confusing the fact that a lot of MTAs insert their own
Message-IDs if one isn't already present.
Most Spammers don't use Message-IDs, and so you end up with your own MTA
shoving one in (with it's own hostname/etc) as it goes through it.
Qmail is the exception: it doesn't a
time - just the odd
one (well, if one per 20 emails is 'odd') causes this error. *However* -
it causes SA to crash - i.e. the message isn't tagged correctly. Doesn't
this imply some error checking is needed in that area?
--
Cheers
Jason Haar
Information Security Manager, Trim
king?
This is under RH8.
Any ideas?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
---
This SF.net email
you know. And depending on the vendor, SourceForge
could find themselves requiring a 100,000+ user license... whoops, make that
100,010,... 100,020...
Of course - I never saw any of these so-called viruses - our AV system
catches such beasties. [if I never saw them, then do they even exist?...]
--
Chee
hes if the
returned IP address is 127.1.0.2 - which is the one assosiated with DUL?
[man, could I use any more acronyms? (AKA: MCIUAMA?)]
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6
box :-)
Make up a "raw.domainname" subdomain: that way, if a 2nd+ person needs to be
excluded as well, you can just move them to the subdomain too.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
P
ff ;-)"
There: that puts the onus back on the site administrator - rather than the
end user OR SpamAssassin.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6
told to run softlimit in
the first place.
This is totally documented in Qmail-Scanner: please spend some time and
reconfigure so that softlimit is "enough" for your environment - instead of
just setting a wildly high value.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigat
er AND
Bayes details in SQL.
Of course, you'll have to build in timeout code to handle SQL outages/etc,
and convert all the other proggies (e.g sa-learn) over too - but that does
seem doable...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377
I brought up this issue a couple of weeks ago WRT Qmail. Same problem I'd
say...
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-
;s Internet Mail Connector to be configure to send HTML-only mail.
It can and *IS* been done.
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C06
uot;spammy" it looks before sending to our
customers :-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
---
T
cial
Email", both get hit, and that's something they must understand.
Our SA documentation further tells users to filter off their SCE before
applying a SA rule - gets rid of 100% of the problem as the users know who
is sending them SCE.
--
Cheers
Jason Haar
Information Security Manager, T
o be more obviously configurable?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
___
Don'
runs qmail-scanner, and it could just
directly access the file on disk.
..Still need the network support though - I for one actually use it to allow
a REALLY old Redhat 5.0 mail server to run SA via a spamd on a newer server
:-)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation
e back about that not being a good idea until
the positive checks were done before the negative. Has that happened? If so,
would that actually save any time as the entire message would have to be
checked for positive tags anyway?
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigat
;d suggest the opposite is better: have the real MTA relay it to
spamproxyd. If you do it your way, you've just lost all anti-relaying
protection...
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377
then
echo "Something like the SpamAssassin spamc is present, but not
working - ignoring..."
SPAMC_BINARY=''
...
So it ran "spamc < ./contrib/spamc-nice.eml" (which is not spam) and the
output from spamc didn't contain 'X-Spam-Status: No&#
t a nameserver, then there's going to be (could be) all
these extra DNS lookups going on just to resolve 127.0.0.1...
Just a thought.
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
e next release of Qmail-Scanner (which includes SpamAssassin
support) will only run SA over mail when RELAYCLIENT is unset - i.e. the
mail wasn't locally generated. That remove 90% of the false positives SA was
generating due to poorly written local M$ mail programs...
--
Cheers
Jason Haar
lity... (i.e. "what? You need to run a SMTP client??, that makes
you a business customer... cha-CHING!)
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
___
Spamassassin-talk maili
;s problem as to when SA should be invoked and when it
shouldn't be.
However, the whole issue of false-positives on known to be locally generated
mail can really only be dealt with by the MTA (Qmail-Scanner in this case),
so I am looking at that now as the real solution.
--
Cheers
Jason
xchange Site Connector message
header EXCHANGE_SITE_CONNECTOR From =~ /\/cn=Configuration\/cn=Servers\//
I can't say I've ever seen spam from that type of address, so could we add
that as a permanent rule?
Thanks
--
Cheers
Jason Haar
Information Security Manager
Trimble Naviga
g: is spam? score=2.9 required=5
server started on port 783
server pid: 28119
logmsg: server started on port 783
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
___
Spamassassin-ta
-L -x \
> > -u spamc > /var/log/spamd.log 2>&1
As you can see - no "-a" option.
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
___
Spamassassin-talk mailing l
ftlimit -a 1000 /usr/bin/spamd -F 1 -L -x \
-u spamc > /var/log/spamd.log 2>&1
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
___
Spamassassin-talk mailing list
[EMAIL
ng/e/i1/i71.htm
Probably should be added to RATWARE at least?
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
--- Begin Message ---
´ó¼ÒËùÊìϤµÄ׬ǮÍøÕ¾½ö½öÄÜÃÖ²¹ÄúµÄÉÏÍø·ÑÓ㬶øÎÒÃǽéÉܵÄÕâÒ»ÍøÕ¾ÊÇʹ²Æ¸»Æ½Ãñ»¯µÄ
׬ǮÍøÕ¾£¬Ë
em-wide - i.e. that only works if you're calling SA
after local delivery (where Return-Path headers are usually added).
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
pam may be inappropriate.
This is 100% always indicative of a M$ Outlook user.
H, second thoughts, classify it as spam ;-)
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
___
disables user config files,
disables generation of a leading "From " header [that will break mail
otherwise!], and only does local tests (as I believe RBL/etc tests are
better done by the MTA).
Works, works, works.
--
Cheers
Jason Haar
Information Security Manager
Tri
n't use that
> config, and am liable to misdocument things), want to knock something up
> and forward a patch?
OK, it should go into http://spamassassin.org/sitewide.html
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9
:-), then "spamd -F 1" is your friend?
People aren't doing this, and are then wondering why all their mail is
corrupted.
This isn't a bug - but it is catching a few sites...
[it didn't catch me - honest!! :-)]
Thanks
--
Cheers
Jason Haar
Information Security Manager
T
On Tue, Feb 05, 2002 at 09:33:00AM +1300, Jason Haar wrote:
> How about "body MIME_EXPLANATION"?
With language issues rearing it's ugly head (or beautiful ;-), we could do
the job "properly" - but I don't know if SA is up to it.
You could record the boundary str
e name could be made more generic, as this isn't just
an Exchange issue.
How about "body MIME_EXPLANATION"?
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
___
Spamass
r see that area these days...
[hmm, great way of sneaking stuff out... ;-)]
--
Cheers
Jason Haar
Information Security Manager
Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
___
Spamassassin-talk mailing list
[EMAIL P
entiment about virus scanners vs spam. In
Qmail-Scanner, the SpamAssassin support merely tags the messages as spam -
it doesn't quarantine them like it does for viruses. Still too many false
alerts I'm afraid - a lot of my Email from root cronjobs gets caught! ;-)
--
Cheers
Jason Haar
Informat
d over a network, this could really reduce the load...
What I'm looking at doing is moving Qmail-Scanner to a points-based system
(like SpamAssassin and others), and to be able to incorporate SpamAssassin's
"hits" with other filters decisions.
Comments? Stupid idea? :-)
--
Cheers
37 matches
Mail list logo
