libio-socket-ip-perl libnet-patricia-perl make
libdbd-mysql-perl
3. Download 3.4.2 package and unpack in /usr/local/src or somewhere
else:
4. Compile and install:
perl Makefile.PL
make
make install
sa-update
Best,
Jan
did a "spamassassin -t -D < testmail | grep dns"
It outputs many lines, so here is one of the interesting parts:
Jan 8 10:31:15.456 [31076] dbg: dns: bgsend, DNS servers: [127.0.0.1]:53
Jan 8 10:31:15.456 [31076] dbg: dns: attempt 1/1, trying connect/sendto
to [127.0.0.1]:53
Jan 8
Hi.
For work I am investigating an issue where none of the dns blacklists
are used.
We are using the current spamassassin version and also current version
of Net::DNS.
It is installed on a current version debian system.
We run a local nameserver using bind.
We invoke spamassassin via "spamassass
es shouldn't have made it thru your filtering
> system.
thanks David,
I'll investigate, mail from grey-listed domains should not come through
indeed, (I didn't check), gonna do a bit of homework, obviously I'm
a bit green, thankfull for your responses though :)
greet,
Jan-Kees
ore,
3 is another one
I didn't see such an obvious pattern,
but I don't know how to tackle that one neither ...
thanks,
Jan-kees
thanks for your attention,
Jan-Kees van Kampen
I wrote:
> attachmentname.split($.)[1] == ".zip/.docx"
but I meant of course:
attachmentname.split($.).last == "zip" or "docx" ...
Sorry if i'm spamming the list ;)
> For this particular case it would be better to write a DNS plugin that
> would do a DNS lookup for the domain nameservers and return that in a
> matchable form. Going via the registrar to get the nameservers incurs
> far too much overhead.
Two examples with postfwd:
# hard version
id=REJECT_BA
saying that the
mail is trusted because of sender server/relay host.
to me that sounds strange. How can all my spam come from hosts that
spamassassin thinks are nice hosts :) ?
best regards
Jan
Am 25.8.2010 22:47, schrieb Karsten Bräckelmann:
>
> Jan, any chance you could provide the paragraphs or text parts
> corresponding to the seeks?
>
> Just to clarify: We do *not* require the full message, even though it
> makes things simpler. In fact, no headers (other than
data (assurance company). We had more than 100
false-positives with these rules in the last 2 days.
I have drastically lowered the score from 4.0 to 1.0 for both rules and
wanted to ask if anybody else noticed that?
Cheers, Jan
ind of misconfiguration since the
problem occurs only with exactly these mails.
Sorry if you think that's a Postfix issue, but I'm not yet sure. Maybe someone
has an idea.
Jan-Kaspar
nch of FPs.
Anyway.. I don't want to argue here. I throwed in my pennies and hope
the SA developers agree.
Cheers, Jan
Michelle Konzack wrote:
> Is SAW a valid TOPLEVEL domain?
>
> SA could use a list of valid TLD's.
>
Ok, let's change that (do not forget that there's more than .com)
the www seems to become the primary source of information these days
(->www.seems.to?)
And I think we agree, that it wo
Martin Gregorie schrieb:
>> ... go to WWW EVIL ORG for new meds ...
>>
>> and
>>
>> ... digging through the WWW HE SAW this link ...
>>
> Both IMO should be caught and given a positive score. I've never seen
> legitimate mail containing URLs written this way.
Maybe I was not clear: The last one is
Jason Haar schrieb:
> All this talk about trying to catch urls that contain spaces/etc got me
> thinking: why isn't this a standard SA feature? i.e if SA sees
> "www(whitespace|comma|period)-combo(therest)", then rewrite it as the
> url and process.
How would you distinguish between
... go to
Henrik K schrieb:
>> sorry, just missed the "relatively recent" statement ;-)
>>
>
> When the system gets old enough that it's not supported officially and you
> are forced to manually CPAN fresh modules (and possibly wreak havoc on the
> OS), there is no reason not to compile your own perl (o
Jan P. Kessler schrieb:
> Justin Mason schrieb:
>
>> For the upcoming release, we're considering dropping support for that
>> interpreter version. If you're still using 5.6.x, or know of a
>> (relatively recent) distro that does, please reply
Justin Mason schrieb:
> For the upcoming release, we're considering dropping support for that
> interpreter version. If you're still using 5.6.x, or know of a
> (relatively recent) distro that does, please reply to highlight
> this
>
> --j.
>
Don't know if it's still relevant: Solaris 8
#
Elsa Andrés schrieb:
> OTOH, that server cannot be dead as I can perform any "host" or "dig"
> queries with it:
>
Just a guess: Is /etc/resolv.conf readable by the uid you run sa/amavis?
dave_c00 schrieb:
> I have run the 'perl Makefile.PL' in the correct directory but the 'make
> install' isn't working.
>
Something is going wrong!
So, you think my comment is not very helpful? Maybe your desciption of
the problem is not that helpful, too. If you don't provide more
information
Karsten Bräckelmann schrieb:
On Fri, 2008-12-12 at 15:03 +0100, Jan P. Kessler wrote:
sa-update currently fails with:
http: request failed: 403 Forbidden: [...]
Any permission issues on yerp.org?
Just tested, works for me. Did you try again?
Jep, it's workin
Hi,
sa-update currently fails with:
http: request failed: 403 Forbidden: HTML 2.0//EN"> 403 Forbidden
Forbidden You don't have permission to access
/rules/stage/320725913.tar.gz on this server.
Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.4.6 PHP/5.2.4-2ubuntu5.3 with
Suhosin-Patch mod_ssl/2.2.8 Ope
mouss schrieb:
Micah Anderson a écrit :
"Benny Pedersen" <[EMAIL PROTECTED]> writes:
On Tue, November 18, 2008 22:16, Henrik K wrote:
postfwd and trusted_networks msa_networks is what i do use here, then minimal
dns lookups is needed olso, facebook have random helo so need to be
white
> If I've been following this thread correctly, linux4michelle has
already
> stated he/she receives messages from their ISP. Therefore, rejecting
at
> the SMTP level will ultimately cause the ISP to be a source of
> backscatter (i.e. not receiving messages directly), which he/she can
not
> reje
> Spamers are using MY E-Mail spaming
> russian servers and now Ihave gotten nearly
> 200.000 backscatters which make my account unusable
> specialy for my customers and peoples which
> urgently need my help without passing over mailinglists...
So you do deliver the backscatter? Why
Hi,
can you share your new script with the MailScanner changes with us?
Kind regards,
JP
Just curious... :-)
--
Seceidos GmbH&Co. KG| Tel: +49 (6151) 66843-43
Robert-Bosch-Str. 7 | Fax: +49 (6151) 66843-52
64293 Darmstadt/Germany |
http://www.seceidos.de/ | SIP: [EMAIL PROTECTED]
Skype: jan-peter.koopmann
E-Mail: [EMAIL PROTECTED]
HRA 7206, Amtsgericht Darmstadt
pe
Wolfgang Zeikat schrieb:
> Do others also see that effect with ctyme.ixhash.net?
yes, thats why i added
ixhash_timeout 10
to my configuration (maybe hardware/bandwith on ctyme will be upgraded)
regards
jd
signature.asc
Description: OpenPGP digital signature
Well,
since many guys are recommending "what they use" (IronPort, Barracuda) I
thought I might bring BarricadeMX from Fort Systems into the game. Have
a look at them. It is _very_ efficient and can be configured to use
SpamAssassin as well. Comes with a very easy install for CentOS 5.2.
Kind reg
> And Mailchannels isn't implementing slow replies. That's what I'm
> trying to say. It is slowing the TCP session, not slowing the
> responses.
FYI: So are other products (at least one). And slowing down TCP sessions
will hit ISPs as well btw. but that's a different stories.
Oh and btw:
> > 2: can be bypassed in greylist on that fact #1
>Both of these are addressed by Mailchannels. But what to do when an
>"unknown mail server" contacts you is different in the approach.
>greylist effectiveness is down to less than 10% effective at this
>point, because the botnets know to r
>> http://www.snertsoft.com/smtp/smtpf/
>Okay, this link wasn't available to me. I googled the term you
>provided and only found the FLS site. They had no links to this
>data.
Possible.
> Next time you want to suggest that someone didn't research, you
> should be explicit with your lin
>I read every document on their website, and saw zero mentions of this
>feature. I can't research it further without getting the product here
>to test, and I'm not suggesting that everyone do this -- just that
>everyone read the information available.
http://www.snertsoft.com/smtp/smtpf/
It sure can and we are using that feature. It adresses all (!) features
MailChannel claims to address on the webpage and more. Sure it is I who has to
do the researching?
Moreover BMX can do quite a lot of what you describe without having to slow
down the TCP channel too much thereby freeing up
> Why is everyone willing to skip doing 5 minutes of research?
I did.
> Mailchannels idea may not work for you. But it's worth doing a bit of
> research.
Oh the idea is nice. But there are others out there that - from my
personal perspective - are doing this stuff much better, at least from
w
Hi
> In both cases, they don't provide any serious study. they only show
> numbers that go with their claims. I don't know for others, but my logs
> don't seem to confirm theirs.
Where do they show numbers? Could not find any.
> and the slowdown thing is based on the theory that spammers have
Hi,
is there a simple way of using the same Bayes-DB (mysql based) for
multiple Spamassassin installations concurrently? Can I just point all
machines to the same DB or will this lead to corruption?
Kind regards,
JP
> It really doesn't matter to me whether it was on urisbl/surbl when he
> sent it. I provided what our server marked this as as an example of
> rules that he could look at as to why it was scored low. Other people
> that don't use "unwanted language" may not need it, but in some cases
> it
> helps,
> http://pastebin.com/m16055c85
Content analysis details: (9.6 points, 6.0 required)
pts rule name description
--
--
1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
> http://igor.chudov.com/tmp/spam003.txt
Could you paste the message itself (queue file)? Would like to see what
my installation has to say about this one. :-)
> > Then it just hangs for quite some time and finally runs into the
> > timeout. Any idea?
>
> A known problem, it uses a default timeout of Net::DNS,
> which is very long for certain unresolvable DNS queries.
> Try the following patch:
Looks like this did the trick!
Great. Thanks!
Hi,
I just noticed BotNet (0.8) causing SA timeouts when used with
MailScanner. This is what the log gives me:
[21308] dbg: spf: query for
[EMAIL PROTECTED]/75.117.130.5/unknown: result: fail,
comment: Please see
http://www.openspf.org/Why?id=esuapmet_1966%40mater.ustb.edu.cn&ip=75.11
7.13
dougp23 schrieb:
I'm stumped!! Here's some headers from our most recent test:
look at your sendmail configuration or maybe some of your milter
settings ... thats not spamassassin ...
/jd
Mofo_Jones schrieb:
Just Postfix. In postfix and I believe Sendmail.
John D. Hardin wrote:
On Fri, 25 Jan 2008, Mofo_Jones wrote:
One more question. This site has multiple domains that it does a
MX backup for and there are a few domains that I do not want SA to
scan and add any
Rosenbaum, Larry M. schrieb:
Is it possible to get zone transfers of the iXhash data?
you can get the zone, if you made it available to the hole world ... and
you need to handle ixfr ... just ask them for more information!
\jd
hi Leigh,
Leigh Sharpe schrieb:
I'm getting 404 errors on my RulesDuJour, for whatever rule I have
listed first in the config.
If I remove the offending rule from the config, I get a 404 on whatever
rule is next in the list. All other rules are OK. Can anybody offer any
explanation of why?
Per Jessen schrieb:
It could be caused by DNS lookups taking longer. That would be my guess
for anything taking more than 5 seconds.
try to use a local dns cache ... helps here to fasten up mail scanning!
\jd
Hi there,
OliverScott schrieb:
> There is a SpamAssassin plugin which checks messages with ClamAV, which adds
> the following header to emails it processes:
>
> X-Spam-Virus: Yes ($VirusName)
>
> http://wiki.apache.org/spamassassin/ClamAVPlugin
the plugin is running here too, but it doesn't add
> > and isn't
> > considered to be that much better than C/R (it doesn't clutter a
> > forged-sender's mail box, but it can bog down a forged-sender's mail
> > server with verification requests).
>
> Well, it may be. I know, however, that a lot of people is doing this
at
> the
> MTA level in order
AFAIK: No there is no way.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 17, 2007 5:32 PM
To: users@spamassassin.apache.org; [EMAIL PROTECTED]
Subject: How to get Spam report in header?
We use MailScanner and Spamassassin.
Our email has a header line as follows
ook. Everything above 15 is not delivered and I
cannot remember a FP in that category...
Kind regards
Jan-Peter Koopmann
On Tuesday, May 29, 2007 4:53 PM ram wrote:
> This is a very intelligently written scam mail
>
> http://ecm.netcore.co.in/tmp/missed.txt
>
> I set my servers to pretty aggressive custom rules , but I am not
> able to catch this spam
>
> Bayes has messed up agreed but even not counting bayes al
Hi,
please excuse me if the archives already answer the question and I overlooked
it.
I am going to upgrade to 3.2.0 this week but remember reading that sa-compile
will not work with SARE rules currently. If I understand it correctly when
using sa-compile it will be used for all rules so you
just an idea, did you use awl ?
if so, try it and disable it ... that was probleme here some time before ...
\jd
signature.asc
Description: OpenPGP digital signature
Hiya,
Kelly Jones schrieb:
> Reason I want to do this: by default, Blackberry sends text email
> MIME-encoded and its timezone is +. This means it gets dinged by
> the MIME_BASE64_TEXT rule AND the LW_STOCK_SPAM4 which is defined as:
>
> meta LW_STOCK_SPAM4 __RATWARE_0_TZ_DATE && MIME_BASE64_
Bret Miller wrote:
> Huh?? 223.1.1.12? Is 213.165.64.20 part of your trusted networks?
no, it's not .. this is Dial-UP IP from T-Online, Second Line is the
"normal" gmx network, "my" Network start an mx0.webpack.hosteurope.de
> Actually the doc for the SPF module says "trusted_networks" but
> sho
Hi there,
i'm getting some problems with the spamassassin spf modul
(Mail::SpamAssassin::Plugin::SPF) maybe i can resolve this problem by
asking the list.
Please take a look at this header:
--- start cut ---
Return-path: <[EMAIL PROTECTED]>
Delivery-date: Sun, 17 Dec 2006 10:45:
hiya,
vertito schrieb:
> which catches my attention. Yes, it is not spam, but a score of 3.0 from
> DNSBL is a little
> bit high for me. anybody can advise how can i lower them down?
just change scoring ... best is in your local.cf or a new .cf that you
name scoring.cf (for example).
there you
--version
SpamAssassin version 3.0.3
running on Perl version 5.8.3
What does this mean? How can a ctime get lost, but the file still exists?
Is this neglectable? Bad memory? Heavy load? General issue? Google gave no
real good clue, perhaps anyone can point to something.
Thanks,
--
jan@ _ __
__ (_) / ___ ___ _
| |/|/ / -_) / __/ _ `/ _ \_/ _ \/ __/ _ `/
|__,__/\__/_/\__/\_,_/_//_(_)___/_/ \_, /
/___/
threads.
Are you sure? In the 'top' list one of the spamd "instances" has 21m RES
and 11m SHR whereas the other one uses 23m RES and 12m SHR.
Is this really the same process with two threads?
Regards,
Jan
y this did not really work.
Any ideas?
Regards,
Jan
supported by Spamassassin and if so if there is anyone that
has found a solution to this.
Thanks
Jan
nd out executables as well.
Hope this is of use to someone.
Cheers,
Jan
Hello Matt,
On Sat, Oct 30, 2004 at 01:00:01PM -0500, Matt Yackley wrote:
>
> Today marks the first full year that SARE has been contributing custom rules
> to the
> SA community.
>
> Happy Birthday SARE!
>From where do you know this? There's no note about that
f/i}split//,$&)+97):('m',p,f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet
66 matches
Mail list logo
