John Hardin wrote ... (6/11/2009 4:21 PM):
> On Thu, 11 Jun 2009, John Rudd wrote:
>
>> As I've said, I don't really have a plan to incorporate the patch
>> into the main dist.
>
> You probably should. It doesn't prevent you from pursuing your design
> changes, and it would fix the problem for thos
John Hardin wrote ... (4/25/2009 12:06 PM):
>> A phisher would send emails to a large number of people saying,
>> literally, "I am your email administrator, your account is to be
>> suspended, please send me your username and password".
>>
>> DKIM will not work,
>
> BAYES should work quite well.
>
Hi Thomas!
Casartello, Thomas wrote ... (4/24/2009 8:05 PM):
>
> One major issue we’ve been having lately is with phishing emails being
> targeted at us. They’re being sent to us from hacked accounts at other
> educational institutes. The message usually is about “Your EDU webmail
> account is exp
Michael Hutchinson wrote ... (4/7/2009 7:09 PM):
> I have made some changes to my SA 3.1.7 20_dnsbl_tests.cf when I
> compared it to the 3.2.5 release. I basically just removed 2 DNSBL
> lookups that are redundant. This is done in attempt to solve an issue
> random scan times of 30 seconds plus.
Wh
dmdm wrote ... (3/7/2009 2:07 PM):
> What lines lines would need to be added and in which file
> to accept only gpg/pgp encrypted and non-ecrypted signed emails to my admin
> account?
> (debian lenny mail server amavisd-new)
>
> dmdm
>
>
Wrong list. SA does not accept nor reject emails, it only
Jeff Chan wrote ... (11/11/2008 7:33 PM):
> Hi Micah,
> Thanks very much for the feedback. Does anyone know how many
> non-profits have more than 1,000 users (i.e., users with
> mailboxes)? The non-profit pricing is below ISPs and half that
> of regular end users.
>
There are many non-profits
Just an update. I contacted Barracuda and they have resolved their rDNS
issue. They also provided a link so that those that did not receive
their original confirmation emails can have it resent.
Original Message
Subject: RE: BarracudaCentral Contact
Date: Tue, 23 Sep 2008 15:13:
Joseph Brennan wrote ... (9/23/2008 2:37 PM):
> No, they don't, really. They 'may' do that (see below). Try it.
>
> Effective immediately: AOL
> 220- may no longer accept connections from IP addresses which
> 220 have no reverse-DNS (PTR record) assigned.
According to AOL's Poli
Let's see how they respond.
----
*From:* Dave Koontz
*Sent:* Monday, September 22, 2008 11:56 AM
*To:* [EMAIL PROTECTED]
*Subject:* RE: Thank you for contacting BarracudaCentral.org
I just signed up over the weekend for your new BRBL service.
Rose, Bobby wrote ... (9/22/2008 10:24 AM):
> I had the same issue and found that the system that's relaying
> (216.129.105.40) those confirmation emails doesn't have a PTR record.
> You'd think someone selling a antispam/email appliance would be familiar
> with the RFCs.
>
That would explain wh
Justin Piszcz wrote ... (9/22/2008 10:14 AM):
> Hmm I signed up for this 1-2 days ago but never got a confirmation
> e-mail from them? What is the RBL name?
>
> Justin.
Same here. For those currently running this, how long did it take to
get confirmation email and setup?
~ Sparky ~
Rejaine Monteiro wrote ... (8/1/2008 1:40 PM):
Hi all
How can I create a generic rule to block any e-mail with links to
dangerous files ?
Like http://.zip or http://***.exe or ***.doc.exe etc...
This is one I wrote to deal with a large influx of Storm Worm's that got
through once.
does CCing someone have to do with bouncing back
incorrect SPF failure messages?
I'm sorry, but you're a constant source of backscatter, Benny.
--
*Dave Koontz* (MCSE/GCIH)
Associate Director
Computer & Information Services
*Mary Baldwin College*
Email: [EMAIL PROTECTED]
Phon
before, I
know what I think of them now. Well, I will share my response to them as
well. :-)
-Original Message-----
From: Dave Koontz
Sent: Wednesday, June 11, 2008 7:02 PM
To: 'Desmond Liao'
Subject: RE: Request for Interview
Boy, you are border line on SPAM by sending me this m
Personally, I am tired of this entire thread. It has nothing to do with
SA, so PLEASE move it to the MailChannels discussion forums or lists.
Jo Rhett wrote:
I'm tired of wasting time with this pointless conversation. Just stop
making authoritative statements about products you haven't rese
CTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, March 07, 2008 10:47 AM
To: Dave Koontz
Cc: Justin Mason; users@spamassassin.apache.org
Subject: Re: Bayes not run ?
aha -- that's being added by SpamAssassin alright, then, due to
the add_header line.
Are you using 1 global Bayes db, or per-us
r per-user dbs? if the latter, maybe
there just isn't enough training for bayes to be active? Try getting debug
logs from SpamAssassin -- they'll fill you in on the reason (although I'm
not sure if MDaemon allows you to do that).
--j.
Dave Koontz writes:
Justin Mason wrote:
Th
Justin Mason wrote:
The only indication is SA's X-Spam-DataBase: Bayes not run. header.
SpamAssassin doesn't add a header like that... what are you using:
spamd, MailScanner, amavisd?
--j.
I use a product called MDaemon, which has a windows port of SA. Perhaps
my header mapping in l
I just noticed that for some reason only some of my messages are
actually being run through Bayesian classifying. I am not sure how long
this has been occuring. I did a google search which did not turn up much
as to what could cause this.
One suggestion was there was not enough processing thr
contains executable content
scoreDANGEROUS_URL7.5
Joseph Brennan Wrote:
--On Saturday, February 23, 2008 23:08 -0500 Dave Koontz <[EMAIL PROTECTED]>
wrote:
> I am still getting some Storm Worm messages that are not being caught,
> even with Sane Security / ClamAV. I thought
Ditto, please share any resolve should you get one. This has been an
ongoing problem for us for well over a year now.
Ramprasad wrote:
Tony Bunce wrote:
Sorry for the Off Topic thread but I’m at a loss
Is anyone else having issues sending mail to Yahoo?
They are returning 421 Message tempo
I am still getting some Storm Worm messages that are not being caught,
even with Sane Security / ClamAV. I thought I'd write a rule to score
any URL that has a dot exe, scr or pif extension. However, my rule is
not working. Can someone help advise what is wrong? I want it to
pickup any http
I am still getting some Storm Worm messages that are not being caught,
even with Sane Security / ClamAV. I thought I'd write a rule to score
any URL that has a dot exe, scr or pif extension. However, my rule is
not working. Can someone help advise what is wrong? I want it to
pickup any http
I remember there was a period of time when dozens of URI delist
requests were submitted all together without any detail. Could that
have been the case with your reports?
Theo Van Dinter wrote:
FWIW, I used to report FP domains to URIBL daily until I was told to
stop because there were too ma
Arthur Dent wrote:
Nope sorry..
Please confirm... that your botnet.pm file is where your other plugin PM
modules reside. And that the botnet.cf file is where your custom rules
live (may be a different path depending on configuration). Make sure
the botnet.cf is in the same directory as y
I am running Botnet 0.8 with SA 3.2.3 without issue. Try a fresh install of
all Botnet files.
-Original Message-
From: UxBoD [mailto:[EMAIL PROTECTED]
Sent: Friday, January 11, 2008 5:45 AM
To: Arthur Dent
Cc: users@spamassassin.apache.org
Subject: Re: BOTNET 0.8 + SA 3.2.3
I am runni
Umm... this is nice, however, your main page doesn't look so good.
http://ipadmin.junkemailfilter.com/ returns:
Fedora *Test Page*
Might want to fix that! ;-)
Marc Perkel wrote:
> http://ipadmin.junkemailfilter.com/rdns.php
>
> You might want to bookmark this page. Try it out and see if your
Do you have Auto Learning enabled? That helps balance the number of ham
and spam messages your system learns. My experience has been that the
Bayes database does this eventually if it's feed far more spam than
ham. If your spam level is very high, you may want to look at both
auto-learn as well
Does anyone use the LashBack URL as an MTA BL block or SA rule? I just
discovered them and they sound intriguing. Any feedback on their
reliability and FP rate would be appreciated. I am a little concerned that
I've never heard of them before..
http://www.lashback.com/support/UnsubscribeBlac
Thanks for the explanation, but I think you are missing the point here.
What is reasonable and what will cause a block?
An individual may well issue 100 queries a day for research. Not many
have the time to do tens of thousands+ a day (or more). Any system that
does will likely fall into the AU
If nothing else, you should likely add a disclaimer to your rules as you
can't control the threshold at which a site may be blocked for excessive
queries. I doubt that most users on this list have email volumes as low
as yours (100?), and will go well above the thresholds you've tested. I
am a wh
If I might ask, where are you getting the list "SEED" addresses from?
It's hard for me to imagine you have such a large number of users that
have already requested information you have not configured to send yet.
If this is a purchased list of addresses ... you may have some problems
quickly. Re
30 day
purge should be more than safe for most anyone and bets a non-expiry system.
Michael Parker wrote:
> Dave Koontz wrote:
>
>> Theo and all. I know this topic comes up on occasion, but I am not sure
>> I've ever seen an explanation as to why the bayes_seen file is
Theo and all. I know this topic comes up on occasion, but I am not sure
I've ever seen an explanation as to why the bayes_seen file is not auto
pruned along with the bayes db file. Since tokens expire in the main DB
file, what is the purpose of having a seen file to unlearn tokens which
may have
Most likely, Johnny Spammer monitoring this list will just add a FAKE
header to take advantage of such a rule.
Matt Kettler wrote:
> Matus UHLAR - fantomas wrote:
>
>> On 13.07.07 17:04, arni wrote:
>>
>>
>>> From large providers i sometimes recieve messages through encrypted
>>> smtp,
Marc, how do you arrive at your list, through user submission or your own
observation? I notice the list is mostly void of any .EDU organizations.
As you probably know, .EDU domain registration is restricted to only those
meeting certain criteria and must go through EduCause -- see
http://www.edu
Marc, please don't mis-read. Honestly, it was a simple question. Is
the list from your own observation, or from user submissions? It's that
simple. The rest is just why it may not work for us in it's present form!
Marc Perkel wrote:
>
>
> Dave Koontz wrote:
>&
For what it's worth, a solution to any new flood or tactic is most
welcome IMO. In Dallas' defense here... Just as it takes time for the
spammers to develop and adapt new tactics, so too does it take time to
create counter-measures. The counter measures are often a work in
progress until there i
Eagerly awaiting your latest treat! ;-)
Dallas Engelken wrote:
>
> The cats out of the bag now! :)
>
> More details on this will be made available later today hopefully.
>
jdow wrote:
>>
>> Should we arm them with a RFC-2321 compatible RITA, and a confident
>> demeanor?
>
> Sic the RIAA lawyers on them.
>
Since Microsoft recently claimed ALL open-source or free applications
violated 250+ patents they own, maybe we can all sue M$ for BotNets???
Isn't that FREE softw
This anti-spam DDoS is being reported on SANS as well... Seems SpamHaus
is also getting slammed.
http://isc.sans.org/diary.html?storyid=2940
Wish we could find the bot master and turn the DNS pointers back to them.
Gene Heskett wrote:
> On Thursday 07 June 2007, Chris Santerre wrote:
>
>>> ---
Oddly enough, I did have a similar problem when I first upgraded to v3.18.
What I was noticing was a permissions failing message at the end of the
expirary cycle. Same thing with a sa-learn --force sync. I went back to
3.17 and everything worked as expected. My second upgrade to v3.18 failed
the
Hi Richard. This really is not a spam assassin question. However, You can
check mail server IP against blacklists yourself with DNSSTUFF (link to two
of your IPs below). Notice that you don't have a proper PTR record that
could cause email to be blocked by some sites. (AOL for just one example)
:
> Dave Koontz wrote:
>
>> I am sure this has been asked numerous times before, but what is the logic
>> in having auto expiry on the bayes DB, and not seen? Seems that once tokens
>> have been removed from the DB there is little to no use for 'unlearning' any
>
I am sure this has been asked numerous times before, but what is the logic
in having auto expiry on the bayes DB, and not seen? Seems that once tokens
have been removed from the DB there is little to no use for 'unlearning' any
associated messages. Besides on a busy system, this seen file gets la
First off, it looks like you are sending a copy of a web page as your
message body and not a real newsletter.
If you want help, I would suggest that you send your sample message as an
attachment and not inline like you have done here. In this way, the orginal
email message including all headers
Same here. I've been very impressed with this ruleset so far.
-Original Message-
From: Andy Figueroa [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 27, 2007 9:23 AM
To: users@spamassassin.apache.org
Subject: Re: Drug spam, some caught some not - none caught by drug rules
Ben, or o
-Original Message-
From: Alex Woick [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 20, 2007 12:24 PM
To: Matt Kettler
Cc: Andy Figueroa; users@spamassassin.apache.org
Subject: Re: use or not use awl
Matt Kettler wrote:
> That said, I think the AWL is a great idea, but not ready for
IMO, all AWL needs is an auto expiry systems like bayes has.
For us as a College, AWL makes a HUGE difference when students submit their
thesis, term papers, etc. which at times may be on sexual debauchery, KP,
internet scams etc. With AWL, it sees that all previous messages from this
individaul
Just a wild stab here, run a lint check on all your rules. I once fat
fingered a rule in my local.cf file and got similar hit results as you are
describing here.
-Original Message-
From: Daniel Staal [mailto:[EMAIL PROTECTED]
Sent: Friday, January 12, 2007 9:05 PM
To: Users-Spamassassin
Is the PBL (codes 10 & 11) stable enough to run in production? I notice
these are not in the current SA rulesets
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
Sent: Monday, January 08, 2007 2:49 PM
To: users@spamassassin.apache.org
Subject: Re: xbl.spamhaus.org
I am sure this is a long shot, but has anyone created a Win32 porting of
this along with the necessary OCR utilities?
-Original Message-
From: decoder [mailto:[EMAIL PROTECTED]
Sent: Sunday, January 07, 2007 9:17 AM
To: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: FuzzyOcr
Personally, I think the AWL function is poorly named as it really does not
reflect what it is or does. I suspect this name leads to much confusion for
most new users and/or those that do not work closely with SA consistently. I
know when I first started using SA, it confused me in the beginning. Ma
John is absolutely correct here. Just be careful to ensure proper checking
of the 2nd octect of the 172.x.x.x space, and ensure that it is in the 16-31
range. Otherwise you will be bypassing a very large chunk of AOL.com
address space without checks.
-Original Message-
From: John D. Har
I guess milage varies. Auto-Learn has been a life saver for us and has
drastically reduced false postives we used to get with emails to our
College's Health Care & Research departments. We pass all local user email
through SA as well, so this really helps the system learn what is 'good'
email.
Perhaps it could be as simple as only updating existing rules for your
installation? In other words, you would have to download the CF file and
install it first (but you would do this anyways to test!!!). Then sa-update
could simply parse your rules directory and update rules found there
accordin
Many Thanks Dallas, this plugin Rocks! It's amazing how many image only
spams this baby has flagged in the short time I've been running it.
-Original Message-
From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 03, 2006 4:14 PM
To: dev@spamassassin.apache.org
Cc: u
John, if you have absolute authority to your network and what format your
users can receive/send email, then you may want to look at the 'DEMIME'
project. Perhaps you can use it to convert all user email to plain text and
remove any and all attachments as a part of your filtering. I use this to
John D. Hardin Wrote:
>"inline" is an HTML-format email with text and images interspersed.
>When the message is rendered the images will be embedded in the message
body text.
>
>"attached" is the images attached like any other type of file.
>
>I have had exactly one instance to use inline images
59 matches
Mail list logo
