How can I check if the domain used in from address is listed in spamhaus
DBL or the IP it resolves to is listed in SBL
I find all the URIBL_DBL_SPAM rules etc work only for urls in the body
not headers
Thanks
Ram
Hi,
One of our clients has a purely local business and wants any mail coming
from a foreign domain to be given a score for spam
I would like to reduce the spam threshold , and then give a negative
score for every mail with sender domain in India
Is there a possibility of identifying the country
Alexandre Chapellon wrote:
Hello,
I would like to know if someone here is part of the returnpath.net
(http://www.returnpath.net/emailserviceprovider/certification/)
certification program?
Sender certification usually is unnecessary unless you send mails in bulk.
For bulk mailers, any certific
http://www.zimbra.com/forums/administrators/36295-every-new-message-flagged-exploit-pdf-9669-nothing-getting-through.html
How do I disable False positives with clam
For now I am disabling clam totally on all servers .. anyway real
viruses are so few.
Marc Perkel wrote:
There's people out there who are better and faster programmers than I
am. I need a simple utility written We can post it on the SA Wiki when
we're done.
I don't care what it's written in but I'm thinking that xinetd might
be easiest. What I want is something to record the I
Christopher Bort wrote:
This is really not a SpamAssassin issue, but since this list is
populated by people who are interested in spammer behavior, I'm
throwing it out for comment. If it's too far off topic, my apologies
and I'll let it go at that.
At $DAYJOB I run a mail server and a name se
Tony Bunce wrote:
Sorry for the Off Topic thread but I’m at a loss
Is anyone else having issues sending mail to Yahoo?
They are returning 421 Message temporarily deferred to every message
my servers try to send. My server then retries like it should but
yahoo never accepts the message, even
alex wrote:
I made a script too, then I found your script when I searched later!
Your script is more efficient, now I just use yours :P I call it
directly from procmail.
glad to be of use , it was not a great effort though
BTW I think google has started taking complaints seriously. I dont se
my MTA is configured to block domains listed in securitysage but I cant
see any hits lately
Is blackhole.securitysage.com down ??
Thanks
Ram
The stock spams are getting obfuscated to extreme lengths.
This mail went clean thru spamassassin. All it got hit were my custom
rules where I score mails containing companies mentioned in stock spam
( risky but no alternative )
Stock spams are a real nuisance , because the spammer just has
On Tue, 2007-02-06 at 22:25 -0800, John D. Hardin wrote:
> On Tue, 6 Feb 2007, Ken A wrote:
>
> > But what's the point if they simply have to move the obfuscation to the
> > domain part, rather than the tld? Is it worth the cost of the additional
> > test?
> > ie: http://www.swell_your_dongR.com
On Mon, 2007-02-05 at 18:46 -0800, Kenneth Porter wrote:
> On Tuesday, February 06, 2007 12:31 AM +0100 "Chr. v. Stuckrad"
> <[EMAIL PROTECTED]> wrote:
>
> > So what really will be needed, would be a combination of
> > Rules for 'illegal hostname in url' and something like
> > the URIBLS to catch
On Wed, 2007-01-24 at 09:46 -0500, Theo Van Dinter wrote:
> On Wed, Jan 24, 2007 at 01:17:15PM +0530, Ramprasad wrote:
> > But If I have /var/lib/spamassassin with some files in it SA is
> > apparently ignoring /usr/share/spamassassin/*.cf
>
> Yes. That's how updates
I have been using SA for more than 3 years now and I have a dumb
question
I am using SA 3.1.5 on Centos
AFAIK By default Spamassassin reads from /usr/share/spamassassin
and /etc/mail/spamassassin
But If I have /var/lib/spamassassin with some files in it SA is
apparently ignoring /usr/share/s
I am using a custom script using spamassassin and webredirect.pm while
scanning mails in my honeypots and get all uris that can go into my
self-maintained uribls
Off late I have been seeing too many urls timing out when using
webredirect
I tried using lynx, or wget even these timeout , but when I
I run SA 3.1.5 with MailScanner
I have in my cf file
bayes_learn_to_journal 1
use_bayes 1
bayes_path /var/spool/MailScanner/spamassassin/bayes
bayes_file_mode 0666
bayes_auto_expire 0
The problem is my bayes_journal file grows immensely ( around 500Mb a
day ) but the bayes_toks f
I thought all the stupid spammers were already eliminated. But now there
is another full generation alive
These spammers use specific patterns for their from-ids that makes
themselves too obvious. It took us quite a while to find out what was
hammerring us but Now I am blocking all these spams rig
I had read of sender address verification(SAV) about a year back, some
people had done that too. I found the idea too unfeasible for checking
from-addresses before accepting mail at MTA.
The scene is different today now with 90% of all mail being spam it
seems not that bad an idea anyway
My gue
This drug spam seems pretty simple
http://ecm.netcore.co.in/tmp/spammail1.txt
but is not caught by my sare (mangled.cf) MANGLED* rulesets
am I missing something here
Thanks
Ram
On Wed, 2006-11-22 at 19:34 -0600, Chris wrote:
> I've been receiving tons of supposed bounces from Peru saying I've sent
> messages to non-existant address using a [EMAIL PROTECTED] address.
> One such bounce is below:
>
> Return-Path: <>
> Received: from pop.earthlink.net [209.86.93.201]
Which is lighter to use bayes in files or bayes in SQL for a large setup
We get around 6-7 Million mails per day on our 14 servers ( >80% get
rejected at MTA however)
Currently each machine( dual Xeon 4GB Ram) running Postfix + SA +
MailScanner has it own bayes files. How about running a mysql se
I am no getting what the spammer intends to say here
http://ecm.netcore.co.in/tmp/spam1.txt
There is no meaningful message , no sales pitch , no stock
recommendation nothing at all
Any ideas ?
Thanks
Ram
On Fri, 2006-11-03 at 10:21 +, Henry Kwan wrote:
> Am finally getting around to making SPF records for our domains so naturally
> I was fiddling with SA to see SPF-checking was enabled. Running 3.17 with
> Mail-SPF-Query-1.999.1 installed. During "make test", it seemed to pass all
> 36 test
On Mon, 2006-10-23 at 14:36 -0700, jasonegli wrote:
> I'm running multiple domains on one SPAM cleaning server. I'm wondering if
> there's a way in spamassassin to build a separate whitelist for each domain.
> If not, can you build a whitelist based on BOTH To and From addresses.
>
> For example
Is it possible to write a quick rule to catch phone numbers mangled with
[\- *] in between
Like these
1--314--414---4001
If someone is writing phonenumbers this way there is enough reason to
believe he is a spammer
Thanks
Ram
I got this on my google alerts
Can anyone confirm
http://www.mercurynews.com/mld/mercurynews/business/technology/15809465.htm
CHICAGO - A federal judge presiding over a spam dispute rejected a
marketing company's request to suspend the domain name of an anti-spam
group that ignored an $11.7 m
Thats the bane of antispam. If there were no FP's spammers would lose
their jobs. ( So will we techies managing antispam :-) )
Whitelisting citibank is just too dangerous anyone can forge
use
def_whitelist_from_spf [EMAIL PROTECTED]
Thanks
Ram
On Mon, 2006-10-09 at 11:43 -0400, Rob McEwen (PowerView Systems) wrote:
> > The last few weeks I have noted (angry users calling me by phone) that
> > the server is really slow.
>
> Don't know for sure, but I suspect slower than usual Razor and/or DCC servers?
>
> --Rob McEwen
>
I second that.
I want to use size of mail in a custom ruleset.
Can I get this as any parameter. Can someone please give me an example
Thanks
Ram
On Fri, 2006-09-29 at 11:20 -0400, Michel Vaillancourt wrote:
> Ramprasad wrote:
> > On Fri, 2006-09-29 at 08:12 -0400, Michel Vaillancourt wrote:
> >> Ramprasad wrote:
> >>> Why not SPF ??
> >>Over two thirds of the email I receive that is UCE/Spam has
On Fri, 2006-09-29 at 08:12 -0400, Michel Vaillancourt wrote:
> Ramprasad wrote:
> >
> > Why not SPF ??
>
> Over two thirds of the email I receive that is UCE/Spam has an
> "SPF_PASS" associated with it from SA. All SPF seems to do is make the
> &qu
On Thu, 2006-09-28 at 11:05 -0700, Loren Wilton wrote:
> > Apparently they have removed SPF records after publishing them once.
> > Thats a stupid idea IMHO. Today I am forced to TEMP FAIL earthlink ids
> > whenever there is a spam attack on my servers
>
> SPF can be a pain for a number of reasons
On Thu, 2006-09-28 at 19:11 -0700, jdow wrote:
> From: "Ramprasad" <[EMAIL PROTECTED]>
>
> > On Tue, 2006-09-26 at 21:28 -0700, jdow wrote:
> >> Before you blame Earthlink note that it has NOT gone through Earthlink
> >> servers.
> >>
>
On Tue, 2006-09-26 at 21:28 -0700, jdow wrote:
> Before you blame Earthlink note that it has NOT gone through Earthlink
> servers.
>
> relay2.corp.good-sam.com is the receiving email server.
>
> It's a forged email, at a guess. (It also has mangled headers. Newlines
> are missing. MAYBE it would
Hi,
We scan a huge number of mails ( upto 150k an hour ) on our load
balanced array of servers.
I was thinking of running a local fingerprinting server like pyzord
Is the pyzor project still alive .. I havent seen any updates for
quiet some time.
And are there any issues integrating pyzor wit
I find that
spamassassin -D --lint sometimes just hangs.
the output goes
.
..
[28316] dbg: bayes: tie-ing to DB file
R/W /var/spool/MailScanner/spamassassin/bayes_toks
[28316] dbg: bayes: tie-ing to DB file
R/W /var/spool/MailScanner/spamassassin/bayes_seen
[28316] dbg: bayes: found
On Mon, 2006-09-04 at 13:06 +, Duane Hill wrote:
> On Monday, September 4, 2006 at 6:13:50 AM, Ramprasad confabulated:
>
> > Hi,
> > All the LARGO tests and our own custom rules notwithstanding , some
> > image spams still get thru.
> > But spams like
Hi,
All the LARGO tests and our own custom rules notwithstanding , some
image spams still get thru.
But spams like these are absolutely pointless.
http://ecm.netcore.co.in/tmp/buildup.eml.txt
I dont get any message from this spam , atleast on my evolution client.
I doubt if this some spam-for-ou
> >>
> >> Return-Path: <[EMAIL PROTECTED]>
> >> Received: from mail.cs.uni-sb.de (mail.cs.uni-sb.de [134.96.254.200])
> >> by wjpserver.cs.uni-sb.de (8.12.11.20060308/8.12.11) with ESMTP id
> >> k7T8rU6P012050;
> >> Tue, 29 Aug 2006 10:53:30 +0200
> >> Received: from mail-eur1.microsoft.com
Hi,
One mail for this list got into my quarantine. I was surprised since I
had spf_whitelist 'ed spamassassin.apache.org
I went thru the logs , got this
Aug 30 03:20:27 rs14 MailScanner[25502]: Message 747B1441F1.64958 from
209.237.227.199 (dev-return-27257-
[EMAIL PROTECTED]
I need to trap images that are not given full names
Something like this
-=_NextPart_000_00EB_01C5061E.42C54EA0
Content-Type: image/gif; name="zpalaver"
Content-Transfer-Encoding: base64
Content-ID: <[EMAIL PROTECTED]>
The name should have been zpalaver.gif but the extension is deliberate
> http://www.rulesemporium.com/plugins.htm#imageinfo
>
> Updates:
> - added optimization changes by Theo Van Dinter
> - added jpeg support
> - added function image_named()
> - added function image_size_exact()
> - added function image_size_range()
> - added function image_to_text_ratio()
>
>
>
All my rulesets and the LARGO rules are for catching inline png and
inline gif. Now I am getting stock spams with
images like
--=_NextPart_001_000C_01C6BBE8.11C02650--
--=_NextPart_000_000B_01C6BBE8.11BB4450
Content-Type: image/jpeg; name="militarism.jpg"
Content-Transfer-Encoding: b
On Wed, 2006-08-09 at 10:27 +0200, Bjorn Jensen wrote:
> Can spamassassin benefit in any way from a ramdisk ?
> The server we have for spamassassin, has 3 gigs of ram, and spamd
> doesn't even use 1 gig of that, so I thought perhaps it would speed
> things up if I could place something on a ramdi
I see a lot of people are getting invitations to join some yahoo group.
And many of these are not exactly "appropriate". ( porn )
If I get invitations to a group by someone I dont know, then I think it
is spam.
Thanks
Ram
How about sending "450 Please Try later" to ever mail with an inline
image and then somehow verify if it really comes back. (Obviously not my
original idea :-) )
How many spams would really comeback. max 20% .. those which are routed
thru zombies
Thanks
Ram
On Sat, 2006-07-29 at 18:22 +, [EMAIL PROTECTED] wrote:
> >> Does DCC, RAZOR, PYZOR, or any other signature algorithms work with
> >> the image spams? It's not apparent from reading the man pages. It
> >> seems to me that one could compare the signatures of attachments instead
> >> of the who
Oops they were single from headers , but from different mails
On Fri, 2006-07-28 at 16:50 +0200, Benny Pedersen wrote:
> On Fri, July 28, 2006 13:14, Ramprasad wrote:
> > From: Rory [mailto:[EMAIL PROTECTED]
> > From: Barbra [mailto:[EMAIL PROTECTED]
> >
> > Can I w
I am suddenly facing a lot of image spams from a pretty effiecient
spammer now . The Ips he is using are not listed anywhere
All spams advertising stocks of HLUN.PK Am I alone facing this problem.
Also I found that the From header in all mails is a typical repeated
string
Like these
From: Ro
On Thu, 2006-07-27 at 14:35 -0700, John D. Hardin wrote:
> On Thu, 27 Jul 2006, Hamish wrote:
>
> > Forwarding should (IMO) be implemented in such a way as the
> > FORWARDING mailbox should be used as the new return-path (Just
> > like if you forwarded an email from your MUA rather than with the
>
> I can tell you right now, its either Net tests or poorly written
> rules. Otherwise SA runs pretty darn good.
>
Darn good is how good ?
On a Dual Xeon with 4GB ram can SA scan 30k mails per hour.
Today at 15k the machine starts signalling problems , 20k is the max it
can do beyond which the
Hi,
Spamassassin has so many dependencies on various external factors
like network , disck IO , RAM etc
If I want to analyse the performance on my SA box , how do I find out
what the bottlenecks are.
I am using spamassassin as a module in Mailscanner on CentOS
Is there any tool by which I can
> Except = SPF breaks email forwarding. It requires that the world
> change how email is forwarded and that's not going to happen. Thus if
> a bank has a hard fail and someone with an account on my server gets
> email from an account that is forwarded then my server sees the email
> as coming from
>
> An ISP wpuld never be whitelisted anyhow. Whitelisting is for things
> like banks and other institutions and organizations that produce no
> spam. Yellowlisting is for ISPs so that they don't accidentally get
> blacklisted. SPF is useless because few are using it due to the fact
> that it jus
There are now a few spams passing thru with plain emailids ( not mailto
links )
There is noting else in the mail that can be caught. How can I check
such ids
Show I do a body check after all
Thanks
Ram
Sample spam mail
---
I have a new email address!
You can now email me
On Mon, 2006-07-17 at 14:04 -0300, Claudia Burman wrote:
> I've googled and I searched the list archives but I can't find
> information on this.
> How do you use the whitelist subject and the blacklist subject plugin?
> Where do yo write the blacklist or the whitelist?
>
> Thanks
> Claudia Burman
Can Someone give me alternate mirrors where I can download njabl lists
from
rsync.njabl.org is timing out even before connection
Thanks
Ram
First it was Iron-port , now postini.
http://www.webuser.co.uk/news/88975.html
Is Image spam really that BIG. I am missing something. My image spams
are getting caught by the BL's ( touchwood )
I think these companies are trying to keep up the hype for their own
marketing.. or should I expect a
> Hi,
> i think the best way to reduce the network traffic regarding to the network
> test is to do all network test locally.
> we are serving many list locally. For example spamhaus (commercial
> agreement),spamcop (one time fee), njabl, sorbs , cbl.abuseat, dsbl (all
> free). We are using a rbl
On Thu, 2006-07-13 at 11:17 -0400, Craig Morrison wrote:
> Ramprasad wrote:
> > Hi,
> > SA works fine , for the quiet large setup that we have. ( we get upto
> > 200k mails an hour at peak times )
> > But I notice it is too network dependent. A little problem with t
Hi,
SA works fine , for the quiet large setup that we have. ( we get upto
200k mails an hour at peak times )
But I notice it is too network dependent. A little problem with the
network and all hell breaks loose. Mailq shoots up and SA starts timing
out.
Probably because I have enabled all ki
Spamassassin works pretty great for me, but some spammers keep
upgrading. Some of my clients are still getting stupid spams thru
I think this was discussed before how do I catch spam with mangled urls.
Sorry if this is a repeat
Something like
--
visit
http://somespammmersite.
I have the redirect cf on (I can see in sa --lint ),
but this url goes through clean. ( see below )
Do I have to do anything besides enabling the CF in RDJ. To get it
working
BTW I am using SA 3.1.0 on linux
Thanks
Ram
..
Mathew told me to shoot you an email about the store I t
On Fri, 2006-06-23 at 11:48 -0400, Screaming Eagle wrote:
> how about those test that does not have plugins, e.g:
> 20_drugs.cf and 20_fake_helo_tests.cf, how do you include this in your
> spamasassin?
>
> Thanks.
You must have found that by now , put any file with name *.cf
in /etc/mail/spamassa
On Fri, 2006-06-23 at 00:51 -0400, Screaming Eagle wrote:
> how do I integrate SPF in /usr/share/spamassassin/25_spf.cf into
> /etc/mail/spamassassin/local.cf? The content of 25_spf.cf directed
> me to Mail::Spamassassin::Conf, after reading it, I am still not clear
> on how to configure spf?
>
> > I am doing regex match something like
> > /1 *- *2 *2 *- *3 *3 */
> >
> > Any inputs ?
>
> Yes, as SA collapses multiple spaces down to a single space (in 'body'
> tests), you only need to look for a single instance of the space,
> not an unlimited number. Also you can omit that final ' *' as
> There's a reason. The amount of permutations is ridiculous. But SARE
> has Evilnumbers which catches these.
Is the Evilnumbers ruleset not too heavy
But the numbers are also mangled
eg
1-22-33 could be written in numerous ways just adding spaces in between
randomly
I am doing regex match
Hi,
My servers are suddenly facing a deluge of university spams. All that
"get gen uine de grees from pr estigious univers ities" type
These mails have no urls or email addresses, just some phone numbers to
call back. And the spammers are using some virgin routes , so they dont
hit the RCVD_IN
On Wed, 2006-06-14 at 11:50 -0700, Steve Thomas wrote:
> > So - like I said - this is visionary stuff. Think SQL - think outside
> > the box.
>
> It's not all that visionary. Microsoft's been working on WinFS - a SQL
> based system for storing files - for years. It's supposed to have been
> releas
On Wed, 2006-06-07 at 07:03 -0600, James Lay wrote:
> Hey all!
>
> Soomail from myspace has been getting tagged as spam...been trying
> to halt that on a domain basis. Here's what I've tried (and seen
> online):
>
> .*myspace.com
> @myspace.com
> *myspace.com
> [EMAIL PROTECTED]
>
> Can som
> As you suggest, you will get higher cache hit rates with a
> centralized server, at the cost of some LAN traffic. But a
> few million DNS queries per day over a LAN is probably
> insignificant.
>
> Given that the BL zone files are pretty large, I'd recommend a
> centralized server running rbld
We have an array of 8 load balanced linux boxes running Spamassassin
with peak traffic upto 20k mails per hour per server.
How do I make optimum use of DNS caching. Currently I am using bind as
caching DNS server on each machine. Would it be better I have a central
DNS server. That way the DNS Cac
On Thu, 2006-06-01 at 19:52 -0700, Marc Perkel wrote:
> I'm thinking about using MyDNS to create my own DNS blacklist. I'm
> thinking I'll make it available to everyone to list IPs that are not on
> other lists. Mostly virus infected zombies and such.
>
> So - has anyone else done this? Looking
Hi,
I am using spamassassin with postfix on Linux. I am using
def_whitelist_from_spf rules for whitlelisting popular newsletter mails
Some domains send mails with from id as a subdomain of the main domain.
for eg
[EMAIL PROTECTED]
How do I whitelist such ids ( the subdomain does not have a S
Matt,
Thanks for helping. Got whitelist_from_spf working ( with some help
from postfix guys )
I had to do the following IN postfix
In file /etc/postfix/main.cf
smtpd_data_restrictions = reject_unauth_pipelining,
check_sender_access
regexp:/etc/postfix/add_x_envelope_f
> Yes, but what box performs the SA scan? is it darkstar? or some other box?
> Does
> the box performing the SA scan see the masquerade, or is it also behind your
> firewall and thus sees the private IPs?
>
> You're not concerned with what outside machines see here. You are trying to
> diagnose
On Tue, 2006-05-02 at 10:18 -0400, Matt Kettler wrote:
> Ramprasad wrote:
> > Hi,
> > I am using SA 3.1.1 as a module in MailScanner.
> > I am not able to get whitelist_from_spf working.
> >
> > In my local.cf I have
> >
> > ifplugin Mail::SpamA
On Tue, 2006-05-02 at 10:12 -0400, Matt Kettler wrote:
> Ramprasad wrote:
> > Hi,
> > I am using SA 3.1.1 as a module in MailScanner.
> > I am not able to get whitelist_from_spf working.
> >
> > In my local.cf I have
> >
> > ifplugin Mail::SpamA
On Tue, 2006-05-02 at 10:12 -0400, Matt Kettler wrote:
> Ramprasad wrote:
> > Hi,
> > I am using SA 3.1.1 as a module in MailScanner.
> > I am not able to get whitelist_from_spf working.
> >
> > In my local.cf I have
> >
> > ifplugin Mail::SpamA
Hi,
I am using SA 3.1.1 as a module in MailScanner.
I am not able to get whitelist_from_spf working.
In my local.cf I have
ifplugin Mail::SpamAssassin::Plugin::SPF
whitelist_from_spf [EMAIL PROTECTED]
endif
A mail from a SPF allowed IP is scored SPF_HELO_PASS ( evidently spf
checks are w
I want to run just the bayes test on several files and get bayes scores
I tried writing my own script using Mail::SpamAssassin but thats seems
to not give any score at all.
Is there any ready script available
Or can I get any pointers
Thanks
Ram
> There is definitely a VERY significant performance penalty to using
> rawbody over URI, for any rule.
>
> Consider the size of input. A rawbody regex must be run against the
> entire text of the body after QP decoding. A uri regex must be run
> against all the text of the URIs that SA found. Th
Hi,
We get considerable number of newsletter mails with "spammy" content.
How do people tackle Fp's from newsletters ? typically the stock
newsletters , the bank promotional newsletters etc
I would like know if this is possible ( I am using SA3.1 + Mailscanner +
postfix )
1) Maintain a list of
Hi,
I am using SA 3.1.0 ( + many SARE rulesetes ) for my Antispam cluster
of machines. We get a huge traffic and by and large the solution works
fine. Only problem is when legitimate senders use dialups etc. Their
source IPs get listed in a lot of BL's and in effect their mails get
marked spam.
Hi,
I find quiet a few spams with mangled words like
"Dea C r Home Ow v ner" , "Dea 1 r Home O a wner" and many such
combinations are passing thru my SA (SA 3.1.0 with quite a few SARE
rules )
I can tar these spams and send if anyone wants
The mangled.cf is able to catch mangled credit or man
Hi,
I have seen that dns tests for the same mail sent twice ( to different
recipients ) give inconsistent results
The first mail got hit by RCVD_IN_WHOIS_BOGONS and the second did not
( I use a local caching name server ). I cant figure out why ?
Has this occurred to anybody else ?
Thanks
Ram
On Tue, 2006-02-07 at 00:15 -0800, jdow wrote:
> From: "Ramprasad" <[EMAIL PROTECTED]>
>
> > Hi,
> > I want to write a personal domain-wise rule
> > The rule I am using now is
> >
> > header __TO_DOMAIN_NETToCc =~ /[EMAIL PROTECTED]/i
Hi,
I want to write a personal domain-wise rule
The rule I am using now is
header __TO_DOMAIN_NETToCc =~ /[EMAIL PROTECTED]/i
But the above rule would match "@domain.net" as well as
"@domain.net.in"
Which is the best way to match only @domain.net and not @domain.net.in
Thanks
Ram
Hi,
I want to write a personal rule to match recipients of a particular
domain
The rule I am using now is
header __TO_DOMAIN_NETToCc =~ /[EMAIL PROTECTED]/i
But the above rule would match "@domain.net" as well as
"@domain.net.in"
Which is the best way to match only @domain.net and not
Hi,
We run spamassassin on our Mailservers that receive close to 20k
mails per hour.
The problem is SA takes too long especially for the bayesian checks
I am thinking of moving the BAYES DB to a tmpfs partition. What are
the pros and cons ? I could write a cron to just copy the bayes to a
Hi all,
We are running spamassassin 3.1 with Mailscanner. The SURBL checks are
very efficient in catching spams ( without risk of FP's).
Sometimes we get a lot of spam with URI's not listed in SURBL's ,
probably because they are too specific to our domain / locality.
To make sure that these
On Sun, 2005-09-04 at 03:20, wolfgang wrote:
> In an older episode (Saturday, 3. September 2005 19:51), Ilan Aisic wrote:
>
> > It would be very difficult to write rules that would detect spam
> > disguised like this in an HTML table.
>
> I think the SARE obfu rules catch quite a few of those, se
On Tue, 2005-08-16 at 05:31, jdow wrote:
> From: "Kenneth Porter" <[EMAIL PROTECTED]>
>
> > --On Saturday, August 13, 2005 6:58 PM -0400 Theo Van Dinter
> > <[EMAIL PROTECTED]> wrote:
> >
> >> On Sat, Aug 13, 2005 at 03:07:14PM +0530, Ra
When I build the rpm from the spec file ( on fedora core 3 ) the
spamassassin-tools rpm is not created. Was it not a part of SA.
Thanks
Ram
On Sat, 2005-08-13 at 06:44, Justin Mason wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> *** THIS IS A RELEASE CANDIDATE ONLY, NOT THE FINAL 3
Hi all,
I am using Spamassassin on our SMTP servers with almost 2 mails
an hour. The problem is the machine is almost always heavily loaded.
Spamassassin takes a lot of time and I think the Bayes checking /
learning is the real cpu hog ?
Also I feel bayes is no good for a server like our
Hi
We are using Spamassassin + Postfix + Mailscanner on our SMTP servers.
Of late I have noticed that a lot of ham mails are getting a high BAYES
score.
I have overriden bayes with lower scores in order to avoid false
postives ( and possibly mail loss )
How do I de-poison the bayes database, a
On Tue, 2005-07-19 at 21:34, Matt Kettler wrote:
> Ramprasad A Padmanabhan wrote:
> > Hi list,
> >Our servers are frequently getting spam mails with taablets , or
> > ta.blets in the subject.
> >
> > I run rules_du_jour regularly, I am surprised there is no r
Hi list,
Our servers are frequently getting spam mails with taablets , or
ta.blets in the subject.
I run rules_du_jour regularly, I am surprised there is no ruleset for
catching this kind of subjects
/\bta+\.?b(let)?s\b/
Has someone already a ruleset for this
Thanks
Ram
--
Hi,
I want to use Spamassassin with Postfix-Mailscanner or
Postfix-amavisd for an ISP level spam filter.
All users are virtual, and I would like to give the users full control
for setting their rulesets
For eg,
A user must be able to set his own scores for the DRUGS_ERECTILE or
DCC_CHECKS.
99 matches
Mail list logo
