lse I should
check before assuming this is an external, non-SA issue?
--
Sahil Tandon
Quoting snowjack <[EMAIL PROTECTED]>:
> ...Did you restart amavisd-new after making the change?
Yes. :-)
--
Sahil Tandon
tc/mail/spamassassin.
--
Sahil Tandon
y plausible - I'll try lint tonight.
> If this IS your problem and you want a copy of my script, let me know -
> you're welcome to use it.
Thanks. I'll get back after confirming I have the same problem.
--
Sahil Tandon
l mailing list
for help debugging that problem.
--
Sahil Tandon
mix just yet.
Thanks for your advice - will try it out tonight and report the results.
--
Sahil Tandon
Quoting Alex Broens <[EMAIL PROTECTED]>:
[Daniel's request]
> aka harvesting?
His request does seem a bit shady, but I'd google Dan's previous papers before
jumping to conclusions.
--
Sahil Tandon
Quoting Sahil Tandon <[EMAIL PROTECTED]>:
Problem solved!
> When messages actually arrive from the Internet, Postfix hands off
> messages to amavisd-new+SA which let it through just fine without the
> proper score. The odd part is that messages that are in the regular
>
ally we prefer to make use of that improving the efficiency of
> the list, and not so much working on the web site..
João, please do not be discouraged by the ranting. We use mailspike at
multiple sites and it is a valuable, low-FP addition to the DNSBL
arsenal. Thanks for your efforts.
--
Sahil Tandon
e!)
Glad to hear it's working well for you - I'm having a similar
experience!
--
Sahil Tandon
My previous reply does not appear to have made it to the list, so
trying again:
On Thu, 2011-01-27 at 09:12:37 -0500, Michael Scheidell wrote:
> On 1/26/11 11:58 PM, Sahil Tandon wrote:
> >>reject_rhsbl_sender dbl.spamhaus.org=127.0.1.2,
> >Sound advice to advocate good prac
pam-Relays-External =~ /^[^\]]+
rdns=\S+[\-\.](?:res|resnet|client)[\-\.]/i
--
Sahil Tandon
ust can't do this while spamass-milter does it with very
> little overhead or configuration.
For posterity, and to hopefully prevent the spread of misinformation via
list archives, the above (specifically with regard to amavisd-new) is
patently false.
--
Sahil Tandon
s it really need to be world readable?
You've asked a few different questions; the answer to the last one is
'no'.
--
Sahil Tandon
On Sun, 2011-04-03 at 14:38:49 -0700, Ori Bani wrote:
> On Sun, Apr 3, 2011 at 2:08 PM, Sahil Tandon wrote:
> > On Sun, 2011-04-03 at 13:30:44 -0700, Ori Bani wrote:
> >
> >> From what I can tell, it is common to have local.cf
> >> permissions/ownership as
mment is harmless, and likely an artifact from when SBL-XBL was
deprecated in favor of ZEN several years ago. And FWIW, ZEN actually
contains the SBL, SBLCSS, XBL and PBL blocklists.
> Comments on this? Am I missing something here?
Yes; a closer review of documentation and rule construction is in order.
--
Sahil Tandon
snowjack wrote:
Is there any evidence that local.cf is getting read at all?
Good question. Where do I look for such evidence? Logs are hardly
revealing.
--
Sahil Tandon
ed. Why didn't
--lint complain at all? Why weren't the extra score changes not adopted
when listed in local.cf, but are now adopted when listed in user_prefs?
--
Sahil Tandon
/amavis/.spamassassin; the files
therein (i.e. the bayes_* files) are chown'd vscan:vscan. They are
updated when SA *itself* notices spam above a certain threshold, rejects
those messages, and auto-learns their spammy existence.
How to get 'sa-learn --spam' from webmail to co-exist peacefully with my
current setup?
--
Sahil Tandon
Everything else (i.e. my rules) seem to be working fine. However, I had
two problems.
Not so bad: check_mx_attempts and one other variable which now slips my
mind kept spitting out an 'unable to parse' error. I don't get that -
it was EXACTLY the same as with 2.64, with which --lint didn't co
Theo Van Dinter wrote:
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
this should already be in the default init.pre file.
This file does not exist on my box. Without the loadplugin line, --lint
spits out errors; with it, it exits quietly. My machine is FreeBSD
4.10-STABLE and I'm using t
Laurent Luyckx wrote:
Are you sure you're using a recent version of Net::DNS module (>= 0.34)?
Indeed.
#pkg_info | grep p5-Net-DNS
p5-Net-DNS-0.48 Perl5 interface to the DNS resolver, and dynamic updates
I'm still baffled as to why this still doesn't work.
--
Sahil Tandon
Khalid Waheed wrote:
If you are using --siteconfigpath other then default, copy the init.pre
file to location.
I repeat: there is no init.pre. The FreeBSD port does not include one,
it seems. Everything else works just dandy via the local.cf and
user_prefs files. I am able to successfully loa
Michael Parker wrote:
init.pre is part of the SA distribution, if your package/port does not
include it then it is broken and you should complain to your package
maintainer. I've forgotten all of the details but init.pre is special
because it gets loaded before all other files are processed (ie sh
Jeff Chan wrote:
> That said, it sounds like your installation may be messed up
> since init.pre was missing.
init.pre wasn't missing; the .sample was there since it should be
modified to suit the admin's needs and then put in place. *I* did
something wrong; the port/package is fine.
If the def
Jeff Chan wrote:
Default scores should be ok. The default configuration should
have rules and scores already in place.
Firstly, thanks to everyone who has contributed some advice thus far. I
ran some spam through spamassassin via the command line. I su'd to to
the amavisd-new user (vscan), and
. I had the same
problem.
--
Sahil Tandon
hat of a large portion of our
> clients.
>
> Can anyone suggest a temporary remedy for this?
In local.cf:
scoreFORGED_MUA_OUTLOOK0.00
--
Sahil Tandon
Quoting [EMAIL PROTECTED]:
> Oct 20 17:29:26 saxophon spamd[16359]: debug: URIDNSBL: domain
> "surbl-org-permanent-test-point.com" listed (URIBL_SC_SURBL): 127.0.0.2
It's working.
--
Sahil Tandon
Quoting Jeff Chan <[EMAIL PROTECTED]>:
> Comments welcome,
Looks good; just a trivial spelling mistake: "discontining" should be
"discontinuing". A link to this[1] page might also be worthwhile.
--
Sahil Tandon
[1] http://spamassassin.apache.org/full/3.0.x/dist/rules/25_uribl.cf
led by default, but I guess we are both
> too lazy to check.
SURBL checks are enabled by default.
--
Sahil Tandon
p, and webmail. If someone could suggest other
> solutions please do.
On the MTA level, we use Postfix[1] in conjunction with amavisd-new[2] (which
hands off messages to ClamAV and SA). For IMAP and POP, we use UW IMAP[3];
webmail is served via IMP[4].
Good luck.
--
Sahil Tandon
[1] http://www
files are
still in some variant of the traditional UNIX mbox format.
--
Sahil Tandon
this list's recent archives for
details) while running SA in debug mode to confirm whether the checks
are really being skipped.
--
Sahil Tandon
Jeff Chan wrote:
On Sunday, October 24, 2004, 3:09:53 PM, John Andersen wrote:
>
What file are you finding this above bug in?
I don't see that anywhere on my 3.0.1 install!
There should be some kind of change log included in the
distribution.
Indeed there is; aptly labeled CHANGES.
individually for each message? If the former, make sure the daemon is running.
More details/logs might help narrow down the problem.
--
Sahil Tandon
related logs. Did you try running
messages through SA (with the debug flag) at the command line? Did you run
spamassassin --lint to make sure your local.cf is consistent with any changes
made in 3.0.1?
We're just playing a guessing game without more info.
--
Sahil Tandon
[1] http://www.c
..
Stick the URIDNSBL-related stuff from local.cf in
/where/amavis/lives/.spamassassin/user_prefs (this should already exist if you
did spamassassin --lint previously).
--
Sahil Tandon
On Sat, 28 Feb 2009, Neil Schwartzman wrote:
> We have created an entry on the Spamassassin wiki
> http://wiki.apache.org/spamassassin/ReportingSpam
Broken link in section "Setup of special aliases in Postfix to forward spams
and hams": http://gtmp.org/publications/sa-postfi
ld you be so kind as to post an
unmodified copy of the spammy message with full headers? Don't paste here --
put it on a pastebin.
--
Sahil Tandon
On Sun, 17 May 2009, Dennis German wrote:
> Could someone discuss or add a wiki page about?
>
> SPF_SOFTFAIL
http://www.openspf.org/RFC_4408#op-result-softfail
> SPF_NEUTRAL
http://www.openspf.org/RFC_4408#op-result-neutral
--
Sahil Tandon
On May 26, 2009, at 4:00 AM, Arvid Picciani wrote:
does this list have an online archive?
Yes. Google it.
ate the importance of stable vs. alpha vs. $foo without
referencing actual portions of the code that worry you.
--
Sahil Tandon
) do
with respect to SA rules, the following page might be useful:
http://wiki.apache.org/spamassassin/WritingRules
--
Sahil Tandon
hing just because of LuKreme's advocacy.
As for doing this in SA, I hope one of the gurus can offer a solution. But
from a quick scan of these[1][2] pages, some variant of the following might
suffice:
# Warning: UNTESTED!
header LOCAL_RDNS X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=localhost /i
describe LOCAL_RDNS bogus localhost rDNS
scoreLOCAL_RDNS 10.0
[1] http://wiki.apache.org/spamassassin/WritingRules
[2] http://wiki.apache.org/spamassassin/TrustedRelays
--
Sahil Tandon
quot;localhost"
>>
>> It should be in the 3.3.0 release if I understand the autopublication
>> process.
>
> ...or at least it was making the cut a week or so back. :(
s/(/)/ :-)
--
Sahil Tandon
ecurity certification body."
Perhaps the "Virus" in the name of the organization conducting the anti-spam
product review threw you off?
--
Sahil Tandon
ible or am I barking up the wrong tree? If I am, does
> anyone have suggestions on how I can achieve this?
What if the email with the offending text is sent to multiple
recipients, some of whom need the special treatment while others do not?
--
Sahil Tandon
problem; see the newsyslog(8) and
newsyslog.conf(5) man pages to understand why.
> It certainly looks to me like the spammed output should be logged to
> /var/log/spamd.log.
No.
--
Sahil Tandon
rly Sunday morning are the worst time…
Unless you believe this is still a spamd issue, please send all
follow-ups to a more appropriate mailing list.
--
Sahil Tandon
On Sun, 04 Oct 2009, LuKreme wrote:
> On 3-Oct-2009, at 23:54, Sahil Tandon wrote:
> >As documented in the spamd(1) man page:
> >
> >-s facility, --syslog=facilitySpecify the syslog facility
> >
> >So, specifly a syslog FACILITY instead of a FILENAME. See sy
partners). It would be counter-intuitive to require all senders to pay
one of the third parties just to let email through."
--
Sahil Tandon
On Sat, 12 Dec 2009, Marc Perkel wrote:
[HTML snipped]
I'm thrilled that it works well for you; my note was for posterity and
other readers who might benefit from knowing about the odd inconsistency
I mentioned in my initial reply.
--
Sahil Tandon
On Sat, 12 Dec 2009, jdow wrote:
> From: "Marc Perkel"
> Sent: Saturday, 2009/December/12 09:42
> >
> >Sahil Tandon wrote:
> >On Fri, 11 Dec 2009, Marc Perkel wrote:
> >
> > Been using emailreg.org for several months now and it seems like a
&
On Dec 14, 2009, at 12:45 PM, John Hardin wrote:
On Mon, 14 Dec 2009, Per Jessen wrote:
Why would anyone pay USD20 to register with emailreg.org instead of
publishing an SPF record for free?
To keep the pointy-haired managers happy.
Bingo. Name calling aside, this is really the crux of
oes the answer vary per email? More details
are required to identify the cause of the problem.
--
Sahil Tandon
exist?
My question is, what is the best practice and how can I configure
following scenario:
The best practice is to never accept messages to non-existant users.
Agreed. There is no reason to accept then bounce. That's ==
backscatter. Either REJECT or DISCARD.
- Sahil
enuous. In it, they insist that spam is never sent from Google
servers, and only from "miscreants" who forge @gmail.com addresses.
--
Sahil Tandon <[EMAIL PROTECTED]>
ers *is*
Google's responsibility. No exceptions.
--
Sahil Tandon <[EMAIL PROTECTED]>
David Baron <[EMAIL PROTECTED]> wrote:
> Download succeeded but this failed.
(mind the wrapping below)
http://wiki.apache.org/spamassassin/SaUpdateKeyNotCrossCertified?highlight=%28
update%29
--
Sahil Tandon <[EMAIL PROTECTED]>
hey'll stop facilitating the
circulation of this garbage.
--
Sahil Tandon <[EMAIL PROTECTED]>
, try accepting email to abuse@ and
postmaster@ even from .de addresses and educate your client about the perils
(read: stupidity) of rejecting email from an entire country.
--
Sahil Tandon <[EMAIL PROTECTED]>
James Lay <[EMAIL PROTECTED]> wrote:
> Ah..that explains it then..thanks. Where does one go to get updated
> rulesets then?
man sa-update(1)
--
Sahil Tandon <[EMAIL PROTECTED]>
soon after my messages
are accepted by an apache.org MX. Is there a link? Just a coincidence? Is
anyone else experiencing similar behavior? Thanks.
--
Sahil Tandon <[EMAIL PROTECTED]>
ing the local.cf in vim, delete what appear to be spaces in the GMD
rules, re-insert them, and then --lint again.
--
Sahil Tandon <[EMAIL PROTECTED]>
--lint does not complain, and I know that local.cf is being otherwise
interpreted by SA because custom rules contained therein are scoring.
--
Sahil Tandon <[EMAIL PROTECTED]>
Nigel Frankcom <[EMAIL PROTECTED]> wrote:
> On Sat, 21 Jun 2008 01:10:53 -0400, Sahil Tandon <[EMAIL PROTECTED]>
> wrote:
>
> >I see the following when running sa-update with debug flags:
> >
> >[20528] dbg: conf: trusted_networks are not configured; i
Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
> On 21/06/2008 1:10 AM, Sahil Tandon wrote:
> > I see the following when running sa-update with debug flags:
> >
> > [20528] dbg: conf: trusted_networks are not configured; it is recommended
> > that y
Robert - elists <[EMAIL PROTECTED]> wrote:
> Does anyone think that
>
>10 FM_BIG_REASON Lot's of CAP words, BIG, REASON, BEST
>
> Is scored high or?
Seems high to me, but needs to be put in the context of your threshold.
--
Sahil Tandon <[EMAIL PROTECTED]>
default threshold of 5); however, 10 may not be bad if you (proverbially
speaking) have your threshold set to something egregiously high or really
want to reject all email with CAPITAL letters :-)
--
Sahil Tandon <[EMAIL PROTECTED]>
Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
> On 21/06/2008 10:45 PM, Sahil Tandon wrote:
> > Daryl C. W. O'Shea <[EMAIL PROTECTED]> wrote:
> >
> >> On 21/06/2008 1:10 AM, Sahil Tandon wrote:
> >>> I see the following when running
On Jun 22, 2008, at 9:18, Arvid Ephraim Picciani <[EMAIL PROTECTED]>
wrote:
On Sunday 22 June 2008 15:10:09 mouss wrote:
Did anybody see ham coming out of *.retail.telecomitalia.it?
we're blocking the entire network at smtp time since they ignore
abuse reports
and 20% of our spam come
ting your
panties in a twist. Also set your Reply-To accordingly.
> > Stupid question:
>
> there is only stupid answers
Don't mislead; there *are* stupid questions. For context:
http://www.catb.org/~esr/faqs/smart-questions.html
[...]
--
Sahil Tandon <[EMAIL PROTECTED]>
c method for deleting
> spam messages.
>
> Dotfile programming is complicated for nonprogrammers.
> Programming solutions are complicated for nonprogrammers
This is the wrong mailing list for such questions and declarations.
--
Sahil Tandon <[EMAIL PROTECTED]>
hich will be honored by all MUAs?
>
>> If anyone wants private copies, (s)he should ask for them. This is a
>> mailing
>> lists and all members receive all mail posted to it. Even non-members can
>> read it all in archives.
>
> He is acted as is common and expected
database thinks those spammy mails
have hammy attributes. You can try sa-learning those emails so SA will
eventually start assigning a positive score to similar emails in the future.
[...]
--
Sahil Tandon <[EMAIL PROTECTED]>
mAssassin/PerMsgStatus.pm line 164.
>
> Would that look 'seriously broke'?
Your SA installation is suspect because it does not (at least based on the
evidence you provide) install the .pre files. Your problem may now be better
addressed on an Ubuntu mailing list.
--
Sahil Tandon <[EMAIL PROTECTED]>
ease reply off-list to me if you'd like; this is off-topic.
> > Bingo! :) Maybe Matus and Benny will get it now.
>
> Maybe you and Jo will finally get it now.
Agree to disagree. :-) Let's close this thread.
--
Sahil Tandon <[EMAIL PROTECTED]>
to
'undisclosed-recipients'. What's causing this? How can I stop it?
Is this happening with all delivered mail or only messages that lack To:
or Cc: headers?
--
Sahil Tandon <[EMAIL PROTECTED]>
On Jul 9, 2008, at 7:12, "Marcin Praczko" <[EMAIL PROTECTED]> wrote:
Hi There,
I have a question about SA and legitimate mails.
Main mail server is receiving a lot of emails from Internet, and
should to filter mails (which are spam and which are not spam). But
also it is sending a lot of l
t to have a custom rule for
> the subject line?
> If so can someone tell me what the rule might look like (i have never
> written custom rules)
Guide on writing SA rules: http://wiki.apache.org/spamassassin/WritingRules
--
Sahil Tandon <[EMAIL PROTECTED]>
On Jul 14, 2008, at 13:01, "Skip Brott" <[EMAIL PROTECTED]> wrote:
This was probably discussed at some point, but I haven't been
getting emails from the list for some time.
The dates I see on all my sare rule sets are in January when I moved
to 3.2.4. My updates_spamassassin_org.cf file i
evel for
rejection. That's *much* more efficient.
Zen should be one of them. Which Other two RBLs do you trust?
[...]
--
Sahil Tandon
encapsulated into an attachment it will decapsulate the email.
In other words sa-learn will undo any changes which Spamassassin has done
before learning the spam/ham character of the email."
--
Sahil Tandon <[EMAIL PROTECTED]>
> There is a user_prefs file in /var/qmail/vpopmail
That is NOT where SA is looking for the user_prefs file; look at the logs you
pasted above.
[...]
--
Sahil Tandon <[EMAIL PROTECTED]>
Yavuz Maslak <[EMAIL PROTECTED]> wrote:
[...]
Do you have a question? Please do not just paste random log excerpts without
context/background and a specific question.
--
Sahil Tandon <[EMAIL PROTECTED]>
0 to disable individual DNSBLs. To
disable all checks, set skip_rbl_checks to 1. This functionality is noted in
the documentation:
http://wiki.apache.org/spamassassin/DnsBlocklists
--
Sahil Tandon <[EMAIL PROTECTED]>
s and searched for anything that looked like a dns
> server, but couldn't find any. Sometimes it can really suck being on a
> shared system like this.
What are the contents of /etc/resolv.conf?
--
Sahil Tandon <[EMAIL PROTECTED]>
Sahil Tandon <[EMAIL PROTECTED]> wrote:
[...]
> > I got this:
> > $ host 2.0.0.127.zen.spmahaus.org
> > Host 2.0.0.127.zen.spmahaus.org not found: 3(NXDOMAIN)
^^^
> I see the same thing.
Woops! We both just copy&pasted the s
Nitin Bhadauria <[EMAIL PROTECTED]> wrote:
> here i am attaching file with some mails ..
[...]
The attachment was caught by ClamAV sanesecurity signature; consider
deploying that in front of SA.
--
Sahil Tandon <[EMAIL PROTECTED]>
ISSING_CTYPE,MISSING_MIME_HB_SEP,MPART_ALT_DIFF,SUBJ_ALL_CAPS
autolearn=no version=3.2.5
--
Sahil Tandon <[EMAIL PROTECTED]>
On Aug 5, 2008, at 7:32, Nitin Bhadauria <[EMAIL PROTECTED]>
wrote:
Jens Kleikamp wrote:
Nitin Bhadauria schrieb:
Sahil Tandon wrote:
Nitin Bhadauria <[EMAIL PROTECTED]> wrote:
How is it possible that these kind of mail are not spam tagged
my sapmassassin...
etting up a quick access map that
intercepts all messages to that address and redirects them to postmaster.
You'll then have to contact those users and ask them to change their
passwords immediately.
--
Sahil Tandon <[EMAIL PROTECTED]>
Karsten Br?ckelmann <[EMAIL PROTECTED]> wrote:
> Hmm... Sahil, Nitin -- guys, you are seriously confusing me.
I am perplexed by your confusion, but I will try to help you.
> Sahil, this is just odd. The examples *do* have the HB_SEP blank line. I
> guess your download broke or
diosyncrasies that are off-topic here. In any case, I
understand how SA works and acknowledge the implications of fiddling with
the rules. TIMTOWDI. Thank you.
--
Sahil Tandon <[EMAIL PROTECTED]>
tnames,
stops a lot of UCE well before greylisting or SA get involved.
--
Sahil Tandon <[EMAIL PROTECTED]>
Their postmasters and other administrative
contacts have not been responsive.
--
Sahil Tandon <[EMAIL PROTECTED]>
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Yes, I'm saying instead of just letting sa-update fail with the generic
> GNU message and GNU hyperlink, setting the user off on a PhD Thesis
> effort
Wow. Hyperbole much?
--
Sahil Tandon <[EMAIL PROTECTED]>
es have already been filtered through SpamAssassin, the
learner will ignore any modifications SpamAssassin may have made.
> 2.
> subject tagged ***SPAM*** by qmailscanner
>
> or can I leave mails as they are in .mbox?
'man Mail::SpamAssassin::Conf' and read about bayes_ignore_header.
--
Sahil Tandon <[EMAIL PROTECTED]>
w how I can re-enable it!
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5776#c3
--
Sahil Tandon <[EMAIL PROTECTED]>
1 - 100 of 123 matches
Mail list logo
