Thanks for your answer the spamd -L was bad, without everything works fine,
especially the NixSpam plugin!
After your and Anthonys last mail I understand the reason for the different
scores in the output. Of course the lower score was already in the mail, don't
forget I took a scanned mail fro
Bob Proulx wrote:
decoder wrote:
We recently discovered that even our own mailserver (Postfix) was a
backscatter source (and 1-2 weeks ago spammers started to actively use
it), there were several reasons and I'd like to share these points with
the list so nobody does the same mistakes.
Steve Prior wrote:
mouss wrote:
But back on topic... the OP has been joe-jobbed.
he's not the only one... seems there's a lot of backscatter coming in
these days.
Thanks for confirming that spf doesn't fix the problem.
The main problem with SPF is that most other servers out there don't
> >>>But back on topic... the OP has been joe-jobbed.
> >mouss wrote:
> >>he's not the only one... seems there's a lot of backscatter coming in
> >>these days.
> >>
> >>Thanks for confirming that spf doesn't fix the problem.
SPF is designed to fix the problem, however as many other standards it
greetings.
any ideas for spam in russian and chineese? (some even with broken charset)
XBL and bayes are very effective but not enough :/
I'd like to have some kind of language matcher. We don't have people speaking
russian in the company so it would be nice to give 1 or 2 points on just the
lang
On 10.04.08 12:38, Arvid Ephraim Picciani wrote:
> any ideas for spam in russian and chineese? (some even with broken charset)
> XBL and bayes are very effective but not enough :/
> I'd like to have some kind of language matcher. We don't have people speaking
> russian in the company so it would b
Arvid Ephraim Picciani wrote:
greetings.
any ideas for spam in russian and chineese? (some even with broken charset)
XBL and bayes are very effective but not enough :/
I'd like to have some kind of language matcher. We don't have people speaking
russian in the company so it would be nice to give
I run SA on a host-wide basis, so no per user configuration files.
I fire off SA as non-root, yet my maillog keeps filling up with those
messages about root problems, like these:
config: cannot write to /root/.spamassassin/user_prefs: Permission denied
So, I find that if I fire off spamass-mi
I've done this a few times and it works really well. I use Linux,
Postfix,
SpamAssassin, ClamAV, and a super lightweight cut down version of the
now-dead
Amavisd-lite.
I use this system as an inbound email relay on, or outside, the
corporate
firewall boundary and put Exchange inside. That way if
If I add a file /etc/spamassassin/20a_vbounce.cf and add these entries,
do I need to run sa-compile or not?
Second issue, if I change scores (in local.cf for example), do I need to
recompile?
whitelist_bounce_relays mail.domain2.com
whitelist_bounce_relays mail.domain3.com
can I ad
Hi,
I just noticed BotNet (0.8) causing SA timeouts when used with
MailScanner. This is what the log gives me:
[21308] dbg: spf: query for
[EMAIL PROTECTED]/75.117.130.5/unknown: result: fail,
comment: Please see
http://www.openspf.org/Why?id=esuapmet_1966%40mater.ustb.edu.cn&ip=75.11
7.13
Jan-Peter,
> I just noticed BotNet (0.8) causing SA timeouts
> Then it just hangs for quite some time and finally runs into the
> timeout. Any idea?
A known problem, it uses a default timeout of Net::DNS,
which is very long for certain unresolvable DNS queries.
Try the following patch:
--- Bot
> > Then it just hangs for quite some time and finally runs into the
> > timeout. Any idea?
>
> A known problem, it uses a default timeout of Net::DNS,
> which is very long for certain unresolvable DNS queries.
> Try the following patch:
Looks like this did the trick!
Great. Thanks!
Mark,
Thanks, I'll try to work that into 0.9.
John
Mark Martinec wrote:
Jan-Peter,
I just noticed BotNet (0.8) causing SA timeouts
Then it just hangs for quite some time and finally runs into the
timeout. Any idea?
A known problem, it uses a default timeout of Net::DNS,
which is ver
Matus UHLAR - fantomas wrote:
But back on topic... the OP has been joe-jobbed.
mouss wrote:
he's not the only one... seems there's a lot of backscatter coming in
these days.
Thanks for confirming that spf doesn't fix the problem.
SPF is designed to fix the pr
On Thursday 10 April 2008 17:16:40 mouss wrote:
> I personally have found that SPF causes more problems than it helps, and
> for that I do not recommend setting SPF record for "general use" domains.
mind explaining more detailed? I use SPF on all 300 domains. I don't think
anyone actually checks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Henry Kwan:
> Hi,
>
> Have been running SA on CentOS for a few years now and everything has been
> working great. But the powers that be want to move to Exchange so I am trying
> to plan a SA frontend that feeds the Exchange server.
Been there!
> A
thanks Matt and Mathus. That helps.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
Arvid Ephraim Picciani wrote:
On Thursday 10 April 2008 17:16:40 mouss wrote:
I personally have found that SPF causes more problems than it helps, and
for that I do not recommend setting SPF record for "general use" domains.
mind explaining more detailed? I use SPF on all 300 domains.
mouss wrote:
Matus UHLAR - fantomas wrote:
But back on topic... the OP has been joe-jobbed.
mouss wrote:
he's not the only one... seems there's a lot of backscatter coming
in these days.
Thanks for confirming that spf doesn't fix the problem.
SPF is designed to fix the pro
Kelson wrote:
Who said anything about spam from an authorized source?
I was misled by SPF... sorry.
The problem *being discussed* is spam with a forged sender address,
causing bounce notices to go to an innocent third party.
which is caused by "accept then bounce" implementations, someth
Vidar Tyldum Hansen tyldum.com> writes:
> I'm just doing a rough summary of my process on 2007:
> - Use LDAP to check the recipients against Exchange/AD
> (remember the proxyAddress attribute)
> - On the SA-machine I use Postfix and header_checks after the message
> is scanned by amavi
mouss wrote:
> Bob Proulx wrote:
> >I don't think that any of those should match and therefore is safe by
> >default.
>
> the trouble comes from the default (compatibility) value of
> relay_domains and relay_recipient_maps. For this reason, it is
> recommended to set
> parent_domain_matches_subd
Hi Everyone,
I've been floating around on the web, looking for some specifics to do
with setting up a DNS Block List for scoring in Spamassassin.
I found the setup for the CBL, and copied that for use with the DSBL,
which is what I want to setup for scoring Spam. Strangely enough, a lot
of
Bob Proulx wrote:
mouss wrote:
Bob Proulx wrote:
I don't think that any of those should match and therefore is safe by
default.
the trouble comes from the default (compatibility) value of
relay_domains and relay_recipient_maps. For this reason, it is
recommended to set
parent_
Michael Hutchinson wrote:
uridnsbl URIBL_DSBL list.dsbl.org. TXT
body URIBL_DSBL eval:check_uridnsbl('URIBL_DSBL')
describe URIBL_DSBL Contains a URL listed in the DSBL blocklist
(http://dsbl.org)
scoreURIBL_DSBL 0.004
Wait... does the DSBL even list URIs? I thought it only lis
I think we've detoured from the actual problem?
The fact is that lots of spam is now being sent to other sites,
pretending to be from (collectively) our email addresses, so that we get
the bounces containing the spam. And SA isn't marking these messages as
spam, whereas if it was directly sent
> -Original Message-
> From: Kelson [mailto:[EMAIL PROTECTED]
> Sent: 11 April 2008 11:20 a.m.
> To: users@spamassassin.apache.org
> Subject: Re: DNS Blocklists with Spamassassin (scoring only)
>
> Michael Hutchinson wrote:
> > uridnsbl URIBL_DSBL list.dsbl.org. TXT
> > body URIBL_D
Our users are getting hundreds of these!
One of the problems is that the actual spam email is sometimes not
attached. But interestly enough we are usually sent the email header of the
original email. From that we (the humans) can easily spot that the IP
address of the mailserver claiming to
Hello,
[EMAIL PROTECTED] is bouncing messages back to this mailing list
using the email address in the From: header as the Return-Path. The
mailing list software sees it as a loop and bounces the message back
to message poster.
Regards,
-sm
At 23:03 09-04-2008, Victor Sudakov wrote:
whitelist_from_rcvd now works, but not quite in the manner I have
expected. In fact, it works only if the relay is NOT in the
trusted_networks list.
Can you post the debug output?
I wonder if this is by design. In my opinion, whitelisting should
alwa
On Fri, April 11, 2008 01:28, Jason Haar wrote:
> How are others (successfully) handling backscatter? Moving bounces into
> yet another separate folder isn't a solution for our users - and I'm
> sure the same applies elsewhere. Spam is spam...
backscatter have more signs of why you get them, ma
SM wrote:
> >whitelist_from_rcvd now works, but not quite in the manner I have
> >expected. In fact, it works only if the relay is NOT in the
> >trusted_networks list.
>
> Can you post the debug output?
In this case 212.73.124.135 is trusted so the sender was not
whitelisted!!!
http://vas.tomsk.
SM wrote:
> >This is the standard CommuniGate Pro "Received:" header.
> >When HELO matches the hostname, this header always looks this way,
> >with the word "verified" added to it.
>
> SpamAssassin is not parsing that "Received:" header as one with a
> hostname which has been "verified".
[dd]
>
I am not a ccache expert...
I came across it in the last few months and just today had some time to
install it on a centos 4.6 box and play for a second or two.
If anyone on the list is familiar with using it?
If so, then the questions would be, is it appropriate to use it, or
something similar,
35 matches
Mail list logo
