On Mon, 2010-07-12 at 00:52 +0100, Ned Slider wrote:
> On 12/07/10 00:37, Michelle Konzack wrote:
> > > For me, that would be caught by dbl.spamhaus.org as a blacklisted
> > > sender domain during the smtp connection.
> >
> > Is this not included in?
>
> No, it's a separate list purely for domains
On 12/07/10 00:37, Michelle Konzack wrote:
Hello Ned Slider,
Am 2010-07-11 23:38:50, hacktest Du folgendes herunter:
For me, that would be caught by dbl.spamhaus.org as a blacklisted
sender domain during the smtp connection.
Is this not included in?
No, it's a separate list purely for doma
On Mon, 2010-07-12 at 01:37 +0200, Michelle Konzack wrote:
> > For me, that would be caught by dbl.spamhaus.org as a blacklisted
> > sender domain during the smtp connection.
>
> Is this not included in ?
ZEN lists the handing-over IP (XBL, PBL) or any Received IP for deep-
parsing (SBL). This is
Hello Ned Slider,
Am 2010-07-11 23:38:50, hacktest Du folgendes herunter:
> For me, that would be caught by dbl.spamhaus.org as a blacklisted
> sender domain during the smtp connection.
Is this not included in ?
> $ nslookup perezcentral.com.dbl.spamhaus.org
>
> Non-authoritative answer:
> Name
On Sun, 2010-07-11 at 18:22 -0500, Dave Funk wrote:
> Rough first pass SA rule:
>
> header T_FROM_CRAP1 From:addr =~ /[`\^:\]\[,?/"]/
^ ^ ^
Breaks. You either need to backslash escape the slash inside the RE, or
use alternative match-operator del
On Mon, 12 Jul 2010, Michelle Konzack wrote:
[ STDIN ]---
From coupond...@perezcentral.com Sun Jul 11 17:21:41 2010
Return-Path:
Delivered-To: linux4miche...@tamay-dogan.net
Received: from erona.perezcentral.com (erona.perezcentral.com
On Mon, 2010-07-12 at 00:06 +0200, Michelle Konzack wrote:
> > On Sun, 11 Jul 2010, Karsten Bräckelmann wrote:
> > > What about providing some raw From: headers then?
> From coupond...@perezcentral.com Sun Jul 11 17:21:41 2010
> Return-Path:
Err, didn't you say you don't have the Envelope From,
On Sun, 2010-07-11 at 23:59 +0200, Michelle Konzack wrote:
> > On Sun, 11 Jul 2010, Karsten Bräckelmann wrote:
> > > What about providing some raw From: headers then?
> Cut the serialnumber at the beginning up to the first : and you have it.
> The From: E-Mails are exactly as shown.
Nope.
They a
On 11/07/10 23:06, Michelle Konzack wrote:
Hello John Hardin,
Am 2010-07-11 08:57:39, hacktest Du folgendes herunter:
On Sun, 11 Jul 2010, Karsten Br�ckelmann wrote:
What about providing some raw From: headers then?
+1 We need to see the headers.
[ STDIN ]--
Hello John Hardin,
Am 2010-07-11 08:57:39, hacktest Du folgendes herunter:
> On Sun, 11 Jul 2010, Karsten Br�ckelmann wrote:
> >What about providing some raw From: headers then?
> +1 We need to see the headers.
[ STDIN ]---
From coupond
Hello John Hardin,
Am 2010-07-11 08:57:39, hacktest Du folgendes herunter:
> On Sun, 11 Jul 2010, Karsten Br�ckelmann wrote:
> >What about providing some raw From: headers then?
> +1 We need to see the headers.
Cut the serialnumber at the beginning up to the first : and you have it.
The From: E-
On Sun, 2010-07-11 at 19:50 +0200, Benny Pedersen wrote:
> On søn 11 jul 2010 17:38:33 CEST, Karsten Bräckelmann wrote
> > Anyway. The distinction between spam and phish was not my point. Neither
> > was it, whether "spammed URI" clamav third-party signatures match on
> > them just like URIBL and
On søn 11 jul 2010 17:38:33 CEST, Karsten Bräckelmann wrote
No malware payload. Not a virus. One's a phish, though. Let me guess,
clamav third-party signatures triggered on the URIs for you?
using safebrowsing sigs from google
Anyway. The distinction between spam and phish was not my point.
On Sun, 2010-07-11 at 19:57 +0300, Jari Fredriksson wrote:
> On 11.7.2010 5:40, Chris wrote:
> > I upgraded to Mandriva 2010.1 yesterday. I was already running SA 3.3.0
> > and AFAICT that didn't change. What did change are log entries. I'm now
> > seeing entries like this:
> >
> > rhost=localhost
On 11.7.2010 5:40, Chris wrote:
> I upgraded to Mandriva 2010.1 yesterday. I was already running SA 3.3.0
> and AFAICT that didn't change. What did change are log entries. I'm now
> seeing entries like this:
>
> rhost=localhost,raddr=127.0.0.1,
> rport=/home/chris/.evolution/cache/tmp/spamd-socket
On Sun, 11 Jul 2010, Karsten Br?ckelmann wrote:
On Sun, 2010-07-11 at 17:35 +0200, Michelle Konzack wrote:
Didn't have sufficient caffeine yet, and I am too lazy to go through
that procmail logic in detail -- but looking at the samples, you want to
identify junk chars in the From: header?
Yes
On Sun, 2010-07-11 at 17:35 +0200, Michelle Konzack wrote:
> > Didn't have sufficient caffeine yet, and I am too lazy to go through
> > that procmail logic in detail -- but looking at the samples, you want to
> > identify junk chars in the From: header?
>
> Yes
>
> > Well, what about a header Fro
On Sun, 2010-07-11 at 17:17 +0200, Benny Pedersen wrote:
> On søn 11 jul 2010 17:04:02 CEST, Karsten Bräckelmann wrote
>
> > Uhm, dude!? I hope that was an accidental address auto-completion. Do
> > NOT send spam samples to the list.
>
> spam?, here clamav see it as virus
Yes, spam. If the incl
Hello Karsten Bräckelmann,
Am 2010-07-11 16:21:49, hacktest Du folgendes herunter:
> Didn't have sufficient caffeine yet, and I am too lazy to go through
> that procmail logic in detail -- but looking at the samples, you want to
> identify junk chars in the From: header?
Yes
> Well, what about a
On søn 11 jul 2010 17:04:02 CEST, Karsten Bräckelmann wrote
Uhm, dude!? I hope that was an accidental address auto-completion. Do
NOT send spam samples to the list.
spam?, here clamav see it as virus
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
On Sun, 2010-07-11 at 15:53 +0100, Cedric Knight wrote:
[nothing but 3 spam samples attached]
Uhm, dude!? I hope that was an accidental address auto-completion. Do
NOT send spam samples to the list.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h
On Sun, 2010-07-11 at 12:49 +0200, Michelle Konzack wrote:
> Hello Experts,
>
> since arround 9 weeks I become bombed on my E-Mails and
> by crappy From: spams. Here some examples from my
> log:
[garbled address samples snipped]
> but I want to do the scanning in spamassassin.
>
> Any sugg
Hello Experts,
since arround 9 weeks I become bombed on my E-Mails and
by crappy From: spams. Here some examples from my
log:
[ '~/.tdtools-procmail/FLT_weird_From.hits' ]---
1275237458:DirectBuylW[P^h4TWXMQ_OOQUI W_:xsrsp7...@urimpute.com>
1275237639:DirectBuylW[P^h
23 matches
Mail list logo
