SUBJ_RAND_UC_CHAR is working well... but I just saw a variant come
through.
Subject: Re: XBHGX,7844, tales of these
Looks like we'll need another rule for this guy - I guess it would be
something like:
Subject =~ /^Re:\s[A-Z]{2,8},\s[0-9]{2,8},\s[a-z]+\s[a-z]+\s[a-z]+\s*$/
Can someone confirm
On 17/12/2003 18:44, Ricki wrote:
> I was wondering, Is there a was to prevent spamassassin from scanning
> mail from a particular IP address ?
I use a perl script to check for a specific received line in each mail,
if it is there, it is a local mail and should not be scanned.
This is the scrip
it's still a pain to block them at the gateway. i spent about 4 hours
chucking in numbers into iptables and still they came in. i found out it
was this stupid new remote access trojan that acts as spam relays. i turned
on dnsbl.sorbs.net and havn't looked back since. had about a week where i
wa
hmm. i love www.sorbs.net dns BL. he says we can help by running a server
to help catch more rubbish and report it.
out of interest, does anybody do that here?
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 18, 2003 6:50 AM
To: 'Gary Funck'
> hmm. i love www.sorbs.net dns BL. he says we can help by
> running a server
> to help catch more rubbish and report it.
>
> out of interest, does anybody do that here?
You don't need to run your own server to do that - try www.spamcop.net
--
Peter SJF Bance CEng MBCS
CESG and BCS Listed
Dear group -
I used to run SA local on my Linux mailserver with great results. I was
quite pleased. Some time ago, I discovered that my ISP also started
filterig through SA and delivering the mail to my spool already tagged.
This seemd to cause some conflict with my local setup, because that
woul
On Fri, 19 Dec 2003, Aaron Everett <[EMAIL PROTECTED]> wrote:
> Subject: Re: XBHGX,7844, tales of these
Yes; in looking closer at the ones I've seen, I find one of this variant
also. It just had enough backhair that it was caught anyway. :-) Also,
my sample of that variant has more than 8 upp
On Fri, 19 Dec 2003 21:21:02 +, Iain Stevenson wrote
> System:
>
> Linux ppc (basicallu Yellowdog), 2.4.21 kernel
> Postfix
> amavisd-new-20030314
> spamassassin 2.6 or 2.61
> clamav-0.65
>
> System is configured to use the spamd interface to spamassassin. If
> I install the 2.6 or 2.61 ver
| System:
|
| Linux ppc (basicallu Yellowdog), 2.4.21 kernel
not that it should make any difference, but, you could
go through a trial and elimination process by upgrading
each software component to the latest version (start
with your kernel).
| Postfix
| amavisd-new-20030314
| spamassassin 2.6 or
[I'm reposting this question. I think it might've gotten lost in the
many messages over the past few days.]
Hello,
I've been using auto whitelist for a while now, but today while doing some
experimentation I'm wondering if the explicit (auto) white listing feature
is working at all (version 2.
Hi,
We've been burned a few times by spammers getting into our servers to send
out spam. Does anyone know (or can provide a reference) for how SA could be
integrated into qmail to examine outgoing emails?
Thanks.
Jeff Koch
---
This SF.net
At Sat Dec 20 11:29:26 2003, Erik van der Meulen wrote:
>
> Dear group -
>
> I used to run SA local on my Linux mailserver with great results. I was
> quite pleased. Some time ago, I discovered that my ISP also started
> filterig through SA and delivering the mail to my spool already tagged.
> T
Another mailing list pointed out the new ie exploit.
What would be the SA code to detect/block such and exploit in email.
Here's an untested potentially cpu intensive rule to detect this, I am not
reccomending this rule, but looking for an improved version of it.
uri KAM_URIPARSE /^[^\/]*\%0[01][^
Jeff Koch wrote:
We've been burned a few times by spammers getting into our servers to
send out spam. Does anyone know (or can provide a reference) for how SA
could be integrated into qmail to examine outgoing emails?
IMHO, your energy would be far better served working on securing your
servers
On Thu, 18 Dec 2003, Lars Magne Ingebrigtsen muttered drunkenly:
> If I run sa-learn while SpamAssassin is checking mail, I get messages
> like the following from the spam-checking process:
>
> Cannot open bayes databases /var/list/.spamassassin/bayes_* R/W: lock failed: File
> exists
>
> (This
So we implemented SA some time ago because our clients were getting too much spam.
Lately we have found that several html marked up emails have been getting marked as
spam. These ones are clearly fp's.
Some of the domains include Morningstar.com, charlesswab.com and several other
financial in
Good grief. What a 'holier than thou' attitude.
To be more specific we have had cases where user cgi scripts have been
subverted into being spam senders. And yes we don't allow FormMail scripts
that don't control the recipient list - but occasionally a user will
upload a weak formmail script a
Jeff Koch wrote:
Good grief. What a 'holier than thou' attitude.
Not in the slightest ... you didn't mention you had customers that might
be spammers (I won't touch that).
Based on your original post, it seemed to me that your primary problem
wasn't the spam going out, but that people were getting
Based on your query, I don't think David's suggest was at all 'holier than
thou'.
And I agree with him , that unless you plan on pushing ALL outbound traffic
from all your Webservers utilizing SMTP scripts,pushes,forms,etc to relay
off your SA Gateway before being pushed to the Internet, I would su
On 19 Dec 2003, at 22:15, Lukreme wrote:
I set the permissions on all the bayes files to 700 for all users and
I still ended up having them get switched to - after some
period of time. Although, it appears that this time it was a couple
of hours:
One more datum, this does not happen onl
I was wondering if the SA developers are considering adding support for
"Sender Permitted From" (SPF) in SA, as defined at spf.pobox.com? I have
been using a product call Declude JunkMail, that just added SPF support in a
beta version of their product, and it seems to be working quite well.
Altho
Hi,
I've attached 3 messages that are getting quite low scores by SA.
I'm running SA 2.60, with bayes. I frequently get messages quite similar
to these, a number of them every single day. And every day I run them
through sa-learn.
However they continue to get low scores.
Are spammers learning n
On Sat, Dec 20, 2003 at 11:49:37AM -0800, Bill Landry wrote:
> I was wondering if the SA developers are considering adding support for
> "Sender Permitted From" (SPF) in SA, as defined at spf.pobox.com? I have
We have test rules in 2.70 already. If you weren't at LISA 2003, we
pushed SPF at the
- Original Message -
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
> On Sat, Dec 20, 2003 at 11:49:37AM -0800, Bill Landry wrote:
> > I was wondering if the SA developers are considering adding support
> for
> > "Sender Permitted From" (SPF) in SA, as defined at spf.pobox.com? I
> have
>
I am trying to move some SpamAssassin 2.60 databases from a Red Hat 7.1
machine to a Debian Woody machine running SpamAssassin 2.61.
On the Red Hat 7.1 box I have the following auto whitelist and bayes files
(identity provided by file utility):
auto-whitelist.db: Berkeley DB (Hash, version 5, nat
On Sat, 20 Dec 2003 12:51:20 -0600, David Gibbs <[EMAIL PROTECTED]> writes:
> Jeff Koch wrote:
> > Good grief. What a 'holier than thou' attitude.
>
> Not in the slightest ... you didn't mention you had customers that might
> be spammers (I won't touch that).
>
> Based on your original post, it
On Sat, 20 Dec 2003 09:52:00 -0800, "Gary Smith" <[EMAIL PROTECTED]> writes:
> So we implemented SA some time ago because our clients were getting
> too much spam. Lately we have found that several html marked up
> emails have been getting marked as spam. These ones are clearly
> fp's.
>
> Some
Makes sense.
Gary Smith
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Saturday, December 20, 2003 12:45 PM
To: Gary Smith
Cc: [EMAIL PROTECTED]
Subject:Re: We have big evil now we need big good...
On Sat, 20 Dec 2003 09:52:00 -0800, "Gar
Peter SJF Bance wrote:
All,
[Hoping this gets through, and isn't blocked by SpamAssassin on another
server!!]
I've been trying to work this one out for a few days now - I run various
mailman lists, and recently all my mail has been rejected when I've
attempted to post to them. I use Sendmail, Am
Hi Chris,
> I might be wrong here, but there is only 1 received line. Since you
> stated you are using your ISP's SMTP gateway, can I assume that
> smtp.ntlworld.com is your ISPs SMTP relay? If so, it seems that your
> ISP is the one marking this email as spam? I'm confused here because
> t
These companies need to get a Habeas mark.
Minimally, they should prescreen their formats through SA.
Any database created as suggested should include contact information that
could be used to provide those suggestions.
If/when such companies get whitelisted they should get a temporary reject
wit
Justin England wrote the original PHP-SA. In short, after working on some
patches and fixing some things ages ago, Justin wasn't interested in
continuing the work. I forked the code and added my initials.
I would suggest if you want to create another fork that you consider my
vanilla code. There
32 matches
Mail list logo
