On 7/1/2009 8:50 AM, rich...@buzzhost.co.uk wrote:
> Oh, and look: dnsbl.sorbs.net
So it seems that the demise of sorbs will add latency if their servers
stop answering...
See "Update: 25th June 2009 "
http://www.au.sorbs.net/
On Wed, 2009-07-01 at 08:26 +0200, Benny Pedersen wrote:
> On Wed, July 1, 2009 07:44, rich...@buzzhost.co.uk wrote:
> > In particular
> > # Enable or disable network checks
> > skip_rbl_checks 0
> > 0 = off 1 = on
>
> wroung
>
> 0 = use rbl
> 1 = skib rbl test
>
Indeed I was "WROUNG";
On 30-Jun-2009, at 19:38, Karsten Bräckelmann wrote:
Yes, that *might* result in images being loaded off the net auto-
matically, depending on your MUA settings. Hence the "safe". But it
really makes reviewing harder, having the user scroll and klick each
single spam.
Erm.. I don't understand h
On Wed, July 1, 2009 07:44, rich...@buzzhost.co.uk wrote:
> In particular
> # Enable or disable network checks
> skip_rbl_checks 0
> 0 = off 1 = on
wroung
0 = use rbl
1 = skib rbl test
--
xpoint
On Wed, 2009-07-01 at 01:15 +0200, Michelle Konzack wrote:
> Am 2009-06-30 14:08:33, schrieb John Hardin:
> > If zen worked to catch the message in procmail, how does it not work on
> > your MTA? Or did we misinterpret your original post?
>
> In Debian, the network related scans are activated an
On Tue, 2009-06-30 at 18:36 -0600, LuKreme wrote:
> On 30-Jun-2009, at 14:57, John Horne wrote:
> > I am currently reconfiguring SA, and have set report_safe to 0. Our
> > 'required' score is 8, and I have also configured:
>
> Raising the required score is clearly a mistake. Setting report safe
On 29-Jun-2009, at 10:53, Kevin Parris wrote:
It is folly to underestimate the stupidity and/or gullibility of
humans. Just because the link "won't work" as-is in the message
does NOT mean people out there won't retype it, corrected, into
their browser address box. It is my opinion that if
On 30-Jun-2009, at 14:57, John Horne wrote:
I am currently reconfiguring SA, and have set report_safe to 0. Our
'required' score is 8, and I have also configured:
Raising the required score is clearly a mistake. Setting report safe
to 0 is generally user-hostile. Setting it to one is the best
> > Both of you. ;)
>
> Mea culpa. I _never_ think of header ALL rules.
See my RATWARE_OUTLOOK rule. ;)
Reminds me of an important bit I meant to add, but forgot. It's pretty
important to properly anchor matches and limit wildcard matching with
multi-line RE's -- otherwise they can easily bog do
On Wed, 1 Jul 2009 01:15:56 +0200
Michelle Konzack wrote:
> Am 2009-06-30 14:08:33, schrieb John Hardin:
> > If zen worked to catch the message in procmail, how does it not
> > work on your MTA? Or did we misinterpret your original post?
>
> In Debian, the network related scans are activated and
On Wed, 1 Jul 2009, Karsten Br?ckelmann wrote:
On Tue, 2009-06-30 at 16:50 -0700, John Hardin wrote:
On Wed, 1 Jul 2009, Benny Pedersen wrote:
From: "Compare and Cover Life"
X-Mailer: webguide103.com
How would I construct a spamassassin rule to check for this?
impossible without a pluging
On Wed, 2009-07-01 at 01:26 +0200, Mark Martinec wrote:
> > >X-spam-report: Score=-6.9
> > > tests=BAYES_00,DCC_CHECK,RCVD_IN_DNSWL_HI autolearn=ham
> >
> > That is not a standard SA header. Actually, there's quite a lot fishy
> > about that.
> >
> > First of all, SA is incapable of add
On Tue, 2009-06-30 at 16:50 -0700, John Hardin wrote:
> On Wed, 1 Jul 2009, Benny Pedersen wrote:
> > > From: "Compare and Cover Life"
> > > X-Mailer: webguide103.com
> > > How would I construct a spamassassin rule to check for this?
> >
> > impossible without a pluging
Meep. Wrong!
> ...unless
On Wed, 2009-07-01 at 00:23 +0100, Mike Cardwell wrote:
> I've started seeing spam email containing an X-Mailer header which is
> the domain name of the From header. Eg:
>
> From: "Compare and Cover Life"
> X-Mailer: webguide103.com
The *first* question should be, how are these scoring generall
On Wed, 1 Jul 2009, Benny Pedersen wrote:
On Wed, July 1, 2009 01:23, Mike Cardwell wrote:
From: "Compare and Cover Life"
X-Mailer: webguide103.com
> How would I construct a spamassassin rule to check for this?
impossible without a pluging
...unless you just do a loose X-Mailer-looks-like
On Wed, 1 Jul 2009, Michelle Konzack wrote:
Am 2009-06-30 14:08:33, schrieb John Hardin:
If zen worked to catch the message in procmail, how does it not work on
your MTA? Or did we misinterpret your original post?
In Debian, the network related scans are activated and I do not know,
why ZE
On Wed, July 1, 2009 01:23, Mike Cardwell wrote:
> From: "Compare and Cover Life"
> X-Mailer: webguide103.com
> How would I construct a spamassassin rule to check for this?
impossible without a pluging, would be faster to reject sender in mta
--
xpoint
> >X-spam-report: Score=-6.9
> > tests=BAYES_00,DCC_CHECK,RCVD_IN_DNSWL_HI autolearn=ham
>
> That is not a standard SA header. Actually, there's quite a lot fishy
> about that.
>
> First of all, SA is incapable of adding it -- all SA generated headers
> start with X-Spam- (note the uppe
Hi,
I've started seeing spam email containing an X-Mailer header which is
the domain name of the From header. Eg:
From: "Compare and Cover Life"
X-Mailer: webguide103.com
How would I construct a spamassassin rule to check for this?
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwel
Am 2009-06-30 14:08:33, schrieb John Hardin:
> If zen worked to catch the message in procmail, how does it not work on
> your MTA? Or did we misinterpret your original post?
In Debian, the network related scans are activated and I do not know,
why ZEN is never executed. If you know more abo
On Tue, 2009-06-30 at 21:57 +0100, John Horne wrote:
> I am currently reconfiguring SA, and have set report_safe to 0. Our
> 'required' score is 8, and I have also configured:
>
> clear_report_template
> report "Score=_SCORE_ tests=_TESTS_ autolearn=_AUTOLEARN_"
The report option does n
On Tue, 30 Jun 2009, Michelle Konzack wrote:
Am 2009-06-30 07:06:37, schrieb rich...@buzzhost.co.uk:
Are you saying that ZEN caught it after SA processed it? Why are you
not using ZEN in SA or at the SMTP stage?
Because it does not work...
My Mailserver does tonns (the syslog of my DNS server
Hello,
Using SA 3.2.5 I read in the Mail::SpamAssassin::Conf man page that:
report_safe ( 0 | 1 | 2 ) (default: 1)
...
If this option is set to 0, incoming spam is only modified
by adding some "X-Spam-" headers and no changes will be made
to the body. In
Am 2009-06-30 07:06:37, schrieb rich...@buzzhost.co.uk:
> Are you saying that ZEN caught it after SA processed it? Why are you
> not
> using ZEN in SA or at the SMTP stage?
Because it does not work...
My Mailserver does tonns (the syslog of my DNS server is full of it) of
DNS checks but ZEN does
Am 2009-06-30 04:33:57, schrieb Benny Pedersen:
> what ip ?
[michelle.konz...@michelle1:~] host 224.118.146.174.zen.spamhaus.org
224.118.146.174.zen.spamhaus.org has address 127.0.0.11
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
On Tue, 30 Jun 2009 09:10:36 +0200
Matus UHLAR - fantomas wrote:
> On 30.06.09 07:06, rich...@buzzhost.co.uk wrote:
> > Are you saying that ZEN caught it after SA processed it? Why are
> > you not using ZEN in SA or at the SMTP stage?
>
> She apparently does not have control over 69.43.203.202,
Am 2009-06-30 13:50:09, schrieb Yet Another Ninja:
> See RegistrarBoundaries.pm in SA source and
> http://www.rulesemporium.com/rules/90_2tld.cf
I know this list, but these are only domains, where you can get a
3rd Level Domain like on as
http://tamay.dogan.free.fr/
which was create
On Tue, 30 Jun 2009, John Wilcock wrote:
Le 30/06/2009 17:16, John Hardin a écrit :
> ... looking at the www peter got an impression of ...
> (-> www.peter.got?)
TLDs are limited and prevent FPs of that particular nature.
Sure, but there are lots of ccTLDs that could be confused wit
John Wilcock wrote:
... looking at the www peter got an impression of ...
(-> www.peter.got?)
TLDs are limited and prevent FPs of that particular nature.
Sure, but there are lots of ccTLDs that could be confused with English
words, never mind other languages.
Do you really want Spam
Le 30/06/2009 17:16, John Hardin a écrit :
... looking at the www peter got an impression of ...
(-> www.peter.got?)
TLDs are limited and prevent FPs of that particular nature.
Sure, but there are lots of ccTLDs that could be confused with English
words, never mind other languages.
D
On Tue, 30 Jun 2009, Jan P. Kessler wrote:
Martin Gregorie schrieb:
... digging through the WWW HE SAW this link ...
Both IMO should be caught and given a positive score. I've never seen
legitimate mail containing URLs written this way.
Maybe I was not clear: The last one is NOT an url. D
> So you want obfuscated urls to be recognised as urls but not treated as
> urls?
>
Of course. Its spam.
> If this is just for a few own pcre body rules, I'd suggest you to
> handle those de-obfuscations in your rules.
>
Guess what I'm doing.
> You can also publish your own plugin, if you think t
Martin Gregorie schrieb:
> What makes you think I'm using URI tests or that any of these would be
> recognised as a URI? My tests are simple body tests with {1,n} limits on
> repetitions to keep things under control.
>
So you want obfuscated urls to be recognised as urls but not treated as
urls
On Tue, 2009-06-30 at 13:14 +0200, Jan P. Kessler wrote:
> Martin Gregorie schrieb:
> >> ... go to WWW EVIL ORG for new meds ...
> >>
> >> and
> >>
> >> ... digging through the WWW HE SAW this link ...
> >>
> > Both IMO should be caught and given a positive score. I've never seen
> > legitimate mai
On 6/30/2009 1:18 PM, Michelle Konzack wrote:
Am 2009-06-30 12:30:14, schrieb Jan P. Kessler:
How would you distinguish between
... go to WWW EVIL ORG for new meds ...
and
... digging through the WWW HE SAW this link ...
to prevent SA trying to look up www.he.saw?
Is SAW a valid TO
Michelle Konzack wrote:
> Is SAW a valid TOPLEVEL domain?
>
> SA could use a list of valid TLD's.
>
Ok, let's change that (do not forget that there's more than .com)
the www seems to become the primary source of information these days
(->www.seems.to?)
And I think we agree, that it wo
Am 2009-06-30 11:58:20, schrieb Martin Gregorie:
> > http:// meds spammer org
> >
> That should be scored positive too, for the same reason.
And in my org this should no happen...
is a valid domain FOR SALE.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrato
Am 2009-06-30 12:30:14, schrieb Jan P. Kessler:
> How would you distinguish between
>
> ... go to WWW EVIL ORG for new meds ...
>
> and
>
> ... digging through the WWW HE SAW this link ...
>
> to prevent SA trying to look up www.he.saw?
Is SAW a valid TOPLEVEL domain?
SA could use a l
Martin Gregorie schrieb:
>> ... go to WWW EVIL ORG for new meds ...
>>
>> and
>>
>> ... digging through the WWW HE SAW this link ...
>>
> Both IMO should be caught and given a positive score. I've never seen
> legitimate mail containing URLs written this way.
Maybe I was not clear: The last one is
> ... go to WWW EVIL ORG for new meds ...
>
> and
>
> ... digging through the WWW HE SAW this link ...
>
Both IMO should be caught and given a positive score. I've never seen
legitimate mail containing URLs written this way.
> And what about URLs that don't start with WWW, like
>
>
Jason Haar schrieb:
> All this talk about trying to catch urls that contain spaces/etc got me
> thinking: why isn't this a standard SA feature? i.e if SA sees
> "www(whitespace|comma|period)-combo(therest)", then rewrite it as the
> url and process.
How would you distinguish between
... go to
> Anshul Chauhan wrote:
> > we have to copy KAM.cf to /usr/share/spamassassin only for its
> > integration with spamassassin or something else is to done
> >
> > I'm using spamassassin-3.2.5-1.el4.rf on Centos4.7
On 30.06.09 02:11, Matt Kettler wrote:
> Any add-on rules should be placed in the sa
> On Tue, 2009-06-30 at 00:46 +0200, Michelle Konzack wrote:
> > For some seconds I have goten this spam, which has passed my spmassassin
> > but was hit by a seperated ZEN rule in procmail:
> >
> >
> > Return-Path: soria.h.steven...@gmail.com
> > X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-
43 matches
Mail list logo
