Discussion:
Increased Volumes Of Spam
Jeramy Eling
2007-01-16 14:58:05 UTC
Permalink
Hi All,

We've been running Mail Scanner here for a few years now and it's
brilliant, however more recently we are starting to see more and more
spam getting to our desktop users. The spam seems to be made up of
random subjects and have a random string of words at the bottom of the
messages. I'm just curious to see how other people are dealing with this
sort of spam and stopping it from getting through to their desktops.
Currently we receive about 2800 emails a day into our company and about
50% of that gets stopped as spam but still a lot gets through to our
users.

Any thoughts/ideas/comments would be much appreciated.

Many thanks

Jez

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/3a4a3397/attachment.html
uxbod
2007-01-16 15:04:14 UTC
Permalink
What checks are you running ? We receive ~150k messages per day and block ~98% of the SPAM.
Post by Jeramy Eling
Hi All,
We've been running Mail Scanner here for a few years now and it's
brilliant, however more recently we are starting to see more and more
spam getting to our desktop users. The spam seems to be made up of
random subjects and have a random string of words at the bottom of the
messages. I'm just curious to see how other people are dealing with this
sort of spam and stopping it from getting through to their desktops.
Currently we receive about 2800 emails a day into our company and about
50% of that gets stopped as spam but still a lot gets through to our
users.
Any thoughts/ideas/comments would be much appreciated.
Many thanks
Jez
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8
// Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8
--
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.
Glenn Steen
2007-01-16 15:12:05 UTC
Permalink
Post by Jeramy Eling
Hi All,
We've been running Mail Scanner here for a few years now and it's brilliant,
however more recently we are starting to see more and more spam getting to
our desktop users. The spam seems to be made up of random subjects and have
a random string of words at the bottom of the messages. I'm just curious to
see how other people are dealing with this sort of spam and stopping it from
getting through to their desktops. Currently we receive about 2800 emails a
day into our company and about 50% of that gets stopped as spam but still a
lot gets through to our users.
Any thoughts/ideas/comments would be much appreciated.
Many thanks
Jez
Have you kept current with MailScanner and SpamAssassin versions?
sa-update?
Do you employ the digest checks (Razor, Pyzor and/or DCC)?
Bayes?
Have you implemented ImageInfo (form www.rulesemporium.com (or any
other SARE rules, for that matter...)?
FuzzyOcr?
Do you reject unknown recipients at the MTA level?
...

These are all more or less standard recommendations, especially for
relatively low-volume sites like yours (and mine:-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
Jeramy Eling
2007-01-16 15:12:34 UTC
Permalink
We run the following checks :-

Bayes
SpamAssassin
MCP
ORDB-RBL
SBL+XBL


-----Original Message-----
From: uxbod [mailto:***@splatnix.net]
Sent: 16 January 2007 09:03
To: MailScanner discussion
Subject: Re: Increased Volumes Of Spam
Importance: Low


What checks are you running ? We receive ~150k messages per day and
block ~98% of the SPAM.

On Tue, 16 Jan 2007 08:55:51 -0000, "Jeramy Eling"
Post by Jeramy Eling
Hi All,
We've been running Mail Scanner here for a few years now and it's
brilliant, however more recently we are starting to see more and more
spam getting to our desktop users. The spam seems to be made up of
random subjects and have a random string of words at the bottom of the
messages. I'm just curious to see how other people are dealing with
this sort of spam and stopping it from getting through to their
desktops. Currently we receive about 2800 emails a day into our
company and about 50% of that gets stopped as spam but still a lot
gets through to our users.
Any thoughts/ideas/comments would be much appreciated.
Many thanks
Jez
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 //
Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8
--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Denis Beauchemin
2007-01-16 23:09:51 UTC
Permalink
Post by Jeramy Eling
We run the following checks :-
Bayes
SpamAssassin
MCP
ORDB-RBL
SBL+XBL
Jeramy,

ORDB-RBL is dead. You should remove it from your MS/SA setup.

Denis
--
_
?v? Denis Beauchemin, analyste
/(_)\ Universit? de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070116/afbbbc2b/smime.bin
Jeramy Eling
2007-01-16 15:28:25 UTC
Permalink
My Mail Scanner and Spam Assassin are both kept up to date with any new
releases as for the checks at this moment in time we don't do Pyzor or
DCC but I will look into them as I have heard of them. I've not heard of
ImageInfo so I need to look into that one and FuzzyOCR. As for rejecting
unknown recipients I do this at SendMail level as MailScanner is just a
gateway for my Exchange 2K Server.

Thanks for input.

Jez

-----Original Message-----
From: Glenn Steen [mailto:***@gmail.com]
Sent: 16 January 2007 09:10
To: MailScanner discussion
Subject: Re: Increased Volumes Of Spam
Post by Jeramy Eling
Hi All,
We've been running Mail Scanner here for a few years now and it's
brilliant, however more recently we are starting to see more and more
spam getting to our desktop users. The spam seems to be made up of
random subjects and have a random string of words at the bottom of the
messages. I'm just curious to see how other people are dealing with
this sort of spam and stopping it from getting through to their
desktops. Currently we receive about 2800 emails a day into our
company and about 50% of that gets stopped as spam but still a lot
gets through to our users.
Any thoughts/ideas/comments would be much appreciated.
Many thanks
Jez
Have you kept current with MailScanner and SpamAssassin versions?
sa-update? Do you employ the digest checks (Razor, Pyzor and/or DCC)?
Bayes? Have you implemented ImageInfo (form www.rulesemporium.com (or
any other SARE rules, for that matter...)? FuzzyOcr? Do you reject
unknown recipients at the MTA level? ...

These are all more or less standard recommendations, especially for
relatively low-volume sites like yours (and mine:-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
uxbod
2007-01-16 15:33:47 UTC
Permalink
Well worth setting up FuzzyOCR http://fuzzyocr.own-hero.net/ we block a huge amount of Image SPAM using this.
Post by Jeramy Eling
My Mail Scanner and Spam Assassin are both kept up to date with any new
releases as for the checks at this moment in time we don't do Pyzor or
DCC but I will look into them as I have heard of them. I've not heard of
ImageInfo so I need to look into that one and FuzzyOCR. As for rejecting
unknown recipients I do this at SendMail level as MailScanner is just a
gateway for my Exchange 2K Server.
Thanks for input.
Jez
-----Original Message-----
Sent: 16 January 2007 09:10
To: MailScanner discussion
Subject: Re: Increased Volumes Of Spam
Post by Jeramy Eling
Hi All,
We've been running Mail Scanner here for a few years now and it's
brilliant, however more recently we are starting to see more and more
spam getting to our desktop users. The spam seems to be made up of
random subjects and have a random string of words at the bottom of the
messages. I'm just curious to see how other people are dealing with
this sort of spam and stopping it from getting through to their
desktops. Currently we receive about 2800 emails a day into our
company and about 50% of that gets stopped as spam but still a lot
gets through to our users.
Any thoughts/ideas/comments would be much appreciated.
Many thanks
Jez
Have you kept current with MailScanner and SpamAssassin versions?
sa-update? Do you employ the digest checks (Razor, Pyzor and/or DCC)?
Bayes? Have you implemented ImageInfo (form www.rulesemporium.com (or
any other SARE rules, for that matter...)? FuzzyOcr? Do you reject
unknown recipients at the MTA level? ...
These are all more or less standard recommendations, especially for
relatively low-volume sites like yours (and mine:-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8
// Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8
--
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.
Jeramy Eling
2007-01-16 16:08:00 UTC
Permalink
I'm in the process of installing the Pyzor software, however whenever I
run the Lint test in SA it tells me 'local tests only, disabling Pyzor',
could anyone offer any guideance as to how to ensure the software is
working correctly. I've followed the steps on the Wiki for MailScanner
etc.

Many Thanks


-----Original Message-----
From: Glenn Steen [mailto:***@gmail.com]
Sent: 16 January 2007 09:10
To: MailScanner discussion
Subject: Re: Increased Volumes Of Spam
Post by Jeramy Eling
Hi All,
We've been running Mail Scanner here for a few years now and it's
brilliant, however more recently we are starting to see more and more
spam getting to our desktop users. The spam seems to be made up of
random subjects and have a random string of words at the bottom of the
messages. I'm just curious to see how other people are dealing with
this sort of spam and stopping it from getting through to their
desktops. Currently we receive about 2800 emails a day into our
company and about 50% of that gets stopped as spam but still a lot
gets through to our users.
Any thoughts/ideas/comments would be much appreciated.
Many thanks
Jez
Have you kept current with MailScanner and SpamAssassin versions?
sa-update? Do you employ the digest checks (Razor, Pyzor and/or DCC)?
Bayes? Have you implemented ImageInfo (form www.rulesemporium.com (or
any other SARE rules, for that matter...)? FuzzyOcr? Do you reject
unknown recipients at the MTA level? ...

These are all more or less standard recommendations, especially for
relatively low-volume sites like yours (and mine:-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Glenn Steen
2007-01-16 17:30:21 UTC
Permalink
Post by Jeramy Eling
I'm in the process of installing the Pyzor software, however whenever I
run the Lint test in SA it tells me 'local tests only, disabling Pyzor',
could anyone offer any guideance as to how to ensure the software is
working correctly. I've followed the steps on the Wiki for MailScanner
etc.
Many Thanks
SA 3.1.7 doesn't do network tests in the --lint any more. Test it with
spamassassin -t -D < /path/to/test/message
instead.

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
Glenn Steen
2007-01-16 17:34:15 UTC
Permalink
Post by Glenn Steen
Post by Jeramy Eling
I'm in the process of installing the Pyzor software, however whenever I
run the Lint test in SA it tells me 'local tests only, disabling Pyzor',
could anyone offer any guideance as to how to ensure the software is
working correctly. I've followed the steps on the Wiki for MailScanner
etc.
Many Thanks
SA 3.1.7 doesn't do network tests in the --lint any more. Test it with
spamassassin -t -D < /path/to/test/message
instead.
Another thing, if you do a "pyzor discover" you will get the official
server... that one seems to be less than working these day (always
gives me a timeout error). manually edit your servers file and put
82.94.255.100:24441
there instead. Works rather better that way.
Test it with a "pyzor ping".

Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
Ed Bruce
2007-01-16 20:53:46 UTC
Permalink
Post by Glenn Steen
Post by Jeramy Eling
Post by Jeramy Eling
I'm in the process of installing the Pyzor software, however
whenever I
Post by Jeramy Eling
run the Lint test in SA it tells me 'local tests only, disabling
Pyzor',
Post by Jeramy Eling
could anyone offer any guideance as to how to ensure the software is
working correctly. I've followed the steps on the Wiki for MailScanner
etc.
Many Thanks
SA 3.1.7 doesn't do network tests in the --lint any more. Test it with
spamassassin -t -D < /path/to/test/message
instead.
Another thing, if you do a "pyzor discover" you will get the official
server... that one seems to be less than working these day (always
gives me a timeout error). manually edit your servers file and put
82.94.255.100:24441
there instead. Works rather better that way.
Test it with a "pyzor ping".
Cheers
I gave up trying to get pyzor working and just use DCC and razor2.
Randal, Phil
2007-01-16 19:28:08 UTC
Permalink
Which MTA are you using?

If it's Sendmail 8.13, consider using the GreetPause feature. You'll
need to tune this because there are many broken MTAs out there.

cbl.abuseat.org or zen.spamhaus.org are both good enough to reject mail
at the MTA level, search the archives for the details of how to override
the rbls for specific senders / recipients in sendmail's "access" file.

And try milter-greylist as well. I use a bunch of less reliable RBLs to
greylist by.

Use the rules from www.rulesemporium.com (and the rules_du_jour script).

I find "Fred's Headers" rule useful too.

Adding ImageInfo from http://rulesemporium.com/plugins/ helps too.

Cheers,

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
Post by Jeramy Eling
-----Original Message-----
Of Jeramy Eling
Sent: 16 January 2007 09:10
To: MailScanner discussion
Subject: RE: Increased Volumes Of Spam
We run the following checks :-
Bayes
SpamAssassin
MCP
ORDB-RBL
SBL+XBL
-----Original Message-----
Sent: 16 January 2007 09:03
To: MailScanner discussion
Subject: Re: Increased Volumes Of Spam
Importance: Low
What checks are you running ? We receive ~150k messages per day and
block ~98% of the SPAM.
On Tue, 16 Jan 2007 08:55:51 -0000, "Jeramy Eling"
Post by Jeramy Eling
Hi All,
We've been running Mail Scanner here for a few years now and it's
brilliant, however more recently we are starting to see
more and more
Post by Jeramy Eling
spam getting to our desktop users. The spam seems to be made up of
random subjects and have a random string of words at the
bottom of the
Post by Jeramy Eling
messages. I'm just curious to see how other people are dealing with
this sort of spam and stopping it from getting through to their
desktops. Currently we receive about 2800 emails a day into our
company and about 50% of that gets stopped as spam but still a lot
gets through to our users.
Any thoughts/ideas/comments would be much appreciated.
Many thanks
Jez
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: 543A E778 7F2D 98F1 3E50 9C1F F190 93E0 E8E8 0CF8 //
Keyserver: www.keyserver.net Key-ID: 0xE8E80CF8
--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Richard Frovarp
2007-01-16 23:41:39 UTC
Permalink
Post by Randal, Phil
Which MTA are you using?
If it's Sendmail 8.13, consider using the GreetPause feature. You'll
need to tune this because there are many broken MTAs out there.
cbl.abuseat.org or zen.spamhaus.org are both good enough to reject mail
at the MTA level, search the archives for the details of how to override
the rbls for specific senders / recipients in sendmail's "access" file.
And try milter-greylist as well. I use a bunch of less reliable RBLs to
greylist by.
Use the rules from www.rulesemporium.com (and the rules_du_jour script).
I find "Fred's Headers" rule useful too.
These can now be pulled using sa-update. I am pretty sure I saw
something a while ago that state in effect that rule_du_jour is going
away in favor of sa-update. Instructions in the SA wiki on how to use
SARE rules with sa-update.
Scott Silva
2007-01-17 00:27:03 UTC
Permalink
Post by Randal, Phil
Which MTA are you using?
If it's Sendmail 8.13, consider using the GreetPause feature. You'll
need to tune this because there are many broken MTAs out there.
cbl.abuseat.org or zen.spamhaus.org are both good enough to reject mail
at the MTA level, search the archives for the details of how to override
the rbls for specific senders / recipients in sendmail's "access" file.
cbl.abuseat.org is part of zen.spamhaus.org, via the included lookup against
the xbl list, so using both just increases your dns lookups without any extra
benefit.
Greetpause does help a lot, as I probably drop 10 to 20% of the spam with it
alone. Five seconds is a good starting point, but probably not over 30 seconds.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Durval Menezes
2007-01-20 06:07:59 UTC
Permalink
Hello folks,
Post by Scott Silva
Greetpause does help a lot, as I probably drop 10 to 20% of the spam with it
alone. Five seconds is a good starting point, but probably not over 30 seconds.
The first time I became aware of GreetPause, I dismissed it as probably
not very effective, because it would be very simple for spammers to adapt
by just stopping the slam; on the negative side, it would end up slowing
ALL traffic, including the legitimate (non-spam) emails.

Then I came upon Scott's (and others) recommendations, as above, and I
wondered if my initial analysis was incorrect; today, I found the time
to configure one of my servers to use GreetPause, and measured its
efficiency using pause intervals of 1s, 5s and 10s. The numbers I
obtained are as follows:

Pause: GreetPause: total connections: pre-greet/conexoes:
1s 14 645 2.17%
5s 19 383 4.96%
10s 36 535 6.73%

What's worse, about 80% of the connections blocked by GreetPause would
have been blocked anyway by the MTA using RBLs alone, so the *effective*
Greetpause improvement over using RBLs alone would be about 1% or less,
even with relativelly large (10s) pauses.

I've rechecked my analysis and found no mistakes; are you folks *really*
measuring GreetPause efficiency and finding these 10-20% numbers, or are
you deriving these numbers more from "feeling" or something? What other
explanations for the above discrepancies can you think of?

If anyone wants to sift through my logs, I can make then avalable;
just ask.

Thanks in advance for any and all input.

Best Regards,
--
Durval Menezes (durval AT tmp DOT com DOT br, http://www.tmp.com.br/)
Res
2007-01-20 06:21:34 UTC
Permalink
Post by Durval Menezes
I've rechecked my analysis and found no mistakes; are you folks *really*
measuring GreetPause efficiency and finding these 10-20% numbers, or are
you deriving these numbers more from "feeling" or something? What other
explanations for the above discrepancies can you think of?
The fact remains mail servers should WAIT for the 220 msg, those that
dont, are ill configured, most likely but not always spammers.

Either way they dont observe protocol so why the hell SHOULD we accept
mail from. I certainly don't and wont.
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Scott Silva
2007-01-20 06:57:35 UTC
Permalink
Post by Durval Menezes
Hello folks,
Post by Scott Silva
Greetpause does help a lot, as I probably drop 10 to 20% of the spam with it
alone. Five seconds is a good starting point, but probably not over 30 seconds.
The first time I became aware of GreetPause, I dismissed it as probably
not very effective, because it would be very simple for spammers to adapt
by just stopping the slam; on the negative side, it would end up slowing
ALL traffic, including the legitimate (non-spam) emails.
Then I came upon Scott's (and others) recommendations, as above, and I
wondered if my initial analysis was incorrect; today, I found the time
to configure one of my servers to use GreetPause, and measured its
efficiency using pause intervals of 1s, 5s and 10s. The numbers I
1s 14 645 2.17%
5s 19 383 4.96%
10s 36 535 6.73%
What's worse, about 80% of the connections blocked by GreetPause would
have been blocked anyway by the MTA using RBLs alone, so the *effective*
Greetpause improvement over using RBLs alone would be about 1% or less,
even with relativelly large (10s) pauses.
I've rechecked my analysis and found no mistakes; are you folks *really*
measuring GreetPause efficiency and finding these 10-20% numbers, or are
you deriving these numbers more from "feeling" or something? What other
explanations for the above discrepancies can you think of?
If anyone wants to sift through my logs, I can make then avalable;
just ask.
Thanks in advance for any and all input.
Best Regards,
Many cannot use all the good blacklists, and greetpause does catch some of the
newer spammers that haven't hit the blacklists yet.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Alex Neuman
2007-01-20 20:27:39 UTC
Permalink
In my particular case I've had to turn off greylisting for a few
servers because the owners would rather throw more resources at the
problem (cpu, ram, etc.) to check mail after it's received. Most
people I know get used to the additional delay after a while, but
there are some users who are more... let's call it "recalcitrant".

In any case, GreetPause became a permanent addition to the "bat-belt"
as soon as it came out. No cases of collateral damage so far, as with
FPs in RBL's and so on, and it works not just against slammers but a
lot of DOS situations as well.

If I had only one thing to pick to keep from my setup it would be
GreetPause.
Post by Scott Silva
Post by Durval Menezes
Hello folks,
Post by Scott Silva
Greetpause does help a lot, as I probably drop 10 to 20% of the spam with it
alone. Five seconds is a good starting point, but probably not
over 30
seconds.
The first time I became aware of GreetPause, I dismissed it as probably
not very effective, because it would be very simple for spammers to adapt
by just stopping the slam; on the negative side, it would end up slowing
ALL traffic, including the legitimate (non-spam) emails.
Then I came upon Scott's (and others) recommendations, as above, and I
wondered if my initial analysis was incorrect; today, I found the time
to configure one of my servers to use GreetPause, and measured its
efficiency using pause intervals of 1s, 5s and 10s. The numbers I
1s 14 645 2.17%
5s 19 383 4.96%
10s 36 535 6.73%
What's worse, about 80% of the connections blocked by GreetPause would
have been blocked anyway by the MTA using RBLs alone, so the
*effective*
Greetpause improvement over using RBLs alone would be about 1% or less,
even with relativelly large (10s) pauses.
I've rechecked my analysis and found no mistakes; are you folks *really*
measuring GreetPause efficiency and finding these 10-20% numbers, or are
you deriving these numbers more from "feeling" or something? What other
explanations for the above discrepancies can you think of?
If anyone wants to sift through my logs, I can make then avalable;
just ask.
Thanks in advance for any and all input.
Best Regards,
Many cannot use all the good blacklists, and greetpause does catch some of the
newer spammers that haven't hit the blacklists yet.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Res
2007-01-21 03:23:54 UTC
Permalink
In my particular case I've had to turn off greylisting for a few servers
because the owners would rather throw more resources at the problem (cpu,
ram, etc.) to check mail after it's received. Most people I know get used to
the additional delay after a while, but there are some users who are more...
let's call it "recalcitrant".
The problem with your annoyance at your paying customers who dont
want greylisting comment here is, business emails are time
critical, it is unacceptable to delay email destined for lawyers, real
estates, accountants and every other company where time is crucial, like
those vying for multi-million dollar contracts.


Picture this:

its 9.10am a QC is due in high court at 10am

most hosting mail servers are very busy so its retry queue is set hourly
to avoid problems wih normal mail

QC tells the barrister he needs that info NOW "email it to me"
barrister sends email 15 seconds later.

At 9.10 your grey laming said "i dunno if your a lamer or not try again
later"

9.40 QC must leave for court, its still not there.

10.00 its retried and accepted, ..tuff luck the QC is right now before the
full bench of the high court about to see his client slammed away fo 30
years because of a lame mail server that delayed the crucial evidence.


OR what about the building sub contractor who just lost out on a 500
million dollar project to Donald Trump, he's going to think, if
you cant manage to get and read such a simple effortless thing like an
email in half an hour do I really want to deal with you.

I dunno maybe you people dont have time crucial customers :)
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Dan Hollis
2007-01-21 03:36:53 UTC
Permalink
nice strawman, but any mailserver worth its beans will let individual
customers disable greylisting.
In my particular case I've had to turn off greylisting for a few servers
because the owners would rather throw more resources at the problem (cpu,
ram, etc.) to check mail after it's received. Most people I know get used
to the additional delay after a while, but there are some users who are
more... let's call it "recalcitrant".
The problem with your annoyance at your paying customers who dont want
greylisting comment here is, business emails are time critical, it is
unacceptable to delay email destined for lawyers, real estates, accountants
and every other company where time is crucial, like those vying for
multi-million dollar contracts.
its 9.10am a QC is due in high court at 10am
most hosting mail servers are very busy so its retry queue is set hourly to
avoid problems wih normal mail
QC tells the barrister he needs that info NOW "email it to me"
barrister sends email 15 seconds later.
At 9.10 your grey laming said "i dunno if your a lamer or not try again
later"
9.40 QC must leave for court, its still not there.
10.00 its retried and accepted, ..tuff luck the QC is right now before the
full bench of the high court about to see his client slammed away fo 30 years
because of a lame mail server that delayed the crucial evidence.
OR what about the building sub contractor who just lost out on a 500 million
dollar project to Donald Trump, he's going to think, if you cant manage to
get and read such a simple effortless thing like an email in half an hour do
I really want to deal with you.
I dunno maybe you people dont have time crucial customers :)
--
Cheers
Res
"So, you think you can tell Heaven from Hell?" - Roger Waters
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Res
2007-01-21 03:42:58 UTC
Permalink
Post by Dan Hollis
nice strawman, but any mailserver worth its beans will let individual
customers disable greylisting.
you assume the users are tech savvy, half of them are lucky to know how to
turn a damn PC on let alone do anything else, and they admit it.
Post by Dan Hollis
In my particular case I've had to turn off greylisting for a few servers
because the owners would rather throw more resources at the problem (cpu,
ram, etc.) to check mail after it's received. Most people I know get used
to the additional delay after a while, but there are some users who are
more... let's call it "recalcitrant".
The problem with your annoyance at your paying customers who dont want
greylisting comment here is, business emails are time critical, it is
unacceptable to delay email destined for lawyers, real estates, accountants
and every other company where time is crucial, like those vying for
multi-million dollar contracts.
its 9.10am a QC is due in high court at 10am
most hosting mail servers are very busy so its retry queue is set hourly to
avoid problems wih normal mail
QC tells the barrister he needs that info NOW "email it to me"
barrister sends email 15 seconds later.
At 9.10 your grey laming said "i dunno if your a lamer or not try again
later"
9.40 QC must leave for court, its still not there.
10.00 its retried and accepted, ..tuff luck the QC is right now before the
full bench of the high court about to see his client slammed away fo 30
years because of a lame mail server that delayed the crucial evidence.
OR what about the building sub contractor who just lost out on a 500
million dollar project to Donald Trump, he's going to think, if you cant
manage to get and read such a simple effortless thing like an email in half
an hour do I really want to deal with you.
I dunno maybe you people dont have time crucial customers :)
--
Cheers
Res
"So, you think you can tell Heaven from Hell?" - Roger Waters
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Dan Hollis
2007-01-21 04:08:35 UTC
Permalink
Post by Res
Post by Dan Hollis
nice strawman, but any mailserver worth its beans will let individual
customers disable greylisting.
you assume the users are tech savvy, half of them are lucky to know how to
turn a damn PC on let alone do anything else, and they admit it.
then they're obviously too stupid to use an email client right? its
obviously beyond their abilities. problem solved.
Res
2007-01-21 04:54:26 UTC
Permalink
then they're obviously too stupid to use an email client right? its obviously
beyond their abilities. problem solved.
what a pathetic childish attitude, everyone starts somewhere

their dollar is just as good as anyone elses in the real world, dunno bout
the fantasyland you seem to live in lol.
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Dennis Willson
2007-01-21 14:16:27 UTC
Permalink
eMail has no guarantee of delivery or especially timing of delivery.

There are many many things that can effect the timing of delivery. If a
lawyer or other business needs an instant or guaranteed time of delivery
they certainly shouldn't be using eMail. Most servers retry within a few
minutes. I have my greylisting set to only force a 2 minute delay AND
this only occurs on the very first send form one user to another, each
additional email is not delayed at all.

This is really not a valid excuse...
Post by Alex Neuman
In my particular case I've had to turn off greylisting for a few
servers because the owners would rather throw more resources at the
problem (cpu, ram, etc.) to check mail after it's received. Most
people I know get used to the additional delay after a while, but
there are some users who are more... let's call it "recalcitrant".
The problem with your annoyance at your paying customers who dont want
greylisting comment here is, business emails are time critical, it is
unacceptable to delay email destined for lawyers, real estates,
accountants and every other company where time is crucial, like those
vying for multi-million dollar contracts.
its 9.10am a QC is due in high court at 10am
most hosting mail servers are very busy so its retry queue is set
hourly to avoid problems wih normal mail
QC tells the barrister he needs that info NOW "email it to me"
barrister sends email 15 seconds later.
At 9.10 your grey laming said "i dunno if your a lamer or not try
again later"
9.40 QC must leave for court, its still not there.
10.00 its retried and accepted, ..tuff luck the QC is right now before
the full bench of the high court about to see his client slammed away
fo 30 years because of a lame mail server that delayed the crucial
evidence.
OR what about the building sub contractor who just lost out on a 500
million dollar project to Donald Trump, he's going to think, if you
cant manage to get and read such a simple effortless thing like an
email in half an hour do I really want to deal with you.
I dunno maybe you people dont have time crucial customers :)
Res
2007-01-21 18:07:13 UTC
Permalink
Post by Dennis Willson
eMail has no guarantee of delivery or especially timing of delivery.
There are many many things that can effect the timing of delivery. If a
lawyer or other business needs an instant or guaranteed time of delivery they
certainly shouldn't be using eMail. Most servers retry within a few minutes.
this is not the case in reality, host servers that process real
quantities of mail do not retry within minutes, typicaly its 10/15/30 60
mins depending on how busy the servers are.
Post by Dennis Willson
I have my greylisting set to only force a 2 minute delay AND this only occurs
the amount of time anyone sets greylaming to is moot, it comes down to
when the attempting to send server, retries.

if any tech under my control initiates greylisting on any server i will
dismiss them instantly, our customers want their mail asap that means
without delay, and I pride myself in ensuring that happens, it keeps the
paying customers happy, if they happy I'm happy.

but each to our own, clearly you dont give a stuff when your
customers get mail, which is your business entirely, so long as your
cusotmers are prepared to tolerate it, and accept that deliberate delaying
of their inbound mail is not the norm with every service providor and you
advise them of this prior to their application of your serices, you do
warn them you delay their mail dont you?
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Dan Hollis
2007-01-21 18:30:17 UTC
Permalink
Post by Res
but each to our own, clearly you dont give a stuff when your
customers get mail, which is your business entirely, so long as your
cusotmers are prepared to tolerate it, and accept that deliberate delaying of
their inbound mail is not the norm with every service providor and you advise
them of this prior to their application of your serices, you do warn them you
delay their mail dont you?
you can also default it to off, and let customers enable it at their discretion.

customer choice. what a concept, eh? but with you its obviously not a choice.

-Dan
Res
2007-01-22 13:40:29 UTC
Permalink
Post by Dan Hollis
Post by Res
but each to our own, clearly you dont give a stuff when your
customers get mail, which is your business entirely, so long as your
cusotmers are prepared to tolerate it, and accept that deliberate delaying
of their inbound mail is not the norm with every service providor and you
advise them of this prior to their application of your serices, you do warn
them you delay their mail dont you?
you can also default it to off, and let customers enable it at their discretion.
customer choice. what a concept, eh? but with you its obviously not a choice.
Its worked not having it rather nicely here...
why add to it with another waste of hardware to have a db server
specific for it, i'm not going to bog down our primary db servers so it
can do extra greylaming lookups, not when they process constantly 200-500
cps depending on time of day, not worth it.
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
--[ UxBoD ]--
2007-01-21 18:34:20 UTC
Permalink
Per domain opt in/out is the way to go. Most GreyListing applications
store their data in some form of database, so making the choice
customer driven is very easy to implement.

At the end of the day everybody has different needs, but most customers
winge about how much SPAM they receive. Any form of countermeasure
introduces a delay, even MailScanner, so whatever you do a customers
email is always going to be delayed.

Just my 2p worth.

On Sun, 21 Jan 2007 22:04:34 +1000 (EST)
Post by Res
Post by Dennis Willson
eMail has no guarantee of delivery or especially timing of delivery.
There are many many things that can effect the timing of delivery.
If a lawyer or other business needs an instant or guaranteed time
of delivery they
certainly shouldn't be using eMail. Most servers retry within a few minutes.
this is not the case in reality, host servers that process real
quantities of mail do not retry within minutes, typicaly its 10/15/30
60 mins depending on how busy the servers are.
Post by Dennis Willson
I have my greylisting set to only force a 2 minute delay AND this only occurs
the amount of time anyone sets greylaming to is moot, it comes down
to when the attempting to send server, retries.
if any tech under my control initiates greylisting on any server i
will dismiss them instantly, our customers want their mail asap that
means without delay, and I pride myself in ensuring that happens, it
keeps the paying customers happy, if they happy I'm happy.
but each to our own, clearly you dont give a stuff when your
customers get mail, which is your business entirely, so long as your
cusotmers are prepared to tolerate it, and accept that deliberate
delaying of their inbound mail is not the norm with every service
providor and you advise them of this prior to their application of
your serices, you do warn them you delay their mail dont you?
--
This message has been scanned for viruses and dangerous content by MailScanner, and is
believed to be clean.
Res
2007-01-22 13:40:52 UTC
Permalink
Post by --[ UxBoD ]--
Per domain opt in/out is the way to go. Most GreyListing applications
store their data in some form of database, so making the choice
customer driven is very easy to implement.
see previous post :)
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Michael Baird
2007-01-21 20:50:12 UTC
Permalink
Post by Res
Post by Dennis Willson
eMail has no guarantee of delivery or especially timing of delivery.
There are many many things that can effect the timing of delivery. If a
lawyer or other business needs an instant or guaranteed time of delivery they
certainly shouldn't be using eMail. Most servers retry within a few minutes.
this is not the case in reality, host servers that process real
quantities of mail do not retry within minutes, typicaly its 10/15/30 60
mins depending on how busy the servers are.
Not if they are working properly, they should retry immediately to
another MX, at which time the tuple would have been propagated between
MX servers (using a very short delay of course). Well at least the
greylisting scheme we use does this.
Post by Res
Post by Dennis Willson
I have my greylisting set to only force a 2 minute delay AND this only occurs
the amount of time anyone sets greylaming to is moot, it comes down to
when the attempting to send server, retries.
if any tech under my control initiates greylisting on any server i will
dismiss them instantly, our customers want their mail asap that means
without delay, and I pride myself in ensuring that happens, it keeps the
paying customers happy, if they happy I'm happy.
MailScanner imposes a much greater delay per message then what you will
see with Greylisting, so if this is truly your goal, you should dismiss
yourself, since you appear to be using MailScanner and it imposes a much
greater delay per message then the greylisting schemes do.
Post by Res
but each to our own, clearly you dont give a stuff when your
customers get mail, which is your business entirely, so long as your
cusotmers are prepared to tolerate it, and accept that deliberate delaying
of their inbound mail is not the norm with every service providor and you
advise them of this prior to their application of your serices, you do
warn them you delay their mail dont you?
Clearly you don't care very much either, since you are delaying each and
every mail by a significant amount processing them via MailScanner.
Maybe if you used greylisting you could bring the batch processing times
down though, and bring the delay per message imposed by MailScanner down
a bit (certainly for legit mail).

Regards
Michael Baird
Res
2007-01-22 14:00:41 UTC
Permalink
Post by Michael Baird
Not if they are working properly, they should retry immediately to
another MX, at which time the tuple would have been propagated between
your statement works assuming they are linked to same DB, but of course
retries would be instant, most the grey lame servs wont accept you if
you connect in seconds (sourceforge servers for eg dont work that way)
so back you go into the queue to be retried later.
Post by Michael Baird
MailScanner imposes a much greater delay per message then what you will
see with Greylisting, so if this is truly your goal, you should dismiss
thats the most stupdist comment ive seen no this list, ever, no it
does not.
Post by Michael Baird
From time of acceptance, the mail is typcially in their mailbox (or mail
dir if its one of the qmail servers) within no more than 30 seconds,
typically its 5.
Post by Michael Baird
Clearly you don't care very much either, since you are delaying each and
every mail by a significant amount processing them via MailScanner.
Not on my setup. greet pause, blocking no RDNS because idiot
incompetant admins dont know how to configure DNS, blocking bad helo,
and 4 RBL's, means mostly legit email only gets through, there is 13 msgs
from past 7 days in the high scored quarantine directory, high score here
is set to 10.
Post by Michael Baird
Maybe if you used greylisting you could bring the batch processing times
down though, and bring the delay per message imposed by MailScanner down
a bit (certainly for legit mail).
I fail to see the delay? I dont exactly use desktop PC's
I use batch size of 50 and have 20 copies mailscanner running (4 real
CPUs x5 which is what is recommended) I use 1 gig ram drive, the setup
works nicely i'm not about to screw with it, based on the stats i have.

so I tell you what, when I see constant delays of more than several
minutes I will put it on one of the boxes and see if it makes any
difference, but i know i wont be doing it any year soon :)
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Rob Poe
2007-02-05 23:11:29 UTC
Permalink
Post by Dennis Willson
The problem with your annoyance at your paying customers who dont want
greylisting comment here is, business emails are time critical, it is
unacceptable to delay email destined for lawyers, real estates,
accountants and every other company where time is crucial, like those
vying for multi-million dollar contracts.
minutes. I have my greylisting set to only force a 2 minute delay AND
this only occurs on the very first send form one user to another, each
additional email is not delayed at all.
This is really not a valid excuse...
Actually, it is, yes. I do MailScanning for a law firm that does
business with .. err .. multi billion dollar companies. You'd KNOW the
name if I said it (which I won't - it's not necessary). I run GL on my
servers, and have been seeing more and more corporate mails getting
delayed for very long periods of time ( > 1 day) because people are
using server that round-robin outgoing messages via multiple SMTP
servers ... and the GL module I use keeps everything in memory (not disk
/ sql) so if I have to restart it for (whatever) reason it loses the GL
tuple - then everything starts over again.

Is the round robin sending a bad thing? Yeah, it probably is. But
it's not something *I* can control. And I'm sorry, I'm not going to
lose a contract with that law firm because they missed a filing deadline
with the court because an email was delayed. Email delivery isn't
guaranteed - but we (sysadmins across the globe) have made damn sure
that it makes it as QUICKLY as it can .. and the (l)users have gotten
used to it.
Peter Nitschke
2007-02-06 00:08:12 UTC
Permalink
Post by Rob Poe
Actually, it is, yes. I do MailScanning for a law firm that does
business with .. err .. multi billion dollar companies. You'd KNOW the
name if I said it (which I won't - it's not necessary). I run GL on my
servers, and have been seeing more and more corporate mails getting
delayed for very long periods of time ( > 1 day) because people are
using server that round-robin outgoing messages via multiple SMTP
servers ... and the GL module I use keeps everything in memory (not disk
/ sql) so if I have to restart it for (whatever) reason it loses the GL
tuple - then everything starts over again.
Is the round robin sending a bad thing? Yeah, it probably is. But
it's not something *I* can control. And I'm sorry, I'm not going to
lose a contract with that law firm because they missed a filing deadline
with the court because an email was delayed. Email delivery isn't
guaranteed - but we (sysadmins across the globe) have made damn sure
that it makes it as QUICKLY as it can .. and the (l)users have gotten
used to it.
This one may be your answer.

http://smfs.takm.com/

SMF-Grey+tym
Here is the extended version of smf-grey, the original of which is here.
This version adds the following features:

Shades of grey (variable delay) via DNS white and block lists.
Auto reload of configuration file
Export and reload of in-memory greylist cache
Frequent (configurable) incremental exports of cache with daily cleanup
Configurable auto whitelist of sender networks
Configurable auto blocking of sender networks

DAve
2007-01-22 20:15:33 UTC
Permalink
Post by Alex Neuman
In my particular case I've had to turn off greylisting for a few
servers because the owners would rather throw more resources at the
problem (cpu, ram, etc.) to check mail after it's received. Most
people I know get used to the additional delay after a while, but
there are some users who are more... let's call it "recalcitrant".
The problem with your annoyance at your paying customers who dont want
greylisting comment here is, business emails are time critical, it is
unacceptable to delay email destined for lawyers, real estates,
accountants and every other company where time is crucial, like those
vying for multi-million dollar contracts.
its 9.10am a QC is due in high court at 10am
most hosting mail servers are very busy so its retry queue is set hourly
to avoid problems wih normal mail
QC tells the barrister he needs that info NOW "email it to me"
barrister sends email 15 seconds later.
At 9.10 your grey laming said "i dunno if your a lamer or not try again
later"
9.40 QC must leave for court, its still not there.
10.00 its retried and accepted, ..tuff luck the QC is right now before
the full bench of the high court about to see his client slammed away fo
30 years because of a lame mail server that delayed the crucial evidence.
We have a considerable number of law offices on our mail servers, they
have all had greylisting enabled. We do provide a way to opt of
greylisting per client(domain) and only one has chosen to do so. Their
spam did not decrease.

Email is not a guaranteed delivery, couriers are. If you go to prison
because your attorney hinged your defense on the arrival time of an
email, you chose the wrong attorney.
OR what about the building sub contractor who just lost out on a 500
million dollar project to Donald Trump, he's going to think, if you cant
manage to get and read such a simple effortless thing like an email in
half an hour do I really want to deal with you.
Real contracts are handled via Fed-Ex overnight, certified mail, web
based download of RFPs and web based upload of proposals. We have
contractors as clients as well, and they are do multi million dollar
contracts at the State level. They do not consider email a critical
business tool.
I dunno maybe you people dont have time crucial customers :)
Several, we offer to whitelist senders for those communications that
must use email, and must be delivered without delay. So far we have less
than ten servers listed. Note also we never preach "email is not
guaranteed" or "email is not a dependable delivery method". The clients
are savy enough to know that already.

I handle all email complaints, so far over 4 years we are batting 1000.
I have found or explained every instance of a slow or missing email
message. The top problems in order, mis spelled email address in the
address book, poor RBL choice(people are still using SPAMBAG), "shrink
wrap" Exchange administrator (Frank in accounting installed Exchange for
us, but he quit. Bob has been trying to figure it out but sometimes mail
doesn't work now).

Greylisting may not be a great solution, just a step away from C&R IMO,
but it will not bring down civilization either ;^)

DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.
Res
2007-01-23 15:24:25 UTC
Permalink
Post by DAve
Real contracts are handled via Fed-Ex overnight
sorry they dont exist in this country :)
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Res
2007-01-23 15:32:01 UTC
Permalink
Post by Res
Post by DAve
Real contracts are handled via Fed-Ex overnight
sorry they dont exist in this country :)
Also, its common for a corporations to obtain clarifications, wow things
will get sorted out fast waiting on overnight mail :) .. not.
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
DAve
2007-01-23 19:50:22 UTC
Permalink
Post by Res
Post by Res
Post by DAve
Real contracts are handled via Fed-Ex overnight
sorry they dont exist in this country :)
Also, its common for a corporations to obtain clarifications, wow things
will get sorted out fast waiting on overnight mail :) .. not.
That is exactly why there is no one all encompassing solution to the
problem of spam. I chuckle when I read postings that claim there are.
Client business models differ, client expectations differ, client mail
trends differ as well. Differences are cultural, geographical, and other
things I haven't thought of.

MailScanner is an excellent solution because it provides tools that suit
our network and clients without forcing your network and clients to our
model. Choices are cool, Julian gives us choices.

DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.
Randal, Phil
2007-01-17 00:16:18 UTC
Permalink
Post by Richard Frovarp
These can now be pulled using sa-update. I am pretty sure I saw
something a while ago that state in effect that rule_du_jour is going
away in favor of sa-update. Instructions in the SA wiki on how to use
SARE rules with sa-update.
I sincerely hope not, unless there's a separate channel for each rule,
which would make it more cumbersome than rules_du_jour anyway.

The advantage of rules_du_jour is that you can choose the mix of Rules
Emporium rules that suit you, you're not forced to take a bundle.

Cheers,

phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
Richard Frovarp
2007-01-17 01:21:30 UTC
Permalink
Post by Randal, Phil
Post by Richard Frovarp
These can now be pulled using sa-update. I am pretty sure I saw
something a while ago that state in effect that rule_du_jour is going
away in favor of sa-update. Instructions in the SA wiki on how to use
SARE rules with sa-update.
I sincerely hope not, unless there's a separate channel for each rule,
which would make it more cumbersome than rules_du_jour anyway.
The advantage of rules_du_jour is that you can choose the mix of Rules
Emporium rules that suit you, you're not forced to take a bundle.
Cheers,
phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
There are separate channels. It isn't all that cumbersome, because all
you really do is edit one file once and you are done.

Wiki address for sa-update with SARE rules:
http://wiki.apache.org/spamassassin/SareChannels

This took a bit of searching, but here is the response from the RDJ author:

http://article.gmane.org/gmane.mail.spam.spamassassin.general/89089

For those too lazy to read, it isn't going away, but there are no plans
for further enhancement and he suggests using sa-update.
Randal, Phil
2007-01-17 04:41:04 UTC
Permalink
Post by Scott Silva
cbl.abuseat.org is part of zen.spamhaus.org, via the included
lookup against the xbl list, so using both just increases your
dns lookups without any extra benefit.
Greetpause does help a lot, as I probably drop 10 to 20% of
the spam with it alone. Five seconds is a good starting point,
but probably not over 30 seconds.
The only problem with zen.spamhaus.org is this statement, found on
http://www.spamhaus.org/zen/index.lasso :

"ZEN Usage

Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
is free for low-traffic mail servers serving less than 100 users. Use of
the Spamhaus DNSBLs by commercial users, including corporate networks,
ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."

Cheers,

Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
Matt Kettler
2007-01-17 05:01:56 UTC
Permalink
Post by Randal, Phil
Post by Scott Silva
cbl.abuseat.org is part of zen.spamhaus.org, via the included
lookup against the xbl list, so using both just increases your
dns lookups without any extra benefit.
Greetpause does help a lot, as I probably drop 10 to 20% of
the spam with it alone. Five seconds is a good starting point,
but probably not over 30 seconds.
The only problem with zen.spamhaus.org is this statement, found on
"ZEN Usage
Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
is free for low-traffic mail servers serving less than 100 users. Use of
the Spamhaus DNSBLs by commercial users, including corporate networks,
ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
Interesting.. a similar, but less specific, statement cropped up on the SBL
pages too:

http://www.spamhaus.org/sbl/howtouse.html

Use of the SBL is free for individuals operating small mail servers as long as
your email traffic is low. Commercial users, corporate networks and ISPs need to
purchase a yearly subscription to use the service: see DataFeed.

Whereas XBL says it's free but high traffic sites should use a datafeed:

http://www.spamhaus.org/xbl/index.lasso

Use of the XBL is free for users with normal mail servers (but networks with
high email traffic should see DataFeed).
Paul Kelly :: Blacknight
2007-01-17 06:48:10 UTC
Permalink
Post by Matt Kettler
Interesting.. a similar, but less specific, statement cropped up on the SBL
http://www.spamhaus.org/sbl/howtouse.html
Use of the SBL is free for individuals operating small mail servers as long as
your email traffic is low. Commercial users, corporate networks and ISPs need to
purchase a yearly subscription to use the service: see DataFeed.
http://www.spamhaus.org/xbl/index.lasso
Use of the XBL is free for users with normal mail servers (but networks with
high email traffic should see DataFeed).
Hmmm. We happen to host public mirrors for spamhaus. It's the cause of
around 210k queries a minute to our rbl dns mirror box :-), sbl-xbl
being the biggest trafficker in the spamhaus family so far.

I can understand them putting limits in writing. I've not heard of them
cutting anyone off. But if one mirror provider was complaining about a
lot of traffic from ASxxxxx they can easily cite the above statement and
cut them off. I presume there is a lot of effort put in on their part,
with the mirror system and distributed dns services, colo/hosting of
boxes, staff costs etc. As such having larger users pay is probably
required to keep the service going. The various bl's they have are very
usefull and spending a few quid on them isn't a bad idea IMO, though
peoples mileage may vary though.
Denis Beauchemin
2007-01-17 20:02:42 UTC
Permalink
Post by Randal, Phil
Post by Scott Silva
cbl.abuseat.org is part of zen.spamhaus.org, via the included
lookup against the xbl list, so using both just increases your
dns lookups without any extra benefit.
Greetpause does help a lot, as I probably drop 10 to 20% of
the spam with it alone. Five seconds is a good starting point,
but probably not over 30 seconds.
The only problem with zen.spamhaus.org is this statement, found on
"ZEN Usage
Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
is free for low-traffic mail servers serving less than 100 users. Use of
the Spamhaus DNSBLs by commercial users, including corporate networks,
ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
Since I've seen this statement I tried to cut down on their RBL. After
some reshuffling I get the following usage (today's stats so far):
cbl.abuseat.org : 31957 (34.29%)
list.dsbl.org : 1040 ( 1.12%)
safe.dnsbl.sorbs.net : 57967 (62.20%)
zen.spamhaus.org : 2238 ( 2.40%)

On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
following stats:
safe.dnsbl.sorbs.net : 63222 (29.63%)
zen.spamhaus.org : 150167 (70.37%)

I check the RBLs in this order in my sendmail.mc:
FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
" found in safe.dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
found in cbl.abuseat.org"')dnl
FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found
in list.dsbl.org"')dnl
FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
found in zen.spamhaus.org"')dnl

Denis
--
_
?v? Denis Beauchemin, analyste
/(_)\ Universit? de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070117/73a572f2/smime.bin
Scott Silva
2007-01-18 00:52:21 UTC
Permalink
Post by Denis Beauchemin
Post by Randal, Phil
Post by Scott Silva
cbl.abuseat.org is part of zen.spamhaus.org, via the included
lookup against the xbl list, so using both just increases your
dns lookups without any extra benefit.
Greetpause does help a lot, as I probably drop 10 to 20% of
the spam with it alone. Five seconds is a good starting point,
but probably not over 30 seconds.
The only problem with zen.spamhaus.org is this statement, found on
"ZEN Usage
Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
is free for low-traffic mail servers serving less than 100 users. Use of
the Spamhaus DNSBLs by commercial users, including corporate networks,
ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
Since I've seen this statement I tried to cut down on their RBL. After
cbl.abuseat.org : 31957 (34.29%)
list.dsbl.org : 1040 ( 1.12%)
safe.dnsbl.sorbs.net : 57967 (62.20%)
zen.spamhaus.org : 2238 ( 2.40%)
On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
safe.dnsbl.sorbs.net : 63222 (29.63%)
zen.spamhaus.org : 150167 (70.37%)
FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
" found in safe.dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
found in cbl.abuseat.org"')dnl
FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found
in list.dsbl.org"')dnl
FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
found in zen.spamhaus.org"')dnl
Denis
Since there will be some duplication in any list, the order that you call them
will have an effect on their hits. If you put cbl after zen, you will show no
hits on cbl. You could try and move list.dsbl.org after zen and see how it
fares also. Zen is a very good list IMHO.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Richard Frovarp
2007-01-18 01:10:20 UTC
Permalink
Post by Scott Silva
Post by Denis Beauchemin
Post by Randal, Phil
Post by Scott Silva
cbl.abuseat.org is part of zen.spamhaus.org, via the included
lookup against the xbl list, so using both just increases your
dns lookups without any extra benefit.
Greetpause does help a lot, as I probably drop 10 to 20% of
the spam with it alone. Five seconds is a good starting point,
but probably not over 30 seconds.
The only problem with zen.spamhaus.org is this statement, found on
"ZEN Usage
Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
is free for low-traffic mail servers serving less than 100 users. Use of
the Spamhaus DNSBLs by commercial users, including corporate networks,
ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
Since I've seen this statement I tried to cut down on their RBL. After
cbl.abuseat.org : 31957 (34.29%)
list.dsbl.org : 1040 ( 1.12%)
safe.dnsbl.sorbs.net : 57967 (62.20%)
zen.spamhaus.org : 2238 ( 2.40%)
On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
safe.dnsbl.sorbs.net : 63222 (29.63%)
zen.spamhaus.org : 150167 (70.37%)
FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
" found in safe.dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
found in cbl.abuseat.org"')dnl
FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found
in list.dsbl.org"')dnl
FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
found in zen.spamhaus.org"')dnl
Denis
Since there will be some duplication in any list, the order that you call them
will have an effect on their hits. If you put cbl after zen, you will show no
hits on cbl. You could try and move list.dsbl.org after zen and see how it
fares also. Zen is a very good list IMHO.
I'm not a fan of safe.dnsbl.sorbs.net. Their new.spam.dnsbl.sorbs.net
zone is in that one. The description is: List of hosts that have been
noted as sending spam/UCE/UBE to the admins of SORBS within the last 48
hours. A week ago it was catching email from many google/gmail servers.

Zen is very good. Too bad they upped their subscription costs by 10
times for educational entities.
Denis Beauchemin
2007-01-18 01:16:38 UTC
Permalink
Post by Scott Silva
Post by Denis Beauchemin
Post by Randal, Phil
Post by Scott Silva
cbl.abuseat.org is part of zen.spamhaus.org, via the included
lookup against the xbl list, so using both just increases your
dns lookups without any extra benefit.
Greetpause does help a lot, as I probably drop 10 to 20% of
the spam with it alone. Five seconds is a good starting point,
but probably not over 30 seconds.
The only problem with zen.spamhaus.org is this statement, found on
"ZEN Usage
Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
is free for low-traffic mail servers serving less than 100 users. Use of
the Spamhaus DNSBLs by commercial users, including corporate networks,
ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
Since I've seen this statement I tried to cut down on their RBL. After
cbl.abuseat.org : 31957 (34.29%)
list.dsbl.org : 1040 ( 1.12%)
safe.dnsbl.sorbs.net : 57967 (62.20%)
zen.spamhaus.org : 2238 ( 2.40%)
On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
safe.dnsbl.sorbs.net : 63222 (29.63%)
zen.spamhaus.org : 150167 (70.37%)
FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
" found in safe.dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
found in cbl.abuseat.org"')dnl
FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found
in list.dsbl.org"')dnl
FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
found in zen.spamhaus.org"')dnl
Denis
Since there will be some duplication in any list, the order that you call them
will have an effect on their hits. If you put cbl after zen, you will show no
hits on cbl. You could try and move list.dsbl.org after zen and see how it
fares also. Zen is a very good list IMHO.
I know about the duplication. I try to check the most complete list
first and then the others to minimize the number of DNS lookups.

I agree that Zen is a good list but at 4800$US/year (for 10,000 users),
it's a bit expensive for our University... Calling CBL before Zen I can
see that Zen does not provide much more than CBL. It reduces my Zen DNS
lookups to "low-traffic" so I should be fine. And CBL is free...

Denis
--
_
?v? Denis Beauchemin, analyste
/(_)\ Universit? de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x62252 F: 819.821.8045


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070117/74d4044b/smime.bin
Richard Frovarp
2007-01-18 01:50:52 UTC
Permalink
Post by Denis Beauchemin
Post by Scott Silva
Post by Denis Beauchemin
Post by Randal, Phil
Post by Scott Silva
cbl.abuseat.org is part of zen.spamhaus.org, via the included
lookup against the xbl list, so using both just increases your
dns lookups without any extra benefit.
Greetpause does help a lot, as I probably drop 10 to 20% of
the spam with it alone. Five seconds is a good starting point,
but probably not over 30 seconds.
The only problem with zen.spamhaus.org is this statement, found on
"ZEN Usage
Use of the Spamhaus DNSBLs via DNS queries to our public DNSBL mirrors
is free for low-traffic mail servers serving less than 100 users. Use of
the Spamhaus DNSBLs by commercial users, including corporate networks,
ISPs and ESPs, requires a subscription to Spamhaus's Data Feed service."
Since I've seen this statement I tried to cut down on their RBL. After
cbl.abuseat.org : 31957 (34.29%)
list.dsbl.org : 1040 ( 1.12%)
safe.dnsbl.sorbs.net : 57967 (62.20%)
zen.spamhaus.org : 2238 ( 2.40%)
On Jan 1 I used only spamhaus and sorbs (in that order) and I had the
safe.dnsbl.sorbs.net : 63222 (29.63%)
zen.spamhaus.org : 150167 (70.37%)
FEATURE(`dnsbl',`safe.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr}
" found in safe.dnsbl.sorbs.net"')dnl
FEATURE(`dnsbl',`cbl.abuseat.org',`"554 Rejected " $&{client_addr} "
found in cbl.abuseat.org"')dnl
FEATURE(`dnsbl',`list.dsbl.org',`"554 Rejected " $&{client_addr} " found
in list.dsbl.org"')dnl
FEATURE(`dnsbl',`zen.spamhaus.org',`"554 Rejected " $&{client_addr} "
found in zen.spamhaus.org"')dnl
Denis
Since there will be some duplication in any list, the order that you call them
will have an effect on their hits. If you put cbl after zen, you will show no
hits on cbl. You could try and move list.dsbl.org after zen and see how it
fares also. Zen is a very good list IMHO.
I know about the duplication. I try to check the most complete list
first and then the others to minimize the number of DNS lookups.
I agree that Zen is a good list but at 4800$US/year (for 10,000
users), it's a bit expensive for our University... Calling CBL before
Zen I can see that Zen does not provide much more than CBL. It
reduces my Zen DNS lookups to "low-traffic" so I should be fine. And
CBL is free...
Denis
Sorbs is probably grabbing a lot of what the PBL in Zen lists, which
was populated using njabl's list. Yeah, that price went up from
$640/year. Kind of a steep price hike.
Aaron K. Moore
2007-01-17 20:11:29 UTC
Permalink
Post by Randal, Phil
Post by Richard Frovarp
These can now be pulled using sa-update. I am pretty sure I saw
something a while ago that state in effect that rule_du_jour is going
away in favor of sa-update. Instructions in the SA wiki on how to use
SARE rules with sa-update.
I sincerely hope not, unless there's a separate channel for each rule,
which would make it more cumbersome than rules_du_jour anyway.
There is a link to a how to document on using sa-update with the SARE
rules at the following url: http://www.rulesemporium.com/rules.htm

Each ruleset is it's own channel.
--
Aaron Kent Moore
Information Technology Services
DeKalb Memorial Hospital, Inc.
Auburn, IN
Phone: 260.920.2808
E-mail: ***@dekalbmemorial.com
Daniel Maher
2007-01-17 20:17:15 UTC
Permalink
Post by Jeramy Eling
-----Original Message-----
Sent: January 17, 2007 9:09 AM
To: MailScanner discussion
Subject: RE: Increased Volumes Of Spam
Post by Randal, Phil
Post by Richard Frovarp
These can now be pulled using sa-update. I am pretty sure I saw
something a while ago that state in effect that rule_du_jour is going
away in favor of sa-update. Instructions in the SA wiki on how to use
SARE rules with sa-update.
I sincerely hope not, unless there's a separate channel for each rule,
which would make it more cumbersome than rules_du_jour anyway.
There is a link to a how to document on using sa-update with the SARE
rules at the following url: http://www.rulesemporium.com/rules.htm
Each ruleset is it's own channel.
Just to add my voice to the chorus, I recently implemented SARE updates via sa-update, as per D. O'Shea's excellent service and instructions:
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt

It works flawlessly.


--
_
?v? Daniel Maher
/(_)\ Administrateur Syst?me Unix
^ ^ Unix System Administrator

SMASH '5' FOR VICTORY!
Kevin Miller
2007-01-20 06:24:59 UTC
Permalink
Post by Durval Menezes
Hello folks,
Post by Scott Silva
Greetpause does help a lot, as I probably drop 10 to 20% of the spam
with it alone. Five seconds is a good starting point, but probably
not over 30 seconds.
The first time I became aware of GreetPause, I dismissed it as
probably
not very effective, because it would be very simple for spammers to
adapt
by just stopping the slam; on the negative side, it would end up
slowing
ALL traffic, including the legitimate (non-spam) emails.
Then I came upon Scott's (and others) recommendations, as above, and I
wondered if my initial analysis was incorrect; today, I found the time
to configure one of my servers to use GreetPause, and measured its
efficiency using pause intervals of 1s, 5s and 10s. The numbers I
1s 14 645 2.17%
5s 19 383 4.96%
10s 36 535 6.73%
What's worse, about 80% of the connections blocked by GreetPause would
have been blocked anyway by the MTA using RBLs alone, so the
*effective* Greetpause improvement over using RBLs alone would be
about 1% or less,
even with relativelly large (10s) pauses.
I've rechecked my analysis and found no mistakes; are you folks
*really* measuring GreetPause efficiency and finding these 10-20%
numbers, or are
you deriving these numbers more from "feeling" or something? What
other explanations for the above discrepancies can you think of?
If anyone wants to sift through my logs, I can make then avalable;
just ask.
I can't speak for others, but it really boils down to how you want to
run your inbound mail. I use RBLs, but I do so in MailScanner, not my
MTA (sendmail, FFIW). Consequently, all the messages would have been
accepted anyway. Too many false positives with RBLs to reject them out
of hand. At least for me - YMMV.

By running greet pause, I was able to reject out of hand a large number
of mails. Don't remember the proportion but it seems like it was around
half anyway. I could be way off though in either direction - it's been
too long since I turned it on. I have MailWatch installed, so when I
turned on greet pause I was able to quickly and easily see a big
difference in the graph after only a day or two. Anyway, that's a lot
of mail that MailScanner/Spamassassin/AV didn't have to bother with.
For me, it was a very worthwhile feature to enable.

Also, it depends on the amount of messages you get a day. If you're
talking 1000 messages, then what's another 67? If you're talking a
million, then you're processing 67,300 messages that need to be scanned.

It isnt' the end all, be all of spam filtering. It's just another tool
in the bucket. But 6.73% here, 20% there, and it all adds up.

Have a good weekend...

...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
Dennis Willson
2007-01-20 06:32:08 UTC
Permalink
It's more effecient to use greet pause than RBLs. RBLs take up more
resources, both yours and the RBL providers. Not to mention the
metwork traffic of the RBL query (although not very much most of the
time, I used to host an RBL and if everyone would have reduced their
traffic just a little that would have made a big difference in my
bandwidth usage).

I use greet pause as one of my anti-spam tools and I probably get the
same effectiveness as you... I just consider this as 'free' and a
savings of resources. I actually get one of my biggest improvements
with greylisting (yes this can delay email, users learn to live with
it and it's such a big gain I can't ignore it). Content scanners are
such resource hogs that I do as much as I can prior to scanning the
contents so there are a lot fewer emails to scan.

Doing sender verification (making sure the sending email address is a
real email address) made a surprising difference too.

Hope this helps


On Fri, 19 Jan 2007 22:05:33 -0200
Post by Durval Menezes
Hello folks,
Post by Scott Silva
Greetpause does help a lot, as I probably drop 10 to 20% of the spam
with it
alone. Five seconds is a good starting point, but probably not over
30
seconds.
The first time I became aware of GreetPause, I dismissed it as
probably
not very effective, because it would be very simple for spammers to
adapt
by just stopping the slam; on the negative side, it would end up
slowing
ALL traffic, including the legitimate (non-spam) emails.
Then I came upon Scott's (and others) recommendations, as above, and
I
wondered if my initial analysis was incorrect; today, I found the
time
to configure one of my servers to use GreetPause, and measured its
efficiency using pause intervals of 1s, 5s and 10s. The numbers I
1s 14 645 2.17%
5s 19 383 4.96%
10s 36 535 6.73%
What's worse, about 80% of the connections blocked by GreetPause
would
have been blocked anyway by the MTA using RBLs alone, so the
*effective*
Greetpause improvement over using RBLs alone would be about 1% or
less,
even with relativelly large (10s) pauses.
I've rechecked my analysis and found no mistakes; are you folks
*really*
measuring GreetPause efficiency and finding these 10-20% numbers, or
are
you deriving these numbers more from "feeling" or something? What
other
explanations for the above discrepancies can you think of?
If anyone wants to sift through my logs, I can make then avalable;
just ask.
Thanks in advance for any and all input.
Best Regards,
--
Durval Menezes (durval AT tmp DOT com DOT br,
http://www.tmp.com.br/)
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--------------------------------------------------
Dennis Willson

***@taz-mania.com
http://www.taz-mania.com

Ham (Extra Class): KA6LSW
GMRS : WQGF680
Scuba: Rescue Diver, EANx, Wreck, Night, Alt,
Equip, UW Photographer, Gas Blender

Life should not be a journey to the grave with the intention of
arriving safely in a nice looking and well preserved body, but rather
to skid in broadside, thoroughly used up, totally worn out, and loudly
proclaiming, "WOW! WHAT A RIDE!"
Randal, Phil
2007-01-21 03:38:59 UTC
Permalink
Oh good,

The sooner we bring down business and capitalism the better (sorry,
couldn't resist :-p ).

Phil

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info
[mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Res
Sent: Saturday, January 20, 2007 9:21 PM
To: MailScanner discussion
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)
Post by Alex Neuman
In my particular case I've had to turn off greylisting for a few
servers
Post by Alex Neuman
because the owners would rather throw more resources at the problem
(cpu,
Post by Alex Neuman
ram, etc.) to check mail after it's received. Most people I know get
used to
Post by Alex Neuman
the additional delay after a while, but there are some users who are
more...
Post by Alex Neuman
let's call it "recalcitrant".
The problem with your annoyance at your paying customers who dont
want greylisting comment here is, business emails are time
critical, it is unacceptable to delay email destined for lawyers, real
estates, accountants and every other company where time is crucial, like

those vying for multi-million dollar contracts.


Picture this:

its 9.10am a QC is due in high court at 10am

most hosting mail servers are very busy so its retry queue is set hourly

to avoid problems wih normal mail

QC tells the barrister he needs that info NOW "email it to me"
barrister sends email 15 seconds later.

At 9.10 your grey laming said "i dunno if your a lamer or not try again
later"

9.40 QC must leave for court, its still not there.

10.00 its retried and accepted, ..tuff luck the QC is right now before
the
full bench of the high court about to see his client slammed away fo 30
years because of a lame mail server that delayed the crucial evidence.


OR what about the building sub contractor who just lost out on a 500
million dollar project to Donald Trump, he's going to think, if
you cant manage to get and read such a simple effortless thing like an
email in half an hour do I really want to deal with you.

I dunno maybe you people dont have time crucial customers :)
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Randal, Phil
2007-01-21 03:41:51 UTC
Permalink
In the real world, resources aren't thrown at the problem, and you get
mail backlogs which can far exceed any delay "imposed" by GreetPause.

If you want instant transfer, use instant messaging, http, or ftp
uploads.

Cheers,

Phil

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info
[mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Alex
Neuman
Sent: Saturday, January 20, 2007 2:25 PM
To: MailScanner discussion
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)

In my particular case I've had to turn off greylisting for a few
servers because the owners would rather throw more resources at the
problem (cpu, ram, etc.) to check mail after it's received. Most
people I know get used to the additional delay after a while, but
there are some users who are more... let's call it "recalcitrant".

In any case, GreetPause became a permanent addition to the "bat-belt"
as soon as it came out. No cases of collateral damage so far, as with
FPs in RBL's and so on, and it works not just against slammers but a
lot of DOS situations as well.

If I had only one thing to pick to keep from my setup it would be
GreetPause.
Post by Scott Silva
Post by Durval Menezes
Hello folks,
Post by Scott Silva
Greetpause does help a lot, as I probably drop 10 to 20% of the
spam with it
alone. Five seconds is a good starting point, but probably not
over 30
seconds.
The first time I became aware of GreetPause, I dismissed it as
probably
not very effective, because it would be very simple for spammers
to adapt
by just stopping the slam; on the negative side, it would end up
slowing
ALL traffic, including the legitimate (non-spam) emails.
Then I came upon Scott's (and others) recommendations, as above,
and I
wondered if my initial analysis was incorrect; today, I found the
time
to configure one of my servers to use GreetPause, and measured its
efficiency using pause intervals of 1s, 5s and 10s. The numbers I
1s 14 645 2.17%
5s 19 383 4.96%
10s 36 535 6.73%
What's worse, about 80% of the connections blocked by GreetPause
would
have been blocked anyway by the MTA using RBLs alone, so the
*effective*
Greetpause improvement over using RBLs alone would be about 1% or
less,
even with relativelly large (10s) pauses.
I've rechecked my analysis and found no mistakes; are you folks
*really*
measuring GreetPause efficiency and finding these 10-20% numbers,
or are
you deriving these numbers more from "feeling" or something? What
other
explanations for the above discrepancies can you think of?
If anyone wants to sift through my logs, I can make then avalable;
just ask.
Thanks in advance for any and all input.
Best Regards,
Many cannot use all the good blacklists, and greetpause does catch
some of the
newer spammers that haven't hit the blacklists yet.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Randal, Phil
2007-01-21 04:02:44 UTC
Permalink
Oops, substitute "greylisting" for "GreetPause".

Fingers out of sync with my brain again :-(

Cheers,

Phil

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info
[mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Randal,
Phil
Sent: Saturday, January 20, 2007 9:39 PM
To: 'MailScanner discussion'
Subject: RE: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)

In the real world, resources aren't thrown at the problem, and you get
mail backlogs which can far exceed any delay "imposed" by GreetPause.

If you want instant transfer, use instant messaging, http, or ftp
uploads.

Cheers,

Phil

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info
[mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Alex
Neuman
Sent: Saturday, January 20, 2007 2:25 PM
To: MailScanner discussion
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)

In my particular case I've had to turn off greylisting for a few
servers because the owners would rather throw more resources at the
problem (cpu, ram, etc.) to check mail after it's received. Most
people I know get used to the additional delay after a while, but
there are some users who are more... let's call it "recalcitrant".

In any case, GreetPause became a permanent addition to the "bat-belt"
as soon as it came out. No cases of collateral damage so far, as with
FPs in RBL's and so on, and it works not just against slammers but a
lot of DOS situations as well.

If I had only one thing to pick to keep from my setup it would be
GreetPause.
Post by Scott Silva
Post by Durval Menezes
Hello folks,
Post by Scott Silva
Greetpause does help a lot, as I probably drop 10 to 20% of the
spam with it
alone. Five seconds is a good starting point, but probably not
over 30
seconds.
The first time I became aware of GreetPause, I dismissed it as
probably
not very effective, because it would be very simple for spammers
to adapt
by just stopping the slam; on the negative side, it would end up
slowing
ALL traffic, including the legitimate (non-spam) emails.
Then I came upon Scott's (and others) recommendations, as above,
and I
wondered if my initial analysis was incorrect; today, I found the
time
to configure one of my servers to use GreetPause, and measured its
efficiency using pause intervals of 1s, 5s and 10s. The numbers I
1s 14 645 2.17%
5s 19 383 4.96%
10s 36 535 6.73%
What's worse, about 80% of the connections blocked by GreetPause
would
have been blocked anyway by the MTA using RBLs alone, so the
*effective*
Greetpause improvement over using RBLs alone would be about 1% or
less,
even with relativelly large (10s) pauses.
I've rechecked my analysis and found no mistakes; are you folks
*really*
measuring GreetPause efficiency and finding these 10-20% numbers,
or are
you deriving these numbers more from "feeling" or something? What
other
explanations for the above discrepancies can you think of?
If anyone wants to sift through my logs, I can make then avalable;
just ask.
Thanks in advance for any and all input.
Best Regards,
Many cannot use all the good blacklists, and greetpause does catch
some of the
newer spammers that haven't hit the blacklists yet.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Ed Bruce
2007-01-23 00:19:44 UTC
Permalink
Post by Randal, Phil
Oops, substitute "greylisting" for "GreetPause".
Fingers out of sync with my brain again :-(
Cheers,
Phil
I don't know how you are replying but with Thunderbird (a threaded
email/news reader) your replies all wound up in their own thread. Plus
you top posted making it even more difficult to follow.
Randal, Phil
2007-01-23 02:46:47 UTC
Permalink
It's Microsoft's wonderful Outlook.

Which makes bottom-posting and proper quoting an arduous task.

Phil

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info
[mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Ed
Bruce
Sent: Monday, January 22, 2007 6:17 PM
To: MailScanner discussion
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)
Post by Randal, Phil
Oops, substitute "greylisting" for "GreetPause".
Fingers out of sync with my brain again :-(
Cheers,
Phil
I don't know how you are replying but with Thunderbird (a threaded
email/news reader) your replies all wound up in their own thread. Plus
you top posted making it even more difficult to follow.
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Gerard Seibert
2007-01-23 03:11:12 UTC
Permalink
Post by Randal, Phil
It's Microsoft's wonderful Outlook.
Which makes bottom-posting and proper quoting an arduous task.
Its too much trouble to hit <CTRL><END>? I think the latest version of
Outlook can be configured to place the cursor at the end of a message
automatically. I know that the latest version of MS Live Mail BETA has
that feature.
--
Gerard


A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

TOPIC: Posting Etiquette
Randal, Phil
2007-01-23 03:19:02 UTC
Permalink
Yes, it is!!!

In fact, I so detest the "bottom post only" Nazis that you're having the
opposite effect to that which you intend.

Sigh.

Phil

-----Original Message-----
From: mailscanner-***@lists.mailscanner.info
[mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Gerard
Seibert
Sent: Monday, January 22, 2007 9:09 PM
To: ***@lists.mailscanner.info
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
Volumes Of Spam)
Post by Randal, Phil
It's Microsoft's wonderful Outlook.
Which makes bottom-posting and proper quoting an arduous task.
Its too much trouble to hit <CTRL><END>? I think the latest version of
Outlook can be configured to place the cursor at the end of a message
automatically. I know that the latest version of MS Live Mail BETA has
that feature.
--
Gerard


A: Because it fouls the order in which people normally read
text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

TOPIC: Posting Etiquette
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
Gerard
2007-01-23 03:36:44 UTC
Permalink
Post by Randal, Phil
Yes, it is!!!
In fact, I so detest the "bottom post only" Nazis that you're having the
opposite effect to that which you intend.
[snip]

I rarely reply to top posters. In this particular case, I had assumed
that you lacked the knowledge of how to implement placing the cursor at
the bottom of a reply automatically while using MS Outlook. Instead, I
find that you are simply adamantine in your refusal to embrace bottom
or inline posting.

Therefore, I have placed you on my BL to suppress having to hear any
further rants and or Nazis insults.

By the way, you are familiar with Godwins's law, I presume. You have
provided an excellent example of it.

http://en.wikipedia.org/wiki/Godwin's_law
--
Gerard

http://www.river.com/users/share/etiquette/
http://www.html-faq.com/etiquette/?toppost
http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html
http://www.neverending.org/~ftobin/resources/formatting_email_replies/
http://www.reedmedia.net/misc/mail/using-mailing-list.html
http://groups.google.com/support/bin/answer.py?answer=12348&topic=250
http://en.wikipedia.org/wiki/Godwin's_law
Drew Burchett
2007-01-23 03:43:31 UTC
Permalink
Wow. Now I've seen it all. Blacklisting someone because they refuse to
follow an old, outdated mode of email transmission that I personally
find hard to follow. Get with the program and stop whining about how
someone replies.

Drew Burchett
United Systems & Software
Ph: (270)527-3293
Fax: (270)527-3132


-----Original Message-----
From: mailscanner-***@lists.mailscanner.info
[mailto:mailscanner-***@lists.mailscanner.info] On Behalf Of Gerard
Sent: Monday, January 22, 2007 3:34 PM
To: ***@lists.mailscanner.info
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
VolumesOf Spam)
Post by Randal, Phil
Yes, it is!!!
In fact, I so detest the "bottom post only" Nazis that you're having
the
Post by Randal, Phil
opposite effect to that which you intend.
[snip]

I rarely reply to top posters. In this particular case, I had assumed
that you lacked the knowledge of how to implement placing the cursor at
the bottom of a reply automatically while using MS Outlook. Instead, I
find that you are simply adamantine in your refusal to embrace bottom
or inline posting.

Therefore, I have placed you on my BL to suppress having to hear any
further rants and or Nazis insults.

By the way, you are familiar with Godwins's law, I presume. You have
provided an excellent example of it.

http://en.wikipedia.org/wiki/Godwin's_law
--
Gerard

http://www.river.com/users/share/etiquette/
http://www.html-faq.com/etiquette/?toppost
http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html
http://www.neverending.org/~ftobin/resources/formatting_email_replies/
http://www.reedmedia.net/misc/mail/using-mailing-list.html
http://groups.google.com/support/bin/answer.py?answer=12348&topic=250
http://en.wikipedia.org/wiki/Godwin's_law
--
MailScanner mailing list
***@lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
--
This message has been scanned for viruses and dangerous content by MailScanner and is believed to be clean.
Steve Campbell
2007-01-23 04:02:36 UTC
Permalink
Doesn't anyone have any SA rules for top-posting, or bottom-posting? I hate
to have to start BLing people manually, cause I think it causes swapping.

Steve Campbell
***@cnpapers.com
Charleston Newspapers

----- Original Message -----
From: "Drew Burchett" <***@united-systems.com>
To: "MailScanner discussion" <***@lists.mailscanner.info>
Sent: Monday, January 22, 2007 4:40 PM
Subject: RE: Greetpause seems very ineffective (Was: RE: Increased
VolumesOfSpam)
Post by Drew Burchett
Wow. Now I've seen it all. Blacklisting someone because they refuse to
follow an old, outdated mode of email transmission that I personally
find hard to follow. Get with the program and stop whining about how
someone replies.
Drew Burchett
United Systems & Software
Ph: (270)527-3293
Fax: (270)527-3132
-----Original Message-----
Sent: Monday, January 22, 2007 3:34 PM
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
VolumesOf Spam)
Post by Randal, Phil
Yes, it is!!!
In fact, I so detest the "bottom post only" Nazis that you're having
the
Post by Randal, Phil
opposite effect to that which you intend.
[snip]
I rarely reply to top posters. In this particular case, I had assumed
that you lacked the knowledge of how to implement placing the cursor at
the bottom of a reply automatically while using MS Outlook. Instead, I
find that you are simply adamantine in your refusal to embrace bottom
or inline posting.
Therefore, I have placed you on my BL to suppress having to hear any
further rants and or Nazis insults.
By the way, you are familiar with Godwins's law, I presume. You have
provided an excellent example of it.
http://en.wikipedia.org/wiki/Godwin's_law
--
Gerard
http://www.river.com/users/share/etiquette/
http://www.html-faq.com/etiquette/?toppost
http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html
http://www.neverending.org/~ftobin/resources/formatting_email_replies/
http://www.reedmedia.net/misc/mail/using-mailing-list.html
http://groups.google.com/support/bin/answer.py?answer=12348&topic=250
http://en.wikipedia.org/wiki/Godwin's_law
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
--
This message has been scanned for viruses and dangerous content by
MailScanner and is believed to be clean.
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Matt Hampton
2007-01-23 04:24:27 UTC
Permalink
(do I top post just to wind people up.........)
Post by Steve Campbell
Doesn't anyone have any SA rules for top-posting, or bottom-posting? I
hate to have to start BLing people manually, cause I think it causes
swapping.
(or continue down here ;-) )

Ah but then the Auto-White-List would mark them the WRONG WAY.

Even worse it might fire the ALL_TRUSTED rule set.


matt
Ken A
2007-01-23 04:37:40 UTC
Permalink
Post by Steve Campbell
Doesn't anyone have any SA rules for top-posting, or bottom-posting? I
hate to have to start BLing people manually, cause I think it causes
swapping.
roflmao. and how do the Chinese bottom post?
Come on folks. This is a friendly list. Lets keep it that way.

Ken A.
Pacific.Net
Post by Steve Campbell
Steve Campbell
Charleston Newspapers
----- Original Message ----- From: "Drew Burchett"
Sent: Monday, January 22, 2007 4:40 PM
Subject: RE: Greetpause seems very ineffective (Was: RE: Increased
VolumesOfSpam)
Post by Drew Burchett
Wow. Now I've seen it all. Blacklisting someone because they refuse to
follow an old, outdated mode of email transmission that I personally
find hard to follow. Get with the program and stop whining about how
someone replies.
Drew Burchett
United Systems & Software
Ph: (270)527-3293
Fax: (270)527-3132
-----Original Message-----
Sent: Monday, January 22, 2007 3:34 PM
Subject: Re: Greetpause seems very ineffective (Was: RE: Increased
VolumesOf Spam)
Post by Randal, Phil
Yes, it is!!!
In fact, I so detest the "bottom post only" Nazis that you're having
the
Post by Randal, Phil
opposite effect to that which you intend.
[snip]
I rarely reply to top posters. In this particular case, I had assumed
that you lacked the knowledge of how to implement placing the cursor at
the bottom of a reply automatically while using MS Outlook. Instead, I
find that you are simply adamantine in your refusal to embrace bottom
or inline posting.
Therefore, I have placed you on my BL to suppress having to hear any
further rants and or Nazis insults.
By the way, you are familiar with Godwins's law, I presume. You have
provided an excellent example of it.
http://en.wikipedia.org/wiki/Godwin's_law
--
Gerard
http://www.river.com/users/share/etiquette/
http://www.html-faq.com/etiquette/?toppost
http://www.river.com/users/share/etiquette/trumpetpower-netiquette.html
http://www.neverending.org/~ftobin/resources/formatting_email_replies/
http://www.reedmedia.net/misc/mail/using-mailing-list.html
http://groups.google.com/support/bin/answer.py?answer=12348&topic=250
http://en.wikipedia.org/wiki/Godwin's_law
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
CONFIDENTIALITY NOTICE: This e-mail message, including any
attachments, is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not
the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message.
--
This message has been scanned for viruses and dangerous content by
MailScanner and is believed to be clean.
--
MailScanner mailing list
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
Res
2007-01-23 15:29:37 UTC
Permalink
Post by Steve Campbell
to have to start BLing people manually, cause I think it causes swapping.
hahahahaha
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Gerard
2007-01-23 04:58:31 UTC
Permalink
Post by Drew Burchett
Wow. Now I've seen it all. Blacklisting someone because they refuse to
follow an old, outdated mode of email transmission that I personally
find hard to follow. Get with the program and stop whining about how
someone replies.
Wrong! I find his 'NAZIS' statement personally offensive. That is why I
BL'd him.
--
Gerard
Res
2007-01-23 15:29:02 UTC
Permalink
Post by Drew Burchett
Wow. Now I've seen it all. Blacklisting someone because they refuse to
follow an old, outdated mode of email transmission that I personally
find hard to follow. Get with the program and stop whining about how
someone replies.
I agree.. its simple really, its not rocket science, if you dont like the
way a person posts DONT READ THEIR POSTS, rather then generate a high
noise ratio of crap.

I mean its also good etiquette to trim posts to whats relevant, certain
complainers of top posters dont trim, in fact only a small percentage of
folk in here trim to whats relevant in response to thier replies.
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Scott Silva
2007-01-23 22:56:25 UTC
Permalink
<snip>
Post by Res
I mean its also good etiquette to trim posts to whats relevant, certain
complainers of top posters don't trim, in fact only a small percentage of
folk in here trim to whats relevant in response to their replies.
Try posting on the mimedefang list.. Too much quoted material and your message
gets rejected.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
Gerard Seibert
2007-01-23 23:31:52 UTC
Permalink
Post by Scott Silva
<snip>
Post by Res
I mean its also good etiquette to trim posts to whats relevant, certain
complainers of top posters don't trim, in fact only a small percentage of
folk in here trim to whats relevant in response to their replies.
Try posting on the mimedefang list.. Too much quoted material and your message
gets rejected.
I wish more forums copied that style. I hate receiving a five page
document with a one line comment like, "Ya, OK!" at the top. Top posters
by definition have no clue as to how to trim messages.
--
Gerard
Res
2007-01-24 03:54:01 UTC
Permalink
Post by Gerard Seibert
document with a one line comment like, "Ya, OK!" at the top. Top posters
by definition have no clue as to how to trim messages.
*sigh* far more non-top posters dont know how to trim

now,. grow the f up.
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Julian Field
2007-01-24 16:57:17 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can we drop this please?
It's getting personal, and I won't have anyone being rude on the list.

End of thread!
Post by Res
Post by Gerard Seibert
document with a one line comment like, "Ya, OK!" at the top. Top posters
by definition have no clue as to how to trim messages.
*sigh* far more non-top posters dont know how to trim
now,. grow the f up.
Jules

- --
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.2 (Build 4075)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFFtzqoEfZZRxQVtlQRAm6wAKCHkz/15k71oyE+OHgjhjv+Umz9sQCgoJ+x
3C25q+2YxZjUHbstfCajfPQ=
=/Hnj
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk
Res
2007-01-24 03:50:38 UTC
Permalink
Post by Scott Silva
Try posting on the mimedefang list.. Too much quoted material and your message
gets rejected.
This is a good thing, the list server I run has quota percentage, lines
and other config variables to automatically bitch-slap people, I dont
enforce it globally, but I know several of the lists managers have enabled
the feature.
--
Cheers
Res

"So, you think you can tell Heaven from Hell?" - Roger Waters
Kevin Miller
2007-01-26 03:50:12 UTC
Permalink
Post by Daniel Maher
Just to add my voice to the chorus, I recently implemented SARE
updates via sa-update, as per D. O'Shea's excellent service and
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
It works flawlessly.
So when you did this, are you running the spamassassin updates out of
the cron.daily job and the sare updates with crontab or what? It isn't
clear to me how to integrate the sare stuff with the regular rules -
i.e., whether it's two steps or just one...


...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
Daniel Maher
2007-01-26 20:53:42 UTC
Permalink
Post by Kevin Miller
Post by Daniel Maher
Just to add my voice to the chorus, I recently implemented SARE
updates via sa-update, as per D. O'Shea's excellent service and
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
It works flawlessly.
So when you did this, are you running the spamassassin updates out of
the cron.daily job and the sare updates with crontab or what? It isn't
clear to me how to integrate the sare stuff with the regular rules -
i.e., whether it's two steps or just one...
...Kevin
I am running sa-update via a daily cronjob, which pulls down both the SA default rules, as well as the SARE rules of my choosing in one fell swoop. There is no magic to integrating the "sare stuff" wit the "regular rules"; simply create a small config file with the rules you want, in the form:

updates.spamassassin.org
70_sare_adult.cf.sare.sa-update.dostech.net
70_sare_header0.cf.sare.sa-update.dostech.net
70_sare_obfu0.cf.sare.sa-update.dostech.net
[..etc..]

Then, in your cronjob, specify that you'd like to use said config file during your sa-update run:
/usr/bin/sa-update --channelfile <file>

Done!


--
_
?v? Daniel Maher
/(_)\ Administrateur Syst?me Unix
^ ^ Unix System Administrator

Four elements!
Loading...