Our mail server is flooded by such spams. Is this a new variant of spam?
Does any one have cracked a rule to catch this?
-Original Message-
From: braye64 [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 14, 2007 1:49 AM
To: [EMAIL PROTECTED]
Subject: IR1E1
Hillo2 41b
-Original Mess
Henrik Krohns wrote:
> On Fri, Apr 13, 2007 at 10:32:56AM -0400, Matt Kettler wrote:
>
>> Mário Gamito wrote:
>>
>>> Hi,
>>>
>>> How can change the number of messages needed for sa-learn from 200 to
>>> a lower value ?
>>>
>>> My boss (grunf... it had to be him) is getting a lot of HAM.
>>>
NFN Smith wrote:
Jake Vickers wrote:
It's in your RDJ config file. My config is in /etc/rulesdujour/ and
the file is called "config". The line in question:
SA_DIR="/etc/mail/spamassassin"
That's where it should save the files it downloads.
I checked the code of rules_du_jour, and the downloa
On Saturday April 14 2007 01:24:47 John Clements wrote:
> >> Date: 05 Apr 2007 05:05:39 -0700
> >> Date: 05 Apr 2007 05:05:39 -0700
> >> Date: Thu, 05 Apr 2007 06:46:01 -0500
> >> Now, I took a quick look at rfc 2822, and all of the Date fields
> >> in this e-mail would appear to be compliant.
Ye
On Fri, 13 Apr 2007, NFN Smith wrote:
> Is there a SA config setting I need to do to make SA check the
> RulesDuJour directory, or do I need to do something kludgy, such
> as adding my own scripting to do post-processing by copying
> updated rulesets from the RulesDuJour directory back to
> /etc/s
Jake Vickers wrote:
It's in your RDJ config file. My config is in /etc/rulesdujour/ and the
file is called "config". The line in question:
SA_DIR="/etc/mail/spamassassin"
That's where it should save the files it downloads.
I checked the code of rules_du_jour, and the download is done to the
On Apr 13, 2007, at 2:05 PM, mouss wrote:
John Clements wrote:
It appears to me that all mail coming through Yahoo groups is
getting at least 4.5 points because of yahoo's use of tiny fonts
and of non-compliant Date: formats. Here's the spamassassin
analysis:
And below, here's a segmen
jpff wrote:
Since I upgraded to SpamAssassin version 3.1.8 running on Perl version
5.8.4 I have had problems. The mailer get swamped and I get lots of
odd mesages; simple example.
Apr 13 21:07:26 snout spamd[17853]: Attempt to free non-existent shared string 'test_names_hit' at /usr/local/
NFN Smith wrote:
This one should be simple, but I'm not finding a quick answer..
Recently, I enabled updates of the SARE rules I run through
rules_du_jour. Updates are working fine, but there's a minor glitch
in handling the results.
Namely, I have my SARE rules in /etc/spamassassin, and th
Hi Vincent,
> Are you running spamd/spamc as root? it is not recommended to run spamd
> as root.
I know, but so far I was too lazy setting it up to run as a user.
There are still some issues, e.g. when I start spamd with
use_auto_whitelist 1
and there is no file auto-whitelist yet, it is
> If you remember my log file, there were a bunch of days in a row with one
> to three of them, then three on April 8th, one on April 9th and none
> since then.
Well, it still could be some kind of watchdog that kills processes when
they use too much CPU or memory. That wouldn't happen on a regula
Hi,
> now, take one of the messages and run "spamassassin -t" on it and show
> these tests (at the end of the report).
Strange, it has only 4.1 points, but is marked as SPAM!
# spamassassin -t
1173748887.M111529P3626V0901I0172197A_86.mail.telbit.pt\,S\=28719\:2\,
Content analysis det
On Fri, Apr 13, 2007 at 03:01:04PM +0100, Mário Gamito wrote:
> How can change the number of messages needed for sa-learn from 200 to a
> lower value ?
You can edit the code, but why would you want to?
> My boss (grunf... it had to be him) is getting a lot of HAM.
Ok, I get a lot of ham too. S
On Fri, Apr 13, 2007 at 09:15:06PM +0100, jpff wrote:
> Apr 13 21:07:26 snout spamd[17853]: Attempt to free non-existent shared
> string 'test_names_hit' at
> /usr/local/share/perl/5.8.4/Mail/SpamAssassin/PerMsgStatus.pm line 1298.
>
> and many similar messages with different "non-existent" str
John D. Hardin wrote:
On Thu, 12 Apr 2007, Instituto de Ingenieria Área de Sistemas Unix/Linux wrote:
So why does spamassassin classifies some mails even though it's
exactly the same message for all the addresses?
per-user bayes, perhaps?
or
- AWL
- dcc, razor, ..
- dnsbl's
Can
Mário Gamito wrote:
Hi,
How can change the number of messages needed for sa-learn from 200 to
a lower value ?
My boss (grunf... it had to be him) is getting a lot of HAM.
if "it" doesn't come to you, go to it! do it the other way. find 200 ham
and 200 spam messages and sa-learn them! even
--- Andy Spiegl <[EMAIL PROTECTED]> wrote:
> Hi Jason,
>
> I found the cause: my stupidess DOH!
>
> I've got a cronjob that kills processes which have been hanging
> around for
> too long. Two days ago I reconfigured it and made a mistake which
> lead to
> exactly this: spamd with etime of mo
Andy Spiegl wrote:
Hi,
I call spamc to scan the messages (like most of you I assume :-)
But if spamd isn't running (see my other postings) spamc returns the
messages unprocessed. How are you guys coping with that?
I guess I have to check the processed messages for the
"X-Spam-Checker-Version"
Mário Gamito wrote:
Hi,
Thank you for your answers.
Look at the config documentation for the whitelist_from_rcvd and
whitelist_from_spf options.
Humm... where are they ? Couldn't find it :(
Can you post the list of rules that these mails are hitting (the
X-Spam_Status header)?
John Clements wrote:
It appears to me that all mail coming through Yahoo groups is getting
at least 4.5 points because of yahoo's use of tiny fonts and of
non-compliant Date: formats. Here's the spamassassin analysis:
pts rule name description
--
--
It doesn't seem excessive to me, though my whitelist is actually twice
this size. Here's my blacklist from local.cf:
blacklist_from *reunion.com [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
blacklist_from *rm05.net *adm02.com [EMAIL PROTECTED]
[EMAIL PROTECTED] *agava.ne
Hi Jason,
I found the cause: my stupidess DOH!
I've got a cronjob that kills processes which have been hanging around for
too long. Two days ago I reconfigured it and made a mistake which lead to
exactly this: spamd with etime of more than 60 minutes are killed with
SIGTERM. This cronjob is re
Since I upgraded to SpamAssassin version 3.1.8 running on Perl version
5.8.4 I have had problems. The mailer get swamped and I get lots of
odd mesages; simple example.
Apr 13 21:07:26 snout spamd[17853]: Attempt to free non-existent shared string
'test_names_hit' at
/usr/local/share/perl/5
--- Duane Hill <[EMAIL PROTECTED]> wrote:
> On Fri, 13 Apr 2007, J. wrote:
>
> > --- Andy Spiegl <[EMAIL PROTECTED]> wrote:
> >
> >> I seem to have the same problem!
> >>
> >> Yesterday I upgraded from 3.0 to 3.1
> >> (to be exact: 3.0.3-2sarge1 to 3.1.7-1~bpo.1 from Debian
> backports)
> >> an
This one should be simple, but I'm not finding a quick answer..
Recently, I enabled updates of the SARE rules I run through
rules_du_jour. Updates are working fine, but there's a minor glitch in
handling the results.
Namely, I have my SARE rules in /etc/spamassassin, and the RDJ updates
are
J. wrote:
I got an obvious spam a little while ago that got scored
"X-Spam-Status: No, hits=? required=?" so I looked up the message in
the system log. Check out line 5 below (server killed by SIGTERM):
I had a similar issue caused by using a very large blacklist; I took out
the blacklist a
It appears to me that all mail coming through Yahoo groups is getting
at least 4.5 points because of yahoo's use of tiny fonts and of non-
compliant Date: formats. Here's the spamassassin analysis:
pts rule name description
--
-
While I am reading through the spamd.log in order to find the cause for the
strange SIGTERMs (see my other posting) I saw that there are many lines
like this:
Fri Apr 13 18:18:54 2007 [26659] error: alarm
What could that mean?
Here is the full log of the child with pid 26659 (started with
"--max
--- Andy Spiegl <[EMAIL PROTECTED]> wrote:
> > Someone here suggested that it's a memory problem.
> Where? I didn't see any reply to your post.
Sorry, it was on the Gentoo forum, not here. Here's the thread, not
much beyond what I mentioned though so not sure it will help:
http://forums.gentoo.
Are you using the Botnet plugin?
If so, I'd add an exemption for their IP address to your Botnet.cf file.
It looks like what you'd need, if you are using Botnet, is either:
botnet_skip_ip^81\.92\.203\.3$
and/or
botnet_skip_ip^84\.18\.242\.136$
Depending on whether your sca
On Fri, 13 Apr 2007, Mário Gamito wrote:
> > Look at the config documentation for the whitelist_from_rcvd and
> > whitelist_from_spf options.
> Humm... where are they ? Couldn't find it :(
perldoc Mail::SpamAssassin::Conf
perldoc Mail::SpamAssassin::Plugin::SPF
or
http://spamassassin.apache.
Hi,
Thank you for your answers.
> Look at the config documentation for the whitelist_from_rcvd and
> whitelist_from_spf options.
Humm... where are they ? Couldn't find it :(
> Can you post the list of rules that these mails are hitting (the
> X-Spam_Status header)?
Here it is:
X-Spam-Status:
On Fri, 13 Apr 2007, Mário Gamito wrote:
> My boss is getting HAM mails from two addresses which are always
> marked as SPAM.
>
> Is there a way to configure SA to stop marking those two specific
> addresses as SPAM ?
Look at the config documentation for the whitelist_from_rcvd and
whitelist_fr
Mário Gamito schrieb:
Hi,
My boss is getting HAM mails from two addresses which are always marked
as SPAM.
I've seen that lowering the sa-learn threshold is not an option.
Is there a way to configure SA to stop marking those two specific
addresses as SPAM ?
Any help would be appreciated.
W
Hi,
My boss is getting HAM mails from two addresses which are always marked
as SPAM.
I've seen that lowering the sa-learn threshold is not an option.
Is there a way to configure SA to stop marking those two specific
addresses as SPAM ?
Any help would be appreciated.
Warm Regards
--
:wq! Mário
On Fri, 13 Apr 2007, Andy Spiegl wrote:
Someone here suggested that it's a memory problem.
Where? I didn't see any reply to your post.
Most of my machines have 1gig RAM. That should be enough for the 5
SA-children I thought...
The rate that it's occuring for you might support that if you h
While I am reading through the spamd.log in order to find the cause for the
strange SIGTERMs (see my other posting) I saw that there are many lines
like this:
Fri Apr 13 18:18:54 2007 [26659] error: alarm
What could that mean?
Here is the full log of the child with pid 26659 (started with
"--max
Mário Gamito wrote:
> Hi,
>
> How can i know how many messages did already sa-learn processed ?
You mean the total number of messages learned in the bayes database
(includes sa-learn and autolearn)?
sa-learn --dump magic
Make sure you run as SA user to query the right database.
On Fri, 13 Apr 2007, J. wrote:
--- Andy Spiegl <[EMAIL PROTECTED]> wrote:
I seem to have the same problem!
Yesterday I upgraded from 3.0 to 3.1
(to be exact: 3.0.3-2sarge1 to 3.1.7-1~bpo.1 from Debian backports)
and now ALL spamds terminate after a while. And I have no clue why!
The worst
Hi,
I call spamc to scan the messages (like most of you I assume :-)
But if spamd isn't running (see my other postings) spamc returns the
messages unprocessed. How are you guys coping with that?
I guess I have to check the processed messages for the
"X-Spam-Checker-Version" header to see whether
On Friday 13 April 2007, Bart Schaefer wrote:
>On 4/13/07, Gene Heskett <[EMAIL PROTECTED]> wrote:
>> The trail starts at localhost! HTF did they do that?
>
>You're looking at the header of the wrapper message created by
>spamassassin, not at the header of the actual spam (which will be
>inside a
> Someone here suggested that it's a memory problem.
Where? I didn't see any reply to your post.
Most of my machines have 1gig RAM. That should be enough for the 5
SA-children I thought...
> The rate that it's occuring for you might support that if you handle a
> lot of users.
Yes, but my setup
On 4/13/07, Gene Heskett <[EMAIL PROTECTED]> wrote:
The trail starts at localhost! HTF did they do that?
You're looking at the header of the wrapper message created by
spamassassin, not at the header of the actual spam (which will be
inside a message/rfc822 body part of the message created by
--- Andy Spiegl <[EMAIL PROTECTED]> wrote:
> I seem to have the same problem!
>
> Yesterday I upgraded from 3.0 to 3.1
> (to be exact: 3.0.3-2sarge1 to 3.1.7-1~bpo.1 from Debian backports)
> and now ALL spamds terminate after a while. And I have no clue why!
>
> The worst part is that spamc re
Hi;
I use fetchmail, sucking from 3 accounts, piped thru by procmail spamc before
procmail puits it in the local 'gene' file in /var/spool/mail, so this was
spam, but where the heck did it come from?
(header only by copy-paste)
==
Received: from localhost by coyote.coyote.den
with SpamAs
I seem to have the same problem!
Yesterday I upgraded from 3.0 to 3.1
(to be exact: 3.0.3-2sarge1 to 3.1.7-1~bpo.1 from Debian backports)
and now ALL spamds terminate after a while. And I have no clue why!
The worst part is that spamc returns the messages unprocessed if it cannot
connect to spa
Mário Gamito wrote:
> Hi,
>
> How can change the number of messages needed for sa-learn from 200 to
> a lower value ?
>
> My boss (grunf... it had to be him) is getting a lot of HAM.
>
> Any help would be appreciated.
Edit the code.
That said, you may get unreliable and erratic bayes results fro
Hi,
How can change the number of messages needed for sa-learn from 200 to a
lower value ?
My boss (grunf... it had to be him) is getting a lot of HAM.
Any help would be appreciated.
Warm Regards
--
:wq! Mário Gamito
On 13-Apr-07, at 9:41 AM, Ken Morley wrote:
According to my understanding of the way SPF works the following
message
should not be failing. Can anyone tell me why this failed?
Here's the pertinent parts of the log:
--
Apr 11 15:00:18 maildrop postgrey[240
Ken Morley wrote:
> According to my understanding of the way SPF works the following message
> should not be failing. Can anyone tell me why this failed?
>
>
> Here's the pertinent parts of the log:
> --
> Apr 11 15:00:18 maildrop postgrey[2407]: request:
> clie
Mário Gamito wrote:
> Hi,
>
> How can i know how many messages did already sa-learn processed ?
You mean the total number of messages learned in the bayes database
(includes sa-learn and autolearn)?
sa-learn --dump magic
Hi,
How can i know how many messages did already sa-learn processed ?
Thanks in advance.
Warm Regards
--
:wq! Mário Gamito
According to my understanding of the way SPF works the following message
should not be failing. Can anyone tell me why this failed?
Here's the pertinent parts of the log:
--
Apr 11 15:00:18 maildrop postgrey[2407]: request:
client_address=66.179.38.26 client_n
53 matches
Mail list logo
