I had read of sender address verification(SAV) about a year back, some
people had done that too. I found the idea too unfeasible for checking
from-addresses before accepting mail at MTA.
The scene is different today now with 90% of all mail being spam it
seems not that bad an idea anyway
My gue
On Thursday 30 November 2006 21:11, Daryl C. W. O'Shea wrote:
> John Andersen wrote:
> > How is it these spams slip under the radar with such low scores?
> > They seldom score about 3.1 in my setup even with network tests
> > and bayes (SA 3.1.7).
>
> I don't think I've seen such a spam pass as ham
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steven W. Orr wrote:
> On Tuesday, Nov 28th 2006 at 08:09 -0800, quoth John D. Hardin:
>
> =>On Tue, 28 Nov 2006, Steven W. Orr wrote:
> =>
> =>> Spam comes in to steveo from [EMAIL PROTECTED] and I want to
> =>> reject it because it's coming from an
John Andersen wrote:
How is it these spams slip under the radar with such low scores?
They seldom score about 3.1 in my setup even with network tests
and bayes (SA 3.1.7).
I don't think I've seen such a spam pass as ham, although you've been
quite vague.
I wish I could find an effective b
How is it these spams slip under the radar with such low scores?
They seldom score about 3.1 in my setup even with network tests
and bayes (SA 3.1.7).
I wish I could find an effective block for them other than killing
off all geocities urls.
--
_
John Ande
I run a perl script that was written quite awhile back by D.J. Harbaugh in
2004. Its purpose is to run sa-learn and to report all spam to
Razor/Pyzor/DCC and optionally SpamCop. At the end of the run it 'used' to
send me a report of how much spam/ham was learned and the total number of
each in
From: Ray Anderson <[EMAIL PROTECTED]>
My solution to this problem is this:
I'm running postfix 2.1.5-5 on Fedora Core 3 and recently had this same
question come up. I was whitelisting all 30something domains I hosted but
ran into spammers using foo@ to get around spam filtering.
My solutio
Scott Kopel wrote:
> I'm noticing a bunch of obviously spam that is getting thru because it
> is "whitelisted"
> where is this whitelist? it's not something I created.
> it's not the auto_whitelist is it? wouldn't that say AWL
Yes, that would say AWL. And SA's whitelist_from* would sa
USER_IN_WHITE
On Thursday, November 30, 2006 5:01 PM -0600 Richard Frovarp
<[EMAIL PROTECTED]> wrote:
Kenneth Porter wrote:
--On Wednesday, November 29, 2006 5:17 PM -0600 Richard Frovarp
<[EMAIL PROTECTED]> wrote:
I have a few legit messages that are scoring over 5.0 due to
SARE_STOCKS and the TVD rules
Craig Morrison wrote:
Gary V wrote:
Exactly. How you prevent sending the message through SA is not a
function of SA itself, but of the implementation, and because of the
large number of implementations and configurations I question whether
it would be practical (or even related) to provide exa
Gary V wrote:
Exactly. How you prevent sending the message through SA is not a
function of SA itself, but of the implementation, and because of the
large number of implementations and configurations I question whether it
would be practical (or even related) to provide examples of the various
p
Scott Kopel wrote:
I'm noticing a bunch of obviously spam that is getting thru because it
is "whitelisted"
where is this whitelist? it's not something I created.
it's not the auto_whitelist is it? wouldn't that say AWL
is it the phishing whitelist? when I start MailScanner I see "Read 755
hostn
Scott Kopel wrote:
I'm noticing a bunch of obviously spam that is getting thru because it
is "whitelisted"
where is this whitelist? it's not something I created.
it's not the auto_whitelist is it? wouldn't that say AWL
is it the phishing whitelist? when I start MailScanner I see "Read 755
hostn
There's always the blunt method:
"How do I have spamassassin...
not scan outgoing mail?
not scan mail for authenticated users?
not scan mail for Bob, but scan mail for Joe?
not scan mail from yahoo.com?
not scan mail ?
Answer:
Don't call spamassassin when that condition is met. Spamassassin will
I'm noticing a bunch of obviously spam that is getting thru because
it is "whitelisted"
where is this whitelist? it's not something I created.
it's not the auto_whitelist is it? wouldn't that say AWL
is it the phishing whitelist? when I start MailScanner I see "Read
755 hostnames from the phishi
At 02:35 PM 11/30/2006, you wrote:
On Thu, Nov 30, 2006 at 04:46:41PM -0500, Craig Morrison wrote:
> Is there a FAQ entry for this somewhere on the wiki?
There could be, but most people don't look there anyway. I haven't checked.
Read through some frequently asked questions?
FAQ that!
:-D
On Thu, Nov 30, 2006 at 04:46:41PM -0500, Craig Morrison wrote:
> Is there a FAQ entry for this somewhere on the wiki?
There could be, but most people don't look there anyway. I haven't checked.
--
Randomly Selected Tagline:
"The very essence of leadership is that you have to have a vision. You
At 02:13 PM 11/30/2006, you wrote:
Because of the many ways SA can be implemented, other than the
suggestion provided, the task of providing a working example of how
this is accomplished for each possible implementation is not simple
(because it's no small task to imagine every possible
imple
Theo Van Dinter wrote:
On Thu, Nov 30, 2006 at 01:02:29PM -0800, leemansvg wrote:
This might be a simple question for most of you. How would I prevent
spamassassin from scanning my internal mail, e.g from a particular
server,
or originating from my internal network.
Don't pass those to SpamA
Jean-Paul Natola wrote:
I was wondering if there is a way to either strip away, or totally block
messages that have "web bugs" that report back to servers like
www.readnotify.com
http://www.impsec.org/email-tools/procmail-security.html
Can someone help a newbie find some info on instal
> I was wondering if there is a way to either strip away, or totally block
> messages that have "web bugs" that report back to servers like
> www.readnotify.com
http://www.impsec.org/email-tools/procmail-security.html
Can someone help a newbie find some info on installing procmail ?
Theo Van Dinter wrote:
On Thu, Nov 30, 2006 at 01:02:29PM -0800, leemansvg wrote:
This might be a simple question for most of you. How would I prevent
spamassassin from scanning my internal mail, e.g from a particular server,
or originating from my internal network.
Don't pass those to SpamAss
leemansvg wrote:
This might be a simple question for most of you. How would I prevent
spamassassin from scanning my internal mail
Don't pass the mail to SpamAssassin. SA is a mail filter, it'll filter
anything it's given.
Daryl
On Thu, Nov 30, 2006 at 01:02:29PM -0800, leemansvg wrote:
> This might be a simple question for most of you. How would I prevent
> spamassassin from scanning my internal mail, e.g from a particular server,
> or originating from my internal network.
Don't pass those to SpamAssassin. Once SA gets
This might be a simple question for most of you. How would I prevent
spamassassin from scanning my internal mail, e.g from a particular server,
or originating from my internal network. E.g if my domain was mydomain.org,
I could whitelist 'mydomain.org' the problem is lately I've seen these pesky
s
On Nov 29, 2006, at 6:16 PM, san wrote:
Yeah Giampaolo. with 3.1x it should be alright. But my superior is
still
stick to the old one..:(
Does he also use 3 year old antivirus software with no updates? At
least updating SA is pretty much zero cost other than a few minutes
of time.
> From: Dennis Davis [mailto:[EMAIL PROTECTED]
> ...
>
> > Question 2: someone asked why my module is "Botnet" instead of
> > "Mail::SpamAssassin::Plugin::Botnet". The answer is: when I
> > first started this (and this is/was my first SA Plugin authoring
> > attempt), I tried that and it didn't w
On Thu, 30 Nov 2006, Jean-Paul Natola wrote:
> I was wondering if there is a way to either strip away, or totally block
> messages that have "web bugs" that report back to servers like
> www.readnotify.com
http://www.impsec.org/email-tools/procmail-security.html
--
John Hardin KA7OHZ
On Thu, 30 Nov 2006, Jonas Eckerman wrote:
> John Rudd wrote:
>
> > Question 1: Someone suggested that, for botnet_pass_domains, I not
> > re-invent the wheel. SA already has several whitelist options
> > (whitelist* and sare_whitelist* were specifically mentioned). They
> > suggested that I
What do these errors mean when I am restarting spamd?
Nov 30 13:56:55 gandalf spamd[11971]: spamd: server killed by SIGTERM,
shutting down Nov 30 13:56:59 gandalf spamd[12018]: logger: removing
stderr method Nov 30 13:57:00 gandalf spamd[12020]: rules: meta test
__SARE_HEAD_FALSE has undefined de
Henk van Lingen wrote:
On Thu, Nov 30, 2006 at 11:55:36AM -0500, Daryl C. W. O'Shea wrote:
> Henk van Lingen wrote:
>
> >[14411] dbg: generic: unlinking 10_misc.cf
> >Insecure dependency in unlink while running with -T switch at
> >/usr/bin/sa-update line 1173.
>
> Please try the
Bookworm wrote:
(locate -i bayes_journal works well for
this sort of thing)
... assuming you're not on a system like Debian, where locate is pretty
much crippled for finding things in user home directories. :/ (The
process that populates the database locate relies on is set up to
exclude n
On Thu, Nov 30, 2006 at 11:55:36AM -0500, Daryl C. W. O'Shea wrote:
> Henk van Lingen wrote:
>
> >[14411] dbg: generic: unlinking 10_misc.cf
> >Insecure dependency in unlink while running with -T switch at
> >/usr/bin/sa-update line 1173.
>
> Please try the attached patch and *plea
Hi everyone,
I'm not sure if I should post to the Exim list or the SA list-
Excuse me if its not the correct list-
I was wondering if there is a way to either strip away, or totally block
messages that have "web bugs" that report back to servers like
www.readnotify.com
TIA
Jean
On 28 Nov 2006 at 11:33, Steven W. Orr wrote:
> One more example to be clearerer. This message came in from someplace in
> Russia (maybe), to syslang.net and claims to come from bs at syslang.net.
> I don't have a bs on my machine. If it helps, I'd even be willing to
> create a file with a li
vertito wrote:
i am receiving spam emails coming from my own domain.com
but that email address does not existing from my own domain.com.
say my domain is mydomain.com and that spam email had FROM header that shows
[EMAIL PROTECTED]
which is currently whitelisted from spamassassin global rules
John Rudd wrote the following on 11/30/2006 9:26 AM -0800:
Jonas Eckerman wrote:
John Rudd wrote:
Question 2: someone asked why my module is "Botnet" instead of
"Mail::SpamAssassin::Plugin::Botnet". The answer is: when I first
started this (and this is/was my first SA Plugin authoring attempt
On Thu, Nov 30, 2006 at 06:22:46PM +0100, Jeremy Fairbrass wrote:
> Can someone please let me know exactly what illegal characters are being
> checked for with the eval:check_illegal_chars rules? Can I find a list of
> those characters somewhere?
> Also, what are the meanings of the variables tha
Jonas Eckerman wrote:
John Rudd wrote:
Question 2: someone asked why my module is "Botnet" instead of
"Mail::SpamAssassin::Plugin::Botnet". The answer is: when I first
started this (and this is/was my first SA Plugin authoring attempt), I
tried that and it didn't work.
That's odd. What erro
i am receiving spam emails coming from my own domain.com
but that email address does not existing from my own domain.com.
say my domain is mydomain.com and that spam email had FROM header that shows
[EMAIL PROTECTED]
which is currently whitelisted from spamassassin global rules and
currently d
Hi all,
Can someone please let me know exactly what illegal characters are being
checked for with the eval:check_illegal_chars rules? Can I find a list of
those characters somewhere?
Also, what are the meanings of the variables that this rule takes? For
example:
eval:check_illegal_chars('Subje
Henk van Lingen wrote:
[14411] dbg: generic: unlinking 10_misc.cf
Insecure dependency in unlink while running with -T switch at
/usr/bin/sa-update line 1173.
Please try the attached patch and *please* let me know if it resolves
the problem.
Daryl
Index: sa-update.raw
==
John Rudd wrote:
> Question 1: Someone suggested that, for botnet_pass_domains, I not
> re-invent the wheel. SA already has several whitelist options
> (whitelist* and sare_whitelist* were specifically mentioned). They
> suggested that I leverage them. My first (two part) question is:
Perso
Jon D. Slater wrote:
To me, they look like Perl regular expressions (which I **have**
written). Do I add my new rule to my local.cf or directly to
70_sare_specific.cf?
local.cf is the best place. Placing them in any of the stock SA rule
files or in the RDJ files will cause you to lose them
John Rudd wrote:
> Question 2: someone asked why my module is "Botnet" instead of
> "Mail::SpamAssassin::Plugin::Botnet". The answer is: when I first
> started this (and this is/was my first SA Plugin authoring attempt), I
> tried that and it didn't work.
That's odd. What errors did you get?
Okay.. I have to confess.. I’ve never written a rule..
To me, they look like Perl regular expressions (which I *have* written). Do
I add my new rule to my local.cf or directly to 70_sare_specific.cf?
Are there any guides to writing rules?
Also the area code below is written with an ‘L’
You should upgrade spamass-milter too. The error is from the milter, not SA
itself.
-Sietse
From: Chris Edwards
Sent: Thu 30-Nov-06 16:28
To: users@spamassassin.apache.org
Subject: Spamassasin Has Quit Working
Hello All!
I have been running with spamassassin & spamass-milter sucsessfully fo
> Question 2: someone asked why my module is "Botnet" instead of
> "Mail::SpamAssassin::Plugin::Botnet". The answer is: when I first
> started this (and this is/was my first SA Plugin authoring
> attempt), I
> tried that and it didn't work. If someone wants to look at it, and
> figure out how to
At 06:11 30-11-2006, chisina mike wrote:
MX1 sendmail server mail queue is getting bigger, it must forward all mail
to Main mail server.
[EMAIL PROTECTED] mqueue]# grep stat=queue -c /var/log/maillog
6363
I tried the following commands
# vi /etc/MailScanner/MailScanner.conf
[snip]
But I sti
On Thu, 30 Nov 2006, Najib Abi Fadel wrote:
> Create a mail account let's say : [EMAIL PROTECTED] Tell
> trusted users to forward the mails they identify as spam to
> "[EMAIL PROTECTED]" . Run a cron job that launch "sa-learn" on
> the mailbox "[EMAIL PROTECTED]", making the spamassassin
> identif
Hello All!
I have been running with spamassassin & spamass-milter sucsessfully for
several months. Then Redhat did a update and now I am having issues
with spam not getting scored. Does anyone have any clue where I should
go next?
Thanks!
Log Entry...
>Nov 30 10:20:03 gandalf spamass-mi
The *difference between* log before and after spamd restart (maybe) is:
the spamd do a prefork child and closed connection, before finish the
rest of tests (*terminated* prematurely !?!)
Look:
- log when spamd crashed
+ log when spamd is work fine
- dcc: got response: X-DCC-sonic.ne
Najib Abi Fadel wrote:
> Hi all,
>
> since it is hard for a person to teach the spamassassin which mails
> are spam and which are not for all users, i was thinking about doing
> the following:
>
> Create a mail account let's say : [EMAIL PROTECTED]
> Tell trusted users to forward the mails they id
Hello!
"Leon Kolchinsky" <[EMAIL PROTECTED]> wrote on 19.11.2006
09:28:14:
> Hi Bret,
>
> According to tip from Gary V. you can reliably use whitelist_from_rcvd,
> You only should configure the following parameters right:
>
> trusted_networks
> internal_networks
>
>
>
> Best Regards,
> Le
My spamassassin works fine, but sometimes is crashing . I need some
help to figure out the cause and fix...
Above, many details for this problem:
I'm using Suse 10.0
Spamassassin 3.1.6
perl-5.8.7
As you can see, all my spamd process is running
# netstat -an | grep 783
tcp0 0 1
chisina mike wrote:
MX1 sendmail server mail queue is getting bigger, it must forward all mail
to Main mail server.
[EMAIL PROTECTED] mqueue]# grep stat=queue -c /var/log/maillog
6363
I tried the following commands
# vi /etc/MailScanner/MailScanner.conf
Deliver In Background = yes
Delivery Meth
On Thu, 30 Nov 2006, John Rudd wrote:
> From: John Rudd <[EMAIL PROTECTED]>
> To: users@spamassassin.apache.org,
> CommuniGate Pro Discussions <[EMAIL PROTECTED]>,
> MailScanner discussion <[EMAIL PROTECTED]>
> Date: Thu, 30 Nov 2006 04:06:55 -0800
> Subject: new Botnet plugin version soon
MX1 sendmail server mail queue is getting bigger, it must forward all mail
to Main mail server.
[EMAIL PROTECTED] mqueue]# grep stat=queue -c /var/log/maillog
6363
I tried the following commands
# vi /etc/MailScanner/MailScanner.conf
Deliver In Background = yes
Delivery Method = queue
# vi /etc
John,
> a) do any of them have a small enough value that they wouldn't counter
> botnet's default score of 5? Meaning, if I "do nothing" with respect to
> those other whitelist mechanisms, they'll still "do the right thing" and
> let the botnet hosts through, right?
Not by default, although I se
Suggestion:
Rename your plugin to "AntiBotnet"
(or something like that)
Otherwise, I could see someone getting the "good guys" and "bad guys" mixed
up when reading or hearing about this!
Rob McEwen
Things I'm putting into the new Botnet version (which will be 0.5):
1) someone noticed that some MTA's (specifically CommuniGate Pro) don't
put the relay's RDNS into the Received headers, and thus Botnet 0.4
always triggered "NORDNS" when run on that MTA. In the new version, if
Botnet finds
Hi,
Whenever I try to run sa-update, it ends with the error:
sa-update -D --channelfile /etc/mail/spamassassin/sare-sa-update-channels.txt
--gpgkey 856AA88A
...
[14411] dbg: generic: unlinking 10_misc.cf
Insecure dependency in unlink while running with -T switch at
/usr/bin/sa-update line 11
Hi all,
since it is hard for a person to teach the spamassassin which mails are spam
and which are not for all users, i was thinking about doing the following:
Create a mail account let's say : [EMAIL PROTECTED]
Tell trusted users to forward the mails they identify as spam to "[EMAIL
PROTECTED
63 matches
Mail list logo
