NetComrade wrote:
> We have whitelisted our domain, but now we have spam coming from users that
> claim they're in our domain.
>
> What's the best way to fight it?
The best way is to reject it at smtp time. It must be done at smtp
time because rejecting at any other time would cause you to be a
Hi
I am getting .htm spams. how to avoid that
--
Sg
If you don't mind my shameless plug, even though that IP
doesn't show up on any of the blacklists reported by either
dnsstuff.com or robtex.com ...I've had it listed on my ivmSIP.com
"Sender's IP" dnsbl since Sunday, July 15, 2007 12:25 PM.
And there are many more like this! (Still taking test
This might be a job for a simple plug-in.
{o.o}
- Original Message -
From: <[EMAIL PROTECTED]>
Hi,
if the same IP address is used every time, bayes will probably learn it.
If someone is using a random number generator for the IPs, a rule that
detects impossible ones
might be nice. I
Those are not even addresses let alone abuse IP-addresses.
{^_^}
- Original Message -
From: "Jari Fredriksson" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, 2007, July 31 11:52
Subject: Re: trapping rubbish?
[EMAIL PROTECTED] wrote:
looking at a piece of spam that was scored low, I noticed
Robert Fitzpatrick wrote:
> Still getting these attachments with SA-3.1.7 + SARE + sa-update +
> amavisd + clamav with sanesecurity sigs. Should I be blocking these
> with those rule sets? Can someone test this to see how you may be
> blocking?
>
> http://esmtp.webtent.net/mail1.txt
>
> Thanks :
Still getting these attachments with SA-3.1.7 + SARE + sa-update +
amavisd + clamav with sanesecurity sigs. Should I be blocking these with
those rule sets? Can someone test this to see how you may be blocking?
http://esmtp.webtent.net/mail1.txt
Thanks :)
--
Robert
On Tue, 31 Jul 2007 at 18:20 -0400, [EMAIL PROTECTED] confabulated:
John D. Hardin wrote:
On Tue, 31 Jul 2007, mouss wrote:
running SA at smtp time requires that the client does not timeout.
so you'd better scan fast! you're also more subject to DOS (your
smtp listeners are busy). compare thi
John D. Hardin wrote:
On Tue, 31 Jul 2007, mouss wrote:
running SA at smtp time requires that the client does not timeout.
so you'd better scan fast! you're also more subject to DOS (your
smtp listeners are busy). compare this to queue and filter...
okay, here's a sick idea:
(1) MTA complete
At 14:25 31-07-2007, mouss wrote:
If they faked the From header, then they are seriously broken.
They are not "faking" the From header.
Subject: NDN: (Suspected Spam:) soggy mirror
X-Mailer: FirstClass 8.2 (build 8.094)
The non-delivery notification from that mailer is broken.
Regards,
-sm
On Tue, 31 Jul 2007, mouss wrote:
> running SA at smtp time requires that the client does not timeout.
> so you'd better scan fast! you're also more subject to DOS (your
> smtp listeners are busy). compare this to queue and filter...
okay, here's a sick idea:
(1) MTA completes the SMTP exchange
Hi,
mouss wrote:
Rick Macdougall wrote:
simscan correctly uses an SMTP REJECT (55x code during the smtp
conversation) and it is also possible to use custom reject messages
with simscan so the sender, if any, knows exactly why the message was
rejected.
I have yet to see a good implementati
Rick Macdougall wrote:
simscan correctly uses an SMTP REJECT (55x code during the smtp
conversation) and it is also possible to use custom reject messages
with simscan so the sender, if any, knows exactly why the message was
rejected.
I have yet to see a good implementation of this in Postf
[EMAIL PROTECTED] wrote:
I just found this in my inboy -is someone trying a new look of bounces?
I have replaced actual recipient with [EMAIL PROTECTED]
If they faked the From header, then they are seriously broken.
Wolfang Hamann
Received: from fc.williston.com (HELO williston.com) (68.11
Tuc at T-B-O-H.NET wrote:
It comes as a blank message with a "bulletin.zip". Its actually a
RAR file. You unrar it and it produces "bulletin.txt". Then its a stock
spam.
I guess they've given up on hoping PC owners will sucker for their game.
I can't imaging that one PC owner in 100K know
Hi,
if the same IP address is used every time, bayes will probably learn it.
If someone is using a random number generator for the IPs, a rule that detects
impossible ones
might be nice. I have seen received headers with the same problem as well
Wolfgang Hamann
>>
>> [EMAIL PROTECTED] wrote:
Matt Kettler-3 wrote:
>
> Matt Kettler wrote:
>> su -c "username" spamassassin --revoke...
>>
>>
>>
> Erk, that should be su "username" -c "spamassassin --revoke".. Pardon my
> error.
>
Please read my reply to Martin Schütte earlier.
--
View this message in context:
http://www.nabble.com/
On Tue, 31 Jul 2007, Jari Fredriksson wrote:
> [EMAIL PROTECTED] wrote:
> > looking at a piece of spam that was scored low, I noticed
> >
> > X-Originating-IP: [383.552.476.5]
> >
> > Wouldn't that be a nice thing to score on?
> >
> > Wolfgang Hamann
>
> Bayes learns it. What's so nice in it i
On Tue, Jul 31, 2007 at 10:03:30AM +0200, Rocco Scappatura wrote:
> It is possible to block the spam sent by GreetingCards.com which invites
> the receiver to access an URL and browse the ecard?
>
> I mean that spam which has subject similar to:
>
> You've received a greeting ecard from a Colleag
Per Jessen wrote:
> Jari Fredriksson wrote:
>
>> [EMAIL PROTECTED] wrote:
>>> looking at a piece of spam that was scored low, I noticed
>>>
>>> X-Originating-IP: [383.552.476.5]
>>>
>>> Wouldn't that be a nice thing to score on?
>>>
>>> Wolfgang Hamann
>>
>> Bayes learns it. What's so nice in
Jari Fredriksson wrote:
> [EMAIL PROTECTED] wrote:
>> looking at a piece of spam that was scored low, I noticed
>>
>> X-Originating-IP: [383.552.476.5]
>>
>> Wouldn't that be a nice thing to score on?
>>
>> Wolfgang Hamann
>
> Bayes learns it. What's so nice in it in your opinion?
In my opini
On Tue, 31 Jul 2007 at 21:52 +0300, [EMAIL PROTECTED] confabulated:
[EMAIL PROTECTED] wrote:
looking at a piece of spam that was scored low, I noticed
X-Originating-IP: [383.552.476.5]
Wouldn't that be a nice thing to score on?
Wolfgang Hamann
Bayes learns it. What's so nice in it in your
[EMAIL PROTECTED] wrote:
> looking at a piece of spam that was scored low, I noticed
>
> X-Originating-IP: [383.552.476.5]
>
> Wouldn't that be a nice thing to score on?
>
> Wolfgang Hamann
Bayes learns it. What's so nice in it in your opinion?
Various blacklists learn abuseable IP-addresses a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Administrator wrote:
> If you disable the bayes mySQL database you will break amavisd-maia.
Not quite; you can use the flat-file Berkeley-style database for your
Bayes and AWL databases with Maia if you like, it's just that certain
SQL-specific utili
looking at a piece of spam that was scored low, I noticed
X-Originating-IP: [383.552.476.5]
Wouldn't that be a nice thing to score on?
Wolfgang Hamann
On Tue, 31 Jul 2007, NetComrade wrote:
> We have whitelisted our domain, but now we have spam coming from
> users that claim they're in our domain.
>
> What's the best way to fight it?
How exactly did you "whitelist your domain"? whitelist_from is a
last resort even though it's the most appeali
NetComrade wrote:
We have whitelisted our domain, but now we have spam coming from users that
claim they're in our domain.
What's the best way to fight it?
You REALLY dont want to whitelist your own domain. Your seeing why
right now. Use SPF? or perhaps a whitelist rule thats less prone t
We have whitelisted our domain, but now we have spam coming from users that
claim they're in our domain.
What's the best way to fight it?
--
View this message in context:
http://www.nabble.com/Reject-spam-from-my-own-domain-tf4194651.html#a11929292
Sent from the SpamAssassin - Users mailing lis
>>
>> Diego Pomatta wrote:
>> > But is not qmail's job to detect spam
>>
>> True.
>>
>> > or tell the sender what the
>> > problem was;
>>
>> True only for your local site policy; most people who reject spam would
>> like to let the sender know so legitimate senders can rearrange their
>> m
Kris Deugau escribió:
I don't drop anything but confirmed viruses on my *personal* mail
system, never mind the systems I'm responsible for at work; I shudder
to think of the cries of outrage if I silently dropped spam on the ISP
mail systems I administer. (There *have* been business-related F
>
> > It comes as a blank message with a "bulletin.zip". Its actually a
> > RAR file. You unrar it and it produces "bulletin.txt". Then its a stock
> > spam.
>
> I guess they've given up on hoping PC owners will sucker for their game.
> I can't imaging that one PC owner in 100K knows what a RAR f
Loren Wilton wrote:
>> It comes as a blank message with a "bulletin.zip". Its actually a
>> RAR file. You unrar it and it produces "bulletin.txt". Then its a
>> stock spam.
>
> I guess they've given up on hoping PC owners will sucker for their
> game. I can't imaging that one PC owner in 100K kno
It comes as a blank message with a "bulletin.zip". Its actually a
RAR file. You unrar it and it produces "bulletin.txt". Then its a stock
spam.
I guess they've given up on hoping PC owners will sucker for their game.
I can't imaging that one PC owner in 100K knows what a RAR file is or how to
c
Diego Pomatta wrote:
But is not qmail's job to detect spam
True.
or tell the sender what the
problem was;
True only for your local site policy; most people who reject spam would
like to let the sender know so legitimate senders can rearrange their
message to try again. More generally, i
> Matus UHLAR - fantomas escribió:
> >when we ran qmail, we had false positives, and we did not like the fact we
> >could not tell sender what the problem was...
On 31.07.07 08:41, Diego Pomatta wrote:
> But is not qmail's job to detect spam or tell the sender what the
> problem was; qmail is jus
John Rudd wrote:
dalchri wrote:
Well, I setup MIMEDefang. Everything is working as I want except that
the
(fake) rejected mail does not make it through the milter to Exchange. I
used action_bounce to reject the message in mimedefang-filter.
Is there a way to send the rejection code but still
John Rudd wrote:
dalchri wrote:
Well, I setup MIMEDefang. Everything is working as I want except that
the
(fake) rejected mail does not make it through the milter to Exchange. I
used action_bounce to reject the message in mimedefang-filter.
Is there a way to send the rejection code but still
Hi,
It comes as a blank message with a "bulletin.zip". Its actually a
RAR file. You unrar it and it produces "bulletin.txt". Then its a stock
spam.
Tuc
dalchri wrote:
Well, I setup MIMEDefang. Everything is working as I want except that the
(fake) rejected mail does not make it through the milter to Exchange. I
used action_bounce to reject the message in mimedefang-filter.
Is there a way to send the rejection code but still get the message th
If you disable the bayes mySQL database you will break amavisd-maia.
Either use amavisd-maia or amavisd-new with either flat files or mySQL.
Salvatore wrote:
> "Lina, Patrick" wrote:
>> At least these must be configured:
>> use_bayes 1
>> bayes_path /var/amavisd/.spamassassin/bayes
>>
>> All the
Well, I setup MIMEDefang. Everything is working as I want except that the
(fake) rejected mail does not make it through the milter to Exchange. I
used action_bounce to reject the message in mimedefang-filter.
Is there a way to send the rejection code but still get the message through
the milter
Rocco Scappatura escribió:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
BR,
rocsca
I asked something about c
Matus UHLAR - fantomas escribió:
when we ran qmail, we had false positives, and we did not like the fact we
could not tell sender what the problem was...
But is not qmail's job to detect spam or tell the sender what the
problem was; qmail is just the MTA, and a damn fine one imho.
A filter/
On Tue, 31 Jul 2007 11:01:16 +0200
[EMAIL PROTECTED] wrote:
> Hi,
>
> I was wondering when the 3.2.x branch will be available for Debian.
> The latest version available is 3.1.7 and I guess there are some
> good improvements in the new version (for instance sa-compile from
> which I hope to spe
"Lina, Patrick" wrote:
At least these must be configured:
use_bayes 1
bayes_path /var/amavisd/.spamassassin/bayes
All the bayes_sql* and bayes_store_module can be
removed/hashed out.
De default store module for bayes is DB_File (make sure
you have the DB_File perl module installed)
..with php
You place the databases in the /var/lib/clamav (same default dir as the
standard databases for clamav). Reload clamav or wait till freshclam kicks
in.
/Jeroen
On Tue, 31 Jul 2007, Sujit Acharyya-Choudhury wrote:
Thanks for the reply. How do you configure the databases) downloaded from
Sa
On Sun, 29 Jul 2007, dalchri wrote:
| Although a rejection notice was sent, we still retained the spam. This
| meant that when our users got a call from their customer about the
| rejected spam, they could quickly locate the message without it having
| to be resent.
Hi,
So you want to return
Salvatore,
At least these must be configured:
use_bayes 1
bayes_path /var/amavisd/.spamassassin/bayes
All the bayes_sql* and bayes_store_module can be
removed/hashed out.
De default store module for bayes is DB_File (make sure
you have the DB_File perl module installed)
Patrick
> -O
"Lina, Patrick" wrote:
Looks to me you've configured mySQL as your Bayes database,
so the flat files in your 'bayes_path' aren't used.
Try checking if your mySQL DB gets updated.
..if I don't want use mySQL as my Bayes database I must disable in local.cf:
bayes_store_module Mail::SpamAssassin
Thanks for the reply. How do you configure the databases) downloaded from
Sanesecurity for use with spamassassin?
Many thanks
Sujit
-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of René Berber
Sent: 30 July 2007 20:04
To: users@spamassassin.apache.org
Subject: Re:
Hi Salvatore,
Looks to me you've configured mySQL as your Bayes database,
so the flat files in your 'bayes_path' aren't used.
Try checking if your mySQL DB gets updated.
Greetings,
Patrick
> -Original Message-
> From: Salvatore [mailto:[EMAIL PROTECTED]
> Sent: dinsdag 31 juli 200
On 30.07.07 17:49, Diego Pomatta wrote:
> No problems here whatsoever.
> And... I don't understand the point. Every piece of software has bugs.
> Even the e-mail client you used to create your msg.-
of course. but qmail has too much of them, some of them are really annoying
(at least for some peo
Rocco wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
Hi Rocco,
those I looked at all had a numeric ip in the ur
On 31.07.07 11:01, [EMAIL PROTECTED] wrote:
> I was wondering when the 3.2.x branch will be available for Debian.
as soon as package maintainer uploads new version
> The latest version available is 3.1.7 and I guess there are some good
> improvements in the new version (for instance sa-compil
Hi, I use SA-3.1.9 with amavisd-new and Maia...my problem is that the bayes
aren't bring up to date, I have:
[EMAIL PROTECTED] ~]# ls -l /var/amavisd/.spamassassin/
totale 32
-rwxr-x--- 1 amavis amavis 12288 20 lug 17:40 auto-whitelist
-rwxr-x--- 1 amavis amavis 12288 20 lug 17:32 bayes_seen
-rw
Hi,
I was wondering when the 3.2.x branch will be available for Debian.
The latest version available is 3.1.7 and I guess there are some good
improvements in the new version (for instance sa-compile from which I
hope to speed up things a little)
Greets
Chris
--
Christoph Petersen
On Tue, Jul 31, 2007 at 10:03:30AM +0200, Rocco Scappatura wrote:
> It is possible to block the spam sent by GreetingCards.com which invites
> the receiver to access an URL and browse the ecard?
>
> I mean that spam which has subject similar to:
>
> You've received a greeting ecard from a Colleag
On Tuesday 31 July 2007, Rocco Scappatura wrote:
> It is possible to block the spam sent by GreetingCards.com which invites
> the receiver to access an URL and browse the ecard?
>
> I mean that spam which has subject similar to:
>
> You've received a greeting ecard from a Colleague!
Mine stops it
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
BR,
rocsca
59 matches
Mail list logo
