I have the following custom rules working pretty well in testing, but
ran into this message with two "Authentication-Results" headers:
Authentication-Results: mx3.webtent.org; dmarc=none (p=none dis=none)
header.from=email.monoprice.com
Authentication-Results: mx3.webtent.org;
dkim=fail
Dominic Raferd wrote on 11/16/2018 8:50 AM>
Please clarify what you mean by 'even though SPF and DKIM is setup
with DMARC to reject'? I presume that 'company.com' does not have a
DMARC p=reject policy, or else your DMARC program (e.g. opendmarc)
should block forged emails from them.
Oh yes, so
We're having an issue with spam coming from the same company even though
SPF and DKIM is setup with DMARC to reject. Take this forwarded email
for instances
Original message
From: User
Date: 11/15/18 10:42 AM (GMT-07:00)
To: Other User
Subject: OVERDUE INVOICE
Sorr
I have a user getting slammed with messages not being filtered like
below, I can't find the IP or address in any part of a whitelist. I'm
wondering if the missing message ID can cause this? Or should I setup a
rule to kill messages without the ID?
Nov 8 13:08:30 mx2 maiad[49762]: (49762-03) P
Robert Fitzpatrick wrote:
Joe Quinn wrote:
On 6/9/2016 11:23 AM, Robert Fitzpatrick wrote:
Excuse me if this is too lame a question, but I have the SPF plugin
enabled and it hits a lot. Should SPF_ something hit on every message
if the domain has an SPF record in DNS?
Furthermore, a message
Joe Quinn wrote:
On 6/9/2016 11:23 AM, Robert Fitzpatrick wrote:
Excuse me if this is too lame a question, but I have the SPF plugin
enabled and it hits a lot. Should SPF_ something hit on every message
if the domain has an SPF record in DNS?
Furthermore, a message found as Google phishing did
Excuse me if this is too lame a question, but I have the SPF plugin
enabled and it hits a lot. Should SPF_ something hit on every message if
the domain has an SPF record in DNS?
Furthermore, a message found as Google phishing did not get a hit on a
email address where the domain has SPF setup.
John Hardin wrote:
On Mon, 30 Jun 2014, Robert Fitzpatrick wrote:
I have been experiencing a huge amount of spam getting through to
some big target addresses, mainly from .eu and .info addresses, and
would like to see if someone can find something wrong with my setup.
I recently upgraded to
I have been experiencing a huge amount of spam getting through to some
big target addresses, mainly from .eu and .info addresses, and would
like to see if someone can find something wrong with my setup. I
recently upgraded to 3.4, but still the same issue. I am using Postfix
with Maia Mailguard
Looking for some advice, hope it's OK to ask here. I have a few
customers over the past several months start getting an unusual amount
of messages being blocked or returned when sending via our SMTP servers.
I have checked that none of our servers are listed on any databases, but
after some queryin
On 10/5/2011 5:46 PM, Jim Popovitch wrote:
> On Wed, Oct 5, 2011 at 17:41, RW wrote:
>> The usual reason for a hiatus is that too much spam or ham has aged-out
>> in the corpora, and a top-up is needed.
>
> So, how do we get it top-up'ed?
>
Anyone know if the 'usual reason' is because there are
On Fri, 2010-01-29 at 16:19 +, Christian Brel wrote:
> On Fri, 29 Jan 2010 11:09:49 -0500
> Robert Fitzpatrick wrote:
>
> > Could I get someone to run an example of smut spam I cannot seem to
> > block in SA 3.2.5? This is a typical message that has been hammering
>
Could I get someone to run an example of smut spam I cannot seem to
block in SA 3.2.5? This is a typical message that has been hammering one
or two customers and despite learning many of these messages with bayes,
still they continue...
http://mx1.webtent.net/test.msg
I am using Sanesecurity as w
I believe if I make a rule that adds scores for when the Envelope Sender
and To addresses are different and it is coming from a free e-mail
address. I was hoping to reference the free email by existing rules and
see lots of possibilities, see below. Is there are way to match any rule
with SARE_FREE
I see a lot of messages hitting BAYES_00 and reducing enough to make it
a FN. After some learning, problem solved, but still an issue for new
message types. Is there a way to protect from this sort of thing? Like a
recipe not to add the bayes score if the score is over 7 and BAYES_50 or
lower? Woul
Can someone tell me what I'm doing wrong here?
meta WEBTENT_LB __LONGWORDS && (__BAYES_50 || __BAYES_60 || __BAYES_80 ||
__BAYES_95 || __BAYES_99)
describe WEBTENT_LB Contains long words and Bayesian spam probability of 50% or
higher
score WEBTENT_LB 3.5
While my messages hit both LONGWORDS an
Looking at my stats I see those hitting LONGWORDS and scoring BAYES_50
or higher are all big time spam that have been hard to catch, see my
posts earlier this week 'bayes and celeb spam'. Would it be a bad idea
to add to the score when both hit? It looks like a score of 3.5 will be
needed for the e
On Tue, 2008-01-29 at 22:16 -0500, Mark Johnson wrote:
> I put extreme scores against emails from TW as we don't do business with
> anyone from there. If it wasn't for that, this would have made it
> through my system as well. I am really surprised bayes scored a 0 as it
> did for the original
On Tue, 2008-01-29 at 18:05 -0800, Loren Wilton wrote:
> There is still something wrong with the message you pasted, and possibly
> with how you are runing it into SA to test:
>
> Received: from n6c.bullet.mail.tp2.yahoo.com (n6c.bullet.mail.tp2.yahoo.com
> [203.188.202.136])
> \x09by esmtp.ky.
On Tue, 2008-01-29 at 20:22 -0500, Theo Van Dinter wrote:
> On Tue, Jan 29, 2008 at 07:51:03PM -0500, Robert Fitzpatrick wrote:
> > I have some users getting slammed with this spam. Before I start trying
> > to figure out how to intercept, can someone test this message and tell
I have some users getting slammed with this spam. Before I start trying
to figure out how to intercept, can someone test this message and tell
me if your getting a score above 5.0?
http://esmtp.webtent.net/test.txt
I'm getting 4.4 on this particular one, but others less. My bayes still
insists on
On Thu, 2007-11-01 at 16:28 -0400, Daryl C. W. O'Shea wrote:
> Robert Fitzpatrick wrote:
> > I have the following error message in the logs, didn't even notice until
> > tracking down an email for a user today, but been happening in all my
> > logs back the last
I have the following error message in the logs, didn't even notice until
tracking down an email for a user today, but been happening in all my
logs back the last week. All three servers running mail filtering to
pgsql db have this error including the server which hosts the db. I find
no problems wi
I have chickenpox.cf consistently hitting ham. I did some digging, looks
like when Microsoft Word or similar is involved in the body, this
hits...
On Fri, 2007-08-24 at 12:38 -0400, Rick Zeman wrote:
> That looks like a perfectly valid non-spam AOL email.
You think? The user claims they do not know them, the recipients all in
aol.com except my user (snipped) and got three in a row...another
here...
http://esmtp.webtent.net/mail2.txt
--
R
On Fri, 2007-08-24 at 06:48 -0700, John D. Hardin wrote:
> On Fri, 24 Aug 2007, Robert Fitzpatrick wrote:
>
> > Anyone seen these, first reported to us today, but a lot...can
> > they be stopped. Bayes even gives negative score...we are running
> > SA 3.2.1 with
On Wed, 2007-08-22 at 08:58 +0100, Martin.Hepworth wrote:
> Botnet 0.8 is a lot better than 0.7 - please upgrade if you don't already.
>
How do you tell what version you have? I cannot find it anywhere in the
files, so I downloaded 0.8 and diff'd the pm against what I have and no
differences. I g
Anyone seen these, first reported to us today, but a lot...can they be
stopped. Bayes even gives negative score...we are running SA 3.2.1 with
SARE rules, Botnet, KAM, chickenpox...
http://esmtp.webtent.net/mail1.txt
Content analysis details: (1.8 points, 5.0 required)
pts rule name
The plugins page at SARE says this is 0.8, but is it? The pm file looks
fine.
http://www.rulesemporium.com/plugins/pdfinfo.cf
--
Robert
On Sat, 2007-08-18 at 15:14 +0100, Nix wrote:
> On 17 Aug 2007, Robert Fitzpatrick verbalised:
> > Worms and spam have made it impossible for users to use their own
> > personal mail servers.
>
> Really? Fascinating, I'm doing the impossible. I had no idea.
Correction
On Fri, 2007-08-17 at 09:01 -0700, John Rudd wrote:
> Over the last 9 months, my observation has been that, on a million-ish
> message per day system:
>
> 1) aprox. 1% of Botnet marked messages are false positives
>
> 2) you can reduce false positives from Botnet by 66% by just dropping
> the s
On Fri, 2007-08-17 at 18:39 +0300, Jari Fredriksson wrote:
> > 2. many ISPs block connections from dynamic IPs, anyway,
> > this is actually common practice.
> >
>
> It's common practise here for households, but not for business users.
> Actually roaming business users with their lap tops actua
On Fri, 2007-08-17 at 16:31 +0200, Kai Schaetzl wrote:
> Robert Fitzpatrick wrote on Fri, 17 Aug 2007 08:56:33 -0400:
>
> > Well, like I said, we had big problems using anything in Botnet except
> > nordns.
>
> That's why everything except the main BOTNET is set to
On Fri, 2007-08-17 at 16:31 +0200, Kai Schaetzl wrote:
> Robert Fitzpatrick wrote on Fri, 17 Aug 2007 08:46:25 -0400:
>
> > I tried 'spamassassin -D > results.txt <
> > myspamfile', but only gives me the results of the tests.
>
> spamassassin -D results.
On Thu, 2007-08-16 at 17:47 -0500, René Berber wrote:
> Jari Fredriksson wrote:
>
> > Botnet is bad AFAIK bad for anyone running an ISP or so.
> >
> > I'm a lone one and I know that nobody sending me email is not using a Linux
> > box with his own server, so I can drop all mail from dynamic dns o
On Fri, 2007-08-17 at 00:31 +0200, Kai Schaetzl wrote:
> It seems you lowered the score of ACT_NOW_CAPS. If you have done this
> with
> a lot of rules, it's understandable that they don't help ;-)
Good eyes, I didn't even see that. I have checked my local.cf, where is
the only place I lower or a
I have some spam hitting some users pretty hard while just falling short
of the kill level, see below. Seems if I was using Botnet a little more,
it would help. I remember when we installed the Botnet rules, they were
too aggressive with lots of complaints stemming from mis-configured dns,
yada, ya
Still getting these attachments with SA-3.1.7 + SARE + sa-update +
amavisd + clamav with sanesecurity sigs. Should I be blocking these with
those rule sets? Can someone test this to see how you may be blocking?
http://esmtp.webtent.net/mail1.txt
Thanks :)
--
Robert
On Wed, 2007-07-18 at 10:12 -0500, Craig Carriere wrote:
> I use 256K, but I have a small volume (about a thousand emails a day)
> server load. We are also experimenting with the SaneSecurity
> definitions for clam which catch a lot of this rodent mail as well and
> should lower the SA load.
>
>
On Wed, 2007-07-18 at 09:57 -0500, Administrator wrote:
> A rough guess and probably wrong as usual, but could the message size be
> larger than what you have set in amavisd-new? If so then SA would be
> bypassed but not when you manually test the message.
>
Ding! Thanks! It is set at 64*1024 fa
We use SA 3.1.7 with Postfix and amavisd-new 2.4.4 and clamav. I
received several PDF's this morning even though we have updated
protection. They all came from one server, so I did a lookup in the mail
logs to find 'Hits: -', that's it. After some more searching on
different servers, I see this fre
On Mon, 2007-07-16 at 14:51 +0100, Alexis Manning wrote:
> What are people getting for the following stock spam? Ones like this keep
> scoring just under 5 for me.
>
Same here, just under 5.0 and a lot...
http://esmtp.webtent.net/clean-ZGw0SdPapnBE
Anyone able to catch these?
--
Robert
Just verified a couple of PDF attachments getting through with our
PDFInfo rules. Can someone test these to see if my PDF rules are working
or if you're able to block? I believe the rules are working as the
latter message is hitting one, just not enough to block. I tried my
access to the PDFInfo li
We have the PDFInfo plugin added to our SA 3.1.8 running with
amavisd-new and postfix, works great! thanks!
One got through just now and I logged in the server as vscan user and
did the spamassassin -t on the file (we quarantine all for limited time
for testing like this) and it scored 5.1...
esm
On Tue, 2007-06-19 at 18:03 +, Duane Hill wrote:
> On Tue, 19 Jun 2007, Robert Fitzpatrick wrote:
> > Can someone tell me for sure which way this needs to be and how to get
> > sa-update to look at /usr/local/share/spamassassin again if that is what
> > I need to do?
&
>From the beginning I have used /usr/local/share/spamassassin for the .cf
files as this is how the ports system sets up SA on our FreeBSD system.
Sometime ago, someone posted a response to an issue I had at the time
with rules firing that I should be using the
default /var/db/spamassassin/ and I wa
On Tue, 2007-06-05 at 15:06 -0400, Robert Fitzpatrick wrote:
> On Tue, 2007-06-05 at 19:46 +0300, Jari Fredriksson wrote:
> > Robert Fitzpatrick wrote:
> > > Not sure what this means, can someone help? All works fine on our
> > > production SA 3.1.7 server. We are te
On Tue, 2007-06-05 at 19:46 +0300, Jari Fredriksson wrote:
> Robert Fitzpatrick wrote:
> > Not sure what this means, can someone help? All works fine on our
> > production SA 3.1.7 server. We are testing this SA 3.2 with Maia
> > Mailguard and now getting this unsuppo
Not sure what this means, can someone help? All works fine on our
production SA 3.1.7 server. We are testing this SA 3.2 with Maia
Mailguard and now getting this unsupported command -H error...
[47129] dbg: dcc: [47132] finished: exit=0x0100
[47129] dbg: dcc: got response: DCC ERROR Unsupported co
Someone just had some ham get hit by KAM.cf. Why would the rule
KAM_HOODIA contain merely the number 920+ found in subject and body be a
hit. According to the rule, one point for header, one for body and if
two or more found, it hits. I had a reservation department not receive a
confirmation notice
I found a rulle to prevent blackberry messages hitting LW_STOCK_SPAM4
and MIME_BASE64_TEXT...this is working...
http://www.mail-archive.com/users@spamassassin.apache.org/msg39799.html
Also, later in that thread I read about + in the Date header
contributing to this score as well. This is cont
On Tue, 2007-04-24 at 14:57 -0400, Robert Fitzpatrick wrote:
> I have some ham with 'iHireEngineering.com' URL's in the message that
> are hitting this regex for SARE_URI_IHIRE:
>
> uri SARE_URI_IHIRE /\biHire\w+\.com/i
> describe SARE_URI_IHIRE
I have some ham with 'iHireEngineering.com' URL's in the message that
are hitting this regex for SARE_URI_IHIRE:
uri SARE_URI_IHIRE /\biHire\w+\.com/i
describe SARE_URI_IHIRE body contains link to known spammer
score SARE_URI_IHIRE 3.333
I have disabled h
I asked this question related to BOTNET the other day, but I don't think
I was clear. We run a transport server that ultimately delivers mail to
off-server destinations. I was wondering is it is possible to bypass
rules based on a recipients domain name? For instance, not apply BOTNET
scores to mes
On Thu, 2007-04-19 at 15:03 +0100, Chris Lear wrote:
> * Matt Kettler wrote (19/04/07 14:49):
> > If you want to know how accurate a particular rule is, by comparing the
> > spam vs nonspam hit rates, those stats are useless, because of the bias.
> > You need a manually sorted corpus to get this k
I've seen some others on the list here show reports of the different
rules and how much they hit. How can I produce these reports? And is it
possible to produce a report like this by domain name?
--
Robert
On Wed, 2007-04-18 at 10:23 -0500, Craig Carriere wrote:
> Robert:
>
> It sounds like your problem rests with your bayes database. Some SA
> rules will fire on almost all mail, but a properly trained bayes filter
> should be able to reduce your scores to under your spam threshold. None
> of thes
Our bayes was apparently giving negative scores incorrectly and I
re-built it since it was not effective and letting through a lot of
spam. I didn't realize, but it seems those negative scores were keeping
SA from applying other tests? Since fixing bayes, we are blocking so
much ham it is not funny
I have a customer that needs to setup their reverse DNS. The mail server
identifies itself as, for example, abc.com. The Address record for
abc.com points to our web hosting server here naturally since we host
the web site. They have an Address record of mail.abc.com pointing to
their mail server.
On Mon, 2007-04-16 at 19:43 -0400, Michael Scheidell wrote:
> If its just one sender, just whitelist them.
>
> Those rules below do indicate that that email may be coming from a
> 'permission[sic] based email marketing' company.
>
Sorry, hit send to quickly on that last message...
elasmtp-junco
On Mon, 2007-04-16 at 19:43 -0400, Michael Scheidell wrote:
> If its just one sender, just whitelist them.
>
> Those rules below do indicate that that email may be coming from a
> 'permission[sic] based email marketing' company.
>
elasmtp-junco.atl.sa.earthlink.net
--
Robert
I just got a report of ham blocked with the following rules. This is a
repeated ham report for TVD_FW_GRAPHIC_ID1 and thinking of setting its
score to zero. Is there any recommendations on how to handle any of
these rules?
X-Spam-Status: Yes, score=8.692 tag=-999 tag2=5 kill=5
tests=[DNS_F
On Wed, 2007-04-11 at 09:58 -0700, Kurt Buff wrote:
> New installation on FreeBSD 6.2, ran 'sa-update -D', got the following
> output, which I've snipped to highlight the questions I have:
>
> 1) I've added this from ports with pkg_add:
> [11431] dbg: diag: module not installed: Net::Ident ('requi
Are these rules found in the Botnet source folder additional rules that
can be used or is this what Botnet is based on?
http://people.ucsc.edu/~jrudd/spamassassin/jr_rfc1912.cf
Also, I posted a response to an earlier thread, is there a way to bypass
Botnet for a destination mail server or domain
On Tue, 2007-04-10 at 07:18 -0700, John Rudd wrote:
>
> Depending on which bypass/exemption you're going to use, either
> 4servers\.com or the IP address are what you want to use.
>
> The "bluehill.com" part is the smtp HELO argument, and botnet currently
> ignores that.
>
>
Thanks! Is there
My bayes seems to be a mess, consistently knocking down scores. I have
it disabled now and want to rebuild. I assume I can just wipe out
the .seen, .token, etc. files and it will rebuild on its own? Also, I
have two servers in two different locations and would like to share the
bayes database betwe
I applied BOTNET rules yesterday and have some legitimate mail getting
blocked and looking for the best way to bypass. I added 'bluehill\.com'
to the list of botnet_pass_domains, is that correct or should I be
adding '4servers\.com' or both?
Received: from esmtp.webtent.net ([127.0.0.1])
b
Bill Landry wrote:
Peter Russell wrote the following on 4/9/2007 3:41 PM -0800:
We dont use Botnet anymore, it fires on anything/everything and
drives me nuts.
You must not have Botnet and/or your trusted_networks setup correctly
then.
Bill
I am running Postfix+Amavisd-new+SA 3.1.7 gateways
Can anyone run any of these messages to see how your rules score them?
Mostly stock symbol spam. I've been improving our scoring with updates
today, but still not able to come up with any rules to cover these:
http://esmtp.webtent.net/mail1.txt
http://esmtp.webtent.net/mail2.txt
http://esmtp.webte
On Mon, 2007-04-09 at 13:13 -0400, Theo Van Dinter wrote:
> On Mon, Apr 09, 2007 at 01:07:35PM -0400, Robert Fitzpatrick wrote:
> > sa-update -D --updatedir /usr/local/share/spamassassin --channel
> > updates.spamassassin.org
>
> Do you have a reason to be using --update
I am getting reports a quite a few spam messages and found a lot when
looking in our archives. Trying to debug our SA 3.1.7 configuration, I
am finding the following when doing 'sa-update -D', we do seem to be
getting a lot of stock symbol spam getting through. If I clear out the
updates from the l
On Thu, 2007-03-29 at 18:31 +0300, Henrik Krohns wrote:
> On Thu, Mar 29, 2007 at 11:22:05AM -0400, Robert Fitzpatrick wrote:
> > Got your script, all works perfectly, thanks! My question is how do I
> > know which archived id's to feed to your script to learn as spam, ham,
&g
On Thu, 2007-03-29 at 16:39 +0300, Henrik Krohns wrote:
> On Thu, Mar 29, 2007 at 09:25:55AM -0400, Robert Fitzpatrick wrote:
> > I am running Postfix 2.3.5 with SA 3.1.7 and amavisd-new. If I catch a
> > copy of all messages using the Postfix option of always_bcc, will this
> &g
I am running Postfix 2.3.5 with SA 3.1.7 and amavisd-new. If I catch a
copy of all messages using the Postfix option of always_bcc, will this
work when learning those messages? I am wondering if the bcc address
being in the header of all those messages will cause any learning issues
regarding the a
I am getting a lot of these. We use pretty much all the rules at rules
emporium, but nothing over 0 level, as well as do our sa-update (which
doesn't seem to have updated since Feb 24?, maybe the problem?). I also
use the KAM.cf file and FuzzyOcr. I even tried disabling bayes afer this
weeks di
I have this in my local.cf file...
whitelist_from_rcvd [EMAIL PROTECTED] *.blackberry.com
Shouldn't this not get tagged?
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <[EMAIL PROTECTED]>
X-Envelope-To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
X-Quarantine-ID:
X-Spam-Flag: YES
X
I have the following in my local.cf file to allow anyone at that domain
to send from their blackberry:
whitelist_from_rcvd [EMAIL PROTECTED] *.blackberry.com
It says in the Received header that it is for the sender, but addressed
to other people. I'm assuming the sender BCC'd himself, is there
On Thu, 2007-02-08 at 14:04 +, Martin.Hepworth wrote:
> Ben
>
> I found A LOT of spam tries secondary MX first as a way to circumvent
> spam filters..
Yes, I have had spammers sending directly to the e-mail address of a
domain's 'A' record, trying to bypass our filtering gateways.
--
Robert
I had a customer requesting a whitelist of an address this morning. I
always look them up to see the SA score. This one seems to be a FP on
the FORGED_MUA_OUTLOOK rule, see below. I say this due to finding
numerous posting via a google search, sonmeone even suggested disabling
this buggy rule. What
Matt Kettler wrote:
Robert Fitzpatrick wrote:
I have the following in my local.cf file, but some messages get blocked
still, see my log entries below. I use amavisd-new and it seems those in
the log that show localhost as the client pass through and those
directly from the blackberry get
I have the following in my local.cf file, but some messages get blocked
still, see my log entries below. I use amavisd-new and it seems those in
the log that show localhost as the client pass through and those
directly from the blackberry get blocked. Not sure why all would not be
coming from the a
On Mon, 2007-01-22 at 17:31 -0500, Robert Fitzpatrick wrote:
> I get the following lint errors:
>
> esmtp# spamassassin --lint
> Subroutine FuzzyOcr::O_NONBLOCK redefined at
> /usr/local/lib/perl5/5.8.6/Exporter.pm line 65.
> at /usr/local/lib/perl5/5.8.6/mach/POSIX.pm line
I get the following lint errors:
esmtp# spamassassin --lint
Subroutine FuzzyOcr::O_NONBLOCK redefined at
/usr/local/lib/perl5/5.8.6/Exporter.pm line 65.
at /usr/local/lib/perl5/5.8.6/mach/POSIX.pm line 19
[98248] warn: FuzzyOcr: Cannot find executable for pamthreshold
[98248] warn: FuzzyOcr: Can
I use SA 3.1.7 using rules du jour with the recipes below and FuzzyOcr
3.5.1, but still some consistent spam getting through. I also use razor2
and bayes learning with these score increases:
## Optional Score Increases
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_80 3.000
The two mai
Having the same problem with two gateways running FreeBSD with Postfix
2.2.9 and amavisd-new content filtering using SA 3.1.x where delays I
think are running high. The delay on a message is generally above 10 and
amavisd-new logs show 96-97% of that delay is SA. And this with no .cf
files being lo
I have two gateways that filter using amavisd-new and SA 3.1.7 with the
FuzzyOcr recipes used. On one of these FreeBSD servers, all the helper
applications are present, but on the other, they're all missing. I just
now realized this after a while and do not remember where those helper
apps, like gi
I know it can be put in mysql, right now I am using the default db for
SA learning. I have two servers on two different networks and do not
want to add to processing time by accessing a mysql database at another
location. Is this advisable or work well? What is the recommendation for
sharing learni
I used some recipes found with the help of this list that pretty much
wiped out these images spams until this morning they are coming through
again different, of course. Is the OCR solution what I need to do? If
so, can someone point me to some info or suggest how to set this up?
Thanks in advance
On Wed, 2006-08-02 at 11:11 -0400, David Cary Hart wrote:
> However, if
> you have a non-standard reverse pointer to your domain with adequate
> TTL
non-standard reverse pointer? Our TTL is 300, is that 'adequate'.
P.S. - sorry for the direct message David.
--
Robert
I tried sending a message to the list yesterday and it never came
through. I finally found the rejection due to my IP listed on SORBS.
Although I am looking into why my static IP is listed for dynamic
reasons, many think SORBS should not be used, including
www.dnsstuff.com. Is SORBS widely used?
-
Although I've been running SA, now 3.1.x, with amavisd-new and postfix
on FreeBSD 5.4 for some time now, I've not looked at SA closely, only
when there's an issue, and now trying to go over my settings for
optimizing. First of all, I ran 'spamassassin --lint -D' to look for any
trouble and found th
I posted a whitelist_from_rcvd usage issue the other day and someone
quickly opened my eyes to notice the message didn't have a from address,
the log showed 'from=<>'. These people are asking that I whitelist their
mail servers. I understand whitelist_from_rcvd uses two parameters, the
first being
Can someone point out what I am doing wrong hereI have this in my
local.cf file:
whitelist_from_rcvd [EMAIL PROTECTED] mail*.magnetmail.net
But messages are getting blocked that I believe should match this?
May 5 14:54:19 esmtp postfix/smtpd[994]: 9315B7FA20:
client=mail10.magnetmail.net[2
On Tue, 2006-04-11 at 08:13 -0500, JD Smith wrote:
> Does amavisd-new happen to have a pre-built front-end similar to
> MailWatch? If not then it's no use to me as I don't have time to build
> one from scratch, especially not after the time I've already spent
> customizing MailWatch.
Do you mean
Having process load issues, I found that removing my two sa-blacklist
rules took care of it. If fact, very good processing times now that
they're gone. My question is, what I'm I missing? Spam filtering is
doing a fine job since changes applied 24 hours ago.
I run Postfix 2.2.8 with amavisd-new 2.
On Fri, 2006-04-07 at 13:58 -0400, Bowie Bailey wrote:
> That's normal. RDJ keeps an extra copy of all of the rules in that
> subdirectory. SpamAssassin should ignore them. You need to leave the
> rules in /usr/local/etc/mail/spamassassin since that is where SA will
> read them from.
>
So, I n
On Fri, 2006-04-07 at 12:42 -0400, Bowie Bailey wrote:
> > Thanks, I am running Postfix 2.2.8 with amavisd-new 2.3.3. I took a
> > message in my inbox, viewed source and copied to a file on the server,
> > but when I run 'spamassassin -D testfile', it just sits there and
> > hangs. The messages ar
On Fri, 2006-04-07 at 12:42 -0400, Bowie Bailey wrote:
> > Thanks, I am running Postfix 2.2.8 with amavisd-new 2.3.3. I took a
> > message in my inbox, viewed source and copied to a file on the server,
> > but when I run 'spamassassin -D testfile', it just sits there and
> > hangs. The messages ar
On Fri, 2006-04-07 at 08:31 -0700, Bret Miller wrote:
> Running a single message through SA with the -D option would probably
> show you where the delay is.
>
> Unless you've disabled the URIDNSBL plugin, I'd add RBL_TIMEOUT 5 to
> your config as the RBL timout value is used for other DNS-type loo
I upgraded from 3.1.0 to 3.1.1 and my delays went from less than 20 to
900 to over 1000. Here is my rule sets used by rules du jour and my SA
config (same as prior to upgrade). I don't see anything that needs to be
changed, can someone suggest what I am doing wrong?
[ "${TRUSTED_RULESETS}" ] || \
1 - 100 of 107 matches
Mail list logo
