On 8/22/2005 4:14 PM, Dallas L. Engelken wrote:
>>IP::Country use Whois lookups instead though
> Hrmm? Where does it say it uses Real-Time Whois lookups?
The docu for IP::Country::Fast is empty and refers to IP::Country, which
describes the use of whois.
See my follow-up post though
--
Eric
On 8/22/2005 3:50 PM, Eric A. Hall wrote:
> IP::Country use Whois lookups instead though, and UDP/DNS lookups are
> going to be faster than chained TCP/Whois queries.
> I'll play with the plugin and see what kind of times and load I get
Some poking around, IP::Country::Fast uses a pre-built map
> -Original Message-
> From: Eric A. Hall [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 22, 2005 2:50 PM
> To: Derek Harding
> Cc: users@spamassassin.apache.org
> Subject: Re: [SPAM] RE: GeoCities Link-only spam
>
>
> On 8/22/2005 3:34 PM, Derek Harding wr
On 8/22/2005 3:34 PM, Derek Harding wrote:
> On Sun, 2005-08-21 at 20:05 -0400, Eric A. Hall wrote:
>
>>What's the benefit of using this instead of the uridnsbl plugin? The code
>>below will look for the IP address behind a URI and then query the
>>cn-kr.blackholes.us RBL to see if that addr is i
On Sun, 2005-08-21 at 20:05 -0400, Eric A. Hall wrote:
> What's the benefit of using this instead of the uridnsbl plugin? The code
> below will look for the IP address behind a URI and then query the
> cn-kr.blackholes.us RBL to see if that addr is in China:
This one doesn't require a DNS lookup w
On 8/8/2005 5:05 PM, Derek Harding wrote:
>>>It allows rules such as:
>>>uricountry URICOUNTRY_CN CN
>>>header URICOUNTRY_CN eval:check_uricountry('URICOUNTRY_CN')
>>>describeURICOUNTRY_CN Contains a URI hosted in China
>>>tflags URICOUNTRY_CN net
>>>score U
[58.33.99.179 listed in china.blackholes.us]
> -Original Message-
> From: Jonathan Nichols [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 09, 2005 2:36 PM
> To: Kelson
> Cc: SpamAssassin Users
> Subject: Re: GeoCities Link-only spam
>
>
>
> > Of
Of course, if you want to match *any* Geocities URL (which I think is a
bit much for a 4-point score), you'd want something like this:
uri GEOCITIES /\.geocities\.com\b/i
or if you want to make sure it matches the domain name,
uri GEOCITIES /^http:\/\/[a-z0-9-]{1,30}\
Jonathan Nichols wrote:
uri GEOCITIES /uk.geocities.com/i
describe GEOCITIESHigh amounts of spam from Geocities.
score GEOCITIES 4.0
... spamassassin --lint came out ok.
Will this work, or have I accomplished something that I wasn't actually
trying to do? ;)
A better ap
> -Original Message-
> From: Greg Allen [mailto:[EMAIL PROTECTED]
> If it wasn't for a handful of users I would block everything
> outside the continental US, and certain companies can still
> do that if they do not do business outside the US.
>
RBLs in SA with judicious use of:
sassin Users
Subject: Re: GeoCities Link-only spam
Back on topic..
Since Geocities has done exactly *nothing* to delete the spamvertized
sites, I have no objection to adding 3 points to anything with
*.geocities.com in the URL.
I tried this:
uri GEOCITIES /uk.geocities.com/
Back on topic..
Since Geocities has done exactly *nothing* to delete the spamvertized
sites, I have no objection to adding 3 points to anything with
*.geocities.com in the URL.
I tried this:
uri GEOCITIES /uk.geocities.com/i
describe GEOCITIESHigh amounts of spam from Geo
8, 2005 6:55 PM
To: SpamAssassin Users
Subject: Re: GeoCities Link-only spam
> Yes, all the nasty countries could be added. Great idea going here.
Based on my server logs, if I block mail coming from Earth, I'll take
care of 100% of incoming spam!
Now all I need to do is loo
From: "Kelson" <[EMAIL PROTECTED]>
> > Yes, all the nasty countries could be added. Great idea going here.
>
> Based on my server logs, if I block mail coming from Earth, I'll take
> care of 100% of incoming spam!
>
> Now all I need to do is look up the subnet for the International Space
> Sta
From: "wolfgang" <[EMAIL PROTECTED]>
> Hi jdow,
>
> In an older episode (Monday, 8. August 2005 23:07), jdow wrote:
>
> > Those guys are annoying. The "ro" folks are just plain not nice people.
> > If it comes from Romania it's a phish, keylogger, or worse.
>
> I'd like to state that I deeply feel
Yes, all the nasty countries could be added. Great idea going here.
Based on my server logs, if I block mail coming from Earth, I'll take
care of 100% of incoming spam!
Now all I need to do is look up the subnet for the International Space
Station so I can whitelist it...
--
Kelson Vibber
just go through the time to type several of them in and test
them. I am just not sure yet. :-)
-Original Message-
From: Derek Harding [mailto:[EMAIL PROTECTED]
Sent: Monday, August 08, 2005 5:05 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED] Apache. Org
Subject: Re: [SPAM] RE: GeoCi
Hi jdow,
In an older episode (Monday, 8. August 2005 23:07), jdow wrote:
> Those guys are annoying. The "ro" folks are just plain not nice people.
> If it comes from Romania it's a phish, keylogger, or worse.
I'd like to state that I deeply feel that this statement, just like any
generalization
Yes, all the nasty countries could be added. Great idea going here.
-Original Message-
From: jdow [mailto:[EMAIL PROTECTED]
Sent: Monday, August 08, 2005 5:07 PM
To: users@spamassassin.apache.org
Subject: Re: GeoCities Link-only spam
From: <[EMAIL PROTECTED]>
> > On Sun
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
awesome! any chance you could put this on the wiki, linked from
CustomPlugins?
- --j.
Derek Harding writes:
> On Mon, 2005-08-08 at 15:53 -0500, [EMAIL PROTECTED] wrote:
> > >
> > > It allows rules such as:
> > > uricountry URICOUNTRY_CN CN
From: <[EMAIL PROTECTED]>
> > On Sun, 2005-08-07 at 12:27 -0400, Greg Allen wrote:
> >> They are also using non-Geocities addresses now. Most of the IPs they
> >> use seem to been from China, so you could RBL china at the front end,
> >> if you are allowed to block China that is... (my users won't
On Mon, 2005-08-08 at 15:53 -0500, [EMAIL PROTECTED] wrote:
> >
> > It allows rules such as:
> > uricountry URICOUNTRY_CN CN
> > header URICOUNTRY_CN eval:check_uricountry('URICOUNTRY_CN')
> > describeURICOUNTRY_CN Contains a URI hosted in China
> > tflags URICO
> On Sun, 2005-08-07 at 12:27 -0400, Greg Allen wrote:
>> They are also using non-Geocities addresses now. Most of the IPs they
>> use seem to been from China, so you could RBL china at the front end,
>> if you are allowed to block China that is... (my users won't let me
>> block China...uggh)
>>
>
On Sun, 2005-08-07 at 12:27 -0400, Greg Allen wrote:
> They are also using non-Geocities addresses now. Most of the IPs they
> use seem to been from China, so you could RBL china at the front end,
> if you are allowed to block China that is... (my users won't let me
> block China...uggh)
>
>
> --
?djBK=nNSn7m
---end example---
-Original Message-
From: Rakesh [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 07, 2005 10:51 AM
To: Michele Neylon
Cc: Raymond Dijkxhoorn; Greg Allen; Kelson; [EMAIL PROTECTED] Apache.
Org
Subject: Re: GeoCities Link-only spam
O
We're also seeing general geocities references, such as:
Welcome to College Fuck Tour the most unique web site dedicated to the
beauty (and naivety) of young college girl. We’re a group of horny guys
who cruise campuses around the US to find the hottest chicks, take them
for a ride and talk th
Hi!
Yea...here is an example. They are getting through here to and I have
everything turned on except dcc and razor. Here is an example. Hopefully
they will use up all their spam IPs and start getting blocked by RBLs. These
type break-throughs usually don't last too long.
This is going on for
rg
Subject: GeoCities Link-only spam
Over the last few days, we've been seeing a lot of spam that contains
nothing but a pair of names and a link to a URL at uk.geocities.com. No
image, no obfuscation, only a small percent has any bayes poison. Just
the link and two names. Most of it is pill spam
Kelson wrote:
Over the last few days, we've been seeing a lot of spam that contains
nothing but a pair of names and a link to a URL at uk.geocities.com. No
image, no obfuscation, only a small percent has any bayes poison. Just
the link and two names. Most of it is pill spam, some mortgage.
Over the last few days, we've been seeing a lot of spam that contains
nothing but a pair of names and a link to a URL at uk.geocities.com. No
image, no obfuscation, only a small percent has any bayes poison. Just
the link and two names. Most of it is pill spam, some mortgage.
SURBL can't ca
30 matches
Mail list logo
