On Fri, 2011-03-18 at 23:28 -0700, Marc Perkel wrote:
> Upgraded from Fedora 12 to Fedora 14 and getting this error message:
>
> /usr/bin/perl: symbol lookup error:
> /usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi/auto/Term/ReadKey/ReadKey.so:
>
> undefined symbol: Perl_pad_s
On Fri, 2011-03-18 at 23:26 -0700, Marc Perkel wrote:
> On 3/18/2011 11:19 PM, Karsten Bräckelmann wrote:
> > Doesn't seem like a SA error message. Where exactly do you get that, and
> > what is the *full* log line?
>
> I figured it out. I had 2 problems. Those messages were caused by monit
Yea
Upgraded from Fedora 12 to Fedora 14 and getting this error message:
/usr/bin/perl: symbol lookup error:
/usr/local/lib64/perl5/site_perl/5.10.0/x86_64-linux-thread-multi/auto/Term/ReadKey/ReadKey.so:
undefined symbol: Perl_pad_sv
when running sa-compile or spamassassin
--
Marc Perkel - Sale
On 3/18/2011 11:19 PM, Karsten Bräckelmann wrote:
On Fri, 2011-03-18 at 22:52 -0700, Marc Perkel wrote:
Just upgrading from Fedora 12 to Fedora 14 and when I run Spamassassin
(spamd) I get this:
spamd: accept failed: Transport endpoint is not connected at
/usr/bin/spamd line 1212
$ grep -rl
On Fri, 2011-03-18 at 22:52 -0700, Marc Perkel wrote:
> Just upgrading from Fedora 12 to Fedora 14 and when I run Spamassassin
> (spamd) I get this:
>
> spamd: accept failed: Transport endpoint is not connected at
> /usr/bin/spamd line 1212
$ grep -rl 'Transport endpoint' . | wc -l
0
> What am
Just upgrading from Fedora 12 to Fedora 14 and when I run Spamassassin
(spamd) I get this:
spamd: accept failed: Transport endpoint is not connected at
/usr/bin/spamd line 1212
What am I doing wrong? Thanks in advance for your help.
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
> Subject: Re: SA and Spear Phishing
> From: guent...@rudersport.de
> To: users@spamassassin.apache.org
> Date: Sat, 19 Mar 2011 06:02:31 +0100
> []
> As I mentioned earlier, spear phishing (which are highly targeted) will
> not have a hard time evadi
On 2011/03/18 21:16, Karsten Bräckelmann wrote:
On Fri, 2011-03-18 at 20:58 -0700, jdow wrote:
Other obvious information to be filtered would include SSNs. For
privacy reasons filter for numbers that look like SSNs, reflect to
user with a were you sure wrapper, and if the user responds yes send
On Fri, 2011-03-18 at 20:47 -0700, jdow wrote:
> Actually it might not be all that hard. Tweak some specific rule matches
> that indicate a high probability of phishing or spearfishing to be
> artificially high numbers. That will at least get them labeled as spam.
This is a per-site approach only.
On Fri, 2011-03-18 at 19:59 -0700, John Hardin wrote:
> On Sat, 19 Mar 2011, Karsten Bräckelmann wrote:
> > Did we just drop the spear, and downgrade to general phishing?
>
> For the purposes of my phishing rules project, yes.
Oh, right -- sorry, previously saw this in the context of *targeted*
s
On Fri, 2011-03-18 at 20:58 -0700, jdow wrote:
> On 2011/03/18 19:08, Karsten Bräckelmann wrote:
> > Or, tell your users to *never* write down their password or any other
> > account details in mail -- by policy, violation warrants getting fired
> > next day.
>
> Bingo, you've hit on an outgoing a
> Date: Fri, 18 Mar 2011 20:42:25 -0700
> From: j...@earthlink.net
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
>
> Now, I bet SpamAssassin could be run "twice", one with the standard setup
> and the second one with extremely t
On 2011/03/18 21:05, Karsten Bräckelmann wrote:
On Fri, 2011-03-18 at 20:25 -0700, jdow wrote:
Interesting: (I think you have bigger problems than mere spear-phishing.
1.6 RCVD_IN_NJABL_PROXYRBL: NJABL: sender is an open proxy
[64p79p213p206 listed in comb
On Fri, 2011-03-18 at 20:25 -0700, jdow wrote:
> Interesting: (I think you have bigger problems than mere spear-phishing.
> > 1.6 RCVD_IN_NJABL_PROXYRBL: NJABL: sender is an open proxy
> > [64p79p213p206 listed in combined.njabl.org]
> > 0.8 RCVD_IN_SORBS_SOCKS
On 2011/03/18 18:38, John Hardin wrote:
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next project, and that even a well
trained naive bayes filter might not detect it. let's be on touch on
this matter then. Any progress or collaboration is highly welcomed on
my side
On 2011/03/18 18:33, Hamad Ali wrote:
Subject: Re: SA and Spear Phishing
From: guent...@rudersport.de
To: users@spamassassin.apache.org
Date: Sat, 19 Mar 2011 02:02:35 +0100
(a) Never hand out your password. Less so in mail. No administrator ever
will as
(My reply to the direct copy)
On 2011/03/18 17:38, Hamad Ali wrote:
Interesting: (I think you have bigger problems than mere spear-phishing.
> Spam detection software, running on the system "morticia.wizardess.wiz", has
> identified this incoming email as possible spam. The original message
On Sat, 19 Mar 2011, Karsten Br?ckelmann wrote:
On Sat, 2011-03-19 at 05:47 +0400, Hamad Ali wrote:
- John Hardin said: Phishing is his next project,
Have you considered the public SA ham/spam corpus,
and monkey.org/~jose phishing corpus?
Did we just drop the spear, and downgrade to genera
On Sat, 19 Mar 2011, Hamad Ali wrote:
Date: Fri, 18 Mar 2011 18:38:44 -0700
From: jhar...@impsec.org
To: users@spamassassin.apache.org
Subject: Re: SA and Spear Phishing
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next pr
On Sat, 2011-03-19 at 05:47 +0400, Hamad Ali wrote:
> > > - John Hardin said: Phishing is his next project, and that even a well
> > > trained naive bayes filter might not detect it. let's be on touch on
> > > this matter then. Any progress or collaboration is highly welcomed on
> > > my side
On Sat, 2011-03-19 at 05:33 +0400, Hamad Ali wrote:
> I think we have been always yelling that our users are stupid and blah,
> and the reality still shows that users (which we hope to be educated)
> are still the weakest element in the security chain. Some people still
> focus on user training pro
> Date: Fri, 18 Mar 2011 18:38:44 -0700
> From: jhar...@impsec.org
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
>
> On Thu, 17 Mar 2011, Hamad Ali wrote:
>
> > - John Hardin said: Phishing is his next project, and that even a wel
> Date: Fri, 18 Mar 2011 21:20:53 -0400
> From: d...@roaringpenguin.com
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
>
> Spear phishing is inherently hard to detect because it's carefully
> crafted for a small set of victims. W
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next project, and that even a well
trained naive bayes filter might not detect it. let's be on touch on
this matter then. Any progress or collaboration is highly welcomed on
my side
About the only thing I need fro
> Subject: Re: SA and Spear Phishing
> From: guent...@rudersport.de
> To: users@spamassassin.apache.org
> Date: Sat, 19 Mar 2011 02:02:35 +0100
> (a) Never hand out your password. Less so in mail. No administrator ever
> will ask for the user's password.
>
On 3/18/2011 5:08 PM, Michelle Konzack wrote:
Hello Bill Landry,
Am 2011-03-18 15:11:47, hacktest Du folgendes herunter:
No wonder I have seen such a huge drop in spam the past few days:
??? I get 18-26 mio spams (36 servers with 96.000 users) per day and
nothing has changed. Please read
> So when it comes to spear phish, in my view, a big question mark
> arises to indicate that its risk is simply "unknow" to mankind. This
> is unknown in the public domain as far as I know, which is why I
> posted this mail to see if any of you see any spear phish within the
> load of SPAM you dete
On Sat, 2011-03-19 at 04:38 +0400, Hamad Ali wrote:
> > [...] The human mind can be a better filter against
> > such spam than any result of mass checks.
> One of the challenges behind spear phishing is that there is no single
> performance evaluation against it. And this inlcludes user-training
> Date: Fri, 18 Mar 2011 16:06:15 -0700
> From: j...@earthlink.net
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
> And for well targeted spearfishing, he's still stuck because nothing
> distinguishes it from his normal mail flow other than "unknown sender"
> or DNS ch
On Sat, 2011-03-19 at 01:08 +0100, Michelle Konzack wrote:
> > No wonder I have seen such a huge drop in spam the past few days:
>
> ??? I get 18-26 mio spams (36 servers with 96.000 users) per day and
> nothing has changed. Please read the news (not only one) more carefully
See the CBL repo
Hello David F. Skoll,
Am 2011-03-18 20:12:01, hacktest Du folgendes herunter:
> I also haven't noticed much difference.
...and fortunately I use to block on SMTP level! More
then 70% of the spams are blocked here. Spamassasin on USER level stop
arround 25%... The rest are own filters.
Thanks
On Sat, 19 Mar 2011 01:08:42 +0100
Michelle Konzack wrote:
> No, because there are ore then one Botnet of this size now...
I also haven't noticed much difference.
Regards,
David.
Hello Bill Landry,
Am 2011-03-18 15:11:47, hacktest Du folgendes herunter:
> No wonder I have seen such a huge drop in spam the past few days:
??? I get 18-26 mio spams (36 servers with 96.000 users) per day and
nothing has changed. Please read the news (not only one) more carefully
> http:
On Fri, 2011-03-18 at 15:39 -0700, jdow wrote:
> > You replied to a previous thread by creating a new thread. And that's
> > pissing people off.
>
> Some may figure a person too dumb to use "reply" rather than creating
> a new email is too hopeless to try to work with. Is he worth the energy
> to
On 2011/03/18 15:48, dar...@chaosreigns.com wrote:
On 03/18, jdow wrote:
As far as trust for mass checks "Hamad Ali" would have to trust the
custodians of the mass check data with the raw email stream data he
submits.
No, participating in mass checks does not require sending in all your raw
ma
On 03/18, jdow wrote:
> As far as trust for mass checks "Hamad Ali" would have to trust the
> custodians of the mass check data with the raw email stream data he
> submits.
No, participating in mass checks does not require sending in all your raw
mail. It's nice when people do, but I believe most
On 2011/03/17 13:28, dar...@chaosreigns.com wrote:
On 03/18, Hamad Ali wrote:
> No. Michael doesn't want to help you and Karsten doesn't want you to
> participate in mass-checks because of your behavior on this list.
Are you referring to ban on masschecks, or ban on receiving any s
No wonder I have seen such a huge drop in spam the past few days:
http://timesofindia.indiatimes.com/tech/enterprise-it/security/Microsoft-brings-down-major-fake-drug-spam-network/articleshow/7734903.cms
Anyone else been noticing the decrease in spam?
Bill
From: Hamad Ali
Date: Sat, 19 Mar 2011 00:46:08 +0400
## back on topic ##
Anyway, I would highly appreciate any help on spear phishing. A solution, a
guess, or just if you know whether you get spear phish at all is good
information for me (I started to think that 99% of mail admi
On Sat, 2011-03-19 at 00:46 +0400, Hamad Ali wrote:
> > Oh, well, the freemail address again is mostly unrelated to discussions
> > on this list -- though yeah, while hiding behind that address is not a
> > show-stopper, using your real address (especially if you provide mail
> > services) might he
> Subject: Re: SA and Spear Phishing
> From: guent...@rudersport.de
> To: users@spamassassin.apache.org
> Date: Thu, 17 Mar 2011 21:38:19 +0100
>
> Oh, well, the freemail address again is mostly unrelated to discussions
> on this list -- though yeah, while hiding behind that address is not a
> sho
> > when local dns server is working there must only be one single nameserver
> > in resolv.conf and options rotate nust not be enabled
>
On Friday March 18 2011 04:04:23 Karsten Bräckelmann wrote:
> In the SA case, due to some issues with the underlying DNS Perl module,
> IIRC the "first nameserv
On Fri, 18 Mar 2011 04:22:40 +0100, Karsten Bräckelmann
wrote:
>On Thu, 2011-03-17 at 12:58 +, Nigel Frankcom wrote:
>> Unrelated but reminded me I hadn't posted a thanks to all those that
>> responded about the sa-update rules. That's partly because I'm
>> awaiting permission from clients to
On Thu, 2011-03-17 at 23:21 -0700, phuong hanu wrote:
> actually, that's not the pb with mySQL command. i just wanna suggestion abt
> the script that can extract info from email header in my email db to create
> a list (whitelist) for future purpose.
>
IMO doing what you are asking about is asking
OK, I have a 'honeypot' email address that is collecting spam.
the bayes mentioning local.cf settings (SA 3.3.1) are:
use_bayes 1
bayes_auto_learn 1
bayes_store_module Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsn DBI:mysql:bayes:localhost:3306
bayes_sql_username user
bayes_sql_password *pas
45 matches
Mail list logo
