rked as planned. If
this is something no one else has thought of before, then obviously
document it for science so it may save other people's lives. :)
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
http://lists.surbl.org/pipermail/announce/2013-May/000209.html
Date: Wed, 1 May 2013 05:54:48 -0700
To: SURBL Announce
Subject: [SURBL-Announce] MW malware sublist added to multi, replaces OB
As announced last October, malware data has been moved from PH
to a new list MW, taking the bit of O
On Thursday, December 1, 2011, 10:11:35 AM, Darxus Darxus wrote:
> On 12/01, Jeff Chan wrote:
>> Also keep in mind that PH has a generally low score even for net
>> + bayes since it doesn't hit a large portion of spam in the SA
>> corpus.
> No. Scores are not d
es it does hit are
generally going to be phishing or malware, so IMO it should have
a much higher score. Unless people want to get phishing and
malware
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
do things.
See:
http://www.surbl.org/surbl-nameserver-setup
and:
http://www.surbl.org/links#mirrors
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
scribe
3. What went wrong
etc.
So at least there is a responsible party to hopefully act on
unsubscriptions, fire the spammy marketer, etc. It's sort of a
degenerate case of the degenerate case of email addresses going
to to a third party, except it's the same party.
Spam is easy.
ould then be discarded.
Both seem reasonable approaches.
Those degenerate cases of both are indeed interesting.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
ople don't want the stuff bots send.
The issue is complex, and there are many deliverability, security
and anti-spam companies and organizations that struggle with these
issues every day. Maintaining accurate ham and spam corpora and
making policies for what belongs in which category is trivia
> http://www.telegraph.co.uk/news/worldnews/europe/russia/8090100/Spam-falls-by-a-fifth-after-Russian-operation-shut-down.html
Rustock is spamming again:
http://www.spamcop.net/spamgraph.shtml?spamweek
http://cbl.abuseat.org/totalflow.html
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
our rbldnsd an BIND configs for the zone and
spamassassin rule, and we will check them.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
wrongly flagging legitimate email if you make IP queries to the DBL.
> **
> Also check out the announcement at
> http://www.spamhaus.org/news.lasso?article=655 which goes into further
> detail on this new list.
Please also see this bugzilla:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6335
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
ably useful and
> actively maintained spamassassin rulesets that publish an sa-update channel?
> - Marc
As I understand it, as soon as rules are published, some of the
senders of unsolicited messages immediately change their behavior
to defeat or bypass the rules, so publishing them is som
hard to get tinyurl.com to generate a link for some known
> spam URLs. I suspect they are indeed doing SURBL lookups. Hope I didn't
> end up blacklisting myself :-}
Yes, tinyurl and several other URL shortening services use SURBL
data to fight abuse of their services:
http://www.sur
On Wednesday, May 27, 2009, 1:39:11 AM, Justin Mason wrote:
> Yes. it immediately exposes a backchannel from the spam to the spammer,
> thereby enabling a number of interesting security holes.
> --j.
Yes, it's impractical for some of the reasons Rob mentions, and
it would also allow any of the f
robably catchable by body text and/or header patterns.
Could make a good new rule as suggested in the "Code Rot" thread.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
tch them with phrase rules. Any thoughts?
If the phishes are claiming to come from your own domain, then
use SPF or DKIM on your real outbound mail. Then any message
claiming to be from your domain that doesn't match the SPF record
or DKIM key can be considered a forgery and handled
appropriately.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
On 3/1/09, Jeff Chan wrote:
> For historical reasons, the SURBL public nameservers were serving
> individual lists ab, sc, ob and ws in addition to multi. However
> these individual lists have all been deprecated in favor of multi for
> several years since multi contains all lis
he data are relatively static,
i.e., not updated very often, then this could generate a lot of
arguably unnecessary DNS traffic.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
#x27;t think
this represents a SMTP conversation, it was DAV.
Given the SExchange borkeness, it's entirely appropriate that SA would
penalize the score of these emails. Not because blackberry.com is doing
something wrong (because it doesn't appear to be), but because this
spec
riminal ISPs and registrars need to do much more to stop
abuse of their services and networks.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
rs set that field deceptively or incorrectly some
of the time or don't set it at all other times, so that an
attempt to automatically detect the character set is useful in
some cases? This is just a guess on my part however.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
ked.
Cheers,
Jeff C.
P.S. Gotta tell Joe about the reference. :)
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
ld need to make
changes to use multi.surbl.org, namedly to upgrade to
SpamAssassin 3
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
nstallations of version 2.6. They
should almost certainly upgrade to something more recent.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
For historical reasons, the SURBL public nameservers were serving
individual lists ab, sc, ob and ws in addition to multi. However
these individual lists have all been deprecated in favor of multi for
several years since multi contains all lists. Traffic for the
individual lists is relatively ver
NS
> server. If there are a reasonable amount of duplicate queries then this
> could help performance substantially.
Another solution is to use a nameservice that doesn't change
DNSBL results. One such service is:
http://www.opendns.com/
See:
http://www.surbl.org/faq.html#dnspr
On Wednesday, November 12, 2008, 3:15:26 AM, Henrik K wrote:
> On Tue, Nov 11, 2008 at 04:33:50PM -0800, Jeff Chan wrote:
>>
>> Hi Micah,
>> Thanks very much for the feedback. Does anyone know how many
>> non-profits have more than 1,000 users (i.e., users with
>
On Wednesday, November 12, 2008, 10:55:52 AM, Larry Rosenbaum wrote:
> Where is the price list? I haven't been able to find it.
Hi Larry,
The pricing calculator is the first step of the data feed form:
http://www.surbl.org/datafeed/
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECT
result.
>>
>>Sorry Jeff, but this is much too expensive for us and many others I
>>suspect.
> "or processing fewer than 250,000 messages per day"
> Wouldn't that cover most not for profit organisations?
> Peter
We deliberately chose 1,000 users an
On Tuesday, November 11, 2008, 4:58:01 PM, Dave Koontz wrote:
> Jeff Chan wrote ... (11/11/2008 7:33 PM):
>> Hi Micah,
>> Thanks very much for the feedback. Does anyone know how many
>> non-profits have more than 1,000 users (i.e., users with
>> mailboxes)? The non-p
On Tuesday, November 11, 2008, 8:49:44 AM, Micah Anderson wrote:
> "Jeff Chan" <[EMAIL PROTECTED]> writes:
> I think that SURBL is a valuable service, and I understand how it is
> difficult to maintain such a service without resources.
>> The funding is, by design,
les
corporation. No listing policies will change as a result of any
of these changes, however the additional resources should enable
improvements to the completeness and coverage of SURBL data.
Sincerely,
Jeff Chan
William Stearns
Joe Wein
Raymond Dijkxhoorn
Andy Warner
SURBL
http://www.sur
you
want to stop more phishing spams, consider increasing the score.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
> thx for the trouble...
Something tells me Theo may not be sharing his FPs with you
anymore. ;)
Seems you don't need them anyway
Cheers,
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
[Pardon the spam; thought this new blacklist might be worth at
least trying.]
Apparently Barracuda will be publishing a free-to-use sender
blacklist called BRBL:
http://www.barracudacentral.org/rbl
Haven't tried it myself but thought it may be of interest.
Cheers,
Jeff C.
--
Jeff
these kinds of spam:
1. Blacklist the sites
2. Make a rule with a pattern for the message text
Both can and probably should be done.
P.S. Please contact the owners of the site or their web host and
ask them to secure the server. It's probably an insecure or
sniffed password.
Jeff C
ds of spams are getting through? 419s are hard to
catch.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
URIBL_SBL checks the IP addresses of the nameservers of web sites
in the message body against the Spamhaus SBL list.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
with ESMTP
> id DBDF6E8CE; Fri, 20 Jun 2008 14:30:33 +0200 (CEST)
[...]
> http://wroteprove.com
Use SURBLs. Enable network tests:
http://www.surbl.org/faq.html#nettest
jp.surbl.org blacklisted that domain at 14:33 CEST
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
ite with porntube redirect
> scoreGMD_R_DOT_HTML 3.5
> Note: making it an uri rule doesn't hit them all.
> enjoy
It and video.exe are Storm.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
r storms in response to forged mail
> — whether deliberately targeted, as a “Joe-Job”, or as a
> side-effect attempts to evade over-simplistic sender address
> verification as seen in spam, viruses, and so on.
[...]
It helped us.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
> bigfoot. It's only personal bank account information-- why keep the
> data in-house? :-)
Presumably you mean customercenter.net, owned by Checkfree.
customercenter.com appears to be owned by domainers/squatters.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Quoting Rocco Scappatura <[EMAIL PROTECTED]>:
Maybe, now is the case to set up a copy of zone locally on my server.. I
ve about 1300K messages rejected per day!!
Yes, you should not query 1.3 million messages per day on the public
nameservers. That would be considered abusive.
Jeff C.
Quoting Rocco Scappatura <[EMAIL PROTECTED]>:
I have to
> enable only the plugin with loadPlugin.
... and it's enabled by default, so you should be all set. :)
> Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
> specify that I want to use SURBLs:
... the rules exist by de
Quoting Jeff Chan <[EMAIL PROTECTED]>:
SpamAssassin and Exim cannot work together without some other program
coordinating them. You're probably going to need to find out what that
program is in order to solve things. Any FAQs about SpamAssassin
itself may address the coordinating p
self may address the coordinating program, but only peripherally.
SpamAssassin only scores the messages. It doesn't deliver them and it
doesn't control how they're delivered based on that score.
Jeff C.
Jeff Chan wrote:
Quoting ploppy <[EMAIL PROTECTED]>:
i enabl
Quoting Rocco Scappatura <[EMAIL PROTECTED]>:
I have looked at the SURBL site. If I have well understood I have to
enable only the plugin with loadPlugin.
Then I have to use the command 'urirhssub' of the plugin URIDNSBL to
specify that I want to use SURBLs:
urirhssub URIBL_JP_SURBL multi.su
Quoting ploppy <[EMAIL PROTECTED]>:
i enabled SA on one of my accounts and since disabling, no mails for that
account are being received. i did tail -f /var/log/exim_mainlog and they are
showing as completed, but they are not being delivered. they are not even in
th mail que. i am using exim 4.
If you think blacklists should be free, then you should set up your
own, spend thousands of hours per year on it, undergo constant threats
of DDOs or worse, and listen to complaints if you dare to consider
being partially paid for your work.
Jeff C.
Quoting Sean Kennedy <[EMAIL PROTECTED]>:
Sorry for replying to my own topic, but I've figured out what's causing
it to go so slow.
It's the rules in sa-blacklist.current.uri.cf from
http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.uri.cf.
This ruleset works fine in 3.1, I
Also, the sa-blacklist inclusion policy is at:
http://www.stearns.org/sa-blacklist/README.policy
Jeff C.
Quoting Per Jessen <[EMAIL PROTECTED]>:
Matt Kettler wrote:
For some reason one of my domains has all of a sudden been listed in
the above listed db. Which is rather ironic since there are only 3
active accounts at this domain. 1 used for a couple of mailing lists,
1 - postmaster (inbound emai
Quoting giga328 <[EMAIL PROTECTED]>:
Thank you Jeff and Anthony.
If I'm right, there is big possibility for SpamAssassin to mark as spam some
email from for example doubleclick or other companies if there is
personalized URL in it because it can look like spam or even like phishing.
If I'm prot
Quoting mouss <[EMAIL PROTECTED]>:
giga328 wrote:
Hi Anthony,
I will ask people from MailScanner also but for my email system is not
possible to use MailScanner directly so I'm using spamd. My question is
about lowering chances for false positives by having safe list from
MailScanner. But sinc
Quoting David Zinder <[EMAIL PROTECTED]>:
> I think my problem is related to surbl.org, but I can't figure out how
> to reach them. list.surbl.org times out, and has for several weeks.
>
> I had been using Spamassassin 3.1.5 under RHEL 3. Works great, until
> Jan 1, 2008. I started getting false p
Quoting Justin Mason <[EMAIL PROTECTED]>:
Per Jessen writes:
Check this out
http://jessen.ch/files/spam55.txt
It's a typical spam-email with a single gif advertising drugs. The gif
is loaded from a website which is listed by uribl.com.
The emails has hrefs to the following '.com' domai
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sometimes it's temporary, sometimes it's not. Sometimes temporary
solutions remain in place for many years.
Then you're not obeying to the agreements with your registrar.
De
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
From: Jeff Chan [mailto:[EMAIL PROTECTED]
There are lots of legitimate reasons to delegate zones, for example,
migration to a new nameserver. I suggest you ask someone who runs
major nameservers. I have.
This is a temporary solution.
Quoting Jeff Chan <[EMAIL PROTECTED]>:
DNS works by delegation from parent zones to child zones.
Or more generally from one zone to another. DNS is built on
delegation. Some spammers abuse delegation in unusual ways, but not
all unusual delegation is abuse.
Jeff C.
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 26, 2008 12:23 PM
Quoting Jeff Chan <[EMAIL PROTECTED]>:
> Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
>
>> The
Quoting Jeff Chan <[EMAIL PROTECTED]>:
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
The TLD root servers delegate the control of the II level domain to the NS
servers defined at registration time. That is delegation. But from there,
warping the entire domain to different
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
The TLD root servers delegate the control of the II level domain to the NS
servers defined at registration time. That is delegation. But from there,
warping the entire domain to different NSes is not delegation.
It is delegation.
Jeff C.
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Yes, delegation is the other, more usual, way that the nameserver in
the whois and TLD root server may differ. Some spammers do make use
of a lot of delegation, more than usual and sometimes i
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
Please note that one generally can't issue a DNS request to a specific
server from SA, since its resolver engine only uses the globally-defined DNS
server(s). Thereby, in the common case I should get the NSes published by
root servers, which shoul
Quoting Matt Kettler <[EMAIL PROTECTED]>:
Matt Kettler wrote:
Giampaolo Tomassoni wrote:
It doesn't use whois *instead of* dns. It uses both and attempts even to
detect any discrepancy between their responses.
Both types of queries can cause problems.
How are these going to be different??
Quoting Matt Kettler <[EMAIL PROTECTED]>:
The only big difference I see at face value is it uses whois instead of
DNS to find the NS records.. that hardly seems efficient..
Whois is definitely the wrong protocol to use for automated testing,
especially for any high volumes. It was not desig
Quoting ram <[EMAIL PROTECTED]>:
I had read about the whois plugin into SA. But I cant seem to find it
now Can someone tell me how do I install this
I beleive that could be a very effective idea to score on domain names
who have bad registrars
Every hour hundreds of domains get registered pur
Quoting Justin Mason <[EMAIL PROTECTED]>:
the redirect detection should have no problem finding that...
And the redirected-to domain is on two SURBL blacklists, so it should
be hitting.
Jeff C.
Loren Wilton writes:
I guess btnl is no longer working. Now they are doing a redirect:
htt
Quoting Jai Gupta <[EMAIL PROTECTED]>:
My server has 8GB of ram, around 4 GB is currently used by spamassassin (too
many process of /usr/bin/perl -T /usr/local/psa/admin/sbin/spammng -c -C
--max-children=1 start).
Is this normal? Can I somehow limit the process concurrency of spamassassin
or I
Quoting Yet Another Ninja <[EMAIL PROTECTED]>:
On 1/10/2008 11:13 AM, Jeff Chan wrote:
Quoting Justin Mason <[EMAIL PROTECTED]>:
Theo Van Dinter writes:
On Wed, Jan 09, 2008 at 11:18:40PM +0100, Yet Another Ninja wrote:
util_rb_2tld googlepages.com
in local.cf will alllow bla
Quoting Yet Another Ninja <[EMAIL PROTECTED]>:
On 1/10/2008 11:13 AM, Jeff Chan wrote:
Quoting Justin Mason <[EMAIL PROTECTED]>:
Theo Van Dinter writes:
On Wed, Jan 09, 2008 at 11:18:40PM +0100, Yet Another Ninja wrote:
util_rb_2tld googlepages.com
in local.cf will alllow bla
Quoting Justin Mason <[EMAIL PROTECTED]>:
Theo Van Dinter writes:
On Wed, Jan 09, 2008 at 11:18:40PM +0100, Yet Another Ninja wrote:
> util_rb_2tld googlepages.com
>
> in local.cf will alllow black.uribl.com to match the listed googlepages
> sites
To note, what this option really does is chan
Quoting Jean-Marc Liotier <[EMAIL PROTECTED]>:
>
> I am looking for a way to weed out referrer spam from Apache logs and Awstats
> data files. I have seen some tools, but they rely on static blacklist -
> often very small ones, rarely maintained. It just occurs to me that this is
> a perfect job f
Quoting Matt Kettler <[EMAIL PROTECTED]>:
> Justin Mason wrote:
> > OK, we really need to figure out some way to kill these FAQs off. Every
> > week, someone asks a question about why SpamAssassin is killing their
> > server, and most of the time the answer is "stop using blacklist.cf and
> > blac
Quoting Matt Kettler <[EMAIL PROTECTED]>:
> [18696] dbg: config: read file /etc/mail/spamassassin/blacklist-uri.cf
> [18696] dbg: config: read file /etc/mail/spamassassin/blacklist.cf
>
> Ditch blacklist and blacklist-uri. These two are well known ways to
> kill spamassassin on all but the absolu
Quoting Joey <[EMAIL PROTECTED]>:
> I am currently running SA 3.2.3 compiled from cpan.
>
> I have a situation where CPU is just going through the roof on just a few
> messages and I really can't tell what part of SA is the slow down.
[...]
> Here is a list of files in each of my SA folders as wel
Quoting Alan Morgan <[EMAIL PROTECTED]>:
> Hi,
>
> We use SPAM Assassin in Silverpop. We have been having a tough time with
> the messages and results after running SPAM A. Can someone help? We want a
> guide of definitions.
>
> The latest we got is >> 2.2 REMOVE_BEFORE_LINK BODY: Removal
Quoting Matt Kettler <[EMAIL PROTECTED]>:
> cpayne wrote:
> > Robert Braver wrote:
> >> Hello Payne,
> >>
> >> On Wednesday, October 17, 2007, 9:08:53 PM, you wrote:
> >>
> >> c> I am getting a lot mail which I know is from a mail program use by
> >> c> spammers, called the bat.
> >>
> >>
> > Yea
Quoting "Mark Wendt (Contractor)" <[EMAIL PROTECTED]>:
> I've started seeing some spam come through that gets labeled with
> "RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/";,
> which imparts a negative score if the relay is listed in their
> db. Here at the Lab, we have an email g
Quoting Chris 'Xenon' Hanson <[EMAIL PROTECTED]>:
[...]
> X-Spam-Status: Yes, hits=4.4 required=4.0
> X-Spam-Level:
> X-Spam-Report: SA TESTS
>0.1 FORGED_RCVD_HELO Received: contains a forged HELO
>0.1 HTML_40_50 BODY: Message is 40% to 50% HTML
>0.0 HTML_MESSAGE
Quoting mouss <[EMAIL PROTECTED]>:
> If they really run a "normal" MTA, and if that is authorized by their
> ISP, then they should ask to be unlisted. (They should also get a
> meaningful reverse DNS so that they can be "identified").
> Otherwise, they should relay via their ISP...
Indeed, one o
Quoting "R.Smits" <[EMAIL PROTECTED]>:
> Jeff Chan wrote:
> > Quoting Richard Smits <[EMAIL PROTECTED]>:
> >
> >> Thanks for all the advice.. I think we will be using spamhaus. I am
> >> running a test and it blocks a lot of spam. Current
Quoting Skip <[EMAIL PROTECTED]>:
> I am not certain how anyone can claim that they have no FPs running through
> those services unless they have prior knowledge of every inbound email.
> That is impossible. My company deals with on the order of thousands of
> companies and multiple times that in
Quoting Richard Smits <[EMAIL PROTECTED]>:
> Thanks for all the advice.. I think we will be using spamhaus. I am
> running a test and it blocks a lot of spam. Currently I use the
> sbl.spamhaus and pbl.spamhaus
> Is this wise, or should I also use the xbl and switch to zen.spamhaus?
Please do
Quoting John Rudd <[EMAIL PROTECTED]>:
> R.Smits wrote:
> > Hello,
> >
> > Which spam blacklists do you use in your MTA config. (postfix)
> > smptd_client_restrictions
> >
> > Currently we only use : reject_rbl_client list.dsbl.org
> >
> > We let spamassassin fight the rest of the spam. But the lo
Quoting Kenneth Porter <[EMAIL PROTECTED]>:
> --On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni
> <[EMAIL PROTECTED]> wrote:
>
> > The only problem is that a spammer could "query" it days before it will
> > bulk send, thereby impairing the effectiveness of such approach.
> >
> >
Quoting Jonas Eckerman <[EMAIL PROTECTED]>:
> (The idea below is not mine, someone else (I'm sorry, but I
> forgot who) wrote about it here (I think) before.)
>
> Giampaolo Tomassoni wrote:
>
> > brand-new domains,
>
> Something that could work for this without the problems inherent
> in using who
Quoting Bret Miller <[EMAIL PROTECTED]>:
> Perhaps rather than arguing about whether we'd all get blocked by running
> this, it would be more productive to lobby a registrar to provide the data
> in rsynch-able form to URIBL or SURBL where DNS infrastructure could be used
> to make the data availa
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
> I think there is a lot of people in this list who runs a small business like
> mine, and who may benefit from using the URIWhois plugin with no negative
> consequences. The others, well, they have influence and resources to spend
> in a "centraliz
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
> the issue covered by the
> URIWhois plugin would be much more efficiently solved by a centralized
> solution, in which "someone" gathers registration data from registars (maybe
> even not through whois, but through direct db access) and then publi
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
> How do they "handle these domains in a centralized way"? Do they simply
> relay a whois request for not-yet-seen domains? Because in this case they
> have to tune their whois parsers a bit: dob.sibl.support-intelligence.net,
> in example, reports
Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>:
> Dears,
>
> well, I just did version 0.01 of the URIWhois plugin.
>
> Its purpose is mainly to detect some spam containing URIs to sites in
> brand-new domains, or having some conflict in whois and dns records, or
> being driven by specific dns ser
Quoting Henrik Krohns <[EMAIL PROTECTED]>:
> On Fri, Sep 07, 2007 at 10:09:27AM +1200, Jason Haar wrote:
> >
> > I knew things like this would eventually happen. Spammers basically have
> > infinite resources, they can deliver us a LOT of hurt when they wish to.
> > I can think of a lot worse thin
Quoting Rajkumar S <[EMAIL PROTECTED]>:
> Hi,
>
> Does any one seeing increasing smtp concurrency for the past couple of
> weeks? I run couple of (qmail/simscan/spamassassin) mail servers and
> all experience the same problem. The spam does not increase, but this
> is hogging my mail servers. Prob
Quoting Kelsey Forsythe <[EMAIL PROTECTED]>:
> I meant (and I just checked) 'sa_local_tests_only' is set to 0.
> But the network tests still are not implemented.
Make sure it's also not commented out. Some installations have it commented out
by default.
Jeff C.
Quoting Kelsey Forsythe <[EMAIL PROTECTED]>:
> My network tests are not implemented on my server.
> If I run spamassassin manually from command line on a message I see
> the network
> filters in play but when I examine messages that have gone through my
> Xserve no network tests
> are performed.
Quoting Jason Haar <[EMAIL PROTECTED]>:
> I've spotted the fault - they've blacklisted the *ENTIRE* ".org"
> domain!!! (I just tested some made-up .org domains - they are all on it)
>
> I'll see if I can find an email address to notify them
Arghhh, that would do it. I'm writing to Rick Wesson ab
Quoting Jason Haar <[EMAIL PROTECTED]>:
> ..that seems new. I see it's an RBL that "contains domains registered
> within the last five days".
>
> Can someone explain what that means? I guess it means "seen by DOB
> within the last five days" more than a domain that was registered within
> the last
Quoting martin f krafft <[EMAIL PROTECTED]>:
> also sprach Jeff Chan <[EMAIL PROTECTED]> [2007.08.16.1125 +0200]:
> > The two do very different things. MTA blacklists are direct
> > rejection of incoming smtp connections by the MTA (in this case
> > postfix). UR
Quoting Rick Macdougall <[EMAIL PROTECTED]>:
> Greg Skouby wrote:
> > With SA-3.2.0 I seem to be getting sub 5 second scan times pretty
> > regularly but when I upgraded to SA-3.2.3 I was lucky to get sub 10
> > second. I flipped on debugging and see a bunch of these messages:
> >
> > Thu Aug 16 1
1 - 100 of 765 matches
Mail list logo
