Re: Breaking up the Bot army - we need a plan

Once again, Perkel clutters the SpamAssassin list with a non-SpamAssassin discussion. One which, IIRC, he's just rehashing from a year or so ago (are we going to see a rehash of the "the future of email storage is sql" thread, too?). There are FAR more appropriate forums for these non-SA related th

Re: Block "wrote:" spams

I've added three procmail rules in the last few days to combat the deluge of these (and other) spams. I figure that these are all passing fads and aren't worth writing SA rules. YMMV, of course, but in my case, the procmail method works best. :0 * ^subject:.*your concert tickets reservation .spam

Re: Fishing

> Steve Thomas wrote: > >>/htt(?:p|ps):\/\/.*?\/.*\.com$/i >> > > Why not /https?:\/\/.*?\/.*\.com$/i Because I always forget that the question mark can be used that way, and if I can't seem to remember it, nobody else gets to use it! That's why. :) Nice cat

Re: Fishing

>> .com will, of course, be a challenge. > > /htt[p|ps]:\/\/.*?\/.*\.com$/i Correction! That should be: /htt(p|ps):\/\/.*?\/.*\.com$/i and slightly more efficient (doesn't capture backreference): /htt(?:p|ps):\/\/.*?\/.*\.com$/i

Re: Fishing

> .com will, of course, be a challenge. /htt[p|ps]:\/\/.*?\/.*\.com$/i

Re: catching fake usernames?

> On Thu, August 31, 2006 05:41, Rick Roe wrote: >> like there should be a simpler, more automatic way to do this. Am I >> missing something? > > in postfix main.cf > > smtpd_reject_unlisted_sender = yes In exim.conf, somewhere in acl_check_rcpt: require verify = sender

Re: Hacked E-Trade Phishing Site

> Check at the top of this E-trade Phishing site: > > http://196.1.161.115/e/t/user/login/ That's brilliant. Looks like there's a creative grey-hat out there somewhere. Also interesting - the login form itself is a flash app. I haven't seen that before (but I don't check many of them out, either.

Re: Allowing IMAP/POP to Send Email

> Spam is never eliminated - just reduced. Most spam comes from virus > infected zombies that talk SMTP. If end users were by default set up so > that they can only send email by IMAP then you can block off SMTP ports > for end users isolating them from the SMTP world. That would take a huge > bite

Re: What changes would you make to stop spam? - United Nations Paper

> Why use 2 > protocols when you can use one? Oh I don't know. Maybe because the infrastructure for it is already in place in the form of hundreds of thousands of existing mail servers that already require authentication if the message being transmitted isn't destined for a local user? > There wo

Re:

> unsubscribe > end list-unsubscribe:

Re: using spamdc/spamd getting better results?

Hi Yossi, > My mail relay is built on sendmail and MailScanner configured > wit SA 3.1.1. > ... > How do i start spamc? IIRC, MailScanner loads the SpamAssassin perl modules directly - it doesn't use spamc/d, nor does it use the "spamassassin" script. HTH, St-

Re: question about SpamAssassin

> We use a MTA package called Extremail (http://www.extremail.com) and I was > wondering if SpamAssasin is compatible with it. Did you check their forums at http://extremail.monsterserver.de/main.php ? They have a forum dedicated to integrating anti-spam products with their server, although it req

RE: outlook email is beeing flag as spam...

> -1.8 ALL_TRUSTEDPassed through trusted hosts only via SMTP > -0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40% > [score: 0.3371] > 0.1 HTML_90_100BODY: Message is 90% to 100% HTML > 1.8 HTML_IMAGE_ONLY_24 BODY: HTML:

Re: The Future of Email is SQL

> So - like I said - this is visionary stuff. Think SQL - think outside > the box. It's not all that visionary. Microsoft's been working on WinFS - a SQL based system for storing files - for years. It's supposed to have been released as a part of longhorn (vista), but they're pushing it back. I'm

Re: The Future of Email is SQL

While this is quite an interesting topic, I have to ask why it's on the spamassassin list. Message stores aren't spamassassin specific and this is already a pretty high-volume list. Does this discussion really belong here? St-

Re: is there a way to block email coming from

> country, other than USA? How would you look up the network block on > country > such as Romania, China, Taiwan,Thailand, Korea, and so on... > > Thanks. Check out http://countries.nerd.dk/ and http://www.blackholes.us/

Re: Way OT: What do you use for anti-virus (Linux)

> Yeah ... the university got a fairly good deal on our per-user costs > for Sophos. I doubt I'd buy it for personal use, either. They don't have a consumer product. They sell exclusively to the business/government/education sectors. We use sophos on the desktop and on the mail server, called fr

Re: 3.1.2?

> On Wed, Apr 26, 2006 at 05:32:45PM -0400, Joe Flowers wrote: >> Any educated guesses on when 3.1.2 will be released? > > I was hoping to get it out this month, but I think it'll probably be next > early month before it's all ready to go. Any word on whether or not it includes a fix for bug #4590

RE: apache httpd + spam assassin = web without spam?

> I was having this problem for a while... then I added a confirmation block > to my guestbook - so that any post had to be confirmed. > > Boom - spam stopped (I've never even gotten confirmation notices that they > tried again). I did basically the same thing. I hacked PHPBB a little to throw an

Re: This isn't being tagged

These things are being properly detected for me. Here's the headers from one I received this morning: -- Return-path: <[EMAIL PROTECTED]> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on titan.sthomas.net X-Spam-Level: *** X-Spam-Statu

Re: encoded spam that got thru

> Without being able to decode that block of stuff myself and thus see what > it says It's a stock spam for some oil company. Decoding anything base64 encoded is pretty easy if you have perl installed somewhere: cut #!/usr/bin/perl use MIME::Base64; print decode_base64(""); cut

Re: SA-LEARN HANGING when database over 2000 SPAM messages

> I think it was Steve that said his database is in SQL format. How do I > convert the spamassassin database on FreeBSD 5.4 to SQL? I used the procedure found on this page as a guide: http://www200.pair.com/mecham/spam/fc4-spamassassin-sql.html

Re: SA-LEARN HANGING when database over 2000 SPAM messages

> -rw--- 1 root wheel 549775048704 Feb 28 10:47 bayes_toks I'll leave it to the experts to help you out here, but I would assume that a token db that's apparently half a terrabyte in size is a *slight* indication of a problem somewhere... ;)

Re: SA-LEARN HANGING when database over 2000 SPAM messages

> The first time I encountered this problem is when the spam database has > around 3000 SPAM and about 1 HAM, the database seems to become > corrupt. I start to receive PERL errors. > ... > Is there a problem with the database when it > reaches a certain size? I can't offer much assistance wit

Re: spamd & mysql redux

> i googled a bit and found this related to fedora3 and SELinux: > http://forums.mysql.com/read.php?11,20759,21482#msg-21482 I had seen that page, but didn't know what selinux was (thought it was a distro!) so I thought it was irrelevant. After checking it out, it turns out that that's what the pr

Re: spamd & mysql redux

>> Feb 22 11:45:42 ronin spamd[3322]: bayes: unable to connect to database: >> Can't connect to local MySQL server through socket >> '/var/lib/mysql/mysql.sock' (13) > > Is that where mysql.sock is located? I don't know where the MySQL RPMs > might > stick it, but source installs stick it at /tmp/m

spamd & mysql redux

Howdy list, I'm having the exact same problem that Glenn is/was having as posted about last week. (see http://article.gmane.org/gmane.mail.spam.spamassassin.general/77708) I'm using Fedora Core 4, perl 5.8.6, SA 3.1.0 and mysql 4.1. SA was installed by building an RPM directly from the tarball. I

Re: From: '' <> whitelisted?

> 1) null sender isn't in the default whitelist > > 2) the rule matched isn't due to the default whitelist, as that would show > up as > USER_IN_DEF_WHITELIST, instead of USER_IN_WHITELIST. I guess I need to brush up on my SA rules vocabulary.. :) > 3) The message in question has the null path a

Re: From: '' <> whitelisted?

> How is it that this (weird, sort-of-null) From: address is whitelisted? > It's surely not listed in my local.cf or user_prefs. Any ideas? >From RFC 2821: If an SMTP server has accepted the task of relaying the mail and later finds that the destination is

Re: Recurring abuser

> My MailScanner boxes are still getting drilled with the Sober.Virus and spam (none which have made it through) from a single IP address. I did a lookup on dnsstuff.com for the address {66.243.13.178} but made no headway on what to do about this. What steps do I need to do in order to get this

Re: SpamAssassin as a Relay Server - how can I make it better?

ere were a LOT of improvements made between the 2.5x and 2.6x releases and I'll bet that most of your problems disappear if/when you upgrade. -- Steve Thomas -=*=- sthomas.net Registered Linux User #281447