you only count bit 1 settable on octet 2 and 3 (ie
127.1.1.2)
343 if you avoid setting bit 1 altogether on any octet (ie 127.2.2.2)
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
to support both bitmasked and
multiple response if there is value in having both?
URIBL uses bitmasks, but doesnt need to as we dont cross list domains to
multiple lists.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
test to see how they
respond.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
instantly nuked, but
getting those Chinese registrars to action anything like this, even with
proper evidence, is nearly impossible... just think if you asked them to
kill it before the abuse started. ;)
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
Rob McEwen wrote:
Dallas
Engelken wrote:
Yes, of course, but you're results.txt is biased as it only shows
where imvURI hits.
Based on the last 20k adds to URIBL, it appears to me that imvURI
has less coverage?
:
Dallas,
Yes, you are right!
URIBL *does* cast a wider net than ivmURI
erage?
imvURI stats from last 2 URIBL reactive listings.
-> 5519 hits
-> 14481 misses
imvURI stats from last 2 URIBL proactive listings.
-> 351 hits
-> 19649 misses
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
.uribl.com
microsoft.com.white.uribl.com text "Whitelisted, see
http://lookup.uribl.com/?domain=microsoft.com";
URIBL white hits are also visiable on the lookup form, ie
http://lookup.uribl.com/?d=godaddy.com
We're not scared to show it off, as we dont use it for false remediation
(for the most part).
For DNS questions not related to listings.. that includes zone
information, transfers, outages, etc. Use dnsadmin at uribl dot com
<mailto:[EMAIL PROTECTED]>.
Have you done that?
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
ti.uribl.com
skn24n.hotmail.ru.multi.uribl.com text "Blacklisted, see
http://lookup.uribl.com/?domain=skn24n.hotmail.ru";
See http://rss.uribl.com/hosters/ for host abuse listings.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
amhaus
(http://www.spamhaus.org/organization/dnsblusage.html) doesnt prevent
inclusion of RCVD_IN_SBL in SA.
Thanks,
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
...duh, that won't work. Where would the domain name to test come from?
Perhaps a check for ISP DNS tomfoolery could be put in the --lint checks
somehow?
Or better yet, just fix the URIBLDNS plugin code to expect responses
matching ^127\.
Anything else is a dns monetizer.
--
from becoming registrars too.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
morning if you want to grab a new version...
http://www.rulesemporium.com/plugins/PDFInfo.pm
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
one SOA TTL: values (at least until
Joe Spammer starts tweaking individual RRs)?
Jared Hall
General Telecom, LLC.
On Friday 10 August 2007 13:59, Dallas Engelken wrote:
John Rudd wrote:
I'm a prophet now!?
:-)
Hm. So, I'm sure I can figure this out eventually, but d
push(@ns,$s);
}
}
$res->nameservers(@ns);
}
Pulling authoritative results can be quite slow, so you may want to
alarm it to prevent timeouts from hanging you up.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
OX_M4 PDF Stox spam
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
ents ? Any issues ?
I've heard of no performance problems.. Its only going to run on
messages with mime parts that it belives contains pdf anyways... so
what is that, <1% of the time.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
Wolfgang Zeikat wrote:
Hello again,
On 07/12/07 16:22, Dallas Engelken wrote:
Wolfgang Zeikat wrote:
I noticed that some of the latest pdf spam mails do not contain a
filename in the mime headers, could that be a reason for the above
behaviour?
Possibly, but seeing that line 300 is just a
-3.1.x but version 1.03 seems to be
for sa-3.0.
(BTW, they both seem to be dated 2007-01-30 at
http://rulesemporium.com/programs/
)
what the hell are you reading?
http://rulesemporium.com/programs/sa-stats-1.0.txt = v1.03 is the
latest, for SA 3.1
# version: 1.03
# author: Dallas Engelk
).
I did this the other day with CAM::PDF, but Theo recommended this work
should be done in the post_message_parse() plugin call. Then you could
just write body rules against the text, uris would get checked by
uribldns plugin, etc
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
is a more current version than 0.3 that probably hits these. when
i tried to access the urls, they were already gone, but i'd guess they
were the ones that used 'pdf crypt'
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
very helpful.
So, if you want to send that to me, I can get the info to them so they
can get to the bottom of it.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
It may be all
fine and good for distribution of load/bandwidth, but thwarting off ddos
it is not.
The proper solution would be to dismantle the botnets that are capable
of mass ddos. Some ISPs need to gain a clue, step it up, and do their
part to cut off access to infected PCs.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
;);
dbg("pdfinfo: found part, type=".($type ? $type : '')."
file=".($name ? $name : '')." cte=".($cte ? $cte : '')."");
Thanks,
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
Robert - eLists wrote:
Praise God Almighty!
We were able to spend more than a few seconds and many click on the
rulesemporium website.
Awesome.
As it says, was it moved over to vr.org ???
A couple years ago... yup. Which is now netactuate.com
--
Dallas Engelken
[EMAIL PROTECTED
1 40s/0h of 11773 corpus (10988s/785h
AxB2-TRAPS) 07/11/07
# countsGMD_PDF_STOX_M2 223s/0h of 6132 corpus (555s/1577h
AxB-MANUAL) 07/11/07
# countsGMD_PDF_STOX_M2 29s/0h of 10767 corpus (9986s/781h
AxB2-TRAPS) 07/11/07
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
tions, or even ideas for similar solutions? I
think you would be pleasantly surprised.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
remains static, and
only the rules need changing, then be my guest...
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
tes to the ruleset could very well mean updating the
plugin, and you cant get people to update a plugin en masse as easy as
you can get them to RDJ a new ruleset. :)
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
directory and rerun RDJ by hand.
That worked for me on CentOS 4.5
The bug has been reported and a fix is due in 3.2.2 I believe.
Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection?
Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and
Robert Schetterer wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dallas Engelken schrieb:
John Thompson wrote:
Raymond Myren wrote:
Just today I started receiving spam mails with attached .pdf files with
a spam image.
Any ideas how to stop this spam type
parse them for spam text.
As was stated earlier...
Until its publicly released, you can request a solution from SARE with a
simple email via the information at
http://www.rulesemporium.com/plugins.htm#pdfinfo
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
have... I'll be releasing the info soon.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
hopefully.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
The Doctor wrote:
On Wed, Jun 13, 2007 at 07:30:10AM -0500, Dallas Engelken wrote:
The Doctor wrote:
Cans rules_du_jour work?
Still getting a no update state.
SARE is back up (knock on wood). Delete your .cf files and re-run RDJ...
--
Dallas Engelken
[EMAIL PROTECTED
The Doctor wrote:
Cans rules_du_jour work?
Still getting a no update state.
SARE is back up (knock on wood). Delete your .cf files and re-run RDJ...
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
Jerry Durand wrote:
At 09:19 AM 6/9/2007, Dallas Engelken wrote:
Rulesemporium.com will be coming back online at approximately 1800
GMT. Special thanks to Prolexic (http://www.prolexic.com) for the
DDoS protection.
Great news and good work! I assume we can re-enable sa-update for
Yet Another Ninja wrote:
On 6/9/2007 6:50 PM, Jerry Durand wrote:
At 09:19 AM 6/9/2007, Dallas Engelken wrote:
Rulesemporium.com will be coming back online at approximately 1800
GMT. Special thanks to Prolexic (http://www.prolexic.com) for the
DDoS protection.
Great news and good work
x27;s happening?
- --
Same issue here. 404 errors.
Pls Disable all RDJ till further notice...
Rulesemporium.com will be coming back online at approximately 1800
GMT. Special thanks to Prolexic (http://www.prolexic.com) for the DDoS
protection.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
ns timeouts for URIBL currently. The dns mirrors
are all up... just the websites are ddos'd.
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
ferid=1&mailerid=1&emailid=0
http://images.loveouroffers.com/general/8675_usub/USUB_101_b_03.jpg
http:///unsubscribeOffers.html
http://./unsubscribeOffers.html
Enjoy. Also, I only get digest copies from this list and dont check
them all, so please cc me if you want me to see it. :)
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
address it. I'll get it updated on the SARE side shortly. I
havent looked at Theo's sandbox lately, but I'd guess its incorrect
there also then.
Thanks,
--
Dallas Engelken
[EMAIL PROTECTED]
http://uribl.com
Greeting,
I've added a few enhancements to the ImageInfo plugin for SpamAssassin.
You can get it from..
http://www.rulesemporium.com/plugins.htm#imageinfo
Updates:
- added optimization changes by Theo Van Dinter
- added jpeg support
- added function image_named()
- added function image_size_e
> -Original Message-
> From: Rick Macdougall [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 10, 2006 11:59
> To: [EMAIL PROTECTED]
> Cc: users@spamassassin.apache.org
> Subject: Re: Strange problem
>
> Sanford Whiteman wrote:
> >> Both servers have exactly the same config except for the
> Actually what I was thinking of was an DNS version of this list so that
other applications can use it.
oh i see.. well SA couldnt use it without someone writing a plugin then.
dallase
http://uribl.com
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 22, 2006 09:30
> To: [EMAIL PROTECTED]
> Cc: users@spamassassin.apache.org
> Subject: Re: DNS Whitelists
>
> I'm not thinking links, What I want to do is whitelist based
> on the host name of the se
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 22, 2006 09:15
> To: users@spamassassin.apache.org
> Subject: DNS Whitelists
>
> Are there any DNS bases whitelists out there? If not -
> shouldn't we build one?
>
> I need two different kinds of D
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 08, 2006 14:50
> To: [EMAIL PROTECTED]
> Cc: users@spamassassin.apache.org
> Subject: Re: Latest sa-stats from last week
>
> Dallas Engelken wrote:
> >> -Orig
> -Original Message-
> From: [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 08, 2006 14:07
> To: users@spamassassin.apache.org
> Subject: Latest sa-stats from last week
>
> Email: 561313 Autolearn: 0 AvgScore: 6.77
> AvgScanTime: 2.41 sec
> Spam:209359 Autolearn:
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 19, 2006 06:09
> To: jdow
> Cc: users@spamassassin.apache.org
> Subject: Re: URIBL_BLACK + OB_SURBL double-listed nonspam domain
>
> Right now JP+SC scores 8.585, which even BAYES_00 can't
> bri
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 19, 2006 06:27
> To: [EMAIL PROTECTED]
> Cc: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> Dallas Engelken wrote:
> >
> >
&g
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 19, 2006 02:07
> To: jdow
> Cc: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> jdow wrote:
> >
> >> rbl/uribl overlap.
> >
> > Matt, I think your worry about overl
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Saturday, February 18, 2006 00:05
> To: Raymond Dijkxhoorn
> Cc: jdow; users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> Raymond Dijkxhoorn wrote:
> > Hi!
>
> >>>
> I consider t
> -Original Message-
> From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 17, 2006 21:34
> To: Dallas L. Engelken
> Cc: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> Dallas L. Engelken wrote:
> > The result will be no URIBL only F
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 17, 2006 18:47
> To: Matt Kettler
> Cc: Jeff Chan; users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> Matt Kettler wrote:
>
> > I'll even re-quote myself:
> >> I pers
> -Original Message-
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
> Sent: Friday, February 17, 2006 01:09
> To: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> On Thu, Feb 16, 2006 at 10:42:19PM -, Dallas Engelken wrote:
> -Original Message-
> From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 16, 2006 21:51
> To: users@spamassassin.apache.org
> Subject: Re: Over-scoring of SURBL lists...
>
> Matt Kettler wrote:
> > List Mail User wrote:
>
> > My FPs fall into two categories:
>
S FIRED
> RANK RULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM
> 1 URIBL_BLACK 1623608.88 55.25 88.862.10
is that 2% ham hits really missed spam or are you having false positives
due to URIBL_BLACK??
Thanks,
--
Dallas Engelken <[EMAIL PROTECTED]>
http://uribl.com
OFSPAM
> %OFHAM
>
>1URIBL_BLACK 2577787.36 44.54 77.31
amen to that!
--
Dallas Engelken <[EMAIL PROTECTED]>
http://uribl.com
On Tue, 2006-01-31 at 11:20 -0600, Kristopher Austin wrote:
> Hmm, I guess that's a question for Dallas. This is the version I'm
> using:
> # file: sa-stats.pl
> # date: 2005-08-03
> # version: 1.0
> # author: Dallas Engelken <[EMAIL PROTECTED]>
> # desc: SA
On Thu, 2005-06-30 at 06:39 -0500, Michael Parker wrote:
> Kai Schaetzl wrote:
>
> >
> >>SQL
> >> storage is now recommended for Bayes
> >>
> >>
> >
> >Hm, time to check the documents how to set this up ...
> >BTW: is my impression correct that Bayes on SQL won't do any auto-expire,
> >you h
61 matches
Mail list logo
