> >
> That was going to be my guess, too. You're not swapping, or
> having some other i/o issue are you?
>
> /Jason
>
no sir
i shutdown spamassassin
backed it all up
dusted bayes
started spamassassin
retrained 200 plus of each
seems ok so far...
3.2.5 was working awesome overall
>> Still the same result :(
>>
>
> Clueless here, can't figure out anything...
Jari, it's okay. It'll get better. Is there someone you can talk to about that?
:-)
Best,
Alex
On 4/14/2010 4:59 PM, R-Elists wrote:
I'd guess that you have a bayes expire running that is either
taking too long or not finishing and leaving lock files around.
Turn off bayes_auto_expire and use bayes_learn_to_journal.
Add a cron job to periodically sa-learn --sync (say hourly)
and another c
Matus UHLAR - fantomas wrote:
On 14.04.10 16:16, Kris Deugau wrote:
... In other words, keep track of all of the third-party hosting systems
our customers insist on forwarding their domain mail to their ISP
account (ie, us) from?
Not practical.
requiring your users to send mail through yo
> Michael Scheidell wrote:
>> i get NO backscatter here.
>> case study for one of our clients, they got 50,000 spams a month
>> (normally). they got joe jobbed. they started to get 5MM a month.
>> (with no increase in backscatter reaching users. In fact, the client
>> never knew.. until the
On 15.4.2010 0:32, John Hardin wrote:
>
> A mailing list about spam detection shouldn't discuss actual samples of
> spam to detect?
Of course it should.
>
> The primary reason for posting samples to pastebin et all is to prevent
> the mangling that sending them through the mail will inevitably
On Wed, 14 Apr 2010, d.h...@yournetplus.com wrote:
Quoting Jari Fredriksson :
On 14.4.2010 19:57, d.h...@yournetplus.com wrote:
> Quoting Jari Fredriksson :
>
> > Please do not post spammy mail to the list (it "poisons" our Bayes
> > with spammy tokens with hammy score).
>
> Why are you sca
On Wed, 14 Apr 2010, Jari Fredriksson wrote:
Please do not post spammy mail to the list (it "poisons" our Bayes with
spammy tokens with hammy score).
If you're running SA list emails through SA you deserve what you get. :)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhard
>
> I'd guess that you have a bayes expire running that is either
> taking too long or not finishing and leaving lock files around.
>
> Turn off bayes_auto_expire and use bayes_learn_to_journal.
> Add a cron job to periodically sa-learn --sync (say hourly)
> and another cron job to do sa-learn
Michael Scheidell wrote:
i get NO backscatter here.
case study for one of our clients, they got 50,000 spams a month
(normally). they got joe jobbed. they started to get 5MM a month.
(with no increase in backscatter reaching users. In fact, the client
never knew.. until the next month when h
On 4/14/10 3:57 PM, Kris Deugau wrote:
Michael Scheidell wrote:
yes, but they are disabled unless you have specific whitelists. the
'original-message content' you are looking for.
vbounce rules are disabled, even if you enable them unless you also
have this in *.cf
whitelist_bounce_relays
Matt Garretson wrote:
Despite conventional wisdom to the contrary, I have been training Bayes
on bounces (both spam and ham) for years with at least semi-decent
results when it comes to backscatter. That'd be one potential way to get
at the original content (when it's available). But I'd advise a
Michael Scheidell wrote:
yes, but they are disabled unless you have specific whitelists. the
'original-message content' you are looking for.
vbounce rules are disabled, even if you enable them unless you also have
this in *.cf
whitelist_bounce_relays {your outbound mail servers}
As I sai
On 4/14/2010 2:23 PM, Kris Deugau wrote:
> I'm looking for a way to match on that original-message content - after
> all, that's the real spam payload; the rest of the message is perfectly
> legitimate.
Despite conventional wisdom to the contrary, I have been training Bayes
on bounces (both sp
On 4/14/10 2:23 PM, Kris Deugau wrote:
Michael Scheidell wrote:
On 4/14/10 12:21 PM, Kris Deugau wrote:
Is there a consistent way to match whatever headers might be
available in a returned message?
use the vbounce rules. google for sa and vbounce. its already done
if you are using a newer
From: "R-Elists"
Date: Wed, 14 Apr 2010 08:43:21 -0700
having spent the better part of a two days searching as well as trying
different configs and SA restarts
we do not have a "hardware horsepower" resource starvation issue
in reference to the error
spamd[30339]:
On 14.4.2010 21:38, yongke wrote:
>
> I don't think I am running compiled rules as I haven't changed any rules... I
> just used that channel thing. I have also restarted SA using the following
> command:
>
> sudo /etc/init.d/spamassassin restart
>
> Still the same result :(
>
Clueless here, c
I don't think I am running compiled rules as I haven't changed any rules... I
just used that channel thing. I have also restarted SA using the following
command:
sudo /etc/init.d/spamassassin restart
Still the same result :(
McDonald, Dan wrote:
>
> On Wed, 2010-04-14 at 11:18 -0700, yongke
On Wed, 2010-04-14 at 11:18 -0700, yongke wrote:
> I installed all the channels in your post but I still get the same score! Is
> there anything else I can do?
Are you running with compiled rules? Then you need to recompile them.
Are you running a daemonized spamd or amavisd instance? You wil
Michael Scheidell wrote:
On 4/14/10 12:21 PM, Kris Deugau wrote:
Is there a consistent way to match whatever headers might be available
in a returned message?
use the vbounce rules. google for sa and vbounce. its already done if
you are using a newer version of SA.
you need to specifically
I installed all the channels in your post but I still get the same score! Is
there anything else I can do? The commands I used are:
wget -qO - http://khopesh.com/sa/GPG.KEY http://yerp.org/rules/GPG.KEY \
http://daryl.dostech.ca/sa-update/sare/GPG.KEY |sudo sa-update --import -
sudo gpg --keyr
>
> notes:
>
> when using flock as the file locking in
> /etc/mail/spamassassin/local.cf we get
>
> spamd[2489]: bayes: cannot open bayes databases
> /home/spamd/.spamassassin/bayes_* R/W: lock failed:
> Interrupted system call
> spamd[2489]: bayes: cannot open bayes databases
> /home/spamd/.
Hi,
> spamd[30339]: bayes: cannot open bayes databases
> /home/spamd/.spamassassin/bayes_* R/W: lock failed: Interrupted system call
>
> what is bayes_mutex ?
Many years ago Matt wrote this post that describes it:
http://lists.mailscanner.info/pipermail/mailscanner/2004-November/043067.html
"I
Quoting Michael Scheidell :
On 4/14/10 12:21 PM, Kris Deugau wrote:
Is there a consistent way to match whatever headers might be
available in a returned message?
use the vbounce rules. google for sa and vbounce. its already done
if you are using a newer version of SA.
you need to specifi
Quoting Jari Fredriksson :
On 14.4.2010 19:57, d.h...@yournetplus.com wrote:
Quoting Jari Fredriksson :
Please do not post spammy mail to the list (it "poisons" our Bayes with
spammy tokens with hammy score).
Why are you scanning messages to the SA list? I do not for your reasoning.
Beca
On 4/14/10 12:21 PM, Kris Deugau wrote:
Is there a consistent way to match whatever headers might be available
in a returned message?
use the vbounce rules. google for sa and vbounce. its already done if
you are using a newer version of SA.
you need to specifically whitelist the outbound mai
On 14.4.2010 19:57, d.h...@yournetplus.com wrote:
> Quoting Jari Fredriksson :
>
>> Please do not post spammy mail to the list (it "poisons" our Bayes with
>> spammy tokens with hammy score).
>
> Why are you scanning messages to the SA list? I do not for your reasoning.
>
Because currently I wa
Oh sorry, disregard my last reply. I looked it up on Google and found the
FAQ on channel.
Jari Fredriksson wrote:
>
> On 14.4.2010 18:57, yongke wrote:
>>
>> Well, we send emails on behalf of clients, and so we are trying catch
>> phishing spam before they are sent out. Since the email aren
I am sorry, can you please explain what do you mean by "channels"? I haven't
changed anything at all from the install. The default ruleset is the one I
use and my command is this:
spamc -R < foo
where foo is the file with the email I posted.
Jari Fredriksson wrote:
>
> On 14.4.2010 18:57,
Quoting Jari Fredriksson :
Please do not post spammy mail to the list (it "poisons" our Bayes with
spammy tokens with hammy score).
Why are you scanning messages to the SA list? I do not for your reasoning.
On 14.4.2010 18:57, yongke wrote:
>
> Well, we send emails on behalf of clients, and so we are trying catch
> phishing spam before they are sent out. Since the email aren't sent yet, we
> had to generate a mock email for SA. The header in the example is what we
> THINK the headers will be when t
Is there a consistent way to match whatever headers might be available
in a returned message?
I've got one customer reporting backscatter spam, and while I've been
able to create a number of rules that usually hit, they tend to fail on
NDRs that are not "properly" formatted (eg, complete or
h
Sorry, I'll stop that from now on.
Jari Fredriksson wrote:
>
> On 14.4.2010 17:54, yongke wrote:
>>
>> Hi guys
>>
>> Is there anyway to filter out phishing emails using spam assassin? My
>> current test email wasn't blocked and SA had a score 0f 0:
>>
>
> Please do not post spammy mail to
Well, we send emails on behalf of clients, and so we are trying catch
phishing spam before they are sent out. Since the email aren't sent yet, we
had to generate a mock email for SA. The header in the example is what we
THINK the headers will be when they are actually sent out.
When you tried i
greetings :-)
config is centos4 SA 3.3.1 upgraded from SA 3.2.5
having spent the better part of a two days searching as well as trying
different configs and SA restarts
no good results
we do not have a "hardware horsepower" resource starvation issue
this machine does *not* use SQL for Spamass
On 14.4.2010 17:54, yongke wrote:
>
> Hi guys
>
> Is there anyway to filter out phishing emails using spam assassin? My
> current test email wasn't blocked and SA had a score 0f 0:
>
Please do not post spammy mail to the list (it "poisons" our Bayes with
spammy tokens with hammy score).
Post
yongke wrote:
> Hi guys
>
> Is there anyway to filter out phishing emails using spam assassin?
> My current test email wasn't blocked and SA had a score 0f 0:
>
> [ Wire transfer scam email ]
This is a fairly innocuous email. There is not much there to key on.
You could try adding rules for thin
On 14.4.2010 17:54, yongke wrote:
>
> Hi guys
>
> Is there anyway to filter out phishing emails using spam assassin? My
> current test email wasn't blocked and SA had a score 0f 0:
>
You sample was not a real email with all headers, or so it looked.
However, I sent to my SA, and here is the r
Hi guys
Is there anyway to filter out phishing emails using spam assassin? My
current test email wasn't blocked and SA had a score 0f 0:
X-Unsubscribe:
From: "Harold johnson"
Sender: globalsky...@aol.com
Reply-To: globalsky...@aol.com
To: globalsky...@aol.com
Message-ID:
Subject: Hello - Re
39 matches
Mail list logo
