Look in the local.cf for these lines, or (if mysql is being used) look
in the userpref table and delete the rows that have those entries.
Had the same issue and that cleared it up.
-=R
Doc Schneider wrote:
I'm seeing this in a server I just upgraded from 3.0.6 to 3.1.7
My thoughts are this is
Bob McClure Jr wrote:
sa-stats.pl as distributed with SA v3.1.7 blows out a ton of
WARNING: ignoring future date in syslog line: Dec 31 20:26:56 bubba spamd[7149]: prefork: child states: II
and the like, and ends up reporting zeros for results. Another
machine with the same sa-stats.pl (and
Debbie D wrote:
Can someone try and help me understand why this keeps slipping through.. in
2+ days I have 40 or more of these to various addresses of my own on the
server
http://sial.org/pbot/21945
(Thanks Theo for the link)
Scores for me:
Content analysis details: (19.5 points,
link with more info.
-=Ray
Ray Anderson wrote:
This looks like a failed header injection attack.
Some background: Lots of web form handlers, including the most basic
Perl and PHP tools, will build the headers and body of a message as
one long string, then pass it to Sendmail. If a form
This looks like a failed header injection attack.
Some background: Lots of web form handlers, including the most basic
Perl and PHP tools, will build the headers and body of a message as one
long string, then pass it to Sendmail. If a form allows user-supplied
data for any header content -- m
My $.02, (and that's about all it's worth).
I was running a server with 1and1 who uses ip address blocks assigned to
Amsterdam.
The server was physically located in New York City.
I had several customers who could not send mail outbound because people
hate to receive mail from Amsterdam. P
Nicely done!
John D. Hardin wrote:
{snicker!}
Dec 12 09:48:03 ga : Initial Connect - tarpitting: 124.240.124.222 60241 ->
x.x.x.x 25
Dec 12 09:44:20 ga : Initial Connect - tarpitting: 124.240.124.222 53486 ->
x.x.x.x 25 *
Dec 12 12:16:30 ga : Initial Connect - tarpitting: 124.240.124.222 1452
I use a required_score of 3 and so far have had zero positives (more
than 3 years running).
I have customers that also run 3 and have opted to have the server
/discard/ the message (not quarantine, but /DISCARD/) if it is
identified as spam. So far none of those users have complained about
Hello,
I've been lurking for a while and had just recently decided to try to
put the FuzzyOCR on my spam filtering machine, when I found the
following incredibly obfuscated stock spam (link at bottom of message)
The question is this:
Will FuzzyOCR find/detect the garbage in this image or is
Craig Morrison wrote:
Gary V wrote:
Exactly. How you prevent sending the message through SA is not a
function of SA itself, but of the implementation, and because of the
large number of implementations and configurations I question whether
it would be practical (or even related) to provide exa
Wouldn't a better solution to be check the e-mail for NOT having any
alpha chars?
All numbers seems like a no-brainer to me, but I'm fairly new at this. :)
Something like
Body ~= /[^a-zA-A]/
?
Cheers,
-=Ray
Justin Mason wrote:
this seems to catch them:
header __MAILER_OL_6626 X-Mai
I made a custom rule in local.cf to score the following with 5:
describe custom_body_checksCustom Body Checks
score custom_body_checks5
rawbody __bc_0 /%RND_ALT/I
meta custom_body_checks ( __bc_0 )
But it is not catching that phrase in the inbound e-mail. (below)
> Err..
>
> body STOCK_SPAM
>
/inf0rmati(O|0)n|st0ck|profi\|e|invest0rs|pr0file|y0urse(l|\|)f|wil\||symb(o
|0)\|/
>
> is more efficient.. and still will catch that crap in the subject line
also.
>
> D
>
>
Please excuse my ignorance
Would you want to make this a rawbody check so mime-embe
I'm thinking it's because the message is in multi-part embedded multi-part
mime mail, but I'm not sure.
I'm stuck running 2.55 for another 3 months or so before I move to FC3, so
until then, does anyone have any advice? This is the second message that's
like this, and I'm sure the numbers are goi
anyway, but to work
> to produce actual
> releases for others, I think a bit more of an interest is needed.
I am also required to stay with the 2.6 branch for the forseable future, if
there's anything I can do to help I'd be happy to.
-=Ray
-------
pgrade, which I cannot do at
this time.
I finally had to put a score in my local.cf that reduces the score to zero.
-=Ray
--
Ray Anderson
R&B Communications
530.478.1137
[EMAIL PROTECTED]
http://www.rb-com.com
---
.2.19-2003-05-19-exp)
-=Ray
--------
Ray Anderson
System Development Manager
916.788.2444 (Office)
916.798.9439 (Mobile)
PRIDE Industries
[EMAIL PROTECTED]
http://www
17 matches
Mail list logo
