswl.org/registerreporter.pl
( http//www.dnswl.org / Report Abuse, Register as Reporter )
Just realized that the signup
On Fri, Dec 2, 2011 at 4:02 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote:
1: use rbldnsd to dump zone to bind.zone (Gigaram usage)
I doubt rbldns is able to dump zone content.
many DNSBL providers support also BIND format.
Note that BIND takes much more RAM space
man rbldnsd:
| -d
On Sun, Dec 4, 2011 at 6:17 PM, Matus UHLAR - fantomas
uh...@fantomas.sk wrote:
| -d Dump all zones to stdout in BIND format and exit. This may be
That's what we use for the BIND export of dnswl.org data (create
rbldnsd-formatted file, and let rbldnsd -d create the BIND file).
hmmm
On Tue, Dec 13, 2011 at 3:00 PM, Michael Scheidell
michael.scheid...@secnap.com wrote:
[..] Blocking the ip address by firewall
will save bandwidth and cpu cycles.
Firewalling will have the same effect as returning no answer - it will
cause retries and thus will roughly triple the amount of
On Sat, May 26, 2012 at 10:38 PM, Wolfgang Zeikat
wolfgang.zei...@desy.de wrote:
In an older episode, on 2012-05-26 22:06, Jeremy Morton wrote:
OK I continue to get this problem - lots of spam is coming through now
with:
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
On Tue, Aug 14, 2012 at 4:30 PM, Ben Johnson b...@indietorrent.org wrote:
The majority of the spam that our users receive is a direct result of
this one rule; it seems that plenty of spammers are white-listed in this
database, and it is a weighty test (it reduces the score by as much as 2
or
On Wed, Sep 5, 2012 at 8:58 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
OK, it's better than nothing though I don't know the percentage of people
with Ham reporting is very high. Can you recommend some exact verbiage on
From experience with the dnswl.org request queue, I can tell you that
On Mon, Sep 10, 2012 at 8:34 PM, Helmut Schneider jumpe...@gmx.de wrote:
It looks like RCVD_IN_DNSWL_MED examines firstuntrusted and if he
trusts his MX/relays correctly then this shouldn't be happening.
In general, setting up the trustpath correctly is sufficient.
If I understood you
Hello SA users list,
The SpamAssassin rules are an important input for the dnswl.org
project; in turn, the dnswl.org project helps to reduce the chance of
false positives through the SA ruleset.
The SpamAssassin and the dnswl.org projects have a significant overlap
in the user base, and an
On Wed, Sep 26, 2012 at 5:09 PM, Sergio sec...@gmail.com wrote:
FROM THE HEADERS:
Received: from (127.0.0.1) by mail62.us1.rsgsv.net (PowerMTA(TM) v3.5r16) id
hcc8go0lj3g4 for fernando.lo...@puntocel.com.gt; Wed, 26 Sep 2012 14:28:26
+ (envelope-from
2012-11-22T19:16:18.323410+00:**00 localhost spamd[24393]: spamd: setuid
to spamd succeeded
2012-11-22T19:16:18.323802+00:**00 localhost spamd[24393]: spamd:
creating default_prefs: /var/lib/spamassassin/.**spamassassin/user_prefs
2012-11-22T19:16:18.324189+00:**00 localhost spamd[24393]:
On Tue, Feb 5, 2013 at 8:27 AM, Per Jessen p...@computer.org wrote:
This is what e.g. rfci-ignorant or many other rhsbl blacklists are
for.
rfc-ignorant has gone off-line.
http://www.rfc-ignorant.de/
-- Matthias
On Thu, Feb 7, 2013 at 11:31 AM, Lutz Petersen l...@shlink.de wrote:
It makes no sense to point this to dnswl - mobile.de itself is not a spam
source
itself
If you use mobile.de as a forwarder, it may make sense to add there IPs to
your trusted_networks configuration. If you do this, the
On Mon, Feb 18, 2013 at 10:04 PM, mouss mo...@ml.netoyen.net wrote:
I hope Justin has no problems. if anybody has news, please share that
with me.
He writes on his Twitter account (@jmason) from time to time. So he is
still around :)
-- Matthias
On Thu, Apr 25, 2013 at 1:47 PM, Matus UHLAR - fantomas
uh...@fantomas.skwrote:
I don't think so... IIRC the REPLACE INTO deletes existing record and
inserts new one, does not update existing. This caused some issues for me
some ~10 years ago, so i switched to the update or insert.
REPLACE
On Tue, Jul 2, 2013 at 7:09 PM, Andreas Schamanek
scham...@fam.tuwien.ac.at wrote:
2) What's currently more annoying are colleagues of mine operating
large mail servers (tu-graz.ac.at and ethz.ch are 2 examples) who
forward their former users' mail to external addresses without prior
Could you please share the IP address (better: relevant Received:
header)? This seems like an error in our data.
-- Matthias, for the dnswl.org project
On Sun, Aug 25, 2013 at 10:19 PM, Jason Haar jason_h...@trimble.com wrote:
Hi there
I just received some spam - got a score below 0. The real
On Thu, Oct 31, 2013 at 9:59 AM, Henrik K h...@hege.li wrote:
I shortcircuit ALL_TRUSTED with a huge trusted_networks list. :-) So yes
it's a whitelist for me. I add networks known to be spam free and operated
by friends (other govenment entities, consulting firms etc). Everything
works
Going back to the OP of this thread after some thinking:
On Thu, Dec 19, 2013 at 4:02 PM, Joe Quinn jqu...@pccc.com wrote:
We are noticing a lot of spam coming from domains that are less than two
months old. Is there a good way to detect this automatically?
We've thought about whois, but do
Matt Kettler wrote:
Do you see additional options?
Use a SQL server backend. If you must have a no-failure option for the
bayes DB, use a cluster of SQL servers.
[..]
Also see the SQL readme:
http://wiki.apache.org/spamassassin/BetterDocumentation/SqlReadmeBayes
I already took a look
First, a thank you all for the suggestions relating to SQL. It seems SQL
support is better than I expected and I will give it a try.
Alex Woick wrote:
Don't overrate Bayes.
The system has been running without Bayes for roughly 3 years (with
incremental Spamassassin updates), and with good
Miles Fidelman wrote:
Do you *really* need to pass locally generated mail through
Spamassassin? Most likely not.
*Received: * from localhost (localhost.localdomain [127.0.0.1]) by
server1.neighborhoods.net (Postfix) with ESMTP id 5CDE2B6C2F0 for
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED];
Theo Van Dinter wrote:
My suggestion was going to be to have the plugin define tags that can
be used via add_header. No need for calling add_header() internally.
Sounds like an interesting idea. Since I've never written plugins for
SA: what is the best starting point / documentation?
I'd like to give SpamAssassin configuration instructions for the use of
dnswl.org (DNS Whitelisting project, see http://www.dnswl.org/). The
goal is to ensure a) efficient (minimal) use of DNS queries and b) that
fake headers do not trigger any whitelisting.
From my understanding, this can be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alex Handle wrote:
Received: from 141.88.223.236 (HELO mx1.ihk.de)
by mydomain.at with esmtp (08E71A-P)@7X K0'+V)
id 76)4Y6-50O4:-+8
for [EMAIL PROTECTED]; Mon, 4 Dec 2006 01:20:50 +0180
[..]
Is there a way to write a custom
For certain kinds of spam, it would be advantageous to have a highly
dynamic set of rules (eg stock spams). The usual methods (à la sa-update)
are usually slow - slow as in once or twice a day; however I think it
would make sense to have them fast - fast as in continuously updated.
As such, DNS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fred T wrote:
As someone else pointed out, the best bet might be the use of a new
config item / plugin. something like:
ifplugin mxhelo
mx_helo_name mx.host.tld host.tld d.d.d.d
headerHELO_AS_ME eval:check_for_my_mx()
score
Mick Pollard wrote:
Chris wrote:
Seems the huge network of compromised machines that started earlier
this month are still going strong and appears to be growing. My spam
input has grown today by about 700%. Below are the top ASN's and
CIDR's for todays run:
Report date: Sat Nov 18
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Codger wrote:
I was wondering about anyone's thoughts toward having a real
autogreylist database as part of, but separate from, the autowhitelist
in SA? Or even if you think this is all a bad thing to do in the first
place. The appeal for me
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin wrote:
Hi,
I ran spamassassin in debug-mode and noticed the following output:
[23887] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9a4a910) implements
'parsed_metadata'
[23887] dbg: uridnsbl: domains to query:
[23887]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kyle Quillen wrote:
I have a few issues with our filtering and am not sure how to make
things better. The main issue that I have is that I have created a
whitelist.cf file in /etc/mail/spamassassin but with the following
[..]
I am not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I can specify sa-update --updatedir path to use something other than
the default (eg /var/lib/spamassassin/version). However, I can not do
the same for spamd(8) and spamassassin(1) -- they have LOCAL_STATE_DIR
substituted at make time.
I know that I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nigel Frankcom wrote:
On Thu, 21 Dec 2006 11:16:43 +0100, Emmanuel Lesouef
[EMAIL PROTECTED] wrote:
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client rbl-plus.mail-abuse.org,
reject_rbl_client
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Mason wrote:
Also, any suggestions from outside the dev team? Anyone got good ideas
for new SpamAssassin features that would be good to pay someone to work on
for 3 months?
If I look at the tools and scripts I built around SA (and which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mathias Homann wrote:
Is that size limit configureable?
| Usage: spamc [options] [-e command [args]] message
|
| Options:
| [..]
| -s size Specify maximum message size, in bytes.
| [default: 250k]
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nigel Frankcom wrote:
pointed out by a kind list member, there are various 'flavours' of
regex. Can anyone tell me which particular flavour I'm best
concentrating on for SA rules?
man perlre
- -- Matthias
-BEGIN PGP SIGNATURE-
/ Spam1
Internet == MX Relay == Spam2
\Spam3
I use DNS Round Robin for MX Relay sent at all spam server.
I want know if in this solution, that don't change Rbl Score ?
he use the IP of the sender,
[Disclosure: I'm involved with the dnswl.org project]
SA 3.2.0 misses one rule to get the actual dnswl.org lookup rules working
(reported in http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5450,
targetted for resolution in 3.2.1).
In order to use dnswl.org lookups already today, add the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jack L. Stone wrote:
When I run manual test:
[EMAIL PROTECTED] host 2.0.0.127.list.dnswl.org
...I get
2.0.0.127.list.dnswl.org has address 127.0.10.0
Not return of 127.0.0.2???
There was a doc error on http://www.dnswl.org/tech telling
I have received some mails that from domain and return-path domain is
different and from domain is in whitelist nowadays. So spamassassin
decide mail that is ham . because of user_in_whilist rule.
Instead of whitelist_from you should use whitelist_from_rcvd, eg to
whitelist mails from me,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sujit Acharyya-Choudhury wrote:
We are currently running SpamAssassin 3.1.7. Can we run dnswl.org with
this version of SpamAssassin?
Sure - it uses regular DNSBL-style lookups. dnswl.org data (and the
rules) should work in almost any version of
I think it would be useful to start using this idea more widely to
improve the quality of DNS listing. So roll the idea around and see if
we can build on it.
It's somewhat similar to the trust levels we use in dnswl.org (where,
incidentially, we partly import data from different sources that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter Farrell wrote:
Investigating 12 minute/message processing time - SA hangs on
Mail::SpamAssassin::Plugin::Check.
One thing to investigate: Nameservers.
I just had a case where mails were being unexplicably delayed. It turned
out that the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill McGonigle wrote:
I've seen plenty of spam hit the RCVD_ILLEGAL_IP rule and just recently
noticed that the default score is only 0.23.
My first impression is that if they're sending from an unassigned
address then I ought to just crank
From large providers i sometimes recieve messages through encrypted
smtp, the header looks smth like this (qmail):
... with (AES256-SHA encrypted) SMTP; ...
Would it be a good idea to give a minimal negative score on this -0.1 or
-0.2 if this happens on the last hop? - It proves that the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[Disclosure: I'm involved with dnswl.org]
ram wrote:
http://www.dnswl.org/
http://wiki.ctyme.com/index.php/Spam_DNS_Lists
Both work well IMHO
These are ip lists.
I think there would be some spamassassin rule already
( RCVD_IN_DNSWL ???) .
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Diego H. schrieb:
If anyone suggest to remove some SA plugin from v310.pre, v312.pre or
v320.pre would be nice.
Maybe one of this plugins is pushing the load too, If anyone recommend to
turn it off, I would like to hear comments:
Perform
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CharlesLai schrieb:
Just copy the PDFInfo.pm plugin into the default directory for Spamassassin
plugins:
sudo cp /downloads/pdfinfo/PDFInfo.pm
/Library/Perl/5.8.6/Mail/SpamAssassin/Plugin/
Remember that putting your custom plugins there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] schrieb:
It's the following plugin. I have tested loading and commenting out the
plugin - it's the culprit. SA 3.2.2 automatically adds several plugins
automatically.
# ASN - Look up the Autonomous System Number of the
1 - 100 of 183 matches
Mail list logo