Re: Unsubscribe

2009-06-13 Thread David Gibbs
LuKreme wrote: > The unsubscribe link is right there in plain sight. Whether Gmail > conceals it from you has nothing to do with it. Few consumer mail clients (Gmail, Yahoo, Thunderbird, OE, Outlook, Lotus/Domino, etc) show the user headers by default. This means they are clearly NOT in plain s

Re: Botnet spam not being caught

2009-06-13 Thread LuKreme
On 13-Jun-2009, at 19:56, MySQL Student wrote: Received: from [78.97.185.89] (unknown [78.97.185.89]) Message-ID: Do they all have message ID's that include the IP? Yeah, great, it looks like they all do. Would something like this work? header MYMSGIPMessage-ID =~ /78.97.185

Re: Botnet spam not being caught

2009-06-13 Thread John Rudd
On Sat, Jun 13, 2009 at 18:56, MySQL Student wrote: > > I also see BOTNET_NORDNS in Botnet.cf, but it isn't being triggered. It's > also weighted at 0.0. Is there a reason for this? There's two ways to use Botnet: 1) one big rule (BOTNET) that rolls up all of the sub-rule scores. 2) triggering

Re: Botnet spam not being caught

2009-06-13 Thread John Rudd
On Sat, Jun 13, 2009 at 18:47, MySQL Student wrote: > Hi John, > >> Botnet seems to have caught that just fine (it's listed in the rules >> which were triggered).  The problem is either that you're running it >> at a lower score (which you could also do for Botnet0.8 if you wanted >> to upgrade --

Re: Botnet spam not being caught

2009-06-13 Thread MySQL Student
Hi Charles, Received: from [78.97.185.89] (unknown [78.97.185.89]) >> Message-ID: >> > > Do they all have message ID's that include the IP? Yeah, great, it looks like they all do. Would something like this work? header MYMSGIPMessage-ID =~ /78.97.185.89/ score MYMSGIP0.3 desc

Re: Botnet spam not being caught

2009-06-13 Thread MySQL Student
Hi John, Botnet seems to have caught that just fine (it's listed in the rules > which were triggered). The problem is either that you're running it > at a lower score (which you could also do for Botnet0.8 if you wanted > to upgrade -- their default scores are exactly the same), or you need > oth

Re: Botnet spam not being caught

2009-06-13 Thread Charles Gregory
On Sat, 13 Jun 2009, MySQL Student wrote: Received: from [78.97.185.89] (unknown [78.97.185.89]) Message-ID: Do they all have message ID's that include the IP? You could score that 0.3 or so to help push it over the line. Also give a bit mroe score to the RDNS rules You also might want

Re: Botnet spam not being caught

2009-06-13 Thread John Rudd
Botnet seems to have caught that just fine (it's listed in the rules which were triggered). The problem is either that you're running it at a lower score (which you could also do for Botnet0.8 if you wanted to upgrade -- their default scores are exactly the same), or you need other rules/configs t

Re: BOTNET timeouts?

2009-06-13 Thread LuKreme
On 13-Jun-2009, at 18:21, John Hardin wrote: On Sun, 14 Jun 2009, Res wrote: It's the weekend and I was bored :) This list does not exist to provide you amusement. Are you sure about that? -- I gotta straighten my face This mellow-thighed chick just put my spine out of place

Re: [sa] Re: BOTNET timeouts?

2009-06-13 Thread Charles Gregory
On Sun, 14 Jun 2009, Res wrote: Though now its Sunday, I have socialising to do, and none of that includes sitting on mailing lists listening to cry babies who expect people involved in OSSP's to drop everything and be their servants. So we'll just all pretend you didn't send this message.

Botnet spam not being caught

2009-06-13 Thread MySQL Student
Hi all, I'm using SA-3.2.5 on Linux and my system is being deluged with spam that isn't being caught, apparently from botnets. I'm using botnet-0.7. The subject is random and the "Received from" header is always an unresolvable IP. Is there a more robust botnet plugin that may be more effective? B

Re: [sa] Re: BOTNET timeouts?

2009-06-13 Thread John Hardin
On Sun, 14 Jun 2009, Res wrote: It's the weekend and I was bored :) This list does not exist to provide you amusement. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4

Re: BOTNET timeouts?

2009-06-13 Thread Res
Truth still hurts hey, one day you might smell the coffee :) On Sat, 13 Jun, Bill Landry as usual sooked nothing worth reading: -- Res -Beware of programmers who carry screwdrivers

Re: [sa] Re: BOTNET timeouts?

2009-06-13 Thread Res
On Sat, 13 Jun 2009, Charles Gregory wrote: I'm always amused by the hyporcrisy of people who spend paragraphs of text explaining that the person they are addressing is 'not worth their time'. It's the weekend and I was bored :) Though now its Sunday, I have socialising to do, and none of tha

Plugin configuration

2009-06-13 Thread Martin Gregorie
I'm developing an SA plugin to whitelist incoming mail from the contents of a database-based mail archive. The plugin and associated rule are working, but only because I've hard-coded the database type, name, user name and password in the plugin's 'new' method. Now I'd like to configure the databa

Re: BOTNET timeouts?

2009-06-13 Thread John Hardin
On Sat, 13 Jun 2009, Res wrote: On Thu, 11 Jun 2009, Bill Landry wrote: How long have you been on this list? A lot longer than you might think, I don't say much here, ... we give up our lives and work JUST to satisfy something you want, it will never happen turdbreath, get used to it, if

Re: [sa] Re: BOTNET timeouts?

2009-06-13 Thread Charles Gregory
On Sat, 13 Jun 2009, Res wrote: my life comes before no-life whinging fucking cry baby lamers like you. I'm always amused by the hyporcrisy of people who spend paragraphs of text explaining that the person they are addressing is 'not worth their time'. - C

Re: Unsubscribe

2009-06-13 Thread Matt Kettler
Michael Scheidell wrote: > > > Since we saw two of them come in pretty back to back, I suspect a joe > job of sometype. those people might not have subscribed. That would be a bit tricky to just be a joe job. This list is confirmed opt-in. i.e.: if you subscribe, an automated bot from ezlm sends y

Re: BOTNET timeouts?

2009-06-13 Thread Bill Landry
Res wrote: > On Sat, 13 Jun 2009, Bill Landry wrote: > >> I just love these kinds of responses (talk about 5yo tantrums), as they >> only server to prove my point about your credibility and the value of >> your opinions. Thank you! :-) > > truth hurts dont it landry, just like i tell those who

Re: BOTNET timeouts?

2009-06-13 Thread Bill Landry
Benny Pedersen wrote: > On Sat, June 13, 2009 14:31, Bill Landry wrote: >> However, if >> you are willing to release something to the open source community, you >> should also be willing to take on the responsibility of providing >> ongoing support for it. > > who says that ?, i have maybe missund

Re: BOTNET timeouts?

2009-06-13 Thread Benny Pedersen
On Sat, June 13, 2009 14:31, Bill Landry wrote: > However, if > you are willing to release something to the open source community, you > should also be willing to take on the responsibility of providing > ongoing support for it. who says that ?, i have maybe missunderstod gpl licenses ?, its far

Re: BOTNET timeouts?

2009-06-13 Thread Bill Landry
John Rudd wrote: > Further, Bill, I don't answer to you for my time constraints. Now > quit your whining and put your money where your mouth is. If it's so > important, then provide a fix that replaces Net::DNS with SA's > internal DNS routines, and I'll use it. If it's not important enough > t

Re: BOTNET timeouts?

2009-06-13 Thread Res
On Sat, 13 Jun 2009, Bill Landry wrote: I just love these kinds of responses (talk about 5yo tantrums), as they only server to prove my point about your credibility and the value of your opinions. Thank you! :-) truth hurts dont it landry, just like i tell those who "demand" extra capabilit

Re: BOTNET timeouts?

2009-06-13 Thread Res
On Sat, 13 Jun 2009, Bill Landry wrote: Res wrote: No because I seem to have reliable DNS and have never exhibited the issue. Oh, and if in fact you "really" had a clue, you would know that "DNS reliability" has absolutely nothing to do with this issue... ;-) funny, given most people dont

Re: BOTNET timeouts?

2009-06-13 Thread Bill Landry
Res wrote: > No because I seem to have reliable DNS and have never exhibited the issue. Oh, and if in fact you "really" had a clue, you would know that "DNS reliability" has absolutely nothing to do with this issue... ;-) Bill

Re: BOTNET timeouts?

2009-06-13 Thread Bill Landry
I just love these kinds of responses (talk about 5yo tantrums), as they only server to prove my point about your credibility and the value of your opinions. Thank you! :-) Bill Res wrote: > On Thu, 11 Jun 2009, Bill Landry wrote: > >>> I'm sure John might be happier to stay awake later and wor

Re: BOTNET timeouts?

2009-06-13 Thread Res
On Thu, 11 Jun 2009, Bill Landry wrote: I'm sure John might be happier to stay awake later and work on it for a hour or so each night as a 'priority' *IF* Bill was willing to pay John for his time, but I suspect not somehow, as it is far easier to come on a mailing list and have a temper tantru