Hi. I noticed on the website for SpamAssassin, which is a very nice
tool, that there is a mailing list for SPAM that was not caught to be
sent to for analysis.
What I am not sure of is how, exactly, I should be forwarding this mail.
Do I send it as an RFC 822 attachment or what?
Maybe improvin
On Mon, 28 Jan 2002, Sidney Markowitz wrote:
>> ''bounce'' or ''redistribute'' it, as forwards are very hard to
>> de-forward-ize -- the format is different for each MUA :(
>
> Wouldn't it be easy to set up something that would process mail that
> is forwarded as a MIME attachment? That preserves
On Tue, 29 Jan 2002, dman wrote:
> On Tue, Jan 29, 2002 at 02:58:56PM -0500, Mike Coughlan wrote:
>
>| > Has anybody created a rule for the MyParty virus? It is trapped by
>| > our virus scanner, but it would be nice to have a rule in SA to
>| > catch it.
>
>| Maybe this is an old philpsophical
On Sat, 2 Feb 2002, Andrew Kohlsmith wrote:
> The corpus we have now may be fine for techies, but it frankly needs
> work for us ISPs.
>
> The +1 scores for tests with a GA score above 20 and 30 is a good
> idea, but remember that both hotmail and msn have those goddamn "click
> here for MSN|Hotm
On Sun, 3 Feb 2002, Andrew Kohlsmith wrote:
>> I would be extremely happy to see SpamAssassin extended to recognize
>> the routine, vaguely irritating spam that is attached to "free" email
>> messages and the like.
>
> I think I will give my regexp skills a shot at this, as it is probably
> the b
Most messages that I get, these days, matches the "missing date" test,
and ends up with something like:
X-Mail-Format-Warning: Bad RFC822 header formatting in Date: Sun, 3 Feb 2002 14:31:08
+ (GMT)
Of course, that's /not/ an invalid RFC822 date, it's SpamAssassin[1]
deciding that it's not r
On 03 Feb 2002, Craig Hughes wrote:
> It is the right place to bring this up, and I think someone else
> mentioned something similar a while back. Don't remember what the
> resolution was.
IIRC, the conclusion was that SpamAssassin does not do correct RFC822
matching on the address part.
It nee
On 03 Feb 2002, Craig Hughes wrote:
> Yeah, I'd seen this claim of non-compliant headers in a few places
> that seemed OK to me too -- The regex it's checking is pretty nasty
> though. I'll see if I can figure out what jm was trying to do there
> and fix it.
Cool. Hrm...
...is there any easy way
On 03 Feb 2002, Craig Hughes wrote:
> No, not really any way to avoid this... it's a fairly important part
> of NoMailAudit.pm
So, using SpamAssassin means a risk of corrupted email. Hrm. Ah, well, I
guess you pay for what you get. :/
> I've looked again and again at the relevant lines and can't
On Mon, 4 Feb 2002, peter green wrote:
> * peter green <[EMAIL PROTECTED]> [020204 07:23]:
>> * Daniel Pittman <[EMAIL PROTECTED]> [020203 14:18]:
>> > X-Mail-Format-Warning: Bad RFC822 header formatting in Date: Sun, 3
>> > Feb 2002 14:31:08 + (GMT
On Mon, 4 Feb 2002, Jost Krieger wrote:
> On Sun, Feb 03, 2002 at 01:29:31PM -0800, Craig Hughes wrote:
>> Yeah, I'd seen this claim of non-compliant headers in a few places
>> that seemed OK to me too -- The regex it's checking is pretty nasty
>> though. I'll see if I can figure out what jm was t
On 04 Feb 2002, Craig Hughes wrote:
> On Mon, 2002-02-04 at 13:38, Daniel Pittman wrote:
[...]
> I'm still somewhat baffled about why things weren't working in the
> first place with that particular example though, but perhaps by
> tinkering with the regex we've
On 04 Feb 2002, Craig Hughes wrote:
> Oh, I assumed that Amavis was inserting that if it was unregistered or
> something. I just did a search on that "This safeguard blah blah blah"
> string, and it gets a bunch of hits from SPAM sent to mailing lists.
> Might be worth a rule for that I suppose.
I just got a message that hit this test:
X-Spam-Status: No, hits=1.9 required=5.0 tests=DATE_IN_FUTURE version=2.01
It had a date header that wasn't in the future, though. It was:
Date: Mon, 5 Mar 2001 22:12:20 +1100
That's a year in the past, not in the future, and it /shouldn't/ be
impossibl
On Tue, 5 Feb 2002, Daniel Rogers wrote:
> On Wed, Feb 06, 2002 at 09:00:23AM +1100, Daniel Pittman wrote:
>> I just got a message that hit this test:
>>
>> X-Spam-Status: No, hits=1.9 required=5.0 tests=DATE_IN_FUTURE
>> version=2.01
>>
>> It had a date h
On Wed, 6 Feb 2002, rODbegbie wrote:
> I'm receiving an increasing number of Spams for porn sites hosted by
> splitrock.net which are operating on port 81 (see URLs below).
>
> 1) Anyone else getting them?
Nope. Er, at least in my case. ;)
> 2) Is anyone adverse to adding a rule to catch http
On Wed, 06 Feb 2002, Craig Hughes wrote:
[...]
> Then all we need is a catchy nickname for my first release :)
SpamAssassin "Oh, my god!" 2.1
Especially after you find out whatever it was you managed to break in
it, which I always do on the first release of anything. Then I get
embarrassed. ;)
On Fri, 8 Feb 2002, Charlie Watts wrote:
> On Fri, 8 Feb 2002, Shane Williams wrote:
>
>> On Fri, 8 Feb 2002, dman wrote:
>>
>> > On Fri, Feb 08, 2002 at 12:13:29PM -0600, Donald Greer wrote:
>> > [...]
>> > | Basically, the first time email is recieved from somebody, they
>> > | are sent a mes
On Fri, 08 Feb 2002, Donald Greer wrote:
> One potential new check would be for "Received:" sequences.
Nope.
> E.G. that there's no message with a "Received: from XXX by YYY"
> followed by "Received: from WWW by ZZZ". If ZZZ received the message,
> then ZZZ should have sent it on the next hop (
On 09 Feb 2002, Craig Hughes wrote:
> Note that spamproxyd is not nearly as featureful as spamc/spamd -- in
> particular, it will process *all* messages, including very long ones,
> which can suck up a lot of CPU and open your mail server to denial of
> service attacks. If anyone has got a postfix
On Sun, 10 Feb 2002, Mark wrote:
> Dear people,
>
> Being rather interested in running the spamd daemon, I tried to run a
> test message in a small test Perl script, having the daemon running,
> of course, on my FreeBSD 4.1 server; it looks as follows:
>
> $result = int ((system ("/usr/bin/spamc
On Sun, 10 Feb 2002, Mark wrote:
> - Original Message -
> From: "Daniel Pittman" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, February 10, 2002 10:35 PM
> Subject: [SAtalk] Re: Exit code
>
>> On Sun, 10 Feb 2002, Mark wrot
On Tue, 12 Feb 2002, Michael Geier wrote:
> The attached email slipped under the threshold.
>
> However, something caught my eye. Generally, the from: domain and the
> reply-to: domain don't match on spam.
>
> Maybe we could compare against that?
For the love of god, NOO!
It's bad enough t
On Tue, 12 Feb 2002, Michael Geier wrote:
[... original message elided by poster ...]
> Maybe some people are taking my recommendation a little to strongly.
>
> In answer to your points:
> [1]If you belong to a list that does it, put them in your whitelist (in my
> opinion, any list you belong
On Wed, 13 Feb 2002, Duncan Findlay wrote:
> What's the status of the next release?
>
> I'd like to know, since I'm contemplating my options for Debian.
> Ideally, I'd wait package the next release, but I might release a
> Debian package with patches from the cvs or just fix Debian specific
> bu
On Thu, 14 Feb 2002, Duncan Findlay wrote:
> On Thu, Feb 14, 2002 at 03:43:18PM +1100, Daniel Pittman wrote:
>> On Wed, 13 Feb 2002, Duncan Findlay wrote:
>> > What's the status of the next release?
>> >
>> > I'd like to know, since I'm cont
On Thu, 14 Feb 2002, Andre Bonhote wrote:
> On Wed, Feb 13, 2002 at 11:09:00PM -0800, Craig Hughes wrote:
[...]
>> Actually, this raises an interesting issue with AWLs where it'll have
>> no way of knowing you're you and not someone else with whom you
>> regularly correspond, which is probably b
On 14 Feb 2002, Craig Hughes wrote:
> I'll investigate -- it's weird, because both GAs seem to assign low
> scores to "HUNZA_DIET_BREAD" even though it obviously only appears in
> the spam corpus, and not in non-spam.
Sure, but how much of the spam corpus do they show up in?
> In fact my GA whi
On Sun, 17 Feb 2002, Daniel Rogers wrote:
> It seems I've been getting a lot of spam lately that has a valid MX,
> but the MX is 127.0.0.1 (loopback). Any chance we could add a test for
> this?
That will break a large number of legitimate uses of email forwarding,
notably mine.[1]
I use the Unix
On 21 Feb 2002, Craig Hughes wrote:
> On Thu, 2002-02-21 at 10:22, Arpi wrote:
[...]
>> body FOR_INSTANT_ACCESS /\sINSTANT\s+ACCESS.{0,20}\s+/i
>>
>> correct me if i'm wrong, i'm still newbie in regexp world :)
>
> I think
> body FOR_INSTANT_ACCESS /INSTANT ACCESS/i
> is fine b
On 22 Feb 2002, Craig Hughes wrote:
> Nice feature! I'll add this to SA itself.
*grin* Please use something other than '*', though; it's a pain to
filter in a regular expression based system. ;)
Maybe one of [@#%&!] would be suitable.
Daniel
--
These eyes see only what they wanna se
On Sun, 24 Feb 2002, Marc G. Fournier wrote:
> anyone successfully using this?
Yes.
> if so, how do you have it setup?
I followed the instructions for the simple filtering, using a shell
script to pipe the messages through spamc and back into sendmail.
> I've tried smtpproxyd, but it doesn't
On Sun, 24 Feb 2002, Marc G. Fournier wrote:
> On Mon, 25 Feb 2002, Daniel Pittman wrote:
>> On Sun, 24 Feb 2002, Marc G. Fournier wrote:
[... spamassassin with postfix ...]
>> > if so, how do you have it setup?
>>
>> I followed the instructions for the simple filt
On Wed, 27 Feb 2002, Greg Ward wrote:
> On 27 February 2002, Craig R Hughes said:
>>181 98 83 RATWARE
>
> That's interesting. I wonder if the RATWARE regex is too broad --
> perhaps if it were toned down a bit, it would be better focussed on
> spam. This ought to be a
On Thu, 28 Feb 2002, Michael Moncur wrote:
>> To me, -ve scores on tests can also be used to "offset" spammy
>> messages in clean email. I have several of these of my own creation:
>
> Well, yes, that's true - SpamAssassin already includes a bunch of
> these, such as COPYRIGHT_CLAIMED and PHP_SIG
On Fri, 1 Mar 2002, William R. Ward wrote:
> Sidney Markowitz writes:
>>On Fri, 2002-03-01 at 16:37, William R Ward wrote:
[...]
>>> To the best of my knowledge, [EMAIL PROTECTED] does not send spam.
>>> It's mail for an affiliate program that I signed up for.
>>
>>In general it is a good idea t
On Sat, 02 Mar 2002, Rob McMillin wrote:
> Duncan Findlay wrote:
>>On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote:
>>
>>> I would like to suggest that the ROUND_THE_WORLD test, which seems
>>> to catch little real spam these days. (Maybe it's just me.) I would
>>> submit for the grou
On Sat, 02 Mar 2002, Rob McMillin wrote:
> Daniel Pittman wrote:
>>On Sat, 02 Mar 2002, Rob McMillin wrote:
>>>Duncan Findlay wrote:
>>>>On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote:
>>>>
>>>>>I would like to suggest that t
On Sun, 3 Mar 2002, Craig R. Hughes wrote:
[...]
> It's great to hear that SA is increasingly being viewed as the #1 anti
> spam product. In some part I think that's probably due to both its
> effectiveness, and its flexibility. The simple fact is that in the
> corpus, there are 687 pieces of sp
On Mon, 4 Mar 2002, dman wrote:
> On Mon, Mar 04, 2002 at 09:01:45PM -0500, Duncan Findlay wrote:
>| On Tue, Mar 05, 2002 at 08:49:10AM +0700, Olivier Nicole wrote:
>| > Me thinks it would even be a good thing is SA could verify the
>| > signature :)
[...]
> As I haven't figured out how to use g
On Mon, 4 Mar 2002, Greg Ward wrote:
> On 01 March 2002, Matthew Cline said:
>> Even if this is a good idea (is it?), I don't know how to go about
>> getting the user's email adress. If it's the user who's invoking SA,
>> there might be some way to get the info from the environment, but I
>> want
On Tue, 5 Mar 2002, dman wrote:
> On Tue, Mar 05, 2002 at 12:48:53PM -0800, Daniel Quinlan wrote:
[...]
>| Actually, iso-8859-1 is for English.
>
> It is for Western Europe. US-ASCII is a proper subset of all the ISO
> and UTF-8.
It's also worth noting that Microsoft products regularly announ
On Tue, 5 Mar 2002, Kerry Nice wrote:
> Is Front Page ever used in non-spam.
Yes. Sad as it is...
> Would a check for some of these things be useful?
...but it probably would. :)
[...]
> Just out of curiousity, I looked quickly though my mail. 2002FebSpam
> has about 1000 messages in it,
On Tue, 5 Mar 2002, Juan F. Codagnone wrote:
> I don't want spamassassin to modify (write any report) in the body of
> the mail (i want't only to add the headers). I searched for any option
> and i didn't find anything.
In your preferences, set:
report_header 1
use_terse_report 1
The use_terse
On Wed, 6 Mar 2002, Matt Sergeant wrote:
> On 5 Mar 2002, Craig Hughes wrote:
[...]
>> Matt, take a look at bugzilla #62 -- there is more discussion of
>> exactly this there. If you re-order the rules, then the only problem
>> with short-circuit scoring is razor submission. If "-L" is used
>> th
On Wed, 6 Mar 2002, Douglas J. Hunley wrote:
> As you can see from the email attached, this mail got flagged simply
> because of 'received via relay' and 'confirmed spam source' I received
> the mail from a mailing list. I do *not* want to add the mailing list
> address to my whitelist as this mai
On Wed, 6 Mar 2002, Matthew Cline wrote:
> On Wednesday 06 March 2002 05:01 pm, Daniel Pittman wrote:
>
>> Er, does anyone out there know that this is actually a usable source
>> of information? Can anyone say that it's a success story for them?
>
> 17 out of 87 spa
On Thu, 7 Mar 2002, Greg Ward wrote:
> I just got a spam with this "To" header:
>
> To:
>
> ...is that malformed?
Yes. It's obliged to quote the [ ;:] characters by that RFC.
> (No, I still haven't memorized RFC 2822, sorry.)
> The TO_MALFORMED test does *not* catch it.
It's technically m
On Thu, 7 Mar 2002, Scott Doty wrote:
> On Fri, Mar 01, 2002 at 09:50:03PM -0800, Rob McMillin wrote regarding
> the "FROM_SPAMLAND" test:
> ] http://www.geocrawler.com/lists/3/SourceForge/11679/350/7984404/
>
>> /\.(?:kr|cn|cl|ar|hk|il|th|tw|sg|za|tr|ma|ua|in|pe)(?:[\s\)\]]|$)/
>> Let the spear-
On Thu, 7 Mar 2002, Bobby Rose wrote:
> Does anyone have a script to sort files based on content?
I tend to write them on the fly.
> I've been dumping copies of the spam messages into a directory. What
> I'd like to try to do is figure out how many times a From recipient
> shows so that it can
On Fri, 8 Mar 2002, David G. Andersen wrote:
> Matthew Cline just mooed:
>> First a few rules to match non-spam:
[...]
>> While there would be no effort in faking this, it might take a while
>> for some of the spammers to catch on.
>>
>> uri HTTPS_URL /https:\/\//
>> descr
On Fri, 08 Mar 2002, Michael Shields wrote:
> In article <[EMAIL PROTECTED]>,
> Daniel Pittman <[EMAIL PROTECTED]> wrote:
>>> Low-hanging fruit, though it's out of date these days, catch
>>> the snowhite virus since it's there:
>>>
>>
On Fri, 08 Mar 2002, Rob McMillin wrote:
> Matt Sergeant wrote:
>
>>>If you use a secure mailer, than viruses are not a threat, nothing
>>>but more junk. I don't see any reason not to consider them spam.
>>
>>They are junk, but not UCE.
>>
>>How would you, for example, propose to catch a polymorp
On Fri, 8 Mar 2002, Kevin Hansard wrote:
> On my system Spamassassin treats DOS format files differently to UNIX
> format files.
On my machine also.
> For example I executed the following commands on a spam message:
[...]
> Does anyone else experience this, or is it a problem with my setup?
On Thu, 7 Mar 2002, Matthew Cline wrote:
> On Thursday 07 March 2002 02:53 am, Matt Sergeant wrote:
>> On Thu, 7 Mar 2002, Bart Schaefer wrote:
>> > On Thu, 7 Mar 2002, Matt Sergeant wrote:
>
>> > > Yep, I'm seeing this stuff too (though not in huge numbers yet).
>> > > I'm going to examine the
On Fri, 08 Mar 2002, Craig Hughes wrote:
> On 3/6/02 8:35 AM, "Geoff Gibbs" <[EMAIL PROTECTED]> wrote:
[...]
>> The whole line of yelling is in fact part of the body of the
>> base-64 encoding. It seems somewhat harsh to block a message
>> purely on the basis that it contains an attachment.
>
>
On Fri, 08 Mar 2002, Rob McMillin wrote:
> Justin Mason wrote:
>
>> Mind you, I don't think this is a good idea; it will make SA even
>> more westerner-oriented. :( Pretty much all the GA corpus is from
>> western
>>sources and in western charsets, so the GA will totally skew it.
>
> Further: the
On Sat, 9 Mar 2002, Matthew Cline wrote:
> Why is "(?:" used in the rules regexps instead of just "("?
Because a back-reference to that group is not needed.
> Does the engine that applies the rules put normal parens around the
> whole regexp, and we don't want to interfere with it generating $1
On Sat, 09 Mar 2002, Michael Shields wrote:
> In article <[EMAIL PROTECTED]>,
> Daniel Pittman <[EMAIL PROTECTED]> wrote:
>> MIMEdefang <http://www.roaringpenguin.com/mimedefang/> does exactly
>> what you want. It will strip away executable files and discard t
On 10 Mar 2002, Toni Willberg wrote:
[...]
> Attached spam is good example of spam I get which is scrored under 5.0
> by SpamAssassin. Spammer is trying to sell CD's of bulk email
> addresses to spammers. :)
[...]
> My suggestions follows, someone add good scores for them:
[...]
> Header con
On Mon, 11 Mar 2002, Michael Moncur wrote:
>> I just noticed that CommuniGate has its own test (COMMUNIGATE) but it
>> isn't listed in the RATWARE test. This is of interest because the
>> RATWARE test checks ALL headers, where COMMUNIGATE is a body test. It
>> should be listed in RATWARE.
>
> The
On Mon, 11 Mar 2002, Forrest Cahoon wrote:
> I just started using SpamAssassin, and it seems very effective.
>
> I have noticed that some of the rules which would logically seem to
> indicate that a message *is* spam have negative weightings, e.g.:
Others already explained that the GA develops t
On Mon, 11 Mar 2002, Matthew Cline wrote:
> On Monday 11 March 2002 06:46 pm, Charlie Watts wrote:
>
>> Did you play it? (or at least look at it more closely)
>
> Ah. It's file type *is* "MS-DOS executable (EXE), OS/2 or MS Windows",
> so I guess it's a virus. And the raw text of the message has
On Tue, 12 Mar 2002, Charlie Watts wrote:
> On Mon, 11 Mar 2002, Matthew Cline wrote:
>> On Monday 11 March 2002 08:24 pm, Michael Moncur wrote:
>>
>> > I think that would be a great addition to SA, although I see more
>> > virus emails formatted like that than actual spam. I'm trying the
>> > fol
On Tue, 12 Mar 2002, Charlie Watts wrote:
> In my spam collection, they're all already caught by the DNS
> blacklists - but some of y'all aren't using the blacklists.
>
> I'm seeing more and more of a strange phenomenon - spam with no body.
>
> Does anybody get legit mail with no body?
I get se
On Tue, 12 Mar 2002, Andrew Kohlsmith wrote:
> I've just seen in the last 12h a new virus coming through as a
> Microsoft security update.
It's a repeat of an older attempt to exploit the same imagined
trust-relationship between customers of Microsoft and the company.
> I've added a test like th
On Wed, 13 Mar 2002, Andrew Kohlsmith wrote:
>> > I've added a test like this to catch it;
>> You do realize that this is probably the *most* inefficient way,
>> short of hand sorting, that you have of blocking the message?
>
> In terms of efficiency it's not all that bad; I could use badmailfrom
On Wed, 13 Mar 2002, Michael Grau wrote:
[...]
> I don't see much point in tagging spam and then delivering
> it anyway. The spammers still got their message through.
> So what if it's in a special little folder all its own?
The problem with this approach is that SpamAssassin is a heuristic
sys
On Thu, 14 Mar 2002, Rob McMillin wrote:
> Is it too much to assume that eight-bit characters in the e-mail part
> of an address is a sign of junk? I get a lot of Asian spam in this
> form, but I understand Unicode domains are on their way, so it will
> now be possible for me to receive mail from
On Thu, 14 Mar 2002, Olivier Nicole wrote:
>> This isn't a legal DNS name, though. It would seem reasonable to
>> match it but, er, are you /really/ getting 8-bit characters in the
>> headers?
>
> Well there is the native language DNS project that has started to
> implement,
I imagine that the
On Tue, 19 Mar 2002, Matthew Cline wrote:
> On Tuesday 19 March 2002 03:02 pm, dman wrote:
>
>> On Tue, Mar 19, 2002 at 02:34:23PM -0800, Bart Schaefer wrote:
>
>> | On Tue, 19 Mar 2002, Daniel Rogers wrote:
>> | > I guess this would mean having to recurse through all the mime
>> | > parts?
>
>
On Wed, 20 Mar 2002, Greg Ward wrote:
> On 20 March 2002, Maurits Bloos said:
>> Has anyone 'hacked' spamproxyd to send *SPAM* to both the intended
>> recipient and to a 'spamtrap' mailbox ?
>
> Why bother? I thought the point of spamproxyd was to allow rejecting
> spam at SMTP-time.
Heck, no.
On Wed, 20 Mar 2002, Kerry Nice wrote:
> I did email Chris Prillo of Lockergnome and tried to enlighten him.
> His response basically was that he was mad that people were using
> something that they didn't know how to use and it was too powerful.
Hey, that's a reasonable objection. I would comp
On Mon, 25 Mar 2002, Craig R. Hughes wrote:
> Michael Moncur wrote:
[...]
>> I believe the issues with really short messages getting high scores
>> were fixed and the system should be worth *something* now...
>
> Yes -- it should work OK now. The reason I turned it off is probably
> because the
On Tue, 26 Mar 2002, Rick Smith wrote:
> How long do you think it will be until users of SA face the same
> consequences as the now infamous ORBZ case ?
>
> I'm sure that some lawyer out there could find a way to sue someone
> for running this package.
Absolutely. The American legal systems seem
On Wed, 27 Mar 2002, Olivier Nicole wrote:
>>unless all ISPs are "well-behaved" and block outbound
>>port 25 except to their own mail servers
>
> provided they have a decent architecture (that can handle the hundred
> thousand, or million email they send per day) they will end up with
> transpar
On Wed, 27 Mar 2002, Jason Haar wrote:
> On Wed, Mar 27, 2002 at 01:00:05PM +1100, Daniel Pittman wrote:
>> Right up to the point that someone institutes the architecture for
>> secure mail relay that the combination of TLS and certificate
>> verification provide -- /that/ c
On Wed, 27 Mar 2002, martin f. krafft wrote:
> [please keep cc'ing me on replies]
>
> also sprach Duncan Findlay <[EMAIL PROTECTED]> [2002.03.26.2358 +0100]:
>> Report a Debian bug or a bugzilla bug
>> (http://bugzilla.spamassassin.org), and I'll definitely look into it.
>> Please be sure to inc
On Wed, 27 Mar 2002, Matt Sergeant wrote:
> Michael Moncur wrote:
[...]
> Anything using src=cid: should be treated very suspiciously as a
> virus. That's what you've been sent (Either Klez or BadTrans - not
> sure without seeing the subject of the email).
src:cid is the standard way of referen
On Wed, 27 Mar 2002, Maurits Bloos wrote:
>> From: dman [mailto:[EMAIL PROTECTED]]
>> On Wed, Mar 27, 2002 at 01:58:45PM +0100, Maurits Bloos wrote:
>> |
>> | And how do I do that with postfix as the 'in-between-hop' to my
>> | (yuk) M$ Exchange Server (yuk). Most of the messages are a couple
>>
On Thu, 28 Mar 2002, Matt Sergeant wrote:
> Daniel Pittman wrote:
>> On Wed, 27 Mar 2002, Matt Sergeant wrote:
>>
>>>Michael Moncur wrote:
>> [...]
>>
>>>Anything using src=cid: should be treated very suspiciously as a
>>>virus. That's w
On 30 Mar 2002, Craig Hughes wrote:
> On Fri, 2002-03-29 at 22:29, Duncan Findlay wrote:
>> On Sat, Mar 30, 2002 at 01:38:24AM +0100, Tony L. Svanstrom wrote:
>> > On Fri, 29 Mar 2002 the voices made Rick Macdougall write:
>> > > From: "Craig Hughes" <[EMAIL PROTECTED]>
>> > > >
>> > > > Ok, any s
On Sun, 31 Mar 2002, Rich Duzenbury wrote:
> I don't believe I signed up for this. Seems that if there is a
> 'complain to' header, it is likely spam. What do you think?
Bad heuristic. Many ISP systems insert such a header into all messages
relayed through them to assist in tracing ill behavior
On Thu, 04 Apr 2002, Sean Rima wrote:
[... message rewritten to conform to RFC2822 quoting ...]
> On 03 Apr 2002, Craig Hughes uttered the following:
>> Tony, I've been holding off on DCC until I thought it was a robust
>> enough system to use. I'm still somewhat haunted by Razor's
>> hiccuppine
On Sat, 6 Apr 2002, Shane Williams wrote:
> I sent this to sightings as well, but thought it was interesting
> enough to pass along to the main list as well. Never mind that the
> guy who caught it was being a little paranoid, it's still an
> interesting look at what spammers are doing to avoid d
On Fri, 12 Apr 2002, Lars Hansson wrote:
> On Thu, 11 Apr 2002 15:43:36 -0400
> "Duncan Findlay" <[EMAIL PROTECTED]> wrote:
>> Simply put, it's not free software.
>
> Uh, says who?
Depends on the value of free. qmail doesn't meet the Debian Free
Software Guidelines, nor is it FSF "free".
> Let
On Thu, 11 Apr 2002, Rob McMillin wrote:
> Jay Jacobs wrote:
>
>>Every once in a while (I'd say maybe 2 or 3 times a week), I get a
>>header chopped in two, I assume on the Second From field. Sometimes
>>it's spam, sometimes not. I just pipe the email through SA, with the
>>-P and -F0, without th
On Tue, 16 Apr 2002, Ward Vandewege wrote:
> I'm looking at implementing SA.
Y'all are looking to do it in the wrong place, I think.
> One feature that would be essential is an automatic 'reply with
> password' to messages that are tagged as Spam.
This feature is available through other packa
On Thu, 18 Apr 2002, Mark Derricutt wrote:
> Hi, I'm seeing ALOT of these pure high ascii spams coming through
> lately, and now that I've installed Spam Assassin I'd love to see
> these trapped.
Are you running the Debian version of SpamAssassin? The Debian package
correctly disables the tests
On Mon, 22 Apr 2002, Onie Camara wrote:
> I heard lot of good things about spam assassin. My postfix is
> configured as a relay server. Can I use spamassasin for the checking
> of incoming mail before it's relayed?
Yes, and it works very well.
If you read the filtering document that came with Po
On Mon, 22 Apr 2002, Mark Lucas wrote:
[...rewritten to conform to RFC822...]
> "Daniel Pittman" <[EMAIL PROTECTED]> wrote:
>
>> On Mon, 22 Apr 2002, Onie Camara wrote:
>> > I heard lot of good things about spam assassin. My postfix is
>> > confi
On Mon, 22 Apr 2002, Onie Camara wrote:
> I've got a different setup without any users on my postfix. It's a
> relay server. So no local delivery. I hope it's still possible.
If you read the FILTER_README that came with Postfix then it will
rapidly become clear to you that this, in fact, is compl
I just got a spam message which was non-English. It got the following
hits:
hits=4.4 required=5.0 tests=INVALID_MSGID,MSG_ID_ADDED_BY_MTA,SUBJ_ALL_CAPS
version=2.20
The big think that I noted on inspection was that this line *didn't* hit
"line of yelling" or any of the multiple ! character test
On Wed, 1 May 2002, Craig R. Hughes wrote:
> Michael C. Berch wrote:
>
> MCB> I see from the list archives that there have been some
> MCB> differences of opinion about RATWARE but it looks like a good
> MCB> rule to me, if only the patterns were tighter and the score
> MCB> rational.
>
> I thin
On Wed, 1 May 2002, Craig R. Hughes wrote:
> Daniel Pittman wrote:
>
> DP> Break the rule up into individual tests for the different email
> DP> packages and let it run. Aside from the better scoring for what is
> DP> and isn't a real mail package, this will prob
On Wed, 1 May 2002, Craig R. Hughes wrote:
> Excellent, I'll slap this in as an eval replacement for PORN_3 right
> now.
*grin* I should point out that I didn't test that, just verified that
it was correct. So, check it before release day. ;)
> I knew there was a reason I put up with this pain
On Thu, 02 May 2002, Matt Sergeant wrote:
> Craig R Hughes wrote:
>> Yes, see bugzilla #18 which I merged into #130. This is the major
>> piece of stuff I'd like to get done for 2.30 -- and I'm actually
>> quite motivated to do the coding myself; I have a couple of other
>> things I'm probably goi
On Thu, 2 May 2002, Duncan Findlay wrote:
> On Thu, May 02, 2002 at 09:35:58PM -0400, Theo Van Dinter wrote:
>
> I wonder if this particular spammer has ways around this...
Duh. :)
Seriously, for a long time now I have been rather irritated at all the
people who mangle their email address when
On 03 May 2002, Matt Sergeant wrote:
> On Fri, 2002-05-03 at 00:35, Daniel Pittman wrote:
>> On Thu, 02 May 2002, Matt Sergeant wrote:
>> > Craig R Hughes wrote:
>> >> Yes, see bugzilla #18 which I merged into #130. This is the major
>> >> piece of stuf
On 03 May 2002, Matt Sergeant wrote:
> On Fri, 2002-05-03 at 12:31, Daniel Pittman wrote:
>> >> Cool. Does it correctly handle cases such as MIME digest messages
>> >> containing nested multipart/related and multipart/alternative
>> >> content?
>> &
1 - 100 of 123 matches
Mail list logo
