On 17.09.13 18:06, David Spector wrote:
In Cpanel: no Spamassassin version information, Score
(required_score)=5, Spam Box=On, no special config specified
My platform: CENTOS 6.4 i686 virtuozzo
My problem:
LFD sends me the following email from root at random times, sometimes
twice a day, som
which rules do you see doing such queries?
What happens if you score those rules to zero?
THey are relevant to URIBL checks because they check for A or NS recs
for a URI in a msg's body.
this is also documented in URIBL.pm
On 09/18/2013 08:31 AM, Abhijeet Rastogi wrote:
That's the thing. Why
The below log happens when I've scores set as 0.
$ cat /etc/mail/spamassassin/local.cf | grep -E 'URI-(NS|A)'
score URI-NS 0
score URI-A 0
$ grep 'async: starting' spoof_sa_log
spamd[23782]: async: starting: URI-DNSBL,
DNSBL:dbl.zen.myinternalrbl.
com.:domain.com (timeout 15.0s, min 3.0s)
spamd[2
On 09/18/2013 09:48 AM, Abhijeet Rastogi wrote:
The below log happens when I've scores set as 0.
$ cat /etc/mail/spamassassin/local.cf | grep -E 'URI-(NS|A)'
score URI-NS 0
score URI-A 0
these rules are not part of SA's ruleset.
if you don't want these queries why have such custom rules, in t
FTR:
these custom rules are apparently plain wrong.
Assuming you have a Spamhaus datefeed running on what you describe as
dbl.zen.myinternalrbl.com / zen.myinternalrbl.com
URI-DNSBL is querying for a NS name against DBL which hardly produce
hit so pointless rule.
URI-A could produce a hit
On Sep 18, 2013 9:10 AM, "Axb" wrote:
>
> On 09/18/2013 09:48 AM, Abhijeet Rastogi wrote:
>>
>> The below log happens when I've scores set as 0.
>>
>> $ cat /etc/mail/spamassassin/local.cf | grep -E 'URI-(NS|A)'
>> score URI-NS 0
>> score URI-A 0
>
>
> these rules are not part of SA's ruleset.
>
>
Dear Matus,
LFD is a monitor that detects processes that have been running too long.
That's about all it does.
spamd is apparently part of Spamassassin, at least when it is running on
Linux systems. I'm not sure; I'm not an SA expert (obviously).
The LFD people say this is definitely a prob
On Wednesday 18 September 2013 at 12:46:52, David Spector wrote:
> Dear Matus,
>
> LFD is a monitor that detects processes that have been running too long.
> That's about all it does.
Who defines what is "too long"?
The commands "ps ax" or "top" will show you (under the "time" column) how long
On Tue, 17 Sep 2013 19:56:56 -0400 (EDT)
Art Greenberg wrote:
> I am running SA on my private mail server. Mail comes in directly for
> one domain (using no-ip.com to get around a port block), and via
> fetchmail for several others. I have listed the MXes at no-ip.com and
> the ISP machines that f
Hi!
On Mit, 2013-09-18 at 06:46 -0400, David Spector wrote:
[...]
> LFD is a monitor that detects processes that have been running too long.
> That's about all it does.
How long is "too long" for "spamd"?
> spamd is apparently part of Spamassassin, at least when it is running on
> Linux system
On Tue, 17 Sep 2013 19:56:56 -0400 (EDT)
Art Greenberg wrote:
I am running SA on my private mail server. Mail comes in directly for
one domain (using no-ip.com to get around a port block), and via
fetchmail for several others. I have listed the MXes at no-ip.com and
the ISP machines that fetchmai
On Wed, 18 Sep 2013 13:04:17 +0200
Bernd Petrovitsch wrote:
> Hi!
>
> On Mit, 2013-09-18 at 06:46 -0400, David Spector wrote:
> [...]
> > LFD is a monitor that detects processes that have been running too
> > long. That's about all it does.
>
> "spamd" is the daemon of SpamAssassin which actuall
Hi!
On Mit, 2013-09-18 at 12:55 +0100, RW wrote:
> On Wed, 18 Sep 2013 13:04:17 +0200
> Bernd Petrovitsch wrote:
[...]
> > On Mit, 2013-09-18 at 06:46 -0400, David Spector wrote:
> > [...]
> > > LFD is a monitor that detects processes that have been running too
> > > long. That's about all it does
Abhijeet Rastogi skrev den 2013-09-18 08:31:
That's the thing. Why do they happen? I don't want them to happen?
What's their relevance in a URIBL check?
uribl_skip_domains ?
or just disable uribl in pre file ?
if there is a domain that is listed as spam why not skip thar domain in
uribl chec
Abhijeet Rastogi skrev den 2013-09-18 10:08:
I don't want queries URI-A and URI-NS to happen. URI-DNSBL is fine
but
why others?
its part of how dns works imho, would it be better to check for cname ?
add domain.com to uribl_skip_domains is not of help ?
Dear RW,
Thank you for your clear explanation and for instructions for fixing the
incorrect notice.
I've followed up by submitting a ticket to get the instructions updated for
the current WHM.
I will also follow up with the support teams for the other products.
Some of the other responses
I see that RDNS_NONE looks at X-Spam-Relays-External for a blank "rdns= ".
I currently don't see that header, but I can see X-Spam-RelaysUntrusted
(how do I enable X-S-R-External?).
Here are some of the headers for a message received here that hit on
RDNS_NONE:
X-Spam-RelaysUntrusted: [ ip=6
Follow-up: 66.162.193.229 passes FCrDNS at multirbl.valli.org.
Is there a bug in SA?
On Wed, 18 Sep 2013, Art Greenberg wrote:
I see that RDNS_NONE looks at X-Spam-Relays-External for a blank "rdns= ". I
currently don't see that header, but I can see X-Spam-RelaysUntrusted (how do
I enable X
Art Greenberg wrote:
> I see that RDNS_NONE looks at X-Spam-Relays-External for a blank "rdns=
> ". I currently don't see that header, but I can see
> X-Spam-RelaysUntrusted (how do I enable X-S-R-External?).
These are pseudoheaders generated internally by SA when deconstructing
the real Received:
On Wed, 18 Sep 2013, Art Greenberg wrote:
Follow-up: 66.162.193.229 passes FCrDNS at multirbl.valli.org.
Is there a bug in SA?
On Wed, 18 Sep 2013, Art Greenberg wrote:
I see that RDNS_NONE looks at X-Spam-Relays-External for a blank "rdns= ".
I currently don't see that header, but I can se
On Wed, 18 Sep 2013, Art Greenberg wrote:
I see that RDNS_NONE looks at X-Spam-Relays-External for a blank "rdns= ". I
currently don't see that header, but I can see X-Spam-RelaysUntrusted (how do
I enable X-S-R-External?).
Here are some of the headers for a message received here that hit on
On Wed, 18 Sep 2013, Kris Deugau wrote:
Which MTA is this?
There is an indication after another hop, between Netcarrier machines,
that its qmail.
Postfix and sendmail I'm sure (and Exim probably) would create:
Received: from drone048.ral.icpbounce.com (drone048.ral.icpbounce.com
[6
Hi Everyone.
I would like to know what would be the best practice on the banner
prompt, is it ok is we advice the antispam? I know the spammers wont
care about it.
I just want to know the best practice.
Thanks
Alfonso.
--
>> qmail, as best I can recall, doesn't include rDNS in its Received:
>> headers (although there's probably a patch somewhere out there to do so)
>
> So maybe that's the cause.
The fix is easy. The problem is you've chosen the defaults in the qmail
install: change /service/smtpd/run to call tcpse
24 matches
Mail list logo
