On 3/22/2011 1:16 PM, Mark Chaney wrote:
Ever notice that a lot of spam seems to have your username in
their from address? Such as an email sent TO b...@domain.com is
FROM blah...@anotherdomain.com (notice 'blah' included in the
from address).
On 3/22/2011 2:31 PM, Adam Katz wr
On 3/23/11 5:10 PM, Karsten Bräckelmann wrote:
Michael, I don't think I could follow you. Did you say that these
"identical" systems do have different rules?
there might be some slight differences in local.cf. thats it.
this one is very strange.
offlist if you want more details...
--
Michael
On Wed, 2011-03-23 at 11:08 -1000, Warren Togami Jr. wrote:
> On 3/23/2011 10:58 AM, Karsten Bräckelmann wrote:
> > Ugh, nasty boy. ;) You do realize they wouldn't be hammering the SEM
> > DNS servers, if testrules wouldn't have slipped out accidentally -- by
> > sa-update.
> >
> > Personally, I'
On Mon, 2011-03-21 at 05:33 -0400, Michael Scheidell wrote:
> 32 systems, exactly the same cpu, step software. only minor differences
> would be.. well, not even the exact set of rules. but can re2c randomly
> compile something different depending on internal cpu cache?
>
> only two of them had
On 3/23/2011 10:58 AM, Karsten Bräckelmann wrote:
On Wed, 2011-03-23 at 10:18 -1000, Warren Togami Jr. wrote:
On 3/23/2011 7:38 AM, Blaine Fleming wrote:
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. [...]
As soon as the bug was reported on the dev lis
On Wed, 2011-03-23 at 10:18 -1000, Warren Togami Jr. wrote:
> On 3/23/2011 7:38 AM, Blaine Fleming wrote:
> > > In the recent sa-updates, the Spam Eating Monkey rules were
> > > inappropriately enabled. [...]
> > As soon as the bug was reported on the dev list I disabled the
> > 127.0.0.255 respo
On 3/23/2011 7:38 AM, Blaine Fleming wrote:
On 3/23/2011 9:56 AM, dar...@chaosreigns.com wrote:
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. If you hit them too much, they start returning
100% false positives. Their listed limits are "more than 100,000 q
On 23/03/2011 4:36 PM, Adam Katz wrote:
On 03/23/2011 11:43 AM, Matus UHLAR - fantomas wrote:
On 03/21/2011 09:37 AM, Matus UHLAR - fantomas wrote:
Does anyone successfully use plugin or at least rules that
catch fake URLs?
On 21.03.11 13:36, Adam Katz wrote:
__SPOOFED_URL, a rule already shi
On 03/23/2011 11:43 AM, Matus UHLAR - fantomas wrote:
>> On 03/21/2011 09:37 AM, Matus UHLAR - fantomas wrote:
> Does anyone successfully use plugin or at least rules that
> catch fake URLs?
> On 21.03.11 13:36, Adam Katz wrote:
>> __SPOOFED_URL, a rule already shipping with SA, does this.
On 3/23/11 2:50 PM, Matus UHLAR - fantomas wrote:
On 3/23/11 2:43 PM, Matus UHLAR - fantomas wrote:
I know about the problem with "legal" mail and spoofed URL's. That's why I
asked about plugin that would be able to accept whitelists.
I don't see if it's possible to combine this with matching s
> On 3/23/11 2:43 PM, Matus UHLAR - fantomas wrote:
>> I know about the problem with "legal" mail and spoofed URL's. That's why I
>> asked about plugin that would be able to accept whitelists.
>>
>> I don't see if it's possible to combine this with matching some domains
>> while not matching others
On 3/23/11 2:43 PM, Matus UHLAR - fantomas wrote:
I know about the problem with "legal" mail and spoofed URL's. That's why I
asked about plugin that would be able to accept whitelists.
I don't see if it's possible to combine this with matching some domains
while not matching others, e.g. allow
> On 03/21/2011 09:37 AM, Matus UHLAR - fantomas wrote:
> >>> Does anyone successfully use plugin or at least rules that catch
> >>> fake URLs?
>
> > I mean URLs pointing to different address than they appear, like:
> >
> > http://webmail.example.com/
On 21.03.11 13:36, Adam Katz wrote:
> No plu
On Wed, 23 Mar 2011 11:56:25 -0400
dar...@chaosreigns.com wrote:
> In the recent sa-updates, the Spam Eating Monkey rules were
> inappropriately enabled. If you hit them too much, they start
> returning 100% false positives.
On the bright side, anyone getting 100% false positives on any test ha
On 03/23, Blaine Fleming wrote:
> As soon as the bug was reported on the dev list I disabled the
> 127.0.0.255 response code to avoid any additional issues. I will be
That was very kind of you.
> 3AM. Personally, I don't think it is unreasonable to start returning
> this response code for someo
On 3/23/2011 9:56 AM, dar...@chaosreigns.com wrote:
> In the recent sa-updates, the Spam Eating Monkey rules were
> inappropriately enabled. If you hit them too much, they start returning
> 100% false positives. Their listed limits are "more than 100,000 queries
> per day or more than 5 queries p
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. If you hit them too much, they start returning
100% false positives. Their listed limits are "more than 100,000 queries
per day or more than 5 queries per second for more than a few minutes".
To disable them, ad
On 23 Mar 2011, at 08:09, Dave Funk wrote:
> On Tue, 22 Mar 2011, jon1234 wrote:
>
>>
>>
>>> From where do they get that bounce message? From a host internal to your
>>> network or from hosts out on the Internet?
>>
>> The bounce message is only when they send certain domains that are externa
On Tue, 22 Mar 2011, jon1234 wrote:
From where do they get that bounce message? From a host internal to your
network or from hosts out on the Internet?
The bounce message is only when they send certain domains that are external
to our network.
If that's coming from an internal MTA, I'd s
19 matches
Mail list logo
