I think spam is *way* up the last week or two. My server started hovering at
a load average of around 55 a week or so ago. I started doing some
investigating when I realized that the load was not coming down. I found
that My server has been taking between 400,000 and 500,000 messages per
day.
I have an old Redhat box that started doing this a while back. After a lot of
hair pulling, I finally figured out that the problem was related to spam
floods, but seemed to be caused by the syslog daemon. I shut down syslogd
for a few days, and the problem went away completely. After those few
Quoting Loren Wilton <[EMAIL PROTECTED]>:
Thanks to the imageinfo plugin, most of my image spam has disappeared except
for one particular type. I'm still seeing .gif image spams where the
filename for the image does not contain .gif. Like this:
Are you using the latest version that 'decoder'
I have two types of spam that are slipping through, and I'm wondering if
anyone has rules to help with them.
Thanks to the imageinfo plugin, most of my image spam has disappeared except
for one particular type. I'm still seeing .gif image spams where the
filename for the image does not contain .g
Quoting Chris Santerre <[EMAIL PROTECTED]>:
There's a reason. The amount of permutations is ridiculous. But SARE has
Evilnumbers which catches these.
Except that evilnumbers hasn't been updated in over a year :-)
I've been writing custom rules to block the phone numbers used in these. You
Quoting Martin Hepworth <[EMAIL PROTECTED]>:
> Jack
>
> If you turn on the URI-RBLs in 3.1 (see v310.pre) you should see a
> reduction
> in this type of spam.
I don't think I've ever seen a URI in one of these... They purposely leave
out anything in the actual message body that could be used t
I'm having similar results here. As others have mentioned, the SARE stock
rules do help somewhat, but it's by no means the proverbial "silver bullet".
As someone else also mentioned, it helps to increase the HTML_IMAGE_ONLY_XX
rules. I increased 12,16,20, and 24 by one point each. However, t
I get a ton of these. However, I've also got about 30 spamtrap addresses
aliased to my account. I also run my SA threshold at 7, so those two factors
probably account for a lot of the reason I get so many.
Anyway, the SARE stock rules help quite a bit, but I still see a fair number
of these t
Quoting Greg Allen <[EMAIL PROTECTED]>:
> You are already sitting at 4 points here. Why don't you just up the SA
> score
> of either or both of these
>
> RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL
>
> Problem solved.
Not really. The problem would indeed be solved for *this* example. However,
a lot o
Quoting Chris Santerre <[EMAIL PROTECTED]>:
> As of this morning, then updated SARE stock rules have additions to catch
> these. :)
>
> Ninjas rule! (Except for the pink one. Which frieghtens us all.)
I upgraded to the new SARE stock ruleset (1.00.05) early this morning.
Unfortunately, there
ld improve dramatically.
Craig
Quoting Roger Jochem <[EMAIL PROTECTED]>:
> Where do I upgrade my spamassassin cf files to the latest versions? Sorry if
>
> this is a dumb question...
>
> - Original Message -
> From: "Craig Baird" <[EMAIL PROTECTED]
These are one of the latest stock spam variations. I was getting a gazillion
of these when they first started. I upgraded to the latest copy of
70_sare_stocks.cf, and I don't think I've seen one since. Note that you do
need the *latest* version of 70_sare_stocks.cf. I was running an older on
Since the first of the year, we've seen a barrage of image spam. Some of it
gets nailed by SA, but a lot of it seems to get through. Most of it has a
text/plain part with random or non-sensical text. It also has a text/html
part, also with random text. Then, the actual spam (usually a stock
Most of my spam that's getting through at this point is stuff that has a URI
with multiple carriage returns in it like this:
I know this trick has been discussed. I looked for a bug report, and couldn't
find one on this particular thing. I did find a thread in the archives about
this, and a
Today, I've received a number of spams containing a domain that is listed on
almost all the SURBL lists. I've recieved around 10 of these today, and none
of them have hit on any of the SURBLs despite the domain being listed. Here
is the message:
--- Begin Spam ---
Return-Path: <[EMAIL PROT
Quoting Matt Kettler <[EMAIL PROTECTED]>:
> Craig. One thing that REALLY jumps out at me is that there's no mention
> of init.pre by the rulefile parsing debug output.
And you would, of course, be absolutely correct. That was the problem.
My /etc/mail/spamassassin directory is NFS mounted read
Well, now that my Net::DNS issues are fixed, my DNS blacklist tests are now
working, but SURBLs are not. I'm running the latest Net::DNS, and network
tests are working. I inserted the SURBL test point URL into sample-spam.txt,
and I've pasted the output of:
spamassasssin -D < sample-spam.txt
Quoting Chris Thielen <[EMAIL PROTECTED]>:
> If this is another debian box, I recommend sticking with debian packages
> for everything. Use CPAN to remove the package, then install it via
> apt-get.
>
> ii libnet-dns-perl
> 0.48-1 Perform DN
Quoting Jeff Chan <[EMAIL PROTECTED]>:
>
> The usual way problems like this happen is when upgrades are done
> using different mechanisms, i.e. CPAN vs tarball vs Subversion,
> etc.
>
> The different upgrade mechanisms have different ways of keeping
> track of versions, paths, etc. and if those
I just attempted an upgrade from SA 2.64 to 3.0.2, and am now having problems
with SURBLs and RBLs not working. I upgraded all of the perl modules
mentioned in INSTALL to the latest versions prior to installing SA 3.0.2,
including Net::DNS, which is at version 0.49. When I run:
spamassassin -
20 matches
Mail list logo
