I'm running spamd on a separate server from postfix. Postfix runs
spamc with this configuration in master.cf:
smtp inet n - y - - smtpd -o
content_filter=spamc
smtp unix - - y - - smtp -o
content_filter=spamc
spamc u
Hello Rob,
Friday, June 3, 2005, 12:50:26 PM, you wrote:
RM> RE: Worst "Establishment" or "Household Name" Pseudo-Spammers
RM> Any comments on Overstock and Staples?
Lots of emails from Staples, and as far as I can tell every one has
been subscribed for. Never seen any spam from them.
No emai
Jake Colman <[EMAIL PROTECTED]> wrote on 06/03/2005
02:47:15 PM:
> DBF> If the loadave does -not- go up (due to waiting
for things like DNS
> DBF> queries) then you'll have to manually trigger
the queuing behavior.
> DBF> Edit your sendmail.cf (or .mc) file to add the
'Expensive' flag ("
On Apr 13, 2005, at 8:16 PM, Robert Menschel wrote:
And since I haven't seen any specific rule set files, I'll offer my
suggestions there:
Thanks for your list you posted a while back... it has been very
helpful configuring my set of custom rules.
Question: what is your opinion on the SA
Maurice Lucas wrote:
>
> Now we have to wait for 3.0.4 before there will be any change in the
> static score's
I hate to say it, but 3.0.4 is unlikely to change any scores.
Usually there's a new score set at the beginning of a major release, and one
"tweak" score update somewhere in the middle.
Rob McEwen wrote:
RE: Worst "Establishment" or "Household Name" Pseudo-Spammers
I've noticed that certain particular Fortune 500 (or similar "house-hold"
name) companies send an awful lot of e-mail which I can't imagine was signed
up for. In particular, I see a lot of Overstock and Staples messa
RE: Worst "Establishment" or "Household Name" Pseudo-Spammers
I've noticed that certain particular Fortune 500 (or similar "house-hold"
name) companies send an awful lot of e-mail which I can't imagine was signed
up for. In particular, I see a lot of Overstock and Staples messages sent
frequently
> "DBF" == David B Funk writes:
DBF> On Thu, 2 Jun 2005, Jake Colman wrote:
>>
>> I posted this problem last week and was told that it might be due to an
>> SA problem when overwhelmed by too many connections. This problem only
>> occurs when my server has been off-line and
From: "Matt Kettler" <[EMAIL PROTECTED]>
Sent: Friday, June 03, 2005 9:30 PM
Kevin Sullivan wrote:
On Jun 2, 2005, at 8:27 PM, Matt Kettler wrote:
If one's wrong, they are ALL wrong.
SA's rule scores are evolved based on a real-world test of a
hand-sorted corpus of fresh spam and ham. The w
Kevin Sullivan wrote:
> On Jun 2, 2005, at 8:27 PM, Matt Kettler wrote:
>
>> If one's wrong, they are ALL wrong.
>>
>> SA's rule scores are evolved based on a real-world test of a
>> hand-sorted corpus of fresh spam and ham. The whole scoreset is
>> evolved simultaneously to optimize the placement
On Friday, June 3, 2005, 3:47:05 AM, Loren Wilton wrote:
>>> If that statement is true, perhaps the surbl lists could automatically
>>> include the dotquads for hosts that are known to be pure spam
>>> sources and
>>> not mixed systems. Then the client could get the ip for a suspect hostn
Rick Macdougall wrote:
>
>
> Thomas Deaton wrote:
>
>> How do I check that an incoming email has a valid i.p.?
>>
>> thanks
>
>
> Hi,
>
> If it's not a valid IP then how does it get to your server ?
Tcp blind spoofing attack? This is not exactly a workable option for most
attackers in tr
On Jun 2, 2005, at 8:27 PM, Matt Kettler wrote:
If one's wrong, they are ALL wrong.
SA's rule scores are evolved based on a real-world test of a
hand-sorted corpus of fresh spam and ham. The whole scoreset is
evolved simultaneously to optimize the placement pattern.
Of course, one thing that
Ben Poliakoff wrote:
So I've noticed that the URIDNSBL.pm in the 3.1 snapshots seems to
recognize obfuscated URIs much better than in 3.0.x.
In other words I was looking at a message that my relatively well
maintained 3.0.3 installation didn't catch. Then I tried running the
same message thr
Thomas Deaton wrote:
> I mean the people are not who they say they are... take the latest Ebay
> "click here" spam, for instance. The "click here" gets you a virus, but the
> sender is not from Ebay... he just looks like he is.. sorry if I'm not making
> more sense.
>
Ahh, you don't want to va
* Stuart Johnston <[EMAIL PROTECTED]> [20050603 11:09]:
> >Is there any straightforward way to backport some of this goodness to
> >3.0.x? I don't mind running the development snapshots at home but at
> >work I have to answer to a couple thousand users...
>
>
On 6/3/2005 8:37 PM +0200, Thomas Deaton wrote:
I mean the people are not who they say they are... take the latest Ebay "click here"
spam, for instance. The "click here" gets you a virus, but the sender is not from Ebay...
he just looks like he is.. sorry if I'm not making more sense.
spf
Ni
I mean the people are not who they say they are... take the latest Ebay "click
here" spam, for instance. The "click here" gets you a virus, but the sender is
not from Ebay... he just looks like he is.. sorry if I'm not making more sense.
-Original Message-
From: Rick Macdougall [mailto:[
On 6/3/2005 8:31 PM +0200, Thomas Deaton wrote:
How do I check that an incoming email has a valid i.p.?
What is a valid ip ?
Niek Baakman
Thomas Deaton wrote:
How do I check that an incoming email has a valid i.p.?
thanks
Hi,
If it's not a valid IP then how does it get to your server ?
Rick
How do I check that
an incoming email has a valid i.p.?
thanks
E-mail correspondence to and from this address may be subject to the
North Carolina Public Records Law and may be disclosed to third parties by an
authorized county official. If you have received this communication in
error , p
Martin G. Diehl wrote:
> Why would someone (for example, mailto:[EMAIL PROTECTED] )
> signup to an eMail list ... and then require authentication?
>
> Just curious ...
>
Because it's easier to make mistakes than it is to make it work.
My guess is pn-systeme.de recently decided to require authen
>...
>
>At 08:17 AM 6/3/2005, Sven Riedel wrote:
>>I've recently started getting spams that contain as a body the exact
>>same string as the subject and one URI underneath.
>>
>>Is there any way to carry the result of one match forward to another?
>
>That's tricky, but you might be able to use the
List Mail User wrote:
And adding a URI rule for the completewhois list (basically the same
function as the no longer existing ipwhois.rfc-ignorant.org list) will hit
yet more name servers and spammer IPs with slightly fewer FPs (no issue with
escalations). The list is: combined-HIB.dnsi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthew Daubenspeck wrote:
>On Thu, Jun 02, 2005 at 11:40:39AM -0700, Justin Mason wrote:
>
>>can you repro this reliably? if so, output from -D and/or an "strace
>>- -f -p $spamdpid" would be helpful.
>
>
>>From top:
>
>28702 nobody 25 0 781m 714m 17
>...
>
>On Friday, June 3, 2005, 12:33:26 AM, Duncan Hill wrote:
>> On Friday 03 June 2005 08:10, Loren Wilton typed:
>>> It was basically "the spammer makes a zillion new domains, and they all
>>> take time to get into SURBL, so some spam gets through. But they all point
>>> to the same dotted qu
>-Original Message-
>From: Loren Wilton [mailto:[EMAIL PROTECTED]
>Sent: Friday, June 03, 2005 6:47 AM
>To: Duncan Hill; users@spamassassin.apache.org
>Subject: Re: Is Bayes Really Necessary?
>
>
>>> If that statement is true, perhaps the surbl lists could
>automatically
>>> include the
On Friday 03 June 2005 10:01, jdow wrote:
>From: "Gene Heskett" <[EMAIL PROTECTED]>
>
>> On Friday 03 June 2005 00:41, Codger wrote:
>> >Hmmm. You mistake Verizon for someone who gives a care I think.
>>
>> Thats the impression I'm getting, except I would state it a bit
>> more correct as opposed t
>-Original Message-
>From: Sven Riedel [mailto:[EMAIL PROTECTED]
>Sent: Friday, June 03, 2005 8:18 AM
>To: users@spamassassin.apache.org
>Subject: Comparing subject and body?
>
>
>Hi,
>
>I've recently started getting spams that contain as a body the exact
>same string as the subject and
>-Original Message-
>From: Michele Neylon :: Blacknight Solutions
>[mailto:[EMAIL PROTECTED]
>Sent: Tuesday, May 31, 2005 5:05 AM
>To: 'Jeff Chan'; 'SURBL Discussion list'; 'SpamAssassin Users'
>Subject: RE: [SURBL-Discuss] Blogger attacks SURBL
>
>
>[EMAIL PROTECTED] wrote:
>> Pardon the
> Hmmm. You mistake Verizon for someone who gives a care I think.
>
> (Indeed this list will get this reply but most assuredly since
> Verizon chooses to blacklist everyone outside Verizon as a solution
> to spam.)
Still funny that Verizon, because I see them as one of the most active
spammers them
On Thu, Jun 02, 2005 at 11:40:39AM -0700, Justin Mason wrote:
> can you repro this reliably? if so, output from -D and/or an "strace
> - -f -p $spamdpid" would be helpful.
>From top:
28702 nobody25 0 781m 714m 1796 R 99.9 35.5 4:11.72 spamd
That's the "runaway process."
# strace -f -p
From: "Gene Heskett" <[EMAIL PROTECTED]>
> On Friday 03 June 2005 00:41, Codger wrote:
> >Hmmm. You mistake Verizon for someone who gives a care I think.
> >
> Thats the impression I'm getting, except I would state it a bit more
> correct as opposed to PC. The only real way is to speak with you
On Friday 03 June 2005 00:41, Codger wrote:
>Hmmm. You mistake Verizon for someone who gives a care I think.
>
Thats the impression I'm getting, except I would state it a bit more
correct as opposed to PC. The only real way is to speak with your
checkbook, its the only thing they understand. Un
I'm definitely interested in such a script.
Thanks,
Kris
-Original Message-
From: Kevin Peuhkurinen [mailto:[EMAIL PROTECTED]
Sent: Friday, June 03, 2005 6:37 AM
To: users@spamassassin.apache.org
Subject: Re: Dump stats into mysql?
MIKE YRABEDRA wrote:
>Hello,
>
>I am running a couple
Why would someone (for example, mailto:[EMAIL PROTECTED] )
signup to an eMail list ... and then require authentication?
Just curious ...
IMO, if you don't want eMail, don't signup to an active eMail list.
Message With Full Headers
From: - Tue May 31 07:28:42 2005
X-UIDL: 11175
At 02:16 AM 6/3/2005, [EMAIL PROTECTED] wrote:
Hi,
can i whitelisting a host?
If yes, how can i do this ?
One trick I've seen used is to (ab)?use whitelist_from_rcvd for this:
whitelist_from_rcvd [EMAIL PROTECTED] somehost.example.com
> Subject: sa-learn ldap to exchange?
>
I am sorry. No more posts before coffee.
I had my acronyms confused. IMAP, not LDAP
big difference! Not surprisingly, I can now find
the 'fetchmail' article in question.
http://wiki.apache.org/spamassassin/RemoteImapFolder
Mike S
At 08:17 AM 6/3/2005, Sven Riedel wrote:
I've recently started getting spams that contain as a body the exact
same string as the subject and one URI underneath.
Is there any way to carry the result of one match forward to another?
That's tricky, but you might be able to use the fact that SA tr
At 12:20 AM 6/3/2005, Nabil Sabry wrote:
Dear all,
I have been recently added to this tool.
BOTH the IT team and the ISP claim they know nothing about it!
Is there any means to know who added me?
regards
nabil
Look at the X-Spam-Checker-Version headers in your messages, they should
tell you w
someone had posted here about a month back a neat (albeit long) one line
command he was running
to yank spams from an excachange public folder to feed to sa-learn. I
believe he referred to
a wiki article describing it in detail. I am having much difficulty
locating that article. Can
someone her
Hi,
I've recently started getting spams that contain as a body the exact
same string as the subject and one URI underneath.
Is there any way to carry the result of one match forward to another?
Regs,
Sven
MIKE YRABEDRA wrote:
Hello,
I am running a couple stats scripts that output info every day. Does anyone
have a script that ( or know of one ) that will dump the info in a mysql
database for later processing?
I don't know what format you are doing the output in, but I have a
script that I u
Hello,
I am running a couple stats scripts that output info every day. Does anyone
have a script that ( or know of one ) that will dump the info in a mysql
database for later processing?
TIA
:-)> Mike
On Fri, Jun 03, 2005 at 07:20:36AM +0300, Nabil Sabry wrote:
> Dear all,
> I have been recently added to this tool.
> BOTH the IT team and the ISP claim they know nothing about it!
> Is there any means to know who added me?
> regards
> nabil
>
Some like a harbester wanting to cause trouble.
--
>> If that statement is true, perhaps the surbl lists could automatically
>> include the dotquads for hosts that are known to be pure spam
>> sources and
>> not mixed systems. Then the client could get the ip for a suspect hostname
>> and see if it matched a known spam dotquad.
> I'd swe
[EMAIL PROTECTED] wrote:
can i whitelisting a host?
If yes, how can i do this ?
This is probably better done in your MTA or Procmail file, but something
like this should suffice.
whitelist_from_rcvd [EMAIL PROTECTED] host.tld
Replace host.tld with the actual hostname of the server you wish
On Friday, June 3, 2005, 12:33:26 AM, Duncan Hill wrote:
> On Friday 03 June 2005 08:10, Loren Wilton typed:
>> It was basically "the spammer makes a zillion new domains, and they all
>> take time to get into SURBL, so some spam gets through. But they all point
>> to the same dotted quad, and I ca
--On Friday, June 03, 2005 7:20 AM +0300 Nabil Sabry
<[EMAIL PROTECTED]> wrote:
I have been recently added to this tool.
BOTH the IT team and the ISP claim they know nothing about it!
Is there any means to know who added me?
Check the entire message, including all the headers. There should b
On Friday 03 June 2005 08:10, Loren Wilton typed:
> It was basically "the spammer makes a zillion new domains, and they all
> take time to get into SURBL, so some spam gets through. But they all point
> to the same dotted quad, and I can match on that lookup".
>
> If that statement is true, perhap
> SURBLs on the other hand have mostly domain names with a few IPs.
> Whatever appears in URI host portions is what goes into SURBLs.
> Usually URIs have domain names so that's what most of the SURBL
> records are.
Jeff, the OP (or someone) had an interesting idea, I thought.
It was basically "th
51 matches
Mail list logo
