Hi SA-Talkers
I just received the attached mail this morning, and I was quite upset.
For me, this is a completely new way of validating an email address. It
might be hard to catch this with SA ...
CU
André
--
Real programmers do "cp /dev/audio a.out" and whistle into the mike.
Do yourself a favor...go into /etc/postfix/main.cf, and set:
mailbox_command = /usr/bin/procmail
Then, you can undo that .forward, and let postfix call procmail as the
local delivery agent, directly.
On Tue, 29 Oct 2002, Kaleb Pederson wrote:
> I installed spamassassin without any problems. I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm really excited about 2.5 and the inclusion of the Bayesian
Filter. I'm currently debating if I want to use the beta version or
wait for the general release.
Anyway -
Once I get it going, would it be wise to download the public corpus
and run t
> -Original Message-
> From: Mike Loiterman [mailto:[EMAIL PROTECTED]]
> I get this error when I run your script:
> Fatal error: Call to undefined function: imagecreate() in
> /usr/home/mike/phplot-4.4.6/phplot.php on line 203
>
> I did some checking and it appears that the problem is be
Steve,
Nice idea, thank you.
I hope you don't mind that I expanded upon it a bit. I still have some of
the older format logfiles around, so I changed the whole thing to run as
one perl script, and added code to check which logfile format. I also
added a summary of who was getting the spam, a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I get this error when I run your script:
Fatal error: Call to undefined function: imagecreate() in
/usr/home/mike/phplot-4.4.6/phplot.php on line 203
I did some checking and it appears that the problem is because I have
- --without-GD in my configur
On Tue, Oct 29, 2002 at 10:55:47AM -0600, Ken Causey wrote:
> However this doesn't seem to be working:
The tests you performed were manually directed at the rbldns server.
However, RBL queries are done using standard DNS lookups, and are
therefore subject to the normal DNS recursive lookup algorit
On 29 Oct 2002 15:06:47 -0600
Ken Causey <[EMAIL PROTECTED]> wrote:
> As I mentioned in a previous email I wanted to setup my own local (as in
> on the same host as the SMTP daemon) RBL so checks would be real
> snappy. Unfortunately I find that I cannot use a local RBL with SA
> because it (righ
In case it's useful to anybody, this is a one-liner (and it's output) that I
use to see how long SA [spamd 2.43] is taking to process messages on our RH
box.
It works for me; YMMV.
grep -E "(clean message|identified spam)" /var/log/maillog |awk
'{print$12}'|sort -n|perl -e
'while(){chomp;$times{
With Postfix on RedHat 7.2 I started with:
> http://www.advosys.ca/papers/postfix-filtering.html
too, but then did it my own way with SpamAssassin and then Anomy
Sanitizer, with my own config file, called from Courier Maildrop, which
is my local delivery agent, whereas most people use procmail.
On Tue, 29 Oct 2002, Smart, Dan wrote:
> Ralf is a *major* contributor to Postfix group.
Just so we're clear on the attributions here ... the procmail poster whose
articles I referenced was Dallman Ross; Ralf was responding to statements
made by Dallman.
---
on Tue, Oct 29, 2002 at 07:38 AM -0800, Bart Schaefer ([EMAIL PROTECTED]) wrote:
> Just food for thought:
>
> http://www.rosat.mpe-garching.mpg.de/mailing-lists/procmail/2002-10/msg00465.html
Some agreement, some disagreement.
SA w/o tuning does present a number of false positives. Whitelist ru
Might worthwhile to peruse his regex and see if there is anything there to
incorporate in SA rules.
-Original Message-
From: Smart, Dan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 29, 2002 4:51 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Perspectives on (not) u
Hi all,
I just put in production a server to filter all imcoming e-mail using
SA. I use postfix, and everything works smooth except that some messages
take an extremely long time to scan (over 8 minutes). So far, I'm pretty
much convinced these are only malformed messages, but I don't have
conclusi
You're right, I'm sure this is doable in some fashion. However there's
a limit to how much I want to fool with a server's setup. Note that I'm
using a VERY specialized RBL-only DNS daemon here (djbdns's rbldns) and
that it only provides RBL data. Frankly this becomes less interesting
the more co
Classification: PUBLIC
Ralf is a *major* contributor to Postfix group. He's the king of REGEX in
Postfix. I moved to SA after trying to do filtering in Postfix. The binary
mode of one hit killing a message caused too many false positives. That's
why I moved to SA for SPAM filtering.
<>
|
What about making your local nameserver authoritative for the rbl domain
you're using, and replacing your nameserver with 127.0.0.1 in resolv.conf? I
use my own nameservers on every connection I use, including my dsl at home.
That way, I maintain complete control over what I'm looking up, I can cle
Classification: PUBLIC
Install daemon version of SpamAssassin
Copy script from tar directory/spamd for redhat to /etc/rc.d/init.d
directory
cp redhat-rc-script.sh /etc/rc.d/init.d/spam
this also renames it to spam
chmod 755 /etc/rc.d/
Bart Schaefer said:
> Did you read the original article? He claims to be _more_ accurate than
> SA while still doing header-content-only tests (not DNSbl). Of course, I
> don't know whether that includes blocking IP ranges with a private list.
> Personally I use SA because it's "close enough"
WOW! That is slick and easy. Nice work.
-Original Message-
From: Jeremy Turner [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 29, 2002 4:35 PM
To: Rich Wellner; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Generating Statistics (new graph enclosed)
On Thu, 2002-10-24
On Tue, 2002-10-29 at 15:30, Steve Thomas wrote:
> I'm not sure why you couldn't use "localhost" as the rbl server. In your
> previous example I saw "local" as the rbl server. Unless you've got "local"
> in your /etc/hosts file, it's not going to resolve. "localhost" *should* be
> in /etc/hosts, a
On Tue, 2002-10-29 at 15:30, Steve Thomas wrote:
> | do_rbl_lookup) which contacts the $rbl_domain directly. This would
> | allow me to do such things as defining the $rbl_domain as an alias for
> | 127.0.0.1 in /etc/hosts and keeping the request completely local as
> | needed.
>
> I'm not sure w
Thomas,
This is where I got started.
http://www.advosys.ca/papers/postfix-filtering.html
Overall it went pretty smooth on a RedHat 7.3 server.
I ultimately did not like the Anomy MIME defanger (may have been a
configuration issue on my part.) so I hacked up the filter.sh to remove it
and I also
How would one go about gathering stats to check to see if an email is
truly a false positive or false negative? Do you put a link at the top
(or bottom) of each email saying 'if this is spam, click here. if this
is not spam, click here' which gets counted/analyzed somewhere?
Jeremy
--
Per olof Ljungmark wrote:
Hi all,
Using spamd/spamc 2.43 on MX with no local users and spamd is running
as a non-privileged account.
Why is it that the only place I can have the AW is under /tmp?
Trying elsewhere will return lockfile errors. Have read the
README.spamd but apparently I'm stupid
I just got this one. I get such a kick out of people advertising their
anti-spamware via spamming...
http://www.sthomas.net/misc/spam.html
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
On Thu, 2002-10-24 at 14:36, Rich Wellner wrote:
> I was writing this note and put in that a histogram might be useful and that a
> couple people had already asked, so I decided to put one together instead of
> continuing to talk about it.
>
> You can see a sample from my mail: http://wellner.org/
| do_rbl_lookup) which contacts the $rbl_domain directly. This would
| allow me to do such things as defining the $rbl_domain as an alias for
| 127.0.0.1 in /etc/hosts and keeping the request completely local as
| needed.
I'm not sure why you couldn't use "localhost" as the rbl server. In your
pr
Quick question. I'll admit I haven't looked into this at all. But I don't
recall seeing anything like this in the docs.
If local rules set an email over your spam limit, then can it be set to skip
Razor2 check? At that point it is already spam, no sense in checking any
further.
I only ask becaus
Wait a second.. You're using 2.42 see this bug
http://www.hughes-family.org/bugzilla/show_bug.cgi?id=1128
This bug appears to be fixed in 2.43.
At 02:17 PM 10/29/2002 -0600, James Bly wrote:
It looks like it may be some sort of memory leak in spamd.
A long ps gave me some additional relev
On Tue, 29 Oct 2002, Vivek Khera wrote:
> I read the original message linked from this thread and he was saying
> that his customized, personalized, specific-to-him rules worked better
> for his specific email mix than SA did. This is, of course, expected.
See follow-ups:
http://www.rosat.mpe-g
As I mentioned in a previous email I wanted to setup my own local (as in
on the same host as the SMTP daemon) RBL so checks would be real
snappy. Unfortunately I find that I cannot use a local RBL with SA
because it (rightly for the most part) makes use of the standard
resolver logic which (since
There's a rather serious problem with the check_rbl logic to trim down
the Received IP list to something manageable and that is that it doesn't
first exclude reserved IPs before trimming. I'm quite commonly seeing
spam now that passes around through a couple of internal hosts with
reserved IPs bef
> "RG" == Roland Gaspar <[EMAIL PROTECTED]> writes:
RG> oooh.. that would open-up a whole can of email DDOS
RG> whup-ass... just imagine I don't like someone, so I send spam, as
RG> them, to hundreds of sites, imagine now that it's a perfect world
RG> and 100% of those use SA and have it confi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
How'd you do this? I though the sql database was only for user
prefs? I'm interested in using an sql database to track my spam
effectiveness as well.
- --j2AXaZ4YhVcLc+PQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Cont
> "JM" == Justin Mason <[EMAIL PROTECTED]> writes:
JM> Ralf Hildebrandt said:
>> He's wrong on this:
>> Fourth, and I've saved the best for last: SA is a HOG. I refuse to
>> fire up perl for each message, and I refuse to full-body-grep each
>> message that comes in.
>> (spamc/spamd and also
Who else is using the Bayesian classifier from the current 2.50-cvs? What
kind of results is it giving you?
I fed the learner about 2700 spams and 5600 non-spams, taking special care
to give it all the false-negatives I've been squirreling away.
I then re-checked 169 of those same false negativ
It looks like it may be some sort of memory leak in spamd.
A long ps gave me some additional relevant details to the problem. As you
can see, two spamd sessions are in lock_p state. There are also two spamc
connections in FIN_WAIT2.
000 S qd 22432 22431 0 75 0- 331 wait4 13:49 ?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 29 Oct 2002, Thomas Nyman wrote:
> I have to admit that at the moment I dont have a good grip on Spamassassin
> and how it works. For instance, how would I go about getting a whitelist
> to work and also starting automatic whitelist? Is this s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I don't get a lot of false negative (SA developers: I owe you some pizza &
beer) and those are get are usually spam without a lot of spam features.
Therefore if it's not yet in razor or dns-blocklisted they will score
very low. Sometimes when I run 'sp
Hello Good People,
I've just installed SpamAssassin via CPAN and it seems to have worked
fine. I have entered procmail recipies and as far as I can tell the spam
check seems to work. I run Postfix as my MTA and I was kind of wondering
if there is any reason to try and make changes in Postfix confi
On Tue, 29 Oct 2002, Justin Mason wrote:
> > He's wrong on this:
> > Fourth, and I've saved the best for last: SA is a HOG. I refuse to
> > fire up perl for each message, and I refuse to full-body-grep each
> > message that comes in.
>
> But it's a fundamental mismatch in approaches anyway -- a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
before reporting it was 1.10. Can we create some rules to make this score
way higher...
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD8DBQE9vuVMY6Nk2Nv6ZRcRAu9JAJ4ru
I'd ruled out iptables by stopping it. The problems persisted, although it
had to run like that for two days before they showed up again. (iptables was
only being used for basic local firewalling, for the record. This system is
still firewalled from the internet and does not accept connections from
oooh.. that would open-up a whole can of email DDOS whup-ass... just imagine I don't
like someone, so I send spam, as them, to hundreds of sites, imagine now that it's a
perfect world and 100% of those use SA and have it configured to bounce what
happens to said disliked-person's mailbox?
I installed spamassassin without any problems. If I do the test as
indicated in the docs everything works fine.
But for some reason it seems procmail isn't called at all?
If my .forward contains:
[EMAIL PROTECTED]
my mail gets forwarded correctly.
My .forward:
"|IFS=' ' && exec /usr/bin/procma
It's surprising to me that connections from a local client to a local
server are being trapped in FIN_WAIT2. There's nothing an application can
really do to mess up the closing of connections, so I'd susspect a bug in
your firewall rules, or your linux kernel. Connections for TCP should
smoothl
Ralf Hildebrandt said:
> He's wrong on this:
> Fourth, and I've saved the best for last: SA is a HOG. I refuse to
> fire up perl for each message, and I refuse to full-body-grep each
> message that comes in.
> (spamc/spamd and also it doesn't do a full body grep)
true!
But it's a fundamental m
Title: Message
Perhaps someone has
seen this before so I ask: Recently I rebuilt a relay using RedHat 8.0. Went
with the latest version of SA at the time and I'm starting to see spamc
intermittently fail. Iptables has been ruled out as being connected with this.
(Was my first suspicion.)
B
Several people have been asking how to redirect mail
straight to /dev/null I personally would be interested in
knowing what the simplest way to bounce messages
above a certain threshold would be. I do not want to
delete a message without at least warning the recipient
that their message was not
On Tue, Oct 29, 2002 at 10:57:39AM -0600, Ken Causey wrote:
> I failed to note in my original message that rbldns only listens for UDP
> packets. Can SA handle rbl checks via UDP?
Most DNS lookups are done via UDP...
--
Ralf Hildebrandt (Im Auftrag des Referat V a) [EMAIL PROTECTED]
Charite
BURP! That was delicious.
Frankly, anything (and I don't care how crude, inefficient, CPU hog,
bloated, etc.) that pre-tags the spam in my mail stream works for me.
Our inbound mail stream is currently tracking at about 30% spam. So out of
about 5,000 inbound emails so far this week, 1,420 were
To supplement our local SA setup I'm trying to setup a local RBL and
configure SA to check it. I'm trying to use rbldns from djbdns and I've
got it setup to only listen on localhost (it's running on the mail
server itself). I've added rbl.mail.premiernet.net. to /etc/hosts entry
for 127.0.0.1 and
I failed to note in my original message that rbldns only listens for UDP
packets. Can SA handle rbl checks via UDP?
Ken
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
__
Frank Pineau said:
> >Won't this get overwritten with the next upgrade they install? Is there
> >a more elegant solution (local.cf or some such thing)?
>
> Welcome to the wonderful world of custom mods. :-)
wrong, I'm afraid!
anything in any file in /etc/mail/spamassassin will *not* be overwr
Vivek Khera said:
> I bounce messages scoring above 7.0, but my inbound filter is using
> Razor1 not Razor2. Any spams that make it through to me I test on my
> workstation using Razor2, and inevitably they are listed there. Most
> of the time the Razor2 score will throw it over the 7.0 score.
On Tue, Oct 29, 2002 at 07:38:21AM -0800, Bart Schaefer wrote:
> Just food for thought:
>
> http://www.rosat.mpe-garching.mpg.de/mailing-lists/procmail/2002-10/msg00465.html
He's wrong on this:
Fourth, and I've saved the best for last: SA is a HOG. I refuse to
fire up perl for each message, and
Just food for thought:
http://www.rosat.mpe-garching.mpg.de/mailing-lists/procmail/2002-10/msg00465.html
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
__
Chris Fortune said:
> I remember somebody posted an archive of collected spam emails a couple =
> of weeks ago. URL?
http://spamassassin.org/publiccorpus/
--j.
--j.
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
h
Matt Kettler said:
> From what I can tell very few, if any at all, of the SpamAssassin
> developers use a global AWL. The fact that the severe 2.42 "white listing
> spammers using dictionary attacks against sites with global AWLs" wasn't
> caught prior to release strongly suggests they don't.
> "TVD" == Theo Van Dinter <[EMAIL PROTECTED]> writes:
TVD> Since I'm having another night of not being able to sleep, I naturally
TVD> started pondering how effective the spam blocking I've been doing
TVD> has been.
I bounce messages scoring above 7.0, but my inbound filter is using
Razor1 n
On 29 Oct 2002 09:41:08 -0500, you wrote:
>
>Won't this get overwritten with the next upgrade they install? Is there
>a more elegant solution (local.cf or some such thing)?
Welcome to the wonderful world of custom mods. :-)
---
This sf.net e
On Mon, 2002-10-28 at 03:14, Daniel Quinlan wrote:
> Just grep for "http://spamassassin.org/tag"; in the installed .cf
> (configuration) files. Specifically, "10_misc.cf".
>
Won't this get overwritten with the next upgrade they install? Is there
a more elegant solution (local.cf or some such t
Since I'm having another night of not being able to sleep, I naturally
started pondering how effective the spam blocking I've been doing
has been.
Over the past week or so (actually since 2002-10-21 00:00:00), here's
what I've found:
# total verified spams
mysql> select COUNT(*) from reported wh
Do you know what the no such file or directory refers to which I got
when I tried spamassassin -r -D ?
on Tuesday 10/29/2002 Theo Van Dinter([EMAIL PROTECTED]) wrote
> On Mon, Oct 28, 2002 at 10:50:56PM -0500, John covici wrote:
> > So then I tried to register, but it said my Email was already
On Mon, Oct 28, 2002 at 10:50:56PM -0500, John covici wrote:
> So then I tried to register, but it said my Email was already
> registered, so I tried a new one and it said it was successful, but
> spamassassin still did not work. Then I tried razor2-admin -d create
> but that didn't work either, s
Hi all,
Using spamd/spamc 2.43 on MX with no local users and spamd is running as a
non-privileged account.
Why is it that the only place I can have the AW is under /tmp?
Trying elsewhere will return lockfile errors. Have read the README.spamd
but apparently I'm stupid enough not to understand it
67 matches
Mail list logo
