On Monday 31 July 2006 15:10, John D. Hardin wrote:
> On Mon, 31 Jul 2006, jdow wrote:
> > Is postini even remotely legitimate?
>
> What's even funnier is that they are a commercial spam filter
> service provider.
>
> This might really damage their reputation...
Not likely. My ISP uses them as a
On Tue, Aug 01, 2006 at 10:20:44AM +0600, Tshering NORBU wrote:
> I am posting my mail again. Does anyone in the list know
> about the following error?
>
> cgpav: Error spam checking file:
> /var/CommuniGate/Queue/21294134.msg
>
> Your suggestion will be highly appreciated.
Since the problem i
Ask the CommuniGate people. It's impossible to tell from that message
that anything wrong happened with SpamAssassin.
{^_^}
- Original Message -
From: "Tshering NORBU" <[EMAIL PROTECTED]>
I am posting my mail again. Does anyone in the list know
about the following error?
cgpav: Er
From: "Gary D. Margiotta" <[EMAIL PROTECTED]>
I laughed myself into a coughing fit after reading this, after a long day,
this was welcome.
It's one of my more fun riffs that I dig out from time to time when
it seems to fit the situation. When an application is as obviously
broken as cpanel see
I am posting my mail again. Does anyone in the list know
about the following error?
cgpav: Error spam checking file:
/var/CommuniGate/Queue/21294134.msg
Your suggestion will be highly appreciated.
NORBU
+++
Get a free DrukNet e-mail account a
Yes that's correct. when you relearn a message for bayes you don't
need to write a new message at all. You just update the db based on
the contents of the message as HAM or SPAM. that's easy because it's
easy to query the message back using IMAP and the message-id. But I
don't think IMAP wi
> -Original Message-
> From: Shane Mullins [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 31, 2006 10:40 PM
> To: users@spamassassin.apache.org
> Subject: Re: postini.com
>
>
> I don't know about legitimate, but they have a very rude
> staff. When we
> first started looking at a anti
Find a floppy disk. Format it. Move cpanel over to the floppy disk.
Remove the floppy disk from the system. Wrap the floppy in alternating
layers of foil, lead is best, and parafin until it is about 6" thick.
Save it until the next full Moon. Take it to a graveyard. In a quiet
corner dig a hole ab
I don't know about legitimate, but they have a very rude staff. When we
first started looking at a anti-spam solution, my boss told me to contact
them. Their staff was extremely rude and arrogant. I had to BEG my boss to
let me even try a spamassassin solution. That was several years ago, an
On 7/31/06, jdow <[EMAIL PROTECTED]> wrote:
Both headers seem to feature X-Keywords: . I seem to
be dumb this "virtual morning" and can't get a test to work for it.
My guess is that X-IMAPbase, X-UID, Content-Length, and X-Keywords
were added by the POP3 server at the last hop before your fetch
"negativesinceofhumor", sorry this was hilarious, but we're a bunch of geeks.
Clay>>> On 7/31/2006 at 7:40 PM, in message <[EMAIL PROTECTED]>, negativescore <[EMAIL PROTECTED]> wrote:
> > Hello all, > > How do I assign a negative score to BAYES_00? I use cpanel online, and> when > I enter a nega
On Mon, 2006-07-31 at 19:03 -0500, Tim wrote:
> Thanks for the tip. That sounds pretty effective, actually. Care to
> share your rule?
Sure thing:
rawbody INLINE_IMAGE/src\s*=\s*["']cid:/i
describe INLINE_IMAGE Inline Images
score INLINE_IMAGE 1.5
I haven't tested this against the SA c
Remove him from the list. He is looping back to the list leading
to apache.org mailer error reports claiming list messages already
have headers.
{^_^}
I noticed that they all have a very long line of spaces after the
"X-Keyword:" header line.
I also noticed that "header NAME X-Keyword:\s\s\s\s" simply does not
work. It gets tokenized down to one blank. But a FULL test seems to
be able to catch it.
full JD_SPACES_KEYWORDS /X-Keywords:\s\s
On Mon, Jul 31, 2006 at 04:57:49PM -0700, Derek Harding wrote:
> At my (small) site we receive very few legitimate emails that have
> attached images that are referenced in the HTML of the message. It's
> basically only a few droolers who decided to use an image as their sig.
> Thus testing for /sr
From: "Ken Goods" <[EMAIL PROTECTED]>
negativescore wrote:
Hello all,
How do I assign a negative score to BAYES_00? I use cpanel online,
and when I enter a negative score, such as -3.0, it registers as no
score at all--just blank space in the score cell.
Please advise.
Find a floppy disk.
On Mon, 2006-07-31 at 18:34 -0500, Tim wrote:
>
> But I find it amusing that people here are more interested in
> telling
> spammers how they can defeat an algorithm instead of the other
> way around. 99% of the techniques in SpamAssassins hvae an easy
> workaround - does that stop anybody from
From: "negativescore" <[EMAIL PROTECTED]>
Hello all,
How do I assign a negative score to BAYES_00? I use cpanel online, and
when
I enter a negative score, such as -3.0, it registers as no score at
all--just blank space in the score cell.
Please advise.
Find a floppy disk. Format it. Mo
Earthlink is pretty good about reporting where things come from. And the
address IS from an acm.org machine. It is in their netblock. I've never
seen a forged Earthlink smtp Received header. It does look like the
postini results are forged or are from a hacked DNS setup.
- Original Message ---
negativescore wrote:
>> Hello all,
>>
>> How do I assign a negative score to BAYES_00? I use cpanel online,
>> and when I enter a negative score, such as -3.0, it registers as no
>> score at all--just blank space in the score cell.
>>
>> Please advise.
>
> Find a floppy disk. Format it. Move cp
Find a floppy disk. Format it. Move cpanel over to the floppy disk.
Remove the floppy disk from the system. Wrap the floppy in alternating
layers of foil, lead is best, and parafin until it is about 6" thick.
Save it until the next full Moon. Take it to a graveyard. In a quiet
corner dig a hol
>
> Hello all,
>
> How do I assign a negative score to BAYES_00? I use cpanel online, and
> when
> I enter a negative score, such as -3.0, it registers as no score at
> all--just blank space in the score cell.
>
> Please advise.
Find a floppy disk. Format it. Move cpanel over to the flop
From: "negativescore" <[EMAIL PROTECTED]>
Hello all,
How do I assign a negative score to BAYES_00? I use cpanel online, and when
I enter a negative score, such as -3.0, it registers as no score at
all--just blank space in the score cell.
Please advise.
Find a floppy disk. Format it. Mov
> -Original Message-
> From: jdow [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 31, 2006 7:16 PM
> To: John D. Hardin
> Cc: users@spamassassin.apache.org
> Subject: Re: postini.com
> > Sample headers?
I am sure you know that the only headers you can 100% truse are the last
set (earthlink
On Mon, Jul 31, 2006 at 04:04:31PM -0700, negativescore wrote:
> How do I assign a negative score to BAYES_00? I use cpanel online, and when
> I enter a negative score, such as -3.0, it registers as no score at
> all--just blank space in the score cell.
>
> Please advise.
sounds like a bug in
On Mon, Jul 31, 2006 at 03:45:05PM -0500, Logan Shaw wrote:
> On Mon, 31 Jul 2006, jdow wrote:
> >Break the image into pieces. If too many pieces match on MD5 sum then
> >you score it higher than if lots of the image is different. But that
> >can get tedious to say the least.
>
> And there's also
Hello all,
How do I assign a negative score to BAYES_00? I use cpanel online, and when
I enter a negative score, such as -3.0, it registers as no score at
all--just blank space in the score cell.
Please advise.
Thank you!
--
View this message in context:
http://www.nabble.com/How-do-I-ass
From: "John D. Hardin" <[EMAIL PROTECTED]>
On Mon, 31 Jul 2006, jdow wrote:
Is postini even remotely legitimate?
What's even funnier is that they are a commercial spam filter
service provider.
This might really damage their reputation...
Sample headers?
===8<---
Status: OU
Return-Path: <
On Mon, Jul 31, 2006 at 04:11:43PM -0700, Ken A wrote:
> These image spams are not easy to stop. I'm finally getting them with a
> 'full' rule matching a string that is common in the base64 encoded image
> part. I'm sure the image will change friday and break my rule for next
> weekend though.
jdow wrote:
From: "jdow" <[EMAIL PROTECTED]>
postini.com is spewing an image spam that is getting through filters.
Worse yet they are using acm.org as a relay
More specifically the first one of these spams I received was from
a Brazillian address. The next two, of a set of three, were
On Mon, 31 Jul 2006, jdow wrote:
> Is postini even remotely legitimate?
What's even funnier is that they are a commercial spam filter
service provider.
This might really damage their reputation...
Sample headers?
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
[EMAI
From: "jdow" <[EMAIL PROTECTED]>
postini.com is spewing an image spam that is getting through filters.
Worse yet they are using acm.org as a relay
More specifically the first one of these spams I received was from
a Brazillian address. The next two, of a set of three, were relayed
through
postini.com is spewing an image spam that is getting through filters.
Worse yet they are using acm.org as a relay
{^_^}
On Mon, Jul 31, 2006 at 01:19:21AM -0700, Jeff Chan wrote:
> If that list comes from ours:
>
> http://spamcheck.freeapp.net/two-level-tlds
>
> Then you may want to refresh it as there have been a couple
> additions.
Neat, I'll check it out -- 135 new listings... (the list comes from
the above
From: "Logan Shaw" <[EMAIL PROTECTED]>
On Mon, 31 Jul 2006, jdow wrote:
Break the image into pieces. If too many pieces match on MD5 sum then
you score it higher than if lots of the image is different. But that
can get tedious to say the least.
And there's also an easy way around it. Simply
On Mon, 31 Jul 2006, jdow wrote:
Break the image into pieces. If too many pieces match on MD5 sum then
you score it higher than if lots of the image is different. But that
can get tedious to say the least.
And there's also an easy way around it. Simply add noise to
the image. There are a numb
From: <[EMAIL PROTECTED]>
> On Mon, Jul 31, 2006 at 01:57:52PM +0530, Ramprasad wrote:
>> So if the spammer keeps generating different images for every spam mail
>> then DCC RAZOR etc would be useless right ?
>
> An image is just content - much like text or HTML. How useful
> DCC/RAZOR/etc.
From: "MennovB" <[EMAIL PROTECTED]>
These image spams have recognizable strings, but normally not in the header.
Just collect a few of them and compare (e.g. cat|sort the lines, you will
always find similarities (sometimes only in the Mime-part but even that can
work nicely and safe enough).
You
I use Cyrus. How can I configure Cyrus to do this? Right now Spam
Assassin is getting triggered due to my Postfix config:
smtp inet n - n - - smtpd
-o content_filter=sa
sa unix- n n - - pipe
user=spamd
On Mon, 2006-07-31 at 20:22 +0300, Michael wrote:
> Hello!
> It may be a strange request, but i need to collect spam for a research
> project about the way spammers attack and the way they bypass the
> antispam filters.
> Obviously, for this project i need to collect spam in different ways
Hello!
It may be a strange request, but i need to collect spam for a research
project about the way spammers attack and the way they bypass the antispam
filters.
Obviously, for this project i need to collect spam in different ways and on
different types. Also, my project can be concludent only
On Mon, 31 Jul 2006 20:22:21 +0300, Michael <[EMAIL PROTECTED]>
opined:
> Hello!
> It may be a strange request, but i need to collect spam for a
> research project about the way spammers attack and the way they
> bypass the antispam filters.
We have a very comprehensive database - about two ye
Loren Wilton wrote:
Yep. No link. Not even a fake link. I guess I can't out of their
"database" even if I want to.
My favorite was one where the unsubscribe link had a space for a host
name. The link was "http:// /optout.php?mail=(my email address)"
What made it so great was the big long
Hello!
It may be a strange request, but i need to collect spam for a research
project about the way spammers attack and the way they bypass the
antispam filters.
Obviously, for this project i need to collect spam in different ways
and on different types. Also, my project can be concludent on
>>
>> > On Mon, Jul 31, 2006 at 01:57:52PM +0530, Ramprasad wrote:
>> >> So if the spammer keeps generating different images for every spam mail
>> >> then DCC RAZOR etc would be useless right ?
>> >
>> > An image is just content - much like text or HTML. How useful
>> > DCC/RAZOR/etc. would be
Ben Wylie wrote:
Jim Maul wrote:
Ben Wylie wrote:
Am running SpamAssassin 3.1.2 on Windows 2003 server.
This is an extract from the headers of an incoming email.
This triggered the "MISSING_SUBJECT Missing Subject: header" rule.
Why did this not detect the subject header?
Because its blank?
Jim Maul wrote:
Ben Wylie wrote:
Am running SpamAssassin 3.1.2 on Windows 2003 server.
This is an extract from the headers of an incoming email.
This triggered the "MISSING_SUBJECT Missing Subject: header" rule.
Why did this not detect the subject header?
Because its blank?
my understandin
Ben Wylie wrote:
Am running SpamAssassin 3.1.2 on Windows 2003 server.
This is an extract from the headers of an incoming email.
This triggered the "MISSING_SUBJECT Missing Subject: header" rule.
Why did this not detect the subject header?
Because its blank?
X-MimeOLE: Produced By Microsof
Am running SpamAssassin 3.1.2 on Windows 2003 server.
This is an extract from the headers of an incoming email.
This triggered the "MISSING_SUBJECT Missing Subject: header" rule.
Why did this not detect the subject header?
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content
These image spams have recognizable strings, but normally not in the header.
Just collect a few of them and compare (e.g. cat|sort the lines, you will
always find similarities (sometimes only in the Mime-part but even that can
work nicely and safe enough).
You could then make a Spamassassin rule f
| Another idea was to check the images for correctness. Some spammers seem
| to use slightly modified copies of a master image. These copies are
| displayed correctly by the usual MUAs but they do contain errors that show
| up when using Image::Info or something.
|
| Dirk
I don't know much about
Hi Kailash,
A lot depends on how you have things set up. Here I run a baseline of
global settings with user options available; using MTS Professional
mailserver (which has a lot of built in SA inter-operability) on Win32
and SA on CentOS with MySQL.
Firstly, you can't put ham & spam in the same
> On Mon, Jul 31, 2006 at 01:57:52PM +0530, Ramprasad wrote:
>> So if the spammer keeps generating different images for every spam mail
>> then DCC RAZOR etc would be useless right ?
>
> An image is just content - much like text or HTML. How useful
> DCC/RAZOR/etc. would be depends highly on how
Thanks Nigel for your help. As you say it has caught spam using the
additional tests. will it not be marked as spam everytime in that
case. how would it help me to make it learn from spam already marked
as spam by spam assasin. Is there a way where I can train spamassasin
by running sa-learn on m
Hi,
The sa-learn instruction trains the bayes database; without it bayes
will not tag any messages. You need to do the training with at least
200 spam and 200 ham. Be very careful that the messages in each are
correct, so no spam in the ham folder.
There are options to learn from the mbox format
Hi all,
I am running SpamAssassin version 3.1.4.
How do I make spamassasin learn. I have been reading about sa-learn
where I am supposed to run sa-learn on a spam folder. But why should I
run it on spam folder as i would assume that it should already be in
spamassasin database as spamassasin has
- Original Message -
From: "Beast" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, July 31, 2006 9:08 AM
Subject: Re: spam not detected
> Loren Wilton wrote:
> >>
> >> *X-Spam-Status:* No, score=3.8 required=5.2
> >> tests=BAYES_99,FORGED_RCVD_HELO,
> >> HTML_50_60,HTML_MESSAGE autolearn=dis
Dear list,
I have installed and configured spamassassin 3.1.3 on
CommuniGate Pro on Red Hat 9 platform.
However, I get the following error in systemlog (i.e.
/var/log/messages:
cgpav: Error spam checking file:
/var/CommuniGate/Queue/21294134.msg
I Googled and searched the archives for su
On Mon, Jul 31, 2006 at 01:57:52PM +0530, Ramprasad wrote:
> So if the spammer keeps generating different images for every spam mail
> then DCC RAZOR etc would be useless right ?
An image is just content - much like text or HTML. How useful
DCC/RAZOR/etc. would be depends highly on how they ar
On Sat, 2006-07-29 at 18:22 +, [EMAIL PROTECTED] wrote:
> >> Does DCC, RAZOR, PYZOR, or any other signature algorithms work with
> >> the image spams? It's not apparent from reading the man pages. It
> >> seems to me that one could compare the signatures of attachments instead
> >> of the who
On Friday, July 28, 2006, 8:29:39 AM, Theo Dinter wrote:
> On Fri, Jul 28, 2006 at 11:27:09AM -0400, Rob McEwen (PowerView Systems)
> wrote:
>> I wasn't involved in that URIBL listing which brought this up... but, BTW,
>> I'd love to have that "two level TLD in SA" list handy. Therefore, can
>>
Loren Wilton wrote:
*X-Spam-Status:* No, score=3.8 required=5.2
tests=BAYES_99,FORGED_RCVD_HELO,
HTML_50_60,HTML_MESSAGE autolearn=disabled version=3.1.4
Bayes is doing fine. You can't get much better than Bayes_99 as a
spam indicator.
On the other hand, having Bayes_99 and three oth
On Saturday 29 July 2006 00:33, jdow wrote:
> From: "Theo Van Dinter" <[EMAIL PROTECTED]>
>
> Quoth Theo:
>
> Why? us.tt acts as a registrar (www.us.tt -> joynic.com), dolling out
> .us.tt to others, so we want to be able to deal with that.
> Same as other .tt 2TLDs.
> Somebody got VERY clever w
I'm seeing lots of errors like the following recently...
spamd[945]: (?:(?<=[\s,]))* matches null string many times in regex;
marked by <-- HERE in m/\G(?:(?<=[\s,]))* <-- HERE \Z/ at /System/
Library/Perl/5.8.6/Text/Wrap.pm line 46.\n
Running 3.1.4 with Text::Wrap version 2006.711
--
Ste
64 matches
Mail list logo
