Am 03.04.2013 15:50, schrieb Matus UHLAR - fantomas:
On 03.04.13 10:58, Dirk Bonengel wrote:
Are those your users sending lots of mails? Then what is the point in
submitting them to SpamAssassin? Bypassing SA might save your lots of
trouble (and ressources)
scanning outgoing mail by SA can
Am 03.04.2013 09:45, schrieb David B Funk:
On Wed, 3 Apr 2013, Josef Karliak wrote:
Good morning,
we use SA on 8 CPUs HP DL380 G5. But sometimes spam daemon crash down :
Apr 2 18:01:33 server systemd[1]: spamd.service: main process exited,
code=exited, status=1
Apr 2 18:01:33 server systemd[1]
Hello all,
just to make it official: he iXhash plugin has now reached version
1.5.5. Recent changes are:
- Adam Stephens noted that hash#3 would be checked even though it ahd
not been computed in the first place.
In other words: Hash #2 would be checked against twice. This should be
corrected,
Bill Landry schrieb:
Giampaolo Tomassoni wrote:
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2008 12:04 AM
it's WORKING
Well,
it hangs my SA 3.2.4 setup on waiting for a reply from ctyme.ixhash.net .
The strange thing is t
RobertH schrieb:
is there anything wrong with still using an older pre 1.5.x version of
iXhash?
is there a problem that makes an upgrade recommended?
OR
is there a problem that forces up to upgrade?
- rh
Short anwer: No. I tried to improve the code by adding new functionailty
but the ol
OK, I found the bug.
I just released a fixed release. Thanks to Lars Uhlmann for finding the
culprit and delivering a fix.
Problem was the regular expression checking the IP returned if it
belongs to the 127.x.x.x range.
Hmm, I had this working before
Soryy again for the trouble
Dirk
Karsten Bräckelmann schrieb:
On Tue, 2008-12-02 at 11:32 +0100, Dirk Bonengel wrote:
I'm looking into it. Only thing - seems to work here.
The reason why hash one is broken is the "workaround" introduced into
version 1.5.
$body_copy =~ s/[[:graph:]]+//go;
This can
Original-Nachricht
> Datum: Tue, 2 Dec 2008 06:30:20 -0600
> Von: Chris <[EMAIL PROTECTED]>
> An: users@spamassassin.apache.org
> Betreff: Re: Bug in iXhash plugin - fixed version available
> On Tuesday 02 December 2008 4:32 am, Dirk Bonengel wrote:
&g
I'm looking into it. Only thing - seems to work here.
Maybe one of you can send me his .cf file per PM?
Dirk
Original-Nachricht
> Datum: Tue, 02 Dec 2008 09:12:45 +
> Von: [EMAIL PROTECTED]
> An: Spamass
> Betreff: Re: Re: Bug in iXhash plugin - fixed version available
>
Folks,
as some of you already noticed I f... up the last (1.5) release of the
iXhash plugin.
Plain simple a wrong regular expression practically disables hash #1.
I just uploaded a fixed version to ixhash.sf.net that runs the correct
RE ( on a modified version of the email's body to circumven
Arthur Dent schrieb:
[
CUT]
Hmmm.. OK I tried another one. This one actually triggered iXhash when I
got
it originally. You can see the original mail (including headers showing
iXhash
report) here:
http://pastebin.ca/1269211
Running it through now it doesn't generate the error that the
other me
n't. Guess I'll do a 1.5.1
soon)
Otherwise I'm at a loss currently. Just checjked - runs fine on my system.
Dirk
Arthur Dent schrieb:
On Thu, Nov 27, 2008 at 06:05:52PM +0100, Dirk Bonengel wrote:
Folks,
just uploaded a new version of the iXhash plugin to http://ixhash.sf.n
Folks,
just uploaded a new version of the iXhash plugin to http://ixhash.sf.net.
For those that don't know what the plugin is good for: It computes MD5
checksums of fragments of the body of an e-mail and compares them to
those of know spam. As such it works similar to the plugins that use the
Len Conrad schrieb:
FreeBSD 6.2
2 GHz
1 GB RAM
More RAM won't hurt
Amavisd-new
400 KB max msg size to scan
10 servers
TIMING shows sa-check taking 85% - 90%
How many concurrent processes have you set in your postfix's master.cf
to forward messages to? Your setting for the amavisd-vs
Vidar Tyldum Hansen schrieb:
On Sat, Sep 27, 2008 at 05:27:52PM +0200, Vidar Tyldum Hansen wrote:
On Mon, Aug 04, 2008 at 11:13:29PM +0200, Dirk Bonengel wrote:
Hi all,
I'm the author of the iXhash plugin, a piece of code that computes a
variety of 'fuzzy checksums'
Jan Doberstein schrieb:
Wolfgang Zeikat schrieb:
Do others also see that effect with ctyme.ixhash.net?
yes, thats why i added
ixhash_timeout 10
to my configuration (maybe hardware/bandwith on ctyme will be upgraded)
regards
jd
local issue, should be OK by now.
Dirk
Chris schrieb:
On Saturday 27 September 2008 12:23 pm, Matthias Keller wrote:
Chris wrote:
I'm still seeing this:
Hi
You forgot to change check_ixhash to ixhashtest as written in the
email a bit futher up...
Matt
Thanks Matt, that did the trick, works cor
Original-Nachricht
> Datum: Fri, 26 Sep 2008 21:07:47 -0700
> Von: Bill Landry <[EMAIL PROTECTED]>
> An: users@spamassassin.apache.org
> Betreff: Re: ixhash - failed to run CYTME_IXHASH test, skipping
> Chris wrote:
> > I've changed the ixhash.cf per Dirk's instructions, the who
Original-Nachricht
> Datum: Fri, 26 Sep 2008 12:31:45 +0200 (CEST)
> Von: "Benny Pedersen" <[EMAIL PROTECTED]>
> An: users@spamassassin.apache.org
> Betreff: Re: Important info for iXhash users
>
> On Thu, September 25, 2008 23:48, Dirk Bone
Chris schrieb:
On Thursday 25 September 2008 4:48 pm, Dirk Bonengel wrote:
Important news for all users of the iXhash plugin and the corresponding
lists.
An exemplary config file can be found at
http://ixhash.sourceforge.net/example.html.
(There you'll find two other iXhash zones - on
Important news for all users of the iXhash plugin and the corresponding
lists.
As mentioned a few weeks ago, the domains 'nospam.login-solutions.de'
and 'nospam.login-solutions.ag' will reach EOL in the near future. They
are being replaced by the single DNS zone 'generic.ixhash.net'
Everyone u
Original-Nachricht
> Datum: Tue, 5 Aug 2008 06:32:03 -0500
> Von: Chris <[EMAIL PROTECTED]>
> An: "Dirk Bonengel" <[EMAIL PROTECTED]>
> CC: users@spamassassin.apache.org
> Betreff: Re: iXhash plugin and lists - feedback wanted
> On Tuesd
Original-Nachricht
> Datum: Mon, 4 Aug 2008 19:11:09 -0500
> Von: Chris <[EMAIL PROTECTED]>
> An: Dirk Bonengel <[EMAIL PROTECTED]>
> Betreff: Re: iXhash plugin and lists - feedback wanted
> On Monday 04 August 2008 4:13 pm, Dirk Bonengel wrote:
Original-Nachricht
> Datum: Mon, 4 Aug 2008 18:29:20 -0700
> Von: "Robert - elists" <[EMAIL PROTECTED]>
> An: users@spamassassin.apache.org
> Betreff: RE: iXhash plugin and lists - feedback wanted
>
> >
> > I'm the author of the iXhash plugin, a piece of code that computes a
>
Hi all,
I'm the author of the iXhash plugin, a piece of code that computes a
variety of 'fuzzy checksums' along the lines of the NiXSpam project (run
by the German IT magazine iX).
I also run two DNS zones
(nospam.login-solutions.de,nospam.login-solutions.ag), containing fuzzy
checksum data f
Important info for all those who use the iXhash plugin
Karsten Bräckelmann discovered a problem with some regular expressions,
causing SA/Perl to segfault on some installations when processing
certain malformed mails.
Everyone using the plugin is encouraged to go to ixhash.sf.net and
download
Rosenbaum, Larry M. schrieb:
Is it possible to get zone transfers of the iXhash data?
Which one? The one run by Heise Verlag, Germany? Then I suggest you you
contact Bert Ungerer (un at ix dot de) there.
If you mean any of the currently three lists, I run two of them and I
can provide you a r
guenther schrieb:
Unfortunately, the example iXhash.cf of (current) version 1.0 is rather
scarce when it comes to the definitions. I'd wish for these to become as
informative again as they used to be. FWIW, these verbose descriptions
and comments have been the reason for me to pick 2 out of 3 lis
Per Jessen schrieb:
I wasn't actually making any assumptions about the quality or lack of
it, that would not make any sense. I was really only concerned with
the trust issue, which I still say is paramount when it comes to spam.
And I don't believe you can establish trust by withholding or hidi
Per Jessen schrieb:
Marc Perkel wrote:
I do most of the filtering using Exim rules and I only use
Spamassassin on less that 1% of incoming email. What I do is focus on
the behavior of the spammer rather than the content of the message. I
have too many tricks to describe here but my filtering
Per Jessen schrieb:
[EMAIL PROTECTED] wrote:
The difference is that the .de domain is fed by input that's either
visually checked or stems from dedicated spamtraps, so I'm quite
confident the hashes contained really mark spam.
The .ag domain contains hashes either from feedback loops (ie. e
Per Jessen schrieb:
Dirk Bonengel wrote:
For those that don't know what this plugin does: It uses an algorithm
developed by Bert Ungerer of the German IT magazin iX (Heise Verlag)
to compute fuzzy checksums from (spam) emails and checks them against
those hashes I and Heise computed
[EMAIL PROTECTED] schrieb:
Hi, list,
the DNS server of manitu.net, Germany, currently the only server hosting
the iXhash blacklist @ ix.dnsbl.manitu.net, is apparently being ddos'ed.
Admins using the iXhash plugin should either temporarily disable using
that server or request being included in a
Folks,
I've finally come around to releasing a new version of the iXhash
plugin. If you happen to use that plugin, just get the code (now located
at http://ixhash.sf.net) and upgrade.
Normally simply replacing the iXhash.pm file should do. Just make sure
you have the version corresponding to y
Chris, List,
just curious but Chris how successful were you in optimizing your MySQL
installation?
I take it as a given that many installations nowadays use MySQL as data
store, so hints on optimizing MySQL would be a welcome addition to the
wiki, I think
Dirk
Chris St. Pierre schrieb:
We
Chris St. Pierre schrieb:
We're sharing our Bayesian database (MySQL) between two MX nodes and
the database server has hit a wall. It's underpowered and is no
longer able to keep up with the I/O demands of our two MXes. During
the day, uptime on the machine plateaus at about 5-7, and iowait
per
Chris St. Pierre schrieb:
We're sharing our Bayesian database (MySQL) between two MX nodes and
the database server has hit a wall. It's underpowered and is no
longer able to keep up with the I/O demands of our two MXes. During
the day, uptime on the machine plateaus at about 5-7, and iowait
per
Maxim Cerný schrieb:
Hello,
> Firewall mail.example.com and don't let it accept any email from
> anyone but spamfilter.example.com
I can't do this, because there are more mail domains set on
mail.example.com (e.q. example2.com) and I don't filter messages going
to example2.com. Any other solu
John Rudd schrieb:
Bret Miller wrote:
On Wednesday 13 December 2006 11:35 am, Bret Miller wrote:
Has anyone here tried MSRBL (http://www.msrbl.com/site/)?
I'm running it
in trial now, but thought I'd ask to see if anyone here
had an opinion
before doing anything serious with it.
TIA,
Bret
On Sun, 12 Nov 2006 06:38:42 +0100 (CET)
"Benny Pedersen" <[EMAIL PROTECTED]> wrote:
>
> On Sat, November 11, 2006 20:47, Dirk Bonengel wrote:
>
> > The fine thing is that you can use the iXhash plugin along razor, pyzor and
> > dcc. (I don't know if i
Sounds to me as if the iXhash mechanism might be what you need.
The iXhash plugin you find on the SA wiki works on the body of a mail, removes
(redundant) parts of it and computes a hash value from the rest. The results
have been found to be quite a reliable indicator for spam mails. I feed two
Chris schrieb:
On Tuesday 24 October 2006 1:55 am, Dirk Bonengel wrote:
Chris schrieb:
I've been seeing this quite a bit lately, is the site down or do the
timeouts need to be increased? Its currently set for the default 10
seconds.
Oct 21 12:28:03 localhost spamd[19162]: i
Chris schrieb:
I've been seeing this quite a bit lately, is the site down or do the
timeouts need to be increased? Its currently set for the default 10
seconds.
Oct 21 12:28:03 localhost spamd[19162]: ixhash timeout reached
at /etc/mail/spamassassin/iXhash.pm line 91.
Oct 21 12:28:03 localh
David Cary Hart schrieb:
On Wed, 11 Oct 2006 18:16:06 +1300, Jason Haar
<[EMAIL PROTECTED]> opined:
I've been waiting for anyone else to bring it up - but no-one has.
If Spamhaus lose this lawsuit (which they are ignoring as they are
UK-based and this is some judge in Chicago), they may very
Kelson schrieb:
decoder wrote:
This would slow spammers down by a factor of 10-100 or more per
compromised machine (depending on whether the messages sent are sent
individually or to many users at once)."
So they get a bigger botnet. There's no shortage of compromised
machines out there.
Ma
Just read up at http://www.maiamailguard.com/, but: yes, each and every
mail is stored in a database.
Ham/Non-virus-mails get delivered at once though, only a copy is getting
stored in the db
Dirk
Chr. v. Stuckrad schrieb:
On Tue, 18 Jul 2006, Dirk Bonengel wrote:
...
If I was in your
Stucki,
did you investigate auto-learning? This might let your system learn ham
as well as spam. Works fine here (same situation - gateway server to a
Lotus Notes system, no feedback loop possible)
As far as I recall, SA starts using its Bayes data only after having
learned at least 200 ham
Well, I don't know who 'we' is but I know the author quite well, no
wonder since it's me ;-)
Go ahead an add a new code section to the wiki. (There are versions vor
3.0 and 3.1.x, yours would be for 3.1.3). In any case keep the other code.
Testers are always welcome. What would interest me is y
Hi all,
Dallas, I think the problem isn't the request timing out - Rick says
'the child never exits from processing the message'...how can this be??
Rick, as a workaround either raise the timeout limit (both my servers
are located near Cologne/Germany). And take a look at how fast DNS is
for
Ben,
as the author of the iXhash plugin I'd say - yes, it works.
But actually I've not a clue if it does. Never tried and propably never
will.
However, the plugin essentially only uses Digest::MD5 and Net::DNS. I
guess that if Net::DNS works OK on Windows, my plugin propably works as
well.
O
Hi list,
just as the subject says: I added some stuff to
http://wiki.apache.org/spamassassin/iXhash and
- made it clear (I hope) what it actually does
- added installation instructions
- added a version that runs under SpamAssassin 3.0.x
Dirk
Wolfgang,
I guess you already use spamassassin (why else post to this particular
list?). Make sure you use a recent release (3.1.3 is current) and the
rules from rulesemporium.com.
But apart from that I'd need more info
Hope this helps!
Servus
Dirk
[EMAIL PROTECTED] schrieb:
Hi all,
Nice to hear! But: Don't blame me if you get a FP due to iXhash.
Did you set up all three lists, btw? (i.e. manitu.net,
login-solutions.de and login-solutions.ag ??)
Dirk
Marc Perkel schrieb:
So far so good. This is as you say very accurate. I increased the
score to 4.5. No FPs so far. In fac
Hi all,
just a few explanations to the iXhash stuff:
First of all, sorry there were no installation instructions - I'll work
on that (Marc already added a few lines - thanks)
What the plugin does is the following:
- It works solely on the body of an email.
- Given a few minimum requirements are
Marc,
just drop both files (.cf and .pm) into the directory where your
local.cf is.
One important piece of (missing) info: You must be running SA v 3.1.0 or
higher (not 3.0 as stated). If this is a problem I can easily post a
version working with 3.0.x
Dirk
Marc Perkel schrieb:
Matt Kett
Matt,
try enabling razor, pyzor and dcc. You might also want to try the iXhash
plugin I did some time ago (if you run a 3.1.x installation. See
http://wiki.apache.org/spamassassin/iXhash for ore info on that and drop
me a mail if you use it so I can get in touch)
Those image only spams in fact
Hi,
as Rob McEwen already pointed out Bill Stearns offered image hash data
for such a project. I did write such a plugin (Bill did publish his data
via DNS, thanks again!) but am somewhat disappointed by the results (so
I didn't bother publishing the plugin).
The point is that the most annoyin
Hi, all,
I wonder if the iXhash Plugin I did last summer would catch these.
FYI, the plugin uses some form(s) of fuzzy MD5 checksums of the complete
mail body (not seperate mime parts) and does compare the results with
those I provide via DNS.
It's available at http://wiki.apache.org/spamassas
Hi,
You need to restart amavisd-new which uses the spamassassin-classes
internally.
So no need to run spamd (if you do).
Applies only if you do spamchecking via amavisd-new, of course
Dirk
Tom Brown schrieb:
Hi
I have been manually tweaking some rules to increase their score and
then doi
I did something along that line using postfix and amavisd-new.
amavisd-new should also be able to interface with exim (at least it says
so at http://www.ijs.si/software/amavisd/#features-mta)
However, you could also have a look at Maia Mailguard. That software
uses a modified version of amavisd-
Brian S. Meehan schrieb:
I'm not sure how to set or change the default setup for spamd to make sure
it's running with -L
Brian
Brian,
what OS do you run spamd on?
In SuSE eg. (newer releases) those parameters are contained in
/etc/sysconfig/spamd. I think this is a RedHat-ism so there sho
Jaime,
btw: any special reason you plan to use SA 2.64 with local tests only?
I'd recommend upgrading to the latest and greatest stable version which
can be found (as RPMs for SLES9 on Intel) at
http://ftp.suse.com/pub/people/choeger/spamassassin/i386/sles9/
Take care as the config requires cha
Do you run amavisd-new (which is shipped with SLES9, I think)
If you do, there's the culprit: amavisd-new does its own spam testing
using the spamassassin code directly (not via spamc/spamd)
Details can be found at http://www.ijs.si/software/amavisd/#faq-spam
Likey you didn't configure amavisd-
Have a lokk at Maia Mailguard:
http://www.renaissoft.com/maia/
Basically it's an enhanced version of amavisd-new and also allows the
users to maintain their own whitelists.
David Benigni schrieb:
Hello,
I've been searching for an application to manage per user quarantines
with SA. Current
Thanks for the clarification.
Dirk
Rob Skedgell schrieb:
On Saturday 13 Aug 2005 12:29, Dirk Bonengel wrote:
FYI:
rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
In a stan
FYI:
rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492
(net) or 0.296 (net+bayes).
Please read the whole thread before flaming someone.
This one started with 'wolfgang' asking why he's unable to lookup
219.144.194.158 in multib.surbl.org.
219.144.194.158 is listed in ph und ws, according to the lookup tool on
rulesemporium.com.
dig 219.144.194.158.multi.surbl.org => no result
Dallas (and all the rest),
what you're saying is:
- We're talking of forward lookups, not of reverse lookup.
What I'm seeing, however, is that the zone files contain IPs in reverse
notation.So SA does a forward lookup on a reversed IP.
I think that's about it. Wolfgang complained about not bein
Greg,
given you speak of name-based virtual hosts, your concerns do not apply.
You'd not be affected if the IP of one of your web servers would be
listed in an URIB list..The plugin does not resolve the IP of an URL.
The only thing that matters is the actual domain. The case in question
here is
g in their zonefiles.
wolfgang schrieb:
In an older episode (Thursday, 11. August 2005 22:46), Dirk Bonengel wrote:
Well, the IP is listed OK, but one needs to do reverse queries:
dig 158.194.144.219.multi.surbl.org
gives
158.194.144.219.multi.surbl.org. 1850 IN A 127.0.0.12
which sounds good t
Well, the IP is listed OK, but one needs to do reverse queries:
dig 158.194.144.219.multi.surbl.org
gives
158.194.144.219.multi.surbl.org. 1850 IN A 127.0.0.12
which sounds good to me.
Dirk
Chris Santerre schrieb:
-Original Message-
From: wolfgang [mailto:[EMAIL PROTECTED]
Sent:
Chris Thielen schrieb:
Hi Dirk,
Dirk Bonengel wrote:
Hi all,
maybe this list can give me some feedback on a plugin I've written a
few weeks ago.
The Plugin is based on parts of the 'NiXSpam' project by the German
IT magazine iX. NiXSpam is an elaborate procmail recipe (f
Hi all,
maybe this list can give me some feedback on a plugin I've written a few
weeks ago.
The Plugin is based on parts of the 'NiXSpam' project by the German IT
magazine iX. NiXSpam is an elaborate procmail recipe (for more info see
http://www.heise.de/ix/nixspam/ - it's German, though), an
Just to add my 2 Euro-Cent:
Something like this might actually exist (in as far as gif-only spams
are of interest).
Bert Ungerer, an editor with the German IT magazine 'iX', developed a
procmail-based AntiSpam-System he called 'NiXSpam'.
One part of it is a list of MD5-hashes of parts of the bo
74 matches
Mail list logo
