Re: Increase on Spambots?

2008-01-25 Thread bgodette
Marc Perkel wrote: > I'm wondering if anyone is noticing an increase in the number of virus > infected computers sending spam? Last month my hostkarma blacklist had > about 700,000 IPs of infected computers. Today it's 1,200,000. I do have > some new customers who have a lot of spam. But just wo

Re: Alan Ralsky indicted

2008-01-04 Thread bgodette
jdow wrote: > http://it.slashdot.org/article.pl?sid=08/01/04/0154229 > > Points to this article at freep.com > > http://www.freep.com/apps/pbcs.dll/article?AID=/20080103/NEWS06/80103045/1008/NEWS06 > Mich. spammer, 10 others indicted in alleged pump-and-dump scam > > > {^_^} I wonder if this

Re: Auto-RBL was: Why did this not hit more? (SPF, DKIM, Ironport, X-originating-ip)

2007-10-09 Thread bgodette
Dan Mahoney, System Admin wrote: > On Tue, 9 Oct 2007, Steven Kurylo wrote: > >>> Parsing the SA logs would be easy, but the connecting IP isn't listed >>> there. >> As I mentioned, I'm parsing exim's logs. It contains the spam score and the >> IP address. > > Oh, that's true enough. I was m

Re: Why'd Botnet hit?

2007-10-04 Thread bgodette
$host 216.117.166.139 139.166.117.216.in-addr.arpa domain name pointer nameservices.net. $host nameservices.net nameservices.net has address 216.117.191.6 nameservices.net mail is handled by 10 mail.nameservices.net. $host mail.nameservices.net. mail.nameservices.net has address 216.117.159.238 Re

Re: Purpose for SpamAssassin using MySQL

2007-10-03 Thread bgodette
Rob Mangiafico wrote: > On Tue, 2 Oct 2007, [iso-8859-2] Micha³ Jêczalik wrote: >> There are many. It allows you to share data between user accounts (IMHO it >> doesn't make much sense to have separate bayes databases for each account, >> at least they are of a 'massive' sort and users are not al

Re: How to stop these?

2007-08-27 Thread bgodette
Robert Fitzpatrick wrote: > On Fri, 2007-08-24 at 06:48 -0700, John D. Hardin wrote: >> On Fri, 24 Aug 2007, Robert Fitzpatrick wrote: >> >>> Anyone seen these, first reported to us today, but a lot...can >>> they be stopped. Bayes even gives negative score...we are running >>> SA 3.2.1 with SARE

Re: Reporting spam with Spmassassin-run instead of sa-learn

2007-07-30 Thread bgodette
Magnus Anderson wrote: > > > Martin Schütte wrote: >> Magnus Anderson schrieb: >>> So basicly, I want to run the "spamassassin --revoke/--report" commands >>> as a >>> specific username. How can I do that? >> man su >> >> For example: su vscan -c "spamassassin --report ${train_dir_sa_spam}/*" >>

Re: Re Thoughts on Isolating Viruses - Port 587 Submission

2007-07-17 Thread bgodette
John Rudd wrote: > things on the anti-virus side ... especially once virus authors figure > out how to extract passwords from locally installed mail clients. Already exists, however the most recent instance we saw was most likely injecting messages into OE's outbox instead of using locally store

Re: Spam PDF

2007-06-29 Thread bgodette
> It had nothing in the body. Without seeing that relay before, both > BAYES_80 and UNIQUE_WORDS caught it. > > Excluding the attachment encoding itself, here's what it had: > > Received: from [83.76.165.174] (HELO lmnht) > by mail.rudd.cc (CommuniGate Pro SMTP 5.1.4 _community_) > wi

Re: Spam PDF

2007-06-29 Thread bgodette
arni wrote: > i will use one of the best quotes here that were ever created on the > internet: > > "You make your mouth full of technical bullshit when only facts talk" > > By some random guy > > ;-) arni So you're saying yo

Re: Spam PDF

2007-06-29 Thread bgodette
John Rudd wrote: > [EMAIL PROTECTED] wrote: >> John Rudd wrote: > >> You *will* not be getting a BAYES_90 or >> BAYES_99 from that. > > My first one got BAYES_80, without having seen that zombie/relay before. > That's enough for 2 points. Which only tells me it had more than just the PDF atta

Re: Spam PDF

2007-06-29 Thread bgodette
arni wrote: > [EMAIL PROTECTED] schrieb: >> >> Sounds more like "if we didn't rely on other people to have seen this >> particular abusive host before us and our learning system to have seen >> past examples of spam that looks a whole lot like this one from headers >> al

Re: Spam PDF

2007-06-29 Thread bgodette
John Rudd wrote: > [EMAIL PROTECTED] wrote: >>> Actually, it didn't. The assertion is that if someone else hadn't seen >>> this exact message first, then SA wouldn't have caught it. >> No, the assertion is that if someone else hadn't seen prior abuse from >> the sending host first (not this exact

Re: Spam PDF

2007-06-28 Thread bgodette
arni wrote: > [EMAIL PROTECTED] schrieb: >> Actually it did, take away the spamtrap fed blackholes (PBL and SPAMCOP) >> and the spamtrap fed BAYES as well and it scores a whopping 3.1 thanks >> to the BOTNET plugin (which is amazing btw). That hit was all from >> late-receiver effect. >> > That sou

Re: Spam PDF

2007-06-28 Thread bgodette
> Actually, it didn't. The assertion is that if someone else hadn't seen > this exact message first, then SA wouldn't have caught it. No, the assertion is that if someone else hadn't seen prior abuse from the sending host first (not this exact message), then SA wouldn't have caught that particul

Re: Spam PDF

2007-06-27 Thread bgodette
John Rudd wrote: > Robert Schetterer wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> arni schrieb: >>> Raymond Myren schrieb: Hello, Just today I started receiving spam mails with attached .pdf files with a spam image. Any ideas how to stop this spam type?