On Sat, 2009-04-25 at 23:06 +0100, Ned Slider wrote:
> John Hardin wrote:
>
> > Igor, you might also want to implement greylisting, to give the URIBLs a
> > chance to list URIs that appear in these messages.
>
> Interesting concept - do you have any data to support the hypothesis?
Nope.
> I tr
On Sat, 25 Apr 2009 16:10:41 -0500
Igor Chudov wrote:
> On Sat, Apr 25, 2009 at 02:09:05PM -0700, John Hardin wrote:
> > On Sat, 25 Apr 2009, Gary Forrest wrote:
> > FuzzyOCR. It seems Spammers are trying image spam again, after
> > giving up on it for a year or so.
> >
>
> Why did spammers giv
John Hardin wrote:
On Fri, 24 Apr 2009, LuKreme wrote:
On 24-Apr-2009, at 10:41, Igor Chudov wrote:
I get a shipload of spams like this one:
http://igor.chudov.com/tmp/spam007.txt
Scores very high here.
2.0 URIBL_BLACKContains an URL listed in the URIBL blacklist
On Sat, Apr 25, 2009 at 02:09:05PM -0700, John Hardin wrote:
> On Sat, 25 Apr 2009, Gary Forrest wrote:
>
>> We are receiving the same image spam many times, random text within the
>> body.
>
> FuzzyOCR. It seems Spammers are trying image spam again, after giving up
> on it for a year or so.
>
On Sat, 25 Apr 2009, Gary Forrest wrote:
We are receiving the same image spam many times, random text within the
body.
FuzzyOCR. It seems Spammers are trying image spam again, after giving up
on it for a year or so.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
Gary Forrest wrote:
> Hi All
>
> We are receiving the same image spam many times, random text within the
> body.
> The only common thing is a image attachment, with the filename in the
> following format
>
> DSL1234.png
>
> I have made the following ' RAWBODY ' rule
>
> /dsl[0-9]{4}\.png/i
>
Hi All
We are receiving the same image spam many times, random text within the
body.
The only common thing is a image attachment, with the filename in the
following format
DSL1234.png
I have made the following ' RAWBODY ' rule
/dsl[0-9]{4}\.png/i
This rule works if the text appears in th
> On Sat, 2009-04-25 at 17:36 +0200, Mark Martinec wrote:
> > It would save us the guesswork if you could provide the header section
> > of the troublesome message. As Theo pointed out, there may be problem
> > in Received header fields inserted by your trusted mailer - not necessarily
> > a proble
On 25-Apr-2009, at 10:23, Dave Koontz wrote:
John Hardin wrote ... (4/25/2009 12:06 PM):
A phisher would send emails to a large number of people saying,
literally, "I am your email administrator, your account is to be
suspended, please send me your username and password".
DKIM will not work,
John Hardin wrote ... (4/25/2009 12:06 PM):
>> A phisher would send emails to a large number of people saying,
>> literally, "I am your email administrator, your account is to be
>> suspended, please send me your username and password".
>>
>> DKIM will not work,
>
> BAYES should work quite well.
>
On Fri, 24 Apr 2009, Igor Chudov wrote:
A phisher would send emails to a large number of people saying,
literally, "I am your email administrator, your account is to be
suspended, please send me your username and password".
DKIM will not work,
BAYES should work quite well.
--
John Hardin
On Fri, 24 Apr 2009, LuKreme wrote:
On 24-Apr-2009, at 10:41, Igor Chudov wrote:
I get a shipload of spams like this one:
http://igor.chudov.com/tmp/spam007.txt
Scores very high here.
2.0 URIBL_BLACKContains an URL listed in the URIBL blacklist
[URIs:
On Sat, 2009-04-25 at 17:36 +0200, Mark Martinec wrote:
> On Saturday 25 April 2009 16:31:38 Rik wrote:
> > On Sat, 2009-04-25 at 06:47 -0600, LuKreme wrote:
> > > On 25-Apr-2009, at 01:55, Rik wrote:
> > > > Sadly I have discarded the mail, but the server time stamp and header
> > > > stamp were
On Saturday 25 April 2009 16:31:38 Rik wrote:
> On Sat, 2009-04-25 at 06:47 -0600, LuKreme wrote:
> > On 25-Apr-2009, at 01:55, Rik wrote:
> > > Sadly I have discarded the mail, but the server time stamp and header
> > > stamp were within seconds of each other, so I don't think it's a time
> > > zo
On Sat, 2009-04-25 at 06:47 -0600, LuKreme wrote:
> On 25-Apr-2009, at 01:55, Rik wrote:
> > Sadly I have discarded the mail, but the server time stamp and header
> > stamp were within seconds of each other, so I don't think it's a time
> > zone issue as such.
>
> Within seconds of each other inc
Thanks - this seems to have done the trick - I only had one of these set
(trusted_networks at the last try). There's a subtle difference between the
two I'll obviously have to investigate.
mouss-4 wrote:
>
> fjl_london a écrit :
>> Spam arrives at server A. Server A is whitelisted. Server A sen
Hi Thomas!
Casartello, Thomas wrote ... (4/24/2009 8:05 PM):
>
> One major issue we’ve been having lately is with phishing emails being
> targeted at us. They’re being sent to us from hacked accounts at other
> educational institutes. The message usually is about “Your EDU webmail
> account is exp
Haha. Unfortunately I agree. Our CIO has sent out two or three emails to
faculty and staff as well as students telling them to ignore these messages
since they started arriving, but yet we've still had faculty and students who
have given them away anyway.
-Original Message-
From: Arvid
Well by "hacked" I mean people that have fallen for the phishing and have sent
their username and password. When I notice it on our network, we immediately
reset the password and inform the user. But the emails we get are coming from
other colleges where users have given away their passwords.
-
fjl_london a écrit :
> I've recently started playing with Spamassassin, and I've hit a problem that
> I can't find in the Apache documentation.
>
> The RCVD_IN_DNSWL_MED test obviously checks to see if a server is
> whitelisted, and reduces the spam score by 4 if it is. Leaving the merits or
> oth
Phibee Network Operation Center a écrit :
> Hi
>
> Barracuda RBL Test are included into SpamAssassin 3.2.5 or only
> when we have into local.cf:
>
$ grep barracudacentral
/var/db/spamassassin/3.002005/updates_spamassassin_org/*cf
$
so no, it's not included.
> header IN_BCUDA_RBL rbleval:check_
I've recently started playing with Spamassassin, and I've hit a problem that
I can't find in the Apache documentation.
The RCVD_IN_DNSWL_MED test obviously checks to see if a server is
whitelisted, and reduces the spam score by 4 if it is. Leaving the merits or
otherwise of this whitelist's conte
On 25-Apr-2009, at 01:55, Rik wrote:
Sadly I have discarded the mail, but the server time stamp and header
stamp were within seconds of each other, so I don't think it's a time
zone issue as such.
Within seconds of each other including the TZ offset?
--
Spontaneity has its time and place.
On Saturday 25 April 2009 07:44:01 Matt Kettler wrote:
> Phibee Network Operation Center wrote:
> > my logs of spamassassin put:
> > netset: cannot include 127.0.0.1/32 as it has already been included
> > anyone know what is this ?
>
> I'd guess you tried to declare 127.0.0.1 in either your
> trust
Phibee Network Operation Center wrote:
> Hi
>
> anyone have a small rules sample for this:
>
> header FROM_TEST_NOC_1 To =~ /\...@mydomain\.org/
> header FROM_TEST_NOC_2 From =~ /\t...@sender\.org/
> header FROM_TEST_NOC_3 Reply-To =~ /\t...@sender\.org/
>
> and if in one Email, we h
SM wrote:
One major issue we've been having lately is with phishing emails being
targeted at us. They're being sent to us from hacked accounts at other
educational institutes. The message usually is about "Your EDU webmail
account is expiring. Please send us your username and password to fix
Hi,
I'm facing the following problem lately. Some of my users are connecting
to the mail server (qmail) through mobile phones and the leased IPs from
the GSM operator are blacklisted in spamhaus and spamcop. So, they are
using the smtp server with spamassassin 3.2.5 but their messages are
mark
Casartello, Thomas wrote:
The phish are coming from real hacked accounts (Basically people that have
gotten the phish email and fallen for it) at other Educational institutes
(We already use SPF).
I'd go for a non technical solution here, since its effects only a
small amount of organisation
On Fri, 2009-04-24 at 23:32 +0200, Matus UHLAR - fantomas wrote:
> On 24.04.09 18:44, Rik wrote:
> > Date: Fri, 24 Apr 2009 18:44:07 +0100
> >
> > I was stumped on a question today about DATE_IN_FUTURE. My googling
> > offered me nothing more than the obvious 'The message has a date in the
> > fu
Hi
anyone have a small rules sample for this:
header FROM_TEST_NOC_1 To =~ /\...@mydomain\.org/
header FROM_TEST_NOC_2 From =~ /\t...@sender\.org/
header FROM_TEST_NOC_3 Reply-To =~ /\t...@sender\.org/
and if in one Email, we have :
FROM_TEST_NOC_1 + (FROM_TEST_NOC_2 or/and FR
Hi
Barracuda RBL Test are included into SpamAssassin 3.2.5 or only
when we have into local.cf:
header IN_BCUDA_RBL rbleval:check_rbl('bcuda', 'bb.barracudacentral.org')
describe IN_BCUDA_RBL Received via a relay listed by Barracuda BRBL
tflags IN_BCUDA_RBL net
header RCVD_IN_BCUDA_RELAY rbleval
31 matches
Mail list logo
