Re: Sought/Rules.yerp.org problem - Re: [Fwd: Cron /usr/share/spamassassin/sa-update.cron -D 2>&1 | tee -a /var/log/sa-update.log]

I hope Justin has no problems. if anybody has news, please share that with me. Le 15/02/2013 13:42, Kevin A. McGrail a écrit : > On 2/14/2013 6:35 PM, Emmett Culley wrote: >> Hi KAM, >> >> Can you give me a hint on who or what to contact. I don't know how >> those rules got into my system. It wa

Re: dynamically load url filtersI

Le 15/11/2012 22:16, Per-Erik Persson a écrit : > > Is there a way to add spamassin rules without editing the config > and reloading the process? > > To be more specific, I can set up a RBL of my own and add > suspicious servers found in the header, no problems to do that. > This can be done tod

Re: solved: Re: broken emails from techtarget/crn mag? omeda communications?

Le 26/07/2011 01:57, Michael Scheidell a écrit : > On 7/22/11 12:49 PM, Michael Scheidell wrote: >> On 7/22/11 12:08 PM, Michael Scheidell wrote: >>> On 7/22/11 12:04 PM, Bret Miller wrote: Well, I don't actually subscribe to any active techtarget lists, but I do still get marketing garba

Re: broken emails from techtarget/crn mag? omeda communications?

Le 22/07/2011 17:50, Michael Scheidell a écrit : > any of you subscribed to techtarget or crm emails? > > seems on june 16th or 17th, something broke. and I am trying to > determine if its something we did or something they did. no, it's much older than that. I can see a borked one dating back to

Re: [SOLVED] Re: date_received for previous hop

Le 19/02/2011 04:58, Frank Reppin a écrit : > Hi list, > > Ok - think of it as beeing solved. > I could make something 'useful' after > digging more in HeaderEval.pm. > did you take a look at the code that implements DATE_IN_FUTURE_* rules? > But later then... this raises another issue. > I'll

Re: new gappy domain campaign (w/sample)

Le 10/02/2011 10:09, Chip M. a écrit : > mouss wrote: >> with a stock config, and without Bayes, it now yields: > > Hmmm, interesting! > > Yes, all the "caught" spam here were due to RBL hits. > > Which begs the question, what SpamAssassin tests are h

Re: new gappy domain campaign (w/sample)

Le 09/02/2011 23:09, Chip M. a écrit : > There's an interesting new insecure-boy-drugs campaign that's > about 8% of our post-gateway traffic. It started early today. > > About 58% of these are sneaking thru (plain vanilla) SpamAssassin. > > The key features are: > three columns of vertic

Re: RFC-Ignorant (was Re: Irony)

Le 03/02/2011 22:51, Adam Moffett a écrit : > >> That's good. The only useful list (BogusMX) can be discovered without >> querying rfc-ignorant anyway. Just get the MX records for the sending >> domain (which are almost certainly in cache) and make sure they resolve >> to real IP addresses. >> >

Re: spamhaus dbl considered safe for mta blocking?

Le 27/01/2011 15:12, Michael Scheidell a écrit : > On 1/26/11 11:58 PM, Sahil Tandon wrote: >>> reject_rhsbl_sender dbl.spamhaus.org=127.0.1.2, >> Sound advice to advocate good practices, but in more recent version of >> Postfix, this should not be required. > eh? > > reject_rhsbl_sender dbl.spamh

Re: SPAM/Phish and Ham E-mail Dataset

Le 12/01/2011 23:02, Mahmoud Khonji a écrit : > I would highly appreciate if anyone is able to send me his SPAM/Ham email > collection. sigh. if you can't understand what "privacy" means, then you are part of the problem. > > I need it to train and test classifiers. you need to train with _yo

Re: Understanding TrustPath

Le 11/01/2011 22:07, Mark Martinec a écrit : >> Consider for a moment how hard it would be for an average spammer to >> spoof rDNS > > This has nothing to do with DNS. The trusted/internal/msa networks > only checks an IP address as it stands in an Received header field, > it does not check nor de

Re: Off topic: best RBLs to use to block at smtp connection?

Le 06/01/2011 00:48, Karsten Bräckelmann a écrit : > On Thu, 2011-01-06 at 00:27 +0100, mouss wrote: >> Le 05/01/2011 02:15, Karsten Bräckelmann a écrit : >>> On Tue, 2011-01-04 at 00:58 +0100, mouss wrote: > >>>> Recipient unknown: 5318 ( 73.

Re: Off topic: best RBLs to use to block at smtp connection?

Le 05/01/2011 17:00, Rob McEwen a écrit : > On 1/3/2011 6:58 PM, mouss wrote: >> as you can see, all DNSBLs but spamhaus are more or less useless. > > Mouss, > > [ignoring content filtering for a moment... per the original poster's > request] > > If one DNSBL

Re: Off topic: best RBLs to use to block at smtp connection?

Le 05/01/2011 02:15, Karsten Bräckelmann a écrit : > On Tue, 2011-01-04 at 00:58 +0100, mouss wrote: >> Le 03/01/2011 13:28, Jari Fredriksson a écrit : >>> >>> I want to secure a postfix site with rbls, no spamassassin at this >>> moment. (I use SpamAssassin

Re: Off topic: best RBLs to use to block at smtp connection?

Le 03/01/2011 13:28, Jari Fredriksson a écrit : > > I want to secure a postfix site with rbls, no spamassassin at this > moment. (I use SpamAssassin on other sites, and no RBLs at SMTP time, so > I'm not very experienced with this. SA has may RBL's, sure, but what to > use to kill them when seen?)

Re: NJABL is dead?

Le 29/12/2010 15:29, Jack L. Stone a écrit : > [snip] > All of my net checks are done at the MTA level > (sendmail) and none in SA -- it's turned off. What is the benefit of > checking twice? Maybe I missed the benefit. > - with some lists, you want to check the IPs found in the Received headers

Re: Single dot PTR

Le 29/12/2010 16:54, Jason Bertoch a écrit : > > I'm starting to see a (new to me) pattern of spam, and only spam, with > PTR records consisting of a single dot, such as: > > Received: from ejru38.pindmosel.info (. [184.154.78.38] (may be forged)) I used to block these and others in postfix: pc

Re: DNSBL for email addresses?

Le 23/12/2010 22:56, Bob Proulx a écrit : > mouss wrote: >> John Hardin a écrit : >>> Just out of curiosity, why? An MD5 hash is shorter than an SHA hash (an >>> important consideration when you're making lots of DNS queries of the >>> hash), MD5 is com

Re: DNSBL for email addresses?

Le 23/12/2010 19:40, Chris Owen a écrit : > On Dec 23, 2010, at 12:35 PM, mouss wrote: > >> do you really think there is a need to list email addresses? if yes, >> then may be you can define a subset instead of all possible addresses. >> after all, spammers don't use

Re: DNSBL for email addresses?

Le 14/12/2010 15:28, Marc Perkel a écrit : > Are there any DNSBLs out there based on email addresses? Since you can't > use an @ in a DNS lookup - how would you do DNSBL on email addresses? Is > there a standard? > you an still use something like john@example.com => john.doe._address.example

Re: DNSBL for email addresses?

Le 15/12/2010 00:52, John Hardin a écrit : > On Tue, 14 Dec 2010, Cedric Knight wrote: > >> So a hash is best, > > Agreed. > >> and I'd suggest SHA1 over MD5. > > Just out of curiosity, why? An MD5 hash is shorter than an SHA hash (an > important consideration when you're making lots of DNS que

Re: linkedin invitation spam

Le 13/12/2010 23:45, Martin Gregorie a écrit : On Mon, 2010-12-13 at 22:19 +0100, mouss wrote: Le 13/12/2010 10:38, Martin Gregorie a écrit : As others have said, it depends who sent it and why. Invitations sent specifically by people who know you aren't spam, but I've heard it sa

Re: linkedin invitation spam

Le 13/12/2010 10:38, Martin Gregorie a écrit : On Mon, 2010-12-13 at 08:17 +0100, Per Jessen wrote: mouss wrote: the sample posted by Michelle came to her via a debian list. debian lists are open (no subscription required) and thus attract a lot of spam. And whilst invitations such as those

Re: linkedin invitation spam

Le 13/12/2010 11:30, Michelle Konzack a écrit : Hello Per Jessen, Am 2010-12-12 22:03:34, hacktest Du folgendes herunter: Michelle Konzack wrote: 300-500 INVITE spams per day from more than 400 socialnetworks worldwide is realy annoying or better, I would call it terrorism. Just reject them

Re: linkedin invitation spam

Le 13/12/2010 15:33, Matus UHLAR - fantomas a écrit : Michelle Konzack wrote: 300-500 INVITE spams per day from more than 400 socialnetworks worldwide is realy annoying or better, I would call it terrorism. On 12.12.10 22:03, Per Jessen wrote: Just reject them all? Matus UHLAR - fantomas w

Re: linkedin invitation spam

10 09:04, Matus UHLAR - fantomas a écrit : now the question is, if we know it's an linkedin invitation, if we need to verify DKIM at all ;) On 13.12.10 09:52, mouss wrote: depends on your users. if it's your own hobby mail system, you can block linkedin, facebook, twitter, hotmail,

Re: linkedin invitation spam

stion is, if we know it's an linkedin invitation, if we need to verify DKIM at all ;) depends on your users. if it's your own hobby mail system, you can block linkedin, facebook, twitter, hotmail, yahoo, ... etc. nobody will complain ;-p mouss wrote: the sample posted by Michelle ca

Re: blacklist.mailrelay.att.net

Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit : How does it work? I just got blocked by the AT&T's blacklist (in contacting ab...@att.com, besides...), but I'm pretty sure my MX is not an open relay or other kind of nifty thing. Maybe AT&T blocks whole address bunches from which some hosts a

Re: linkedin invitation spam

Le 12/12/2010 23:35, haman...@t-online.de a écrit : Hello Greg Troxel, Am 2010-12-12 10:51:50, hacktest Du folgendes herunter: Trying to block this is a bit tricky, because when a user of one of these sites invites a specific person by entering an email address, it isn't really spam. The prob

Re: Sought False Positives

is a "public" mail. I'm going to zero the corresponding rules (I prefer false negatives, which help improving local rule, over false positives, exceptionally when I "can't explain why"). = FP sample Return-Path: Delivered-To: mouss+s...

Re: How do I get delisted from SORBS? [OT]

Le 07/10/2010 17:24, Marc Perkel a écrit : On 10/7/2010 7:56 AM, Matus UHLAR - fantomas wrote: * Marc Perkel: Got this listing on sorbs: On 07.10.10 16:33, Ralf Hildebrandt wrote: No idea. We also got listed and can't even find out why. It says "last occurence somedate.in.2006" - WTF? o

OT (Was: Unsubscribe / help footer at the bottom of messages to this list.)

Le 07/10/2010 23:28, John Hardin a écrit : On Thu, 7 Oct 2010, Karsten Br�ckelmann wrote: On Thu, 2010-10-07 at 11:11 +0200, Shlomi Fish wrote: before I unsubscribe I should note that the incoming messages from this list should have an Unsubscribe / How-to-get-help footer at teh bottom of th

Re: Identifying the real problem

Le 17/09/2010 00:34, Karsten Bräckelmann a écrit : [snip] I had in amavis-conf: $final_spam_destiny = D_BOUNCE; $final_banned_destiny = D_BOUNCE; should be much better like this: $final_spam_destiny = D_REJECT; $final_banned_destiny = D_REJECT; It was default with D_BOUN

Re: controlling channel order (Was: JM_SOUGHT_FRAUD)

Le 16/08/2010 15:53, Bowie Bailey a écrit : On 8/14/2010 5:51 PM, mouss wrote: Le 12/08/2010 00:37, Karsten Bräckelmann a écrit : On Wed, 2010-08-11 at 17:30 -0400, Bowie Bailey wrote: In case anyone else is following this... The sa-update process made things a bit more complex than

controlling channel order (Was: JM_SOUGHT_FRAUD)

Le 12/08/2010 00:37, Karsten Bräckelmann a écrit : On Wed, 2010-08-11 at 17:30 -0400, Bowie Bailey wrote: In case anyone else is following this... The sa-update process made things a bit more complex than simply renaming the file after updates. If that's all you do, then sa-update loses track

Re: Reject mail

Kai Schaetzl a écrit : > Thomas Höhlig wrote on Tue, 06 Apr 2010 14:24:58 +0200: > >> Can anyone tell me where i can find the option to deactivate the >> "answer-mail". > > Ask on the sa-exim list. > yes. and make sure not to confuse reject ("say go away") with bounce ("accept message, then la

Re: Learning Bayes

pm...@email.it a écrit : > Hi, in this page: http://wiki.apache.org/spamassassin/BayesInSpamAssassin > i read: * > > "Do not* train Bayes on different mail streams or public spam corpora. > These methods will mislead Bayes into believing certain tokens are > spammy or hammy when they are not." >

Re: What happened to SOUGHT rules' server?

Giampaolo Tomassoni a écrit : > It seems that the yerp.org www server is irresponsive. > > To my knowledge, that server was hosting the sought.rules.yerp.org update > channel. > > Anybody knows if it is a transient problem or if that channel moved > elsewhere? > it was working yesterday. most p

Re: MTX plugin functionally complete? Re: Spam filtering similar to SPF, less breakage

dar...@chaosreigns.com a écrit : > On 02/13, Matus UHLAR - fantomas wrote: >> So the only effect of MTX should be confirmation that a machine may send >> mail? > > Yes. > >> So why the complicated check for DNS record combining DNS name and IP? >> Why not simply requesting that machine has a "ma

Re: [Fwd: Delivery Status Notification (Failure)]

Jason Bertoch a écrit : > On 1/18/2010 6:38 PM, mouss wrote: >> David B Funk a écrit : >>> On Wed, 13 Jan 2010, Jason Bertoch wrote: >>> >>>> Can a list admin disable the spamassas...@hundredacrewood.willspc.net >>>> account as we're still g

Re: [Fwd: Delivery Status Notification (Failure)]

David B Funk a écrit : > On Wed, 13 Jan 2010, Jason Bertoch wrote: > >> Can a list admin disable the spamassas...@hundredacrewood.willspc.net >> account as we're still getting bounces? >> >> >> Original Message >> Subject: Delivery Status Notification (Failure) >> Date: Wed, 13 J

Re: [Fwd: Delivery Status Notification (Failure)]

jdow a écrit : > From: "Christian Brel" > Sent: Wednesday, 2010/January/13 07:40 > > >> On Wed, 13 Jan 2010 16:17:31 +0100 >> Matus UHLAR - fantomas wrote: >> >>> > On Wed, 13 Jan 2010 09:39:34 -0500 >>> > Jason Bertoch wrote: >>> > > Can a list admin disable the >>> > > spamassas...@hundredac

Re: Faked _From_ field using our domain - how to filter/score?

Callum Millard a écrit : > I'm sure there's a straight forward way of doing this, but after several of > hours searching, I can't find it. > > The problem is spam with a faked 'From:' field. Spammers are sending e-mails > to our domain with the 'From:' field set to a valid e-mail address from o

Re: How to tell if sa-update is actually running

R P Herrold a écrit : > On Fri, 8 Jan 2010, mouss wrote: > >> you can query DNS to get the "version" of the rules. for example: >> >> $ host -t txt "*.2.3.updates.spamassassin.org" >> *.2.3.updates.spamassassin.org descriptive text "895075&qu

Re: How to tell if sa-update is actually running

clem...@dwf.com a écrit : > How do I tell if sa-update is actually running? > I mean, yes, I can run it by hand and get no error messages, and with -D > I dont see any problems, still I feel that my stuff isnt current, and that > there > should be an update. > > Should I be getting a message in /

Re: The other side of whitelists - arbitrary blacklists

jdow a écrit : > At least one well respected ninja sort from this list is also a > volunteer SANS Internet Storm Cellar operator. These folks do not seem > to be in the least "inexperienced" in the ways of malware and malware > delivery. That is why I take that diary entry at face value. > maybe

Re: The other side of whitelists - arbitrary blacklists

jdow a écrit : > http://isc.sans.org/diary.html?storyid=7780 > > It can be quite frustrating to run an ISP and comply with the often > arbitrary, strange, and I suspect contradictory demands of the likes > of SORBS and Trend Micro. An ISP Abuse handler vents in this article. > from the text, the

Re: emailreg.org - tainted white list

Bill Landry a écrit : > Christian Brel, AKA "rich...@buzzhost.co.uk" (among other aliases), is > back... > > Bill he switched MUA, but forgot to switch "helo" and get a different IP range... Received-SPF: softfail (nike.apache.org: transitioning domain of brel.spamassassin091...@copperproducti

Re: emailreg.org - pretty good white list

jdow a écrit : > [snip] > > Per a discussion off the list the $20 is, as mentioned, pretty much a > captcha and as the web site declares, an inoculation against "domain > tasting" or 10 for a dollar .cn domains. The thousands of names > registration isn't going to get through either ReturnPath or

Re: Good reasons to dont use RBLs

Luis Daniel Lucio Quiroz a écrit : > Hi all, > > Again me, Well, in the security scope i use a principle that states that you > souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 > problem that is used to fixed with a Layer 3 solution (RBL). > > I'd like a brainsto

Re: Postfix Received header FP's and masscheck

Warren Togami a écrit : > I am trying to reconfigure my postfix server to get rid of false > positives in the masschecks. > > * I run my own postfix server at example.com. > * Several of my users have IMAP accounts on my server. They send their > outgoing mail via my server with SMTP-after-IMAP.

Re: spam from noave.net 74.63.109.*

Steve Prior a écrit : > I started getting spam that was distinctive for having two boxes - one > "Email Security Information" and one "Privacy Policy" and viewing source > indicated the mails came from a server at "noave.net" 74.63.109.*. > > I blocked 74.63.109.* and the spam stopped for a while

Re: OT bad news

Quanah Gibson-Mount a écrit : > --On Monday, October 05, 2009 11:50 PM +0200 mouss > wrote: > >> Thomas Mullins a écrit : >>> We have been running Spamassassin for maybe eight years now. But, my >>> coworkers do not like OpenSource. So they have finally comp

Re: OT bad news

Thomas Mullins a écrit : > We have been running Spamassassin for maybe eight years now. But, my > coworkers do not like OpenSource. So they have finally complained > enough that my boss is going to replace our reliable > FreeBSD/Spamassassin boxes. They are planning on purchasing something > tha

Re: New spamhaus list not included

RW a écrit : > On Sun, 04 Oct 2009 15:53:34 +0200 > Yet Another Ninja wrote: > > >> why "lastexternal" ? >> would you expect ham traffic from those IPs? and want to loose deeper >> header parsing? > > Right, although I doubt this list is going to be much use for > SpamAssassin. With zen being

Re: DNSWL and JMF White false positives, what to do exactly?

Karsten Bräckelmann wrote: > On Fri, 2009-10-02 at 00:08 +0200, mouss wrote: >> Karsten Bräckelmann wrote: >>> False positive. Something, that matches (positive) the criterion for a >>> certain test, but should not (false). > > I stand to what I said. > I

Re: DNSWL and JMF White false positives, what to do exactly?

RW wrote: > On Fri, 02 Oct 2009 00:14:52 +0200 > mouss wrote: > >> RW wrote: > >>> The term false-positive can apply to any test. A test for ham >>> that matches a spam is a false-positive, it's a matter of context. >> spam too can be (re)de

Re: DNSWL and JMF White false positives, what to do exactly?

RW wrote: > On Wed, 30 Sep 2009 23:35:31 +0200 > mouss wrote: > >> Warren Togami wrote: >>> I scanned my spam folders and found a few false positives that hit >>> on either DNSWL >> FP with DNSWL? >> >> FP = False Positive = legitimaite mai

Re: DNSWL and JMF White false positives, what to do exactly?

Karsten Bräckelmann wrote: > On Wed, 2009-09-30 at 23:35 +0200, mouss wrote: >> Warren Togami wrote: >>> I scanned my spam folders and found a few false positives that hit on >>> either DNSWL >> FP with DNSWL? >> >> FP = False Positive = legitim

Re: DNSWL and JMF White false positives, what to do exactly?

Warren Togami wrote: > I scanned my spam folders and found a few false positives that hit on > either DNSWL FP with DNSWL? FP = False Positive = legitimaite mail tagged as spam DNSWL = Whitelist if your system adds points because of dnswl, you have a serious problem. .. or do you mean FN (

Re: antispam comparison by virus bulletin

Justin Mason a écrit : > In fairness, they got in touch to ask for help in setting up a more > recent SA, but none of us (ie the PMC) had the spare cycles to help > out. Comparative third-party tests like this always take a lot of > hand-holding. We don't have the same kind of marketing budget as

Re: Rule PTR != localhost

LuKreme a écrit : > On 3-Sep-2009, at 15:33, mouss wrote: >> check_helo_hostname_access hash:/etc/postfix/access_host > > If but this in my smtpd_helo_restrictions (with a warn_if_reject for > right now), but where in the smtpd_recipient_restrictions do you > r

Re: Rule PTR != localhost

Clunk Werclick a écrit : > On Thu, 2009-09-03 at 01:36 -0400, Sahil Tandon wrote: >> On Thu, 03 Sep 2009, Clunk Werclick wrote: >> >>> I'm starting to see plenty of these and they are new to us: >>> >>> zgrep "address not listed" /var/log/mail.info >>> Sep 3 05:26:59 : warning: 222.252.239.56:

Re: sare channels

Gary Smith a écrit : >> Read the top of the rulesemporium site: >> >> http://www.rulesemporium.com/ >> >> SARE rules aren't being updated. Hence, sa-updating them is pointless. > > Is it still recommended to run the SARE rules? you should use 90_2tld_cf_sare_sa-update_dostech_net to avoid

Re: i need your indulgence

Dan Schaefer a écrit : > Karsten Bräckelmann wrote: >> On Fri, 2009-08-21 at 08:06 -0400, Dan Schaefer wrote: >> >>> Any ideas about this one, besides adding a score to match the subject? >>> >> >> Probably not a smart idea, since you insist on re-using that very >> subject for your list po

Re: HELO_DYNAMIC_IPADDR false positive

Matus UHLAR - fantomas a écrit : >>> On 19.08.09 00:48, mouss wrote: >>>> The name of the rule is worng, but the result is ok. Instead of >>>> "dynamic", I suggest: "UMO" for "Unidentifiable Mailing Object". whether >>>&g

Re: HELO_DYNAMIC_IPADDR false positive

t;>> print "Yes" } else { print "No" };' >>> Yes >>> >>> But the address doesn't appear to be in a dynamic block. And it >>> doesn't look like a dynamic address pattern to me. > > On 19.08.09 00:48, mouss wrote: &g

Re: Barracuda RBL in first place

Marc Perkel a écrit : > http://www.sdsc.edu/~jeff/spam/cbc.html > > It appears from Jeff's Blacklists Compared list the Barracuda has > overtaken spamhaus for the #1 position. Not sure about the accuracy of > the list as compared to spamhaus but seams reasonably good to me. I > don't really count

Re: HELO_DYNAMIC_IPADDR false positive

Bob Proulx a écrit : > The following header line: > > Received: from static-96-254-126-11.tampfl.fios.verizon.net [96.254.126.11] > by > windows12.uvault.com with SMTP; Wed, 12 Aug 2009 08:26:40 -0400 > > Hits the HELO_DYNAMIC_IPADDR rule. I tested it this way: > > $ perl -le 'if

Re: received-header: unparseable:

LuKreme a écrit : > On 16-Aug-2009, at 18:03, Chris wrote: >> Received: from spam05.embarq.synacor.com (LHLO >> smtpout01.embarq.synacor.com) (10.50.1.5) by md29.embarq.synacor.com >> with LMTP; Sun, 16 Aug 2009 19:19:56 -0400 (EDT) > > > LMTP? Seriously? Does anyone use that? Well, yes, evidentl

Re: received-header: unparseable:

Chris a écrit : > I keep seeing this when running some messages throught spamassassin -D > -t. Is this having an effect on whether or not short circuit works? > > received-header: unparseable: from spam01.embarq.synacor.com (LHLO > smtpout01.embarq.synacor.com) (10.50.1.1) by md29.embarq.synacor.

Re: blacklisting a forger

Terry Carmen a écrit : >> On Sat, 1 Aug 2009 19:33:40 -0400 >> "Terry Carmen" wrote: >> >>> The backscatter would not have been received, since the sender is on >>> a number of RBLs. >> It's the IP address of the botnet PC that's on the RBLs, the backscatter >> doesn't come from there, it comes fr

Re: Reply to:

twofers a écrit : > So what makes a spammer want to use a valid email address as a return or > reply-to address to catch all the undeliverable, failure and bounced > email that occures when sending UBE spam. > this is to beat those who use "sender verification"/sender callout/(whatever you name

Re: [OT] Re: Any one interested in using a proper forum?

Mike Cardwell a écrit : > Henrik K wrote: > >> >> Good for you. I've signed up for many mailing lists AND forums. There is >> nothing inherently better or worse in either of them, > > No that's wrong, they're quite different and both have advantages and > disadvantages. > so, it's YES, not NO.

Re: Any one interested in using a proper forum?

snowweb a écrit : > I don't know about anyone else, but I'm getting a bit hacked of with this > 1980's style forum. I'm trying to get to the bottom of an SA issue and this > list/forum thing is giving me a bigger headache than SA! > > Spamassassin has more than one or two users now and I personall

Re: Catch-22 unsubscribing from this list.

Steven W. Orr a écrit : > On 07/26/09 20:01, quoth RW: >> On Sat, 25 Jul 2009 18:07:12 -0400 >> "Michael W. Cocke" wrote: > >>> There doesn't seem to be a web interface to subscribe/unscribe from >>> this list. The email address >>> "users-unsubscr...@spamassassin.apache.org" complains that my

Re: United-MAP spam flood

Paweł Tęcza a écrit : > Hello Folks, > > Did you also get many spams from "United-MAP, a dynamic company with > rapid development, with a united team of professionals in its core."? :) > Or maybe this new spam flood is only Poland targeted? > or maybe we don't see them because they come from cli

Re: Avoid processing of email with specific headers

Jari Fredriksson a écrit : >> snip did you see this: >>> >> This is really a postfix question. Follow up on the >> postfix-users list if needed. did you see that? >> >> [snip] > > Got the following error, when tried that. I'm using stock postfix on Debian > Lenny w/ backports. > > > postf

Re: anchor forgery

Mike Cardwell a écrit : > Just checking through my Spam folder and I came across a message that > contained this in the html: > > href="http://www.kanotiser.se/images/logo.html";>https://www.paypal.co/us/webscr.php?cmd=_login-runcmd=_secure > > > > Yet, there was no mention of this obvious for

Re: Avoid processing of email with specific headers

Pietro a écrit : > In my installation, SA is called by Postfix. Any idea? Thanks in advance. > This is really a postfix question. Follow up on the postfix-users list if needed. you can skip filtering using header_checks. for example /^X-Spam-Status: Yes/ FILTER smtp:[127.0.0.1]:10025 assuming

Re: Spamassassin rules in a mysql database

Martin Gregorie a écrit : >> put any custom rules in the database, and modify the spamd? start >> scripts to write the custom rules to flat files. modify your update >> program to signal a spamd reload every time you modify the rules, or, >> use unison. we use unison (not for our VPS spam cluster

Re: copy spam mail to separate mailbox

Evan Platt a écrit : > At 11:22 AM 7/16/2009, you wrote: >> I have a postfix/SA setup and I was wondering if anyone knew how to >> COPY an email marked as spam instead of redirecting. >> Not this: >> /^X-Spam-Flag: YES/ REDIRECT spam...@example.com if you use amavisd-new, configure it to add a "

Re: trusted_networks and internal_networks

Jari Fredriksson a écrit : >> [snip] >> when I put your lines in my config, I only seethe >> 127.0.0.1/32 warning. >> > >>> >>> It looks like SA itself configured the trusted. > > I removed both the 127.0.0.1 AND 10/8 and this is happy again. It seems to > configure the internal networks as tru

Re: trusted_networks and internal_networks

Jari Fredriksson a écrit : > I tried with this: > > -(local.cf)--- > > internal_networks 10.0.0.0/8 > trusted_networks 10.0.0.0/8 127.0.0.1 > trusted_networks 212.16.98.0/24 212.16.100.0/24 62.142.0.0/16 195.197.172.98 > trusted_networks 195.74.0.0/16 213.192.189.2/24 217.30.188.0

Re: trusted_networks and internal_networks

Jari Fredriksson a écrit : >> MrGibbage a écrit : >>> #ps11651.dreamhostps.com and pelorus.org >>> internal_networks 75.119.219.171 >>> trusted_networks 75.119.219.171 #I think this is wrong >> no, it is not wrong. the documentation says: >> >> Every entry in "internal_networks" must appear in >> "

Re: trusted_networks and internal_networks

MrGibbage a écrit : > I have read the help pages for those two settings over and over, and I guess > I'm just not smart enough. I can't figure out what I should put for those > two settings. Can one of you give me a hand by looking at the headers from > an email? I can tell you that my SA instal

Re: SA RegEx Rules

Cory Hawkless a écrit : > Hi all, > > > > Been doing some reading on RegEx and even coming from a programming > background it is a bit intimidating, my problem is I haven’t been able > to find a good source of information on exactly what\how SpamAssassin > matches the RegEx rules when scanning

Re: SORBS bites the dust

James Wilkinson a écrit : > mouss wrote (about the PBL): >> stop spreading FUD. if you know of false positives, show us so that we >> see what you exactly mean. >> >> a lot of people, including $self, use the PBL at smtp time. > > As usual, it depends on y

Re: [sa] Re: SORBS bites the dust

Charles Gregory a écrit : > On Wed, 24 Jun 2009, Matus UHLAR - fantomas wrote: >>> somewhat hesitant to use spamcop as our own servers once had a brief >>> listing with them (and it wasn't due to spam). >> Got more info? > > Sadly, we're dealing with my aging memory. :) > > While I cannot remembe

Re: SORBS bites the dust

Res a écrit : > On Tue, 23 Jun 2009, mouss wrote: > >> payment were only needed for spam, not for "dul" > > not really :) despite what their site said/says.. its kind of a > detterent i think sunno we never paid > This is wrong. if you have evidence, show

Re: SORBS bites the dust

Gary Smith a écrit : > If you follow the unlisting proceedure and meet all of the requirements, then > you get unlisted. As with all things, it just takes a little patients. > After converting my IP's over from my ISP to my DNS servers, I was listed > (because the ISP no longer listed us a sta

Re: SORBS bites the dust

Charles Gregory a écrit : > On Mon, 22 Jun 2009, rich...@buzzhost.co.uk wrote: >> Really? Personally I find the PBL just kicks its ass. > > When I did my research for setting up RBL's, I found old comparisons > between RBL's that seemed to indicate that the spamhaus PBL and the > spamcop lists had

Re: New www.medsXX.net spam

John Hardin a écrit : > On Fri, 2009-06-19 at 09:24 -0700, John Hardin wrote: >> On Fri, 2009-06-19 at 16:21 +0200, Paweł Tęcza wrote: > body AE_MEDS35 /w{2,4}\s{0,4}meds\d{1,4}\s{0,4}(?:net|com|org)/ >>> I've just noticed "missing" 'i' switch for your rule regexp. Is it a bug >>> or a fe

Re: interesting phish for yahoo credentials or stupid spammer

Michael Scheidell a écrit : > spam, with a url link in it that opens up a yahoo.com web mail page and > asks for yahoo.com credentials. > > don't know how that can help spammer, unless spammer is looking to only > get email from yahoo.com users. > > see line 119 (highighted) > > http://pastebin.

Re: Hostkarma whitelist problem

Bowie Bailey a écrit : > I couldn't find any place on junkmailfilter website to report this, so > I'll put it here. > > I received a 419 scam email with this whitelist hit: > so what? I keep getting 419 from google, yahoo, ... but they are still whitelisted. and anyway, fighting 419 is not easy

Re: [sa] Re: BOTNET timeouts?

Bill Landry a écrit : >> Bill Landry a écrit : >>> Res wrote: On Sat, 13 Jun 2009, Charles Gregory wrote: > On Sun, 14 Jun 2009, Res wrote: >> Though now its Sunday, I have socialising to do, and none of that >> includes sitting on mailing lists listening to cry babies who exp

Re: List headers and footers [Re: Unsubscribe]

RW a écrit : > On Sun, 14 Jun 2009 13:20:21 +0200 > mouss wrote: > > >> I am not as convinced as you: >> >> - this modifies the body, thus breaking signatures. when mail gets >> back to the same domain (sender and final recipient in same domain), >>

Re: List headers and footers [Re: Unsubscribe]

David Gibbs a écrit : > Bill Landry wrote: >> This may be true if the sender were adding the footer before signing and >> sending the message to the list. However, not true if it's the mailing >> list that is adding the footer after the original sender has already >> signed the message. > > As I

Re: [sa] Re: BOTNET timeouts?

Bill Landry a écrit : > Res wrote: >> On Sat, 13 Jun 2009, Charles Gregory wrote: >> >>> On Sun, 14 Jun 2009, Res wrote: Though now its Sunday, I have socialising to do, and none of that includes sitting on mailing lists listening to cry babies who expect people involved in OSSP's to

Re: backscatter from dnswl

a...@ibcsolutions.de a écrit : > Excerpts from Charles Gregory's message of Thu Jun 11 07:13:02 -0700 2009: >> How many accounts are we talking about here? >> If it is just one or two addresses, and the user(s) being 'spoofed' have >> distinctive *names* on their genuine 'From' headers, then you ca

  1   2   3   4   5   6   7   8   9   10   >