On 2020-05-14 08:43, Matus UHLAR - fantomas wrote:
ACK! Thanks.
"-- " contains one space at the end and has to be on separate line.
no signature, no problem
>On Wednesday, May 13, 2020, 10:27:15 AM GMT+2, Matus UHLAR - fantomas
wrote:
>maybe there are some pieces of anti-malware SW that check websites
.>..and maybe they need to be payed for
On 13.05.20 08:36, Pedro David Marco wrote:
So they know those website are dangerous and even so they all
On 2020-05-13 19:14, RALPH HAUSER wrote:
PLEASE TAKE ME OFF OF THIS EMAIL LIST! I DONT KNOW WHY OR HOW I GOT ON
THIS LIST! NO MATTER WHAT I DO I CANNOT STOP THESE EMAILS! PLEASE
SOMEONE RRMOVE ME FROM ALL OF THESE EMAIL LISTS!
sure all on this list here can remove you
please do your own homewo
PLEASE TAKE ME OFF OF THIS EMAIL LIST! I DONT KNOW WHY OR HOW I GOT ON THIS
LIST! NO MATTER WHAT I DO I CANNOT STOP THESE EMAILS! PLEASE SOMEONE RRMOVE ME
FROM ALL OF THESE EMAIL LISTS!
> On May 12, 2020, at 10:11 PM, Pedro David Marco
> wrote:
>
>
>
>
> >On Tuesday, May 12, 2020, 02:16:5
>On Wednesday, May 13, 2020, 10:27:15 AM GMT+2, Matus UHLAR - fantomas
wrote:
>maybe there are some pieces of anti-malware SW that check websites
.>..and maybe they need to be payed for
So they know those website are dangerous and even so they allow them???
>maybe you should use the co
>On Tuesday, May 12, 2020, 02:16:52 PM GMT+2, micah anderson
wrote:
We receive a *huge* amount of phishing attempts from firebasestorage. My
regular routine is to wake up, and report these to google safebrowsing,
but it doesn't seem to have much of an effect.
There *are* occasional, like 1%,
>On Tuesday, May 12, 2020, 02:16:52 PM GMT+2, micah anderson
wrote:
>We receive a *huge* amount of phishing attempts from firebasestorage. My
>regular routine is to wake up, and report these to google safebrowsing,
>but it doesn't seem to have much of an effect.
>There *are* occasional, l
Riccardo Alfieri writes:
> Yes, we are seeing an awful lot of phishing sites hosted under
> https://firebasestorage.googleapis.com
>
> I'd say that 99% of them can be catched by a simple regex though, but I
> don't know how common those firebasestorage URLs are in normal emails..
> I personall
On 2020-05-12 10:15, Riccardo Alfieri wrote:
Yes, we are seeing an awful lot of phishing sites hosted under
https://firebasestorage.googleapis.com
i got sample of this now
I'd say that 99% of them can be catched by a simple regex though, but
I don't know how common those firebasestorage URLs
On 12/05/20 01:12, Benny Pedersen wrote:
is others see spam from googleapis.com urls ?
its currently url skipped, but i unskipped it localy to see tracking
of it
i have maked my clamav reject html attachments from today
Yes, we are seeing an awful lot of phishing sites hosted under
https
apache.org
Subject: Re: google as biggest botnet, no kidding
On 2020-05-12 01:30, Kevin A. McGrail wrote:
> The use of googleapis in spam is something we are seeing as well. We
> unskipped it a bit ago in KAM.cf
good to know i am not alone on this
i begin to think of make my own rule scor
On 2020-05-12 01:30, Kevin A. McGrail wrote:
The use of googleapis in spam is something we are seeing as well. We
unskipped it a bit ago in KAM.cf
good to know i am not alone on this
i begin to think of make my own rule scores for own rules, but i have
never learned how to make it work, stil
The use of googleapis in spam is something we are seeing as well. We
unskipped it a bit ago in KAM.cf
On 5/11/2020 7:12 PM, Benny Pedersen wrote:
>
> is others see spam from googleapis.com urls ?
>
> its currently url skipped, but i unskipped it localy to see tracking
> of it
>
> i have maked my
is others see spam from googleapis.com urls ?
its currently url skipped, but i unskipped it localy to see tracking of
it
i have maked my clamav reject html attachments from today
Am 25.02.2015 um 19:27 schrieb Benny Pedersen:
On February 25, 2015 7:22:40 PM John Hardin wrote:
That risks whack-a-mole. Are all of the spams referencing the same host,
and is that host *not* already hitting URIBL_BLACK?
i long time dropped uribl_black since so much spam is not listed,
se
W dniu 2015-02-25 o 19:17, Benny Pedersen pisze:
> On February 25, 2015 2:55:16 PM Marcin Mirosław wrote:
>
>> http://pastebin.com/bAm2yk8z , http://pastebin.com/6zLjMtM8 .
>
> blacklist_uri_host businessanalyse.be
> blacklist_uri_host 143businesssecrets.com
>
> and blacklist_from domains that
On February 25, 2015 7:22:40 PM John Hardin wrote:
That risks whack-a-mole. Are all of the spams referencing the same host,
and is that host *not* already hitting URIBL_BLACK?
i long time dropped uribl_black since so much spam is not listed, sending
samples to them takes more time then edit
On Wed, 25 Feb 2015, Benny Pedersen wrote:
On February 25, 2015 2:55:16 PM Marcin Mirosław wrote:
http://pastebin.com/bAm2yk8z , http://pastebin.com/6zLjMtM8 .
blacklist_uri_host businessanalyse.be
blacklist_uri_host 143businesssecrets.com
That risks whack-a-mole. Are all of the spams re
On February 25, 2015 2:55:16 PM Marcin Mirosław wrote:
http://pastebin.com/bAm2yk8z , http://pastebin.com/6zLjMtM8 .
blacklist_uri_host businessanalyse.be
blacklist_uri_host 143businesssecrets.com
and blacklist_from domains that have spf-pass
Hi!
As I mentioned earlier I'm (and not only me but other users &postmasters
in Poland) getting a lot of spam from botnet. Usually it gets high
scores but from time to time spam is delivered to mailbox. Because this
spam is sended to many mailservers I think it could be worth to create
of
Congrats on these complete and comprehensible sentences. Must have taken
longer to write this reply, than throwing together your original
question.
On Sun, 2014-07-27 at 17:30 -0500, Chris wrote:
> I pasted the message headers, if you had wanted the SA headers also I
> would have provided them but
On Mon, 2014-07-28 at 00:21 +0200, Karsten Bräckelmann wrote:
> On Sun, 2014-07-27 at 16:06 -0500, Chris wrote:
> > On Sun, 2014-07-27 at 22:21 +0200, Karsten Bräckelmann wrote:
>
> > > Please do use line-breaks where appropriate.
> > >
> > > Also, we'll need the sample, at least the full headers
On Sun, 2014-07-27 at 16:06 -0500, Chris wrote:
> On Sun, 2014-07-27 at 22:21 +0200, Karsten Bräckelmann wrote:
> > Please do use line-breaks where appropriate.
> >
> > Also, we'll need the sample, at least the full headers. Put them up a
> > pastebin and provide the link.
>
> Link to the header
On Sun, 2014-07-27 at 22:21 +0200, Karsten Bräckelmann wrote:
> On Sun, 2014-07-27 at 13:08 -0500, Chris wrote:
> > I keep getting BOTNET scores on Fox News Breaking News alerts from
> > FoxNews.com
> > in /etc/mail/spamassassin/my-whitelis.cf I have this line -
> &g
On Sun, 2014-07-27 at 13:08 -0500, Chris wrote:
> I keep getting BOTNET scores on Fox News Breaking News alerts from
> FoxNews.com
> in /etc/mail/spamassassin/my-whitelis.cf I have this line -
> whitelist_from_rcvd foxn...@newsletters.foxnews.com
> newsletters.foxnews.com I'v
I keep getting BOTNET scores on Fox News Breaking News alerts from
FoxNews.com
in /etc/mail/spamassassin/my-whitelis.cf I have this line -
whitelist_from_rcvd foxn...@newsletters.foxnews.com
newsletters.foxnews.com I've added this line to the BOTNET.cf file in
the same dire
On Fri, 2012-11-23 at 02:25 +, Chih-Cherng wrote:
> Martin Gregorie gregorie.org> writes:
>
> >
> > On Tue, 2012-11-20 at 01:26 +, Chih-Cherng wrote:
> >
> > > Notification help raise victims' security
> > > awareness, and motivate them to fix vulnerabilites within their computers.
> >
Martin Gregorie gregorie.org> writes:
>
> On Tue, 2012-11-20 at 01:26 +, Chih-Cherng wrote:
>
> > Notification help raise victims' security
> > awareness, and motivate them to fix vulnerabilites within their computers.
> >
> I have my doubts about this. I have friends who help at retiree'
> It would likely be a good idea to block IP's in this list from using
> authenticated SMTP to relay not?
Definitely not. We did so one week for testing. And had a lot of trouble with
customers espacially using mobile/smartphones.
Don't do this. This rbl does only make sense if you have diff
On 11/21/2012 01:44 AM, Matt wrote:
Spamhaus already do this. It's called the Exploits Block List (XBL):
http://www.spamhaus.org/xbl/
To quote:
The Spamhaus Exploits Block List (XBL) is a realtime database of IP
addresses of hijacked PCs infected by illegal 3rd party exploits, including
open p
At 16:44 20-11-2012, Matt wrote:
authenticated SMTP to relay not? Is there a way in apache .htaccess
to block access based on xbl.spamhaus.org? I want to block exploited
IP's from webmail etc as well.
http://www.lucaercoli.it/mod_spamhaus.html
Regards,
-sm
> Spamhaus already do this. It's called the Exploits Block List (XBL):
>
> http://www.spamhaus.org/xbl/
>
> To quote:
>
> The Spamhaus Exploits Block List (XBL) is a realtime database of IP
> addresses of hijacked PCs infected by illegal 3rd party exploits, including
> open proxies (HTTP, socks, An
On 11/20/12 4:51 PM, Dave Warren wrote:
Don't get me wrong, outbound spam filtering is a great idea, but it
should be done by the MSA, not at the ISP level as ISPs have no clue
as to what type of activity is legitimate or not for a particular user.
On 20/11/12 20:26, Cathryn Mataga wrote:
Easy enough to block #25 by default -- turn it on for anyone who asks.
Indeed.
I think the idea of a botnet black hole list is great, really.
Spamhaus already do this. It's called the Exploits Block List (XBL):
http://www.spamhaus.org/xbl
On 11/20/2012 07:17, David F. Skoll wrote:
Would you approve of a Ralph Nader-like approach of suing Microsoft
for knowingly producing defective and insecure software? Detroit was
shamed, bullied and sued into improving the safety of its cars; do you
think that could work with Microsoft?
Given
On 11/20/2012 04:29, Jason Ede wrote:
However, ISP's blocking smtp ports for suspected spammers would help... Ideally
they'd block all traffic on port 25 or 587 not sent through their SMTP engine
which would do some basic spam checks...
Please don't ever suggest blocking port 587. Using port
turn it on for anyone who asks.
I think the idea of a botnet black hole list is great, really. Best if
support could be integrated into routers, though maybe enough to start
just to make a linux/unix program to do this to prove the concept.
Would be handy for online forums where the bots a
On 11/20/2012 12:37 PM, David F. Skoll wrote:
Ignorance is no defence, at least in the UK.
In Canada, ignorance of the law is no defence, but ignorance of the
facts is. In other words, if you're completely ignorant of the fact
that your computer is a botnet member, it could be a defen
On Tue, 20 Nov 2012, Robert A. Ober wrote:
On 11/20/12 6:29 AM, Jason Ede wrote:
However, ISP's blocking smtp ports for suspected spammers would help...
Ideally they'd block all traffic on port 25 or 587 not sent through their
SMTP engine which would do some basic spam checks...
___
that they were unaware of the infection and lacked the technical
> > know-how to prevent it or clean it up.
> Ignorance is no defence, at least in the UK.
In Canada, ignorance of the law is no defence, but ignorance of the
facts is. In other words, if you're completely ignorant of th
On 20/11/12 15:17, David F. Skoll wrote:
On Tue, 20 Nov 2012 15:10:57 +
Ned Slider wrote:
Personally I'd like to see some large corporates go after some
infected home users in the courts for wilful damage.
I think they'd lose. Most home users could make a compelling case
that they were
On Tue, 2012-11-20 at 10:14 -0600, Robert A. Ober wrote:
> Which might block my legitimate server and some of my clients who are on
> Comcast Business. This has been brought up frequently but is a bad
> idea. Too often folks in larger organizations forget about us little guys.
>
So you think
On 11/20/12 6:29 AM, Jason Ede wrote:
However, ISP's blocking smtp ports for suspected spammers would help... Ideally
they'd block all traffic on port 25 or 587 not sent through their SMTP engine
which would do some basic spam checks...
Which might block
On Tue, 20 Nov 2012 15:10:57 +
Ned Slider wrote:
> Personally I'd like to see some large corporates go after some
> infected home users in the courts for wilful damage.
I think they'd lose. Most home users could make a compelling case
that they were unaware of the infection and lacked the t
On 20/11/12 14:30, David F. Skoll wrote:
On Tue, 20 Nov 2012 14:26:49 +
Martin Gregorie wrote:
Nah, prevent all connections except HTML and SMTP/POP3 to the ISPs
help desk and set of 'clean your act up' pages, so they can't ignore
the mess their computer is in.
And have escalating charge
On Tue, 20 Nov 2012 14:26:49 +
Martin Gregorie wrote:
> Nah, prevent all connections except HTML and SMTP/POP3 to the ISPs
> help desk and set of 'clean your act up' pages, so they can't ignore
> the mess their computer is in.
And have escalating charges for reinstating Internet access after
On Tue, 2012-11-20 at 12:29 +, Jason Ede wrote:
> However, ISP's blocking smtp ports for suspected spammers would
> help... Ideally they'd block all traffic on port 25 or 587 not sent
> through their SMTP engine which would do some basic spam checks...
>
Nah, prevent all connections except HTM
Message-
>> From: Martin Gregorie [mailto:mar...@gregorie.org]
>> Sent: 20 November 2012 11:29
>> To: users@spamassassin.apache.org
>> Subject: Re: How to report a spam botnet
>>
>> On Tue, 2012-11-20 at 01:26 +, Chih-Cherng wrote:
>>
>>> No
On Tue, 20 Nov 2012 12:29:00 +
Jason Ede wrote:
> However, ISP's blocking smtp ports for suspected spammers would
> help... Ideally they'd block all traffic on port 25 or 587 not sent
> through their SMTP engine which would do some basic spam checks...
They shouldn't (and typically don't) bl
.org]
> Sent: 20 November 2012 11:29
> To: users@spamassassin.apache.org
> Subject: Re: How to report a spam botnet
>
> On Tue, 2012-11-20 at 01:26 +, Chih-Cherng wrote:
>
> > Notification help raise victims' security awareness, and motivate them
> > to fix vul
On Tue, 2012-11-20 at 01:26 +, Chih-Cherng wrote:
> Notification help raise victims' security
> awareness, and motivate them to fix vulnerabilites within their computers.
>
I have my doubts about this. I have friends who help at retiree's
computer clubs and with disinfecting their friend's c
Michael Monnerie is.it-management.at> writes:
>
> [crosspost postfix-users and spamassassin-users]
>
> Am Sonntag, 18. November 2012, 14:08:08 schrieb Michael Monnerie:
> > How should we report those IPs, is there a "anti botnet unit"
> > somewhere?
>
On 19/11/12 06:18, Michael Monnerie wrote:
[crosspost postfix-users and spamassassin-users]
Am Sonntag, 18. November 2012, 14:08:08 schrieb Michael Monnerie:
How should we report those IPs, is there a "anti botnet unit"
somewhere?
Lets concentrate back on the subject, I got t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We are probably a little bit off topic here but it is an interesting
subject.
My experience is that reporting a suspected bot is only effective if the
receiver is a larger university or similair institution.
If some RBL provider wants to accept my li
nothing to cope with the biggest shit?
A botnet is, first of all, a large collection of independent computers,
often from all over the world. Many will be home machines, and a large
proportion of these will have changing IP addresses.
Now, if you get access to the bot herder, you could probably have
Am 19.11.2012 07:18, schrieb Michael Monnerie:
> [crosspost postfix-users and spamassassin-users]
>
> Am Sonntag, 18. November 2012, 14:08:08 schrieb Michael Monnerie:
>> How should we report those IPs, is there a "anti botnet unit"
>> somewhere?
>
> Lets c
On 11/19/2012 07:18 AM, Michael Monnerie wrote:
[crosspost postfix-users and spamassassin-users]
Am Sonntag, 18. November 2012, 14:08:08 schrieb Michael Monnerie:
How should we report those IPs, is there a "anti botnet unit"
somewhere?
Lets concentrate back on the subject, I got t
[crosspost postfix-users and spamassassin-users]
Am Sonntag, 18. November 2012, 14:08:08 schrieb Michael Monnerie:
> How should we report those IPs, is there a "anti botnet unit"
> somewhere?
Lets concentrate back on the subject, I got this answer:
> normally it makes no sens
Am 18.11.2012 19:35, schrieb Robert Schetterer:
> Am 18.11.2012 14:08, schrieb Michael Monnerie:
>> We've got one users e-mail password hacked, and at the sime time a lot
>> of different IPs started to use that address. Here is the list. How
>> should we report those IP
Am 18.11.2012 14:08, schrieb Michael Monnerie:
> We've got one users e-mail password hacked, and at the sime time a lot
> of different IPs started to use that address. Here is the list. How
> should we report those IPs, is there a "anti botnet unit" somewhere?
> What
We've got one users e-mail password hacked, and at the sime time a lot
of different IPs started to use that address. Here is the list. How
should we report those IPs, is there a "anti botnet unit" somewhere?
What is the best way to fight it?
008.021.006.226
014.139.187.017
On Wed, 14 Mar 2012, David B Funk wrote:
One clue: "X-Originating-IP: [41.189.207.189]"
Check the various RBL hits on that address. ;)
Are there existing plugins for this?
Is there a way to check a range to see if it's part of a known
blacklisted botnet?
The "
in metas with other
spammy characteristics is good.
One clue: "X-Originating-IP: [41.189.207.189]"
Check the various RBL hits on that address. ;)
Are there existing plugins for this?
Is there a way to check a range to see if it's part of a known
blacklisted botnet?
The "cbl.a
On 15/03/12 00:39, Alex wrote:
One clue: "X-Originating-IP: [41.189.207.189]"
Check the various RBL hits on that address. ;)
Are there existing plugins for this?
Is there a way to check a range to see if it's part of a known
blacklisted botnet?
Or if you don't exp
are obviously pretty frequent, but I don't think
0.5 would be too much to push ham to spam.
>> One clue: "X-Originating-IP: [41.189.207.189]"
>> Check the various RBL hits on that address. ;)
Are there existing plugins for this?
Is there a way to check a range to see
On 14/03/12 03:09, David B Funk wrote:
On Tue, 13 Mar 2012, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic
On 14/03/12 03:09, David B Funk wrote:
On Tue, 13 Mar 2012, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic
On 14/03/12 02:36, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic in the message.
We need more examples.
On Tue, 13 Mar 2012, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic in the message.
We need more examples.
Hi,
>>> http://pastebin.com/raw.php?i=iquXBnH0
>>
>>> While I could create a rule to block this specific domain, or submit
>>> it to a RBL, I'd appreciate any ideas how to more generally block
>>> them, rather than by one characteristic in the message.
>>
>> We need more examples.
>
> That just oc
Hi,
>> http://pastebin.com/raw.php?i=iquXBnH0
>
>> While I could create a rule to block this specific domain, or submit
>> it to a RBL, I'd appreciate any ideas how to more generally block
>> them, rather than by one characteristic in the message.
>
> We need more examples.
That just occurred to
On 03/13, Alex wrote:
> http://pastebin.com/raw.php?i=iquXBnH0
> While I could create a rule to block this specific domain, or submit
> it to a RBL, I'd appreciate any ideas how to more generally block
> them, rather than by one characteristic in the message.
We need more examples.
> Maybe this
this is addressed in v3.4? Any way to determine what botnet it
is a part of?
Ideas greatly appreciated.
Thanks,
Alex
> Date: Mon, 17 Oct 2011 19:10:28 -0400
> From: dar...@chaosreigns.com
> To: users@spamassassin.apache.org
> Subject: Re: Why doesn't anything at all get these botnet spammers?
>
> On 10/15, Jenny Lee wrote:
> > fwoicka odrp jbguybf etvwmbwm
> > i aluaw
On Mon, 17 Oct 2011 18:07:15 +, Jenny Lee wrote:
Every 2nd of my emails to this list from hotmail is returning as a
nondeliverable. Hotmail does not give any info as to what failed but
I
am assuming it is the SPAM filters of the mailing list. Well done!
X-Spam-Status No, score=-4.445 tag
ting. It doesn't sound likely to be very profitable.
On 10/17, Jenny Lee wrote:
>What baffles me is why it takes so long for RBLs to catch up on the
>URL.
Are you reporting them?
On 10/17, Jenny Lee wrote:
>Why bother trying to defeat 1/4 of botnet SPAM? I was getting
> One way you can get rid of about 1/4 of your botnet spam is to set your
> highest numbered MX record as follows:
>
> tarbaby.junkemailfilter.com
Why bother trying to defeat 1/4 of botnet SPAM? I was getting rid of *all* of
it with greylisting since 3-4 years. No need for bo
On Mon, 17 Oct 2011, Jenny Lee wrote:
[snip..]
> What baffles me is why it takes so long for RBLs to catch up on the URL. He
> was spamming me (i have different domains) for a good one month before his
> URL got dropped into an RBL, another one was never in an RBL. Perhaps I am
> misunderstandi
One way you can get rid of about 1/4 of your botnet spam is to set your
highest numbered MX record as follows:
tarbaby.junkemailfilter.com
It always returns a 4xx error but it does two things. Botnets often try
the highest MX first - and they don't retry. So 1/4 or so of your botnet
On 10/17/2011 3:15 PM, Jenny Lee wrote:
> > Date: Mon, 17 Oct 2011 19:26:21 +0100
> > From: n...@unixmail.co.uk
> >
> > X-ASF-Spam-Status: No, hits=9.8 required=10.0
> >
> tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,URIBL_BLACK,URIBL_SBL
>
> Just becaus
On Mon, 17 Oct 2011, David B Funk wrote:
However you need to be careful how you craft/use this kind of rule.
I regularly get legit messages with subjects like:
New ProTrav - Req Trav, Fac/Stf
Re: [Imap-protocol] FETCH (rfc822) response
SANS NewsBites Vol. 13 Num. 81 : Military Drone Cockpit
On Mon, 17 Oct 2011, Mynabbler wrote:
John Hardin wrote:
On Sat, 2011-10-15 at 15:38 -0700, John Hardin wrote:
Check out SUBJ_OBFU_PUNCT in my sandbox. Awaiting masscheck, but we'll
have to be quick to see the actual results... :)
I wrote a couple a days ago about these subjects, did not g
> Date: Mon, 17 Oct 2011 19:26:21 +0100
> From: n...@unixmail.co.uk
> To: users@spamassassin.apache.org
> Subject: Re: Why doesn't anything at all get these botnet spammers?
>
> On 17/10/11 19:07, Jenny Lee wrote:
> >
> > Every 2nd of my emails to this
On Mon, 17 Oct 2011, Christian Grunfeld wrote:
> Yeah, you catch my point !
>
> I think it's easier to find a non-alphanum character than trying to
> decode/desobfucate/guess the subject hidden word !
>
> Why do we have to waste resources in trying to guess "Sex Movie" out
> of "Se^x M-o ^v ~l e
From: Jenny Lee
> Also how ironic is it to write: users -at- spamassassin.apache.org on the
> website!!! What a confidence in a
> spam-fighting tool! Write it as users@sa, show you mean business.
Ever hear of defense in depth?
On 17/10/11 19:07, Jenny Lee wrote:
Every 2nd of my emails to this list from hotmail is returning as a
nondeliverable. Hotmail does not give any info as to what failed but I am
assuming it is the SPAM filters of the mailing list. Well done!
Then stop posting spam to the list. You can see wh
Every 2nd of my emails to this list from hotmail is returning as a
nondeliverable. Hotmail does not give any info as to what failed but I am
assuming it is the SPAM filters of the mailing list. Well done!
Also how ironic is it to write: users -at- spamassassin.apache.org on the
website!!! Wh
e actual score for this kind of punctuation is
> low, I use the rule in a meta with URL shortening, free websites, free
> blogs, stuff like that, and it is hovering above the kill switch. Also note
> that is does not choke on subjects like ===, where a multiple would.
>
>
>
ultiple would.
--
View this message in context:
http://old.nabble.com/Why-doesn%27t-anything-at-all-get-these-botnet-spammers--tp32659169p32668643.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Sun, 2011-10-16 at 21:53 -0300, Christian Grunfeld wrote:
> easier than that !
> you dont need to check any ratio at all ... as legitimate mails dont
> have non-word characters between characters !
> Non spamer people don´t write subjects like that !
^
> S
easier than that !
you dont need to check any ratio at all ... as legitimate mails dont
have non-word characters between characters !
Non spamer people don´t write subjects like that !
Spamers had to do that in order to avoid sex, porn, xxx, viagra
directly in subject (which is more or less easily
On 10/15, John Hardin wrote:
> >Subject: T !r (a -n*n =l&e ` S !e .x|
> >Subject: Se^x M-o ^v ~l e -
>
> More chickenpoxed subjects.
Might be fun to create a plugin to check the ratio of word characters to
non-word characters, possibly roughly based on html_title_subject_ratio()
in Mail::SpamAssa
> Date: Sun, 16 Oct 2011 08:39:42 -0700
> From: jhar...@impsec.org
> To: users@spamassassin.apache.org
> Subject: Re: Why doesn't anything at all get these botnet spammers?
>
> On Sun, 16 Oct 2011, Martin Gregorie wrote:
>
> > On Sat, 2011-10-15 at 15:38 -0700
On Sun, 16 Oct 2011, Martin Gregorie wrote:
On Sat, 2011-10-15 at 15:38 -0700, John Hardin wrote:
On Sat, 15 Oct 2011, Jenny Lee wrote:
Hello Everyone,
Is there any way to get these people?
Subject: T !r (a -n*n =l&e ` S !e .x|
Subject: Se^x M-o ^v ~l e -
What about something like:
he
On Sat, 2011-10-15 at 15:38 -0700, John Hardin wrote:
> On Sat, 15 Oct 2011, Jenny Lee wrote:
>
> > Hello Everyone,
> >
> > Is there any way to get these people?
>
> > Subject: T !r (a -n*n =l&e ` S !e .x|
> > Subject: Se^x M-o ^v ~l e -
>
What about something like:
header POX Subject ~= /[!\(-
On Sat, 15 Oct 2011, Jenny Lee wrote:
Hello Everyone,
Is there any way to get these people?
Subject: T !r (a -n*n =l&e ` S !e .x|
Subject: Se^x M-o ^v ~l e -
More chickenpoxed subjects.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaho
: Yes, score=6.0 required=5.0 tests=AWL,BAYES_50,
MSGID_FROM_MTA_HEADER,OUR_CUSTOM_URI autolearn=no version=3.3.1
X-Spam-Report:
* 5.0 OUR_CUSTOM_URI URI: Botnet spammers
* 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.5769]
* 0.0 MSGID_FROM_MTA_HEADER
ow
>> better than just not loading Botnet?
>
> I think botnet works well with those IPv6 patches again. I have enabled
> it again since then. But I don't have real statistics about it yet.
It doesn't. I keep getting false positives for IPv6 connections. :(
Can't
better than just not loading Botnet?
>
> I think botnet works well with those IPv6 patches again. I have enabled
> it again since then. But I don't have real statistics about it yet.
Finally I took the patched Botnet.pm from [1] and replaced my
/usr/lib/perl5/vendor_perl/5.12.3/Mail/S
On 12.07.2011 10:39 CE(S)T, Kārlis Repsons wrote:
> There is the other thread about some patching for IPv6, but could someone
> post
> the current status with this problem or some idea what should be done for now
> better than just not loading Botnet?
I think botnet works well wit
1 - 100 of 651 matches
Mail list logo
