Re: foreign spam slipping through

I'll have to check and see why kmail has that as the default. enabling RBL's doesn't have to query them everytime does it? meaning does it cache them. No, SA doesn't cache them, and does test them every time. Running a caching DNS server somewhere near the SA machine (possibly on the same mac

Re: foreign spam slipping through

what's the minimum? By default 200 of each. It can be changed, but that isn't a good idea. Loren

Re: Blank messages

At 05:21 PM Thursday, 4/3/2008, Matt Kettler wrote -=> Ed Kasky wrote: At 01:29 PM Thursday, 4/3/2008, John Hardin wrote -=> On Thu, 3 Apr 2008, Ed Kasky wrote: X-Spam-Status: No, score=5.3 required=6.9 tests=BAYES_99,HTML_MESSAGE, RDNS_DYNAMIC,SARE_OBFU_MILLIONS autolearn=no version

Re: foreign spam slipping through

On Thursday 03 April 2008 07:43:58 pm Karsten Bräckelmann wrote: > Also, there are constraints like a minimum spam *and* ham learned, > before Bayes kicks in, yada yada -- but you appear to have resolved that > already judging by your later post. what's the minimum? -- Caleb Cushing my blog htt

Re: foreign spam slipping through

On Thursday 03 April 2008 07:44:04 pm Karsten Bräckelmann wrote: > Yes, you have -- by calling spamassassin with he -L switch. See my > previous post. I'll have to check and see why kmail has that as the default. enabling RBL's doesn't have to query them everytime does it? meaning does it cache t

New DNS list for host information using strings instead of numbers

Theo Van Dinter wrote: I'm not saying anything positive or negative about the different lists, but there's a long precedent of doing this type of thing w/ bits in a standard DNS response. Look at SURBL and URIBL, for example -- a single response encodes multiple individual list entries, and th

Feature request

Hi, everybody (but specially developers). I've been running a sitewide Bayes setup for almost three years, with a wonderful result. Along with that, I report spam messages to my local spamassassin setup (and some to spamcop) via a web interface (embedded in our Webmail). >From the last training ru

Re: Blank messages

Ed Kasky wrote: At 01:29 PM Thursday, 4/3/2008, John Hardin wrote -=> On Thu, 3 Apr 2008, Ed Kasky wrote: X-Spam-Status: No, score=5.3 required=6.9 tests=BAYES_99,HTML_MESSAGE, RDNS_DYNAMIC,SARE_OBFU_MILLIONS autolearn=no version=3.2.4 How did it hit SARE_OBFU_MILLIONS with a blank

Re: foreign spam slipping through

On Thu, 2008-04-03 at 18:33 -0400, Caleb Cushing wrote: > On Thursday 03 April 2008 06:16:51 pm D Hill wrote: > >ok_locales en > will add Which doesn't help in this case. ok_locales is about the charsets [1], and your spample does indeed use a Western character set (aka "en" in ok_locales ter

Re: foreign spam slipping through

On Thu, 2008-04-03 at 16:12 -0400, Caleb Cushing wrote: > I have no idea what it says, or why it continues to slip through my filter > (well why it has a lower score than what's required). > > kmail runs spamassassin -L with filters to check for spam ^^ You are explicitl

Re: foreign spam slipping through

On Thursday 03 April 2008 06:16:51 pm D Hill wrote: > I also have: > >    ok_locales en will add > In your headers, I didn't see UNWANTED_LANGUAGE_BODY. Do you have the > TextCat plugin enabled/loaded? In my install, it is found in: > >    /etc/mail/spamassassin/v310.pre > > This is actually the d

Re: office rule

mouss wrote: The approach is flawed. a single word shouldn't be enough to tag mail as spam. As a general rule, yes 100% agree...but to play devil's advocate for a second, I slam any message that contains references to a little blue pill starting with "V" and sounding like a play on Niagara Fa

Re: foreign spam slipping through

On Thu, 3 Apr 2008 at 17:00 -0400, [EMAIL PROTECTED] confabulated: On Thursday 03 April 2008 04:32:40 pm you wrote: Most of those are getting caught here. Here is what your message scored: any way to increase the score that language receives? I have the same: ok_languages en I also have

Unsubscribe (was: foreign spam slipping through)

At 13:51 03-04-2008, Matt wrote: How do I unsubscribe from here? There are no unsubscribe links at the bottom of these messages. The links are in the message headers. list-help: list-unsubscribe: Regards, -sm

Re: foreign spam slipping through

On Thu, 3 Apr 2008 at 16:51 -0400, [EMAIL PROTECTED] confabulated: How do I unsubscribe from here? There are no unsubscribe links at the bottom of these messages. As found in the headers of ALL list messages: list-unsubscribe:

Re: Dramatic increase in bounce messages to forged addresses

On Thu, 3 Apr 2008, Michael Scheidell wrote: I say death penalty to spammers. That's going to be the only truly effective solution. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -

Re: Score Definitions

SM wrote: "The rules catch spam. If your email isn't spam, you shouldn't be matching the rules. Even if you do hit an occasional rule, unless your email actually is spam, it shouldn't score high enough to be a problem." If you are looking for an explanation on how to bypass the rules, you w

Re: mail from dialups via ISP MTA

> On 01.04.08 17:20, Arvid Ephraim Picciani wrote: > > actually i mean SORBS and NJABL. they matched the sender. > > if we are still talking about mail from 66-211-213-17.velocity.net > [66.211.213.17], they were not matched by any dynamic lists. > sender! not the relay. the realy matching DRNS_DY

blogspot uris changed

just a hint for those who use blogspot rules: the uri scheme changed to a random number/character combination. -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani

Re: Blank messages

At 01:29 PM Thursday, 4/3/2008, John Hardin wrote -=> On Thu, 3 Apr 2008, Ed Kasky wrote: X-Spam-Status: No, score=5.3 required=6.9 tests=BAYES_99,HTML_MESSAGE, RDNS_DYNAMIC,SARE_OBFU_MILLIONS autolearn=no version=3.2.4 How did it hit SARE_OBFU_MILLIONS with a blank body? I wish I

Re: foreign spam slipping through

How do I unsubscribe from here? There are no unsubscribe links at the bottom of these messages. On Thu, Apr 3, 2008 at 4:12 PM, Caleb Cushing <[EMAIL PROTECTED]> wrote: > the attached email is one of the mails that keeps slipping through. > > I have no idea what it says, or why it continues to s

Re: Dramatic increase in bounce messages to forged addresses

-- Michael Scheidell, CTO >|SECNAP Network Security Winner 2008 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer Charter member, ICSA labs anti-spam consortium > From: Mark Martinec <[EMAIL PROTECTED]> > Organization: J. Stefan Institute > Date: Thu, 3 Apr 2008 14:09:51

Re: foreign spam slipping through

On Thu, 3 Apr 2008, Caleb Cushing wrote: the attached email is one of the mails that keeps slipping through. Please don't send 300kb attachments to a mailing list. Post the message headers and body to a website you control (or use a service like pastebin) if you wish to provide a sample. -

Re: foreign spam slipping through

On Thu, 3 Apr 2008 at 16:12 -0400, [EMAIL PROTECTED] confabulated: the attached email is one of the mails that keeps slipping through. I have no idea what it says, or why it continues to slip through my filter (well why it has a lower score than what's required). kmail runs spamassassin -L wit

Re: Blank messages

On Thu, 3 Apr 2008, Ed Kasky wrote: X-Spam-Status: No, score=5.3 required=6.9 tests=BAYES_99,HTML_MESSAGE, RDNS_DYNAMIC,SARE_OBFU_MILLIONS autolearn=no version=3.2.4 How did it hit SARE_OBFU_MILLIONS with a blank body? -- John Hardin KA7OHZhttp://www.impsec.org/~

Re: Blank messages

Ed Kasky wrote: > I can't seem to catch these emails with blank bodies. I upped the > BLANK_LINES_80_90 score to 3 but the email below didn't get a hit off > the rule. > > Is there another rule that I don't know about that is designed for > blank message bodies? > > Thanks in advance on this one.

Re: Score Definitions

At 11:38 03-04-2008, egrossKintera wrote: I'm having a similar problem with understanding SpamAssassin scores and rules. I have searched and searched for specific explanations of them, but have had very little luck. The links you provided are a start, but there is no real explanation for people

Blank messages

I can't seem to catch these emails with blank bodies. I upped the BLANK_LINES_80_90 score to 3 but the email below didn't get a hit off the rule. Is there another rule that I don't know about that is designed for blank message bodies? Thanks in advance on this one. These things have been pl

Re: New DNS list for host information?

I'm not saying anything positive or negative about the different lists, but there's a long precedent of doing this type of thing w/ bits in a standard DNS response. Look at SURBL and URIBL, for example -- a single response encodes multiple individual list entries, and there's no special code that

RE: New DNS list for host information?

I'd agree it's useful - the more info the better - Did you already write a spamassassin plugin or are you saying someone needs to? Steve Radich - http://www.aspdeveloper.net / http://www.virtualserverfaq.com BitShop, Inc. - Development, Training, Hosting, Troubleshooting - http://www.bitshop.com

Re: Score Definitions

On Thu, Apr 03, 2008 at 11:44:13AM -0700, Evan Platt wrote: > >0.4 HTML_60_70 BODY: Message is 60% to 70% HTML > >0.9 HTML_40_50 BODY: Message is 40% to 50% HTML > > > >I cleaned up an email template for a client, so the code was more > >streamlined and had less HTML (keepin

Re: Score Definitions

egrossKintera wrote: Another rule I found confusing was: 0.4 HTML_60_70 BODY: Message is 60% to 70% HTML versus 0.9 HTML_40_50 BODY: Message is 40% to 50% HTML I cleaned up an email template for a client, so the code was more streamlined and had less HTML (keeping the sa

Re: Score Definitions

I'm having a similar problem with understanding SpamAssassin scores and rules. I have searched and searched for specific explanations of them, but have had very little luck. The links you provided are a start, but there is no real explanation for people trying to code emails and eNewsletters. Fo

Re: New DNS list for host information?

Marc Perkel wrote: > Who likes this idea? The only way a list is really useful (for fighting spam) is when you publish 1) how it is collected and 2) what the list-criteria are. IMHO. /Per Jessen, Zürich

Re: trustedopinion.com

On Thu, Apr 03, 2008 at 08:58:28AM -0700, John Hardin wrote: > So register complaints with Habeas and SenderScore and get their > accreditations/certifications pulled. ... and also costing the sending company money, since they hit BSP. -- Randomly Selected Tagline: Hermes to Bender: "What did y

Re: office rule

mouss wrote: ... The approach is flawed. a single word shouldn't be enough to tag mail as spam. Furthermore, even checking for word boundaries may not help a lot on the OEM spammers. Several of them do quite a bit of obfuscation work to try to bypass simple filtering that the OP is askin

Error messages in maillog

While reading the maillog I found the following errors and wasent sure if it was coming from SpamAssasin or not. But the error keeps repeating over and over any ideas?. I'm running SpamAssassin 3.2.3 on CEntOS and was installed using the Blue Quartz management GUI. THanks in advanced! Apr 3 08

Re: Dramatic increase in bounce messages to forged addresses

Hi Mark, At 05:09 03-04-2008, Mark Martinec wrote: Does anyone have operational experience with a scheme of labeling envelope sender addresses to recognize legitimate bounces to own mail, such as the BATV scheme (Bounce Address Tag Validation): http://mipassoc.org/batv/ http://sourceforge.net

Re: trustedopinion.com

On Thu, 3 Apr 2008, Fletcher Mattox wrote: Surely such trust in them is misplaced? At a minimum, I can guarantee they are *not* "Opt-In or Better". So register complaints with Habeas and SenderScore and get their accreditations/certifications pulled. -- John Hardin KA7OHZ

trustedopinion.com

We just got hammered by something called trustedopinion.com with invitations to visit their website. Nearly 100 of these invitations sailed right through SpamAssassin with the help of two extraordinarily favorable rules: -8.0 HABEAS_ACCREDITED_COI RBL: Habeas Accredited Confirmed Opt-In or

New DNS list for host information?

I'm considering a DNS list that would return strings as TXT records that contain key words that classify the Forward Confirmed rDNS name based on a number of flags. For example, if the host is yahoo.com it might contain "yellow freemail" indicating that it is yellow listed (mixed ham/spam) and

RE: office rule

ram wrote: > On Wed, 2008-04-02 at 10:23 -0700, Kelson wrote: > >> ram wrote: >> >>> header __FROMOFFICE From =~/office/i >>> header __SUBOFFICE Subject =~/office/i >>> >>> meta OFFICERULE (__FROMOFFICE || __SUBOFFICE ) >>> score OFFICERULE 4.0 >>> >> And don't forget to add word

Re: apache.org botnet_soho ?

Benny Pedersen wrote: X-Spam-Status: No, score=-8.001 tagged_above=-20 required=5 tests=[BOTNET_SOHO=-2.5, MAILLISTS=-1.5, RCVD_IN_DNSWL_MED=-4, SPF_PASS=-0.001] Received: from mail.apache.org (hermes.apache.org [140.211.11.2]) by gate.junc.org (Postfix) with SMTP id C1CC016F4AD

apache.org botnet_soho ?

X-Spam-Status: No, score=-8.001 tagged_above=-20 required=5 tests=[BOTNET_SOHO=-2.5, MAILLISTS=-1.5, RCVD_IN_DNSWL_MED=-4, SPF_PASS=-0.001] Received: from mail.apache.org (hermes.apache.org [140.211.11.2]) by gate.junc.org (Postfix) with SMTP id C1CC016F4AD for <[EMAIL PROTECTE

Re: Dramatic increase in bounce messages to forged addresses

Mark Martinec writes: > > Yes, we have also seen it on many of our clients domains. > > Same here. > > Does anyone have operational experience with a scheme of labeling > envelope sender addresses to recognize legitimate bounces to own mail, > such as the BATV scheme (Bounce Address Tag Validati

Re: Dramatic increase in bounce messages to forged addresses

> > Yes, we have also seen it on many of our clients domains. On 03.04.08 14:09, Mark Martinec wrote: > Does anyone have operational experience with a scheme of labeling > envelope sender addresses to recognize legitimate bounces to own mail, > such as the BATV scheme (Bounce Address Tag Validatio

VBounce (was: Dramatic increase in bounce messages to forged addresses)

On 03.04.08 07:42, Michael Scheidell wrote: > Yes, we have also seen it on many of our clients domains. > Vbounce helps. It seems that VBounce doesn't catch quite much of bounces. I was checking bounces in our company's mailbox and bigger part of them didn't hit... I hope that will get better. I

Re: Dramatic increase in bounce messages to forged addresses

> Yes, we have also seen it on many of our clients domains. Same here. Does anyone have operational experience with a scheme of labeling envelope sender addresses to recognize legitimate bounces to own mail, such as the BATV scheme (Bounce Address Tag Validation): http://mipassoc.org/batv/ ht

Re: can we make AWL ignore mail from self to self?

On Thu, April 3, 2008 05:33, Bob Proulx wrote: > Who to forge? The answer is "Everyone!" Any address that can be > obtained from a spam-virus infected PC and any address that can be > harvested from a web page. Forge them all. yes a big problem without spf > They are (mostly) valid email add

Re: Dramatic increase in bounce messages to forged addresses

Yes, we have also seen it on many of our clients domains. Vbounce helps. -- Michael Scheidell, CTO >|SECNAP Network Security Winner 2008 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer Charter member, ICSA labs anti-spam consortium __

Re: can we make AWL ignore mail from self to self?

Jo Rhett wrote: On Apr 1, 2008, at 3:14 PM, Justin Mason wrote: Sorry, I don't the original messages any more. (I looked) But it wouldn't surprise me if the /16 matched. The mail I send myself is usually from Wifi or my phone carrier's GSM network, but accepted via SMTP AUTH on the local machi

Re: can we make AWL ignore mail from self to self?

Jo Rhett writes: > On Apr 1, 2008, at 3:14 PM, Justin Mason wrote: > >> Sorry, I don't the original messages any more. (I looked) But it > >> wouldn't surprise me if the /16 matched. The mail I send myself is > >> usually from Wifi or my phone carrier's GSM network, but accepted via > >> SMTP AU

Re: Dramatic increase in bounce messages to forged addresses

Matus UHLAR - fantomas wrote: On Wed, 2 Apr 2008, Justin Mason wrote: John Hardin writes: On Tue, 1 Apr 2008, William Terry wrote: Is there anything I can do to mitigate this? Do you publish SPF records? Logically this should have an effect, but in r

Re: office rule

ram wrote: On Wed, 2008-04-02 at 10:23 -0700, Kelson wrote: ram wrote: header __FROMOFFICE From =~/office/i header __SUBOFFICE Subject =~/office/i meta OFFICERULE (__FROMOFFICE || __SUBOFFICE ) score OFFICERULE 4.0 And don't forget to add word boundaries. You probably don't

Re: Dramatic increase in bounce messages to forged addresses

> On Wed, 2 Apr 2008, Justin Mason wrote: > > >John Hardin writes: > >>On Tue, 1 Apr 2008, William Terry wrote: > >> > >>>Is there anything I can do to mitigate this? > >> > >>Do you publish SPF records? > > > >Logically this should have an effect, but in real-world terms, it > >doesn't. So don't