Re: milter vs spamc

In your message regarding Re: milter vs spamc dated 15/01/2024, Mike Bostock said ... > In your message regarding Re: milter vs spamc dated 15/01/2024, Benoit > Panizzon said ... > > Hi > > > What are the pros and cons? > > In my opinion, an email should eith

Re: milter vs spamc

the good advice. spamass-milter it is then! -- Mike

milter vs spamc

milter? Thanks -- Mike

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

In your message regarding Re: Anybody else getting bombarded with "I RECORDED YOU" spam? dated 11/11/2023, Noel Butler said ... > On 11/11/2023 22:37, Mike Bostock via users wrote: > > There is a way to whitelist domains with no RDNS but so far I haven't > > fou

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

il and installed pyspf-milter as well and I would say it has reduced my spam by 95%. There is a way to whitelist domains with no RDNS but so far I haven't found a way to do this in the .mc file. Thanks again -- Mike

Re: Lint problem with KAM.cf

+1 Same issue here. On 8/30/21 14:31, Rick Cooper wrote: > This have been going on a while but I haven't had time to addresses. > When the KAM rules are updated I see the following lint warning > warn: rules: error: unknown eval 'short_url' for __KAM_SHORT > > Near as I can tell I am running th

How to verify specific commits are in current ruleset?

s change (https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?r1=1857655&r2=1857654&pathrev=1857655) and comparing that to the code currently running on my mail servers. Is there any easier way to verify that a specific commit is in my currently running rule set? Mike Ray

Re: Open source (WAS: Spam rule for HTTP/HTTPS request to sender's root domain)

Here ya go ;) https://github.com/mikernet/HttpCheckDnsServer On 3/21/2019 5:42 AM, Tom Hendrikx wrote: On 20-03-19 19:56, Mike Marynowski wrote: A couple people asked about me posting the code/service so they could run it on their own systems but I'm currently leaning away from that. I

Re: Open source (WAS: Spam rule for HTTP/HTTPS request to sender's root domain)

e, though people are obviously free to do with the code as they wish. Cheers! Mike On 3/21/2019 5:42 AM, Tom Hendrikx wrote: On 20-03-19 19:56, Mike Marynowski wrote: A couple people asked about me posting the code/service so they could run it on their own systems but I'm currently le

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Continuing to fine-tune this service - thank you to everyone testing it. Some updates were pushed out yesterday:  * Initial new domain "grace period" reduced to 8 minutes (down from 15 mins) - 4 attempts are made within this time to get a valid HTTP response  * Mozilla browser spoofing is imple

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Thank you! I have no idea how I missed that... On 3/13/2019 7:11 PM, RW wrote: On Wed, 13 Mar 2019 17:40:57 -0400 Mike Marynowski wrote: Can someone help me form the correct SOA record in my DNS responses to ensure the NXDOMAIN responses get cached properly? Based on the logs I don't

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Can someone help me form the correct SOA record in my DNS responses to ensure the NXDOMAIN responses get cached properly? Based on the logs I don't think downstream DNS servers are caching it as requests for the same valid HTTP domains keep hitting the service instead of being cached for 4 days

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Any HTTP status code 400 or higher is treated as no valid website on the domain. I see a considerable amount of spam that returns 5xx codes so at this point I don't plan on changing that behavior. 503 is supposed to indicate a temporary condition so this seems like an abuse of the error code.

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Back up after some extensive modifications. Setting the DNS request timeout to 30 seconds is no longer necessary - the service instantly responds to queries. In order to prevent mail delivery issues if the website is having technical issues the first time a domain is seen by the service, it w

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Taylor <mailto:gtay...@tnetconsulting.net>> wrote: On 02/28/2019 09:39 PM, Mike Marynowski wrote: > I modified it so it checks the root domain and all subdomains up to the > email domain. :-) > As for your question - if afraid.org has a website then you are correct, > all subdomains of a

Re: Spam rule for HTTP/HTTPS request to sender's root domain

On 3/1/2019 4:31 PM, Grant Taylor wrote: afraid.org is much like DynDNS in that one entity (afaid.org themselves or DynDNS) provide DNS services for other entities. I don't see a good way to differentiate between the sets of entities. I haven't come across any notable amount of spam that's

Re: Spam rule for HTTP/HTTPS request to sender's root domain

On 3/1/2019 1:07 PM, RW wrote: Sure, but had it turned-out that most of these domains didn't have the A record necessary for your HTTP test, it wouldn't have been worth doing anything more complicated. I've noticed a lot of the spam domains appear to point to actual web servers but throw 403 o

Re: Spam rule for HTTP/HTTPS request to sender's root domain

MTA. On 3/1/2019 2:26 PM, Antony Stone wrote: On Friday 01 March 2019 at 17:37:18, Mike Marynowski wrote: Quick sampling of 10 emails: 8 of them have valid A records on the email domain. I presumed SpamAssassin was already doing simple checks like that. That doesn't sound like a good id

Re: Spam rule for HTTP/HTTPS request to sender's root domain

sumed SpamAssassin was already doing simple checks like that. On 3/1/2019 10:23 AM, RW wrote: On Wed, 27 Feb 2019 12:16:20 -0500 Mike Marynowski wrote: Almost all of the spam emails that are coming through do not have a working website at the room domain of the sender. Did you establish what fracti

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Changing up the algorithm a bit. Once a domain has been added to the cache, the DNS service will perform HTTP checks in the background automatically on a much more aggressive schedule for invalid domains so that temporary website problems are much less of an issue and invalid domains don't dela

Re: Spam rule for HTTP/HTTPS request to sender's root domain

For anyone who wants to play around with this, the DNS service has been posted. You can test the existence of a website on a domain or any of its parent domains by making DNS queries as follows: subdomain.domain.com.httpcheck.singulink.com So, if you wanted to check if mail1.mx.google.com or a

Re: Spam rule for HTTP/HTTPS request to sender's root domain

You'll be able to decide how you want to prioritize the fields - I've implemented it as a DNS server, so which domain you decide to send to the DNS server is entirely up to you. On 2/28/2019 10:23 PM, Grant Taylor wrote: On 2/28/19 9:33 AM, Mike Marynowski wrote: I'm doing

Re: Spam rule for HTTP/HTTPS request to sender's root domain

I modified it so it checks the root domain and all subdomains up to the email domain. As for your question - if afraid.org has a website then you are correct, all subdomains of afraid.org will not flag this rule, but if lots of afraid.org subdomains are sending spam then I imagine other spam

Re: Spam rule for HTTP/HTTPS request to sender's root domain

I'm pretty sure the way I ended up implementing it everything is working fine and it's nice and simple and clean but maybe there's some edge case that doesn't work properly. If there is I haven't found it yet, so if you can think of one let me know. Since I'm sending an HTTP request to all sub

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Thunderbird normally shows reply-to in normal messages...is this something that some MUAs ignore just on mailing list emails or all emails? Because I see reply-to on plenty of other emails. On 2/28/2019 3:44 PM, Bill Cole wrote: On 28 Feb 2019, at 14:29, Mike Marynowski wrote: Unfortunately

Re: Spam rule for HTTP/HTTPS request to sender's root domain

lding this as a cached DNS service is just walk up the subdomains until I hit the root domain and if any of them have a website then it's fine. On 2/28/2019 2:39 PM, Antony Stone wrote: On Thursday 28 February 2019 at 20:33:42, Mike Marynowski wrote: But scconsult.com does in fact have

Re: Spam rule for HTTP/HTTPS request to sender's root domain

o they are no risk of being blocked even if a non-website domain triggers this particular rule. On 2/28/2019 2:25 PM, Bill Cole wrote: On 28 Feb 2019, at 13:43, Mike Marynowski wrote: On 2/28/2019 12:41 PM, Bill Cole wrote: You should probably put the envelope sender (i.e. the SA "Envel

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Reply-To header. I don't ever need 2 copies of a message posted to a mailing list, and ignoring that header is rude. On 28 Feb 2019, at 13:28, Mike Marynowski wrote: On 2/28/2019 12:41 PM, Bill Cole wrote: You should probably put the envelope sender (i.e. the SA "EnvelopeFrom"

Re: Spam rule for HTTP/HTTPS request to sender's root domain

On 2/28/2019 12:41 PM, Bill Cole wrote: You should probably put the envelope sender (i.e. the SA "EnvelopeFrom" pseudo-header) into that list, maybe even first. That will make many messages sent via discussion mailing lists (such as this one) pass your test where a test of real header domains w

Re: Spam rule for HTTP/HTTPS request to sender's root domain

On 2/28/2019 12:41 PM, Bill Cole wrote: You should probably put the envelope sender (i.e. the SA "EnvelopeFrom" pseudo-header) into that list, maybe even first. That will make many messages sent via discussion mailing lists (such as this one) pass your test where a test of real header domains w

Re: Spam rule for HTTP/HTTPS request to sender's root domain

'm not going to cry about it...more spam catching for me and whoever decides to install the plugin on their own servers. If it does become widespread and some spammers adapt then I'll take solace in knowing I helped a lot of people stop at least some of their spam. * Mike Marynowsk

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Why even use a test for something that is so easily compromised? -Ralph Everything we test for is easily compromised on its own.

Re: Spam rule for HTTP/HTTPS request to sender's root domain

And the cat and mouse game continues :) That said, all the big obvious "email-only domains" that send out newsletters and notifications and such that I've come across in my sampling already have placeholder websites or redirects to their main websites configured. I'm sure that's not always the

Re: Spam rule for HTTP/HTTPS request to sender's root domain

I would not do it at all, caching or no caching. Personally, I don't see a benefit trying to correlate email with a website, as mentioned before, based on how we utilise email-only-domains. -Ralph Fair enough. Based on the sampling I've done and the way I intend to use this, I still see thi

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Question though - what is your reply-to address set to in the emails coming from your email-only domain? The domain checking I'm doing grabs the first available address in this order: reply-to, from, sender. It's not using the domain of the SMTP server. I did come across some email-only domain

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Just one more note - I've excluded .email domains from the check as I've noticed several organizations using that as email only domains. Right now the test plugin I've built makes a single HTTP request for each email while I evaluate this but I'll be building a DNS query endpoint or a local do

Re: Spam rule for HTTP/HTTPS request to sender's root domain

I've tested this with good results and I'm actually not creating any HTTPS connections - what I've found is a single HTTP request with zero redirections is enough. If it returns a status code >= 400 then you treat it like no valid website, and if you get a < 400 result (i.e. a 301/302 redirect

Spam rule for HTTP/HTTPS request to sender's root domain

Hi everyone, I haven't been able to find any existing spam rules or checks that do this, but from my analysis of ham/spam I'm getting I think this would be a really great addition. Almost all of the spam emails that are coming through do not have a working website at the room domain of the sen

Re: Which Net::DSN for SpamAssassin-3.4.1

>udppacketsize; > my $udp_payload_size = $self->{conf}->{dns_options}->{edns}; > if ($udp_payload_size && $udp_payload_size > 512) { Okay, thanks for the info! -- Mike

Which Net::DSN for SpamAssassin-3.4.1

Hello all I'm confused ... what is the "recommended" version of Net::DNS to use with an unpatched SpamAssassin-3.4.1? Or are there patches I ought to apply for, say, Net::DNS 1.06? Thanks! -- Mike G.

Re: SA From header checks

- Original Message - > On 08/11/2016 06:03 PM, Mike Ray wrote: > <.snip.> > > > > > > > However, after I had sent that message, I decided to play around a > > bit. I had rearranged existing rules in the file yesterday to make > > su

Re: SA From header checks

- Original Message - > On Wed, 2016-08-10 at 17:04 -0500, Mike Ray wrote: > > Hello all- > > > > Must be doing something stupid here, but could use a second set of > > eyes and persons more knowledgeable than myself. > > > > None of my header c

SA From header checks

t; to match the whole address with no success. Anyone see what I'm missing? Thanks, Mike Ray

Re: RBL/SPF if header exists

is that I believe I would have to write a rule for every single RBL and keep those rules up to date whenever a new RBL is added or score updated by upstream. Is there any way of avoiding that? -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key35BC AF1D 3AA2 1F84

Re: RBL/SPF if header exists

the score, that would be sufficient. > You can fairly easily write a meta that reverses the score of each RBL > and SPF rule if your condition fires. Any chance you could point me to an example of how to do this? -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Ke

RBL/SPF if header exists

on a hardcoded per user or IP setting. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 signature.asc Description: Digital signature

Re: ancient perl versions

On 12/05/2014 09:38 AM, Noel Butler wrote: > pffft > > I see no problem, as like most developers if you cant reproduce it, then > its nothing to bother about, after all this time 2 ppl dont like a font > or whatever, your pissing up the wrong tree if you think I have a care > factor about changing

Re: Hacked Wordpress sites & Cryptolocker

>> I'm also getting WP phishing urls that end in "/", like so: >> >> ... /wp-includes/logs/ > > spample plz? > http://pastebin.com/yBLqTrYP

Re: Hacked Wordpress sites & Cryptolocker

> I'm testing versions that insist on .php and am getting very good > results. Thanks to the OP for pointing this out! I'm also getting WP phishing urls that end in "/", like so: ... /wp-includes/logs/ Presumably, this is the equivalent of /wp-includes/logs/index.php? -- Mike G

Re: refusing to untaint

in /etc/mail/spamassassin. Removing the .pre files and re-installing SA eliminated the warning. No bug. A configuration issue here. -- Mike G.

Re: refusing to untaint

> Please open a new bug. I'll try and make it a blocker for 3.4.1 if you > open it ASAP. Done.

Re: refusing to untaint

> Any chance you can try the very small patch in > https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7015 and see if > it's related? Still the same error after patching: Feb 26 15:24:07.130 [20964] warn: util: refusing to untaint suspicious path: "${exec_prefix}/lib"

refusing to untaint

cious path: "${exec_prefix}/lib" This is perl 5, version 18, subversion 1 (v5.18.1) built for x86_64-linux-thread-multi I'm guessing that the variable ${exec_prefix} should already have been evaluated? Can someone tell me what might be the problem? Thanks! -- Mike

Re: Huh? Variable length lookbehind?

ules. > Search for "Character set modifiers" in the perlre man page. > > So something like: > /(? should do with perl >= 5.14 . > > Better yet, avoid lookbehinds. > > Mark > Many thanks Marc - both suggestions solve my problem. -- Mike

Huh? Variable length lookbehind?

I have a problem with a rule on a newly installed relay on which --lint throws a warning on an old local rule, squawking about "Variable length lookbehind not implemented". I simplified the rule trying to discover the problem and it seems to be with the /i modifier: This rule does _not_ provoke

Re: Help eliminate false positive for Google Code notifications

Benny Pedersen wrote: > its was good since to many still use it :) In my case it was that the old rulesets were left behind long after the updates stopped; they kept getting transferred over through upgrades of SpamAssassin and Perl. Once I deleted them, all was well. Well, except that more spa

Re: Site Training via Redirect to a spam and/or ham mailbox

W T Riker wrote: > I suspect someone has already done this somewhere but I can't seem to > come up with the right key words in my search. I'd like to set up spam > and ham mailboxes to which all my users can redirect/bounce errors for > Bayes training for the site. Then I can run sa-learn via cron

Re: Help eliminate false positive for Google Code notifications

Axb wrote: > SARE rules are obsolete/unsupported/ancient/history/etc and shouldn't be > used. > Do yourself a favour and remove those files - will save you CPU cycles, > memory and lots of headaches. Heh, even easier than I thought. I think I had assumed that if I stopped fetching them, I would

Help eliminate false positive for Google Code notifications

Google Code sends out notifications from @googlecode.com. These notifications have Message-ID headers that start with two digits and a dash, triggering this rule: SARE_MSGID_DDDASH Message-ID has ratware pattern (9-, 9$, 99-) The rule was proposed in 2004: https://mail-archives.apache.org/mod_m

Re: sa-update: MIRRORED.BY is 404 for any channel

Martin wrote: > Do you have a MIRRORED.BY file in you spamassassin update directory? It > looks like it doesn't have the file with the mirrors in and instead is using > the file name. > > If so you could copy it over from your other box that's working. > Thanks; your suggestion worked. The wa

Re: sa-update: MIRRORED.BY is 404 for any channel

John Wilcock wrote: > > Jun 11 00:05:07.327 [43091] dbg: http: GET > > http://spamassassin.apache.org/updates/MIRRORED.BY"; request failed, > > retrying: 404 Not Found: > > 404 Not Found Not Found > > The requested URL /updates/MIRRORED.BY" was not found on this > > server. Apache/2.4.4 (U

sa-update: MIRRORED.BY is 404 for any channel

I'm running 3.3.2 on two FreeBSD 8.3 systems on different networks. Both systems are configured roughly identically with regard to SpamAssassin. One system runs Perl 5.16 (not sure if that matters) and can run sa-update without error, but the other runs Perl 5.12 and gets 404s when it tries to u

Re: X-Relay-Countries

> > Hmm I would do something like this (untested): > > header RELAY_NOT_US X-Relay-Countries =~ /\b(?!US)[A-Z]{2}\b/ > I've had to use, IIRC. X-Relay-Countries =~ /\b(?!US|XX)([A-Z]{2})\b/

Re: Question about TRACKER_ID

Martin Gregorie wrote: > On Fri, 2013-02-08 at 13:26 -0600, Mike Grau wrote: >> Hello folks. >> >> In 20_body_tests.cf (SA 3.3.2) there is this rule: >> >> body TRACKER_ID /^[a-z0-9]{6,24}[-_a-z0-9]{12,36}[a-z0-9{6,24}\s*\z/is >> >> What is the &quo

Question about TRACKER_ID

Hello folks. In 20_body_tests.cf (SA 3.3.2) there is this rule: body TRACKER_ID /^[a-z0-9]{6,24}[-_a-z0-9]{12,36}[a-z0-9{6,24}\s*\z/is What is the "\z" in the regex? This rule matches "". Is that as intended? Thanks! -- Mike

Re: KB_FAKED_THE_BAT

>> >> # grep Date: HEADERS | od -a >> 000 D a t e : sp ht T h u , sp 3 sp M a >> 020 y sp 2 0 1 2 sp 1 6 : 5 3 : 5 9 sp >> 040 + 0 7 0 0 nl >> 046vi H* >> >> This has been Russian language spam (charset koi8-r) wit

KB_FAKED_THE_BAT

RS | od -a 000 D a t e : sp ht T h u , sp 3 sp M a 020 y sp 2 0 1 2 sp 1 6 : 5 3 : 5 9 sp 040 + 0 7 0 0 nl 046vi H* This has been Russian language spam (charset koi8-r) with various flavors of X-Mailer: The Bat! -- Mike G.

How to get spam score by Windows command-line

ne. I appreciate any advice or suggestions. Thank you. - Mike

Re: RP_MATCHES_RCVD

On 07/28/2011 09:28 AM the voices made RW write: There seems to be a consensus that SPF and DKIM passes aren't worth significant scores. So how is it that RP_MATCHES_RCVD, scores -1.2 when it just a circumstantial version of what SPF does explicitly. For me it's hitting more spam that ham, and w

Excessive junk mail even after upgrade/update

inistration; so, any help is greatly appreciated. Thank you, Mike Gibson Sr. Network Engineer Select Tel Systems, Inc. 229.434.0540 Select Tel Systems On Time, Done Right, Guaranteed! (229) 434-0540

some custom rules query

, Mike

Re: Checking envelope sender

Hi Bowie, You wrote: > The .qf file is not visible to SpamAssassin.  SA only looks at the email > and headers.  If you want to reject/score based on the envelope sender, > you will need to either do it at the MTA level or find out if sendmail > puts the information into a header that SA can see.

Re: Checking envelope sender

Thanks for your interest in this topic. The part of mail.log and the qf file is at: http://pastebin.com/0QzqLxs1 This particular example has been marked as spam, but the sender's information didn't play a role in this classification. Re: Joseph Brennan: > Why doesn't sendmail reject it like it do

Checking envelope sender

sh words" <>> That results in my qf... file as line: S<"some rubbish words" <>> Any idea how I could write a rule in spamassassin to test this line? Thanks in advance, Mike

Re: Calling SpamAssassin from a Perl Web Form

these components. Any suggestions how to achieve this either via SA or otherwise (existing CPAN modules?) would be much appreciated, if anyone here is knowledgeable in this area. Yes, there will be some captcha stuff too but I see that as separate to the actual 'identifying spam content&#x

Calling SpamAssassin from a Perl Web Form

Seems like mainly the header rules would need to be disabled, and the body rules given more weighting. Is there an easy way to do this? Alternatively, perhaps I should just identify particular rules that are relevant and call the directly. Is this possible? Thanks for any help. mike

Re: FPs on FH_FAKE_RCVD_LINE_B

> > I believe the issue is that there are no brackets around the IP. The > line should look like this: > > Received: from [68.103.178.110] by webmail.east.cox.net; Mon, 28 Jun 2010 > 18:02:23 -0400 > > Ah, right! Thanks! ( Drat, sorry about the reply to poster rather than list. )

FPs on FH_FAKE_RCVD_LINE_B

\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s*by\s*[a-z0-9.]{4,24}\.[a-z0-9.]{4,36}\.(?:com|net|org|biz);\s*[SMTWF].{2},\s*\d{1,2}\s*[JFMASOND].{2,5}\s*\d{4}\s*\d{2}:\d{2}:\d{2}\s*[-+]\d{4}/i Thanks! -- Mike

Re: Blacklists Compared 17 October 2009

with zen.spamhaus.org and bl.spamcop.net. There is no noticable difference in the FP rate between them here and all three hit on a *lot* of spam. -- Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin Read my tech Blog - https://secure.grepular.com/ Follow me on Twitter -

Re: [sa] Re: Yahoo/URL spam

On 3/23/2010 2:49 PM the voices made Charles Gregory write: On Tue, 23 Mar 2010, Alex wrote: This is what I have: /^[^a-z]{0,10}(http:\/\/|www\.)(\w+\.)+(com|net|org|biz|cn|ru)\/?[^ ]{0,20}[a-z]{0,10}$/msi My bad. I got an option wrong. Please remove the 'm' above. I always get it backwards. A

Re: Zen.spamhous.org score for spam assassin...

A 208.73.210.27 m...@haven:~$ Wonder how many people that has tripped up in its time. -- Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin Read my tech Blog - https://secure.grepular.com/ Follow me on Twitter - http://twitter.com/mickeyc Hire me - http://cardwelli

Re: How to find where email server has been blacklisted

.0.10 127.0.0.2 is listed on no-more-funn.moensted.dk 127.0.0.2 127.0.0.2 is listed on ips.backscatterer.org 127.0.0.2 127.0.0.2 is listed on dnsbl-3.uceprotect.net 127.0.0.2 m...@haven:~$ It does the lookups concurrantly so it's quite quick. -- Mike Cardwell - Perl/Java/Web developer, Linux a

Re: is this right? uribl_dbl seems to have a very odd number

e DBL entries were added via sa-update yesterday, not added manually - > at least for me. That sounds like a big problem to me. -- Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin Read my tech Blog - https://secure.grepular.com/ Follow me on Twitter - http://twitter.com/mickeyc Hire me - http://cardwellit.com/ http://uk.linkedin.com/in/mikecardwell

Re: is this right? uribl_dbl seems to have a very odd number

4 range. > uridnssub URIBL_DBL dbl.spamhaus.org. A 2130706688 Yeah. You shouldn't be using it like that on 3.3.0. Go to http://www.spamhaus.org/dbl and look for SpamAssassin on the FAQ page. -- Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin Read my te

Re: UPS Delivery problem

On 03/03/2010 13:22, twofers wrote: I have 52 of these sitting in my inbox this morning when I came in to work. this is just the beginning. I get literally hundreds of these a day and Spamassassin does not even check them. Suggest you configure SpamAssassin to check them then. -- Mike

Re: Off Topic - SPF - What a Disaster

On 26/02/2010 14:20, LuKreme wrote: On 26-Feb-2010, at 07:13, LuKreme wrote: SPF_PASS 0.001 SPF_fail 5.0 whitelist_from_spf *...@ebay.com whitelist_from_spf *...@paypal.com You forgot "whitelist_from_spf *...@*.apache.org" -- Mike Cardwell: UK based IT Consultant, Perl develo

Re: Off Topic - SPF - What a Disaster

. If it *isn't* SPF protected, then for all you know it has been forged and blacklisting it might cause collateral damage. The positive aspects of *any* mail being "signed" with SPF, ham *or* spam, are so damn obvious, I don't know how you manage to mis-represent them so bl

Re: Bogus Dollar Amounts

mime parsing and decoding. You could score on the "koi8-r" charset. You could score on the fact the email came from South Korea. You could use the TextCat language plugin. -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Comp

RE: Off Topic - SPF - What a Disaster

7;re never going back. Same result, SPF is a good idea, but we certainly cannot afford to train other site's administrators, nor all of our customers, on SPF. Cheers, Mike, -Original Message- From: Jeff Koch [mailto:jeffk...@intersessions.com] Sent: Wednesday, 24 February 2010 9:38

Re: Newest spammer trick - non-blank subject lines?

> through because of people disliking Turing tests. Your assuming that my false positive rate is bad. I would be surprised if it was worse than the average on this list. It's very good. But if my additions knock 0.1% more off the rate, then I'm happy. Out. -- Mike Cardwell: UK b

Re: Newest spammer trick - non-blank subject lines?

On 11/02/2010 19:29, Ted Mittelstaedt wrote: > Secondly with regards to this reject-but-save system that Mike is > expounding on - it is an instance of a system that only works because > a few people (or one person) is doing it. It is totally worthless as > anything that can

Re: Spam filtering similar to SPF, less breakage

forwarding," would be, "Broken forwarding is incompatible with SPF." -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepular.com/ Spamalyser : Spam Tool - http://spamalyser.com/

Re: Newest spammer trick - non-blank subject lines?

scenario where the sender or recipient are actually worse off because of the particular two features I've described. You've failed to even attempt that so far. I know this system works well because I've been using it for a long time. -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepular.com/ Spamalyser : Spam Tool - http://spamalyser.com/

Re: Newest spammer trick - non-blank subject lines?

's fine, but it does cause problems during spikes. To me this just says that we don't have enough servers to deal with the spikes, but it happens infrequently enough that it's not worth investing. I still think SMTP time scanning is both practical and desirable. -- Mike

Re: Newest spammer trick - non-blank subject lines?

ction has finished would help prevent someone from performing a DOS. If you *can* do SMTP time spam scanning, then that's the best place for it. -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #0692022

Re: Newest spammer trick - non-blank subject lines?

y. Neither sender nor recipient would benefit from me removing those features from my system. -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepular.com/ Spamalyser : Spam Tool - http://spamalyser.com/

Re: Newest spammer trick - non-blank subject lines?

and that's always a risk. Providing the URL *might* provide benefit for *some* people. Again, the existance of the URL doesn't make either the sender or the recipient worse off in any way. You've failed to convince me. -- Mike Cardwell: UK based IT Consulta

Re: Newest spammer trick - non-blank subject lines?

uot;|spamassassin echo -ne "Subject:\nX-Foo: bar\n\nviagra CIALIS\n"|spamassassin -- Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https://secure.grepu

Re: Newest spammer trick - non-blank subject lines?

red and if they're human they can "unclassify" it as such. While the recipient isn't bothered by Spam, however if they're expecting a message which doesn't arrive due to spam filtering, they know they can just peak in their "Junk E-Mail" folder and it will be

Re: Newest spammer trick - non-blank subject lines?

filing a bug on the old code. I will continue to > observe and once the server is re-gened then if it keeps happening then > I'll look into it further. I'll probably have to run the server for a > few hours with SA turned off to get the raw spam, not something that is > going

  1   2   3   4   5   6   7   >