On 22 Aug 2007, John Rudd spake thusly:
> Nix wrote:
>> My ISP doesn't give me that option (well, OK, it probably gives *me*
>> that option because I can bug the ISP's technical director, but not
>> people who've posted bonds). I'd venture to guess that the vast majority of
>> small business UK IS
Nix wrote:
On 21 Aug 2007, Kai Schaetzl said:
Nix wrote on Tue, 21 Aug 2007 09:26:18 +0100:
It's not dynamic, but Botnet isn't just looking for dynamic IPed hosts, but
also hosts with e.g. the string `adsl' in its rDNS, even if that host happens
to have a static assignment.
Well, if it's stat
Nix wrote on Tue, 21 Aug 2007 23:24:23 +0100:
> (Personally I'd prefer that *no* single rule could push a mail more than
> halfway towards spamminess...)
Absolutely agreed, with a few exceptions, like Bayes_99 :-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services:
On 21 Aug 2007, Kai Schaetzl outgrape:
> Nix wrote on Tue, 21 Aug 2007 09:27:11 +0100:
>
>> If anybody is really so stupid as to unconditionally block mail from
>> hosts merely because of string matching in their rDNS, I'm not sure they
>> *deserve* to see any email...
>
> No, it's stupid to send
On 21 Aug 2007, Kai Schaetzl said:
> Nix wrote on Tue, 21 Aug 2007 09:26:18 +0100:
>
>> It's not dynamic, but Botnet isn't just looking for dynamic IPed hosts, but
>> also hosts with e.g. the string `adsl' in its rDNS, even if that host happens
>> to have a static assignment.
>
> Well, if it's sta
Nix wrote on Tue, 21 Aug 2007 09:27:11 +0100:
> If anybody is really so stupid as to unconditionally block mail from
> hosts merely because of string matching in their rDNS, I'm not sure they
> *deserve* to see any email...
No, it's stupid to send mail from "adsl" named ranges if you want to get
Nix wrote on Tue, 21 Aug 2007 09:26:18 +0100:
> It's not dynamic, but Botnet isn't just looking for dynamic IPed hosts, but
> also hosts with e.g. the string `adsl' in its rDNS, even if that host happens
> to have a static assignment.
Well, if it's static they can give you rDNS and you can use a
> -Original Message-
> From: Robert Fitzpatrick [mailto:[EMAIL PROTECTED]
> Sent: Saturday, 18 August 2007 1:24
> To: users@spamassassin.apache.org
> Subject: Re: Suggested botnet rule scores
>
> On Fri, 2007-08-17 at 16:31 +0200, Kai Schaetzl wrote:
> > Robe
John Thompson wrote on Mon, 20 Aug 2007 21:36:51 -0500:
> Indeed. But some people have a religious objection to all things google,
> so I hesitate to recommend it as a universal solution.
Misunderstanding. I meant to say that you do not need a Google Mail account
for this. That is why it is an
On 18 Aug 2007, Kai Schaetzl said:
> Nix wrote on Sat, 18 Aug 2007 15:14:53 +0100:
>
>> > Worms and spam have made it impossible for users to use their own
>> > personal mail servers.
>>
>> Really? Fascinating, I'm doing the impossible. I had no idea.
>
> You should not read that literally. You c
On 18 Aug 2007, Kai Schaetzl stated:
> Nix wrote on Sat, 18 Aug 2007 17:35:20 +0100:
>
>> Competent ISPs give you rDNS. (Really good ones delegate your rDNS to
>> you.)
>
> So, your ISP is not competent? How would they give specific rDNS to
> dynamic IP addresses, anyway?
It's not dynamic, but B
On 18 Aug 2007, Magnus Holmgren said:
> On Saturday 18 August 2007 16:14, Nix wrote:
>> On 17 Aug 2007, Robert Fitzpatrick verbalised:
>> > ISP's are blocking port 25 from anything but their own stuff, especially
>> > dial-up.
>>
>> Mine blocks until you prove you're competent (or post a bond: I d
On 2007-08-20, Kai Schaetzl <[EMAIL PROTECTED]> wrote:
> John Thompson wrote on Sun, 19 Aug 2007 15:30:59 -0500:
>
>> An easy solution for laptop users with a gmail account is to simply use
>> gmails' SMTP service,
> That is an easy solution for most users, gmail or not. Gmail is really
> nothin
John Thompson wrote on Sun, 19 Aug 2007 15:30:59 -0500:
> An easy solution for laptop users with a gmail account is to simply use
> gmails' SMTP service,
That is an easy solution for most users, gmail or not. Gmail is really
nothing special.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at
Robert Fitzpatrick wrote:
> Worms and spam have made it impossible for users to use their own
> personal mail servers. We block any outgoing mail on any managed
> firewall on port 25 other than authorized ESMTP servers. More and more
> ISP's are blocking port 25 from anything but their own stuff,
Nix wrote:
> On 17 Aug 2007, Jerry Durand told this:
>> Why do they need a "personal mail server"?
>
> Well, I use my own MTA because I've had repeated problems with ISP MTAs
> losing my mail, corrupting it, going down at inconvenient moments (like
> Friday evening to come back up only on Monday)
Nix wrote on Sat, 18 Aug 2007 17:35:20 +0100:
> Competent ISPs give you rDNS. (Really good ones delegate your rDNS to
> you.)
So, your ISP is not competent? How would they give specific rDNS to
dynamic IP addresses, anyway?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Interne
Nix wrote on Sat, 18 Aug 2007 15:14:53 +0100:
> > Worms and spam have made it impossible for users to use their own
> > personal mail servers.
>
> Really? Fascinating, I'm doing the impossible. I had no idea.
You should not read that literally. You can, of course do that. But many
providers wil
At 08:11 AM 8/18/2007, Robert Fitzpatrick wrote:
Botnet is designed to
combat you.
Along with several black lists. Two of the lists we use do there
best to block dynamic servers.
Note, we are on a dynamic address, but send through our ISPs server
with AUTH. If we had any trouble with thei
On 18 Aug 2007, Robert Fitzpatrick spake thusly:
> On Sat, 2007-08-18 at 15:14 +0100, Nix wrote:
>> On 17 Aug 2007, Robert Fitzpatrick verbalised:
>> > Worms and spam have made it impossible for users to use their own
>> > personal mail servers.
>>
>> Really? Fascinating, I'm doing the impossible
On Sat, 2007-08-18 at 15:14 +0100, Nix wrote:
> On 17 Aug 2007, Robert Fitzpatrick verbalised:
> > Worms and spam have made it impossible for users to use their own
> > personal mail servers.
>
> Really? Fascinating, I'm doing the impossible. I had no idea.
Correction, normal novice users that do
On Saturday 18 August 2007 16:14, Nix wrote:
> On 17 Aug 2007, Robert Fitzpatrick verbalised:
> > ISP's are blocking port 25 from anything but their own stuff, especially
> > dial-up.
>
> Mine blocks until you prove you're competent (or post a bond: I did the
> former) and gets really pissed if you
On 17 Aug 2007, Jerry Durand told this:
> Why do they need a "personal mail server"?
Well, I use my own MTA because I've had repeated problems with ISP MTAs
losing my mail, corrupting it, going down at inconvenient moments (like
Friday evening to come back up only on Monday). It's a single point o
On 17 Aug 2007, Robert Fitzpatrick verbalised:
> Worms and spam have made it impossible for users to use their own
> personal mail servers.
Really? Fascinating, I'm doing the impossible. I had no idea.
> More and more
> ISP's are blocking p
Kai Schaetzl wrote:
I see. My pov on quarantine is that as most as possible it should not need
human review. Clients should be bothered as few as possible. I don't
reject
any spam, it's all put in the quarantine. If it scores between 5 and 6
users get a notice, if it is higher they don't.
FWI
Kai Schaetzl wrote:
John Rudd wrote on Fri, 17 Aug 2007 09:01:27 -0700:
3) you can eliminate the false positives entirely by setting the score
to 4.0, because all of the false positives we've come across were in the
range 5.0 <= score < 6 (actually, smaller than 6, but definitely 6 works
ther
Robert Fitzpatrick wrote on Fri, 17 Aug 2007 11:23:56 -0400:
> Still no good, I only get the message, no debug info...:(
But you get it on the screen, right? You may have to redirect std:err or
what it's called as well to get the dbg output in that file.
> Anyone can tell us what these scores d
John Rudd wrote on Fri, 17 Aug 2007 09:01:27 -0700:
> It's deliberately a 5.0 because the purpose is to flag all such messages
> for human review/quarantine (and there's a small assumption there that
> no rational human being is trashing or rejecting messages at a score in
> the range of 5 to 6
Jari Fredriksson wrote on Fri, 17 Aug 2007 18:39:13 +0300:
> It's common practise here for households, but not for business users.
> Actually roaming
business users with their lap tops actually need something like a "personal
mail server",
no, they don't. Not at all.
> and there are such pro
On Fri, 2007-08-17 at 09:01 -0700, John Rudd wrote:
> Over the last 9 months, my observation has been that, on a million-ish
> message per day system:
>
> 1) aprox. 1% of Botnet marked messages are false positives
>
> 2) you can reduce false positives from Botnet by 66% by just dropping
> the s
Kai Schaetzl wrote:
Robert Fitzpatrick wrote on Fri, 17 Aug 2007 08:56:33 -0400:
Well, like I said, we had big problems using anything in Botnet except
nordns.
That's why everything except the main BOTNET is set to 0 I guess ;-) You
have to check for yourself if it fits or not. I just enable
At 08:39 AM 8/17/2007, Jari Fredriksson wrote:
It's common practise here for households, but not for business
users. Actually roaming business users with their lap tops actually
need something like a "personal mail server", and there are such
products for windows too.
Why do they need a "per
On Fri, 2007-08-17 at 18:39 +0300, Jari Fredriksson wrote:
> > 2. many ISPs block connections from dynamic IPs, anyway,
> > this is actually common practice.
> >
>
> It's common practise here for households, but not for business users.
> Actually roaming business users with their lap tops actua
Henrik Krohns wrote:
If you want a simple solution, you can try http://sa.hege.li/ for BadRelay
plugin.
BadRelay makes a fairly fatal assumption: The MTA put the rdns into the
Received header. I know of 2 MTAs that don't do that (they just put the
IP address in, without the rdns name). I
Jari Fredriksson wrote:
Jari Fredriksson wrote on Fri, 17 Aug 2007 01:11:37 +0300:
But if I were an ISP I could not use it. Impossible.
Totally impossible.
because ... ?
Kai
Because there is always some friends of some customers using a local linux with
a local mail server without smart h
> Jari Fredriksson wrote on Fri, 17 Aug 2007 14:39:44 +0300:
>
>> Because there is always some friends of some customers
>> using a local linux with a local mail server without
>> smart host.
>
> And that is a problem?
> 1. you can adjust scoring
That's true, I didn't think about it. So true.
On Fri, 2007-08-17 at 16:31 +0200, Kai Schaetzl wrote:
> Robert Fitzpatrick wrote on Fri, 17 Aug 2007 08:56:33 -0400:
>
> > Well, like I said, we had big problems using anything in Botnet except
> > nordns.
>
> That's why everything except the main BOTNET is set to 0 I guess ;-) You
> have to ch
On Fri, 2007-08-17 at 16:31 +0200, Kai Schaetzl wrote:
> Robert Fitzpatrick wrote on Fri, 17 Aug 2007 08:46:25 -0400:
>
> > I tried 'spamassassin -D > results.txt <
> > myspamfile', but only gives me the results of the tests.
>
> spamassassin -D results.txt
>
> should do it.
Still no good, I on
Robert Fitzpatrick wrote on Fri, 17 Aug 2007 08:56:33 -0400:
> Well, like I said, we had big problems using anything in Botnet except
> nordns.
That's why everything except the main BOTNET is set to 0 I guess ;-) You
have to check for yourself if it fits or not. I just enabled a few (using
a sc
Robert Fitzpatrick wrote on Fri, 17 Aug 2007 08:46:25 -0400:
> I tried 'spamassassin -D > results.txt <
> myspamfile', but only gives me the results of the tests.
spamassassin -D results.txt
should do it.
50_scores.cf:score ACT_NOW_CAPS 0.948 0.001 1.259 0.792
That might explain it. The second
Henrik Krohns <[EMAIL PROTECTED]> writes:
[...]
> If you want a simple solution, you can try http://sa.hege.li/ for BadRelay
> plugin.
Interesting license... ;)
Have a nice day,
Pawel
Jari Fredriksson wrote on Fri, 17 Aug 2007 14:39:44 +0300:
> Because there is always some friends of some customers using a local linux
> with a local mail server without smart host.
And that is a problem?
1. you can adjust scoring
2. many ISPs block connections from dynamic IPs, anyway, this is
On Thu, 2007-08-16 at 17:47 -0500, René Berber wrote:
> Jari Fredriksson wrote:
>
> > Botnet is bad AFAIK bad for anyone running an ISP or so.
> >
> > I'm a lone one and I know that nobody sending me email is not using a Linux
> > box with his own server, so I can drop all mail from dynamic dns o
On Fri, 2007-08-17 at 00:31 +0200, Kai Schaetzl wrote:
> It seems you lowered the score of ACT_NOW_CAPS. If you have done this
> with
> a lot of rules, it's understandable that they don't help ;-)
Good eyes, I didn't even see that. I have checked my local.cf, where is
the only place I lower or a
> Jari Fredriksson wrote on Fri, 17 Aug 2007 01:11:37 +0300:
>
>> But if I were an ISP I could not use it. Impossible.
>> Totally impossible.
>
> because ... ?
>
> Kai
Because there is always some friends of some customers using a local linux with
a local mail server without smart host.
Jari Fredriksson wrote on Fri, 17 Aug 2007 01:11:37 +0300:
> But if I were an ISP I could not use it. Impossible. Totally impossible.
because ... ?
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Jari Fredriksson wrote:
> Botnet is bad AFAIK bad for anyone running an ISP or so.
>
> I'm a lone one and I know that nobody sending me email is not using a Linux
> box with his own server, so I can drop all mail from dynamic dns or no rdns
> at all.
>
> I do whitelist all mailling lists as well
Robert Fitzpatrick wrote on Thu, 16 Aug 2007 16:15:24 -0400:
> Wondering what score
> settings others are using for Botnet or are you able to kill these
> messages without it?
No, this message has too few generic spam signs. But if you get a lot of
them you can easily take out some of the typica
Botnet is bad AFAIK bad for anyone running an ISP or so.
I'm a lone one and I know that nobody sending me email is not using a Linux box
with his own server, so I can drop all mail from dynamic dns or no rdns at all.
I do whitelist all mailling lists as well, they never see SA.
In my position,
I have some spam hitting some users pretty hard while just falling short
of the kill level, see below. Seems if I was using Botnet a little more,
it would help. I remember when we installed the Botnet rules, they were
too aggressive with lots of complaints stemming from mis-configured dns,
yada, ya
50 matches
Mail list logo
