On Mon, 2010-03-08 at 20:44 +, Ned Slider wrote:
> Brian wrote:
> >> That's Postfix 2.3.3 on RHEL5 BTW :-)
> >>
> >> $ rpm -q postfix
> >> postfix-2.3.3-2.1.el5_2.x86_64
> >>
> > Tell me Ned, how do you get Postfix (2.3.3 on RHEL5) to reject at SMTP
> > time without using a the milter or someth
On Mon, 8 Mar 2010, Ned Slider wrote:
John Hardin wrote:
On Mon, 8 Mar 2010, Ned Slider wrote:
>
> So I've refined the rule to specifically exclude hitting on the sequence
> ../. which stops the rule triggering on multiple relative paths.
>
> uriLOCAL_URI_HIDDEN_DIR/(?!.{6}\.
John Hardin wrote:
On Mon, 8 Mar 2010, Ned Slider wrote:
So I've refined the rule to specifically exclude hitting on the
sequence ../. which stops the rule triggering on multiple relative paths.
uriLOCAL_URI_HIDDEN_DIR/(?!.{6}\.\.\/\..).{8}\/\../
How about:
uri LOC
Renata Dias wrote on Mon, 8 Mar 2010 16:33:15 -0300:
> Some messages receive score 0.00/0.00 and other receive the correct score
> like the example below.
First: there's no evidence that these messages *should* score anything.
Save them to a file and pipe them thru SA to see what they should sco
On Mon, 8 Mar 2010, Ned Slider wrote:
Adam Katz wrote:
> > On 15-May-2009, at 12:46, Adam Katz wrote:
> > > uri URI_HIDDEN /.{7}\/\../
LuKreme wrote:
> > That won't catch
> > http://www.spammer.example.com/.../hidden-malware.asf, it will only
> > catch the relative url form "../path/to/c
On 8.3.2010 21:33, Renata Dias wrote:
>
> Some messages receive score 0.00/0.00 and other receive the correct
> score like the example below.
>
...
> I'm updated SpamAssassin to p5-Mail-SpamAssassin-3.3.0_3 and rules are
> /var/db/spamassassin/3.003000/ .
>
> Can someone help me?
>
You show
On Mon, 2010-03-08 at 15:49 -0500, Bowie Bailey wrote:
> Martin Gregorie wrote:
> > On Mon, 2010-03-08 at 14:56 -0500, Charles Gregory wrote:
> >
> >> Can anyone take a look at this crud and see a header or flag/type that I
> >> could score in SA?
> >>
> >>
> > I can't see anything immedia
Martin Gregorie wrote:
> On Mon, 2010-03-08 at 14:56 -0500, Charles Gregory wrote:
>
>> Can anyone take a look at this crud and see a header or flag/type that I
>> could score in SA?
>>
>>
> I can't see anything immediately apart from the rather wackamoleish
> track of scoring the hidden U
Ned Slider wrote:
Brian wrote:
That's Postfix 2.3.3 on RHEL5 BTW :-)
$ rpm -q postfix
postfix-2.3.3-2.1.el5_2.x86_64
Tell me Ned, how do you get Postfix (2.3.3 on RHEL5) to reject at SMTP
time without using a the milter or something hideous like
Amavis-crashalot? Perhaps if they added some fe
Brian wrote:
That's Postfix 2.3.3 on RHEL5 BTW :-)
$ rpm -q postfix
postfix-2.3.3-2.1.el5_2.x86_64
Tell me Ned, how do you get Postfix (2.3.3 on RHEL5) to reject at SMTP
time without using a the milter or something hideous like
Amavis-crashalot? Perhaps if they added some features to that old
Brian wrote:
On Mon, 2010-03-08 at 20:16 +, Ned Slider wrote:
Brian wrote:
On Mon, 2010-03-08 at 14:08 -0500, Michael Scheidell wrote:
just a heads up: I don't know if there is a problem with SA milter, but
there is a snort signature for it now.
Original Message
Subje
> That's Postfix 2.3.3 on RHEL5 BTW :-)
>
> $ rpm -q postfix
> postfix-2.3.3-2.1.el5_2.x86_64
>
Tell me Ned, how do you get Postfix (2.3.3 on RHEL5) to reject at SMTP
time without using a the milter or something hideous like
Amavis-crashalot? Perhaps if they added some features to that old
dinosa
On Mon, 2010-03-08 at 14:56 -0500, Charles Gregory wrote:
> Can anyone take a look at this crud and see a header or flag/type that I
> could score in SA?
>
I can't see anything immediately apart from the rather wackamoleish
track of scoring the hidden URL in the body.
If this trick:
http://www.s
On Mon, 2010-03-08 at 20:16 +, Ned Slider wrote:
> Brian wrote:
> > On Mon, 2010-03-08 at 14:08 -0500, Michael Scheidell wrote:
> >> just a heads up: I don't know if there is a problem with SA milter, but
> >> there is a snort signature for it now.
> >>
> >>
> >> Original Message ---
Ned Slider wrote:
Brian wrote:
The key is this:
"If spamass-milter is run with the expand flag (-x option) it runs a
popen() including the attacker supplied recipient (RCPT TO)."
POC IS
$ nc localhost 25
220 ownthabox ESMTP Postfix (Ubuntu)
mail from: me () me com
250 2.1.0 Ok
rcpt to: root+
Brian wrote:
On Mon, 2010-03-08 at 14:08 -0500, Michael Scheidell wrote:
just a heads up: I don't know if there is a problem with SA milter, but
there is a snort signature for it now.
Original Message
Subject: [Emerging-Sigs] SIG: SpamAssassin Milter Plugin Remote
Arbitra
Hello!
I think I asked about this once before. I keep getting foreign language
spams with noobvious (to me) indicators that I could test for
Can anyone take a look at this crud and see a header or flag/type that I
could score in SA?
http://pastebin.com/3gGiaZVK
(Note: post is set to exp
On Mon, 2010-03-08 at 14:08 -0500, Michael Scheidell wrote:
> just a heads up: I don't know if there is a problem with SA milter, but
> there is a snort signature for it now.
>
>
> Original Message
> Subject: [Emerging-Sigs] SIG: SpamAssassin Milter Plugin Remote
> Arbit
Some messages receive score 0.00/0.00 and other receive the correct score
like the example below.
2010-03-08 16:30:42.038813500 simscan:[63157]:SPAM REJECT
(20.90/6.00):215.7090s:[SPAM] Catch the moment poltronieri! 85% Fire
Sale:84.224.133.193:poltroni...@provale.com.br:poltroni...@provale.com.b
just a heads up: I don't know if there is a problem with SA milter, but
there is a snort signature for it now.
Original Message
Subject: [Emerging-Sigs] SIG: SpamAssassin Milter Plugin Remote
Arbitrary Command Injection Attempt
Date: Mon, 8 Mar 2010 13:03:52 +
From:
This is slightly confusing. SA does use zen by default, but zen is an
aggregate blacklist, and the tests are broken up into its pieces:
RCVD_IN_PBL
RCVD_IN_XBL
RCVD_IN_SBL
On 03/08, Dhaval Soni wrote:
>Dear All,
>
>I want to use [1]zen.spamhous.org for spam check. So we need to do entry
On Sun, Mar 7, 2010 at 10:26 PM, LuKreme wrote:
> On 7-Mar-2010, at 10:08, LuKreme wrote:
> On 7-Mar-2010, at 08:31, Royce Williams wrote:
>>
>>> Semi-OT, but portsnap(8) makes fetching the ports indexes no longer
>>> necessary.
>
>> I'd never heard of it, but am reading the man page now. Sounds g
Adam Katz wrote:
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
LuKreme wrote:
That won't catch
http://www.spammer.example.com/.../hidden-malware.asf, it will only
catch the relative url form "../path/to/content" which SA improperly
prefaces with "http://";
uri URI_HID
Rops wrote:
> How to find out if some mail server is blacklisted and where?
> Is there any central database for queries from all different blacklists?
> Also IP based search is required and data when and why.
>
I've been using this one:
http://www.mxtoolbox.com/blacklists.aspx
I'm not sure wh
Hi
On Mon, Mar 8, 2010 at 11:01 AM, Brian
wrote:
> On Mon, 2010-03-08 at 10:51 +0100, Mikael Syska wrote:
>> Hi,
>>
>> Then something is broken at your end ...
>>
>> I see 4 icons ... timeout, listed, non-listed and offline.
>>
>> Or am I missing your point here ?
>
> *HINT* Are you colour blind
On Mon, 2010-03-08 at 12:41 +, Mike Cardwell wrote:
> On 08/03/2010 12:34, Brian wrote:
>
> > Is zen.spamhous.org new? Personally I'd check your spelling ;-)
>
> m...@haven:~$ host 1.0.0.127.zen.spamhous.org
> 1.0.0.127.zen.spamhous.org A 208.73.210.27
> m...@haven:~$ host 1.2.3.4.
On 08/03/2010 12:34, Brian wrote:
Is zen.spamhous.org new? Personally I'd check your spelling ;-)
m...@haven:~$ host 1.0.0.127.zen.spamhous.org
1.0.0.127.zen.spamhous.org A 208.73.210.27
m...@haven:~$ host 1.2.3.4.zen.spamhous.org
1.2.3.4.zen.spamhous.orgA 208.73.210.2
Is zen.spamhous.org new? Personally I'd check your spelling ;-)
Dhaval Soni wrote on Mon, 8 Mar 2010 16:59:20 +0530:
> Dhaval Soni
>From this and your other message on this list I gather that you didn't
read any documentation. So, please go and read documentation. There are
also many tutorials on the web on using SA.
I also deduce from "spam.lists.conf" tha
--- On Mon, 3/8/10, nehaya Mohammad wrote:
From: nehaya Mohammad
Subject: spam filter using spamassassin mails
To: mailus...@spamassassin.apache.org
Date: Monday, March 8, 2010, 10:23 AM
Dear sir,
I hope you doing fine.
I'm a graduate student at University of Jordan and I'm doing
On Mon, 2010-03-08 at 10:51 +0100, Mikael Syska wrote:
> Hi,
>
> Then something is broken at your end ...
>
> I see 4 icons ... timeout, listed, non-listed and offline.
>
> Or am I missing your point here ?
*HINT* Are you colour blind or normal sighted?
On Mon, 2010-03-08 at 16:59 +0530, Dhaval Soni wrote:
> Dear All,
>
> I want to use zen.spamhous.org for spam check. So we need to do entry
SA ships with Spamhaus ZEN enabled by default.
> in spam.lists.conf file. But do we need to mention score for it? If
> yes, where to do it?
That's not a SA
On 2010-03-08 12:29, Dhaval Soni wrote:
Dear All,
I want to use zen.spamhous.org for spam check. So we need to do entry in
spam.lists.conf file. But do we need to mention score for it? If yes, where
to do it?
spam.lists.conf is not part of Spamassassin (sounds like MailScanner)
Pls see:
http:
Dear All,
I want to use zen.spamhous.org for spam check. So we need to do entry in
spam.lists.conf file. But do we need to mention score for it? If yes, where
to do it?
Thanks in advance,
--
Kind regards,
Dhaval Soni
Red Hat Certified Architect
RHCE No: 804007900325939
Cell: +91-966 20 29 620
On 2010-03-08 1:24, Rops wrote:
Hello
I'm trying to figure out why some emails get lost, which most likely is due
to emails killed by ISP spam filter due to high spam score these lost email
have.
How to find out if some mail server is blacklisted and where?
Is there any central database for que
On 08/03/2010 00:24, Rops wrote:
I'm trying to figure out why some emails get lost, which most likely is due
to emails killed by ISP spam filter due to high spam score these lost email
have.
How to find out if some mail server is blacklisted and where?
Is there any central database for queries
Hi,
Then something is broken at your end ...
I see 4 icons ... timeout, listed, non-listed and offline.
Or am I missing your point here ?
mvh
On Mon, Mar 8, 2010 at 9:02 AM, Stanier, Alan M wrote:
> That would be a very useful site, except that it shows the results as
> colour-coded icons,
Do you think it would make sense to introduce options for scanning
"headers only" in big messages?
I have received recently a new (small) wave of big spams.
--
[pl>en: Andrew] Andrzej Adam Filip : a...@onet.eu
There is nothing new except what has been forgotten.
-- Marie Antoinette
That would be a very useful site, except that it shows the results as
colour-coded icons, and I see the listed and not-listed icons as identical.
-Original Message-
From: Mikael Syska [mailto:mik...@syska.dk]
Sent: 08 March 2010 01:56
To: users@spamassassin.apache.org
Subject: Re: How to
39 matches
Mail list logo
