Rosenbaum, Larry M. wrote:
>SpamAssassin v3.0.2, Perl 5.8.5 on Solaris 9
>SunOS spam2 5.9 Generic_118558-02 sun4u sparc SUNW,Ultra-4
>
>We recently installed SpamAssassin 3.0.2 on a Solaris 9 system. We are
>starting spamd from /etc/rc2.d so that it starts up AFTER the syslog
>daemon starts, usin
SpamAssassin v3.0.2, Perl 5.8.5 on Solaris 9
SunOS spam2 5.9 Generic_118558-02 sun4u sparc SUNW,Ultra-4
We recently installed SpamAssassin 3.0.2 on a Solaris 9 system. We are
starting spamd from /etc/rc2.d so that it starts up AFTER the syslog
daemon starts, using the following switches (among ot
Just a little more info - one of my favorite spammers
taiwanmedialtd.com-munged
New trick for them (i.e. the redirector).
The registration address is false, and likely the rest is too.
They like to use joker to register, and Joker has already caught on to a few,
o
Rose, Bobby wrote:
Wouldn't this just be something that SURBL should take care of? If this
URL is the source of spam then it should be in SURBL regardless if it's
in the zdnet.com domain. Right!?
-Original Message-
From: Rosenbaum, Larry M. [mailto:[EMAIL PROTECTED]
Sent: Monday, March 2
Marcelo Maraboli wrote:
> Hello
>
> I have Sendmail 8.12.11 + MimeDefang -2.40 running the
> perl version of SpamAssassin 2.63 and my CPU is at 98%,
> so I want to change to Spamd/Spamc, but I cannot find
> the exact install procedure...
>
> Is Spamd supported by MimeDefang ?? should I use
> mil
Greetings Mike:
We've seen this happen when spamd dies or otherwise gets overloaded.
You may want to look at the "max children" option; you may have no value
(and therefore want to try it; we use 10 on busy mail servers and that
appears to work ok) or a high value (for which you may want to lower
Wouldn't this just be something that SURBL should take care of? If this
URL is the source of spam then it should be in SURBL regardless if it's
in the zdnet.com domain. Right!?
-Original Message-
From: Rosenbaum, Larry M. [mailto:[EMAIL PROTECTED]
Sent: Monday, March 21, 2005 10:35 AM
T
Every so often I get spampd complaining about a time-out while SA is
trying to interact with one of my eval functions. I've watched the logs,
and what basically happens is that the plug-in *sometimes* goes to sleep
when one the (current) first eval rule in a batch is activated. It seems
to hit a c
IMHO, 3.x is by far the best and most efficient release to date.
Just follow the doc. It's very easy.
- Original Message -
From: "Joe Polk" <[EMAIL PROTECTED]>
To: "Raymond Dijkxhoorn" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, March 21, 2005 11:35 AM
Subject: Re: Porn Spam
| Any ca
Hi!
Any caveats to upgrading to 3.x? Any configs I need to check for overwrite?
You should follow the docs, there is much mentioned there. Like upgrading
your bayes databases. If you use those...
You dont happen to have the SURBL plugin installed i guess?
Would be wise to upgrade to SA 3.x or ins
Any caveats to upgrading to 3.x? Any configs I need to check for overwrite?
--
<>
-- Original Message ---
From: Raymond Dijkxhoorn <[EMAIL PROTECTED]>
To: Joe Polk <[EMAIL PROTECTED]>
Cc: users@spamassassin.apache.org
Sent: Mon, 21 Mar 2005 19:41:28 +0100 (CET)
Subject: Re: Porn
Hi!
He's on 2.64 currently.
You don't say what version of SA you are referring to. The best
thing is to upgrade to latest SA which does a terrific job using
several URL black lists. This is a new feature in SA that looks for
URLs in spam. This will likely stop your problem without having to
write
>-Original Message-
>From: Jeff Chan [mailto:[EMAIL PROTECTED]
>Sent: Friday, March 18, 2005 2:21 AM
>To: users@spamassassin.apache.org
>Subject: Re: OT: SURBL usage for content-filters like SquidGuard?
>
>
>On Thursday, March 17, 2005, 7:13:32 PM, Jason Haar wrote:
>> I was wondering if
>...
>From: Duncan Hill <[EMAIL PROTECTED]>
>To: users@spamassassin.apache.org
>Subject: Re: ZDNET redirecting to spammer websites?
>Date: Mon, 21 Mar 2005 16:10:46 +
>...
>
>On Monday 21 March 2005 15:34, Rosenbaum, Larry M. typed:
>> We received a drug spam containing the following URL:
>>
>>
Marcelo Maraboli wrote:
> Is Spamd supported by MimeDefang ??
No - MimeDefang is written in perl, so it just use's SpamAssassin in the Perl
sense.
As an aside, it would be nice to have a SpamAssassin::Client perl module so
that each MIMEDefang thread didn't have to carry around it's own SpamAss
If you right click on that link you will see the real URL which is..
http://chkpt.zdnet.com/chkpt/supposedtoallow/fdl.viags.com/p/b/kmioa
"fdl.viags.com"
The stuff in front is just to hide the real url and to re-direct your effort.
So I would not give zdnet too hard of a time, else they my have
Woops, I stepped into that one big time.
Sorry you are right.
Some things are not as simple as they look. ;-)
> What on earth are you talking about?! It is an open redirect! I'd love for
> them to have a few choice words for me. Here try this:
>
> http://chkpt.zdnet.com/chkpt/blahblahwhatever
He's on 2.64 currently.
--
<>
-- Original Message ---
From: [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Mon, 21 Mar 2005 10:49:36 -0500 (EST)
Subject: Re: Porn Spam
> You don't say what version of SA you are referring to. The best
> thing is to upgrade to latest S
What on earth are you talking about?! It is an open redirect! I'd love for
them to have a few choice words for me. Here try this:
http://chkpt.zdnet.com/chkpt/blahblahwhateveryouwant/www.slashdot.org
How is that link NOT ZDnet's fault for being abused?
--Chris
>-Original Message-
>From
Let's try this again... My first response got lost in the ether.
If you right click on that link you will see the real URL which is..
http://chkpt.zdnet.com/chkpt/supposedtoallow/fdl.viags.com/p/b/kmioa
"fdl.viags.com"
The stuff in front is just to hide the real url and to re-direct your effor
I am running a global SpamAssassin 3.0.2 (spamd and spamc) via procmail
on a Solaris box (spamd and spamc running on the same server). During
periods of high load, I get the following messages in the syslog.
spamc[416]: [ID 702911 mail.error] connect(AF_INET) to spamd at
127.0.0.1 failed, retryin
Chris Santerre said:
>It makes more sense to email him direct. Too bad I can't find his email
Good point. But, I know that Dvorak DOES aggressively monitor posts to his
blog and these posts probably are more noticeable to him than items in his
regular e-mail. Therefore, please reconsider posting a
It makes more sense to email him direct. Too bad I can't find he email
anywhere! I guess its time to start telling the media about this open
redirect. Oh well, we gave them fair amount of time.
--Chris
>-Original Message-
>From: Rob McEwen [mailto:[EMAIL PROTECTED]
>Sent: Monday, March
Vicki Brown wrote:
>At 10:45 -0800 03/20/2005, Jeff Chan wrote:
>
>
>>The trust path needs to be set correctly for things to
>>work properly.
>>
>>
>
>If the "trust path" is not "set correctly" by default, then the rule should
>not be enabled by default. That's just wrong.
>
Vicki, the prob
Hello
I have Sendmail 8.12.11 + MimeDefang -2.40 running the
perl version of SpamAssassin 2.63 and my CPU is at 98%,
so I want to change to Spamd/Spamc, but I cannot find
the exact install procedure...
Is Spamd supported by MimeDefang ?? should I use
milter-spamc/0.25 (beta) instead ??
atte,
--
M
On Monday 21 March 2005 15:34, Rosenbaum, Larry M. typed:
> We received a drug spam containing the following URL:
>
> http://chkpt.zdnet.com/chkpt/supposedtoallow/fdl%2ev%69%61%67%73.co%6d/p/b/
>kmioa
>
> This URL will actually take you to fdl.viags.com (which then goes to
> www.simply-rx.net). As
(I've sent this to both SA & SURBL)
There has been much fuss about ZDNet being slow or unresponsive about fixing
open redirects.
I have a suggestion.
Someone ought to post a message on John Dvorak's blog. I did a search to
find the most recent post on his blog relating to spam to find the best
p
On Mon, 21 Mar 2005 12:05:18 +0100 (CET), Menno van Bennekom wrote
> I once had a situation where both the primary and the secondary were
> down, but still mail to us didn't bounce, old mails just started
> streaming in when the servers came up.
Yes, the remote MTAs will queue them. The exact a
You don't say what version of SA you are referring to. The best thing is
to upgrade to latest SA which does a terrific job using several URL black
lists. This is a new feature in SA that looks for URLs in spam. This will
likely stop your problem without having to write special rules.
> I have a
> 20_head_tests.cf:
>
> header EXPO_SUCKERS Subject =~ /\b\[expoforum_kg\]\b/i
> describe EXPO_SUCKERS Subject: contains [expoforum_kg]
>
> spamassassin --lint -D doesn't show any errors.
> Anything else to check?
>
> Thank you for your time.
The \b assertion looks for a boundary between a word
We received a drug spam containing the following URL:
http://chkpt.zdnet.com/chkpt/supposedtoallow/fdl%2ev%69%61%67%73.co%6d/p/b/kmioa
This URL will actually take you to fdl.viags.com (which then goes to
www.simply-rx.net). As far as I know, the SA SURBL check will check
zdnet.com, not the spamm
Jon,
Can you post the rule for this? I would like to see an example.
TIA,
- Original Message -
From: "Jon McGreevy" <[EMAIL PROTECTED]>
To: "'Joe Polk'" <[EMAIL PROTECTED]>;
Sent: Monday, March 21, 2005 7:55 AM
Subject: RE: Porn Spam
| I made a few custom rules for SA
|
| I did
On Monday, March 21, 2005, 6:40:54 AM, Joe Polk wrote:
> I have a friend who has seen a rediculous amount of porn spam lately. He is
> setup with SA+clamav-milter+clamd. We have a few rules in place but nothing
> seems to put a dent in the porn spam. I know someone mentioned a new rule
> coming out
I made a few custom rules for SA
I did a rawbody test for /jpg/i
Also another rawbody for /gif/i
And then gave these two point values just above the value of spam like I
have mine set at 8 and gave each of these a 30. The emails that I have been
getting in were just a weblink and some text. My
I have a friend who has seen a rediculous amount of porn spam lately. He is
setup with SA+clamav-milter+clamd. We have a few rules in place but nothing
seems to put a dent in the porn spam. I know someone mentioned a new rule
coming out to target porn. Is it ready? Anyone have any advise? Is there
Not only sendmail, you can plug Milter filters into Perl programs using
Net::Milter from CPAN.
I've not tried plumbing it in yet, but it should certainly be possible.
Martin
-Original Message-
From: Alexander Bochmann [mailto:[EMAIL PROTECTED]
Sent: 18 March 2005 18:51
To: users@spamas
> -Original Message-
> From: Niek [mailto:[EMAIL PROTECTED]
> Sent: maandag 21 maart 2005 12:14
> To: users@spamassassin.apache.org
> Subject: Re: Spammers Target Secondary MX hosts?
>
>
> It's generally better to use the term distance when it comes
> to MX RRs. I'm aware the rfc's spe
On 3/21/2005 12:05 PM +0100, Menno van Bennekom wrote:
AFAIK mailservers first try the highest prio, then the second highest
etcetera.
It's generally better to use the term distance when it comes to MX RRs.
I'm aware the rfc's speak of priority, but a higher priority MX, has a lower
number,
and vi
On Monday 21 March 2005 11:05, Menno van Bennekom typed:
> > Clever trick. Do legitimate MTAs try to send to the second
> > highest MXer if the primary is down? If so a fake third MX
> > (even to a completely unused IP?) may have little downside.
> >
> > I.e.
> >
> > @ IN MX 5 realprimary.doma
> Clever trick. Do legitimate MTAs try to send to the second
> highest MXer if the primary is down? If so a fake third MX
> (even to a completely unused IP?) may have little downside.
>
> I.e.
>
> @ IN MX 5 realprimary.domain.com
> @ IN MX 10 realbackup.domain.com
> @ IN MX 20 fakebackup.d
On Monday, March 21, 2005, 2:21:48 AM, Menno Bennekom wrote:
>> From: jdow
>> Wow, it's been awhile since this floated through the list the last time.
>>
>> The theory among the spammers is that the secondary and tertirary
>> MX machines are less well protected. "They're backups, afterall.
>> They'
> From: jdow
> Wow, it's been awhile since this floated through the list the last time.
>
> The theory among the spammers is that the secondary and tertirary
> MX machines are less well protected. "They're backups, afterall.
> They're not used every day."
>
> Most canny anti-spammers are aware of t
Vicki
the 'solution' is to set the trusted_networks and/or internal_networks
options properly. See
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#network_test_options
for more details.
This really needs to be documented is big flashing lights, pref will
somethin
> But this is a daemon that notices changes in user prefs files in real time
so
> the performance issue is spurious. It's _already_ taking a performances
hit
> _every single time_ for every single user.
No. For several reasons.
1) Usually user rules are disallowed. So all SA has to do is open
Eric A. Hall wrote:
> I'm storing the session variables (such as login status) as part of $self,
> and storing message variables with $permsgstatus. But where do I put the
> logout/disconnect code? DESTROY seems to get called after every message
> ("seems to" but I'm fairly blurry at this point),
On Sun, Mar 20, 2005 at 07:06:10PM -0800, Vicki Brown wrote:
> What's one more on rare occasions, really?
Exactly, "rare occasions". Just send a SIGHUP.
> I'm sorry. I don't buy the arguments. I will remain unconvinced.
Ditto. :)
--
Randomly Generated Tagline:
"It was nice of you to let me re
At 13:55 -0500 03/20/2005, Theo Van Dinter wrote:
>Well, that's not sendmail rereading the config. "newaliases" generates
>a new DBM/hash file from a flat text file. Sendmail then realizes the
>file (that it has open) has changed and reopens the new file for access.
>The DB is a lookup table, not
At 19:07 -0500 03/20/2005, David Brodbeck wrote:
>I actually have the opposite opinion -- because the trust path guessing
>fails in a fair number of cases, I think it might be better to just have
>SpamAssassin refuse to run if people don't set it.
That's not an opposite opinion. That's precisely
At 13:55 -0500 03/20/2005, Theo Van Dinter wrote:
>> I simply do not believe there can be a "substantial hit" if spamd re-reads
>> the config file
>
>Besides the fact there are tens of config files that would have to be
>watched (
It's _already_ watching and __reading__ "tens of config files".
m
Vicki Brown wrote:
At 17:40 -0800 03/19/2005, jdow wrote:
There is a substantial hit, Vicki, on the order of a factor of two on
my machines.
We are talking about Only when the Config File has Changed_. OK, so you get a
factor of two, what, once a week?
Sendmail does this (you run newaliases or "ma
On Sun, Mar 20, 2005 at 03:27:48PM -0500, Eric A. Hall wrote:
>
> I'm trying to figure out any issues regarding config data and my
> ldapBlacklist plug-in, and this is a mystery to me.
>
> Why purpose does init.pre serve excactly if local.cf and user_prefs can
> load the same plug-in modules?
in
Vicki Brown wrote:
At 10:45 -0800 03/20/2005, Jeff Chan wrote:
The trust path needs to be set correctly for things to
work properly.
If the "trust path" is not "set correctly" by default, then the rule should
not be enabled by default. That's just wrong.
A lot of stuff depends on it.
I actually ha
crisppy fernandes wrote:
Dev community,
This is to know from developers community is spamassassin wrked for
anyone just after upgrade or install.
It worked for me, but I had a very simple 2.x install. No Bayes or
anything. I think I had to update Net::DNS and a couple other Perl
modules, but I
53 matches
Mail list logo
