On 11/24/2009 7:10 PM, Benny Pedersen wrote:
On tir 24 nov 2009 19:02:29 CET, Yet Another Ninja wrote
seems simpler than adding 1 domains to freemail's config .-)
that why i like to change it to be paidmail.pm with lists of paid domains
got it now ? :)
spammers can get any free domai
On tir 24 nov 2009 19:02:29 CET, Yet Another Ninja wrote
seems simpler than adding 1 domains to freemail's config .-)
that why i like to change it to be paidmail.pm with lists of paid domains
got it now ? :)
spammers can get any free domain and it can continue as a freemail,
but whe
On 11/24/2009 6:34 PM, Benny Pedersen wrote:
On tir 24 nov 2009 18:30:15 CET, Yet Another Ninja wrote
Freemail.pm plugin does it pretty well without the overhead and cron'd
replication lag...
just one problem with freemail it should list all domain as freemail as
default, unless there is a cl
On Tue, 2009-11-24 at 09:22 -0800, R-Elists wrote:
> didnt anyone think that the emailBL project was good enough in adding an
> extra factor of protection to continue development?
I'm using it with a locally sourced set of "bad actors". Unfortunately,
I don't believe I'm allow to share the data.
On tir 24 nov 2009 18:30:15 CET, Yet Another Ninja wrote
Freemail.pm plugin does it pretty well without the overhead and
cron'd replication lag...
just one problem with freemail it should list all domain as freemail
as default, unless there is a clear sign of payment to get it
otherway aro
On tir 24 nov 2009 18:22:25 CET, R-Elists wrote
didnt anyone think that the emailBL project was good enough in adding an
extra factor of protection to continue development?
+1
even without more devel on it, what does miss ?
so far i have just seen one big problem with it, dns servers / mirror
On 11/24/2009 6:22 PM, R-Elists wrote:
didnt anyone think that the emailBL project was good enough in adding an
extra factor of protection to continue development?
- rh
Freemail.pm plugin does it pretty well without the overhead and cron'd
replication lag...
On 7/1/2009 4:41 PM, RobertH wrote:
as announced, it has been disabled.
i see...
if it is determined to be the right thing to do, what is it going to take to
get it back online and helping the cause?
as with all BLs it takes:
- data, lots of it.
- some processing iron
- mirrors
- more mirr
>
> as announced, it has been disabled.
>
i see...
if it is determined to be the right thing to do, what is it going to take to
get it back online and helping the cause?
- rh
On 7/1/2009 9:36 AM, RobertH wrote:
so
is emailbl offline since it is now 7/1/09 or has the term status changed?
updates please?
- rh
as announced, it has been disabled.
On 5/28/2009 6:40 PM, Marc Perkel wrote:
Yet Another Ninja wrote:
On 5/28/2009 6:27 PM, Marc Perkel wrote:
What do you need to make it survive? It works great for me.
I won't be involved at all.
It needs data, mirrors, zone, all what a RBL needs.
I'll do the mirrors - provide server - I ha
Yet Another Ninja wrote:
On 5/28/2009 6:27 PM, Marc Perkel wrote:
What do you need to make it survive? It works great for me.
I won't be involved at all.
It needs data, mirrors, zone, all what a RBL needs.
I'll do the mirrors - provide server - I have data - I don't have what
you are using
On 5/28/2009 6:27 PM, Marc Perkel wrote:
What do you need to make it survive? It works great for me.
I won't be involved at all.
It needs data, mirrors, zone, all what a RBL needs.
Yet Another Ninja wrote:
As you all know, on July 1st the emailbl.me test zone will go dark.
I helped Henrik
What do you need to make it survive? It works great for me.
Yet Another Ninja wrote:
As you all know, on July 1st the emailbl.me test zone will go dark.
I helped Henrik test the plugin and find mirrors for the data which
was being fed by feeds dedicated to this test only.
Would be nice to se
On Samstag 23 Mai 2009 Chris wrote:
> EmailB
Of 71 messages where EMAILBL hit, 3 were still marked ham but really
spam (points: 2.0, 3.0, 3.1), no FPs. One message was just pushed over
5.0 by EMAILBL and would have been a FN otherwise.
So it helps here. We have a very hard setup and only few sp
On Sat, 2009-05-23 at 16:43 +0200, Karsten Bräckelmann wrote:
> >
> > Those are not the total spam for the day but the cumulative spam from
> > one day to the next. Though the percentile if figured on the total
>
> Ah, yees. :) Thanks. I was missing the base before you enabled EmailBL.
> So tha
On Fri, 2009-05-22 at 21:53 -0500, Chris wrote:
> On Sat, 2009-05-23 at 04:11 +0200, Karsten Bräckelmann wrote:
> > Sorry, no. :) The dates and numbers don't match, unless you didn't get
> > any spam early this month.
> Is this what you're looking for:
> Starting point as of 13 May with plug-in
On Sat, 2009-05-23 at 04:11 +0200, Karsten Bräckelmann wrote:
> What about some grep love, and splitting that up in at least less and
> greater than a total of score 15? See my post about 6 hours ago, and
> considerably more hits in the low-ish scoring spam.
>
>
> > Spam: 192
> > (thats a total
What about some grep love, and splitting that up in at least less and
greater than a total of score 15? See my post about 6 hours ago, and
considerably more hits in the low-ish scoring spam.
> Spam: 192
> (thats a total count since 3 May)
>
> Totals since last Thursday 14 May
> Rule Name
On Fri, May 22, 2009 17:37, RobertH wrote:
> if there is more i can do to help the dev, please contact me off list for
> more personal debug info
use dkim, and add to local.cf
whitelist_auth undisclosed-recipient[at]yahoo.com
changeing at to @
or did yahoo stop using domain keys ?
--
http:
On Tue, May 19, 2009 at 13:24, Steve Freegard wrote:
> Justin Mason wrote:
>> http://ruleqa.spamassassin.org/20090516-r775436-n/T_EMAILBL_TEST_LEM/detail
>
> Would be interesting to see if the 5 ham hits really were ham or whether
> they were accidentally misclassified and what the e-mail address
On Dienstag 19 Mai 2009 Karsten Bräckelmann wrote:
> Again, I believe the "your fault" wasn't the intention. But that this
> is a test, *needs* testers, and you can do it without *any* impact to
> your results.
Yes of course. I just meant you can't ask people to use your tests and
then blame them
Yet Another Ninja wrote:
from the descriptions you are using, you are speaking about a totally
different BL... this is not the one "in googlegroups".
ah, my bad. I didn't know that the term 'EmailBL' was used generically.
Jesse
--
Jesse Thompson
Division of Information Technology, Univer
On 5/19/2009 4:02 PM, Jesse Thompson wrote:
Henrik K wrote:
First we should test if there actually are such FPs and not speculate. ;)
There are FPs by nature. Some of the accounts are legitimate accounts
co-opted by spammers to send the phishing attempts to compromise more
accounts.
Use t
On Mon, 2009-05-18 at 21:19 -0600, LuKreme wrote:
> On 18-May-2009, at 19:02, Michael Monnerie wrote:
> > I didn't mean that the final result be a FP, just this one ruleset.
> > Shouldn't the goal be to have no FPs and lots of corrects?
>
> In a word? No.
I don't think you understood what that DN
Henrik K wrote:
First we should test if there actually are such FPs and not speculate. ;)
There are FPs by nature. Some of the accounts are legitimate accounts
co-opted by spammers to send the phishing attempts to compromise more
accounts.
Use the list with caution, and pay attention to th
Justin Mason wrote:
> http://ruleqa.spamassassin.org/20090516-r775436-n/T_EMAILBL_TEST_LEM/detail
Would be interesting to see if the 5 ham hits really were ham or whether
they were accidentally misclassified and what the e-mail address was.
Cheers,
Steve.
http://ruleqa.spamassassin.org/20090516-r775436-n/T_EMAILBL_TEST_LEM/detail
--j.
On Tue, May 12, 2009 at 15:54, Justin Mason wrote:
> I've added it to SVN for testing -- my sandbox for now, but I'll move
> it to Alex's once his acct is set up ;)
>
> is there a test entry for this zone?
>
> --j.
On 18-May-2009, at 19:02, Michael Monnerie wrote:
I didn't mean that the final result be a FP, just this one ruleset.
Shouldn't the goal be to have no FPs and lots of corrects?
In a word? No.
Test are designed to be cumulative. Something that is seen 75% of the
time in spam and 25% of the t
On Tue, 2009-05-19 at 03:02 +0200, Michael Monnerie wrote:
> On Sonntag 17 Mai 2009 Yet Another Ninja wrote:
> > > That said, I'll implement and test it, and hopefully it's good,
> > > with no FPs.
> >
> > How can score of 0.001 cause a false positive?
>
> I didn't mean that the final result be a
On Sonntag 17 Mai 2009 Yet Another Ninja wrote:
> > I generally like the idea. But this project is in the beginners
> > phase, and a whole lot of people will want to wait until others
> > report it's benefits. After all, who wishes to put it in production
> > and then maybe it causes a lot of FPs?
Well since we're all doing show-and-tell, so far in the past 24 hours
2310 email have triggered the EMAILBL* rules, of which (with the default
0.5 score) 70 were FN
i.e. if I increased the score to 2, all those 70 would have been marked
as spam (and I checked: they were spam)
--
Cheers
Jason Ha
Karsten Bräckelmann wrote:
On Mon, 2009-05-18 at 10:50 -0400, DAve wrote:
I will see about the update, for now the last five days stats are as
follows.
Total mail through SA = 208,498
Total spam messages tagged with EMAILBL = 1471
Total non spam messages tagged with EMAILBL = 128
What exactl
On Mon, 2009-05-18 at 10:50 -0400, DAve wrote:
> I will see about the update, for now the last five days stats are as
> follows.
>
> Total mail through SA = 208,498
> Total spam messages tagged with EMAILBL = 1471
> Total non spam messages tagged with EMAILBL = 128
What exactly are these?
> FP
Henrik K wrote:
> On Sat, May 16, 2009 at 08:25:58AM -0500, Chris wrote:
>> Started running the plug-in Thursday and though I don't get much spam a
>> day I am getting hits:
>>
>> Ham: 232
>> Spam: 113
>> (thats a total count since 3 May)
>>
>> EmailBL.cf:
>> Rule Name Score Ha
I installed the plugin last Tuesday. As of this morning (using the
original domain list):
Total Messages Processed: 2933
Number identified as spam: 2464
Total number tagged by EMAILBL: 7
Number of FNs tagged by EMAILBL: 2
The two FNs scored a 3. So if EMAILBL had enough weight, SA would have
c
Henrik K wrote:
On Sat, May 16, 2009 at 08:25:58AM -0500, Chris wrote:
Started running the plug-in Thursday and though I don't get much spam a
day I am getting hits:
Ham: 232
Spam: 113
(thats a total count since 3 May)
EmailBL.cf:
Rule Name Score Ham Spam %of Ham %of
LuKreme wrote:
> On 17-May-2009, at 06:32, Yet Another Ninja wrote:
>> On 5/17/2009 2:09 PM, LuKreme wrote:
>>> On 16-May-2009, at 21:25, Bill Landry wrote:
LuKreme wrote:
> grep EMAILBL /var/log/maillog.1 | grep -v "is spam" | wc -l
>
> ??
How is that going to work if yo
On 17-May-2009, at 06:32, Yet Another Ninja wrote:
On 5/17/2009 2:09 PM, LuKreme wrote:
On 16-May-2009, at 21:25, Bill Landry wrote:
LuKreme wrote:
grep EMAILBL /var/log/maillog.1 | grep -v "is spam" | wc -l
??
How is that going to work if you are telling grep to output
everything
that d
On 5/17/2009 3:41 PM, Steve Freegard wrote:
Who cares if they have strict blocks on stuff coming in to their network
- an EMAILBL listing is all about whether or not spammers/scammers use
their service for drop-boxes, spew mail out from their service or use
their domain name. Whereas URIBLs are
Michael Monnerie wrote:
> I generally like the idea. But this project is in the beginners phase,
> and a whole lot of people will want to wait until others report it's
> benefits. After all, who wishes to put it in production and then maybe
> it causes a lot of FPs?
Duh:
score EMAILBL 0.001
*
On 5/17/2009 3:22 PM, Michael Monnerie wrote:
On Sonntag 17 Mai 2009 Yet Another Ninja wrote:
The future of this project depends if the concept is of any use. The
lack of feedback, any kind, must mean its of little value so it might
as well be drowned at birth.
I generally like the idea. But t
On Sonntag 17 Mai 2009 Yet Another Ninja wrote:
> The future of this project depends if the concept is of any use. The
> lack of feedback, any kind, must mean its of little value so it might
> as well be drowned at birth.
I generally like the idea. But this project is in the beginners phase,
and
On 5/17/2009 2:09 PM, LuKreme wrote:
On 16-May-2009, at 21:25, Bill Landry wrote:
LuKreme wrote:
grep EMAILBL /var/log/maillog.1 | grep -v "is spam" | wc -l
??
How is that going to work if you are telling grep to output everything
that does NOT contain "is spam" (-v = select non-matching lin
On 16-May-2009, at 21:25, Bill Landry wrote:
LuKreme wrote:
grep EMAILBL /var/log/maillog.1 | grep -v "is spam" | wc -l
??
How is that going to work if you are telling grep to output everything
that does NOT contain "is spam" (-v = select non-matching lines)?
Right. How many emails that we
LuKreme wrote:
> On 16-May-2009, at 02:43, Yet Another Ninja wrote:
>> On 5/13/2009 9:33 AM, Yet Another Ninja wrote:
>>> Assuming Henrik may appreciate some stats, even if minimal like below:
>>> Yesterday's hits:
>>> grep EMAILBL/var/log/maillog.1 | wc -l
>>> 1263
>>
>> Friday's count:
>>
>>
On 16-May-2009, at 02:43, Yet Another Ninja wrote:
On 5/13/2009 9:33 AM, Yet Another Ninja wrote:
Assuming Henrik may appreciate some stats, even if minimal like
below:
Yesterday's hits:
grep EMAILBL/var/log/maillog.1 | wc -l
1263
Friday's count:
grep 'is spam'/var/log/maillog.1
On Sat, May 16, 2009 at 08:25:58AM -0500, Chris wrote:
> Started running the plug-in Thursday and though I don't get much spam a
> day I am getting hits:
>
> Ham: 232
> Spam: 113
> (thats a total count since 3 May)
>
> EmailBL.cf:
> Rule Name Score Ham Spam %of Ham %of
On 5/13/2009 9:33 AM, Yet Another Ninja wrote:
Assuming Henrik may appreciate some stats, even if minimal like below:
Yesterday's hits:
grep EMAILBL/var/log/maillog.1 | wc -l
1263
Friday's count:
grep 'is spam'/var/log/maillog.1 | wc -l
22397
grep EMAILBL/var/log/maillog.1 |
I would like to offer my help for your project. So far it's working
well. I can offer you any of the following:
Data - I have tons of spam if you need to harvest data.
Computers - I have a lot of processing power if you need a VPS.
Bandwidth - I have some bandwidth to spare
rbldnsd servers - I c
On Wed, 13 May 2009, Henrik K wrote:
Still no description of how an address is chosen for inclusion in
the RBL blacklist itself.
Still wouldn't mind knowing this, unless you fear it would sharing a
secret with spammers that they could use to get around this test...
First we should test if ther
Yet Another Ninja wrote:
Assuming Henrik may appreciate some stats, even if minimal like below:
Yesterday's hits:
grep EMAILBL/var/log/maillog.1 | wc -l
1263
Not so good here, well good, but not so usable on the spam we see.
Total messages tagged as spam by SA was 29k, 290 tagged by EM
On Tue, May 12, 2009 at 05:23:07PM -0400, Charles Gregory wrote:
>
> Still no description of how an address is chosen for inclusion in
> the RBL blacklist itself. Particularly where the (often forged)
> "From" header is being used, how does the list avoid FP's?
First we should test if there actual
On Tue, 12 May 2009, Yet Another Ninja wrote:
Oh.. you must have skipped the first 52 lines of EmailBL.pm
No I can *now* see the two lines that say where the module gathers
addresses from. If they were there before, my apologies. But I read that
section of the module pretty closely.
St
On Tue, May 12, 2009 at 04:47:25PM +0200, Wolfgang Zeikat wrote:
> Hi
>
> On 05/12/2009 11:20 AM, Henrik K wrote:
>> http://sa.hege.li/EmailBL.pm (see inside for documentation)
>
> ### About:
> #
> # This plugin creates rbl style DNS lookups for emails.
>
> does this plugin handle emails in the se
On 5/12/2009 5:45 PM, Charles Gregory wrote:
I haven't been following the long thread about this plugin.
When I followed the links and examined the code/docs, I
found that I really didn't have a sense of WHAT this plugin
does.
At first I thought it was checking for spam 'reply' e-mail addresses
I haven't been following the long thread about this plugin.
When I followed the links and examined the code/docs, I
found that I really didn't have a sense of WHAT this plugin
does.
At first I thought it was checking for spam 'reply' e-mail addresses
within the body of an e-mail (the often used
On 5/12/2009 5:37 PM, Charles Gregory wrote:
On Tue, 12 May 2009, Marc Perkel wrote:
> Here's how you do it in Exim
your idea is a has a MASSIVE drawback.
It queries the mailbl for EVERY address...
That's not the whole code that I'm using. I'm just demonstrating the
concept of how you would
On Tue, 12 May 2009, Marc Perkel wrote:
> Here's how you do it in Exim
your idea is a has a MASSIVE drawback.
It queries the mailbl for EVERY address...
That's not the whole code that I'm using. I'm just demonstrating the
concept of how you would make it usable from Exim. I have a lot of othe
On 5/12/2009 5:02 PM, Marc Perkel wrote:
Do you need more mirrors? I can offer you 4 additional servers.
This is all a proof of concept thing and nobody knows what the outcome
may be.
This zone will disappear in +- 30 days. and unless the mirrors complain
that the load is rising a lot, I d
Do you need more mirrors? I can offer you 4 additional servers.
Henrik K wrote:
Hi,
EmailBL plugin is now available for testing. Small test zone has been
running for a while, it contains trapped addresses from some of the most
popular freemail domains.
http://sa.hege.li/EmailBL.pm (see inside
Yet Another Ninja wrote:
On 5/12/2009 4:32 PM, Marc Perkel wrote:
I'm not using your plugin yet but using it from Exim instead and it's
working well. Lots of hist. I suppose we'll find out if there's any
false positives.
Here's how you do it in Exim
set acl_c_from_address = ${lc:${address:
I've added it to SVN for testing -- my sandbox for now, but I'll move
it to Alex's once his acct is set up ;)
is there a test entry for this zone?
--j.
On Tue, May 12, 2009 at 11:26, Yet Another Ninja wrote:
> On 5/12/2009 11:20 AM, Henrik K wrote:
>>
>> Hi,
>>
>> EmailBL plugin is now availabl
Hi
On 05/12/2009 11:20 AM, Henrik K wrote:
http://sa.hege.li/EmailBL.pm (see inside for documentation)
### About:
#
# This plugin creates rbl style DNS lookups for emails.
does this plugin handle emails in the sense of "email addresses"? Or
does it make md5hashes of emails in the sense of "
On 5/12/2009 4:32 PM, Marc Perkel wrote:
I'm not using your plugin yet but using it from Exim instead and it's
working well. Lots of hist. I suppose we'll find out if there's any
false positives.
Here's how you do it in Exim
set acl_c_from_address = ${lc:${address:$h_From:}}
set acl_c_from_ad
I'm not using your plugin yet but using it from Exim instead and it's
working well. Lots of hist. I suppose we'll find out if there's any
false positives.
Here's how you do it in Exim
set acl_c_from_address = ${lc:${address:$h_From:}}
set acl_c_from_address_hash = ${md5:$acl_c_from_address}
dn
On 5/12/2009 11:20 AM, Henrik K wrote:
Hi,
EmailBL plugin is now available for testing. Small test zone has been
running for a while, it contains trapped addresses from some of the most
popular freemail domains.
http://sa.hege.li/EmailBL.pm (see inside for documentation)
http://sa.hege.li/Emai
On Fri, May 1, 2009 at 3:37 PM, Adam Katz wrote:
> Can you determine how many of those were out-of-office messages? Then
> again, even at just two, if you can stop such compromises, it's worth
> it (and then some).
The replies I was talking about was, sadly, manually filtered to
remove everythin
mouss:
My list has been using an md5sum hash for the username portion or the
email address for a while now. As to before that, it replaced any
nonstandard characters with dashes. Please see my other emails in this
lengthy thread.
John Hardin a écrit :
> On Mon, 27 Apr 2009, Karsten Br�ckelmann wrote:
>
>>> y.real-at999.z @ a.at.real-at2.bc ->
>>> y.real-at999.z.real-at1000.a.at.real-at2.bc
>>
>> Still ambiguous. So the generated s/at/real-at$n/ is the last occurrence
>> of a numbered "real-at" plus 1.
>>
>> What if we
On Fri, May 01, 2009 at 02:36:28PM -0500, Jesse Thompson wrote:
> John Hardin wrote:
>> On Fri, 1 May 2009, Adam Katz wrote:
>>
>>> The emailBL mechanism could easily be populated by a spamtrap, but the
>>> danger from false positives (forged sender addresses) would be quite
>>> real.
>
> On a rela
I forgot to also mention honeypots here.
Create a few accounts whose sole purpose is finding these phishing
attacks. They are email accounts which will appear to fall victim to
the attack, sending their "password" which gains "access" to the
company's web portal. Of course, all this "access" doe
Jesse Thompson wrote:
> Possible values for TYPE:
> E: The ADDRESS (usually in the From header) might receive replies
> but it was not intended to receive the replies.
Oh! That's a new one. Changes my code. My code now supports Z as
requesting a hidden email address, A-J
Mandy wrote:
> I work for a Canadian provincial government, on a system with about
> 50,000 mailboxes. I scanned our outbound mail logs over the past 6
> months with this data. There were 31 replies to "Your webmail is
> expired!! !" type messages in that period.
>
> If we had had been blocking
On Fri, May 1, 2009 at 7:52 AM, Jesse Thompson
wrote:
> Yet Another Ninja wrote:
>>
>> I'm trying hard to convince myself this data is really useful.
I work for a Canadian provincial government, on a system with about
50,000 mailboxes. I scanned our outbound mail logs over the past 6
months with
John Hardin wrote:
On Fri, 1 May 2009, Adam Katz wrote:
The emailBL mechanism could easily be populated by a spamtrap, but the
danger from false positives (forged sender addresses) would be quite
real.
On a related note: you also need to worry about the phishers
intentionally forging the Rep
On Fri, 1 May 2009, Yet Another Ninja wrote:
Only little drawback is how to centralize (or not) all this gold to make
it useful to more than me and my dog.
I (and I'm sure others) would be willing to feed phishing corpa from our
quarantines, so long as it's easy to do.
--
John Hardin KA7OH
On Fri, 1 May 2009, Adam Katz wrote:
The emailBL mechanism could easily be populated by a spamtrap, but the
danger from false positives (forged sender addresses) would be quite
real.
How would the phisher collect the password info from their target using a
forged sender address?
Suggestion:
On 5/1/2009 4:52 PM, Jesse Thompson wrote:
Yet Another Ninja wrote:
I'm trying hard to convince myself this data is really useful.
the whole
http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses
file has 4518 entries, including vintage 2008
compared to the big_b
Yet Another Ninja wrote:
I'm trying hard to convince myself this data is really useful.
the whole
http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses
file has 4518 entries, including vintage 2008
compared to the big_boyz my trap feed is quite small and I collec
Yet Another Ninja wrote:
>> I'm trying hard to convince myself this data is really useful.
>>
>> the whole
>> http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses
>> file has 4518 entries, including vintage 2008
>>
>> compared to the big_boyz my trap feed is quite s
Yet Another Ninja wrote:
This is not to suggest that I ever understood the part about using
half-length MD5.
No need. I'm using full-length hashes now, plus the SURBL/chmod style
IP addresses. I must have lost the email I was composing on the topic,
but it's fully propagated by now. I've at
On 5/1/2009 3:56 PM, Adam Katz wrote:
Jeff Moss wrote:
This is not to suggest that I ever understood the part about using
half-length MD5.
No need. I'm using full-length hashes now, plus the SURBL/chmod style
IP addresses. I must have lost the email I was composing on the topic,
but it's ful
On Wed, Apr 29, 2009 at 08:27:34PM +0200, Benny Pedersen wrote:
>
> On Tue, April 28, 2009 12:19, Henrik K wrote:
> > On Tue, Apr 28, 2009 at 10:51:33AM +0100, Matt wrote:
> >> Henrik K wrote:
> >>> If someone wants to try it on their mail feed:
> >>> http://sa.hege.li/pra.cf
>
> can be made to m
On Tue, April 28, 2009 12:19, Henrik K wrote:
> On Tue, Apr 28, 2009 at 10:51:33AM +0100, Matt wrote:
>> Henrik K wrote:
>>> If someone wants to try it on their mail feed:
>>> http://sa.hege.li/pra.cf
can be made to milter-regex.conf ?
--
http://localhost/ 100% uptime and 100% mirrored :)
On Tue, 28 Apr 2009, Mike Cardwell wrote:
Alternatively, just stick the original email address in the
TXT record. So in rbldnsd, you'd have a record like this:
98f22901b17b13d910456597685c1963 :127.0.0.1:the.r...@email.address
I was going to suggest that. Another thing to put in the TXT reco
Rob McEwen wrote:
If you're worried about spammers gaming the hash system
Most likely, they won't care. They'll happily pursue the "low hanging
fruit". The only exception is if/when freemail ISPs started using such a
list to start investigating individual accounts for possible
termination. But
Ben Winslow wrote:
> If you're worried about spammers gaming the hash system
Most likely, they won't care. They'll happily pursue the "low hanging
fruit". The only exception is if/when freemail ISPs started using such a
list to start investigating individual accounts for possible
termination. But,
On Tue, 28 Apr 2009 02:09:02 +0100
Steve Freegard wrote:
> Well in the case of an emailBL - the worst that can happen is that one
> listed md5 collides with an innocent e-mail address. By adding in the
> string length it reduces that possibility because both colliding
> addresses would have to be
John Hardin wrote:
>
> I suppose I should ask, what do you mean by a spammer "reversing the list"?
>
I guess I meant that it makes it harder for the spammer if he/she gets a
copy of the list to casually look for addresses to avoid without doing
the extra work of encoding the address in the same
On Tue, Apr 28, 2009 at 10:51:33AM +0100, Matt wrote:
> Henrik K wrote:
>>
>> If someone wants to try it on their mail feed:
>>
>> http://sa.hege.li/pra.cf
>>
>> Don't mind the size, as optimized they only take millisecond or two to run.
>>
>> Of course when if it starts getting 10x the size, DNS w
Henrik K wrote:
This might sound a big picky, but using backticks to call the date
command in a perl script is horrible. Try using the standard gmtime
function. Eg:
$date = gmtime().' (UTC)';
Rather than:
$date = `date -u`; chomp($date);
/me too busy to man perlfunc
Let this thread be
On Tue, Apr 28, 2009 at 10:31:42AM +0100, Mike Cardwell wrote:
> Henrik K wrote:
>
>>> This might sound a big picky, but using backticks to call the date
>>> command in a perl script is horrible. Try using the standard gmtime
>>> function. Eg:
>>>
>>> $date = gmtime().' (UTC)';
>>>
>>> Rather
Henrik K wrote:
If someone wants to try it on their mail feed:
http://sa.hege.li/pra.cf
Don't mind the size, as optimized they only take millisecond or two to run.
Of course when if it starts getting 10x the size, DNS will start looking
attractive..
I have been publishing a sa-update ch
Henrik K wrote:
This might sound a big picky, but using backticks to call the date
command in a perl script is horrible. Try using the standard gmtime
function. Eg:
$date = gmtime().' (UTC)';
Rather than:
$date = `date -u`; chomp($date);
/me too busy to man perlfunc
Let this thread be
On Tue, Apr 28, 2009 at 09:46:44AM +0100, Mike Cardwell wrote:
> Henrik K wrote:
>
>>> (note, I'm guessing at the appropriate mailing list for cross-post)
>>>
>>> Dennis Davis wrote:
http://code.google.com/p/anti-phishing-email-reply/
is also useful as it attempts to detail the compr
Henrik K wrote:
(note, I'm guessing at the appropriate mailing list for cross-post)
Dennis Davis wrote:
http://code.google.com/p/anti-phishing-email-reply/
is also useful as it attempts to detail the compromised accounts.
Just block/quarantine email for those accounts.
Interesting ... this s
Dave Funk wrote:
Nah - I really don't like it that way; it doesn't really bring you any
benefit and is more likely to cause collisions if you do it that way.
Don't see how it can cause less DNS traffic either. At least using MD5
hashes your DNS query will only be 32 characters + blacklist zone
On Mon, Apr 27, 2009 at 04:10:48PM -0400, Adam Katz wrote:
> (note, I'm guessing at the appropriate mailing list for cross-post)
>
> Dennis Davis wrote:
> > http://code.google.com/p/anti-phishing-email-reply/
> >
> > is also useful as it attempts to detail the compromised accounts.
> > Just block
On Tue, 28 Apr 2009, Steve Freegard wrote:
John Hardin wrote:
On Tue, 28 Apr 2009, Steve Freegard wrote:
To reduce the likelihood of collisions then it's better to add the input
string length at the end of the md5 like ClamAV does in it's MD5 sigs
e.g.
s...@laptop-smf:~$ perl -MDigest::MD5 -
1 - 100 of 115 matches
Mail list logo
