I have some questions about defining my own rules. I'm creating rules for
DNSBLs that aren't listed in 20_dnsbl_tests.cf. For the record I'm
compiling and installing 2.60 from CVS nightly and I'm calling SA from
MIMEDefang.
First off, can someone give me a quick explanation of the various rbleva
On Tue, 27 May 2003, Mike Anderson wrote:
> Because of you I am changing ISP's. There is no such thing as a
> whitelist that works. Even if I receive valid mail and you have
> targeted it as spam I cannot read it because you control freaks have
> altered the e-mail. Anyone else having similar p
On Tue, 27 May 2003, Cassandra Lynette Brockett wrote:
> I just checked a spam message from 2.55 and this is what it says inside :-
> See http://spamassassin.org/tag/ for more details.
> And that connects me to the Spamassassin Information for End-Users page
Well... I just had this idea. Wh
On Tue, 27 May 2003, Christopher M. Iarocci wrote:
>
>
>
> > On Tue, May 27, 2003 at 04:49:55PM -0500, Ben M. VanWagner wrote:
> > > What amazes me is that everytime some idiot does this.. everyone agrees
> > > that the information in the email needs to be changed and then it never
> is.
> >
>
Howdy, Michael. Thanks for the reply.
On Tue, 27 May 2003, Michael Sims wrote:
> Quoting [EMAIL PROTECTED]:
> > Do the dialup checks only check the most recent Received line? It makes
> > since but I can't find any place that specifically states that or a config
> > option that implies that. Y
On Wed, 28 May 2003, Matt Kettler wrote:
> 3) dialup RBLs should skip the oldest one or two, but I think it already
> does this part just fine.
Actually we were just talking about this tonight in another thread,
"Defining my own rules." It's never really be said for sure but we're
under the i
On Wed, 28 May 2003, wilma wrote:
> Hi,
> I have successfully installed spamass-milter together with SA and sendmail on RH8.
> On the mailserver there are no local accounts and all mails are routed to our
> internal mailserver via the /etc/aliases file.
>
> The mails which are going via aliases
On Wed, 28 May 2003, Tom Meunier wrote:
> I think I know what he means, because I've considered the same thing
> myself, for a moment or two.
>
> He wants to parse his maillog file to throw away everything but the
> "processing message and the "identified spam" lines. Then
> he can go back and
On Wed, 28 May 2003, Jim Ford wrote:
> Hi,
>
> I'm getting multiple postings on this list - some of them as much as 13
> duplicates!
Check the headers. Where are the dupes coming from? SF?
> P.S. Is thsi sort of thing regarded as 'spam'?
I generally call it anoying. :)
Justin
--
Here's a new spammer disclaimer that needs a new home.
Justin
This e-mail message is considered to be fully legal.
The IMRO (International Messaging Regulation Organization) latest
regulation says that it is legal to send mass messages one time for
month. E-mail [EMAIL PROTECTED] for total remo
On Wed, 28 May 2003, Derek C. wrote:
> *Ahem* As acting president of the "IMRO" (actually means the International
> Mentally Retarded Organization)
I bet your organization has a lot of members from the great US state of
Florida... :)
Justin
--
I saw it in a NANAE post earlier today: "Latest in spam disclaimers"
http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=vd9ofpqmhjtc72%40corp.supernews.com&prev=/groups%3Fdq%3D%26num%3D25%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26group%3Dnews.admin.net-abuse.email%26start
On Wed, 28 May 2003, Michael J. Kidd wrote:
> Hi all,
> I run a server which hosts several sites. I've been using
> Spamassassin for a while now, and absolutely love it. I know this may
> be slightly off topic, but I figured I'd start here.
>
> I've recently noticed a barrage of 'Mailer-dae
On Thu, 29 May 2003, Bob Apthorpe wrote:
> HI,
>
> On Wed, 28 May 2003 22:52:32 -0500 (CDT)
> [EMAIL PROTECTED] wrote:
>
> > In short, yes there are a lot of ignorant people that look no farther than
> > the From: line. Fortunately DNSBL maintainers are stupid enough to let a
> > single (l)us
On Thu, 29 May 2003, Andy Reinhardt wrote:
> Greetings!
Howdy.
You'd be better off asking in a more general discussion forum like the
new.admin.net-abuse.email newsgroup. You could even ask the spam-l
mailing list for specifics about the spam side of things. Asking the
mailing list of a a
On Fri, 30 May 2003, Mark wrote:
> MIMEDefang would, indeed, be an excellent place to implement this, as, on
> top of spamd, it gives you a bit of extra info on the SMTP session. :)
>
> Come to think of it, your implementation of this idea is actually a LOT
> better than my running a 'sec' post-p
On Fri, 30 May 2003, Gary Funck wrote:
> Matt/Tony, thanks for the info. and the nudge in the direction of the
> documentation. I tried out the CVS copy mainly out of curiosity. Based
> upon subsequent discussions, it looks like if I'm not in the development
> loop, then I may as well stay away. N
On Fri, 30 May 2003, Keoki Kalune wrote:
> TAKE ME OFF THIS SITE, KNOW ONE KNOW WHO OR HOW I GOT THIS BUT IT IS
> DISRUPTING BY BUSINESS. I WANT SOME ONE TO CONTACT ME ASAP
*sigh*
> Executive Vice President
Typical management. The tie is just a little too tight.
J
On Fri, 30 May 2003, Chris Santerre wrote:
> Has anyone gotten a reply from these kinds of posts after you answer them. I
> think the score is like 1-6. 1 reply after we all answered, and we've had
> about 6 of these kinds of posts.
>
> Didn't anyone call the person? I am s tempted :)
Make
On Fri, 30 May 2003, Vivek Khera wrote:
> > "L" == Larry <[EMAIL PROTECTED]> writes:
>
> L> The default formatting for Lotus iNotes messages is RichText (base64
> L> encoding).
> >> How does rich text imply base64 encoding? Apple Mail can do rich
> >> text, but it is sent clear.
>
> L> You
I'm preparing to roll out SA on another test box in preparation for a
production installation soon. I'm testing it on another box because my
first test box is testing way to many different (but related things right
now). My current test install is
Sendmail 8.12.6
Procmail 3.22
SpamAssassin 2.4
One of the many reasons I never put an A record on a domain name. I had a
hell of a conversion at an ISP I consult with when they moved from a one
server to many server setup. Previously they'd advertised domain.tld for
*everything*; MX, www, POP, SMTP, you name it. Everything was domain.tld.
T
Rich,
I have a suggestion for your scripts that would make the grepping far less
CPU intensive in my experience. With your current setup your grepping the
entire file at each running. I use the logtail part of the logcheck
package to keep tabs on appenging log files. logtail records an offset
I haven't found it yet. I'm pretty sure the discussion against it was in
O'Reilly's "TCP/IP Network Administration". I've browsed through it in my
spare time and didn't find it. The worst problem with this is when users
don't know you, say FTP server's address and give domain.tld a whirl. It
m
I'm not the Justin you're trying to talk to but I have an opinion on this
anyhow. :) I'mm strongly against giving a postive score to ANY mail
client. I'm against positive scores in general really. They just open
more doors for spammers to abuse. Everytime one of them finds a new
little trick l
On Thu, 10 Oct 2002, Theo Van Dinter wrote:
> On Thu, Oct 10, 2002 at 08:53:15AM -0500, [EMAIL PROTECTED] wrote:
> > increase in spam. Positive scores are flawed IMHO.
>
> I'm going to stay out of the discussion (for now at least), but I just
> want to inform people that they're using incorrect
Can anyone give me any ideas why SA is so inconsistent between different
releases? For example I picked a spam to test a new installation of SA
with. It had scored over 10 on a previous install. When the message
arrived on my new box, it was scored at only 8.4. I downgraded to 2.40
and tried i
On 13 Oct 2002, Daniel Quinlan wrote:
> [EMAIL PROTECTED] writes:
>
> > Can anyone give me any ideas why SA is so inconsistent between different
> > releases? For example I picked a spam to test a new installation of SA
> > with. It had scored over 10 on a previous install. When the message
>
On Mon, 14 Oct 2002, Mike Schrauder wrote:
> If I wanted to change the subject of spam to say *SPAM=14.3* instead of
> *SPAM* site wide, is that possible? Is there a way to use the score as a
>variable in a config file?
> Where would I set up the way the subject gets altered by
I heard of a similar idea a while back. The nice thing about it is that
it avoided all possible legal problems. It also consumed some resources
on your MTA but it is surely doable. The trick was that as soon as you've
identified that the message is spam during you MTA's conversation, slow
the c
One thing I always do on my MTAs that use DNSBls is only use zone
transfers of blacklists on my DNS server. I currently use 7 DNSBls from
Sendmail, only 2 commercial lists. That brings the total DNS queries for
each message to around 10. Now I don't deal with tons of mail per day,
compared to s
On Wed, 16 Oct 2002, Theo Van Dinter wrote:
> On Wed, Oct 16, 2002 at 09:47:52AM -0500, [EMAIL PROTECTED] wrote:
> > So, why did I get SpamAssassin headers when I didn't have spamd running?
>
> The answer is that it's being scanned elsewhere. For instance, I
> receive mails (currently ~4% of my
On Wed, 16 Oct 2002, Tim Provencio wrote:
> Is there a way to add the scores to the tests that were done? For example,
> in the following it does report the number of hits the required and the test
> but is it possible to display the score of each test similar to as it does
> in the case of Spam
On Sat, 12 Oct 2002, Jonathan Nichols wrote:
> > >
> > > Rich's idea is pretty cool, and I have it running
> > > here: http://dumpster.pbp.net/~mrtg/spam/
> > >
> > > However, the count just keeps growing.. I'm not quite sure what to make of
> > > the graphs. :-)
> >
> > Remove 'gauge' from the o
Or a spammers adds a Received line that makes it appears as if the message
was relayed through bondedsender.com. Easily done. To the best of my
knowledge, I think DNSBl lookups are only done on the IP communicating
with your MTA. That's what I've always experienced with the DNSBls I use
from Sen
Interesting. I wouldn't have expected SA to do that. It makes me wonder
if that's really a good thing. The last (most recent) Received line is
usually the only one you can trust (unless you have a anti-virus or pure
email gateway ahead of your primary MTA). Beyond that they are to be
taken with
I'm using this on a test box at the moment.
SPAM_DIR=/var/mail/spool/quarantine/spam
LOGFILE=/tmp/spam.log
:0c
{
:0:
* ^X-Spam-Score: \*\*\*\*\*.*
$SPAM_DIR
}
The checks a copy of each message and dumps it into $SPAM_DIR if it
matches >= 5. In the end I'll make this >= 10
On Thu, 17 Oct 2002, Kenneth Chen wrote:
> Hey Justin:
>
> Thanks for your answer! I'm curious about something else, though: does
> your procmail recipe say (in words) "Take whatever has 5 stars OR more and
> pipe it to /dev/null?" I'm wondering about that last part with the *.*.
That's what t
On Fri, 18 Oct 2002, Theo Van Dinter wrote:
> On Fri, Oct 18, 2002 at 01:52:31PM -0400, Matt Kettler wrote:
> > The Nigerian scam rules need a serious revisiting. These spams are mutating
> > to avoid the high-scoring rules, and the "general" rules like
> > NIGERIAN_TRANSACTION1 hit a modest amo
On Sat, 19 Oct 2002, Jeremy Kister wrote:
> > Just autowhitelist the guy. In your ~/.spamassassin/user_prefs (or
> > wherever your user_prefs file is located), add this line:
>
> I run SpamAssassin over vpopmail on qmail1.03.. Not only do white lists not
> work on an individual popbox, but i wou
On Sat, 19 Oct 2002, Mike Burger wrote:
> Well, since most people I know aren't stupid enough to type their email in
> all caps, I don't have to worry about those getting flagged as spam.
>
> If you've got people who email you in that manner, you might want to
> remind them that doing so is aki
On Thu, 24 Oct 2002, Matthew Cline wrote:
> On Wednesday 23 October 2002 11:56 pm, Tony Johansson wrote:
> > Hello,
> >
> > Does spamassassin protect against hoaxes?
>
> It has some rules to detect Nigerian type scams, though it's been less
> effective at that recently since they've been mutatin
On Thu, 24 Oct 2002 [EMAIL PROTECTED] wrote:
> Hello all,
>
> My goal today is to get this filtering working on my 4 mail servers.
> Just a summary of my situation. I dont know if anyone is using this is a heavy
> production environment ( I assume so ) but I am running 4 Quad Xeon servers (1
> G
*plonk*
Can you say glutens for punishment?
---
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sun
Would it be worthwhile to write a rule to catch messages that contain mail
with the common "go to this server to be removed" domains like these?
businessinfo-center.com
technostor.com
81832.com
autoemailremoval.com
removeyou.com
worldremove.com
removeregister.com
listwasher.org
theremovelist.org
v
This is a bad choice for a port IMHO. Frankly every firewall I set up
(and have seen up close) blocks tcp/udp 1-19. Those services have no
purpose on the Internet at large IMHO. They are plagued with security
issues and under-maintained source projects.
I wonder if Razor will fail if tcp/7 is b
On Mon, 21 Oct 2002, William H. Haller wrote:
> Could PORN_WORDS be pulled out of the main distribution to a separate
> file that could be checked for on upgrade and not written over?
I don't imagine that would be a possibility but I really can't that with
any certainty. However I wonder if it w
Could someone remind me where I can report FPs to? These would be
messages scored over 5 that aren't spam. I had an interesting one last
night. :)
Justin
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgee
I need to remove a sentence from the report SA generates. Specifically
the part about "This mail is probably spam.". Apparently it's confusing
some of my users. I'm using MIMEDefang as the milter glue but
unfortunately can't find a way to remove that line there. Is there any
way to do this from
On Sat, 7 Dec 2002 [EMAIL PROTECTED] wrote:
> If you are running version 2.31 (under linux), the change you need to make
> is in the following file:
>
> /usr/share/spamassassin/10_misc.cf
>
> on line 12 it states:
>
> report This mail is probably spam. The original message has been altered
>
On Sun, 8 Dec 2002, Mike Leone wrote:
> [EMAIL PROTECTED] ([EMAIL PROTECTED]) had this to say on 12/07/02
>at 20:06:
> > I need to remove a sentence from the report SA generates. Specifically
> > the part about "This mail is probably spam.". Apparently it's confusing
> > some of my users. I'm
On Sun, 8 Dec 2002, Justin Mason wrote:
>
> Patrick Bores said:
>
> > I have noticed that most of the NS records for these spammers are the
> > same or similar. Would it be too expensive to do a quick lookup of NS
> > records to block these guys?
>
> no, I don't think so -- it sounds like a v
On Sun, 8 Dec 2002, Mike Burger wrote:
> If we're looking at methods to deal with HSM and its ilk, AdPro should
> also be added to the list, if it's not, already. Seems that they're using
> the same tactics as HSM, containing their spam in an image file rather
> than in text.
For what it's wo
On Sun, 8 Dec 2002, Mike Burger wrote:
> I'm already doing that, myself. But they register so many domains
> that it's sometimes hard to keep up with the list.
>
> Out of curiosity..I've been rejecting with a code of 550...what's the
> difference between 550 and 553?
They both have specific
On Sun, 8 Dec 2002, Harold Hallikainen wrote:
> With regard to section B, above, is there currently a recognized automatic
> notification by sendmail or other MTAs that spam is not accepted?
I make it clear in my HELO string that UCE isn't welcome on my servers.
Spammers don't read bounces or
It's a basic banner. There's no other place to stick it. Perhaps a
generic telnet banner would also suffice (which is highly recommended by
just about every security book/whitepaper out there. By putting it in the
HELO string and saying about "by continuing the connection you signify
consent" I
Howdy all. Could someone give me some insight on how to add additional
DNSBLs? I see the DNSBL lines in 20_head_tests.cf and would like to add
to that but I don't want my changes to be overwritten upon upgrade. IIRC
this is where /etc/mail/spamassassin/local.cf comes in. However let me
through
On Tue, 7 Jan 2003, Barry Jaspan wrote:
> Everyone, please calm down!
>
> The amount of confusion on this list is staggering. One very important
> point that many people seem to be missing:
>
> Network Associates did *not* buy SpamAssassin!
>
> NAI bought Deersoft, Inc. Deersoft develops and
I have a very large list of spammers' domains and netblocks as well as
pro-spam ISPs (like Broadwing). Just yesterday I was working on a script
to recombine multiple files into a full access list so I could move the
RELAY, OK, SPAMFRIEND, and my 553 Spammer's stick it lines into seperate
files. T
59 matches
Mail list logo
