On 02/16/2015 06:21 PM, RW wrote:
On Mon, 16 Feb 2015 16:40:53 +0100
rsmits-l wrote:
On 02/16/2015 04:17 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 --> ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our tr
Alex Regan wrote:
Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in
require at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm
line 500.
Looks to me like the same issue (but a different symptom) as reported
my mls mid January 2015 on the SA users mailing list:
"M
Hi,
...
Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in
require at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm
line 500.
Looks to me like the same issue (but a different symptom) as reported
my mls mid January 2015 on the SA users mailing list:
"Mail::SpamAss
Thank you, all, those are excellent examples.
@Antony, I particularly appreciated your response (and the spelling of your
name). To clarify: I am not saying that all messages to ALL ex-staff are
spam, only the messages to specific ex-staff. Also, this email server is
acting as relay/filter for a
On 16.02.15 10:44, ttgh wrote:
We get 'waves' of spam which are addressed to both long-time employees
(usually executives) as well as long-gone employees. It's safe to say that
ANYTHING sent to those ex-employees is spam but how do I use those messages
as an instant filter for the valid addresse
On Mon, 16 Feb 2015, ttgh wrote:
i saw last week a mail to our previous front-office which left
the company in 2007 and i know the sender in person - it was not spam,
he just replied to a years old message for whatever reason
Thank you, that's an excellent point. In your example, however, I w
On Fri, 2015-02-13 at 20:51 -0500, David Mehler wrote:
> Hello,
>
> I've got an email setup which includes Postfix as MTA, Amavisd-new as
> content filter, Spamassassin for antispam work, Dovecot for Imap
> services, all of which with the exception of Amavisd use a Mysql
> database. Mail delivery,
On Monday 16 Feb 2015 at 20:16, ttgh wrote:
> >> i saw last week a mail to our previous front-office which left
> >> the company in 2007 and i know the sender in person - it was not spam,
> >> he just replied to a years old message for whatever reason
>
> Thank you, that's an excellent point. In
Am 16.02.2015 um 21:16 schrieb ttgh:
i saw last week a mail to our previous front-office which left
the company in 2007 and i know the sender in person - it was not spam,
he just replied to a years old message for whatever reason
Thank you, that's an excellent point. In your example, however
On Mon, 16 Feb 2015, ttgh wrote:
John, by 'spam corpus' are you referring to the 'spam' side of the Bayesian
filter?
Correct.
If we manually delay/review these known-bad accounts are we creating a
window of opportunity for those same messages to pass through to current
users?
To a degree,
>> i saw last week a mail to our previous front-office which left
>> the company in 2007 and i know the sender in person - it was not spam,
>> he just replied to a years old message for whatever reason
Thank you, that's an excellent point. In your example, however, I would
point-out that your f
Am 16.02.2015 um 21:10 schrieb Amir Caspi:
On Feb 16, 2015, at 1:01 PM, RW wrote:
IIWY I'd look into rescoring the BAYES_* rules.
I was already rescoring them as BAYES_99 = 4.0, BAYES_999 = 0.5 ... so a total
score of 4.5 if both rules hit. These FNs typically get scores of 4.6, so the
o
On Feb 16, 2015, at 1:01 PM, RW wrote:
> IIWY I'd look into rescoring the BAYES_* rules.
I was already rescoring them as BAYES_99 = 4.0, BAYES_999 = 0.5 ... so a total
score of 4.5 if both rules hit. These FNs typically get scores of 4.6, so the
other rules are simply not good enough.
Since
Am 16.02.2015 um 20:53 schrieb ttgh:
Also I still don't understand why everyone is so reticent to immediately
black-list messages based on these 100% known-bad addressess. For instance,
is it possible for a bulk spam message to trigger false positives?
because we all may have long years expie
On Mon, 16 Feb 2015 12:47:03 -0700
Amir Caspi wrote:
> Otherwise, I don't really know... it's clearly not a Bayes issue
> since it's hitting Bayes 99/999, it's just that there aren't enough
> other rules being hit to go over the 5.0 threshold.
>
IIWY I'd look into rescoring the BAYES_* rules.
John, by 'spam corpus' are you referring to the 'spam' side of the Bayesian
filter? If we manually delay/review these known-bad accounts are we
creating a window of opportunity for those same messages to pass through to
current users?
I've been assuming we would need to create an intentional de
On Feb 16, 2015, at 11:47 AM, Kevin A. McGrail wrote:
> I'm happy to look at a recent sample and throw it through my system to see
> what it hits but overall, I've been seeing the exact opposite.
Hmmm. Well, like I said, maybe we're just first on the list and are getting
all the spam before i
On Mon, 16 Feb 2015, Amir Caspi wrote:
(BTW, I am happy to contribute my spam corpus of well over 7000
messages... right now I can't dedicate CPU time to running masscheck,
but I can contribute the messages.)
It's possible to upload your corpora and have the central system check it.
See the
On Mon, 16 Feb 2015, ttgh wrote:
Reindl, thank you for the reply but in our situation we have 100% confidence
that these old addressees are spam. In any case, that's our risk to bear.
Can you offer any suggestions on how to use these old addressees as a
'honeypot' or even an outright ban list?
Am 16.02.2015 um 19:33 schrieb Amir Caspi:
Over the last week I've seen a significant uptick in FN spam to my users. We're getting
tens of FNs per day per user, whereas a few weeks ago it was just a few FNs per day per
user. We're getting BAYES_99/999 on many of these, but no other major mar
On 2/16/2015 1:33 PM, Amir Caspi wrote:
Over the last week I've seen a significant uptick in FN spam to my users. We're getting
tens of FNs per day per user, whereas a few weeks ago it was just a few FNs per day per
user. We're getting BAYES_99/999 on many of these, but no other major markers
Hi all,
Over the last week I've seen a significant uptick in FN spam to my users.
We're getting tens of FNs per day per user, whereas a few weeks ago it was just
a few FNs per day per user. We're getting BAYES_99/999 on many of these, but
no other major markers are hitting (razor, pyzor, dcc,
Am 16.02.2015 um 19:10 schrieb ttgh:
Reindl, thank you for the reply but in our situation we have 100% confidence
that these old addressees are spam. In any case, that's our risk to bear.
Can you offer any suggestions on how to use these old addressees as a
'honeypot' or even an outright ban li
Reindl, thank you for the reply but in our situation we have 100% confidence
that these old addressees are spam. In any case, that's our risk to bear.
Can you offer any suggestions on how to use these old addressees as a
'honeypot' or even an outright ban list? (I'm not sure what the technical
d
>From: ttgh
>Sent: Monday, February 16, 2015 11:44 AM
>To: users@spamassassin.apache.org
>Subject: train filter based on spam to ex-employees?
>We get 'waves' of spam which are addressed to both long-time employees
>(usually executives) as well as long-gone employees. It's safe to say that
>ANYT
Am 16.02.2015 um 18:44 schrieb ttgh:
We get 'waves' of spam which are addressed to both long-time employees
(usually executives) as well as long-gone employees. It's safe to say that
ANYTHING sent to those ex-employees is spam but how do I use those messages
as an instant filter for the valid a
We get 'waves' of spam which are addressed to both long-time employees
(usually executives) as well as long-gone employees. It's safe to say that
ANYTHING sent to those ex-employees is spam but how do I use those messages
as an instant filter for the valid addressees?
I assume I need to learn how
On Mon, 16 Feb 2015 16:40:53 +0100
rsmits-l wrote:
> On 02/16/2015 04:17 PM, Reindl Harald wrote:
> >
> > Am 16.02.2015 um 16:09 schrieb rsmits-l:
> >> Also some information. We use an ipv6 --> ipv4 converter.
> >> (ipv6-mx.tudelft.nl [130.161.6.14]
> >>
> >> This is not part of our trusted networ
Am 16.02.2015 um 18:03 schrieb Benny Pedersen:
On 16. feb. 2015 16.11.14 rsmits-l wrote:
Also some information. We use an ipv6 --> ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
put this ip in trusted_networks in sa, if it forwards mails to amavisd
This is not part of our trusted net
On 16. feb. 2015 16.42.57 "Kevin A. McGrail" wrote:
Received: from eraora (151.66.59.47) by
AMSPR06MB248.eurprd06.prod.outlook.com
(10.242.95.24) with Microsoft SMTP Server (TLS) id 15.1.87.18; Fri, 13 Feb
2015 11:18:42 +
missing in msa_networks ?
On 2/16/2015 12:03 PM, Benny Pedersen wrote:
Our amavisd config reads :
@mynetworks = qw ( 127.0.0.0/8 !130.161.6.14/32 130.161.0.0/16
131.180.0.0/16 192.87.166.0/24 10.200.12.0/24 10.200.20.0/24 );
same ips added to spamassassin ?
Good question as I have no real-world experience with amavisd
>try remove mail-spf, and install mail-spf-query, report the above
>upstream in fedora if it happend with spamassassin with rpm install
I don't think he should install mail-spf-query. This looks like a bug in
Mail::SPF, obsolete version or multiple versions installed.
I would prefer fixing that
On 16. feb. 2015 16.11.14 rsmits-l wrote:
Also some information. We use an ipv6 --> ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
put this ip in trusted_networks in sa, if it forwards mails to amavisd
This is not part of our trusted network because we do not have an ipv6
spamchecker in
On 16. feb. 2015 16.02.26 rsmits-l wrote:
A late reply, but this week I started investigating why this happens. I
have edited a sample. If someone can take a look why the PBL is firing
here is would be great.
http://pastebin.com/xxFAPTay
10 RCVD_IN_PBLRBL: Received via a rela
On 02/16/2015 04:46 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:40 schrieb rsmits-l:
On 02/16/2015 04:17 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 --> ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our tr
Am 16.02.2015 um 16:40 schrieb rsmits-l:
On 02/16/2015 04:17 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 --> ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our trusted network because we do not have an ipv6
s
On 2/16/2015 10:09 AM, rsmits-l wrote:
Also some information. We use an ipv6 --> ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our trusted network because we do not have an ipv6
spamchecker in place. Our amavisd config reads :
@mynetworks = qw ( 127.0.0.0/8 !130.16
On 02/16/2015 04:15 PM, Kevin A. McGrail wrote:
On 2/16/2015 10:01 AM, rsmits-l wrote:
On 02/09/2015 01:53 PM, Kevin A. McGrail wrote:
On 2/9/2015 7:43 AM, rsmits-l wrote:
I have been reading some threads on the Internet about problems with
the field "X-Originating-IP" and the Spamhaus PBL lis
On 02/16/2015 04:17 PM, Reindl Harald wrote:
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 --> ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our trusted network because we do not have an ipv6
spamchecker in place
than you likely know
Am 16.02.2015 um 16:09 schrieb rsmits-l:
Also some information. We use an ipv6 --> ipv4 converter.
(ipv6-mx.tudelft.nl [130.161.6.14]
This is not part of our trusted network because we do not have an ipv6
spamchecker in place
than you likely know the reason
SpamAssassin needs to know what ho
On 2/16/2015 10:01 AM, rsmits-l wrote:
On 02/09/2015 01:53 PM, Kevin A. McGrail wrote:
On 2/9/2015 7:43 AM, rsmits-l wrote:
I have been reading some threads on the Internet about problems with
the field "X-Originating-IP" and the Spamhaus PBL list. We are also
having this problem. I have instal
On 16. feb. 2015 00.59.42 Alex Regan wrote:
# spamassassin -t --mbox -D < mymbox 2>&1 | less
Feb 15 18:44:41.340 [16434] dbg: spf: checking to see if the message has
a Received-SPF header that we can use
Feb 15 18:44:41.383 [16434] dbg: spf: cannot load Mail::SPF module or
create Mail::SPF::Serv
On 02/16/2015 04:01 PM, rsmits-l wrote:
On 02/09/2015 01:53 PM, Kevin A. McGrail wrote:
On 2/9/2015 7:43 AM, rsmits-l wrote:
I have been reading some threads on the Internet about problems with
the field "X-Originating-IP" and the Spamhaus PBL list. We are also
having this problem. I have insta
On 02/09/2015 01:53 PM, Kevin A. McGrail wrote:
On 2/9/2015 7:43 AM, rsmits-l wrote:
I have been reading some threads on the Internet about problems with
the field "X-Originating-IP" and the Spamhaus PBL list. We are also
having this problem. I have installed a workaround for this but is not
wor
On 16. feb. 2015 00.59.42 Alex Regan wrote:
I've done a little more testing, and it certainly sounds like a local
configuration issue, but it only happens on mbox files. The ones I've
tested have only one message.
[...]
Tests on a few other mbox messages have produced similar errors for
SPF
a
On 16 Feb 2015, at 02:38 , Reindl Harald wrote:
> Am 16.02.2015 um 10:32 schrieb LuKreme:
>> I have several local domains that resolve (via virtual) to local users in
>> addition to virtual domains that resolve to sql users.
>> with spamass-milter, these secondary local domains (like kreme.com) f
On 02/16/2015 10:32 AM, LuKreme wrote:
I have several local domains that resolve (via virtual) to local
users in addition to virtual domains that resolve to sql users.
with spamass-milter, these secondary local domains (like kreme.com)
fail to find the user:
spamd: handle_user (userdir) unable
Am 16.02.2015 um 10:32 schrieb LuKreme:
I have several local domains that resolve (via virtual) to local users in
addition to virtual domains that resolve to sql users.
with spamass-milter, these secondary local domains (like kreme.com) fail to
find the user:
spamd: handle_user (userdir) unabl
I have several local domains that resolve (via virtual) to local users in
addition to virtual domains that resolve to sql users.
with spamass-milter, these secondary local domains (like kreme.com) fail to
find the user:
spamd: handle_user (userdir) unable to find user: 'krem...@kreme.com’
Othe
49 matches
Mail list logo
