Matt Kettler a écrit :
> Kate Kleinschafer wrote:
>> Hi all,
>>
>> Just wondering what the permissions should be on the
>> /root/.spamassassin folder.
>>
>> When I run a message by the command
>> sudo -u postfix spamassassin -p
>> /etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
>>
>> I a
Matt Kettler wrote:
Kate Kleinschafer wrote:
Hi all,
Just wondering what the permissions should be on the
/root/.spamassassin folder.
When I run a message by the command
sudo -u postfix spamassassin -p
/etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
I am getting the error warn:
Theo Van Dinter wrote:
> On Tue, Oct 14, 2008 at 09:32:42PM -0400, Matt Kettler wrote:
>
>> Agreed. However, there are times where it's not worth fixing a FP case
>> because its a rare case caused by a small-scale broken tool that
>> violates the specs.
>>
>
> FWIW, this case is specificall
On Tue, Oct 14, 2008 at 09:32:42PM -0400, Matt Kettler wrote:
> Agreed. However, there are times where it's not worth fixing a FP case
> because its a rare case caused by a small-scale broken tool that
> violates the specs.
FWIW, this case is specifically looked for by the rule.
> Of course, I la
Joseph Brennan wrote:
>
>
>> Yes, it should have. If a multipart/alternate mail only has a text/html
>> part, it should be a text/html mail.
>
>
> No. The standard allows multipart/alternative to contain only
> one part. See the comment in RFC 2046 5.1.1 :
>
> NOTE: Experience has shown that a
Greg Troxel wrote:
> Theo Van Dinter <[EMAIL PROTECTED]> writes:
>
>
>> On Tue, Oct 14, 2008 at 06:55:27PM -0400, Greg Troxel wrote:
>>
2.5 MPART_ALT_DIFF BODY: HTML and text parts are different
well of course, because
>>> This rule seems like it should not
Yes, it should have. If a multipart/alternate mail only has a text/html
part, it should be a text/html mail.
No. The standard allows multipart/alternative to contain only
one part. See the comment in RFC 2046 5.1.1 :
NOTE: Experience has shown that a "multipart" media type with a
singl
At 17:32 14-10-2008, Kate Kleinschafer wrote:
Just wondering what the permissions should be on the
/root/.spamassassin folder.
When I run a message by the command
sudo -u postfix spamassassin -p
/etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
I am getting the error warn: config: p
> -Original Message-
> From: Kate Kleinschafer [mailto:[EMAIL PROTECTED]
> Sent: 15 October 2008 1:32 p.m.
> To: users@spamassassin.apache.org
> Subject: permissions on /root/.spamassassin folder
>
> Hi all,
>
> Just wondering what the permissions should be on the
/root/.spamassassin
> f
Kate Kleinschafer wrote:
> Hi all,
>
> Just wondering what the permissions should be on the
> /root/.spamassassin folder.
>
> When I run a message by the command
> sudo -u postfix spamassassin -p
> /etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
>
> I am getting the error warn: config: p
Hi all,
Just wondering what the permissions should be on the /root/.spamassassin
folder.
When I run a message by the command
sudo -u postfix spamassassin -p
/etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
I am getting the error warn: config: path /root/.spamassassin is
inaccessi
Mark Martinec schreef:
First, UML is a virtual machine infrastructure.
See http://user-mode-linux.sourceforge.net/
Now you are talking!
See:
http://fixunix.com/openssl/518688-re-uml-devel-dev-random-problems-fp-regis
ters-corruption.html
Seems like it was fixed in February 2008:
UML - Fix
Theo Van Dinter <[EMAIL PROTECTED]> writes:
> On Tue, Oct 14, 2008 at 06:55:27PM -0400, Greg Troxel wrote:
>> > 2.5 MPART_ALT_DIFF BODY: HTML and text parts are different
>> > well of course, because
>>
>> This rule seems like it should not have fired.
>
> Yes, it should have. If a mul
On Tue, Oct 14, 2008 at 06:55:27PM -0400, Greg Troxel wrote:
> > 2.5 MPART_ALT_DIFF BODY: HTML and text parts are different
> > well of course, because
>
> This rule seems like it should not have fired.
Yes, it should have. If a multipart/alternate mail only has a text/html part,
it sho
[EMAIL PROTECTED] writes:
> Gentlemen, it seems spamassassin used full military justice here:
>
> 0.0 HTML_MESSAGE BODY: HTML included in message
0 points, so it's just noting.
> 2.5 MPART_ALT_DIFF BODY: HTML and text parts are different
> well of course, because
This rule
Randy a écrit :
> mouss wrote:
>> Ned Slider a écrit :
>>
>>> Randy wrote:
>>>
Ken A wrote:
> Randy wrote:
>
> Are you sure it's not spam bounces (joe job)?
> This is more common than a spam attack
> Ken
>
>
Yeah we get those in spurts
On Tue, October 14, 2008 21:16, Ned Slider wrote:
> least then you could save a bunch of hits against Spamhaus and reject
> the mail as early as possible in the smtp process.
in main.cf
smtpd_client_restriction =
reject_unlisted_recipient
reject_rbl_client ...
--
Benny Pedersen
Need more we
Hello William,
This is a very good question. I had to ask that of myself just 2 weeks
ago.
Pyzor is great, it marks up Spam really well. I'm not going to report
statistics, but it is *very* effective in reducing levels of Spam.
However, as our site is quite busy, the amount of Pyzor hash lookups
mouss wrote:
Ned Slider a écrit :
Randy wrote:
Ken A wrote:
Randy wrote:
Are you sure it's not spam bounces (joe job)?
This is more common than a spam attack
Ken
Yeah we get those in spurts, but this appears to not be the case. We
are getting thousands of connects fr
Gentlemen, it seems spamassassin used full military justice here:
0.0 HTML_MESSAGE BODY: HTML included in message
2.5 MPART_ALT_DIFF BODY: HTML and text parts are different
well of course, because
2.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
OK, then
On Tue, 14 Oct 2008, Randy wrote:
John Hardin wrote:
On Tue, 14 Oct 2008, Randy wrote:
> It appears to be a spambot ( botnet ) , and it really isn't enough
> traffic to cause DDOS so I really should change the topic header. The
> traffic may be 4 - 10 emails per day for this emai
John Hardin wrote:
On Tue, 14 Oct 2008, Randy wrote:
It appears to be a spambot ( botnet ) , and it really isn't enough
traffic to cause DDOS so I really should change the topic header. The
traffic may be 4 - 10 emails per day for this email address.
To a _single_ invalid address? If
Ned Slider a écrit :
> Randy wrote:
>> Ken A wrote:
>>> Randy wrote:
>>>
>>> Are you sure it's not spam bounces (joe job)?
>>> This is more common than a spam attack
>>> Ken
>>>
>> Yeah we get those in spurts, but this appears to not be the case. We
>> are getting thousands of connects from non MX
On Tue, 14 Oct 2008, Randy wrote:
It appears to be a spambot ( botnet ) , and it really isn't enough
traffic to cause DDOS so I really should change the topic header. The
traffic may be 4 - 10 emails per day for this email address.
To a _single_ invalid address? If it were me I'd acce
On Tue, 14 Oct 2008, Matus UHLAR - fantomas wrote:
so, change it to (+) 0.001. how likely is it to change ham to spam?
the same chance, I'd say, for cases someone uses e.g. DKIM...
That's why I search for different solution...
Well, this was not the first time I'd like to clear effect of a r
Randy wrote:
Ken A wrote:
Randy wrote:
Are you sure it's not spam bounces (joe job)?
This is more common than a spam attack
Ken
Yeah we get those in spurts, but this appears to not be the case. We are
getting thousands of connects from non MX hosts and many are blocked at
the smtp layer by o
Ken A wrote:
Randy wrote:
Martin Gregorie wrote:
Why would a botnet waste resources by sending tens of thousands of
spam to a single e-mail address?
Is it really a spambot or could it be a DDOS attack?
Martin
It is both but not actually. :)
It appears to be a spambot ( botnet
Randy wrote:
> We are being spammed by a botnet to a single email address which makes
> it difficult to block. Spamhaus catches about 1/2 of them, but the
> rest are blocked via postfix becuase this is an old account and does
> not have a mailbox.
Are you sure this isn't backscatter where the botn
Randy wrote:
Martin Gregorie wrote:
Why would a botnet waste resources by sending tens of thousands of
spam to a single e-mail address?
Is it really a spambot or could it be a DDOS attack?
Martin
It is both but not actually. :)
It appears to be a spambot ( botnet ) , and it rea
Martin Gregorie wrote:
Why would a botnet waste resources by sending tens of thousands of spam
to a single e-mail address?
Is it really a spambot or could it be a DDOS attack?
Martin
It is both but not actually. :)
It appears to be a spambot ( botnet ) , and it really isn't enou
> Why would a botnet waste resources by sending tens of thousands of spam
> to a single e-mail address?
>
Is it really a spambot or could it be a DDOS attack?
Martin
Hi,
We are being spammed by a botnet to a single email address which makes
it difficult to block. Spamhaus catches about 1/2 of them, but the rest
are blocked via postfix becuase this is an old account and does not have
a mailbox.
Why would a botnet waste resources by sending tens of thousan
On Tue, Oct 14, 2008 at 11:24:35AM -0500, Daniel J McDonald wrote:
>
> On Tue, 2008-10-14 at 18:17 +0200, Matus UHLAR - fantomas wrote:
> > On 14.10.08 11:05, Daniel J McDonald wrote:
> > > On Tue, 2008-10-14 at 16:55 +0100, Martin Gregorie wrote:
> > > > On Tue, 2008-10-14 at 17:31 +0200, Matus U
> > First, UML is a virtual machine infrastructure.
> > See http://user-mode-linux.sourceforge.net/
>
> Now you are talking!
>
> See:
> http://fixunix.com/openssl/518688-re-uml-devel-dev-random-problems-fp-regis
>ters-corruption.html
Seems like it was fixed in February 2008:
UML - Fix FP regist
Benedict,
> > Please don't delete your AWL. I'll provide a patch which will reset a
> > bad entry when it encounters one, so your db will be a good testground.
>
> I already deleted it but i had a backup so the original is already
> restored.
The updated patch is now attached to
https://issues.
On Tue, 2008-10-14 at 18:17 +0200, Matus UHLAR - fantomas wrote:
> On 14.10.08 11:05, Daniel J McDonald wrote:
> > On Tue, 2008-10-14 at 16:55 +0100, Martin Gregorie wrote:
> > > On Tue, 2008-10-14 at 17:31 +0200, Matus UHLAR - fantomas wrote:
> > > >
> > > > On 14.10.08 16:20, Martin Gregorie wr
On 14.10.08 11:05, Daniel J McDonald wrote:
> On Tue, 2008-10-14 at 16:55 +0100, Martin Gregorie wrote:
> > On Tue, 2008-10-14 at 17:31 +0200, Matus UHLAR - fantomas wrote:
> > >
> > > On 14.10.08 16:20, Martin Gregorie wrote:
> > > > Why not change its name to __SPF_PASS and only use it in meta-r
On Tue, 2008-10-14 at 16:55 +0100, Martin Gregorie wrote:
> On Tue, 2008-10-14 at 17:31 +0200, Matus UHLAR - fantomas wrote:
> >
> > On 14.10.08 16:20, Martin Gregorie wrote:
> > > Why not change its name to __SPF_PASS and only use it in meta-rules?
> >
> > because that's SA rule, even if I chan
On Tue, 2008-10-14 at 17:31 +0200, Matus UHLAR - fantomas wrote:
> > On Tue, 2008-10-14 at 16:36 +0200, Matus UHLAR - fantomas wrote:
> > > On 14.10.08 07:12, Daniel J McDonald wrote:
> > > > On Tue, 2008-10-14 at 08:55 +0200, Matus UHLAR - fantomas wrote:
> > > > > > On Mon, October 13, 2008 16:39
I just added Pyzor to a server for the last 24 hours out of curiousity.
All the spam it hit, was already well tagged as spam, eg scores in the 20+
range, but it also hit a few hams which fortunately had enough good points
to not go above the threshold.
This may well be a reflection on the effect
Benedict,
> spamd[1321]: plugin: eval failed:
> Sort subroutine didn't return a numeric value
> at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 278.
Again a NaN out of nowhere, this time in timing data.
> First, UML is a virtual machine infrastructure.
> See http://user-mode-linux.source
> On Tue, 2008-10-14 at 16:36 +0200, Matus UHLAR - fantomas wrote:
> > On 14.10.08 07:12, Daniel J McDonald wrote:
> > > On Tue, 2008-10-14 at 08:55 +0200, Matus UHLAR - fantomas wrote:
> > > > > On Mon, October 13, 2008 16:39, Henrik K wrote:
> > > > >
> > > > > >> meta SPF_PASS (SPF_PASS && !BAY
On Tue, 2008-10-14 at 16:36 +0200, Matus UHLAR - fantomas wrote:
> On 14.10.08 07:12, Daniel J McDonald wrote:
> > On Tue, 2008-10-14 at 08:55 +0200, Matus UHLAR - fantomas wrote:
> > > > On Mon, October 13, 2008 16:39, Henrik K wrote:
> > > >
> > > > >> meta SPF_PASS (SPF_PASS && !BAYES_99)
> > >
Mark Martinec wrote:
> Benedict,
>
>> This again suggests that something is broken with my AWL. I think i'd
>> better delete it.
>> As it seems now, the only thing strange left is the AWL & related NaN.
>>
>
> Please don't delete your AWL. I'll provide a patch which will reset a
> bad entry
Benedict,
> This again suggests that something is broken with my AWL. I think i'd
> better delete it.
> As it seems now, the only thing strange left is the AWL & related NaN.
Please don't delete your AWL. I'll provide a patch which will reset a
bad entry when it encounters one, so your db will b
> -Original Message-
> From: Jeff Chan [mailto:[EMAIL PROTECTED]
> Sent: 2008-10-13 05:28
> To: users@spamassassin.apache.org
> Subject: Re: URIBL_BLACK
>
>
> On Friday, October 10, 2008, 11:29:33 PM, Yet Ninja wrote:
>
> > Something tells me your stats are either obsolete, biased, bor
On Tue, 2008-10-14 at 16:19 +0200, Benedict Verheyen wrote:
> Karsten Bräckelmann wrote:
> > On Tue, 2008-10-14 at 10:04 +0200, Benedict Verheyen wrote:
> >
> >> i have tested with another spam message that has a combined score of
> >> 22.5 and it's not flagged as spam.
> >> The full debug log
On 14.10.08 07:12, Daniel J McDonald wrote:
> On Tue, 2008-10-14 at 08:55 +0200, Matus UHLAR - fantomas wrote:
> > > On Mon, October 13, 2008 16:39, Henrik K wrote:
> > >
> > > >> meta SPF_PASS (SPF_PASS && !BAYES_99)
> > > > Obviously you can't redefine SPF_PASS on the fly.
> >
> > On 13.10.08 2
Karsten Bräckelmann wrote:
> On Tue, 2008-10-14 at 10:04 +0200, Benedict Verheyen wrote:
>
>> i have tested with another spam message that has a combined score of
>> 22.5 and it's not flagged as spam.
>> The full debug log is here:
>> http://www.heimdallit.be/download/spam_debug_1.txt
>>
On Tue, 2008-10-14 at 16:00 +0200, Benedict Verheyen wrote:
> Karsten Bräckelmann wrote:
> > This might be relevant WRT to bug 3364 [2], it definitely matches the
> > summary. Can you still reproduce these NaN scores, if you comment out
> > the above options?
> As for reproducing, see last part o
On Tue, 2008-10-14 at 10:04 +0200, Benedict Verheyen wrote:
> i have tested with another spam message that has a combined score of
> 22.5 and it's not flagged as spam.
> The full debug log is here:
> http://www.heimdallit.be/download/spam_debug_1.txt
Hmm, does that say that a bunch of major R
Karsten Bräckelmann wrote:
>> as i said, to my knowledge, i'm not using any custom headers and i
>> asked how i could know for sure as it's not clear to me how to check
>
> Ah, sorry, kind of forgot about that. Well, posting your cf files is one
> option. ;) Another one is to read the configurat
On Tue, 2008-10-14 at 09:03 +0200, Benedict Verheyen wrote:
> Karsten Bräckelmann schreef:
> > Benedict, since I asked about custom headers before, it might be a good
> > idea to carefully check the config and answer my previous question.
> > Since you're not using custom rules, but change scores,
On Tue, 2008-10-14 at 08:55 +0200, Matus UHLAR - fantomas wrote:
> > On Mon, October 13, 2008 16:39, Henrik K wrote:
> >
> > >> meta SPF_PASS (SPF_PASS && !BAYES_99)
> > > Obviously you can't redefine SPF_PASS on the fly.
>
> On 13.10.08 21:08, Benny Pedersen wrote:
> > olso that SPF_PASS was ne
Mark Martinec schreef:
Benedict,
Thing is, what is causing the nan?
My guess is that a NaN somehow got into your AWL database.
I have reopened bug 3364, and attached a richer patch:
"Deal with NaN in AutoWhitelist and PerMsgStatus"
which includes my previous patch and also instrume
Benedict Verheyen wrote:
Some more interesting stuff from /var/log/syslog:
Oct 14 09:15:08 loki spamd[1274]: auto-whitelist: attempt to add a nan
to AWL entry ignored
177 Oct 14 09:15:08 loki spamd[1274]: !! rules: score 'nan' for rule
'AWL' in 'AWL: ' 'From: address is in the auto white-lis
Mark Martinec wrote:
> Guenther, Benedict,
>
>>> My guess is that a NaN somehow got into your AWL database.
>> Things are much more complicated, or rather weird, than that.
>>
>> According to Benedict's reports and pasted snippets, he got an NaN score
>> for at least 3 rules: FROM_ILLEGAL_CHARS, A
On 13.10.08 08:25, William Taylor wrote:
> Is Pyzor worth running these days?
> Is it still effective?
> Can anyone using it comment on it?
works for me, however there are still some error messages.
And it has FPs for some mailing lists monthly notices (and I have to
register to be able to list/de
Karsten Bräckelmann schreef:
> Benedict, since I asked about custom headers before, it might be a good
> idea to carefully check the config and answer my previous question.
> Since you're not using custom rules, but change scores, you likely
> copied (read: inherited) that part from your previous c
59 matches
Mail list logo
