Re: Use of uninitialized value $response[0]

Hello Bill, Tuesday, September 17, 2024, 7:15:49 PM, you wrote: BC> You should upgrade to 4.0.1. That error on that line indicates that you are running an obsolete 3.4.x version. As far as that goes I'm just waiting to hear what the host of our VM says about updating it, as CentOS7 went EOL

Re: Use of uninitialized value $response[0]

Hello Bill, Tuesday, September 17, 2024, 7:15:49 PM, you wrote: BC> The likely root cause there is the lack of any reply from the Pyzor server, which is unlikely to be a per-user BC> condition. But another user logs this- procmail: Match on "< 512000" procmail: Locking "spamassassin.lock" pr

Re: Use of uninitialized value $response[0]

Spamassassin in all the mailboxes > > Procmail: Match on "< 256000" > procmail: Locking "spamassassin.lock" > procmail: Executing "/usr/local/bin/spamassassin" > Sep 17 18:08:24.727 [16350] warn: no response > Sep 17 18:08:24.727 [16350] war

Use of uninitialized value $response[0]

cmail: Executing "/usr/local/bin/spamassassin" Sep 17 18:08:24.727 [16350] warn: no response Sep 17 18:08:24.727 [16350] warn: Use of uninitialized value $response[0] in pattern match (m//) at /usr/local/share/perl5/Mail/SpamAssassin/Plugin/Pyzor.pm line 307. procmail: [16344] Tue Se

RE: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...

> > I should probably add that I personally don't do per-user config because > of the enlarged attack surface it presents and small marginal value, but > that's guided by local details. I work with systems owned by others > where other choices were made for very sound reasons and they have not > h

Re: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...

On 2023-07-07 at 12:08:22 UTC-0400 (Fri, 7 Jul 2023 09:08:22 -0700 (PDT)) Richard Troy is rumored to have said: Hi All, I changed the subject line to hopefully get some insight from a wider audience regarding this situation that Reindl uncovered: It should be noted that Harald Reindl is no

Re: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...

Check the systemd unit file. It should set the user the service runs as.

Re: Newb on sa-learn - didn't get what I expected as a response...

On Fri, 7 Jul 2023, Reindl Harald wrote: OF COURSE! For me, THE key questions have to do with the learning aspect (and maybe logging): What's the directory that, for example, sa-learn has to write into? ... Again, pointers would be nice - it's not like I was planning to spend my day doin

Re: Newb on sa-learn - didn't get what I expected as a response...

On Fri, 7 Jul 2023, Reindl Harald wrote: /usr is package terriotory and MUST NOT BE owned by anybody than root and read-only for the world just give common sense another few seconds! only the files/folders which are supposed to be written by any deamon should be writeable for the user th

spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...

Hi All, I changed the subject line to hopefully get some insight from a wider audience regarding this situation that Reindl uncovered: It started here: It appears that it IS running as root?! OR maybe as "sa-milt" ... As root I got this: # ps auxwww | grep spamd root  100805 

Re: Newb on sa-learn - didn't get what I expected as a response...

It appears that it IS running as root?! OR maybe as "sa-milt" ... As root I got this: # ps auxwww | grep spamd root  100805  0.0  0.3 158208 121164 ?   Ss   00:37   0:05 /usr/bin/perl -T -w /usr/bin/spamd -c -m5 -H --razor-home-dir=/var/lib/razor/ --razor-log-file=sys-syslog #

Re: Newb on sa-learn - didn't get what I expected as a response...

(I was running it as root - which the docs don't mention but I figure is what I'm supposed to do!) why do you suppose that? ...Uh... Because otherwise why the -u flag and comments about running it for virtual users? you NEVER run anything as root which isn't a root task - no matt

Re: Newb on sa-learn - didn't get what I expected as a response...

On Fri, 7 Jul 2023, Jared Hall wrote: I believe the default format is Maildir.  You  mention a single file w/ multiple emails which suggests you might be running MBox format? If so, try the --mbox command line switch. -- Jared Hall GREAT CATCH, Jared; you are correct, mine are in mbox f

Re: Newb on sa-learn - didn't get what I expected as a response...

Am 07.07.23 um 17:04 schrieb Richard: I've FINALLY built up a "corpus" of ham vs spam and also FINALLY had some time to spend on this and just ran sa-learn on, oh, IDK, some 10k email messages or so, I'd guess. And along the way, I NEVER ONCE got the kind of output r

Re: Newb on sa-learn - didn't get what I expected as a response...

On 7/7/2023 11:04 AM, Richard wrote: For example, here I run it against a file containing just over 2100 spam: In the end, I ran it on about four dozen files of ham and about 6 or so files of spam emails, carefully curated. In all these files, I NEVER saw it say it examined more than 1 messag

Newb on sa-learn - didn't get what I expected as a response...

Hi SA users, I've FINALLY built up a "corpus" of ham vs spam and also FINALLY had some time to spend on this and just ran sa-learn on, oh, IDK, some 10k email messages or so, I'd guess. And along the way, I NEVER ONCE got the kind of output response back from sa-learn th

Re: pyzor and failure to parse response

On Sun, Nov 20, 2022 at 12:54 PM Henrik K wrote: > On Sun, Nov 20, 2022 at 11:58:31AM -0500, Alex wrote: > > Hi, > > I'm using the latest SA from trunk and trying to get pyzor working. It > runs > > correctly to check a message from the command-line, but SA apparently > fails to > > properly pars

Re: pyzor and failure to parse response

On Sun, Nov 20, 2022 at 11:58:31AM -0500, Alex wrote: > Hi, > I'm using the latest SA from trunk and trying to get pyzor working. It runs > correctly to check a message from the command-line, but SA apparently fails to > properly parse the output? > > Nov 20 11:55:21.970 [2531521] dbg: pyzor: open

pyzor and failure to parse response

Hi, I'm using the latest SA from trunk and trying to get pyzor working. It runs correctly to check a message from the command-line, but SA apparently fails to properly parse the output? Nov 20 11:55:13.213 [2531397] dbg: pyzor: network tests on, attempting Pyzor Nov 20 11:55:15.756 [2531397] dbg:

Re: Another evil "order response" number

And yet another rather amusing one from a crypto trading scam: The BTC wallet which you have to send is: 1GF1DcYFpe MoA4Ttj6TeWPK sJFRV43JjYc (PLEASE REMOVE THE SPACES FROM THE WA= LLET NUMBER) Our trading system will automatically recognize your investment and start = making profits for YOU! I

Re: Another evil "order response" number

Defender Firewall Protection +1, 888, 313, 1366 Thank you, kind Sir -- Jared Hall Sent from my 4G LTE Device Get Outlook for Android

Another evil "order response" number

Thanks Regards, Billing Team Defender Firewall Protection +1, 888, 313, 1366

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-04-03 10:27 GMT-03:00 Leandro : > Hey guys. We just created an URL signature algorithm to be able to query > an entire URL at our URIBL: > > https://spfbl.net/en/uribl/ > > Now we are able to blacklist any malicious shortener URL. Now I will think > about some public complain interface that a

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> > We just created an URL signature algorithm to be able to query an entire > URL at our URIBL: > > https://spfbl.net/en/uribl/ > > Now we are able to blacklist any malicious shortener URL > > > Leandro, > > Thanks for all you do! And good luck with that. But there are a few > potential problems.

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> > > > Then the frequency is 10 per second, not 100ms. Querying more often > > > is a higher frequency. > > > > That is it! 10 per second or one every 100ms. The first is a flow rate > and > > the second is a frequency. > > One every 100ms is a frequency, agreed. > > Two every 100ms is a higher fr

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tue, 3 Apr 2018 11:21:35 -0400 Rob McEwen wrote: > Thanks for all you do! And good luck with that. But there are a few > potential problems. When I analyzed Google's shortners about a month > ago, I found that a VERY large percentage of the most malicious > shortened URLs were a situation w

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 4/3/2018 9:27 AM, Leandro wrote: We just created an URL signature algorithm to be able to query an entire URL at our URIBL: https://spfbl.net/en/uribl/ Now we are able to blacklist any malicious shortener URL Leandro, Thanks for all you do! And good luck with that. But there are a few

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tuesday 03 April 2018 at 16:43:09, Leandro wrote: > 2018-04-03 11:35 GMT-03:00 RW: > > On Tue, 3 Apr 2018 11:09:38 -0300 Leandro wrote: > > > 2018-04-03 10:34 GMT-03:00 Antony Stone: > > > > "IMPORTANT: Current limit is 100 ms per IP block. Lower frequencies > > > > require contribution. Please

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-04-03 11:35 GMT-03:00 RW : > On Tue, 3 Apr 2018 11:09:38 -0300 > Leandro wrote: > > > 2018-04-03 10:34 GMT-03:00 Antony Stone < > > antony.st...@spamassassin.open.source.it>: > > > > "IMPORTANT: Current limit is 100 ms per IP block. Lower frequencies > > > require contribution. Please contact

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> > > > > > > "IMPORTANT: Current limit is 100 ms per IP block. Lower frequencies > > > require contribution. Please contact us informing your IP or range, for > > > further details." > > > > This means, for example, your system do 10 queries at same second, then > the > > query frequency is 100ms.

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tue, 3 Apr 2018 11:09:38 -0300 Leandro wrote: > 2018-04-03 10:34 GMT-03:00 Antony Stone < > antony.st...@spamassassin.open.source.it>: > > "IMPORTANT: Current limit is 100 ms per IP block. Lower frequencies > > require contribution. Please contact us informing your IP or range, > > for furth

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tuesday 03 April 2018 at 16:09:38, Leandro wrote: > 2018-04-03 10:34 GMT-03:00 Antony Stone: > > On Tuesday 03 April 2018 at 15:27:11, Leandro wrote: > > > Hey guys. We just created an URL signature algorithm to be able to > > > query an entire URL at our URIBL: > > > > > > https://spfbl.net/e

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-04-03 10:34 GMT-03:00 Antony Stone < antony.st...@spamassassin.open.source.it>: > On Tuesday 03 April 2018 at 15:27:11, Leandro wrote: > > > Hey guys. We just created an URL signature algorithm to be able to query > an > > entire URL at our URIBL: > > > > https://spfbl.net/en/uribl/ > > I don

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tuesday 03 April 2018 at 15:27:11, Leandro wrote: > Hey guys. We just created an URL signature algorithm to be able to query an > entire URL at our URIBL: > > https://spfbl.net/en/uribl/ I don't think I understand the following statement on that page: "IMPORTANT: Current limit is 100 ms per

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

Hey guys. We just created an URL signature algorithm to be able to query an entire URL at our URIBL: https://spfbl.net/en/uribl/ Now we are able to blacklist any malicious shortener URL. Now I will think about some public complain interface that automatic lists any correct malicious sample using

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 4/1/2018 7:10 PM, Kevin A. McGrail wrote: No, I don't think it's an April Fool's trick though it is possible. They announced this a day or 2 ago. See https://www.cloudconnectcommunity.com/ccc/ls/community/g-suite-feature-ideas/post/6320666165116928 and https://firebase.google.com/docs/dynami

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

(08:30 MST), Rob McEwen wrote: >> >>> >>> RE: The "goo.gl >>> " shortner is OUT OF CONTROL (+ invaluement's response) >>> >> >> <https://tidbits.com/2018/04/01/google-sunsets-goo-gl-url-shortener/> >> > > april fools day :=) >

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

@lbutlr skrev den 2018-04-01 22:46: On 2018-02-20 (08:30 MST), Rob McEwen wrote: RE: The "goo.gl " shortner is OUT OF CONTROL (+ invaluement's response) <https://tidbits.com/2018/04/01/google-sunsets-goo-gl-url-shortener/> april fools day :=)

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (08:30 MST), Rob McEwen wrote: > > RE: The "goo.gl > " shortner is OUT OF CONTROL (+ invaluement's response) <https://tidbits.com/2018/04/01/google-sunsets-goo-gl-url-shortener/> -- Technically, Aziraphale was a Principality, but people made jokes about that these days

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 03/18/2018 06:59 PM, RW wrote: On Sun, 18 Mar 2018 18:24:36 -0500 David Jones wrote: On 03/18/2018 06:01 PM, Alan Hodgson wrote: On Sun, 2018-03-18 at 17:14 -0500, David Jones wrote: I have Steve Freegard's DecodeShortURLs.pm installed but didn't get any HAS_SHORT_URL hits on this one:

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sun, 18 Mar 2018 18:24:36 -0500 David Jones wrote: > On 03/18/2018 06:01 PM, Alan Hodgson wrote: > > On Sun, 2018-03-18 at 17:14 -0500, David Jones wrote: > >> I have Steve Freegard's DecodeShortURLs.pm installed but didn't > >> get any HAS_SHORT_URL hits on this one: > > Is it getting any

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 03/18/2018 06:01 PM, Alan Hodgson wrote: On Sun, 2018-03-18 at 17:14 -0500, David Jones wrote: I have Steve Freegard's DecodeShortURLs.pm installed but didn't get any HAS_SHORT_URL hits on this one: https://pastebin.com/t85b0Bns Is it getting any hits? It d

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sun, 2018-03-18 at 17:14 -0500, David Jones wrote: > I have Steve Freegard's DecodeShortURLs.pm installed but didn't get any > HAS_SHORT_URL hits on this one: > > https://pastebin.com/t85b0Bns Is it getting any hits? It definitely hits on that one in a test here. Note it needs Perl's LWP::

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 03/10/2018 10:57 AM, Rob McEwen wrote: On 3/10/2018 11:43 AM, Matus UHLAR - fantomas wrote: On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote: this is apparently not the case of one url redirector (shortener) points to another shortener. I really hope that the DecodeShortURLs only checks

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/15/2018 11:13 AM, sha...@shanew.net wrote: You might take a look at https://developers.google.com/url-shortener/v1/getting_started 1 miion requests per day is the default limit. Excellent! Thanks for the suggestion. This should help me MUCH! But, unfortunately, it still leaves a lot

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

You might take a look at https://developers.google.com/url-shortener/v1/getting_started 1 miion requests per day is the default limit. On Wed, 14 Mar 2018, Rob McEwen wrote: On 2/20/2018 9:42 PM, Rob McEwen wrote: Google might easily start putting captchas in the way or otherwi

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 9:42 PM, Rob McEwen wrote: Google might easily start putting captchas in the way or otherwise consider such lookups to be abusive and/or mistake them for malicious bots... This prediction turned out to be 100% true. Even though others have mentioned that they have been able to do

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 11:43 AM, Matus UHLAR - fantomas wrote: On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote: this is apparently not the case of one url redirector (shortener) points to another shortener. I really hope that the DecodeShortURLs only checks fopr redirection at those known redirect

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote: this is apparently not the case of one url redirector (shortener) points to another shortener. I really hope that the DecodeShortURLs only checks fopr redirection at those known redirectors (shorteners), not each http->https shortener and o

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote: this is apparently not the case of one url redirector (shortener) points to another shortener. I really hope that the DecodeShortURLs only checks fopr redirection at those known redirectors (shorteners), not each http->https shortener and o

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 3:20 AM, Matus UHLAR - fantomas wrote: do you have an example of any chained redirection not suspicious? On 10.03.18 11:04, Rob McEwen wrote: I haven't examined the code for that plugin very much (yet!) but one type of very common redirect that is very innocent... is the fact

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 3/10/2018 3:20 AM, Matus UHLAR - fantomas wrote: do you have an example of any chained redirection not suspicious? I haven't examined the code for that plugin very much (yet!) but one type of very common redirect that is very innocent... is the fact that a MASSIVE percentage of web si

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 07.03.18 10:59, sha...@shanew.net wrote: Just FYI, it does add 3.0 points as soon as it sees any chaining at all. The other 5.0 points get added at 10 redirections. That said, I think you're guess is right that redirections start to look really suspicious after just 3 or 4. do you have an

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

Just FYI, it does add 3.0 points as soon as it sees any chaining at all. The other 5.0 points get added at 10 redirections. That said, I think you're guess is right that redirections start to look really suspicious after just 3 or 4. On Sat, 3 Mar 2018, @lbutlr wrote: On Feb 26, 2018, at 09:

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

John Hardin skrev den 2018-03-03 19:28: This is why the DecodeShortURLs plugin has an explicit limit of 10 lookups (and penalizes such with a total of 8 points). I’d guess more than one redirect is highly suspicious and more than two is probably a waste of time, just score 5.0 and be done with

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sat, 3 Mar 2018, @lbutlr wrote: On Feb 26, 2018, at 09:55, sha...@shanew.net wrote: This is why the DecodeShortURLs plugin has an explicit limit of 10 lookups (and penalizes such with a total of 8 points). I’d guess more than one redirect is highly suspicious and more than two is probabl

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Feb 26, 2018, at 09:55, sha...@shanew.net wrote: > > This is why the DecodeShortURLs plugin has an explicit limit of 10 > lookups (and penalizes such with a total of 8 points). I’d guess more than one redirect is highly suspicious and more than two is probably a waste of time, just score 5.0

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-02-27 9:03 GMT-03:00 Rob McEwen : > On 2/26/2018 1:00 PM, Kevin A. McGrail wrote: > > DecodeShortURLs has been on my list of must-have plugins for years, so > I was a little surprised it took so long for someone to mention it > in this thread. > > Yeah, my firm is going to look at subsidizing

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

I will add it to the list, thanks. Regards, KAM On February 27, 2018 7:03:16 AM EST, Rob McEwen wrote: >On 2/26/2018 1:00 PM, Kevin A. McGrail wrote: >>> DecodeShortURLs has been on my list of must-have plugins for years, >so >>> I was a little surprised it took so long for someone to mention it

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/26/2018 1:00 PM, Kevin A. McGrail wrote: DecodeShortURLs has been on my list of must-have plugins for years, so I was a little surprised it took so long for someone to mention it in this thread. Yeah, my firm is going to look at subsidizing it's addition to SA and Karsten agreed.  Just t

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 26, 2018, at 11:00 AM, Kevin A. McGrail > wrote: > >> DecodeShortURLs has been on my list of must-have plugins for years, so >> I was a little surprised it took so long for someone to mention it >> in this thread. > Yeah, my firm is going to look at subsidizing it's addition to SA and

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/26/2018 12:55 PM, sha...@shanew.net wrote: On Mon, 26 Feb 2018, David B Funk wrote: Just be careful how you do that "expand redirections until no more redirections" or you may get caught in a spammer trap. This is why the DecodeShortURLs plugin has an explicit limit of 10 lookups (and pe

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Mon, 26 Feb 2018, David B Funk wrote: Just be careful how you do that "expand redirections until no more redirections" or you may get caught in a spammer trap. This is why the DecodeShortURLs plugin has an explicit limit of 10 lookups (and penalizes such with a total of 8 points). DecodeSh

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-02-26 10:41 GMT-03:00 Dianne Skoll : > On Mon, 26 Feb 2018 00:07:54 -0600 (CST) > David B Funk wrote: > > > So my bet is that the spammers are crafty enough to check things like > > browser referrer, cookies, etc to detect/differentiate a browser vs a > > link-checker. > > Yep. You need to

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Mon, 26 Feb 2018 00:07:54 -0600 (CST) David B Funk wrote: > So my bet is that the spammers are crafty enough to check things like > browser referrer, cookies, etc to detect/differentiate a browser vs a > link-checker. Yep. You need to fake your User-Agent (not hard) and put a limit on the nu

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> Hi Guys! We provide an URIBL that already have a script in Perl to expand > redirections until no more redirections: I would be uneasy to follow such redirections on a production email system (as opposed to eg a spamtrap system). You are likely „confirming“ live email addresses to the spammer

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

2018-02-26 3:07 GMT-03:00 David B Funk : > > Just be careful how you do that "expand redirections until no more > redirections" or you may get caught in a spammer trap. > > If you're going thru a professional redirect site like goo.gl or bit.ly > you're probably pretty safe but if it's a dedicated

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sun, 25 Feb 2018, LeandroCarlosRodrigues wrote: Amir Caspi wrote On that note -- regardless of what OTHER HW/SW solutions might do, since this is a SpamAssassin mailing list ... is there any facility to implement this in SA? That is, when calling the URIBL plugin, could it check both the sh

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Sun, 25 Feb 2018 05:25:06 -0700 (MST) LeandroCarlosRodrigues wrote: > Amir Caspi wrote > > On that note -- regardless of what OTHER HW/SW solutions might do, > > since this is a SpamAssassin mailing list ... is there any facility > > to implement this in SA? That is, when calling the URIBL plu

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

Amir Caspi wrote > On that note -- regardless of what OTHER HW/SW solutions might do, since > this is a SpamAssassin mailing list ... is there any facility to implement > this in SA? That is, when calling the URIBL plugin, could it check both > the shortened URL and the expanded URL (for known sho

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-21 (09:27 MST), Alex wrote: > > This is what DecodeShortURLs is for > https://github.com/smfreegard/DecodeShortURLs Aha! I knew something like that must exist! -- EIR OWN DESTINY. THEY TOUCH THE EARTH LIGHTLY.

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 21, 2018, at 12:45 PM, Dianne Skoll wrote: > > Someone earlier posted a link to https://github.com/smfreegard/DecodeShortURLs Oops, I missed that... must have thought it was just about decoding and not about SA. Thanks for clarifying! --- Amir

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 2:41 PM, Amir Caspi wrote: On Feb 21, 2018, at 9:57 AM, Dianne Skoll wrote: That's why you only want to do it for URLs that are absolutely known to be shortened URLs. You have to keep a list of known URL-shorteners. On that note -- regardless of what OTHER HW/SW solutions might d

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 21, 2018, at 9:57 AM, Dianne Skoll wrote: > > That's why you only want to do it for URLs that are > absolutely known to be shortened URLs. You have to keep a list of > known URL-shorteners. On that note -- regardless of what OTHER HW/SW solutions might do, since this is a SpamAssassin

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 12:41:05 -0700 Amir Caspi wrote: > On that note -- regardless of what OTHER HW/SW solutions might do, > since this is a SpamAssassin mailing list ... is there any facility > to implement this in SA? Someone earlier posted a link to https://github.com/smfreegard/DecodeShortURL

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 11:48 AM, Anthony Cartmell wrote: Meanwhile - adding URI lookups (for URIs in the body of the domains) and/or the option to add 3rd party URI list lookups - is STILL is missing from MANY widely used anti-spam systems. If you mean following URLs in messages, you do need to be aware t

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 16:48:40 + Anthony Cartmell wrote: > If you mean following URLs in messages, you do need to be aware that > this can break one-time login links. Big time. That's why you only want to do it for URLs that are absolutely known to be shortened URLs. You have to keep a list

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2/21/2018 11:44 AM, Dianne Skoll wrote: On Wed, 21 Feb 2018 16:35:27 + Karol Augustin wrote: I think the point here might be that if Google acted promptly on abuse spammers would stop using shorteners. True, that might happen. OTOH, I see about as many spams with bit.ly shorteners as g

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> Meanwhile - adding URI lookups (for URIs in the body of the domains) > and/or the option to add 3rd party URI list lookups - is STILL is > missing from MANY widely used anti-spam systems. If you mean following URLs in messages, you do need to be aware that this can break one-time login links. I

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Wed, 21 Feb 2018 16:35:27 + Karol Augustin wrote: > I think the point here might be that if Google acted promptly on abuse > spammers would stop using shorteners. True, that might happen. OTOH, I see about as many spams with bit.ly shorteners as goo.gl shorteners which is not what one mi

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 11:12 AM, Dianne Skoll wrote: Really? This isn't rocket science. If I thought of it, I'm sure dozens if not hundreds of others have thought of it and implemented it. Meanwhile - adding URI lookups (for URIs in the body of the domains) and/or the option to add 3rd party URI list

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2018-02-21 16:31, Dianne Skoll wrote: > On Wed, 21 Feb 2018 11:29:00 -0500 > Rob McEwen wrote: > >> Nevertheless, it is a shame to have to shift more of the burden onto >> spam filters to do more work (some of which requires MORE latency) - >> in order to partly mitigate Google's failure to pr

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Wed, 21 Feb 2018 11:29:00 -0500 Rob McEwen wrote: > Nevertheless, it is a shame to have to shift more of the burden onto > spam filters to do more work (some of which requires MORE latency) - > in order to partly mitigate Google's failure to prevent/correct the > abuse. Yes, I agree. On the

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2/21/2018 11:11 AM, Dianne Skoll wrote: I guess I misinterpreted: "...such automated lookups could also put a huge extra burden on Google's servers..." from Message-Id Oh yeah, I'd forgotten about that part. it was a more minor point. But as I think back on my thought processes at the time

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, Feb 21, 2018 at 1:38 AM, @lbutlr wrote: > On 2018-02-20 (22:10 MST), Reindl Harald wrote: >> >> you may hit confirmation-urls (both ham and spam), trigger actions, trigger >> *one-time* urls which are invalid for the user after a dumb bot used them >> not talking about that it would be

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 11:00:48 -0500 Rob McEwen wrote: > > [Expanding shorteners] been part of our practice for about a year now. > Excellent! I wish others would be as innovative and on top of things > as you are! Unfortunately, your statement doesn't alter my point you > were replying to, even o

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Wed, 21 Feb 2018 10:58:17 -0500 Rob McEwen wrote: > On 2/21/2018 10:37 AM, Dianne Skoll wrote: > > The concern voiced in another email about overloading Google's > > infrastructure is quite charming and quaint. > My concern was NEVER about overloading google. I guess I misinterpreted: "...

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 10:39 AM, Dianne Skoll wrote: We use HEAD requests to expand known URL-shorteners on a cluster that peaks around 60 msgs/s Thanks for that information. That is good to know! (b) and this isn't going to suddenly become a feature inside of many types of spam filtering hardware and

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2/21/2018 10:37 AM, Dianne Skoll wrote: The concern voiced in another email about overloading Google's infrastructure is quite charming and quaint. My concern was NEVER about overloading google. My concern was about Google auto-blocking or throwing a captcha at very high volume and automa

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

Dianne Skoll skrev den 2018-02-21 16:37: We do a HEAD request and it works on most URL shorteners. The concern voiced in another email about overloading Google's infrastructure is quite charming and quaint. +1 some with icla could add this to spamasssassin with https://github.com/smfreegard

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 02:30:40 -0500 Rob McEwen wrote: > (a) it might not "scale" for high volume mail flows and DNSBLs who, > like invaluement, process dozens (or more) spams per second. We use HEAD requests to expand known URL-shorteners on a cluster that peaks around 60 msgs/s > (b) and this i

Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Tue, 20 Feb 2018 23:38:53 -0700 "@lbutlr" wrote: > As I suspected, it is possible to get the goo.gl target URL without > loading the site, though using curl is probably not realistic in this > specific case. We do a HEAD request and it works on most URL shorteners. The concern voiced in anot

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-21 (00:52 MST), Charles Sprickman wrote: > > You can also see all the analytics by appending “.info” to the URL, eg: > http://goo.gl/ylUAd.info True, but that is a web browser solution, not something that could, for example, be scripted (well, not easily or realistically for this so

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 21, 2018, at 1:38 AM, @lbutlr wrote: > > On 2018-02-20 (22:10 MST), Reindl Harald wrote: >> >> you may hit confirmation-urls (both ham and spam), trigger actions, trigger >> *one-time* urls which are invalid for the user after a dumb bot used them >> not talking about that it would

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 1:38 AM, @lbutlr wrote: As I suspected, it is possible to get the goo.gl target URL without loading the site, though using curl is probably not realistic in this specific case. That is an idea worth exploring! Some might greatly benefit from that. However: (a) it might not "sca

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 1:17 AM, @lbutlr wrote: goo.gl (and other shorteners) are used for far more than email. That said, most my incoming email is rejected long before it get to any sort of URI lookups based on just the transaction information, That is to say, upwards of 90% of incoming mail is rejected

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (22:10 MST), Reindl Harald wrote: > > you may hit confirmation-urls (both ham and spam), trigger actions, trigger > *one-time* urls which are invalid for the user after a dumb bot used them not > talking about that it would be illegal in many countries in case of private > ham-ma

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (19:42 MST), Rob McEwen wrote: > > I ran stats on a sample set of a few thousand mailboxes, over a period of > several hours today (mostly during business hours for these particular > organizations who use these mailboxes) - and this produced a combined 24K > legit messages, and

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 6:05 PM, @lbutlr wrote: On 2018-02-20 (08:30 MST), Rob McEwen wrote: Spammers are starting to use this to evade spam filters, This is not news. Spammers have been using shortness since 3 seconds after tinyurl.com launched. My "this" was /*specifically*/ referring to Google's sh

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (08:30 MST), Rob McEwen wrote: > > Spammers are starting to use this to evade spam filters, This is not news. Spammers have been using shortness since 3 seconds after tinyurl.com launched. > Keep in mind that, if a marketer is doing things the right way, they should > have no ne

  1   2   >