9-05-30 14:42 +0200
On 5/29/2019 3:41 PM, Yves Goergen wrote:
Hello,
Today SpamAssassin started failing on my server system. I could
observe the following:
* There are 5 processes named "spamd child" with very high (100%) CPU
usage
This could be the style gibberish rule hanging. There&#
g on Perl 5.22.1
with SSL support (IO::Socket::SSL 2.024)
with zlib support (Compress::Zlib 2.068)
The system runs Ubuntu 16.04 x64.
I have never seen this behaviour before. As it is now, the spam filter
is making my mail service very unreliable for incoming mail. What can I
do to fix th
No I can't because it's a locked system. I'd need an account for that.
And I'm not going to register just for saving another admin's system. So
either stackexchange admins repair their entry themselves, or the
blacklist operator needs a review.
-Yves
folders to keep anything unknown away from me and only put in my
inbox what I already know.
-Yves
Von: Reindl Harald
Gesendet: Sa, 2018-07-28 21:23 +0200
Am 28.07.2018 um 21:20 schrieb Yves Goergen:
I've received a notification e-mail from st
wrong because stackexchange is a service I
use often and it never sent my anything unexpected.
So what is the reason for this host being listed?
-Yves
Von: RW
Gesendet: Sa, 2018-07-28 21:35 +0200
On Sat, 28 Jul 2018 21:20:49 +0200
Yves Goergen wrote:
Hello,
I've received a notification e-mail from stackexchange.com
(stackoverflow.com) with a high spam score. It has this line in its report:
5.7 URIBL_BLACKContains an URL listed in the URIBL blacklist
[URIs: stackexchange.com]
I guess that's not su
Hello,
I received a message from a friend today and it was rated this, among
others:
> 2.5 FROM_WORDY From address looks like a sentence
I have no idea what the author of this rule considers a sentence, but
that line looks like it always looked, with the well-known legitimate
ad
ether with everything else they don't need anymore.
Yves Goergen
http://unclassified.software
Von: Bill Cole
Gesendet: Sa, 2016-03-26 05:56 +0100
On 24 Mar 2016, at 13:50, Yves Goergen wrote:
Hello,
I'm getting more and more spam every day and SpamAssa
mail and rejects a message every
now and then as a result. So Exim and clamav are connected. It's just
that Sanesecurity doesn't seem to catch anything.
Yves Goergen
http://unclassified.software
Von: Bowie Bailey
Gesendet: Do, 2016-03-24 20:0
the impression that the often-recommended sanesecurity data which
is included in clamav-unofficial-sigs doesn't help at all. I can't see
any difference between before and after its installation.
Yves Goergen
http://unclassified.software
Von: Rein
it in
either SpamAssassin or Exim? I don't want to fiddle around with
databases and such for days in a running system.
Yves Goergen
http://unclassified.software
uld no longer
be allowed in e-mails.
--
Yves Goergen
http://unclassified.software
The virus scanner doesn't say anything at all. It is just an additional
effort to keep unwanted e-mails away, just like the spam filter. Nobody
claimed that there is any guarantee associated with it, not even for
false rejects. Considering what still passes the filters this should
quickly bec
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
Email is an inherently untrustworthy transport medium. Any so
it in a .zip archive. If the mail
server now blocks all .exe in .zip without actually scanning the
contents, they're going to complain.
--
Yves Goergen
http://unclassified.software
Am 24.02.2015 um 22:00 schrieb Axb:
On 02/24/2015 09:28 PM, Yves Goergen wrote:
https://drive.google.com/file/d/0B8CN0ghdY1SdSzBqdkswRUdOb0U/view
ZIP password: spam
(Google thinks there's a virus in it so I needed to encrypt it.)
didn't need a password to extract but... whatever fo
ail, ISP, one domain,
many domains, etc?
It's the mail server for a small web hosting service with multiple
domains and users. I don't know whether any of them wishes to receive
Polish messages.
--
Yves Goergen
http://unclassified.software
erter
WWW-Server
[2.50.6.22 listed in dnsbl.sorbs.net]
0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
freemail headers are different
1.0 XPRIO Has X-Priority header
--
Yves Goergen
s.org=127.0.0.3*4
zen.spamhaus.org=127.0.0.2*3
These are evil...
--
Yves Goergen
http://unclassified.software
Am 24.02.2015 um 18:39 schrieb Jeremy McSpadden:
Usually scores are 6 low 10 high. Are you running any RBLs ?
I have the default settings plus the attached custom configuration.
There are several RBLs among them.
--
Yves Goergen
http://unclassified.software
# BAYES
he matching rules
can be seen. Unfortunately I'm not an SA wizard so I can't make new
rules for such things.
--
Yves Goergen
http://unclassified.software
On 14.07.2011 08:13 CE(S)T, Yves Goergen wrote:
> On 12.07.2011 10:39 CE(S)T, Kārlis Repsons wrote:
>> There is the other thread about some patching for IPv6, but could someone
>> post
>> the current status with this problem or some idea what should be done for
>> n
h those IPv6 patches again. I have enabled
it again since then. But I don't have real statistics about it yet.
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
On 30.06.2011 13:06 CE(S)T, Matthew Newton wrote:
> On Wed, Jun 29, 2011 at 09:59:52PM +0200, Yves Goergen wrote:
>>> Received: from sp***ck.di***ie.com ([2001:***::40])
>>> by do***rd.de with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
>>> (Exim 4.71)
>&
e Botnet didn't catch it. Maybe there was a DNS configuration problem
with the first one's server?
Is somebody else interested in testing this Botnet version and have me
sending a message to him?
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
On 29.06.2011 21:03 CE(S)T, Yves Goergen wrote:
> Could somebody please just send me a message from an IPv6
> mail server to my address? (Preferably from a host that should not be
> caught by Botnet...)
Here's a mail I just received: (thank you to the sender)
> Received: from sp
erably from a host that should not be
caught by Botnet...)
Is this fix supposed to avoid IPv6 false positives only, or also to do
its job in detecting IPv6 bots correctly?
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
ll works normally.
Running Ubuntu 10.4 Server x64 with SpamAssassin 3.3.1-1.
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
[score: 0.0000]
It seems Botnet will ignore IPv6 Addresses and then skip to the next IP
address it understands - but this will likely be the dynamic IP from
which the sender submitted his message.
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
en the problem myself
and asked for a fix on this list on 2010-09-20 but received no helpful
reply. I couldn't fix it myself because I'm not familiar with Perl. I'll
give this patch I try now. I had Botnet disabled since then.
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
On 20.09.2010 20:03 CE(S)T, Yves Goergen wrote:
> I'm currently testing a rather simple fix: I've added the following line
> to Botnet.cf to ignore anything from IPv6 (hope it works):
>
> botnet_skip_ip :
It doesn't seem to work. I received an e-mail via IPv6 that was
$ip variable).
I'm currently testing a rather simple fix: I've added the following line
to Botnet.cf to ignore anything from IPv6 (hope it works):
botnet_skip_ip :
Can anybody assist me with this issue?
[1]
http://www.mail-archive.com/users@spamassassin.apache.org/msg70589.html
(and ot
.
I need to upgrade to SA 3.3, true. It's always been a hassle somewhere
between CPAN, other disfunctional Perl junk, source code and Debian
packages... It's a very complicated job. I'm also considering setting up
the entire machine anew on Ubuntu basis and only use platform packages
but that's not something I can do in the near future.
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
ate to restart spamd. I saw
that it did in my syslog report. This usually applied my local
configuration changes. It just doesn't seem to apply this.
Or maybe the new rules don't catch a thing for me? How could I test that?
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
ppear over days. And still some spam is passing the filter (though most
should be catched).
What do I need to do more than declaring the channel in sa-update for it
to be used?
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
this:
>
> sa-update --channel 70_zmi_german.cf.zmi.sa-update.dostech.net
> --gpgkeyfile /path/to/your_channel_keyfile.chan
Thanks, that worked. sa-update doesn't seem to know what keys to use on
its own.
--
Yves Goergen "LonelyPixel"
Visit my web laboratory at http://beta.unclassified.de
uld I just disable the GPG verification feature or is there another
solution? Can somebody provide me with the necessary steps to get this
to work? The official documentation doesn't help me.
This is the channel URL: 70_zmi_german.cf.zmi.sa-update.dostech.net
--
Yves Goergen "LonelyPixel
On 24.07.2008 22:33 CE(S)T, Yves Goergen wrote:
I'm forwarding this issue to the Hetzner support team now. It seems that
some other customers have the same problem.
I had to keep telling them that it's their fault or at least not mine,
they finally confirmed me that one node in
ver-beobachtet--/meldung/113366
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
ain. Let's see what will happen.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
vers, but it's rarely the case. And if, I know some other DNS servers
to set in the configuration for awhile.
I'm forwarding this issue to the Hetzner support team now. It seems that
some other customers have the same problem.
--
Yves Goergen "LonelyPixel" <[E
On 23.07.2008 19:28 CE(S)T, jdow wrote:
Since you are experiencing a DNS problem and there is an exploit
for the Kaminsky DNS bug that was fixed in a massive multi-vendor
roll out, are you patched or are you sure you are not getting your
DNS spoofed?
I'm not running a DNS server.
--
be out of date. I'm currently
in the process of preparing the upgrade, but it will take some time.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
Thank you for the explanation of the output.
Basically it says the same as the host command before, if I understand
this right, and doesn't explain the observed SA behaviour.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
tell us? It's broken for 3 weeks now and it doesn't come
from my domain.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
ERVER: 213.133.100.100#53(213.133.100.100)
;; WHEN: Tue Jul 22 19:53:07 2008
;; MSG SIZE rcvd: 49
I don't know what this output means, as it looks all like commented out.
Does it say anything at all?
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
ints and see a lot messages with 20+ points in my filter log.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
know. The IP addresses are:
# cat /etc/resolv.conf
nameserver 213.133.100.100
nameserver 213.133.99.99
nameserver 213.133.98.98
nameserver 213.133.98.97
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
stored on my computer, with Thunderbird in mbox format (on
Windows).
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
On 20.07.2008 20:54 CE(S)T, Duane Hill wrote:
smtpgate# host 2.0.0.127.zen.spamhaus.org
2.0.0.127.zen.spamhaus.org has address 127.0.0.10
2.0.0.127.zen.spamhaus.org has address 127.0.0.4
2.0.0.127.zen.spamhaus.org has address 127.0.0.2
Same here, for whatever it's worth.
--
On 20.07.2008 20:21 CE(S)T, Karsten Bräckelmann wrote:
On Sun, 2008-07-20 at 20:07 +0200, Yves Goergen wrote:
On 20.07.2008 16:39 CE(S)T, Karsten Bräckelmann wrote:
Bad DNS response? That probably would explain why the domain ended up on
RED, GRAY and BLACK. See above. Do you see hits like
m 5.0 points on and deny anything from a
higher score that is defined per incoming mail address.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
services.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
ints for a problem that is completely wrong?
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
13:46:08 mond spamd[16931]: (oops, no id at
/usr/local/share/perl/5.8.4/Mail/SpamAssassin/AsyncLoop.pm line 172,
line 31.
Jun 6 13:46:08 mond spamd[16931]: )
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
On 09.04.2008 17:13 CE(S)T, Yves Goergen wrote:
On 09.04.2008 12:41 CE(S)T, Justin Mason wrote:
Yves Goergen writes:
I keep getting this error since I installed SpamAssassin 3.2.4 on my
Debian 3.1 Linux machine:
Apr 9 11:52:20 mond spamd[2087]: Exception: incomplete data at
/usr/local/lib
On 09.04.2008 12:41 CE(S)T, Justin Mason wrote:
Yves Goergen writes:
I keep getting this error since I installed SpamAssassin 3.2.4 on my
Debian 3.1 Linux machine:
Apr 9 11:52:20 mond spamd[2087]: Exception: incomplete data at
/usr/local/lib/perl/5.8.4/Net/DNS/RR.pm line 513, line 275
/5.8.4/Mail/SpamAssassin/DnsResolver.pm line 419
It happens once a day on average. Is this error remotely caused or can I
do something against it?
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
web. All I see
is that web folder with the tarballs, latest from Nov 2007 or so.
How can I enable it in SA 3.2.4? Do I still need to get that 3rd party
file and install it? Is there a status/news website anywhere?
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit
On 06.04.2008 03:26 CE(S)T, Matt Kettler wrote:
The "new fangled" way would be to use spamc for learning instead of
sa-learn.
And yes, it's a lot faster I believe.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
On 06.04.2008 03:26 CE(S)T, Matt Kettler wrote:
Yves Goergen wrote:
Just remember to su to that user when running sa-learn.
This is getting a problem now! My spamd user has no access on the
mailbox directories from which I am usually learning. What's the
proposed solution for that?
The
stalled in /usr/ and the
other in /usr/local.
Switching from CPAN to the tarball, I wasn't sure if this would change.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
;comprehensive" at all and decided
not to use it again where I can. This SA was installed from the tarball.
The /root/.spamassassin directory was created automatically then.
So if it doesn't work out of the box, what can I do next?
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
a partial message
anyway? I mean, it can only reject it by policy or let it pass. There's
nothing to tell about the actual message contents, is there?
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
On 04.02.2008 13:15 CE(S)T, Matt Kettler wrote:
Well, 3.1.8 is, by definition, outdated.. As for that rule, well, it no
longer exists, and has been replaced by "FORGED_HOTMAIL_RCVD2" in the
3.2.x family.
Good, so I'll just disable it until I manage to do the SA upgrade.
is it
outdated (running SA 3.1.8 with sa-update from time to time), is it
simply Hotmail-bashing or should I disable it for other reasons?
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
reported this before but it
doesn't seem to be fixed until that version. Maybe it's still in the
latest one... This is only for your information. I have now configured
logcheck to ignore those messages, I don't care about them. I hope it
doesn't break spam analysis...
--
Yves
ody other than the subject line? I think there is an
> EMPTY_BODY rule already, or something very similar to that. Also I believe
> rules that fire on various amounts of body text.
Okay, and what about an HTML part like this:
I consider this empty, but ^$ does not. Any sugges
On 12.07.2007 18:47 CE(S)T, Theo Van Dinter wrote:
> On Thu, Jul 12, 2007 at 06:11:55PM +0200, Yves Goergen wrote:
>> is always prepended, I can't do that. Is there a way to get the text or
>> html parts of the message alone, without any headers that I can also
>> che
get the text or
html parts of the message alone, without any headers that I can also
check otherwise?
Using SA 3.1.8 on Linux.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
?
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
On 27.01.2007 14:01 CE(S)T, Dan Barker wrote:
> I don't understand the use of an invalid IP address.
Wasn't that just a funny example? Use "1.2.3.4" instead if you feel
better then. :) Though it could be that 1.2.3.4 must resolve to your
machine then, I'm not sure.
-
On 18.12.2006 18:04 CE(S)T, Theo Van Dinter wrote:
> On Mon, Dec 18, 2006 at 06:01:38PM +0100, Yves Goergen wrote:
>> BTW, to make the update work on a default SA installation, you need to
>> specify a different path:
>>
>> # sa-update --updatedir /usr/local/share/sp
remains quiet. (I didn't check the exit code the first time, but
it took a few seconds and created a bunch of files in the given
directory, so I think it actually did something useful.)
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
Perl modules before that worked. Is
there another module that I need to install? I don't know Perl from the
inside, and not at all how to install it.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
On 31.10.2006 17:42 CE(S)T, Theo Van Dinter wrote:
> On Tue, Oct 31, 2006 at 11:56:35AM +0100, Yves Goergen wrote:
>> I've installed SpamAssassin 3.1.6 on Debian Linux 3.1. Is there a way to
>> get rid of this error message?
>>
>> The whole message follows:
>&g
1..30 at
/usr/local/share/perl/5.8.4/Mail/SpamAssassin/Util.pm line 446
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
http://beta.unclassified.de – My web laboratory.
On 26.08.2006 10:18 CE(S)T, John Andersen wrote:
> On Saturday 26 August 2006 00:12, Yves Goergen wrote:
>> Hello,
>>
>> does anybody know when there'll be an update to the ImageInfo plug-in so
>> that it can detect that new animated images stuff? I keep get
Hello,
does anybody know when there'll be an update to the ImageInfo plug-in so
that it can detect that new animated images stuff? I keep getting more
of them and none is detected, whereas they have been detected formerly.
--
Yves Goergen "LonelyPixel" <[EMAI
a higher server load but that seems to be the price of a
clean mailbox. I don't know so many bad words in English to express what
I feel about that spam (maybe that's better) but I'm really fed up with it!
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
http://beta.unclassified.de – My web laboratory.
Hello,
I found this syslog entry a few times recently:
Jul 16 23:02:25 mond spamd[4500]: Minute '60' out of range 0..59 at
/usr/local/share/perl/5.8.4/Mail/SpamAssassin/Util.pm line 429
What does this mean?
Using SA 3.1.1 on Debian Linux 3.1.
--
Yves Goergen "LonelyPixel&quo
On 21.06.2006 03:22 CE(S)T, jdow wrote:
> SARE and SpamAssassin
> plus the BLs have not let a ONE of either of those through yet this
> year.
Can you please explain me, what exact rules you added from SARE? I
cannot find anything usable there.
--
Yves Goergen "LonelyPixel"
On 19.06.2006 18:26 CE(S)T, Chris Santerre wrote:
> Why not just use black.uribl.com ? It lists PHISHes.
Trying this out now.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
http://beta.unclassified.de – My web laboratory.
(See the line-by-line
problem with 'rawbody' and encoding problems with 'full'.)
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
http://beta.unclassified.de – My web laboratory.
mentioned a year ago, what SpamAssassin
misses to do things like that is a 'rawbody' match that uses the entire
message, not only single lines. Content can be arbitrary split over many
lines so that any 'rawbody' rule can become useless pretty fast. :(
--
Yves Goergen "
On 18.06.2006 04:29 CE(S)T, Theo Van Dinter wrote:
> Actually that is a rule already in 3.1 (HTTPS_IP_MISMATCH) (anchor text
> has to be https w/ some http href which is an IP).
Well, if it really is, it doesn't work.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
m instances with non-standard configuration, this is
all too hacky to me. I'm looking for a way to do that with SpamAssassin
directly.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
http://beta.unclassified.de – My web laboratory.
MISMATCH rule that leads me to a Perl function. I
don't understand Perl very well, and this specific function is way too
complex for me. Also I don't know where to add my own Perl functions.
The documentation doesn't tell me.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
http://beta.unclassified.de – My web laboratory.
88 matches
Mail list logo
