On Wed, 2009-06-17 at 11:18 -0700, omehegan wrote:
> Lately a lot of 419 and investment spams
> have been getting through with very low SA scores. Can anyone take a look at
> these and see if there's another ruleset I should use to trap them?
One thing I've been fiddling with for a while is a rule
At 17:26 19-06-2009, RW wrote:
The last hop into the internal network is rarely from Nigeria, but I
find it turns up in X-Spam-Relay-Countries in about 9% of my own spam.
Can you send me a sample of the email headers off-list?
Regards,
-sm
On Sat, June 20, 2009 03:27, RW wrote:
> It would be nice to automate this and keep track of real statistics, so
> spammy routes could be auto-discovered.
AWL plugin already does this pr /16
can be changed to track /24 /32 if one wants a bigger database :)
--
xpoint
On 19 Jun 2009 05:59:50 -
"Chip M." wrote:
> I would NEVER block the Netherlands (it _IS_ one of the Geekiest
> nations on the planet!), however it does have many freemailers who
> are often compromised, so when it occurs in COMBINATION with an
> "unlikely" nation like Mexico, it's worth cons
On Fri, 19 Jun 2009 16:30:29 -0700
SM wrote:
> At 15:36 19-06-2009, McDonald, Dan wrote:
> >Of course. Don't you? Although usually the Nigerians relay through
> >Italy, and sometimes Hong Kong.
>
> I don't see any email of that type originating from Nigeria in terms
> of SMTP. Most of these
At 15:36 19-06-2009, McDonald, Dan wrote:
Of course. Don't you? Although usually the Nigerians relay through
Italy, and sometimes Hong Kong.
I don't see any email of that type originating from Nigeria in terms
of SMTP. Most of these emails originate from other
countries. Blocking Italy or
On Fri, 2009-06-19 at 15:12 -0700, SM wrote:
> At 22:59 18-06-2009, Chip M. wrote:
> >Here's a dump of the complete Countries routes of your samples
> >(frequency first, then square brackets around the IP immediately
> >outside your own network):
> > 2 [France], Nigeria
>
> Do you really get such
At 22:59 18-06-2009, Chip M. wrote:
Here's a dump of the complete Countries routes of your samples
(frequency first, then square brackets around the IP immediately
outside your own network):
2 [France], Nigeria
Do you really get such emails from Nigeria? :-)
Regards,
-sm
Chip M. wrote:
>
> Owen, particularly with 419/scam spams, it's VERY helpful if you
> tell us more about your ham ecology.
>
> It would also be helpful if you told us about your FP pipeline.
> For example: Do you have a corpus? Can you easily analyze
> individual SA hits on ham, over an exten
John Hardin wrote:
>
> That's not what I asked - are you _training_ as that user? That's often
> the problem when bayes isn't behaving the way you expect.
>
> sa-update won't bring 3.2.1 up to 3.2.5; you're not getting the up-to-date
> rules, which may catch those.
>
> That said, I'm gettin
On Fri, 19 Jun 2009, Chip M. wrote:
3. use a country of origin/route plugin
#3 is somewhat controversial, and if implemented must be done
VERY carefully.
I've been looking into country-based IP blocking and it seems to boil down
to two choices:
1) A Spamassassin Plugin named 'relaycountry',
On Fri, June 19, 2009 07:59, Chip M. wrote:
> Always VERY good advice, particularly given the age difference. :)
it should be noted that sa-update does not just fetch all new rules in
newer sa versions, but it can be backported to have most rules if one want
to make the work with it
--
xpoint
Owen B. Mehegan wrote:
>Lately a lot of 419 and investment spams have been getting through
>with very low SA scores. Can anyone take a look at these and see
>if there's another ruleset I should use to trap them?
Owen, particularly with 419/scam spams, it's VERY helpful if you
tell us more about yo
On Wed, 17 Jun 2009, omehegan wrote:
Please trim irrelecant content when you reply, thanks.
I have site-wide bayes, and yeah its rules are owned by the same user
that SA is running as.
That's not what I asked - are you _training_ as that user? That's often
the problem when bayes isn't behavi
Hi,
My results below...
omehegan wrote:
Here are two more of a type that have been getting through CONSTANTLY.
They're always almost exactly the same, and I keep training them into my
bayes DB but it's not hitting on them :(
http://www.nerdnetworks.org/spam/spam7
Content analysis de
John Hardin wrote:
>
> On Wed, 17 Jun 2009, omehegan wrote:
>
> http://www.nerdnetworks.org/spam/spam1
> http://www.nerdnetworks.org/spam/spam2
> http://www.nerdnetworks.org/spam/spam3
> http://www.nerdnetworks.org/spam/spam4
> http://www.nerdnetworks.org/spam/spam5
> h
On Wed, 17 Jun 2009, omehegan wrote:
http://www.nerdnetworks.org/spam/spam1
http://www.nerdnetworks.org/spam/spam2
http://www.nerdnetworks.org/spam/spam3
http://www.nerdnetworks.org/spam/spam4
http://www.nerdnetworks.org/spam/spam5
http://www.nerdnetworks.org/spam/spam6
Here are two more of a
omehegan wrote:
>
>
>
> John Hardin wrote:
>>
>> On Wed, 17 Jun 2009, omehegan wrote:
>>
>>> Lately a lot of 419 and investment spams have been getting through with
>>> very low SA scores.
>>>
>>> http://www.nerdnetworks.org/spam/spam1
>>> http://www.nerdnetworks.org/spam/spam2
>>> http://
John Hardin wrote:
>
> On Wed, 17 Jun 2009, omehegan wrote:
>
>> Lately a lot of 419 and investment spams have been getting through with
>> very low SA scores.
>>
>> http://www.nerdnetworks.org/spam/spam1
>> http://www.nerdnetworks.org/spam/spam2
>> http://www.nerdnetworks.org/spam/spam3
>> h
On Wed, 17 Jun 2009, omehegan wrote:
Lately a lot of 419 and investment spams have been getting through with
very low SA scores.
http://www.nerdnetworks.org/spam/spam1
http://www.nerdnetworks.org/spam/spam2
http://www.nerdnetworks.org/spam/spam3
http://www.nerdnetworks.org/spam/spam4
http://ww
20 matches
Mail list logo
