Kelson wrote:
> Ah, yes, the classic "I hate X, but I'd rather rant about it on my front
> porch than tell the people who can actually do something about it"
> stance.
Eh...I can sort of see both sides. I hate projects that hide behind
Bugzilla, which has quite possibly the worst user interface I
Don Levey wrote:
> 1) Segregate dynamic IPs into one netblock, static IPs into another.
I think as we get closer and closer to running out of IPv4 addresses,
this is going to get less and less common. A lot of places can no
longer afford to have IPs sitting around unused because of subnetting.
Bob Proulx wrote:
Matt Wills wrote:
Does anyone have a ruleset for catching any or all of these stock tips?
This is a little off-topic, but how do spammers expect to make money
from that spam?
A lot of them are "pump and dump" schemes, I suspect. The spammer buys
a bunch of shares of som
Matt Kettler wrote:
While that fact is true, the recipient list is known BEFORE the data phase
begins.
Since SA isn't invoked until the DATA phase, you can decide to skip SA before
the DATA phase starts.
All you'd have to do is bypass scanning if any of the RCPT To: addresses are
part of the b
Loren Wilton wrote:
You'ld think that there should be some way to do a reverse DNS to determine
from an ip the domains that exist on that ip. I suspect though that the
whole internet fabric is designed the other way around, and that this
information is probably something that no single registrar
Matt Kettler wrote:
> I highly doubt a MS product would take advantage of results from another
> product.
On the other hand, IF they're using statistical scoring, and IF they
include the headers in the score, then you might be able to just tag
suspected spam with a header. Eventually the system w
Frank Coons wrote:
Does Exim allows LDAP queries across a DMZ or do both machines need to
be either inside or outside the DMZ for it to work?
I've never tried it, but it's just a TCP connection. As far as I know
it should work, as long as the firewall is not blocking the connection.
I use
Tony pace wrote:
Thanks for all the input.
The diagram was "simplistic" - the real MSE is a couple layers away.
One thing that no one has mentioned is that it's vitally important that
the edge gateway (the postfix system) have a way of knowing what users
are valid. Otherwise you will end up
Dimitri Yioulos wrote:
Isn't the landscape bar required in every sysadmin's tool kit?
A 3.5 foot length of "sucker rod" is also acceptable. (See the Linux
syslogd(8) manpage, 'SECURITY THREATS' section, for details:
http://www.die.net/doc/linux/man/man8/syslogd.8.html)
Cricket bats are, I'
Tim Jackson wrote:
No, it's *not* normal in the slightest. Why on earth are they the
registrant of the domain? They are making trouble for themselves
(and their customers) if they are making themselves the Registrant
of customer domains. (As you can see in this case). Technical contact,
sure. Bil
http://www.securityfocus.com/news/11230?ref=rss
Quick summary: The Federal Trade Commission is launching an educational
campaign to try to convince ISPs to block port 25, rate-limit email
relays, and quarantine infected machines.
David Velásquez Restrepo wrote:
Hi,
I'm user of spamassassin to reviw a lot (a lot!) of incoming mails with
spamassassin lot time ago. Today i have a machine just running
spamassassin, due the high CPU and MEM requirements. Just to be clear
(may be i have something bad) The question is:
Q)
Got this one today. It hit SpamCop but nothing else:
Dear manager:
I have viewed your company profile through internet, and found there
exists an opportunity of establishing business cooperation between two
of us.
We are a Chinese senior precision foundry which producing all kinds of
casting,
Johnson, S wrote:
Anyone know the best way to subscribe to receive all the spam I can
possibly get?
A post to the "alt.test" newsgroup used to be highly effective; don't
know if it still is today.
Subscribing to Ameritech DSL might work. ;) My [EMAIL PROTECTED]
email account gets more spam tha
Thomas Cameron wrote:
On Thu, 2005-05-12 at 12:20 -0500, Jon Dossey wrote:
I'd go through your maillog, and check the spamassassin processing
times, and see if you can pinpoint where the processing time shoots up.
Then, go through your mqueue and take a look at the offending message.
It wasn't jus
On Thu, 7 Apr 2005 12:27:58 +0100, Gray, Richard wrote
> You probably also want to learn more about regular expressions too.
> There
> Was a lot of stuff that I didn't know before I started doing this.
>
> In particular, useful things like back chaining and forward referencing
> are useful to unde
On Wed, 6 Apr 2005 15:08:31 -0400, Don Levey wrote
> Niek wrote:
> > On 4/6/2005 8:29 PM +0100, Florin Andrei wrote:
> >> I guess something has to change. "Then change it yourself" type of
> >> advices will go straight to /dev/null, thank you, because as far as
> >> SA is concerned, i'm just a user
lister lynch wrote:
I checked the PDC of the domain (W2003), and it was running DNS for
forward and reverse lookup zones, as well as caching lookup. There
shouldn't be any problem installing caching-nameserver on the FC box as
well, should there?
No, but why not just make the FC box use the PDC as
Kelson wrote:
Bob McClure Jr wrote:
On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
I can't give you specific instructions for FC1, but I know older
versions of
RedHat had a package specifically for this, all preconfigured.
I think it was pdnsd, but it appears not to be in t
On Tue, 22 Mar 2005 15:49:01 -0500, lister lynch wrote
> Our ISP, Covad, is periodically claiming that we have excessive DNS
> requests and is threatening to turn off our service. It's primarily
> due to SA, I think. Looked around for answers, and already set a
> bunch of the BL checks to 0.0 t
On Mon, 21 Mar 2005 12:05:18 +0100 (CET), Menno van Bennekom wrote
> I once had a situation where both the primary and the secondary were
> down, but still mail to us didn't bounce, old mails just started
> streaming in when the servers came up.
Yes, the remote MTAs will queue them. The exact a
Vicki Brown wrote:
At 10:45 -0800 03/20/2005, Jeff Chan wrote:
The trust path needs to be set correctly for things to
work properly.
If the "trust path" is not "set correctly" by default, then the rule should
not be enabled by default. That's just wrong.
A lot of stuff depends on it.
I actually ha
crisppy fernandes wrote:
Dev community,
This is to know from developers community is spamassassin wrked for
anyone just after upgrade or install.
It worked for me, but I had a very simple 2.x install. No Bayes or
anything. I think I had to update Net::DNS and a couple other Perl
modules, but I
List Mail User wrote:
You also have the problem of dealing with IP literals, and users
running dynamic DNS which still has stale DNS data (so the response should
be a 4xx code not a 5xx code, if you do something like this).
I think anyone who is running a mail server on a dynamic IP has to
Kenneth Porter wrote:
There can't be, because the password must be recovered to submit to the
remote authentication system.
Paul Russell suggests on the MIMEDefang list that the ratware could
simply pop up a password dialog. Many users will just enter their
credentials, not understanding why th
Kelson wrote:
1. You sign up for a group about vintage widgets.
2. Spammer sends a message to your vintage widget list.
3. You get the spam through a whitelisted, opt-in channel.
4. List members & owner get up in arms, flame war ensues over whether
the list should be closed or kept open, whether Y
Steve Prior wrote:
Jim Maul wrote:
Whats strange is i was forced into using verizon. I called 3 other
DSL companies who i KNOW have DSL in my area (my company uses one of
them and they are less than 1 mile away) and they all claim that its
not available. Verizon was the only one who actually s
Rob McEwen wrote:
Overall, I was very impressed with the coverage. It worked better than
expected. However, sadly, my house was in a dead spot. Considering my
strategy (giving up the land lines), this was awful. I could see the tower
bars dropping down on the phone as I approached my home... and th
Mike Burger wrote:
I'm afraid that I'm going to have to argue that point.
Cingular (formerly AT&T and Cingular) has the largest network, and neither
has been a population-centered or major highway-centered network in years.
Looking at their map, they've improved a lot since the last time I
checke
Chris Santerre wrote:
LOL FWIW, the site mentioned in my original post is still UP!!
After reading what verizon wireless did with the bluetooth cell phones(1),
I've pretty much given up hope that ANYONE in upper managment of any verizon
company has a clue!
The really unfortunate thing is that I e
Matt Kettler wrote:
Having overlap for at least one revision allows seamless in-place
upgrade.
Having zero does not.
No Dan, it does not allow a seamless in-place upgrade, unless you only
ever upgrade once.
If SA version N+1 supports commands from N, and your config file is in
version N syntax
Dan Hollis wrote:
On Mon, 10 Jan 2005, Matt Kettler wrote:
spamassassin could adopt a policy of backwards compat over _one_ revision.
As it is, the policy is backwards compat over _ZERO_ revisions. This hurts.
This seems to be Samba's policy -- options are deprecated for one major
revision, then
This is kind of an odd problem and I'm not sure what to do.
For quite a while I had apparent Perl signal-handling problems -- in
particular, I couldn't kill spamd, I had to use kill -9. Recently I
recompiled Perl in an effort to fix this. I'm using the same Perl version
(5.6.1), however I believ
Tony Finch wrote:
On Tue, 14 Dec 2004, Clarke Brunt wrote:
it seems to me that a 'fail' result is a perfectly good reason to reject
a message outright, which is what I do (without it even being passed to
SpamAssassin).
How many users do you have? Do none of them have vanity addresses?
I
On Tue, 14 Dec 2004 13:52:37 -, Clarke Brunt wrote
> Jonathan Nichols wrote:
> > Example: I try to send mail to this list from a T-Mobile Hotspot
> > (Starbucks) - it gets kicked back because SF.net uses SPF, and my SPF
> > records don't show m55415454.tmodns.net in the SPF records. So what can
On Thu, 09 Dec 2004 08:25:07 -0800, SA wrote
> For some time I have been trying to determine why spamassassin
> performance on our server hasn't been as rapid as it should be. I think
> I've discovered a possible cause. The server can be busy with lots
> of things and not degrade SA performance
Noel K Hall II wrote:
Fighting spam with a virus like attack...let's think about this one...not
only will your ISP end up shutting down your connection for a violation of
their TOS, you could possibly face court charges.
Makes complete sense to me.
My initial thought is, "isn't the Internet slow
On Tue, 30 Nov 2004 01:53:20 -0800, jdow wrote
> From: "Rob" <[EMAIL PROTECTED]>
>
> > My power supply died on Sunday morning, and as much as I wanted it not
> > too, the machine powered off. Doesn't meet any of your above
> > requirements but I'll let it pass this once.
Clearly you need to star
On Sun, 28 Nov 2004 20:35:31 -0800, Bob Amen wrote
> And you said "an aggressive greet delay." I tried
> that and found too many false positives with legitimate mail servers
> that are poorly configured. The only recourse for those false
> positives is another means of communication (eg. telepho
JamesDR wrote:
make sure in writing before you sign anything that your ip(s) will
never be listed by the ISP as res/dynamic/dialup ip. If they do they
may be in breach of contract (and you would need a lawyer for
resolution.)
I doubt any ISP would agree to a contract term like that, because the
Duncan Findlay wrote:
On Sat, Nov 27, 2004 at 01:37:57PM -0500, David Brodbeck wrote:
I reboot Linux servers when I need to upgrade the kernel, upgrade the
BIOS, or have a startup script change that needs to be tested. Don't
overlook that last one, it's less inconvenient to reboot
Dan Barker wrote:
What's the thinking for Linux? I'm just running a couple daemons in support
of my Wireless Network subscription services (they diddle the firewall based
on Credit Card income) and the firewall.
I reboot Linux servers when I need to upgrade the kernel, upgrade the
BIOS, or have
Ron McKeating wrote:
Hmmm, but I have my own domain, and I want all my email to come from my
domain, my isp will not route email from my domain (ntl) through their
mail servers, they want my to use my [EMAIL PROTECTED] account.
One option, if you can't get a proper static IP, is to use a third-part
Daniel Quinlan wrote:
Why? That way I can strongly identify users I know would not spam..
Users of PGP are not the same set of people getting their mail
occasionally flagged as false positives.
There have also been cases of spammers grabbing PGP signatures and
slapping them on the end of t
Matt Kettler wrote:
At 04:45 AM 11/12/2004, Hanspeter Roth wrote:
> Besides adjusting your administrator with a clue-by-four, you can
run it
> through spamassassin --remove-markup
I don't know what you mean by 'clue-by-four'. I try to contact the
admin. But he might have some reason for his setti
Matt Kettler wrote:
At 06:53 AM 11/9/2004 -0800, Gary W. Smith wrote:
Matt,
I did find some information in bugzilla regarding this as well but it
still seems to be open. Is the short fix to add a single trusted net a
per Bowie?
If you've got a NATed server, use trusted_networks. In fact, even if
On Mon, 1 Nov 2004 14:20:35 -0500, Michael Barnes wrote
> I was able to change the default CFLAGS by putting the CCFLAGS and
> the CFLAGS values in my environment before running "perl Makefile.PL".
>
> I would guess that this could be considered a bug, because its not
> too uncommon for default
On Mon, 01 Nov 2004 11:54:50 -0800, Justin Mason wrote
> BTW the default CFLAGS are coming from whatever perl was built with;
> so I'd be worried about bugs in your perl accordingly ;)
That's not where spamc is getting them. They're hard-coded in the configure
script:
ringbill# grep 'O2' -B1 sp
On Wed, 22 Sep 2004 09:15:48 -0700, Justin Mason wrote
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> David Brodbeck writes:
> > Is there a way to get the SpamAssassin build process to use -O instead of
> > -O2
> > while building spamc? I run FreeBSD on
On Wed, 27 Oct 2004 21:43:16 -0700 (PDT), email builder wrote
> Thanks. We were thinking about a NFS server, but SA concerns seemed
> more important. If both can coexist peacefully, this may be the
> exact same solution that we use.
It seems like it'd be a good match. NFS is highly I/O intens
On Sun, 17 Oct 2004 15:37:04 -0600, Bob Proulx wrote
> I am trying to understand how SpamAssassin 3.0.0 is checking SPF on
> messages. It seems to be checking the Return-Path: address (envelope
> address) and not the From: address (header address). That's wrong,
> isn't it?
No...SPF is designed
On Wed, 6 Oct 2004 14:00:19 -0400, Dave Duffner - NWCWEB.com wrote
> Last we heard from this (or another, poss. MailScanner) List
> was that SPF's are now a dead issue. Some locations are using it
> and trying to keep it alive, but even MicroWreck backed off their
> stance in supporting it.
On Mon, 04 Oct 2004 10:56:50 -0400, Bob Branch wrote
> On Mon, 2004-10-04 at 10:31, Jim Maul wrote:
> > There are other ways, just not necessarily with SA. This is much easier
> > to do in the program that calls SA. ex: qmail-scanner. You didnt
> > mention what program you are using but I imag
On Sun, 3 Oct 2004 12:00:51 -0700, Potato Chip wrote
> It's happened to me about 3 times, where an email will be sent to my
> server that specifically causes the problem. Killing the spamd process
> causes the sending MTA to resend. It usually occurs with an email
> with a large MIME attachment.
On Thu, 30 Sep 2004 20:33:20 -0700, jdow wrote
> I've been tempted more
> than a few times to brush off that knowledge a little and build as
> close to a facsimile tarpit as is possible. Alas, I just don't have
> time anymore.
These days, the most efficient way to do it would probably be to mod
Nate Schindler wrote:
I do this for my personal server. It's easy to do this with sendmail.
It's not so easy with Exchange/Outlook which is what work uses,
unfortunately.
If you're the Exchange admin, you can do it. Just add another SMTP
address for the account.
Robin Lynn Frank wrote:
Right. I want to get my key signed by someone I don't know from a hole
in the wall and, in return, sign his. Fine. Let's totally destroy the
value of signatures. I don't think so.
This is a big problem with GPG, really. If you're an isolated user
there's no way to g
Lucas Albers wrote:
Some options kick you in the face.
Such as -a for spamd which will prevent it from starting.
But it gives you an error message explaining exactly what you have to
do, so that's pretty much self-documenting.
-- Forwarded Message ---
From: Jeff Chan <[EMAIL PROTECTED]>
To: "David Brodbeck" <[EMAIL PROTECTED]>
Sent: Wed, 29 Sep 2004 08:07:05 -0700
Subject: Re: SA 3.0 and Bigevil
On Wednesday, September 29, 2004, 7:42:04 AM, David Brodbeck wrote:
> On Wed, 2
John Rudd wrote:
1) Greet_Delay (default 30 seconds) -- had some brief false positives
with mac.com, but they fixed their MTA to stop being so impatient.
You might want to keep in mind that some MTAs that do callout
verification use 30 seconds as the default timeout, and if you make them
wait to
I'm running SpamAssassin 3.0 on FreeBSD 4.8-RELEASE, Alpha architecture.
spamd does not shut down when I send it a SIGTERM. I have to kill -9 each
individual child. I had a similar problem with 2.64. It works otherwise.
Any ideas?
Pat Lashley wrote:
For example, it would break the Exim port which by
default includes the ExiScan patches. (The Exim port would still
build; but the SpamAssassin support would fail at run time.)
Sure about that? I'm running Exim with Exiscan version 22, built from
the port, and it's working fin
On Fri, 24 Sep 2004 07:49:48 -0500, Bob Apthorpe wrote
> On Fri, 24 Sep 2004 01:30:19 -0800 John Andersen
> <[EMAIL PROTECTED]> wrote:
>
> > If you are thinking about installing Spamassasin 3.0 PAY ATTENTION:
> >
> > If you haven't been reading this list carefully you will
> > have missed the f
Kelson wrote:
Mail sent from <> to a few addresses that we never use for outgoing
mail is rejected with an "Invalid bounce" explanation. (Don't do this
with postmaster or abuse, or you'll probably end up listed on
RFC-ignorant.)
AFAIK you won't unless someone decides to report you. RFC-ignorant
On Thu, 23 Sep 2004 13:51:36 -0500, Gary Buckmaster wrote
> considered setting up spam@ and notspam@ accounts on the gateway
> itself, and having local users send appropriate samples to these
> accounts, then running sa-learn against these. Does this approach
> make a great deal of sense? Has an
On Thu, 23 Sep 2004 11:29:49 -0400 (EDT), Dan Mahoney, System Admin wrote
> While I'm thinking about this, let me offer up a suggestion...
>
> For those of us that prefer user_prefs in text files but because
> SpamAssassin with the preforking is getting much bigger have decided
> we need a separ
On Wed, 22 Sep 2004 17:26:12 -0700, snowjack wrote
> Yeah, and it is true that SpamAssassin uses lots of RAM (20M per
> process?) So what, RAM is cheap!
If I'm not mistaken, some of that 20M is actually shared amongst all the spamd
processes, so it's not as much memory usage as you'd think. Five
Juhapekka Tolvanen wrote:
On Wed, 22 Sep 2004, +22:45:09 EEST (UTC +0300),
Dan Mahoney, System Admin <[EMAIL PROTECTED]> pressed some keys:
On Wed, 22 Sep 2004, Daniel Quinlan wrote:
Juhapekka Tolvanen <[EMAIL PROTECTED]> writes:
1) Switch off that Bayesian filter of SpamAssassin,
Is there a way to get the SpamAssassin build process to use -O instead of -O2
while building spamc? I run FreeBSD on a DEC Alpha, and -O2 triggers
optimizer bugs in gcc on that architecture. I've just been editing the
configure script before building, but it'd be nice if there was an easier way.
[EMAIL PROTECTED] wrote:
MUA's creating headers for their own internal purposes is a dangerous idea. But many do it. This may be the tip of the iceberg here.
Sure. Sending Outlook messages with flags, do-by dates, and "urgent"
status is an old trick. All those things are controlled by custo
On Mon, 20 Sep 2004 10:40:39 -0400, Kevin Peuhkurinen wrote
> Mozilla Mail and Thunderbird add X-Mozilla-Status and Status2
> headers to all emails they recieve. I do not believe they are ever
> added to outgoing emails, even if you are forwarding an email that
> already has them.
(And the li
71 matches
Mail list logo
