On Tue, 2020-07-14 at 22:57 -0400, Kevin A. McGrail wrote:
> > A pointer to the wiki might be useful in the config files as well as
> > > the
> > > docs. Suggestions of which files?
> >
> > local.cf is the obvious one.
> >
>
> Might not be a bad choice. I've never even looked at a stock local.
On 14/07/20 19:33, Charles Sprickman wrote:
Since the consensus is that this is kind of a “turn it loose out of the box”
situation, I think a nice compromise would be huge commented chunks around
settings that would disable any commercial services that will start sending
nastygrams if you are
On Tue, 2020-07-14 at 12:53 -0400, Kevin A. McGrail wrote:
I agree with you about the idea of turning off everything and just
delivering 100% commented configuration files.. I believe SA is a
framework that must have walls & paint added to make it a
house. Others want it ready to go as a pre-fa
Kevin A. McGrail skrev den 2020-07-15 04:57:
Might not be a bad choice.
+1
I've never even looked at a stock local.cf
and you are pmc member, hmm
[1] from the project in 20 years though.
time flies
Need to do a vanilla install
and see what is in there and where it is generated.
l
> A pointer to the wiki might be useful in the config files as well as
> > the
> > docs. Suggestions of which files?
>
> local.cf is the obvious one.
>
Might not be a bad choice. I've never even looked at a stock local.cf from
the project in 20 years though. Need to do a vanilla install and se
On Tue, 14 Jul 2020 20:46:11 +0100
Martin Gregorie wrote:
> On Tue, 2020-07-14 at 12:53 -0400, Kevin A. McGrail wrote:
> > I agree with you about the idea of turning off everything and just
> > delivering 100% commented configuration files.. I believe SA is a
> > framework that must have walls &
On Tue, 2020-07-14 at 18:39 -0400, Bill Cole wrote:
>
> There are far too many ways that people have BIND already installed
> and configured for a 3rd-party package to be able to safely provide a
> full named.conf that will work for 90% of users who have modified
> their configurations away from t
On 14 Jul 2020, at 18:16, Martin Gregorie wrote:
On Tue, 2020-07-14 at 16:32 -0400, Kevin A. McGrail wrote:
Well, that is documented quite expressly here:
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver
A pointer to the wiki might be useful in the config files as wel
On 14 Jul 2020, at 15:46, Martin Gregorie wrote:
But the important point is to have SA docs say, in places that a new
user can't miss that "If you want free use of the default RBLs then
INSTALL YOUR OWN NON-FORWARDING DNS.
I believe that this underestimates the capacity of users to ignore
doc
On Tue, 2020-07-14 at 16:32 -0400, Kevin A. McGrail wrote:
> Well, that is documented quite expressly here:
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver
>
> A pointer to the wiki might be useful in the config files as well as
> the
> docs. Suggestions of which file
Congrats on derailing another post needlessly.
M. Omer GOLGELI
July 15, 2020 12:41 AM, "Antony Stone"
wrote:
> On Tuesday 14 July 2020 at 23:23:29, Martin Gregorie wrote:
>
>> On Tue, 2020-07-14 at 22:59 +0200, Antony Stone wrote:
>> On Tuesday 14 July 2020 at 21:46:11, Martin Gregorie
On Tuesday 14 July 2020 at 23:23:29, Martin Gregorie wrote:
> On Tue, 2020-07-14 at 22:59 +0200, Antony Stone wrote:
> > On Tuesday 14 July 2020 at 21:46:11, Martin Gregorie wrote:
> > > This info should include lots of black (hashmarks, asterisks etc).
> >
> > You should be careful of the langua
On Tue, 2020-07-14 at 22:59 +0200, Antony Stone wrote:
> On Tuesday 14 July 2020 at 21:46:11, Martin Gregorie wrote:
>
> > This info should include lots of black (hashmarks, asterisks etc).
>
> You should be careful of the language you use these days, especially
> on this
> list.
>
> Yes, I am
On Tuesday 14 July 2020 at 21:46:11, Martin Gregorie wrote:
> This info should include lots of black (hashmarks, asterisks etc).
You should be careful of the language you use these days, especially on this
list.
Yes, I am being sarcastic about what you wrote, but I'm also being serious
about t
Well, that is documented quite expressly here:
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver
A pointer to the wiki might be useful in the config files as well as the
docs. Suggestions of which files?
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritu
On Tue, 2020-07-14 at 12:53 -0400, Kevin A. McGrail wrote:
> I agree with you about the idea of turning off everything and just
> delivering 100% commented configuration files.. I believe SA is a
> framework that must have walls & paint added to make it a
> house. Others want it ready to go as a
I think documenting the simple way to disable it makes sense, yes. Which
command do you do that worked for you and I can look at adding it to a
3.4.5.pre file.
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 7
> On Jul 14, 2020, at 12:08 PM, M. Omer GOLGELI wrote:
>
> July 14, 2020 6:07 PM, "Kevin A. McGrail" wrote:
>
>> The question you ask is exactly why we have the DNSBL Inclusion policy and
>> require the free for
>> some model.
>>
>> We might need to kick up the need for the BLOCKED rule wi
On 7/14/2020 1:04 PM, Luis E. Muñoz wrote:
> Are there any sort of numbers regarding how are the SA instances being
> installed? Is it mostly for distros? Direct installs?
No.
> SA could ship the walls & paint as you describe, and leave to the
> distros the activation of such features they think th
On 14 Jul 2020, at 9:53, Kevin A. McGrail wrote:
I agree with you about the idea of turning off everything and just
delivering 100% commented configuration files.. I believe SA is a
framework that must have walls & paint added to make it a house.
Others
want it ready to go as a pre-fab house
I agree with you about the idea of turning off everything and just
delivering 100% commented configuration files.. I believe SA is a
framework that must have walls & paint added to make it a house. Others
want it ready to go as a pre-fab house aka a drop-in spam filter. As a
project, the majorit
July 14, 2020 6:07 PM, "Kevin A. McGrail" wrote:
> The question you ask is exactly why we have the DNSBL Inclusion policy and
> require the free for
> some model.
>
> We might need to kick up the need for the BLOCKED rule with instructions in
> that description on how
> to disable the rules. W
M. Omer GOLGELI skrev den 2020-07-14 16:55:
It is fair.
+1
Unless you have been unknowingly using it and weren't aware of the
limits.
+1
But maybe this kind of RBLs shouldn't be on by default due to their
commercial nature and must be left to the user to activate after
installation.
wh
The question you ask is exactly why we have the DNSBL Inclusion policy and
require the free for some model.
We might need to kick up the need for the BLOCKED rule with instructions in
that description on how to disable the rules. What are your thoughts on
that?
--
Kevin A. McGrail
Member, Apach
July 11, 2020 1:33 PM, "Riccardo Alfieri" wrote:
> Excuse me but isn't it at least "fair" that, if you use a service provided by
> others for commercial
> purposes, you pay for that service that contributes to your income?
It is fair.
Unless you have been unknowingly using it and weren't aware
On 11 Jul 2020, at 04:33, Riccardo Alfieri wrote:
> And I don't know where you got a quote of "hundreds of dollars per month" for
> 1000 mailboxes, but it's not really the case if you use DQS.
Maybe they thought the yearly cost was monthly?
(Last I checked, DQS stars at $250/yr)
--
The othe
> On Jul 11, 2020, at 6:33 AM, Riccardo Alfieri
> wrote:
>
> On 10/07/20 22:51, Charles Sprickman wrote:
>
>>
>> That’s unrealistic. Many ISPs these days that aren’t the “big boys” with
>> dedicated staff for every facet of ISP operations, they are one and two man
>> shops running WISPs i
On Sat, 11 Jul 2020 17:35:58 +0200
Reindl Harald wrote:
> we are working at ISP level and customers have their own domains where
> they can get an auth-token for transfer the domain at every point in
> time
>
> so there is no dumb outsourcing nor any lockin
>
> when you use something like "mynam
> > Am 11.07.20 um 01:56 schrieb RW:
> > > I thought most ISPs had outsourced or given-up on email.
> >
> > why should someone with a brain outsource anything?
>
> I don't know, why do you outsource?
>
> > > ISP email has IMO always been a way of locking-in gullible
> > > customers.
The U
On Sat, 11 Jul 2020 02:49:31 +0200
Reindl Harald wrote:
> Am 11.07.20 um 01:56 schrieb RW:
> > I thought most ISPs had outsourced or given-up on email.
>
> why should someone with a brain outsource anything?
I don't know, why do you outsource?
> > ISP email has IMO always been a way of locki
On 10/07/20 22:51, Charles Sprickman wrote:
That’s unrealistic. Many ISPs these days that aren’t the “big boys” with
dedicated staff for every facet of ISP operations, they are one and two man
shops running WISPs in rural areas or developing countries. It’s not the 90’s
anymore. It’s a terri
> On Jul 10, 2020, at 7:56 PM, RW wrote:
>
> On Fri, 10 Jul 2020 18:25:33 -0400
> Charles Sprickman wrote:
>
>
>> Also I just dug up the letter and the wording used was “commercial
>> use”. There was no mention of what the volume was or what the limit
>> would be.
>>
>
> The default is to
On Fri, 10 Jul 2020 18:25:33 -0400
Charles Sprickman wrote:
> Also I just dug up the letter and the wording used was “commercial
> use”. There was no mention of what the volume was or what the limit
> would be.
>
The default is to use these list unregistered. Did that ISP register or
did Spamha
> On Jul 10, 2020, at 5:56 PM, Charles Sprickman wrote:
>
>
>> On Jul 10, 2020, at 5:35 PM, Kris Deugau wrote:
>>
>> Charles Sprickman wrote:
>>> That’s unrealistic. Many ISPs these days that aren’t the “big boys” with
>>> dedicated staff for every facet of ISP operations, they are one and
> On Jul 10, 2020, at 5:35 PM, Kris Deugau wrote:
>
> Charles Sprickman wrote:
>> That’s unrealistic. Many ISPs these days that aren’t the “big boys” with
>> dedicated staff for every facet of ISP operations, they are one and two man
>> shops running WISPs in rural areas or developing countri
Charles Sprickman wrote:
That’s unrealistic. Many ISPs these days that aren’t the “big boys” with
dedicated staff for every facet of ISP operations, they are one and two man
shops running WISPs in rural areas or developing countries. It’s not the 90’s
anymore. It’s a terrible default, even hom
> On Jul 10, 2020, at 1:57 PM, RW wrote:
>
> On Fri, 10 Jul 2020 18:01:30 +0200
> Philipp Ewald wrote:
>
>>> Most smaller sites have no problem unless they use third party DNS
>>> resolvers which are blocked. if you're local resolver is forwarding
>>> to some ISP's resolver then you also get
On Fri, 10 Jul 2020 18:01:30 +0200
Philipp Ewald wrote:
> > Most smaller sites have no problem unless they use third party DNS
> > resolvers which are blocked. if you're local resolver is forwarding
> > to some ISP's resolver then you also get blocked.
>
> No. We are like a ISP... and got more
Philipp Ewald skrev den 2020-07-10 18:23:
Thank you for the update!
Last time we used spamhaus this was not given.
checking logs everyday ?
i am kidding aswell
Thank you for the update!
Last time we used spamhaus this was not given.
Am 10.07.20 um 18:07 schrieb Riccardo Alfieri:
Hi,
sorry but this will never happen. We are not going to use a "list the world"
response to queries from anyone. There are dedicated return codes for that (already
included
On 10/07/20 18:01, Philipp Ewald wrote:
Am 10.07.20 um 13:54 schrieb Kevin A. McGrail:
Here's the policy:
https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklistsInclusionPolicy
This was active since 2018?
Maybe it would be better to ask if your are commercial or not... AFIK
Most smaller sites have no problem unless they use third party DNS resolvers
which are blocked.
if you're local resolver is forwarding to some ISP's resolver then you also get
blocked.
No. We are like a ISP... and got more than 50.000 accepted Mails a day so this
is totally not in free-use in
Here's the policy:
https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklistsInclusionPolicy
On 7/10/2020 7:43 AM, Axb wrote:
> On 7/10/20 1:40 PM, Philipp Ewald wrote:
>>> in local.cf add:
>>>
>>> dns_query_restriction deny spamhaus.org
>>>
>>> that should fix the problem and survive
On 7/10/20 1:40 PM, Philipp Ewald wrote:
in local.cf add:
dns_query_restriction deny spamhaus.org
that should fix the problem and survive SA updates
Many Thank! now it's work.
but why is this enabled by default?
because, under fair use, it's free for all.
Most smaller sites have no probl
in local.cf add:
dns_query_restriction deny spamhaus.org
that should fix the problem and survive SA updates
Many Thank! now it's work.
but why is this enabled by default?
Am 10.07.20 um 13:23 schrieb Axb:
On 7/10/20 1:20 PM, Philipp Ewald wrote:
Hey everyone,
we got a nice mail from spam
On 7/10/20 1:20 PM, Philipp Ewald wrote:
Hey everyone,
we got a nice mail from spamhaus.
We have used their DNS Query's.
Important is that we thought we have disabled them by:
score __RCVD_IN_ZEN 0
But tcpdump says we make dns querys to spamhaus, but the result got
ignored.
you forgot that
Hey everyone,
we got a nice mail from spamhaus.
We have used their DNS Query's.
Important is that we thought we have disabled them by:
score __RCVD_IN_ZEN 0
But tcpdump says we make dns querys to spamhaus, but the result got ignored.
I have removed the configuration lines in /usr/share/spamass
47 matches
Mail list logo
