On Fri, 2008-05-09 at 01:44 +0200, Benny Pedersen wrote:
> On Thu, May 8, 2008 23:19, mouss wrote:
>
> > configure postfix to replace previous ones
> > /^(X\-Envelope\-From:.*)/ REPLACE X-$1
>
> envelope from can here be forged
Precisely what I am afraid of. But the issue is whatever header I
Clayton Keller wrote:
Justin Mason wrote:
Clayton Keller writes:
Justin Mason wrote:
Matt Kettler writes:
Clayton Keller wrote:
I have been reading throught the Shortcircuit manpage as well as
some articles within the Wiki, and the manner in which I see it
performing within our install does
On Thu, May 8, 2008 23:19, mouss wrote:
> configure postfix to replace previous ones
> /^(X\-Envelope\-From:.*)/ REPLACE X-$1
envelope from can here be forged
better for postfix is to add
envelope_sender_header Return-Path
in local.cf
Benny Pedersen
Need more webspace ? http://www.servag
ram wrote:
At the MTA( postfix) I am inserting X-Envelope-From:
If The mail had already a X-Envelope-From before landing at my MTA then
There would be multiple lines of these
configure postfix to replace previous ones
/^(X\-Envelope\-From:.*)/ REPLACE X-$1
I am assuming you are not addi
- Original Message -
>Do you have a reference for discussion of this "IE Parsing bug" that led
>you to mention this oddball URI annotation format in the first place?
>There might be references in that to the definition of the format.
John,
I'm not sure if this is the bug Benny refers to
On Thu, May 8, 2008 19:19, [EMAIL PROTECTED] wrote:
> OK, I suppose that would be caught by SPF rules etc., if bob likes SPF.
what are you talking about ?, to score email addresses found on maillist a bit
negative since it looks like none spammy human ?
Benny Pedersen
Need more webspace ? http
Odd how mailing lists that don't obfuscate addresses don't see more
trusted mailing list subscriber spam.
All a spam program would have to do is say "[EMAIL PROTECTED] posts lots
to that list. His address must be a trusted subscriber. Well, here's
one more post from him, muhahaha."
OK, I suppose
On Thu, 8 May 2008, Benny Pedersen wrote:
i just started this thread to be sure IE parse bug is not in sa aswell
since i could see domains not detecked in spam, but i got it now
Do you have a reference for discussion of this "IE Parsing bug" that led
you to mention this oddball URI annotation
On Thu, May 8, 2008 18:07, John Hardin wrote:
> Bayes isn't going to parse a URI as a URI anyway, is it?
i belived it did use that info olso
> It just tokenizes the message.
hopefully with url that confirm to rfc olso, but i see hte point where url is
obfu not to bother now when i think more a
Or,
The spammers will find his host and don't use the highest MX record. Or just
remove his host from all the results.
My best solution would be:
Marc,
- Clean up the code
- Write a manual howto install so every admin can install it
- Write an extra bit of code
Kevin Parris wrote:
Well now, if a spambot actually does start recognizing and avoiding his system,
doesn't that mean he wins and the spammer loses?
I would say YES!
You should make an effort to clean it up so that others *can* install it as a
standalone daemon, as I suggested. Why? H
Well now, if a spambot actually does start recognizing and avoiding his system,
doesn't that mean he wins and the spammer loses?
>>> John Hardin <[EMAIL PROTECTED]> 05/08/08 12:11 PM >>>
On Thu, 8 May 2008, Marc Perkel wrote:
> To participate all you have to do is set your highest numbered MX t
Justin Mason wrote:
Clayton Keller writes:
Justin Mason wrote:
Matt Kettler writes:
Clayton Keller wrote:
I have been reading throught the Shortcircuit manpage as well as some
articles within the Wiki, and the manner in which I see it performing
within our install does not seem to coincide w
John Hardin wrote:
On Thu, 8 May 2008, Marc Perkel wrote:
To participate all you have to do is set your highest numbered MX to
point to:
tarbaby.junkemailfilter.com
Several people have asked me how I'm doing this and can they have my
code to do it themselves. My situation is unique enough
On Thu, 8 May 2008, Marc Perkel wrote:
To participate all you have to do is set your highest numbered MX to
point to:
tarbaby.junkemailfilter.com
Several people have asked me how I'm doing this and can they have my
code to do it themselves. My situation is unique enough that it just
won't w
On Thu, 8 May 2008, Benny Pedersen wrote:
On Thu, May 8, 2008 17:29, John Hardin wrote:
Why worry about where the URI is trying to point if it's so obviously
obfuscated?
to get more data to bayes
Bayes isn't going to parse a URI as a URI anyway, is it? It just tokenizes
the message. Bayes
ram wrote:
IOn Wed, 2008-05-07 at 08:50 -0700, Marc Perkel wrote:
Looking for a few volunteers who want to reduce their spambot spam and
at the same time help me track spambots for my black list. This is free
and mutual benefit. I (junkemailfilter.com) want to be your highest
numbered fak
On Thu, May 8, 2008 17:29, John Hardin wrote:
> Why worry about where the URI is trying to point if it's so obviously
> obfuscated?
to get more data to bayes
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
On Thu, May 08, 2008 at 04:20:42PM +0100, Justin Mason wrote:
>
> > > In case of VBounce, chances of FPs are even less acceptable. You are
> > > supposed to reject or discard backscatter
>
> who says?
>
> It seems perfectly fine to me to tag vbounce-filtered mail. In mail
> filtering, there wil
On Thu, 8 May 2008, Benny Pedersen wrote:
On Thu, May 8, 2008 05:00, Joseph Brennan wrote:
Should we just call "http://{"; bad, and not bother checking the uri?
i belive there is parts in sa that parse the same way as ie and that
could be used by spammers to hide there domains in multilvel
> > In case of VBounce, chances of FPs are even less acceptable. You are
> > supposed to reject or discard backscatter
who says?
It seems perfectly fine to me to tag vbounce-filtered mail. In mail
filtering, there will always be FPs.
--j.
Henrik K schrieb:
On Thu, May 08, 2008 at 03:11:59PM +0200, Robert Müller wrote:
BTW: Also for me 'null senders' are not common - never had problems with
this, except UBE.
Have you even looked at your traffic archives, if you keep one? How do you
know there isn't any problems if some
Clayton Keller writes:
> Justin Mason wrote:
> > Matt Kettler writes:
> >> Clayton Keller wrote:
> >>> I have been reading throught the Shortcircuit manpage as well as some
> >>> articles within the Wiki, and the manner in which I see it performing
> >>> within our install does not seem to coinc
Justin Mason wrote:
Matt Kettler writes:
Clayton Keller wrote:
I have been reading throught the Shortcircuit manpage as well as some
articles within the Wiki, and the manner in which I see it performing
within our install does not seem to coincide with how I am reading and
presumably understa
Hi, could someone kindly tell me what the file "triplets.txt" is used for, and
if I need to have it in my rules directory or not?
Cheers,
Jeremy
On Thu, May 08, 2008 at 03:11:59PM +0200, Robert Müller wrote:
>
> BTW: Also for me 'null senders' are not common - never had problems with
> this, except UBE.
Have you even looked at your traffic archives, if you keep one? How do you
know there isn't any problems if someone doesn't realize to rep
On Thu, 8 May 2008, Justin Mason wrote:
Matt Kettler writes:
.rp wrote:
So, need a rule that would parse the "Message-ID:" in the body (or attachment)
and not
header, and look for the @FQDN
Is this rule already out in the wild?
You'd likely need a meta of some sort.
Theoretically, somethi
Henrik K schrieb:
On Thu, May 08, 2008 at 11:35:30AM +0100, Justin Mason wrote:
Not in my experience!
I haven't seen anything that isn't a bounce message, an out-of-office
notification, auto-replies, or other stuff targeted by the VBounce
ruleset. certainly not transactional mail. as far
On Thu, 2008-05-08 at 09:33 +0100, Justin Mason wrote:
> Kevin W. Gagel writes:
> > - Original Message -
> > >Marc Perkel wrote:
> > >> Looking for a few volunteers who want to reduce their spambot spam and
> > >> at the same time help me track spambots for my black list. This is free
>
IOn Wed, 2008-05-07 at 08:50 -0700, Marc Perkel wrote:
> Looking for a few volunteers who want to reduce their spambot spam and
> at the same time help me track spambots for my black list. This is free
> and mutual benefit. I (junkemailfilter.com) want to be your highest
> numbered fake MX recor
On Thu, May 08, 2008 at 11:35:30AM +0100, Justin Mason wrote:
>
> Not in my experience!
>
> I haven't seen anything that isn't a bounce message, an out-of-office
> notification, auto-replies, or other stuff targeted by the VBounce
> ruleset. certainly not transactional mail. as far as I can tel
Henrik K writes:
> On Thu, May 08, 2008 at 10:03:28AM +0100, Justin Mason wrote:
> >
> > Henrik Krohns writes:
> > > On Thu, May 08, 2008 at 09:35:31AM +0100, Justin Mason wrote:
> > > >
> > > > the VBounce plugin is intended to catch backscatter -- bounces in
> > > > response
> > > > to mail yo
On Thu, May 08, 2008 at 10:03:28AM +0100, Justin Mason wrote:
>
> Henrik Krohns writes:
> > On Thu, May 08, 2008 at 09:35:31AM +0100, Justin Mason wrote:
> > >
> > > the VBounce plugin is intended to catch backscatter -- bounces in response
> > > to mail you didn't send -- so it'll ignore bounces
Henrik Krohns writes:
> On Thu, May 08, 2008 at 09:35:31AM +0100, Justin Mason wrote:
> >
> > the VBounce plugin is intended to catch backscatter -- bounces in response
> > to mail you didn't send -- so it'll ignore bounces in response to mail you
> > _did_ send, by parsing the bounced message's R
Matt Kettler writes:
> Justin Mason wrote:
> > Matt Kettler writes:
> >
> >> .rp wrote:
> >>
> >>> One of the users (actually the boss) had the email address harvested and
> >>> we got clobbered
> >>> by backscatter. Looking at the emails of the various 'unable to deliver'
> >>> type me
Justin Mason wrote:
Matt Kettler writes:
.rp wrote:
One of the users (actually the boss) had the email address harvested and we got clobbered
by backscatter. Looking at the emails of the various 'unable to deliver' type messages, I saw
what these could be filtered on, but don't know ho
Matt Kettler writes:
> Clayton Keller wrote:
> > I have been reading throught the Shortcircuit manpage as well as some
> > articles within the Wiki, and the manner in which I see it performing
> > within our install does not seem to coincide with how I am reading and
> > presumably understandin
Matt Kettler writes:
> .rp wrote:
> > One of the users (actually the boss) had the email address harvested and we
> > got clobbered
> > by backscatter. Looking at the emails of the various 'unable to deliver'
> > type messages, I saw
> > what these could be filtered on, but don't know how to w
Kevin W. Gagel writes:
> - Original Message -
> >Marc Perkel wrote:
> >> Looking for a few volunteers who want to reduce their spambot spam and
> >> at the same time help me track spambots for my black list. This is free
> >> and mutual benefit. I (junkemailfilter.com) want to be your hi
At the MTA( postfix) I am inserting X-Envelope-From:
If The mail had already a X-Envelope-From before landing at my MTA then
There would be multiple lines of these
Then SA refuses to do SPF for these messages , and I can see in my
debug logs
-
[18469] dbg: message: X-Envelope-Fr
40 matches
Mail list logo
