On 8/9/2011 8:28 AM, Dave Wreski wrote:
Hi,
I noticed that the site that provided the malware.blocklist.cf has
been unavailable since at least the 8th of August.
URL for the file was on
http://www.malware.com.br/cgi/submit?action=list_sa
The FQDN no longer resolves to an address. I have tried
On 3/18/2011 5:08 PM, Michelle Konzack wrote:
Hello Bill Landry,
Am 2011-03-18 15:11:47, hacktest Du folgendes herunter:
No wonder I have seen such a huge drop in spam the past few days:
??? I get 18-26 mio spams (36 servers with 96.000 users) per day and
nothing has changed. Please
No wonder I have seen such a huge drop in spam the past few days:
http://timesofindia.indiatimes.com/tech/enterprise-it/security/Microsoft-brings-down-major-fake-drug-spam-network/articleshow/7734903.cms
Anyone else been noticing the decrease in spam?
Bill
FYI: "Spamhaus created a new "URL shortener/redirector" zone in the
DBL." See:
http://www.spamhaus.org/news.lasso?article=667
Will Spamassassin be adding support for this new DBL
shortener/redirector response code?:
127.0.1.3 spammed redirector domain
For details, see:
http://www
On 1/5/2011 5:11 PM, Mark Martinec wrote:
Combining p0f with BOTNET is indended to *reduce* the high number
of false positives that BOTNET alone produces, *at least* for the
non-windows machines. The windows hosts are left alone and are
not protected by p0f from BOTNET FP.
If someone is scoring
On 11/6/2010 12:50 AM, David F. Skoll wrote:
On Sat, 06 Nov 2010 00:41:53 -0700
Bill Landry wrote:
You could also test the envelope sender:
header SPAMHAUS_ENV eval:check_rbl_envfrom('SPAMHAUS_ENV',
'_vouch.dwl.spamhaus.org.')
But that's an abuse... you
On 11/6/2010 12:19 AM, Bill Landry wrote:
On 11/5/2010 11:40 PM, Dan Mahoney, System Admin wrote:
All,
Has anyone come up with a ruleset yet to score against the new spamhaus
whitelists, and deduct points appropriately?
You could try something like:
header SPAMHAUS_SWL eval:check_rbl
On 11/5/2010 11:40 PM, Dan Mahoney, System Admin wrote:
All,
Has anyone come up with a ruleset yet to score against the new spamhaus
whitelists, and deduct points appropriately?
You could try something like:
header SPAMHAUS_SWL eval:check_rbl('SPAMHAUS_SWL', 'swl.spamhaus.org.')
describe SP
On Thu, May 20, 2010 4:26 pm, Benny Pedersen wrote:
> On fre 21 maj 2010 00:05:26 CEST, Michael Scheidell wrote
>> On 5/20/10 6:00 PM, Robert Palmer wrote:
>>> I am running spamassassin version 3.2.4 and notice my rules have
>>> not updated (sa-update) for many months and I have started getting
>>>
On Mon, March 22, 2010 10:31 am, Kai Schaetzl wrote:
> Bill Landry wrote on Mon, 22 Mar 2010 09:01:26 -0700:
>
>> I tried it with Fedora 12
>
> I didn't say anything about Fedora.
But Warren certainly did in his original post. And BTW, he didn't say
anything about
On Mon, March 22, 2010 9:01 am, Bill Landry wrote:
> On 3/22/2010 4:31 AM, Kai Schaetzl wrote:
>> Warren Togami wrote on Sun, 21 Mar 2010 22:13:10 -0400:
>>
>>> I highly recommend NOT building the RPM package from the spec file
>>> contained
>>> within th
On 3/22/2010 4:31 AM, Kai Schaetzl wrote:
> Warren Togami wrote on Sun, 21 Mar 2010 22:13:10 -0400:
>
>> I highly recommend NOT building the RPM package from the spec file contained
>> within the spamassassin tarball. It has never been tested to work on Fedora
>> or Red Hat Enterprise Linux.
>
>
On Wed, March 3, 2010 5:20 pm, Karsten Bräckelmann wrote:
> On Wed, 2010-03-03 at 16:06 -0800, Bill Landry wrote:
>> On Wed, March 3, 2010 5:38 am, Jari Fredriksson wrote:
>
> We're not going to re-hash one of the many discussions, err, heated
> flame-fests from the clamav
On Wed, March 3, 2010 5:38 am, Jari Fredriksson wrote:
> On 3.3.2010 15:34, Jari Fredriksson wrote:
>> On 3.3.2010 15:22, twofers wrote:
>>> I have 52 of these sitting in my inbox this morning when I came in to
>>> work. this is just the beginning. I get literally hundreds of these a
>>> day and Sp
On 3/3/2010 1:40 PM, Mike Cardwell wrote:
> On 03/03/2010 21:32, Michael Scheidell wrote:
>
>> tracking down some FP's on Sa 3.3.0, they all hit URIBL_DBL.
>> (every email hits that rule)
>>
>> # DBL, http://www.spamhaus.org/dbl/ . Note that hits return 127.0.1.x
>> # A records, so we use a 32-bi
On 2/28/2010 11:35 AM, Carlos Williams wrote:
On Fri, Feb 26, 2010 at 4:38 PM, Benny Pedersen wrote:
I do the following but from my MTA. I don't know if you're using
Postfix or Sendmail but I have the following 'helo_checks.pcre' in my
Postfix directory:
/^localhost$/
On 2/27/2010 6:42 PM, João Gouveia wrote:
Hi Bill,
- "Bill Landry" wrote:
On 2/27/2010 5:35 PM, João Gouveia wrote:
Hi all,
we are aiming to provide free usage of our DNSBL to the general anti
spam community as soon as possible.
However, in order to
On 2/27/2010 5:35 PM, João Gouveia wrote:
Hi all,
we are aiming to provide free usage of our DNSBL to the general anti spam
community as soon as possible.
However, in order to do this we would need to deploy more DNS mirrors or we
risk providing a poor service due to the amount of DNS traffic
Mark Martinec wrote:
> On Thursday 28 January 2010 14:40:56 Graham Murray wrote:
>> Since upgrading to SA 3.3.0, botnet (version 0.8) is showing a false
>> positive on every email I receive via IPv6.
>
> Has anyone contacted the author?
As most here on the list know: "Good luck with that". From
Rosenbaum, Larry M. wrote:
>
>> -Original Message-
>> From: Bill Landry [mailto:b...@inetmsg.com]
>> Sent: Sunday, January 10, 2010 12:42 PM
>> To: users@spamassassin.apache.org
>> Subject: Re: About upgrading
>>
>> LuKreme wrote:
>>&
LuKreme wrote:
> On 9-Jan-2010, at 21:23, Rosenbaum, Larry M. wrote:
>
>> It's the number of seconds since the epoch (Jan 1, 1970). One easy way to
>> convert it to a readable time is
>>
>> # perl -e 'print scalar localtime 1263044805, "\n"'
>> Sat Jan 9 08:46:45 2010
Or even simpler:
perl -l
Christian Brel, AKA "rich...@buzzhost.co.uk" (among other aliases), is
back...
Bill
Ralf Hildebrandt wrote:
> * Benny Pedersen :
>> On tir 10 nov 2009 15:26:43 CET, "rich...@buzzhost.co.uk" wrote
>>> Please keep this in your mind in future before trotting out that tired
>>> old gas.
>> imho Ralf have never being banned in maillist here, if you dont like
>> his answers just unsubsc
Just FYI, in case you might be using the Karmasphere plug-in with
Spamassassin.
Bill
Original Message
Subject: ** IMPORTANT: Karmasphere Reputation Service End of Life ***
Date: Mon, 2 Nov 2009 19:31:55 + (GMT)
From: D J Stewart
To: karmasphere-us...@v2.listbox.com
CC: karm
John Hardin wrote:
> On Fri, 2 Oct 2009, Igor Bogomazov wrote:
>
>> whitelist_from_rcvd s...@domain.mail prefix.domain.mail
>> doesn't work.
>>
>> I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
>> all right.
>
> You don't check rDNS using "host", you check it using "dig -x
Karsten Bräckelmann wrote:
On Tue, 2009-09-15 at 16:36 -0700, Bill Landry wrote:
Yes, the "buzz"ard has also displayed the same abusive nature under his
other email address many times in the past. He uses the same email client
(X-Mailer: Evolution 2.24.3), the same reference in his
>> On Tue, 2009-09-15 at 18:34 -0400, Charles Gregory wrote:
>>> I had considered this, but another poster made the worthy point that
>>> the (ab)user in question was likely the sort to get another fake
>>> address
>>> just so they could keep posting their crud. Sometimes 'ignore them' is
>>> the
>
> On Tue, 2009-09-15 at 18:34 -0400, Charles Gregory wrote:
>> I had considered this, but another poster made the worthy point that
>> the (ab)user in question was likely the sort to get another fake address
>> just so they could keep posting their crud. Sometimes 'ignore them' is
>> the
>> simples
Clunk Werclick wrote:
> On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote:
>> - "Clunk Werclick" wrote:
>>
>> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
>> | > - "Benny Pedersen" wrote:
>> | >
>> | >
--[ UxBoD ]-- wrote:
> - "Clunk Werclick" wrote:
>
> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
> | > - "Benny Pedersen" wrote:
> | >
> | > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> | > | > So ho
> On Mon, 14 Sep 2009, Warren Togami wrote:
>
>> One thing they all have in common is their registration dates are very
>> young according to whois lookups. It seems in general if we had a
>> reliable way to lookup domain age we might be able to differentiate
>> spam.
>
> What's the current status
Clunk Werclick wrote:
> On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
>> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
>>> If the OP cannot refrain from that sort of foul language when
>>> presented with counter arguments then please ban. The list would be
>>> far happier IMHO.
>> Based o
Giampaolo Tomassoni wrote:
> Are you experiencing the same?
>
> Some of them are even sleeping through FuzzyOcr. Any tuning to suggest?
Yes, shake them as they are passing through FuzzyOcr, that should wake
them up so that FuzzyOcr can detect them as they pass through... ;-)
Bill
> mouss wrote:
>>> Mailman has specific functionality to remove signature headers so
>>> that the message can be resigned as it's sent out.
>>
>> which doesn't help, because if I get mail claiming to come "From:
>> ", yet it doesn't have a sig of mine, I don't
>> really care if some fancy mailman o
> Bill Landry a écrit :
>> Res wrote:
>>> On Sat, 13 Jun 2009, Charles Gregory wrote:
>>>
>>>> On Sun, 14 Jun 2009, Res wrote:
>>>>> Though now its Sunday, I have socialising to do, and none of that
>>>>> includes sitting on mail
ram wrote:
> On Mon, 2009-06-15 at 15:35 +1000, Con Tassios wrote:
>> On Mon, 15 Jun 2009, Chip M. wrote:
>>
>>> DOB ("Day Old Bread") had the same problem last year:
>>> http://mail-archives.apache.org/mod_mbox/spamassassin-users/200810.mbox/%3cva.33f1.14690...@news.conactive.com%3e
>>>
>>> Wi
Chris Owen wrote:
> On Jun 14, 2009, at 8:10 PM, Bill Landry wrote:
>
>>> Mailman has specific functionality to remove signature headers so
>>> that the message can be resigned as it's sent out.
>
>> If that happens then the message is no longer signed by
David Gibbs wrote:
> Bill Landry wrote:
>> This may be true if the sender were adding the footer before signing and
>> sending the message to the list. However, not true if it's the mailing
>> list that is adding the footer after the original sender has already
>&g
David Gibbs wrote:
> mouss wrote:
>> - mail admin at example.com configures his mail system to sign all
>> outbound mail with DKIM
>> - he rejects any mail with a From: in his domain if it doesn't have a
>> valid DKIM signature
>> - j...@example.com posts to a list that appends a footer (or munges
Res wrote:
> On Sat, 13 Jun 2009, Charles Gregory wrote:
>
>> On Sun, 14 Jun 2009, Res wrote:
>>> Though now its Sunday, I have socialising to do, and none of that
>>> includes sitting on mailing lists listening to cry babies who expect
>>> people involved in OSSP's to drop everything and be their
Res wrote:
> On Sat, 13 Jun 2009, Bill Landry wrote:
>
>> I just love these kinds of responses (talk about 5yo tantrums), as they
>> only server to prove my point about your credibility and the value of
>> your opinions. Thank you! :-)
>
> truth hurts dont it land
Benny Pedersen wrote:
> On Sat, June 13, 2009 14:31, Bill Landry wrote:
>> However, if
>> you are willing to release something to the open source community, you
>> should also be willing to take on the responsibility of providing
>> ongoing support for it.
>
&
John Rudd wrote:
> Further, Bill, I don't answer to you for my time constraints. Now
> quit your whining and put your money where your mouth is. If it's so
> important, then provide a fix that replaces Net::DNS with SA's
> internal DNS routines, and I'll use it. If it's not important enough
> t
Res wrote:
> No because I seem to have reliable DNS and have never exhibited the issue.
Oh, and if in fact you "really" had a clue, you would know that "DNS
reliability" has absolutely nothing to do with this issue... ;-)
Bill
I just love these kinds of responses (talk about 5yo tantrums), as they
only server to prove my point about your credibility and the value of
your opinions. Thank you! :-)
Bill
Res wrote:
> On Thu, 11 Jun 2009, Bill Landry wrote:
>
>>> I'm sure John might be happier to
>> This issue has been unresolved for way too long. All of this, in my
>> mind, this makes the plugin orphaned and unusable if not patched with
>> Mark's patch.
>
> Actually it's a patch by Daniel J McDonald from 2007-06-15.
> I just refreshed it for 0.8 and reposted it two months later.
> Credits
>> Well I suppose you could always take the product that you dislike so
>> badly back to the store and ask for a refund of your purchase price.
>> Sometimes it really amazes me how much, and how severely, some people
>> will gripe about free products that exist only because other people
>> volunte
> I've had no trouble with Botnet timeouts, but just now patched anyway,
> to avoid any potential trouble. I, and many others appreciate how
> responsive you've been with your sanesecurity work, but not everyone has
> the same resources.
> Whenever I install GNU free software, I have to remember th
McDonald, Dan wrote:
> On Wed, 2009-06-10 at 21:40 -0700, John Rudd wrote:
>> On Wed, Jun 10, 2009 at 21:11, Bill Landry wrote:
>>> Jake Maul wrote:
>>>> Interesting that I'm just now running into this... I've been using
>>>> Botnet on this serve
John Rudd wrote:
> On Wed, Jun 10, 2009 at 21:11, Bill Landry wrote:
>> Jake Maul wrote:
>>> Interesting that I'm just now running into this... I've been using
>>> Botnet on this server for several months without issue.
>>>
>>> Thanks fo
Jake Maul wrote:
> Interesting that I'm just now running into this... I've been using
> Botnet on this server for several months without issue.
>
> Thanks for the link, shorter timeouts should cure it. :)
Even though Mark Martinec had provided John Rudd with a nice, neat patch
for botnet.pm well
LuKreme wrote:
> On 17-May-2009, at 06:32, Yet Another Ninja wrote:
>> On 5/17/2009 2:09 PM, LuKreme wrote:
>>> On 16-May-2009, at 21:25, Bill Landry wrote:
>>>> LuKreme wrote:
>>>>> grep EMAILBL /var/log/maillog.1 | grep -v "is spam" | wc -
Kurt Buff wrote:
> On Sun, May 17, 2009 at 16:23, Bill Landry wrote:
>> I'm not sure the purpose is of this kind of email, as the links are not
>> clickable, even though they appear to be. The message scored high, but
>> wondering what others think about this one:
&
I'm not sure the purpose is of this kind of email, as the links are not
clickable, even though they appear to be. The message scored high, but
wondering what others think about this one:
http://pastebin.com/m74dd8503
Is it simply a poorly written piece of vbscript that could be dangerous
if d
LuKreme wrote:
> On 16-May-2009, at 02:43, Yet Another Ninja wrote:
>> On 5/13/2009 9:33 AM, Yet Another Ninja wrote:
>>> Assuming Henrik may appreciate some stats, even if minimal like below:
>>> Yesterday's hits:
>>> grep EMAILBL/var/log/maillog.1 | wc -l
>>> 1263
>>
>> Friday's count:
>>
>>
Henrik K wrote:
>> When I run "spamassassin --lint" no problems are reported. Any thoughts
>> on why this is happening only when updating the sought rules?
>
> It seems sa-update only lints the directory that it downloaded, thus no
> freemail_domains cf is ever seen. I've now reduced the warning
Bill Landry wrote:
> Hi Henrik,
>
>> I've revamped fully the old code. Works still the same, but has some new
>> functions. It's also a bit more careful when parsing body (new parser,
>> emails inside <> are ignored, as well ones inside urls etc), so it mi
Hi Henrik,
> I've revamped fully the old code. Works still the same, but has some new
> functions. It's also a bit more careful when parsing body (new parser,
> emails inside <> are ignored, as well ones inside urls etc), so it might
> even reduce FPs and add hits, who knows.
>
> Domains are now
Ok, this horse is not only dead, but it's been totally pulverized. Can
we now please kill this ridiculously drawn-out thread - or maybe it can
be taken off-line by those that wish to continue this diatribe?
Thanks!
Bill
Igor Chudov wrote:
> OK, dumb question, how would I implement greylisting (I have Ubuntu)
That depends on what MTA you are using. Most greylisting is performed
by milters or, if using Postfix, policy delegation. Check your MTA's
web site, they will usually advise you on how to implement greylis
Bill Landry wrote:
> I do a "sought" rules update once per day using sa-update, but today I
> am seeing:
>
>http: request failed: 500 read timeout: 500 read timeout
>channel: could not find working mirror, channel failed
>
> I cannot access the site via we
Matus UHLAR - fantomas wrote:
>> On 22.04.09 13:39, Benny Pedersen wrote:
>>> still running here as server and client
>
> On 24.04.09 15:19, Matus UHLAR - fantomas wrote:
>> client only here. searching for PYZOR string in SA logs didn't findanything
>> for last two days (gotta re-check).
>> seems
Hi Folks,
Sorry for the cross-postings, but I wanted to try an reach as many
people that uses the "unofficial-clamav-sigs" script as possible.
I have been asked by some package and port maintainers to rename the
script and tarball to better support their efforts to package the script
for redistri
mouss wrote:
> Bill Landry a écrit :
>> Karsten Bräckelmann wrote:
>>> On Wed, 2009-04-22 at 10:47 -0700, Bill Landry wrote:
>>>> I do a "sought" rules update once per day using sa-update, but today I
>>>> am seeing:
>>>>
Karsten Bräckelmann wrote:
> On Wed, 2009-04-22 at 10:47 -0700, Bill Landry wrote:
>> I do a "sought" rules update once per day using sa-update, but today I
>> am seeing:
>>
>>http: request failed: 500 read timeout: 500 read timeout
>>channel: co
I do a "sought" rules update once per day using sa-update, but today I
am seeing:
http: request failed: 500 read timeout: 500 read timeout
channel: could not find working mirror, channel failed
I cannot access the site via web browser either. Just curious if anyone
else seeing this, as wel
stefan novak wrote:
> I've updatet the file with the headers:
>
> http://pastebin.com/m6e31520c
Scored high here:
Content analysis details: (32.9 points, 10.0 required)
pts rule name description
--
--
3.5
alexus wrote:
> I have maildrop installed on my system and I was thinking to enable a
> global rule among of all my maildrop users
>
> where all emails that have score 5.0 and higher would move into junk
> e-mail folder, and rest should go to INBOX as it was in the past
>
> can someone help me ou
John Rudd wrote:
> I know there used to be a nice convenient set of RBL's based upon
> countries, such that you could easily track an IP address back to
> which country it came from. But, IIRC, that RBL went under.
>
> 1) Does anyone know of a convenient command line tool (perl library
> being id
John Rudd wrote:
> I know there used to be a nice convenient set of RBL's based upon
> countries, such that you could easily track an IP address back to
> which country it came from. But, IIRC, that RBL went under.
>
> 1) Does anyone know of a convenient command line tool (perl library
> being id
Dennis German wrote:
> Attempting to see how spamassassin would score a message
> I tried
> spamassassin < lottery.msg
>
> [32179] warn: config: could not find site rules directory
> check: no loaded plugin implements 'check_main': cannot scan! at
> /usr/lib/perl5/vendor_perl/5.8.
Gene Heskett wrote:
> Using cpan, trying to install Net::Ident (the other bits except razor were
> nominal from the same source)
>
> Checking for Apache.pm... not found
> Writing Makefile for Net::Ident
> cp Ident.pm blib/lib/Net/Ident.pm
> Manifying blib/man3/Net::Ident.3pm
> JPC/Net-Ident-1.2
Dirk Bonengel wrote:
> Hello all,
>
> just to make it official: he iXhash plugin has now reached version
> 1.5.5. Recent changes are:
> - Adam Stephens noted that hash#3 would be checked even though it ahd
> not been computed in the first place.
> In other words: Hash #2 would be checked against t
Rosenbaum, Larry M. wrote:
>> From: Daryl C. W. O'Shea [mailto:spamassas...@dostech.ca]
>> Sent: Saturday, December 20, 2008 2:48 AM
>>
>> On 19/12/2008 5:40 AM, Marcin Krol wrote:
>>> Daryl C. W. O'Shea wrote:
do it all at once. See my SARE sa-update page for details:
http://daryl.doste
LuKreme wrote:
> On 9-Dec-2008, at 08:15, Karsten Bräckelmann wrote:
>> On Tue, 2008-12-09 at 08:51 +, Nigel Frankcom wrote:
>>> I haven't seen an update from sa-update in months. What version is
>>> current?
>>
>> Nigel, Chris wasn't talking about the stock rule-set, but the
>> third-party JM_
Marc Perkel wrote:
>
>
> Bill Landry wrote:
>> Giampaolo Tomassoni wrote:
>>
>>>> -Original Message-
>>>> From: Marc Perkel [mailto:[EMAIL PROTECTED]
>>>> Sent: Wednesday, December 03, 2008 12:04 AM
>>>>
>>>
Giampaolo Tomassoni wrote:
>> -Original Message-
>> From: Marc Perkel [mailto:[EMAIL PROTECTED]
>> Sent: Wednesday, December 03, 2008 12:04 AM
>>
>> it's WORKING
>
> Well,
>
> it hangs my SA 3.2.4 setup on waiting for a reply from ctyme.ixhash.net .
>
> The strange thing is that it c
Rose, Bobby wrote:
> Has anyone who switched to 1.5 of iXHash received any hits? I haven't seen
> any since switching. One thing that I've noticed is if I pass the same
> message thru SA using the old iXhash, the hash is computed via Method 1 and
> 2, if I use 1.5 of iXhash, it's only computed
Bill Landry wrote:
> mouss wrote:
>> Bill Landry wrote:
>>> I've posted a short pharma spam message to:
>>>
>>> http://www.inetmsg.com/spam.txt
>>>
>>> and debug output to:
>>>
>>> http://www.inetmsg.com/sa-debug.t
Found this posted on another list, thought others here might find this
of interest, as well.
Major Source of Online Scams and Spams Knocked Offline:
http://voices.washingtonpost.com/securityfix/2008/11/major_source_of_online_scams_a.html
SpamCop.net - Total spam report volume:
http://www.spamcop.
mouss wrote:
> Bill Landry wrote:
>> I've posted a short pharma spam message to:
>>
>> http://www.inetmsg.com/spam.txt
>>
>> and debug output to:
>>
>> http://www.inetmsg.com/sa-debug.txt
>>
>> It displays a single URI linked line in
I've posted a short pharma spam message to:
http://www.inetmsg.com/spam.txt
and debug output to:
http://www.inetmsg.com/sa-debug.txt
It displays a single URI linked line in an e-mail client that only
displays: "Please visit our shop." There seems to be something about
the URI in the message th
Micah Anderson wrote:
> I keep getting hit by phishing attacks, and they aren't being stopped by
> anything I've thrown up in front of them:
>
> postfix is doing:
> reject_rbl_client b.barracudacentral.org,
> reject_rbl_client zen.spamhaus.org,
> reject_rbl_client
Just wondering if anyone has had any experience with this particular
whitelist:
http://www.emailreg.org/
They do provide a sample SpamAssassin config at the bottom of the
"Instructions" tab, with one minor error:
describe RCVD_IN_EMAILREG_0D
They need to remove the "D" from the end of the "desc
Forgot to include Karmasphere:
160 KARMA_CONTENT_NEGATIVE
210 KARMA_CONNECT_NEGATIVE
Bill
Bill Landry wrote:
> Here are some stats for this past weekend comparing Pyzor to other hash
> tests:
>
> 36 CTYME_IXHASH
> 38 HOSTEUROPE_IXHASH
> 92 GENERI
Here are some stats for this past weekend comparing Pyzor to other hash
tests:
36 CTYME_IXHASH
38 HOSTEUROPE_IXHASH
92 GENERIC_IXHASH
129 NIXSPAM_IXHASH
218 RAZOR2_CF_RANGE_E4_51_100
256 PYZOR_CHECK
388 RAZOR2_CF_RANGE_E8_51_100
411 RAZOR2_CF_RANGE_51_100
418
Chris wrote:
> I've changed the ixhash.cf per Dirk's instructions, the whole error is:
>
> [15617] warn: rules: failed to run CYTME_IXHASH test, skipping:
> [15617] warn: (Can't locate object method "check_ixhash" via package
> "Mail::SpamAssassin::PerMsgStatus" at (eval 1500) line 1450.
> [1561
Steven Stern wrote:
I'm getting the following error from various perl programs:
$sa-update
Use of uninitialized value in concatenation (.) or string at
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Scalar/Util.pm line 30.
OK... maybe we need an update:
[EMAIL PROTECTED] ~]# perl -MCPAN -
Nigel Frankcom wrote the following on 10/21/2007 11:22 PM -0800:
> On Sat, 20 Oct 2007 23:27:41 -0500, Igor Chudov <[EMAIL PROTECTED]>
> wrote:
>
>
>> I was looking at this article
>>
>> http://en.wikipedia.org/wiki/E-mail_spam
>>
>> It claims that "only five countries are hosting 99.68% of the
JP Kelly wrote the following on 10/21/2007 11:41 AM -0800:
> this looks interesting to me as well
> i am a little confused about how to use/install it
>
> on the page you provided a link to it says under "USAGE" to "add the
> following to your local.cf file"
>
> loadplugin Mail::SpamAs
Igor Chudov wrote the following on 10/20/2007 9:27 PM -0800:
> I was looking at this article
>
> http://en.wikipedia.org/wiki/E-mail_spam
>
> It claims that "only five countries are hosting 99.68% of the global
> spammer websites", of which the foremost is China, hosting 73.58% of
> all web sites
[EMAIL PROTECTED] wrote the following on 10/18/2007 11:01 PM -0800:
> Check your $HOME for an ever growing ~/razor-agent.log apparently
> brought in by sa-update two days ago, which will one day fill your
> disk, according to a web search.
>
> How to tell it that just like the other 99% of spamassa
Kris Deugau wrote:
> Mikael Syska wrote:
>> I'm not sure about all the diff black list options ... but I guess it
>> would be rather easy to test it .
>>
>> header RCVD_IN_LASHBACK eval:check_rbl('LASHBACK','ubl.unsubscore.com')
>> describe RCVD_IN_LASHBACK lashback
>> tflags RCVD_IN_LASHBACK n
Dan Mahoney, System Admin wrote:
> On Mon, 8 Oct 2007, Rob McEwen wrote:
>
>> Therefore, I recommend that you re-think your choices here! Don't let
>> your quest for "guaranteed long-term perfection" keep you from making
>> **substantial** progress today!
>
> Rob,
>
> Then help rally the SA team
Saw this posted on another list:
http://sunbeltblog.blogspot.com/2007/10/botmaster-busted.html
"United States Attorney McGregor W. Scott announced today the arrest of GREG
KING, 21, of Fairfield, California, and... "
Tim Litwiller wrote:
> We are running spamassassin on a Dual processor P4 Dell.
>
> How can I make sure that spamassassin is using both processors. Top is
> showing spamd using between 39% and 89% of the processor constantly.
> there are times during the day when we are processing 1800+ email per
j o a r wrote:
>
> On 27 aug 2007, at 21.20, Kai Schaetzl wrote:
>
>> That's wrong. Even if all servers in the world would check SPF you would
>> achieve *nothing* as the big majority of mail doesn't have anything to
>> check.
>
>
> Why would I, as a SPF publishing domain owner, care if they ha
Marc Perkel wrote:
>
>
> Jo Rhett wrote:
>> On Aug 21, 2007, at 11:17 AM, Duane Hill wrote:
>>> On Tue, 21 Aug 2007 at 11:03 -0700, [EMAIL PROTECTED]
>>> confabulated:
It seems to mostly help when it drops the message into a file for
clamav to scan.
>>>
>>> Is that using the ClamAV plug
Rick Zeman wrote:
> From: "Jiyoon franc" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: The poor man' -- Koroviev let some tremor into his voice and
> pointed to Behemoth, who immediately concocted a woeful physiognomy - 'the
> poor man spends all day reparating primuses.
> Date: Fri, 17 A
Jason Bennett wrote:
> Over the past few days, I’ve been seeing a ton of spam with every second
> letter replace with punctuation or other symbol that are getting past SA.
> Are there any Rulesets out there that can take care of this? I am using SARE
> and most of the SA plugins. You can see
1 - 100 of 247 matches
Mail list logo
