Re: I'm getting killed with spammers

Debbie D wrote: Last Mon, Tues & Wed I had severe inflow of spam, always at 12.30p EST, Wed it didn't stop till almost 5p. The server seems to not be very cooperative when the queue grows over 200 or so. ... this high amount of spam, (BTW scoring at 20-well over 1000) is killing the loads and

Re: bayes_toks.expire.... can I delete these?

Matt Kettler wrote: Derek Catanzaro wrote: Matt Kettler wrote: Derek Catanzaro wrote: I have a ton of bayes_toks.expire files listed in /root/.spamassassin. Is it safe to delete these files? Yes, provided no expire process is currently running and using one.

Re: ALL_TRUSTED creating a problem

I'm skipping the more important stuff I don't have time to reply to for this little topic. Matt Kettler wrote: True.. and writing a milter should be an expert task. I'm sorry the milter your are using is causing you such fits, but I really don't think it's normal for the average end-user to hav

Re: ALL_TRUSTED creating a problem

Matt Kettler wrote: It's *really* common to separate spamd from the MTA for anyone that's got any decent volume of mail. And that's not a few sites. And I guess that I'm saying 1. People installing from RPMs and/or Ports (or Portage, etc) expect things to work out of the box. Having it be b

Re: bayes_toks.expire.... can I delete these?

Derek Catanzaro wrote: Matt Kettler wrote: Derek Catanzaro wrote: Matt Kettler wrote: Derek Catanzaro wrote: I have a ton of bayes_toks.expire files listed in /root/.spamassassin. Is it safe to delete these files? Yes, provided no expire process is currently runn

Re: MailScanner & Postfix

Gerhard Mourani wrote: Does someone was able to make MailScanner work correctly with Postfix?? I've MailScanner installed and configured to scan for Spam and Virus through Postfix but look like it's not working as expected, I can see that is start its job but still too much spam received. The onl

Re: I'm getting killed with spammers

On Tuesday 17 October 2006 23:09, Bill Taroli wrote: > Debbie D wrote: > > Last Mon, Tues & Wed I had severe inflow of spam, always at 12.30p EST, > > Wed it didn't stop till almost 5p. The server seems to not be very > > cooperative when the queue grows over 200 or so. > > ... > > this high amount

Re: ALL_TRUSTED creating a problem

In article <[EMAIL PROTECTED]>, Jo Rhett <[EMAIL PROTECTED]> writes >These arguments are getting sillier and sillier. I'm asking why it >doesn't work in a plain-jane do-nothing normal public box not behind >a NAT. And every argument so far has been some strange configuration >that is very c

Re: I'm getting killed with spammers

John Andersen wrote: On Tuesday 17 October 2006 23:09, Bill Taroli wrote: Debbie D wrote: Last Mon, Tues & Wed I had severe inflow of spam, always at 12.30p EST, Wed it didn't stop till almost 5p. The server seems to not be very cooperative when the queue grows over 200 or so. ... this high amo

Re: ALL_TRUSTED creating a problem

Kevin Golding wrote: In article <[EMAIL PROTECTED]>, Jo Rhett <[EMAIL PROTECTED]> writes These arguments are getting sillier and sillier. I'm asking why it doesn't work in a plain-jane do-nothing normal public box not behind a NAT. And every argument so far has been some strange configurati

Re: How to disable autolearn for FuzzyOcr?

John Thompson writes: > On 2006-10-16, Marc Perkel <[EMAIL PROTECTED]> wrote: > > > What need to be done with messages that are spam is to only learn the > > headers and not the body of the message. What needs to be done is some > > detection of deliberate bayes poisoning and removal of the poi

Re: ALL_TRUSTED creating a problem

Anthony Peacock wrote: Kevin Golding wrote: In article <[EMAIL PROTECTED]>, Jo Rhett <[EMAIL PROTECTED]> writes These arguments are getting sillier and sillier. I'm asking why it doesn't work in a plain-jane do-nothing normal public box not behind a NAT. And every argument so far has been

Re: I'm getting killed with spammers

On Wednesday 18 October 2006 00:50, nick wrote: > So that's what my firewall has been killing. > > I kept noticing timeout sessions with my mailserver (in the firewall > log), and wondered why that was happening. You should see anvil messages in mail log, but from the man page it is not at all cl

R: R: R: What's with UCEPROTECT List?

> >> You mean, a 5xx (permanent) error? > >> > >> Most sites don't use permanent errors for unknown mailboxes: the > >> rfc-suggests error code for this case is a temporary one (but > maybe I didn't > >> recall it good enough). > >> > >> giampaolo > >> ' > > Hi, > > I have recently played with

Re: ALL_TRUSTED creating a problem

* Jo Rhett wrote (18/10/06 08:57): > Matt Kettler wrote: >> It's *really* common to separate spamd from the MTA for anyone that's >> got any decent volume of mail. And that's not a few sites. > > And I guess that I'm saying > > 1. People installing from RPMs and/or Ports (or Portage, etc) expect

RE: ALL_TRUSTED creating a problem

> -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: woensdag 18 oktober 2006 8:54 > To: Jo Rhett > Cc: users@spamassassin.apache.org > Subject: Re: ALL_TRUSTED creating a problem > > > True.. and writing a milter should be an expert task. I'm sorry the > milter yo

Re: MailScanner & Postfix

On Wed, October 18, 2006 10:22, Martin Hepworth wrote: > any questions ask on the mailscanner list, we're a friendly bunch. mailscanner is not well done for postfix, but works well with sendmail for postfix i recommand to use amavisd-new, with btw olso works ok for sendmail i remember from my

Re: unsubscribe

On Tue, October 17, 2006 21:28, Evan Platt wrote: >> unsubscribe > As the headers of each message say: > list-unsubscribe: will not help until all users of this mail list uses squirrelmail :-) -- "This message was sent using 100% recycled spam mails."

Re: MailScanner & Postfix

Benny Pedersen wrote: On Wed, October 18, 2006 10:22, Martin Hepworth wrote: any questions ask on the mailscanner list, we're a friendly bunch. mailscanner is not well done for postfix, but works well with sendmail for postfix i recommand to use amavisd-new, with btw olso works ok for sendma

Re: I'm getting killed with spammers

John Andersen wrote: On Wednesday 18 October 2006 00:50, nick wrote: So that's what my firewall has been killing. I kept noticing timeout sessions with my mailserver (in the firewall log), and wondered why that was happening. You should see anvil messages in mail log, but from the man page i

R: I'm getting killed with spammers

> Sorry, I was being a bit vague, I've got a stateful firewall between my > mailserver and the external world, and I kept seeing that there were > session timeouts "no_connection_for_this_packet" from a lot of different > places. > > There's absolutely no problems with my connection or my mails

Re: How to filter these spam messages

Michael Scheidell wrote: Someone want to explain Greylisting? It delays any email for up to 45 mins. Usually not that long. In my experience a forced delay of 3 minutes and a grey period of 72 hours is enough to stop most spam. Granted, it then depends on the sending servers retry times, b

mails without headers

hi! are all mails supossed to contain X-Spam* headers? im receiving spam marked as spam with this headers: X-Spam: Not detected X-Spam-Status: True ; 24.9 / 5.0 but i also receive lot of other mails without any X-Spam header. is this by design? must i enable something in the config to enable h

Re: MailScanner & Postfix

On Wed, October 18, 2006 12:41, Martin Hepworth wrote: > Works Fine, many people run MailScanner and postfix with no problems. more mailscanner users should read the postfix maillist and listen to authors that program postfix or commit patches, all of them say please awoid using mailscanner oh

Re: How to filter these spam messages

R Lists06 wrote: A minute or two delay from grelisting matters that much Greylisting usually delay a mail for more than two minutes (when it delays, a good implementation can excempt most mail from the delay after a while). Even if the greylist implementation only enforces a one minute d

R: How to filter these spam messages

> We also massacre the sender address a bit so that for most > mailing lists only the first mail to a recipient is delayed. Which kind of algorithm you use for address "massacring"? giampaolo

Re: What's with UCEPROTECT List?

On Tuesday 17 October 2006 19:33, Jo Rhett took the opportunity to say: > Marc Perkel wrote: > > Not really. If somene had the bandwidth to cause a denial of service > > through sender verification they could do it more easlly by just > > attacking the target directly. No one is going to use sender

RE: This image is turning frequent..

Even I did the same thing and it worked pretty well. Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax India: +91 (22) 2530 - 3166 URL: http://www.qualispace.com =

Re: How to detect this spam..

On Tue, Oct 17, 2006 at 09:56:13PM -0700, Jo Rhett wrote: > On Oct 17, 2006, at 6:53 PM, John D. Hardin wrote: > >Anyone who runs the SA mailing list through SA deserves what they > >get... :) > > You can only exclude the mailing list if you're running SA from > procmail or .forward or something

Re: mails without headers

On Wednesday 18 October 2006 13:17, angel bosch took the opportunity to say: > are all mails supossed to contain X-Spam* headers? > > im receiving spam marked as spam with this headers: > > X-Spam: Not detected > X-Spam-Status: True ; 24.9 / 5.0 How do you *call* SpamAssassin, how have you configu

bayes sql storage

I run spamassassin 3.1.5 from MailScanner on multiple machines and I plan to convert to the sql storage for bayes. I have already one machine running the sql storage, and i works very well. Before i convert the rest there is one question i fail to find any answer to: Do every machine need its own

Re: bayes sql storage

On Wed, 2006-10-18 at 14:24 +0200, Henrik Hellerstedt wrote: > I run spamassassin 3.1.5 from MailScanner on multiple machines > and I plan to convert to the sql storage for bayes. I have > already one machine running the sql storage, and i works very > well. > > Before i convert the rest there is

RE: [OpenDNS #KMP-79041-857]: Michael Scheidell

> -Original Message- > From: OpenDNS First Responders [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 17, 2006 11:41 PM > To: Michael Scheidell > Subject: [OpenDNS #KMP-79041-857]: Michael Scheidell > > Phishtank has a database of url's used in phishing attacks, would this be of inter

spam assassin dies

I'm getting occasional spam in my inbox that doesn't run through spam assassin. I turned on procmail and discovered that spam assassin is dying with -6. Details from the logs: procmail: Executing "/usr/local/bin/spamassassin" __db_assert: "0" failed: file "../dist/../common/db_err.c", line 200 pro

Re: ALL_TRUSTED creating a problem

Mark <[EMAIL PROTECTED]> writes: > We cannot really say SA's autodetection is broken, because SA is designed > to be called post-SMTP. Nor that a milter is broken per se for not adding > a Received: header, as that is the responsibility of the MTA itself. But a > milter using SA *can* be said to b

Re: Q. about spam directed towards highest MX Record?

Just to clarify here You are talking about doing something like: domain.com 1200 IN MX 10 smtp-1.domain.com domain.com 1200 IN MX50 smtp-2.domain.com You all are saying that most of the spam should be coming in MX 50 right? I have to admit I've tried this, but it seems l

Re: Q. about spam directed towards highest MX Record?

| Just to clarify here You are talking about doing something like: | | domain.com 1200 IN MX 10 smtp-1.domain.com | domain.com 1200 IN MX50 smtp-2.domain.com | | You all are saying that most of the spam should be coming in MX 50 right? | | I have to admit I've tried this, bu

Re: Q. about spam directed towards highest MX Record?

wrote: | Just to clarify here You are talking about doing something like: | | domain.com 1200 IN MX 10 smtp-1.domain.com | domain.com 1200 IN MX50 smtp-2.domain.com | | You all are saying that most of the spam should be coming in MX 50 right? | | I have to admit I'v

Re: ALL_TRUSTED creating a problem

Jo Rhett wrote: > >> I'd love to, but the SA project didn't write the milter you're using, >> and the problems you're having can't be "fixed" by having SpamAssassin >> "detect" the problem without doing something even dumber to someone >> else. > > Sure it can! It's dead simple to determine that t

Re: Q. about spam directed towards highest MX Record?

Matt wrote: Just to clarify here You are talking about doing something like: domain.com 1200 IN MX 10 smtp-1.domain.com domain.com 1200 IN MX50 smtp-2.domain.com You all are saying that most of the spam should be coming in MX 50 right? No, I'm saying most of the mail c

RE: Q. about spam directed towards highest MX Record?

> -Original Message- > From: Marc Perkel [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 18, 2006 9:36 AM > To: > Cc: Matt; Peter H. Lemieux; users@spamassassin.apache.org > Subject: Re: Q. about spam directed towards highest MX Record? > > > You have it right. Unfortunately,

Re: Q. about spam directed towards highest MX Record?

Matt wrote: Just to clarify here You are talking about doing something like: domain.com 1200 IN MX 10 smtp-1.domain.com domain.com 1200 IN MX50 smtp-2.domain.com You all are saying that most of the spam should be coming in MX 50 right? I have to admit I've tried this, b

RE: I'm getting killed with spammers

Debbie D wrote: > > On Mon, October 16, 2006 2:28 pm, Debbie D said: > > > > > this high amount of spam, (BTW scoring at 20-well over 1000) is > > > killing the loads and I have screaming clients.. > > > > > > Just this afternoon (again around 12.30) it loaded up again with > > > 312 mails.. the

Re: Q. about spam directed towards highest MX Record?

Marc Perkel wrote: wrote: | Just to clarify here You are talking about doing something like: | | domain.com 1200 IN MX 10 smtp-1.domain.com | domain.com 1200 IN MX50 smtp-2.domain.com | | You all are saying that most of the spam should be coming in MX 50 right? |

Joe Blow wrote: Spam

Has anyone been able to come up with a safe solution to this morning's rash of Joe Blow wrote: spam messages? They look like this: hi Judson i hope this is your email. I was like to see you the other day. I hope you are actually had like the New York. So much so much happening all the time, lo

Problem with upgrade spamassassin 3.1.7

Installed spamassassin 3.0.4 on suse 10 First step I made rpm with the command "rpmbild –tb Mail-SpamAssassin-3.1.7.tar.gz” end I get this two files: -rw-r--r-- 1 root root 675943 Oct 16 11:21 perl-Mail-SpamAssassin-3.1.7-.i5 -rw-r--r-- 1 root root 180929 Oct 16 11:21 spamassassin-3.1.

R: Q. about spam directed towards highest MX Record?

> > > You have it right. Unfortunately, mail still hits the > > lowest priority > > > server based on my experience even when the Primary is up > > and running. > > Or, even better, point it at an unused IP on your network. > (don't point it at 127.0.0.1, that will get you blacklisted in the >

Re: Q. about spam directed towards highest MX Record?

We tried that and had problems with some clients (the business client not the mail client). Seems a lot of Exchange servers will try the lowest priority MX for some reason, and then never try the highest, just fail. With the current setup a valid message will eventually get through. DAve Isn't

Re: ALL_TRUSTED creating a problem

Jo Rhett wrote: > Matt Kettler wrote: >> It's *really* common to separate spamd from the MTA for anyone that's >> got any decent volume of mail. And that's not a few sites. > > And I guess that I'm saying > > 1. People installing from RPMs and/or Ports (or Portage, etc) expect > things to work out

SA 3.1.7 children hang but don't die

I'm noticing in 3.1.7 here that SA children are entering the K state but not disappearing from the proc list, leaving me with eventually many hung SA items and no running children as I hit the max child limit. I've NOT seen the behavior in 3.1.5 which I've gone back to as of last evening. Has any

Re: Joe Blow wrote: Spam

yep, there's a rule for them that should be coming through in updates tomorrow or the day after... --j. Ben Lentz writes: > Has anyone been able to come up with a safe solution to this morning's > rash of Joe Blow wrote: spam messages? They look like this: > > hi Judson i hope this is your ema

Re: bayes_toks.expire.... can I delete these?

Derek Catanzaro wrote: > >> > I am running sa-learn --force-expire -D on one of my servers now. I > mentioned above the the bayes_toks file was 321 MB. Well on the > server I am working on now it is 603 MB (unbelievable). Anyway here > is the out put from the -D. Would I be better off deletin

RE: [OpenDNS #KMP-79041-857]: Phishtank from opendns

> -Original Message- > From: Michael Scheidell > Sent: Wednesday, October 18, 2006 8:29 AM > To: 'OpenDNS First Responders' > Cc: users@spamassassin.apache.org > Subject: RE: [OpenDNS #KMP-79041-857]: Michael Scheidell Correction: > uridnsblURIBL_PHISHBL phishing.opendns.c

R: Q. about spam directed towards highest MX Record?

> > We tried that and had problems with some clients (the business client > > not the mail client). Seems a lot of Exchange servers will try the > > lowest priority MX for some reason, and then never try the highest, just > > fail. > > > > With the current setup a valid message will eventually get

Re: How to filter these spam messages

Jonas Eckerman wrote: R Lists06 wrote: A minute or two delay from grelisting matters that much Greylisting usually delay a mail for more than two minutes (when it delays, a good implementation can excempt most mail from the delay after a while). Even if the greylist implementation onl

Re: Q. about spam directed towards highest MX Record?

Matt wrote: We tried that and had problems with some clients (the business client not the mail client). Seems a lot of Exchange servers will try the lowest priority MX for some reason, and then never try the highest, just fail. With the current setup a valid message will eventually get through.

Help filtering this type of spam

Any thoughts on how to filter this? I'm running the SARE rules and SA 3.1.5 and I seem to be having alot (hundreds in the last few days) of this type of thing get through. Is there a rule score I should tweak up or what? Also it has about a 23K blank gif attached to it as well. I'm running the Fu

Re: Joe Blow wrote: Spam

THANK YOU >yep, there's a rule for them that should be coming through in updates >tomorrow or the day after... > >--j. George, Nazarene(6/1/99- ), Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02-), MR. Tibbs(8/1/90-5/24/06) Jackson, WI USA [EMAIL PROTECTED] http://www.netwrx1.com/georgek ICQ

Re: mails without headers

> How do you *call* SpamAssassin, how have you configured the software that > calls it and SA itself? By default, SA adds X-Spam-Checker-Version, > X-Spam-Level, and X-Spam-Status headers to all mail, and X-Spam-Flag: YES to > spam. Those lines seem to be added by some other software. It wouldn'

whitelist the sa list from learning?

Please pardon my missing it recently If someone wants to whitelist a subscribed email list (specifically this list) from being auto learned by SA what is the local.cf entry please? Hehehhe I notice with so much talk of spam, things get canned a lot. ;-) Thanks... :-) - rh -- Robert - Abba Co

RE: Help filtering this type of spam

Title: RE: Help filtering this type of spam The new update to SARE stock ruleset will take care of these. I'm just waiting on the ninja in chage of that to update it.  I'm running it, and I love it ;) Thanks, Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com www.uribl.com

RE: How to filter these spam messages

Title: RE: How to filter these spam messages > -Original Message- > From: Jonas Eckerman [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 18, 2006 7:08 AM > To: users@spamassassin.apache.org > Subject: Re: How to filter these spam messages > > > Michael Scheidell wrote: > >> S

RE: Joe Blow wrote: Spam

Ben Lentz wrote: > Has anyone been able to come up with a safe solution to this morning's > rash of Joe Blow wrote: spam messages? They look like this: > > These aren't really triggering a high enough point value. I've run > sa-update and these still seem to be coming through. Are you running ne

Re: improving the sa-update process

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 17 Oct 2006 11:03:20 -0700, Jo Rhett wrote: >Frank Bures wrote: >> Or you can check that spamassassin is running after restart and if not, start >> it again. Also you can check that there actually was an update before doing >> the restart

RE: SA 3.1.7 children hang but don't die

Title: RE: SA 3.1.7 children hang but don't die > Subject: SA 3.1.7 children hang but don't die I'm not running 3.1.7 yet. But with a subject tag like that, you're lucky if you don't have the FBI knocking on your door! :) The Carnivore Admin must be laughing! --Chris

Spamassassin detailed log entries

Hi All, I cant find how to ask spamassassin (spamd in my case) to write detailed score in my log files. I'm pretty sure it's in my local.cf file (cause it's system wide), but I can't find which command to insert. I've seen on the spamassassin wiki the _TESTSSCORES(,)_ tag, but I dont find in whic

Re: Spamassassin detailed log entries

On Wed, Oct 18, 2006 at 04:40:45PM +0200, Fabien GARZIANO wrote: > I cant find how to ask spamassassin (spamd in my case) to write detailed > score in my log files. There's currently no way to modify the log output from a config file. You'd have to modify the spamd code to change its log output.

Re: DNS available

On Wed, Oct 18, 2006 at 02:06:41AM -0400, Matt Kettler wrote: > Erm, Theo.. Isn't it true that DNS available will always by 0 in --lint > mode for SA 3.1.7. Remember, network checks are now disabled in --lint > mode, so --lint implies -L. Oh right, that changed in 3.1.6. Still not used to that, o

Re: SA 3.1.7 children hang but don't die

>> Subject: SA 3.1.7 children hang but don't die > >I'm not running 3.1.7 yet. But with a subject tag like that, you're lucky if >you don't have the FBI knocking on your door! :) >The Carnivore Admin must be laughing! OOPS...Hope they have a sense of humorI never read it for anything but tech

Re: Help filtering this type of spam

EXCELLENT!! >The new update to SARE stock ruleset will take care of these. I'm just >waiting on the ninja in chage of that to update it. I'm running it, and I >love it ;) > >Thanks, > >Chris Santerre >SysAdmin and Spamfighter >www.rulesemporium.com >www.uribl.com > > > > >> -Original Message

RE: Spamassassin detailed log entries

Thanks for the answer Theo. I think I was not clear enough in my first message. What I'm looking for is how to have a detailed score for each rule for each message, even if not flaged as spam. I know it's possible cause I got it working in some other site. Right after sending my first mail here

Re: SA 3.1.7 children hang but don't die

>* George R. Kasica wrote (18/10/06 14:55): >> I'm noticing in 3.1.7 here that SA children are entering the K state >> but not disappearing from the proc list, leaving me with eventually >> many hung SA items and no running children as I hit the max child >> limit. I've NOT seen the behavior in 3.1

Re: double letter porn

Richard Doyle wrote: I've been getting lots of porn site spam containing words with doubled letters, like this one: I was looking at this one yesterday, and thought of a different approach. It may be a little kludgy, but it seems to work on some basic tests. For this, I'm starting with a

Re: whitelist the sa list from learning?

RobertH wrote: > Please pardon my missing it recently > > If someone wants to whitelist a subscribed email list (specifically this > list) from being auto learned by SA what is the local.cf entry please? > > Hehehhe I notice with so much talk of spam, things get canned a lot. ;-) > To quote and

greylisting + spamassassin

How do i make spamassassin scan messages that greylisting are whitelisting, i want to scan all messages. Oct 18 16:35:37 smtp1 milter-greylist: k9IEZat8018309: addr 209.237.227.199 from [EMAIL PROTECTED]> rcpt <[EMAIL PROTECTED]>: autowhitelisted for more 48:00:00 I want to scan this messages als

Re: mails without headers

On Wednesday 18 October 2006 16:20, angel bosch took the opportunity to say: > > How do you *call* SpamAssassin, how have you configured the software that > > calls it and SA itself? By default, SA adds X-Spam-Checker-Version, > > X-Spam-Level, and X-Spam-Status headers to all mail, and X-Spam-Flag

Re: mails without headers

you're absolutely right. i configured SA following this doc: http://docs.sun.com/source/819-0105/anti-spam.html#wp45386 i'm not a SA expert so i didn't realize that default configuration only adds headers to mails filtered as spam. i'm now checking how to enable headers for all messages, if anyo

eval:

Can anyone elaborate on this rule is it s plugin and how does it work?     FORGED_RCVD_HELO eval:check_for_forged_received_helo     Thanks in advance     Robert             Peace he would say instead of goodbyepeace my brother.  

Re: whitelist the sa list from learning?

On Wednesday 18 October 2006 16:50, Matt Kettler took the opportunity to say: > RobertH wrote: > > Please pardon my missing it recently > > > > If someone wants to whitelist a subscribed email list (specifically this > > list) from being auto learned by SA what is the local.cf entry please? > > > >

R: Q. about spam directed towards highest MX Record?

> | Just to clarify here You are talking about doing something like: > | > | domain.com 1200 IN MX 10 smtp-1.domain.com > | domain.com 1200 IN MX50 smtp-2.domain.com > | > | You all are saying that most of the spam should be coming in MX > 50 right? > | > | I have to admit

RE: I'm getting killed with spammers

Title: RE: I'm getting killed with spammers FWIW: I think traffic is up all around. I'm seeing a definite increase in the past weeks. Most are being stopped via RBLs, but there is a lot more to stop! --Chris

SA method for identifying animated GIFs?

Hi, Has anyone come up with a SA method for identifying animated GIFs? Like some way of getting the properties of the file and checking if the frame count > 1? I've looked at mime signatures, but I'm not sure if that will work and I don't have enough samples to test. thanks, ->Russ

FP for HELO_DYNAMIC_DHCP and HELO_DYNAMIC_IPADDR

Hi, An ISP in canada, Videotron, hits this rule with the RDNS of their new offering: Static IP addresses on cable modem. RDNS: Dynamic: modemcable002.152-81-70.mc.videotron.ca. Static: modemcable014.58-70-69.static.videotron.ca This should be fixed, as many Videotron clients purchase a st

RE: SA method for identifying animated GIFs?

Title: RE: SA method for identifying animated GIFs? > -Original Message- > From: Russ Ringer [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 18, 2006 11:46 AM > To: users@spamassassin.apache.org > Subject: SA method for identifying animated GIFs? > > > Hi, > > Has anyone com

Re: I'm getting killed with spammers

Chris Santerre wrote: > > FWIW: I think traffic is up all around. I'm seeing a definite increase in the past weeks. Most are being stopped via RBLs, but > there is a lot more to stop! I'll second that, my account alone has been getting around 230 caught spams a day and quite a good few missed,

Re: How to filter these spam messages

Chris Santerre wrote: But if you rely on email for time sensitive info you best rethink what you are doing :) Regardless of your perspective, Chris, the fact is that most people have come to expect email to be as reliable and instantaneous as making a phone call. In one sense that's a tr

Re: greylisting + spamassassin

Casper wrote: How do i make spamassassin scan messages that greylisting are whitelisting, i want to scan all messages. Oct 18 16:35:37 smtp1 milter-greylist: k9IEZat8018309: addr 209.237.227.199 from [EMAIL PROTECTED]> rcpt <[EMAIL PROTECTED]>: autowhitelisted for more 48:00:00 I want to scan t

spam attacks - so and so wrote about a stock

These stock spams are usually dead easy to catch with spam assassin, but there's no "quick response" rules database available to get a new rule. It's a battle of hours, not days with these stock spams. Any thoughts on how to best address this issue, other than every SA admin on the planet writin

RE: spam attacks - so and so wrote about a stock

Title: RE: spam attacks - so and so wrote about a stock   > These stock spams are usually dead easy to catch with spam > assassin, but > there's no "quick response" rules database available to get a > new rule. > It's a battle of hours, not days with these stock spams. There is, we just ha

Re: spam attacks - so and so wrote about a stock

On Wed, Oct 18, 2006 at 09:06:15AM -0700, Ken A wrote: > These stock spams are usually dead easy to catch with spam assassin, but > there's no "quick response" rules database available to get a new rule. > It's a battle of hours, not days with these stock spams. Provide enough manpower and it'd be

RE: Spamassassin detailed log entries

What I do is this: add_header all Report _REPORT_ This gives me the detailed X-Spam-Report header listing the scores, rule names, and rule descriptions. Bowie Fabien GARZIANO wrote: > Thanks for the answer Theo. > I think I was not clear enough in my first message. What I'm looking > fo

Re: spam attacks - so and so wrote about a stock

Chris Santerre wrote: These stock spams are usually dead easy to catch with spam assassin, but there's no "quick response" rules database available to get a new rule. It's a battle of hours, not days with these stock spams. There is, we just haven't been updating it. Any thoughts on ho

Re: spam attacks - so and so wrote about a stock

In the meantime, it sure would be nice if that new ruleset that Chris bragged about could get on the SARE website ASAP. (Where are you Doc Schneider? I hope we haven't caught you on a busy day. Please hurry.) Rob McEwen PowerView Systems

Re: spam attacks - so and so wrote about a stock

Ken A wrote: > Now, how to know what spammers are going to send before they send it.. That doesn't sound like an open source project. ;-) Sounds more like an open-skull project to me :D I'll get my coat! --- Mike Woods Systems Administrator

Re: SA method for identifying animated GIFs?

On Wed, 18 Oct 2006 11:50:03 -0400, you wrote: > >Before anyone else slams you. YES. And a 60 second search of the archives >would have pulled it up. > >You can use FuzzyOCR, or the SARE stock ruleset will be updated soon with a >less CPU intense solution. > >--Chris Sorry, I should have been m

Re: SA 3.1.7 children hang but don't die

- Original Message - From: "George R. Kasica" <[EMAIL PROTECTED]> To: "Chris Lear" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, October 18, 2006 10:04 AM Subject: Re: SA 3.1.7 children hang but don't die > >* George R. Kasica wrote (18/10/06 14:55): > >> I'm noticing in 3.1.7 here that SA c

RE: SA method for identifying animated GIFs?

Title: RE: SA method for identifying animated GIFs? > -Original Message- > From: Russ Ringer [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 18, 2006 12:46 PM > To: users@spamassassin.apache.org > Subject: Re: SA method for identifying animated GIFs? > > > On Wed, 18 Oct 2006

Re: This image is turning frequent..

* Jo Rhett <[EMAIL PROTECTED]> [10-17-2006 10:25]: > > score SARE_GIF_STOX 2.5 2.5 2.5 2.5 > Can you tell me what each corresponding 2.5 represents? -- Regards, Matt Florido

Re: This image is turning frequent..

Matt Florido wrote: * Jo Rhett <[EMAIL PROTECTED]> [10-17-2006 10:25]: score SARE_GIF_STOX 2.5 2.5 2.5 2.5 Can you tell me what each corresponding 2.5 represents? http://spamassassin.apache.org/tests_3_1_x.html Pay particular attention to the rightmost column heading in the table. -Jim

Re: SA 3.1.7 children hang but don't die

>> >* George R. Kasica wrote (18/10/06 14:55): >> >> I'm noticing in 3.1.7 here that SA children are entering the K state >> >> but not disappearing from the proc list, leaving me with eventually >> >> many hung SA items and no running children as I hit the max child >> >> limit. I've NOT seen the

  1   2   3   >