Jonathan Nichols wrote:
> A friend of mine got this spam and wanted to share:
>
> http://www.spiffariffic.com/homelandsec.txt
>
I got this from my brother in the FDIC yesterday:
-Original Message-
From: Chairman Powell's Office
Sent: Friday, January 23, 2004 3:06 PM
To: FDIC EMPLOYEES
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: Monday, January 19, 2004 2:12 PM
> To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] BigEvil Archive
>
> Huh? That was posted 2 days ago! And I had tested it longer
> then that! IF there was an
> -Original Message-
> From: Manuel Schmitt [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 15, 2004 8:09 AM
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] Improvement: Image Recognition as spam criteria
>
> Dear readers,
>
> while using Spamassassin for about one month and having a
-Original Message-
From: David A. Carter [mailto:[EMAIL PROTECTED]
Sent: Monday, January 12, 2004 5:10 PM
To: Robert Strickler
Subject: RE: [SAtalk] Habeas mark and auto-learning as ham
Robert:
Just in case you didn't realize, you sent this only to me and not to the
entire list.
In re
Of course the phone number makes perfect fodder for a 10.0 rule.
-Original Message-
From: Jonathan Nichols [mailto:[EMAIL PROTECTED]
Sent: Monday, January 12, 2004 10:11 AM
To: SA
Subject: [SAtalk] MX Logic article
Well, *DUH*...
First these guys applaud the CAN-SPAM act, now they say "
Given the discussion of the recent problem with the Habeas mark being
autolearned as ham, I think it would be a good rule of thumb to skip the
bayes autolearning when a message has ANY negative score. This will prevent
future abuses of these types of scores from polluting the database.
The merits
One dufus spammer, beside spelling the drug correctly, also mentions the
generic name "Sildenafil Citrate". If not already in BigEvil, perhaps Chris
could add it.
Best Regards,
Bob
---
This SF.net email is sponsored by: Perforce Software.
Perfo
Looking at some of the samples of "hash buster" and "bayes poisoning" spam
that have been posted, it would seem to me the they go out of their way to
create a large number of unique words, either gobbledygook or random word
lists. SA should be able count the number of unique "words" and repeated
w
These companies need to get a Habeas mark.
Minimally, they should prescreen their formats through SA.
Any database created as suggested should include contact information that
could be used to provide those suggestions.
If/when such companies get whitelisted they should get a temporary reject
wit
If they are legit and value reaching their recipients, they should get a
Habeas mark. At the very least pre-scan their spew through an SA test box. I
have absolutely zero sympathy for such an organization that is so bereft of
email clues.
Best Regards, Bob
---
> It would seem to me that, for purposes of rule simplification, that the
subject and body of messages to be scanned should be available in
pre-processed flavors, some of which is currently available. Assume the spam
key is some thing like that Vuhee drug, V=P i=o e=a n=g s=r u=a (i.e.
Poensu)
>
>
>This paragraph suggests that the spelling transformation would
>proceed the ALPHED transformation.
Probably would have to be a fork rather than pipe, once it was phonemed, I
would think it would be hard to get back into recognizable English. Then
again that's what IBM ViaVoice and Dragon Dictate
>It might be convenient to view each these transformations as
operating on the output of the previous.
Indeed, I was. Elegance + Efficiency + Functionality = GoodCode(TM)
>Note that numbers are sometimes substituted for letters.
>[SNIP] This argues for phoneming and/or spell-checking before ALP
>>FOLDED set all lowercase
>> Remove HTML
>> punctuation to be underscore,
>Why on earth do you want to "set all lowercase"?
I guess folding the case might be overkill in the "simplification" process.
As a matter of curiosity, does the objection extend to doing
It would seem to me that, for purposes of rule simplification, that the
subject and body of messages to be scanned should be available in
pre-processed flavors, some of which is currently available. Assume the spam
key is some thing like that Vuhee drug, V=P i=o e=a n=g s=r u=a (i.e.
Poensu)
RAW
ler [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2003 12:46 PM
To: SpamTalk
Subject: Re: [SAtalk] Another dufus who cant configure their spam software
At 11:57 AM 11/24/2003, SpamTalk wrote:
>X-Spam-Status: No, hits=0.3 required=5.0 tests=TO_MALFORMED version=
Some content was [SNIP]ped to a) hide our interior routing & b) to remove
references to what they were touting.
Note the "Sender: ydcC:"\messages\names_a.txt" <[EMAIL PROTECTED]>"
where a random sender names would have been inserted.
===headers==
Received: from [SNIP] by [SNIP] with S
I have been noticing that the eye-readable text for most spam bears no
resemblance to the Reply-To where they are normally random characters, the
length of the Reply-To my be a combination factor to help differentiate it.
I wonder how good a spam sign it might be to calculate the correlation
betwe
-Original Message-
From: Fred I-IS.COM [mailto:[EMAIL PROTECTED]
>What we need is a Distributed fake replier
Actually you just need to have the program spoof the origination address and
craft the IP packets/timing so that it does not need the response that do
not show up. But again, we
quoting from //www.techweb.com/wire/story/TWB20030918S0012
"The Rating program is available for free to major Internet service
providers and web-based email providers, but, no deals have been reached"
I am not sure if Net56 qualifies as "major", but it seems to be something
that might be added to
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 2:23 PM
To: Spamassassin-Talk (E-mail)
Subject: [SAtalk] OT-spam virus? anyone heard of this?
I checked sarc.com but nothing on it. I heard this on a car board I am on.
Any truth?
"Just a no
From: John Wilcock [mailto:[EMAIL PROTECTED]
>On 26 Jun 2003 12:17:23 -0700, Daniel Quinlan wrote:
>> > B) run the rendered text through a grammar check, I assume that
>> > there is an open source analyzer available.
>>
>> Not really.
>And even if there were, what about the impact this might h
Somewhere in the not very distant future SA is going to have to:
A) render HTML to text ala LYNX
B) run the rendered text through a grammar check, I assume that there is an
open source analyzer available.
C) have the GA establish a Bayesian baseline of grammar scores indicative of
SPAM/HAM.
Buy
Why is this not in the FAQ with a big bold hyperlink on the home page?
Someone else moaned about how the wanted SpamAssassin off their computer not
too long ago and an excellent reply was posted. I intended use it to add a
FAQ entry. However the archive search appears to be totally broken or I am
s
Maybe Mail Corral on a gateway server would be a viable solution. Has anyone
used this product?
-Original Message-
From: Tony Hoyle [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 17, 2003 10:11 AM
To: 'Clayton, Nik [IT]'; Justin Mason
Cc: [EMAIL PROTECTED]
Subject: RE: [SAtalk] new faq
Discussion of gateways in the "success stories" thread got me thinking.
We are very much in the pilot stage with SA. We forward through a RH7.3
hardened with Bastille from an external Imail 7.1 server and a fire walled
Exchange 5.5 server.
Both Imail and Exchange have LDAP capabilities and Sendmail
We are getting flooded with emails that have a From address consisting of a
single word name all in caps, e.g.:
From: "ARLINDA" <[EMAIL PROTECTED]>
They are already way over the limit and are flagged. Anyone know what
spamware generates this kind of signature?
Received: from ilpalxr-dnsmx
>Some new malware?
Sure looks like a "unquestionably SPAM" header flag. Refuse it in the
milter, heh heh.
-Original Message-
From: Rich Puhek [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 10, 2002 3:43 PM
To: Dennis Boylan
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] New type of SPAM
The software is a lot more work to set up
and maintain, the hardware costs more but should install far more simply and
you can get support and hardware maintenance.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 22, 2002 6:50 AM
To: SpamTalk
If the load is that large it would probably justify a hardware or dedicated
software load-balancing solution. Doesn't Red hat appears to have an
"active" load balancing solution:
http://www.redhat.com/docs/manuals/advserver/RHLAS-2.1-Manual/install-guide/
s1-lvs-scheduling.html
http://makeashorterl
In the "bayes, spamd, and future of per-user/per-system bayes" thread
[EMAIL PROTECTED] remarked
>not so good when your primary MX *is* actually unreachable ;).
Couldn't we integrate an optional capability that would periodically make a
port 25 connection to a specified and QUIT saving the unava
Might worthwhile to peruse his regex and see if there is anything there to
incorporate in SA rules.
-Original Message-
From: Smart, Dan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 29, 2002 4:51 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Perspectives on (not) u
Would the delivery time of day be a useful value for nudging the score for
spam. Is there an easy way to test this in the GA?
---
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(S
2002 2:41 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] TOD score for SPAM
At Thu Oct 24 19:44:37 2002, SpamTalk wrote:
>
> Would the delivery time of day be a useful value for nudging the score
> for spam. Is there an easy way to test this in the GA?
It would be
Aint technology great? ;)
So we now know it is technically feasible, we just need some poor glutton
for punishment to step up and begin implementation.
-Original Message-
From: Scott A Crosby [mailto:scrosby@;cs.rice.edu]
Sent: Wednesday, October 16, 2002 1:52 PM
To: Robert Strickler
Cc:
I believe you will want to configure fetchmail to do the retrieval from your
provider and configure Netscape to read IMAP or POP3 from you localhost.
-Original Message-
From: lambert Bernard [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 15, 2002 1:38 PM
To: mail spamassassin
Subject:
>connection handed off to a small process independent of the MTA
No argument, certainly the way I would design it. Admittedly my serious
programming skills are over 5 years rusty and I have never tried to pass an
open handle across processes.
>ties up plenty of resources on my machine as well (2
YAY, I have actually made a useful contribution, well, a suggestion at
least.
Now to get that perl author to fix the .msg to mbox script.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 09, 2002 6:58 PM
To: Robert Strickler
Cc: [EMAIL PROTEC
AIL PROTECTED]]
Sent: Wednesday, October 09, 2002 5:59 PM
To: SpamTalk
Cc: [EMAIL PROTECTED]
Subject: RE: [SAtalk] "offers" in header a good rule for trapping spam
I would, but they're binary (Outlook?) files...
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[E
Attached are low-scoring (1.5, 3.5) emails, could someone push 'em through
2.42 and see if they get tagged?
-Original Message-
From: Malte S. Stretz [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 09, 2002 2:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] "offers" in header a good
The other cool palm app is the one that cracks the "encrypted" Cisco
passwords. You feed the garbled version and it spits the plaintext of the
password. As often as not someone has an old printout of the config laying
around and it's a bunch easier than the password recovery rigmarole.
Although fr
Currently running 2.21, hopefully moving to 2.42 (3?) waiting to see how the
current spamd failing issue works out.
I have been trapping a number of low scoring spam using the rules wizard in
outlook dump any message with the word "offers" in the headers (normally
seen as "offers@" or offers.domai
Are there any open source OCR programs? Or possibly Xerox could be coaxed to
release a "lite" version of its Textbridge recognition engine under GPL,
they certainly could use some positive PR nowadays.
Combined with a GA we should be able to target the most suspicious images
for recognition and co
I don't have time to point you to the url, I searched metacrawler for mySQL
replication and in one of the references it stated that you could not cross
platform replicate as the *.myd and *.myi files were not binary compatible
and that you had to use an sqldump command scenario to transport the d
om: Daniel Rogers [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 30, 2002 7:18 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] URL blacklist
On Mon, Sep 30, 2002 at 04:09:48PM -0500, SpamTalk wrote:
> Shouldn't a list such as this this be a part of the next release in
> the same ma
Shouldn't a list such as this this be a part of the next release in the same
manner as frequent spam phases?
-Original Message-
From: Andrew Burgess [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 30, 2002 12:45 PM
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] URL blacklist
Daniel Rog
I'd vote for separation. Having a choice is a good thing. Even if they are
non-co-operative Matt Kettler [[EMAIL PROTECTED]] mentioned
>If you're not listed as a 127.0.0.2 or 127.0.0.3 please don't
bother the administrator of relays.osirusoft.com
>You're listed 127.0.0.4
Maybe SA c
I would sack postfix before SA. Was any attempt made to query a postfix
mailing list?
Since postfix is installed, I assume that sendmail is not a viable
alternative (to be honest I am waiting for the next release of amvis or
spamass-milter. Someone mention mime-defang milter also supports SA but I
ed as spam
On Tue, 23 Jul 2002, SpamTalk wrote:
> It _IS_ spam. The fact it is from M$DN does not mitigate the fact that
> they take advantage of having your email address to load all that crap
> in the same boat.
It's not spam unless they send it unsolicited. The point is mer
It _IS_ spam. The fact it is from M$DN does not mitigate the fact that they
take advantage of having your email address to load all that crap in the
same boat. If you want it, whitelist it. All M$ would have to do is have
their marketing cretins run their proposed email thru an internal SA set up
We are still at v2.20, I am surprised that none of the "market-speak"
phrases triggered. There are several that should be in the 2.31 spam
phrases, maybe they are in the CVS?
Only takes [1-9] minutes
fill out our form
new home loan
Mortgage rates
take action now
Refinance your home
extra cash
you
spamass-milter appears to return from its call to "smfi_register(smfilter)"
but does not seem to exit and hangs the boot sequence.
The "/etc/init.d/sa-milter start" script has:
daemon spamass-milter /var/run/sendmail/spamass.sock
"/etc/init.d/sa-milter start &" leaves the following proce
1) the /etc/init.d/spamassassin script never seems to get launched on
startup
is there something else needed?
2) We originally installed/used SA with mailscanner. I tried to convert to
SA-exim but could not get it to start and none of the docs have been updated
to 4.05 the news groups wer
I created 7 new local.cf rules from just ONE spam that scored only 3.0 on
v2.20:
body BADCREDIT1 /bad credit/i
describe BADCREDIT1 talks about bad credit
body BETTERCREDIT1 /better credit/i
describe BETTERCREDIT1 talks about better credit
body CANHELPYOU1/can help you/i
I am not exactly certain on the YNIWHI regular expression syntax, the
grammatically correct comma/period/ellipsis should be optional. It should
match any of these:
you name it we have it
you name it, we have it
you name it. we have it
you name it... we have it
body LIVECHAT /LIVE CHAT/
We have added the following local.cf rules to cover spam that has slipped
through the v2.20 ruleset
body SPONSORED1 /brought to you by/i
describe SPONSORED1 spam with embedded commercials, SHEESH
body REMOVE1/REMOVE/
describe SPECIAL1 REMOVE in caps
body SPECIAL1
56 matches
Mail list logo
