On Sun, Apr 26, 2009 at 04:11:10PM -0400, Dan Mahoney, System Admin wrote:
> On Sat, 25 Apr 2009, John Hardin wrote:
>
>> On Sat, 25 Apr 2009, Gary Forrest wrote:
>>
>>> We are receiving the same image spam many times, random text within
>>> the body.
>>
>> FuzzyOCR. It seems Spammers are trying i
On Sun, Apr 26, 2009 at 02:37:06PM -0400, Adam Katz wrote:
> > On Fri, Apr 24, 2009 at 05:14:21PM -0400, Adam Katz wrote:
> >> I wouldn't trust FUZZY_OCR with anything. 12 points is *WAY* too high
> >> for any single thing. I had to disable this plugin a year or three
> >> ago because it assigned
Hey all,
While there's a decent amount of spamassassin list traffic to imply
otherwise, is the SA project falling dormant?
the sare-rules claim they won't be updated due to lives, wives, and
hockey.
the fuzzyOCR project claims the only thing that works with 3.2 is the SVN
version, and on t
Is there a way to test this to ensure it's working/configured correctly
or something to look for in the content analysis details?
Thanks
Chris
--
KeyID 0xE372A7DA98E6705C
signature.asc
Description: This is a digitally signed message part
On Sun, Apr 26, 2009 at 14:01, Adam Katz wrote:
> Charles Gregory wrote:
>> On Fri, 24 Apr 2009, Adam Katz wrote:
>
> The more pressing point (since fixing the one you mentioned is pretty
> simple) is that when you use a call to a sender's MX record and either
> use SMTP's VRFY command or pretend
should be back now. sorry about this, server trouble :(
On Sun, Apr 26, 2009 at 16:22, Ned Slider wrote:
> Bill Landry wrote:
>>
>> Bill Landry wrote:
>>>
>>> I do a "sought" rules update once per day using sa-update, but today I
>>> am seeing:
>>>
>>> http: request failed: 500 read timeout: 5
Charles Gregory wrote:
> On Fri, 24 Apr 2009, Adam Katz wrote:
>> I read recently that that's a Bad Thing (and I'm leaning on agreeing):
>> http://www.backscatterer.org/?target=sendercallouts
>
> The most compelling argument on that site is one that almost slips by
> un-noticed. A spammer could ve
Neil Schwartzman wrote:
On 24/04/09 11:44 PM, it was written:
Most people do not fall for it, but the dumbest ones do fall for it.
This is not a question of intellect, it is a question of the verisimilitude
of the messaging.
both might probably more true than false. In fact I could think of
On Sat, 25 Apr 2009, John Hardin wrote:
On Sat, 25 Apr 2009, Gary Forrest wrote:
We are receiving the same image spam many times, random text within the
body.
FuzzyOCR. It seems Spammers are trying image spam again, after giving up on
it for a year or so.
Is there a version of FuzzyOCR th
On Sun, 2009-04-26 at 15:06 -0400, Adam Katz wrote:
> John Hardin wrote:
> >>> Igor, you might also want to implement greylisting, to give the URIBLs a
> >>> chance to list URIs that appear in these messages.
>
> Ned Slider responded:
> >> Interesting concept - do you have any data to support th
John Hardin wrote:
>>> Igor, you might also want to implement greylisting, to give the URIBLs a
>>> chance to list URIs that appear in these messages.
Ned Slider responded:
>> Interesting concept - do you have any data to support the hypothesis?
John Hardin shrugged:
> Nope.
I have anecdotal ev
> On Fri, Apr 24, 2009 at 05:14:21PM -0400, Adam Katz wrote:
>> I wouldn't trust FUZZY_OCR with anything. 12 points is *WAY* too high
>> for any single thing. I had to disable this plugin a year or three
>> ago because it assigned 20+ points to legit screenshots in ham (and
>> that was /after/ I
It's already been mentioned, but mimeheader is the right way to look
at the headers of MIME parts.
The rule of thumb is "if you are using 'full' you're probably doing it
wrong". :)
On Sun, Apr 26, 2009 at 11:57 AM, Charles Gregory wrote:
> On Sat, 25 Apr 2009, Gary Forrest wrote:
>>
>> We are r
On Sun, 2009-04-26 at 11:37 -0500, Chris wrote:
> Does this have something to do with not being able to connect to
> Justin's site for sought updates?
Yes. And no. ;)
The server actually is available currently. The advertised rule-set
version isn't. Anyway, that's the reason for the exit code 4.
Does this have something to do with not being able to connect to
Justin's site for sought updates?
--
KeyID 0xE372A7DA98E6705C
signature.asc
Description: This is a digitally signed message part
On Sat, 25 Apr 2009, Gary Forrest wrote:
We are receiving the same image spam many times, random text within the
body. The only common thing is a image attachment, with the filename in
the following format
DSL1234.png
I have made the following ' RAWBODY ' rule
/dsl[0-9]{4}\.png/i
You need to
Igor Chudov wrote:
> OK, dumb question, how would I implement greylisting (I have Ubuntu)
That depends on what MTA you are using. Most greylisting is performed
by milters or, if using Postfix, policy delegation. Check your MTA's
web site, they will usually advise you on how to implement greylis
On Sat, Apr 25, 2009 at 11:06:47PM +0100, Ned Slider wrote:
> John Hardin wrote:
>> On Fri, 24 Apr 2009, LuKreme wrote:
>>
>>> On 24-Apr-2009, at 10:41, Igor Chudov wrote:
>>>
I get a shipload of spams like this one:
http://igor.chudov.com/tmp/spam007.txt
>>>
>>> Scores very high her
Bill Landry wrote:
Bill Landry wrote:
I do a "sought" rules update once per day using sa-update, but today I
am seeing:
http: request failed: 500 read timeout: 500 read timeout
channel: could not find working mirror, channel failed
I cannot access the site via web browser either. Just c
Bill Landry wrote:
> I do a "sought" rules update once per day using sa-update, but today I
> am seeing:
>
>http: request failed: 500 read timeout: 500 read timeout
>channel: could not find working mirror, channel failed
>
> I cannot access the site via web browser either. Just curious i
On Sat, April 25, 2009 05:44, Igor Chudov wrote:
> DKIM will not work, as this is purely a social engineering attack.
will postmas...@example.com work ?
if the hacked accounts was signed with dkim remote will know what domain
to contact about it, but if ab...@example.com or postmaster dont akt i
On Fri, April 24, 2009 22:56, John Hardin wrote:
> I do that check using milter-regex. A sample config file is at
> http://www.impsec.org/~jhardin/antispam/ - you'd have to edit it to match
> your needs for domain names and local MTA IP addresses.
tempfail "helo and ip does not resolve"
helo /\./
On 24/04/09 11:44 PM, it was written:
> Most people do not fall for it, but the dumbest ones do fall for it.
This is not a question of intellect, it is a question of the verisimilitude
of the messaging.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return
On Sat, 2009-04-25 at 22:58 +0200, Matus UHLAR - fantomas wrote:
> > On Sat, 2009-04-25 at 17:36 +0200, Mark Martinec wrote:
> > > It would save us the guesswork if you could provide the header section
> > > of the troublesome message. As Theo pointed out, there may be problem
> > > in Received he
24 matches
Mail list logo
