> Ignore the text immediately after the "from", in this case
> "SUB.MYDOMAIN.MAIL". That is _not_ rDNS data, that is whatever the
> client sent in its SMTP HELO, and can be _anything_. If you see the
> correct hostname there it just means that computer is sending its
> correct hostname when it say
On Mon, 2009-10-05 at 15:05 -0700, Quanah Gibson-Mount wrote:
> --On Monday, October 05, 2009 11:50 PM +0200 mouss
> wrote:
>
> > Thomas Mullins a écrit :
> >> We have been running Spamassassin for maybe eight years now. But, my
> >> coworkers do not like OpenSource. So they have finally comp
On 10/6/2009 2:33 AM, Warren Togami wrote:
Please excuse me, I used faulty logic.
I wasn't asking you anything further. I meant I asked this "friend" for
more details and it seems to be non-technical users is the most likely
type of people to type legitimate mail in all caps.
Warren
so wh
I started getting spam that was distinctive for having two boxes - one "Email
Security Information" and one "Privacy Policy" and viewing source indicated the
mails came from a server at "noave.net" 74.63.109.*.
I blocked 74.63.109.* and the spam stopped for a while, but I just got my first
sp
Please excuse me, I used faulty logic.
I wasn't asking you anything further. I meant I asked this "friend" for
more details and it seems to be non-technical users is the most likely
type of people to type legitimate mail in all caps.
Warren
Warren Togami wrote:
> OK... asking again, it seems more likely the commonality in people who
> write mail in all caps is being extremely untechnical, barely able to
> type, or working for the government.
And your question is...?
Sounds like the part of your friend's comment that talks about the
On tir 06 okt 2009 00:05:52 CEST, Quanah Gibson-Mount wrote
And once exchange falls over, show them Zimbra. ;) Which uses
postfix/SA/amavis, etc, and looks a lot like exchange... only
better. ;)
if zimbra was good i would not have choiced horde
--
xpoint
On Mon, 5 Oct 2009, Marc Perkel wrote:
John Hardin wrote:
On Mon, 5 Oct 2009, Marc Perkel wrote:
Our white list is supposed to be a source of pure good email. So if spam
comes for any of the white listed IPs then it's an error.
Whose? Yours or theirs?
Meaning: is a single spam reason for
OK... asking again, it seems more likely the commonality in people who
write mail in all caps is being extremely untechnical, barely able to
type, or working for the government.
Warren
On Mon, 5 Oct 2009, Warren Togami wrote:
On 10/05/2009 03:52 PM, Karsten Bräckelmann wrote:
On Mon, 2009-10-05 at 15:44 -0400, Warren Togami wrote:
> On 10/05/2009 02:53 PM, Karsten Bräckelmann wrote:
> > Well, the Sought rule-set (and thus Fraud sub-set) is being
> > re-generated every 4
On Mon, 5 Oct 2009, Karsten Br�ckelmann wrote:
On Mon, 2009-10-05 at 19:56 +0200, Benny Pedersen wrote:
On man 05 okt 2009 17:16:06 CEST, Karsten Bräckelmann wrote
Without checking -- I believe, all you need is a redirector_pattern for
the IP redirector, to extract the target URI. The list o
On 10/05/2009 03:52 PM, Karsten Bräckelmann wrote:
On Mon, 2009-10-05 at 15:44 -0400, Warren Togami wrote:
On 10/05/2009 02:53 PM, Karsten Bräckelmann wrote:
Well, the Sought rule-set (and thus Fraud sub-set) is being re-generated
every 4 hours -- with an exception of night-time, UTC.
They
Gary Smith wrote:
Let them have as much Windows stuff as they want. Just plead the case to supplement.
I'll have to repeat, for the original poster this isn't a technology
vs technology argument. If it was, his coworkers would be listing
specific things Exchange does that FreeBSD/SA does no
> and the problem is?
>
> if they want exchange, give them exchange. don't fight (directly),
> watch
> instead. take pleasure of the situation, get fun as you can. I
> personally took fun all day long in windows-only (and believe it or
> not,
> in linux-only) environments.
>
>
> that said, you c
Hi,
On Mon, 05.10.2009 at 14:11:46 -0700, John Hardin wrote:
> On Mon, 5 Oct 2009, Thomas Mullins wrote:
>> I will pull out our BSD box, and I will let them connect the Exchange
>> box straight to the Net.
> Second bet: how long it takes after doing that before the box is 0wned.
I wouldn't ho
--On Monday, October 05, 2009 11:50 PM +0200 mouss
wrote:
Thomas Mullins a écrit :
We have been running Spamassassin for maybe eight years now. But, my
coworkers do not like OpenSource. So they have finally complained
enough that my boss is going to replace our reliable
FreeBSD/Spamassassin
Thomas Mullins a écrit :
> We have been running Spamassassin for maybe eight years now. But, my
> coworkers do not like OpenSource. So they have finally complained
> enough that my boss is going to replace our reliable
> FreeBSD/Spamassassin boxes. They are planning on purchasing something
> tha
Shane (Or Thomas)
This isn't a debate about Open Source vs commercial software as
much as you would like to think that it is. This is a debate
about something that your familiar with (FreeBSD/Spamassassin)
and that none of your coworkers are familiar with, vs something
that your coworkers are
Not my box,
I am on the network side of things
Shane
From: John Hardin [mailto:jhar...@impsec.org]
Sent: Mon 10/5/2009 5:11 PM
To: users@spamassassin.apache.org
Cc: Toni Mueller
Subject: RE: OT bad news
On Mon, 5 Oct 2009, Thomas Mullins wrote:
> I w
On Mon, 2009-10-05 at 16:49 -0400, Thomas Mullins wrote:
> Their supposed complaint is, they don't know *nix.
>
Poor babies. Why doesn't your boss give 'em each a copy of 'Linux in a
Nutshell' (or the BSD equivalent) and a week to read it? If they're
competent that should be enough for them to get
On Mon, 2009-10-05 at 16:49 -0400, Thomas Mullins wrote:
> I have no explanation,
> I will pull out our BSD box, and I will let them connect the Exchange
> box straight to the Net.
They probably just want to connect their iPhones to the exchange server
with Active-Sync, and couldn't be bothered
On Mon, 5 Oct 2009, Thomas Mullins wrote:
I will pull out our BSD box, and I will let them connect the Exchange
box straight to the Net.
Second bet: how long it takes after doing that before the box is 0wned.
Of course, if you admin that box too, that bet might be shooting yourself
in the fo
I have no explanation,
Their supposed complaint is, they don't know *nix. But my coworker and I
manage those boxes, so even if one of us left, there would be at least one
person to run those boxes.
SA/ClamAV has been working great. Our BSD box sits in front of the Exchange,
hands off clean
k12 is kindergarten through 12th grade in US schools...
- Message from guent...@rudersport.de -
Date: Mon, 05 Oct 2009 22:33:26 +0200
From: Karsten Bräckelmann
Subject: Re: OT bad news
To: users@spamassassin.apache.org
> On Mon, 2009-10-05 at 13:13 -0700, Jefferson Davi
On Mon, 2009-10-05 at 13:23 -0700, John Hardin wrote:
> I guess the comfort of the illusion of having somebody to sue is a strong
> attraction.
Now there's one argument to start smoking...
(SCNR, and it's probably the cold speaking anyway. ;)
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\
On Mon, 2009-10-05 at 22:33 +0200, Karsten Bräckelmann wrote:
> Since we're off-topic anyway -- I take this response, and the mention of
> "school district" earlier in this thread, that this indeed is just a
> strange coincidence and infrastructural independent states.
>
> Now, if someone could br
On Mon, 2009-10-05 at 13:13 -0700, Jefferson Davis wrote:
> There are some that still don't get the value of opensource... Go
> figure.
[...]
> We just don't experience the pain that some of my exchange-using
> collegues do...
Since we're off-topic anyway -- I take this response, and the mention
On Mon, 2009-10-05 at 22:00 +0200, Karsten Bräckelmann wrote:
> On Mon, 2009-10-05 at 15:42 -0400, Thomas Mullins wrote:
> > We have been running Spamassassin for maybe eight years now. But, my
> > coworkers do not like OpenSource. So they have finally complained
> > enough that my boss is going
On Mon, 5 Oct 2009, Jefferson Davis wrote:
There are some that still don't get the value of opensource... Go figure.
My employer has contracts that specify "no open source".
I guess the comfort of the illusion of having somebody to sue is a strong
attraction.
--
John Hardin KA7OHZ
On Mon, 5 Oct 2009, Thomas Mullins wrote:
We have been running Spamassassin for maybe eight years now. But, my
coworkers do not like OpenSource. So they have finally complained
enough that my boss is going to replace our reliable
FreeBSD/Spamassassin boxes. They are planning on purchasing s
Hi,
On Mon, 05.10.2009 at 15:42:04 -0400, Thomas Mullins
wrote:
> We have been running Spamassassin for maybe eight years now. But, my
> coworkers do not like OpenSource. So they have finally complained
> enough that my boss is going to replace our reliable
> FreeBSD/Spamassassin boxes.
more
On 10/5/2009 9:42 PM, Thomas Mullins wrote:
We have been running Spamassassin for maybe eight years now. But, my
coworkers do not like OpenSource. So they have finally complained
enough that my boss is going to replace our reliable
FreeBSD/Spamassassin boxes. They are planning on purchasing so
There are some that still don't get the value of opensource... Go figure.
In a down economy it makes even more sense... Many of my collegues in other
districts are finally taking notice, then really liking the high quality of the
software once they get their feet wet.
I cannot profess to be a
On Mon, 2009-10-05 at 15:42 -0400, Thomas Mullins wrote:
> We have been running Spamassassin for maybe eight years now. But, my
> coworkers do not like OpenSource. So they have finally complained
> enough that my boss is going to replace our reliable
> FreeBSD/Spamassassin boxes. They are planni
Heh.
If you want, try to convince them to use ASSP:
http://assp.sourceforge.net/
It's open source too, but it does run on an Exchange box, from what
I've heard, and I've only ever heard good things about it.
I must say, I'm surprised, given the state of the economy, that
they've made this decis
On Mon, 2009-10-05 at 15:44 -0400, Warren Togami wrote:
> On 10/05/2009 02:53 PM, Karsten Bräckelmann wrote:
> > Well, the Sought rule-set (and thus Fraud sub-set) is being re-generated
> > every 4 hours -- with an exception of night-time, UTC.
> They are really being generated every 4 hours when
> We have been running Spamassassin for maybe eight years
> now. But, my coworkers do not like OpenSource. So they
> have finally complained enough that my boss is going to
> replace our reliable FreeBSD/Spamassassin boxes. They
> are planning on purchasing something that runs ON
> Exchange. Wh
Glad I don't live in Virginia!! I hate to see my tax dollars wasted
because people don't understand OpenSource.. Especially in these troubled
times.
From: Thomas Mullins [mailto:tsmull...@wise.k12.va.us]
Sent: Monday, October 05, 2009 15:42
To: users@spamassassin.apache.org
Subject: OT bad ne
Thomas Mullins wrote:
We have been running Spamassassin for maybe eight years now. But, my
coworkers do not like OpenSource. So they have finally complained
enough that my boss is going to replace our reliable
FreeBSD/Spamassassin boxes. They are planning on purchasing something
that runs
We have been running Spamassassin for maybe eight years now. But, my
coworkers do not like OpenSource. So they have finally complained
enough that my boss is going to replace our reliable
FreeBSD/Spamassassin boxes. They are planning on purchasing something
that runs ON Exchange. What a bummer.
On 10/05/2009 02:53 PM, Karsten Bräckelmann wrote:
On Mon, 2009-10-05 at 13:30 -0500, McDonald, Dan wrote:
On Mon, 2009-10-05 at 20:17 +0200, Karsten Bräckelmann wrote:
Just a minor nit, in case it isn't just different terminology. Installed
sounds like a one-time operation -- the Sought rule
Warren Togami wrote:
> On 10/05/2009 02:30 PM, René Berber wrote:
>> Warren Togami wrote:
>>
>>> I heard an interesting story from a friend who was working in Mexico for
>>> the past few months. Apparently in some Latin American countries,
>>> uppercase legitimate person-to-person e-mail is commo
On Mon, 2009-10-05 at 13:30 -0500, McDonald, Dan wrote:
> On Mon, 2009-10-05 at 20:17 +0200, Karsten Bräckelmann wrote:
> > Just a minor nit, in case it isn't just different terminology. Installed
> > sounds like a one-time operation -- the Sought rule-set needs to be
> > updated using sa-update f
On man 05 okt 2009 20:30:09 CEST, "McDonald, Dan" wrote
How often should I be running sa-update to pick up SOUGHT. I currently
run it automatically once a day, and ad-hoc whenever I tweak any other
rules. Should I run 4 times/day? 6? Inquiring minds want to know.
first one would need to kno
On 10/05/2009 02:30 PM, René Berber wrote:
Warren Togami wrote:
I heard an interesting story from a friend who was working in Mexico for
the past few months. Apparently in some Latin American countries,
uppercase legitimate person-to-person e-mail is common because it is
seen as a sign of resp
John Hardin wrote:
On Mon, 5 Oct 2009, Marc Perkel wrote:
Our white list is supposed to be a source of pure good email. So if
spam comes for any of the white listed IPs then it's an error.
Whose? Yours or theirs?
Meaning: is a single spam reason for an IP to be dropped from the
hostkarma
Warren Togami wrote:
> I heard an interesting story from a friend who was working in Mexico for
> the past few months. Apparently in some Latin American countries,
> uppercase legitimate person-to-person e-mail is common because it is
> seen as a sign of respect. This apparently is due to histor
On Mon, 2009-10-05 at 20:17 +0200, Karsten Bräckelmann wrote:
> On Mon, 2009-10-05 at 11:01 -0700, Jefferson Davis wrote:
> > Thanks for the tips and low-grade knuck-wrap. Investigating -
> > installed 20_sought, tweaked local.cf back to 5.0 per list
> > recommendation.
> Just a minor nit, in c
On Mon, 2009-10-05 at 11:21 -0700, John Hardin wrote:
> On Mon, 5 Oct 2009, Warren Togami wrote:
>
> > Did the old rule decode %2E%63%6E as .cn though?
>
> The URI parser does that for you:
>
> [11433] dbg: rules: ran uri rule ALL_URI ==> got hit:
> "http://fnord:b...@321%2e%63%6e";
> [114
On Mon, 2009-10-05 at 19:56 +0200, Benny Pedersen wrote:
> On man 05 okt 2009 17:16:06 CEST, Karsten Bräckelmann wrote
> > Without checking -- I believe, all you need is a redirector_pattern for
> > the IP redirector, to extract the target URI. The list of URIs should
> > also contain a cleaned ve
On Mon, 5 Oct 2009, Jefferson Davis wrote:
installed 20_sought
There are actually two sought rulesets, one generated from a general
spamtrap and one generated from hand-classified fraud corpora. You likely
want both.
If you set up sought in sa-update (which is what you should do as they ar
On Mon, 2009-10-05 at 11:01 -0700, Jefferson Davis wrote:
> Thanks for the tips and low-grade knuck-wrap. Investigating -
> installed 20_sought, tweaked local.cf back to 5.0 per list
> recommendation.
>
> Appears that perhaps bayes_db is jacked up. re-training.
All good. :)
Just a minor nit,
On 10/05/2009 11:27 AM, John Hardin wrote:
Warren:
I guess that's an argument against anchoring CN_EIGHT at the beginning
of the URI...
I wasn't the one that suggested anchoring.
Did the old rule decode %2E%63%6E as .cn though?
Warren
On man 05 okt 2009 17:16:06 CEST, Karsten Bräckelmann wrote
Without checking -- I believe, all you need is a redirector_pattern for
the IP redirector, to extract the target URI. The list of URIs should
also contain a cleaned version of the extracted target URI, with the
escapes converted.
i hav
- Message from jda...@standard.k12.ca.us -
Date: Mon, 05 Oct 2009 09:32:39 -0700
From: Jefferson Davis
Subject: Low score? Recommendations?
To: users
> Keep getting similar obvious (to me) spam - tuning recommendations? My
> threshold is torqued down to 3.5
*** i
On man 05 okt 2009 17:06:19 CEST, Joseph Brennan wrote
Double obfuscation-- first the indirect through 66.196.80.202 (yahoo) and
then %2E%63%6E for .cn
yahoo accept content to be on there ip ?
lets blcok that ip so
--
xpoint
On Mon, 2009-10-05 at 09:32 -0700, Jefferson Davis wrote:
> Keep getting similar obvious (to me) spam - tuning recommendations?
> My threshold is torqued down to 3.5
AV:Sanesecurity.Junk.14595.UNOFFICIAL=6.1,
AE_DETAILS_WITH_EMAIL=2.5, AE_DETAILS_WITH_MONEY=2, BOTNET_SOHO=-0.1,
HTML_MESSAGE=0.00
On Mon, 5 Oct 2009, Jefferson Davis wrote:
Keep getting similar obvious (to me) spam - tuning recommendations? My
threshold is torqued down to 3.5
X-SPAM-LEVEL: *
X-SPAM-STATUS: No, score=1.1 required=3.5
tests=BAYES_50,RAZOR2_CHECK, SPF_HELO_PASS,US_DOL
> Keep getting similar obvious (to me) spam - tuning
> recommendations? My threshold is torqued down to 3.5
>
> X-Spam-Level: *
> X-Spam-Status: No, score=1.1 required=3.5
> tests=BAYES_50,RAZOR2_CHECK, SPF_HELO_PASS,US_DOLLARS_3
> autolearn=no version=3.2.4
>
Please don't send spam to the
On Mon, 2009-10-05 at 09:32 -0700, Jefferson Davis wrote:
> Keep getting similar obvious (to me) spam - tuning recommendations?
Bayes training. Sought [1] Fraud third-party rule-set.
> My threshold is torqued down to 3.5
Don't. Do expect FPs with a required_score that low.
> X-Spam-Status: N
On Mon, 5 Oct 2009, Marc Perkel wrote:
Our white list is supposed to be a source of pure good email. So if spam
comes for any of the white listed IPs then it's an error.
Whose? Yours or theirs?
Meaning: is a single spam reason for an IP to be dropped from the
hostkarma whitelist?
--
John
On Oct 4, 2009, at 1:46 PM, Steve Fatula wrote:
We use Spamassassin via spamc/spamd via procmail. In the maillog
file, we see when there is spam, the message indicates a bunch of
information. raddr shows up always as 127.0.0.1, which is our course
our connection to SPAMD from our machine v
In the last week I've put a lot of effort into improving the accuracy of
my white lists. Especially for those of you who are critical of the
accuracy of hostkarma white list I'd like you all to test it now and
tell me how it works now. I have to admit that I have been less
motivated in the past
On Mon, 2009-10-05 at 08:27 -0700, John Hardin wrote:
> I guess that's an argument against anchoring CN_EIGHT at the beginning of
> the URI...
No, it is not.
It's an argument for a new redirector_pattern. The extracted target URIs
are provided for uri rules.
Or alternatively, seriously kicking
On Sun, 2009-10-04 at 14:03 -0500, Robert Braver wrote:
> On Sunday, October 4, 2009, 1:55:55 PM, RW wrote:
>
> > Right, although I doubt this list is going to be much use for
> > SpamAssassin. With zen being so popular, I think everything that can
> > be caught with it will get caught at the smt
On Mon, 5 Oct 2009, Joseph Brennan wrote:
From spam today:
href="http://66.196.80.202/babelfish/translate_url_content?.intl=us&lp=es_en&trurl=http://johnnie2006.mcafaloj%2E%63%6E";
style="text-decoration: none; color: #0099ff;">click here
Double obfuscation-- first the indirect through 66.1
On Mon, 2009-10-05 at 11:06 -0400, Joseph Brennan wrote:
> Double obfuscation-- first the indirect through 66.196.80.202 (yahoo) and
> then %2E%63%6E for .cn
Without checking -- I believe, all you need is a redirector_pattern for
the IP redirector, to extract the target URI. The list of URIs shoul
From spam today:
href="http://66.196.80.202/babelfish/translate_url_content?.intl=us&lp=es_en&trurl=http://johnnie2006.mcafaloj%2E%63%6E";
style="text-decoration: none; color: #0099ff;">click here
Double obfuscation-- first the indirect through 66.196.80.202 (yahoo) and
then %2E%63%6E for
Chris write:
>Steve, are you looking for something like this:
>X-senderip: 213.240.247.107
>X-asn: ASN-20911
>X-cidr: 213.240.244.0/22
>If so I can send you the formail recipes I use.
I was looking for the log files. I decided to go another way that makes it
easier, just create a plugin since
On Oct 4, 2009, at 8:56 PM, Steven W. Orr wrote:
I did some googling, and the more I read, the more apparent that the
documentation is a little light.
So here are the questions that I think are really the 800 pound
elephant in
the room:
* If I do set bayes_auto_expire to 0 and I am using M
On Mon, 5 Oct 2009, Igor Bogomazov wrote:
John Hardin wrote:
On Fri, 2 Oct 2009, Igor Bogomazov wrote:
I've checked rDNS of the prefix.domain.mail with 'host' utility -
it's all right.
Igor, can you show us how you used host and what it output?
Here's both headers, tagged "Received":
Ne
On man 05 okt 2009 03:56:49 CEST, "Steven W. Orr" wrote
I did some googling, and the more I read, the more apparent that the
documentation is a little light.
So here are the questions that I think are really the 800 pound elephant in
the room:
my cats are not that big :)
* If I do set bayes_
I heard an interesting story from a friend who was working in Mexico for
the past few months. Apparently in some Latin American countries,
uppercase legitimate person-to-person e-mail is common because it is
seen as a sign of respect. This apparently is due to historical
telegraph messages be
On Mon, Oct 05, 2009 at 10:45:40AM +0100, Ned Slider wrote:
> Mike Cardwell wrote:
>>
>> I use SpamHaus from SpamAssassin rather than directly from my MTA
>> mainly because I don't want that mail to avoid the bayes auto-learning.
>> If I ever find the service running out of cpu cycles, I might co
Mike Cardwell wrote:
On 04/10/2009 22:16, mouss wrote:
why "lastexternal" ?
would you expect ham traffic from those IPs? and want to loose deeper
header parsing?
Right, although I doubt this list is going to be much use for
SpamAssassin. With zen being so popular, I think everything that can
On 04/10/2009 22:16, mouss wrote:
why "lastexternal" ?
would you expect ham traffic from those IPs? and want to loose deeper
header parsing?
Right, although I doubt this list is going to be much use for
SpamAssassin. With zen being so popular, I think everything that can
be caught with it wil
76 matches
Mail list logo
