On 10/22/2010 02:50 AM, dar...@chaosreigns.com wrote:
Or falsely reporting legit mail servers as sending large quantities of spam
in another attempt to cripple the usefulness of such a system.
I'm also interested in more ideas on how spammers could game this system,
and what could be done about
In order to reduce backscattering, I'm using an additional milter-regex
on the systems processing outgoing messages. This milter-regex try to
recognize backscattered messages as well as spam marked messages
redirected to addresses outside off the protected perimeter. Although
this method is not
Matt Kettler wrote:
It looks for a HELO doesn't match against the reverse DNS for the IP
address.
Please note the case of clients connected to the network via NAT and
using dynamic IP addresses. In the general case, such clients do not
known about the IP address to which one their local addr
According to the docs...:
Option: botnet_clientwords
Space delimited list of regexps that are indicate an end client or
dynamic host which should not directly connect to other mail servers
besides its own provider's. Multiple entries are ORed together. Multiple
entries may be space delimit
Just another command sequence which worked well on a file containing an
image too:
gs -sOutputFile=hugo -sDEVICE=pnmraw -dNOPAUSE -dBATCH -r600x600 hugo.pdf
cat hugo | pamthreshold -simple -threshold 0.5 | pamtopnm | ocrad
--format=utf8
This could be a base for another prep and scanset for F
Raymond Dijkxhoorn wrote:
I was able to decode to plain text using the following commands:
cat report.pdf | acroread -toPostScript -level2 -saveVM | ps2ascii
And this scales? :)
It worked for me on an example of the many similar SPAM messages I have
got. It will probably not work with any
Raymond Myren wrote:
Just today I started receiving spam mails with attached .pdf files with
a spam image.
Any ideas how to stop this spam type?
I was able to decode to plain text using the following commands:
cat report.pdf | acroread -toPostScript -level2 -saveVM | ps2ascii
Finally, very
John Rudd wrote:
In my opinion, the Botnet plugin should recognize that as botnet, but
I could be wrong.
Botnet is looking for hosts whose DNS looks like a dynamic or dial-up
customer. So, if the host has no reverse DNS, the reverse DNS doesn't
match forward DNS, or the forward DNS contains
;
[21114] dbg: Botnet: RDNS is 'ludwik.warynski.net'
However, one thing to recognize is that botnet does not parse the
Received headers themselves. Spam Assassin does, and puts them into
psuedoheaders. Those pseudoheaders are what botnet processes.
What exactly contain the pseu
Claude Frantz wrote:
The Botnet Plugin is not able to recognize the following sequence:
Another case:
Received: from OrangeSrv.rz.unibw-muenchen.de ([127.0.0.1])
by localhost (OrangeSrv.rz.unibw-muenchen.de [127.0.0.1])
(amavisd-new, port 10024)
with LMTP id 12512-05 for <[EM
The Botnet Plugin is not able to recognize the following sequence:
Received: from ludwik.warynski.net (ludwik.warynski.net [195.82.166.1])
by BlueSrv.rz.unibw-muenchen.de (8.12.11.20060308/8.12.11) with
ESMTP id l55L66tA013532
for <[EMAIL PROTECTED]>; Tue, 5 Jun 2007
23:06:07 +0
Is it possible to exclude a specific address from the AWL without
whitelisting it ? In others words, I want that the AWL test will not be
applyed to this address. All other tests should be applyed as usual.
Thanks a lot !
Claude
Justin Mason wrote:
Can you provide an example? I'm not sure what you mean.
The most important example is the "Received" header which usually occurs
many times.
You could probably do it with the "ALL" pseudoheader, but it'll
be very slow. A plugin might be the best option, but it's hard
While writing rules
How can I find how many headers with the same keyword exist ?
How can I recognize to which one a matching rule apply ?
Or is it necessary to write a plugin in order to have access to this
information ?
Thanks a lot !
--
You will find the CA certificate and the CRL her
How can I get the IP address of the client host which has sent the
message, so that I can use it in rules ?
Thanks a lot.
Claude
--
You will find the CA certificate and the CRL here:
http://www.unibw.de/certs
smime.p7s
Description: S/MIME Cryptographic Signature
Luis HernĂ¡n Otegui wrote:
Hi, List, my users are getting increasing amounts of "Mail Delivery
Subsystem" mails, and I suspect spammers are using their addresses as
senders. I have my servers registered with SPF, but now I wonder how
could I stop this mails from getting to their accounts?
I've
As I could see, strange comments in GIF images results often in problems
in further processing. Now I want to say to my config: "when converting
a GIF image, pass it to 'gifsicle --no-comments' at first. How can I add
this wish to my config ?
Thanks a lot !
Claude
--
You will find the CA certi
Hello Folk !
How can I add this to the database when FuzzyOCR does not recognize the
image as it is ?
Thanks a lot !
Claude
smime.p7s
Description: S/MIME Cryptographic Signature
Here is a typical error report in the log file:
Feb 1 11:31:47 yellowsrv amavis[11701]: (11701-03) (!)collect_results
from [] (/usr/bin/ripole): exit 30 ripOLE: decoding of
/var/spool/amavisd/tmp/amavis-20070201T113001-11701/parts/p002 resulted
in error 30\n
I'm using
Name: ripole
V
Does a sort of free milter-p0f exists ?
Claude
--
You will find the CA certificate and the CRL here:
http://www.unibw.de/certs
smime.p7s
Description: S/MIME Cryptographic Signature
Hello Folk !
Sometimes I get BAYES_99=3.5 as result of the test, in a message coming
to me. This message is only sent to me and its contents is not SPAM.
How can I find exactly the reason on this erroneous marking ?
Claude
--
You will find the CA certificate and the CRL here:
http://www.unibw
In my /etc/mail/spamassassin/v310.pre, there is a line:
loadplugin Mail::SpamAssassin::Plugin::DCC
There is also a file:
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Plugin/DCC.pm
but DCC is not active. What is missing here ?
I'm using SpamAssassin version 3.1.0
running on Perl version
22 matches
Mail list logo
