Jo Rhett wrote:
On May 3, 2008, at 7:59 PM, Matt Kettler wrote:
Have you tried running one of the forged messages, and an actual
legitimate message through SA manually with the -D flag to see what
the trusted and untrusted hosts are, as SA sees it?
Yes. Many times. That's not the point of t
Benny Pedersen wrote:
On Tue, May 20, 2008 16:08, Matt Kettler wrote:
Why get SPF involved? Just blacklist the domain with blacklist_from
[EMAIL PROTECTED]
bad example :-)
Agreed..
SPF is useful to prevent forgery, but if a spammer wants to forge a
domain you've blacklisted.. we
The whole error that shows when running spamassassin -D -r "spam" is:
[16283] warn: reporter: razor2 report failed: No such file or directory
reporter: razor2 had unknown error during authenticate
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Razor2.pm line
217, line 1.
at /usr/l
On Tue, May 20, 2008 19:23, Jo Rhett wrote:
>> give longer greylist times will do without marketing :-)
> It will slow down real user's mail a lot too.
real mail servers is
1: known
2: can be bypassed in greylist on that fact #1
Benny Pedersen
Need more webspace ? http://www.servage.net/?coup
On Tue, May 20, 2008 22:07, Justin Mason wrote:
> No other way. What's wrong with saving a /16? In my experience it's
> worked pretty well for the past few years...
when mails is from [EMAIL PROTECTED] to [EMAIL PROTECTED] this should kill the
attempt to get negative scores
but positive shoul
On Tue, May 20, 2008 16:08, Matt Kettler wrote:
> Why get SPF involved? Just blacklist the domain with blacklist_from
> [EMAIL PROTECTED]
bad example :-)
> SPF is useful to prevent forgery, but if a spammer wants to forge a
> domain you've blacklisted.. well, more power to em.
default spamassa
On Tue, May 20, 2008 15:48, Luis Hernán Otegui wrote:
> Here are two examples:
> http://pastebin.com/m2a039236
> http://pastebin.com/m5f77a5a4
both are good candidates for training bayes
just dont whitelist spam domains, it gets spf_pass that only says domain owner
have assigned it good relay,
Jo Rhett writes:
> Let's focus this on specific technical details:
>
> 1. How does AWL deal with forgery (other than by saving a /16 of the
> source IP)
No other way. What's wrong with saving a /16? In my experience it's
worked pretty well for the past few years...
> 2. How can I easily see
Jo Rhett wrote:
On May 19, 2008, at 11:43 PM, Koopmann, Jan-Peter wrote:
So yes: If their main "benefit" is tarpitting etc. then I agree it
probably is not worth the money or discussion.
Why is everyone willing to skip doing 5 minutes of research?
Mailchannels idea may not work for you.
Jo Rhett wrote:
mouss, please do a little research
I did. I may get things wrong, and would be pleased to get corrected. so
please share your knowledge.
before you go online attacking people.
if discussion is considered as an attack, ...
Your statements about what work and don't have no
... continued
As I said in my last mesage. The High MX no quit spambot detectors will
send UDP messages to a receiving server that listens for these messages
and processes them into blacklists.
What I'm doing is just using SOCAT to listen. But doing it right you
might want to use a real data
continuing
This project is targeted mostly at harvesting the IP addresses of virus
infected spambots. First - some background.
I virus infected spambot sends email differently than SMTP servers and
there is enough difference that they can usually be detected on the
first attempt to send
> Why is everyone willing to skip doing 5 minutes of research?
I did.
> Mailchannels idea may not work for you. But it's worth doing a bit of
> research.
Oh the idea is nice. But there are others out there that - from my
personal perspective - are doing this stuff much better, at least from
w
On May 19, 2008, at 11:43 PM, Koopmann, Jan-Peter wrote:
So yes: If their main "benefit" is tarpitting etc. then I agree it
probably is not worth the money or discussion.
Why is everyone willing to skip doing 5 minutes of research?
Mailchannels idea may not work for you. But it's worth doin
On May 19, 2008, at 2:05 PM, Benny Pedersen wrote:
On Mon, May 19, 2008 20:18, Ralf Hildebrandt wrote:
To be fair (I'm testing it right now): It's easy to get running.
Right now the Tarpit and slowdown features cannot be had in Postfix,
so I'm giving it a spin.
give longer greylist times will
mouss, please do a little research before you go online attacking
people. Your statements about what work and don't have no backup, and
go against all existing evidence today, and yet you're blasting them
for lack of serious study. Try to do some yourself.
On May 19, 2008, at 11:46 AM, mo
Hi everyone, I'm back from vacation and want to pick up where I left
off. I had offered to let anyone use one of my hosts.
tarbaby.junkemailfilter.com
as your highest numbered MX. The idea being that I would always return a
451 error. You would gain some spam reduction and I would gain blackli
Let's focus this on specific technical details:
1. How does AWL deal with forgery (other than by saving a /16 of the
source IP)
2. How can I easily see the AWL database for a given destination
address?
On May 3, 2008, at 7:59 PM, Matt Kettler wrote:
Have you tried running one of the forged messages, and an actual
legitimate message through SA manually with the -D flag to see
what the trusted and untrusted hosts are, as SA sees it?
Yes. Many times. That's not the point of this thread.
I
I am moving from old smtp(MX)/amavisd/spamassassin server to a
new smtp(MX)/amavisd/spamassassin server
I will be forwarding particular users email from the old server to the
new server as they are moved by using an alias in /etc/postfix/aliases.
I wish the new server to receive t
> Greetings.
> I'm running spamd 3.2.4 alongside my stock Qmail
> installation (passing messages over ip sockets via the
> qmail-queue patch) on Ubuntu 8.04. Because this is a
> site-wide config, in previous distros I'd been able to
> successfully get both the "parent" spamd process and the
> spam
mouss writes:
> Kevin Plested wrote:
> > I received the following this morning when I tried a lint, it would have
> > occurred after an automated update this morning using sa-update. I tried
> > searching it online, but didn't find anything on it?
> >
> >
> > rules: failed to run __GATED_THROUGH
2008/5/20 mouss <[EMAIL PROTECTED]>:
> Matt Kettler wrote:
>>
>> Luis Hernán Otegui wrote:
>>>
>>> Hello, list. I've been wondering how to stop traffic from certain
>>> hosts which only seem to distribute spam. I'm tired of reporting the
>>> emails to their ISP, Spamcop, etc. Since the servers are
Kevin Plested wrote:
I received the following this morning when I tried a lint, it would have
occurred after an automated update this morning using sa-update. I tried
searching it online, but didn't find anything on it?
rules: failed to run __GATED_THROUGH_RCVD_REMOVER test, skipping:
I received the following this morning when I tried a lint, it would have
occurred after an automated update this morning using sa-update. I tried
searching it online, but didn't find anything on it?
rules: failed to run __GATED_THROUGH_RCVD_REMOVER test, skipping:
(Can't locate object me
Matt Kettler wrote:
Luis Hernán Otegui wrote:
Hello, list. I've been wondering how to stop traffic from certain
hosts which only seem to distribute spam. I'm tired of reporting the
emails to their ISP, Spamcop, etc. Since the servers are identically
configured (they seem to be virtual machines f
Luis Hernán Otegui wrote:
Hello, list. I've been wondering how to stop traffic from certain
hosts which only seem to distribute spam. I'm tired of reporting the
emails to their ISP, Spamcop, etc. Since the servers are identically
configured (they seem to be virtual machines fired up/cloned from t
Hello, list. I've been wondering how to stop traffic from certain
hosts which only seem to distribute spam. I'm tired of reporting the
emails to their ISP, Spamcop, etc. Since the servers are identically
configured (they seem to be virtual machines fired up/cloned from the
same template), and have
Matus UHLAR - fantomas schrieb:
On 20.05.08 12:06, Michael Geiger wrote:
Hello, I just found a problem with a shortcircuit rule in my sa
installation (3.2.4)!
shortcircuiting is not as easy as it seems. Many kinds of different checks
are run in parallel, some are run before others. To get shor
On 20.05.08 12:06, Michael Geiger wrote:
> Hello, I just found a problem with a shortcircuit rule in my sa
> installation (3.2.4)!
shortcircuiting is not as easy as it seems. Many kinds of different checks
are run in parallel, some are run before others. To get shortcircuit
working, you must incr
ram wrote:
Yes but the invite option may be abused. Like yahoo calendar invites are
abused to send spam
Mailing-Lists also can be abused (try to subscribe with a forged address).
the question is
- can the abuser put his text or url inside the message? If so, the site
should run the text a
Yes but the invite option may be abused. Like yahoo calendar invites are
abused to send spam
On Tue, 2008-05-20 at 03:23 -0700, Eloise Carlton wrote:
> Thank you for taking the time to report this. We've audited this
> sender; they are a social network, where users can communicate within a
> n
Thank you for taking the time to report this. We've audited this
sender; they are a social network, where users can communicate within a
network or users inviting friends to join a forum. The sender also
implemented Captcha as part of the registration. We are working to find
out more of the how the
Hello, I just found a problem with a shortcircuit rule in my sa
installation (3.2.4)!
I have defined in local.cf:
header MAILMAN ALL =~
/-(bounces|confirm|join|leave|request|subscribe|unsubscribe)[EMAIL PROTECTED]/i
describeMAILMAN Mailman whitelisted
shortcircuitMAILMAN
Bob Cohen wrote:
I'm seeing these entries in my maillog:
May 19 18:16:41 anduril postfix/qmgr[10162]: warning: connect to
transport spamfilter: No such file or directory
May 19 18:16:42 anduril postfix/qmgr[10162]: warning: connect to
transport spamassassin: Connection refused
which
35 matches
Mail list logo
