no Perkel, everthing posted is not necessarily acceptable, helpful and/or
relevant.
especially when spamming the list for your tarbaby stuff, free or not.
So I must not be the only one tired of this.
Q
In addition to constantcontact, can I add the following to the list of
hosts I'd like people's input on as to whether it's spam:
- blueskycommunications.com
- pm0.net
- topica.com
IMHO, at least Constant Contact has legitimate senders. Topica is all crap
mailings.
That said, I score CC ju
All,
I am looking for a few people to test my custom rules. I'm looking for
somebody to filter through their own SA installation and then follow up by
calling spamc to connect to my spamd setup. The reason I want to be second
is so that all the obvious spam gets captured first and following
CIhost is a Web server/colo/dedicated server company in Texas IIRC.
> If they want zero admin, check Postini or MessagesLabs, I prefer ML,
Seeing we're doing a tiny bit of advertising, I'll toss in a good word
for Spamchek - they're in Switzerland: http://www.spamchek.com/.
/Per Jessen, Zürich
Stay away from Barracuda. I regretfully bought the Model 400.
Br
| Lately, I'm seeing JPG attachments that are 'crooked' (see
| http://www.espphotography.com/crookedjpg.jpg ) . These aren't hitting
| any points with FuzzyOCR.
|
| Am I missing something? Do these hit for anyone else?
You're not alone. I'm getting a Fuzzy score of 0
| So, my question is: is it possible to set Sendmail / Spam Assassin in
| order filters just the receiving emails? If so, please, tell me what
| to do. But, please, tell me like a cooking recipe, because I am not
| quite experienced with operating systems. Thanks a lot.
|
| Mario./
Call SA fr
get
| > your domain blacklisted.
|
| yep -- really, the only way to avoid RFCi listing with this trick,
| as far as I can see, is to list a genuine (but firewalled) address.
FWIW,
I use my router IP addy for the fakes.
| messju mohr wrote:
| > Hello,
| >
| > mails from our host 80.237.202.55 (ds80-237-202-55.dedicated.hosteurope.de)
| > are tagged as HELO_DYNAMIC_IPADDR. Said IP is not dynamic, it's a
| > dedicated server hosted at german ISP (Host Europe GmbH).
| >
| > How can we get our host removed from the li
http://biz.yahoo.com/iw/061020/0175176.html
TORA TECHNOLOGIES INC.
Robert E. Rook - President
Contact:
Contacts:
Tora Technologies Inc.
Robert E. Rook
President
1-866-347-5057
| >|
| >| http://finance.yahoo.com/q?s=TORA.OB
| >
| >Trading up 4.5%!
| >
| >Geez...
|
| At a rough guess that would be 'salt' money. So when someone does
| click on it/look it up they see rising stock and buy. Check it again
| in a few days.
|
| Nigel
Hey...there is money to be made!
Let's
| > Wasn't there a stock image spam with TORA.TORA or something?
|
| AH HA! It is not a url, its a stock symbol!
|
| http://finance.yahoo.com/q?s=TORA.OB
Trading up 4.5%!
Geez...
whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com
Any suggestion to spread a spamtrap e-mail address?
Plase, don't let 'em know...
giampaolo
Post in the newsgroups as well.
erver
based on my experience
even when the Primary is up and running.
a while and have found
>>themselves in spammer
>>databases.
>>Spamd runs fine on a local user account, but does not scan any aliases from
>>the /etc/aliases file.
>>Is there a way to have this done? Or is it beyond SA capabilities?
I have a similar problem. If you use Sendmail, try smf-spamd out.
Title: RE: What's the best method to use SA?
Sendmail/Procmail
/etc/procmailrc:
:0fw* < 115000* !
^(TO|Cc):.(user1noscan|user2noscan|user3noscan)* ! ^Return-Path:
\<\>* ! ^List-Id:.\* !
^Disposition-Notification-To:.*MUNGED* !
^Received:.(domain1.com|domain2.com|domain3.com)* ! ^To:.*abuse
*sigh* Assuming this really is legit... I hate it when prime phishing
targets decide to make things easier for the phishers by making their
own mail look suspicious, thereby training users to ignore warning signs.
My "favorite" (and I use that term loosely) is Symantec -- a computer
security com
Looks like they are no longer using:
Received =~ /\.bankofamerica\.com/i
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on san.MUNGED.com
X-Spam-Status: Yes, score=5.3 required=5.2 tests=DNS_FROM_RFC_WHOIS=0.879,
HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.001,
| > We're looking for a commerce antispam product.It should be high performance
| > and has the strong ability to capture spams. Could you recommend me a good
| > product about it?We are an ISP,have millions of users. (Please don't say
| > Symantec's brightmail,it's fairly good,but it's too expensi
Your MTA should be doing this job and not SA IMHO.
- Original Message -
From: "Rick Roe" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, August 30, 2006 9:41 PM
Subject: catching fake usernames?
|I get a lot of spam whose From addresses are users that don't e
s_domain :\
| nomail.rhsbl.sorbs.net/$sender_address_domain : cbl.abuseat.org :\
| list.dsbl.org : web.dnsbl.sorbs.net : socks.dnsbl.sorbs.net :\
| http.dnsbl.sorbs.net
Mark,
Since I don't use Exim, do you know how I can implement this to call from SA?
Are you guys getting hit pretty hard today? I don't have exact numbers but I
see more activity than
normal.
This is interesting.
This is a list of relays with the From field matching '@ebay.'
202.64.65.129.in-addr.arpa domain name pointer gabriel.its.calpoly.edu.
204.64.65.129.in-addr.arpa domain name pointer
email-gateway-michael.its.calpoly.edu.
10.193.98.140.in-addr.arpa domain name pointer ruebert
All,
I have been having FPs from Ebay in AU and DE, as well as [EMAIL PROTECTED]
Does anybody have a good whitelist for these?
| I am sure it has to do with the dir structure. We use oes-linux and the
| dir structure on it is /etc/mail/spamassassin. So i am asking in what
| file do i change the path from /mail/spamassassin to
| /etc/mail/spamassassin. I have searched through the 2 files (*.pm and
| *.cf and can not find i
| 2250 0733.com
| 1882 0451.com
| 89 072.com
| 62 006.com
| 58 1039.com
| 52 163.com
| 32 0668.com
| 31 004.com
| 19 126.com
| 13 mail.0451.com
|
| Panagiotis
Here are my numbers from last week:
5006 0451.com
3845 53.com
2253 0733.com
440 mail.0451.com
204 006.com
1
\| great!
|
| Is there any other way to match ascii in a base64 encoded part than by
| using a full rule with SpamAssassin?
|
| Thanks,
|
| Ken A
| Pacific.Net
|
Ditto
Brian
much about Image::info. I'm assuming we could use it to test
images with a low score
until we know more.
Do you have details?
o several of the anti-spam perl .pm files!!!)
|
LMAO!!!
That is classic!
Are you using the URIBLs? You should be doing better than that.
- Original Message -
From: "Claudia Burman" <[EMAIL PROTECTED]>
To:
Sent: Saturday, July 08, 2006 8:59 AM
Subject: percentage of spam getting through
| Hi, I'm new to the list and I guess th
iver via Maildir format. I didn't want to use
Maildrop due to all the
custom procmail rules I have. What's strange is it doesn't happen on all
emailings. From what I
can tell, only mailings sent from outlook but I'm not 100% sure about that.
Did I miss the rule that enables me to score inline gif's? I would like to
test with a low score
and go from there.
Title: RE: sudden deluge of university spams
> > There's a reason. The amount of permutations is
ridiculous. > But SARE has > > Evilnumbers which catches these. >
> Except that evilnumbers hasn't been updated in over
a year :-) > People used to post new numbers to this list for SARE to add.
by SA on
another server with the user's settings.
heir
"job".
Oh well...lesson learned.
| I pretty much at this time strictly use the Barracuda as a buffer to 'tone'
down
| traffic that would make our server drop to its knees. We are in process
| of getting a firewall in place and when that happens, the Barracuda will
| probably go bye..bye when I start building access lists.
Tha
All,
I bought a Barracuda Model 400 last October. My current setup is as follows:
Barracuda GW ---> Internal servers ---> Spamassassin server ---> Quarantine or
local delivery.
Although there was a small percentage of spam being caught by adding the
Barracuda, this was because
I added my own R
wever,
SQL databases might have to be changed to accomodate the needs to store
email.
I think this is what I was getting at early in the thread. I would think
that a 5 MB body would do better on file but I don't know enough in regards
to DBs to even make a call.
I
drives.
What do you use?
>>That would be about 500 gigs of email. Fry's Electronics has drives
that size on special for $189. So - I'd say yes, should be fairly easy to scale
up to that size and beyond.
I believe it would be approx 200 Gigs
have this question.
Would aps like Mysql and Postgres be able to handle 10,000+ users with an
average of 50 MB of email?
I really don't know.
Also, does the body just get written to a table?
Enlighten me,
Well said. Although I do use Qmail on a few servers, you hit the nail on the
head! I love my
Sendmail ;-)
I have to wonder if a spammer is testing their Zombies since all I have
received are from
Dialup/broadband customers. Could this be the rain before the flood of
spam/virus?
Is this a valid Message ID?
M
12RCVD_IN_BL_SPAMCOP_NET 44928 1.897.51 19.601.40
use Procmail? If so:
:0
* ^X-Spam-Status: Yes
* ! ^(TO|Cc):.*(abuse|postmaster)
/home/spam/
Works for me.
Here's what last week looked like:
grep 'spamd: result' /var/log/maillog.1 | wc
-l 540763
grep SARE_EN_ /var/log/maillog.1 | wc -l
6387
1.18%
This addresses allot of the
Diploma type spam.body BRIAN_PHONE_NUMBERS
/2.?0.?6.?9.?8.?4.?2.?3.?2.?7|2.?0.?6.?3.?3.?3.?0.?0.?5.?1|2.?0.?6.?9.?8.?4.?0.?1.?0.?6|3.?3.?8.?3.?5.?7.?9|2.?0.?6.?3.?3.?8.?6.?0.?6.?1|2.?0.?6.?2.?0.?2.?2.?0.?3.?3|2.?0.?6.?3.?3.?7.?1.?8.?8.?3|2.?0.?6.?3.?3.?8.?3.?5.?7
RE: Proposal: First URI black list, how about email address black
lists?>Remember we're not talking
about the From address but the address within the message that they want you to
>reply to. That
address isn't going to expire very fast because that's how the spammer gets the
money. I would say
>
RE: Proposal: First URI black list, how about email address black
lists?>Remember we're not talking
about the From address but the address within the message that they want you to
>reply to. That
address isn't going to expire very fast because that's how the spammer gets the
money. I would say
>
I agree this is a great idea. If Dallas and Chris don't desire to host the
infrastructure for
something like this, I can help out in terms of a Master or slave server.
ussion was that I need to implement
per user whitelisting.
I will be working on that this weekend.
I support URIBL 100%. In fact, if you check, you will see that I am a mirror
and have made
donations for the cause in the past ;-)
| Spamd calls it,
|
| But I have seen my monitor , on more than one occasion, with this error,
|
| swap_pager_getswapspace: failed
|
| and the worst part is I don't realize it until I hit the KVM switch , and
| actually get on the console -
|
| so can I customize spamd to a lower limit?
|
ption and I wouldn't have to micro manage these
very few cases.
Thanks again,
Thanks!
I need to investigate these further before writing them off as a FP.
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "Chris Santerre" <[EMAIL PROTECTED]>
Cc: "''" <[EMAIL PROTECTED]>;
Sent:
.
Keep in mind that the FP's are real low, I may just keep the scores as is and
deal with these
mailing lists as they pop up.
Chris and Dallas,
Thank you for pointing this out. I will convey this back to the customer.
- Original Message -
From: "Dallas L. Engelken" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 09, 2006 1:20 PM
Subject: RE: My only problem with URIBL_BLACK
| > --
unced
The threshold is 5.5
Here is from my original stats post:
1URIBL_BLACK 1633977.09 29.11 78.050.50
5URIBL_JP_SURBL 1182515.13 21.07 56.480.09
What are your thoughts guys? Lower the score for URI_BLACK and JP?
URI_BLACK
down a tad. I'll let you know.
| But.
|
| There are some spammers who run "subscribe to" mailing lists.
|
| I got spam at home the other day from ediets.co.uk, for example.
|
| I call this stuff "subscription spam" and would block most of it anyway.
|
| Cheers,
|
| Phil
Easier said than done when you have a paying cust
scoring what they score. if you trust its spam
| accuracy but not its ham accuracy, that would be the logical way to go i
| would say?
Hmm...good point.
I think I'll try that.
Bayes_0 pulling the # back down under the threshold.
I probably get a FP about once a week as somebody will opt in a mailing list
and a listed URL is in
the mailing.
When I get these complaints, I exempt the mailing list from the procmail rules
so that the mailing
list doesn't get scanned by SA.
Just my 2 cents.
| > This isn&
Mike,
Good news. I dug in deeper and found that 56536 of the 88943 were from one
server. It's a user
that fires off a batch job or something every few minutes. I have made some
adjustments and thus
this user's email will no longer be part of the stats.
- Origin
RFCI; I feed it bogusmx or DSN-violating mail whenever I can. But, the abuse
| and postmaster lists contain far too many *major* ISPs for them to be
| reliable indicators of spam.
I can't tell you how surprised I was to see this as well. It's truly a bummer.
1633977.09
| > 29.11 78.050.50
|
| Nice.
|
| How does that Queen song go?? We... are... ;)
LOL! Congrats!
Email: 561313 Autolearn: 0 AvgScore: 6.77 AvgScanTime: 2.41 sec
Spam:209359 Autolearn: 0 AvgScore: 16.99 AvgScanTime: 2.30 sec
Ham: 351954 Autolearn: 0 AvgScore: 0.70 AvgScanTime: 2.48 sec
Time Spent Running SA: 376.39 hours
Time Spent Processing Spam:
help.
- Original Message -
From:
Alejandro Lengua
To:
Cc: users@spamassassin.apache.org
Sent: Monday, May 01, 2006 4:47 PM
Subject: Re: Way OT: What do you use for
anti-virus (Linux)
Check out these guyshttp://www.centralcommand.com/their
product, V
I use MailScanner and Qmail-Scanner depending on the server.
- Original Message -
From: "John Rudd" <[EMAIL PROTECTED]>
To: "Ricardo Oliveira" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, May 01, 2006 3:33 PM
Subject: Re: Way OT: What do you use for an
Is BitDefender stable?
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: Monday, May 01, 2006 2:44 PM
Subject: RE: Way OT: What do you use for anti-virus (Linux)
| wrote:
| > I can say that the best, and most affordable, anti-virus package I
| > have e
evaluation period, I saw their prices and
I had to run from the
product.
I can say that the best, and most affordable, anti-virus package I have ever
used was RAV. Until is
was bought out by Microsoft. I have since been using ClamAV but it sure uses
allot of RAM.
What do you use?
y thousand trapped, to around 40.
|
| I'm testing out RdJ on the SARE_OBFU and SARE_URI rulesets but so far
| they aren't having any useful effect. Other suggestions?
I would make a subject ""Re: good "" rule that scores just high enough to push
it to the spam level.
!Sure, the pattern doesn't match. "." means there has to be some (any)
!character between the numbers. "984" has no characters between the
!numbers.
DOH!!!
Thanks. your right...
Guys,
Any idea how this one got through?
body BRIAN_PHONE_NUMBERS
/2.0.6.9.8.4.2.3.2.7|2.0.6.3.3.3.0.0.5.1|2.0.6.9.8.4.0.1.0.6|3.3.8.3.5.7.9|2.0.6.3.3.8.6.0.6.1|2.0.6
.2.0.2.2.0.3.3/
describe BRIAN_PHONE_NUMBERS Phone number or address pulled from spam
scoreBRIAN_PHONE_NUMBERS 5
| http://geocities.com/VickieBarrett4208
|
FWIW,
I have given geocities links a VERY high score. Just under my threshold mark.
x27;m very
disappointed I spent $4800+ on the Barracuda! I get WAY better results from
SA with SARE rules, URIBL, and Razor2.
SpamAssassin's performance without DCC, Pyzor, or Razor.
<>
It looks like Razor2 is good to go! You really want to utilize it.
Sorry all,
It didn't go through. Let me find another way to send it.
- Original Message -
From: "" <[EMAIL PROTECTED]>
To: "Craig McLean" <[EMAIL PROTECTED]>; "Randal, Phil" <[EMAIL PROTECTED]>
Cc:
Sent: Friday, March 10, 200
Here is one I have;
body only:
- Original Message -
From: Brown Lane
To: [EMAIL PROTECTED]
Sent: Monday, March 6, 2006 10:15 AM
Subject: billing
| Not seen any of these yet, any chance of some examples?
|
| C.
OMG!
What kind of server are you running this on?
- Original Message -
From: "Tracey Gates" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, March 08, 2006 10:47 AM
Subject: RE: Drug email keeps getting thru
| Here is a list of the rulesets that I'm using:
manner).
I think xbl-sbl is GREAT ! Anybody else have good results with
bogusmx.rfc-ignorant.org? FP's are my biggest worry.
HelLo -at-use! I fouNd yoUr profile in seaRch result Here. whEn I read it I
deCidEd to wriTe you and intRoduce mysElf. sO, mY
nAme iS AnAstasia. I Know tHat my letteR may get loSt among oThers that comE to
you evEry day, but It will be coOL if yoU'll write
me. If yoU really searChin
Yes,
If you use Spamcop in the RBL, don't use TOP200.
I choose not to use Spamcop for personal reasons. I do, however, trust their
top 200.
- Original Message -
From: "Joey" <[EMAIL PROTECTED]>
To: "SpamAssassin"
Sent: Wednesday, February 15,
LMAO
Sheesh!
Here is what I have:
SARE_SPAMCOP_TOP200
SARE_STOCKS
EVILNUMBERS
SARE_RANDOM
SARE_ADULT
SARE_FRAUD
SARE_SPOOF
SARE_OEM
|
| FIRST CONFIG FILE
|
| SA_DIR="/etc/mail/spamassassin"
| SA_RESTART=&qu
All,
Is anybody having any luck with the Stock spam that consists of an image and
"noise" to through off bayes?
One example is for (CIVX)
TIA,
87634 2.50 15.14 26.280.00
10UNPARSEABLE_RELAY 67142 1.92 11.60 20.145.47
Hmm...
Yep, that's loaded. I'll dig in to see what it's hitting and not hitting
Thanks,
- Original Message -
From: "Matt Kettler" <[EMAIL PROTECTED]>
To: "" <[EMAIL PROTECTED]>
Cc:
Sent: Sunday, January 22, 2006 9:02 PM
.
- Original Message -
From: "jo3" <[EMAIL PROTECTED]>
To:
Sent: Monday, January 09, 2006 12:27 PM
Subject: rules better than bayes?
| Hi,
|
| This is an observation, please take it in the spirit in which it is
| intended, it is not meant to be flame bait.
Ditto here. I'm still trying to figure out how to quarantine them.
- Original Message -
From: "Obantec Support" <[EMAIL PROTECTED]>
To:
Sent: Sunday, January 08, 2006 5:38 AM
Subject: blank emails
| Hi
|
| lately i am seeing a few blank emails either 0Kb
I remember this was brought up but forgot where this went. Does anybody have a
method to score a match on a domain that
is less than x days old?
Have you done a find for Syslog.pm ?
find /usr -name Syslog.pm
- Original Message -
From:
Jason Kratzer
To: users@spamassassin.apache.org
Sent: Monday, November 21, 2005 1:18
PM
Subject: Error when attempting to run
sa-stats
Do I need to
I am not a fan myself and do not use them. However, you should have received a
mailing to postmaster (or abuse) due to
Spamcop complaints. Did you get these?
- Original Message -
From: "Amos" <[EMAIL PROTECTED]>
To: "SpamAssassin"
Sent: Monday,
Shameless Plug #2
www.usermail.com
- Original Message -
From: "Pat Traynor" <[EMAIL PROTECTED]>
To:
Sent: Thursday, November 03, 2005 10:53 AM
Subject: Outsource my mail?
| Our primary business is website design. We also run our own web server,
| and for som
I am getting tons of Whopper vs. Pepsi (not exact but I don't want to trigger a
rule) type mailings in the subject line.
I don't mind creating a rule but wanted to know if there was one out there
somebody already put together?
Thank you,
| wrote:
| >I finally took the leap to SA 3.1 but am confused as to why the SA
| >X-Headers are prepended to the message and not appeneded like the
| >previous versions. This is causing havoc on my Blackberry. Is this
| >normal?
|
| What kind of havoc? I haven't heard o
All,
I finally took the leap to SA 3.1 but am confused as to why the SA X-Headers
are prepended to the message and not
appeneded like the previous versions. This is causing havoc on my Blackberry.
Is this normal?
TIA,
but these 3 do not. Does anybody else have this
problem?
TIA,
Do a Google search on price_list.exe which is one I received. The spyware
companies are adding it. Does this mean it
doesn't count as a virus?
- Original Message -
From: "Jim Maul" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "M.Lewis&quo
1 - 100 of 125 matches
Mail list logo
