LuKreme wrote:
> The unsubscribe link is right there in plain sight. Whether Gmail
> conceals it from you has nothing to do with it.
Few consumer mail clients (Gmail, Yahoo, Thunderbird, OE, Outlook,
Lotus/Domino, etc) show the user headers by default. This means they are
clearly NOT in plain s
On 13-Jun-2009, at 19:56, MySQL Student wrote:
Received: from [78.97.185.89] (unknown [78.97.185.89])
Message-ID:
Do they all have message ID's that include the IP?
Yeah, great, it looks like they all do. Would something like this
work?
header MYMSGIPMessage-ID =~ /78.97.185
On Sat, Jun 13, 2009 at 18:56, MySQL Student wrote:
>
> I also see BOTNET_NORDNS in Botnet.cf, but it isn't being triggered. It's
> also weighted at 0.0. Is there a reason for this?
There's two ways to use Botnet:
1) one big rule (BOTNET) that rolls up all of the sub-rule scores.
2) triggering
On Sat, Jun 13, 2009 at 18:47, MySQL Student wrote:
> Hi John,
>
>> Botnet seems to have caught that just fine (it's listed in the rules
>> which were triggered). The problem is either that you're running it
>> at a lower score (which you could also do for Botnet0.8 if you wanted
>> to upgrade --
Hi Charles,
Received: from [78.97.185.89] (unknown [78.97.185.89])
>> Message-ID:
>>
>
> Do they all have message ID's that include the IP?
Yeah, great, it looks like they all do. Would something like this work?
header MYMSGIPMessage-ID =~ /78.97.185.89/
score MYMSGIP0.3
desc
Hi John,
Botnet seems to have caught that just fine (it's listed in the rules
> which were triggered). The problem is either that you're running it
> at a lower score (which you could also do for Botnet0.8 if you wanted
> to upgrade -- their default scores are exactly the same), or you need
> oth
On Sat, 13 Jun 2009, MySQL Student wrote:
Received: from [78.97.185.89] (unknown [78.97.185.89])
Message-ID:
Do they all have message ID's that include the IP? You could score that
0.3 or so to help push it over the line. Also give a bit mroe score to the
RDNS rules
You also might want
Botnet seems to have caught that just fine (it's listed in the rules
which were triggered). The problem is either that you're running it
at a lower score (which you could also do for Botnet0.8 if you wanted
to upgrade -- their default scores are exactly the same), or you need
other rules/configs t
On 13-Jun-2009, at 18:21, John Hardin wrote:
On Sun, 14 Jun 2009, Res wrote:
It's the weekend and I was bored :)
This list does not exist to provide you amusement.
Are you sure about that?
--
I gotta straighten my face This mellow-thighed chick just put my
spine out of place
On Sun, 14 Jun 2009, Res wrote:
Though now its Sunday, I have socialising to do, and none of that includes
sitting on mailing lists listening to cry babies who expect people involved
in OSSP's to drop everything and be their servants.
So we'll just all pretend you didn't send this message.
Hi all,
I'm using SA-3.2.5 on Linux and my system is being deluged with spam that
isn't being caught, apparently from botnets. I'm using botnet-0.7. The
subject is random and the "Received from" header is always an unresolvable
IP. Is there a more robust botnet plugin that may be more effective?
B
On Sun, 14 Jun 2009, Res wrote:
It's the weekend and I was bored :)
This list does not exist to provide you amusement.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4
Truth still hurts hey, one day you might smell the coffee :)
On Sat, 13 Jun, Bill Landry as usual sooked nothing worth reading:
--
Res
-Beware of programmers who carry screwdrivers
On Sat, 13 Jun 2009, Charles Gregory wrote:
I'm always amused by the hyporcrisy of people who spend paragraphs of text
explaining that the person they are addressing is 'not worth their time'.
It's the weekend and I was bored :)
Though now its Sunday, I have socialising to do, and none of tha
I'm developing an SA plugin to whitelist incoming mail from the contents
of a database-based mail archive. The plugin and associated rule are
working, but only because I've hard-coded the database type, name, user
name and password in the plugin's 'new' method.
Now I'd like to configure the databa
On Sat, 13 Jun 2009, Res wrote:
On Thu, 11 Jun 2009, Bill Landry wrote:
How long have you been on this list?
A lot longer than you might think, I don't say much here,
...
we give up our lives and work JUST to satisfy something you want, it
will never happen turdbreath, get used to it, if
On Sat, 13 Jun 2009, Res wrote:
my life comes before no-life whinging fucking cry baby lamers like
you.
I'm always amused by the hyporcrisy of people who spend paragraphs of text
explaining that the person they are addressing is 'not worth their time'.
- C
Michael Scheidell wrote:
>
>
> Since we saw two of them come in pretty back to back, I suspect a joe
> job of sometype. those people might not have subscribed.
That would be a bit tricky to just be a joe job. This list is confirmed
opt-in. i.e.: if you subscribe, an automated bot from ezlm sends y
Res wrote:
> On Sat, 13 Jun 2009, Bill Landry wrote:
>
>> I just love these kinds of responses (talk about 5yo tantrums), as they
>> only server to prove my point about your credibility and the value of
>> your opinions. Thank you! :-)
>
> truth hurts dont it landry, just like i tell those who
Benny Pedersen wrote:
> On Sat, June 13, 2009 14:31, Bill Landry wrote:
>> However, if
>> you are willing to release something to the open source community, you
>> should also be willing to take on the responsibility of providing
>> ongoing support for it.
>
> who says that ?, i have maybe missund
On Sat, June 13, 2009 14:31, Bill Landry wrote:
> However, if
> you are willing to release something to the open source community, you
> should also be willing to take on the responsibility of providing
> ongoing support for it.
who says that ?, i have maybe missunderstod gpl licenses ?, its far
John Rudd wrote:
> Further, Bill, I don't answer to you for my time constraints. Now
> quit your whining and put your money where your mouth is. If it's so
> important, then provide a fix that replaces Net::DNS with SA's
> internal DNS routines, and I'll use it. If it's not important enough
> t
On Sat, 13 Jun 2009, Bill Landry wrote:
I just love these kinds of responses (talk about 5yo tantrums), as they
only server to prove my point about your credibility and the value of
your opinions. Thank you! :-)
truth hurts dont it landry, just like i tell those who "demand" extra
capabilit
On Sat, 13 Jun 2009, Bill Landry wrote:
Res wrote:
No because I seem to have reliable DNS and have never exhibited the issue.
Oh, and if in fact you "really" had a clue, you would know that "DNS
reliability" has absolutely nothing to do with this issue... ;-)
funny, given most people dont
Res wrote:
> No because I seem to have reliable DNS and have never exhibited the issue.
Oh, and if in fact you "really" had a clue, you would know that "DNS
reliability" has absolutely nothing to do with this issue... ;-)
Bill
I just love these kinds of responses (talk about 5yo tantrums), as they
only server to prove my point about your credibility and the value of
your opinions. Thank you! :-)
Bill
Res wrote:
> On Thu, 11 Jun 2009, Bill Landry wrote:
>
>>> I'm sure John might be happier to stay awake later and wor
On Thu, 11 Jun 2009, Bill Landry wrote:
I'm sure John might be happier to stay awake later and work on it for a
hour or so each night as a 'priority' *IF* Bill was willing to pay
John for his time, but I suspect not somehow, as it is far easier to come
on a mailing list and have a temper tantru
27 matches
Mail list logo