Re: How to detect current images-only messages?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jdow wrote: > From: "Chris Santerre" <[EMAIL PROTECTED]> >>> From: Yves Goergen [mailto:[EMAIL PROTECTED] >>> >>> Hello, >>> I keep receiving messages that contain of nothing but composed images. >>> They're HTML messages with only tags in them. There

Re: Was "One large image" now is "several small images"

On Freitag, 16. Juni 2006 17:33 Toll, Eric wrote: > Anyone have a good rule for this?? I didn't have a single message of this type passing my filters. That surprised me, positively. Here's what they got: X-Spam-Status: Yes, hits=20.751 tagged_above=-999 required=5 tests=BAYES_99=3.5, EXTRA_MPAR

Re: How to install iXhash

Here's the link to the wiki, but I don't know what to do with it. http://wiki.apache.org/spamassassin/iXhash

How to install iXhash

I found this plugin iXhash in the Wiki but I don't know how to use it. What do I do to install it?

Re: Found on a stock spam:

From: "John D. Hardin" <[EMAIL PROTECTED]> On Mon, 19 Jun 2006, Bob Proulx wrote: That is not good. What tool would trust the header contents the message came in with? True for a header that says "this is NOT spam", but what spammer is going to put in a header saying "this message IS spam"

Re: Found on a stock spam:

On Mon, 19 Jun 2006, Bob Proulx wrote: > That is not good. What tool would trust the header contents the > message came in with? True for a header that says "this is NOT spam", but what spammer is going to put in a header saying "this message IS spam" ? It may be justified to trust an X-Spam: Y

Re: Can SA be used to implement greylisting?

On Mon, 19 Jun 2006, Logan Shaw wrote: > > Consider the case of a spammer whose software *does* retry, but > > retries every two or three minutes until delivery is accepted or > > PERMFAILed. I have seen this in my greylist logs. Do you really want > > SA + AV + whatever to completely process this

Re: spamassassin on a mail relay

From: "Chris Santerre" <[EMAIL PROTECTED]> Hi, We use mysql based User Preferences so users can use their own black and white lists as well as set the markup and required hits. We reject spam (55x, not a bounce) when the score is 10 or above and mark everything else that gets 5 or more.

Re: Its nice when spammers declare their intentions...

From: "Craig McLean" <[EMAIL PROTECTED]> Loren Wilton wrote: Subject: PayPal Fraud Intention !!! Verify Account & Billing Information !!! From: "PayPal.inc Security Center Department " <[EMAIL PROTECTED]> Its nice to know that they intend to defraud me. Maybe I won't bother playing their game

Re: How to detect current images-only messages?

From: "Chris Santerre" <[EMAIL PROTECTED]> From: Yves Goergen [mailto:[EMAIL PROTECTED] Hello, I keep receiving messages that contain of nothing but composed images. They're HTML messages with only tags in them. There seems to be a rule that checks if the message has *any* image and compares

Re: Found on a stock spam:

From: "Bob Proulx" <[EMAIL PROTECTED]> Michael Monnerie wrote: Bob Proulx wrote: > Meanwhile, I do think that filtering outgoing mail from such places > as open internet nodes at hotels and other places like that is > probably a good thing. But simply tagging by itself does not seem > useful to

Re: Found on a stock spam:

Bob Proulx wrote: There exist many tools that filter on SpamAssassin headers (Mozilla Thunderbird), so it can be valuable for the receiver's filter to have that scan results. Even for a company: If one PC got some infection and sends SPAM, at least you marked all messages as such. That is not

Re: Found on a stock spam:

Michael Monnerie wrote: > Bob Proulx wrote: > > Meanwhile, I do think that filtering outgoing mail from such places > > as open internet nodes at hotels and other places like that is > > probably a good thing.  But simply tagging by itself does not seem > > useful to me. > > It's a legal thing: Yo

Re: Can SA be used to implement greylisting?

On Mon, 19 Jun 2006, Rick Macdougall wrote: > JamesDR wrote: > > 1) Message comes in, check against AWL, if sender/ip pair do not exist, > > send the tempfail, if sender/ip pair do exist: > > 2) Check the average score against some threshold (say 4 points as a > > figure.) If sender's score is ove

Re: Can SA be used to implement greylisting?

On Mon, 19 Jun 2006, John D. Hardin wrote: On Mon, 19 Jun 2006, Logan Shaw wrote: If it comes up with a very high score (almost definitely spam), drop it right away. If it comes up with an indeterminate score, apply the greylisting approach and delay it until later. What's the point? You've

Re: Can SA be used to implement greylisting?

JamesDR wrote: Logan Shaw wrote: On Mon, 19 Jun 2006, David B Funk wrote: On Mon, 19 Jun 2006, Justin Mason wrote: [snip] 1) Message comes in, check against AWL, if sender/ip pair do not exist, send the tempfail, if sender/ip pair do exist: 2) Check the average score against some thresho

Re: Can SA be used to implement greylisting?

Logan Shaw wrote: On Mon, 19 Jun 2006, David B Funk wrote: On Mon, 19 Jun 2006, Justin Mason wrote: [snip] OK, if that's the case, let me offer my own personal justification of why it might be worthwhile to combine greylisting with SpamAssassin. Basically, greylisting has an achilles

Re: spamassassin on a mail relay

Do any of you out there run spamassassin on a mail relay or pop/imap server to add the X-Spam headers to all mail that passes through your gateway? -Gary I use amavisd-new (works best with Postfix). There is only one user, so there is only one user_prefs, so each individual recipient cannot

Re: Can SA be used to implement greylisting?

On Mon, 19 Jun 2006, Logan Shaw wrote: > If it comes up with a very high score (almost definitely spam), > drop it right away. If it comes up with an indeterminate score, > apply the greylisting approach and delay it until later. What's the point? You've already *got* the entire message, at that

Re: Can SA be used to implement greylisting?

On Mon, 19 Jun 2006, Steven W. Orr wrote: > > And this is my point. SA *DOESN'T* work on messages after they > have been received. Since I use spamass-milter, SA sees the > messages before reception is completed. So, you're passing just the message headers through SA? Using a milter doesn't magi

Re: Can SA be used to implement greylisting?

On Mon, 19 Jun 2006, David B Funk wrote: On Mon, 19 Jun 2006, Justin Mason wrote: Yep -- that's the key point -- as far as I know it's illegal (in SMTP terms) to offer a 421 after DATA. RFC-2821 section 3.9: An SMTP server MUST NOT intentionally close the connection except: - After re

Re: Can SA be used to implement greylisting?

On Mon, 19 Jun 2006, Justin Mason wrote: > Yep -- that's the key point -- as far as I know it's illegal (in > SMTP terms) to offer a 421 after DATA. > > --j. RFC-2821 section 3.9: An SMTP server MUST NOT intentionally close the connection except: - After receiving a QUIT command and resp

Re: Can SA be used to implement greylisting?

Steven W. Orr wrote: I'm running sendmail here on a home server. I've been looking for a good greylist package and I frankly have not found one. There are a couple out there but they work in memory and don't maintain their tables in a database. My greylist code

Re: Can SA be used to implement greylisting?

On Mon, 19 Jun 2006, Steven W. Orr wrote: > And this is my point. SA *DOESN'T* work on messages after they have been > received. Since I use spamass-milter, SA sees the messages before > reception is completed. (You're free to do otherwise.) Then when SA > decides that the message doesn't conform

Re: Can SA be used to implement greylisting?

John D. Hardin writes: > On Mon, 19 Jun 2006, Steven W. Orr wrote: > > > =>> Is it worthwhile to try to convince the SA dev > > =>> crowd to add greylist functionality? > > > Neither. What I'm looking for is a rubust way to say: "I haven't > > seen mail from this guy before so I'm going to reje

GTUBE

Hi, I've been doing a lot of googling and archiving search for no success, so I ask here for an answer... I am currently using SA 3.0.6, as a system-wide spam filter integrated with Qmail. For Qmail, I am using qmail-scanner, which has a config tool that "prepares" qmail in order to be able to u

Re: Adding Phishing Link rule

Unfortunately, although many phishing mails would match this rule, just as many ligitimate messages would as well. Check the archives. http://www.nabble.com/Detecting-phishing-urls-t1027084.html#a2669493 On Sat, 17 Jun 2006 21:56:03 +0200 Yves Goergen <[EMAIL PROTECTED]> wrote: Hello, I'm ru

Re: Can SA be used to implement greylisting?

[snip] > And this is my point. SA *DOESN'T* work on messages after they have been > received. Since I use spamass-milter, SA sees the messages before > reception is completed. (You're free to do otherwise.) Then when SA > decides that the message doesn't conform to its high standards, the repo

RE: Was "One large image" now is "several small images"

> -Original Message- > From: John D. Hardin [mailto:[EMAIL PROTECTED] > > On Thu, 15 Jun 2006, Matt wrote: > > > It seems the spammers have gotten smart to the fact that we were > > filtering for one large image and no text... now what I am > seeing is > > that the spammers are sending

RE: Can SA be used to implement greylisting?

On Mon, 19 Jun 2006, Steven W. Orr wrote: > =>> Is it worthwhile to try to convince the SA dev > =>> crowd to add greylist functionality? > Neither. What I'm looking for is a rubust way to say: "I haven't > seen mail from this guy before so I'm going to reject his email > with a 450 error code.

Re: Can SA be used to implement greylisting?

Steven W. Orr writes: > > > And this is my point. SA *DOESN'T* work on messages after they have been > received. Since I use spamass-milter, SA sees the messages before > reception is completed. (You're free to do otherwise.) Then when SA > decides that the message doesn't conform to its high

Re: Can SA be used to implement greylisting?

On Monday, Jun 19th 2006 at 10:24 -0700, quoth Bill Landry: =>- Original Message - From: "Steven W. Orr" <[EMAIL PROTECTED]> => =>> On Monday, Jun 19th 2006 at 11:40 -0400, quoth Chris Santerre: =>> =>> => =>> => =>> =>> -Original Message- =>> =>> From: Steven W. Orr [mailto:[EMAI

Re: Adding Phishing Link rule

On 19.06.2006 18:26 CE(S)T, Chris Santerre wrote: > Why not just use black.uribl.com ? It lists PHISHes. Trying this out now. -- Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]> http://beta.unclassified.de – My web laboratory.

Re: Adding Phishing Link rule

On 19 Jun 2006, at 17:26, Chris Santerre wrote: > Still I don't know how to create a rule like this. But as someone else > in the bug tracker already mentioned a year ago, what SpamAssassin > misses to do things like that is a 'rawbody' match that uses > the entire > message, not only single l

Re: Can SA be used to implement greylisting?

- Original Message - From: "Steven W. Orr" <[EMAIL PROTECTED]> On Monday, Jun 19th 2006 at 11:40 -0400, quoth Chris Santerre: => => =>> -Original Message- =>> From: Steven W. Orr [mailto:[EMAIL PROTECTED] =>> Sent: Monday, June 19, 2006 9:08 AM =>> To: spamassassin-users =>> Su

Re: spamassassin on a mail relay

Do any of you out there run spamassassin on a mail relay or pop/imap server to add the X-Spam headers to all mail that passes through your gateway? Yep, border MX servers which accept all mail for all domains we host, scan all the mail, then pass it along the line to the recipient servers. Ma

RE: Can SA be used to implement greylisting?

On Monday, Jun 19th 2006 at 11:40 -0400, quoth Chris Santerre: => => =>> -Original Message- =>> From: Steven W. Orr [mailto:[EMAIL PROTECTED] =>> Sent: Monday, June 19, 2006 9:08 AM =>> To: spamassassin-users =>> Subject: Can SA be used to implement greylisting? =>> =>> =>> I'm running s

Re: spamassassin on a mail relay

| Do any of you out there run spamassassin on a mail relay or pop/imap | server to add the X-Spam headers to all mail that passes through your | gateway? We use smf-spamd v1.2.0 - http://smfs.sourceforge.net/ for preliminary SA scanning and bounce at a score of 8. After that, it gets processed

RE: Adding Phishing Link rule

Title: RE: Adding Phishing Link rule > -Original Message- > From: Yves Goergen [mailto:[EMAIL PROTECTED]] > Sent: Sunday, June 18, 2006 5:46 AM > To: Loren Wilton > Cc: users@spamassassin.apache.org > Subject: Re: Adding Phishing Link rule > > > On 18.06.2006 03:51 CE(S)T, Loren Wi

RE: spamassassin on a mail relay

> Do any of you out there run spamassassin on a mail relay or pop/imap > server to add the X-Spam headers to all mail that passes through your > gateway? > > If you do, how do you let individual users (who don't have accounts on > your relay) tweak their user_prefs file to whitelist things that ar

RE: spamassassin on a mail relay

Title: RE: spamassassin on a mail relay > -Original Message- > From: Rick Macdougall [mailto:[EMAIL PROTECTED]] > Sent: Monday, June 19, 2006 11:52 AM > To: users@spamassassin.apache.org > Subject: Re: spamassassin on a mail relay > > > Michael Grant wrote: > > Do any of you out th

RE: Can SA be used to implement greylisting?

Title: RE: Can SA be used to implement greylisting? > -Original Message- > From: Steven W. Orr [mailto:[EMAIL PROTECTED]] > Sent: Monday, June 19, 2006 9:08 AM > To: spamassassin-users > Subject: Can SA be used to implement greylisting? > > > I'm running sendmail here on a home ser

RE: How to detect current images-only messages?

Title: RE: How to detect current images-only messages? > -Original Message- > From: Yves Goergen [mailto:[EMAIL PROTECTED]] > Sent: Sunday, June 18, 2006 5:50 AM > To: users@spamassassin.apache.org > Subject: How to detect current images-only messages? > > > Hello, > I keep receivi

Re: spamassassin on a mail relay

Michael Grant wrote: Do any of you out there run spamassassin on a mail relay or pop/imap server to add the X-Spam headers to all mail that passes through your gateway? If you do, how do you let individual users (who don't have accounts on your relay) tweak their user_prefs file to whitelist th

spamassassin on a mail relay

Do any of you out there run spamassassin on a mail relay or pop/imap server to add the X-Spam headers to all mail that passes through your gateway? If you do, how do you let individual users (who don't have accounts on your relay) tweak their user_prefs file to whitelist things that are not spam

Can SA be used to implement greylisting?

I'm running sendmail here on a home server. I've been looking for a good greylist package and I frankly have not found one. There are a couple out there but they work in memory and don't maintain their tables in a database. I'm also running spamass-milter which is set to reject mail ifd SA say

Re: Is it possible ?

boka wrote: Hello, is it possible to store global white/black lists in sql ? I know that it is possible for users. Yes, see the wiki pages for the sql userprefs. There is a query that allows you to do Global, Domain, and User based prefs -- all depending on how SA is getting the user of cour

Is it possible ?

Hello, is it possible to store global white/black lists in sql ? I know that it is possible for users. -- boka

Re: Its nice when spammers declare their intentions...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Loren Wilton wrote: > Subject: PayPal Fraud Intention !!! Verify Account & Billing Information !!! > From: "PayPal.inc Security Center Department " <[EMAIL PROTECTED]> > > Its nice to know that they intend to defraud me. Maybe I won't bother > playin

RE: SA Milter problem

I have the same problem, and have no idias how to resolve it... i tried to use -m key when starting milter, but it have no effect. if U find the unswer to this problem pliz tell how to resolv it. -- View this message in context: http://www.nabble.com/SA-Milter-problem-t1665293.html#a4932563 Sent