On Thu, 2009-06-04 at 18:32 -0400, Jeff Mincy wrote:
> From: Martin Gregorie
>
> Wouldn't it be easier to run another spamd on a different machine for
> rule development and testing? Or perhaps just running as a different
> 'test' user, and then ignore log messages for that user in the statisti
On Sun, 2009-05-31 at 14:39 -0600, LuKreme wrote:
> On 29-May-2009, at 07:32, Andy Dorman wrote:
> > 1. I could not find out WHY our IPs (we have a block of 32 for the
> > cluster of servers that my email was being sent from) were being
> > listed
I do have to add this would be a lie. A call t
I posted a bug, you can discuss here and I guess vote or discuss on
bugzilla:
Way too many people are using .lan (local area network) as their
internal, local lan.
I agree if FIRST untrusted does a 'helo *.lan' you should score it high,
but if they have an internal server that does a helo *.
sorry, bugzilla link:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6124
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partne
On Fri, 05 Jun 2009 06:20:12 -0400
Michael Scheidell wrote:
> I agree if FIRST untrusted
FWIW the terms first and last should always be used in the client ->
spamassassin direction.
> does a 'helo *.lan' you should score it
> high, but if they have an internal server that does a helo *.lan to
BUZZHOST_STINGER wrote:
On Sun, 2009-05-31 at 14:39 -0600, LuKreme wrote:
On 29-May-2009, at 07:32, Andy Dorman wrote:
1. I could not find out WHY our IPs (we have a block of 32 for the
cluster of servers that my email was being sent from) were being
listed
I do have to add this would be a
On Fri, 2009-06-05 at 06:20 -0400, Michael Scheidell wrote:
> I posted a bug, you can discuss here and I guess vote or discuss on
> bugzilla:
No voting. And please keep the discussion on the list.
> Way too many people are using .lan (local area network) as their
> internal, local lan.
>
> I a
On Fri, Jun 05, 2009 at 12:19:59PM +0100, RW wrote:
> >
> > header HELO_LH_HOME X-Spam-Relays-Untrusted =~ /^[^\]]+
> > helo=\S+\.(?:home|lan) /i
>
> This test only looks at the last hop, so I don't see your concern.
>
> Actually it should be the last hop into the internal network,
> presumably
On Fri, 2009-06-05 at 16:28 +0300, Henrik K wrote:
> On Fri, Jun 05, 2009 at 12:19:59PM +0100, RW wrote:
> > This test only looks at the last hop, so I don't see your concern.
> >
> > Actually it should be the last hop into the internal network,
> > presumably it's one of the tests that's fixed i
Michael Grant writes:
> I did not realize one could store the bayes scores in sql.
>
> So I'd store the bayes scores on a third server and let both mxes use
> the same database.
I did this, but my bayes in mysql and pointed two different spamd
machines at it, but I had severe problems that I cou
I get a significant amount of spam that comes through mailing lists that
I am legitimately subscribed to, either they are the administration
emails asking me if I want to approve the "email" or not, or they are
messages that make it through the list.
These messages are either hitting ALL_TRUSTED,
On Fri, Jun 5, 2009 at 16:08, Micah Anderson wrote:
> Michael Grant writes:
>
>> I did not realize one could store the bayes scores in sql.
>>
>> So I'd store the bayes scores on a third server and let both mxes use
>> the same database.
>
> I did this, but my bayes in mysql and pointed two diffe
> On Thu, 4 Jun 2009 18:04:35 -0400 (EDT)
> "Steven W. Orr" wrote:
>
> > My dns MX record looks like this:
> >
> > ;; ANSWER SECTION:
> > syslang.net.9738IN MX 100 mx2.zoneedit.com.
> > syslang.net.9738IN MX 0 syslang.net.
> > ...
> > The pm fi
On 04.06.09 18:04, Steven W. Orr wrote:
> In my /etc/mail/spamassassin, I have two files, wrongmx.cf and wrongmx.pm
>
> The cf file looks like this:
> loadplugin WrongMX wrongmx.pm
>
> header WRONGMX eval:wrongmx()
> describeWRONGMX Sent to lower pref MX when higher pref MX w
Quoting Micah Anderson :
any case I might have had some issues because my MySQL database needed
to be optimized, but I was not able to determine how and now I just run
one of the spamd's without bayes, which is not too bad because my bayes
database seems to be totally worthless at the moment. :P
The FreeMail.pm installation instructions are a little thin:
### Install:
#
# Please add loadplugin to init.pre (so it's loaded before cf files!):
#
# loadplugin Mail::SpamAssassin::Plugin::FreeMail FreeMail.pm
My understanding, and please correct me if I am wrong, is that you
actually need to d
Michael Grant wrote:
On Fri, Jun 5, 2009 at 16:08, Micah Anderson wrote:
Michael Grant writes:
I did not realize one could store the bayes scores in sql.
So I'd store the bayes scores on a third server and let both mxes use
the same database.
I did this, but my bayes in mysql and pointed t
* Michael Grant [2009-06-05 10:26-0400]:
> On Fri, Jun 5, 2009 at 16:08, Micah Anderson wrote:
> > Michael Grant writes:
> >
> >> I did not realize one could store the bayes scores in sql.
> >>
> >> So I'd store the bayes scores on a third server and let both mxes use
> >> the same database.
> >
On Fri, 5 Jun 2009 16:31:05 +0200
Matus UHLAR - fantomas wrote:
> On 04.06.09 18:04, Steven W. Orr wrote:
>
> > The following file came in and we can see that it did not work. The
> > mail came through mx2.zoneedit.com
>
> Maybe the plugin was unable to find out the destination domain. Can
> you
On Tue, 2 Jun 2009, Rich Shepard wrote:
I started doing this today. Each of the false positive messages was
exported from alpine to a file, and I ran sa-learn on that file telling it
the text is ham.
Today the mail and logwatch summary reports appeared in my inbox and there
were no false po
Rich Shepard wrote:
The empty body problem is a more difficult problem. Have procmail
save a
copy of the raw message somewhere and take a look at it. Make sure
there
is a blank line between the headers and the body. Run 'spamassassin
-D'
on this saved message and look for anything unusual in
> > On 04.06.09 18:04, Steven W. Orr wrote:
> > > The following file came in and we can see that it did not work. The
> > > mail came through mx2.zoneedit.com
> On Fri, 5 Jun 2009 16:31:05 +0200
> Matus UHLAR - fantomas wrote:
> > Maybe the plugin was unable to find out the destination domain. Ca
On Fri, 5 Jun 2009, Bowie Bailey wrote:
In that case, you should be able to track down the issue by comparing the
two files. Is the EMPTY_BODY rule defined in the old local.cf file? If
so, what does it say?
Bowie,
Yes, it was in the old local.cf:
# for empty message bodies:
body EMPT
On Fri, 05 Jun 2009 10:24:31 -0400
Micah Anderson wrote:
If I understand things properly, because I've got these
> setup in my trusted_networks, then these previous hops will be
> checked in RBLs, so the spam is more detectable.
That doesn't really help. If you think about it, tests that run on
Hi,
I've suddenly started getting a new slew of spams that are making their
way through my SpamAssassin filter. Here's an example of one:
http://pastebin.com/m586e296c
As you can see they tend to hit a couple of blacklists, but don't get a
high enough score to be marked as spam. What do yo
Jeremy Morton wrote:
> I've suddenly started getting a new slew of spams that are making
> their way through my SpamAssassin filter. Here's an example of one:
>
> http://pastebin.com/m586e296c
>
> As you can see they tend to hit a couple of blacklists, but don't get
> a high enough score to be mar
On Fri, 2009-06-05 at 18:58 +0100, Jeremy Morton wrote:
> Hi,
>
> I've suddenly started getting a new slew of spams that are making their
> way through my SpamAssassin filter. Here's an example of one:
>
> http://pastebin.com/m586e296c
>
> As you can see they tend to hit a couple of blacklists
On Wednesday 03 June 2009, Jari Fredriksson wrote:
> > On Tuesday 02 June 2009, Michael Scheidell wrote:
> > What "optional" fields are you refering to?
> >
> > I have seen this, on the spamassassin WIKI:
> >
> > CREATE TABLE awl (
> > username varchar(100) NOT NULL default '',
> > email varchar(
On Fri, 5 Jun 2009, Jeremy Morton wrote:
I've suddenly started getting a new slew of spams that are making their way
through my SpamAssassin filter. Here's an example of one:
http://pastebin.com/m586e296c
These are examples of the new variant on 'image only' spams, having only a
rtf file att
On Fri, 5 Jun 2009, Jeremy Morton wrote:
I've suddenly started getting a new slew of spams that are making their
way through my SpamAssassin filter. Here's an example of one:
http://pastebin.com/m586e296c
Look for the MIME_NO_TEXT ruleset I posted a few days ago.
--
John Hardin KA7OHZ
Jeremy Morton wrote:
> I've suddenly started getting a new slew of spams that are making their
> way through my SpamAssassin filter. Here's an example of one:
>
> http://pastebin.com/m586e296c
>
> As you can see they tend to hit a couple of blacklists, but don't get a
> high enough score to be m
Hi!
http://pastebin.com/m586e296c
As you can see they tend to hit a couple of blacklists, but don't get a
high enough score to be marked as spam. What do your SpamAssassin
analyses give of this e-mail, and any tips as to how I can get these
marked as spam?
But;
93.5.36.134 listed in b
Rich Shepard wrote:
> # for empty message bodies:
> body EMPTY_BODY m'^[^\n]+\n\s*$'
> describe EMPTY_BODY Message has subject but no body
> score EMPTY_BODY 2.5
Egads ... that's an unbounded multi-line regex (that little plus sign is
quite CPU-intensive). I don't understand it
On Fri, 5 Jun 2009, Adam Katz wrote:
Since that regex matches nothing, I assume you meant it to be
m'^[^\n]+\n\s*$'s or m'^[^\n]+\n\s*$'ms
Adam,
I didn't write this. It apparently came with the local.cf file a few years
ago.
Rich
--
Richard B. Shepard, Ph.D. | Integrity
On Fri, 2009-06-05 at 20:33 +0200, Raymond Dijkxhoorn wrote:
> Hi!
>
> >> http://pastebin.com/m586e296c
> >>
> >> As you can see they tend to hit a couple of blacklists, but don't get a
> >> high enough score to be marked as spam. What do your SpamAssassin
> >> analyses give of this e-mail, and a
On Tue, 2 Jun 2009, Yet Another Ninja wrote:
On 6/2/2009 7:55 PM, John Hardin wrote:
Oh, sorry, I got that backwards checking for _not_ PHP... Never mind
those last rules.
The mailer is going to be easy to change (even randomly) in a spam tool.
I'd suggest that it's not valid to check tha
All:
Sorry that the last iteration of the MIME_NO_TEXT rules (see the "word doc
spam" message I just resent) didn't get sent to the list - it should have
gone to the list but I didn't notice the discussion had gone off-list.
--
John Hardin KA7OHZhttp://www.impsec.org/~jha
Adam Katz a écrit :
> Matus UHLAR - fantomas wrote:
>> 181.188.252.222.in-addr.arpa domain name pointer localhost.
>>
>> That is why FcRDNS is being used everywhere...
>>
>> localhost has address 127.0.0.1 => fail.
>
> Actually, localhost doesn't resolve via DNS;
I don't know where you're taking
Adam Katz a écrit :
> John Hardin wrote:
>> So that data comes from /etc/hosts. How does that materially affect the
>> FCrDNS sanity test?
>
> By definition, FCrDNS uses DNS lookups. Unless you're using dnsmasq,
> the entries in /etc/hosts are ignored during DNS lookups.
This is wrong.
FCrDNS
On Fri, June 5, 2009 19:58, Jeremy Morton wrote:
> http://pastebin.com/m586e296c
http://cbl.abuseat.org/lookup.cgi?ip=93.5.36.134
do you use zen.spamhaus.org in exim ?
http://www.wpbl.info/cgi-bin/detail.cgi?ip=93.5.36.134
if the ip is not sending ham to you block the ip localy
--
http://loca
On Fri, June 5, 2009 20:05, Rob McEwen wrote:
> I highly recommend scoring RDNS_NONE at much higher than "0.1", and
> scoring RCVD_IN_PBL at much higher than 0.9
meta SPAM_LOCAL (RDNS_NONE && RCVD_IN_PBL)
describe SPAM_LOCAL Meta: it hits both RDNS_NONE and RCVD_IN_PBL
score SPAM_LOCAL 5.0
--
On Fri, June 5, 2009 23:55, mouss wrote:
> why bother yourself with SPF since nobody remote should call himself
> "localhost". localhost is a reserved domain.
will you wake up one day and beat me in my foot ? :)))
localhost check does not rule out that spf check can be usefull
--
http://localh
42 matches
Mail list logo
