Dear list,
I was thinking about switching our SAs from config
files to MySQL. Now I am wondering if there are any advantages in SA’s performance
when using MySQL. Does anyone of you have any information on that?
Thank you very much in advance,
Stefan
It looks like ihlas.net.tr is running SPF checks on mail relays within
their local network. This is a bad idea, since this will cause most if
not all SPF checks performed on internal relays to fail, as nobody
else can be assumed to have your maile gateway in their SPF list...
On 15 Aug 2006 [EMAI
On Tue, 15 Aug 2006, Craig Baird wrote:
[snip..]
> The other type of spam I'm seeing are empty messages. They have a single word
> for a subject, but nothing in the body. About a year ago, I was getting
> flooded with these, and I solved the problem by using the SARE_HTML_NO_BODY
> rule from 70_
On Wednesday August 16 2006 01:47, Chris Stone wrote:
> On Wed, 2006-08-16 at 01:37 +0200, Mark Martinec wrote:
> > header __L_FROM_YAHOO From:addr =~ /@yahoo\.com$/i
> > header __L_FROM_GMAIL From:addr =~ /@gmail\.com$/i
>
> You should escape the @ signs in the expression: /[EMAIL PROTECTED]/i
Ye
On Wed, 2006-08-16 at 01:37 +0200, Mark Martinec wrote:
> header __L_FROM_YAHOO From:addr =~ /@yahoo\.com$/i
> header __L_FROM_GMAIL From:addr =~ /@gmail\.com$/i
You should escape the @ signs in the expression: /[EMAIL PROTECTED]/i
Chris
> -Original Message-
> From: Mark Martinec [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 15, 2006 7:38 PM
> To: users@spamassassin.apache.org
> Subject: Re: Rule for non-DK-signed mail from yahoo
> This is what I have now:
>
I get this on a lint with SA 3.13:
Does it need escape in f
On Tue, 15 Aug 2006, decoder wrote:
> Rob Mangiafico wrote:
> > On Tue, 15 Aug 2006, decoder wrote:
> >> Rob Mangiafico wrote:
> >>> Downloaded and installed the latest FuzzyOCR 2.1c
> >>>
> >>> Ran the tests and the jpg and png ones worked fine, but for the
> >>> gif sample I received:
> >>>
> >>>
Now here's an honest phisher:
Subject: =?utf-8?Q?[PHISHING]: Important Information About Your Fifth Third
Bank Account [Tue, 15 Aug 2006 18:25:54 +0180]?=
--
Chris
18:47:44 up 16 days, 16 min, 1 user, load average: 0.23, 0.30, 0.27
~~~
Well,
I finally got everything working after realizing that there is a
RHEL4 package called netpbm-progs. So, i deleted everything i
installed from source, and installed all of the rpms instead. No
more errors. oddly enough, I only find 2 spam words in the sample
jpeg mail, as opposed
Thank you all for the feedback.
> > FWIW, I've seen a few mails that had multiple DK signatures, apparently
> > as the result of going through a DK signed mailing list when the original
> > message had also been signed.
>
> yeah, I think if the list re-signs the message, that's ok, because it then
From: "Halid Faith" <[EMAIL PROTECTED]>
Hello
I use spamassassin as test.
My mail server handles mails about 200 K in a day.
What should I set value of the --max-children num in spamd ?
I think the -m value is 5 as default.
When I type perl -MSocket -e'print SOMAXCONN' I see 128 on di
Ok,
I installed libjpeg-devel, libpng-devel, and libtiff-devel, then I DL
and compiled netpbm-10.34 from source. it all went well, and now I
have all 3 of those convertor executables on my system. i then ran
some tests on your sample mails.
the gif sample works great. - exactly like in
Chris,
I am in the process of installing and testing FuzzyOcr, but i am
having some issues with netpbm.
I installed netpbm via yum and have version netpbm-10.25-2.EL4.2
installed now. the problem
is that giftopnm, jpegtopnm, and pngtopnm are nowhere to be found on
the system.
any suggest
decoder wrote:
>
>
> Hey again,
>
>
> I have analyzed your image with my gocr, and I get:
>
> samples # gocr -i bell.gif
>
> )
>
> Trading ,4lert for FRID,4Y, ,4UGUST ll!
>
> ,4 M,4_oR PR C,4MP,4IGN IS lNDERW,4Y!
>
> Some vey EXPLOSIVE G,4INS are eqe_ed!. i. !.
>
> Tc,r,,.?,d,,e,,l,},.?
On Tue, Aug 15, 2006 at 05:12:42PM -0400, Ryan Steele wrote:
> hitch. It seems that arbitrarily, spamd is unable to drop root
> privileges. Here's the relevant log message:
>
> spamd: still running as root: user not specified with -u, not found, or
> set to root, falling back to nobody at /usr
On Tuesday 08 August 2006 21:32, Rob McEwen (PowerView Systems) took the
opportunity to say:
> Just thought ya'll would be interested to know that I just spent about 45
> minutes trying to convince an I.T. guy at one of the largest regional banks
> in my area that a spam filter should ONLY check t
On Tue, 15 Aug 2006, Ryan Steele wrote:
> spamd: still running as root: user not specified with -u, not found, or
> set to root, falling back to nobody at /usr/sbin/spamd line 1150,
> line 4.
Me, too!
It happens to me pretty regularly. I don't have any per-user configs
set up.
> I'm running:
Greetings all,
I have a bit of a mystery. Recently, I installed spamassassin on a new
server. Everything seems to be working fine, except for one little
hitch. It seems that arbitrarily, spamd is unable to drop root
privileges. Here's the relevant log message:
spamd: still running as roo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
pdxbrit wrote:
>
> decoder wrote:
>>
>> I assume you did restart spamd? If so, set the verbose level in
>> FuzzyOcr.cf to 2, that enables debug messages and creates debug
>> out files in the current directory which contain the recognized
>> format and
On Monday 14 August 2006 11:02, Nigel Frankcom took the opportunity to say:
> On Mon, 14 Aug 2006 01:52:33 -0700, "jdow" <[EMAIL PROTECTED]> wrote:
> >(I manually train here. I distrust automatic training.)
> >
> >{^_^}
>
> I agree with not autotraining, imo it's a damned good way to get your
> bay
decoder wrote:
>
>
> I assume you did restart spamd? If so, set the verbose level in
> FuzzyOcr.cf to 2, that enables debug messages and creates debug out
> files in the current directory which contain the recognized format and
> the recognized text.
>
> Try running then spamassassin -t < some
>>
>> Bookworm writes:
>> > [EMAIL PROTECTED] wrote:
>> > > that analyzes and scores email addresses:
>> > >
>> > > we have big companies that give their employees more or less random
>> > > strings as email addresses
>> > > (but length will not be extremely long)
>> > > Otherwise we have em
Quoting Loren Wilton <[EMAIL PROTECTED]>:
Thanks to the imageinfo plugin, most of my image spam has disappeared except
for one particular type. I'm still seeing .gif image spams where the
filename for the image does not contain .gif. Like this:
Are you using the latest version that 'decoder'
Hi, I have been doing some testing with SA - Using maildrop to do the spam
scanning.
In my maildrop script I was playing around with calling 'sa-learn --sync spam'
everytime spam was detected and 'sa-learn --sync ham' when messages were
clean. I had this running for a while to see what kind of
Michel Vaillancourt wrote:
> Does anyone have an "anti word" based PM/CF file-set? I don't want to
> reinvent the wheel if I don't need to. Thanks.
>
> --Michel Vaillancourt
> Wolfstar Systems
>
>
I wanted to implement the functions into FuzzyOcr maybe, and rename the
plug
pdxbrit wrote:
> Hi Folks,
>
> I installed the ocrtext plugin yesterday, and although running it doesn't
> appear to block any of the GIF spams I receive, its analyzing them, just not
> coming up with anything.
>
> So I just found the FuzzyOcr plugin, but it doesn't seem to be executed by
> spamd
Hi Folks,
I installed the ocrtext plugin yesterday, and although running it doesn't
appear to block any of the GIF spams I receive, its analyzing them, just not
coming up with anything.
So I just found the FuzzyOcr plugin, but it doesn't seem to be executed by
spamd.
I added a --debug=FuzzyO
On Tue, 15 Aug 2006, Halid Faith wrote:
> How can I give a high score some messages I have teached to my
> server with sa-learn --spam /directory ?
sa-learn adds the words in those messages to the Bayes database, in
this case as signs of spam. They are not used to directly score
messages, but rat
Does anyone have an "anti word" based PM/CF file-set? I don't want to
reinvent the wheel if I don't need to. Thanks.
--Michel Vaillancourt
Wolfstar Systems
Thanks to the imageinfo plugin, most of my image spam has disappeared
except
for one particular type. I'm still seeing .gif image spams where the
filename for the image does not contain .gif. Like this:
Are you using the latest version that 'decoder' posted? I'm pretty sure he
added code to
Hi!
Sorry, its me again, bayes learning seems again 'biased',
this time to spam, may be by picture spams?
After installing new modules to catch picture spams, the
scores of those seem to go high enough to autolearn those
included random texts. So I seem to be in a fix, eighter
learning 'everythi
Hi
I use spamassassin3.1.1
How can I give a high score some messages I have
teached to my server with sa-learn --spam /directory ?
Thanks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rob Mangiafico wrote:
> On Tue, 15 Aug 2006, decoder wrote:
>> Rob Mangiafico wrote:
>>> Downloaded and installed the latest FuzzyOCR 2.1c
>>>
>>> Ran the tests and the jpg and png ones worked fine, but for the
>>> gif sample I received:
>>>
>>> spamas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
enediel gonzalez wrote:
> Hello I have the problem that now we are receiving spams and all
> the content was written in one image attached into the email, in
> this conditions the rules to check words, phrases, etc , don't work
>
>
> Thanks in advance
BG Mahesh wrote:
> hi
>
> /etc/rulesdujour/config reads,
>
> [EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config
> TRUSTED_RULESETS="TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0
> SARE_URI1"
There are quite a few good rule sets from SARE. You may want to go to
www.rulesemporium
On Tue, 15 Aug 2006, decoder wrote:
> Rob Mangiafico wrote:
> > Downloaded and installed the latest FuzzyOCR 2.1c
> >
> > Ran the tests and the jpg and png ones worked fine, but for the gif
> > sample I received:
> >
> > spamassassin -t > (null): EOF / read error reading magic number Broken pipe
Hello
I have the problem that now we are receiving spams and all the content was
written in one image attached into the email, in this conditions the rules
to check words, phrases, etc , don't work
Thanks in advance for any answer
Enediel
Linux user 300141
Debian GNU/Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rob Mangiafico wrote:
> Downloaded and installed the latest FuzzyOCR 2.1c
>
> Ran the tests and the jpg and png ones worked fine, but for the gif
> sample I received:
>
> spamassassin -t (null): EOF / read error reading magic number Broken pipe
>
> I
On Tuesday August 15 2006 12:41 pm, BG Mahesh wrote:
> hi
>
> /etc/rulesdujour/config reads,
>
> [EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config
> TRUSTED_RULESETS="TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1
> SARE_URI0 SARE_URI1"
> SA_DIR="/etc/mail/spamassassin"
> MAIL_ADDRESS="[EMAIL
Downloaded and installed the latest FuzzyOCR 2.1c
Ran the tests and the jpg and png ones worked fine, but for the gif sample
I received:
spamassassin -t
hi/etc/rulesdujour/config reads,[EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config TRUSTED_RULESETS="TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0 SARE_URI1"SA_DIR="/etc/mail/spamassassin"
MAIL_ADDRESS="[EMAIL PROTECTED]"SA_RESTART="killall -HUP spamd"Everytime we execute rules_du_j
Mark Martinec writes:
> Thanks Justin and Daryl.
>
> > > (a) Is "From:addr" rather than "EnvelopeFrom:addr" the right header to
> > > use?
> > I'd say yes. DK signs the message, not the envelope. I'm pretty sure
> > the current milters look for a From: header to decide on what
> > selector/etc
I have two types of spam that are slipping through, and I'm wondering if
anyone has rules to help with them.
Thanks to the imageinfo plugin, most of my image spam has disappeared except
for one particular type. I'm still seeing .gif image spams where the
filename for the image does not contain .g
Dear List,
I'm running spamassassin with simscan. The problem I got is that the e-mails
that arrive
to my server are scanned and forward to their mailboxes, but it seems that the
server
sending the e-mail doesn't notice that the mail arrived ok, so it sends it over
and over
getting sometimes 20
Ole Nomann Thomsen wrote:
Den 15.08.2006 kl. 12:01 skrev Andreas Pettersson <[EMAIL PROTECTED]>:
While I don't really see why ldap isn't an option, even with an 99%
load, callout might be the solution.
However, I don't run qmail but here's how it works with exim
http://www.exim.org/exim-html-
On 8/14/2006 6:45 PM, Xepher wrote:
I've got a server configured with postfix and spamassassin. The
mailserver is the only one for the domain, and thus receives mail
from
other servers, as well as letting users connect directly (with smtp
auth) to send mail. Everything works fine, EXCEPT when
Dennis Teel wrote:
> My server is a brand new P4 with 1 GB of RAM.
> I'm using the default options with SA and have added Razor2.
Please keep SA questions on the list. I'm not an expert, just another
user. There are lots of other people who read the list who may have
good advice for you as well.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Mason wrote:
> could it be that local_tests_only is *not* set to 1? in other words,
> that network results are being used in bayes training? That
> slows things down quite a lot.
As far as I can see, there's no connection... bayes wouldn't ha
Halid Faith wrote:
>
> My mail server handles mails about 200 K in a day.
>
> What should I set value of the --max-children num in spamd ?
>
> I think the -m value is 5 as default.
> When I type perl -MSocket -e'print SOMAXCONN' I see 128 on display.
This depends mainly on memory. Take a
could it be that local_tests_only is *not* set to 1? in other words,
that network results are being used in bayes training? That
slows things down quite a lot.
--j.
David Morton writes:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> (This message is now CC'd to both maia-users and spam
On 8/15/2006 10:01 AM, Halid Faith wrote:
Hello
I use spamassassin as test.
My mail server handles mails about 200 K in a day.
What should I set value of the --max-children num in spamd ?
I think the -m value is 5 as default.
When I type perl -MSocket -e'print SOMAXCONN' I see 128 on d
Hello
I use spamassassin as test.
My mail server handles mails about 200 K in a day.
What should I set value of the --max-children num in spamd ?
I think the -m value is 5 as default.
When I type perl -MSocket -e'print SOMAXCONN' I see 128 on display.
Thanks
I noticed a number of people have been trying to update the
70_sare_whitelist_spf.cf ruleset. In case any one had missed it
mentioned in this thread, the ruleset is broken upstream (it's missing
some required ifplugin lines) so updating that ruleset/channel will fail
until it is fixed.
Dary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(This message is now CC'd to both maia-users and spamassassin mailing lists )
( Continuing the thread in SpamAssassin ML RE: slow sql bayes store)
Alexandre Ghisoli wrote:
> DB Server
> Actually, we got perfs problem with this one, probably related t
From: Dennis Teel [mailto:[EMAIL PROTECTED]
>
> At 08:05 AM 8/15/2006, you wrote:
> >
> > Dennis Teel wrote:
> > > Is anyone out there using spampd? I've been trying to setup a
> > > Spamassassin relay mail server and I'm really having performance
> > > issues. Our incoming MTA is averaging about
Andreas Pettersson wrote:
Ole Nomann Thomsen wrote:
I run a qmail frontend for a FirstClass system. The qmail accepts mail
for
about 500 domains, hosted on the FirstClass system, and scans them
with SA.
In then injects them into FirstClass. If the domain is known, but the
user is
wrong (as
On Tue, 15 Aug 2006, Guy Waugh wrote:
>
> Aug 15 05:01:35 mailserver sendmail[13287]: k7EJ1YE7013287: SYSERR(root):
> localhost.fabulous.com. config error: mail loops back to me (MX problem?)
>
> Do people actively combat this somehow?
Exim has a feature ignore_target_hosts which causes it to stri
Dennis Teel wrote:
> Is anyone out there using spampd? I've been trying to setup a
> Spamassassin relay mail server and I'm really having performance
> issues. Our incoming MTA is averaging about 3 message per second. I
> would think that Spamassassin could keep up with that just fine. Is
> anyone
Dennis Teel wrote:
Is anyone out there using spampd? I've been trying to setup a
Spamassassin relay mail server and I'm really having performance issues.
Our incoming MTA is averaging about 3 message per second. I would think
that Spamassassin could keep up with that just fine. Is anyone else
Is anyone out there using spampd? I've been trying to setup a
Spamassassin relay mail server and I'm really having performance
issues. Our incoming MTA is averaging about 3 message per second. I
would think that Spamassassin could keep up with that just fine. Is
anyone else having problems with
Ole Nomann Thomsen wrote:
Den 15.08.2006 kl. 12:01 skrev Andreas Pettersson <[EMAIL PROTECTED]>:
While I don't really see why ldap isn't an option, even with an 99%
load, callout might be the solution.
However, I don't run qmail but here's how it works with exim
http://www.exim.org/exim-htm
On Tuesday 15 August 2006 11:28, Ole Nomann Thomsen wrote:
> Yeah, that is pretty neat. But the Firstclass system is running at 99%
> capacity on the E-mail injection too. I mean, we are really pumping it in,
> trying to level the peak-priod and everything.
>
> Performing callouts will probably ca
Den 15.08.2006 kl. 12:01 skrev Andreas Pettersson <[EMAIL PROTECTED]>:
While I don't really see why ldap isn't an option, even with an 99%
load, callout might be the solution.
However, I don't run qmail but here's how it works with exim
http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch
On Tuesday 15 August 2006 10:46, Ole Nomann Thomsen wrote:
> I run a qmail frontend for a FirstClass system. The qmail accepts mail for
> about 500 domains, hosted on the FirstClass system, and scans them with SA.
> In then injects them into FirstClass. If the domain is known, but the user
> is
>
Ole Nomann Thomsen wrote:
I run a qmail frontend for a FirstClass system. The qmail accepts mail
for
about 500 domains, hosted on the FirstClass system, and scans them
with SA.
In then injects them into FirstClass. If the domain is known, but the
user is
wrong (as in "[EMAIL PROTECTED]") the
Den 14.08.2006 kl. 19:48 skrev Sanford Whiteman
<[EMAIL PROTECTED]>:
Hi, in order to avoid bouncing spam back to the (almost certainly) faked
sender-addresses, I thought I could use SA directly:
What's your MTA and/or SA-invoking app? Surely it is easier to have
that agent parse SA's
Loren Wilton writes:
> > in other words:
> >
> >- sender @ yahoo.com sends mail to mailmanlist @ somelist.com;
> >- mailmanlist @ somelist.com appends the mailman footer to the body
> > text/plain part;
> >- recipient gets message, reads From addr, verifies DK sig, which now
> >
in other words:
- sender @ yahoo.com sends mail to mailmanlist @ somelist.com;
- mailmanlist @ somelist.com appends the mailman footer to the body
text/plain part;
- recipient gets message, reads From addr, verifies DK sig, which now
fails.
FWIW, I've seen a few mails that ha
Mark Martinec writes:
> Thanks Justin and Daryl.
>
> > > (a) Is "From:addr" rather than "EnvelopeFrom:addr" the right header to
> > > use?
> > I'd say yes. DK signs the message, not the envelope. I'm pretty sure
> > the current milters look for a From: header to decide on what
> > selector/etc
Guy Waugh schrieb:
> The above stuff appears in my logs when, for example, our MX receives
> spam for an unknown local user and tries to bounce the mail back to the
> sender.
You should not accept mail for unknown local users because bouncing it
to a mostly faked sender means you're sending out
70 matches
Mail list logo
