ks dynamic, but perhaps there
should be a special case exception for mail.qq.com, since that seems to
be their template for all sending servers.
--Sean
here's something consistent about the messages, don't
be afraid to write a manual rule. I have a few special rules in my
configs that alter the bayes scoring based on other aspects of the
messages.
--Sean
il, but the above line trains
your spam folder as if it's ham. That could easily cause your screwed-up
bayes scores.
--Sean
scripts
- openssh server
- BIND9 (master DNS server)
- Radicale (DAV server)
- Weave (Firefox sync server)
- Nginx (reverse proxy)
I haven't found the need for any sort of AV scanner. Some SA rules that
reject messages with executable attachments have been more than adequate
for me.
--Sean
Is it possible to whitelist a domain for the URI_HEX check like you can
with the uridnsbl_skip_domain directive?
Linux (Debian/Ubuntu) with 3.3.1 used for testing.
There's BODY_8BIT IIRC, which is 8 consecutive 8-bit characters. That'll
catch sequences of UTF-8 characters outside the ASCII range since they
all have the high bit set.
On 7/2/19 5:16 AM, Mark London wrote:
Hi - I'm trying to filter emails that have only special characters in
them. Like th
.
It sounds to me like Sean was talking about wanting to identify which of
many domains were had a common registrar. This doesn't sound like fast
flux—as I understand it—to me.
Having such a list would be very helpful for dealing with fast flux.
How is what the OP's talking about
On July 1, 2019 7:22:58 AM PDT, micah anderson wrote:
>Sean Lynch writes:
>
>>>Having such a list would be very helpful for dealing with fast flux.
>>
>> SA already has this. It used fresh.fmb.la to detect domains
>registered within the past couple of weeks.
&
On July 1, 2019 5:44:37 AM PDT, micah anderson wrote:
>Grant Taylor writes:
>
>>> A very large number (nearly all, in fact) of the spams I receive
>these
>>> days involve domains registered with Namecheap. I've received
>hundreds
>>> of spams involving .icu domains from what appear to be the
On 6/30/19 9:41 PM, Paul Stead wrote:
On Sun, 30 Jun 2019 at 19:46, Sean Lynch <mailto:se...@literati.org>> wrote:
On 6/30/19 11:40 AM, Grant Taylor wrote:
> On 6/30/19 12:05 PM, John Hardin wrote:
>> There's really no infrastructure for it. Somebody
On June 30, 2019 11:20:33 AM PDT, John Hardin wrote:
>On Sun, 30 Jun 2019, Grant Taylor wrote:
>
>> On 6/30/19 10:51 AM, Martin Gregorie wrote:
>>> If you don't mind a delay in receiving mail from hosts you've never
>seen
>>> before, why not implement a greylister?
>>>
>>> https://en.wikipedia
On 6/30/19 11:40 AM, Grant Taylor wrote:
On 6/30/19 12:05 PM, John Hardin wrote:
There's really no infrastructure for it. Somebody would have to hook
into the registrar data feeds to collect it and publish it in a
usable form, and nobody has done so that I am aware of.
Whois Domain Search h
On 6/30/19 11:05 AM, John Hardin wrote:
On Sun, 30 Jun 2019, Sean Lynch wrote:
A very large number (nearly all, in fact) of the spams I receive
these days involve domains registered with Namecheap.
I'd like to add a spam score to any message using a domain registered
with them.
On 6/30/19 11:00 AM, Grant Taylor wrote:
On 6/30/19 10:08 AM, Sean Lynch wrote:
Hi, everyone! I used to run my own mail servers back in the mid '90s
and even worked as the postmaster for a regional ISP and worked on
mail servers for some large corporations and even a small national
ISP
On 6/30/19 9:51 AM, Martin Gregorie wrote:
On Sun, 2019-06-30 at 09:08 -0700, Sean Lynch wrote:
A very large number (nearly all, in fact) of the spams I receive
these days involve domains registered with Namecheap. I've received
hundreds of spams involving .icu domains from what appear
Hi, everyone! I used to run my own mail servers back in the mid '90s and
even worked as the postmaster for a regional ISP and worked on mail
servers for some large corporations and even a small national ISP as a
consultant. After a hiatus where I drank the hosted email kool-aid, I'm
back to hos
>On 11.11.17 20:06, Sean Greenslade wrote:
>>SPF checks the final server that transmits the mail. If you are using
>a relay server, that server will need to be in the SPF records.
>
>no. Only outgoing mail servers really need to be in SPF records.
Sorry, I misread the original m
cloud, so it failed SPF even though original sending server is on
>senders SPF record. Should I disable SPF checks or is there a
>configuration change I need to make?
SPF checks the final server that transmits the mail. If you are using a relay
server, that server will need to be in the SPF records.
--Sean
.
Nope, that's all you need to do.
--Sean
ng script. That
way I don't have to do anything other than move to the learn dir.
--Sean
issue, you might see if
there's any setting in amavis to prevent parallel tests.
--Sean
9 wsrv amavis[24727]: (24727-01) SA dbg: locker:
>safe_lock: trying to get lock on
>/var/spool/amavisd/.spamassassin/tx-reputation with 0 retries
>Oct 13 15:29:10 wsrv amavis[24727]: (24727-01) SA dbg: locker:
>safe_lock: trying to get lock on
>/var/spool/amavisd/.spamassassin/tx-reputation with 1 retries
>Oct 13 15:29:12 wsrv amavis[24727]: (24727-01) SA dbg: locker:
>safe_lock: trying to get lock on
>/var/spool/amavisd/.spamassassin/tx-reputation with 2 retries
>
>This is repeated a few times ... after that the mail is arrive.
>What can be wrong?
>Thanks
Is your spamassassin daemon set up to spawn multiple children? What happens if
you reduce the children limit to 1?
--Sean
On Sun, Sep 25, 2016 at 07:57:37PM -0400, Alex wrote:
> I think the rule still has a use, perhaps in a meta or something.
I believe (though don't quote me on this) that a zero-weight rule will
still be checked if it's used as part of a metarule.
--Sean
On Sun, Sep 25, 2016 at 04:51:20PM -0400, Alex wrote:
> On Sun, Sep 25, 2016 at 4:41 PM, Sean Greenslade
> wrote:
> > On Sun, Sep 25, 2016 at 03:54:53PM -0400, Alex wrote:
> >> > If you want to see what that rule's code looks like, here's a link:
> >
weights in most of my spam is from DNSBLs and
bayes results, so I don't need to do a huge amount of fiddling.
--Sean
doesn't.
If you don't mind sending the entire email, I'm curious now.
--Sean
a link:
https://fossies.org/dox/Mail-SpamAssassin-3.4.1/classMail_1_1SpamAssassin_1_1Plugin_1_1HTTPSMismatch.html
It's possible there is a bug in that rule. If you send it through
SpamAssassin with debug enabled, the rule should print out the domain
pairs that trigger it. Maybe try that, and see if what it outputs makes
sense.
--Sean
that an email that mis-represents
insecure links as secure should be considered suspisious.
Contact the senders of the flagged emails and ask them to fix their
systems. Spam or not, that is a real problem.
--Sean
On September 24, 2016 6:12:10 AM EDT, Thomas Barth wrote:
>Instead of URIBL_BLOCKED=0.001 I see URIBL_ABUSE_SURBL=1.948,
>URIBL_BLACK=1.7
>
>It s still not ok, is it?
That means it is working as intended, and your message has triggered hits on
two separate blacklists.
--Sean
ject the query. Most internet-facing authoriative
servers reject queries for parts of the domain hierarchy they don't hold
authority over.
--Sean
ob recruiter and they
get a bounce when they email me back, I highly doubt they're going to
bother to call me up and tell me my email system is broken. My resume's
going in the trash and they're moving on.
Just because you haven't received any calls doesn't mean there's no
problems...
--Sean
pache.org
> Received-SPF: pass (nike.apache.org: domain of skenn...@office.vcn.com
> designates 209.193.90.171 as permitted sender)
> Received: from [209.193.90.171] (HELO thor.geekdom.vcn.com) (209.193.90.171)
> by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Apr 2014 15:50:39 +
, and cannot be
combined with SQL- or LDAP-based configuration."
This indicates that it's probably not possible, but I want to make sure
there isn't another way around this?
Thanks,
Sean
have practically given up on the original
perl code since I'm unable to find out the issue. With spamc, I can get a
decent performance.
Regards,
-Sean.
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Spamassassin-not-parsing-email-messages-tp102770p102801.html
Sen
+ emails in
spfiles folder.
@files = ;
my $outfile = '>>mailrep_out.txt';
open (MYFILE, $outfile);
foreach $file (@files) {
$cmd = "spamassassin --test-mode < ".$file." >>mail_out.txt";
system ($cmd);
}
close(MYFILE);
Regards,
-Sean.
--
View
us = $spamtest->check($mail);
print RFILE $$email;
}
then issued the following command:
spamassassin --test-mode < /home/stout/spam/reportfile_in.txt
the above worked just fine. the contents of reportfile_in.txt are created by
"print RFILE $$email".
Thoughts!
Regards,
-Sean
Hi John,
I wrote every email read to an output file. The output file is identical to
the input file I'm reading the emails from according to diff!
Regards,
-Sean.
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Spamassassin-not-parsing-email-mes
amAssassin->new();
# This is the main loop. It's executed once for each email
while(!$folder_reader->end_of_file())
{
$email = $folder_reader->read_next_email();
chomp($email);
$mail = $spamtest->parse($email);
$status = $spamtest->check($mail);
#rest of c
where singleemail.spam contains a single spam email.
Regards,
-Sean.
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Spamassassin-not-parsing-email-messages-tp102770p102782.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
from known spam
corpus and from my own email client. All of which are in mbox format. in
fact Mail::Mbox::MessageParser is working just fine with those emails as I'm
having no problem parsing those emails.
Would greatly appreciate any clues.
Regards,
-Sean.
--
View this message in context:
nable to print any portions
of the email messages using $status = $spamtest->check($mail), however I can
print any portions using $folder_reader->read_next_email().
Regards,
Sean.
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Spamassassin-not-parsing-
Hello,
I installed SA 3.3.3 on Debian. I'm looking to view and/or log (to file or
db) individual tests scores in addition to the overall score. Could you let
me know how I can configure SA to show or log individual tests scores?
Your Help would be much appreciated.
Regards,
-Sean.
--
AM, Sean Kennedy wrote:
> I'm running SpamAssassin v3.3.1. A message with 500 lines of text
> (22k) is taking 6-7 seconds.
>
> This is using spamc. I am using a Bayes DB (no auto expire/learn)
> that's stored in SQL. User preferences are also stored in SQL. I
> ha
il.txt
The server I am testing this on is a AMD Athlon(tm) 64 X2 Dual Core
Processor 3800+ w/ 2GB of memory. I am testing this while the server
is otherwise idle.
Does anyone have any other ideas what could be causing this to go that
slow? I would expect 1s or less for a plain-text 22k message.
Thanks,
Sean
> -Original Message-
> From: Sean Leinart [mailto:slein...@fscarolina.com]
> Sent: Friday, October 23, 2009 2:04 PM
> To: TJ Russ
> Cc: allison.ays...@lonesource.com; Spamassassin Mailing List
> Subject: Email / Inbox Speed Problems
>
> Hi TJ,
>
> Looking
, this will help a great deal.
Thank you,
Sean Leinart
Network Systems Engineer
First Service Carolina Inc.
Raleigh, North Carolina
United States
slein...@fscarolina.com
919-832-5553
n sa-compile over them again, re-tried the mail
that previously failed and I'm glad to say I'm no longer seeing the memory/loop
problem.
Thanks,
Sean
> An re2c bug, presumably? Is anyone having problems without using sa-
> compile?
If I removed the compiled rule sets, everything works fine again...
Sean
ra section which I'm
able to reproduce the problem with...
http://pastebin.com/m2bd8546b
Sean
a specific rule or email, but your
example triggers it every time on my i386 boxes.
> hey Matt -- what version of re2c is installed?
I'm currently using re2c v0.12.1 on both i386 and x64. However, I can only
reproduce the problem on i386, spamd processes & returns the email immediately
on x64.
Sean
> -Original Message-
> From: LuKreme [mailto:krem...@kreme.com]
> Sent: Thursday, May 28, 2009 11:19 AM
> To: users@spamassassin.apache.org
> Subject: Re: Barracuda Blacklist
>
>
> On 28 May 2009, at 07:35, Matt wrote:
>
> > Is there a reason the Barracuda blacklist is not in the offic
I will check that as well. Thanks
Postfix is the MTA
Sean Leinart
Network Systems Engineer
Raleigh, North Carolina
United States
slein...@fscarolina.com
> -Original Message-
> From: John Hardin [mailto:jhar...@impsec.org]
> Sent: Tuesday, May 05, 2009 12:05 PM
> To: Sean
Thank you
Sean Leinart
Network Systems Engineer
Raleigh, North Carolina
United States
slein...@fscarolina.com
> -Original Message-
> From: Benny Pedersen [mailto:m...@junc.org]
> Sent: Tuesday, May 05, 2009 11:10 AM
> To: users@spamassassin.apache.org
> Subject: Re:
source originates from outside of our network.
I did not see anything obvious in the config that would facilitate this.
Also, this may be a function of postfix vs. spamassassin, if it is,
please
let me know that as well.
Thanks in advance.
Sean Leinart
Network Systems Engineer
Raleigh, North
doesn't in 3.2, any
insight?
Thanks,
Sean
Sean Kennedy wrote:
I recently upgraded from v3.1.9 to v3.2.4 and I've noticed a substantial
increase in scan times. The general average scantime with v3.1 was
about 1.2s and now with v3.2 it's about 2.2s. It's enough of a slow
on all boxes).
Any info is greatly appreciated!
Sean
> From: Sean Cardus [mailto:[EMAIL PROTECTED]
>
> > From: Justin Mason [mailto:[EMAIL PROTECTED]
> >
> > ok, update 611820 (just posted now) should be better.
>
> Thanks - When the DNS records have updated, I'll let you know how I
get
> on.
Working f
> From: Justin Mason [mailto:[EMAIL PROTECTED]
>
> ok, update 611820 (just posted now) should be better.
Thanks - When the DNS records have updated, I'll let you know how I get
on.
Sean
non-existent rule HS_PHARMA_1
config: warning: score set for non-existent rule
XMAILER_MIMEOLE_OL_D03AB
...SNIP...
channel: lint check of update failed, channel failed
Sean
but apparently not. I just nuked it
again, and fed it over 500 known bad spams I've received and about 400 ham
messages. Hopefully that'll help.
I've also noticed that there's a bunch of bad stuff in the
auto-whitelist...
Thanks for your help.
Sean
is going wrong here?
Thanks.
Sean
Hello all,
To start off, I'm running FreeBSD 4.7, SpamAssassin 3.1.0_5 all on a
default install (only args are -d -r /var/run/spamd/spamd.pid).
After I start spamd (via /usr/local/etc/rc.d/sa-spam.sh start), I did
a ps -aux and saw the following;
root 91555 1.9 0.6 22628 22140 ?? Ss
want to create
a rule to just look for and as I'm not sure what the FP
rate would be like. Is there legitmate reasons for using these tags?
Regards,
- Sean
Date: Fri, 11 Nov 2005 06:07:23 +
From: Verification <[EMAIL PROTECTED]>
Subject: copperfasten.com I
ns or advice I'ld very much like to hear
them.
Cheers,
Sean
y much
appreciate it, and whetever more information is needed do please let me
know and I'ld be happy to provide it.
Cheers,
Sean
David Brodbeck wrote:
> Bob Proulx wrote:
> > Matt Wills wrote:
> >
> >>Does anyone have a ruleset for catching any or all of these stock tips?
> >
> >
> > This is a little off-topic, but how do spammers expect to make money
> > from that spam?
>
> A lot of them are "pump and dump" schemes, I susp
er solution
...
Anyway, these and the other default SA rules are on the wiki at
http://spamassassin.apache.org/tests_3_0_x.html.
Regards,
Sean Sowell
www.twin-dad.com
n send it to you off-list
if you want.
HTH,
Sean Sowell
www.twin-dad.com
I looked but maybee I am blind.
Is there any way to change the way spamd logs? For example I do not want
the timestamp in my log. Also I would like to change the verbosity level.
I need this because I use multilog.
Thanks
it was already set there,
but I forgot to mention it).
Thanks for the help.
sean
et PERL5LIB in
both .cshrc (I use tcsh as my login shell) and .bashrc, and when I run
perl from the command line, it finds the version of Net::DNS in my home
dir. It's only SpamAssassin that has the problem.
I'm using SA 3.0.2 called from procmail with Perl 5.6.1.
What am I missing?
Thanks.
sean
> specifies otherwise?
I got to agree with you there - especially given that the inference
algorithm doesn't work in every environment.
- Sean
On Thu, 2004-11-04 at 14:14, Dave Goodrich wrote:
> Sean Doherty wrote:
> > On Wed, 2004-11-03 at 21:40, Dave Goodrich wrote:
> >
> >>Good afternoon,
> >>
> >>I just finished testing an upgrade of SA to 3.01 and my scores fell
> >>through the fl
can't parse
the received headers? i.e. Since there are no parsable received
headers, SA will assume that all must have been trusted?
Seems a bit aggressive to me...
- Sean
not
run.
Also is dns unavailable (dns_available no)? This may explain
why you're not getting SURBL hits (which you should if dns
is fully operational). Also skip_rbl_checks will do just that.
Regards,
- Sean
dealt with before SA ever sees the message.
You can stop dns lookups by setting "dns_available no" which
results in the following if trusted_networks is unset.
debug: received-header: cannot use DNS, do not trust any hosts from here
on
However, this also disables SURBLs - which you probably still want!
I don't think its possible to disable DNS lookups for trusted networks
without also disabling it for the SURBLs.
- Sean
On Tue, 2004-11-02 at 12:50, George Georgalis wrote:
> >Do you mean -0.001? Why would you want to penalise mail
> >coming thru a trusted path?
>
> It really doesn't matter to me what the score is, I just want to disable
> the test.
> http://bugzilla.spamassassin.org/show_bug.cgi?id=3406
>
> My /
coming thru a trusted path?
- Sean
ell it. it'll try to guess, but there's only so far guessing
> will go, and without information from you, it's pretty much impossible
> to guess this.
So shouldn't SpamAssassin take a conservative approach when guessing,
and advising via the debug output that the user should set
trusted_networks.
- Sean
On Mon, 2004-11-01 at 18:24, Matt Kettler wrote:
> At 01:07 PM 11/1/2004, Sean Doherty wrote:
> > > so the *next* step must be the external MX.
> >
> >My 10.x server is inside a firewall which NATs port 25 so this
> >conclusion is not correct. I imagine that my set
relay is it correct to say that trusted_networks
should only contain the IP address of the relay itself?
For an inbound/outbound relay it should contain the local
network/mask or eg downstream Exchange server + relay host?
Regards,
- Sean
n it's trusted
However, I would have thought that this would imply that the 10.0.0.53
host is trusted and not any servers connecting to it.
Can someone please clarify this for me? Also should I be specifying
10.0.0.53 in trusted_networks in local.cf?
Regards,
- Sean
by their firewall. I set use_dcc to
0, but didn't stop the dccifd daemon. This resulted in
dcc_timeout delay for each check...
Why isn't use_dcc the overriding parameter. If it only
controls DCCproc then the documentation should say this.
TIA,
- Sean
83 matches
Mail list logo
