You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by ju...@lexoncom.com on 2015/10/27 18:50:27 UTC
How to get rid of this spam? Spam assassin does not catch it
I use spam assassin with razors on ubuntu server.
In recent months i started to get tons of spam.
Spam assassin does not catch it and scores are very low.
Are those emails fabricated so well that they look like legitimate? Can i
do something to catch those as spam?
I moved them all to one folder called spam and i run this command every 5
minutes on that folder:
sa-learn --spam --mbox /home/username/mail/INBOX.spam
but it does not help
It seems like every spam email is fabricated in different way.
Anyone has any idea how to catch those?
Why spam assassin does not catch it?
attached is the list showing subject and from for the recent spams i get.
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 28.10.2015 um 04:31 schrieb junk@lexoncom.com:
> yes there might be few emails there that were legitimate
> i cleaned it but i did not have time to do it property
then don't train messages at all if you don't have time to do it
properly, you are doing much more harm by misclassification as you ever
could benfit by it
> are not
> net/RBL/DNSBL tests
> enabled by default?
they are but you are using a shared dns resolver
> i need to review the documentation and see why it does not work
because your misconfiguration
>> On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
>>
>>> try this
>>> https://www.dropbox.com/s/ngmaryggdelecjq/INBOX.spam?dl=0
>>>
>>> it is mbox file with like 1000 spam messages that are not recognized as
>>> spam
>>>
>>
>> Are you -sure- all those messages are spam?
>> One of them was a personal FaceBook update message.
>> If you ("blwegrzyn@lexoncom.com") have a FB account then pretty much all
>> updates
>> sent to you as a result really cannot be considered spam.
>>
>> FWIW,
>> You are really short-changing your SA by not having the net/RBL/DNSBL
>> tests
>> working properly.
>>
>> The vast majority of those messages (%96) were tagged as spam by my system
>> and a
>> super majority (%83) scored > 20.0 (my SMTP reject threshold). A large
>> component
>> of that score was from net/RBL/DNSBL tests.
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
yes there might be few emails there that were legitimate
i cleaned it but i did not have time to do it property
are not
net/RBL/DNSBL tests
enabled by default?
i need to review the documentation and see why it does not work
> On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
>
>> try this
>> https://www.dropbox.com/s/ngmaryggdelecjq/INBOX.spam?dl=0
>>
>> it is mbox file with like 1000 spam messages that are not recognized as
>> spam
>>
>
> Are you -sure- all those messages are spam?
> One of them was a personal FaceBook update message.
> If you ("blwegrzyn@lexoncom.com") have a FB account then pretty much all
> updates
> sent to you as a result really cannot be considered spam.
>
> FWIW,
> You are really short-changing your SA by not having the net/RBL/DNSBL
> tests
> working properly.
>
> The vast majority of those messages (%96) were tagged as spam by my system
> and a
> super majority (%83) scored > 20.0 (my SMTP reject threshold). A large
> component
> of that score was from net/RBL/DNSBL tests.
>
> --
> Dave Funk University of Iowa
> <dbfunk (at) engineering.uiowa.edu> College of Engineering
> 319/335-5751 FAX: 319/384-0549 1256 Seamans Center
> Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
> #include <std_disclaimer.h>
> Better is not better, 'standard' is better. B{
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Thu, 29 Oct 2015, Noel Butler wrote:
> On 28/10/2015 12:49, David B Funk wrote:
>>
>>
>> Are you -sure- all those messages are spam?
>> One of them was a personal FaceBook update message.
>
>
> <evil grin>
>
> facebook is junk so I see nothing wrong with those messages being regarded as
> spam :)
Noel I agree with you in principal (FB == junk) but by the fine print of the FB
LLuser agreement when you sign up you're asking for it so technically it isn't
unsolicited.
I was more trying to determine whether the OP had done his due-diligence.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Noel Butler <no...@ausics.net>.
On 28/10/2015 12:49, David B Funk wrote:
>
>
> Are you -sure- all those messages are spam?
> One of them was a personal FaceBook update message.
<evil grin>
facebook is junk so I see nothing wrong with those messages being
regarded as spam :)
--
If you have the urge to reply to all rather than reply to list, you best
read http://members.ausics.net/qwerty/
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
> try this
> https://www.dropbox.com/s/ngmaryggdelecjq/INBOX.spam?dl=0
>
> it is mbox file with like 1000 spam messages that are not recognized as spam
>
Are you -sure- all those messages are spam?
One of them was a personal FaceBook update message.
If you ("blwegrzyn@lexoncom.com") have a FB account then pretty much all updates
sent to you as a result really cannot be considered spam.
FWIW,
You are really short-changing your SA by not having the net/RBL/DNSBL tests
working properly.
The vast majority of those messages (%96) were tagged as spam by my system and a
super majority (%83) scored > 20.0 (my SMTP reject threshold). A large component
of that score was from net/RBL/DNSBL tests.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
try this
https://www.dropbox.com/s/ngmaryggdelecjq/INBOX.spam?dl=0
it is mbox file with like 1000 spam messages that are not recognized as spam
> On 28/10/2015 07:38, junk@lexoncom.com wrote:
>> i uploaded my inbox with all spam that does not get filtered
>>
>> https://mega.nz/#!IRhlyQLL
>>
>
> 1/ that site is slowwwwwwww
> 2/ you need a decryption key to access it
> 3/ try pastebin instead
>
>
> --
> If you have the urge to reply to all rather than reply to list, you best
> read http://members.ausics.net/qwerty/
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Noel Butler <no...@ausics.net>.
On 28/10/2015 07:38, junk@lexoncom.com wrote:
> i uploaded my inbox with all spam that does not get filtered
>
> https://mega.nz/#!IRhlyQLL
>
1/ that site is slowwwwwwww
2/ you need a decryption key to access it
3/ try pastebin instead
--
If you have the urge to reply to all rather than reply to list, you best
read http://members.ausics.net/qwerty/
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
i uploaded my inbox with all spam that does not get filtered
https://mega.nz/#!IRhlyQLL
> On 27.10.2015 21:24, junk@lexoncom.com wrote:
>> example messages:
>>
>
> No. Those are not messages. They are just some text. Does not look like
> email messages at all.
>
> We need all the headers, those are important for SpamAssassin. The
> "source code" of the mail.
>
> br. jarif
>
>
>> 1.
>>
>> Recognize the Symptoms of Multiple Sclerosis
>>
>> The symptoms of MS can come on very gradually. Because of this, too
>> often
>> these early signs are often ignored or dismissed. Many people are not
>> diagnosed until years after their first symptoms begin to show.
>>
>> Learn More about MS Causes, Symptoms, Treatments
>> (http://www.pruplewave.com/learn/symptoms/causes/ms)
>>
>> MS info/ads
>>
>> Not only does this mean that these dibilitating symptoms are going
>> untreated for all this time, but without proper treatment these often
>> get
>> much worse and harder to live with.
>>
>> Theres much unpredictability to how MS will progress in each person.
>> Patients vary widely in how they experience the severity of the
>> disease.
>>
>> What Is Multiple Sclerosis?
>> (http://www.pruplewave.com/define/ms/what/is/multiple/sclerosis)
>>
>> Multiple sclerosis (MS) is an autoimmune disease in which the body's
>> immune system attacks its own central nervous system (CNS), which is
>> made
>> up of the brain and spinal cord. With MS, the immune system attacks
>> and
>> damages or destroys the myelin, a substance that surrounds and
>> insulates
>> the nerves, causing a distortion or interruption in nerve impulses
>> traveling to and from the brain. This results in a wide variety of
>> symptoms.
>>
>> Learn more about Multiple Sclerosis Symptoms
>> (http://www.pruplewave.com/learn/more/ms/signs)
>>
>> MS info/ads
>>
>>
>>
>>
>>
>>
>> To change your options, see thissite (http://op.pruplewave.com) or
>> write to:
>> BTN Phys.Network 67 Sunset Ave Brockton, MA 02301
>>
>> ------------------------------------------------------------
>>
>> Looking strictly at life expectancy, the prognosis for people with MS
>> is
>> encouraging. The University of Maryland Medical Center (UMMC) reports
>> that
>> the majority of MS patients will experience a normal (or almost
>> normal)
>> life span. People with MS tend to pass away from many of the same
>> conditions that people without MS die from, including cancer and
>> heart
>> disease. The prognosis for longevity is good except in cases of
>> severe MS,
>> which is quite rare. However, MS patients must contend with other
>> issues
>> that can hamper their quality of life. The symptoms cause pain,
>> discomfort, and inconvenience, even though most patients will never
>> become
>> severely disabled. The UMMC reports the alarming statistic that
>> suicide
>> rates among people with MS are higher than those in the general
>> population. Another way of evaluating the prognosis for MS is to
>> examine
>> how disabilities resulting from the conditions symptoms may affect
>> patients. According to the UMMC, around two-thirds of people
>> diagnosed with MS are able to walk without a wheelchair two decades
>> after
>> their diagnosis. Some people will need crutches or a cane to remain
>> ambulatory, however. Others use an electric scooter or wheelchair to
>> help
>> them cope with fatigue or balance difficulties.
>> Symptoms vary because the location and severity of each attack can be
>> different. Attacks can last for days, weeks, or months. Attacks are
>> followed by periods of reduced or no symptoms (remissions). Fever,
>> hot
>> baths, sun exposure, and stress can trigger or worsen attacks. It is
>> common for the disease to return (relapse). However, the disease may
>> continue to get worse without periods of remission. Nerves in any
>> part of
>> the brain or spinal cord may be damaged. Because of this, MS symptoms
>> can
>> appear in many parts of the body.
>>
>>
>> Additional helpful MS info-
>> https://www.nlm.nih.gov/medlineplus/multiplesclerosis.html
>>
>>
>> 2.
>>
>> You can see your flight and options below. Thank you for reading.
>> ---34598245---453245
>>
>> Your Business-Class-Flight
>>
>>
>> --50-80%-OFF BusinessClassAirfare--
>> ------------------------------------------------------------
>>
>> Nobody like to be cramped on an overbooked flight when you can relax
>> in
>> comfort with lay-back seats, and enough room for business activities.
>>
>> Worldwide and domestic Business Class Flight upgrades from 50%-80%
>> off
>>
>> "Having your own personal space feel like you are on your own flight"
>>
>> See Fares and Locations
>> (http://www.watchbrick.com/loc/u/349025/flight.html)
>>
>> Flight AdSearch Network
>>
>> During long flight this is the most comfort you can get.
>> Upgrade from economy for your next flight.
>>
>> See Flights From 80Off
>> (http://www.watchbrick.com/flight-843927598345/airfare.html)
>>
>>
>>
>> DFDS Airsp 4523 E Kings Ave Phoenix AZ 85032
>> (Remove your addr from flight upgrades here
>> (http://flight.watchbrick.com) )
>>
>> 3-1-1 Liquids Rule Exemption
>>
>> You may bring medically necessary liquids, medications and creams in
>> excess of 3.4 ounces or 100 milliliters in your carry-on bag. Remove
>> them
>> from your carry-on bag to be screened separately from the rest of
>> your
>> belongings. You are not required to place your liquid medication in a
>> plastic zip-top bag.
>>
>> Accessories
>>
>> Ice packs, freezer packs, frozen gel packs, and other accessories
>> required
>> to cool medically necessary liquids must be completely solid at the
>> security checkpoint. If these accessories are partially frozen or
>> slushy,
>> they are subject to the same screening as other medically necessary
>> liquids. Other supplies associated with medically necessary liquids
>> such
>> as IV bags, pumps and syringes must undergo X-ray screening.
>>
>> Screening
>>
>> Travel (https://www.tsa.gov/travel)
>> * Security Screening (https://www.tsa.gov/travel/security-screening)
>> + Prohibited Items
>> (https://www.tsa.gov/travel/security-screening/prohibited-items)
>> + Identification
>> (https://www.tsa.gov/travel/security-screening/identification)
>> + Liquids Rule
>> (https://www.tsa.gov/travel/security-screening/liquids-rule)
>> * Special Procedures (https://www.tsa.gov/travel/special-procedures)
>>
>> TSA officers may test liquids for explosives or concealed prohibited
>> items. If officers are unable to use X-ray to clear these items, they
>> may
>> ask to open the container and transfer the liquid to a separate empty
>> container or dispose of a small quantity of liquid, if feasible.
>>
>> Inform the TSA officer if you do not want your liquid medication to
>> be
>> screened by X-ray or opened. Additional steps will be taken to clear
>> the
>> liquid and you will undergo additional screening procedures to
>> include a
>> pat-down and screening of other carry-on property.
>>
>>
>>
>>> On 10/27/2015 06:50 PM, junk@lexoncom.com wrote:
>>>> I use spam assassin with razors on ubuntu server.
>>>> In recent months i started to get tons of spam.
>>>> Spam assassin does not catch it and scores are very low.
>>>>
>>>> Are those emails fabricated so well that they look like legitimate?
>>>> Can
>>>> i
>>>> do something to catch those as spam?
>>>>
>>>> I moved them all to one folder called spam and i run this command
>>>> every
>>>> 5
>>>> minutes on that folder:
>>>> sa-learn --spam --mbox /home/username/mail/INBOX.spam
>>>> but it does not help
>>>>
>>>> It seems like every spam email is fabricated in different way.
>>>>
>>>> Anyone has any idea how to catch those?
>>>> Why spam assassin does not catch it?
>>>>
>>>>
>>>> attached is the list showing subject and from for the recent spams
>>>> i
>>>> get.
>>>
>>> Suggest you pastebin a few samples - subjects on their own are not
>>> of
>>> much use.
>>>
>>>
>
> --
> jarif.bit
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Jari Fredriksson <ja...@iki.fi>.
On 27.10.2015 21:24, junk@lexoncom.com wrote:
> example messages:
>
No. Those are not messages. They are just some text. Does not look like
email messages at all.
We need all the headers, those are important for SpamAssassin. The
"source code" of the mail.
br. jarif
> 1.
>
> Recognize the Symptoms of Multiple Sclerosis
>
> The symptoms of MS can come on very gradually. Because of this, too
> often
> these early signs are often ignored or dismissed. Many people are not
> diagnosed until years after their first symptoms begin to show.
>
> Learn More about MS Causes, Symptoms, Treatments
> (http://www.pruplewave.com/learn/symptoms/causes/ms)
>
> MS info/ads
>
> Not only does this mean that these dibilitating symptoms are going
> untreated for all this time, but without proper treatment these often
> get
> much worse and harder to live with.
>
> Theres much unpredictability to how MS will progress in each person.
> Patients vary widely in how they experience the severity of the
> disease.
>
> What Is Multiple Sclerosis?
> (http://www.pruplewave.com/define/ms/what/is/multiple/sclerosis)
>
> Multiple sclerosis (MS) is an autoimmune disease in which the body's
> immune system attacks its own central nervous system (CNS), which is
> made
> up of the brain and spinal cord. With MS, the immune system attacks
> and
> damages or destroys the myelin, a substance that surrounds and
> insulates
> the nerves, causing a distortion or interruption in nerve impulses
> traveling to and from the brain. This results in a wide variety of
> symptoms.
>
> Learn more about Multiple Sclerosis Symptoms
> (http://www.pruplewave.com/learn/more/ms/signs)
>
> MS info/ads
>
>
>
>
>
>
> To change your options, see thissite (http://op.pruplewave.com) or
> write to:
> BTN Phys.Network 67 Sunset Ave Brockton, MA 02301
>
> ------------------------------------------------------------
>
> Looking strictly at life expectancy, the prognosis for people with MS
> is
> encouraging. The University of Maryland Medical Center (UMMC) reports
> that
> the majority of MS patients will experience a normal (or almost
> normal)
> life span. People with MS tend to pass away from many of the same
> conditions that people without MS die from, including cancer and
> heart
> disease. The prognosis for longevity is good except in cases of
> severe MS,
> which is quite rare. However, MS patients must contend with other
> issues
> that can hamper their quality of life. The symptoms cause pain,
> discomfort, and inconvenience, even though most patients will never
> become
> severely disabled. The UMMC reports the alarming statistic that
> suicide
> rates among people with MS are higher than those in the general
> population. Another way of evaluating the prognosis for MS is to
> examine
> how disabilities resulting from the conditions symptoms may affect
> patients. According to the UMMC, around two-thirds of people
> diagnosed with MS are able to walk without a wheelchair two decades
> after
> their diagnosis. Some people will need crutches or a cane to remain
> ambulatory, however. Others use an electric scooter or wheelchair to
> help
> them cope with fatigue or balance difficulties.
> Symptoms vary because the location and severity of each attack can be
> different. Attacks can last for days, weeks, or months. Attacks are
> followed by periods of reduced or no symptoms (remissions). Fever,
> hot
> baths, sun exposure, and stress can trigger or worsen attacks. It is
> common for the disease to return (relapse). However, the disease may
> continue to get worse without periods of remission. Nerves in any
> part of
> the brain or spinal cord may be damaged. Because of this, MS symptoms
> can
> appear in many parts of the body.
>
>
> Additional helpful MS info-
> https://www.nlm.nih.gov/medlineplus/multiplesclerosis.html
>
>
> 2.
>
> You can see your flight and options below. Thank you for reading.
> ---34598245---453245
>
> Your Business-Class-Flight
>
>
> --50-80%-OFF BusinessClassAirfare--
> ------------------------------------------------------------
>
> Nobody like to be cramped on an overbooked flight when you can relax
> in
> comfort with lay-back seats, and enough room for business activities.
>
> Worldwide and domestic Business Class Flight upgrades from 50%-80%
> off
>
> "Having your own personal space feel like you are on your own flight"
>
> See Fares and Locations
> (http://www.watchbrick.com/loc/u/349025/flight.html)
>
> Flight AdSearch Network
>
> During long flight this is the most comfort you can get.
> Upgrade from economy for your next flight.
>
> See Flights From 80Off
> (http://www.watchbrick.com/flight-843927598345/airfare.html)
>
>
>
> DFDS Airsp 4523 E Kings Ave Phoenix AZ 85032
> (Remove your addr from flight upgrades here
> (http://flight.watchbrick.com) )
>
> 3-1-1 Liquids Rule Exemption
>
> You may bring medically necessary liquids, medications and creams in
> excess of 3.4 ounces or 100 milliliters in your carry-on bag. Remove
> them
> from your carry-on bag to be screened separately from the rest of
> your
> belongings. You are not required to place your liquid medication in a
> plastic zip-top bag.
>
> Accessories
>
> Ice packs, freezer packs, frozen gel packs, and other accessories
> required
> to cool medically necessary liquids must be completely solid at the
> security checkpoint. If these accessories are partially frozen or
> slushy,
> they are subject to the same screening as other medically necessary
> liquids. Other supplies associated with medically necessary liquids
> such
> as IV bags, pumps and syringes must undergo X-ray screening.
>
> Screening
>
> Travel (https://www.tsa.gov/travel)
> * Security Screening (https://www.tsa.gov/travel/security-screening)
> + Prohibited Items
> (https://www.tsa.gov/travel/security-screening/prohibited-items)
> + Identification
> (https://www.tsa.gov/travel/security-screening/identification)
> + Liquids Rule
> (https://www.tsa.gov/travel/security-screening/liquids-rule)
> * Special Procedures (https://www.tsa.gov/travel/special-procedures)
>
> TSA officers may test liquids for explosives or concealed prohibited
> items. If officers are unable to use X-ray to clear these items, they
> may
> ask to open the container and transfer the liquid to a separate empty
> container or dispose of a small quantity of liquid, if feasible.
>
> Inform the TSA officer if you do not want your liquid medication to
> be
> screened by X-ray or opened. Additional steps will be taken to clear
> the
> liquid and you will undergo additional screening procedures to
> include a
> pat-down and screening of other carry-on property.
>
>
>
>> On 10/27/2015 06:50 PM, junk@lexoncom.com wrote:
>>> I use spam assassin with razors on ubuntu server.
>>> In recent months i started to get tons of spam.
>>> Spam assassin does not catch it and scores are very low.
>>>
>>> Are those emails fabricated so well that they look like legitimate?
>>> Can
>>> i
>>> do something to catch those as spam?
>>>
>>> I moved them all to one folder called spam and i run this command
>>> every
>>> 5
>>> minutes on that folder:
>>> sa-learn --spam --mbox /home/username/mail/INBOX.spam
>>> but it does not help
>>>
>>> It seems like every spam email is fabricated in different way.
>>>
>>> Anyone has any idea how to catch those?
>>> Why spam assassin does not catch it?
>>>
>>>
>>> attached is the list showing subject and from for the recent spams
>>> i
>>> get.
>>
>> Suggest you pastebin a few samples - subjects on their own are not
>> of
>> much use.
>>
>>
--
jarif.bit
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
example messages:
1.
Recognize the Symptoms of Multiple Sclerosis
The symptoms of MS can come on very gradually. Because of this, too often
these early signs are often ignored or dismissed. Many people are not
diagnosed until years after their first symptoms begin to show.
Learn More about MS Causes, Symptoms, Treatments
(http://www.pruplewave.com/learn/symptoms/causes/ms)
MS info/ads
Not only does this mean that these dibilitating symptoms are going
untreated for all this time, but without proper treatment these often get
much worse and harder to live with.
Theres much unpredictability to how MS will progress in each person.
Patients vary widely in how they experience the severity of the disease.
What Is Multiple Sclerosis?
(http://www.pruplewave.com/define/ms/what/is/multiple/sclerosis)
Multiple sclerosis (MS) is an autoimmune disease in which the body's
immune system attacks its own central nervous system (CNS), which is made
up of the brain and spinal cord. With MS, the immune system attacks and
damages or destroys the myelin, a substance that surrounds and insulates
the nerves, causing a distortion or interruption in nerve impulses
traveling to and from the brain. This results in a wide variety of
symptoms.
Learn more about Multiple Sclerosis Symptoms
(http://www.pruplewave.com/learn/more/ms/signs)
MS info/ads
To change your options, see thissite (http://op.pruplewave.com) or write to:
BTN Phys.Network 67 Sunset Ave Brockton, MA 02301
------------------------------------------------------------
Looking strictly at life expectancy, the prognosis for people with MS is
encouraging. The University of Maryland Medical Center (UMMC) reports that
the majority of MS patients will experience a normal (or almost normal)
life span. People with MS tend to pass away from many of the same
conditions that people without MS die from, including cancer and heart
disease. The prognosis for longevity is good except in cases of severe MS,
which is quite rare. However, MS patients must contend with other issues
that can hamper their quality of life. The symptoms cause pain,
discomfort, and inconvenience, even though most patients will never become
severely disabled. The UMMC reports the alarming statistic that suicide
rates among people with MS are higher than those in the general
population. Another way of evaluating the prognosis for MS is to examine
how disabilities resulting from the conditions symptoms may affect
patients. According to the UMMC, around two-thirds of people
diagnosed with MS are able to walk without a wheelchair two decades after
their diagnosis. Some people will need crutches or a cane to remain
ambulatory, however. Others use an electric scooter or wheelchair to help
them cope with fatigue or balance difficulties.
Symptoms vary because the location and severity of each attack can be
different. Attacks can last for days, weeks, or months. Attacks are
followed by periods of reduced or no symptoms (remissions). Fever, hot
baths, sun exposure, and stress can trigger or worsen attacks. It is
common for the disease to return (relapse). However, the disease may
continue to get worse without periods of remission. Nerves in any part of
the brain or spinal cord may be damaged. Because of this, MS symptoms can
appear in many parts of the body.
Additional helpful MS info-
https://www.nlm.nih.gov/medlineplus/multiplesclerosis.html
2.
You can see your flight and options below. Thank you for reading.
---34598245---453245
Your Business-Class-Flight
--50-80%-OFF BusinessClassAirfare--
------------------------------------------------------------
Nobody like to be cramped on an overbooked flight when you can relax in
comfort with lay-back seats, and enough room for business activities.
Worldwide and domestic Business Class Flight upgrades from 50%-80% off
"Having your own personal space feel like you are on your own flight"
See Fares and Locations (http://www.watchbrick.com/loc/u/349025/flight.html)
Flight AdSearch Network
During long flight this is the most comfort you can get.
Upgrade from economy for your next flight.
See Flights From 80Off
(http://www.watchbrick.com/flight-843927598345/airfare.html)
DFDS Airsp 4523 E Kings Ave Phoenix AZ 85032
(Remove your addr from flight upgrades here (http://flight.watchbrick.com) )
3-1-1 Liquids Rule Exemption
You may bring medically necessary liquids, medications and creams in
excess of 3.4 ounces or 100 milliliters in your carry-on bag. Remove them
from your carry-on bag to be screened separately from the rest of your
belongings. You are not required to place your liquid medication in a
plastic zip-top bag.
Accessories
Ice packs, freezer packs, frozen gel packs, and other accessories required
to cool medically necessary liquids must be completely solid at the
security checkpoint. If these accessories are partially frozen or slushy,
they are subject to the same screening as other medically necessary
liquids. Other supplies associated with medically necessary liquids such
as IV bags, pumps and syringes must undergo X-ray screening.
Screening
Travel (https://www.tsa.gov/travel)
* Security Screening (https://www.tsa.gov/travel/security-screening)
+ Prohibited Items
(https://www.tsa.gov/travel/security-screening/prohibited-items)
+ Identification
(https://www.tsa.gov/travel/security-screening/identification)
+ Liquids Rule (https://www.tsa.gov/travel/security-screening/liquids-rule)
* Special Procedures (https://www.tsa.gov/travel/special-procedures)
TSA officers may test liquids for explosives or concealed prohibited
items. If officers are unable to use X-ray to clear these items, they may
ask to open the container and transfer the liquid to a separate empty
container or dispose of a small quantity of liquid, if feasible.
Inform the TSA officer if you do not want your liquid medication to be
screened by X-ray or opened. Additional steps will be taken to clear the
liquid and you will undergo additional screening procedures to include a
pat-down and screening of other carry-on property.
> On 10/27/2015 06:50 PM, junk@lexoncom.com wrote:
>> I use spam assassin with razors on ubuntu server.
>> In recent months i started to get tons of spam.
>> Spam assassin does not catch it and scores are very low.
>>
>> Are those emails fabricated so well that they look like legitimate? Can
>> i
>> do something to catch those as spam?
>>
>> I moved them all to one folder called spam and i run this command every
>> 5
>> minutes on that folder:
>> sa-learn --spam --mbox /home/username/mail/INBOX.spam
>> but it does not help
>>
>> It seems like every spam email is fabricated in different way.
>>
>> Anyone has any idea how to catch those?
>> Why spam assassin does not catch it?
>>
>>
>> attached is the list showing subject and from for the recent spams i
>> get.
>
> Suggest you pastebin a few samples - subjects on their own are not of
> much use.
>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Axb <ax...@gmail.com>.
On 10/27/2015 06:50 PM, junk@lexoncom.com wrote:
> I use spam assassin with razors on ubuntu server.
> In recent months i started to get tons of spam.
> Spam assassin does not catch it and scores are very low.
>
> Are those emails fabricated so well that they look like legitimate? Can i
> do something to catch those as spam?
>
> I moved them all to one folder called spam and i run this command every 5
> minutes on that folder:
> sa-learn --spam --mbox /home/username/mail/INBOX.spam
> but it does not help
>
> It seems like every spam email is fabricated in different way.
>
> Anyone has any idea how to catch those?
> Why spam assassin does not catch it?
>
>
> attached is the list showing subject and from for the recent spams i get.
Suggest you pastebin a few samples - subjects on their own are not of
much use.
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 27 Oct 2015, at 16:02, junk@lexoncom.com wrote:
> SO i setup the dns server.
> Can i force spam assassin to use localhost for dns or I must
> reconfigure
> the host?
You can just change SA, but you should change the whole host to use it
if your MTA is running there as well. the MTA is probably doing lookups
before SA is passed the message that will benefit SA performance by
being in your local cache. Also, if the MTA is handling a substantial
amount of inbound mail it is very likely to benefit from having a
resolver cache that's local instead of >10ms away across multiple router
hops.
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Benny Pedersen <me...@junc.eu>.
junk@lexoncom.com skrev den 2015-10-27 21:33:
> thx, yes i did that but found old doc and that option was not
> available:
> https://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html
this is why i suggest to check local docs first, if not found local,
check atleast to diff queueries on internet to confirm it valid options,
google is fine, but :)
perldoc Mail::SpamAssassin::Conf
is trusted
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
thx, yes i did that but found old doc and that option was not available:
https://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html
>
> Am 27.10.2015 um 21:02 schrieb junk@lexoncom.com:
>> SO i setup the dns server.
>> Can i force spam assassin to use localhost for dns or I must reconfigure
>> the host?
>
> i recommend to read at least basic docs
> google "spamassassin dns" leads to
> http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html
> and
> CTRL+F "dns" leads to the following (the docs would also have mentioned
> that you need at least 200 spam *and* ham samples for bayes to work)
>
> dns_server ip-addr-port (default: entries provided by Net::DNS)
>
> Specifies an IP address of a DNS server, and optionally its port number.
> The dns_server directive may be specified multiple times, each entry
> adding to a list of available resolving name servers. The ip-addr-port
> argument can either be an IPv4 or IPv6 address, optionally enclosed in
> brackets, and optionally followed by a colon and a port number. In
> absence of a port number a standard port number 53 is assumed. When an
> IPv6 address is specified along with a port number, the address must be
> enclosed in brackets to avoid parsing ambiguity regarding a colon
> separator. A scoped link-local IP address is allowed (assuming
> underlying modules allow it).
>
> Examples : dns_server 127.0.0.1 dns_server 127.0.0.1:53 dns_server
> [127.0.0.1]:53 dns_server [::1]:53 dns_server fe80::1%lo0 dns_server
> [fe80::1%lo0]:53
>
> In absence of dns_server directives, the list of name servers is
> provided by Net::DNS module, which typically obtains the list from
> /etc/resolv.conf, but this may be platform dependent. Please consult the
> Net::DNS::Resolver documentation for details.
>
>>> On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
>>>
>>>> X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_00,HTML_MESSAGE,
>>>> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,
>>>> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no
>>>> autolearn_force=no
>>>> version=3.4.0
>>>
>>> URIBL_BLOCKED. Set up a local recursing (NOT forwarding!) DNS server
>>> for
>>> SpamAssassin to use. You're apparently doing DNS blacklist queries via
>>> a
>>> public DNS server (your ISPs?) and the aggregate traffic level is
>>> exceeding the URIBL free usage limits.
>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 27.10.2015 um 21:02 schrieb junk@lexoncom.com:
> SO i setup the dns server.
> Can i force spam assassin to use localhost for dns or I must reconfigure
> the host?
i recommend to read at least basic docs
google "spamassassin dns" leads to
http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html and
CTRL+F "dns" leads to the following (the docs would also have mentioned
that you need at least 200 spam *and* ham samples for bayes to work)
dns_server ip-addr-port (default: entries provided by Net::DNS)
Specifies an IP address of a DNS server, and optionally its port number.
The dns_server directive may be specified multiple times, each entry
adding to a list of available resolving name servers. The ip-addr-port
argument can either be an IPv4 or IPv6 address, optionally enclosed in
brackets, and optionally followed by a colon and a port number. In
absence of a port number a standard port number 53 is assumed. When an
IPv6 address is specified along with a port number, the address must be
enclosed in brackets to avoid parsing ambiguity regarding a colon
separator. A scoped link-local IP address is allowed (assuming
underlying modules allow it).
Examples : dns_server 127.0.0.1 dns_server 127.0.0.1:53 dns_server
[127.0.0.1]:53 dns_server [::1]:53 dns_server fe80::1%lo0 dns_server
[fe80::1%lo0]:53
In absence of dns_server directives, the list of name servers is
provided by Net::DNS module, which typically obtains the list from
/etc/resolv.conf, but this may be platform dependent. Please consult the
Net::DNS::Resolver documentation for details.
>> On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
>>
>>> X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_00,HTML_MESSAGE,
>>> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,
>>> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no
>>> autolearn_force=no
>>> version=3.4.0
>>
>> URIBL_BLOCKED. Set up a local recursing (NOT forwarding!) DNS server for
>> SpamAssassin to use. You're apparently doing DNS blacklist queries via a
>> public DNS server (your ISPs?) and the aggregate traffic level is
>> exceeding the URIBL free usage limits.
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Jari Fredriksson <ja...@iki.fi>.
On 27.10.2015 23.02, Martin Gregorie wrote:
> - The server's /etc/resolve.conf should contain the lines
>
> search example.lan
> nameserver 192.168.7.2
/etc/resolv.conf
Typo fixed.
--
jarif.bit
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Martin Gregorie <ma...@gregorie.org>.
On Tue, 2015-10-27 at 15:02 -0500, junk@lexoncom.com wrote:
> SO i setup the dns server.
> Can i force spam assassin to use localhost for dns or I must
> reconfigure
> the host?
>
Simpler than that. Assuming your dns server is:
- listening on your LAN for dns requests
- is configured to be the definitive name source for hosts on your LAN,
i.e. it has a zone file defining 'example.lan' as the domain name
used for all hosts on the LAN
- the configuration has an A and PTR record for every host on the LAN
- the server's IP is 192.168.7.2 [1]
Then the following setup should work and is easy to maintain:
- The server's /etc/resolve.conf should contain the lines
search example.lan
nameserver 192.168.7.2
That takes care of SA's dns lookups and caching needs as well as
providing a centralised service for every other host on the LAN
- if the other hosts on your LAN use exactly the same /etc/resolv.conf
then everything 'just works' [2]
[1] change to suit the IP range you're using on your LAN. My LAN's
subnet is 168.192.7.255 and I'm showing my resolv.conf lines
[2] you may want to add another 'nameserver' line after the initial
one. This should reference some external dns, one belonging to your ISP
or a public dns, so that external names still get resolved when either
the dns process or the server it runs on is offline for one reason or
another.
This is fine for a smallish LAN with a fairly static host population.
If you need something more dynamic, run a DHCP server to support
visitors, etc.
This is how my fairly small LAN works. It is virtually maintenance
free: the only stuff I need to do is to configure any hosts when an OS
upgrade manages to loose or overwrite its network configuration.
Martin
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Benny Pedersen <me...@junc.eu>.
junk@lexoncom.com skrev den 2015-10-27 21:02:
> SO i setup the dns server.
> Can i force spam assassin to use localhost for dns or I must
> reconfigure
> the host?
perldoc Mail::SpamAssassin::Conf
see dns server
# local.cf
dns_server 127.0.0.1
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 27.10.15 15:02, junk@lexoncom.com wrote:
>SO i setup the dns server.
>Can i force spam assassin to use localhost for dns or I must reconfigure
>the host?
you should reconfigure the host - add 127.0.0.1 to the resolv.conf
>> On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
>>
>>> X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_00,HTML_MESSAGE,
>>> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,
>>> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no
>>> autolearn_force=no
>>> version=3.4.0
>>
>> URIBL_BLOCKED. Set up a local recursing (NOT forwarding!) DNS server for
>> SpamAssassin to use. You're apparently doing DNS blacklist queries via a
>> public DNS server (your ISPs?) and the aggregate traffic level is
>> exceeding the URIBL free usage limits.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
SO i setup the dns server.
Can i force spam assassin to use localhost for dns or I must reconfigure
the host?
> On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
>
>> X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_00,HTML_MESSAGE,
>> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,
>> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no
>> autolearn_force=no
>> version=3.4.0
>
> URIBL_BLOCKED. Set up a local recursing (NOT forwarding!) DNS server for
> SpamAssassin to use. You're apparently doing DNS blacklist queries via a
> public DNS server (your ISPs?) and the aggregate traffic level is
> exceeding the URIBL free usage limits.
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> ...the Fates notice those who buy chainsaws...
> -- www.darwinawards.com
> -----------------------------------------------------------------------
> 4 days until Halloween
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by John Hardin <jh...@impsec.org>.
On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
> X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_00,HTML_MESSAGE,
> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,
> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no autolearn_force=no
> version=3.4.0
URIBL_BLOCKED. Set up a local recursing (NOT forwarding!) DNS server for
SpamAssassin to use. You're apparently doing DNS blacklist queries via a
public DNS server (your ISPs?) and the aggregate traffic level is
exceeding the URIBL free usage limits.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
4 days until Halloween
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 27.10.2015 um 20:31 schrieb junk@lexoncom.com:
> I understand now.
> sa-learn --ham --no-rebuild ham_directory
> sa-learn --spam --no-rebuild spam_directory
> sa-learn --rebuild
>
> so would the best practice to be move spam to spam folder and learn as spam
> and learn all other folders as ham and then rebuild.
> The inbox would never be scanned as it might have new span and not spam
> messages.
>
> I would need some script to go through all messages for all users except
> the spam folder to learn as HAM.
i would *never ever* make such things automated
i have just a physical folder "spam" and and physical folder "ham" wil
single .eml files and hand selected samples - currenmtly they are feeded
by a PHP script receiving IMAP messages from the spam/ham folders,
testing them via CLI in case of spam if they are not already BAYES_999
and then save eml files
over the last month i also trained BAYES_999 to find as much as possible
common spam signs, with 2.5 Mio tokens there is no longer need for that,
the bayes-db has a hitrate of 99.9% by filter out the remaining 8-10%
junk, anything else is cuaght long before spamass-milter by blacklists
/which are not working or you because once more somebody i using a
shared DNS resolver instead doing recursion on it's own caching server)
0 48739 SPAM
0 20549 HAM
0 2256265 TOKEN
insgesamt 70M
-rw------- 1 sa-milt sa-milt 9,7M 2015-10-27 20:08 bayes_seen
-rw------- 1 sa-milt sa-milt 81M 2015-10-27 20:08 bayes_toks
BAYES_00 25591 70.79 %
BAYES_05 739 2.04 %
BAYES_20 932 2.57 %
BAYES_40 789 2.18 %
BAYES_50 3981 11.01 %
BAYES_60 476 1.31 %
BAYES_80 418 1.15 %
BAYES_95 290 0.80 %
BAYES_99 2934 8.11 %
BAYES_999 2630 7.27 %
DELIVERED 49373 93.82 %
DNSWL 46277 87.94 %
SPF 33497 63.65 %
SPF/DKIM WL 15849 30.11 %
SHORTCIRCUIT 16426 31.21 %
BLOCKED 4435 8.42 %
SPAMMY 4118 7.82 % 92.85 % (OF TOTAL BLOCKED)
especially when it comes to random users they often move something to
spam just because they are too lazy or too stupid for unsubscribe (seen
that even for invoice mails of their energy supplier coming back from
AOL as abuse-feedback-loop including the invoice with their address and
power consumations over the last month)
the same for ham: just because a message is in a different folder than
inbox/spam don't make it to a ham message, just a simple sieve-rule my
move them and it was slipped junk
for every wrong classified message (no matter in what direction) in the
end you likely need 5 messages to compare the damage and in the end you
will again end with a bayes having no clue at all
train your bayes careful, by hand and try to keep a blance of ham/spam
for best results
>> Am 27.10.2015 um 20:19 schrieb junk@lexoncom.com:
>>> I dont use any ham training
>>
>> then you can't expect bayes to work at all because how do you expect the
>> bayes filter to know the *difference* of ham and spam signs?
>>
>> https://wiki.apache.org/spamassassin/BayesFaq
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
I understand now.
sa-learn --ham --no-rebuild ham_directory
sa-learn --spam --no-rebuild spam_directory
sa-learn --rebuild
so would the best practice to be move spam to spam folder and learn as spam
and learn all other folders as ham and then rebuild.
The inbox would never be scanned as it might have new span and not spam
messages.
I would need some script to go through all messages for all users except
the spam folder to learn as HAM.
>
>
> Am 27.10.2015 um 20:19 schrieb junk@lexoncom.com:
>> I dont use any ham training
>
> then you can't expect bayes to work at all because how do you expect the
> bayes filter to know the *difference* of ham and spam signs?
>
> https://wiki.apache.org/spamassassin/BayesFaq
>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 27.10.2015 um 20:19 schrieb junk@lexoncom.com:
> I dont use any ham training
then you can't expect bayes to work at all because how do you expect the
bayes filter to know the *difference* of ham and spam signs?
https://wiki.apache.org/spamassassin/BayesFaq
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
Is there a way to learn what bayes learned so far?
> On Oct 27, 2015, at 4:35 PM, John Hardin <jh...@impsec.org> wrote:
>
>> On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
>>
>> example mail sa headers:
>
> Is this from a spam?
>
>> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
>> ip-10-254-37-89.us-west-2.compute.internal
>> X-Spam-Level: ***
>> X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_00,HTML_MESSAGE,
>
> BAYES_00. You *do* have ham and spam trained, and bayes *is* in use.
>
> If this is a spam, your Bayes appears to be mistrained. That might explain why so many spams are getting through.
>
> If you have autolearn turned on, turn it off.
>
> Collect hand-classified corpora of several hundred hams and several hundred spams, then wipe and retrain your Bayes.
>
> If your userbase is small enough to collect and train on just misclassified messages, then leave autolearn turned off and just train misclassifications and messages that don't hit either BAYES_00 or BAYES_99.
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> ...the Fates notice those who buy chainsaws...
> -- www.darwinawards.com
> -----------------------------------------------------------------------
> 4 days until Halloween
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by John Hardin <jh...@impsec.org>.
On Tue, 27 Oct 2015, junk@lexoncom.com wrote:
> example mail sa headers:
Is this from a spam?
> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
> ip-10-254-37-89.us-west-2.compute.internal
> X-Spam-Level: ***
> X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_00,HTML_MESSAGE,
BAYES_00. You *do* have ham and spam trained, and bayes *is* in use.
If this is a spam, your Bayes appears to be mistrained. That might explain
why so many spams are getting through.
If you have autolearn turned on, turn it off.
Collect hand-classified corpora of several hundred hams and several
hundred spams, then wipe and retrain your Bayes.
If your userbase is small enough to collect and train on just
misclassified messages, then leave autolearn turned off and just train
misclassifications and messages that don't hit either BAYES_00 or
BAYES_99.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
4 days until Halloween
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by John Hardin <jh...@impsec.org>.
On Fri, 30 Oct 2015, junk@lexoncom.com wrote:
>> On Fri, 30 Oct 2015, junk@lexoncom.com wrote:
>>
>>> I already cleaned the db to make sure I dont have it broken.
>>> Would it be better to turn off the autolearn.
>>> Teach sa ham and spam from over 200 messages and then turn back the
>>> autolearn?
>>
>> How big is your userbase and ham email volume?
>>
>> If both are fairly small, I'd leave autolearn turned off and do purely
>> manual classification and training. That's what I do and I have good
>> results, but I'm only supporting 5 users.
>>
> similar to yours
> i have been running sa for few years so i do have like
> 80000-100000 entries in auto-whitelist per user
> i cleared it and i will start over
> with no auto-whitelist enabled for now
auto-whitelist (AWL) has nothing to do with bayes or autolearn. Its name
is misleading, it is actually more of a score averaging facility to allow
for an occasionally spammy-looking email from someone with a hammy
history.
>> Turn off autolearn to start while you're evaluating the performance of
>> your initial corpora. Train any FPs and FNs (keeping them as part of your
>> reference training corpora), and get your DNS issues resolved.
>
> not sure where is the problem with dns
> as i have the caching server setup
Are you sure that your DNS server is actually the one being used? Can you
check the DNS server's logs to see queries coming in from your network and
beign recursively resolved?
Perhaps post your DNS server's config file?
>> Once things are stable and working smoothly for a while, then you can turn
>> autolearn back on if you feel your mail volume justifies it.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
Tomorrow: Halloween
RE: FIlter
Posted by Kevin Miller <ke...@juneau.org>.
I could me misunderstanding, but it sounds like you have a DNS server on a different host than your mail server and that Amazon blocks that. The recommendation is to install a DNS server on the *same* host as your mail server. There will be no UDP traffic blocked between your mail server and DNS server if they're on the same host because the traffic from DNS server to mail server never leaves the box.
Normally DNS is configured to query root servers and other folks DNS servers on UPD 53; it's not clear to me if Amazon would be blocking that but I rather doubt it, as DNS is pretty much the backbone of the internet. But even if they are, you can configure a DNS server to use TCP 53. It's not as efficient but given that the DNS responses are cached, it's not all that burdensome either.
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357
-----Original Message-----
From: Junk [mailto:junk@lexoncom.com]
Sent: Friday, December 01, 2017 6:31 AM
To: Benny Pedersen
Cc: Junk; users@spamassassin.apache.org
Subject: Re: FIlter
> Junk skrev den 2017-12-01 05:35:
>> I understand your concern and I agree but like I said at this point I
>> cannot get over the dns issue unless you give me a dns server ip that
>> will respond to my queries for the uribl.
>
> apt-get install bind9
>
you did not reab my answer.
I do have the dns server running but my isp does not allow udp port, so i cannot point my amazon server to it.
> configure it to NOT forward any dns queries to any other dns server,
> eg it should just be listing on 127.0.0.1, and recolv.conf have just
> nameserver 127.0.0.1
>
> if amazon cant allow you to do this you should change vps hoster
>
Its not amazons fault. It is URIDB blocking amazons subnets.
>> My original question was about specific filter.
>
> i belive you would like uribl to work like junkmailfilter do
>
This still does not answer my original question.
Re: FIlter
Posted by Junk <ju...@lexoncom.com>.
> Junk skrev den 2017-12-01 05:35:
>> I understand your concern and I agree but like I said at this point I
>> cannot get over the dns issue unless you give me a dns server ip that
>> will respond to my queries for the uribl.
>
> apt-get install bind9
>
you did not reab my answer.
I do have the dns server running but my isp does not allow udp port, so i
cannot point my amazon server to it.
> configure it to NOT forward any dns queries to any other dns server, eg
> it should just be listing on 127.0.0.1, and recolv.conf have just
> nameserver 127.0.0.1
>
> if amazon cant allow you to do this you should change vps hoster
>
Its not amazons fault. It is URIDB blocking amazons subnets.
>> My original question was about specific filter.
>
> i belive you would like uribl to work like junkmailfilter do
>
This still does not answer my original question.
Re: FIlter
Posted by Junk <ju...@lexoncom.com>.
right, did not read it correctly.
>
>
> Am 01.12.2017 um 17:00 schrieb Junk:
>> You calling me an idiot based on what?
>
> learn to read emails!
> i repsonded to Benny's clueless "apt-get install bind9"
>
>> According to URIBL:
>>
>> Why are DNS queries from my cloud instances
>> (AmazonEC2/Softlayer/Rackspace/etc) blocked?
>
> i know that, Benny don't
>
>>> Am 01.12.2017 um 09:50 schrieb Benny Pedersen:
>>>> Junk skrev den 2017-12-01 05:35:
>>>>> I understand your concern and I agree but like I said at this point I
>>>>> cannot get over the dns issue unless you give me a dns server ip that
>>>>> will respond to my queries for the uribl.
>>>>
>>>> apt-get install bind9
>>>>
>>>> configure it to NOT forward any dns queries to any other dns server,
>>>> eg
>>>> it should just be listing on 127.0.0.1, and recolv.conf have just
>>>> nameserver 127.0.0.1
>>>>
>>>> if amazon cant allow you to do this you should change vps hoster
>>>
>>> idiot! URIBL blocks amazon in general!
>
Re: FIlter
Posted by Junk <ju...@lexoncom.com>.
You calling me an idiot based on what?
According to URIBL:
Why are DNS queries from my cloud instances
(AmazonEC2/Softlayer/Rackspace/etc) blocked?
Large subnets owned by Amazon and other cloud providers have been blocked
due to high volume. Because amazon has so many networks, a single user may
have multiple mail exchanges on multiple networks, and we have no ability
to correlate this and block individual high volume users. We are looking
at ways of improving our query limit system for those coming from large
virtual hosting providers such as Amazon, but at this time we do not have
anything in place. We do offer discounted Datafeed over DNS rates for
low-volume, cloud hosted users who are effected by these wide ranging
blocks. See Requesting the Datafeed Service and choose 'Cloud Hosted' on
the request form.
So technically you can pay and you wont be blocked.
>
>
> Am 01.12.2017 um 09:50 schrieb Benny Pedersen:
>> Junk skrev den 2017-12-01 05:35:
>>> I understand your concern and I agree but like I said at this point I
>>> cannot get over the dns issue unless you give me a dns server ip that
>>> will respond to my queries for the uribl.
>>
>> apt-get install bind9
>>
>> configure it to NOT forward any dns queries to any other dns server, eg
>> it should just be listing on 127.0.0.1, and recolv.conf have just
>> nameserver 127.0.0.1
>>
>> if amazon cant allow you to do this you should change vps hoster
>
> idiot! URIBL blocks amazon in general!
>
Re: FIlter
Posted by Benny Pedersen <me...@junc.eu>.
Junk skrev den 2017-12-01 05:35:
> I understand your concern and I agree but like I said at this point I
> cannot get over the dns issue unless you give me a dns server ip that
> will respond to my queries for the uribl.
apt-get install bind9
configure it to NOT forward any dns queries to any other dns server, eg
it should just be listing on 127.0.0.1, and recolv.conf have just
nameserver 127.0.0.1
if amazon cant allow you to do this you should change vps hoster
> My original question was about specific filter.
i belive you would like uribl to work like junkmailfilter do
Re: FIlter
Posted by Junk <ju...@lexoncom.com>.
I understand your concern and I agree but like I said at this point I cannot get over the dns issue unless you give me a dns server ip that will respond to my queries for the uribl.
My original question was about specific filter.
> On Nov 30, 2017, at 6:59 PM, Benny Pedersen <me...@junc.eu> wrote:
>
> Junk skrev den 2017-12-01 01:22:
>> I am aware of uridb blocked.
>> My server is in amazon cloud and uridb is blocked.
>> I do have private dns server caching only configured but my att dsl
>> blocked dns port udp so I cannot use it.
>> I was wondering if I could add other spam filter which I asked the
>> question about.
>
> what if junkmailfilter blocks you as uribl ?
>
> fix real problem first
Re: FIlter
Posted by Benny Pedersen <me...@junc.eu>.
Junk skrev den 2017-12-01 01:22:
> I am aware of uridb blocked.
> My server is in amazon cloud and uridb is blocked.
> I do have private dns server caching only configured but my att dsl
> blocked dns port udp so I cannot use it.
>
> I was wondering if I could add other spam filter which I asked the
> question about.
what if junkmailfilter blocks you as uribl ?
fix real problem first
Re: FIlter
Posted by Junk <ju...@lexoncom.com>.
let me try if i can change the port to something else and then configure
firewall to forward from that port to the dns server on my network.
>
>
> Am 01.12.2017 um 01:22 schrieb Junk:
>> I am aware of uridb blocked.
>> My server is in amazon cloud and uridb is blocked.
>> I do have private dns server caching only configured but my att dsl
>> blocked dns port udp so I cannot use it
>
> RTFM - dns is not bound to port 53
>
> http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html
>
>
> dns_server ip-addr-port (default: entries provided by Net::DNS)
>
> Specifies an IP address of a DNS server, and optionally its port
> number. The dns_server directive may be specified multiple times, each
> entry adding to a list of available resolving name servers. The
> ip-addr-port argument can either be an IPv4 or IPv6 address, optionally
> enclosed in brackets, and optionally followed by a colon and a port
> number. In absence of a port number a standard port number 53 is
> assumed. When an IPv6 address is specified along with a port number, the
> address must be enclosed in brackets to avoid parsing ambiguity
> regarding a colon separator. A scoped link-local IP address is allowed
> (assuming underlying modules allow it).
>
> Examples : dns_server 127.0.0.1 dns_server 127.0.0.1:53 dns_server
> [127.0.0.1]:53 dns_server [::1]:53 dns_server fe80::1%lo0 dns_server
> [fe80::1%lo0]:53
>
> In absence of dns_server directives, the list of name servers is
> provided by Net::DNS module, which typically obtains the list from
> /etc/resolv.conf, but this may be platform dependent. Please consult the
> Net::DNS::Resolver documentation for details.
>
Re: FIlter
Posted by Junk <ju...@lexoncom.com>.
I am aware of uridb blocked.
My server is in amazon cloud and uridb is blocked.
I do have private dns server caching only configured but my att dsl blocked dns port udp so I cannot use it.
I was wondering if I could add other spam filter which I asked the question about.
> On Nov 30, 2017, at 5:00 PM, Benny Pedersen <me...@junc.eu> wrote:
>
> Junk skrev den 2017-11-30 23:46:
>
>> Nov 30 16:45:22.663 [11935] dbg: uridnsbl: nt.ee . multi.uribl.com ->
>> 127.0.0.1, URIBL_BLOCKED, subtest:1
>
> fix this problem first
>
> https://wiki.apache.org/spamassassin/DnsBlocklists
>
> read above page for more help
>
> https://mail-archives.apache.org/mod_mbox/spamassassin-users/201201.mbox/%3C6861a6959eddf6f10ca8c96f3f65faf7@www.coochey.net%3E
>
> old thread
Re: FIlter
Posted by Benny Pedersen <me...@junc.eu>.
Junk skrev den 2017-11-30 23:46:
> Nov 30 16:45:22.663 [11935] dbg: uridnsbl: nt.ee . multi.uribl.com ->
> 127.0.0.1, URIBL_BLOCKED, subtest:1
fix this problem first
https://wiki.apache.org/spamassassin/DnsBlocklists
read above page for more help
https://mail-archives.apache.org/mod_mbox/spamassassin-users/201201.mbox/%3C6861a6959eddf6f10ca8c96f3f65faf7@www.coochey.net%3E
old thread
FIlter
Posted by Junk <ju...@lexoncom.com>.
If i want to add:
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples
to spam assassin is the below config enough?
The below expert shows a call to the list but besides that i dont see any
results.
header __RCVD_IN_HOSTKARMA
eval:check_rbl('HOSTKARMA-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_HOSTKARMA Sender listed in JunkEmailFilter
tflags __RCVD_IN_HOSTKARMA net
header RCVD_IN_HOSTKARMA_W eval:check_rbl_sub('HOSTKARMA-lastexternal',
'127.0.0.1')
describe RCVD_IN_HOSTKARMA_W Sender listed in HOSTKARMA-WHITE
tflags RCVD_IN_HOSTKARMA_W net nice
score RCVD_IN_HOSTKARMA_W -5
header RCVD_IN_HOSTKARMA_BL eval:check_rbl_sub('HOSTKARMA-lastexternal',
'127.0.0.2')
describe RCVD_IN_HOSTKARMA_BL Sender listed in HOSTKARMA-BLACK
tflags RCVD_IN_HOSTKARMA_BL net
score RCVD_IN_HOSTKARMA_BL 3.0
header RCVD_IN_HOSTKARMA_BR eval:check_rbl_sub('HOSTKARMA-lastexternal',
'127.0.0.4')
describe RCVD_IN_HOSTKARMA_BR Sender listed in HOSTKARMA-BROWN
tflags RCVD_IN_HOSTKARMA_BR net
score RCVD_IN_HOSTKARMA_BR 1.0
log:
Nov 30 16:45:22.663 [11935] dbg: uridnsbl: nt.ee . multi.uribl.com ->
127.0.0.1, URIBL_BLOCKED, subtest:1
Nov 30 16:45:22.663 [11935] dbg: uridnsbl: nt.ee . multi.uribl.com ->
127.0.0.1, URIBL_BLOCKED, 7f000001 & 00000001 match
Nov 30 16:45:22.663 [11935] dbg: uridnsbl: domain "nt.ee" listed
(URIBL_BLOCKED): 127.0.0.1
Nov 30 16:45:22.663 [11935] dbg: dns: URIBL_BLOCKED lookup finished
Nov 30 16:45:22.664 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.uribl.com, rule URIBL_GREY
Nov 30 16:45:22.664 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_GREY DNSBL:nt.ee:multi.uribl.com
Nov 30 16:45:22.664 [11935] dbg: uridnsbl: nt.ee . multi.uribl.com ->
127.0.0.1, URIBL_GREY, subtest:4
Nov 30 16:45:22.664 [11935] dbg: uridnsbl: nt.ee . multi.uribl.com ->
127.0.0.1, URIBL_GREY, 7f000001 & 00000004 no
Nov 30 16:45:22.664 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.uribl.com, rule URIBL_BLACK
Nov 30 16:45:22.665 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_BLACK DNSBL:nt.ee:multi.uribl.com
Nov 30 16:45:22.665 [11935] dbg: uridnsbl: nt.ee . multi.uribl.com ->
127.0.0.1, URIBL_BLACK, subtest:2
Nov 30 16:45:22.665 [11935] dbg: uridnsbl: nt.ee . multi.uribl.com ->
127.0.0.1, URIBL_BLACK, 7f000001 & 00000002 no
Nov 30 16:45:22.666 [11935] dbg: dns: dns reply to
13357/IN/A/nt.ee.multi.surbl.org: NXDOMAIN
Nov 30 16:45:22.666 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_PH_SURBL
Nov 30 16:45:22.666 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_PH_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.667 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_WS_SURBL
Nov 30 16:45:22.667 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_WS_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.667 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_MW_SURBL
Nov 30 16:45:22.667 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_MW_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.668 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_AB_SURBL
Nov 30 16:45:22.668 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_AB_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.668 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_JP_SURBL
Nov 30 16:45:22.668 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_JP_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.668 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_SC_SURBL
Nov 30 16:45:22.669 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SC_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.669 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_PH_SURBL
Nov 30 16:45:22.669 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_PH_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.669 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_WS_SURBL
Nov 30 16:45:22.670 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_WS_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.670 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_MW_SURBL
Nov 30 16:45:22.670 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_MW_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.670 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_AB_SURBL
Nov 30 16:45:22.671 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_AB_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.671 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_JP_SURBL
Nov 30 16:45:22.671 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_JP_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.671 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:multi.surbl.org, rule URIBL_SC_SURBL
Nov 30 16:45:22.672 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SC_SURBL DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.672 [11935] dbg: dns: dns reply to
55611/IN/A/nt.ee.dob.sibl.support-intelligence.net: NXDOMAIN
Nov 30 16:45:22.673 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:dob.sibl.support-intelligence.net, rule URIBL_RHS_DOB
Nov 30 16:45:22.673 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_RHS_DOB DNSBL:nt.ee:dob.sibl.support-intelligence.net
Nov 30 16:45:22.673 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:dob.sibl.support-intelligence.net, rule URIBL_RHS_DOB
Nov 30 16:45:22.673 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_RHS_DOB DNSBL:nt.ee:dob.sibl.support-intelligence.net
Nov 30 16:45:22.674 [11935] dbg: dns: dns reply 39319 is OK, 2 answer records
Nov 30 16:45:22.674 [11935] dbg: async: calling callback on key NS:nt.ee
Nov 30 16:45:22.674 [11935] dbg: uridnsbl: complete_ns_lookup NS:nt.ee
Nov 30 16:45:22.675 [11935] dbg: uridnsbl: got(1) NS for nt.ee: nt.ee. 12
IN NS ns1.nt.ee.
Nov 30 16:45:22.676 [11935] dbg: async: launching A/ns1.nt.ee for A:ns1.nt.ee
Nov 30 16:45:22.676 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.676 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.677 [11935] dbg: dns: providing a callback for id:
33241/IN/A/ns1.nt.ee
Nov 30 16:45:22.677 [11935] dbg: async: starting: URI-A, A:ns1.nt.ee
(timeout 15.0s, min 3.0s)
Nov 30 16:45:22.678 [11935] dbg: uridnsbl: got(2) NS for nt.ee: nt.ee. 12
IN NS ns2.nt.ee.
Nov 30 16:45:22.678 [11935] dbg: async: launching A/ns2.nt.ee for A:ns2.nt.ee
Nov 30 16:45:22.678 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.678 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.679 [11935] dbg: dns: providing a callback for id:
11069/IN/A/ns2.nt.ee
Nov 30 16:45:22.679 [11935] dbg: async: starting: URI-A, A:ns2.nt.ee
(timeout 15.0s, min 3.0s)
Nov 30 16:45:22.680 [11935] dbg: dns: dns reply 27478 is OK, 1 answer records
Nov 30 16:45:22.680 [11935] dbg: async: calling callback on key A:nt.ee
Nov 30 16:45:22.681 [11935] dbg: uridnsbl: complete_a_lookup A:nt.ee
Nov 30 16:45:22.681 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
nt.ee: nt.ee. 13 IN A 153.92.8.159
Nov 30 16:45:22.681 [11935] dbg: async: launching
A/159.8.92.153.sbl.spamhaus.org for DNSBL:159.8.92.153:sbl.spamhaus.org
Nov 30 16:45:22.682 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.682 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.683 [11935] dbg: dns: providing a callback for id:
6473/IN/A/159.8.92.153.sbl.spamhaus.org
Nov 30 16:45:22.683 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:159.8.92.153:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.683 [11935] dbg: async: launching
A/159.8.92.153.zen.spamhaus.org for DNSBL:159.8.92.153:zen.spamhaus.org
Nov 30 16:45:22.684 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.684 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.685 [11935] dbg: dns: providing a callback for id:
35356/IN/A/159.8.92.153.zen.spamhaus.org
Nov 30 16:45:22.685 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:159.8.92.153:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.686 [11935] dbg: dns: dns reply 21588 is OK, 1 answer records
Nov 30 16:45:22.686 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.uribl.com, rule URIBL_RED
Nov 30 16:45:22.686 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_RED
DNSBL:lexoncom.com:multi.uribl.com
Nov 30 16:45:22.687 [11935] dbg: uridnsbl: lexoncom.com . multi.uribl.com
-> 127.0.0.1, URIBL_RED, subtest:8
Nov 30 16:45:22.687 [11935] dbg: uridnsbl: lexoncom.com . multi.uribl.com
-> 127.0.0.1, URIBL_RED, 7f000001 & 00000008 no
Nov 30 16:45:22.687 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.uribl.com, rule URIBL_BLOCKED
Nov 30 16:45:22.688 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_BLOCKED DNSBL:lexoncom.com:multi.uribl.com
Nov 30 16:45:22.688 [11935] dbg: uridnsbl: lexoncom.com . multi.uribl.com
-> 127.0.0.1, URIBL_BLOCKED, subtest:1
Nov 30 16:45:22.688 [11935] dbg: uridnsbl: lexoncom.com . multi.uribl.com
-> 127.0.0.1, URIBL_BLOCKED, 7f000001 & 00000001 match
Nov 30 16:45:22.689 [11935] dbg: uridnsbl: domain "lexoncom.com" listed
(URIBL_BLOCKED): 127.0.0.1
Nov 30 16:45:22.689 [11935] dbg: dns: URIBL_BLOCKED lookup finished
Nov 30 16:45:22.689 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.uribl.com, rule URIBL_GREY
Nov 30 16:45:22.689 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_GREY DNSBL:lexoncom.com:multi.uribl.com
Nov 30 16:45:22.690 [11935] dbg: uridnsbl: lexoncom.com . multi.uribl.com
-> 127.0.0.1, URIBL_GREY, subtest:4
Nov 30 16:45:22.690 [11935] dbg: uridnsbl: lexoncom.com . multi.uribl.com
-> 127.0.0.1, URIBL_GREY, 7f000001 & 00000004 no
Nov 30 16:45:22.690 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.uribl.com, rule URIBL_BLACK
Nov 30 16:45:22.691 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_BLACK DNSBL:lexoncom.com:multi.uribl.com
Nov 30 16:45:22.691 [11935] dbg: uridnsbl: lexoncom.com . multi.uribl.com
-> 127.0.0.1, URIBL_BLACK, subtest:2
Nov 30 16:45:22.691 [11935] dbg: uridnsbl: lexoncom.com . multi.uribl.com
-> 127.0.0.1, URIBL_BLACK, 7f000001 & 00000002 no
Nov 30 16:45:22.692 [11935] dbg: dns: dns reply to
663/IN/A/lexoncom.com.multi.surbl.org: NXDOMAIN
Nov 30 16:45:22.692 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.surbl.org, rule URIBL_PH_SURBL
Nov 30 16:45:22.693 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_PH_SURBL DNSBL:lexoncom.com:multi.surbl.org
Nov 30 16:45:22.693 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.surbl.org, rule URIBL_WS_SURBL
Nov 30 16:45:22.693 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_WS_SURBL DNSBL:lexoncom.com:multi.surbl.org
Nov 30 16:45:22.693 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.surbl.org, rule URIBL_MW_SURBL
Nov 30 16:45:22.694 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_MW_SURBL DNSBL:lexoncom.com:multi.surbl.org
Nov 30 16:45:22.694 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.surbl.org, rule URIBL_AB_SURBL
Nov 30 16:45:22.694 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_AB_SURBL DNSBL:lexoncom.com:multi.surbl.org
Nov 30 16:45:22.695 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.surbl.org, rule URIBL_JP_SURBL
Nov 30 16:45:22.695 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_JP_SURBL DNSBL:lexoncom.com:multi.surbl.org
Nov 30 16:45:22.695 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:multi.surbl.org, rule URIBL_SC_SURBL
Nov 30 16:45:22.695 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SC_SURBL DNSBL:lexoncom.com:multi.surbl.org
Nov 30 16:45:22.696 [11935] dbg: dns: dns reply to
5253/IN/A/lexoncom.com.dob.sibl.support-intelligence.net: NXDOMAIN
Nov 30 16:45:22.696 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:dob.sibl.support-intelligence.net, rule URIBL_RHS_DOB
Nov 30 16:45:22.697 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_RHS_DOB DNSBL:lexoncom.com:dob.sibl.support-intelligence.net
Nov 30 16:45:22.697 [11935] dbg: dns: dns reply 59502 is OK, 2 answer records
Nov 30 16:45:22.698 [11935] dbg: async: calling callback on key
NS:lexoncom.com
Nov 30 16:45:22.698 [11935] dbg: uridnsbl: complete_ns_lookup NS:lexoncom.com
Nov 30 16:45:22.698 [11935] dbg: uridnsbl: got(1) NS for lexoncom.com:
lexoncom.com. 12 IN NS ns78.domaincontrol.com.
Nov 30 16:45:22.698 [11935] dbg: async: launching A/ns78.domaincontrol.com
for A:ns78.domaincontrol.com
Nov 30 16:45:22.699 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.699 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.699 [11935] dbg: dns: providing a callback for id:
45966/IN/A/ns78.domaincontrol.com
Nov 30 16:45:22.700 [11935] dbg: async: starting: URI-A,
A:ns78.domaincontrol.com (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.700 [11935] dbg: uridnsbl: got(2) NS for lexoncom.com:
lexoncom.com. 12 IN NS ns77.domaincontrol.com.
Nov 30 16:45:22.700 [11935] dbg: async: launching A/ns77.domaincontrol.com
for A:ns77.domaincontrol.com
Nov 30 16:45:22.701 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.701 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.701 [11935] dbg: dns: providing a callback for id:
63065/IN/A/ns77.domaincontrol.com
Nov 30 16:45:22.702 [11935] dbg: async: starting: URI-A,
A:ns77.domaincontrol.com (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.702 [11935] dbg: dns: dns reply 3487 is OK, 1 answer records
Nov 30 16:45:22.703 [11935] dbg: async: calling callback on key
A:lexoncom.com
Nov 30 16:45:22.703 [11935] dbg: uridnsbl: complete_a_lookup A:lexoncom.com
Nov 30 16:45:22.703 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
lexoncom.com: lexoncom.com. 12 IN A 54.244.239.249
Nov 30 16:45:22.703 [11935] dbg: async: launching
A/249.239.244.54.sbl.spamhaus.org for
DNSBL:249.239.244.54:sbl.spamhaus.org
Nov 30 16:45:22.704 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.704 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.705 [11935] dbg: dns: providing a callback for id:
26233/IN/A/249.239.244.54.sbl.spamhaus.org
Nov 30 16:45:22.705 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:249.239.244.54:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.705 [11935] dbg: async: launching
A/249.239.244.54.zen.spamhaus.org for
DNSBL:249.239.244.54:zen.spamhaus.org
Nov 30 16:45:22.706 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.706 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.706 [11935] dbg: dns: providing a callback for id:
7012/IN/A/249.239.244.54.zen.spamhaus.org
Nov 30 16:45:22.707 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:249.239.244.54:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.707 [11935] dbg: dns: dns reply 28002 is OK, 1 answer records
Nov 30 16:45:22.707 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.uribl.com, rule URIBL_RED
Nov 30 16:45:22.708 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_RED
DNSBL:bwspot.com:multi.uribl.com
Nov 30 16:45:22.708 [11935] dbg: uridnsbl: bwspot.com . multi.uribl.com ->
127.0.0.1, URIBL_RED, subtest:8
Nov 30 16:45:22.708 [11935] dbg: uridnsbl: bwspot.com . multi.uribl.com ->
127.0.0.1, URIBL_RED, 7f000001 & 00000008 no
Nov 30 16:45:22.708 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.uribl.com, rule URIBL_BLOCKED
Nov 30 16:45:22.709 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_BLOCKED DNSBL:bwspot.com:multi.uribl.com
Nov 30 16:45:22.709 [11935] dbg: uridnsbl: bwspot.com . multi.uribl.com ->
127.0.0.1, URIBL_BLOCKED, subtest:1
Nov 30 16:45:22.709 [11935] dbg: uridnsbl: bwspot.com . multi.uribl.com ->
127.0.0.1, URIBL_BLOCKED, 7f000001 & 00000001 match
Nov 30 16:45:22.709 [11935] dbg: uridnsbl: domain "bwspot.com" listed
(URIBL_BLOCKED): 127.0.0.1
Nov 30 16:45:22.710 [11935] dbg: dns: URIBL_BLOCKED lookup finished
Nov 30 16:45:22.710 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.uribl.com, rule URIBL_GREY
Nov 30 16:45:22.710 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_GREY DNSBL:bwspot.com:multi.uribl.com
Nov 30 16:45:22.710 [11935] dbg: uridnsbl: bwspot.com . multi.uribl.com ->
127.0.0.1, URIBL_GREY, subtest:4
Nov 30 16:45:22.711 [11935] dbg: uridnsbl: bwspot.com . multi.uribl.com ->
127.0.0.1, URIBL_GREY, 7f000001 & 00000004 no
Nov 30 16:45:22.711 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.uribl.com, rule URIBL_BLACK
Nov 30 16:45:22.711 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_BLACK DNSBL:bwspot.com:multi.uribl.com
Nov 30 16:45:22.711 [11935] dbg: uridnsbl: bwspot.com . multi.uribl.com ->
127.0.0.1, URIBL_BLACK, subtest:2
Nov 30 16:45:22.712 [11935] dbg: uridnsbl: bwspot.com . multi.uribl.com ->
127.0.0.1, URIBL_BLACK, 7f000001 & 00000002 no
Nov 30 16:45:22.712 [11935] dbg: dns: dns reply to
52891/IN/A/bwspot.com.multi.surbl.org: NXDOMAIN
Nov 30 16:45:22.713 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.surbl.org, rule URIBL_PH_SURBL
Nov 30 16:45:22.713 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_PH_SURBL DNSBL:bwspot.com:multi.surbl.org
Nov 30 16:45:22.713 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.surbl.org, rule URIBL_WS_SURBL
Nov 30 16:45:22.713 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_WS_SURBL DNSBL:bwspot.com:multi.surbl.org
Nov 30 16:45:22.713 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.surbl.org, rule URIBL_MW_SURBL
Nov 30 16:45:22.714 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_MW_SURBL DNSBL:bwspot.com:multi.surbl.org
Nov 30 16:45:22.714 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.surbl.org, rule URIBL_AB_SURBL
Nov 30 16:45:22.714 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_AB_SURBL DNSBL:bwspot.com:multi.surbl.org
Nov 30 16:45:22.714 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.surbl.org, rule URIBL_JP_SURBL
Nov 30 16:45:22.715 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_JP_SURBL DNSBL:bwspot.com:multi.surbl.org
Nov 30 16:45:22.715 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:multi.surbl.org, rule URIBL_SC_SURBL
Nov 30 16:45:22.715 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SC_SURBL DNSBL:bwspot.com:multi.surbl.org
Nov 30 16:45:22.716 [11935] dbg: dns: dns reply to
40275/IN/A/bwspot.com.dob.sibl.support-intelligence.net: NXDOMAIN
Nov 30 16:45:22.716 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:dob.sibl.support-intelligence.net, rule URIBL_RHS_DOB
Nov 30 16:45:22.716 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_RHS_DOB DNSBL:bwspot.com:dob.sibl.support-intelligence.net
Nov 30 16:45:22.717 [11935] dbg: dns: dns reply 42289 is OK, 4 answer records
Nov 30 16:45:22.717 [11935] dbg: async: calling callback on key NS:bwspot.com
Nov 30 16:45:22.717 [11935] dbg: uridnsbl: complete_ns_lookup NS:bwspot.com
Nov 30 16:45:22.718 [11935] dbg: uridnsbl: got(1) NS for bwspot.com:
bwspot.com. 12 IN NS ns24.cloudns.net.
Nov 30 16:45:22.718 [11935] dbg: async: launching A/ns24.cloudns.net for
A:ns24.cloudns.net
Nov 30 16:45:22.718 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.719 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.719 [11935] dbg: dns: providing a callback for id:
11115/IN/A/ns24.cloudns.net
Nov 30 16:45:22.719 [11935] dbg: async: starting: URI-A,
A:ns24.cloudns.net (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.720 [11935] dbg: uridnsbl: got(2) NS for bwspot.com:
bwspot.com. 12 IN NS ns21.cloudns.net.
Nov 30 16:45:22.720 [11935] dbg: async: launching A/ns21.cloudns.net for
A:ns21.cloudns.net
Nov 30 16:45:22.720 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.721 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.721 [11935] dbg: dns: providing a callback for id:
45615/IN/A/ns21.cloudns.net
Nov 30 16:45:22.721 [11935] dbg: async: starting: URI-A,
A:ns21.cloudns.net (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.722 [11935] dbg: uridnsbl: got(3) NS for bwspot.com:
bwspot.com. 12 IN NS ns22.cloudns.net.
Nov 30 16:45:22.722 [11935] dbg: async: launching A/ns22.cloudns.net for
A:ns22.cloudns.net
Nov 30 16:45:22.722 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.723 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.723 [11935] dbg: dns: providing a callback for id:
4617/IN/A/ns22.cloudns.net
Nov 30 16:45:22.723 [11935] dbg: async: starting: URI-A,
A:ns22.cloudns.net (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.724 [11935] dbg: uridnsbl: got(4) NS for bwspot.com:
bwspot.com. 12 IN NS ns23.cloudns.net.
Nov 30 16:45:22.724 [11935] dbg: async: launching A/ns23.cloudns.net for
A:ns23.cloudns.net
Nov 30 16:45:22.724 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.724 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.725 [11935] dbg: dns: providing a callback for id:
2514/IN/A/ns23.cloudns.net
Nov 30 16:45:22.725 [11935] dbg: async: starting: URI-A,
A:ns23.cloudns.net (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.726 [11935] dbg: dns: dns reply 44676 is OK, 1 answer records
Nov 30 16:45:22.726 [11935] dbg: async: calling callback on key
A:aws.bwspot.com
Nov 30 16:45:22.726 [11935] dbg: uridnsbl: complete_a_lookup A:aws.bwspot.com
Nov 30 16:45:22.727 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
aws.bwspot.com: aws.bwspot.com. 12 IN A 54.244.239.249
Nov 30 16:45:22.727 [11935] dbg: async: query
26233/IN/A/249.239.244.54.sbl.spamhaus.org already underway, adding no.2
URIBL_SBL_A
Nov 30 16:45:22.727 [11935] dbg: async: query
7012/IN/A/249.239.244.54.zen.spamhaus.org already underway, adding no.2
URIBL_SBL
Nov 30 16:45:22.728 [11935] dbg: dns: dns reply 33051 is OK, 1 answer records
Nov 30 16:45:22.728 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.uribl.com, rule URIBL_RED
Nov 30 16:45:22.728 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_RED
DNSBL:quadranet.com:multi.uribl.com
Nov 30 16:45:22.729 [11935] dbg: uridnsbl: quadranet.com . multi.uribl.com
-> 127.0.0.1, URIBL_RED, subtest:8
Nov 30 16:45:22.729 [11935] dbg: uridnsbl: quadranet.com . multi.uribl.com
-> 127.0.0.1, URIBL_RED, 7f000001 & 00000008 no
Nov 30 16:45:22.729 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.uribl.com, rule URIBL_BLOCKED
Nov 30 16:45:22.729 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_BLOCKED DNSBL:quadranet.com:multi.uribl.com
Nov 30 16:45:22.730 [11935] dbg: uridnsbl: quadranet.com . multi.uribl.com
-> 127.0.0.1, URIBL_BLOCKED, subtest:1
Nov 30 16:45:22.730 [11935] dbg: uridnsbl: quadranet.com . multi.uribl.com
-> 127.0.0.1, URIBL_BLOCKED, 7f000001 & 00000001 match
Nov 30 16:45:22.730 [11935] dbg: uridnsbl: domain "quadranet.com" listed
(URIBL_BLOCKED): 127.0.0.1
Nov 30 16:45:22.730 [11935] dbg: dns: URIBL_BLOCKED lookup finished
Nov 30 16:45:22.731 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.uribl.com, rule URIBL_GREY
Nov 30 16:45:22.731 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_GREY DNSBL:quadranet.com:multi.uribl.com
Nov 30 16:45:22.731 [11935] dbg: uridnsbl: quadranet.com . multi.uribl.com
-> 127.0.0.1, URIBL_GREY, subtest:4
Nov 30 16:45:22.731 [11935] dbg: uridnsbl: quadranet.com . multi.uribl.com
-> 127.0.0.1, URIBL_GREY, 7f000001 & 00000004 no
Nov 30 16:45:22.732 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.uribl.com, rule URIBL_BLACK
Nov 30 16:45:22.732 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_BLACK DNSBL:quadranet.com:multi.uribl.com
Nov 30 16:45:22.732 [11935] dbg: uridnsbl: quadranet.com . multi.uribl.com
-> 127.0.0.1, URIBL_BLACK, subtest:2
Nov 30 16:45:22.732 [11935] dbg: uridnsbl: quadranet.com . multi.uribl.com
-> 127.0.0.1, URIBL_BLACK, 7f000001 & 00000002 no
Nov 30 16:45:22.733 [11935] dbg: dns: dns reply to
8944/IN/A/quadranet.com.multi.surbl.org: NXDOMAIN
Nov 30 16:45:22.733 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.surbl.org, rule URIBL_PH_SURBL
Nov 30 16:45:22.733 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_PH_SURBL DNSBL:quadranet.com:multi.surbl.org
Nov 30 16:45:22.734 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.surbl.org, rule URIBL_WS_SURBL
Nov 30 16:45:22.734 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_WS_SURBL DNSBL:quadranet.com:multi.surbl.org
Nov 30 16:45:22.734 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.surbl.org, rule URIBL_MW_SURBL
Nov 30 16:45:22.734 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_MW_SURBL DNSBL:quadranet.com:multi.surbl.org
Nov 30 16:45:22.735 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.surbl.org, rule URIBL_AB_SURBL
Nov 30 16:45:22.735 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_AB_SURBL DNSBL:quadranet.com:multi.surbl.org
Nov 30 16:45:22.735 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.surbl.org, rule URIBL_JP_SURBL
Nov 30 16:45:22.735 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_JP_SURBL DNSBL:quadranet.com:multi.surbl.org
Nov 30 16:45:22.736 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:multi.surbl.org, rule URIBL_SC_SURBL
Nov 30 16:45:22.736 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SC_SURBL DNSBL:quadranet.com:multi.surbl.org
Nov 30 16:45:22.737 [11935] dbg: dns: dns reply to
27170/IN/A/nt.ee.dbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.737 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:dbl.spamhaus.org, rule URIBL_DBL_SPAM
Nov 30 16:45:22.737 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_SPAM DNSBL:nt.ee:dbl.spamhaus.org
Nov 30 16:45:22.737 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:dbl.spamhaus.org, rule URIBL_DBL_REDIR
Nov 30 16:45:22.737 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_REDIR DNSBL:nt.ee:dbl.spamhaus.org
Nov 30 16:45:22.738 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:dbl.spamhaus.org, rule URIBL_DBL_ERROR
Nov 30 16:45:22.738 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_ERROR DNSBL:nt.ee:dbl.spamhaus.org
Nov 30 16:45:22.738 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:dbl.spamhaus.org, rule URIBL_DBL_SPAM
Nov 30 16:45:22.738 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_SPAM DNSBL:nt.ee:dbl.spamhaus.org
Nov 30 16:45:22.739 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:dbl.spamhaus.org, rule URIBL_DBL_REDIR
Nov 30 16:45:22.739 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_REDIR DNSBL:nt.ee:dbl.spamhaus.org
Nov 30 16:45:22.739 [11935] dbg: async: calling callback on key
DNSBL:nt.ee:dbl.spamhaus.org, rule URIBL_DBL_ERROR
Nov 30 16:45:22.739 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_ERROR DNSBL:nt.ee:dbl.spamhaus.org
Nov 30 16:45:22.740 [11935] dbg: dns: dns reply to
55808/IN/A/quadranet.com.dob.sibl.support-intelligence.net: NXDOMAIN
Nov 30 16:45:22.740 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:dob.sibl.support-intelligence.net, rule URIBL_RHS_DOB
Nov 30 16:45:22.741 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_RHS_DOB DNSBL:quadranet.com:dob.sibl.support-intelligence.net
Nov 30 16:45:22.741 [11935] dbg: dns: dns reply 36286 is OK, 2 answer records
Nov 30 16:45:22.741 [11935] dbg: async: calling callback on key
NS:quadranet.com
Nov 30 16:45:22.742 [11935] dbg: uridnsbl: complete_ns_lookup
NS:quadranet.com
Nov 30 16:45:22.742 [11935] dbg: uridnsbl: got(1) NS for quadranet.com:
quadranet.com. 12 IN NS ns1.quadranet.com.
Nov 30 16:45:22.743 [11935] dbg: async: launching A/ns1.quadranet.com for
A:ns1.quadranet.com
Nov 30 16:45:22.743 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.743 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.744 [11935] dbg: dns: providing a callback for id:
32882/IN/A/ns1.quadranet.com
Nov 30 16:45:22.744 [11935] dbg: async: starting: URI-A,
A:ns1.quadranet.com (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.744 [11935] dbg: uridnsbl: got(2) NS for quadranet.com:
quadranet.com. 12 IN NS ns2.quadranet.com.
Nov 30 16:45:22.745 [11935] dbg: async: launching A/ns2.quadranet.com for
A:ns2.quadranet.com
Nov 30 16:45:22.745 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.746 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.746 [11935] dbg: dns: providing a callback for id:
4385/IN/A/ns2.quadranet.com
Nov 30 16:45:22.746 [11935] dbg: async: starting: URI-A,
A:ns2.quadranet.com (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.747 [11935] dbg: dns: dns reply 61792 is OK, 1 answer records
Nov 30 16:45:22.747 [11935] dbg: async: calling callback on key
A:gua.ra.nt.ee
Nov 30 16:45:22.747 [11935] dbg: uridnsbl: complete_a_lookup A:gua.ra.nt.ee
Nov 30 16:45:22.748 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
gua.ra.nt.ee: gua.ra.nt.ee. 12 IN A 84.50.105.92
Nov 30 16:45:22.748 [11935] dbg: async: launching
A/92.105.50.84.sbl.spamhaus.org for DNSBL:92.105.50.84:sbl.spamhaus.org
Nov 30 16:45:22.748 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.749 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.749 [11935] dbg: dns: providing a callback for id:
39934/IN/A/92.105.50.84.sbl.spamhaus.org
Nov 30 16:45:22.749 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:92.105.50.84:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.750 [11935] dbg: async: launching
A/92.105.50.84.zen.spamhaus.org for DNSBL:92.105.50.84:zen.spamhaus.org
Nov 30 16:45:22.750 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.750 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.751 [11935] dbg: dns: providing a callback for id:
25814/IN/A/92.105.50.84.zen.spamhaus.org
Nov 30 16:45:22.751 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:92.105.50.84:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.752 [11935] dbg: dns: dns reply 50181 is OK, 1 answer records
Nov 30 16:45:22.752 [11935] dbg: async: calling callback on key
A:104.129.43.23.static.quadranet.com
Nov 30 16:45:22.752 [11935] dbg: uridnsbl: complete_a_lookup
A:104.129.43.23.static.quadranet.com
Nov 30 16:45:22.753 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
104.129.43.23.static.quadranet.com: 104.129.43.23.static.quadranet.com. 1
IN A 127.0.0.1
Nov 30 16:45:22.753 [11935] dbg: async: launching
A/1.0.0.127.sbl.spamhaus.org for DNSBL:1.0.0.127:sbl.spamhaus.org
Nov 30 16:45:22.753 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.754 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.754 [11935] dbg: dns: providing a callback for id:
51304/IN/A/1.0.0.127.sbl.spamhaus.org
Nov 30 16:45:22.754 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:1.0.0.127:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.755 [11935] dbg: async: launching
A/1.0.0.127.zen.spamhaus.org for DNSBL:1.0.0.127:zen.spamhaus.org
Nov 30 16:45:22.755 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.755 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.756 [11935] dbg: dns: providing a callback for id:
20454/IN/A/1.0.0.127.zen.spamhaus.org
Nov 30 16:45:22.756 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:1.0.0.127:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.757 [11935] dbg: dns: dns reply 33241 is OK, 1 answer records
Nov 30 16:45:22.757 [11935] dbg: async: calling callback on key A:ns1.nt.ee
Nov 30 16:45:22.757 [11935] dbg: uridnsbl: complete_a_lookup A:ns1.nt.ee
Nov 30 16:45:22.758 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns1.nt.ee: ns1.nt.ee. 13 IN A 84.50.105.92
Nov 30 16:45:22.758 [11935] dbg: async: query
39934/IN/A/92.105.50.84.sbl.spamhaus.org already underway, adding no.2
URIBL_SBL_A
Nov 30 16:45:22.759 [11935] dbg: async: query
25814/IN/A/92.105.50.84.zen.spamhaus.org already underway, adding no.2
URIBL_SBL
Nov 30 16:45:22.759 [11935] dbg: dns: dns reply 11069 is OK, 1 answer records
Nov 30 16:45:22.759 [11935] dbg: async: calling callback on key A:ns2.nt.ee
Nov 30 16:45:22.760 [11935] dbg: uridnsbl: complete_a_lookup A:ns2.nt.ee
Nov 30 16:45:22.760 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns2.nt.ee: ns2.nt.ee. 13 IN A 84.50.105.92
Nov 30 16:45:22.760 [11935] dbg: async: query
39934/IN/A/92.105.50.84.sbl.spamhaus.org already underway, adding no.3
URIBL_SBL_A
Nov 30 16:45:22.761 [11935] dbg: async: query
25814/IN/A/92.105.50.84.zen.spamhaus.org already underway, adding no.3
URIBL_SBL
Nov 30 16:45:22.761 [11935] dbg: dns: dns reply to
18640/IN/A/lexoncom.com.dbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.762 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:dbl.spamhaus.org, rule URIBL_DBL_SPAM
Nov 30 16:45:22.762 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_SPAM DNSBL:lexoncom.com:dbl.spamhaus.org
Nov 30 16:45:22.762 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:dbl.spamhaus.org, rule URIBL_DBL_REDIR
Nov 30 16:45:22.763 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_REDIR DNSBL:lexoncom.com:dbl.spamhaus.org
Nov 30 16:45:22.763 [11935] dbg: async: calling callback on key
DNSBL:lexoncom.com:dbl.spamhaus.org, rule URIBL_DBL_ERROR
Nov 30 16:45:22.763 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_ERROR DNSBL:lexoncom.com:dbl.spamhaus.org
Nov 30 16:45:22.764 [11935] dbg: dns: dns reply to
6473/IN/A/159.8.92.153.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.764 [11935] dbg: async: calling callback on key
DNSBL:159.8.92.153:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:22.764 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:159.8.92.153:sbl.spamhaus.org
Nov 30 16:45:22.765 [11935] dbg: dns: dns reply 45966 is OK, 1 answer records
Nov 30 16:45:22.765 [11935] dbg: async: calling callback on key
A:ns78.domaincontrol.com
Nov 30 16:45:22.765 [11935] dbg: uridnsbl: complete_a_lookup
A:ns78.domaincontrol.com
Nov 30 16:45:22.766 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns78.domaincontrol.com: ns78.domaincontrol.com. 13 IN A 208.109.255.49
Nov 30 16:45:22.766 [11935] dbg: async: launching
A/49.255.109.208.sbl.spamhaus.org for
DNSBL:49.255.109.208:sbl.spamhaus.org
Nov 30 16:45:22.767 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.767 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.768 [11935] dbg: dns: providing a callback for id:
57388/IN/A/49.255.109.208.sbl.spamhaus.org
Nov 30 16:45:22.768 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:49.255.109.208:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.768 [11935] dbg: async: launching
A/49.255.109.208.zen.spamhaus.org for
DNSBL:49.255.109.208:zen.spamhaus.org
Nov 30 16:45:22.769 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.769 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.770 [11935] dbg: dns: providing a callback for id:
61823/IN/A/49.255.109.208.zen.spamhaus.org
Nov 30 16:45:22.770 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:49.255.109.208:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.771 [11935] dbg: dns: dns reply 63065 is OK, 1 answer records
Nov 30 16:45:22.771 [11935] dbg: async: calling callback on key
A:ns77.domaincontrol.com
Nov 30 16:45:22.771 [11935] dbg: uridnsbl: complete_a_lookup
A:ns77.domaincontrol.com
Nov 30 16:45:22.771 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns77.domaincontrol.com: ns77.domaincontrol.com. 13 IN A 216.69.185.49
Nov 30 16:45:22.772 [11935] dbg: async: launching
A/49.185.69.216.sbl.spamhaus.org for DNSBL:49.185.69.216:sbl.spamhaus.org
Nov 30 16:45:22.772 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.773 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.773 [11935] dbg: dns: providing a callback for id:
64531/IN/A/49.185.69.216.sbl.spamhaus.org
Nov 30 16:45:22.773 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:49.185.69.216:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.774 [11935] dbg: async: launching
A/49.185.69.216.zen.spamhaus.org for DNSBL:49.185.69.216:zen.spamhaus.org
Nov 30 16:45:22.774 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.774 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.775 [11935] dbg: dns: providing a callback for id:
29620/IN/A/49.185.69.216.zen.spamhaus.org
Nov 30 16:45:22.775 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:49.185.69.216:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.776 [11935] dbg: dns: dns reply to
7012/IN/A/249.239.244.54.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.776 [11935] dbg: async: calling callback on key
DNSBL:249.239.244.54:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:22.776 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:249.239.244.54:zen.spamhaus.org
Nov 30 16:45:22.776 [11935] dbg: async: calling callback on key
DNSBL:249.239.244.54:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:22.777 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:249.239.244.54:zen.spamhaus.org
Nov 30 16:45:22.777 [11935] dbg: dns: dns reply 11115 is OK, 1 answer records
Nov 30 16:45:22.777 [11935] dbg: async: calling callback on key
A:ns24.cloudns.net
Nov 30 16:45:22.778 [11935] dbg: uridnsbl: complete_a_lookup
A:ns24.cloudns.net
Nov 30 16:45:22.778 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns24.cloudns.net: ns24.cloudns.net. 13 IN A 46.165.221.164
Nov 30 16:45:22.778 [11935] dbg: async: launching
A/164.221.165.46.sbl.spamhaus.org for
DNSBL:164.221.165.46:sbl.spamhaus.org
Nov 30 16:45:22.779 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.779 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.779 [11935] dbg: dns: providing a callback for id:
29076/IN/A/164.221.165.46.sbl.spamhaus.org
Nov 30 16:45:22.780 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:164.221.165.46:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.780 [11935] dbg: async: launching
A/164.221.165.46.zen.spamhaus.org for
DNSBL:164.221.165.46:zen.spamhaus.org
Nov 30 16:45:22.781 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.781 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.781 [11935] dbg: dns: providing a callback for id:
8637/IN/A/164.221.165.46.zen.spamhaus.org
Nov 30 16:45:22.782 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:164.221.165.46:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.782 [11935] dbg: dns: dns reply 45615 is OK, 1 answer records
Nov 30 16:45:22.782 [11935] dbg: async: calling callback on key
A:ns21.cloudns.net
Nov 30 16:45:22.783 [11935] dbg: uridnsbl: complete_a_lookup
A:ns21.cloudns.net
Nov 30 16:45:22.783 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns21.cloudns.net: ns21.cloudns.net. 13 IN A 109.201.133.61
Nov 30 16:45:22.783 [11935] dbg: async: launching
A/61.133.201.109.sbl.spamhaus.org for
DNSBL:61.133.201.109:sbl.spamhaus.org
Nov 30 16:45:22.784 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.784 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.784 [11935] dbg: dns: providing a callback for id:
1058/IN/A/61.133.201.109.sbl.spamhaus.org
Nov 30 16:45:22.785 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:61.133.201.109:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.785 [11935] dbg: async: launching
A/61.133.201.109.zen.spamhaus.org for
DNSBL:61.133.201.109:zen.spamhaus.org
Nov 30 16:45:22.785 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.786 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.786 [11935] dbg: dns: providing a callback for id:
23245/IN/A/61.133.201.109.zen.spamhaus.org
Nov 30 16:45:22.786 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:61.133.201.109:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.787 [11935] dbg: dns: dns reply 4617 is OK, 1 answer records
Nov 30 16:45:22.787 [11935] dbg: async: calling callback on key
A:ns22.cloudns.net
Nov 30 16:45:22.787 [11935] dbg: uridnsbl: complete_a_lookup
A:ns22.cloudns.net
Nov 30 16:45:22.788 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns22.cloudns.net: ns22.cloudns.net. 13 IN A 108.59.2.202
Nov 30 16:45:22.788 [11935] dbg: async: launching
A/202.2.59.108.sbl.spamhaus.org for DNSBL:202.2.59.108:sbl.spamhaus.org
Nov 30 16:45:22.788 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.789 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.789 [11935] dbg: dns: providing a callback for id:
1280/IN/A/202.2.59.108.sbl.spamhaus.org
Nov 30 16:45:22.790 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:202.2.59.108:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.790 [11935] dbg: async: launching
A/202.2.59.108.zen.spamhaus.org for DNSBL:202.2.59.108:zen.spamhaus.org
Nov 30 16:45:22.790 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.791 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.791 [11935] dbg: dns: providing a callback for id:
39281/IN/A/202.2.59.108.zen.spamhaus.org
Nov 30 16:45:22.791 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:202.2.59.108:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.792 [11935] dbg: dns: dns reply 2514 is OK, 1 answer records
Nov 30 16:45:22.792 [11935] dbg: async: calling callback on key
A:ns23.cloudns.net
Nov 30 16:45:22.792 [11935] dbg: uridnsbl: complete_a_lookup
A:ns23.cloudns.net
Nov 30 16:45:22.793 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns23.cloudns.net: ns23.cloudns.net. 13 IN A 79.137.84.65
Nov 30 16:45:22.793 [11935] dbg: async: launching
A/65.84.137.79.sbl.spamhaus.org for DNSBL:65.84.137.79:sbl.spamhaus.org
Nov 30 16:45:22.793 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.794 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.794 [11935] dbg: dns: providing a callback for id:
29677/IN/A/65.84.137.79.sbl.spamhaus.org
Nov 30 16:45:22.794 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:65.84.137.79:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.795 [11935] dbg: async: launching
A/65.84.137.79.zen.spamhaus.org for DNSBL:65.84.137.79:zen.spamhaus.org
Nov 30 16:45:22.795 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.795 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.796 [11935] dbg: dns: providing a callback for id:
46312/IN/A/65.84.137.79.zen.spamhaus.org
Nov 30 16:45:22.796 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:65.84.137.79:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.797 [11935] dbg: dns: dns reply 32882 is OK, 1 answer records
Nov 30 16:45:22.797 [11935] dbg: async: calling callback on key
A:ns1.quadranet.com
Nov 30 16:45:22.797 [11935] dbg: uridnsbl: complete_a_lookup
A:ns1.quadranet.com
Nov 30 16:45:22.797 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns1.quadranet.com: ns1.quadranet.com. 12 IN A 204.152.222.2
Nov 30 16:45:22.798 [11935] dbg: async: launching
A/2.222.152.204.sbl.spamhaus.org for DNSBL:2.222.152.204:sbl.spamhaus.org
Nov 30 16:45:22.798 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.798 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.799 [11935] dbg: dns: providing a callback for id:
53550/IN/A/2.222.152.204.sbl.spamhaus.org
Nov 30 16:45:22.799 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:2.222.152.204:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.799 [11935] dbg: async: launching
A/2.222.152.204.zen.spamhaus.org for DNSBL:2.222.152.204:zen.spamhaus.org
Nov 30 16:45:22.800 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.800 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.801 [11935] dbg: dns: providing a callback for id:
60682/IN/A/2.222.152.204.zen.spamhaus.org
Nov 30 16:45:22.801 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:2.222.152.204:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.801 [11935] dbg: dns: dns reply 4385 is OK, 1 answer records
Nov 30 16:45:22.802 [11935] dbg: async: calling callback on key
A:ns2.quadranet.com
Nov 30 16:45:22.802 [11935] dbg: uridnsbl: complete_a_lookup
A:ns2.quadranet.com
Nov 30 16:45:22.802 [11935] dbg: uridnsbl: complete_a_lookup got(1) A for
ns2.quadranet.com: ns2.quadranet.com. 12 IN A 204.152.223.2
Nov 30 16:45:22.803 [11935] dbg: async: launching
A/2.223.152.204.sbl.spamhaus.org for DNSBL:2.223.152.204:sbl.spamhaus.org
Nov 30 16:45:22.803 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.803 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.804 [11935] dbg: dns: providing a callback for id:
43923/IN/A/2.223.152.204.sbl.spamhaus.org
Nov 30 16:45:22.804 [11935] dbg: async: starting: URIBL_SBL_A, URI-DNSBL,
DNSBL:2.223.152.204:sbl.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.804 [11935] dbg: async: launching
A/2.223.152.204.zen.spamhaus.org for DNSBL:2.223.152.204:zen.spamhaus.org
Nov 30 16:45:22.805 [11935] dbg: dns: bgsend, DNS servers: [172.16.0.23]:53
Nov 30 16:45:22.805 [11935] dbg: dns: attempt 1/1, trying connect/sendto
to [172.16.0.23]:53
Nov 30 16:45:22.805 [11935] dbg: dns: providing a callback for id:
26442/IN/A/2.223.152.204.zen.spamhaus.org
Nov 30 16:45:22.806 [11935] dbg: async: starting: URIBL_SBL, URI-DNSBL,
DNSBL:2.223.152.204:zen.spamhaus.org (timeout 15.0s, min 3.0s)
Nov 30 16:45:22.806 [11935] dbg: dns: dns reply to
57388/IN/A/49.255.109.208.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.806 [11935] dbg: async: calling callback on key
DNSBL:49.255.109.208:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:22.807 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:49.255.109.208:sbl.spamhaus.org
Nov 30 16:45:22.807 [11935] dbg: dns: dns reply to
61823/IN/A/49.255.109.208.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.807 [11935] dbg: async: calling callback on key
DNSBL:49.255.109.208:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:22.808 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:49.255.109.208:zen.spamhaus.org
Nov 30 16:45:22.808 [11935] dbg: dns: dns reply to
29620/IN/A/49.185.69.216.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.808 [11935] dbg: async: calling callback on key
DNSBL:49.185.69.216:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:22.809 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:49.185.69.216:zen.spamhaus.org
Nov 30 16:45:22.809 [11935] dbg: dns: dns reply to
10629/IN/A/quadranet.com.dbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.809 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:dbl.spamhaus.org, rule URIBL_DBL_SPAM
Nov 30 16:45:22.810 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_SPAM DNSBL:quadranet.com:dbl.spamhaus.org
Nov 30 16:45:22.810 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:dbl.spamhaus.org, rule URIBL_DBL_REDIR
Nov 30 16:45:22.810 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_REDIR DNSBL:quadranet.com:dbl.spamhaus.org
Nov 30 16:45:22.811 [11935] dbg: async: calling callback on key
DNSBL:quadranet.com:dbl.spamhaus.org, rule URIBL_DBL_ERROR
Nov 30 16:45:22.811 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_ERROR DNSBL:quadranet.com:dbl.spamhaus.org
Nov 30 16:45:22.812 [11935] dbg: dns: dns reply to
35356/IN/A/159.8.92.153.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.812 [11935] dbg: async: calling callback on key
DNSBL:159.8.92.153:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:22.812 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:159.8.92.153:zen.spamhaus.org
Nov 30 16:45:22.813 [11935] dbg: async: select found no responses ready
(t.o.=0.0)
Nov 30 16:45:22.813 [11935] dbg: async: completed in 0.108 s:
URIBL_PH_SURBL, URI-DNSBL, DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:22.813 [11935] dbg: async: completed in 0.105 s: URIBL_RED,
URI-DNSBL, DNSBL:quadranet.com:multi.uribl.com
Nov 30 16:45:22.813 [11935] dbg: async: completed in 0.069 s: URIBL_SBL,
URI-DNSBL, DNSBL:249.239.244.54:zen.spamhaus.org
Nov 30 16:45:22.814 [11935] dbg: async: completed in 0.126 s: URIBL_SBL,
URI-DNSBL, DNSBL:159.8.92.153:zen.spamhaus.org
Nov 30 16:45:22.814 [11935] dbg: async: completed in 0.162 s:
URIBL_DBL_SPAM, URI-DNSBL, DNSBL:nt.ee:dbl.spamhaus.org
Nov 30 16:45:22.814 [11935] dbg: async: completed in 0.164 s:
URIBL_DBL_SPAM, URI-DNSBL, DNSBL:lexoncom.com:dbl.spamhaus.org
Nov 30 16:45:22.815 [11935] dbg: async: completed in 0.103 s: URIBL_RED,
URI-DNSBL, DNSBL:bwspot.com:multi.uribl.com
Nov 30 16:45:22.815 [11935] dbg: async: completed in 0.102 s:
URIBL_RHS_DOB, URI-DNSBL,
DNSBL:lexoncom.com:dob.sibl.support-intelligence.net
Nov 30 16:45:22.815 [11935] dbg: async: completed in 0.080 s: URI-A,
A:ns2.nt.ee
Nov 30 16:45:22.816 [11935] dbg: async: completed in 0.106 s:
URIBL_PH_SURBL, URI-DNSBL, DNSBL:bwspot.com:multi.surbl.org
Nov 30 16:45:22.816 [11935] dbg: async: completed in 0.102 s: URIBL_RED,
URI-DNSBL, DNSBL:lexoncom.com:multi.uribl.com
Nov 30 16:45:22.816 [11935] dbg: async: completed in 0.103 s:
URIBL_RHS_DOB, URI-DNSBL, DNSBL:nt.ee:dob.sibl.support-intelligence.net
Nov 30 16:45:22.816 [11935] dbg: async: completed in 0.099 s: URI-NS,
NS:bwspot.com
Nov 30 16:45:22.817 [11935] dbg: async: completed in 0.069 s: URI-A,
A:ns77.domaincontrol.com
Nov 30 16:45:22.817 [11935] dbg: async: completed in 0.061 s: URI-A,
A:ns21.cloudns.net
Nov 30 16:45:22.817 [11935] dbg: async: completed in 0.105 s:
URIBL_RHS_DOB, URI-DNSBL,
DNSBL:bwspot.com:dob.sibl.support-intelligence.net
Nov 30 16:45:22.817 [11935] dbg: async: completed in 0.095 s: URI-NS,
NS:nt.ee
Nov 30 16:45:22.818 [11935] dbg: async: completed in 0.101 s: URI-A,
A:lexoncom.com
Nov 30 16:45:22.818 [11935] dbg: async: completed in 0.108 s:
URIBL_PH_SURBL, URI-DNSBL, DNSBL:quadranet.com:multi.surbl.org
Nov 30 16:45:22.818 [11935] dbg: async: completed in 0.063 s: URI-A,
A:ns22.cloudns.net
Nov 30 16:45:22.818 [11935] dbg: async: completed in 0.111 s:
URIBL_RHS_DOB, URI-DNSBL,
DNSBL:quadranet.com:dob.sibl.support-intelligence.net
Nov 30 16:45:22.819 [11935] dbg: async: completed in 0.115 s: URI-A,
A:104.129.43.23.static.quadranet.com
Nov 30 16:45:22.819 [11935] dbg: async: completed in 0.103 s:
URIBL_PH_SURBL, URI-DNSBL, DNSBL:lexoncom.com:multi.surbl.org
Nov 30 16:45:22.819 [11935] dbg: async: completed in 0.055 s: URI-A,
A:ns2.quadranet.com
Nov 30 16:45:22.819 [11935] dbg: async: completed in 0.097 s: URI-NS,
NS:lexoncom.com
Nov 30 16:45:22.820 [11935] dbg: async: completed in 0.079 s: URI-A,
A:ns1.nt.ee
Nov 30 16:45:22.820 [11935] dbg: async: completed in 0.038 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:49.255.109.208:sbl.spamhaus.org
Nov 30 16:45:22.820 [11935] dbg: async: completed in 0.058 s: URI-A,
A:ns24.cloudns.net
Nov 30 16:45:22.821 [11935] dbg: async: completed in 0.065 s: URI-A,
A:ns78.domaincontrol.com
Nov 30 16:45:22.821 [11935] dbg: async: completed in 0.066 s: URI-A,
A:ns23.cloudns.net
Nov 30 16:45:22.821 [11935] dbg: async: completed in 0.037 s: URIBL_SBL,
URI-DNSBL, DNSBL:49.255.109.208:zen.spamhaus.org
Nov 30 16:45:22.821 [11935] dbg: async: completed in 0.177 s:
URIBL_DBL_SPAM, URI-DNSBL, DNSBL:quadranet.com:dbl.spamhaus.org
Nov 30 16:45:22.822 [11935] dbg: async: completed in 0.099 s: URIBL_RED,
URI-DNSBL, DNSBL:nt.ee:multi.uribl.com
Nov 30 16:45:22.822 [11935] dbg: async: completed in 0.099 s: URI-A, A:nt.ee
Nov 30 16:45:22.822 [11935] dbg: async: completed in 0.080 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:159.8.92.153:sbl.spamhaus.org
Nov 30 16:45:22.823 [11935] dbg: async: completed in 0.033 s: URIBL_SBL,
URI-DNSBL, DNSBL:49.185.69.216:zen.spamhaus.org
Nov 30 16:45:22.823 [11935] dbg: async: completed in 0.052 s: URI-A,
A:ns1.quadranet.com
Nov 30 16:45:22.823 [11935] dbg: async: completed in 0.106 s: URI-A,
A:aws.bwspot.com
Nov 30 16:45:22.823 [11935] dbg: async: completed in 0.101 s: URI-A,
A:gua.ra.nt.ee
Nov 30 16:45:22.824 [11935] dbg: async: completed in 0.106 s: URI-NS,
NS:quadranet.com
Nov 30 16:45:22.824 [11935] dbg: async: queries completed: 40, started: 34
Nov 30 16:45:22.824 [11935] dbg: async: queries active: URI-DNSBL=19 at
Thu Nov 30 16:45:22 2017
Nov 30 16:45:22.825 [11935] dbg: dns: harvested completed queries
Nov 30 16:45:22.825 [11935] dbg: plugin:
Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0x3c87dd0) implements
'check_rules_at_priority', priority 0
Nov 30 16:45:22.826 [11935] dbg: rules: running one_line_body tests; score
so far=0.001
Nov 30 16:45:22.826 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 524 chars of
Mail::SpamAssassin::Plugin::Check::_one_line_body_tests_neg1000_1
Nov 30 16:45:22.827 [11935] dbg: rules: run_generic_tests - compiling eval
code: one_line_body, priority -1000
Nov 30 16:45:22.827 [11935] dbg: rules: compiled one_line_body tests
Nov 30 16:45:22.828 [11935] dbg: plugin:
Mail::SpamAssassin::Plugin::Rule2XSBody=HASH(0x3c87dd0) implements
'run_body_fast_scan', priority 0
Nov 30 16:45:22.828 [11935] dbg: rules: running head tests; score so
far=0.001
Nov 30 16:45:22.829 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 304 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_neg1000_1
Nov 30 16:45:22.829 [11935] dbg: rules: run_generic_tests - compiling eval
code: head, priority -1000
Nov 30 16:45:22.830 [11935] dbg: rules: compiled head tests
Nov 30 16:45:22.830 [11935] dbg: dns: dns reply to
46312/IN/A/65.84.137.79.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.831 [11935] dbg: async: calling callback on key
DNSBL:65.84.137.79:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:22.831 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:65.84.137.79:zen.spamhaus.org
Nov 30 16:45:22.832 [11935] dbg: dns: dns reply to
25814/IN/A/92.105.50.84.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.832 [11935] dbg: async: calling callback on key
DNSBL:92.105.50.84:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:22.832 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:92.105.50.84:zen.spamhaus.org
Nov 30 16:45:22.833 [11935] dbg: async: calling callback on key
DNSBL:92.105.50.84:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:22.833 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:92.105.50.84:zen.spamhaus.org
Nov 30 16:45:22.833 [11935] dbg: async: calling callback on key
DNSBL:92.105.50.84:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:22.833 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:92.105.50.84:zen.spamhaus.org
Nov 30 16:45:22.834 [11935] dbg: dns: dns reply to
39934/IN/A/92.105.50.84.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:22.834 [11935] dbg: async: calling callback on key
DNSBL:92.105.50.84:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:22.834 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:92.105.50.84:sbl.spamhaus.org
Nov 30 16:45:22.835 [11935] dbg: async: calling callback on key
DNSBL:92.105.50.84:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:22.835 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:92.105.50.84:sbl.spamhaus.org
Nov 30 16:45:22.835 [11935] dbg: async: calling callback on key
DNSBL:92.105.50.84:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:22.835 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:92.105.50.84:sbl.spamhaus.org
Nov 30 16:45:22.836 [11935] dbg: async: select found no responses ready
(t.o.=0.0)
Nov 30 16:45:22.836 [11935] dbg: async: completed in 0.034 s: URIBL_SBL,
URI-DNSBL, DNSBL:65.84.137.79:zen.spamhaus.org
Nov 30 16:45:22.836 [11935] dbg: async: completed in 0.084 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:92.105.50.84:sbl.spamhaus.org
Nov 30 16:45:22.836 [11935] dbg: async: completed in 0.080 s: URIBL_SBL,
URI-DNSBL, DNSBL:92.105.50.84:zen.spamhaus.org
Nov 30 16:45:22.837 [11935] dbg: async: queries completed: 3, started: 0
Nov 30 16:45:22.837 [11935] dbg: async: queries active: URI-DNSBL=16 at
Thu Nov 30 16:45:22 2017
Nov 30 16:45:22.837 [11935] dbg: dns: harvested completed queries
Nov 30 16:45:22.837 [11935] dbg: rules: running head_eval tests; score so
far=0.001
Nov 30 16:45:22.838 [11935] dbg: rules: run_eval_tests - compiling eval
code: 9, priority -1000
Nov 30 16:45:22.840 [11935] dbg: eval: all '*From' addrs:
MAILER-DAEMON@aws.bwspot.com
Nov 30 16:45:22.841 [11935] dbg: eval: all '*To' addrs:
Nov 30 16:45:22.841 [11935] dbg: rules: running body tests; score so
far=0.001
Nov 30 16:45:22.841 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 247 chars of
Mail::SpamAssassin::Plugin::Check::_body_tests_neg1000_1
Nov 30 16:45:22.842 [11935] dbg: rules: run_generic_tests - compiling eval
code: body, priority -1000
Nov 30 16:45:22.842 [11935] dbg: rules: compiled body tests
Nov 30 16:45:22.843 [11935] dbg: rules: running uri tests; score so far=0.001
Nov 30 16:45:22.843 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 245 chars of
Mail::SpamAssassin::Plugin::Check::_uri_tests_neg1000_1
Nov 30 16:45:22.844 [11935] dbg: rules: run_generic_tests - compiling eval
code: uri, priority -1000
Nov 30 16:45:22.844 [11935] dbg: rules: compiled uri tests
Nov 30 16:45:22.844 [11935] dbg: rules: running rawbody tests; score so
far=0.001
Nov 30 16:45:22.845 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 253 chars of
Mail::SpamAssassin::Plugin::Check::_rawbody_tests_neg1000_1
Nov 30 16:45:22.845 [11935] dbg: rules: run_generic_tests - compiling eval
code: rawbody, priority -1000
Nov 30 16:45:22.846 [11935] dbg: rules: compiled rawbody tests
Nov 30 16:45:22.846 [11935] dbg: rules: running full tests; score so
far=0.001
Nov 30 16:45:22.847 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 282 chars of
Mail::SpamAssassin::Plugin::Check::_full_tests_neg1000_1
Nov 30 16:45:22.847 [11935] dbg: rules: run_generic_tests - compiling eval
code: full, priority -1000
Nov 30 16:45:22.847 [11935] dbg: rules: compiled full tests
Nov 30 16:45:22.848 [11935] dbg: rules: running meta tests; score so
far=0.001
Nov 30 16:45:22.848 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 307 chars of
Mail::SpamAssassin::Plugin::Check::_meta_tests_neg1000_1
Nov 30 16:45:22.848 [11935] dbg: rules: run_generic_tests - compiling eval
code: meta, priority -1000
Nov 30 16:45:22.849 [11935] dbg: rules: compiled meta tests
Nov 30 16:45:22.849 [11935] dbg: check: running tests for priority: -950
Nov 30 16:45:22.850 [11935] dbg: rules: running one_line_body tests; score
so far=0.001
Nov 30 16:45:22.850 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 521 chars of
Mail::SpamAssassin::Plugin::Check::_one_line_body_tests_neg950_1
Nov 30 16:45:22.850 [11935] dbg: rules: run_generic_tests - compiling eval
code: one_line_body, priority -950
Nov 30 16:45:22.851 [11935] dbg: rules: compiled one_line_body tests
Nov 30 16:45:22.851 [11935] dbg: rules: running head tests; score so
far=0.001
Nov 30 16:45:22.852 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 302 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_neg950_1
Nov 30 16:45:22.852 [11935] dbg: rules: run_generic_tests - compiling eval
code: head, priority -950
Nov 30 16:45:22.852 [11935] dbg: rules: compiled head tests
Nov 30 16:45:22.853 [11935] dbg: rules: running head_eval tests; score so
far=0.001
Nov 30 16:45:22.853 [11935] dbg: rules: run_eval_tests - compiling eval
code: 9, priority -950
Nov 30 16:45:22.854 [11935] dbg: rules: running body tests; score so
far=0.001
Nov 30 16:45:22.854 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 245 chars of
Mail::SpamAssassin::Plugin::Check::_body_tests_neg950_1
Nov 30 16:45:22.855 [11935] dbg: rules: run_generic_tests - compiling eval
code: body, priority -950
Nov 30 16:45:22.855 [11935] dbg: rules: compiled body tests
Nov 30 16:45:22.856 [11935] dbg: rules: running uri tests; score so far=0.001
Nov 30 16:45:22.856 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 243 chars of
Mail::SpamAssassin::Plugin::Check::_uri_tests_neg950_1
Nov 30 16:45:22.856 [11935] dbg: rules: run_generic_tests - compiling eval
code: uri, priority -950
Nov 30 16:45:22.857 [11935] dbg: rules: compiled uri tests
Nov 30 16:45:22.857 [11935] dbg: rules: running body_eval tests; score so
far=0.001
Nov 30 16:45:22.857 [11935] dbg: rules: run_eval_tests - compiling eval
code: 11, priority -950
Nov 30 16:45:22.858 [11935] dbg: rules: running rawbody tests; score so
far=0.001
Nov 30 16:45:22.858 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 251 chars of
Mail::SpamAssassin::Plugin::Check::_rawbody_tests_neg950_1
Nov 30 16:45:22.859 [11935] dbg: rules: run_generic_tests - compiling eval
code: rawbody, priority -950
Nov 30 16:45:22.859 [11935] dbg: rules: compiled rawbody tests
Nov 30 16:45:22.859 [11935] dbg: rules: running full tests; score so
far=0.001
Nov 30 16:45:22.860 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 280 chars of
Mail::SpamAssassin::Plugin::Check::_full_tests_neg950_1
Nov 30 16:45:22.860 [11935] dbg: rules: run_generic_tests - compiling eval
code: full, priority -950
Nov 30 16:45:22.861 [11935] dbg: rules: compiled full tests
Nov 30 16:45:22.861 [11935] dbg: rules: running meta tests; score so
far=0.001
Nov 30 16:45:22.861 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 305 chars of
Mail::SpamAssassin::Plugin::Check::_meta_tests_neg950_1
Nov 30 16:45:22.862 [11935] dbg: rules: run_generic_tests - compiling eval
code: meta, priority -950
Nov 30 16:45:22.862 [11935] dbg: rules: compiled meta tests
Nov 30 16:45:22.863 [11935] dbg: check: running tests for priority: -900
Nov 30 16:45:22.863 [11935] dbg: rules: running one_line_body tests; score
so far=0.001
Nov 30 16:45:22.863 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 521 chars of
Mail::SpamAssassin::Plugin::Check::_one_line_body_tests_neg900_1
Nov 30 16:45:22.864 [11935] dbg: rules: run_generic_tests - compiling eval
code: one_line_body, priority -900
Nov 30 16:45:22.864 [11935] dbg: rules: compiled one_line_body tests
Nov 30 16:45:22.865 [11935] dbg: rules: running head tests; score so
far=0.001
Nov 30 16:45:22.865 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 302 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_neg900_1
Nov 30 16:45:22.867 [11935] dbg: rules: run_generic_tests - compiling eval
code: head, priority -900
Nov 30 16:45:22.868 [11935] dbg: rules: compiled head tests
Nov 30 16:45:22.868 [11935] dbg: rules: running head_eval tests; score so
far=0.001
Nov 30 16:45:22.868 [11935] dbg: rules: run_eval_tests - compiling eval
code: 9, priority -900
Nov 30 16:45:22.870 [11935] dbg: rules: running body tests; score so
far=0.001
Nov 30 16:45:22.870 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 245 chars of
Mail::SpamAssassin::Plugin::Check::_body_tests_neg900_1
Nov 30 16:45:22.871 [11935] dbg: rules: run_generic_tests - compiling eval
code: body, priority -900
Nov 30 16:45:22.871 [11935] dbg: rules: compiled body tests
Nov 30 16:45:22.871 [11935] dbg: rules: running uri tests; score so far=0.001
Nov 30 16:45:22.872 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 243 chars of
Mail::SpamAssassin::Plugin::Check::_uri_tests_neg900_1
Nov 30 16:45:22.872 [11935] dbg: rules: run_generic_tests - compiling eval
code: uri, priority -900
Nov 30 16:45:22.873 [11935] dbg: rules: compiled uri tests
Nov 30 16:45:22.873 [11935] dbg: rules: running body_eval tests; score so
far=0.001
Nov 30 16:45:22.873 [11935] dbg: rules: run_eval_tests - compiling eval
code: 11, priority -900
Nov 30 16:45:22.874 [11935] dbg: rules: running rawbody tests; score so
far=0.001
Nov 30 16:45:22.874 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 251 chars of
Mail::SpamAssassin::Plugin::Check::_rawbody_tests_neg900_1
Nov 30 16:45:22.875 [11935] dbg: rules: run_generic_tests - compiling eval
code: rawbody, priority -900
Nov 30 16:45:22.875 [11935] dbg: rules: compiled rawbody tests
Nov 30 16:45:22.875 [11935] dbg: rules: running full tests; score so
far=0.001
Nov 30 16:45:22.876 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 280 chars of
Mail::SpamAssassin::Plugin::Check::_full_tests_neg900_1
Nov 30 16:45:22.876 [11935] dbg: rules: run_generic_tests - compiling eval
code: full, priority -900
Nov 30 16:45:22.877 [11935] dbg: rules: compiled full tests
Nov 30 16:45:22.877 [11935] dbg: rules: running meta tests; score so
far=0.001
Nov 30 16:45:22.878 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 305 chars of
Mail::SpamAssassin::Plugin::Check::_meta_tests_neg900_1
Nov 30 16:45:22.878 [11935] dbg: rules: run_generic_tests - compiling eval
code: meta, priority -900
Nov 30 16:45:22.879 [11935] dbg: rules: compiled meta tests
Nov 30 16:45:22.879 [11935] dbg: check: running tests for priority: -400
Nov 30 16:45:22.879 [11935] dbg: rules: running one_line_body tests; score
so far=0.001
Nov 30 16:45:22.880 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 521 chars of
Mail::SpamAssassin::Plugin::Check::_one_line_body_tests_neg400_1
Nov 30 16:45:22.880 [11935] dbg: rules: run_generic_tests - compiling eval
code: one_line_body, priority -400
Nov 30 16:45:22.881 [11935] dbg: rules: compiled one_line_body tests
Nov 30 16:45:22.881 [11935] dbg: rules: running head tests; score so
far=0.001
Nov 30 16:45:22.882 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 302 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_neg400_1
Nov 30 16:45:22.882 [11935] dbg: rules: run_generic_tests - compiling eval
code: head, priority -400
Nov 30 16:45:22.882 [11935] dbg: rules: compiled head tests
Nov 30 16:45:22.883 [11935] dbg: rules: running body tests; score so
far=0.001
Nov 30 16:45:22.883 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 245 chars of
Mail::SpamAssassin::Plugin::Check::_body_tests_neg400_1
Nov 30 16:45:22.884 [11935] dbg: rules: run_generic_tests - compiling eval
code: body, priority -400
Nov 30 16:45:22.884 [11935] dbg: rules: compiled body tests
Nov 30 16:45:22.884 [11935] dbg: rules: running uri tests; score so far=0.001
Nov 30 16:45:22.885 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 243 chars of
Mail::SpamAssassin::Plugin::Check::_uri_tests_neg400_1
Nov 30 16:45:22.885 [11935] dbg: rules: run_generic_tests - compiling eval
code: uri, priority -400
Nov 30 16:45:22.885 [11935] dbg: rules: compiled uri tests
Nov 30 16:45:22.886 [11935] dbg: rules: running body_eval tests; score so
far=0.001
Nov 30 16:45:22.886 [11935] dbg: rules: run_eval_tests - compiling eval
code: 11, priority -400
Nov 30 16:45:22.887 [11935] dbg: rules: running rawbody tests; score so
far=0.001
Nov 30 16:45:22.887 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 251 chars of
Mail::SpamAssassin::Plugin::Check::_rawbody_tests_neg400_1
Nov 30 16:45:22.887 [11935] dbg: rules: run_generic_tests - compiling eval
code: rawbody, priority -400
Nov 30 16:45:22.888 [11935] dbg: rules: compiled rawbody tests
Nov 30 16:45:22.888 [11935] dbg: rules: running full tests; score so
far=0.001
Nov 30 16:45:22.889 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 280 chars of
Mail::SpamAssassin::Plugin::Check::_full_tests_neg400_1
Nov 30 16:45:22.889 [11935] dbg: rules: run_generic_tests - compiling eval
code: full, priority -400
Nov 30 16:45:22.890 [11935] dbg: rules: compiled full tests
Nov 30 16:45:22.891 [11935] dbg: rules: running meta tests; score so
far=0.001
Nov 30 16:45:22.891 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 305 chars of
Mail::SpamAssassin::Plugin::Check::_meta_tests_neg400_1
Nov 30 16:45:22.892 [11935] dbg: rules: run_generic_tests - compiling eval
code: meta, priority -400
Nov 30 16:45:22.892 [11935] dbg: rules: compiled meta tests
Nov 30 16:45:22.893 [11935] dbg: check: running tests for priority: 0
Nov 30 16:45:22.893 [11935] dbg: rules: running one_line_body tests; score
so far=0.001
Nov 30 16:45:22.905 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 510 chars of
Mail::SpamAssassin::Plugin::Check::_one_line_body_tests_0_1
Nov 30 16:45:22.906 [11935] dbg: rules: run_generic_tests - compiling eval
code: one_line_body, priority 0
Nov 30 16:45:22.948 [11935] dbg: rules: compiled one_line_body tests
Nov 30 16:45:22.949 [11935] dbg: zoom: run_body_fast_scan for body_0 start
Nov 30 16:45:22.951 [11935] dbg: rules: ran one_line_body rule
__DOS_BODY_SAT ======> got hit: "Sat"
Nov 30 16:45:22.953 [11935] dbg: rules: ran one_line_body rule __FRAUD_IOU
======> got hit: "risk free"
Nov 30 16:45:22.953 [11935] dbg: rules: ran one_line_body rule __FRAUD_IOV
======> got hit: "risk free"
Nov 30 16:45:22.954 [11935] dbg: rules: ran one_line_body rule __HUSH_HUSH
======> got hit: "secret"
Nov 30 16:45:22.955 [11935] dbg: rules: ran one_line_body rule
__SUBSCRIPTION_INFO ======> got hit: "Unsubscrib"
Nov 30 16:45:22.958 [11935] dbg: rules: ran one_line_body rule
__SUBSCRIPTION_INFO ======> got hit: "Unsubscrib"
Nov 30 16:45:22.959 [11935] dbg: rules: ran one_line_body rule __HUSH_HUSH
======> got hit: "secret"
Nov 30 16:45:22.961 [11935] dbg: zoom: run_body_fast_scan for body_0 done
Nov 30 16:45:22.962 [11935] dbg: rules: running head tests; score so
far=0.001
Nov 30 16:45:22.979 [11935] dbg: rules: flush_evalstr (add_evalstr)
compiling 60308 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_0_1
Nov 30 16:45:22.993 [11935] dbg: rules: flush_evalstr (add_evalstr)
compiling 60311 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_0_2
Nov 30 16:45:23.007 [11935] dbg: rules: flush_evalstr (add_evalstr)
compiling 60179 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_0_3
Nov 30 16:45:23.020 [11935] dbg: rules: flush_evalstr (add_evalstr)
compiling 60275 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_0_4
Nov 30 16:45:23.033 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 58202 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_0_5
Nov 30 16:45:23.043 [11935] dbg: rules: run_generic_tests - compiling eval
code: head, priority 0
Nov 30 16:45:23.043 [11935] dbg: rules: compiled head tests
Nov 30 16:45:23.044 [11935] dbg: rules: ran header rule __SENDER_BOT
======> got hit: "DAEMON@a"
Nov 30 16:45:23.045 [11935] dbg: rules: ran header rule __HAS_SUBJECT
======> got hit: "<YES>"
Nov 30 16:45:23.046 [11935] dbg: rules: ran header rule __HAS_MESSAGE_ID
======> got hit: "<YES>"
Nov 30 16:45:23.046 [11935] dbg: rules: ran header rule __HAS_DATE ======>
got hit: "<YES>"
Nov 30 16:45:23.047 [11935] dbg: rules: ran header rule __MSGID_OK_DIGITS
======> got hit: "1492034127"
Nov 30 16:45:23.048 [11935] dbg: rules: ran header rule __MSGID_OK_HOST
======> got hit: "@aws.bwspot.com>"
Nov 30 16:45:23.048 [11935] dbg: rules: ran header rule __HAS_FROM ======>
got hit: "<YES>"
Nov 30 16:45:23.049 [11935] dbg: rules: ran header rule __SANE_MSGID
======> got hit: "<14...@aws.bwspot.com>
Nov 30 16:45:23.049 [11935] dbg: rules: [...] "
Nov 30 16:45:23.050 [11935] dbg: rules: ran header rule __HAS_MSGID
======> got hit: "<"
Nov 30 16:45:23.050 [11935] dbg: rules: ran header rule __MISSING_REF
======> got hit: "UNSET"
Nov 30 16:45:23.050 [11935] dbg: rules: ran header rule __MISSING_REPLY
======> got hit: "UNSET"
Nov 30 16:45:23.051 [11935] dbg: rules: ran header rule __TO_NO_ARROWS_R
======> got hit: "negative match"
Nov 30 16:45:23.053 [11935] dbg: dns: dns reply to
29677/IN/A/65.84.137.79.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.053 [11935] dbg: async: calling callback on key
DNSBL:65.84.137.79:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.053 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:65.84.137.79:sbl.spamhaus.org
Nov 30 16:45:23.054 [11935] dbg: dns: dns reply to
64531/IN/A/49.185.69.216.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.054 [11935] dbg: async: calling callback on key
DNSBL:49.185.69.216:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.054 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:49.185.69.216:sbl.spamhaus.org
Nov 30 16:45:23.055 [11935] dbg: dns: dns reply to
1280/IN/A/202.2.59.108.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.055 [11935] dbg: async: calling callback on key
DNSBL:202.2.59.108:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.055 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:202.2.59.108:sbl.spamhaus.org
Nov 30 16:45:23.056 [11935] dbg: dns: dns reply to
29076/IN/A/164.221.165.46.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.056 [11935] dbg: async: calling callback on key
DNSBL:164.221.165.46:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.057 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:164.221.165.46:sbl.spamhaus.org
Nov 30 16:45:23.057 [11935] dbg: dns: dns reply to
64480/IN/A/bwspot.com.dbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.058 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:dbl.spamhaus.org, rule URIBL_DBL_SPAM
Nov 30 16:45:23.058 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_SPAM DNSBL:bwspot.com:dbl.spamhaus.org
Nov 30 16:45:23.058 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:dbl.spamhaus.org, rule URIBL_DBL_REDIR
Nov 30 16:45:23.058 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_REDIR DNSBL:bwspot.com:dbl.spamhaus.org
Nov 30 16:45:23.059 [11935] dbg: async: calling callback on key
DNSBL:bwspot.com:dbl.spamhaus.org, rule URIBL_DBL_ERROR
Nov 30 16:45:23.059 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_DBL_ERROR DNSBL:bwspot.com:dbl.spamhaus.org
Nov 30 16:45:23.060 [11935] dbg: dns: dns reply to
26233/IN/A/249.239.244.54.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.060 [11935] dbg: async: calling callback on key
DNSBL:249.239.244.54:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.060 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:249.239.244.54:sbl.spamhaus.org
Nov 30 16:45:23.060 [11935] dbg: async: calling callback on key
DNSBL:249.239.244.54:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.061 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:249.239.244.54:sbl.spamhaus.org
Nov 30 16:45:23.061 [11935] dbg: dns: dns reply to
8637/IN/A/164.221.165.46.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.062 [11935] dbg: async: calling callback on key
DNSBL:164.221.165.46:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:23.062 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:164.221.165.46:zen.spamhaus.org
Nov 30 16:45:23.063 [11935] dbg: dns: dns reply to
20454/IN/A/1.0.0.127.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.063 [11935] dbg: async: calling callback on key
DNSBL:1.0.0.127:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:23.063 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:1.0.0.127:zen.spamhaus.org
Nov 30 16:45:23.064 [11935] dbg: dns: dns reply to
39281/IN/A/202.2.59.108.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.064 [11935] dbg: async: calling callback on key
DNSBL:202.2.59.108:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:23.064 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:202.2.59.108:zen.spamhaus.org
Nov 30 16:45:23.065 [11935] dbg: dns: dns reply to
23245/IN/A/61.133.201.109.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.065 [11935] dbg: async: calling callback on key
DNSBL:61.133.201.109:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:23.065 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:61.133.201.109:zen.spamhaus.org
Nov 30 16:45:23.066 [11935] dbg: dns: dns reply to
43923/IN/A/2.223.152.204.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.066 [11935] dbg: async: calling callback on key
DNSBL:2.223.152.204:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.067 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:2.223.152.204:sbl.spamhaus.org
Nov 30 16:45:23.067 [11935] dbg: dns: dns reply to
60682/IN/A/2.222.152.204.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.067 [11935] dbg: async: calling callback on key
DNSBL:2.222.152.204:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:23.068 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:2.222.152.204:zen.spamhaus.org
Nov 30 16:45:23.068 [11935] dbg: dns: dns reply to
53550/IN/A/2.222.152.204.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.069 [11935] dbg: async: calling callback on key
DNSBL:2.222.152.204:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.069 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:2.222.152.204:sbl.spamhaus.org
Nov 30 16:45:23.069 [11935] dbg: dns: dns reply to
26442/IN/A/2.223.152.204.zen.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.070 [11935] dbg: async: calling callback on key
DNSBL:2.223.152.204:zen.spamhaus.org, rule URIBL_SBL
Nov 30 16:45:23.070 [11935] dbg: uridnsbl: complete_dnsbl_lookup URIBL_SBL
DNSBL:2.223.152.204:zen.spamhaus.org
Nov 30 16:45:23.071 [11935] dbg: dns: dns reply to
1058/IN/A/61.133.201.109.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.071 [11935] dbg: async: calling callback on key
DNSBL:61.133.201.109:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.071 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:61.133.201.109:sbl.spamhaus.org
Nov 30 16:45:23.072 [11935] dbg: dns: dns reply to
51304/IN/A/1.0.0.127.sbl.spamhaus.org: NXDOMAIN
Nov 30 16:45:23.072 [11935] dbg: async: calling callback on key
DNSBL:1.0.0.127:sbl.spamhaus.org, rule URIBL_SBL_A
Nov 30 16:45:23.072 [11935] dbg: uridnsbl: complete_dnsbl_lookup
URIBL_SBL_A DNSBL:1.0.0.127:sbl.spamhaus.org
Nov 30 16:45:23.073 [11935] dbg: async: select found no responses ready
(t.o.=0.0)
Nov 30 16:45:23.073 [11935] dbg: async: completed in 0.317 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:1.0.0.127:sbl.spamhaus.org
Nov 30 16:45:23.073 [11935] dbg: async: completed in 0.265 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:202.2.59.108:sbl.spamhaus.org
Nov 30 16:45:23.074 [11935] dbg: async: completed in 0.280 s: URIBL_SBL,
URI-DNSBL, DNSBL:164.221.165.46:zen.spamhaus.org
Nov 30 16:45:23.074 [11935] dbg: async: completed in 0.280 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:49.185.69.216:sbl.spamhaus.org
Nov 30 16:45:23.074 [11935] dbg: async: completed in 0.266 s: URIBL_SBL,
URI-DNSBL, DNSBL:2.222.152.204:zen.spamhaus.org
Nov 30 16:45:23.075 [11935] dbg: async: completed in 0.443 s:
URIBL_DBL_SPAM, URI-DNSBL, DNSBL:bwspot.com:dbl.spamhaus.org
Nov 30 16:45:23.075 [11935] dbg: async: completed in 0.306 s: URIBL_SBL,
URI-DNSBL, DNSBL:1.0.0.127:zen.spamhaus.org
Nov 30 16:45:23.075 [11935] dbg: async: completed in 0.276 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:164.221.165.46:sbl.spamhaus.org
Nov 30 16:45:23.075 [11935] dbg: async: completed in 0.286 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:61.133.201.109:sbl.spamhaus.org
Nov 30 16:45:23.076 [11935] dbg: async: completed in 0.262 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:2.223.152.204:sbl.spamhaus.org
Nov 30 16:45:23.076 [11935] dbg: async: completed in 0.272 s: URIBL_SBL,
URI-DNSBL, DNSBL:202.2.59.108:zen.spamhaus.org
Nov 30 16:45:23.076 [11935] dbg: async: completed in 0.278 s: URIBL_SBL,
URI-DNSBL, DNSBL:61.133.201.109:zen.spamhaus.org
Nov 30 16:45:23.077 [11935] dbg: async: completed in 0.258 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:65.84.137.79:sbl.spamhaus.org
Nov 30 16:45:23.077 [11935] dbg: async: completed in 0.355 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:249.239.244.54:sbl.spamhaus.org
Nov 30 16:45:23.077 [11935] dbg: async: completed in 0.269 s: URIBL_SBL_A,
URI-DNSBL, DNSBL:2.222.152.204:sbl.spamhaus.org
Nov 30 16:45:23.078 [11935] dbg: async: completed in 0.264 s: URIBL_SBL,
URI-DNSBL, DNSBL:2.223.152.204:zen.spamhaus.org
Nov 30 16:45:23.078 [11935] dbg: dns: harvested completed queries
Nov 30 16:45:23.078 [11935] dbg: rules: running head_eval tests; score so
far=0.001
Nov 30 16:45:23.080 [11935] dbg: rules: run_eval_tests - compiling eval
code: 9, priority 0
Nov 30 16:45:23.092 [11935] dbg: spf: checking to see if the message has a
Received-SPF header that we can use
Nov 30 16:45:23.143 [11935] dbg: spf: using Mail::SPF for SPF checks
Nov 30 16:45:23.144 [11935] dbg: spf: no suitable relay for spf use found,
skipping SPF-helo check
Nov 30 16:45:23.144 [11935] dbg: FreeMail: RULE
(FREEMAIL_ENVFROM_END_DIGIT) check_freemail_header regex:\d@
Nov 30 16:45:23.145 [11935] dbg: FreeMail: header EnvelopeFrom not found
from mail
Nov 30 16:45:23.145 [11935] dbg: spf: already checked for Received-SPF
headers, proceeding with DNS based checks
Nov 30 16:45:23.145 [11935] dbg: spf: no suitable relay for spf use found,
skipping SPF check
Nov 30 16:45:23.194 [11935] dbg: dkim: using Mail::DKIM version 0.4
Nov 30 16:45:23.195 [11935] dbg: dkim: performing public key lookup and
signature verification
Nov 30 16:45:23.195 [11935] dbg: dkim: signature verification result: none
Nov 30 16:45:23.195 [11935] dbg: dkim: adsp: performing lookup on
_adsp._domainkey.aws.bwspot.com
Nov 30 16:45:23.199 [11935] dbg: dkim: adsp result: U/unknown (dns:
unknown), author domain 'aws.bwspot.com'
Nov 30 16:45:23.200 [11935] dbg: spf: whitelist_from_spf: already checked
spf and didn't get pass, skipping whitelist check
Nov 30 16:45:23.201 [11935] dbg: FreeMail: RULE (FREEMAIL_FROM)
check_freemail_from
Nov 30 16:45:23.201 [11935] dbg: FreeMail: all from-addresses:
mailer-daemon@aws.bwspot.com
Nov 30 16:45:23.202 [11935] dbg: rules: ran eval rule SUBJ_ALL_CAPS
======> got hit (1)
Nov 30 16:45:23.203 [11935] dbg: FreeMail: RULE (__freemail_reply)
check_freemail_replyto
Nov 30 16:45:23.203 [11935] dbg: FreeMail: From address:
mailer-daemon@aws.bwspot.com
Nov 30 16:45:23.204 [11935] dbg: FreeMail: No Reply-To and From is not
freemail, skipping check
Nov 30 16:45:23.204 [11935] dbg: rules: ran eval rule NO_RELAYS ======>
got hit (1)
Nov 30 16:45:23.206 [11935] dbg: spf: def_spf_whitelist_from: already
checked spf and didn't get pass, skipping whitelist check
Nov 30 16:45:23.208 [11935] dbg: dkim: author
MAILER-DAEMON@aws.bwspot.com, not in any dkim whitelist
Nov 30 16:45:23.209 [11935] dbg: rules: ran eval rule MISSING_HEADERS
======> got hit (1)
Nov 30 16:45:23.209 [11935] dbg: FreeMail: RULE
(FREEMAIL_REPLYTO_END_DIGIT) check_freemail_header regex:\d@
Nov 30 16:45:23.209 [11935] dbg: FreeMail: header Reply-To not found from
mail
Nov 30 16:45:23.210 [11935] dbg: FreeMail: RULE (__freemail_replyto)
check_freemail_replyto
Nov 30 16:45:23.210 [11935] dbg: FreeMail: From address:
mailer-daemon@aws.bwspot.com
Nov 30 16:45:23.211 [11935] dbg: FreeMail: Reply-To is not freemail,
skipping check
Nov 30 16:45:23.211 [11935] dbg: FreeMail: RULE (__freemail_hdr_replyto)
check_freemail_header
Nov 30 16:45:23.212 [11935] dbg: FreeMail: header Reply-To not found from
mail
Nov 30 16:45:23.213 [11935] dbg: rules: ran eval rule
__GATED_THROUGH_RCVD_REMOVER ======> got hit (1)
Nov 30 16:45:23.213 [11935] dbg: rules: running body tests; score so
far=2.832
Nov 30 16:45:23.217 [11935] dbg: rules: flush_evalstr (add_evalstr)
compiling 60320 chars of
Mail::SpamAssassin::Plugin::Check::_body_tests_0_1
Nov 30 16:45:23.247 [11935] dbg: rules: flush_evalstr (add_evalstr)
compiling 60461 chars of
Mail::SpamAssassin::Plugin::Check::_body_tests_0_2
Nov 30 16:45:23.266 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 25863 chars of
Mail::SpamAssassin::Plugin::Check::_body_tests_0_3
Nov 30 16:45:23.273 [11935] dbg: rules: run_generic_tests - compiling eval
code: body, priority 0
Nov 30 16:45:23.273 [11935] dbg: rules: compiled body tests
Nov 30 16:45:23.357 [11935] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "D"
Nov 30 16:45:23.357 [11935] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "T"
Nov 30 16:45:23.358 [11935] dbg: rules: ran body rule __BODY_TEXT_LINE
======> got hit: "F"
Nov 30 16:45:23.387 [11935] dbg: rules: ran body rule __NONEMPTY_BODY
======> got hit: "D"
Nov 30 16:45:23.390 [11935] dbg: rules: ran body rule __HAS_ANY_EMAIL
======> got hit: "m@learnfvbf.d"
Nov 30 16:45:23.471 [11935] dbg: rules: ran body rule __FB_NUM_PERCNT
======> got hit: "0%"
Nov 30 16:45:23.563 [11935] dbg: rules: ran body rule
__BODY_STARTS_WITH_FROM_LINE ======> got hit: "From
mind-blowingorgasm@learnfvbf.date Sat Nov 25 10:46:34 2017 Return-Path: "
Nov 30 16:45:23.651 [11935] dbg: rules: running uri tests; score so far=2.832
Nov 30 16:45:23.654 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 23458 chars of Mail::SpamAssassin::Plugin::Check::_uri_tests_0_1
Nov 30 16:45:23.659 [11935] dbg: rules: run_generic_tests - compiling eval
code: uri, priority 0
Nov 30 16:45:23.660 [11935] dbg: rules: compiled uri tests
Nov 30 16:45:23.660 [11935] dbg: rules: ran uri rule __LOCAL_PP_NONPPURL
======> got hit: "http://wiki.apache.org"
Nov 30 16:45:23.661 [11935] dbg: rules: ran uri rule __URI_MAILTO ======>
got hit: "mailto:"
Nov 30 16:45:23.661 [11935] dbg: rules: ran uri rule __DOS_HAS_ANY_URI
======> got hit: "h"
Nov 30 16:45:23.662 [11935] dbg: rules: ran uri rule NORMAL_HTTP_TO_IP
======> got hit: "http://104.129.43.23"
Nov 30 16:45:23.663 [11935] dbg: rules: running body_eval tests; score so
far=2.833
Nov 30 16:45:23.666 [11935] dbg: rules: run_eval_tests - compiling eval
code: 11, priority 0
Nov 30 16:45:23.701 [11935] dbg: eval: body_length - 10194 - check for min
of 128
Nov 30 16:45:23.706 [11935] dbg: uri: running T_KHOP_FOREIGN_CLICK
Nov 30 16:45:23.706 [11935] dbg: uri: running T_KHOP_FOREIGN_CLICK
Nov 30 16:45:23.707 [11935] dbg: uri: running T_KHOP_FOREIGN_CLICK
Nov 30 16:45:23.707 [11935] dbg: uri: running T_KHOP_FOREIGN_CLICK
Nov 30 16:45:23.707 [11935] dbg: uri: running T_KHOP_FOREIGN_CLICK
Nov 30 16:45:23.708 [11935] dbg: uri: running T_KHOP_FOREIGN_CLICK
Nov 30 16:45:23.708 [11935] dbg: uri: running T_KHOP_FOREIGN_CLICK
Nov 30 16:45:23.708 [11935] dbg: uri: running T_KHOP_FOREIGN_CLICK
Nov 30 16:45:23.708 [11935] dbg: uri: running T_KHOP_FOREIGN_CLICK
Nov 30 16:45:23.710 [11935] dbg: eval: body_length - 10194 - check for min
of 512
Nov 30 16:45:23.711 [11935] dbg: eval: body_length - 10194 - check for min
of 256
Nov 30 16:45:23.713 [11935] dbg: eval: body_length - 10194 - check for min
of 1024
Nov 30 16:45:23.716 [11935] dbg: rules: running rawbody tests; score so
far=2.833
Nov 30 16:45:23.717 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 19651 chars of
Mail::SpamAssassin::Plugin::Check::_rawbody_tests_0_1
Nov 30 16:45:23.730 [11935] dbg: rules: run_generic_tests - compiling eval
code: rawbody, priority 0
Nov 30 16:45:23.731 [11935] dbg: rules: compiled rawbody tests
Nov 30 16:45:23.739 [11935] dbg: rules: running rawbody_eval tests; score
so far=2.833
Nov 30 16:45:23.740 [11935] dbg: rules: run_eval_tests - compiling eval
code: 15, priority 0
Nov 30 16:45:23.742 [11935] dbg: rules: running full tests; score so
far=2.833
Nov 30 16:45:23.742 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 1294 chars of Mail::SpamAssassin::Plugin::Check::_full_tests_0_1
Nov 30 16:45:23.743 [11935] dbg: rules: run_generic_tests - compiling eval
code: full, priority 0
Nov 30 16:45:23.743 [11935] dbg: rules: compiled full tests
Nov 30 16:45:23.744 [11935] dbg: rules-all: running full rule NULL_IN_BODY
Nov 30 16:45:23.744 [11935] dbg: rules-all: running full rule __BASE64_MDAW
Nov 30 16:45:23.744 [11935] dbg: rules: running full_eval tests; score so
far=2.833
Nov 30 16:45:23.745 [11935] dbg: rules: run_eval_tests - compiling eval
code: 13, priority 0
Nov 30 16:45:23.748 [11935] dbg: dns: entering helper-app run mode
Nov 30 16:45:24.722 [11935] dbg: dns: leaving helper-app run mode
Nov 30 16:45:24.723 [11935] dbg: razor2: part=0 engine=8 contested=0
confidence=0
Nov 30 16:45:24.723 [11935] dbg: razor2: results: spam? 0
Nov 30 16:45:24.723 [11935] dbg: razor2: results: engine 8, highest cf
score: 0
Nov 30 16:45:24.724 [11935] dbg: razor2: results: engine 4, highest cf
score: 0
Nov 30 16:45:24.725 [11935] dbg: rules: ran eval rule __DKIM_DEPENDABLE
======> got hit (1)
Nov 30 16:45:24.725 [11935] dbg: util: current PATH is:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Nov 30 16:45:24.726 [11935] dbg: pyzor: pyzor is not available: no pyzor
executable found
Nov 30 16:45:24.726 [11935] dbg: pyzor: no pyzor found, disabling Pyzor
Nov 30 16:45:24.727 [11935] dbg: rules: running meta tests; score so
far=2.833
Nov 30 16:45:24.727 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 297 chars of Mail::SpamAssassin::Plugin::Check::_meta_tests_0_1
Nov 30 16:45:24.727 [11935] dbg: rules: run_generic_tests - compiling eval
code: meta, priority 0
Nov 30 16:45:24.728 [11935] dbg: rules: compiled meta tests
Nov 30 16:45:24.728 [11935] dbg: check: running tests for priority: 500
Nov 30 16:45:24.729 [11935] dbg: dns: harvest_dnsbl_queries
Nov 30 16:45:24.729 [11935] dbg: async: timing: 0.033 .
DNSBL:49.185.69.216:zen.spamhaus.org
Nov 30 16:45:24.730 [11935] dbg: async: timing: 0.034 .
DNSBL:65.84.137.79:zen.spamhaus.org
Nov 30 16:45:24.730 [11935] dbg: async: timing: 0.037 .
DNSBL:49.255.109.208:zen.spamhaus.org
Nov 30 16:45:24.730 [11935] dbg: async: timing: 0.038 .
DNSBL:49.255.109.208:sbl.spamhaus.org
Nov 30 16:45:24.730 [11935] dbg: async: timing: 0.052 . A:ns1.quadranet.com
Nov 30 16:45:24.731 [11935] dbg: async: timing: 0.055 . A:ns2.quadranet.com
Nov 30 16:45:24.731 [11935] dbg: async: timing: 0.058 . A:ns24.cloudns.net
Nov 30 16:45:24.731 [11935] dbg: async: timing: 0.061 . A:ns21.cloudns.net
Nov 30 16:45:24.731 [11935] dbg: async: timing: 0.063 . A:ns22.cloudns.net
Nov 30 16:45:24.732 [11935] dbg: async: timing: 0.065 .
A:ns78.domaincontrol.com
Nov 30 16:45:24.732 [11935] dbg: async: timing: 0.066 . A:ns23.cloudns.net
Nov 30 16:45:24.732 [11935] dbg: async: timing: 0.069 .
A:ns77.domaincontrol.com
Nov 30 16:45:24.732 [11935] dbg: async: timing: 0.069 .
DNSBL:249.239.244.54:zen.spamhaus.org
Nov 30 16:45:24.733 [11935] dbg: async: timing: 0.079 . A:ns1.nt.ee
Nov 30 16:45:24.733 [11935] dbg: async: timing: 0.080 . A:ns2.nt.ee
Nov 30 16:45:24.733 [11935] dbg: async: timing: 0.080 .
DNSBL:92.105.50.84:zen.spamhaus.org
Nov 30 16:45:24.733 [11935] dbg: async: timing: 0.080 .
DNSBL:159.8.92.153:sbl.spamhaus.org
Nov 30 16:45:24.733 [11935] dbg: async: timing: 0.084 .
DNSBL:92.105.50.84:sbl.spamhaus.org
Nov 30 16:45:24.734 [11935] dbg: async: timing: 0.095 . NS:nt.ee
Nov 30 16:45:24.734 [11935] dbg: async: timing: 0.097 . NS:lexoncom.com
Nov 30 16:45:24.734 [11935] dbg: async: timing: 0.099 . NS:bwspot.com
Nov 30 16:45:24.734 [11935] dbg: async: timing: 0.099 .
DNSBL:nt.ee:multi.uribl.com
Nov 30 16:45:24.735 [11935] dbg: async: timing: 0.099 . A:nt.ee
Nov 30 16:45:24.735 [11935] dbg: async: timing: 0.101 . A:gua.ra.nt.ee
Nov 30 16:45:24.735 [11935] dbg: async: timing: 0.101 . A:lexoncom.com
Nov 30 16:45:24.735 [11935] dbg: async: timing: 0.102 .
DNSBL:lexoncom.com:multi.uribl.com
Nov 30 16:45:24.736 [11935] dbg: async: timing: 0.102 .
DNSBL:lexoncom.com:dob.sibl.support-intelligence.net
Nov 30 16:45:24.736 [11935] dbg: async: timing: 0.103 .
DNSBL:nt.ee:dob.sibl.support-intelligence.net
Nov 30 16:45:24.736 [11935] dbg: async: timing: 0.103 .
DNSBL:bwspot.com:multi.uribl.com
Nov 30 16:45:24.736 [11935] dbg: async: timing: 0.103 .
DNSBL:lexoncom.com:multi.surbl.org
Nov 30 16:45:24.736 [11935] dbg: async: timing: 0.105 .
DNSBL:bwspot.com:dob.sibl.support-intelligence.net
Nov 30 16:45:24.737 [11935] dbg: async: timing: 0.105 .
DNSBL:quadranet.com:multi.uribl.com
Nov 30 16:45:24.737 [11935] dbg: async: timing: 0.106 . NS:quadranet.com
Nov 30 16:45:24.737 [11935] dbg: async: timing: 0.106 .
DNSBL:bwspot.com:multi.surbl.org
Nov 30 16:45:24.737 [11935] dbg: async: timing: 0.106 . A:aws.bwspot.com
Nov 30 16:45:24.738 [11935] dbg: async: timing: 0.108 .
DNSBL:quadranet.com:multi.surbl.org
Nov 30 16:45:24.738 [11935] dbg: async: timing: 0.108 .
DNSBL:nt.ee:multi.surbl.org
Nov 30 16:45:24.738 [11935] dbg: async: timing: 0.111 .
DNSBL:quadranet.com:dob.sibl.support-intelligence.net
Nov 30 16:45:24.738 [11935] dbg: async: timing: 0.115 .
A:104.129.43.23.static.quadranet.com
Nov 30 16:45:24.739 [11935] dbg: async: timing: 0.126 .
DNSBL:159.8.92.153:zen.spamhaus.org
Nov 30 16:45:24.739 [11935] dbg: async: timing: 0.162 .
DNSBL:nt.ee:dbl.spamhaus.org
Nov 30 16:45:24.739 [11935] dbg: async: timing: 0.164 .
DNSBL:lexoncom.com:dbl.spamhaus.org
Nov 30 16:45:24.739 [11935] dbg: async: timing: 0.177 .
DNSBL:quadranet.com:dbl.spamhaus.org
Nov 30 16:45:24.739 [11935] dbg: async: timing: 0.258 .
DNSBL:65.84.137.79:sbl.spamhaus.org
Nov 30 16:45:24.740 [11935] dbg: async: timing: 0.262 .
DNSBL:2.223.152.204:sbl.spamhaus.org
Nov 30 16:45:24.740 [11935] dbg: async: timing: 0.264 .
DNSBL:2.223.152.204:zen.spamhaus.org
Nov 30 16:45:24.740 [11935] dbg: async: timing: 0.265 .
DNSBL:202.2.59.108:sbl.spamhaus.org
Nov 30 16:45:24.740 [11935] dbg: async: timing: 0.266 .
DNSBL:2.222.152.204:zen.spamhaus.org
Nov 30 16:45:24.741 [11935] dbg: async: timing: 0.269 .
DNSBL:2.222.152.204:sbl.spamhaus.org
Nov 30 16:45:24.741 [11935] dbg: async: timing: 0.272 .
DNSBL:202.2.59.108:zen.spamhaus.org
Nov 30 16:45:24.741 [11935] dbg: async: timing: 0.276 .
DNSBL:164.221.165.46:sbl.spamhaus.org
Nov 30 16:45:24.741 [11935] dbg: async: timing: 0.278 .
DNSBL:61.133.201.109:zen.spamhaus.org
Nov 30 16:45:24.741 [11935] dbg: async: timing: 0.280 .
DNSBL:164.221.165.46:zen.spamhaus.org
Nov 30 16:45:24.742 [11935] dbg: async: timing: 0.280 .
DNSBL:49.185.69.216:sbl.spamhaus.org
Nov 30 16:45:24.742 [11935] dbg: async: timing: 0.286 .
DNSBL:61.133.201.109:sbl.spamhaus.org
Nov 30 16:45:24.742 [11935] dbg: async: timing: 0.306 .
DNSBL:1.0.0.127:zen.spamhaus.org
Nov 30 16:45:24.742 [11935] dbg: async: timing: 0.317 .
DNSBL:1.0.0.127:sbl.spamhaus.org
Nov 30 16:45:24.743 [11935] dbg: async: timing: 0.355 .
DNSBL:249.239.244.54:sbl.spamhaus.org
Nov 30 16:45:24.743 [11935] dbg: async: timing: 0.443 .
DNSBL:bwspot.com:dbl.spamhaus.org
Nov 30 16:45:24.743 [11935] dbg: rules: running one_line_body tests; score
so far=2.833
Nov 30 16:45:24.744 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 516 chars of
Mail::SpamAssassin::Plugin::Check::_one_line_body_tests_500_1
Nov 30 16:45:24.744 [11935] dbg: rules: run_generic_tests - compiling eval
code: one_line_body, priority 500
Nov 30 16:45:24.744 [11935] dbg: rules: compiled one_line_body tests
Nov 30 16:45:24.745 [11935] dbg: rules: running head tests; score so
far=2.833
Nov 30 16:45:24.745 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 298 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_500_1
Nov 30 16:45:24.746 [11935] dbg: rules: run_generic_tests - compiling eval
code: head, priority 500
Nov 30 16:45:24.746 [11935] dbg: rules: compiled head tests
Nov 30 16:45:24.747 [11935] dbg: rules: running body tests; score so
far=2.833
Nov 30 16:45:24.747 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 241 chars of
Mail::SpamAssassin::Plugin::Check::_body_tests_500_1
Nov 30 16:45:24.747 [11935] dbg: rules: run_generic_tests - compiling eval
code: body, priority 500
Nov 30 16:45:24.748 [11935] dbg: rules: compiled body tests
Nov 30 16:45:24.748 [11935] dbg: rules: running uri tests; score so far=2.833
Nov 30 16:45:24.748 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 239 chars of Mail::SpamAssassin::Plugin::Check::_uri_tests_500_1
Nov 30 16:45:24.749 [11935] dbg: rules: run_generic_tests - compiling eval
code: uri, priority 500
Nov 30 16:45:24.749 [11935] dbg: rules: compiled uri tests
Nov 30 16:45:24.749 [11935] dbg: rules: running body_eval tests; score so
far=2.833
Nov 30 16:45:24.750 [11935] dbg: rules: run_eval_tests - compiling eval
code: 11, priority 500
Nov 30 16:45:24.750 [11935] dbg: rules: running rawbody tests; score so
far=2.833
Nov 30 16:45:24.751 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 247 chars of
Mail::SpamAssassin::Plugin::Check::_rawbody_tests_500_1
Nov 30 16:45:24.751 [11935] dbg: rules: run_generic_tests - compiling eval
code: rawbody, priority 500
Nov 30 16:45:24.751 [11935] dbg: rules: compiled rawbody tests
Nov 30 16:45:24.752 [11935] dbg: rules: running full tests; score so
far=2.833
Nov 30 16:45:24.752 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 276 chars of
Mail::SpamAssassin::Plugin::Check::_full_tests_500_1
Nov 30 16:45:24.753 [11935] dbg: rules: run_generic_tests - compiling eval
code: full, priority 500
Nov 30 16:45:24.753 [11935] dbg: rules: compiled full tests
Nov 30 16:45:24.753 [11935] dbg: rules: running meta tests; score so
far=2.833
Nov 30 16:45:24.767 [11935] dbg: rules: meta test DIGEST_MULTIPLE has
undefined dependency 'DCC_CHECK'
Nov 30 16:45:24.781 [11935] dbg: rules: flush_evalstr (add_evalstr)
compiling 62095 chars of
Mail::SpamAssassin::Plugin::Check::_meta_tests_500_1
Nov 30 16:45:24.799 [11935] dbg: rules: flush_evalstr (add_evalstr)
compiling 60097 chars of
Mail::SpamAssassin::Plugin::Check::_meta_tests_500_2
Nov 30 16:45:24.813 [11935] dbg: rules: flush_evalstr (run_generic_tests)
compiling 13022 chars of
Mail::SpamAssassin::Plugin::Check::_meta_tests_500_3
Nov 30 16:45:24.816 [11935] dbg: rules: run_generic_tests - compiling eval
code: meta, priority 500
Nov 30 16:45:24.816 [11935] dbg: rules: compiled meta tests
Nov 30 16:45:24.818 [11935] dbg: check: is spam? score=2.832 required=5
Nov 30 16:45:24.818 [11935] dbg: check:
tests=MISSING_HEADERS,NORMAL_HTTP_TO_IP,NO_RECEIVED,NO_RELAYS,SUBJ_ALL_CAPS,URIBL_BLOCKED
Nov 30 16:45:24.819 [11935] dbg: check:
subtests=__BODY_STARTS_WITH_FROM_LINE,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__DKIM_DEPENDABLE,__DOS_BODY_SAT,__DOS_HAS_ANY_URI,__FB_NUM_PERCNT,__FRAUD_IOU,__FRAUD_IOV,__GATED_THROUGH_RCVD_REMOVER,__HAS_ANY_EMAIL,__HAS_ANY_URI,__HAS_DATE,__HAS_FROM,__HAS_MESSAGE_ID,__HAS_MSGID,__HAS_SUBJECT,__HAS_URI,__HUSH_HUSH,__LOCAL_PP_NONPPURL,__MISSING_REF,__MISSING_REPLY,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__NOT_A_PERSON,__NOT_SPOOFED,__SANE_MSGID,__SENDER_BOT,__SUBSCRIPTION_INFO,__TO_NO_ARROWS_R,__TO_NO_BRKTS_PCNT,__UNUSABLE_MSGID,__URI_MAILTO
Nov 30 16:45:24.819 [11935] dbg: timing: total 3640 ms - init: 1339
(36.8%), parse: 1.75 (0.0%), extract_message_metadata: 124 (3.4%),
get_uri_detail_list: 10 (0.3%), tests_pri_-1000: 196 (5.4%), compile_gen:
195 (5.4%), compile_eval: 51 (1.4%), tests_pri_-950: 13 (0.4%),
tests_pri_-900: 16 (0.5%), tests_pri_-400: 14 (0.4%), tests_pri_0: 1836
(50.4%), check_spf: 52 (1.4%), dkim_load_modules: 48 (1.3%),
check_dkim_signature: 0.97 (0.0%), check_dkim_adsp: 4.0 (0.1%),
check_razor2: 976 (26.8%), check_pyzor: 1.06 (0.0%), tests_pri_500: 89
(2.5%)
From MAILER_DAEMON Wed Apr 12 16:55:27 2017
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws.bwspot.com
X-Spam-Level: **
X-Spam-Status: No, score=2.8 required=5.0 tests=MISSING_HEADERS,
NORMAL_HTTP_TO_IP,NO_RECEIVED,NO_RELAYS,SUBJ_ALL_CAPS,URIBL_BLOCKED
autolearn=disabled version=3.4.0
X-Spam-Report:
* 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked.
* See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
* for more information.
* [URIs: nt.ee]
* 1.6 SUBJ_ALL_CAPS Subject is all capitals
* -0.0 NO_RELAYS Informational: message was not relayed via SMTP
* 1.2 MISSING_HEADERS Missing To: header
* 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL
* -0.0 NO_RECEIVED Informational: message has no Received headers
Date: Wed, 12 Apr 2017 16:55:27 -0500
From: Mail System Internal Data <MA...@aws.bwspot.com>
Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA
Message-ID: <14...@aws.bwspot.com>
X-IMAP: 1364963416 0000000065 NonJunk $NotJunk NotJunk Junk $Junk
Status: RO
This text is part of the internal format of your mail folder, and is not
a real message. It is created automatically by the mail system software.
If deleted, important folder data will be lost, and it will be re-created
with the data reset to initial values.
From mind-blowingorgasm@learnfvbf.date Sat Nov 25 10:46:34 2017
Return-Path: <mi...@learnfvbf.date>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws.bwspot.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0 tests=BAYES_99,
HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,SPF_PASS,URIBL_BLOCKED
autolearn=disabled
version=3.4.0
X-Spam-Report:
* 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked.
* See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
* for more information.
* [URIs: nt.ee]
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to
* background
Received: from 00096a4e.learnfvbf.date (104.129.43.23.static.quadranet.com
[104.129.43.23] (may be forged))
by aws.bwspot.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id
vAPGjwPb024323
for <bl...@lexoncom.com>; Sat, 25 Nov 2017 10:46:07 -0600
Received: from 00096a4e.defogs.learnfvbf.date ([127.0.0.1]:1957
helo=defogs.learnfvbf.date)
by defogs.learnfvbf.date with ESMTP id 00F096AP4E;
for <bl...@lexoncom.com>; Sat, 25 Nov 2017 08:45:48 -0800
Date: Sat, 25 Nov 2017 08:45:48 -0800
To: <bl...@lexoncom.com>
X-Priority: 3 (Normal)
From: "mind-blowing orgasm" <mi...@learnfvbf.date>
Message-ID: <95...@defogs.learnfvbf.date>
Importance: Normal
Content-Language: en-us
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: multipart/alternative;
boundary="----=Part.634.9286.1511628348"
Subject: [POSSIBLE SPAM] Is it safe to eat pussy?
X-UID: 65
Status: RO
X-Keywords: $NotJunk NotJunk
Content-Length: 8030
------=Part.634.9286.1511628348
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
Is it safe to eat pussy?
Here`s What Guys Like You Appreciate About My Lessons:
Instant access to cunnilingus techniques you can apply at once
Love making skills that guard your relationship from other men
You don`t need to have a six pack or to be rich to make her crazy about you
Try it completely risk free because it comes with a 100% money back
gua.ra.nt.ee
Here is the most powerful secret weapon available to attract and keep any
woman you set your eyes on!
With the �Learn2Lick� course you will receive both an illustrated ebook
and audiobook,
providing in-detail explanations on everything cunnilingus, simplified and
easy to master.
This will show you the right way to get her off, and much more. Here`s
just a sneak peak.
http://www.learnfvbf.date/l/lt33ME957H395J/399H1725VV2054B20TC616081U1753295639
Unsubscribe
http://www.learnfvbf.date/l/lc19MJ957X395J/399W1725IY2054N20ER616081R1753295639
------=Part.634.9286.1511628348
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="UTF-8"
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.=
w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1" />
<title>Oral Sex Techniques</title>
</head>
<body><center><table width=3D"474" border=3D"0">
<tr>
<th align=3D"justify" width=3D"350" height=3D"17" scope=3D"row"><fon=
t size=3D"-5"> This Advertisement is for United States only, </font><a href=
=3D"http://www.learnfvbf.date/l/lt20CR957C395G/399D1725NV2054L20FI616081P17=
53295639" target=3D"_blank"><font color=3D"#CC0000" size=3D"2">View online<=
/font></a></th>
<td width=3D"114"><p align=3D"center"><a href=3D"http://www.learnfvb=
f.date/l/lc2MU957Y395L/399Q1725CF2054S20AT616081F1753295639" target=3D"_bla=
nk"><font color=3D"#990000" size=3D"-6">Unsubscribe</font></a></p></td>
</tr>
</table>
<p><br /> =20
<br /> =20
<br /> =20
<br /> =20
<font size=3D"5"><strong><a href=3D"http://www.learnfvbf.date/l/lt20XF9=
57C395I/399F1725RN2054W20JR616081Q1753295639" target=3D"_blank">Is it safe =
to eat pussy?</a></strong><br />
</font></p>
<br />
<br />
<br />
<table width=3D"523" border=3D"1">
<tr>
<td width=3D"551" style=3D"background-color:#CCCCCC;"><h2><font color=
=3D"#003333"><a href=3D"http://www.learnfvbf.date/l/lt20OX957U395C/399V1725=
GK2054H20XW616081C1753295639" target=3D"_blank">Here`s What Guys Like You A=
ppreciate About My Lessons:</a></font></h2></td>
</tr>
<tr>
<td><font size=3D"4" color=3D"#88088e"><strong>Instant access to cunn=
ilingus techniques you can apply at once</strong></font></td>
</tr>
<tr>
<td><font size=3D"4" color=3D"#88088e"><strong>Love making skills tha=
t guard your relationship from other men</strong></font></td>
</tr>
<tr>
<td><font size=3D"4" color=3D"#88088e"><strong>You don`t need to have=
a six pack or to be rich to make her crazy about you</strong></font></td>
</tr><tr>
<td><font size=3D"4" color=3D"#88088e"><strong>Try it completely risk=
free because it comes with a 100% money back gua.ra.nt.ee</strong></font><=
/td>
</tr>
</table>
<table style=3D"background:#D30E58; border=3D"1"" width=3D"523" border=3D=
"1">
<tr>
<td width=3D"166"><div align=3D"center"><a href=3D"http://www.learnfv=
bf.date/l/lt20YK957S395E/399P1725OE2054L20TE616081R1753295639" target=3D"_b=
lank"><img src=3D"http://www.learnfvbf.date/im/V957P395Y/399QD1725XA2054W20=
O616081O1753295639/img0395399378.jpg" width=3D"281" height=3D"217" /></a></=
div></td>
<td width=3D"341"><div align=3D"center"><a href=3D"http://www.learnfv=
bf.date/l/lt20XJ957R395T/399R1725EB2054P20DD616081R1753295639" target=3D"_b=
lank"><br />
<img src=3D"http://www.learnfvbf.date/im/O957Y395V/399GN1725CS2054J20=
G616081M1753295639/img1395399378.png" width=3D"231" height=3D"231" /></a><b=
r />
<br />
<br />
</div></td>
</tr>
</table>
<table width=3D"523" border=3D"0">
<tr>
<td width=3D"583">
<font size=3D"4" color=3D"#c10b57"><strong>Here is the most powerful secret=
weapon available to attract and keep any woman you set your eyes on!<br />
<br />
With the “</strong><a href=3D"http://www.learnfvbf.date/l/lt20F=
V957L395V/399B1725JY2054Y20XN616081W1753295639" target=3D"_blank"><font col=
or=3D"#0066CC" size=3D"5"><em><strong>Learn2Lick</strong></em></font></a><s=
trong>” course you will receive both an illustrated ebook a=
nd audiobook, providing in-detail explanations on everything cunniling=
us, simplified and easy to master. This will show you the right way to get =
her off, and much more. Here`s just a sneak peak.</strong></font></td>
</tr>
=09 <tr>
<td align=3D"center"><a href=3D"http://www.learnfvbf.date/l/lt20KH957S3=
95C/399L1725UU2054P20AM616081E1753295639"><img src=3D"http://www.learnfvbf.=
date/im/Y957K395M/399OM1725FX2054U20R616081G1753295639/img2395399378.png" w=
idth=3D"200" height=3D"60px"/></a></td>
</tr>
</table>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br /><a href=3D"http://www.learnfvbf.date/l/lc2TF957E395U/399O1725DV2054=
P20TU616081A1753295639" target=3D"_blank"><img src=3D"http://www.learnfvbf.=
date/im/D957O395E/399PL1725BH2054L20P616081N1753295639/img3395399378.jpg" /=
></a>
<br />
<br />
<br />
<br />
<br />
<br />
<table width=3D"500" border=3D"0">
<tr>
<td><font color=3D"#FFFFFF">Particular unaffected projection sentimen=
ts no my. Music marry as at cause party worth weeks. Saw how marianne grace=
ful dissuade new outlived prospect followed. Uneasy no settle whence nature=
narrow in afraid. At could merit by keeps child. While dried maids on he o=
f linen in.=20
Do am he horrible distance marriage so although. Afraid assure square so ha=
ppen mr an before. His many same been well can high that. Forfeited did law=
eagerness allowance improving assurance bed. Had saw put seven joy short f=
irst. Pronounce so enjoyment my resembled in forfeited sportsman. Which vex=
ed did began son abode short may. Interested astonished he at cultivated or=
me. Nor brought one invited she produce her.=20
An so vulgar to on points wanted. Not rapturous resolving continued househo=
ld northward gay. He it otherwise supported instantly. Unfeeling agreeable =
suffering it on smallness newspaper be. So come must time no as. Do on unpl=
easing possession as of unreserved. Yet joy exquisite put sometimes enjoyme=
nt perpetual now. Behind lovers eat having length horses vanity say had its=
.=20
Arrived compass prepare an on as. Reasonable particular on my it in sympath=
ize. Size now easy eat hand how. Unwilling he departure elsewhere dejection=
at. Heart large seems may purse means few blind. Exquisite newspaper atten=
ding on certainty oh suspicion of. He less do quit evil is. Add matter fami=
ly active mutual put wishes happen.=20
Led ask possible mistress relation elegance eat likewise debating. By messa=
ge or am nothing amongst chiefly address. The its enable direct men depend =
highly. Ham windows sixteen who inquiry fortune demands. Is be upon sang fo=
nd must shew. Really boy law county she unable her sister. Feet you off its=
like like six. Among sex are leave law built now. In built table in an rap=
id blush. Merits behind on afraid or warmly.=20
<br />
<br />
<br />
</center>
<center>
<a href=3D"http://www.learnfvbf.date/unsNA957AC395O/399ID1725MC2054JG20I616=
081P1753295639" target=3D"_blank"><img src=3D"http://www.learnfvbf.date/im/=
D957Y395V/399CO1725PW2054Q20S616081L1753295639/img4395399378.jpg"></a>
</center>
</body>
</html>f
------=Part.634.9286.1511628348--
Nov 30 16:45:24.838 [11935] dbg: check: tagrun - tag DKIMDOMAIN is still
blocking action 0
Nov 30 16:45:24.840 [11935] dbg: plugin:
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x3e9cb68) implements
'finish_tests', priority 0
Nov 30 16:45:24.840 [11935] dbg: plugin:
Mail::SpamAssassin::Plugin::Check=HASH(0x3ebe828) implements
'finish_tests', priority 0
Nov 30 16:45:24.853 [11935] dbg: bayes: untie-ing
root@aws:/home/blwegrzyn/mail#
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
After retraining and setting spam assassin for wide site all looks good.
Spam gets bayes99 and non spam is bayes00.
So far i did not get any spam.
Thank you all for your help.
>>
>>
>> Am 31.10.2015 um 16:06 schrieb junk@lexoncom.com:
>>> So after initial learning it looks better now. (BAYES_50)
>>
>> BAYES_50 is not really good for clear spam
>>
> yep i though that bayes was used but it seems like it was all useless
>
>>> When sendmail sends email to procmail and procmail passes it to spam
>>> assassin, does spam assassin runs as root user or as the user the email
>>> is destined to?
>>
>> depends on how SA is called in detail, normally it should switch to that
>> unix-user and hence training as root makes no sense, *nothing* should
>> proceed potentially dangerous input as root at all - inbound mailcontent
>> is by definition that sort of "don#t do that" input
>>
>>> I run the sa-learn as root user
>>
>> oh my god.......
> i run it through the crontab
> yes i can create new user and force sa-learn to use that user
>>
>>> and it seems like this is the data based
>>> that is being used so it would be global data base used for all mail
>>> users?
>>
>> https://wiki.apache.org/spamassassin/SiteWideBayesSetup
>
> i switched to global setup
> now all users should use same db
> and i will use the manual learning process
>>
>>> X-Spam-Flag: YES
>>> X-Spam-Level: ************
>>> X-Spam-Status: Yes, score=12.9 required=5.0
>>> tests=BAYES_50,FROM_12LTRDOM,
>>> HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,
>>> RCVD_IN_MSPIKE_L5,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_DBL_SPAM,
>>> URIBL_JP_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.4.0
>>
>> well, the quota of your sa-headers was enough to reject my repsonse on
>> the submission spamass-milter
>>
>> result: Y 16 - URIBL_BLACK,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL
>>
>>
> no sure what this means?
>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
>
>
> Am 31.10.2015 um 16:06 schrieb junk@lexoncom.com:
>> So after initial learning it looks better now. (BAYES_50)
>
> BAYES_50 is not really good for clear spam
>
yep i though that bayes was used but it seems like it was all useless
>> When sendmail sends email to procmail and procmail passes it to spam
>> assassin, does spam assassin runs as root user or as the user the email
>> is destined to?
>
> depends on how SA is called in detail, normally it should switch to that
> unix-user and hence training as root makes no sense, *nothing* should
> proceed potentially dangerous input as root at all - inbound mailcontent
> is by definition that sort of "don#t do that" input
>
>> I run the sa-learn as root user
>
> oh my god.......
i run it through the crontab
yes i can create new user and force sa-learn to use that user
>
>> and it seems like this is the data based
>> that is being used so it would be global data base used for all mail
>> users?
>
> https://wiki.apache.org/spamassassin/SiteWideBayesSetup
i switched to global setup
now all users should use same db
and i will use the manual learning process
>
>> X-Spam-Flag: YES
>> X-Spam-Level: ************
>> X-Spam-Status: Yes, score=12.9 required=5.0
>> tests=BAYES_50,FROM_12LTRDOM,
>> HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,
>> RCVD_IN_MSPIKE_L5,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_DBL_SPAM,
>> URIBL_JP_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.4.0
>
> well, the quota of your sa-headers was enough to reject my repsonse on
> the submission spamass-milter
>
> result: Y 16 - URIBL_BLACK,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL
>
>
no sure what this means?
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 02.11.2015 um 16:42 schrieb Axb:
> On 11/02/2015 04:38 PM, Shaheen Bakhtiar wrote:
>> Well… I’m glad I’m on this mailing list :P
>>
>> I did the same thing, running sa-learn —spam /spamfolder as root, and
>> was pondering this very issue.
>>
>> I understand the logic behind why it shouldn’t be run as root, the
>> problem is on FC 22 the spamd user has /sbin/nologin as the shell in
>> /etc/passwd. Which means in order to run the process as spamd one has
>> to manual change that to /bin/bash, then, change it back
>> (/sbin/nologin it self is a security precaution), once the process is
>> complete.
>>
>> This seems convoluted.
>>
>> I know sa-learn has -u option but that simply changes the user name
>> in the environment (does not sudo), is there a better way to do this?
>> Have i missed something?
>>
>> Shawn
>
> Assuming you're using file based Bayes DB
>
> in local.cf add:
>
> bayes_path /path_to/bayes/bayes
> then you can learn as root
why should somebody do this after configure site_wide bayes like above
instead set the permissions and put a restricted user for sa-learn in
the group with writre permissions?
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Axb <ax...@gmail.com>.
On 11/02/2015 05:21 PM, Shaheen Bakhtiar wrote:
> Ah! I see… that makes sense.. but spamc reads one mail at a time, is there way (other than writing a script) to have it read a folder full of emails?
http://spamassassin.apache.org/full/3.4.x/doc/sa-learn.txt
and bookmark
http://spamassassin.apache.org/full/3.4.x/doc/
make that your first stop before you ask for help
>> On Nov 2, 2015, at 8:02 AM, Benny Pedersen <me...@junc.eu> wrote:
>>
>> Axb skrev den 2015-11-02 16:42:
>>> On 11/02/2015 04:38 PM, Shaheen Bakhtiar wrote:
>>>> Well… I’m glad I’m on this mailing list :P
>>>> I did the same thing, running sa-learn —spam /spamfolder as root, and
>>>> was pondering this very issue.
>>>> I understand the logic behind why it shouldn’t be run as root, the
>>>> problem is on FC 22 the spamd user has /sbin/nologin as the shell in
>>>> /etc/passwd. Which means in order to run the process as spamd one has
>>>> to manual change that to /bin/bash, then, change it back
>>>> (/sbin/nologin it self is a security precaution), once the process is
>>>> complete.
>>
>> no you should use spamc not sa-learn
>>
>>>> This seems convoluted.
>>>> I know sa-learn has -u option but that simply changes the user name
>>>> in the environment (does not sudo), is there a better way to do this?
>>>> Have i missed something?
>>
>> sa-learn is using user-prefs, also for root if it exists, search for it in $HOME
>>
>>>> Shawn
>>> Assuming you're using file based Bayes DB
>>> in local.cf add:
>>> bayes_path /path_to/bayes/bayes
>>> then you can learn as root .
>>> h2h
>>
>> for global bayes yes, but for non global bayes its better in user_prefs file
>>
>> and why did he change spamd login permisson when using sa-learn :(
>>
>> use spamc, not spamd if spamc is not used
>>
>> on does not need to login to apache for see a homepage, same goes for spamd, it is using port 783 so it need to be started as root, but the real work will happend as the user calling spamc
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Shaheen Bakhtiar <sh...@hotmail.com>.
Ah! I see… that makes sense.. but spamc reads one mail at a time, is there way (other than writing a script) to have it read a folder full of emails?
> On Nov 2, 2015, at 8:02 AM, Benny Pedersen <me...@junc.eu> wrote:
>
> Axb skrev den 2015-11-02 16:42:
>> On 11/02/2015 04:38 PM, Shaheen Bakhtiar wrote:
>>> Well… I’m glad I’m on this mailing list :P
>>> I did the same thing, running sa-learn —spam /spamfolder as root, and
>>> was pondering this very issue.
>>> I understand the logic behind why it shouldn’t be run as root, the
>>> problem is on FC 22 the spamd user has /sbin/nologin as the shell in
>>> /etc/passwd. Which means in order to run the process as spamd one has
>>> to manual change that to /bin/bash, then, change it back
>>> (/sbin/nologin it self is a security precaution), once the process is
>>> complete.
>
> no you should use spamc not sa-learn
>
>>> This seems convoluted.
>>> I know sa-learn has -u option but that simply changes the user name
>>> in the environment (does not sudo), is there a better way to do this?
>>> Have i missed something?
>
> sa-learn is using user-prefs, also for root if it exists, search for it in $HOME
>
>>> Shawn
>> Assuming you're using file based Bayes DB
>> in local.cf add:
>> bayes_path /path_to/bayes/bayes
>> then you can learn as root .
>> h2h
>
> for global bayes yes, but for non global bayes its better in user_prefs file
>
> and why did he change spamd login permisson when using sa-learn :(
>
> use spamc, not spamd if spamc is not used
>
> on does not need to login to apache for see a homepage, same goes for spamd, it is using port 783 so it need to be started as root, but the real work will happend as the user calling spamc
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Joe Quinn <jq...@pccc.com>.
On 11/2/2015 11:25 AM, Reindl Harald wrote:
>
>
> Am 02.11.2015 um 17:02 schrieb Benny Pedersen:
>> and why did he change spamd login permisson when using sa-learn :(
>
> because *as he explained* the service user has /sbin/nologin as shell
> and so "su - username" won't work until you change that or as i
> explained create a user with a shell training the correct site wide bayes
>
>> use spamc, not spamd if spamc is not used
>>
>> on does not need to login to apache for see a homepage, same goes for
>> spamd, it is using port 783 so it need to be started as root, but the
>> real work will happend as the user calling spamc
>
I would at least consider sudo or 'su -c' as well.
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 02.11.2015 um 17:02 schrieb Benny Pedersen:
> and why did he change spamd login permisson when using sa-learn :(
because *as he explained* the service user has /sbin/nologin as shell
and so "su - username" won't work until you change that or as i
explained create a user with a shell training the correct site wide bayes
> use spamc, not spamd if spamc is not used
>
> on does not need to login to apache for see a homepage, same goes for
> spamd, it is using port 783 so it need to be started as root, but the
> real work will happend as the user calling spamc
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Benny Pedersen <me...@junc.eu>.
Axb skrev den 2015-11-02 16:42:
> On 11/02/2015 04:38 PM, Shaheen Bakhtiar wrote:
>> Well… I’m glad I’m on this mailing list :P
>>
>> I did the same thing, running sa-learn —spam /spamfolder as root, and
>> was pondering this very issue.
>>
>> I understand the logic behind why it shouldn’t be run as root, the
>> problem is on FC 22 the spamd user has /sbin/nologin as the shell in
>> /etc/passwd. Which means in order to run the process as spamd one has
>> to manual change that to /bin/bash, then, change it back
>> (/sbin/nologin it self is a security precaution), once the process is
>> complete.
no you should use spamc not sa-learn
>>
>> This seems convoluted.
>>
>> I know sa-learn has -u option but that simply changes the user name
>> in the environment (does not sudo), is there a better way to do this?
>> Have i missed something?
sa-learn is using user-prefs, also for root if it exists, search for it
in $HOME
>>
>> Shawn
>
> Assuming you're using file based Bayes DB
>
> in local.cf add:
>
> bayes_path /path_to/bayes/bayes
>
> then you can learn as root .
>
> h2h
for global bayes yes, but for non global bayes its better in user_prefs
file
and why did he change spamd login permisson when using sa-learn :(
use spamc, not spamd if spamc is not used
on does not need to login to apache for see a homepage, same goes for
spamd, it is using port 783 so it need to be started as root, but the
real work will happend as the user calling spamc
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Axb <ax...@gmail.com>.
On 11/02/2015 04:38 PM, Shaheen Bakhtiar wrote:
> Well… I’m glad I’m on this mailing list :P
>
> I did the same thing, running sa-learn —spam /spamfolder as root, and
> was pondering this very issue.
>
> I understand the logic behind why it shouldn’t be run as root, the
> problem is on FC 22 the spamd user has /sbin/nologin as the shell in
> /etc/passwd. Which means in order to run the process as spamd one has
> to manual change that to /bin/bash, then, change it back
> (/sbin/nologin it self is a security precaution), once the process is
> complete.
>
> This seems convoluted.
>
> I know sa-learn has -u option but that simply changes the user name
> in the environment (does not sudo), is there a better way to do this?
> Have i missed something?
>
> Shawn
Assuming you're using file based Bayes DB
in local.cf add:
bayes_path /path_to/bayes/bayes
then you can learn as root .
h2h
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by RW <rw...@googlemail.com>.
On Mon, 2 Nov 2015 07:38:57 -0800
Shaheen Bakhtiar wrote:
> Well? I?m glad I?m on this mailing list :P
>
> I did the same thing, running sa-learn ?spam /spamfolder as root, and
> was pondering this very issue.
>
> I understand the logic behind why it shouldn?t be run as root, the
> problem is on FC 22 the spamd user has /sbin/nologin as the shell
> in /etc/passwd. Which means in order to run the process as spamd one
> has to manual change that to /bin/bash, then, change it back
> (/sbin/nologin it self is a security precaution), once the process is
> complete.
su -m will run with the current shell
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Shaheen Bakhtiar <sh...@hotmail.com>.
Well… I’m glad I’m on this mailing list :P
I did the same thing, running sa-learn —spam /spamfolder as root, and was pondering this very issue.
I understand the logic behind why it shouldn’t be run as root, the problem is on FC 22 the spamd user has /sbin/nologin as the shell in /etc/passwd. Which means in order to run the process as spamd one has to manual change that to /bin/bash, then, change it back (/sbin/nologin it self is a security precaution), once the process is complete.
This seems convoluted.
I know sa-learn has -u option but that simply changes the user name in the environment (does not sudo), is there a better way to do this? Have i missed something?
Shawn
> On Oct 31, 2015, at 8:14 AM, Reindl Harald <h....@thelounge.net> wrote:
>
>
>
> Am 31.10.2015 um 16:06 schrieb junk@lexoncom.com:
>> So after initial learning it looks better now. (BAYES_50)
>
> BAYES_50 is not really good for clear spam
>
>> When sendmail sends email to procmail and procmail passes it to spam
>> assassin, does spam assassin runs as root user or as the user the email
>> is destined to?
>
> depends on how SA is called in detail, normally it should switch to that unix-user and hence training as root makes no sense, *nothing* should proceed potentially dangerous input as root at all - inbound mailcontent is by definition that sort of "don#t do that" input
>
>> I run the sa-learn as root user
>
> oh my god.......
>
>> and it seems like this is the data based
>> that is being used so it would be global data base used for all mail
>> users?
>
> https://wiki.apache.org/spamassassin/SiteWideBayesSetup
>
>> X-Spam-Flag: YES
>> X-Spam-Level: ************
>> X-Spam-Status: Yes, score=12.9 required=5.0 tests=BAYES_50,FROM_12LTRDOM,
>> HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,
>> RCVD_IN_MSPIKE_L5,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_DBL_SPAM,
>> URIBL_JP_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.4.0
>
> well, the quota of your sa-headers was enough to reject my repsonse on the submission spamass-milter
>
> result: Y 16 - URIBL_BLACK,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 31.10.2015 um 16:06 schrieb junk@lexoncom.com:
> So after initial learning it looks better now. (BAYES_50)
BAYES_50 is not really good for clear spam
> When sendmail sends email to procmail and procmail passes it to spam
> assassin, does spam assassin runs as root user or as the user the email
> is destined to?
depends on how SA is called in detail, normally it should switch to that
unix-user and hence training as root makes no sense, *nothing* should
proceed potentially dangerous input as root at all - inbound mailcontent
is by definition that sort of "don#t do that" input
> I run the sa-learn as root user
oh my god.......
> and it seems like this is the data based
> that is being used so it would be global data base used for all mail
> users?
https://wiki.apache.org/spamassassin/SiteWideBayesSetup
> X-Spam-Flag: YES
> X-Spam-Level: ************
> X-Spam-Status: Yes, score=12.9 required=5.0 tests=BAYES_50,FROM_12LTRDOM,
> HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,
> RCVD_IN_MSPIKE_L5,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_DBL_SPAM,
> URIBL_JP_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.4.0
well, the quota of your sa-headers was enough to reject my repsonse on
the submission spamass-milter
result: Y 16 - URIBL_BLACK,URIBL_DBL_SPAM,URIBL_JP_SURBL,URIBL_WS_SURBL
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
So after initial learning it looks better now. (BAYES_50)
When sendmail sends email to procmail and procmail passes it to spam
assassin, does spam assassin runs as root user or as the user the email
is destined to?
I run the sa-learn as root user and it seems like this is the data based
that is being used so it would be global data base used for all mail
users?
X-Spam-Flag: YES
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.9 required=5.0 tests=BAYES_50,FROM_12LTRDOM,
HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,
RCVD_IN_MSPIKE_L5,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_DBL_SPAM,
URIBL_JP_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.4.0
X-Spam-Report:
* 1.6 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: curingaidtrade.com]
* 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: curingaidtrade.com]
* 1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
* [95.128.19.6 listed in bb.barracudacentral.org]
* 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
* [URIs: curingaidtrade.com]
* 0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [95.128.19.6 listed in zen.spamhaus.org]
* 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: curingaidtrade.com]
* 2.4 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
* [95.128.19.6 listed in bl.mailspike.net]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.5000]
* 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
* 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
* 0.1 FROM_12LTRDOM From a 12-letter domain
> On Fri, 30 Oct 2015, junk@lexoncom.com wrote:
>
>> thx, that explains the issue.
>> I setup a dns server outside the amazon server.
>> Now, i can finally do the lookup:
>> root@aws:~# host -tTXT 2.0.0.127.multi.uribl.com
>> 2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
>>
>> X-Spam-Flag: YES
>> X-Spam-Level: *******
>> X-Spam-Status: Yes, score=7.0 required=5.0 tests=BAYES_00,
>> HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
>> RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BRBL_LASTEXT,SPF_HELO_PASS,
>> SPF_PASS,URIBL_BLACK,URIBL_DBL_SPAM autolearn=disabled version=3.4.0
>> X-Spam-Report:
>> * 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
>> * [URIs: yokooo.com]
>> * 1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
>> * [208.80.12.43 listed in bb.barracudacentral.org]
>> * -0.0 SPF_PASS SPF: sender matches SPF record
>> * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
>> * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
>> * [score: 0.0000]
>> * 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
>> * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
>> identical to
>> * background
>> * 0.0 HTML_MESSAGE BODY: HTML included in message
>> * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
>> * [cf: 100]
>> * 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence
>> level
>> * above 50%
>> * [cf: 100]
>> * 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
>> * 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
>> * [URIs: yokooo.com]
>
> Bravo! Now all you need to do is wipe and retrain your Bayes database with
> known-good corpora to get rid of that BAYES_00.
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> ...the Fates notice those who buy chainsaws...
> -- www.darwinawards.com
> -----------------------------------------------------------------------
> Tomorrow: Halloween
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by John Hardin <jh...@impsec.org>.
On Fri, 30 Oct 2015, junk@lexoncom.com wrote:
> thx, that explains the issue.
> I setup a dns server outside the amazon server.
> Now, i can finally do the lookup:
> root@aws:~# host -tTXT 2.0.0.127.multi.uribl.com
> 2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
>
> X-Spam-Flag: YES
> X-Spam-Level: *******
> X-Spam-Status: Yes, score=7.0 required=5.0 tests=BAYES_00,
> HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
> RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BRBL_LASTEXT,SPF_HELO_PASS,
> SPF_PASS,URIBL_BLACK,URIBL_DBL_SPAM autolearn=disabled version=3.4.0
> X-Spam-Report:
> * 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> * [URIs: yokooo.com]
> * 1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
> * [208.80.12.43 listed in bb.barracudacentral.org]
> * -0.0 SPF_PASS SPF: sender matches SPF record
> * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
> * [score: 0.0000]
> * 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
> * background
> * 0.0 HTML_MESSAGE BODY: HTML included in message
> * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> * [cf: 100]
> * 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
> * above 50%
> * [cf: 100]
> * 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> * 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
> * [URIs: yokooo.com]
Bravo! Now all you need to do is wipe and retrain your Bayes database with
known-good corpora to get rid of that BAYES_00.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
Tomorrow: Halloween
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
thx, that explains the issue.
I setup a dns server outside the amazon server.
Now, i can finally do the lookup:
root@aws:~# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
X-Spam-Flag: YES
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.0 required=5.0 tests=BAYES_00,
HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BRBL_LASTEXT,SPF_HELO_PASS,
SPF_PASS,URIBL_BLACK,URIBL_DBL_SPAM autolearn=disabled version=3.4.0
X-Spam-Report:
* 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: yokooo.com]
* 1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
* [208.80.12.43 listed in bb.barracudacentral.org]
* -0.0 SPF_PASS SPF: sender matches SPF record
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to
* background
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
* [cf: 100]
* 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
* above 50%
* [cf: 100]
* 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
* [URIs: yokooo.com]
> On Fri, 30 Oct 2015 14:46:18 -0500
> junk@lexoncom.com wrote:
>
>> Further testing shows that both smazon and my public ips are blocked.
>> I never used my public ip for dns so why is it blocked?
>> Is it just my bad luck and the ip is just blocked on URBL?
>
> The rdns for these two addresses is
>
> ec2-54-189-149-10.us-west-2.compute.amazonaws.com.
> ec2-54-244-239-249.us-west-2.compute.amazonaws.com.
>
>>From
>
> http://uribl.com/datafeed_faq.shtml
>
> Why are DNS queries from my cloud instances
> (AmazonEC2/Softlayer/Rackspace/etc) blocked?
>
> Large subnets owned by Amazon and other cloud providers have been
> blocked due to high volume. Because amazon has so many networks, a
> single user may have multiple mail exchanges on multiple networks,
> and we have no ability to correlate this and block individual high
> volume users. We are looking at ways of improving our query limit
> system for those coming from large virtual hosting providers such as
> Amazon, but at this time we do not have anything in place. We do
> offer discounted Datafeed over DNS rates for low-volume, cloud
> hosted users who are effected by these wide ranging blocks. See
> Requesting the Datafeed Service and choose 'Cloud Hosted' on the
> request form.
>
>
>
>> root@aws:/home/user#
>> root@aws:/home/user# host -tTXT 2.0.0.127.multi.uribl.com
>> 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query
>> Refused. See http://uribl.com/refused.shtml for more information
>> [Your DNS IP: 54.189.149.10]"
>> root@aws:/home/user# sudo vi /etc/resolv.conf
>>
>> root@aws:/home/user# host -tTXT 2.0.0.127.multi.uribl.com
>> 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query
>> Refused. See http://uribl.com/refused.shtml for more information
>> [Your DNS IP: 54.244.239.249]"
>> root@aws:/home/user#
>>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by RW <rw...@googlemail.com>.
On Fri, 30 Oct 2015 14:46:18 -0500
junk@lexoncom.com wrote:
> Further testing shows that both smazon and my public ips are blocked.
> I never used my public ip for dns so why is it blocked?
> Is it just my bad luck and the ip is just blocked on URBL?
The rdns for these two addresses is
ec2-54-189-149-10.us-west-2.compute.amazonaws.com.
ec2-54-244-239-249.us-west-2.compute.amazonaws.com.
From
http://uribl.com/datafeed_faq.shtml
Why are DNS queries from my cloud instances (AmazonEC2/Softlayer/Rackspace/etc) blocked?
Large subnets owned by Amazon and other cloud providers have been
blocked due to high volume. Because amazon has so many networks, a
single user may have multiple mail exchanges on multiple networks,
and we have no ability to correlate this and block individual high
volume users. We are looking at ways of improving our query limit
system for those coming from large virtual hosting providers such as
Amazon, but at this time we do not have anything in place. We do
offer discounted Datafeed over DNS rates for low-volume, cloud
hosted users who are effected by these wide ranging blocks. See
Requesting the Datafeed Service and choose 'Cloud Hosted' on the
request form.
> root@aws:/home/user#
> root@aws:/home/user# host -tTXT 2.0.0.127.multi.uribl.com
> 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query
> Refused. See http://uribl.com/refused.shtml for more information
> [Your DNS IP: 54.189.149.10]"
> root@aws:/home/user# sudo vi /etc/resolv.conf
>
> root@aws:/home/user# host -tTXT 2.0.0.127.multi.uribl.com
> 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query
> Refused. See http://uribl.com/refused.shtml for more information
> [Your DNS IP: 54.244.239.249]"
> root@aws:/home/user#
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
Further testing shows that both smazon and my public ips are blocked.
I never used my public ip for dns so why is it blocked?
Is it just my bad luck and the ip is just blocked on URBL?
root@aws:/home/user#
root@aws:/home/user# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused.
See http://uribl.com/refused.shtml for more information [Your DNS IP:
54.189.149.10]"
root@aws:/home/user# sudo vi /etc/resolv.conf
root@aws:/home/user# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused.
See http://uribl.com/refused.shtml for more information [Your DNS IP:
54.244.239.249]"
root@aws:/home/user#
>> On Fri, 30 Oct 2015, junk@lexoncom.com wrote:
>>
>>> I already cleaned the db to make sure I dont have it broken.
>>> Would it be better to turn off the autolearn.
>>> Teach sa ham and spam from over 200 messages and then turn back the
>>> autolearn?
>>
>> How big is your userbase and ham email volume?
>
>>
>> If both are fairly small, I'd leave autolearn turned off and do purely
>> manual classification and training. That's what I do and I have good
>> results, but I'm only supporting 5 users.
>>
> similar to yours
> i have been running sa for few years so i do have like
> 80000-100000 entries in auto-whitelist per user
> i cleared it and i will start over
> with no auto-whitelist enabled for now
>
>> Turn off autolearn to start while you're evaluating the performance of
>> your initial corpora. Train any FPs and FNs (keeping them as part of
>> your
>> reference training corpora), and get your DNS issues resolved.
>>
> not sure where is the problem with dns
> as i have the caching server setup
>
>> Once things are stable and working smoothly for a while, then you can
>> turn
>> autolearn back on if you feel your mail volume justifies it.
>>
>> --
>> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
>> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>> -----------------------------------------------------------------------
>> ...the Fates notice those who buy chainsaws...
>> -- www.darwinawards.com
>> -----------------------------------------------------------------------
>> Tomorrow: Halloween
>>
>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
> On Fri, 30 Oct 2015, junk@lexoncom.com wrote:
>
>> I already cleaned the db to make sure I dont have it broken.
>> Would it be better to turn off the autolearn.
>> Teach sa ham and spam from over 200 messages and then turn back the
>> autolearn?
>
> How big is your userbase and ham email volume?
>
> If both are fairly small, I'd leave autolearn turned off and do purely
> manual classification and training. That's what I do and I have good
> results, but I'm only supporting 5 users.
>
similar to yours
i have been running sa for few years so i do have like
80000-100000 entries in auto-whitelist per user
i cleared it and i will start over
with no auto-whitelist enabled for now
> Turn off autolearn to start while you're evaluating the performance of
> your initial corpora. Train any FPs and FNs (keeping them as part of your
> reference training corpora), and get your DNS issues resolved.
>
not sure where is the problem with dns
as i have the caching server setup
> Once things are stable and working smoothly for a while, then you can turn
> autolearn back on if you feel your mail volume justifies it.
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> ...the Fates notice those who buy chainsaws...
> -- www.darwinawards.com
> -----------------------------------------------------------------------
> Tomorrow: Halloween
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by John Hardin <jh...@impsec.org>.
On Fri, 30 Oct 2015, junk@lexoncom.com wrote:
> I already cleaned the db to make sure I dont have it broken.
> Would it be better to turn off the autolearn.
> Teach sa ham and spam from over 200 messages and then turn back the
> autolearn?
How big is your userbase and ham email volume?
If both are fairly small, I'd leave autolearn turned off and do purely
manual classification and training. That's what I do and I have good
results, but I'm only supporting 5 users.
Turn off autolearn to start while you're evaluating the performance of
your initial corpora. Train any FPs and FNs (keeping them as part of your
reference training corpora), and get your DNS issues resolved.
Once things are stable and working smoothly for a while, then you can turn
autolearn back on if you feel your mail volume justifies it.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
Tomorrow: Halloween
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
I already cleaned the db to make sure I dont have it broken.
Would it be better to turn off the autolearn.
Teach sa ham and spam from over 200 messages and then turn back the
autolearn?
thx
> On Thu, 29 Oct 2015, Martin Gregorie wrote:
>
>> On Tue, 2015-10-27 at 14:19 -0500, junk@lexoncom.com wrote:
>>> I dont use any ham training.Should I scan all my folders with this
>>> command:
>>> sa-learn --ham --mbox /home/username/mail/foldername
>>
>> YES - if Bayes never gets trained on ham, how do you expect it to
>> recognise the difference between ham and spam?
>>
>> Bayes won't start to work until it has seen 200 examples of ham and 200
>> examples of spam.
>
> Again: *vetted* ham and spam. Don't just blindly throw your inbox at it
> assuming your inbox is pristine.
>
>>> "is the bayes-db of this user *realy* used at scan time"
>>> how do i check that?
>>
>> When its working you'll see BAYES_nn rules firing.
>
> Note BAYES_00 in the report below. The OP is getting ham from *somewhere*.
> If he's never manually trained ham then it's probably coming from
> autolearn, and depending on other issues that might have poisoned the
> database from the start.
>
>>> example mail sa headers:
>>>
>>> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
>>> ip-10-254-37-89.us-west-2.compute.internal
>>> X-Spam-Level: ***
>>> X-Spam-Status: No, score=3.1 required=5.0
>>> tests=BAYES_00,HTML_MESSAGE,
>>> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_C
>>> HECK,SPF_HELO_PASS,
>>> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no
>>> autolearn_force=no
>>> version=3.4.0
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> ...the Fates notice those who buy chainsaws...
> -- www.darwinawards.com
> -----------------------------------------------------------------------
> Tomorrow: Halloween
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by John Hardin <jh...@impsec.org>.
On Thu, 29 Oct 2015, Martin Gregorie wrote:
> On Tue, 2015-10-27 at 14:19 -0500, junk@lexoncom.com wrote:
>> I dont use any ham training.Should I scan all my folders with this
>> command:
>> sa-learn --ham --mbox /home/username/mail/foldername
>
> YES - if Bayes never gets trained on ham, how do you expect it to
> recognise the difference between ham and spam?
>
> Bayes won't start to work until it has seen 200 examples of ham and 200
> examples of spam.
Again: *vetted* ham and spam. Don't just blindly throw your inbox at it
assuming your inbox is pristine.
>> "is the bayes-db of this user *realy* used at scan time"
>> how do i check that?
>
> When its working you'll see BAYES_nn rules firing.
Note BAYES_00 in the report below. The OP is getting ham from *somewhere*.
If he's never manually trained ham then it's probably coming from
autolearn, and depending on other issues that might have poisoned the
database from the start.
>> example mail sa headers:
>>
>> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
>> ip-10-254-37-89.us-west-2.compute.internal
>> X-Spam-Level: ***
>> X-Spam-Status: No, score=3.1 required=5.0
>> tests=BAYES_00,HTML_MESSAGE,
>> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_C
>> HECK,SPF_HELO_PASS,
>> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no
>> autolearn_force=no
>> version=3.4.0
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
Tomorrow: Halloween
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 30.10.2015 um 18:01 schrieb David B Funk:
> On Fri, 30 Oct 2015, Reindl Harald wrote:
>>
>> Am 29.10.2015 um 01:06 schrieb Martin Gregorie:
>>> If you don't understand how to install and configure a DNS server and
>>> prefer printed material to online documents, get the O'Reilly book "DNS
>>> and BIND"
>>
>> no need for use bind at all for cahcing nameservers, unbound is much
>> faster for *that* task and works more or less out-of-the-box
>>
>> unbound.conf on our inbound MX while all production nameservers with
>> authoritative zones are bind
> [snip..]
>
> Just be sure to set the access-control correctly to prevent use/abuse by
> remote attackers. Open recursive DNS servers are a favorite DDOS tool
well, you snipped that part.....
interface: 127.0.0.1
access-control: 127.0.0.0/8 allow
for DDOS it don't matter if is a recursive or a authoritative
nameserver, ANY records of auth servers without respone rate limiting
are amplification enough
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Fri, 30 Oct 2015, Reindl Harald wrote:
>
>
> Am 29.10.2015 um 01:06 schrieb Martin Gregorie:
>> If you don't understand how to install and configure a DNS server and
>> prefer printed material to online documents, get the O'Reilly book "DNS
>> and BIND"
>
> no need for use bind at all for cahcing nameservers, unbound is much faster
> for *that* task and works more or less out-of-the-box
>
> unbound.conf on our inbound MX while all production nameservers with
> authoritative zones are bind
[snip..]
Just be sure to set the access-control correctly to prevent use/abuse by
remote attackers. Open recursive DNS servers are a favorite DDOS tool.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 29.10.2015 um 01:06 schrieb Martin Gregorie:
> If you don't understand how to install and configure a DNS server and
> prefer printed material to online documents, get the O'Reilly book "DNS
> and BIND"
no need for use bind at all for cahcing nameservers, unbound is much
faster for *that* task and works more or less out-of-the-box
unbound.conf on our inbound MX while all production nameservers with
authoritative zones are bind
server:
verbosity: 1
statistics-interval: 86400
statistics-cumulative: no
extended-statistics: no
num-threads: 1
outgoing-range: 1024
num-queries-per-thread: 512
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
so-rcvbuf: 4m
so-sndbuf: 4m
minimal-responses: yes
msg-cache-size: 64m
neg-cache-size: 64m
rrset-cache-size: 128m
cache-min-ttl: 300
cache-max-ttl: 10800
interface: 127.0.0.1
access-control: 127.0.0.0/8 allow
interface-automatic: no
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
max-udp-size: 1024
edns-buffer-size: 1024
do-tcp: yes
do-daemonize: yes
username: "unbound"
directory: "/etc/unbound"
chroot: "/etc/unbound"
use-syslog: yes
log-time-ascii: yes
pidfile: "/run/unbound/unbound.pid"
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: no
harden-referral-path: no
use-caps-for-id: no
unwanted-reply-threshold: 10000000
do-not-query-localhost: no
prefetch: yes
prefetch-key: yes
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Jari Fredriksson <ja...@iki.fi>.
On 30.10.2015 19:53, junk@lexoncom.com wrote:
>>
> I did configure local recursive server and set both spam local.cf and
> resolved.conf to point to 127.0.0.1 and I still get the blocks.
>
The file name for that is /etc/resolv.conf
NOT resolved.conf
Also if you update local.cf and you run spamd the spamd daemon must be
restarted.
br. jarif
>
> Return-Path: <Pe...@allenlawpa.staredoll.com>
> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on xxx
> X-Spam-Level:
> X-Spam-Status: No, score=-1.9 required=5.0
> tests=BAYES_00,HTML_MESSAGE,
> SPF_HELO_PASS,SPF_PASS,T_REMOTE_IMAGE,URIBL_BLOCKED
> autolearn=ham
> autolearn_force=no version=3.4.0
> X-Spam-Report:
> * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> * -0.0 SPF_PASS SPF: sender matches SPF record
> * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
> blocked.
> * See
> http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
> * for more information.
> * [URIs: motortrend.com]
> * 0.0 HTML_MESSAGE BODY: HTML included in message
> * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
> * [score: 0.0000]
> * 0.0 T_REMOTE_IMAGE Message contains an external image
>
>
>
>>
>> Martin
>>
>>
--
jarif.bit
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Martin Gregorie <ma...@gregorie.org>.
On Fri, 2015-10-30 at 12:53 -0500, junk@lexoncom.com wrote:
> I did configure local recursive server and set both spam local.cf and
> resolved.conf to point to 127.0.0.1 and I still get the blocks.
>
Double check that there are no 'forward' options in /etc/names.conf or
in files in /etc/named
Kindly show us the listen-on{...} option(s) in /etc/named.conf as well
as exactly what is in /etc/resolv.conf.
The number and order of 'nameserver' directives is important because
they, in conjunction with the DNS listen-on options affect what DNS
server(s) SA will try to use.
Martin
PS: apologies if this seems to be failing to keep up with the rest of
the discussion, but currently something in my ISP's smarthost seems to
be taking 24 hours to pass on the mail it receives.
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
> On Tue, 2015-10-27 at 14:19 -0500, junk@lexoncom.com wrote:
>> I dont use any ham training.Should I scan all my folders with this
>> command:
>> sa-learn --ham --mbox /home/username/mail/foldername
>>
> YES - if Bayes never gets trained on ham, how do you expect it to
> recognise the difference between ham and spam?
>
> Bayes won't start to work until it has seen 200 examples of ham and 200
> examples of spam.
thx, i started to sort the emails for a learnng process
>
>> "is the bayes-db of this user *realy* used at scan time"
>> how do i check that?
>>
> When its working you'll see BAYES_nn rules firing.
>
>> I use the procemail to pass all mail through spam assassin.
>> I use default ubuntu setup with Razors enabled.
>> It does catches spam but not the one i attached in original post.
>>
>> example mail sa headers:
>>
>> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
>> ip-10-254-37-89.us-west-2.compute.internal
>> X-Spam-Level: ***
>> X-Spam-Status: No, score=3.1 required=5.0
>> tests=BAYES_00,HTML_MESSAGE,
>> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_C
>> HECK,SPF_HELO_PASS,
>> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no
>> autolearn_force=no
>> version=3.4.0
>>
> As others have said, URIBL-BLOCKED shows that the number of BL lookups
> from all the people using whatever DNS server you're using exceeds the
> free usage count for the BL server. BL servers count messages from a
> particular DNS and don't know/can't find out how many people are using
> a particular DNS server to do BL lookups. To get round that you need
> your own DNS server, configured the do recursive lookups and NOT to
> forward queries to any other DNS server.
>
> So, set up your own recursive, non-forwarding DNS server on the host
> where you're running SA. Configure that host to pass all DNS queries to
> your new DNS server by configuring /etc/resolv.conf as I and others
> have described.
>
> If you don't understand how to install and configure a DNS server and
> prefer printed material to online documents, get the O'Reilly book "DNS
> and BIND".
>
I did configure local recursive server and set both spam local.cf and
resolved.conf to point to 127.0.0.1 and I still get the blocks.
Return-Path: <Pe...@allenlawpa.staredoll.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on xxx
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,HTML_MESSAGE,
SPF_HELO_PASS,SPF_PASS,T_REMOTE_IMAGE,URIBL_BLOCKED autolearn=ham
autolearn_force=no version=3.4.0
X-Spam-Report:
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked.
* See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
* for more information.
* [URIs: motortrend.com]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* 0.0 T_REMOTE_IMAGE Message contains an external image
>
> Martin
>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by John Hardin <jh...@impsec.org>.
On Fri, 30 Oct 2015, junk@lexoncom.com wrote:
> If auto learn is enabled and header shows:
> autolearn=ham
>
> what happens when i classify that email later as spam?
Essentially, the tokens from that message in the bayes database will be
converted from "hammy" to "spammy". This is normal reclassification of a
FN, nothing unusual about it.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
Tomorrow: Halloween
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
If auto learn is enabled and header shows:
autolearn=ham
what happens when i classify that email later as spam?
thx
> On Tue, 2015-10-27 at 14:19 -0500, junk@lexoncom.com wrote:
>> I dont use any ham training.Should I scan all my folders with this
>> command:
>> sa-learn --ham --mbox /home/username/mail/foldername
>>
> YES - if Bayes never gets trained on ham, how do you expect it to
> recognise the difference between ham and spam?
>
> Bayes won't start to work until it has seen 200 examples of ham and 200
> examples of spam.
>
>> "is the bayes-db of this user *realy* used at scan time"
>> how do i check that?
>>
> When its working you'll see BAYES_nn rules firing.
>
>> I use the procemail to pass all mail through spam assassin.
>> I use default ubuntu setup with Razors enabled.
>> It does catches spam but not the one i attached in original post.
>>
>> example mail sa headers:
>>
>> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
>> ip-10-254-37-89.us-west-2.compute.internal
>> X-Spam-Level: ***
>> X-Spam-Status: No, score=3.1 required=5.0
>> tests=BAYES_00,HTML_MESSAGE,
>> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_C
>> HECK,SPF_HELO_PASS,
>> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no
>> autolearn_force=no
>> version=3.4.0
>>
> As others have said, URIBL-BLOCKED shows that the number of BL lookups
> from all the people using whatever DNS server you're using exceeds the
> free usage count for the BL server. BL servers count messages from a
> particular DNS and don't know/can't find out how many people are using
> a particular DNS server to do BL lookups. To get round that you need
> your own DNS server, configured the do recursive lookups and NOT to
> forward queries to any other DNS server.
>
> So, set up your own recursive, non-forwarding DNS server on the host
> where you're running SA. Configure that host to pass all DNS queries to
> your new DNS server by configuring /etc/resolv.conf as I and others
> have described.
>
> If you don't understand how to install and configure a DNS server and
> prefer printed material to online documents, get the O'Reilly book "DNS
> and BIND".
>
>
> Martin
>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Martin Gregorie <ma...@gregorie.org>.
On Tue, 2015-10-27 at 14:19 -0500, junk@lexoncom.com wrote:
> I dont use any ham training.Should I scan all my folders with this
> command:
> sa-learn --ham --mbox /home/username/mail/foldername
>
YES - if Bayes never gets trained on ham, how do you expect it to
recognise the difference between ham and spam?
Bayes won't start to work until it has seen 200 examples of ham and 200
examples of spam.
> "is the bayes-db of this user *realy* used at scan time"
> how do i check that?
>
When its working you'll see BAYES_nn rules firing.
> I use the procemail to pass all mail through spam assassin.
> I use default ubuntu setup with Razors enabled.
> It does catches spam but not the one i attached in original post.
>
> example mail sa headers:
>
> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
> ip-10-254-37-89.us-west-2.compute.internal
> X-Spam-Level: ***
> X-Spam-Status: No, score=3.1 required=5.0
> tests=BAYES_00,HTML_MESSAGE,
> RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_C
> HECK,SPF_HELO_PASS,
> SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no
> autolearn_force=no
> version=3.4.0
>
As others have said, URIBL-BLOCKED shows that the number of BL lookups
from all the people using whatever DNS server you're using exceeds the
free usage count for the BL server. BL servers count messages from a
particular DNS and don't know/can't find out how many people are using
a particular DNS server to do BL lookups. To get round that you need
your own DNS server, configured the do recursive lookups and NOT to
forward queries to any other DNS server.
So, set up your own recursive, non-forwarding DNS server on the host
where you're running SA. Configure that host to pass all DNS queries to
your new DNS server by configuring /etc/resolv.conf as I and others
have described.
If you don't understand how to install and configure a DNS server and
prefer printed material to online documents, get the O'Reilly book "DNS
and BIND".
Martin
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
I dont use any ham training.Should I scan all my folders with this command:
sa-learn --ham --mbox /home/username/mail/foldername
"is the bayes-db of this user *realy* used at scan time"
how do i check that?
I use the procemail to pass all mail through spam assassin.
I use default ubuntu setup with Razors enabled.
It does catches spam but not the one i attached in original post.
example mail sa headers:
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
ip-10-254-37-89.us-west-2.compute.internal
X-Spam-Level: ***
X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_00,HTML_MESSAGE,
RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,
SPF_PASS,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no autolearn_force=no
version=3.4.0
ubuntu@ip-10-254-37-89:~$ cat /etc/spamassassin/local.cf
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################
# Add *****SPAM***** to the Subject header of spam e-mails
#
# rewrite_header Subject *****SPAM*****
# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.
# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
#
# required_score 5.0
# Use Bayesian classifier (default: 1)
#
# use_bayes 1
# Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1
# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status
# Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
#
# shortcircuit USER_IN_WHITELIST on
# shortcircuit USER_IN_DEF_WHITELIST on
# shortcircuit USER_IN_ALL_SPAM_TO on
# shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU
#
# shortcircuit USER_IN_BLACKLIST on
# shortcircuit USER_IN_BLACKLIST_TO on
# shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99 spam
# shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit
# Vipul's Razor options.
use_razor2 1
#razor_timeout 10
razor_config /etc/razor/razor-agent.conf
loadplugin Mail::SpamAssassin::Plugin::Razor2
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
procmail setup:
:0fw: spamassassin.lock
* < 256000
| spamassassin
# Mails with a score of 15 or higher are almost certainly spam (with 0.05%
# false positives according to rules/STATISTICS.txt). Let's put them in a
# different mbox. (This one is optional.)
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/var/spool/mail/junk
# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "probably-spam".
:0:
* ^X-Spam-Status: Yes
/var/spool/mail/junk
>
>
> Am 27.10.2015 um 18:50 schrieb junk@lexoncom.com:
>> I use spam assassin with razors on ubuntu server.
>> In recent months i started to get tons of spam.
>> Spam assassin does not catch it and scores are very low.
>>
>> Are those emails fabricated so well that they look like legitimate? Can
>> i
>> do something to catch those as spam?
>>
>> I moved them all to one folder called spam and i run this command every
>> 5
>> minutes on that folder:
>> sa-learn --spam --mbox /home/username/mail/INBOX.spam
>> but it does not help
>
> do you have enough *ham* trained?
> is the bayes-db of this user *realy* used at scan time
> what are the SA-headers of mails passing through?
>
> sorry but you need to provide basic informations
>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 27.10.2015 um 18:50 schrieb junk@lexoncom.com:
> I use spam assassin with razors on ubuntu server.
> In recent months i started to get tons of spam.
> Spam assassin does not catch it and scores are very low.
>
> Are those emails fabricated so well that they look like legitimate? Can i
> do something to catch those as spam?
>
> I moved them all to one folder called spam and i run this command every 5
> minutes on that folder:
> sa-learn --spam --mbox /home/username/mail/INBOX.spam
> but it does not help
do you have enough *ham* trained?
is the bayes-db of this user *realy* used at scan time
what are the SA-headers of mails passing through?
sorry but you need to provide basic informations
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Reindl Harald <h....@thelounge.net>.
Am 27.10.2015 um 20:23 schrieb Marc Perkel:
> Also - add a highest numbers MX record tarbaby.junkemailfilter.com
> This will help tune our list to your spam and also get rid of a lot od it
how do you distinct fools like facebook at the moment always trying
first the backup-MX (which is here a postscreen honeypot always
repsonding 4xx if the sending IP is not on eough blacklists for score
based reject) and real spammers?
don't get me wrong - i use "tarbaby.junkemailfilter.com" but *only* for
honeypot domains which don't expect legit mail for sure
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Marc Perkel <su...@junkemailfilter.com>.
On 10/27/15 14:16, David Jones wrote:
>>> Also - add a highest numbers MX record tarbaby.junkemailfilter.com
>>>
>>> This will help tune our list to your spam and also get rid of a lot od it.
>>>
> Is this safe to use with greylisting on the lower MX records? I see you
> temp fail (4xx) all email so it should be safe. Didn't see anything about
> greylisting side effects on your main web site wiki documentation so I
> thought I would ask.
> I filter for about 97,000 unique mailboxes and have been temp failing
> on a high MX for years but I wasn't sure what it took to "commit
> several sins" in your logic before it would become blacklisted on your
> RBL. I know you won't divulge your "secret sauce" and wouldn't
> expect you to but I would need some assurance that legit email
> servers trying a higher MX because the lower ones were doing
> greylisting won't get listed in your RBL.
>
> Thanks,
> Dave Jones
>
Yes - it's greylist safe.
I'm looking for a lot of things. I measure data rates. I look at HELO. I
look at RDNS. I look for attempts to impersonate other domains. I look
to see if it closes the connection with QUIT. I also advertize
authentication - but there is no authentication. All passwords are
accepted. This attracts hackers that I blacklist. And it wastes spammers
resources.
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by David Jones <dj...@ena.com>.
>> Also - add a highest numbers MX record tarbaby.junkemailfilter.com
>>
>> This will help tune our list to your spam and also get rid of a lot od it.
>>
Is this safe to use with greylisting on the lower MX records? I see you
temp fail (4xx) all email so it should be safe. Didn't see anything about
greylisting side effects on your main web site wiki documentation so I
thought I would ask.
I filter for about 97,000 unique mailboxes and have been temp failing
on a high MX for years but I wasn't sure what it took to "commit
several sins" in your logic before it would become blacklisted on your
RBL. I know you won't divulge your "secret sauce" and wouldn't
expect you to but I would need some assurance that legit email
servers trying a higher MX because the lower ones were doing
greylisting won't get listed in your RBL.
Thanks,
Dave Jones
> Marc Perkel - Sales/Support
> support@junkemailfilter.com
> http://www.junkemailfilter.com
> Junk Email Filter dot com
>415-992-3400
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Marc Perkel <su...@junkemailfilter.com>.
Yes - add to local.cf
As the highest numbered MX record tarbaby,junkemailfilter.com usually
only sees virus bots. It never accepts email and refuses with a 4xx
error in case something legit hits it. So we never see your email.
It also doesn't blacklist good email. The sender has to commit several
"sins" before it is blacklisted. So it's safe - gets rid of some spam,
and helps tune our blacklists to include more bad actors.
On 10/27/15 12:48, junk@lexoncom.com wrote:
> can you explain how this works?
> Do i add this to spam local.cf file?
>
> would not
>> Also - add a highest numbers MX record tarbaby.junkemailfilter.com
> allow your servers to see my emails?
>
> thx
>
>
>> You can use my black and white lists. It should help.
>>
>> header __RCVD_IN_HOSTKARMA
>> eval:check_rbl('HOSTKARMA-lastexternal','hostkarma.junkemailfilter.com.')
>> describe __RCVD_IN_HOSTKARMA Sender listed in JunkEmailFilter
>> tflags __RCVD_IN_HOSTKARMA net
>>
>> header RCVD_IN_HOSTKARMA_W eval:check_rbl_sub('HOSTKARMA-lastexternal',
>> '127.0.0.1')
>> describe RCVD_IN_HOSTKARMA_W Sender listed in HOSTKARMA-WHITE
>> tflags RCVD_IN_HOSTKARMA_W net nice
>> score RCVD_IN_HOSTKARMA_W -5
>>
>> header RCVD_IN_HOSTKARMA_BL eval:check_rbl_sub('HOSTKARMA-lastexternal',
>> '127.0.0.2')
>> describe RCVD_IN_HOSTKARMA_BL Sender listed in HOSTKARMA-BLACK
>> tflags RCVD_IN_HOSTKARMA_BL net
>> score RCVD_IN_HOSTKARMA_BL 3.0
>>
>> header RCVD_IN_HOSTKARMA_BR eval:check_rbl_sub('HOSTKARMA-lastexternal',
>> '127.0.0.4')
>> describe RCVD_IN_HOSTKARMA_BR Sender listed in HOSTKARMA-BROWN
>> tflags RCVD_IN_HOSTKARMA_BR net
>> score RCVD_IN_HOSTKARMA_BR 1.0
>>
>>
>> Also - add a highest numbers MX record tarbaby.junkemailfilter.com
>>
>> This will help tune our list to your spam and also get rid of a lot od it.
>>
>> On 10/27/15 10:50, junk@lexoncom.com wrote:
>>> sa-learn --spam --mbox /home/username/mail/INBOX.spam
>> --
>> Marc Perkel - Sales/Support
>> support@junkemailfilter.com
>> http://www.junkemailfilter.com
>> Junk Email Filter dot com
>> 415-992-3400
>>
>>
>
>
>
>
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by ju...@lexoncom.com.
can you explain how this works?
Do i add this to spam local.cf file?
would not
> Also - add a highest numbers MX record tarbaby.junkemailfilter.com
allow your servers to see my emails?
thx
> You can use my black and white lists. It should help.
>
> header __RCVD_IN_HOSTKARMA
> eval:check_rbl('HOSTKARMA-lastexternal','hostkarma.junkemailfilter.com.')
> describe __RCVD_IN_HOSTKARMA Sender listed in JunkEmailFilter
> tflags __RCVD_IN_HOSTKARMA net
>
> header RCVD_IN_HOSTKARMA_W eval:check_rbl_sub('HOSTKARMA-lastexternal',
> '127.0.0.1')
> describe RCVD_IN_HOSTKARMA_W Sender listed in HOSTKARMA-WHITE
> tflags RCVD_IN_HOSTKARMA_W net nice
> score RCVD_IN_HOSTKARMA_W -5
>
> header RCVD_IN_HOSTKARMA_BL eval:check_rbl_sub('HOSTKARMA-lastexternal',
> '127.0.0.2')
> describe RCVD_IN_HOSTKARMA_BL Sender listed in HOSTKARMA-BLACK
> tflags RCVD_IN_HOSTKARMA_BL net
> score RCVD_IN_HOSTKARMA_BL 3.0
>
> header RCVD_IN_HOSTKARMA_BR eval:check_rbl_sub('HOSTKARMA-lastexternal',
> '127.0.0.4')
> describe RCVD_IN_HOSTKARMA_BR Sender listed in HOSTKARMA-BROWN
> tflags RCVD_IN_HOSTKARMA_BR net
> score RCVD_IN_HOSTKARMA_BR 1.0
>
>
> Also - add a highest numbers MX record tarbaby.junkemailfilter.com
>
> This will help tune our list to your spam and also get rid of a lot od it.
>
> On 10/27/15 10:50, junk@lexoncom.com wrote:
>> sa-learn --spam --mbox /home/username/mail/INBOX.spam
>
> --
> Marc Perkel - Sales/Support
> support@junkemailfilter.com
> http://www.junkemailfilter.com
> Junk Email Filter dot com
> 415-992-3400
>
>
Re: How to get rid of this spam? Spam assassin does not catch it
Posted by Marc Perkel <su...@junkemailfilter.com>.
You can use my black and white lists. It should help.
header __RCVD_IN_HOSTKARMA eval:check_rbl('HOSTKARMA-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_HOSTKARMA Sender listed in JunkEmailFilter
tflags __RCVD_IN_HOSTKARMA net
header RCVD_IN_HOSTKARMA_W eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.1')
describe RCVD_IN_HOSTKARMA_W Sender listed in HOSTKARMA-WHITE
tflags RCVD_IN_HOSTKARMA_W net nice
score RCVD_IN_HOSTKARMA_W -5
header RCVD_IN_HOSTKARMA_BL eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.2')
describe RCVD_IN_HOSTKARMA_BL Sender listed in HOSTKARMA-BLACK
tflags RCVD_IN_HOSTKARMA_BL net
score RCVD_IN_HOSTKARMA_BL 3.0
header RCVD_IN_HOSTKARMA_BR eval:check_rbl_sub('HOSTKARMA-lastexternal', '127.0.0.4')
describe RCVD_IN_HOSTKARMA_BR Sender listed in HOSTKARMA-BROWN
tflags RCVD_IN_HOSTKARMA_BR net
score RCVD_IN_HOSTKARMA_BR 1.0
Also - add a highest numbers MX record tarbaby.junkemailfilter.com
This will help tune our list to your spam and also get rid of a lot od it.
On 10/27/15 10:50, junk@lexoncom.com wrote:
> sa-learn --spam --mbox /home/username/mail/INBOX.spam
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400