From: "Justin Mason" <[EMAIL PROTECTED]>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> Loren Wilton writes:
> > > from maillog
> > > Deep recursion on subroutine
"Mail::SpamAssassin::Message::Node::finish"
> > > at
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm
> >
From: "Ronnie Tartar" <[EMAIL PROTECTED]>
> We run a descent sized datacenter. The problem I have is that someone
sent
> out a spam with our abuse email address as the reply to.
>
> I have added an spf record to the dns now to try and reduce the forged
> headers problem. Any other suggestions wo
Ronnie Tartar wrote:
> We run a descent sized datacenter. The problem I have is that someone
> sent out a spam with our abuse email address as the reply to.
>
> I have added an spf record to the dns now to try and reduce the forged
> headers problem. Any other suggestions would be helpful.
>
> T
We run a descent sized datacenter. The problem I have is that someone sent
out a spam with our abuse email address as the reply to.
I have added an spf record to the dns now to try and reduce the forged
headers problem. Any other suggestions would be helpful.
Thanks in advance.
Matt Yackley wrote:
> Robert Swan said:
>> IMAP does not support the public folders only
>> mailbox folders. snip
>
> I've been pulling messages out of Exchange public folders via IMAP
> for awhile now. I've done it with Exchange 5.5, 2K and 2K3, sometimes
> the path can give you headaches, but i
Robert Swan said:
> I do this on our servers here, I use fetchmail with IMAP. I have setup
> the public folder for everyone to dump into but then have to pull the
> SPAM into a local folder in my inbox to feed it to fetchmail, because
> IMAP does not support the public folders only mailbox folders.
I've been running SA on Debian stable for a few years now without any
real issues, upgrading SA and related items as needed from time to time
origionally through debian, later from source, and last night (in a vain
attempt to fix the problem I'm about to describe) through backports.org.
A few d
He may not have posted the received headers for some ineffable
reason.Plus, if the actual email did not originally hit ALL_TRUSTED,
then the original score would have been 4.152 + 2.4 (ALL_TRUSTED score)
= 6.552 which should have stopped the email unless his kill level is set
higher than
If you don't plan on using AWL, you shouldn't have any difficulty with the
debian 3.0.2 package.
The only memory problems I experienced with SA, Amavis, and Postfix were
related to large AWL files.
Because I use AWL (or ASS as the case may be), I've updated my servers to
3.0.3.
RO
- Origi
Greetings SA admins,
I'm planning to deploy SA in a couple of weeks, I've been testing SA
3.02 (Debian distro) during the last weeks and it works very well but
I'm a bit concerned about the the memory leaks reported here.
My question is, should I wait till SA 3.1 is released or just install
3.0.3
[EMAIL PROTECTED] wrote:
>>>We went from 2k emails a day (1900
>>>spam) to 4K with the latest worm, and SA doesn't appear to be able to help
>>>at all. Sigh.
>>>
>>>Dan
>>>
>>>
>>>
>
>Hi, get a few birds in the garden to take care of the rainworms :)
>
>Probably my setup is unusual, but SA w
I do this on our servers here, I use
fetchmail with IMAP. I have setup the public folder for everyone to dump into
but then have to pull the SPAM into a local folder in my inbox to feed it to
fetchmail, because IMAP does not support the public folders only mailbox
folders. I setup a folder
Johnson, S wrote:
I’ve created a public folder on exchange for the purpose of putting in
spam that SA missed. I’m attempting to use fetchmail to grab the
messages.
Has anyone else done this before? I found a few posts on the internet
but nothing too descript.
Did you try the wiki? http://wiki.
I’ve created a public folder on exchange for the
purpose of putting in spam that SA missed. I’m attempting to use
fetchmail to grab the messages.
Has anyone else done this before? I found a few posts on
the internet but nothing too descript.
Do I need to dump these messages into
Theo Van Dinter wrote:
It's not really misfiring here. In the sample message, there are no Received
headers, so the message looks as if it was sent from local to the machine.
He may not have posted the received headers for some ineffable
reason.Plus, if the actual email did not originally
Justin Mason wrote:
[...]
on 3.1.0 or 3.0.2?
3.0.2
[...]
Are you limiting the size of messages being passed to spamd? Scanning
The limit is 200k.
as far as I know, there is not a remotely-exploitable bug here. Obviously
these would be more serious and we encourage those to be reported on the
bugz
Couldn't we just write a rule that adds points when it see's the "unknown"
in the MX, I also use postfix, so postfix specific..
Received: from predialnet.com.br (unknown
[200.218.176.14])
Robert
Peace he would say instead of goodbyepeace my brother.
Most of my spam that's getting through at this point is stuff that has a URI
with multiple carriage returns in it like this:
I know this trick has been discussed. I looked for a bug report, and couldn't
find one on this particular thing. I did find a thread in the archives about
this, and a
>...
>Date: Thu, 05 May 2005 09:14:28 -0700
>From: Jonathan Nichols <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>Organization: pbp.net
>User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: users@spamassassin.apache.org
>Subject: hills
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Patrick von der Hagen writes:
> Dennis Davis wrote:
> [...]
> > Some on this list recommended reducing --max-conn-per-child from the
> > default of 200 to reduce possible memory leakage in earlier versions
> > of SpamAssassin. I doubt that this is a
On Thu, May 05, 2005 at 05:20:53PM +0100, Martin Hepworth wrote:
> the ALL_TRUSTED rule is misfiring. Read the documentation on setting
> ythe trusted_networks etc and configure this for you setup and that will
> help the problem
It's not really misfiring here. In the sample message, there are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Loren Wilton writes:
> > from maillog
> > Deep recursion on subroutine "Mail::SpamAssassin::Message::Node::finish"
> > at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm
> > line 659
>
> As far as I know (which may be wrong) th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] writes:
> I know from watching that 3.1 might be a ways off, and am wondering if
> based on anyone's experience whether running an interim build is a good
> idea or not? I understand the risks of doing this in general, just
> won
>> We went from 2k emails a day (1900
>> spam) to 4K with the latest worm, and SA doesn't appear to be able to help
>> at all. Sigh.
>>
>> Dan
>>
Hi, get a few birds in the garden to take care of the rainworms :)
Probably my setup is unusual, but SA would not even see infected mail, because
th
Dan Barker wrote:
I guess rnaiewno.com is the HELO or some such, because it sure isn't a name
from 66.0! I guess I'm just screwed. We went from 2k emails a day (1900
spam) to 4K with the latest worm, and SA doesn't appear to be able to help
at all. Sigh.
Dan
Dan, I have to agree with Matt her
>...
>Date: Thu, 05 May 2005 11:27:59 -0400
>From: Matt Kettler <[EMAIL PROTECTED]>
>User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: Dan Barker <[EMAIL PROTECTED]>
>Cc: users@spamassassin.apache.org
>Subject: Re: PTR Rules
>...
>
>Dan B
Matt Kettler wrote:
At 05:00 PM 5/4/2005, jdow wrote:
Accurate or not AWBL for Automatic White/Black List might be obscure
enough to inspire a minimal level of reading.
Along those lines, we could name it RTFM :)
The Real-Time "From:" Monitor?
--
Kelson Vibber
SpeedGate Communications
Jonathan
the ALL_TRUSTED rule is misfiring. Read the documentation on setting
ythe trusted_networks etc and configure this for you setup and that will
help the problem
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Jonathan Nichols wrote:
Ugh. I'm getting
Ugh. I'm getting stuff from these jerks slipping through left & right..
anyone else seeing this stuff? :|
It's hitting the sbl rules, but still only scoring 4.152..
From: ChristianMortgageUSA.com <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Let our experts help you save on your home
Date: T
On Thu, May 05, 2005 at 12:10:32AM -0700, Jeff Chan wrote:
> > If you'll notice, the content type is shown as ";text/plain;". It seems
> > that
> > the semicolons are causing Spamassassin not to parse the mail properly. If
> > I
[...]
> SA devs, should this get a bugzilla?
Already do:
http:
It looks to me like your rule says if it's got a "([", it's got
no PTR and if it's got a "{[" it has one. That could
be useful, except my mailer doesn't do such things.
Bad Header:
Received: from rnaiewno.com [66.0.118.65] by visioncomm.net
(SMTPD32-8.15) id A940495001E; Thu, 05 May 2005 11:18:
Carlo Wood wrote:
>On Wed, May 04, 2005 at 01:03:18PM -0400, Matt Kettler wrote:
>
>
>>>In -well- every mail. That is not too weird, since
>>>this is my domain! Why does rate 'alinoe.com' and 'com'
>>>and 'carlo' as spammy tokens? Is that normal?
>>>
>>>
>>>
>>No, it's not normal.
>>
>>
Dan Barker wrote:
>I can't find any doc on PTR rules. Specifically, I'd like to make my
>SpamAssassin 3.0.1 score if there is no PTR record for the first "foreign"
>IP in the "Received by" chain.
>
>This can't be difficult, but I've scanned the doc to the best of my ability
>(my best may not be pa
From: Jeff Chan
To: SURBL Discus
Date: Thursday, May 5, 2005, 12:39:58 AM
Subject: [SURBL-Discuss] Brief problem with ab.surbl.org
FWIW there was a brief error where .com got into ab.surbl.org and
that caused it to hit all .com domains. This problem lasted an
hour or two today and happened betwe
yes - should be fixed as while ago, just needing the DNS change to
propogate. Someone added .com to the list!
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Bryan Haase wrote:
Anyone seeing problems with SURBL "AB"? This morning I have had more
false posit
Anyone seeing problems with SURBL "AB"? This morning I have had more false
positives then I have ever seen. Some examples cox-internet, peoplepc, expedia
and my new headache my own domain.
Is the problem with people reporting sober virus
emails as spam? If this is the "top 400" spammer list
I can't find any doc on PTR rules. Specifically, I'd like to make my
SpamAssassin 3.0.1 score if there is no PTR record for the first "foreign"
IP in the "Received by" chain.
This can't be difficult, but I've scanned the doc to the best of my ability
(my best may not be particularly good) and come
At 05:41 PM 5/4/2005, Randy Gibson wrote:
I just upgraded my spamassassin from v3.0.1 to v3.0.3 and know my
"user_prefs" don't appear to
being read. I have a couple of test rules I use to verify if the local.cf
or user_prefs are be
read and local.cf works but user_prefs don't.
I'm using spamassass
At 05:00 PM 5/4/2005, jdow wrote:
Accurate or not AWBL for Automatic White/Black List might be obscure
enough to inspire a minimal level of reading.
Along those lines, we could name it RTFM :)
Hello All,
Justin: SpamAssassin 3.1.0 is a lot better at effective RAM usage than 3.0.0
... This is because it (a) runs with a
smaller number of active children ... keeps one or two servers very busy, using the
others for "overflow"
We process 60K messages a day and use most of our 10 spamd proc
> from maillog
> Deep recursion on subroutine "Mail::SpamAssassin::Message::Node::finish"
> at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm
> line 659
As far as I know (which may be wrong) the deep recursion thing isn't related
to either bayes or awl expiry. I seem to re
I believe someone noticed this yesterday and submitted a bug against it.
That still leaves the problem of existing systems that are open to this
attack. Probably a quick rule to check for that header and add 10 points or
so would be a good idea.
Loren
- Original Message -
From:
> tests=BAYES_00,DATE_IN_FUTURE_96_XX,
Bayes says it is absolutely dead sure ham, not spam.
Broken bayes database, it sounds like.
Loren
> I just upgraded my spamassassin from v3.0.1 to v3.0.3 and know my
> "user_prefs" don't appear to
> being read. I have a couple of test rules I use to verify if the local.cf
> or user_prefs are be
> read and local.cf works but user_prefs don't.
After checking any upgrade info to make sure you ha
Dennis Davis wrote:
[...]
Some on this list recommended reducing --max-conn-per-child from the
default of 200 to reduce possible memory leakage in earlier versions
of SpamAssassin. I doubt that this is a problem now, but it might
be worth trying as a precautionary measure.
I am absulotely CERTAIN
On Wed, 4 May 2005, Justin Mason wrote:
> From: Justin Mason <[EMAIL PROTECTED]>
> To: jdow <[EMAIL PROTECTED]>
> Cc: users@spamassassin.apache.org
> Date: Wed, 04 May 2005 15:53:13 -0700
> Subject: Re: memory-usage going BOOM
>
> jdow writes:
> > From: <[EMAIL PROTECTED]>
> >
> > > BTDT, bough
On Wed, May 04, 2005 at 07:05:17PM +0200, Patrick von der Hagen wrote:
> Hi all,
>
> I've been using SpamAssassin 3.0.2 for quite some time (about three
> month) on my mailservers and so far I didn't notice any problems. Load
> and message-throughput have been quite constant.
>
> However, yesterd
On Thursday, May 5, 2005, 12:10:32 AM, Jeff Chan wrote:
> On Wednesday, May 4, 2005, 9:21:11 PM, Craig Baird wrote:
>> Today, I've received a number of spams containing a domain that is listed on
>> almost all the SURBL lists. I've recieved around 10 of these today, and
>> none
>> of them have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
yes, I think this definitely should be on the bugzilla ;)
- --j.
Bikrant Neupane writes:
> On Thursday 05 May 2005 11:52, Justin Mason wrote:
> > Bikrant Neupane writes:
> > > from maillog
> > > Deep recursion on subroutine "Mail::SpamAssassin::Mess
On Wednesday, May 4, 2005, 9:21:11 PM, Craig Baird wrote:
> Today, I've received a number of spams containing a domain that is listed on
> almost all the SURBL lists. I've recieved around 10 of these today, and none
> of them have hit on any of the SURBLs despite the domain being listed. Here
On Wednesday, May 4, 2005, 8:37:45 AM, martin smith wrote:
M>>From: Jeff Chan [mailto:[EMAIL PROTECTED]
M>>A good way to report spams is to use SpamCop. The SpamCop
M>>spamvertised site data goes into sc.surbl.org:
M>>
M>> http://www.surbl.org/lists.html#sc
M>>
> Jeff, does this include the li
On Thursday 05 May 2005 11:52, Justin Mason wrote:
> Bikrant Neupane writes:
> > from maillog
> > Deep recursion on subroutine "Mail::SpamAssassin::Message::Node::finish"
> > at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm
> > line 659
>
> could you try this patch? if it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bikrant Neupane writes:
> from maillog
> Deep recursion on subroutine "Mail::SpamAssassin::Message::Node::finish"
> at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm
> line 659
could you try this patch? if it doesn't work,
On Thursday 05 May 2005 04:38, Justin Mason wrote:
> jdow writes:
> > From: <[EMAIL PROTECTED]>
> >
> > > BTDT, bought the T-shirt. Adding memory will help. Short term solution
> > > can be adding swap space. Another option can be running SA remotely
> > > on another machine (users run spamc -d sa.
>>From [EMAIL PROTECTED] Wed May 4 21:21:27 2005
>...
>Date: Wed, 4 May 2005 22:21:11 -0600
>From: Craig Baird <[EMAIL PROTECTED]>
>To: users@spamassassin.apache.org
>Subject: Content type allowing spammers to evade URIBL
>...
>
>Today, I've received a number of spams containing a domain that is
Today, I've received a number of spams containing a domain that is listed on
almost all the SURBL lists. I've recieved around 10 of these today, and none
of them have hit on any of the SURBLs despite the domain being listed. Here
is the message:
--- Begin Spam ---
Return-Path: <[EMAIL PROT
On 5/4/05, Matt Kettler <[EMAIL PROTECTED]> wrote:
>
> That's great.. I was trying to think up a good scenario for that
> acronym, but couldn't.
Obviously it's the
Automated Spam Sorting Average Scoring System Involving Ninjas
on 5/4/05 7:14 PM, Scott Haneda at [EMAIL PROTECTED] wrote:
> I just posted to mysql mail list and got this back:
> The following message could not be delivered to mysql@lists.mysql.com at
> host
> lists.mysql.com (213.136.52.31) because the message content was rejected.
> 552 newgeo.com in ab.su
on 5/4/05 7:14 PM, Scott Haneda at [EMAIL PROTECTED] wrote:
> So this seems in error, which is not a huge deal, I just turn my sig off for
> now :-) But do I fall out of surbl autmatically? And how do I find out why
> this happened and prevent it?
I just also got this back from mysql lists:
MDae
I don't fully understand how SURBL works and all the details, I have been on
this list for a few weeks getting ready to get SA installed and working,
trying to learn.
I just posted to mysql mail list and got this back:
The following message could not be delivered to mysql@lists.mysql.com at
host
Sa-learn --clear
May be recommended to run a sa-learn --backup first incase you want to restore
it.
Cheers,
Michael
-Original Message-
From: Tom Q. Citizen [mailto:[EMAIL PROTECTED]
Sent: Thursday, 5 May 2005 9:51 AM
To: users@spamassassin.apache.org
Subject: Re: Spam messages got nega
61 matches
Mail list logo
