> -Original Message-
> >How do I tell Spamassasin to ignore the last received Header? Or are
> >there other solutions to this problem? It also happens quite often with
> >emails from cell phones (which always get the strangest dynamic IPs...).
A matter of perspective: You don't need to tel
From: Jenny Lee
> Also how ironic is it to write: users -at- spamassassin.apache.org on the
> website!!! What a confidence in a
> spam-fighting tool! Write it as users@sa, show you mean business.
Ever hear of defense in depth?
as the link text.
It's a horrible practice, IMO, since it essentially trains people to ignore
what should be a major phishing indicator, but it's also very common.
--Kelson Vibber
using. We were using MIMEDefang, and I
remember we had to do two things: set MD up to read the Sendmail macros, then
add the code to our MD filter to check for the macro before sending mail to SA.
Sorry I couldn't be of more detailed help, but this should at least point you
in the right direction.
--Kelson Vibber
Clam and decide what got
discarded, what got blocked, and what got sent along to SA. I seem to remember
it being worth it, but I just can't remember the numbers.
Kelson Vibber
TollFreeForwarding.com, Development
s SA, and
using some of the SaneSecurity signature sets to catch additional malware.
Thanks!
Kelson Vibber
TollFreeForwarding.com, Development
let backported from 3.0, and we'll be using a sitewide database (at least to
begin with).
Thanks in advance,
Kelson Vibber
TollFreeForwarding.com, Development
On Jul 5, 2010, at 6:46 AM, Marc Perkel wrote:
>
> BTW - does anyone have some big list of domain that when combined with SPF
> make a good white list?
Well, that would depend on who you and your users want mail from, wouldn't it?
On Jul 4, 2010, at 11:57 PM, Marc Perkel wrote:
> It's not even useful for white listing as spammers can set up SPF too.
That's not how whitelisting on SPF works.
You don't whitelist *solely* on the presence of SPF.
You whitelist the *combination* of a domain that you want and a positive SPF
m
On Tuesday 18 May 2010, fchan wrote:
> Note the Technical Contact name and his email address.
Oh, great, now I'm imagining lasagna made with SPAM.
--
Kelson Vibber
SpeedGate Communications,
.
Quick interim fix. In your local.cf, add this to stop the FPs.
meta __SEEK_O1OO80 (0)
Thanks - Since I couldn't remember how to disable a component of a meta
rule, I'd commented it out to start with, but of course sa-update
clobbers that. Filing away for future reference...
due to the phishing campaign that's
been targeting Twitter users over the last few weeks, faking a message
from Twitter support. I've seen several of those phish land in our own
spamtraps and abuse mailbox.
I can send a ham sample if that would help.
--
Kelson Vibber
SpeedGate Communications
To follow up, here's a message actually sent from Opera 9.5 on Windows, in
case someone wants the info for header analysis.
And yes, I've changed the signature, partly so that it won't trip the rule
in question.
--
Kelson Vibber
SpeedGate Communications
Tue, 30 Jan 2007 11:23:53 -0500
There's one critical piece of information missing: the envelope
sender (or at least the RHS of the address).
--
Kelson Vibber
SpeedGate Communications
On Dec 12, 2006, at 6:46 PM, Phil Barnett wrote:
On Tuesday 12 December 2006 07:28, JamesDR wrote:
Sounds like a good spam sign to me. Let the spammers put 0.0.0.0/0 in
their spf records, I'll pop in 3 points for good measure.
But, you are making some assumptions at this point and that is the
for the phishers by making their
own mail look suspicious, thereby training users to ignore warning signs.
My "favorite" (and I use that term loosely) is Symantec -- a computer
security company -- which sends things like upgrade offers through
bluehornet.com.
--
Kelson Vibber
I removed the example.
--
Kelson Vibber
SpeedGate Communications
o this
deliberately, hoping it will get them past filters.
--
Kelson Vibber
SpeedGate Communications,
name
* 2.5 FORGED_THEBAT_HTML The Bat! can't send HTML message only
* 1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
--
Kelson Vibber
SpeedGate Communications,
Bayes-related? Bayes looks at the entire message,
not just the sender. All I'd expect this tactic to do would be to make
future innocuous mail look more innocuous -- it shouldn't have any
significant impact on spammy mail from the same source since the content
will be different.
From what I hear a DomainKeys plugin is
in the works.
It's not that the SpamAssassin team hasn't thought of the idea, it's that they
tried it and, for the most part, it didn't work.
--
Kelson Vibber
SpeedGate Communications
e configuration you
think you are.
Double-check your config and make sure network tests really are disabled. I
added up the scores for the tests you mentioned using the 4th column (Bayes +
network both enabled) and it comes out to 2.65 - which would round to the 2.7
you're seeing.
--
(of the reports, not the messages), then they
ignored me. That's why I figured I'd see if anyone else had any ideas.
--
Kelson Vibber
SpeedGate Communications
This was sent to me off-list. It's an interesting look at the
implications of doing callbacks:
Rich Kulawiec wrote:
> If you wouldn't mind forwarding this back to the list (your message
> was forwarded to me off-list)...
>
> On Tue, Jan 18, 2005 at 09:25:18AM -0800, Kelson wrote:
>
>>Actually, I
ns zero-or-more "_"
chars -- which will match on anything.
--
Kelson Vibber
SpeedGate Communications
25 matches
Mail list logo
