On Man, Juni 15, 2009 02:59, Chip M. wrote:
> You might want to make some meta rules for those two cases (China
> TLD in a URL, Sender == Recipient).
http://www.nabble.com/postfwd-stop-equal-sender-recipient-spams-td21164908.html
dont waste resources in mta :)
--
http://localhost/ 100% uptime
On 14-Jun-2009, at 22:46, LuKreme wrote:
On Jun 14, 2009, at 18:59, "Chip M." wrote:
In all (5) of the hams I found, the IP was in IANA Reserved space
(specifically 192.168.0.0/16).
Most where in reserved space, but by no means all of them.
I checked 2.5 months worth of logs for my most div
On Jun 14, 2009, at 18:59, "Chip M." wrote:
In all (5) of the hams I found, the IP was in IANA Reserved space
(specifically 192.168.0.0/16).
Most where in reserved space, but by no means all of them.
I checked 2.5 months worth of logs for my most diverse domain, and
found only 5 (out of 2139
Charles Gregory wrote:
>Do they all have message ID's that include the IP? You could score
>that 0.3 or so to help push it over the line. Also give a bit mroe
Shiny - I had not noticed this pattern. Thanks guys! :)
LuKreme wrote:
>and found it hit more mailinglist ham than spam, so I'd tread
>ca
On Sun, 14 Jun 2009, John Hardin wrote:
header MSGIDIP Message-Id =~ /\...@\[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\]/
Refine that just a tiny bit:
header MSGIDIP Message-Id =~
/\...@\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]/
LOL! Busted! I was being lazy!
- C
On Sun, 14 Jun 2009, Charles Gregory wrote:
On Sat, 13 Jun 2009, MySQL Student wrote:
Received: from [78.97.185.89] (unknown
[78.97.185.89])
Message-ID:
Do they all have message ID's that include the IP?
Yeah, great, it looks like they al
On Sat, 13 Jun 2009, MySQL Student wrote:
Received: from [78.97.185.89] (unknown
[78.97.185.89])
Message-ID:
Do they all have message ID's that include the IP?
Yeah, great, it looks like they all do. Would something like this work?
header MY
On Søn, Juni 14, 2009 03:10, MySQL Student wrote:
> Home | Contact Us | Privacy Policy | Terms of Use | Unsubscribe |
this is spammy line, with often faked domains (content looks like
micro$oft) but url is not there domain
> Where can I go from here?
sa-learn --spam < msg
and or make a rule f
On 13-Jun-2009, at 19:56, MySQL Student wrote:
Received: from [78.97.185.89] (unknown [78.97.185.89])
Message-ID:
Do they all have message ID's that include the IP?
Yeah, great, it looks like they all do. Would something like this
work?
header MYMSGIPMessage-ID =~ /78.97.185
On Sat, Jun 13, 2009 at 18:56, MySQL Student wrote:
>
> I also see BOTNET_NORDNS in Botnet.cf, but it isn't being triggered. It's
> also weighted at 0.0. Is there a reason for this?
There's two ways to use Botnet:
1) one big rule (BOTNET) that rolls up all of the sub-rule scores.
2) triggering
On Sat, Jun 13, 2009 at 18:47, MySQL Student wrote:
> Hi John,
>
>> Botnet seems to have caught that just fine (it's listed in the rules
>> which were triggered). The problem is either that you're running it
>> at a lower score (which you could also do for Botnet0.8 if you wanted
>> to upgrade --
Hi Charles,
Received: from [78.97.185.89] (unknown [78.97.185.89])
>> Message-ID:
>>
>
> Do they all have message ID's that include the IP?
Yeah, great, it looks like they all do. Would something like this work?
header MYMSGIPMessage-ID =~ /78.97.185.89/
score MYMSGIP0.3
desc
Hi John,
Botnet seems to have caught that just fine (it's listed in the rules
> which were triggered). The problem is either that you're running it
> at a lower score (which you could also do for Botnet0.8 if you wanted
> to upgrade -- their default scores are exactly the same), or you need
> oth
On Sat, 13 Jun 2009, MySQL Student wrote:
Received: from [78.97.185.89] (unknown [78.97.185.89])
Message-ID:
Do they all have message ID's that include the IP? You could score that
0.3 or so to help push it over the line. Also give a bit mroe score to the
RDNS rules
You also might want
Botnet seems to have caught that just fine (it's listed in the rules
which were triggered). The problem is either that you're running it
at a lower score (which you could also do for Botnet0.8 if you wanted
to upgrade -- their default scores are exactly the same), or you need
other rules/configs t
Hi all,
I'm using SA-3.2.5 on Linux and my system is being deluged with spam that
isn't being caught, apparently from botnets. I'm using botnet-0.7. The
subject is random and the "Received from" header is always an unresolvable
IP. Is there a more robust botnet plugin that may be more effective?
B
16 matches
Mail list logo