Hi all,
No idea on this one?
On 27 août 2009, at 21:18, Patrick Proniewski wrote:
Hello,
I'm using the amavisd-new/spamassassin 3.2.5/clamav combo on some
servers (Freebsd, Mac OS X Server).
I would like spamassassin to report spam using razor and spamcop
services.
in /usr/local/etc/mai
On Thu, 2009-09-03 at 23:33 +0200, mouss wrote:
> Clunk Werclick a écrit :
> > On Thu, 2009-09-03 at 01:36 -0400, Sahil Tandon wrote:
> >> On Thu, 03 Sep 2009, Clunk Werclick wrote:
> >>
> >>> I'm starting to see plenty of these and they are new to us:
> >>>
> >>> zgrep "address not listed" /var/lo
On Thu, 03 Sep 2009, LuKreme wrote:
> On 3-Sep-2009, at 18:22, Jason Haar wrote:
>> The Register reports that Virus Bulletin has announced it's latest
>
> its
Pedantic drivel.
>> results comparing a range of antispam products. McAfee won - and by
>> the
>> looks of it SpamAssassin and ClamAV c
On 3-Sep-2009, at 20:49, d.h...@yournetplus.com wrote:
The headers checked for whitelist addresses are as follows: if
"Resent-From" is set, use that; otherwise check all addresses
taken from the following set of headers:
Envelope-Sender
Resent-Sender
X-Envelope-From
From
If taken in that order,
On 3-Sep-2009, at 18:22, Jason Haar wrote:
The Register reports that Virus Bulletin has announced it's latest
its
results comparing a range of antispam products. McAfee won - and by
the
looks of it SpamAssassin and ClamAV came last.
SpamAssassin is not an anti-spam program.
Hopefully th
On 3-Sep-2009, at 15:33, mouss wrote:
check_helo_hostname_access hash:/etc/postfix/access_host
If but this in my smtpd_helo_restrictions (with a warn_if_reject for
right now), but where in the smtpd_recipient_restrictions do you
recommend putting this?
check_reverse_client_h
Quoting Matt Kettler :
Mark Mahabir wrote:
2009/9/3 Matt Kettler :
Does the From: header of these messages match *...@domain.com, or are they
*...@something.somedomain.com (which wouldn't match)?
They're definitely *...@domain.com in the From: header.
Does the X-Spam-Status header show
> Interesting, then one of the following is the cause:
0) You didn't restart the daemon after changing its config.
> 1) there's errors in your config, and SA isn't parsing local.cf at all.
> To check for this, run "spamassassin --lint". It should run quietly, if
> it complains, find and fix the o
Mark Mahabir wrote:
> 2009/9/3 Matt Kettler :
>
>> Does the From: header of these messages match *...@domain.com, or are they
>> *...@something.somedomain.com (which wouldn't match)?
>>
>
> They're definitely *...@domain.com in the From: header.
>
>
>> Does the X-Spam-Status header show
The Register reports that Virus Bulletin has announced it's latest
results comparing a range of antispam products. McAfee won - and by the
looks of it SpamAssassin and ClamAV came last.
the methodology was flawed of course (oh no, I've become
One of Those...). The chose SuSE10 which came with SA
On Thu, 03 Sep 2009, John Hardin wrote:
> On Thu, 3 Sep 2009, John Hardin wrote:
>
>> headerRDNS_LOCALHOST X-Spam-Relays-External =~ /^\[
>> ip=(?!127)\d+\.\d+\.\d+\.\d+ rdns=localhost(?:\.localdomain)? /i
>> describe RDNS_LOCALHOST Sender's public rDNS is "localhost"
>>
>> It should be i
On Thu, 3 Sep 2009, John Hardin wrote:
headerRDNS_LOCALHOST X-Spam-Relays-External =~ /^\[
ip=(?!127)\d+\.\d+\.\d+\.\d+ rdns=localhost(?:\.localdomain)? /i
describe RDNS_LOCALHOST Sender's public rDNS is "localhost"
It should be in the 3.3.0 release if I understand the autopublication
On Thu, 3 Sep 2009, Sahil Tandon wrote:
# Warning: UNTESTED!
header LOCAL_RDNS X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=localhost /i
describe LOCAL_RDNS bogus localhost rDNS
scoreLOCAL_RDNS 10.0
Already in the sandbox at
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox
On Thu, 03 Sep 2009, Clunk Werclick wrote:
> On Thu, 2009-09-03 at 09:46 -0600, LuKreme wrote:
> > On 2-Sep-2009, at 23:19, Clunk Werclick wrote:
> > > zgrep "address not listed" /var/log/mail.info
> > > Sep 3 05:26:59 : warning: 222.252.239.56: address not listed for
> > > hostname localhost
On Thu, 2009-09-03 at 11:20 -0400, Charles Gregory wrote:
> I'm seeing a set of spam, with some very regular easily trapped
> text in their headers/body, but with large PDF files that push
> the size of the mail outside the 256K limit for running SA.
That's your limit. ;) The default for spamc is
Clunk Werclick a écrit :
> On Thu, 2009-09-03 at 01:36 -0400, Sahil Tandon wrote:
>> On Thu, 03 Sep 2009, Clunk Werclick wrote:
>>
>>> I'm starting to see plenty of these and they are new to us:
>>>
>>> zgrep "address not listed" /var/log/mail.info
>>> Sep 3 05:26:59 : warning: 222.252.239.56:
On 3-Sep-2009, at 10:00, Clunk Werclick wrote:
On Thu, 2009-09-03 at 09:46 -0600, LuKreme wrote:
I believe the directive in postfix is reject_unknown_client_hostname.
As I understand it, this will not implicitly block PTR = 'localhost'
whilst leaving others alone. It may be possible in 2.6?? bu
Completely offtopic for SA; however, we are in the midst of taking down
habeas.com and I expect this is a product of that work; I too just got a 404
response.
If you wish to discuss this further, please ping me offlist.
On 09-09-03 11:50 AM, "LuKreme" wrote:
> Not for me. It redirects to
> ht
On Thu, 2009-09-03 at 09:46 -0600, LuKreme wrote:
> On 2-Sep-2009, at 23:19, Clunk Werclick wrote:
> > zgrep "address not listed" /var/log/mail.info
> > Sep 3 05:26:59 : warning: 222.252.239.56: address not listed for
> > hostname localhost
> > dig -x 222.252.239.56
> >
> > ...
> > ;; QUESTION
On 3-Sep-2009, at 09:32, Neil Schwartzman wrote:
On 09-09-03 11:20 AM, "Michael Scheidell"
wrote:
Sure, but why not go to the correct URL at http://www.habeas.com/report/
instead?
still brings up 'this page has disappeared'
Not for me. It redirects to
http://seal.habeas.com/Company_F
On 2-Sep-2009, at 23:19, Clunk Werclick wrote:
zgrep "address not listed" /var/log/mail.info
Sep 3 05:26:59 : warning: 222.252.239.56: address not listed for
hostname localhost
dig -x 222.252.239.56
...
;; QUESTION SECTION:
;56.239.252.222.in-addr.arpa. IN PTR
;; ANSWER SECTION:
56.239.252
On Thu, 3 Sep 2009, Charles Gregory wrote:
I'm seeing a set of spam, with some very regular easily trapped text in
their headers/body, but with large PDF files that push the size of the
mail outside the 256K limit for running SA.
Anyone have any experience raising that limit? How high can we
On 09-09-03 11:20 AM, "Michael Scheidell" wrote:
>>
>> Sure, but why not go to the correct URL at http://www.habeas.com/report/
>> instead?
>>
>>
> still brings up 'this page has disappeared'
Not for me. It redirects to
http://seal.habeas.com/Company_Feedback.php
> ip: 174.143.89.6
>
>
On 27.08.09 13:59, Mike Cardwell wrote:
> I received an email with a date header like this:
>
> Date: 27 Aug 09 13:50:20 0100
>
> That header triggered the following rule:
>
> 1.7 INVALID_DATE Invalid Date: header (not RFC 2822)
>
> That's fair enough, but then a second rule was incorrect
I'm seeing a set of spam, with some very regular easily trapped
text in their headers/body, but with large PDF files that push
the size of the mail outside the 256K limit for running SA.
Anyone have any experience raising that limit? How high can we
go before it really starts to impact performan
Neil Schwartzman wrote:
(going to www.habaes.com/report/ brings up a 'this page has disappeared'
page.
Sure, but why not go to the correct URL at http://www.habeas.com/report/
instead?
still brings up 'this page has disappeared'
ip: 174.143.89.6
using your marks illegally?
was
On 09-09-03 10:45 AM, "Michael Scheidell" wrote:
> I think someone on this mailing list mentioned that habeas doesn't use,
> or endorse use of the old 'habeas' marks in email anymore, right?
> Would it be safe to assume that anyone using this in the headers is a
> spammer trying to get a free rid
I think someone on this mailing list mentioned that habeas doesn't use,
or endorse use of the old 'habeas' marks in email anymore, right?
Would it be safe to assume that anyone using this in the headers is a
spammer trying to get a free ride?
(going to www.habaes.com/report/ brings up a 'this pag
> > forgive me, why do you want all that crap into your spamassassin when
> > postfix can solve it for you without a hick ?
>
> Obvious answer: not everyone who uses SA uses postfix.
Another slightly less obvious: to let autolearning see what new
crap it has to learn, and/or to check rules effecti
On Thu, 2009-09-03 at 16:00 +0200, Benny Pedersen wrote:
> On Thu 03 Sep 2009 03:05:50 PM CEST, Justin Mason wrote
> > On Thu, Sep 3, 2009 at 12:18, Benny Pedersen wrote:
> >> On Thu 03 Sep 2009 07:19:35 AM CEST, Clunk Werclick wrote
> >>> Forgive the stupidity of the question, but I'm not sure how
Benny Pedersen wrote:
On Thu 03 Sep 2009 03:05:50 PM CEST, Justin Mason wrote
On Thu, Sep 3, 2009 at 12:18, Benny Pedersen wrote:
On Thu 03 Sep 2009 07:19:35 AM CEST, Clunk Werclick wrote
Forgive the stupidity of the question, but I'm not sure how to, or even
if it can be implemented?
forgive
On Thu 03 Sep 2009 03:05:50 PM CEST, Justin Mason wrote
On Thu, Sep 3, 2009 at 12:18, Benny Pedersen wrote:
On Thu 03 Sep 2009 07:19:35 AM CEST, Clunk Werclick wrote
Forgive the stupidity of the question, but I'm not sure how to, or even
if it can be implemented?
forgive me, why do you want al
2009/9/3 Matt Kettler :
> Does the From: header of these messages match *...@domain.com, or are they
> *...@something.somedomain.com (which wouldn't match)?
They're definitely *...@domain.com in the From: header.
> Does the X-Spam-Status header show that a blacklist matched
> (USER_IN_BLACKLIST)?
On Thu, 3 Sep 2009, Clunk Werclick wrote:
zgrep "address not listed" /var/log/mail.info
Sep 3 05:26:59 : warning: 222.252.239.56: address not listed for
hostname localhost
dig -x 222.252.239.56
...
;; QUESTION SECTION:
;56.239.252.222.in-addr.arpa. IN PTR
;; ANSWER SECTION:
56.239.252.222
> On Tue, 2009-08-25 at 08:06 +0200, Benny Pedersen wrote:
>
> > else fight sender forgies in mta, and only accept spf pass, if sender
> > domain is not with spf record count how many ham mails is comming from
> > this domain, if none, then domain blacklist this sender, open again if
> > the
> > On Thu 03 Sep 2009 07:19:35 AM CEST, Clunk Werclick wrote
> >> Forgive the stupidity of the question, but I'm not sure how to, or even
> >> if it can be implemented?
> On Thu, Sep 3, 2009 at 12:18, Benny Pedersen wrote:
> > forgive me, why do you want all that crap into your spamassassin when
On Thu, Sep 3, 2009 at 12:18, Benny Pedersen wrote:
> On Thu 03 Sep 2009 07:19:35 AM CEST, Clunk Werclick wrote
>
>> Forgive the stupidity of the question, but I'm not sure how to, or even
>> if it can be implemented?
>
> forgive me, why do you want all that crap into your spamassassin when
> postf
On Thu 03 Sep 2009 07:19:35 AM CEST, Clunk Werclick wrote
Forgive the stupidity of the question, but I'm not sure how to, or even
if it can be implemented?
forgive me, why do you want all that crap into your spamassassin when
postfix can solve it for you without a hick ?
--
xpoint
Clunk Werclick wrote:
> On Thu, 2009-09-03 at 05:23 -0400, Matt Kettler wrote:
>
>> Clunk Werclick wrote:
>>
>>> Howdie;
>>>
>>> I'm starting to see plenty of these and they are new to us:
>>>
>>> zgrep "address not listed" /var/log/mail.info
>>> Sep 3 05:26:59 : warning: 222.252.239.5
On Thu, 2009-09-03 at 05:23 -0400, Matt Kettler wrote:
> Clunk Werclick wrote:
> > Howdie;
> >
> > I'm starting to see plenty of these and they are new to us:
> >
> > zgrep "address not listed" /var/log/mail.info
> > Sep 3 05:26:59 : warning: 222.252.239.56: address not listed for
> > hostname
Matt Kettler wrote:
> Clunk Werclick wrote:
>
>> Howdie;
>>
>> I'm starting to see plenty of these and they are new to us:
>>
>> zgrep "address not listed" /var/log/mail.info
>> Sep 3 05:26:59 : warning: 222.252.239.56: address not listed for
>> hostname localhost
>> dig -x 222.252.239.56
>
Clunk Werclick wrote:
> Howdie;
>
> I'm starting to see plenty of these and they are new to us:
>
> zgrep "address not listed" /var/log/mail.info
> Sep 3 05:26:59 : warning: 222.252.239.56: address not listed for
> hostname localhost
> dig -x 222.252.239.56
>
> ...
> ;; QUESTION SECTION:
> ;56
On Thu, 2009-09-03 at 01:36 -0400, Sahil Tandon wrote:
> On Thu, 03 Sep 2009, Clunk Werclick wrote:
>
> > I'm starting to see plenty of these and they are new to us:
> >
> > zgrep "address not listed" /var/log/mail.info
> > Sep 3 05:26:59 : warning: 222.252.239.56: address not listed for
> >
43 matches
Mail list logo
