Hi Mark,
Can you be more specific?
Was someone/thing changing your whitelist file?
Mark Adams wrote:
Hi All,
I would like to note that this problem has been corrected, and was due
to an external automatic updating source.
Thanks for all the help that has been provided.
Regards,
Mark
On Thu
Is it possible to exclude a specific address from the AWL without
whitelisting it ? In others words, I want that the AWL test will not be
applyed to this address. All other tests should be applyed as usual.
Thanks a lot !
Claude
Hi Folks
i read this Email from this List now for some Month and it looks to me
that Marc Perkel was with this threat again successful to start a
discussion who have nothing to do with SA , correct me if i am wrong but
this religios War about SAV or not SAV what has it all to do with SA ??
M
Marc Perkel wrote:
Daryl C. W. O'Shea wrote:
SAV is a lousy anti-forgery mechanism, primarily because it isn't an
anti-forgery mechanism. At best it's a "somebody might legitimately
use this address but I have no idea if it's being forged in this
instance" mechanism. SAV doesn't make spa
John Rudd wrote:
Marc Perkel wrote:
Derek Harding wrote:
Marc Perkel wrote:
I don't understand why you think SAV is a louse anti-forgery tool.
It forces spammers to have to find real email addresses to forge.
So here's a little thought experiment for you.
As you know more and more spam is s
Marc Perkel wrote:
Derek Harding wrote:
Marc Perkel wrote:
I don't understand why you think SAV is a louse anti-forgery tool. It
forces spammers to have to find real email addresses to forge.
So here's a little thought experiment for you.
As you know more and more spam is sent by botnets fro
Rick Macdougall wrote:
Marc Perkel wrote:
The reason you get so many bounces is that your servers are SAV
hostile. If someone spoofs your domain then you're going to get SAV
connection if you allow it or bounce connections if you don't. And the
number of bounces is going to be a lot higher t
Marc Perkel wrote:
Rick Macdougall wrote:
Same difference to me, you get blocked. My servers are busy enough
as it is (just as an example, one incoming SMTP server out of 4 with
one client has consistent 80 connections per second, an average 500
connections active at any given tine, the
Rick Macdougall wrote:
Same difference to me, you get blocked. My servers are busy enough as
it is (just as an example, one incoming SMTP server out of 4 with one
client has consistent 80 connections per second, an average 500
connections active at any given tine, the majority, over 80%,
Derek Harding wrote:
Marc Perkel wrote:
I don't understand why you think SAV is a louse anti-forgery tool. It
forces spammers to have to find real email addresses to forge.
So here's a little thought experiment for you.
As you know more and more spam is sent by botnets from compromised
mac
Marc Perkel wrote:
I maintain various mail servers for ISP's and private companies
around the world. Probably 2-3 million users in total. If your
server is using SAV against any of our servers in excess of 500 or
so invalid recipients per day, you are most likely on our internal
blacklist
Marc Perkel wrote:
I don't understand why you think SAV is a louse anti-forgery tool. It
forces spammers to have to find real email addresses to forge.
So here's a little thought experiment for you.
As you know more and more spam is sent by botnets from compromised
machines. Those bots know a
Rick Macdougall wrote:
Marc Perkel wrote:
I don't understand why you think SAV is a louse anti-forgery tool. It
forces spammers to have to find real email addresses to forge.
Domains that I host are rarely spoofed because when other hosts use
SAV I welcome that and verify which email addr
Marc Perkel wrote:
I don't understand why you think SAV is a louse anti-forgery tool. It
forces spammers to have to find real email addresses to forge. Domains
that I host are rarely spoofed because when other hosts use SAV I
welcome that and verify which email addresses are bad and the spam
On Thursday 29 March 2007 12:03, Chris Rouffer wrote:
> I've been given the job of adding an Internet Content filter, firewall, and
> spam filter to a small network in a non-profit organizaiton. Right now
> there are about 5 email accounts, and their mail server is at their
> web-host. Is it pos
Daryl C. W. O'Shea wrote:
Marc Perkel wrote:
I want people to use sender address verification against my servers
for the domains I host because if someone is spoofing one of my
domains I want it to fail. I welcome it. Because when domains do
sender address verification then it makes spammer
Marc Perkel wrote:
I want people to use sender address verification against my servers for
the domains I host because if someone is spoofing one of my domains I
want it to fail. I welcome it. Because when domains do sender address
verification then it makes spammers fail. And if spammers fail
John D. Hardin wrote:
On Thu, 29 Mar 2007, Marc Perkel wrote:
The question was about a corpus of email. I assume that it means
that the email is from multiple sources.
Correct. Assume for the sake of argument that the distribution of
domains being checked somewhat reflects the distr
I'm trying to create a rule that will detect a vulnerable link within a
message:
body BADD_LINK /(?:href|src).*\.(?:bat|chm|dll|exe|lnk|pif|scr)["'\s>]/i
describe BADD_LINK Contains a link to a vulnerable file
scoreBADD_LINK 0.1
Something isn't right because tests show nothing is bein
Marc Perkel wrote:
John Rudd wrote:
John D. Hardin wrote:
On Thu, 29 Mar 2007, Marc Perkel wrote:
John D. Hardin wrote:
Can anyone recommend a non-abusive way to validate email addresses?
Yes - Sender Address Verification (SAV) works very well. It is not
abusive. Especially the way Exim i
On Thu, 29 Mar 2007, Marc Perkel wrote:
> The question was about a corpus of email. I assume that it means
> that the email is from multiple sources.
Correct. Assume for the sake of argument that the distribution of
domains being checked somewhat reflects the distribution of ISP sizes
- for examp
#!/bin/bash
#DEBUG=$1
if [ `ls -A /home/bill/Mail/Maildir/.Trash/cur | wc -l` -eq 0 ]
then
echo -e "** no trash!! **\n"
else
echo -e "** dumping trash **\n"
for myfile in /home/bill/Mail/Maildir/.Trash/cur/*
do
grep -s -q
On Thu, 29 Mar 2007, John D. Hardin wrote:
Can anyone recommend a non-abusive *automated* way to validate email
addresses?
Maybe you should ask the spammers. :)
Seriously, though, there are basically two options: VRFY (which many
servers have disabled for just this reason); and starting a fak
On Fri, 30 Mar 2007, Henrik Krohns wrote:
On Thu, Mar 29, 2007 at 03:50:52PM -0500, Chris St. Pierre wrote:
On Thu, 29 Mar 2007, Craig M wrote:
Could future versions of sa-update please be a little more vocal?
Like maybe "no new updates found | loaded xxx new updates | error xxx"
Exit codes
On Thu, 2007-03-29 at 18:31 +0300, Henrik Krohns wrote:
> On Thu, Mar 29, 2007 at 11:22:05AM -0400, Robert Fitzpatrick wrote:
> > Got your script, all works perfectly, thanks! My question is how do I
> > know which archived id's to feed to your script to learn as spam, ham,
> > etc?
>
> Actually I
Michael Scheidell wrote:
-Original Message-
From: Bill McCormick [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 29, 2007 8:51 PM
To: users@spamassassin.apache.org
Subject: proper whitelist to stop spoofing
Hello:
my user_prefs has:
At least get rid of this one:
whitelist_from [
> -Original Message-
> From: Bill McCormick [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 29, 2007 8:51 PM
> To: users@spamassassin.apache.org
> Subject: proper whitelist to stop spoofing
>
>
> Hello:
>
> my user_prefs has:
At least get rid of this one:
> whitelist_from [EMAIL PR
John Rudd wrote:
John D. Hardin wrote:
On Thu, 29 Mar 2007, Marc Perkel wrote:
John D. Hardin wrote:
Can anyone recommend a non-abusive way to validate email addresses?
Yes - Sender Address Verification (SAV) works very well. It is not
abusive. Especially the way Exim implements it.
I am
John D. Hardin wrote:
On Thu, 29 Mar 2007, Marc Perkel wrote:
John D. Hardin wrote:
Can anyone recommend a non-abusive way to validate email addresses?
Yes - Sender Address Verification (SAV) works very well. It is not
abusive. Especially the way Exim implements it.
I am not necessarily spe
Thanks a bunch EVERYONE who helped me with this!
I contacted my host with this. The tech support rep must have been able
to get the server removed from psbl because it's not there anymore. And
YES it was listed because when I used the link that someone provide for
www.robtex.com, it showed u
On Thu, 29 Mar 2007, Bill McCormick wrote:
> whitelist_from [EMAIL PROTECTED]
Lose that, it is trivially easy to forge.
> A spammer spoofed my [EMAIL PROTECTED] so the whitelist gave it
> a -100.
See? :)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTE
Bill McCormick wrote:
> Hello:
>
> my user_prefs has:
> whitelist_from [EMAIL PROTECTED]
> whitelist_from_rcvd [EMAIL PROTECTED] hrndva.rr.com
>
> A spammer spoofed my [EMAIL PROTECTED] so the whitelist gave it a -100.
>
> my system is:
> pop/fetchamil->qmail+=+-->vpopmail-->procmai
Hello:
my user_prefs has:
whitelist_from [EMAIL PROTECTED]
whitelist_from_rcvd [EMAIL PROTECTED] hrndva.rr.com
A spammer spoofed my [EMAIL PROTECTED] so the whitelist gave it a -100.
my system is:
pop/fetchamil->qmail+=+-->vpopmail-->procmail-->maildir
|
Marc Perkel wrote:
I am not necessarily speaking of the context of a MTA.
Example pulled out of thin air: if you had a corpus and you wanted to
check the addresses within it, what would be a "polite" way to do so?
Just open an SMTP connection and see what the far end says to "RCPT
TO:", but
John D. Hardin wrote:
On Thu, 29 Mar 2007, Marc Perkel wrote:
John D. Hardin wrote:
Can anyone recommend a non-abusive way to validate email addresses?
Yes - Sender Address Verification (SAV) works very well. It is not
abusive. Especially the way Exim implements it.
I
On Thu, 29 Mar 2007, Marc Perkel wrote:
> John D. Hardin wrote:
> > Can anyone recommend a non-abusive way to validate email addresses?
>
> Yes - Sender Address Verification (SAV) works very well. It is not
> abusive. Especially the way Exim implements it.
I am not necessarily speaking of the c
On Thu, 29 Mar 2007, maillist wrote:
> John D. Hardin wrote:
> > Can anyone recommend a non-abusive way to validate email addresses?
>
> Send an email to [EMAIL PROTECTED], and ask them?
Ba-dump-bump!
Can anyone recommend a non-abusive *automated* way to validate email
addresses?
--
John Har
Hi All,
I would like to note that this problem has been corrected, and was due
to an external automatic updating source.
Thanks for all the help that has been provided.
Regards,
Mark
On Thu, Mar 29, 2007 at 03:50:52PM +0100, Mark Adams wrote:
> I have changed my reporting template, and now get
On Thu, Mar 29, 2007 at 10:14:15AM -0700, Craig M wrote:
>
> Could future versions of sa-update please be a little more vocal?
>
> Like maybe "no new updates found | loaded xxx new updates | error xxx"
>
> Exit codes are not evident when simply typing sa-update on the command
> line...
Assumi
On Thu, Mar 29, 2007 at 12:41:47PM -0700, Adam Harrison wrote:
> I see I can use sa-learn to dump and restore the Bayes db. Is there an
> equivalent for the AWL db?
There's no SA equivilent. You can use the BerkeleyDB tools though. Look at
db_dump and db_recover.
--
Randomly Selected Tagline:
>
> openrbl.org - which can also check domains against URIBL/RHSBL's too.
>
Doesn't always work and seems to be a dead web site. Rbls.org is another.
-L
--
Larry Ludwig
Empowering Media
1-866-792-0489 x600
Have you visited our customer service blog?
http://www.supportem.com/blog/
Hi there,
On 29 Mar 2007, at 21:26, Don Ireland wrote:
Is there some place I can go and see if my email sever is on a
blacklist?
I just received a msg that it's on at least one--psbl.
openrbl.org - which can also check domains against URIBL/RHSBL's too.
-j
PGP.sig
Description: This is a
On Mar 15, 2007, at 4:13 AM, Mark Martinec wrote:
amavisd-new-2.2.0 (20041102) :
spamassassin 3.0.1
That is terribly old, both of them.
To reduce uncertainty, I started by upgrading to current versions
of both of these, with a detour to install
new CPAN.pm version (v1.8802),
and anot
On Thu, 29 Mar 2007, Craig M wrote:
Could future versions of sa-update please be a little more vocal?
Like maybe "no new updates found | loaded xxx new updates | error xxx"
Exit codes are not evident when simply typing sa-update on the command
line...
It is the Unix Way for commands to be si
Don Ireland wrote:
Is there some place I can go and see if my email sever is on a blacklist?
I just received a msg that it's on at least one--psbl.
Thanks.
Don Ireland
dnsstuff.com
Don Ireland wrote:
Is there some place I can go and see if my email sever is on a blacklist?
I just received a msg that it's on at least one--psbl.
Thanks.
I always use www.dnsstuff.com - lots of useful tools.
Keep in mind, though, that there seem to be more and more private
systems that
Is there some place I can go and see if my email sever is on a blacklist?
I just received a msg that it's on at least one--psbl.
Thanks.
Don Ireland
Duane Hill wrote:
On Thu, 29 Mar 2007, Marc Perkel wrote:
John D. Hardin wrote:
Can anyone recommend a non-abusive way to validate email addresses?
Yes - Sender Address Verification (SAV) works very well. It is not
abusive. Especially the way Exim implements it.
That could very well b
I see I can use sa-learn to dump and restore the Bayes db. Is there an
equivalent for the AWL db?
Thanks,
-Adam
John D. Hardin wrote:
Can anyone recommend a non-abusive way to validate email addresses?
Yes - Sender Address Verification (SAV) works very well. It is not
abusive. Especially the way Exim implements it.
Jonas Eckerman wrote:
Are you using (SMTP) Sender Address Verifications?
(Or Challenge Response?)
If you are, you *will* be blacklisted by some systems and DNSBLs.
Probably not only apews (whoever they are).
You might see that as filtering, but to the systems (including both
spam traps a
John D. Hardin wrote:
On Thu, 29 Mar 2007, Jonas Eckerman wrote:
Are you using (SMTP) Sender Address Verifications?
You might see that as filtering, but to the systems (including
both spam traps and SMTP servers) you connect to in order to
verify falsified senders your system looks and acts
On Thu, 29 Mar 2007, Jonas Eckerman wrote:
> Are you using (SMTP) Sender Address Verifications?
>
> You might see that as filtering, but to the systems (including
> both spam traps and SMTP servers) you connect to in order to
> verify falsified senders your system looks and acts like a spammer
>
Bret Miller wrote:
Could future versions of sa-update please be a little more vocal?
Like maybe "no new updates found | loaded xxx new updates | error xxx"
Exit codes are not evident when simply typing sa-update on the command
line...
I created my own simple batch file for windows.
It runs
On Thu, 29 Mar 2007, Chris Rouffer wrote:
> I've read the FAQ, and searched on Google for a couple of days
> now, but can't seem to find the answer I need. It may be that I'm
> simply asking the wrong question, or misunderstanding what I read,
> but hopefully someone here can help me.
>
> I've b
> Could future versions of sa-update please be a little more vocal?
>
> Like maybe "no new updates found | loaded xxx new updates | error xxx"
>
> Exit codes are not evident when simply typing sa-update on the command
> line...
I created my own simple batch file for windows.
It runs sa-update.
Che
Marc Perkel wrote:
Here's what they have on the /24 block that I'm part of.
Systems running abusive Spamdefense on other systems expense. (CR, SAV
or similar crap)
> for running abusive and selfish SAV from there.
Are you using (SMTP) Sender Address Verifications?
(Or Challenge Response?)
On Thu, Mar 29, 2007 at 10:14:15AM -0700, Craig M wrote:
> Could future versions of sa-update please be a little more vocal?
There's a RFE in bugzilla about mailing a report, perhaps a verbose option,
etc. Patches welcome. :)
--
Randomly Selected Tagline:
"The more RAM you have, the better" -
On 3/29/07, Jonathan M Metts <[EMAIL PROTECTED]> wrote:
How many people use an Amavis setup to send messages through SA and
possibly ClamAV? Over the past month I have been trying to tweak my
setup that has been running Postfix, SA, Cyrus-IMAP, and Sieve for
awhile (running Debian), but wanted t
Could future versions of sa-update please be a little more vocal?
Like maybe "no new updates found | loaded xxx new updates | error xxx"
Exit codes are not evident when simply typing sa-update on the command
line...
--
View this message in context:
http://www.nabble.com/sa-update-too-quiet-
How many people use an Amavis setup to send messages through SA and
possibly ClamAV? Over the past month I have been trying to tweak my
setup that has been running Postfix, SA, Cyrus-IMAP, and Sieve for
awhile (running Debian), but wanted to add ClamAV to the mix (not sure
why I didn't from th
Hello,
I've read the FAQ, and searched on Google for a couple of days now, but
can't seem to find the answer I need. It may be that I'm simply asking the
wrong question, or misunderstanding what I read, but hopefully someone here
can help me.
I've been given the job of adding an Internet Content
On Thu, 2007-03-29 at 16:39 +0300, Henrik Krohns wrote:
> On Thu, Mar 29, 2007 at 09:25:55AM -0400, Robert Fitzpatrick wrote:
> > I am running Postfix 2.3.5 with SA 3.1.7 and amavisd-new. If I catch a
> > copy of all messages using the Postfix option of always_bcc, will this
> > work when learning
On Thu, Mar 29, 2007 at 12:37:56PM +0100, Justin Mason wrote:
> > Could it be that the combined-HIB.dnsiplists.completewhois.com
> > chokes under the load of a GA/perceptron run and stops responding?
> > I've seen it unresponsive yesterday for about half an hour.
>
> odd. I guess that's a possibil
I have changed my reporting template, and now get this information
Content analysis details: (4.0 points, 5.0 required)
pts rule name description
-- --
0.5 NO_RDNSSending MTA has no reverse
Hi, I had not done it with -D but have tried just now, with the same
result below
Content analysis details: (4.0 points, 5.0 required)
pts rule name description
-- --
0.5 NO_RDNSSending M
Hi,
Nothing jumps out at me just looking at that. You said you ran --lint
with -D, did you run -t with -D?
Your Spam report is truncated so we can't see which rules are hit. When
you run spamassassin in test mode you should see a fuller report of the
rules that hit.
Mark Adams wrote:
Ok
I should also mention, we have a gateway mail server hence the extra
header. the spam scanning is done on the first header, so for proof this
is pasted below.
Regards,
>From [EMAIL PROTECTED] Wed Mar 28 08:48:11 2007
Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTED]
Received: from [
Ok, Fair enough.. I will change this listing to a whitelist_from_rcvd as
I assume this list is farmed by spammers. (Should be using that always
of course!)
Header below.
Envelope-to: [EMAIL PROTECTED]
Received: from hopnet.hopkins.co.uk ([10.0.0.23] helo=mail.hopkins.co.uk)
by hopkins.co.
Hi,
Because, more often than not, the reason that whitelisting is not
matching is that the headers you think are matching are not. Or there
is a type in the whitelist.cf file.
By not allowing us to see the entire header, you are making us guess.
Mark Adams wrote:
Thanks for you reply.
Why
Thanks for you reply.
Why would this make any difference?
"The headers checked for whitelist addresses are as follows: if
"Resent-From" is set, use that; otherwise check all addresses taken from
the following set of headers:
Envelope-Sender
Resent-Sender
X-Envelope-From
From
"
The only header
I am running Postfix 2.3.5 with SA 3.1.7 and amavisd-new. If I catch a
copy of all messages using the Postfix option of always_bcc, will this
work when learning those messages? I am wondering if the bcc address
being in the header of all those messages will cause any learning issues
regarding the a
Hi,
I would think we need to see the FULL headers of this example email
before anyone can comment.
Mark Adams wrote:
Hi,
I have changed my reporting so it provides more information, and run
--test-mode with a message marked as spam, that should be whitelisted
whitelist.cf contents:
whiteli
Hi,
I have changed my reporting so it provides more information, and run
--test-mode with a message marked as spam, that should be whitelisted
whitelist.cf contents:
whitelist_from [EMAIL PROTECTED]
when running spamassassin -D --lint, I see the following line
[18351] dbg: config: read file /e
Mark Martinec writes:
> Rocco,
>
> > > > 2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on
> > > I wonder why score for RCVD_IN_WHOIS_BOGONS is 0 in 3.2.0-rc1 ?
> >
> > I don't understand.. maybe my remark is wrong,
> > but I [do] get this score for the rules above
>
> I said '3.2.0-rc1
Hi,
I have three servers and all have same problem. i have sent you example of
the different servers so that the version diffrence occurs.
Thanks
Fabien GARZIANO wrote:
>
>
> Hi,
>
> I don't know the answer to your question. But something looks weird in
> your example :
>
> Case 1 : "v
Rocco,
> > > 2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on
> > I wonder why score for RCVD_IN_WHOIS_BOGONS is 0 in 3.2.0-rc1 ?
>
> I don't understand.. maybe my remark is wrong,
> but I [do] get this score for the rules above
I said '3.2.0-rc1', didn't I?
Btw, I got 1800 messages hi
On 3/28/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
On Wed, 28 Mar 2007, Panagiotis Christias wrote:
> the last days we get a lot of spam like this:
>
> KAUF-TIPP DER WOCHE
I wrote a few of my own rules especially to catch those stocks scams
together with bayes. If you don't have any peopl
Hi,
Rocco Scappatura wrote:
There is another discussion on this list about rules that
catch these sorts of messages. Check that out for ideas.
For what it is worth these are the rules I get:
Content analysis details: (10.5 points, 5.0 required)
pts rule name description
---
> > 2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on
> bogons IP block
> > [102.176.29.76 listed in
> > combined-HIB.dnsiplists.completewhois.com]
>
> I wonder why score for RCVD_IN_WHOIS_BOGONS is 0 in 3.2.0-rc1 ?
> (unlike RCVD_IN_WHOIS_INVALID and RCVD_IN_WHOIS_HIJACKED,
>
> There is another discussion on this list about rules that
> catch these sorts of messages. Check that out for ideas.
>
> For what it is worth these are the rules I get:
>
> Content analysis details: (10.5 points, 5.0 required)
>
> pts rule name description
> ---
Hi,
I don't know the answer to your question. But something looks weird in your
example :
Case 1 : "version=3.1.8"
Case 2 : "version=3.0.5"
Are you using the same SA setup for both cases ?
I Hope it helps.
> -Message d'origine-
> De : lalit [mailto:[EMAIL PROTECTED]
> Envoyé : j
82 matches
Mail list logo
