I also block all top, win, science and some other spammy TLDs that
provide free one day trial registrations. All such mail goes to a
folder that I review periodically and so far, I have not seen any
false positives.
I also have an imperfect perl script that determines age of a domain,
and flags a
On Sat, Nov 22, 2014 at 07:16:38PM -0800, John Hardin wrote:
> On Sat, 22 Nov 2014, Igor Chudov wrote:
>
> >I receive spam emails that contain extremely long URLs, about 2,400
> >characters. I wanted to know if spamassassin has a rule that I can
> >turn on to flag such URL
I receive spam emails that contain extremely long URLs, about 2,400
characters. I wanted to know if spamassassin has a rule that I can
turn on to flag such URLs. I do not think that I ever receive
legitimate emails with URLs that long.
i
I have a special perl script, that I wrote, that scans emails, makes a
WHOIS query via a perl WHOIS module, and looks at the creation date.
It then flags all messages that are emailed from domains less than a
week old. The reason for this is that spammers register throwaway
domains, spam from the
Hello, how can I enable thos DOB URIBL? I have spamassassin --version
SpamAssassin version 3.4.0 running on Perl version 5.14.2. It does
not seem to trigger. Thanks
On Mon, Nov 10, 2014 at 06:49:38PM -0800, John Hardin wrote:
> On Mon, 10 Nov 2014, Igor Chudov wrote:
>
> >They
I am receiving a torrent of spam coming from dot-eu and dot-link
domains.
Those spams have perfectly correct mail settings, such as resolvable
nameserver names, SPF, seem to all match.
They also are all based on domains less than one day old.
I deal with them in a custom way, and block any emai
On Sat, Nov 10, 2012 at 08:47:57AM +0300, Jonathan Nichols wrote:
> >
> > So, why is it triggering URIBL_BLACK and URIBL_DBL_SPAM etc now, but
> > not when I received the original spam?
> >
> > Or was the database updated with those
> > URLs after I received that particular spam?
> > i
>
> It i
I receive a lot of spams similar to this one:
http://igor.chudov.com/tmp/spam014.txt
It is a spam, however it has a low score and hit my mailbox.
When I reran spamassassin -D on this message, it was flagged as spam
and I get the following:
http://igor.chudov.com/tmp/spam014.trace.txt
The diff
t;
> It scores 5.7 and should be blocked.
>
> Igor, what's the threshold of your SA installation?
>
> Alex, from prypiat.
> Yes, I recycle.
>
>
> On 12-10-17 01:44 PM, John Hardin wrote:
> > On Wed, 17 Oct 2012, Igor Chudov wrote:
> >
> >>
Sorry, I fixed it.
On Wed, Oct 17, 2012 at 06:39:21PM +0100, John ffitch wrote:
> cannot read...
>
> Forbidden
>
> You don't have permission to access /tmp/spam013.txt on this server.
> Apache/2.2.14 (Ubuntu) Server at igor.chudov.com Port 80
>
>
> On Wed
I receive a variety of spams with the From: field containing a
business solicitation in the name tag. They seem to have quite a bit
in common and I wonder why my SA does not catch them.
Here's the spam message: http://igor.chudov.com/tmp/spam013.txt
Here are my results of running spamassassin:
h
ontains a single line and from that IP block, then junk it. You'll
> need to test and make sure it doesn't have much FP.
It comes from gmail too, and I am sure from many originating
IPs. GMail does not report originating IP.
i
>
> --Original Message--
> Fr
I receive plenty of one-liner spams from hacked webmail accounts,
advertising various fronts of a Chinese retailer of a certain famous
chemical compound that enables sinful behaviors for people who were
not capable physically.
Example of such an email is here:
http://igor.chudov.com/tmp/spam012.t
I receive a large number of spams from network IPs belonging to
SharkTech, 70.39.69.99 or so and so on.
They advertise romantic encounters with people born prior to 50 years
ago, small increment auxions, ability to borrow money using house as
collateral, and other scams. Examples are here:
http:/
This is a very funny spam, takes the title of "dumbest spam of Feb 2010".
http://igor.chudov.com/tmp/spam010.txt
The person who sent it, probably thinks that he is the best phister in
the world.
i
On Mon, Aug 24, 2009 at 12:54:08PM -0700, Evan Platt wrote:
> At 12:48 PM 8/24/2009, you wrote:
>> Lately I have been receiving quite a bit of spams that promote films
>> of the most indecent kind, involving persons of minor age. Examples
>> are here:
>>
>> http://igor.chudov.com/tmp/spam009.tx
Lately I have been receiving quite a bit of spams that promote films
of the most indecent kind, involving persons of minor age. Examples
are here:
http://igor.chudov.com/tmp/spam009.txt
By looking at those messages, I would expect them to score higher on
the spamminess scale. Would anyone com
Just today a buyer reported that my reply to him ended up in his spam
folder. Concerned by this, I sent an email to my Yahoo! account and
that one disappeared somewhere. The one I sent to gmail, however, got
there quickly. I may be overreacting and, perhaps, it is a coincidence
that Yahoo just happ
I have a few computers that I can volunteer for checking spam rules.
i
> SARE had a nice system where you could submit a rule via email and got
> the masscheck results via email. Sadly all the boxes which did this are
> dead. I wonder if the SA masscheckers could be taught to do something
>
On Sat, Apr 25, 2009 at 11:06:47PM +0100, Ned Slider wrote:
> John Hardin wrote:
>> On Fri, 24 Apr 2009, LuKreme wrote:
>>
>>> On 24-Apr-2009, at 10:41, Igor Chudov wrote:
>>>
>>>> I get a shipload of spams like this one:
>>>>
>>>
On Sat, Apr 25, 2009 at 02:09:05PM -0700, John Hardin wrote:
> On Sat, 25 Apr 2009, Gary Forrest wrote:
>
>> We are receiving the same image spam many times, random text within the
>> body.
>
> FuzzyOCR. It seems Spammers are trying image spam again, after giving up
> on it for a year or so.
>
Maybe I can clarify how these phishes work. A phisher would send
emails to a large number of people saying, literally, "I am your
email administrator, your account is to be suspended, please send me
your username and password".
Any cursory examinationof these letters would make it obvious that
th
n Fri, Apr 24, 2009 at 10:52:30PM +0200, Stefan Luetje wrote:
> Am 24. Apr 2009 um 22:12 CEST schrieb Igor Chudov:
> > I get plenty of these also, and cannot get them to score well.
> >
> > These advertise knockoffs of bestselling Pfizer products. The text is
> > meaning
On Fri, Apr 24, 2009 at 01:31:37PM -0700, John Hardin wrote:
> On Fri, 24 Apr 2009, Igor Chudov wrote:
>
>> I get plenty of these also, and cannot get them to score well.
>>
>> http://igor.chudov.com/tmp/spam008.txt
>>
>> Any ides what I can do?
>
>
I get plenty of these also, and cannot get them to score well.
These advertise knockoffs of bestselling Pfizer products. The text is
meaningless garbage text. The sales message is contained in a PNG
image, but it could be other image types like jpeg.
http://igor.chudov.com/tmp/spam008.tx
On Fri, Apr 24, 2009 at 11:41:31AM -0500, Igor Chudov wrote:
> I get a shipload of spams like this one:
>
> http://igor.chudov.com/tmp/spam007.txt
By the way, look at these spams. The afiliate URL is mentioned once or
twice, and then the "remove" URL. The remove URL is
I get a shipload of spams like this one:
http://igor.chudov.com/tmp/spam007.txt
These advertise certain berries, but also other equally worthless
gimmicks. These spammers started "snowshoeing" but as time went on,
predictably they became more brazen.
I have the latest ubuntu 9.04 and I was hopi
http://igor.chudov.com/tmp/spam006.txt
Not sure what will follow, maybe asking $250 processing fee or
something. Obviously I am not in the mood to write to this guy.
http://igor.chudov.com/tmp/spam005.txt
I get a lot of these, all seemingly sent by the same software and the
same person, any way of filtering them out?
i
example is here
http://igor.chudov.com/tmp/spam004.txt
I get a lot of these, always for different companies, but obviously
emailed by one spammer.
I am on Ubuntu 8.04 using their stock spamassassin.
Are there some rulesets that I am missing?
i
On Fri, Apr 11, 2008 at 02:10:41PM -0400, Rick Macdougall wrote:
> Josie Walls wrote:
>> Hello,
>>
>> Would this group agree that requiring 5 hits in order to classify an email
>> as spam is too conservative a number?
>>
>> I suspect ISPs have their filter settings at 3 or less.
>>
>> Any insight w
I moved from Fedora to Ubuntu Gutsy and am sorting through issues.
Here are both the spam message (at bottom of the web page) as well as
output of SA.
The message is obviously junk about the usual counterfeit mechandise
tat is being peddled everywhere.
http://igor.chudov.com/tmp/spam003.txt
A while ago I asked what was the scam about those "I am a boored
grrl, pleas write me".
I have finally found the answer.
http://ikillspammers.blogspot.com/
The answer is that they get men to talk to them and then start
concocting various stories about how they were beaten up, raped
anally, and
I strongly recommend to block Habeas entirely.
They are a yet another garbage email company.
i
On Tue, Feb 26, 2008 at 03:10:54PM +, Anthony Peacock wrote:
> Hi,
>
> Following up to myself...
>
> Anthony Peacock wrote:
>> Hi Justin,
>>
>> Justin Mason wrote:
>>> Jason Haar writes:
Antho
If I recall correctly...
This Habeas is some sort of a braindead business idea to insert an
unauthenticated header in bodies of "legitimate" emails coming from
their customers, to assure spam filters that the email is legitimate.
Kind of like SPF, but implemented by third graders with multiple
l
I get a lot of spams where I am being "offered" a lucrative occupation
that involves transferring finanscial assets from one place to
another. It is clearly a scam, however, I am now sure what. Are these
for thieves who are moving stolen money to their real accounts, using
victims as decoys (maybe
On Tue, Nov 06, 2007 at 11:51:09AM -0500, Theo Van Dinter wrote:
> On Tue, Nov 06, 2007 at 10:46:39AM -0600, Igor Chudov wrote:
> > I whitelisted some friends, but, to my shock, whitelist ADDS to a
> > score, I thought it should subtract it? It adds 5 to my scores. What's
>
I whitelisted some friends, but, to my shock, whitelist ADDS to a
score, I thought it should subtract it? It adds 5 to my scores. What's
wrong?
i
I was looking at this article
http://en.wikipedia.org/wiki/E-mail_spam
It claims that "only five countries are hosting 99.68% of the global
spammer websites", of which the foremost is China, hosting 73.58% of
all web sites referenced within spam.[30]
I already refuse all email coming from Chin
I receive a lot of emails from "The IT JobBoard" or "JobsInThe City",
see example at
http://igor.chudov.com/tmp/spam002.txt
They look like outright spams to me, by looking at the way they are
relayed. I tried unsubscribing, which did not help very much.
Are there any more info on those scu
I have my own add-on filter that looks for patterns (perl regexps) in
the entire email, if it finds such patterns, the messages go to a
certain junk folder that I review periodically. That's exactly where
this discussion is. I simply added word "Robert" followed by "Sexton"
to that filter.
Works g
[This message has also been posted to comp.mail.sendmail.]
My mailserver gets a lot of errors reported such as:
Oct 1 11:49:36 ak74 sendmail[31464]: l91Gnatt031464: nat.incompany.ru
[83.167.0.4] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 1 11:49:37 ak74 sendmail[31460]: l91G
Read this jaw dropping article about how someone "patented" what has
been done by procmail for many, many years.
http://informationweek.com/news/showArticle.jhtml?articleID=201802746
``The method and system detailed in the patent describes a way "for
automatically interpreting an electronic messa
I am considering a local deal related to hosting by Comcast cable
(8mbps down, 1 mbps up).
I am concerned, however, with me sending email and being on comcast IP
range, due to bad rap that Comcast has due to spamming by Comcast
hosted zombies.
Do you think that my mailserver will have issues if
I am getting stock spams in zip files.
They are a variation of stock spams, are there any rules for them that
I need to know about?
Some time ago, I used to junk all zip files from procmail. I would
like to know how can I write a spamassassin rule to assign a score to
just having a zip attachmen
On Tue, Jul 31, 2007 at 10:03:30AM +0200, Rocco Scappatura wrote:
> It is possible to block the spam sent by GreetingCards.com which invites
> the receiver to access an URL and browse the ecard?
>
> I mean that spam which has subject similar to:
>
> You've received a greeting ecard from a Colleag
I am receiving a lot of spams from "bored girls", that ask me to email
to some .info email addresses. Just curious what these spams are
promoting, what is the scam behind them?
i
Can I somehow specify an include directive in my user_prefs file, such
as "include my_friends.cf"?
i
I have to respectfully disagree with those who say that whitelisting
my friends is a bad idea.
I do realize that spammers use everyone's addresses -- as they are
using mine -- as fake return addresses, just as often as they would
use any other address.
But the chances of them accidentally using
I have several mail folders (linux mailbox files) that are a good
source of whitelist information. For example, I am sure that all To:
addresses in my sent folder, and all From: addresses in my friends or
ebay folder, are good.
So what I would like to do is to generate a file with a list of
addre
#!/bin/bash
PM=`perl -MConfig -e 'print
"$Config{installsitelib}"'`/Mail/SpamAssassin/Plugin/PDFInfo.pm
CF=/etc/mail/spamassassin/PDFInfo.cf
cp $PM $PM.bak || exit 1 # Probably I am not root...
cp $CF $CF.bak || exit 1 # same
echo Downloading, veryfying perl module and size of config file...
On Wed, Jul 18, 2007 at 01:17:45PM -0400, Theo Van Dinter wrote:
> On Wed, Jul 18, 2007 at 10:22:49AM -0500, Igor Chudov wrote:
> > I would like to disable Bayes analysis entirely if an email has a PDF
> > attachment.
> >
> > How can I do it?
>
> You could
I would like to disable Bayes analysis entirely if an email has a PDF
attachment.
How can I do it?
i
Ken, I just downloaded clamav, it seems to be a file scanning tool?
How do you use it from procmail? Thanks a lot!
i
I am receiving a huge amount of these spams:
http://igor.chudov.com/tmp/postcard-spam.txt
Just how much I got is totally incredible. I am afraid that the reason
for the sheer quantity is that I actually did check out the
website. (I assume a hacked computer)
I knew full well that it was a bad si
I do it fully separately from spamassassin.
I have a list of patterns in a file that are matched by saying
m/\b$pattern\b/. (\b means word boundary). If I get more than one or
two spams advertising a particular stock, I put that stock name in the
pattern list.
All messages mentioning those spam
On Thu, Feb 22, 2007 at 10:07:31PM -0500, David Goldsmith wrote:
> Hash: SHA1
>
> Igor Chudov wrote:
> > Example is here
> >
> > http://igor.chudov.com/tmp/spam001.txt
> >
> > They go past spamassassin. I use latest sare rules, run rules du jour
> &
Example is here
http://igor.chudov.com/tmp/spam001.txt
They go past spamassassin. I use latest sare rules, run rules du jour
nightly etc.
I catch them after spamassassin, using my own filter, using regex
edrx\s*\.com\b
I wonder why spamassassin cannot identify them.
i
I am getting such an incredible number of these spams that it boggles
my mind. I simply placed the stock ticker in my custom blocklist.
i
On Sat, Nov 25, 2006 at 04:20:10PM +0530, Rajkumar S wrote:
> Hi,
>
> I am using the latest SARE stocks rules, and my spamassassin catches
> most of the stoc
Just as a side note, I recently changed the way SA runs for me. It
runs sitewide for all users except me, and I run it locally as
myself. That is beside the point but I want to thank others for
suggestions.
I run rules_du_jour every night and get SARE rules.
Despite that, I receive a lot of "ge
I am running FC5, spamassassin 3.1.4 installed via cpan (ie not the
stock RPM).
I get these errors and I am a little tired of them.
Sep 12 16:07:47 manifold spamd[4270]: spamd: still running as root: user not
specified with -u, not found, or set to root, falling back to nobody at
/usr/bin/spam
On Sun, Jul 23, 2006 at 03:33:03PM -0500, Igor Chudov wrote:
> I started receiving a lot of spam in my mailbox. That spam regards one
> of the most frequently spammed mede cations, with its name somewhat
> misspelled in the Subject:. I am afraid that perhaps some of my rules
> sto
I started receiving a lot of spam in my mailbox. That spam regards one
of the most frequently spammed mede cations, with its name somewhat
misspelled in the Subject:. I am afraid that perhaps some of my rules
stopped working (like network identification of open spam relays).
It is strange. Anyone
I started getting the following errors:
> This is a multi-part message in MIME format.
>
> =_446A379E.0A06CBBE
> Content-Type: text/plain
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
>
> (no report template found)
that is on spams where spamassassin tries to encl
I have a sitewide config where I run spamc from /etc/procmailrc.
Since some of my users want to disable spamassassin, I edited their
file ~/.spamassassin/user_prefs and set required_hits to a high
value.
That does not seem to have any effect!
Some settings:
###ls -ld ~assgm; ls -ld ~assgm/.sp
On Tue, May 02, 2006 at 01:39:26PM -0700, List Mail User wrote:
> >...
> >For the last week, I feel like I should receive a paycheck from Geocities!
> >All I've been doing is submitting damn redirect web pages. I even did some
> >testing and found some sites listed in NANAS as far back as 5 days th
On Tue, May 02, 2006 at 02:29:09PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > On Tue, May 02, 2006 at 02:08:23PM -0400, Matt Kettler wrote:
> >> It looks like tinyurl is now being abused by spammers the same way
> >> geocities
> >> was. I just got a
On Tue, May 02, 2006 at 02:08:23PM -0400, Matt Kettler wrote:
> It looks like tinyurl is now being abused by spammers the same way geocities
> was. I just got a porn spam using it.
Hm, is geocities no longer abused by spammers? Have they done anything
about it?
o
On Mon, May 01, 2006 at 08:55:17AM +0100, Graham Murray wrote:
> "Dallas L. Engelken" <[EMAIL PROTECTED]> writes:
>
> > skip SA on newsgroup mail (or whitelist_from_rcvd)... if the reason for
> > running newsgroup mail through SA is because your newsgroups get
> > spammed, then you have a bigger
A few of my clients are moderated newsgroups that have graphic posts
describing certain sexual perversions. They receive posts via email
and approve/reject them.
Their posts trip spamassassin sometimes, understandably, they talk
about big reproducting o rgans, arouzal, etc.
So... What can I do,
Here's something that I do not understand. What is the point of
spamming people repeatedly not once, twice, or even 10 times, but
hundreds of times. If I wanted to procure pils, or pgrn, or whatever,
I would have done it on the first 10 spams. After 100 or so spams,
what is the benefit of sending m
I upgraded and installed a lot of SA rules. (although I suspect that
bayes still is not working for some reason. more later)
I have a lot of unix mail folders with ham (personal messages,
business messages, some mailing list stuff, etc).
I would like to somehow test run spamassassin on thsm and
On Thu, Apr 27, 2006 at 09:58:40AM -0400, Matt Kettler wrote:
> Ronald I. Nutter wrote:
> > I have added most of the rule sets from rulesemporium.com as well as
> > adding several of my own. I update the rules from sare about once a
> > month.
> You mentioned having most of the rulesemporium.co
On Tue, Apr 25, 2006 at 10:59:07AM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > Spamd outputs the following into syslog:
> >
> > Apr 25 09:42:30 ak74 spamd[1703]: spamd: connection from
> > localhost.localdomain [127.0.0.1] at port 60902
> > Apr 25
Spamd outputs the following into syslog:
Apr 25 09:42:30 ak74 spamd[1703]: spamd: connection from localhost.localdomain
[127.0.0.1] at port 60902
Apr 25 09:42:30 ak74 spamd[1703]: spamd: processing message <[EMAIL PROTECTED]>
for root:500
Apr 25 09:42:30 ak74 spamd[1703]: spamd: clean message (-
Doing some housecleaning...
I am running spamd as root, at which point it reverts to 'nobody'.
It then proceeds to complain, understandably, that it does not have
permission to write to users' directories.
Apr 24 23:56:57 manifold spamd[21442]: spamd: still running as root:
user not specified
On Mon, Apr 24, 2006 at 04:57:20PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
>
> > Yes, I did HUP spamc and I see that it works. Thank you Matt! I am
> > very happy, now I can start banning countries.
>
> Fair enough.. Just remember to unsubscribe yourself from glob
On Mon, Apr 24, 2006 at 04:46:40PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > On Mon, Apr 24, 2006 at 04:38:38PM -0400, Matt Kettler wrote:
> >> Igor Chudov wrote:
> >>> I have this statement in init.pre
> >>>
> >>> add_header all Rela
On Mon, Apr 24, 2006 at 04:38:38PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > I have this statement in init.pre
> >
> > add_header all Relay-Country _RELAYCOUNTRY_
>
> *sigh*.. that should be in your local.cf
>
> Put the loadplugin statements in your
On Mon, Apr 24, 2006 at 07:41:15PM +0200, Andrzej Adam Filip wrote:
> Igor Chudov <[EMAIL PROTECTED]> writes:
>
> > I use Spamassassin 3.1.1, and specified the following in my local.cf:
> >
> > loadplugin Mail::SpamAssassin::Plugin::RelayCountry
> > add_hea
On Mon, Apr 24, 2006 at 02:07:16PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > On Mon, Apr 24, 2006 at 01:41:47PM -0400, Matt Kettler wrote:
> >> Igor Chudov wrote:
> >>> I use Spamassassin 3.1.1, and specified the following in my local.cf:
> >>&g
On Mon, Apr 24, 2006 at 01:41:47PM -0400, Matt Kettler wrote:
> Igor Chudov wrote:
> > I use Spamassassin 3.1.1, and specified the following in my local.cf:
> >
> > loadplugin Mail::SpamAssassin::Plugin::RelayCountry
>
> First: DO NOT put ANY loadplugin statemen
I use Spamassassin 3.1.1, and specified the following in my local.cf:
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
add_header all Relay-Country _RELAYCOUNTRY_
When I run spamassassin from command line, it does set the
Spam-Relay-Country header, BUT its value is always
empty.
I do have
83 matches
Mail list logo
