On 5/7/2013 1:44 AM, Benny Pedersen wrote:
Chris Santerre skrev den 2013-05-06 17:27:
10 days and still being abused badly. Recommending for everyone to
just refuse any .pw
time for spamhaus ? :=)
for those wanting an SA rule, here:
header PW_IS_BAD_TLD From =~ /.pwb/
describe PW_IS_BAD_TLD
On 2/23/2013 10:56 AM, Kevin A. McGrail wrote:
I am 100% certain that it is compromised accounts on yahoo where they steal the
address books. They then seem to cross correlate and use common last names to
mail people using other compromised yahoo accounts. Though I need to check if
they have star
Here's the current version I'm using based on 3.4.0 trunk:
We're seeing many different variations. For example, we see over
70 variations in the name (not just "Connor Hopkins").
Agreed. That's more of an internal meta because we had one person really
getting hammered. YMMV.
I've been curio
I started getting spam that was distinctive for having two boxes - one "Email
Security Information" and one "Privacy Policy" and viewing source indicated the
mails came from a server at "noave.net" 74.63.109.*.
I blocked 74.63.109.* and the spam stopped for a while, but I just got my first
sp
mouss wrote:
But back on topic... the OP has been joe-jobbed.
he's not the only one... seems there's a lot of backscatter coming in
these days.
Thanks for confirming that spf doesn't fix the problem.
The main problem with SPF is that most other servers out there don't check it
even if you
Jason Bertoch wrote:
It's my opinion that if an administrator misconfigured his SPF record, or a
number of other things on their side, it is their fault that mail cannot be
delivered. In the case of SPF_FAIL, they have explicitly told us they don't
want mail to come from a server not listed in
Justin Mason wrote:
A BL would probably be helpful -- but sadly some *really big* networks
(Earthlink's challenge-response) and companies (Fortune 500s) produce
these bounces, too, so it'd have serious FP potential, since those mail
relay IP addresses produce both the bounces and the legit mail.
My domain geekster.com has been Joe jobbed for the last couple
of weeks. In spite of the fact that I responsibly created SPF
records for my domain, I am getting flooded with bounce messages
from other mail systems that don't understand most spam from
addresses are forged. Fortunatly AOL seems to
jdow wrote:
Kindly explain to me how I can perform that nice bounce trick when I am
using fetchmail, Steve. I'd LOVE to do that.
Unfortunatly you can't. You only have one shot to reject the email from
the spammer and that is when the spammers machine is connecting to yours
to deliver the message.
jdow wrote:
===8<---
header JD_USATODAY_1From =~ /e\.usatoday\.com/i
describe JD_USATODAY_1 usatoday.com - SAY WHAT?
score JD_USATODAY_1 300
body JD_USATODAY_2 /e\.usatoday\.com/i
describe JD_USATODAY_2 I never joined dummies
score JD_USATODAY_2 300
===8<---
Somebody at that "med
Gene Heskett wrote:
The point being that under those conditions, root doesn't have any
filtering. So, I located that section of code in /usr/bin/spamd, and
commented it out. I believe its now working. Locking root out of
using a valuable tool just to try and convince that user not to run
as
Matt Kettler wrote:
Tracking down the originator is still a problem, and international
senders are a problem, but at least in the case of Spit you've got the
law on your side, unlike spam where the law is on the spammer's side
(can-spam)
All this talk of VOIP Spam (Spit) almost has me thinking o
Sandy S wrote:
Do you use Sendmail? If so, you may have to configure it to expose the
sender address. This information is in the USAGE file that comes with the
Spamassassin install:
" - A very handy new feature is SPF support, which allows you to check
that the message sender is permitted by
Now that I've got a version of hostname with the --fqdn option that spf
requires...
I have already installed Mail-SPF-Query-1.997 and it passed all of
its "make tests". Now I'm compiling/testing Mail-SpamAssassin-3.0.2
and a bit puzzled by the fact that it doesn't pass its spf tests.
t/spamd_unix.
I'm running Linux From Scratch v6.0.
I've now noticed that doing a non-CPAN install of Mail-SPF-Query-1.997
as root has the same problem when doing the make test. Google hasn't
turned up a workaround for this yet.
Steve
Loren Wilton wrote:
Hum, I thought they had a workaround for that problem. Wh
I've tried building/testing Spamassassin 3.02 as root and then as a regular
user - both times the SPF test failed, but I've noticed that if I test as root
the system ends up thinking its hostname is --fqdn. Are there two versions of
hostname around for Linux and only one of them has a --fqdn flag,
I think I'm ready to take the next step and upgrade my SA
installation to a milter setup which rejects mail over a
certain threshold. It looks like there are at least 2 milters
out there - is there one that is the current best? Does anyone
have a howto about setting up an SA milter with sendmail?
Kelson wrote:
jdow wrote:
Blame that on NIMBYs in your neighborhood who do not want an unsightly
cellphone tower there.
Something I've started to see here in southern California is cell phone
towers disguised as palm trees. Suspiciously symmetrical palm trees
with oddly straight trunks, very re
Jim Maul wrote:
Whats strange is i was forced into using verizon. I called 3 other DSL
companies who i KNOW have DSL in my area (my company uses one of them
and they are less than 1 mile away) and they all claim that its not
available. Verizon was the only one who actually saw DSL available on
Probably want to nuke punctuation and capitalization before doing
the sort. I'm too braindead at the moment, but some perl incantation
might be the way to go, or if you're old school then awk would probably
work.
Steve
Rich Puhek wrote:
Loren Wilton wrote:
I'm not a unix type, so how to do this is
Rick Macdougall wrote:
Hi,
In our case we are running spamd on a separate machine (FreeBSD) and the
perl connector by default will queue up to 128 processes when
connecting in TCP mode.
If spamc does timeout or can't connect, it just lets the message through
by default. So with procmail, you m
I'm just switching to using spamd -m10 (and other opts) from spamc from procmail
from sendmail and am wondering what happens when spamd hits the limit and spamc
can't connect to it. Does this get all the ay back through sendmail so the
sender knows that transmission failed? I'm wondering if this
In case anyone else is going to run into this, sometime
yesterday speakeasy.net implemented default SPF records
for all of their DNS hosting customers.
The problem is that they did it badly. No notification
whatsoever was sent out that they were doing this and no
chance to review (or even change a
23 matches
Mail list logo
