>
> Dear List
>
> I am running qmail + SA + Clamav on FC 5, my problem is when ever
> concurrent smtp connections cross 30+ SA gets slow and take too much
> time to process mails through qmailscaner
>
> qmail-queue.log
> ===
> Fri,
On 29/02/2008 2:07 AM, Shahzad Abid wrote:
> Dear Daryl
>
> What rule sets you are using?
The ones that come with SpamAssassin and the updates.spamassassin.org
update channel.
Daryl
HI
I had installed my Spamassassin on a linux box ( cent os ) to scan mails
from a windows "Smatermail" server and so far it was working good, but
suddenly it started giving the following error :
Fri Feb 29 00:12:49 2008 [27218] info: spamd: handled cleanup of child pid
19811 due to SIGCHLD
Fri F
Hi Ram,
At 21:46 28-02-2008, ram wrote:
I dont understand the intent in this spam ?
The intent of the spam is to get the recipient to read the message
and go to the Yahoo calender link. Spam are generally crafted in
such a way to evade filtering. If you want to filter this message
based on
On 29/02/2008 1:18 AM, devi_sreem wrote:
> I am running spamd. When a mail is being sent to mail account
> [EMAIL PROTECTED] it is automatically taking the user qscand, as you
> know it the user is of qmail scanner.
Oh yeah, qmail scanner. Sorry, I won't touch that -- I'm not sure if
it'll do per
On 29/02/2008 1:28 AM, Shahzad Abid wrote:
> Dear List
>
> How to determine good rules for SA, I am using following rules.
Well, I think you just answered your question about why your
installation of SA is running slow. :)
You need to review the descriptions of the rulesets to see if they're
eve
Dear List
How to determine good rules for SA, I am using following rules.
70_sare_adult.cf 70_sare_html2.cf
70_sare_uri.cf FuzzyOcr.old
70_sare_bayes_poison_nxm.cf 70_sare_html3.cf
70_sare_uri_eng.cf Fuzz
I am running spamd. When a mail is being sent to mail account
[EMAIL PROTECTED] it is automatically taking the user qscand, as you
know it the user is of qmail scanner.
I am running spamd with -u spamd
/usr/bin/spamd -q -x -u spamd -H /home/spamd -d -D
Sincerely,
Sreedevi.
--
View this
On 29/02/2008 12:35 AM, Shahzad Abid, Network Engineer, I.T., HO. wrote:
> Dear List
>
> I am running qmail + SA + Clamav on FC 5, my problem is when ever
> concurrent smtp connections cross 30+ SA gets slow and take too much
> time to process mails through qmailscaner
>
> qmail-queue.log
> =
On 29/02/2008 12:52 AM, devi_sreem wrote:
> Here it says username='qscand' I am not sure why spamd is not transferring
> the email account as the username to variable _USERNAME_
Are you calling spamc with a "-u username" parameter?
Daryl
Dear List
I am running qmail + SA + Clamav on FC 5, my problem is when ever
concurrent smtp connections cross 30+ SA gets slow and take too much
time to process mails through qmailscaner
qmail-queue.log
===
Fri, 29 Feb 2008 09:51
Hi All,
First Im realy dont know this is the right forum to ask my doubts?
I was not able to access http://www.rulesemporium.com? is this working
are moved some where?
www.rulesemporium.com resolved to 72.52.4.74, but ping failed for me,
Thanks in advance
Regards,
a.Johnson
Hi,
I have been trying to make spamassassin work aginst SQL user preferences
wothout any luck.
My local.cf contains.
user_scores_dsn
DBI:mysql:spamassassin:mysql_socket=/var/lib/mysql/mysql.sock
user_scores_sql_username username
user_scores_sql_password password
user_sco
On Thu, 2008-02-28 at 11:25 -0800, SM wrote:
> At 04:35 28-02-2008, ram wrote:
> >I am not really sure this is spam
> >
> >https://ecm.netcore.co.in/tmp/spammail_calendar.txt
> >
> >This looks like a simple mail to me .. but the user says it is spam. The
> >text of the mail too is highly suspicious
On 18/02/2008 7:29 AM, Arthur Dent wrote:
> Gentle Bump...
>
> I thought that the approved place to alter scores was in
> /etc/mail/spamassassin/local.cf so I have not gone rooting around trying
> to give these rules scores which surely they should have by default?
What exactly do you mean. The
On Thursday 28 February 2008 23:26:49 Martin Gregorie wrote:
> What is this domainkeys of which they speak?
http://www.rfc-editor.org/rfc/rfc4870.txt
http://www.rfc-editor.org/rfc/rfc4871.txt
http://www.dkim.org/info/dkim-faq.html
http://www.dkim.org/
Mark
Randy Ramsdell wrote:
Karsten Bräckelmann wrote:
On Thu, 2008-02-28 at 09:21 -0500, Randy Ramsdell wrote:
Hi,
One thing I do not understand regarding AWL and BAYES. When a
message is reported to me as spam and was not marked as spam, I test
is using debug before and after sa-learn. Each ti
Randy Ramsdell wrote:
Hi,
One thing I do not understand regarding AWL and BAYES. When a message
is reported to me as spam and was not marked as spam, I test is using
debug before and after sa-learn. Each time I do this, BAYES_99 does
hit, but they will also include AWL.
1. Does anyone under
Olaf Greve wrote:
Hi,
Firstly: I'm new to this list and also pretty new to SA in general. I
did try to find the answers to my questions in the FAQ, but haven't
succeeded beyond all doubt at doing so. I do hope, however, that I'm
not flogging a dead horse with my below questions (which appear
Hi,
Thank you Steve for this. I found that /etc/sysconfig/spamassassin
had the other SPAMOPTIONS so I updated my -m 20 there and it appears
to take. Here is my current ps auwxf|grep spam:
root 27678 0.9 2.0 43672 39268 ?Ss 16:08 0:03
/usr/bin/spamd -x -u spamd -m 20 -H /home/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/28/2008 05:16 PM, fchan wrote:
| Hi,
| I have set my --max-child to 30 but I look at my logs and it appears
| that this is not obeyed.
|
| Here is my spamd options:
| SPAMDOPTIONS="-d -m 30 -H"
|
| Here is what I see in the logs:
| Feb 28 10:57:
On 28/02/2008 6:16 PM, fchan wrote:
> Hi,
> I have set my --max-child to 30 but I look at my logs and it appears
> that this is not obeyed.
>
> Here is my spamd options:
> SPAMDOPTIONS="-d -m 30 -H"
Does whatever you start spamd with actually use those options? Are you
sure (check the command li
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/28/2008 05:16 PM, fchan wrote:
| Hi,
| I have set my --max-child to 30 but I look at my logs and it appears
| that this is not obeyed.
|
| Here is my spamd options:
| SPAMDOPTIONS="-d -m 30 -H"
|
| Here is what I see in the logs:
| Feb 28 10:57:
On Thursday 28 February 2008, fchan wrote:
>Hi,
>I have set my --max-child to 30 but I look at my logs and it appears
>that this is not obeyed.
>
>Here is my spamd options:
>SPAMDOPTIONS="-d -m 30 -H"
>
>Here is what I see in the logs:
>Feb 28 10:57:29 s1 spamd[15535]: prefork: child states: B
At 14:26 28-02-2008, Martin Gregorie wrote:
I wrapped the lines to suit the e-mail. These are the only indications
of why my mail was treated as spam. What is this domainkeys of which
they speak?
Quoting Yahoo:
"DomainKeys is yet another way Yahoo! brings untold misery and grief
to email forg
Hi,
I have set my --max-child to 30 but I look at my logs and it appears
that this is not obeyed.
Here is my spamd options:
SPAMDOPTIONS="-d -m 30 -H"
Here is what I see in the logs:
Feb 28 10:57:29 s1 spamd[15535]: prefork: child states: B
Feb 28 10:57:29 s1 spamd[15535]: prefork: server
On 28/02/2008 5:04 PM, Randy Ramsdell wrote:
> * If this is a company server, I would certainly not have an issue with
> blocking or adding a high score for the word "Whore" and could do
> something with the word "Schoolgirl."
Maybe it's just my manufacturing background, but I'd block half of our
A friend tells me that some mail I sent to him at xtra.co.nz (now a
Yahoo subsidiary) was flagged as spam. He sent me the headers, but all
it shows is:
X-Apparently-To: [EMAIL PROTECTED] via hhh.hhh.hhh.hhh;
Thu, 21 Feb 2008 15:46:00 -0800
X-YahooFilteredBulk: 77.75.108.10
X-Originating-
JP Kelly wrote:
any takers on this?
On Feb 27, 2008, at 2:31 PM, Chip M. wrote:
The main thing that stands out (to me) is the China TLD in the URL.
We block all those on sight (unless they're in the recipient's domain
skip
list - so far, none of my users have any China TLDs in theirs).
Per
Not "nearly impossible." I work daily with people who run servers
exactly like that, yet spam of all sorts is spewing from their mail
queues. Most of the ones I see are SMTP accounts with weak passwords.
The spammers authenticate as the users and bam, the server is a spam source.
With Exim this
> > I have heavy issues with HOTMAIL since they reject ANY legitim messages
> > as SPAM without any reason. All of my 50 Servers are worldwide and in
> > different subnets. It is nearly impossible that all 50 Servers have
> > spamed HOTMAIL, since my servers accept only authenticated SMTP from
>
my spamd is segaulting when I start it up. I tried to strace the
process and all I could see was that it was opening this file and then
doing some memory mappings and then segfaulting:
open("/var/lib/spamassassin/compiled/3.002003/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so",O_RDONLY)
I have heavy issues with HOTMAIL since they reject ANY legitim messages
as SPAM without any reason. All of my 50 Servers are worldwide and in
different subnets. It is nearly impossible that all 50 Servers have
spamed HOTMAIL, since my servers accept only authenticated SMTP from
clients.
Not "n
Hi all new to the forum.
Question I recently tried to do an sa-update on a server that we collocate
which means I did not install spam assassin. When I did the update I got
the following error below.
Could this mean that Spam Assassin was installed incorrectly? and what can
I do to correct the
Don't know if this will help but we use the list on this site to block
malicious Chinese and Korean ip addresses and network blocks via iptables -
http://www.okean.com/
>>> JP Kelly <[EMAIL PROTECTED]> 2/28/2008 12:36:12 PM >>>
any takers on this?
On Feb 27, 2008, at 2:31 PM, Chip M. wrote:
>
Hi guys,
Thanks for the answers!
I feel really stupid now for not having realised this; I was under the
impression that amavisd-new wouldn't need a restart, but sure enough
check the following lines from the amavis.log file after restarting
the daemon manually:
Feb 28 21:15:32 /usr/local
my spamd is segaulting when I start it up. I tried to strace the
process and all I could see was that it was opening this file and then
doing some memory mappings and then segfaulting:
open("/var/lib/spamassassin/compiled/3.002003/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so",O_RDONLY)
Slightly off-topic, but I'm curious, how many of you are using CRM114?
How well does it work for you? Was it difficult to train? I've been
looking at it and haven't found much except the official plugin guide
and a single page saying that it works better than other learning
methods. Any inf
Hi,
Check your spamassassin bayes directory, in your case it's
/home/spamassassin/.spamassassin/, for the bayes.lock.* files? I seen
this you need to temporarily stop spamd then remove the bayes.lock.*
files there. Then start spamd and it should clear this up.
I think the reason for this if you
any takers on this?
On Feb 27, 2008, at 2:31 PM, Chip M. wrote:
The main thing that stands out (to me) is the China TLD in the URL.
We block all those on sight (unless they're in the recipient's
domain skip
list - so far, none of my users have any China TLDs in theirs).
Perhaps one of the
At 04:35 28-02-2008, ram wrote:
I am not really sure this is spam
https://ecm.netcore.co.in/tmp/spammail_calendar.txt
This looks like a simple mail to me .. but the user says it is spam. The
text of the mail too is highly suspicious.
It is spam.
Regards,
-sm
On 28/02/2008 7:48 AM, R.Smits wrote:
> Hello,
>
> We have a problem that is very annoying. Let me explain it.
>
> Our organisation is using spamassassin with the check for RCVD_IN_PBL.
> Now if one of our users is using webmail (exchange) and sends an email
> outside the organisation, it gets po
> running on Perl version 5.8.5
upgrade, and let us know problem later
if i remember unicode was a problem before 5.8.8
Karsten Bräckelmann a écrit :
If you want to enforce a non-word char preceding this, the \W is fine.
However, the alternate anchor at the beginning of the string probably
will be rather useless. From the fine docs [1], body rule definitions:
"All HTML tags and line breaks will be removed befo
bodyWNG_OBFUVISTA/\Wista\b/i
would be my suggestion--I wouldn't worry too much about the exact
non-word character(s). The baddies might next do \ /ista, and the a
precise rule for \/ista wouldn't catch it.
--Paul
Samuel Krieg wrote:
Hi there,
I'm trying to create a rule to identify "\/
Jari Fredriksson wrote:
> > Olaf Greve wrote:
> > > The way I perform my updates are as follows:
> > >
> > > Cron call:
> > > 23 3 * * 2,5 /usr/local/bin/sa-update --allowplugins
> > > --gpgkeyfile /root/sa_pgp_keys --channelfile
> > > /root/sa_channels && /usr/local/etc/rc.d/sa-spamd.sh restart >
> Olaf Greve wrote:
>> The way I perform my updates are as follows:
>>
>> Cron call:
>> 23 3 * * 2,5 /usr/local/bin/sa-update --allowplugins
>> --gpgkeyfile /root/sa_pgp_keys --channelfile
>> /root/sa_channels && /usr/local/etc/rc.d/sa-spamd.sh
>> restart > /dev/null
>>
>> (yes, I realise spamd
Olaf Greve wrote:
> Hi,
>
> Firstly: I'm new to this list and also pretty new to SA in general. I
> did try to find the answers to my questions in the FAQ, but haven't
> succeeded beyond all doubt at doing so. I do hope, however, that I'm
> not flogging a dead horse with my below questions (which
While investigating why a couple of emails took over 500 seconds to
scan, I found a bunch of these errors in the log file:
spamd[7586]: Malformed UTF-8 character (unexpected continuation byte 0x8e,
with no preceding start byte) in pattern match (m//) at
/var/lib/spamassassin/3.002004/70_sare_speci
On Wed, Feb 27, 2008 at 6:21 PM, Daryl C. W. O'Shea
<[EMAIL PROTECTED]> wrote:
> On 27/02/2008 6:18 PM, Asif Iqbal wrote:
> > What is short of putting the sender email to white list to reduce the
> > score of this email. It is a valid email. Here is the report
>
> As presented to SpamAssassin, i
On Thu, 2008-02-28 at 10:28 -0500, Randy Ramsdell wrote:
> Karsten Bräckelmann wrote:
> > AWL is a score averager. SA has seen that sender before.
> > http://wiki.apache.org/spamassassin/AutoWhitelist
> >
> > Run it through SA again, and you will see the AWL score getting closer
> > to 0, since
Here's something I'm doing that works really well and could be
implemented in SA. And once it is done using my HostKarma list I'm
hoping that this will be so successful that someone else will make an
even better list than mine.
This trick is most effective for whitelisting but can be used for
On Friday 22 February 2008 23:37:29 René Berber wrote:
> > Should I post the contents of both local.cf and user_prefs? They don't
> > contain anything special as far as I can see, but something definitely
> > feels wrong with my configuration. Why else would the AWL test get such
> > scores?
>
> AW
Karsten Bräckelmann wrote:
On Thu, 2008-02-28 at 09:21 -0500, Randy Ramsdell wrote:
Hi,
One thing I do not understand regarding AWL and BAYES. When a message is
reported to me as spam and was not marked as spam, I test is using debug
before and after sa-learn. Each time I do this, BAYES_99
BTW, I appreciate it that you are interested enough in my
black/white/yellow lists that you're writing code for it. If there's
anything you would like me to do on my end to make it easier let me know.
Also, I don't know if you can do this in Postfix or Spam Assassin but my
lists do more than j
On Thu, 2008-02-28 at 09:21 -0500, Randy Ramsdell wrote:
> Hi,
>
> One thing I do not understand regarding AWL and BAYES. When a message is
> reported to me as spam and was not marked as spam, I test is using debug
> before and after sa-learn. Each time I do this, BAYES_99 does hit, but
> they
Jari Fredriksson wrote:
Hi,
One thing I do not understand regarding AWL and BAYES.
When a message is reported to me as spam and was not
marked as spam, I test is using debug before and after
sa-learn. Each time I do this, BAYES_99 does hit, but
they will also include AWL.
1. Does anyone under
> Hi,
>
> One thing I do not understand regarding AWL and BAYES.
> When a message is reported to me as spam and was not
> marked as spam, I test is using debug before and after
> sa-learn. Each time I do this, BAYES_99 does hit, but
> they will also include AWL.
>
> 1. Does anyone understand why
http://thedailywtf.com/Articles/The-Clbuttic-Mistake-.aspx
'People who make buttumptions about their regex scripts, will be
embarbutted when they repeat this mbuttive mistake.'
--j.
> If it's sporadic, that's not a problem. SA tried to get a read-write
> lock on the bayes DB, presumably for autolearning or autoexpiry, but
> some other SA instance may have had it.
>
> Rather than block your mail queue, SA gave up.
>
> This is only a problem if it happens *every* time SA tri
On Thu, 2008-02-28 at 15:02 +0100, Samuel Krieg wrote:
> Karsten Bräckelmann a écrit :
> > On Thu, 2008-02-28 at 14:26 +0100, Samuel Krieg wrote:
> >> I'm trying to create a rule to identify "\/ista" (with backslash + slash).
> >>
> >> This does not seem to work:
> >>
> >> body WNG_OBFUVISTA
Hi,
One thing I do not understand regarding AWL and BAYES. When a message is
reported to me as spam and was not marked as spam, I test is using debug
before and after sa-learn. Each time I do this, BAYES_99 does hit, but
they will also include AWL.
1. Does anyone understand why this happens?
Hi,
Firstly: I'm new to this list and also pretty new to SA in general. I did try
to find the answers to my questions in the FAQ, but haven't succeeded beyond
all doubt at doing so. I do hope, however, that I'm not flogging a dead horse
with my below questions (which appear at the end of the me
Karsten Bräckelmann a écrit :
On Thu, 2008-02-28 at 14:26 +0100, Samuel Krieg wrote:
I'm trying to create a rule to identify "\/ista" (with backslash + slash).
This does not seem to work:
bodyWNG_OBFUVISTA /\b\\\/ista\b/i
The backslash is not a word chara
Am 2008-02-25 15:56:50, schrieb fchan:
> Hi,
> I'm get alot of these February 77% OFF or variations (ie January 73%
> OFF and my guess March 75% OFF next month) thereof in the subject
> line for spam. The body always changes so I can't really key on this.
> I would like to make rule that subject
Hello Tom,
Am 2008-02-25 11:54:24, schrieb Tony Bunce:
> Sorry for the Off Topic thread but I'm at a loss.
>
> Is anyone else having issues sending mail to Yahoo?
I have since arround 5 weeks the same issues with rejecting
ANY messages as spam with unknown reason.
> I've filled out every fo
Hello Michael,
Am 2008-02-26 11:16:35, schrieb Michael Hutchinson:
> I have tried different approaches, and let us not forget I have filled
> out 3 whitelist forms, and received no response from Yahoo. Their
> service is breaking RFC's by not delivering mail. They are ignorant
> towards other comp
Helo *,
Am 2008-02-26 07:36:23, schrieb Michael Scheidell:
> > If this was too much information, my apologies
> >
> So, bottom line, either they are running an open relay (since we can 'be
> assured that it did not originate with Google'), or they lie.
>
> I guess with a company the size of Goog
Am 2008-02-25 16:29:41, schrieb Matus UHLAR - fantomas:
> On 25.02.08 11:00, Sven Rudolph wrote:
> > Corporation(Business) is $16,800 per year, not $168,000.
>
> which is still too much for our compane for example :-S
If you have 100.000 Users/Customers, it is only
1400 US$/month or 0.014 US$/Use
Am 2008-02-25 23:28:39, schrieb fchan:
> Hi,
> I don't mind taking RAM since I have 3GB. I can raise the amount of
> child processes and I wanted to find out how much RAM does each child
> takes so I can decide how many max children to raise it without
> killing my system. Also I would like to c
On Thu, 2008-02-28 at 14:26 +0100, Samuel Krieg wrote:
> I'm trying to create a rule to identify "\/ista" (with backslash + slash).
>
> This does not seem to work:
>
> body WNG_OBFUVISTA /\b\\\/ista\b/i
The backslash is not a word character. Thus, the \b word bo
Hi there,
I'm trying to create a rule to identify "\/ista" (with backslash + slash).
This does not seem to work:
bodyWNG_OBFUVISTA /\b\\\/ista\b/i
score WNG_OBFUVISTA 1
Any idea?
Thanks.
--
Samuel Krieg
Hello,
We have a problem that is very annoying. Let me explain it.
Our organisation is using spamassassin with the check for RCVD_IN_PBL.
Now if one of our users is using webmail (exchange) and sends an email
outside the organisation, it gets points for this. (If their provider is
on the PBL)
In
On a new mailserver with 8Gb ram and 2xdual-core CPU's we get regular
messages in the log:
Feb 28 12:52:43 mail2 spamd[32558]: prefork: child states: BIBBB
Feb 28 12:52:44 mail2 spamd[459]: rules: failed to run TVD_STOCK1 test,
skipping:
Feb 28 12:52:44 mail2 spamd[459]: (child processing timeou
I am not really sure this is spam
https://ecm.netcore.co.in/tmp/spammail_calendar.txt
This looks like a simple mail to me .. but the user says it is spam. The
text of the mail too is highly suspicious.
Are you folks getting such mails
Thanks
Ram
HI
I want to increase the telnet secession count from default 30 sec to 120 sec
how do i do this
can some one help me here
--
Regards
Agnello Dsouza
www.linux-vashi.blogspot.com
www.bible-study-india.blogspot.com
Massimiliano Marini wrote:
Debian - SA 3.2.4
In my log I'found a lot message like this:
Feb 28 05:42:32 server spamd[9351]: bayes: cannot open bayes
databases /home/spamassassin/.spamassassin/bayes_* R/W: lock failed:
File exists
How can I solve this problem?
If it's sporadic, that's not a
Pidfile holds the PID of the forked process ie. /var/run/MailScanner.pid
Regards,
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone:
Process Identifier.
When any process is forked (started) it will have unique number associated with
it. It will also have a PPID (Parent Process Identifier) ie. what was the
process that forked the child.
http://en.wikipedia.org/wiki/Process_identifier
Regards,
--
--[ UxBoD ]--
// PGP Key:
while starting spamd i was recomended to use the -r switch which Write the
process id to pidfile
Now!! what is a pidfile ... cant find much on google
can any one help me with this basic stuff !!
thanks !!
--
Regards
Agnello Dsouza
www.linux-vashi.blogspot.com
www.bible-study-india.blogspot.co
Debian - SA 3.2.4
In my log I'found a lot message like this:
Feb 28 05:42:32 server spamd[9351]: bayes: cannot open bayes
databases /home/spamassassin/.spamassassin/bayes_* R/W: lock failed:
File exists
How can I solve this problem?
local.cf
rewrite_header Subject *SPAM*
report_safe 0
r
> --[ UxBoD ]-- wrote:
> > policyd works a treat :) V2 is also in development aswell.
> >
>
> it's not the same. I don't know why they call it V2.
> As far as I know, Cami is no more involved. so I would stick
> with the "current" (which is a single C threaded program).
So you still prefer po
> rbl=hostkarma.junkemailfilter.com/127.0.0.1; action=OK whitelisted
suggest change OK to permit_auth_destination or DUNNO
> rbl=hostkarma.junkemailfilter.com/127.0.0.2; action=REJECT blacklisted
> rbl=hostkarma.junkemailfilter.com/127.0.0.3; action=PREPEND X-Karma: yellow
>
> .. among many othe
83 matches
Mail list logo
