Re: Is it possible to increase the Bayesian Score ?

> Is it possible to increase the BAYES_XX score ? Yes.           Loren             All you need is a     score    BAYES_XX    n.n substituting reasonable values for XX and n.n  

Is it possible to increase the Bayesian Score ?

HelloIs it possible to increase the BAYES_XX score ?Thanks-- Michael Ben-Nes052-8555757

Re: Paypal Spoof

On Wednesday, December 21, 2005, 5:40:56 PM, LuKreme LuKreme wrote: > On 21 Dec 2005, at 13:22 , <[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> wrote: >> LuKreme wrote: >>> I mean, it seems to be something claiming to be from paypal, ebay, >>> citibank, wamu, etc that is NOT from them should score a l

Re: strange auto-whitelist behavior

Am Freitag, den 23.12.2005, 01:02 +0100 schrieb Marcus Sobchak: > today I've upgraded from 3.0.4 to 3.1.0 (on debian). Spam detection > works fine, but from time to time I have these errors in my mail.log: > > > Dec 22 23:44:23 walter spamd[8985]: auto-whitelist: open of > auto-whitelist

strange auto-whitelist behavior

Hi, today I've upgraded from 3.0.4 to 3.1.0 (on debian). Spam detection works fine, but from time to time I have these errors in my mail.log: Dec 22 23:44:23 walter spamd[8985]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /var/spool/

RE: Using Dig for RBL lookups.

>... >Ah, List, Matt, and Dallas, thanks all. Used all of them to get the answer >I was looking for. > >So simply parsing the the "Answer" section to see if there was a 127.0.0.2 >response should verify for me, it seems. > >I also vaguely remember reading something about .4 and .6 responses as wel

RE: Using Dig for RBL lookups.

Ahhh, so this isn't a standard format for all RBLs? By the way, as a programmer who runs an IRC channel for a 3D Engine (TrueVision3D, Buy today!) I can say that as a rule, programmers tend to give the new guy a LOT of flack, especially when asking questions when they obviously know nothing about

Re: US winning war on spam ?!?!?!

> But the reality of the numbers won't stop the FTC from tooting it's own > horn and claiming victory.. Unfortunately for us, this will likely result > in some major spammers unleashing a mass-scale deluge just to show they're > wrong. The best I think we can hope for is that a few of them might ge

Re: Using Dig for RBL lookups.

Aaron Boyles wrote: > Ah, List, Matt, and Dallas, thanks all. Used all of them to get the answer > I was looking for. > > So simply parsing the the "Answer" section to see if there was a 127.0.0.2 > response should verify for me, it seems. > > I also vaguely remember reading something about .4 a

RE: Using Dig for RBL lookups.

Ah, List, Matt, and Dallas, thanks all. Used all of them to get the answer I was looking for. So simply parsing the the "Answer" section to see if there was a 127.0.0.2 response should verify for me, it seems. I also vaguely remember reading something about .4 and .6 responses as well. Anyone ca

Re: Rules_du_hour and SAREs rules

LuKreme wrote: what I get is: No index found for ruleset named SARE_HTML. Check that this ruleset is still valid. No index found for ruleset named SARE_OBFU. Check that this ruleset is still valid. No index found for ruleset named SARE_URI_ENG. Check that this ruleset is still vali

Re: Using Dig for RBL lookups.

Aaron Boyles wrote: > So far, so good. Everything I'm trying gives me an NXDOMAIN response, > though. Anyone have a couple of IPs that are on Spamhaus that I could use > for testing purposes? > > -Aaron Boyles > ITC Applications Programmer > Try the "latest 25" SBL listings off the spamhaus web

RE: Using Dig for RBL lookups.

> -Original Message- > From: Aaron Boyles [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 22, 2005 4:46 PM > To: SpamAssassin > Subject: Using Dig for RBL lookups. > > So far, so good. Everything I'm trying gives me an NXDOMAIN > response, though. Anyone have a couple of IPs that a

Re: Using Dig for RBL lookups.

>... >So far, so good. Everything I'm trying gives me an NXDOMAIN response, >though. Anyone have a couple of IPs that are on Spamhaus that I could use >for testing purposes? > >-Aaron Boyles >ITC Applications Programmer > Almost all RBLs (not RHSBLs) will respond to the test point 127.0.0.

Using Dig for RBL lookups.

So far, so good. Everything I'm trying gives me an NXDOMAIN response, though. Anyone have a couple of IPs that are on Spamhaus that I could use for testing purposes? -Aaron Boyles ITC Applications Programmer

Re: US winning war on spam ?!?!?!

From: "Matt Kettler" <[EMAIL PROTECTED]> At 03:00 PM 12/21/2005, Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler writes: > But the reality of the numbers won't stop the FTC from tooting it's own > horn and claiming victory.. Unfortunately for us, this will likel

Re: [OT] US winning war on spam ?!?!?!

From: "Matt Kettler" <[EMAIL PROTECTED]> At 07:13 PM 12/21/2005, jdow wrote: From: "Martin Hepworth" <[EMAIL PROTECTED]> http://news.bbc.co.uk/1/hi/technology/4547474.stm Not according to my statsbut the users don't get the spam anymore ;-) It's the BBC, for crying out loud. They've wipe

Re: I'm afraid I might have to report this list as a spam source

Selon Justin Mason <[EMAIL PROTECTED]>: > > However, as an Apache project, we're hosting our lists at apache.org, and > they get *insane* quantities of spam, viruses, and blowback -- far too > many for the hardware to cope with, without upfront DNSBL use, apparently. > sure, but: - [philosopical]

Pegging domains less than x days old?

I remember this was brought up but forgot where this went. Does anybody have a method to score a match on a domain that is less than x days old?

RE: Public Blacklists?

Ah, excellent! Thanks for all your help! -Aaron -Original Message- From: SM [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 4:53 PM To: SpamAssassin Subject: RE: Public Blacklists? Hi Aaron, At 12:10 22-12-2005, Aaron Boyles wrote: >:o That seems to have worked! So the

RE: Public Blacklists?

Hi Aaron, At 12:10 22-12-2005, Aaron Boyles wrote: :o That seems to have worked! So the next question is, how would the RBL lookup work? And why do they have us put the nameservers in the .conf file if we're going to reference them in the dig command? And how many of these files that came wit

Re: I'm afraid I might have to report this list as a spam source

On Thu, Dec 22, 2005 at 11:58:24AM -0800, Justin Mason wrote: > However, as an Apache project, we're hosting our lists at apache.org, and > they get *insane* quantities of spam, viruses, and blowback -- far too > many for the hardware to cope with, without upfront DNSBL use, apparently. > > It's n

RE: [Heading into OT land] Re: Public Blacklists?

Well... I don't know that! Ahh..! -Original Message- From: Jim Maul [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 4:01 PM To: Aaron Boyles Cc: SpamAssassin Subject: [Heading into OT land] Re: Public Blacklists? Aaron Boyles wrote: > :o That seems to

RE: Public Blacklists?

Not to me, unfortunately... I'm just a contractor... :D -Original Message- From: Dallas L. Engelken [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 3:33 PM To: SpamAssassin Subject: RE: Public Blacklists? > -Original Message- > From: Aaron Boyles [mailto:[EMAIL PR

[Heading into OT land] Re: Public Blacklists?

Aaron Boyles wrote: :o That seems to have worked! So the next question is, how would the RBL lookup work? And why do they have us put the nameservers in the .conf file if we're going to reference them in the dig command? And how many of these files that came with the dig.exe are actually nece

RE: Public Blacklists?

> -Original Message- > From: Aaron Boyles [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 22, 2005 2:11 PM > To: SM; SpamAssassin > Subject: RE: Public Blacklists? > > :o That seems to have worked! So the next question is, how > would the RBL lookup work? And why do they have us

RE: Public Blacklists?

>From my 9.3.1 install... libbind9.dll libdns.dll libeay32.dll libisc.dll libisccc.dll libisccfg.dll liblwres.dll msvcr70.dll Dig.exe Host.exe Steven -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:11 PM To: SM; SpamAssassin Subject:

RE: Public Blacklists?

:o That seems to have worked! So the next question is, how would the RBL lookup work? And why do they have us put the nameservers in the .conf file if we're going to reference them in the dig command? And how many of these files that came with the dig.exe are actually necessary to include with

RE: Public Blacklists?

Hi Aaron, At 11:24 22-12-2005, Aaron Boyles wrote: I assumed that typing: dig www.yahoo.com At the command prompt should have SOMETHING result. Instead, I get the time out. dig @10.0.0.1 www.yahoo.com where 10.0.0.1 is the IP address of your name server. Regards, -sm

Re: I'm afraid I might have to report this list as a spam source

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim C. Nasby writes: > BTW, this email is a great example of why it's a horrible idea to filter > mail based on an RBL. It's surprising to me that the SA lists aren't > just run through SA. Spam making it past that is a good indication of > where SA c

Re: US winning war on spam ?!?!?!

On Thu, Dec 22, 2005 at 09:28:26AM -0500, Matt Kettler wrote: > Sounds to me like they're claiming CAN-SPAM is a victory... They aren't > claiming final victory yet, but they are claiming CAN-SPAM is providing > consumer protection by acting as a deterrent and enforcement tool. This is > true,

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

BTW, a friend of mine wrote a little perl script to keep a secondary MX aware of what usernames are valid for a domain, which prevents the secondary from accidentally accepting email for invalid users. The info is at http://slacker.com/~nugget/postfixrelaymaps.php. -- Jim C. Nasby, Database Archit

Rules_du_hour and SAREs rules

Using as a reference, I put the following in my conf file for RDJ: TRUSTED_RULESETS="TRIPWIRE SARE_ADULT SARE_SPOOF SARE_HEADER SARE_HTML SARE_OBFU SARE_URI_ENG" what I get is: No index found for ruleset named SARE_HTML. Check that this

Re: I'm afraid I might have to report this list as a spam source

On Wed, Dec 21, 2005 at 08:55:21PM -0500, Gene Heskett wrote: > On Wednesday 21 December 2005 18:59, [EMAIL PROTECTED] wrote: > >You see, it does not allow me to unsubscribe. > > > >Some goofball running the SA list (or a server front-end for the > > list) decided to 100% block on incoming email to

RE: Public Blacklists?

Maybe I'm not understanding how this is supposed to work. Does Bind need to be installed in order for Dig to work? And what IS Bind? -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 2:25 PM To: SpamAssassin Subject: RE: Public Blacklist

RE: Public Blacklists?

Perhaps I'm just using/configuring it wrong? I assumed that typing: dig www.yahoo.com At the command prompt should have SOMETHING result. Instead, I get the time out. -Aaron -Original Message- From: Steven Manross [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 2:12 PM

RE: Public Blacklists?

IPs or DNS names? It wants Ips in the resolve.conf. (the version that comes with BIND is tested and works on Windows). Earlier versions crapped out on Windows with various messages. Steven -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 20

IMAP server 'train on drag' patch (fwd)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 this is nifty; a patch to courier-imap to call "sa-learn" when a user drags a message into a folder! - --j. - --- Forwarded Message Date:Thu, 22 Dec 2005 10:11:31 -0800 From:Elliot Foster cc: qpsmtpd .at. perl.org [jm: snipped lo

RE: Public Blacklists?

Hi Aaron, At 10:14 22-12-2005, Aaron Boyles wrote: A number of people have mentioned that... But what is it? It's not a command my PC recognizes. It's not part of Windows. It comes with BIND. You can download a Win32 version at ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.3.2/BIND9.3.2.zip

RE: Public Blacklists?

Hrm. I tried it, but it crapped out. :/ I used our DCs (2K3 servers) which are our DNS servers in the .conf file, but still no dice. It times out saying "no servers could be reached." Any ideas? -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Thursday, Decembe

RE: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

Roger Taranto wrote: > How are your users authenticated for the MSFT software? Is > it via a domain controller? AFAIK, Active Directory can be > configured as an LDAP server, which might somehow solve your > problem -- or at least give you LDAP access to your users. > (I think you have to be

RE: Public Blacklists?

A Win32 DIG executable is provided with the latest version of bind.. I use 9.3.1 but it looks like they are on 9.3.2 now.. http://isc.org/sw/bind Steven -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 11:14 AM To: SpamAssassin Subject:

RE: Public Blacklists?

Aaron Boyles wrote: > A number of people have mentioned that... But what is it? It's not a > command my PC recognizes. > > From: SM [mailto:[EMAIL PROTECTED] > > > > nslookup is broken. :-) Use dig instead. Dig is a very nice dns lookup program that is fairly standard now on Linux. Windows sti

RE: Public Blacklists?

A number of people have mentioned that... But what is it? It's not a command my PC recognizes. -Aaron -Original Message- From: SM [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:09 PM To: SpamAssassin Subject: RE: Public Blacklists? Hi Aaron, At 13:14 21-12-2005, Aaron B

RE: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

Wow. It seems that my experience with the E-Mail has been fairly mild compared to some of the horror stories you guys have dealt with. I guess we've been lucky. We had one "attack" where someone was using us to relay spam, and I immediately yanked the server completely offline. That day, I wrot

RE: Public Blacklists?

Hi Aaron, At 13:14 21-12-2005, Aaron Boyles wrote: understanding is that I should shell out to "nslookup 70.221.33.80.sbl-xbl.spamhaus.org" and nab the response. However, when I attempt this, I always get the same thing in response: "Can't find server name for address 10.0.0.1" which is our gat

RE: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

Matt Kettler wrote: > > No.. bounce after accept means to not validate the recipient until > after the whole SMTP session is done. > > ie: a server set up to queue and forward all mail for a domain to an > internal server without any checks of the recipient at all. Later the > internal server rej

RE: MIMEDefang downstream recipient validation (was: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?))

Damrose, Mark wrote: > See http://mimedefang.org/kwiki/index.cgi?Exchange2Access for scripts > that pull the entire user base from an Exchange server and format as > a sendmail access.db. ... > If you have more than 1000 users on your system, you'll get errors - > you can either modify your exchang

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

Matt Kettler wrote: Aaron Boyles wrote: Uh oh... I might be a guilty party here. What do you mean by "bounce after accepting?" With my own app, it receives the E-Mail, gets as far as the DATA command, does a quick overview of the E-Mail, and if it's considered spam, it returns a 550 - User Doe

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

Aaron Boyles wrote: > Uh oh... I might be a guilty party here. What do you mean by "bounce after > accepting?" With my own app, it receives the E-Mail, gets as far as the > DATA command, does a quick overview of the E-Mail, and if it's considered > spam, it returns a 550 - User Doesn't Exist inst

RE: exchange event sink?

Well, that's just a rule -- for moving mail messages. And you could set that rule on each and every mailbox you own if you wanted to programatically. But, the Event Sink is for an SMTP interface on Exchange Server. Contact me offlist for the sink of about the Sitewide rule creation if you want t

exchange event sink?

Hello Guys, I read something about filtering the x-spam-flag tag in the header via an exchange event sink. Does anybody have this event sink? I want that every junk message, which has a flag, will be moved to the Outlook Junk-E-Mail - folder. Thanks a lot.

Re: [OT] US winning war on spam ?!?!?!

At 07:13 PM 12/21/2005, jdow wrote: From: "Martin Hepworth" <[EMAIL PROTECTED]> http://news.bbc.co.uk/1/hi/technology/4547474.stm Not according to my statsbut the users don't get the spam anymore ;-) It's the BBC, for crying out loud. They've wiped their own reputation with so many dirty c

Re: customizing score: what with several default values ?

At 08:05 AM 12/22/2005, [EMAIL PROTECTED] wrote: Hi, I need to change the scoring of a few particular rules, such as BAYES_99 etc. in the doc (http://spamassassin.apache.org/tests_3_1_x.html) they say i can just add a line like "score BAYES_99 2.0" or whatever a few of the scores however have

RE: Newbie looking for info...

> I think the proposed solution of putting a MailScanner box in front of the > Exchange box is just the best way. Hundreds of shops do it this way. It's also > got the advantage that you then can remove the Exchange box from public net (or > at least refuse any email with the exception of mail c

Re: US winning war on spam ?!?!?!

At 03:00 PM 12/21/2005, Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler writes: > But the reality of the numbers won't stop the FTC from tooting it's own > horn and claiming victory.. Unfortunately for us, this will likely result > in some major spammers unleashin

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

Rick Macdougall a écrit : > Brian Leyton wrote: > >> Rick Macdougall wrote: >> >>> My system would disagree with you for the last 3 days :) >>> >>> We've been under a constant bounce bombardment of bounced spams (from f*cking idiot admins who can't understand that you do not bounce after accept

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

Shane Williams wrote: On Wed, 21 Dec 2005, Rick Macdougall wrote: What I mean is servers that 250 OK an email message, then later on try to resend the message to a forged sender because ... user is over quota Now I'm confused. Are you saying that running sendmail with procmail as the LDA is

Re: sender-valid SMTP callbacks (Does "tuxorama.com" sound familiar to anyone?)

Matt Kettler wrote on Wed, 21 Dec 2005 18:16:43 -0500: > So I don't think this really changes much about spam, aside from perhaps > encouraging spammers to clean their lists. Do they "clean" their lists? It seems to a certain point, yes. Although it just seems they push all the stuff out and do

Re: Public Blacklists?

Aaron Boyles wrote on Wed, 21 Dec 2005 15:39:07 -0500: > This sounds along the lines of what I'm looking for. Is there an RFC on > this protocol anywhere, and a list of some free servers hosting the > information? In addition to all technical that has been said in this thread and as I see fro

Re: Newbie looking for info...

Mike Jackson wrote on Wed, 21 Dec 2005 11:27:08 -0800: > This is totally off the cuff, but would it be possible to install > ActiveState Perl and all the required SpamAssassin Perl modules on a single > workstation, then use something like Inno Setup to bundle them all together > into something

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

On Wed, 21 Dec 2005, Rick Macdougall wrote: What I mean is servers that 250 OK an email message, then later on try to resend the message to a forged sender because ... user is over quota Now I'm confused. Are you saying that running sendmail with procmail as the LDA is a Bad Thing? As I un

customizing score: what with several default values ?

Hi, I need to change the scoring of a few particular rules, such as BAYES_99 etc. in the doc (http://spamassassin.apache.org/tests_3_1_x.html) they say i can just add a line like "score BAYES_99 2.0" or whatever a few of the scores however have several default values, dependent on whether ne

Re: Does "tuxorama.com" sound familiar to anyone?

Matt Kettler wrote on Wed, 21 Dec 2005 16:04:36 -0500: > It's almost certainly someone who uses milter-sender. milter-sender does this > dummy check before accepting mail. It's taking the "verify MX record of > envelope > sender" one step further and verifying the whole address. But the envelo

Re: I'm afraid I might have to report this list as a spam source

On Wed, 21 Dec 2005, [EMAIL PROTECTED] wrote: > You see, it does not allow me to unsubscribe. It's ezmlm, so you can just reject all messages from the list and it will unsubscribe you :-) Tony. -- f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/ BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. S

Re: sender-valid SMTP callbacks (Re: Does "tuxorama.com" sound fa miliar to anyone?)

Brian Leyton wrote: > > What it comes down to is that I have a Linux machine at the front-end, > running MimeDefang, Spamassassin, etc., which passes everything it hasn't > rejected on to an old Exchange Server. I can't turn off the bounce messages > at the Exchange Server (for various stupid reas