Another dumb question. Where is "rbl_timeout" located? I can't find it
anywhere.
-- Terry
Rich Puhek wrote:
>
> The dsbl lists were not resolving earlier today, still appears to have
> problems.
>
> One fix (suggested by Matt Kettler in a different thread earlier today)
> is to change the RBL
Thanks! Setting 'rbl_timeout 5' cut the time down to 10 seconds per
mesage, instead of 30. Although I don't think 30 is a bad number at all,
it can start to be a problem on servers that have a high volume of e-mail,
and a lot of spamd processes get started because they are just waiting for
a respon
I posted some rules yesterday to catch spam from HiSpeedMedia / Daily
Promotions. They singlehandedly contribute about 10% of my spam, and their
messages are always an image and a minimum of text. The updated set of rules
below catches all of their messages, until they mutate again...
If you use t
> This example is a prime example, and really pretty amazing in the score:
That's another one of the DailyPromotions spams we've been talking about.
You may want to try the custom rules I posted a few minutes ago. Here are my
results on your message with 2.43 and the custom rules:
SPAM: Star
At 21:46 12/05/2002 -0500, Theo Van Dinter wrote:
On Thu, Dec 05, 2002 at 05:51:46PM -0800, Tomki wrote:
> That's the list of hits that you got when you tested that email?
Yep.
> I don't see the score you got.
Well, I see you're using 2.50 ... Did you install 2.50 or are you just
testing again
On Thursday 05 December 2002 07:46 pm, Victor O'Rear wrote:
> How can I stop, preferably at the user_prefs file, spamassassin from
> modifying the messages? My users don't mind modifying the subject
> line, but HTML mail is destroyed by the email.
defang_mime 0
report_header 1
--
Give a man a ma
How can I stop, preferably at the user_prefs file, spamassassin from
modifying the messages? My users don't mind modifying the subject line, but
HTML mail is destroyed by the email.
I suspect the only way is use the white-list option.
---
Thi
Hiya All,
My Sendmail/Mimedefang/Spamassassin installation does not seem to be
recognising the blacklist_to and whitelist_to lists.
The filter picks up the blacklist_from and whitelist_from perfectly. Anybody
know what might cause this?
Regards,
Andrew
[EMAIL PROTECTED]
--
Stephen Bader wrote:
I've noticed that today my messages are taking about 30 seconds each. I'm
assuming this is because of the same things you mentioned. Anyone know for
sure what is going on? I'm not very concerned at this point, as I'm sure
it will be corrected soon, but if it isn't, I would l
On Thu, Dec 05, 2002 at 08:37:00PM -0600, Stephen Bader wrote:
> I've noticed that today my messages are taking about 30 seconds each. I'm
> assuming this is because of the same things you mentioned. Anyone know for
> sure what is going on? I'm not very concerned at this point, as I'm sure
> it wil
On Thu, Dec 05, 2002 at 05:51:46PM -0800, Tomki wrote:
> That's the list of hits that you got when you tested that email?
Yep.
> I don't see the score you got.
Well, I see you're using 2.50 ... Did you install 2.50 or are you just
testing against 2.50? If you installed it; 1) I wouldn't do tha
John,
Thanks for providing your settings. They are ok.
I asked for it because Postfix logs don't show port numbers,
so checking the most obvious was my first guess.
Actually your problem is more tricky, and I have seen
similar situations during testing. The telltale log entry is:
Dec 3 14:48:03
I've noticed that today my messages are taking about 30 seconds each. I'm
assuming this is because of the same things you mentioned. Anyone know for
sure what is going on? I'm not very concerned at this point, as I'm sure
it will be corrected soon, but if it isn't, I would like to know which
checks
Michael Moncur wrote:
These folks are serious spammers. They even register each of the domain
names to look legit. Look up findhsm-list-cluster-182-643.com or any of the
others, they're all registered to Daily Promotions. (It's a shame a WHOIS
lookup would be expensive, or this would make an ex
That's the list of hits that you got when you tested that email?
I don't see the score you got.
is this with personalized tweaking of the rules?
The problem I have with doing that is that I'm setting up spamassassin for
individual users who do not have shell access to modify their
settings... so
On Thu, Dec 05, 2002 at 05:04:28PM -0700, Michael Moncur wrote:
> Actually 6 out of the 14 messages in your corpus are from these people. They
> frequently change URLs so it's hard to recognize them. But they all have the
> same sparse format and similar URLs that match some of the rules I posted.
On Thu, Dec 05, 2002 at 05:04:28PM -0700, Michael Moncur wrote:
> These folks are serious spammers. They even register each of the domain
> names to look legit. Look up findhsm-list-cluster-182-643.com or any of the
> others, they're all registered to Daily Promotions. (It's a shame a WHOIS
> looku
On Thu, Dec 05, 2002 at 04:16:08PM -0800, Tomki wrote:
> It's getting pretty bad... still a lot better than with anything else in
> my experience, granted, but the number of false negatives really is rising.
>
> This example is a prime example, and really pretty amazing in the score:
Y 5 1:<1p
On Thu, Dec 05, 2002 at 05:04:28PM -0700, Michael Moncur wrote:
> Actually 6 out of the 14 messages in your corpus are from these people. They
These 2 are MS worms, so SA won't do much with them:
From: Blkdiamond120 <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
From: ma_sa <[EMAIL PROTECTE
It's getting pretty bad... still a lot better than with anything else in
my experience, granted, but the number of false negatives really is rising.
This example is a prime example, and really pretty amazing in the score:
Received: from spoon.alink.net (spoon.sv-server1.alink.net [207.135.64.
On Thursday 05 December 2002 12:52 pm, [EMAIL PROTECTED]
wrote:
> Hello,
>
> Is there a way to tell spamassassin to show me all the email
> addresses and thier associated scores that are in my whitelist? I
> know how to add and remove them, but I'd also like to know what is
> actually in the list
> No, neither of those seems to be the culprit.
Actually 6 out of the 14 messages in your corpus are from these people. They
frequently change URLs so it's hard to recognize them. But they all have the
same sparse format and similar URLs that match some of the rules I posted.
They tend to be affil
No, neither of those seems to be the culprit.
I've uploaded my mini-corpus to:
http://welshdresser.tripod.com/corpus.gz
Paul
On December 5, at 5:58pm, Michael Moncur wrote:
> Are many of them from "DailyPromotions" or "HiSpeedMedia"?
Hi,
dailypromotions and our HiSpeed friends (hispeed, h-s-m, hispeed-media, etc)
are all in my qmail badmailfrom.
If anyone would like it, feel free to drop me a line. Most of them are also
in rbl.axess.com along with most dsl.x.x.x.x.br address's.
(http://rbllist.axess.com)
Rick
- Origina
> I just installed SA 2.43 and I am dismayed to find that it lets through
> about 25% of the spam I receive -- this with my threshold set to 4.0.
Are many of them from "DailyPromotions" or "HiSpeedMedia"? These are a
couple of big spammers that are focusing on very clean messages with almost
nothi
On Thu, Dec 05, 2002 at 04:02:34PM -0600, Terry wrote:
> Today I enabled RBL checking on spamassassin. It is REALLY slow checking all
> of those blackhole lists. (Most messages waiting about 30 seconds) On average
Yeah, today is fairly slow for some of them. It's not always like that, but ...
On Wed, Dec 04, 2002 at 04:03:31PM +, Justin Mason wrote:
>
> Matt Sergeant said:
>
> > There are a fair few so-called "right hand side" blacklists (taken from
> > the fact that they use the rhs of the email address), but they're
> > focussed on blocking based on what is given in the MAIL F
The docs indicate that setting required_hits to 8.0 to 10.0 is prudent to
prevent false positives, but on the test server with one account, I've
already noticed several spams getting through with 7.8 and 7.9 hits (are
the spammers on to SA?) with required_hits set to 8.0.
I'm just wondering if t
Today I enabled RBL checking on spamassassin. It is REALLY slow checking all
of those blackhole lists. (Most messages waiting about 30 seconds) On average
we do about 40,000 messages a week, so it's not that big a deal, but I am a
little worried about memory problems when the spammers send in a
I just installed SA 2.43 and I am dismayed to find that it lets through
about 25% of the spam I receive -- this with my threshold set to 4.0.
I have saved the false-negative spam messages that got through. Is there
a helpful place I can upload these so that the developers can take a
look?
Hello,
Is there a way to tell spamassassin to show me all the email addresses and
thier associated scores that are in my whitelist? I know how to add and
remove them, but I'd also like to know what is actually in the list.
Thanks!
-Ron Roth
--
On Thu, Dec 05, 2002 at 03:14:09PM -0500, Mike McCandless wrote:
> Matt, I'm not sure how to answer your question of 'is DNS available',
> but here's the output from the command you suggested. Let me know how
> you interpret this.
>
> debug: is Net::DNS::Resolver unavailable? 1
> debug: is DNS ava
We are using Spamassassin on win32 along with Guinevere 2 for
our GroupWise 6 system. I have a user who does not want his spam marked by
spamassassin. So I added an entry into the whitelist that says ALL_SPAM_TO
[EMAIL PROTECTED] so that it will not get
marked. It seems to work fine until
Matt, I'm not sure how to answer your question of 'is DNS available',
but here's the output from the command you suggested. Let me know how
you interpret this.
debug: using "/usr/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/home/
On Thu, Dec 05, 2002 at 04:01:14PM -0300, Jose M.Herrera wrote:
>> Try adding this line to your config file:
>>
>> defang_mime 0
> Thanks... but excuse by my ignorance, but what function makes this option.
By default, SpamAssassin changes mime headers in suspected spam in order to
prevent v
On Wed, Dec 04, 2002 at 10:08:32PM -0600, Alan Lehman wrote:
> For the occasional false positives, I would like to have an automated
> method to "clean" the SA tags. My thought was to create a mailbox
> with a procmail recipe to clean the email and return it to the sender.
> It might look
> somet
Is anyone else having trouble with the DSBL lists today?
(list|unconfirmed|multihop).dsbl.org are not resolving for me.
Oddly enough, lists.dsbl.org is working, which isn't listed on their
website as a RBL list.
--Rich
_
Rich Puhek
ETN
Another very significant speed killer is the DNS blacklists, particularly
if you don't have a very reliable high-speed connection to the net.
Even with a good connection, I've wound up zeroing out a few DNS blacklists
because the score contribution they make is too low to be worth doing a DNS
q
Do you have the perl module Net::DNS installed?
Run this:
spamassassin -tD
Does it say that DNS is available in the debug output? if not, it won't try
any RBLs.
At 10:57 AM 12/5/2002 -0500, Mike McCandless wrote:
I have the following in my .spamassassin/user_prefs file, in
anticipation that l
On Thu, 5 Dec 2002, Suzanne Skinner wrote:
> On Thu, Dec 05, 2002 at 12:09:24PM -0300, Jose M.Herrera wrote:
>
> > Mail who are SPAM (***SPAM***) are codified with base64. some mail that
> > they have HTML, pictures, etc, are decodified of a strange form that I
> > cannot read nothing of the mail
On Thu, 5 Dec 2002 12:15:39 -0500
[EMAIL PROTECTED] wrote:
> Hi,
> Need performance boost on spamassassin. Any good suggestions?
1. Do you use spamd? If not, it can give a better performance.
2. Do you check all messages? It yes, you can check just the
users who want enable the service
3. W
I am having a similar problem with RBLs. I am unclear on how SA chooses
which or any RBLs to check against. For some emails, SA does some RBL
checks; for other emails it might not do any. If I run spamassassin -D and
check the debug output, SA only shows RBL checks for which it gets a hit.
It do
Justin Mason said the following on 05/12/02 17:56:
Matt Sergeant said:
[EMAIL PROTECTED] said the following on 05/12/02 17:15:
Need performance boost on spamassassin. Any good suggestions?
Buy faster machine.
But seriously -- try turning off some body tests. They're killers,
speed-wise.
Matt Sergeant said:
> [EMAIL PROTECTED] said the following on 05/12/02 17:15:
> > Need performance boost on spamassassin. Any good suggestions?
> Buy faster machine.
But seriously -- try turning off some body tests. They're killers,
speed-wise. TRACKER_ID is a good one to lose, for example.
-
On Thu, Dec 05, 2002 at 12:15:39PM -0500, [EMAIL PROTECTED] wrote:
> Hi,
> Need performance boost on spamassassin. Any good suggestions?
Buy a faster computer.
--
rjbs
msg10561/pgp0.pgp
Description: PGP signature
[EMAIL PROTECTED] said the following on 05/12/02 17:15:
Hi,
Need performance boost on spamassassin. Any good suggestions?
Buy faster machine.
Matt.
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com
Hi,
Need performance boost on spamassassin. Any good suggestions?
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[E
defang_mime 0
use_terse_report 1
report_header 1
Put those into /etc/mail/spamassassin/local.cf
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]]On Behalf Of Jose
| M.Herrera
| Sent: Thursday, December 05, 2002 7:09 AM
| To: [EMAIL PROTECTED]
| Subject: [SAtalk
On Thu, Dec 05, 2002 at 12:09:24PM -0300, Jose M.Herrera wrote:
> Mail who are SPAM (***SPAM***) are codified with base64. some mail that
> they have HTML, pictures, etc, are decodified of a strange form that I
> cannot read nothing of the mail.
Try adding this line to your config file:
defa
On Thu, 5 Dec 2002 13:12:50 -0300 (CLST)
"Jose M.Herrera" <[EMAIL PROTECTED]> wrote:
> On Thu, 5 Dec 2002, Ronan Lucio wrote:
>
> > spamc works with spamd, that is a daemonized version of
> > SpamAssassin.
> >
> > It should give a better performance to your server.
>
> Yes.. I know the same.
>
On Thu, 5 Dec 2002, Ronan Lucio wrote:
> spamc works with spamd, that is a daemonized version of
> SpamAssassin.
>
> It should give a better performance to your server.
Yes.. I know the same.
But is not necesary to have spamassassin daemon running if in procmailrc
have "| spamassassim"... becau
Hello!
I have found the fix in the TRACKER_ID Rule in spamassassin 2.50.
With this pattern match the Mail is delivered without problems.
mfg
Rene
Am Don, 2002-12-05 um 12.38 schrieb Rene Schumann:
> Hello!
>
> I have a Mail wich is base64 coded and has about 15000 chars in one
> line.
> I foun
I have the following in my .spamassassin/user_prefs file, in
anticipation that lookups will be performed against the spamcop and ordb
RBL database. However, in the spam that SA is identifying (I get
plenty), I'm not seeing any tests applied for either of these lists.
Have I specified the right opt
spamc works with spamd, that is a daemonized version of
SpamAssassin.
It should give a better performance to your server.
[]'s
Ronan
On Thu, 5 Dec 2002 12:10:30 -0300 (CLST)
"Jose M.Herrera" <[EMAIL PROTECTED]> wrote:
> On Wed, 4 Dec 2002, Alan Lehman wrote:
>
> > For the occasional false posi
Hi.
(firs, sorry form my english)
I use spamassassin since 2 month and all ok, but I have a problem with
some mails.
Mail who are SPAM (***SPAM***) are codified with base64. some mail that
they have HTML, pictures, etc, are decodified of a strange form that I
cannot read nothing of the mail.
On Wed, 4 Dec 2002, Alan Lehman wrote:
> For the occasional false positives, I would like to have an automated method to
>"clean" the SA tags.
> My thought was to create a mailbox with a procmail recipe to clean the email and
>return it to the sender. It might look
> something like:
>
> :0 fw
In Exim4 I use
# When not to scan a message condition
# originating locally
# already marked with RBL warning
# size > 50K
exiscan_spamd_condition = ${if or {\
{ eq {${substr_0_6:$sender_host_address}} {137.50} } \
{ eq {${substr_0_7:$sender_host_address}} {1
Hello!
I have a Mail wich is base64 coded and has about 15000 chars in one
line.
I found some info that base64 coded lines should not be longer than 76
chars so i dont have a Problem to bounce this mail.
But it looks like spamassassin cant handle this exception.
If i pipe this Mail into spamc it d
> maybe it's better to this, instead of the last {match}
>
> {!eq {${mask:${sender_host_address}/24}} {10.1.2.0/24}}
>
> This is much more readable, and maintainable, if you have a bigger
> network, that's not class-based :)
Hello!
I have tried this construkt a few days before, but evertime i
Owen Creger wrote:
I have seen this going around several times without a resolution, on
spamassassin and exim mailing lists
By using a regular expression (regex) in a condition statement, I was able
to control the spamassassin router and director by IP address.
I'm running Exim 3.2X, however this
Hi,
I installed the current spamassassin & razor packages from source last
night. I haven't started configuring it yet, as I assume that it
works just fine out of the box.
Trying to run spamassassin -D --lint succeeded for the very first time,
but any further attempt to run either the lint check o
Ok, here it is. And please, be gentle!
1. SA 2.50 drops the SpamPhrases frequency table, which seems from
limited playing on my part to comprise something like 10% of the
detection in favor of Bayes. It's stated that Bayes does it better.
2. And I have faith that will be true, given the kind of t
I have seen this going around several times without a resolution, on
spamassassin and exim mailing lists
By using a regular expression (regex) in a condition statement, I was able
to control the spamassassin router and director by IP address.
I'm running Exim 3.2X, however this technique would mos
63 matches
Mail list logo
