Ok, had some of that new home grown spam getting through recently,
especially that garbled Russian nonsense, so I ran sa-update to update my
rules. It sat there thinking for a second and then dropped to a command
prompt again. There's no sign anywhere that it did anything to update my
lol. This is kind of OT, but does involve stopping spammers. One
thing I've noticed lately is that they're getting really desperate. So
much so that I've not only had to add spam protection to my forums, but
I've also had to several of my web forms. Yes, spammers were actually
spamm
Well, I have a simple plan. Spammers are inherently greedy,
right? Why not offer a $25k-$25mil a head bounty on any spammer captured
and brought to justice? Even if we can't convict them on crimes of
spamming, we can certainly get them on fraud and other things. There's
plenty of la
Those razor2 and pyzor checks look interesting, but I haven't seen
them on any of my emails that get filtered. Is that something special you
have to setup, or is it a default feature of SA?
Steven Lake
Owner/Technical Writer
Raiden's Realm
www.raiden.net
A friendly web community
At 06:19 AM 12/10/2006 -0800, John Rudd wrote:
The Botnet plugin seems to catch the vast majority of them here. Have you
tried it?
Nope, been considering it though. I did check my spam bin and it
appears that only about one in twenty of those advice spams are getting
through, so tha
I'm brainstorming here tonight and I'm curious of something. When
you're using FuzzyOCR, is it called for every message that goes through SA,
or just ones with gif attachments?
Steven Lake
Owner/Technical Writer
Raiden's Realm
www.raiden.net
A friendly web community
I've been using the "forged wrote" test with deadly efficiency on
all the stock scams. I just cranked that badboy to 5 and not a single
stock scam, save one has made it through. The odd thing about the one that
made it through was that it had a zero score like SA ignored it for some
j
I don't know why I never thought to ask this before, but do I need
to restart spamd after any changes to this, or will the changes be seen
dynamically?
Steven Lake
Owner/Technical Writer
Raiden's Realm
www.raiden.net
A friendly web community
At 12:27 PM 11/11/2006 +, Justin Mason wrote:
ho hum... here we go again. :(
As I've noted several times recently -- these *are* being caught by rules
which were developed "in the open" -- namely RCVD_FORGED_WROTE, which has
been sitting in my sandbox for several weeks, was announced in a ch
At 12:26 PM 11/10/2006 -0600, Stuart Johnston wrote:
I thought the Sender ID thing was over a long time ago but apparently they
recently opened it up:
http://news.google.com/news?q=sender+id
Nah, they're trying to push it again. It's a microsoft
thing. Beat a dead horse, prop it up
Just wanted your guys' feedback on an article I wrote just the
other day that talks about a possible source of this current spam war. It
talks about how its all too convenient that Microsoft got smacked down hard
on their Sender ID system recently, and then this starts shortly
afterwar
Ok, remember that "Name Wrote: :)" emails? They've completely
changed. Now it's "hi username" instead. Joy, oh joy. Can anyone find
any common elements in these emails because whoever this putz is, they're
adapting a lot. They hit us, we adapt, they immediately change tactics and
c
At 10:28 AM 11/10/2006 +0100, Alain Wolf wrote:
For a standard update just run sa-update without any options.
Ah, Danke. :D I'll give that a try.
Steven Lake
Owner/Technical Writer
Raiden's Realm
www.raiden.net
A friendly web community
At 01:34 PM 11/10/2006 +0100, Charlie Clark wrote:
ha, as if it were even a rant! Anything that is multipart but has no
text/plain should be rejected by the MTA so that the ISP's get round
to fixing the problem. Flood an SMTP with bounces because of that and
all of a sudden the problem gets addre
Well, that's all fine and dandy, but what do we do about
them? Since we know they all have a common element, we need to figure out
a way to stop them using that info.
At 04:03 PM 11/10/2006 +, Tony Finch wrote:
They have a forged Received: line which has a "by" field containing t
Judging from the replies on this list, it's a good idea to run
sa-update about once a week. But I don'tk now how. I looked at the man
file, but that doesn't tell me what options I need for a standard
update. Can anyone help me?
Steven Lake
Owner/Technical Writer
Raiden's Realm
www.
At 07:05 PM 11/8/2006 -0800, Kenneth Porter wrote:
My manufacturing company is very picky about accepting physical inputs
from vendors. We should be equally picky about what we accept from them in
email.
Oh, I'll fully agree with that. The problem isn't doing it the
right way. The p
I never saw your posts about the relay checker plugin. Can you
email me the info on it?
At 10:33 AM 11/4/2006 -0800, John Rudd wrote:
For the "wrote:" spams that come through here, I think all of them are
being caught by my RelayChecker plugin (which I've posted in other threads).
What do the hits look like on the spam getting through?
I'm seeing a wide variety of different hits. Nothing in
common. I'm also seeing ham scores on obvious spam. Is this bayes
poisoning and if so, how do I reset bayes to clear that?
What kinds of spam are they, anything in co
How did you upgrade?
Via the freebsd ports collection
What version did you upgrade from?
3.1.5
Where did you get 3.1.17 from? :)
That would be a typo. I meant 3.1.7, not 3.1.17. Must have had a
finger malfunction. ;)
Steven Lake
Owner/Technical Writer
Rai
Ok, this isn't right. I upgraded my SA install to 3.1.17 day
before yesterday. I cycled the server and now all of a sudden I'm getting
50% of the spam coming through that's getting completely missed. Do I need
to reset something or maybe bayes or is there a change somewhere I need to
Ok, I'm going to take a huge guess that just dumping the new sare file
into your rules directory (in my case, since I'm on freebsd, it's
"/usr/local/share/spamassassin") doesn't work and you need to do some kind
of update thingy.
Someone got a guide on how to do this on freebsd? Many
that My server has been taking between 400,000 and 500,000 messages per
day. A few months ago, it was more like 150,000 to 200,000 per day.
Yeah, we're getting hammered pretty badly here too. Rumor has it
that a spam war is going on. The spammers are trying to destroy or poison
eve
Just added this to my user prefs file. We'll see what
happens. Thanks. :D
At 10:44 AM 10/17/2006 -0700, Jo Rhett wrote:
Just FYI increasing SARE_GIX_STOX has removed this spam from my
mailbox. It's doing something right. (I was getting 1-2 an hour prior to
increasing that rule's s
Yeah, I'm seeing that too. Any ideas on how to do that? For now
I've been falling back on a procmail hack to toss all messages with images
embedded in the HTML of the message into their own folder.
At 04:02 PM 10/17/2006 +0200, Anders Norrbring wrote:
This type of image spam is gettin
Ok, I'm starting to get a bunch of spams coming through that are
tagged as white listed, so all I can think of is that they somehow got into
the auto white list. First, how do I turn it off, and second how do I
clear the list? I know I did this once long ago, but that was like 2-3
ser
> Why does it have to be in the ports tree? Does the CPAN version
> not run on FreeBSD?
Just for consistency's sake. The ports system sometimes gets confused if
you have a mix of ports and cpan installed packages.
Exactly, that's why I prefer to do everything via ports. For one,
it
w wrote:
It's a few lines of perl. Download it. Put the pieces in the appropriate
places. Go.
(The direct answer is "of course not." It's still beta and nobody has
done rpms, debs, or ports of it. There might now be a zip or tar file
of it.)
{^_-}
----- Original Message --
Ok, well I only see 3.1.6 on the site. Not unless I'm looking in
the wrong place.
At 11:26 PM 10/14/2006 -0700, jdow wrote:
3.1.7. Skip 6.
{^_^}
- Original Message - From: "Steve Lake" <[EMAIL PROTECTED]>
To:
Sent: Saturday, October 14, 2006 20:14
Subject
Just looked over the bug fix list for 3.1.6 and it doesn't seem
like anything *major* that would suggest that I should make the leap. I'm
right now running 3.1.5 on my box. Is there other improvements, such as
rules and the like, that would make this a preferable upgrade? Or should I
Oh, this sounds spectacular. One question. Is there a port on
Freebsd for this? I don't see one offhand. If there is, then that would
assume that all the other necessary ports are present as well. If not,
it'll be a royal b trying to get the nix versions installed instead if
no
Ok, I've got several pesky problems that won't go away and I need
some help. On some emails it automatically flags some as ham and says
"autolearn=ham" and others that say "autolearn=no". I'm guessing that the
autolearn feature isn't always working. Is there a way I can completely
tu
Hi all. Got a question. I've got a couple addresses I monitor for mail
that only get like 1-2 legitimate mails out of every thousand or so, but I
need those emails, but at the same time I'd like to either raise the values
on inbound mail to just those addresses so that they score higher, or l
I'm curious. How well does SA do with handling phishing spam and is there
stuff built into it to identify and nail these kind of emails? I'm just
curious because I heard that in just the past 5 months Netcraft has logged
over 5600 unique phishing sites on the net, so I wanted to be sure any s
- From 'man spamd':
- -m num, --max-children=num Allow maximum num children
Just set that as desired in your script that starts up the spamd daemon.
HAHAHA!! OMG, I was looking at the wrong man file. ^_^;; Thanks
for the help.
Ok, been through the man file already and I didn't see anything apparently
obvious on how to increase the number of child processes for SA. I know
that the default is 5, but is this a command line config I need to change
to bump it to 10 or 15? Or do I need to edit a config file? This new
3
Well, I'm now up and running...somewhat. I opened up a whole lotta
permissions on the server and it's now letting mail be filtered, but the
--lint command still renders errors on the user level. But at the same
time I'm finding some really nasty problems with the box itself at this
point. S
e
shell? I could find it out eventually myself, but if someone already had a
list, that'd make my day SO much easier.
At 04:45 PM 3/29/05 -0500, Matt Kettler wrote:
Steve Lake wrote:
> Hi all. Just upgraded my copy of Spam Assassin to the latest
> build on Freebsd 4.10 and su
Hi all. Just upgraded my copy of Spam Assassin to the latest build on
Freebsd 4.10 and suddenly it's not filtering mail. It loads up fine, and I
can see the child processes like what's supposed to be there, but nothing
seems to get handed off to procmail. I'm not totally sure what's up. I
39 matches
Mail list logo
