Re: help with ubuntu 22.04

On 29.06.24 17:07, Rick Gutierrez wrote: hi list , The latest version of spamassassin on Ubuntu 22.04 does not exist or they did not create the deb package, someone on the list who has the deb package and wants to share it. https://packages.ubuntu.com/search?keywords=spamassassin perhaps you

RE: [WARNING] RE: Help with rule matching when it shouldn't

, March 20, 2024 10:02 AM To: users@spamassassin.apache.org Subject: RE: Help with rule matching when it shouldn't I want to catch “yahoo” anywhere in the header so that it matches if its in the name or in the address. So I would want to match ya...@gmail.com<mailto:ya...@gmail.com>

RE: Help with rule matching when it shouldn't

eturn path does not include yahoo.com, match my rule. From: Jimmy Sent: Tuesday, March 19, 2024 7:45 PM To: users@spamassassin.apache.org Subject: Re: Help with rule matching when it shouldn't The correct syntax for the header rule should be: header __FROM_ADDRESS From:addr =~ /\@yahoo\.c

Re: Help with rule matching when it shouldn't

On 20.03.24 06:44, Jimmy wrote: Regarding the example provided, the "__RETURNPATH_IS" rule should indeed be triggered since it matches "yahoo.com" in the return-path. If you're uncertain about the intended behavior of the rules, please clarify the requirements so we can adjust the rules according

Re: Help with rule matching when it shouldn't

The correct syntax for the header rule should be: header __FROM_ADDRESS From:addr =~ /\@yahoo\.com/i This rule will specifically match email addresses containing "@yahoo.com" while excluding addresses like "ya...@gmail.com". Regarding the example provided, the "__RETURNPATH_IS" rule should indee

Re: Help with rule

On Mon, 5 Jun 2023, jacklistm...@gmail.com wrote: header FROM_CLIENT_IP Received =~ /from 138\.31\230\.222/ Missing a period in that one. meta FROM_CLIENT_TEST from FROM_CLIENT_EMAIL && FROM_CLIENT_IP Extra "from" already noted. If you're looking to whitelist specific senders coming from

Re: Help with rule

On 2023-06-06 at 01:32:14 UTC-0400 (Tue, 6 Jun 2023 08:32:14 +0300) Henrik K via users is rumored to have said: On Tue, Jun 06, 2023 at 12:12:10AM -0400, Bill Cole wrote: Escape the @ with a \ SA uses Perl, so you need to escape %, @, and $ in regular expressions. Perl regular expressions

Re: Help with rule

On 05.06.23 22:04, jacklistm...@gmail.com wrote: I know this isn't the best method, I have to learn some of the previous suggestions, but I would like to get this rule to work. Not sure where I went wrong. header FROM_CLIENT_EMAIL From =~ /client@client\.com/i I recommend to use From:addr, so

RE: Help with rule

@spamassassin.apache.org Subject: Re: Help with rule > meta FROM_CLIENT_TEST from FROM_CLIENT_EMAIL && FROM_CLIENT_IP Is that a typo when you were making this mail, or is it actually how the line is coded? There is an extra "from" there. Even if you fix that, you won't get th

Re: Help with rule

On Tue, Jun 06, 2023 at 12:12:10AM -0400, Bill Cole wrote: > > Escape the @ with a \ > SA uses Perl, so you need to escape %, @, and $ in regular expressions. Perl regular expressions does not mean it's parsed as Perl code, no need to quote such things on any remotely modern SA version.

Re: Help with rule

On 2023-06-05 at 22:04:47 UTC-0400 (Mon, 5 Jun 2023 22:04:47 -0400) is rumored to have said: Hello All, I know this isn't the best method, I have to learn some of the previous suggestions, but I would like to get this rule to work. Not sure where I went wrong. header FROM_CLIENT_EMAIL

Re: Help with rule

> meta FROM_CLIENT_TEST from FROM_CLIENT_EMAIL && FROM_CLIENT_IP Is that a typo when you were making this mail, or is it actually how the line is coded? There is an extra "from" there. Even if you fix that, you won't get the results you expect. Both FROM_CLIENT_EMAIL and FROM_CLIENT_IP will sc

Re: [Help] bodyre in hashbl

Il 18/05/2021 15:27, Henrik K ha scritto: Instead of \x{00E0}, you need to use \xC3\xA0 as you are matching_separate_ raw bytes. (untested, but assuming so from the url, too busy to test) Yes, it works. I was confusing, the Spamassassin documentation is right. I really have to use non capturing

Re: [Help] bodyre in hashbl

On Tue, May 18, 2021 at 03:04:12PM +0200, Marco wrote: > > Hello Henrik, > > thank you for the hints. I didn't realized that SA doesn't support UTF8 > regex. Well. As you suggest, I would like to write rules coding independent > in order to avoid surprises. I tried, it doesn't work... > > I hav

Re: [Help] bodyre in hashbl

Il 17/05/2021 18:12, Henrik K ha scritto: On Mon, May 17, 2021 at 03:02:57PM +0200, Marco wrote: So I have to add the accented character literally. I can't understand why. Are there any limitation in Hashbl plugin with UTF8? Maybe I have misunderstood something. SA doesn't support UTF8 regex.

Re: [Help] bodyre in hashbl

On Mon, May 17, 2021 at 07:12:47PM +0300, Henrik K wrote: > > Or check the replace_tags in 25_replace.cf, there's ready templates for > characters (but they match some commonly obfuscated variants too). And yeah sorry, these won't work with HashBL, it's just for basic rules..

Re: [Help] bodyre in hashbl

On Mon, May 17, 2021 at 03:02:57PM +0200, Marco wrote: > > So I have to add the accented character literally. > I can't understand why. Are there any limitation in Hashbl plugin with UTF8? > Maybe I have misunderstood something. SA doesn't support UTF8 regex. It's just matching plain byte string

Re: [sa-list] Re: Help writing a rule

On Wed, 27 Jan 2021, John Hardin wrote: On Wed, 27 Jan 2021, Dan Mahoney (Gushi) wrote: All, I'm noticing a pattern of email like: From: "GUSHI.ORG Administrator" To: y...@gushi.org Subject: Your mailbox has exceeded its quota Or some such nonsense. Now, DMARC and SPF and DKIM would be ab

Re: Help writing a rule

On Wed, 27 Jan 2021, Dan Mahoney (Gushi) wrote: All, I'm noticing a pattern of email like: From: "GUSHI.ORG Administrator" To: y...@gushi.org Subject: Your mailbox has exceeded its quota Or some such nonsense. Now, DMARC and SPF and DKIM would be able to block the domain if they tried to s

Re: help with simple test?

On 15.01.20 11:02, AJ Weber wrote: I'm hoping this is a relatively simple test... I'm seeing emails "From Me, To Me", typically extortion types. I'm not even seeing which of the SA tests are getting hit, because I have my own email in my Whitelist. Is there a way I can check IF From = m...@s

Re: help with simple test?

On Wed, 2020-01-15 at 11:02 -0500, AJ Weber wrote: > I'm hoping this is a relatively simple test... > I'm seeing emails "From Me, To Me", typically extortion types. I'm not > even seeing which of the SA tests are getting hit, because I have my > own email in my Whitelist. > Is there a way I can che

Re: Help matching a spam (regex)

On Tue, 4 Jun 2019, Marcio Vogel Merlone dos Santos wrote: Hi all, Trying to match a message using uri_detail with no luck. On body I have something like this: Something → That "something" is changed on a daily basis, so I am trying to match the → which is common to all variations, and fai

Re: Help matching a spam (regex)

On Jun 4, 2019, at 4:05 PM, RW wrote: > > On Tue, 4 Jun 2019 16:06:10 -0300 Marcio Vogel Merlone dos Santos wrote: > >> Trying to match a message using uri_detail with no luck. On body I >> have something like this: >> >> Something → > &rarr represents a '→' (right arrow) character, IIWY I'd t

Re: Help matching a spam (regex)

On Tue, 4 Jun 2019 16:06:10 -0300 Marcio Vogel Merlone dos Santos wrote: > Hi all, > > Trying to match a message using uri_detail with no luck. On body I > have something like this: > > Something → > > That "something" is changed on a daily basis, so I am trying to match > the → which is commo

Re: Help needed - Regex filter with exclude

On 12/23/2018 6:52 AM, spamassassin_fo...@dwd.hu wrote: > Hi, > I want to filter all mails incoming to info@*ANY_DOMAIN*.hu except to > i...@asdf.hu > I have a lot of domains and spamming to info@ is legal in Hungary. :S > Thank you! If you are just looking for a regex, this should do it: /\binfo

Re: Help needed - Regex filter with exclude

On Sun, 23 Dec 2018, spamassassin_fo...@dwd.hu wrote: I want to filter all mails incoming to info@*ANY_DOMAIN*.hu except to i...@asdf.hu I have a lot of domains and spamming to info@ is legal in Hungary. :S Thank you! Filtering like that is much better done in the MTA before the message conte

Re: Help needed - Regex filter with exclude

On 23.12.18 12:52, spamassassin_fo...@dwd.hu wrote: I want to filter all mails incoming to info@*ANY_DOMAIN*.hu except to i...@asdf.hu I believe simple directives "whitelist_to", "more_spam_to" and "all_spam_to" I have a lot of domains and spamming to info@ is legal in Hungary. :S is blocki

Re: Help with own RBL

On 23 Jul 2018, at 23:40, Pedro David Marco wrote: On Tuesday, July 24, 2018, 12:07:52 AM GMT+2, David B Funk wrote: What kind of 'calculations with that IP' ? Thanks Dave... calculations are complex and done with a an external script that reads some files parsing them... Depending o

Re: Help with own RBL

On Tuesday, July 24, 2018, 12:07:52 AM GMT+2, David B Funk wrote: >What kind of 'calculations with that IP' ? On 24.07.18 06:40, Pedro David Marco wrote: Thanks Dave... calculations are complex and done with a an external script that reads some files parsing them... "calculations are co

Re: Help with own RBL

On Tuesday, July 24, 2018, 12:07:52 AM GMT+2, David B Funk wrote: >What kind of 'calculations with that IP' ? Thanks Dave... calculations are complex and done with a an external script that reads some files parsing them... -PedroD

Re: Help with own RBL

On Tuesday, July 24, 2018, 12:04:57 AM GMT+2, Kris Deugau wrote: >IIRC PowerDNS can be set up to run Lua code fragments of some kind on  DNS >requests.     Thanks! i did not know it. i have checked it and Lus cannot exec eternanl commands to get a possible "answer"... > To my

Re: Help with own RBL

On Mon, 23 Jul 2018, Pedro David Marco wrote: Not exactly a SA question but... i am planning to run my own RBL with a nameserver, that when queried for an IP that is not in its database, does some calculations with that IP and replies accordingly (caching the results)... Please, does anyone k

Re: Help with own RBL

Pedro David Marco wrote: Not exactly a SA question but... i am planning to run my own RBL with a nameserver, that when queried for an IP that is not in its database, does some calculations with that IP and replies accordingly (caching the results)... Please, does anyone know of any nameserve

Re: Help with own RBL

* Pedro David Marco : > Not exactly a SA question but... > i am planning to run my own RBL with a nameserver, that when queried for an > IP that is not in its database, does some calculations with that IP and > replies accordingly (caching the results)... > Please, does anyone know of any nameser

Re: Help with Bayes-SQL-Configuration

Julian Kippels wrote: Hi, I am in the process of setting up a bayes-sql-database but I am unsure of wether I want to set the bayes_sql_override_username option. I would like to have per-user-bayes scores, so that scores from user A will not interfere with messages sent to user B. If I understand

Re: help with phishing email?

On 12/10/2017 11:49 AM, Colony.three wrote: * http://www.postfix.org/POSTSCREEN_README.html with that config and postscreen properly configured you block far more than 90% of junk without risk false positives postscreen_dnsbl_threshold = 8 postscreen_dnsbl_action = enforc

Re: help with phishing email?

> - http://www.postfix.org/POSTSCREEN_README.html > > with that config and postscreen properly configured you block far more > than 90% of junk without risk false positives > > postscreen_dnsbl_threshold = 8 > postscreen_dnsbl_action = enforce > postscreen_greet_action = enforce > postscreen_dnsbl

Re: help with phishing email?

On 12/09/2017 05:40 AM, Rupert Gallagher wrote: ... On Sat, Dec 9, 2017 at 04:24, Jari Fredriksson > wrote: 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) I would recommend setting the score for SPF_FAIL to a point or two these days. Major mail hosting provid

Re: help with phishing email?

... On Sat, Dec 9, 2017 at 04:24, Jari Fredriksson wrote: > 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) @whyscream.net>

Re: help with phishing email?

wow... depending on your geolocation, the phishing text changes and, at least in Spanish, it is totally correct!! sometimes i have to take my hat off...  -PedroD

Re: help with phishing email?

> first: before you call me again a fascist just because i don't agree > with your opinions backed by 10 years professional mailadmin better > don't give half thought advises! > > Am 09.12.2017 um 03:50 schrieb Colony.three: > >> Also in /etc/postfix/main.cf add to smtpd_recipient_restrictions = >>

Re: help with phishing email?

> Tom Hendrikx kirjoitti 9.12.2017 kello 0.34: > > On 08-12-17 19:09, AJ Weber wrote: >> I'm trying to decide the best way to detect something like this. >> >> https://pastebin.com/hCX9MWNg >> >> Looking at the raw headers and body it's pretty easy to tell this is a >> spoof, but when it show

Re: help with phishing email?

> Tom Hendrikx kirjoitti 9.12.2017 kello 0.34: > > On 08-12-17 19:09, AJ Weber wrote: >> I'm trying to decide the best way to detect something like this. >> >> https://pastebin.com/hCX9MWNg >> >> Looking at the raw headers and body it's pretty easy to tell this is a >> spoof, but when it show

Re: help with phishing email?

> I'm trying to decide the best way to detect something like this. > > https://pastebin.com/hCX9MWNg > > Looking at the raw headers and body it's pretty easy to tell this is a > spoof, but when it shows-up in an inbox, it looks pretty good. > > Something specific to Amazon (where this is purported

Re: help with phishing email?

On Fri, 8 Dec 2017, John Hardin wrote: On Fri, 8 Dec 2017, AJ Weber wrote: I'm trying to decide the best way to detect something like this. https://pastebin.com/hCX9MWNg That appears to be corrupt. I downloaded it and ran it through my testbed and it wouldn't decode the body. Don't know

Re: help with phishing email?

On Fri, 8 Dec 2017, AJ Weber wrote: I'm trying to decide the best way to detect something like this. https://pastebin.com/hCX9MWNg That appears to be corrupt. I downloaded it and ran it through my testbed and it wouldn't decode the body. -- John Hardin KA7OHZhttp://ww

Re: help with phishing email?

On 08-12-17 19:09, AJ Weber wrote: > I'm trying to decide the best way to detect something like this. > > https://pastebin.com/hCX9MWNg > > Looking at the raw headers and body it's pretty easy to tell this is a > spoof, but when it shows-up in an inbox, it looks pretty good. > > Something specif

Re: help with phishing email?

AJ, i cannot see anything with sense... is the pastebin correct?  -PedroD

Re: Help understanding TxRep errors.

On Wed, 16 Mar 2016 08:55:46 +1300 Philip wrote: > After turning on TxRep I get these lines in my /var/log/spamd.log > file. > > Wed Mar 16 08:21:55 2016 [16629] warn: Use of uninitialized value > $msgscore in addition (+) at /etc/spamassassin/TxRep.pm line 1414. > Wed Mar 16 08:21:55 2016 [1662

Re: Help with RegEx Rule

On Fri, 9 Oct 2015, AK wrote: On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I've bee

Re: Help with RegEx Rule

On 10/9/2015 12:07 AM, AK wrote: On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I've be

Re: Help with RegEx Rule

On 09/10/15 15:10, Kevin A. McGrail wrote: Perhaps you'll have more luck looking at the debug output from SA itself? Something like spamassassin -t -D < email.mbox 2>&1 | grep -i RULE Nope, no luck there either; did not see mention of my rule (though it's located inside /etc/spamassassin/

Re: Help with RegEx Rule

On 10/9/2015 12:07 AM, AK wrote: On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I've bee

Re: Help with RegEx Rule

On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I've been creating my own regular expressi

Re: Help with RegEx Rule

On 20/09/15 03:07, Dave Funk wrote: Notes: 1) Due to SA pre-processing collapsing body into one long line, cannot match on '^' repeatedly, need to look for '\n' as line break indicator. Find start of a line and then following repeats of ".\n" Dave, I need to see the mail message as spamassas

Re: Help with RegEx Rule

On 20/09/15 03:07, Dave Funk wrote: Final note; now that we've discussed this spam sign, it will probably become useless as spammers follow this list and mutate their crap accordingly to dodge our rules. ;( Awesome notes, Dave, thanks. The tutorial really helped and it's all been added to

Re: Help with RegEx Rule

On 19 Sep 2015, at 10:51, AK wrote: Hi all. I'm getting hit with lots of JUNK mail that has multiple lines with just a '.' on several lines [0]. Most of the JUNK email has at least 5 and at most 10 lines (so far) with just this '.' character somewhere in the middle of the message. I've co

Re: Help with RegEx Rule

On Sun, 20 Sep 2015, AK wrote: [..snip..] Still no joy after removal. However, at least the rule now hits if I replace: /(^\.\n){5,}/ with /(^\.\n)*/ But that looks like it might bring about some FPs. Any other suggestions? Do you realize that rule will -always- fire on -any- message? T

Re: Help with RegEx Rule

On Sun, 20 Sep 2015, AK wrote: Hi all. I'm getting hit with lots of JUNK mail that has multiple lines with just a '.' on several lines [0]. Most of the JUNK email has at least 5 and at most 10 lines (so far) with just this '.' character somewhere in the middle of the message. I've copied

Re: Help with RegEx Rule

On 20/09/15 01:30, Benny Pedersen wrote: On September 19, 2015 4:52:30 PM AK wrote: = Start Rule Block = rawbody __MANY_PERIODS_1 ALL =~ /(^\.\n){5,}/ remove ALL =~, my own rawbody rules dont have it Still no joy after removal. However, at least the rule now hits if I replace:

Re: Help with RegEx Rule

Hello If you using compiled rules you probably should use: sa-compile command and restart (if use :) sa-spamd Best Regards.

Re: Help with RegEx Rule

On September 19, 2015 4:52:30 PM AK wrote: = Start Rule Block = rawbody __MANY_PERIODS_1 ALL =~ /(^\.\n){5,}/ remove ALL =~, my own rawbody rules dont have it

Re: Help me waste spammers resources

What if I am already using mxbackup1.junkemailfilter.com? From: Marc Perkel Sent: Friday, June 19, 2015 2:41 PM To: users@spamassassin.apache.org Subject: Help me waste spammers resources I found a great trick for wasting spammer's resources and getting them blacklisted that I'd like to shar

Re: Help me waste spammers resources

We accept all authenticated email to tarbaby as spam. Normal email to tarbaby.junkemailfilter.com gets a 4xx error. But if it's spam or virus bots it can also make our black lists. But good email from greylisting won't be affected. On 06/19/15 14:06, David Jones wrote: From: Marc Perkel Se

Re: Help me waste spammers resources

On Sat, 20 Jun 2015, Axb wrote: On 19.06.2015 22:41, Marc Perkel wrote: I found a great trick for wasting spammer's resources and getting them blacklisted that I'd like to share will all of you. https://en.wikipedia.org/wiki/Tarpit_%28networking%29 Wasn't this last decade's FUSSP ? Also s

Re: Help me waste spammers resources

On Fri, 19 Jun 2015 21:06:17 + David Jones wrote: > >From: Marc Perkel > >Sent: Friday, June 19, 2015 3:41 PM > >To: users@spamassassin.apache.org > >Subject: Help me waste spammers resources > > >I found a great trick for wasting spammer's resources and getting > >them blacklisted that I'd

Re: Help me waste spammers resources

On 19.06.2015 22:41, Marc Perkel wrote: I found a great trick for wasting spammer's resources and getting them blacklisted that I'd like to share will all of you. https://en.wikipedia.org/wiki/Tarpit_%28networking%29 Wasn't this last decade's FUSSP ? Also see http://labrea.sourceforge.net/lab

Re: Help me waste spammers resources

Marc Perkel wrote: > If you have domains you are filtering just add this as your highers numbered > MX record. As long as this isn't for any valid domains. Don't add the honeypot to a valid domain's MX because valid senders may get trapped otherwise. For example if I were to add your tarpit to m

Re: Help me waste spammers resources

>From: Marc Perkel >Sent: Friday, June 19, 2015 3:41 PM >To: users@spamassassin.apache.org >Subject: Help me waste spammers resources >I found a great trick for wasting spammer's resources and getting them >blacklisted that I'd like to share will all of you. >On my main spam filtering servers I

RE: Help with today's (and previous) spam uptick?

Kevin Miller skrev den 2015-04-02 02:27: header CBJ_SCIENCE From =~ /\.in\b/i header CBJ_SCIENCE From:addr =~ /\.in\b/i to avoid in name describe CBJ_SCIENCE In science TLD scoreCBJ_ SCIENCE 5.0 scoreCBJ_SCIENCE 5.0 5.0 5.0 5.0

Re: Help with today's (and previous) spam uptick?

On 4/1/2015 8:34 PM, Larry Rosenman wrote: BTW, is my every 6 hour pull of KAM.cf kosher with you? Should be fine. If we see an issues, we have other servers we can move it to that can handle more load.

Re: Help with today's (and previous) spam uptick?

On 4/2/2015 10:55 AM, @lbutlr wrote: On Apr 1, 2015, at 6:15 PM, Kevin A. McGrail wrote: The RegistrarBoundaries.pm for new TLDs is hard coded How would I check this for a ports version of SA? I am also getting heavily spammed from new .tlds (.work is the main offender for me). I have /usr/

Re: Help with today's (and previous) spam uptick?

On 2015-04-02 09:55, @lbutlr wrote: On Apr 1, 2015, at 6:15 PM, Kevin A. McGrail wrote: The RegistrarBoundaries.pm for new TLDs is hard coded How would I check this for a ports version of SA? I am also getting heavily spammed from new .tlds (.work is the main offender for me). I have /usr/lo

Re: Help with today's (and previous) spam uptick?

On Apr 1, 2015, at 6:15 PM, Kevin A. McGrail wrote: > The RegistrarBoundaries.pm for new TLDs is hard coded How would I check this for a ports version of SA? I am also getting heavily spammed from new .tlds (.work is the main offender for me). I have /usr/local/lib/perl5/site_perl/Mail/SpamAss

Re: Help with today's (and previous) spam uptick?

On 04/02/2015 02:18 AM, Larry Rosenman wrote: # Last update: 2015-02-21-axb COMMIT/trunk/lib/Mail/SpamAssassin/Util/RegistrarBoundaries.pm Committed revision 1670891. # Last update: 2015-04-02-axb-Easter-Update

Re: Help with today's (and previous) spam uptick?

On 2015-04-01 19:23, Kevin A. McGrail wrote: On 4/1/2015 8:21 PM, Larry Rosenman wrote: Is there an ETA for 3.4.1? And, is there anything else I can do mean time? 3.4.1 is planned to announce for release during ApacheCon in about 2 weeks. 1 - Make sure you are using the new Registrar Bounda

RE: Help with today's (and previous) spam uptick?

User No: 307357 > -Original Message- > From: Kevin Miller [mailto:kevin.mil...@juneau.org] > Sent: Wednesday, April 01, 2015 4:27 PM > To: 'Larry Rosenman'; SpamAssassin > Subject: RE: Help with today's (and previous) spam uptick? > > I simply added th

Re: Help with today's (and previous) spam uptick?

On 4/1/2015 8:21 PM, Larry Rosenman wrote: Is there an ETA for 3.4.1? And, is there anything else I can do mean time? 3.4.1 is planned to announce for release during ApacheCon in about 2 weeks. 1 - Make sure you are using the new Registrar Boundary with the TLDs that are plaguing you. 2 - Ar

RE: Help with today's (and previous) spam uptick?

I simply added them to my sendmail access file with a REJECT. Problem solved. Of the ones that came in, I couldn't find any ham so didn't think twice about being ruthless. If you need to take a more cautious approach, just write a rule to score them higher. For instance, dropping this in a .c

Re: Help with today's (and previous) spam uptick?

On 2015-04-01 19:23, Kevin A. McGrail wrote: On 4/1/2015 8:21 PM, Larry Rosenman wrote: Is there an ETA for 3.4.1? And, is there anything else I can do mean time? 3.4.1 is planned to announce for release during ApacheCon in about 2 weeks. 1 - Make sure you are using the new Registrar Bounda

Re: Help with today's (and previous) spam uptick?

On 4/1/2015 8:18 PM, Larry Rosenman wrote: On 2015-04-01 19:15, Kevin A. McGrail wrote: On 4/1/2015 8:13 PM, Larry Rosenman wrote: I've been getting pounded with stuff from "new" tld's (cricket, science, work, et al). I'm wondering how to make SA more immune to it. Spamples: http://pastebin.

Re: Help with today's (and previous) spam uptick?

On 2015-04-01 19:20, Kevin A. McGrail wrote: On 4/1/2015 8:18 PM, Larry Rosenman wrote: On 2015-04-01 19:15, Kevin A. McGrail wrote: On 4/1/2015 8:13 PM, Larry Rosenman wrote: I've been getting pounded with stuff from "new" tld's (cricket, science, work, et al). I'm wondering how to make SA

Re: Help with today's (and previous) spam uptick?

On 2015-04-01 19:15, Kevin A. McGrail wrote: On 4/1/2015 8:13 PM, Larry Rosenman wrote: I've been getting pounded with stuff from "new" tld's (cricket, science, work, et al). I'm wondering how to make SA more immune to it. Spamples: http://pastebin.com/jc3efYju Are you using a recent SA from

Re: Help with today's (and previous) spam uptick?

On 4/1/2015 8:13 PM, Larry Rosenman wrote: I've been getting pounded with stuff from "new" tld's (cricket, science, work, et al). I'm wondering how to make SA more immune to it. Spamples: http://pastebin.com/jc3efYju Are you using a recent SA from trunk? The RegistrarBoundaries.pm for new T

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

On Mon, 22 Dec 2014 19:45:00 +0100 Almond wrote: > On 22/12/2014 19:32, David B Funk wrote: > > Exactly, but I'd set that /tmp size to something like 10GB or more. > > He's got a 2TB root drive so no sense scrimping on /tmp and running > > into "fullness" problems later. > > > > Hi, last questi

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

On 22. dec. 2014 19.45.42 Almond wrote: Hi, last questions please. Please dont let me understand better. tmpfs is not RAM but HD? Tmpfs is a filesystem, ramdisk is /dev/shm those tmpfs tmpfs 16G 0 16G 0% /dev/shm tmpfs tmpfs 16G 33M 16G 1% /run

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Am 22.12.2014 um 19:45 schrieb Almond: Hi, last questions please. let me understand better. tmpfs is not RAM but HD? tmpfs = RAM http://en.wikipedia.org/wiki/Tmpfs those tmpfs tmpfs 16G 0 16G 0% /dev/shm tmpfs tmpfs 16G 33M 16G 1% /run tmpfs

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Hi, last questions please. let me understand better. tmpfs is not RAM but HD? those tmpfs tmpfs 16G 0 16G 0% /dev/shm tmpfs tmpfs 16G 33M 16G 1% /run tmpfs tmpfs 16G 0 16G 0% /sys/fs/cgroup tmpfs tmpfs 16G 33M 16G

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Am 22.12.2014 um 19:32 schrieb David B Funk: On Mon, 22 Dec 2014, Reindl Harald wrote: well, we have it on tmpfs like below on our inbound mail-gw and use in any SA/ClamAV related service (milters and so on) explicit Environment="TMPDIR=/tmp" to make sure even /var/tmp is not used also /var/li

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

On Mon, 22 Dec 2014, Reindl Harald wrote: Am 22.12.2014 um 19:08 schrieb Almond: so you mean to move the /tmp partition from /dev/md2 to another partition, since /var/spool/mail and quota control are on the same partition? and what size to reserve to the new /tmp... ? well, we have it on tmp

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Yes, that's exactly what you need to do. As your system already has "tmpfs" type partitions for things such as '/run' just set up a new config for '/tmp' which is modeled on the config for '/run'. As to the size, that will depend upon your system activity and configuration. I'd try starting with

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Am 22.12.2014 um 19:08 schrieb Almond: so you mean to move the /tmp partition from /dev/md2 to another partition, since /var/spool/mail and quota control are on the same partition? and what size to reserve to the new /tmp... ? well, we have it on tmpfs like below on our inbound mail-gw and use

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Hi David, so you mean to move the /tmp partition from /dev/md2 to another partition, since /var/spool/mail and quota control are on the same partition? and what size to reserve to the new /tmp... ? thank you On 22/12/2014 18:46, David B Funk wrote: On Mon, 22 Dec 2014, Almond wrote: hi Mar

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

On Mon, 22 Dec 2014, Almond wrote: hi Mark, do you mean this? http://fedoraproject.org/wiki/Features/tmp-on-tmpfs but tmpfs have no quota... as you can read on that page, i'm confused... so, that's done by default on CentOS ? indeed, I didn't see any tmpfs on CentOS 6, as I remember...but I co

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

check bash profile, and or systemmd that change how and where temp files are stored, is dovecot started via systemmd ? export | grep tmp [root@myhostname ~]# export | grep tmp declare -x PWD="/tmp" what is the homedir of user running this ? /home/username/ possible you have set spamd /

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Hi Reindl and all of you, [root@myhostname ~]# df -hT Filesystem Type Size Used Avail Use% Mounted on /dev/md2 ext4 1.8T 37G 1.7T 3% / devtmpfs devtmpfs 16G 0 16G 0% /dev tmpfs tmpfs 16G 0 16G 0% /dev/shm tmpfs tmpfs 16

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Am 22.12.2014 um 17:04 schrieb Almond: do you mean this? http://fedoraproject.org/wiki/Features/tmp-on-tmpfs but tmpfs have no quota... as you can read on that page, i'm confused... so, that's done by default on CentOS ? indeed, I didn't see any tmpfs on CentOS 6, as I remember...but I could b

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

hi Mark, do you mean this? http://fedoraproject.org/wiki/Features/tmp-on-tmpfs but tmpfs have no quota... as you can read on that page, i'm confused... so, that's done by default on CentOS ? indeed, I didn't see any tmpfs on CentOS 6, as I remember...but I could be wrong. Do you think that if I

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Almond wrote: 3) ...spamd[28040]: plugin: eval failed: error writing to /tmp/.spamassassin28040V31F7ftmp: Disk quota exceeded at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message.pm line 965, line 1575. this was the situation on /tmp before tmpwatch installation: [root@myhostname ~]#

Re: Help with "Disk quota exceeded" for a user depending on the mail quota

Almond skrev den 2014-12-22 13:43: this was the situation on /tmp before tmpwatch installation: [root@myhostname ~]# du -lh /tmp 11M /tmp/systemd-private-jr1YKi/tmp 11M /tmp/systemd-private-jr1YKi is this 11M mail ? [root@myhostname ~]# df -h Filesystem  Size  Used Avail Us

  1   2   3   4   5   6   7   >