-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry for posting to both dev and users but it looks like the SEM
lists have been pushed into production rules again and are showing up
in 72_active.cf under 3.3.1. This happened around 23:00 (GMT-4) last
night. Someone fix that?
- --Blaine
-B
On 3/23/2011 9:56 AM, dar...@chaosreigns.com wrote:
> In the recent sa-updates, the Spam Eating Monkey rules were
> inappropriately enabled. If you hit them too much, they start returning
> 100% false positives. Their listed limits are "more than 100,000 queries
> per day or more than 5 queries p
Alex wrote:
> Why is s.twimg.com blacklisted on SEM_URI and SEM_URIRED?
There was a rather painful flood of crap hitting our servers using
images hosted at twimg.com. Looks like they were posting the images as
profile pics and then linking directly to it on twitter's dime. This
domain has drop
MY EYES!!11
Maybe it's time to repost the "best practices" for this list?!?
--Blaine
Disclaimer:
This top post is the intellectual property of blah blah blah and urmom.
Henrik K wrote:
>
>
> Marc wrote:
>
>> Get a modern email client. Are you using a KSR33 teletype on a 110
>> baud modem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Santerre wrote:
> I'm just curious this morning. I see a dip in spam trapped, but a pretty
> big rise in blocking. I expected a lot worse over the long holiday
> weekend. Did someone get arrested or something?
Since last Wednesday I show about a
Warren Togami wrote:
> http://spameatingmonkey.com/usage.html
>
> Are these URI rules really valid syntax? They don't look right, and
> spamassassin lint rejects them.
I'm using all of those rules except for the backscatter one with no
problems. They also lint fine for me. Are you watching for
Terry Carmen wrote:
> Instead of blacklisting new domains (which is apparently difficult to
> do), why not blacklist all .cn domains (or simply all domains) newer
> than xxx days?
>
> If they're older than xxx days and not yet on another blacklist for
> sending actual spam, return a neutral resp
Warren Togami wrote:
> Opinions of this proposal?
I would love to have a listing of recently registered .cn domains but
until the TLD operator starts working with us that just isn't going to
happen.
Trying to perform a whois lookup on every domain is painfully slow.
Once you get a high enough vol
Warren Togami wrote:
> I'll add your existing rules to the Sandbox for testing.
Thank you!
> But have you considered putting all the DNSBL's and URIBL's into
> aggregated zones so you can cut down on redundant queries?
Actually, the uri red list is an aggregate zone of my uri black, red and
yell
sschecks as
> well.
Since someone is bound to ask I figure I'll state right now that I have
no objections to the SEM lists being included in the masschecks. In
fact, I'm quite curious.
I would also recommend adding AnonWhois.org to the list.
- --Blaine Fleming
SEM Admin
http://spamea
Marc Perkel wrote:
> I like it.
>
> RCVD_IN_HOSTKARMA_BL
> RCVD_IN_HOSTKARMA_WL
> RCVD_IN_HOSTKARMA_YL
> RCVD_IN_HOSTKARMA_BR
>
> Let's go with it.
Marc, have you updated your wiki to reflect the new rules? I think that
will pretty well settle any debate or question people have.
--Blaine
Marc Perkel wrote:
> My NoBL list is similar to yellow except that you can skip black list
> lookup but maybe might be whitelisted somewhere.
I keep seeing IPs that are on both the NoBL *and* the blacklist. An
example of this 89.206.179.213. That IP currently returns 127.0.0.2
(blacklisted) and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Let's try this again with sending to the list. Sorry Mike!
Mike Cardwell wrote:
> That wouldn't help in this particular case:
>
> "All domains registered in the last 5 days under the .BIZ, .COM, .INFO,
> .NAME, .NET and .US TLDs"
>
> Doesn't work f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arvid Ephraim Picciani wrote:
>> By any chance, didn't your ISP start "providing search service" for any
>> web name that does not exist?
>
> btw, whats the workaround for this? opendns didnt work for me as they have
> similar "features".
> do you
John Hardin wrote:
This is why I started processing all the TLDs I was able to obtain
access to. There is lag but the most it could be is about 24 hours
and that assumes they register a new domain immediately after the TLD
dumps the zone.
Does your data allow mapping domain name to registr
SM wrote:
Even if your traffic patterns are different, the hit rates shouldn't
be that low. There would be a difference if your MTA uses a DNSBL to
reject or if you apply other pre-content filtering techniques.
It's not a matter of different traffic patterns as much as a matter of
when I d
John Hardin wrote:
Why is it so flippin' difficult to get a feed of newly-registered
domain names?
Because the TLDs hate giving people access to the data and certainly
won't provide a feed without a bunch of cash involved. Even worse, all
the ccTLDs pretty much refuse to even talk to you abo
Jules Yasuna wrote:
Configuration (maybe more than you care to see, sorry)
--
1) platform: kubuntu 8.04
2) SA version:3.2.4
3) options:
add_header spam BB score=_SCORE_
report_safe 0
lock_method flock
4) using qmail -> procmail -> spamc -> spamd
ps ea | grep spam sho
Marc Perkel wrote:
Looking from opinions from people running rbl blacklists.
I have a list that contains a lot of name based information. I'm about
to add a lot more information to the list and what will happen is that
when you look up a name you might get several results. For example, a
host
Marc Perkel wrote:
Blaine Fleming wrote:
Marc Perkel wrote:
Blaine Fleming wrote:
Marc Perkel wrote:
I just discovered the "Day old Bread" list of host names under 5
days old. I don't know where they get it but the list is very useful.
I remember playing with this list
Marc Perkel wrote:
Blaine Fleming wrote:
Marc Perkel wrote:
I just discovered the "Day old Bread" list of host names under 5
days old. I don't know where they get it but the list is very useful.
I remember playing with this list a few years ago but now they seem
to lag a
Marc Perkel wrote:
I just discovered the "Day old Bread" list of host names under 5 days
old. I don't know where they get it but the list is very useful.
I remember playing with this list a few years ago but now they seem to
lag a few days behind. For example, as of right now, 'superbleached
John Hardin wrote:
So how is a proponent of the "Hunt down and kill spammers very
messily" FUSSP classified?
In the US, they would be classified as a felon.
--Blaine
mouss wrote:
are you using an old imode phone :) The message was about 125Ko.
That's less than a small photo (I say this because that's what a
"smartphone" is for, no?).
Samsung SCH-i760 on Verizon that takes forever to download mail so when
something longer than about 4k comes in it takes a
Marc Perkel wrote:
Here's my list in dnsrbl format. I only do rsync so far to paid
subscribers or people who I'm trading with.
Dude. Seriously. The data is appreciated but next time please post it
on a website or something. Your mail pissed off my smart phone! It
might not be the best dev
I haven't heard anything about the DOB list from Support Intelligence in
several months and that was only to hear about timeouts. Is it still a
viable list? Does anyone use it? I know it does still respond but I
haven't used it in over a year. Back then it seemed to work well.
I have acces
installed current win version on an xp box, using last paid version of
eudora, inserted "127.0.0.1" in place of POP3 mail server as advised in
manual, but eudora wants a password every time one changes a server
name.and I cannot find one that works.
Not really an SA issue but it is probab
Marc Perkel wrote:
CRM114? What's that? Can't quite figure out what it does. Is it a pony? :)
CRM114 is another way to intelligently separate the spam from the ham.
It is listed on the SA custom plugins page at
http://wiki.apache.org/spamassassin/CustomPlugins . So far it works
quite well
Benny Pedersen wrote:
That is a good starting point for writing a plugin to do something
similar but the OP wants to hash the subject not the body.
subject is part of the body
Correct me if I'm wrong, but I believe that ixhash splits the part after
the blank line (body) and hashes it u
Oops, still trying to get used to Thunderbird and didn't post this to
the list
Benny Pedersen wrote:
Is there a way to realise this in SA.
http://ixhash.sourceforge.net/
That is a good starting point for writing a plugin to do something
similar but the OP wants to hash the subject no
If gmail has a problem, then without a doubt, blacklist them until they fix
it. Seems pretty simple to me.
I know that the ISP's I run mail systems for would lose their customers
if they stop getting mail from Google. The customer attitude is that
the provider should take measures to bloc
I was not able to access http://www.rulesemporium.com? is this working
are moved some where?
Works fine from here. Site is reachable and resolves to 72.52.4.74
which pings fine as well.
--Blaine
Slightly off-topic, but I'm curious, how many of you are using CRM114?
How well does it work for you? Was it difficult to train? I've been
looking at it and haven't found much except the official plugin guide
and a single page saying that it works better than other learning
methods. Any inf
33 matches
Mail list logo
