Fascinating - this one sorted into the wrong mail folder or I'd have
replied differently.
{^_^}
- Original Message -
From: "Loren Wilton" <[EMAIL PROTECTED]>
To:
Sent: 2005 August, 11, Thursday 23:35
Subject: Re: How to get rid of these messages ?
#--
#---
# 08/10/05
rawbody LW_GEOCITIES_UK m'http://uk\.geocities\.com/'i
score LW_GEOCITIES_UK 5
describe LW_GEOCITIES_UK Geocities.uk spam crap
- Original Message -
From: "jdow" <[EMAIL PROTECTED]>
To:
Sen
Ah shirt - geocities spam here, too.
{+_+}
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: 2005 August, 11, Thursday 23:09
Subject: How to get rid of these messages ?
who can help plesae ?
Thanks
Wolfgang
- Weitergeleitet von Wolfgang Fuertbauer/EBEWE/AT am 12.08.2005 08:
who can help plesae ?
Thanks
Wolfgang
- Weitergeleitet von
Wolfgang Fuertbauer/EBEWE/AT am 12.08.2005 08:08 -
"jim altamirano"
<[EMAIL PROTECTED]>
11.08.2005 08:05
Bitte antworten an
"jim altamirano" <[EMAIL PROTECTED]>
An
"Patricia Neel"
<[EMAIL PROTECTED]>
Kopie
<[EMAIL PRO
> Damn shame that's not a cooking blog. Turkey with bacon, damn good
> eats.
Get the new, nutritious and very satiating SOYLENT GREEN! Better tasting
than SOYLENT BLUE and better looking than SOYLENT RED!
;)
(Anyone seen any soylent spam yet?)
Regs,
Sven
Steven Dickenson wrote:
On Aug 10, 2005, at 1:21 PM, Matt Kettler wrote:
For example, try doing "turkeybacon" as a destination. Firefox will
fail the
lookup, do a web search (using google or whatever your default search
engine is)
and jump to the first hit:
http://www.livejournal.com/user
On Aug 10, 2005, at 1:21 PM, Matt Kettler wrote:
For example, try doing "turkeybacon" as a destination. Firefox will
fail the
lookup, do a web search (using google or whatever your default
search engine is)
and jump to the first hit:
http://www.livejournal.com/userinfo.bml?user=turkeybacon
In an older episode (Friday, 12. August 2005 01:46), Dallas L. Engelken wrote:
> > -Original Message-
> > From: wolfgang [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, August 11, 2005 6:36 PM
> > To: users@spamassassin.apache.org
> > Subject: Re: Phishing IP listed in URIBL and SURBL, but n
> >
> > Is other software (besides the surbl cgi :) using them?
> >
>
> Surbl.org lists several tools on their main page that use SURBL data,
> some which do not rely on spamassassin uri parser. I know uricat
> (http://ry.ca/geturi/) gets it right, as does SA 3.1.x of
> which has been
> getting
> -Original Message-
> From: wolfgang [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 11, 2005 6:36 PM
> To: users@spamassassin.apache.org
> Subject: Re: Phishing IP listed in URIBL and SURBL, but not
> triggering URI rules
>
> In an older episode (Friday, 12. August 2005 01:18), Dall
Sure there is.. Perhaps you forgot about the month of May.
*smacks forehead like the moron he is*
D'oh!
If you aren't running 2.43 or older, perhaps you should find out why you have
rules from 2.43 in your config.
I'm running 3.x - I've just been dragging around the same local.cf since
In an older episode (Friday, 12. August 2005 01:18), Dallas L. Engelken wrote:
> Looks like we agree with surbl..
>
> # host -tTXT 158.194.144.219.multi.uribl.com
> 158.194.144.219.multi.uribl.com descriptive text "Listed on [black] -
> See http://lookup.uribl.com/?domain=158.194.144.219";
Yes,
I'm on a Redhat ES 4 (x86) with
postfix-2.1.5-4.2.RHEL4
spamassassin-3.0.4-1.el4
spamd is launch with this command (according to ps -edf | grep spamd)
root 27429 1 0 21:51 ?00:00:00
/usr/bin/spamd -d -c -m5 -H
When i send a mail it goes through spamd and then i get this error
> -Original Message-
> From: Dirk Bonengel [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 11, 2005 5:01 PM
> To: Dallas L. Engelken
> Cc: users@spamassassin.apache.org
> Subject: Re: Phishing IP listed in URIBL and SURBL, but not
> triggering URI rules
>
> Dallas (and all the rest),
Dallas (and all the rest),
what you're saying is:
- We're talking of forward lookups, not of reverse lookup.
What I'm seeing, however, is that the zone files contain IPs in reverse
notation.So SA does a forward lookup on a reversed IP.
I think that's about it. Wolfgang complained about not bein
Greg Allen wrote:
This is a very, very dangerous road to go down. You would see a lot of
collateral damage by doing a URIBL by IP. A lot of domain hosts these days
use shared IPs. I could host any number of legit websites on one virtual
IP…and I do. I share IPs with any number of other websites a
Greg,
given you speak of name-based virtual hosts, your concerns do not apply.
You'd not be affected if the IP of one of your web servers would be
listed in an URIB list..The plugin does not resolve the IP of an URL.
The only thing that matters is the actual domain. The case in question
here is
Chris,
>
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
>
> Negative ghostrider!
>
> We aren't getting the ip. We are taking the ip directly from
> the URL, not doing a reverse lookup. I haven't seen a legit
> email use an IP in a URL in ages. And even if it was legit,
> it would have to b
Nee,
but the subrl/uribl backoffice does, and, yes, thinking of it they're
overdoing it:
The phish IP you mentioned was 219.144.194.158
In the zone files it's in reverse notation
extract of multi.surbl.org.rbldnsd (Zonefile for the rbldnsd I host:)
158.194.144.219 :127.0.0.12:Blocked, 158.194.
Juan Machado wrote:
> I got an error after I added the headers thing...
>
> spamassassin -D --lint
>
config: SpamAssassin failed to parse line, skipping: _
>
>
> lint: 1 issues detected. please rerun with debug enabled for more
> information.
Fix the line-wraps.
It looks like somewhere alon
In an older episode (Thursday, 11. August 2005 22:58), Greg Allen wrote:
> This is a very, very dangerous road to go down. You would see a lot of
> collateral damage by doing a URIBL by IP. A lot of domain hosts these days
> use shared IPs. I could host any number of legit websites on one virtual
>
Negative ghostrider!
We aren't getting the ip. We are taking the ip directly from the URL, not
doing a reverse lookup. I haven't seen a legit email use an IP in a URL in
ages. And even if it was legit, it would have to be listed in URIBL.
Again, no reverse lookups being done. Just using what is
In an older episode (Thursday, 11. August 2005 22:46), Dirk Bonengel wrote:
> Well, the IP is listed OK, but one needs to do reverse queries:
>
> dig 158.194.144.219.multi.surbl.org
> gives
> 158.194.144.219.multi.surbl.org. 1850 IN A 127.0.0.12
> which sounds good to me.
But the uribl plugi
This is a very, very dangerous road to go down. You would see a lot of
collateral damage by doing a URIBL by IP. A lot of domain hosts these days
use shared IPs. I could host any number of legit websites on one virtual
IP
and I do. I share IPs with any number of other websites at the web
hosting co
Well, the IP is listed OK, but one needs to do reverse queries:
dig 158.194.144.219.multi.surbl.org
gives
158.194.144.219.multi.surbl.org. 1850 IN A 127.0.0.12
which sounds good to me.
Dirk
Chris Santerre schrieb:
-Original Message-
From: wolfgang [mailto:[EMAIL PROTECTED]
Sent:
Hi,
I'm on a Redhat ES 4 (x86) with
postfix-2.1.5-4.2.RHEL4
spamassassin-3.0.4-1.el4
spamd is launch with this command (according to ps -edf | grep spamd)
root 27429 1 0 21:51 ?00:00:00 /usr/bin/spamd -d -c -m5 -H
When i send a mail it goes through spamd and then i get this erro
I got an error after I added the headers thing...
spamassassin -D --lint
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa4a7abc)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug
> -Original Message-
> From: wolfgang [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 11, 2005 2:56 PM
> To: users@spamassassin.apache.org
> Subject: Re: Phishing IP listed in URIBL and SURBL, but not triggering
> URI rules
>
>
> In an older episode (Thursday, 11. August 2005 12:31),
In an older episode (Thursday, 11. August 2005 12:31), Jeff Chan wrote:
> On Tuesday, August 9, 2005, 11:52:47 PM, wolfgang wolfgang wrote:
> > the IP
> > 219 dot 144 dot 194 dot 158
> > is shown as listed by http://www.rulesemporium.com/cgi-bin/uribl.cgi - a
> > phishing mail with
> >
http://219
Kelson wrote:
>
>
> The ones I hate are the viruses that forge addresses like
> [EMAIL PROTECTED], then try to send to [EMAIL PROTECTED] We reject
> incoming mail claiming to be from [EMAIL PROTECTED] and similar
> addresses with a "Forgery detected!" error, since we know we'll only
> ever send
Hi all,
Yesterday I updated SpamAssassin with perl and CPAN, and today I asked
it to update bayes with ~400 stored spam messages.
The results:
$ sa-learn --mbox --spam /var/mail/spamhole
configuration file "/usr/local/share/spamassassin/20_body_tests.cf"
requires version 3.04 of SpamAssassin,
Matt Kettler wrote:
Steve Martin wrote:
Some trojan/whetever sent an email to a nonexistent address
([EMAIL PROTECTED])
The return address was spoofed as one of my addresses ([EMAIL PROTECTED])
Their brain-dead mailer daemon then sent the failure back to me.
That's not really all that brain-
From: Steven J. Sobol [mailto:[EMAIL PROTECTED]
>
> On Tue, 9 Aug 2005, Bowie Bailey wrote:
>
> > Personally, I have a very simple definition of spam:
> >
> > If I didn't ask for it and it comes from someone I don't
> > know, it's spam.
>
> That's not a workable definition. If someone I don't
On Tue, 9 Aug 2005, Mike Wiebeld wrote:
> I don't think you understand the situation. How is the recipient
> supposed to know whether it is actually a hand crafted email sent just
> to him or a spam run of 10,000?
There are tools like Razor and DCC that help determine that.
--
Steve Sobol, Prof
On Tue, 9 Aug 2005, Bowie Bailey wrote:
> Personally, I have a very simple definition of spam:
>
> If I didn't ask for it and it comes from someone I don't know, it's spam.
That's not a workable definition. If someone I don't know checks out my
website and emails me asking me to do some work f
Sounds like a good plan, although I doubt I'll remember to stop
blocking it after 24 hours ;-)
On Aug 11, 2005, at 12:01 PM, Matt Kettler wrote:
Tell postfix to refuse mail from 83.102.221.67?
That's generally what I do with joe-job bounces. I block the
affected server for
24 hours with a
On Tue, 9 Aug 2005, E. Falk wrote:
> Rob McEwen wrote:
> > Does anyone else consider SpamHaus's definition as too weak and believe
> > that
> > ANY unsolicited e-mail is spam, even if a personally hand-typed note?
> >
>
> I'm really curious as to how we would defined "solicited" e-mail.
solici
Steve Martin wrote:
> I'm trying to figure out the route this took to get to me
>
> My guess is...
>
> Some trojan/whetever sent an email to a nonexistent address
> ([EMAIL PROTECTED])
> The return address was spoofed as one of my addresses ([EMAIL PROTECTED])
> Their brain-dead mailer daemo
I'm trying to figure out the route this took to get to me
My guess is...
Some trojan/whetever sent an email to a nonexistent address
([EMAIL PROTECTED])
The return address was spoofed as one of my addresses ([EMAIL PROTECTED])
Their brain-dead mailer daemon then sent the failure back to m
On Thu, Aug 11, 2005 at 03:31:57AM -0700, Jeff Chan wrote:
> > the IP
> > 219 dot 144 dot 194 dot 158
> > is shown as listed by http://www.rulesemporium.com/cgi-bin/uribl.cgi - a
> > phishing mail with
> > http://219dot144dot194dot158:8081/secure.dresdner-privat.de/fb/privat/login/login.htm
> > in
Jonathan Nichols wrote:
> Huh? Subject didn't have month in it at all.. :(
>
>
> Subject: We may be able to help you eradicate your student loans.
Sure there is.. Perhaps you forgot about the month of May.
That said, the SUBJECT_MONTH rule hasn't existed since SpamAssassin 2.44.
Versions prio
> Subject: We may be able to help you eradicate your student loans.
Erm, "may" is a month afaik :-)
Ben
On 8/11/05, Jonathan Nichols <[EMAIL PROTECTED]> wrote:
> Huh? Subject didn't have month in it at all.. :(
>
>
>
>
>
> Return-Path: <[EMAIL PROTECTED]>
> Received: from mailgate.pbp.n
Huh? Subject didn't have month in it at all.. :(
Return-Path: <[EMAIL PROTECTED]>
Received: from mailgate.pbp.net (mailgate.pbp.net [192.168.10.87])
by mail.pbp.net (Postfix) with ESMTP id 95CA7117720
for <[EMAIL PROTECTED]>; Thu, 11 Aug 2005 05:24:29 -0700 (PDT)
Received:
Simon Oosthoek wrote:
> Matt Kettler wrote:
>>
>> add_header all Status _YESNO_, score=_SCORE_ required=_REQD_
>> tests=_TESTSSCORES_ autolearn=_AUTOLEARN_ version=_VERSION
>>
>
> Ok, I've put this in the /etc/spamassassin/local.cf file and it doesn't
> change the appearance of the Status header a
Matt Kettler wrote:
At 05:37 AM 8/11/2005, Simon Oosthoek wrote:
X-Virtu-MailScanner-SpamCheck: spam, SpamAssassin (score=25.456,
required 5,
autolearn=spam, BAYES_99 3.50, FORGED_YAHOO_RCVD 2.70,
That header wasn't made by SpamAssassin.. MailScanner builds it's own
headers.
Tha
On Tue, 9 Aug 2005, List Mail User wrote:
> non-commercial relationship); But if I have published a link to your
> site, I have created a relationship, even if I didn't intend to. There
> are such things as implied consent, and IANAL, but this probably falls
> into that situation.
This example
At 05:37 AM 8/11/2005, Simon Oosthoek wrote:
Hi all
I'm quite new to spamassassin...
Our ISP has a scanner running on their fallback MX machines for their
clients (some spammers aparently use the fallback MX rather than the
default MX)
So I get e-mails with their headers (see below) and the
On Wed, 10 Aug 2005, Herb Martin wrote:
> Is there a UNIX socket test client program (a la NetCat)?
>
> I need to test a variety of UNIX (not IP/INET) socket daemons for both
> syntax and "are you running".
>
> Is there a program that can read-write to an arbitrary Unix-type socket in a
> manner
On Tue, 09 Aug 2005, Justin Mason said:
> BTW, before we go too far down this rabbit-hole, everyone please note
> that actually, the SpamAssassin project *does* have its own definition
> of spam: that being Unsolicited Bulk Email.
There was a wonderful old post on news.admin.net-abuse.misc (messag
On Tuesday, August 9, 2005, 11:52:47 PM, wolfgang wolfgang wrote:
> the IP
> 219 dot 144 dot 194 dot 158
> is shown as listed by http://www.rulesemporium.com/cgi-bin/uribl.cgi - a
> phishing mail with
> http://219dot144dot194dot158:8081/secure.dresdner-privat.de/fb/privat/login/login.htm
> in it's
Hi all
I'm quite new to spamassassin...
Our ISP has a scanner running on their fallback MX machines for their
clients (some spammers aparently use the fallback MX rather than the
default MX)
So I get e-mails with their headers (see below) and then I scan them as
well, adding my own headers.
On Tue, 9 Aug 2005, Joe Borg said:
> Its easier not to try to count asterisks...
> Sample procmailrc portion
>:0
> * ^X-Spam-Status:.*score=[1-9][0-9]
> {
>
>:0
> /dev/null
> }
> -end sample
Agreed, but you don't have to use regexps for the counting job either.
I use somet
Matt Kettler wrote:
Claude Kries wrote:
Hi there,
it would be nice to hear of some statistical tools you are using, to
analyze how much spam SA filtered during a period of some time.
Any out ther? Maybe some generating nice HTML output or something?
There's some misc mrtg scripts out there
Matt Kettler wrote:
Claude Kries wrote:
Hi there,
it would be nice to hear of some statistical tools you are using, to
analyze how much spam SA filtered during a period of some time.
Any out ther? Maybe some generating nice HTML output or something?
There's some misc mrtg scripts out there
Hi Matt,
Thanks a lot for your clarifications. Everything is clearer now :)
ddaas
Matt Kettler wrote:
> ddaasd wrote:
>
>>Hi,
>>I have a problem with SpamAssassin. I would appreciate if someone could
>>help me.
>>
>> My setup is:
>>
>>I’ve upgraded to SpamAssassin version 3.0.3 running on Per
55 matches
Mail list logo
