Re: US-CERT message FP

2017-05-08 Thread David B Funk
On Mon, 8 May 2017, Chris wrote: whitelist_auth *@*.us-cert.gov us-cert.gov This should be: whitelist_auth *@*.us-cert.gov I don't know why I keep putting the second entry in my 'my- whitelist.cf' file. I must have read it or something a long, long time ago in order to be doing this.  Poss

Re: US-CERT message FP

2017-05-08 Thread Chris
On Tue, 2017-05-09 at 01:13 +, David Jones wrote: > > > > From: Chris > > > > > David and others, thank you for the replies. I've lowered the score > > for > > Botnet down to 1.0, may go lower if it continues to cause problems > > or > > just get rid of it. I've added this to my whiteli

Re: US-CERT message FP

2017-05-08 Thread David Jones
>From: Chris   >David and others, thank you for the replies. I've lowered the score for >Botnet down to 1.0, may go lower if it continues to cause problems or >just get rid of it. I've added this to my whitelist.cf: >whitelist_auth *@*.us-cert.gov us-cert.gov This should be: whitelist_auth *

Re: US-CERT message FP

2017-05-08 Thread Chris
On Mon, 2017-05-08 at 18:44 -0500, David B Funk wrote: > On Mon, 8 May 2017, John Hardin wrote: > > > On Mon, 8 May 2017, Chris wrote: > > > >> I get various posts from US-CERT none so far have been tagged as > spam > >> until today. The raw message with the SA tags is here - https://pa > stebi >

Re: US-CERT message FP

2017-05-08 Thread David B Funk
On Mon, 8 May 2017, John Hardin wrote: On Mon, 8 May 2017, Chris wrote: I get various posts from US-CERT none so far have been tagged as spam until today. The raw message with the SA tags is here - https://pastebi n.com/f71A2FfW What it hit on was: pts rule name  description

Re: US-CERT message FP

2017-05-08 Thread David Jones
>From: John Hardin   >On Mon, 8 May 2017, Chris wrote: >> I get various posts from US-CERT none so far have been tagged as spam >> until today. The raw message with the SA tags is here - https://pastebi >> n.com/f71A2FfW What it hit on was: >> >> pts rule name  description >>

Re: US-CERT message FP

2017-05-08 Thread John Hardin
On Mon, 8 May 2017, John Hardin wrote: I'd suggest whitelist_from_auth might help more. gack. That should be "whitelist_auth", of course... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0x

Re: US-CERT message FP

2017-05-08 Thread John Hardin
On Mon, 8 May 2017, Chris wrote: I get various posts from US-CERT none so far have been tagged as spam until today. The raw message with the SA tags is here - https://pastebi n.com/f71A2FfW What it hit on was: pts rule name  description -- --

Re: US-CERT message FP

2017-05-08 Thread David Jones
From: Chris   >I get various posts from US-CERT none so far have been tagged as spam >until today. The raw message with the SA tags is here - https://pastebi >n.com/f71A2FfW What it hit on was: >I've added the address us-c...@ncas.us-cert.gov to the AWL and reran >the message through SA which

US-CERT message FP

2017-05-08 Thread Chris
I get various posts from US-CERT none so far have been tagged as spam until today. The raw message with the SA tags is here - https://pastebi n.com/f71A2FfW What it hit on was: pts rule name  description -- - - -0

Re: Strange audio spam

2017-05-08 Thread John Hardin
On Mon, 8 May 2017, Charles Sprickman wrote: I wonder if rather than spam, it’s trying to exploit something? I know that both on windows and mac, I’ve occasionally seen patches for native and third party players. I'd say that is a very likely scenario. Have you tried uploading the sound fil

Re: Strange audio spam

2017-05-08 Thread Charles Sprickman
I wonder if rather than spam, it’s trying to exploit something? I know that both on windows and mac, I’ve occasionally seen patches for native and third party players. Here’s an example from VLC: https://trac.videolan.org/vlc/ticket/15888 > On May

Re: Strange audio spam

2017-05-08 Thread Alex
Hi, On Mon, May 8, 2017 at 7:30 AM, David Jones wrote: > From: do...@mail.com > >>I received this very unusual email a few days ago. It (or another >>email), timed out my spamassassin check (which is a first). > >>I'm interested if this mail is legit, or if it's just a new trap. > >>> Return-Pat

Re: Forged yahoo FP

2017-05-08 Thread RW
On Sun, 07 May 2017 23:31:49 -0400 Lyle Evans wrote: > At 03:45 PM 5/7/2017, you wrote: > >Hi, > > > >Would someone help me confirm this is an FP for FORGED_YAHOO_RCVD? It > >does indeed go through yahoo, but his then passed through spamcow.com > >before passing through interwrx.com, then through

Re: Strange audio spam

2017-05-08 Thread David Jones
From: do...@mail.com   >I received this very unusual email a few days ago. It (or another >email), timed out my spamassassin check (which is a first). >I'm interested if this mail is legit, or if it's just a new trap. >> Return-Path: >> Received: from racolage.xxx ([216.51.232.227]) by mx.ma

Re: Strange audio spam

2017-05-08 Thread Joe Quinn
On 5/5/2017 8:53 PM, do...@mail.com wrote: I received this very unusual email a few days ago. It (or another email), timed out my spamassassin check (which is a first). I'm including the full text of the spam below along with all of the headers. I'm interested if this mail is legit, or if it's