Aaron Wolfe wrote:
> On Wed, Jan 21, 2009 at 7:54 PM, Duane Hill wrote:
>
>> On Thu, 22 Jan 2009, Steve Freegard wrote:
>>
>>
>>> 5) Privacy concerns; potentially a domains entire mail stream for the
>>> last 5 days could be held on your mail spool. This has obvious privacy
>>> implicat
On Wed, Jan 21, 2009 at 7:54 PM, Duane Hill wrote:
> On Thu, 22 Jan 2009, Steve Freegard wrote:
>
>> 5) Privacy concerns; potentially a domains entire mail stream for the
>> last 5 days could be held on your mail spool. This has obvious privacy
>> implications for most people particularly as th
Matus UHLAR - fantomas wrote:
>
> On 20.01.09 19:45, Matt Kettler wrote:
>
>> Yes, more specifically, it's mostly going to be updating the "atime", or
>> time of last access, records for tokens. This time is used by the expiry
>> process to drop the least recently used tokens.
>>
>
> What d
>
> I'm doing an experimental free MX backup service and
> wondering if it will get exploited. I'm wondering if I'm
> overlooking anything obvious?
> Here's the info on it:
>
> http://www.free-mx-backup.com
>
> The idea is that it detects if we are the secondary and not
> the primary MX a
The "To" address is merely a piece of text. I can send a message to
you, but have it say To: nob...@anywhere.com"..
I'm not sure if what you want to do is possible with spamassassin,
but sounds like it should be done with your MTA, or maybe procmail or
something?
At 04:53 PM 1/21/2009, you w
From: "Brian J. Murrell"
Date: Wed, 21 Jan 2009 19:15:19 + (UTC)
I'm trying to figure out why in some cases, spamd is taking in excess of
1200s to process messages. Is there any way to profile (i.e. time, or
timestamp) each of the tests that spamd is doing so I can see w
On Thu, 22 Jan 2009, Steve Freegard wrote:
5) Privacy concerns; potentially a domains entire mail stream for the
last 5 days could be held on your mail spool. This has obvious privacy
implications for most people particularly as there is no contract
between you and the end-user. How does the
How could I hook spamassassin up to a script that connects to my db (mysql)
and marks a message as non-spam if it finds that the 'To' address is found
in a certain table?
I'm administrating a mail system that receives many messages per day to
thousands of unique addresses @mydomain. The addresses
Marc Perkel wrote:
> I'm doing an experimental free MX backup service and wondering if it
> will get exploited. I'm wondering if I'm overlooking anything obvious?
> Here's the info on it:
>
> http://www.free-mx-backup.com
>
> The idea is that it detects if we are the secondary and not the primary
I'm doing an experimental free MX backup service and wondering if it
will get exploited. I'm wondering if I'm overlooking anything obvious?
Here's the info on it:
http://www.free-mx-backup.com
The idea is that it detects if we are the secondary and not the primary
MX and will store and delive
Hello,
I once had this problem. It was caused by an improper/incomplete upgrade of
Spamassassin. Perl modules actually, some had been downloaded and added to the
system via CPAN, which were supposed to go with a new Spamassassin binary. The
binary was never installed however, and we had lots of
Rejaine Monteiro a écrit :
>
> Here are two samples attached..
> (some informations are changed)
please don't forward spam to the list (they poison learning filters,
they may be blocked/discarded, ... etc).
instead, put unaltered full samples on a web page, for example on
pastebin.com. to get a
Brian J. Murrell a écrit :
> I seem to be getting a lot of these in the last 36h:
>
>
> 12:02:26 spamd Can't locate object method "new" via package
> "Net::DNS::RR::TXT" at /usr/lib/perl5/Net/DNS/RR.pm line 305.
> 12:02:26 spamd caught at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm
> line
I'm trying to figure out why in some cases, spamd is taking in excess of
1200s to process messages. Is there any way to profile (i.e. time, or
timestamp) each of the tests that spamd is doing so I can see where the
longest ones are?
Even enabling the kind of debug that "spamassassin -D" produc
John Hardin wrote:
> > On Wed, 21 Jan 2009, rje...@vzw.blackberry.net wrote:
> Didn't we already do this?
Hopefully it's just an old message that was stuck
in a blackberry queue somewhere. :)
John Wilcock wrote on Wed, 21 Jan 2009 17:52:46 +0100:
> Perhaps if you posted a few *complete* samples with *full headers*,
> others could see which rules are hit and suggest improvements...
but please to a pastebin or so!
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Interne
Rejaine Monteiro wrote on Wed, 21 Jan 2009 14:41:08 -0200:
> Yes , I'm understanding what you saying
You don't, I think. You asked "how can I make a rule ...". I gave you some
hints which matches you could use for good rules.
However, I think now what you wanted to ask is "I want some ready-mad
Here are two samples attached..
(some informations are changed)
John Wilcock escreveu:
Perhaps if you posted a few *complete* samples with *full headers*,
others could see which rules are hit and suggest improvements...
John.
--- Begin Message ---
Prezado Cliente(a)
Segue em anexo conform
Le 21/01/2009 17:41, Rejaine Monteiro a écrit :
But, I'm receive a *lot* of spam like this... (another case abelow) and
I don't no how stop this ...
Perhaps if you posted a few *complete* samples with *full headers*,
others could see which rules are hit and suggest improvements...
John.
--
Yes , I'm understanding what you saying and also understand the
implications of FPs
But, I'm receive a *lot* of spam like this... (another case abelow) and
I don't no how stop this ...
(sorry , my english is very poor)
http://7g5emg.blu.liv=
efilestore.com/y1pcQCMDJb4PY_kjFJywVsV-OkV-UUY
> > On Tue, Jan 20, 2009 at 04:49:12PM +0100, Matus UHLAR - fantomas wrote:
> >
> >> Why does it update the journal? Why does it try to open journal in R/W
> >> mode?
> Theo Van Dinter wrote:
> > $ man sa-learn
Oh, sorry for missing that in docs :(
> > In other words, the journal isn't just
Rejaine Monteiro wrote on Wed, 21 Jan 2009 08:58:21 -0200:
> href="http://knut.kumoh.ac.kr/~dojamo/zero/log/attachs.php?id=HU#9123IF";>PRICES.pdf
>
use a regexp that matches "NOT .pdf" at the end of the hyperlink and ".pdf" in
the
link text.
> href="http://knut.kumoh.ac.kr/~dojamo/zero/log
Rejaine Monteiro wrote on Wed, 21 Jan 2009 11:23:33 -0200:
> the text suggests a link to a pdf file, but in the truth it is not.
But you know this only afterwards. This may be true for all your cases and
worthwhile to block, but it may produce FPs in general. I think that's
what Kenneth wanted
Just to inform who might be interested - SANESecurity signatures are back!
AD
- Forwarded message from Steve Basford
-
Date: Tue, 20 Jan 2009 20:31:09 +
From: Steve Basford
To: sanesecur...@freelists.org
Reply-to: sanesecur...@freelists.org
Subject: [sanesecurity] We're back...
X-
Le 21/01/2009 14:23, Rejaine Monteiro a écrit :
the text suggests a link to a pdf file, but in the truth it is not.
In this specific case perhaps, but there's absolutely nothing to stop a
legitimate php script (or any other URL for that matter) generating a
legitimate PDF file. The only way
the text suggests a link to a pdf file, but in the truth it is not.
Kenneth Porter escreveu:
How do you *know* that the email is trying to deceive the user?
Legitimate email might have the same pattern of one name in the link
and another in the visible text. There's nothing in the text you
--On Wednesday, January 21, 2009 8:58 AM -0200 Rejaine Monteiro
wrote:
The email tries to deceive usesr
How do you *know* that the email is trying to deceive the user? Legitimate
email might have the same pattern of one name in the link and another in
the visible text. There's nothing in t
> I think the problem lies in just this snippet:
>
> >> X-SMTP-Auth-NETI-Businesmail: no
> >> Received: from ...mada30 (xx.175.190.90.dyn.estpak.ee [xx.190.175.78])
> >>by Relayhost2.neti.ee (Postfix) with SMTP id CE2621F9E65
> >>for <.@online.ee>; Tue, 20 Jan 2009 23:29:07 +0200 (EET)
'dojamo' was just a simple example..
of course, many others different links or names files and urls are used
Benny Pedersen escreveu:
On Wed, January 21, 2009 11:58, Rejaine Monteiro wrote:
How can I make a rule to block fake links to pdf files, like this?
http://knut.kumoh.ac.kr/~dojamo/ze
On Wed, January 21, 2009 11:58, Rejaine Monteiro wrote:
> How can I make a rule to block fake links to pdf files, like this?
>
> href="http://knut.kumoh.ac.kr/~dojamo/zero/log/anexos.php?id=GF#590KI";>(106,5KB)
>
> The email tries to deceive usesr, bypassing for an attached file.
rawbody FAKE
How can I make a rule to block fake links to pdf files, like this?
href="http://knut.kumoh.ac.kr/~dojamo/zero/log/attachs.php?id=HU#9123IF";>PRICES.pdf
href="http://knut.kumoh.ac.kr/~dojamo/zero/log/anexos.php?id=GF#590KI";>(106,5KB)
The email tries to deceive usesr, bypassing for an att
31 matches
Mail list logo
