Rob McEwen wrote:
(CCing Marc Perkel because I seem to recall him knowing about this)
Not that I'd ever outright block based on this one factor alone, but...
Does anyone have any stats about what percentage of spam is directed towards
the highest MX Record? (that is, where there is more than on
> > 14 seconds may be just the delay for the various network tests to
> > respond.
> You mean the test form SA? I have googled for this kind of situations
> and I found I am the slowest. If I stop the spamd, the delivery will
> be much faster.
I mean it depends how your SA is configured.
Some of
> For instance, given the explanations above, I'll
> start a system to automatically learn from my 'checkspam' folder, but not
> my 'highspam' folder.
Remember that your 'highspam' may be separated from 'checkspam' largely
based on network tests; I often see identical messages with a 6-8 point
var
On 9/28/06, Olivier Nicole <[EMAIL PROTECTED]> wrote:
> I am quite new to SA (a week of SA life), and the SA is working, the
> thing is, SA is incredibly slow on my server (2.8GHZ CPU + 2GB Memory
> + Qmail + Qmail-scanner). Here's a typical scan log:
>
> result: . 0 - SPF_PASS scantime=14.7,siz
> Also, has anyone ever seen ANY legit mail go to the highest MX record when
> no mail server failure occurred?
I've seen a tiny amount-- little enough that I earlier set my primary to
dump any messages received from my tertiary MX into a quarantine folder for
my review, but since I got ImageInfo.
> I am quite new to SA (a week of SA life), and the SA is working, the
> thing is, SA is incredibly slow on my server (2.8GHZ CPU + 2GB Memory
> + Qmail + Qmail-scanner). Here's a typical scan log:
>
> result: . 0 - SPF_PASS scantime=14.7,size=1689 ...
Hi,
Problem is not that it is slow.
Greetings all,
I am quite new to SA (a week of SA life), and the SA is working, the
thing is, SA is incredibly slow on my server (2.8GHZ CPU + 2GB Memory
+ Qmail + Qmail-scanner). Here's a typical scan log:
result: . 0 - SPF_PASS scantime=14.7,size=1689 ...
.
And I have checked the SA
What's your trusted_networks look like? Based on the headers below
you'll need to set it manually.
By default SA assumes that all the "private range" hosts are part of
your network, and the first non-private. However, in this case, the
first non-private is yahoo's server. That's bad.
Jim Davis
A second attempt tests much better. Added at line 747:
# Received: from ([10.0.0.6]) by myfirewalll; Thu,
# 13 Mar 2003 06:26:21 -0500 (EST)
if (/^from \(\[(${IP_ADDRESS})\]\) by myfirewall/) {
$mta_looked_up_dns = 1;
$helo = $1; $ip = $1; $by = 'myfirewall'; goto enough;
--As of September 27, 2006 5:43:28 PM -0700, Kelson is alleged to have said:
Daniel T. Staal wrote:
True. So... Optimal is obviously to train, once and correctly, on all
messages. Sending a message through that has been trained will consume
*some* resources, but less then one that still need
Philippe Couas wrote:
> Hi,
>
> I have migrate from Spamassassin 2.63 to 3.15.1, that' seems running,
> somes mail are flaged and rpm -a seee new version.
> But previously rules and local.cf was in /etc/mail/spamassasin, and
> theses files are not modified by my rpm -Uvh.
The "Stock" rules should
Bill Horne wrote:
>
> I have a "follow on" question, so I'll add it to this thread:
>
> Assuming that it's a good idea to feed "Caught" spams through sa-learn
> in order to reinforce the tokens that might not have been autolearned,
> how do I tell SA to ignore the " SPAM " notice in the sub
Daniel T. Staal wrote:
True. So... Optimal is obviously to train, once and correctly, on all
messages. Sending a message through that has been trained will consume
*some* resources, but less then one that still needs to be learned.
So the exact balance is a complicated question. ;)
I just
Daniel T. Staal wrote:
>
> While I in general agree with this, I was under the impression that
> spamassassin will auto-learn from messages it marks. (At least, past a
> certain threshold.)
Actually, that's not entirely true. There's more than just a threshold.
Actually, the score you see isn't
On Wed, Sep 27, 2006 at 02:26:41PM -0700, Donald Craig wrote:
> I'm getting matches whenever I have an embedded URL
> on URIBL_AB_SURBL and URIBL_PH_SURBL -
You're not by chance using the opendns.{com,org} folks for DNS, are you?
--
Randomly Selected Tagline:
"You can tell that I got this out fr
I'm getting matches whenever I have an embedded URL
on URIBL_AB_SURBL and URIBL_PH_SURBL -
unless the URL is actually in URIBL_SBL, in which case the
logic for all the flavors of URIBL_XX_SURBL seems
to work correctly. I have verified the
absence of the incorrectly matching URLs from SURBL
with lo
Loren Wilton wrote:
>occa_phishing.cf
>occa_replica.cf
>I have no knowledge of these.
>From the rules you show these aren't particularly worthwhile (nor all
that
>well written rules). There are a number of SARE rules that cover this
area
>much more thoroughly, and I believe these days
On Wed, 2006-09-27 at 06:37 +, Mike Woods wrote:
> Hi guys, bit of a query regarding sa-learn and messages that have
> already been tagged as spam.
>
> We have spamassassin scanning mail via amavisd and sending any caught
> spams to a spam folder in the users accounts (using plus addressing)
On Wed, 27 Sep 2006, Shue, Daniel G. wrote:
> # Catch anything from 8:00 PM to 6:00 AM and score it
> header RCVD_AT_NIGHT Date =~ /..., .. ... [0,2][0-5]:..:..*/
> score RCVD_AT_NIGHT 0.001
> describeRCVD_AT_NIGHT Email was received between 8:00PM and
> 6:00AM
If you want t
Chris wrote:
> On Tuesday 26 September 2006 2:50 pm, Bowie Bailey wrote:
> > Noc Phibee wrote:
> > > Hi
> > >
> > > on my spamassassin server, i use a lot of rules ..
> > > personnal and downloaded.
> > >
> > > Anyone know if they have a tools for know in 24h or 48h
> > > if a rules are used or n
Ok guys, I figured it out... w/ Loren's help of course! :) Here's what I
came up with:
# Catch anything from 8:00 PM to 6:00 AM and score it
header RCVD_AT_NIGHT Date =~ /..., .. ... [0,2][0-5]:..:..*/
score RCVD_AT_NIGHT 0.001
describeRCVD_AT_NIGHT Email was received between
Nice, I like that! Most of our spam also comes in during the wee hours of
the morning.. I think adding a half point or even a point would help even
more. Though, I have trained and continue to train both of my servers and
they are pretty effective.
We get 3500 mails a day of which 70% are classi
installed this today, removed bogofilter...
also installed spamc, notice one of the suggested installs
was libnet-ident-perl, is anyone using this, with spamassassin ?
or is this a sparate module by itself.
Regards -
Richard
Rob McEwen wrote:
(CCing Marc Perkel because I seem to recall him knowing about this)
Not that I'd ever outright block based on this one factor alone, but...
Does anyone have any stats about what percentage of spam is directed towards
the highest MX Record? (that is, where there is more than on
I need to check, "Date: Wed, 27 Sep 2006 14:17:17 -0400" and I've looked
Quite ignoring the arguments people will make against this (including me)
you could do something like the following. Of course remember the date
header is when the mail was made in whatever timezone it was made, not in
Y
> Hi folks,
> I'm a newbie to SA and have looked at a few tutorials on writing
> custom rules, but they all seem to be too simple for what I want to do.
> That, or I'm not smart enough to figure it out on my own. What I'm
> needing is some guidance on how to write a custom rule that looks at
Hi folks,
I'm a newbie to SA and have looked at a few tutorials on writing
custom rules, but they all seem to be too simple for what I want to do.
That, or I'm not smart enough to figure it out on my own. What I'm
needing is some guidance on how to write a custom rule that looks at the
cre
(CCing Marc Perkel because I seem to recall him knowing about this)
Not that I'd ever outright block based on this one factor alone, but...
Does anyone have any stats about what percentage of spam is directed towards
the highest MX Record? (that is, where there is more than one MX record?)
Also,
Hi,
have a look at rulesemporium.com
There are descriptions of the rules, and definitely you should use only
one out pof each set
of similar named ones
Wolfgang Hamann
Be careful there. It depends on what you mean by "similarly named".
It is perfectly valid to have
70_sare_html0.cf
70_sa
Which means, for the orginal question, that re-learning the already caught
spams will have very little effect other than wasting some processor
cycles. Doing what he is doing right now is probably best.
This is assuming that they were auto-learned. Not all system are configured
for auto-learn
occa_phishing.cf
occa_replica.cf
I have no knowledge of these.
From the rules you show these aren't particularly worthwhile (nor all that
well written rules). There are a number of SARE rules that cover this area
much more thoroughly, and I believe these days even a number of standar
Mike Woods wrote:
> The internet is a great place for raising more questions than it
> answers :D
>
> Given all the opinions I think I will move the caught spam's into the
> learning cycle however i'm also going to make sure that each spam is
> only ever fed through the system once, this wont be
> From: Mike Woods [mailto:[EMAIL PROTECTED]
>
> The internet is a great place for raising more questions than it
answers
> :D
>
> Given all the opinions I think I will move the caught spam's into the
> learning cycle however i'm also going to make sure that each spam is
> only ever fed through t
On Wed, 27 Sep 2006 12:50:37 -0400, Bowie Bailey
<[EMAIL PROTECTED]> wrote:
>Benny Pedersen wrote:
>> On Wed, September 27, 2006 16:26, Sietse van Zanen wrote:
>> > It's best to use cpan for this. It's very easy to use and will
>> > automagically resolve any dependencies.
>>
>> just one problem w
Peter Smith wrote:
> > > The messages are simply a random stream of words, with punctuation
> > > scattered in them. No HTML, no URLs being advertised, no excessive
> > > capitalisation, just meaningless text.
>
> I'm cautious about feeding these messages to sa-learn as spam, in
> case it has a ne
Benny Pedersen wrote:
> On Wed, September 27, 2006 16:26, Sietse van Zanen wrote:
> > It's best to use cpan for this. It's very easy to use and will
> > automagically resolve any dependencies.
>
> just one problem with cpan is it will not solve rpm depndice
>
> > Other way is find the modules on
This autoresponse from Yahoo abuse crept over the spam line, mostly
because of a hit on FORGED_YAHOO_RCVD... but it's not clear from the
headers why that would be. This is a from a Fedora Core 5 system running
SpamAssassin 3.1.3 under amavisd-new 2.4.2:
Return-Path: <[EMAIL PROTECTED]>
Recei
John D. Hardin wrote:
> On Wed, 27 Sep 2006, Peter Smith wrote:
>
> > The messages are simply a random stream of words, with punctuation
> > scattered in them. No HTML, no URLs being advertised, no excessive
> > capitalisation, just meaningless text.
>
> Technically, then, it's not spam. Spam req
Hi,
have a look at rulesemporium.com
There are descriptions of the rules, and definitely you should use only one out
pof each set
of similar named ones
Wolfgang Hamann
>> 70_sare_evilnum1.cf
>> 70_sare_evilnum2.cf
>> 70_sare_header0.cf
>> 70_sare_header.cf
>> 70_sare_header_eng.cf
>> 70_sare_ht
On Wed, September 27, 2006 16:26, Sietse van Zanen wrote:
> It's best to use cpan for this. It's very easy to use and will automagically
> resolve any
> dependencies.
just one problem with cpan is it will not solve rpm depndice
> Other way is find the modules on http://rpmfind.net/
> Specify yo
The internet is a great place for raising more questions than it answers :D
Given all the opinions I think I will move the caught spam's into the
learning cycle however i'm also going to make sure that each spam is
only ever fed through the system once, this wont be a problem since I
already m
Title: Message
Hi,
I have migrate from
Spamassassin 2.63 to 3.15.1, that' seems running, somes mail are flaged and rpm
-a seee new version.
But previously rules
and local.cf was in /etc/mail/spamassasin, and theses files are not modified by
my rpm -Uvh.
I want know if
config files are a
On Wed, September 27, 2006 11:38 am, Nels Lindquist said:
> Daniel T. Staal wrote:
>
>> On Wed, September 27, 2006 11:10 am, Jim Maul said:
>>
>>> I believe that SA will not learn a message it has seen before so
>>> multiple sa-learn's will not have any affect.
>>
>> Actually, that was my impressio
Daniel T. Staal wrote:
> On Wed, September 27, 2006 11:10 am, Jim Maul said:
>
>> I believe that SA will not learn a message it has seen before so
>> multiple sa-learn's will not have any affect.
>
> Actually, that was my impression too.
>
> Which means, for the orginal question, that re-learnin
In a desperate newbie attempt to fix this problem myself, I added the
following lines to Received.pm at line 895:
# Received: from ([10.0.0.6]) by myfirewalll; Thu,
# 13 Mar 2003 06:26:21 -0500 (EST)
if (/^from \(\[(${IP_ADDRESS})\]\) by myfirewall/) {
$ip = $1; $by = 'my.firewa
On Wed, September 27, 2006 11:10 am, Jim Maul said:
> Daniel T. Staal wrote:
>> On Wed, September 27, 2006 10:43 am, Matt Kettler said:
>>> Mike Woods wrote:
Hi guys, bit of a query regarding sa-learn and messages that have
already been tagged as spam.
We have spamassassin scann
>sa-blacklist.cf
>sa-blacklist.current.uri.cf
>Get rid of these! They are evil and probably the root of your problem!
> (They are also long depreciated and very out of date, so wouldn't be
doing
>much even if they didn't kill your system.)
I have removed those from /etc/mail/spamassass
Daniel T. Staal wrote:
On Wed, September 27, 2006 10:43 am, Matt Kettler said:
Mike Woods wrote:
Hi guys, bit of a query regarding sa-learn and messages that have
already been tagged as spam.
We have spamassassin scanning mail via amavisd and sending any caught
spams to a spam folder in the us
On Wed, September 27, 2006 10:43 am, Matt Kettler said:
> Mike Woods wrote:
>> Hi guys, bit of a query regarding sa-learn and messages that have
>> already been tagged as spam.
>>
>> We have spamassassin scanning mail via amavisd and sending any caught
>> spams to a spam folder in the users account
> Are you runing net tests? It sounds like someone has a broken zombie net
> that is supposed to be sending out gif spams, but they forgot the images.
> Net tests would probably catch these easily.
Well I'm using the following:
score DCC_CHECK 1.0
score PYZOR_CHECK 1.0
score RAZOR_CHECK 1.0
scor
>> The messages are simply a random stream of words, with punctuation
>> scattered in them. No HTML, no URLs being advertised, no excessive
>> capitalisation, just meaningless text.
>
> Technically, then, it's not spam. Spam requires a commercial message
> of some sort. :)
Yeah, I think I said 'j
Mike Woods wrote:
> Hi guys, bit of a query regarding sa-learn and messages that have
> already been tagged as spam.
>
> We have spamassassin scanning mail via amavisd and sending any caught
> spams to a spam folder in the users accounts (using plus addressing),
> we've also been getting users to d
On Wed, 27 Sep 2006, Peter Smith wrote:
> The messages are simply a random stream of words, with punctuation
> scattered in them. No HTML, no URLs being advertised, no excessive
> capitalisation, just meaningless text.
Technically, then, it's not spam. Spam requires a commercial message
of some s
Title: Message
It's best to use cpan for this. It's very easy to use and will automagically resolve any dependencies.
Other way is find the modules on http://rpmfind.net/
Specify your search as perl-net-dns etc.
-Sietse
From: Philippe CouasSent: Wed 27-Sep-06 16:15To: users@spamassassin.
sa-blacklist.cf
sa-blacklist.current.uri.cf
Get rid of these! They are evil and probably the root of your problem!
(They are also long depreciated and very out of date, so wouldn't be doing
much even if they didn't kill your system.)
occa_phishing.cf
occa_replica.cf
I have no kn
Title: Message
Hi,
I want Migrate from
SpamAssasin 2.63 to 3.15.1 on my MailServer on Redhat9
1 i use perl
5.8.0
2 i have stoped
spamd
3 run "sa-relearn
--rebuild"
4 rpm -Uvh
spamassassin-3.1.5-1.rh9.rf.i386.rpm
warning: spamassassin-3.1.5-1.rh9.rf.i3
Mike Woods schrieb:
Hi guys, bit of a query regarding sa-learn and messages that have
already been tagged as spam.
We have spamassassin scanning mail via amavisd and sending any caught
spams to a spam folder in the users accounts (using plus addressing),
we've also been getting users to drop
Jdow wrote:
>Steve, it might help if you listed which rule sets. There are some
>which are obscenely large and others that are obsolete. Maybe we
>can prune the list for you a little.
As some have mentioned I may have too many rules. I would like to know
what is a must have and what I should not
Hi guys, bit of a query regarding sa-learn and messages that have
already been tagged as spam.
We have spamassassin scanning mail via amavisd and sending any caught
spams to a spam folder in the users accounts (using plus addressing),
we've also been getting users to drop any missed spams into
* [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> Hi,
>
> As we have seen the amount of incoming mail increase by 25% in the last
> few months, our customer is willing to invest in an extra mail relay.
> I was thinking about a system with Sun's T1 chipset, (like the sunfire
> T1000), I'm thinking the t
* [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> Hi,
>
> As we have seen the amount of incoming mail increase by 25% in the last
> few months, our customer is willing to invest in an extra mail relay.
> I was thinking about a system with Sun's T1 chipset, (like the sunfire
> T1000), I'm thinking the t
Hi,
As we have seen the amount of incoming mail increase by 25% in the last
few months, our customer is willing to invest in an extra mail relay.
I was thinking about a system with Sun's T1 chipset, (like the sunfire
T1000), I'm thinking the threaded nature of this chipset would work well
with
> -Original Message-
> From: Peter Smith [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 26, 2006 8:08 PM
> To: users@spamassassin.apache.org
> Subject:
>
>
> Hi,
>
> Over the last week, my machine (Fedora, SA 3.1.3, qmail,
> qmail-scanner-queue.pl) has been recieving a fair amo
* [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> Hi,
>
> I would like your opinion if our mailrelay is properly tuned:
>
> I have a mailrelay (sendmail / mimedefang / spamassassin with fuzzyocr,
> razor and dcc) running on a Sun V20Z with 6 GB Ram and 2 AMD 1.8Ghz cpu's
> on Solaris 10.
> it curren
[EMAIL PROTECTED] wrote:
Hi,
I would like your opinion if our mailrelay is properly tuned:
I have a mailrelay (sendmail / mimedefang / spamassassin with fuzzyocr,
razor and dcc) running on a Sun V20Z with 6 GB Ram and 2 AMD 1.8Ghz cpu's
on Solaris 10.
it currently handles 95000 mails per da
Hi,
I would like your opinion if our mailrelay is properly tuned:
I have a mailrelay (sendmail / mimedefang / spamassassin with fuzzyocr,
razor and dcc) running on a Sun V20Z with 6 GB Ram and 2 AMD 1.8Ghz cpu's
on Solaris 10.
it currently handles 95000 mails per day (most of it spam ofcourse
Bill Landry wrote:
>> Version 2.3j works much better... I'd previously been using version
>> 2.3b for which I had an ebuild for gentoo.
>>
>> One thing I have noticed, however, is a number of errors/warnings which
>> spamd sticks into /var/log/messages when it is started:
>>
>> --
>> Sep 26 17:20
67 matches
Mail list logo
