Michele Neylon :: Blacknight wrote:
Maybe they're better suited to one of the other lists such as spam-l?
May I suggest news.admin.net-abuse.email
--
Andreas
D.J. wrote:
Hi all. So I've got a DNSBL I want to use with SpamAssassin that
wasn't included in the stock install. My question (and there's an
alarming lack of anything useful in this area... wiki anyone on the SA
site?) is if my syntax and placement are correct for what I've done.
In my l
Steven Dickenson wrote:
On Oct 31, 2006, at 6:09 AM, John Rudd wrote:
I've considered the exact opposite (adding static to the check for
keywords). My rules are really looking more for "is this a _client_
host", not "is this a dynamic host". That one check looks for
"dynamic", but I'm n
Jeff Chan wrote:
Generally speaking whois queries is a poor way to determine
domain age, at least for client applications. The whois
infrastructure is simply not designed to support the volume of
queries required, even if locally cached.
Perhaps CRISP is part of the answer to this problem.
Andreas Pettersson wrote:
Same here. I've also had lots of spam to addresses with various
amounts of trailing "d" or "n" in local part. Like [EMAIL PROTECTED]
Seems to be fewer of these today though.
I meant tailing.
--
Andreas
Chris Santerre wrote:
Just curious, but how many people see spam being sent to usersnames
with the fisrt letter dropped? I see a ton in my logs. I believe
spammers figure [EMAIL PROTECTED] will also have a [EMAIL PROTECTED] Too bad
for them...they do not. :)
Same here. I've also had lots o
Suhas (QualiSpace) wrote:
I am getting lots of mails like this. How to block it?
Subject: Good day
The message contains Unicode characters and has been sent
as a binary attachment.
body CATCHY_RULE /The message contains Unicode characters /
score CATCHY_RULE 50
Use with
Thomas Lindell wrote:
I don't see anything attached to the message though.
Even when I view the source I don't see a mime attachment.
Well, the attachment is missing then.
Come to think of it, that would be some excellent rule :-]
--
Andreas
Thomas Lindell wrote:
but whas is the CID . Is that some sort of alternate notation for an
ip address?
It's a reference to an attached image.
--
Andreas
Robert Swan wrote:
Is there anyway to get points added if the sending mail server has no
PTR record *(unknown [196.211.162.65])?*
I am using Redhat Fedora and Spamassassin 3.1.2 and Postfix
I was looking for the same thing some time ago, but I couldn't easily
find a way to do that in SA.
Christopher Martin wrote:
tempfail "An unusual error"
header /^Subject$/ /[C[\!1IL]AL[\!1IL][S\$]/ei
That will kill all of that stupid spam instantly spam. And you might
think you're home and hosed. But then, let us suggest, you are keeping
a 'tail' on /var/log /messages and notice a butch of
Paul29 wrote:
Hi all,
in the last days there were more and more SPAM mails where I found no
bayesian scoring in the header. This lets me guess it did not take place at
all. Is that conclusion right?
I have not been able to find a common property in these mails to tell which
mails are scanned an
I use Exim with the integrated SA ACL.
I'm really pleased with how it works.
http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch40.html
/Andreas
Stuart Johnston wrote:
Theo Van Dinter wrote:
On Mon, Oct 02, 2006 at 03:18:58PM +0100, Randal, Phil wrote:
undetected). Wouldn't it be better to inject the detected text back
to SA? There should be enough variants of spam worlds to let SA
fuzzily catch the ones from images.
I think so.
Andreas Pettersson wrote:
In case anybody is interrested, I've compiled a config file for the
geo zone at TQM http://tqmcube.com/worldzone.php
It might not be of great use, but it is interresting to gather some
statistics of where the mails come from.
Files found here
http://anp.a
Jürgen Herz wrote:
What I still get and not understand is
warn: bayes: cannot open bayes databases /var/spool/exim4/.spamassa
ssin/bayes_* R/W: lock failed: File exists
Make sure the file permissions hasn't changed when you ran the manual
expire.
Regards,
Andreas
Ken A wrote:
It looks like you are listed in spamcop and apparently Comcast is
either using spamcop or they have their own list that is blocking you.
Comcast themselves are using a spam filter?
(Let me taste that line one more time...)
Comcast themselves are using a spam filter?
Then why aren
Bret Miller wrote:
I used to have problems with bayes locking and journaling. When it
finally corrupted the database, I decided it was time to put it into a
real SQL database instead of using DB_File. Haven't had a single problem
with bayes CPU or locking since.
Maybe it's time you consider usi
Bret Miller wrote:
I used to have problems with bayes locking and journaling. When it
finally corrupted the database, I decided it was time to put
it into a
real SQL database instead of using DB_File. Haven't had a
single problem
with bayes CPU or locking since.
May
Fabien GARZIANO wrote:
Ok, I may say something dumb, but have you tried to clear the bayes db
with :
sa-learn --clear --dbpath
-- Fab
No, not yet, but that would be the last option if nothing else helps.
I have already prepared a few 100 spams and hams for immediate training
after wip
Logan Shaw wrote:
One thing you could try is running db4_recover (or db_recover,
depending on how it's installed) on the Bayes database.
Seems like something to try. But I don't understand the utility:
usage: db_recover [-ceVv] [-h home] [-P password] [-t [[CC]YY]MMDDhhmm[.SS]]
How can I spec
Bret Miller wrote:
Are you sure you have enough RAM to handle the number of threads you are
running?
Yes, I'm pretty sure 512MB is enough.
No swapping going on, and I only scan msgs smaller than 500 KB.
Avg scan time is about 3-4 sec and I scan less than 1 a day.
Regards,
Andreas
Jonas Eckerman wrote:
Andreas Pettersson wrote:
Bus error (core dumped)
This *can* be the symnptom of a hardware problem, such as bad memory
or a bad disk.
If you have a disk thats going bad, the symptoms often are corrupt
files and extremeley slow writes (because the disk controller
Bret Miller wrote:
I used to have problems with bayes locking and journaling. When it
finally corrupted the database, I decided it was time to put it into a
real SQL database instead of using DB_File. Haven't had a single problem
with bayes CPU or locking since.
Maybe it's time you consider usi
e same day my problems
started. But if the hogging continues even with bayes_auto_expire set to
0, then where should I be looking instead?
Regards,
Andreas
Andreas Pettersson wrote:
Me again. Since I'm not getting any responses I better keep posting
more information as I&#x
ing correctly?
Is it normal to have an bayes_journal.old laying around?
What more can I do to find the cause?
If the core dump (22 MB) is of any interrest, I'll upload it somewhere.
Best regards,
Andreas
Andreas Pettersson wrote:
Ok, more information here.
I found in spamd.log this line
Ok, more information here.
I found in spamd.log this line when the problem started:
Fri Sep 22 19:55:22 2006 [74581] warn: bayes: expire_old_tokens: child
processing timeout at /usr/local/bin/spamd line 1082
which was followed by lots of these:
Fri Sep 22 19:55:52 2006 [74581] warn: bayes: can
Hi, me again ;)
I'm pretty confident that the hogging occurs when SA is trying to sync
the bayes. The bayes_journal is cleared exactly when the hogging begins.
And when I run sa-learn --sync I get the very same hogging effect.
The permissions seems ok, doesn't it?
-rw--- 1 spamd wheel
lume of mail. Plenty of time to process
one mail at a time.
Regards,
Andreas
Andreas Pettersson wrote:
Hi.
Since yesterday I am having problem with spamd processes hogging cpu.
All is fine until suddenly spamd keeps using 95% cpu forever. I
noticed that bayes.lock also contains the pid of
Hi.
Since yesterday I am having problem with spamd processes hogging cpu.
All is fine until suddenly spamd keeps using 95% cpu forever. I noticed
that bayes.lock also contains the pid of the hogging process. After some
minutes I kill the pid and removes bayes.lock by hand, but it only takes
a
Steve Thomas wrote:
/htt(?:p|ps):\/\/.*?\/.*\.com$/i
Why not /https?:\/\/.*?\/.*\.com$/i
?
Andreas Pettersson wrote:
I don't know. I haven't used RELAY_COUNTRY, but now that I'm aware of
its existense I'll have a look at it :)
Ok, I've had a quick look now. RelayCountry presents the country code of
the last relay either as a separate header, or as t
mouss wrote:
How does/would this compare to using RELAY_COUNTRY?
are they similar (so one should only use one of them) or complementary?
I don't know. I haven't used RELAY_COUNTRY, but now that I'm aware of
its existense I'll have a look at it :)
Regards,
Andreas
In case anybody is interrested, I've compiled a config file for the geo
zone at TQM http://tqmcube.com/worldzone.php
It might not be of great use, but it is interresting to gather some
statistics of where the mails come from.
Files found here
http://anp.ath.cx/tqmcube/
Regards,
Andreas
I need some help with understanding why some of the below rules
triggered on these headers..
Received: from baym-sm1.msgr.hotmail.com ([207.46.1.190])
by mail.mydomain.com with esmtp
(envelope-from <[EMAIL PROTECTED]>)
id 1GJcP7-00063q-JH
for [EMAIL PROTECTED]; Sat, 02 Sep 2006 22:4
Hi. I got a mail with this Date header:
Date:
which triggered this rule:
2.2 INVALID_DATEInvalid Date: header (not RFC 2822)
What's wrong with it? The <> ?
Regards,
Andreas
Anders Norrbring wrote:
I just got rediciously confused..
I sent a mail to myself, testing some stuff, and of course it's in the
same domain and network as the server.
I got:
9.6 AWL AWL: From: address is in the auto white-list
Shouldn't mail in the AWL get a *negative* score? Or did I jus
Andreas Pettersson wrote:
SysAdmin wrote:
I wrote the following rule in an attempt to catch these but I've
obviously made some error. Can someone give me a little guidance as
to where I went awry?
rawbody SWF_r_AMPGFX1 /\.(com|net)/\w+/\?90\&/i
The forward slashes need to b
SysAdmin wrote:
I wrote the following rule in an attempt to catch these but I've
obviously made some error. Can someone give me a little guidance as
to where I went awry?
rawbody SWF_r_AMPGFX1 /\.(com|net)/\w+/\?90\&/i
The forward slashes need to be escaped as well.
Regards,
Andreas
Theo Van Dinter wrote:
On Mon, Aug 21, 2006 at 05:46:19PM +0200, Andreas Pettersson wrote:
I keep seeing suggestions to use sa-update quite often on this list, but
I thought it was no use doing so between releases according to this page:
http://wiki.apache.org/spamassassin
Hi.
I keep seeing suggestions to use sa-update quite often on this list, but
I thought it was no use doing so between releases according to this page:
http://wiki.apache.org/spamassassin/VirusScannerTypeUpdates
with these exact words in the end:
"Daily and/or weekly updates aren't practical, b
Ole Nomann Thomsen wrote:
Den 15.08.2006 kl. 12:01 skrev Andreas Pettersson <[EMAIL PROTECTED]>:
While I don't really see why ldap isn't an option, even with an 99%
load, callout might be the solution.
However, I don't run qmail but here's how it works with exim
Ole Nomann Thomsen wrote:
I run a qmail frontend for a FirstClass system. The qmail accepts mail
for
about 500 domains, hosted on the FirstClass system, and scans them
with SA.
In then injects them into FirstClass. If the domain is known, but the
user is
wrong (as in "[EMAIL PROTECTED]") the
Loren Wilton wrote:
I've noticed a problem. We receive a few legit mails that has
travelled through a forwarder. That causes some problems for the SPF
check.
Since the mail claiming to be from hotmail clearly doesn't arrive
directly from one of the machines listed in hotmail's spf record, the
Hi all.
I've noticed a problem. We receive a few legit mails that has travelled
through a forwarder. That causes some problems for the SPF check.
Since the mail claiming to be from hotmail clearly doesn't arrive
directly from one of the machines listed in hotmail's spf record, the
SPF_SOFTFAIL
45 matches
Mail list logo
