Justin Mason wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
you should _definitely_ whitelist AOL's scomp source address -- preferably
using "whitelist_from_spf", as they publish a reliable SPF record
for aol.net.
- --j.
Thanks. That did the trick:
X-Spam-Status: No, score=-94.8 req
On 01/12/2005 5:30 PM, User for SpamAssassin Mail List wrote:
I think this is where the problems is coming in. Looking through the logs
I found this:
Dec 1 09:13:20 mail spamd[31417]: DCC -> check failed: cannot fork: Too many
open files in system
at /usr/share/perl5/Mail/SpamAssassin/Util.pm
It's still load on the server or router I am giving plenty of time and
announcing it where spam consious system admin should see it and have plenty
of time to take action.
Bill Larson
Network Administrator
Compu-Net Enterprises
- Original Message -
From: "Richard Ozer" <[EMAIL PROTECT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
you should _definitely_ whitelist AOL's scomp source address -- preferably
using "whitelist_from_spf", as they publish a reliable SPF record
for aol.net.
- --j.
Steven Stern writes:
> In order to keep our mail flowing to AOL members, I've signed up
In order to keep our mail flowing to AOL members, I've signed up through
the AOL postmaster service to receive TOS reports. Basically, whenever
someone reports mail from our domains as spam, AOL forwards it to me.
(They delete the addressee from the headers, although not completely so
sometimes
Daryl C. W. O'Shea wrote:
On 01/12/2005 10:26 AM, Rick Macdougall wrote:
I've got a real user using Outlook which hits the following two rules
2.7 FORGED_OUTLOOK_HTMLOutlook can't send HTML message only
2.5 FORGED_OUTLOOK_TAGSOutlook can't send HTML in this format
I've got the entire m
On 01/12/2005 10:26 AM, Rick Macdougall wrote:
I've got a real user using Outlook which hits the following two rules
2.7 FORGED_OUTLOOK_HTMLOutlook can't send HTML message only
2.5 FORGED_OUTLOOK_TAGSOutlook can't send HTML in this format
I've got the entire message with headers if some
User for SpamAssassin Mail List wrote:
> SARE_FRAUD was suggested but would this be a duplication when we are
> running clamd virus scanner on all the mail?
Not really, no. Phishing is a hit-and-run enterprise... the more fences the
better.
--
Matthew.van.Eerde (at) hbinc.com 805
Thanks Bob,
SARE_FRAUD was suggested but would this be a duplication when we are
running clamd virus scanner on all the mail?
Thanks,
Ken Rea
On Wed, 30 Nov 2005, Robert Menschel wrote:
> Wednesday, November 30, 2005, 11:59:23 AM, Matt wrote:
>
> MK> I'm not well versed in picking the "min
As a follow up I did find this on a Debian web site:
echo "65536" > /proc/sys/fs/file-max # for 2.2 and 2.4 kernel
echo "131072" > /proc/sys/fs/inode-max # for 2.2 kernel only
So it looks like you don't have to worry about inodes on a 2.4 kernel.
Ken Rea
On Thu, 1 Dec 2005, User for Sp
Matt,
It's a Debian Stable system, and I did bump up that file and also put in a
script on boot up to raise that number. Some of the ideas I found (after
doing a google search) suggested changing the inode-max as well but I
could not find that in the proc file system.
We will see if that solves
User for SpamAssassin Mail List wrote:
>
> I think this is where the problems is coming in. Looking through the logs
> I found this:
>
> Dec 1 09:13:20 mail spamd[31417]: DCC -> check failed: cannot fork: Too many
> open files in system
> at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1019,
I think this is where the problems is coming in. Looking through the logs
I found this:
Dec 1 09:13:20 mail spamd[31417]: DCC -> check failed: cannot fork: Too many
open files in system
at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1019, line 101.
Dec 1 09:13:20 mail spamd[31417]: clea
Yes the users do exist and usually it works fine.
Ken
On Thu, 1 Dec 2005, Theo Van Dinter wrote:
> On Thu, Dec 01, 2005 at 12:54:17PM -0800, User for SpamAssassin Mail List
> wrote:
> > I'm getting these errors on some user when the spamd program tries to
> > setuid to the users ID. Here i
Hi Chris,
Nothing looks horribly wrong to me with your setup. See if you can
reproduce the no-rewrite state with an email you have received which did
not
get the subject rewritten. Remove the spamassassin markup and re-send
the
message through spamassassin (pipe a marked-up email through
On Thu, Dec 01, 2005 at 12:54:17PM -0800, User for SpamAssassin Mail List wrote:
> I'm getting these errors on some user when the spamd program tries to
> setuid to the users ID. Here is some of the log file showing the error:
Do those users actually exist? Does your perl support setuid?
> Dec
Hello,
I'm getting these errors on some user when the spamd program tries to
setuid to the users ID. Here is some of the log file showing the error:
Dec 1 09:24:38 mail spamd[1897]: connection from localhost [127.0.0.1] at port
57112
Dec 1 09:24:38 mail spamd[1897]: fatal: setuid to chuck fa
On Thu, 1 Dec 2005, Richard Ozer wrote:
That's a pretty nasty way to deal with that problem. You'll mostly affect
bystanders.
Why don't you just filter the requests and forget about them?
Because he'll still get bombarded with the wasted traffic of useless dns
requests.
-Dan
SpamAssassin 2.63-0.2
RedHat 9 Operating system Linux 2.4.20-021stab022.11.777-enterprise
psa-spamassassin 7.5.4-rh9.build75050927.15
Hello All,
Above is my hosting platform. I am running version 2.63 by default now and
want to upgrade to version 3.x .
I am a BASIC administrator and have acces
At 11:37 AM 12/1/2005, you wrote:
My MailScanner boxes are still getting drilled with the Sober.Virus
and spam (none which have made it through) from a single IP
address. I did a lookup on dnsstuff.com for the address
{66.243.13.178} but made no headway on what to do about this. What
steps
> My MailScanner boxes are still getting drilled with the Sober.Virus and
spam (none which have made it through) from a single IP address. I did
a lookup on dnsstuff.com for the address {66.243.13.178} but made no
headway on what to do about this. What steps do I need to do in order
to get this
On Thu, Dec 01, 2005 at 10:10:18AM -0800, Justin Mason wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> Chris Thielen writes:
> > Did SA 2.6x support any if* statements in rulesfiles like 3.0 does (eg:
> > ifplugin)?
>
> Chris, pretty sure it didn't.
ISTR that it tried to, but it
Casey King wrote:
> My MailScanner boxes are still getting drilled with the Sober.Virus and
> spam (none which have made it through) from a single IP address. I did
> a lookup on dnsstuff.com for the address {66.243.13.178} but made no
> headway on what to do about this. What steps do I need to d
Title: Recurring abuser
My MailScanner boxes are still getting drilled with the Sober.Virus and spam (none which have made it through) from a single IP address. I did a lookup on dnsstuff.com for the address {66.243.13.178} but made no headway on what to do about this. What steps do I need
Bill Larson a écrit :
Over 2 years ago I shut down blackhole.compu.net and
pm0-no-more.compu.net then announced the shutdown on the
news.admin.net-abuse.email and several other mail and abuse related
lists. As of today I am still logging several hundred requests per
minute to it two years late
Justin Mason wrote:
> What I do is confirm those spams. If they're going to shift the
> work of spam-filtering onto innocent third parties, a "protest vote"
> is appropriate in my opinion.
>
> --j.
Very well said Justin. My own views are a little more harsh, but the principles
are quite similar
Menno van Bennekom a écrit :
Mouss wrote:
twtelecom.net is in the US.
Yes, I'm doing too many things at a time today so I was only triggered by
the 'tw' ;-)
would be "fun" to block Time Warner because of that:)
I'm not certain many spammers do really care to clean up the address
lists...
That's a pretty nasty way to deal with that problem. You'll mostly affect
bystanders.
Why don't you just filter the requests and forget about them?
- Original Message -
From: "Bill Larson" <[EMAIL PROTECTED]>
To:
Cc: <[EMAIL PROTECTED]>
Sent: Friday, December 02, 2005 10:15 AM
Subjec
Over 2 years ago I shut down blackhole.compu.net
and pm0-no-more.compu.net then announced the shutdown on the
news.admin.net-abuse.email and several other mail and abuse related lists. As of
today I am still logging several hundred requests per minute to it two years
later. In one week I am
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Thielen writes:
> Did SA 2.6x support any if* statements in rulesfiles like 3.0 does (eg:
> ifplugin)?
Chris, pretty sure it didn't.
- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFDjzyKMJF5cimL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt Kettler writes:
> Gene Heskett wrote:
> > Greetings all;
> >
> > I'm suddently being flooded with messages from the sender in the
> > subject line, containing absolutely no indication of what message
> > generated that response.
> >
> > I don't
Hi James,
James Feger wrote:
I have set my local.cf to look for a hit score of 7.0 or higher. I am
receiving email and spamd is processing it as spam, attaching a score,
and
adding the default message at the top of the email (Email has been tagged
as possible spam by the system...or whatever
Seems the maintainer has already fixed this issue in version 200512011033,
so uhm.. Nevermind :)
John Narron| "Sacrifice, they always say
Network Administration | Is a sign of nobility
CDS/CDSinet, LLC | But where does one draw the line
http://www.cdsinet.net | In the face of
...and I thank you for helping me, b/c I couldn't figure it out...I can
admit that I am not too bright. I hope you didn't feel I was being
spiteful...no reason for that...maybe all of the other events of the day
here at work are starting to get to me a little. Sorry if I came off a
bit jaded.
--
Matt Kettler wrote:
> At 08:57 AM 12/1/2005, Bowie Bailey wrote:
>
>> Doesn't RDJ have a rule renaming feature? I seem to remember getting
>> a message from RDJ at one point saying that one of the SARE rules had
>> changed names.
>
>
> Renaming is quite different. If you re-name, at least your use
Dunno, I don't maintain it, just providing a workaround until it can be
properly fixed by the maintainer :)
John Narron| "Sacrifice, they always say
Network Administration | Is a sign of nobility
CDS/CDSinet, LLC | But where does one draw the line
http://www.cdsinet.net | In
Rolling configuration files back, not restarting SpamAssassin.
Rollback command is: mv -f
/etc/mail/spamassassin/blacklist-uri.cf
/etc/mail/spamassassin/RulesDuJour/sa-blacklist.current.uri.cf.2; mv -f
/etc/mail/spamassassin/RulesDuJour/blacklist-uri.cf.20051201-1019
/etc/mail/spamassas
iguration files back, not restarting SpamAssassin.
Rollback command is: mv -f /etc/mail/spamassassin/blacklist-uri.cf
/etc/mail/spamassassin/RulesDuJour/sa-blacklist.current.uri.cf.2; mv -f
/etc/mail/spamassassin/RulesDuJour/blacklist-uri.cf.20051201-1019
/etc/mail/spamassassin/blacklist-uri.cf;
Hello,
I recently installed Spamassassin 3.1.0 on a Debian Linux. I used the
apt-get method of installing the binary and the needed support files. I
am running spamassassin as spamd. I am invoking spamd with the Debian
spamc client invoked via .procmailrc. I am using Sendmail as my local
maile
2; mv -f /etc/mail/spamassassin/RulesDuJour/blacklist-uri.cf.20051201-1019 /etc/mail/spamassassin/blacklist-uri.cf;
Lint output: [2514] warn: Backslash found where operator expected at (eval 3485) line 1, near "com\"
[2514] warn: config: invalid regexp for rule WLS_URI_OPT_0: m//docume
Gene Heskett wrote:
> Greetings all;
>
> I'm suddently being flooded with messages from the sender in the
> subject line, containing absolutely no indication of what message
> generated that response.
>
> I don't do SPI, and never will as it just sems to confirm I'm a valid
> email address.
>
>
Greetings all;
I'm suddently being flooded with messages from the sender in the
subject line, containing absolutely no indication of what message
generated that response.
I don't do SPI, and never will as it just sems to confirm I'm a valid
email address.
What should I do, just sort it to the ju
From: Matt Kettler [mailto:[EMAIL PROTECTED]
>
> At 08:57 AM 12/1/2005, Bowie Bailey wrote:
> >Doesn't RDJ have a rule renaming feature? I seem to remember getting
> >a message from RDJ at one point saying that one of the SARE rules had
> >changed names.
>
> Renaming is quite different. If you r
Mouss wrote:
>
> twtelecom.net is in the US.
Yes, I'm doing too many things at a time today so I was only triggered by
the 'tw' ;-)
>
>> By the way, I wouldn't report spam to the abuse-addresses, the reports
>> are
>> often forwarded to the spammer. It is often only used as a confirmation
>> that
Hi,
I've got a real user using Outlook which hits the following two rules
2.7 FORGED_OUTLOOK_HTMLOutlook can't send HTML message only
2.5 FORGED_OUTLOOK_TAGSOutlook can't send HTML in this format
I've got the entire message with headers if someone can tell me what
they want to see.
Reg
At 08:57 AM 12/1/2005, Bowie Bailey wrote:
Doesn't RDJ have a rule renaming feature? I seem to remember getting
a message from RDJ at one point saying that one of the SARE rules had
changed names.
Renaming is quite different. If you re-name, at least your users will know
about it because thei
From: Matt Kettler [mailto:[EMAIL PROTECTED]
>
> mouss wrote:
> >
> > I didn't say so but had in mind:
> > - antidrug.cf: just a notice (which also provides a link to the
> > pre30 version)
> > - a pre30 version.
>
> No way.
>
> That creates a problem for users of SA 2.64 who are RDJ'ing
> ant
Menno van Bennekom a écrit :
I know some ip-addresses here that try to send me viruses for over a year!
Posting this to the abuse I did once or twice and indeed doesn't help
always but I also block the ip at the MTA level (postfix) and that does
help ;-)
Some I have even blocked at the firewall
So I guess I will put a complaint in
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 01, 2005 12:46 AM
To: Jean-Paul Natola; users@spamassassin.apache.org
Subject: Re: bonded sender
At 10:07 PM 11/30/2005, Jean-Paul Natola wrote:
>I was just cur
Chris wrote:
> Since about the 22nd or 23nd I've been getting virus laden (Sober.U) spam
> from an address at twtelecom.net (66.162.83.190). All my spam reporting
> is done via two scripts, one is reporter.pl which runs sa-learn and
> reports to Razor, Pyzor and DCC. The other script, which was w
50 matches
Mail list logo
