mment is harmless, and likely an artifact from when SBL-XBL was
deprecated in favor of ZEN several years ago. And FWIW, ZEN actually
contains the SBL, SBLCSS, XBL and PBL blocklists.
> Comments on this? Am I missing something here?
Yes; a closer review of documentation and rule construction is in order.
--
Sahil Tandon
On Sun, 2011-04-03 at 14:38:49 -0700, Ori Bani wrote:
> On Sun, Apr 3, 2011 at 2:08 PM, Sahil Tandon wrote:
> > On Sun, 2011-04-03 at 13:30:44 -0700, Ori Bani wrote:
> >
> >> From what I can tell, it is common to have local.cf
> >> permissions/ownership as
s it really need to be world readable?
You've asked a few different questions; the answer to the last one is
'no'.
--
Sahil Tandon
ust can't do this while spamass-milter does it with very
> little overhead or configuration.
For posterity, and to hopefully prevent the spread of misinformation via
list archives, the above (specifically with regard to amavisd-new) is
patently false.
--
Sahil Tandon
pam-Relays-External =~ /^[^\]]+
rdns=\S+[\-\.](?:res|resnet|client)[\-\.]/i
--
Sahil Tandon
My previous reply does not appear to have made it to the list, so
trying again:
On Thu, 2011-01-27 at 09:12:37 -0500, Michael Scheidell wrote:
> On 1/26/11 11:58 PM, Sahil Tandon wrote:
> >>reject_rhsbl_sender dbl.spamhaus.org=127.0.1.2,
> >Sound advice to advocate good prac
e!)
Glad to hear it's working well for you - I'm having a similar
experience!
--
Sahil Tandon
ally we prefer to make use of that improving the efficiency of
> the list, and not so much working on the web site..
João, please do not be discouraged by the ranting. We use mailspike at
multiple sites and it is a valuable, low-FP addition to the DNSBL
arsenal. Thanks for your efforts.
--
Sahil Tandon
oes the answer vary per email? More details
are required to identify the cause of the problem.
--
Sahil Tandon
On Dec 14, 2009, at 12:45 PM, John Hardin wrote:
On Mon, 14 Dec 2009, Per Jessen wrote:
Why would anyone pay USD20 to register with emailreg.org instead of
publishing an SPF record for free?
To keep the pointy-haired managers happy.
Bingo. Name calling aside, this is really the crux of
On Sat, 12 Dec 2009, jdow wrote:
> From: "Marc Perkel"
> Sent: Saturday, 2009/December/12 09:42
> >
> >Sahil Tandon wrote:
> >On Fri, 11 Dec 2009, Marc Perkel wrote:
> >
> > Been using emailreg.org for several months now and it seems like a
&
On Sat, 12 Dec 2009, Marc Perkel wrote:
[HTML snipped]
I'm thrilled that it works well for you; my note was for posterity and
other readers who might benefit from knowing about the odd inconsistency
I mentioned in my initial reply.
--
Sahil Tandon
partners). It would be counter-intuitive to require all senders to pay
one of the third parties just to let email through."
--
Sahil Tandon
On Sun, 04 Oct 2009, LuKreme wrote:
> On 3-Oct-2009, at 23:54, Sahil Tandon wrote:
> >As documented in the spamd(1) man page:
> >
> >-s facility, --syslog=facilitySpecify the syslog facility
> >
> >So, specifly a syslog FACILITY instead of a FILENAME. See sy
rly Sunday morning are the worst time…
Unless you believe this is still a spamd issue, please send all
follow-ups to a more appropriate mailing list.
--
Sahil Tandon
problem; see the newsyslog(8) and
newsyslog.conf(5) man pages to understand why.
> It certainly looks to me like the spammed output should be logged to
> /var/log/spamd.log.
No.
--
Sahil Tandon
ible or am I barking up the wrong tree? If I am, does
> anyone have suggestions on how I can achieve this?
What if the email with the offending text is sent to multiple
recipients, some of whom need the special treatment while others do not?
--
Sahil Tandon
ecurity certification body."
Perhaps the "Virus" in the name of the organization conducting the anti-spam
product review threw you off?
--
Sahil Tandon
quot;localhost"
>>
>> It should be in the 3.3.0 release if I understand the autopublication
>> process.
>
> ...or at least it was making the cut a week or so back. :(
s/(/)/ :-)
--
Sahil Tandon
hing just because of LuKreme's advocacy.
As for doing this in SA, I hope one of the gurus can offer a solution. But
from a quick scan of these[1][2] pages, some variant of the following might
suffice:
# Warning: UNTESTED!
header LOCAL_RDNS X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=localhost /i
describe LOCAL_RDNS bogus localhost rDNS
scoreLOCAL_RDNS 10.0
[1] http://wiki.apache.org/spamassassin/WritingRules
[2] http://wiki.apache.org/spamassassin/TrustedRelays
--
Sahil Tandon
) do
with respect to SA rules, the following page might be useful:
http://wiki.apache.org/spamassassin/WritingRules
--
Sahil Tandon
ate the importance of stable vs. alpha vs. $foo without
referencing actual portions of the code that worry you.
--
Sahil Tandon
On May 26, 2009, at 4:00 AM, Arvid Picciani wrote:
does this list have an online archive?
Yes. Google it.
On Sun, 17 May 2009, Dennis German wrote:
> Could someone discuss or add a wiki page about?
>
> SPF_SOFTFAIL
http://www.openspf.org/RFC_4408#op-result-softfail
> SPF_NEUTRAL
http://www.openspf.org/RFC_4408#op-result-neutral
--
Sahil Tandon
ld you be so kind as to post an
unmodified copy of the spammy message with full headers? Don't paste here --
put it on a pastebin.
--
Sahil Tandon
On Sat, 28 Feb 2009, Neil Schwartzman wrote:
> We have created an entry on the Spamassassin wiki
> http://wiki.apache.org/spamassassin/ReportingSpam
Broken link in section "Setup of special aliases in Postfix to forward spams
and hams": http://gtmp.org/publications/sa-postfi
dbg: channel: current version is 699146, new version is 699146,
> skipping
> channel
If you had been running 3.2.5, the latest update would be "730418" which,
AFAIK, was back on Jan 3.
% dig +short TXT 5.2.3.updates.spamassassin.org
"730418"
--
Sahil Tandon
contain at least 200 (of each) spam
and ham? What is the output of:
% sa-learn --dump magic
Also read: http://wiki.apache.org/spamassassin/BayesNotWorking.
--
Sahil Tandon
ear to be some
DNS issues with ctyme.ixhash.net; the A record is missing.
--
Sahil Tandon
pache.org/full/3.2.x/doc/sa-update.html
Search the wiki for more information.
--
Sahil Tandon
(those with ENVELOPE
FROM == TO) at the MTA, before passing mail to SpamAssassin. The OP
should read the archives for discussion about the pros and cons.
--
Sahil Tandon
lists, so search the archives (here and on
postfix-users) for proposed solutions. Benny posted a method using
postfwd (http://postfwd.org) last week:
id=EQUAL_001; action=REJECT sender is recipient; sender==$$recipient
--
Sahil Tandon
Benny Pedersen wrote:
> On Thu, December 25, 2008 05:45, Sahil Tandon wrote:
>
> > As I wrote on the postfwd mailing list, the proper syntax is:
>
> yes its olso what i have in the postfwd.cf
>
> > id=EQUAL_001; action=REJECT sender equal to recipient;
> > se
te on the postfwd mailing list, the proper syntax is:
id=EQUAL_001; action=REJECT sender equal to recipient; sender==$$recipient
--
Sahil Tandon
Arvid Ephraim Picciani wrote:
> what was the solution again for windows live spam? It hit me finally.
Others have proposed some solutions already.
> (does this list have a search facility?)
Yes. For example:
http://marc.info/?l=spamassassin-users&w=2&r=1&s=windows+live+s
Rob McEwen <[EMAIL PROTECTED]> wrote:
> I need a contact for both openrbl.org and robtex.com
>
> Please e-mail me (off-list!) if you have a contact for the operators of
> either service, or if you are the operator of either service.
http://www.robtex.com/robban/mail.htm
//www.OnlineNIC.com
>
> did i miss the pun?
There is none.
--
Sahil Tandon <[EMAIL PROTECTED]>
t mail _from_ postmaster.
>
> how can anyone solve anything when postmasters cant talk together ?
You miss the point; your link was not appropriate to the question and
mouss simply indicated that.
--
Sahil Tandon <[EMAIL PROTECTED]>
Joseph Brennan <[EMAIL PROTECTED]> wrote:
>> We get some legitimate email from @live.com users.
>
> But they don't set a Reply-to header. That's the test.
But that wasn't his question; he asked whether any legitimate mail flows
from live.com. That was my ans
comes from live.com? I dont know anything
> about it.
We get some legitimate email from @live.com users.
--
Sahil Tandon <[EMAIL PROTECTED]>
tement is true but does not address the context in which
mouss suggests using the blacklist. If you are checking IPs against the
list *only* for bounces, the chances of FPs is immensely decreased. He
never suggested checking *all* connecting IPs against that list.
--
Sahil Tandon <[EMAIL PROTECTED]>
On Oct 31, 2008, at 11:23 AM, Michael Scheidell <[EMAIL PROTECTED]>
wrote:
I need a domain registry who won't spam me every two weeks with crap
and argue that since I am a client of theirs, its not a violation of
can-spam laws to spam me and refuse to stop. And, no, I can't
change the em
own and set a reasonable Reply-To if the CCs are so
bothersome.
--
Sahil Tandon <[EMAIL PROTECTED]>
Yes, but without knowing more about your configuration, it is hard to
suggest something. Besides, this is off-topic for an SA mailing list.
--
Sahil Tandon <[EMAIL PROTECTED]>
ould suffice. You may also want to
take a look at http://wiki.apache.org/spamassassin/StatsAndAnalyzers.
--
Sahil Tandon <[EMAIL PROTECTED]>
o suggest (though I am sure others will disagree) rejecting
at the MTA level based on ZEN: http://www.spamhaus.org/ZEN/.
--
Sahil Tandon <[EMAIL PROTECTED]>
Len Conrad <[EMAIL PROTECTED]> wrote:
> For the same period of about 4.5 hours, zen had about 110 hits, while
> b.barracuda had about 165.
What about overlap? Were the barracuda hits only those that skipped by
zen? Thanks.
--
Sahil Tandon <[EMAIL PROTECTED]>
mouss <[EMAIL PROTECTED]> wrote:
> and if you don't want bind, try one of the available alternatives. but a
> local DNS is recommended on a mail server or spam filter that uses DNS.
Regarding alternatives, we use djbdns here; highly recommended.
--
Sahil Tandon <[EMAIL PROTECTED]>
ocumentation
on rewriting the Subject: header, see:
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#basic_message_tagging_options
--
Sahil Tandon <[EMAIL PROTECTED]>
w how I can re-enable it!
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5776#c3
--
Sahil Tandon <[EMAIL PROTECTED]>
es have already been filtered through SpamAssassin, the
learner will ignore any modifications SpamAssassin may have made.
> 2.
> subject tagged ***SPAM*** by qmailscanner
>
> or can I leave mails as they are in .mbox?
'man Mail::SpamAssassin::Conf' and read about bayes_ignore_header.
--
Sahil Tandon <[EMAIL PROTECTED]>
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Yes, I'm saying instead of just letting sa-update fail with the generic
> GNU message and GNU hyperlink, setting the user off on a PhD Thesis
> effort
Wow. Hyperbole much?
--
Sahil Tandon <[EMAIL PROTECTED]>
Their postmasters and other administrative
contacts have not been responsive.
--
Sahil Tandon <[EMAIL PROTECTED]>
tnames,
stops a lot of UCE well before greylisting or SA get involved.
--
Sahil Tandon <[EMAIL PROTECTED]>
diosyncrasies that are off-topic here. In any case, I
understand how SA works and acknowledge the implications of fiddling with
the rules. TIMTOWDI. Thank you.
--
Sahil Tandon <[EMAIL PROTECTED]>
ES_50 BODY: Bayesian spam probability is 40 to 60%
* [score: 0.5001]
* 0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
* 2.1 MISSING_MIME_HB_SEP BODY: Missing blank line between MIME
header and
* body
* 2.1 HTML_MISSING_CTYPE Message is HTML wit
etting up a quick access map that
intercepts all messages to that address and redirects them to postmaster.
You'll then have to contact those users and ask them to change their
passwords immediately.
--
Sahil Tandon <[EMAIL PROTECTED]>
On Aug 5, 2008, at 7:32, Nitin Bhadauria <[EMAIL PROTECTED]>
wrote:
Jens Kleikamp wrote:
Nitin Bhadauria schrieb:
Sahil Tandon wrote:
Nitin Bhadauria <[EMAIL PROTECTED]> wrote:
How is it possible that these kind of mail are not spam tagged
my sapmassassin...
ISSING_CTYPE,MISSING_MIME_HB_SEP,MPART_ALT_DIFF,SUBJ_ALL_CAPS
autolearn=no version=3.2.5
--
Sahil Tandon <[EMAIL PROTECTED]>
Nitin Bhadauria <[EMAIL PROTECTED]> wrote:
> here i am attaching file with some mails ..
[...]
The attachment was caught by ClamAV sanesecurity signature; consider
deploying that in front of SA.
--
Sahil Tandon <[EMAIL PROTECTED]>
Sahil Tandon <[EMAIL PROTECTED]> wrote:
[...]
> > I got this:
> > $ host 2.0.0.127.zen.spmahaus.org
> > Host 2.0.0.127.zen.spmahaus.org not found: 3(NXDOMAIN)
^^^
> I see the same thing.
Woops! We both just copy&pasted the s
s and searched for anything that looked like a dns
> server, but couldn't find any. Sometimes it can really suck being on a
> shared system like this.
What are the contents of /etc/resolv.conf?
--
Sahil Tandon <[EMAIL PROTECTED]>
0 to disable individual DNSBLs. To
disable all checks, set skip_rbl_checks to 1. This functionality is noted in
the documentation:
http://wiki.apache.org/spamassassin/DnsBlocklists
--
Sahil Tandon <[EMAIL PROTECTED]>
Yavuz Maslak <[EMAIL PROTECTED]> wrote:
[...]
Do you have a question? Please do not just paste random log excerpts without
context/background and a specific question.
--
Sahil Tandon <[EMAIL PROTECTED]>
> There is a user_prefs file in /var/qmail/vpopmail
That is NOT where SA is looking for the user_prefs file; look at the logs you
pasted above.
[...]
--
Sahil Tandon <[EMAIL PROTECTED]>
encapsulated into an attachment it will decapsulate the email.
In other words sa-learn will undo any changes which Spamassassin has done
before learning the spam/ham character of the email."
--
Sahil Tandon <[EMAIL PROTECTED]>
evel for
rejection. That's *much* more efficient.
Zen should be one of them. Which Other two RBLs do you trust?
[...]
--
Sahil Tandon
On Jul 14, 2008, at 13:01, "Skip Brott" <[EMAIL PROTECTED]> wrote:
This was probably discussed at some point, but I haven't been
getting emails from the list for some time.
The dates I see on all my sare rule sets are in January when I moved
to 3.2.4. My updates_spamassassin_org.cf file i
t to have a custom rule for
> the subject line?
> If so can someone tell me what the rule might look like (i have never
> written custom rules)
Guide on writing SA rules: http://wiki.apache.org/spamassassin/WritingRules
--
Sahil Tandon <[EMAIL PROTECTED]>
On Jul 9, 2008, at 7:12, "Marcin Praczko" <[EMAIL PROTECTED]> wrote:
Hi There,
I have a question about SA and legitimate mails.
Main mail server is receiving a lot of emails from Internet, and
should to filter mails (which are spam and which are not spam). But
also it is sending a lot of l
to
'undisclosed-recipients'. What's causing this? How can I stop it?
Is this happening with all delivered mail or only messages that lack To:
or Cc: headers?
--
Sahil Tandon <[EMAIL PROTECTED]>
ease reply off-list to me if you'd like; this is off-topic.
> > Bingo! :) Maybe Matus and Benny will get it now.
>
> Maybe you and Jo will finally get it now.
Agree to disagree. :-) Let's close this thread.
--
Sahil Tandon <[EMAIL PROTECTED]>
mAssassin/PerMsgStatus.pm line 164.
>
> Would that look 'seriously broke'?
Your SA installation is suspect because it does not (at least based on the
evidence you provide) install the .pre files. Your problem may now be better
addressed on an Ubuntu mailing list.
--
Sahil Tandon <[EMAIL PROTECTED]>
database thinks those spammy mails
have hammy attributes. You can try sa-learning those emails so SA will
eventually start assigning a positive score to similar emails in the future.
[...]
--
Sahil Tandon <[EMAIL PROTECTED]>
hich will be honored by all MUAs?
>
>> If anyone wants private copies, (s)he should ask for them. This is a
>> mailing
>> lists and all members receive all mail posted to it. Even non-members can
>> read it all in archives.
>
> He is acted as is common and expected
c method for deleting
> spam messages.
>
> Dotfile programming is complicated for nonprogrammers.
> Programming solutions are complicated for nonprogrammers
This is the wrong mailing list for such questions and declarations.
--
Sahil Tandon <[EMAIL PROTECTED]>
ting your
panties in a twist. Also set your Reply-To accordingly.
> > Stupid question:
>
> there is only stupid answers
Don't mislead; there *are* stupid questions. For context:
http://www.catb.org/~esr/faqs/smart-questions.html
[...]
--
Sahil Tandon <[EMAIL PROTECTED]>
On Jun 22, 2008, at 9:18, Arvid Ephraim Picciani <[EMAIL PROTECTED]>
wrote:
On Sunday 22 June 2008 15:10:09 mouss wrote:
Did anybody see ham coming out of *.retail.telecomitalia.it?
we're blocking the entire network at smtp time since they ignore
abuse reports
and 20% of our spam come
Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
> On 21/06/2008 10:45 PM, Sahil Tandon wrote:
> > Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
> >
> >> On 21/06/2008 1:10 AM, Sahil Tandon wrote:
> >>> I see the following when running
default threshold of 5); however, 10 may not be bad if you (proverbially
speaking) have your threshold set to something egregiously high or really
want to reject all email with CAPITAL letters :-)
--
Sahil Tandon <[EMAIL PROTECTED]>
Robert - elists <[EMAIL PROTECTED]> wrote:
> Does anyone think that
>
>10 FM_BIG_REASON Lot's of CAP words, BIG, REASON, BEST
>
> Is scored high or?
Seems high to me, but needs to be put in the context of your threshold.
--
Sahil Tandon <[EMAIL PROTECTED]>
Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
> On 21/06/2008 1:10 AM, Sahil Tandon wrote:
> > I see the following when running sa-update with debug flags:
> >
> > [20528] dbg: conf: trusted_networks are not configured; it is recommended
> > that y
Nigel Frankcom <[EMAIL PROTECTED]> wrote:
> On Sat, 21 Jun 2008 01:10:53 -0400, Sahil Tandon <[EMAIL PROTECTED]>
> wrote:
>
> >I see the following when running sa-update with debug flags:
> >
> >[20528] dbg: conf: trusted_networks are not configured; i
--lint does not complain, and I know that local.cf is being otherwise
interpreted by SA because custom rules contained therein are scoring.
--
Sahil Tandon <[EMAIL PROTECTED]>
ing the local.cf in vim, delete what appear to be spaces in the GMD
rules, re-insert them, and then --lint again.
--
Sahil Tandon <[EMAIL PROTECTED]>
soon after my messages
are accepted by an apache.org MX. Is there a link? Just a coincidence? Is
anyone else experiencing similar behavior? Thanks.
--
Sahil Tandon <[EMAIL PROTECTED]>
James Lay <[EMAIL PROTECTED]> wrote:
> Ah..that explains it then..thanks. Where does one go to get updated
> rulesets then?
man sa-update(1)
--
Sahil Tandon <[EMAIL PROTECTED]>
, try accepting email to abuse@ and
postmaster@ even from .de addresses and educate your client about the perils
(read: stupidity) of rejecting email from an entire country.
--
Sahil Tandon <[EMAIL PROTECTED]>
hey'll stop facilitating the
circulation of this garbage.
--
Sahil Tandon <[EMAIL PROTECTED]>
David Baron <[EMAIL PROTECTED]> wrote:
> Download succeeded but this failed.
(mind the wrapping below)
http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified?highlight=%28
update%29
--
Sahil Tandon <[EMAIL PROTECTED]>
ers *is*
Google's responsibility. No exceptions.
--
Sahil Tandon <[EMAIL PROTECTED]>
enuous. In it, they insist that spam is never sent from Google
servers, and only from "miscreants" who forge @gmail.com addresses.
--
Sahil Tandon <[EMAIL PROTECTED]>
Marcin Praczko wrote:
- Spamassassin marks it as SPAM (which is correct)
- But user doesn’t exist on somedomain1.com (it happen)
- So qmail is storage this mail in queue as long as it can.
Do you have any special reason to receive mail for users that
doesn't exist?
..
Stick the URIDNSBL-related stuff from local.cf in
/where/amavis/lives/.spamassassin/user_prefs (this should already exist if you
did spamassassin --lint previously).
--
Sahil Tandon
related logs. Did you try running
messages through SA (with the debug flag) at the command line? Did you run
spamassassin --lint to make sure your local.cf is consistent with any changes
made in 3.0.1?
We're just playing a guessing game without more info.
--
Sahil Tandon
[1] http://www.c
individually for each message? If the former, make sure the daemon is running.
More details/logs might help narrow down the problem.
--
Sahil Tandon
Jeff Chan wrote:
On Sunday, October 24, 2004, 3:09:53 PM, John Andersen wrote:
>
What file are you finding this above bug in?
I don't see that anywhere on my 3.0.1 install!
There should be some kind of change log included in the
distribution.
Indeed there is; aptly labeled CHANGES.
this list's recent archives for
details) while running SA in debug mode to confirm whether the checks
are really being skipped.
--
Sahil Tandon
files are
still in some variant of the traditional UNIX mbox format.
--
Sahil Tandon
p, and webmail. If someone could suggest other
> solutions please do.
On the MTA level, we use Postfix[1] in conjunction with amavisd-new[2] (which
hands off messages to ClamAV and SA). For IMAP and POP, we use UW IMAP[3];
webmail is served via IMP[4].
Good luck.
--
Sahil Tandon
[1] http://www
1 - 100 of 115 matches
Mail list logo
