A message slipped through untouced. Obvious spam from "Minister of Finance"
with many attachments.
/var/log/mail shows a message skipped "spamc[7262]: skipped message, greater
than max message
size (512000 bytes)" at the time this came thru.
I'd guess that was it. Unusual, but any way to prev
Alex, from prypiat.
Yes, I recycle.
On 12-12-03 02:04 AM, John Wilcock wrote:
> Le 30/11/2012 18:18, John Hardin a écrit :
>>>header __AJB_HAS_XEROXX-Mailer =~ /WorkCentre \d{3,5}/
>>>header __AJB_XEROX_SUBJ Subject =~ /Scan from a Xerox/
>>
>> Thanks! I will add those to m
Hi,
I guess you may change your threshold for the cut off? the -s flag, when
calling spamc seems to be it.
I use amavisd-new to feed SA, it does the same thing, I had to change my
threshold too to analyze bigger emails.
Best,
Alex, from prypiat.
Yes, I recycle.
On 12-12-03 06:25 AM, Joseph Ac
On Mon, 3 Dec 2012, John Wilcock wrote:
Le 30/11/2012 18:18, John Hardin a écrit :
> header __AJB_HAS_XEROXX-Mailer =~ /WorkCentre \d{3,5}/
> header __AJB_XEROX_SUBJ Subject =~ /Scan from a Xerox/
Thanks! I will add those to my sandbox.
Question: how often do you see t
On 11/29/12 14:46:25, David F. Skoll wrote:
> We greylist after the end of DATA. This wastes bandwidth, but lets us
> use the Subject: line as an additional mix in the greylisting tuple.
> This catches ratware that retries in the face of greylisting, but
> mutates the subject line with each retry.
On 11/29/12 10:44:54, John Hardin wrote:
> You will probably want to put a little effort into maintaining lists
> of regular correspondents who can bypass greylisting. There may be
> tools to automate that, e.g. to whitelist someone a local user has
> sent mail to.
Has anyone looked into the use o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/28/2012 04:17 PM, Tres Seaver wrote:
> Running SA 3.3.2 on Ubunto 12.04.
>
> Here is how spamd is running:
>
> $ pgrep -lf spamd 26110 /usr/bin/perl -T -w /usr/sbin/spamd
> --create-prefs --max-children 5 --helper-home-dir --username=vmail
> --
>> We greylist after the end of DATA. This wastes bandwidth, but lets us
>> use the Subject: line as an additional mix in the greylisting tuple.
>> This catches ratware that retries in the face of greylisting, but
>> mutates the subject line with each retry.
> We use grey listing on our low volum
>> You will probably want to put a little effort into maintaining lists
>> of regular correspondents who can bypass greylisting. There may be
>> tools to automate that, e.g. to whitelist someone a local user has
>> sent mail to.
>
> Has anyone looked into the use of a DNS-based white listing servic
On Mon, 2012-12-03 at 07:23 -0800, Gary Funck wrote:
> Since this is a Spam Assassin list: Is there a way of disabling
> grey listing, but still receiving some benefit from the principle
> that mail received from a first time or infrequent sender should
> be looked upon with some suspicion?
>
Yes.
On Mon, 2012-12-03 at 07:27 -0800, Gary Funck wrote:
> On 11/29/12 10:44:54, John Hardin wrote:
> > You will probably want to put a little effort into maintaining lists
> > of regular correspondents who can bypass greylisting. There may be
> > tools to automate that, e.g. to whitelist someone a loc
On 12/3/2012 10:27 AM, Tres Seaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/28/2012 04:17 PM, Tres Seaver wrote:
Running SA 3.3.2 on Ubunto 12.04.
Here is how spamd is running:
$ pgrep -lf spamd 26110 /usr/bin/perl -T -w /usr/sbin/spamd
--create-prefs --max-children 5 --help
On 12/3/2012 8:13 AM, Alexandre Boyer wrote:
Hi,
I guess you may change your threshold for the cut off? the -s flag, when
calling spamc seems to be it.
I use amavisd-new to feed SA, it does the same thing, I had to change my
threshold too to analyze bigger emails.
I'm currently testing some t
On Mon, Dec 03, 2012 at 01:54:44PM -0500, Kevin A. McGrail wrote:
>
> I've added two tricks to this filter.
>
> One, I pass the load_avg to the filter and use it to modify the size
> limit for spamc based on load. The lower the load, the higher the
> multiplier.
Seems kind of pointless. Have yo
On 12/3/2012 3:03 PM, Henrik K wrote:
Two, I'm trying a system that also truncates messages mid-message at
the threshold to scan them anyway.
The second idea has been pretty controversial but I think the first
one is a neat idea.
Why is it controversial? Amavisd-new 2.6.3 had this feature sinc
On Mon, 3 Dec 2012 22:03:25 +0200
Henrik K wrote:
> On Mon, Dec 03, 2012 at 01:54:44PM -0500, Kevin A. McGrail wrote:
[Test loadavg in filtering decisions]
> Seems kind of pointless. Have you actually measured how larger
> messages affect cpu usage? Especially since usually there are much
> le
On 12/3/2012 3:43 PM, David F. Skoll wrote:
I agree. LoadAVG is a pretty useless measurement. And relaxing your
filtering based on load gives spammers a clear signal how to defeat
your filter.
...
We truncate overly-long messages too, but we try to be intelligent
about it. We shrink non-text
On Mon, 03 Dec 2012 15:51:45 -0500
"Kevin A. McGrail" wrote:
> My goal is to implement something in spamc/spamd that's useful for
> people using SA more out of the box. I guess, my thought is that
> adding some logic to dynamically increase the size limit was better
> than the status quo.
OK.
On 12/3/2012 3:43 PM, David F. Skoll wrote:
On Mon, 3 Dec 2012 22:03:25 +0200
Henrik K wrote:
On Mon, Dec 03, 2012 at 01:54:44PM -0500, Kevin A. McGrail wrote:
[Test loadavg in filtering decisions]
Seems kind of pointless. Have you actually measured how larger
messages affect cpu usage? Es
On Mon, 03 Dec 2012 16:04:42 -0500
Bowie Bailey wrote:
> You are not relaxing the filtering, you are tightening it.
It still IMO is a bad idea. Effectively, you are lowering your
security when your box is busier no matter how you look at it.
If your box can't handle load spikes, then when it g
On 12/3/2012 4:12 PM, David F. Skoll wrote:
On Mon, 03 Dec 2012 16:04:42 -0500
Bowie Bailey wrote:
You are not relaxing the filtering, you are tightening it.
It still IMO is a bad idea. Effectively, you are lowering your
security when your box is busier no matter how you look at it.
If your
On Mon, 03 Dec 2012 16:20:30 -0500
Bowie Bailey wrote:
> Without this setup, you are always at the "lower security" level.
Ah, so you believe the glass is half-full whereas I maintain it's
half-empty. :)
> Of course, everyone would like to have a box that can handle fully
> scanning every email
On Mon, 3 Dec 2012 07:23:59 -0800
Gary Funck wrote:
> Since this is a Spam Assassin list: Is there a way of disabling
> grey listing, but still receiving some benefit from the principle
> that mail received from a first time or infrequent sender should
> be looked upon with some suspicion?
Person
23 matches
Mail list logo
