On 1/5/2011 5:11 PM, Mark Martinec wrote:
Combining p0f with BOTNET is indended to *reduce* the high number
of false positives that BOTNET alone produces, *at least* for the
non-windows machines. The windows hosts are left alone and are
not protected by p0f from BOTNET FP.
If someone is scoring
Michael Scheidell wrote:
> put all of your local ip addresses in internal_networks.
> you will avoid unnecessary rbl lookups, spf failures and it should set a
> ALL_TRUSTED flag also.
Bingo, that's the clue I needed. Thank you very much.
Sorry it didn't dawn on me to read the .cf file carefully
On Wed, 2011-01-05 at 16:29 -1000, Warren Togami Jr. wrote:
> Can anyone think of custom rules or old sites that continue to be
> online, misleading people into believing that they should be using
> some custom rule or plugin that is no longer effective or safe?
Gazillions of 'em. A hell of a lot
Can anyone think of custom rules or old sites that continue to be online,
misleading people into believing that they should be using some custom rule
or plugin that is no longer effective or safe? The former SARE repo was
the only one that I know about, but there are apparently others.
http://ww
On Wed, 2011-01-05 at 16:29 -0800, Frank Chan wrote:
> I noticed recently (within the past two months) I'm getting this
> error message from spamassassin. Here is line from the maillog:
>
> Jan 5 15:07:40 s1 spamd[21160]: check: exceeded time limit in
> Mail::SpamAssassin::Plugin::Check::_rawbo
Combining p0f with BOTNET is indended to *reduce* the high number
of false positives that BOTNET alone produces, *at least* for the
non-windows machines. The windows hosts are left alone and are
not protected by p0f from BOTNET FP.
If someone is scoring p0f in combination with BOTNET differently,
On 05/01/2011 8:38 PM, RW wrote:
Aside from BOTNET_WIN the p0f rules are low-scoring and add-up to zero.
Since BOTNETS are 100% Windows it doesn't seem unreasonable to use p0f
in a metarule. However, you might want to look into this inconsistency:
You are right about the overlapping and one rule
Hello,
I noticed recently (within the past two months) I'm getting this
error message from spamassassin. Here is line from the maillog:
Jan 5 15:07:40 s1 spamd[21160]: check: exceeded time limit in
Mail::SpamAssassin::Plugin::Check::_rawbody_tests_0, skipping further
tests
I have set spamd
On Wed, 05 Jan 2011 18:40:41 -0330
"Lawrence @ Rogers" wrote:
> I would suspect that you are using non-standard rules. What's most
> concerning is the old p0f rules that are looking for Windows XP. That
> is dangerous and a bad thing to use as a rule (the OS of the sender).
Aside from BOTNET_W
On Thu, 2011-01-06 at 00:27 +0100, mouss wrote:
> Le 05/01/2011 02:15, Karsten Bräckelmann a écrit :
> > On Tue, 2011-01-04 at 00:58 +0100, mouss wrote:
> > > Recipient unknown: 5318 ( 73.85 %)
> > > DNSBL zen.spamhaus.org...: 816 ( 11.33 %)
> >
> > This alone tells some
Le 05/01/2011 17:00, Rob McEwen a écrit :
> On 1/3/2011 6:58 PM, mouss wrote:
>> as you can see, all DNSBLs but spamhaus are more or less useless.
>
> Mouss,
>
> [ignoring content filtering for a moment... per the original poster's
> request]
>
> If one DNSBL removed 90% of all spams, and that m
On Thu, 2011-01-06 at 00:27 +0100, mouss wrote:
>
> My understanding was that OP asked about smtp time rejections.
> obviously, this won't check received headers, nor junk from yahoo/gmail/...
>
milter-regex
signature.asc
Description: This is a digitally signed message part
Le 05/01/2011 02:15, Karsten Bräckelmann a écrit :
> On Tue, 2011-01-04 at 00:58 +0100, mouss wrote:
>> Le 03/01/2011 13:28, Jari Fredriksson a écrit :
>>>
>>> I want to secure a postfix site with rbls, no spamassassin at this
>>> moment. (I use SpamAssassin on other sites, and no RBLs at SMTP time
On 01/05/2011 01:13 PM, John Hardin wrote:
On Wed, 5 Jan 2011, George Spelvin wrote:
The best way is to tell your glue layer not to pass
internal-to-internal
mails to SA in the first place.
What is your MTA (I'm assuming qmail) and how is SA hooked into it?
It's qmail (yes, I know; it REALLY
On 05/01/2011 6:22 PM, Michael Monnerie wrote:
Dear list,
I received this info from a customer, whose order confirmation from the
londontheatredirect.com got marked as spam because of BOTNET* rules. Are
those rules too old, or is that server in a botnet? How to find out?
Or which rules scores sh
On 1/5/11 4:52 PM, Michael Monnerie wrote:
server88-208-245-26.live-
servers.net
botnet is NOT an stock SA rule
plus, look at the silly DYNAMIC RULE LOOKING rdns.
fix rdns.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
*
On 01/06/2011 08:13 AM, John Hardin wrote:
>
> Ok, I'm not a qmail guru so somebody else will have to suggest how to
> prevent SA from scanning mail from internal IP addresses destined for
> local mailboxes.
>
Doing it at the MTA level using Qmail-Scanner would allow you to easily
not invoke SA on
Dear list,
I received this info from a customer, whose order confirmation from the
londontheatredirect.com got marked as spam because of BOTNET* rules. Are
those rules too old, or is that server in a botnet? How to find out?
Or which rules scores should I tune to optimize?
-- Forwarde
On Wed, 5 Jan 2011, George Spelvin wrote:
The best way is to tell your glue layer not to pass internal-to-internal
mails to SA in the first place.
What is your MTA (I'm assuming qmail) and how is SA hooked into it?
It's qmail (yes, I know; it REALLY should be replaced...), and SA
is hooked in
On Wed, 2011-01-05 at 12:14 -0500, George Spelvin wrote:
> > The best way is to tell your glue layer not to pass internal-to-internal
> > mails to SA in the first place.
> What confuses me about your suggestion is that it's basically
> a filtering rule, so I wonder why I can't use SA to do it...
> The best way is to tell your glue layer not to pass internal-to-internal
> mails to SA in the first place.
>
> What is your MTA (I'm assuming qmail) and how is SA hooked into it?
It's qmail (yes, I know; it REALLY should be replaced...), and SA
is hooked in via the .qmail delivery file. So it
On 1/4/2011 11:14 AM, David F. Skoll wrote:
> On Tue, 04 Jan 2011 11:01:52 -0500
> Rob McEwen wrote
>> I've thought this through and... best case scenario is that spammers
>> then get 5+ years of play time because it will take at least that time
>> for those other techniques to catch up.
> Umm.. n
On Wed, 2011-01-05 at 15:54 +0400, selven wrote:
> a surbl analysis of [...] does give me [...] is on SURBL lists: PH,
> but for some reasons the score so far is still 2.943, any clue?
>
> part of my /usr/local/etc/mail/spamassassin/local.cf
>
> my custom score:
[ custom rules for URIBL_(BLACK|
On Wed, 2011-01-05 at 10:03 -0500, Michael Scheidell wrote:
> On 1/5/11 9:33 AM, George Spelvin wrote:
> > I'm having trouble with intracompany e-mail. When a Windows/Outlook user
> > sends mail to a local user, there is exactly one MX in the path.
> > Which is the office mail server.
> > Should
On Wed, 5 Jan 2011, George Spelvin wrote:
I'm having trouble with intracompany e-mail. When a Windows/Outlook user
sends mail to a local user, there is exactly one MX in the path.
Which is the office mail server.
Everything is wonderful until Spamassassin sees the short delivery path
and assig
On 1/3/2011 6:58 PM, mouss wrote:
> as you can see, all DNSBLs but spamhaus are more or less useless.
Mouss,
[ignoring content filtering for a moment... per the original poster's
request]
If one DNSBL removed 90% of all spams, and that made a users's spam go
from 100-per-day to 10-per-day, that
On ons 05 jan 2011 15:33:53 CET, George Spelvin wrote
I'm having trouble with intracompany e-mail. When a Windows/Outlook user
sends mail to a local user, there is exactly one MX in the path.
Which is the office mail server.
qmail did not add server sender ip
spamassassin says its dynamic sin
On 1/5/11 9:33 AM, George Spelvin wrote:
I'm having trouble with intracompany e-mail. When a Windows/Outlook user
sends mail to a local user, there is exactly one MX in the path.
Which is the office mail server.
Everything is wonderful until Spamassassin sees the short delivery path
and assigns
$3|v3n,
> Jan 5 12:39:34 spamassasin-test amavis[53483]: (53483-01) SA dbg: async:
> completed in 0.131 s: URI-DNSBL, DNSBL:dbl.spamhaus.org.:pornhunter.co.tv
> Jan 5 12:39:34 spamassasin-test amavis[53483]: (53483-01) SA dbg: async:
> completed in 0.128 s: URI-DNSBL, DNSBL:multi.surbl.org.:porn
I'm having trouble with intracompany e-mail. When a Windows/Outlook user
sends mail to a local user, there is exactly one MX in the path.
Which is the office mail server.
Everything is wonderful until Spamassassin sees the short delivery path
and assigns 2.8 points because of it, and a few other
On Sat, Jan 1, 2011 at 7:19 AM, Steve Freegard wrote:
> On 01/01/11 11:51, Warren Togami Jr. wrote:
>
> I'll help you start the process with a Bugzilla ticket. I also hope you
> could get it into some sort of public source control mechanism soon so we
> can see the changes that go into it befor
Jan 5 12:39:34 spamassasin-test amavis[53483]: (53483-01) SA dbg: async:
completed in 0.131 s: URI-DNSBL, DNSBL:dbl.spamhaus.org.:pornhunter.co.tv
Jan 5 12:39:34 spamassasin-test amavis[53483]: (53483-01) SA dbg: async:
completed in 0.128 s: URI-DNSBL, DNSBL:multi.surbl.org.:porncrazytube.info
Ja
32 matches
Mail list logo
