Hello,
I have noticed some spam emails coming through for the past 7 days. Am
running spamassassin 3.2.0-2 with Exim 4.63-17 on a Debian machine. I run
sa-updates every 3 hours. I also noticed there is a new version on
spamassassin but it still an unstable version on the Debian mirrors I use
and
On Thu, Jul 12, 2007 at 04:00:33AM +0200, arni wrote:
> I put this together within an around an hour to show how its possible to
> cope with pdf spam - the script compeltely decodes the pdf attachment
> into text and images and reattaches them. Like this the text is fully
> available to all mean
From: "Phil Barnett" <[EMAIL PROTECTED]>
On Wednesday 11 July 2007, Yet Another Ninja wrote:
On 7/12/2007 12:50 AM, Phil Barnett wrote:
> On Wednesday 11 July 2007, SARE Webmaster wrote:
>> There has been discussion of taking down the public site, opening
>> something new ( private access, invit
Hi,
what i'm going to show you is purely show or prove of concept - there is
no way you should use the code in a productional environment, because it
most likely has exploitable bugs as well as inacuracies that will not be
able to parse all mail properly.
I put this together within an around
On Jul 11, 2007, at 4:17 PM, Philip Prindeville wrote:
What are the websites to get them RBL blacklisted?
How does one nominate them to a place of infamy?
I am tempted to bring up a very simple service backed by Amazon AWS,
maybe using SQS or S3, to accept blacklist submissions from
Spam
At 04:00 PM 7/11/2007, Yet Another Ninja wrote:
hey
great ideas - who volunteers to setup the Torrent stuff and manage it all ?
I wouldn't know how to do that, but would be willing to offer some of
my tiny server and bandwidth to the cause.
Current system is OS X Server, but will be ported
On Wednesday 11 July 2007, Yet Another Ninja wrote:
> On 7/12/2007 12:50 AM, Phil Barnett wrote:
> > On Wednesday 11 July 2007, SARE Webmaster wrote:
> >> There has been discussion of taking down the public site, opening
> >> something new ( private access, invite only, acl by ip, etc), in hopes
>
Phil Barnett wrote:
> How about releasing the ruleset via torrent or something similar. Anything
> that you could do to distribute the load and location would make a ddos
> attack less effective. While there might not be a lot of people on this list
> who can use their server to take on the ent
Phil Barnett wrote:
On Wednesday 11 July 2007, Philip Prindeville wrote:
Michele Neylon :: Blacknight wrote:
Philip Prindeville wrote:
No joy.
How long ago did you report it?
Which time? It happens regularly, and it's been going on over a month.
On 7/12/2007 12:50 AM, Phil Barnett wrote:
On Wednesday 11 July 2007, SARE Webmaster wrote:
There has been discussion of taking down the public site, opening
something new ( private access, invite only, acl by ip, etc), in hopes
to avoid ddos and provide better services, more requent rule update
On Wednesday 11 July 2007, Philip Prindeville wrote:
> Michele Neylon :: Blacknight wrote:
> > Philip Prindeville wrote:
> No joy.
> >>>
> >>> How long ago did you report it?
> >>
> >> Which time? It happens regularly, and it's been going on over a month.
> >
> > Ok. That changes things, but
On Wednesday 11 July 2007, SARE Webmaster wrote:
> There has been discussion of taking down the public site, opening
> something new ( private access, invite only, acl by ip, etc), in hopes
> to avoid ddos and provide better services, more requent rule updates,
> and so on. We are trying our be
Hi everyone,
I'm curious to know if there's a bug of some sort with 3.2-
These are the symptoms I experience
I get spamd time-outs all over the place, and when I do a netstat I have
dozens of connections to port 783 in the FIN_WAIT stage and it just hangs
till they time out-
I had this problem
Michele Neylon :: Blacknight wrote:
Philip Prindeville wrote:
No joy.
How long ago did you report it?
Which time? It happens regularly, and it's been going on over a month.
Ok. That changes things, but you didn't say anything in your post
about it going on for a month
I note a
Robert - eLists wrote:
Praise God Almighty!
We were able to spend more than a few seconds and many click on the
rulesemporium website.
Awesome.
As it says, was it moved over to vr.org ???
A couple years ago... yup. Which is now netactuate.com
--
Dallas Engelken
[EMAIL PROTECTED]
http
Ken A wrote:
Mike Grau wrote:
A little misinformation tossed to spammers isn't bad here.
I hear there's a mirror in Afghanistan too. And by all means.. when
you browse the site.. click the stop button in your browser between
it's loading each image on each page, then click the start button
Otto TheBusDriver wrote:
I'm seeing False Positives on the rule SARE_BEASTUD for a message that
we are receiving.
This rule is matching on the following text "be a studio".
"I look forward to reading many more books, and when my voice goes, I
will continue to be a studio monitor and technician.
I'm seeing False Positives on the rule SARE_BEASTUD for a message that
we are receiving.
This rule is matching on the following text "be a studio".
"I look forward to reading many more books, and when my voice goes, I
will continue to be a studio monitor and technician."
How does one go about g
Philip Prindeville wrote:
No joy.
How long ago did you report it?
Which time? It happens regularly, and it's been going on over a month.
Ok. That changes things, but you didn't say anything in your post about
it going on for a month
--
Mr Michele Neylon
Blacknight Solutions
Ho
Michele Neylon :: Blacknight wrote:
Philip Prindeville wrote:
We're seeing a lot of unwanted attempts to relay traffic through our
site by Orange.fr, and we've reported this to their Abuse contact as
well as their upstream provider (rain.fr):
Jul 11 11:30:37 mail mimedefang.pl[31610]: relay:
Philip Prindeville wrote:
We're seeing a lot of unwanted attempts to relay traffic through our
site by Orange.fr, and we've reported this to their Abuse contact as
well as their upstream provider (rain.fr):
Jul 11 11:30:37 mail mimedefang.pl[31610]: relay: bad tld orange.fr
Jul 11 11:30:37 mai
Daniel J McDonald wrote:
On Wed, 2007-07-11 at 14:49 +0530, Suhas Ingale wrote:
Has anyone tried running PDFInfo plugin with 3.1.7 version?
No, finally got it working yesterday evening using 3.2.1, but the
initial results are underwhelming. Almost 100% overlap with
TVD_SPACE_RATIO.
We're seeing a lot of unwanted attempts to relay traffic through our
site by Orange.fr, and we've reported this to their Abuse contact as
well as their upstream provider (rain.fr):
Jul 11 11:30:37 mail mimedefang.pl[31610]: relay: bad tld orange.fr
Jul 11 11:30:37 mail mimedefang.pl[31610]: fil
We found the problem. The machine we're using is an LDAP client for all
~8000 users, and it seems that spamc/spamd is failing if the username is not
cached in nscd - simply typing "ls -l /home" solves it temporarily until the
cache timeout, since all objects are then cached. We fixed this by run
On Wed, Jul 11, 2007 at 05:37:16PM +0200, Fabien GARZIANO wrote:
> I can't get nowhere, Wiki, FAQ, mail archive, this thing. I'm looking
> for a kind of "dictionnary" providing an explanation for each rule of
> the default ruleset provided with spamassassin ...
There is no such thing, but we welco
Hi
I am looking at writing an extension to MailScanner so that we can allow
different settings to be applied.
My primary objective is to allow different username to be used for bayes.
If I am able to achieve scores and and rules as well this would be a bonus.
I have mocked something up which us
Hi Folks,
I can't get nowhere, Wiki, FAQ, mail archive, this thing. I'm looking
for a kind of "dictionnary" providing an explanation for each rule of
the default ruleset provided with spamassassin ... Sorry for my poor
english. Let's have an exemple :
RCVD_ILLEGAL_IP : In my .cf files, I only go
If your IP is blocked, for whatever reason, perhaps a proxy would help
you until your IP is unblocked.
http://translate.google.com/translate?u=http%3A%2F%2Fwww.rulesemporium.com%2F&langpair=fr%7Cen
I bet the 'donate' link would help :-)
Ken
Okay, done. We'll see if it helps.
Mike
Mike Grau wrote:
A little misinformation tossed to spammers isn't bad here. I
hear there's a mirror in Afghanistan too. And by all means.. when you
browse the site.. click the stop button in your browser between it's
loading each image on each page, then click the start button again.
It's t
A little misinformation tossed to spammers isn't bad here. I
hear there's a mirror in Afghanistan too. And by all means.. when you
browse the site.. click the stop button in your browser between it's
loading each image on each page, then click the start button again. It's
tricky, but if you
jdow wrote:
From: "Ken A" <[EMAIL PROTECTED]>
SARE Webmaster wrote:
Daryl C. W. O'Shea wrote:
Loren
Wilton wrote:
Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>>
On 07/09/2007 04:01 PM the voices made Joe Zitnik write:
I can't get here:
http://www.rulesemporium.com/rules
Is rulesemporium
I'm currently using 3.1.7 version as I upgraded the server to Debian
4.0.
How can I be sure Spamassassin and Amavis are using the updated
rulesets ?
Thanks for you help.
Run amavisd-new in debug-sa mode for a minute (after stopping it):
amavisd-new stop
amavisd-new debug-sa
Gary V
__
Hello All,
I have set the German rules and its updating from a chennel file...
however, mails are not regarded as spam because the bayes check rates it as
non-spam,
giving a high (-)tive score
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,NO_DNS_FOR_FROM,
ZMIde_STOCKBLOCK1
"echo test | spamassassin -D"
It'll give a load of debug output, scan through that and look at the
paths of the files its using, there will be something like this to confirm it:
[9392] dbg: config: using
"/var/lib/spamassassin/3.001003/updates_spamassassin_org/50_scores.cf" for
included file
[9
Sg wrote:
> Hi
>
> Where is the spam log file located?
On windows? Probably nowhere. I don't think Windows has a syslogd.
On *nix, spamd will log to the mail facility, so it will end up
where-ever syslogd is configured to write that facility, generally
/var/log/maillog.
If you're just invoking "s
On Wed, 2007-07-11 at 14:49 +0530, Suhas Ingale wrote:
> Has anyone tried running PDFInfo plugin with 3.1.7 version?
>
No, finally got it working yesterday evening using 3.2.1, but the
initial results are underwhelming. Almost 100% overlap with
TVD_SPACE_RATIO. Only one miss:
sudo grep GMD_PDF
Hello,
I'm migrating to SQL Bayes storage method. I have plenty of email
accounts. By this time, all of them had their own database in their home
directories. Such approach unfortunately consumes a lot of disk space, so
now I'm thinking about bayes_sql_override_username option, which a
From: Jari Fredriksson [mailto:[EMAIL PROTECTED]
Sent: Tue 7/10/2007 15:22
To: Jean-Paul Natola; users@spamassassin.apache.org
Subject: Re: bayes directory
>>Bayes needs 200 ham & 200 spam to work.
>>You can read it's statistics by command "sa-learn --dump mag
Sounds great.
I'm currently using 3.1.7 version as I upgraded the server to Debian
4.0.
How can I be sure Spamassassin and Amavis are using the updated
rulesets ?
Thanks for you help.
Le mercredi 11 juillet 2007 à 10:12 +0100, Adam Wilbraham a écrit :
> You shouldn't need to add anything, it wi
Hello,
I am trying to run PDFInfo plugin with SA 3.1.7. SA registers the plugin
successfully but does not scan the PDFs in the emails. According to Dallas
Engelken (Creator of PDFInfo) , The MIME parser in SA is not seeing a PDF
attachment on this message.
Has anyone tried running PDFInfo p
Hi!
Wouldn't you say the DDOS protection theory and/or implementation is broken
if topology and routing is not taken into account?
You know, we are not posting to this list to rag on them, we just wanna be
able to hit the website for info when necessary and without being tossed in
the crapper
You shouldn't need to add anything, it will pay attention to them
automatically once they've downloaded. However, make sure you're using a
new enough version of SpamAssassin that supports sa-update - the
version in the standard Sarge repository doesn't, you'll have to get
3.1.7 from Backports.
On
> As I said, we use a trick that makes the fetches work. It does not get
> us tarred by the DoS filter. So access to the web site is really easy.
> I also check "when I feel like it" rather than hourly as I've heard some
> "people" work. Weekly is more than enough unless you see a notification
> h
From: "Sg" <[EMAIL PROTECTED]>
Hi
Where is the spam log file located?
It varies. It seems to be in /var/log/ "somewhere". For RH/FC it seems to
be in /var/log/maillog*. I hope that helps.
{^_^}
From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
jdow wrote:
From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>
Loren Wilton wrote:
Mike Grau <[EMAIL PROTECTED]> 07/09/07 5:15 PM >>>
On 07/09/2007 04:01 PM the voices made Joe Zitnik write:
I can't get here:
http://www.rulesemporium.com/rules
Is
Hi,
I'm planning to use sa-update for my SA installation to be updated.
I ran sa-update and it downloaded the updated rulesets
in /var/lib/spamassassin/3.001007 along with some other files.
In the previous directory, I found some configuration files :
updates_spamassassin_org.cf which point to
46 matches
Mail list logo
