On Thu, 2018-12-13 at 17:08 -0500, Bill Cole wrote:
> On 13 Dec 2018, at 16:24, Chris Pollock wrote:
>
> > On Thu, 2018-12-13 at 15:14 -0600, Chris Pollock wrote:
> > > On Tue, 2018-12-11 at 19:00 -0500, Bill Cole wrote:
> > > > On 11 Dec 2018, at 16:37, Chris Pollock wrote:
> > > >
> > > > > On
On 13 Dec 2018, at 16:24, Chris Pollock wrote:
> On Thu, 2018-12-13 at 15:14 -0600, Chris Pollock wrote:
>> On Tue, 2018-12-11 at 19:00 -0500, Bill Cole wrote:
>>> On 11 Dec 2018, at 16:37, Chris Pollock wrote:
>>>
On Mon, 2018-12-10 at 13:09 -0500, Bill Cole wrote:
>>>
>>> [...]
> Anyway
On Thu, 2018-12-13 at 15:14 -0600, Chris Pollock wrote:
> On Tue, 2018-12-11 at 19:00 -0500, Bill Cole wrote:
> > On 11 Dec 2018, at 16:37, Chris Pollock wrote:
> >
> > > On Mon, 2018-12-10 at 13:09 -0500, Bill Cole wrote:
> >
> > [...]
> > > > Anyway, as of today I've capped those 2 subrules at
On Tue, 2018-12-11 at 19:00 -0500, Bill Cole wrote:
> On 11 Dec 2018, at 16:37, Chris Pollock wrote:
>
> > On Mon, 2018-12-10 at 13:09 -0500, Bill Cole wrote:
>
> [...]
> > > Anyway, as of today I've capped those 2 subrules at levels which
> > > leave ample space to still match the target spam. S
On Tue, 2018-12-11 at 19:00 -0500, Bill Cole wrote:
> On 11 Dec 2018, at 16:37, Chris Pollock wrote:
>
> > On Mon, 2018-12-10 at 13:09 -0500, Bill Cole wrote:
>
> [...]
> > > Anyway, as of today I've capped those 2 subrules at levels which
> > > leave ample space to still match the target spam. S
On 11 Dec 2018, at 16:37, Chris Pollock wrote:
> On Mon, 2018-12-10 at 13:09 -0500, Bill Cole wrote:
[...]
>> Anyway, as of today I've capped those 2 subrules at levels which
>> leave ample space to still match the target spam. Should show up in
>> tomorrow's update.
I was wrong. The addition of
gt; > rules
> > > > I
> > > > mention above are in 72_active.cf. Is there a reason for the
> > > > number
> > > > of
> > > > times it's listed? Couldn't each subtest be listed just once
> > > > instead
> > > >
On Tue, 11 Dec 2018, Chris Pollock wrote:
It's got the potential to be VERY noisy (as you've discovered) while
not really providing much useful info. Not a big deal on a small
system.
I could just go through and comment out this line in my local.cf
add_header all Subtest Ran _SUBTESTS(,)_
but
gt; > rules
> > > > I
> > > > mention above are in 72_active.cf. Is there a reason for the
> > > > number
> > > > of
> > > > times it's listed? Couldn't each subtest be listed just once
> > > > instead
> > > >
headers but I have to ask. When looking at the
>>> headers
>>> of some ham I noticed - https://pastebin.com/H7euxqVX the two rules
>>> I
>>> mention above are in 72_active.cf. Is there a reason for the number
>>> of
>>> times it's listed? C
s
> > of some ham I noticed - https://pastebin.com/H7euxqVX the two rules
> > I
> > mention above are in 72_active.cf. Is there a reason for the number
> > of
> > times it's listed? Couldn't each subtest be listed just once
> > instead
> > of
>
f. Is there a reason for the number of
times it's listed? Couldn't each subtest be listed just once instead
of
multiple times?
Not with the current documented behavior of the code, given the way
those sub-rules are designed to work together. The goal is to identify
messages which u
it's listed? Couldn't each subtest be listed just once instead of
multiple times?
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
10:58:20 up 1 day, 15:22, 1 user, load average: 0.67, 0.49, 0.31
Description:Ubuntu 18.04.1 LTS, kernel 4.15.0-42-generic
signature.
On Tue, 14 Nov 2017 12:23:46 -0800
Ian Zimmerman wrote:
> ~$ rblcheck 81.17.24.158
...
> 81.17.24.158 listed by xbl.spamhaus.org
It's a shared VPN address, so I'm not surprised.
~$ rblcheck 81.17.24.158
81.17.24.158 not listed by sbl.spamhaus.org
81.17.24.158 listed by xbl.spamhaus.org
81.17.24.158 not listed by pbl.spamhaus.org
81.17.24.158 not listed by bl.spamcop.net
81.17.24.158 not listed by psbl.surriel.com
81.17.24.158 not listed by dul.dnsbl.sorbs.net
[I wanted
On Sat, 5 Sep 2015 01:38:40 +0100
RW wrote:
> In other words it looks like both rules are doing the full set of
> look-ups
>
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7242
00/updates_spamassassin_org/25_uribl.cf I
> see:
>
> uridnssub URIBL_SBLzen.spamhaus.org. A 127.0.0.2
> bodyURIBL_SBLeval:check_uridnsbl('URIBL_SBL')
> describeURIBL_SBLContains an URL's NS IP listed in
> the
127.0.0.2
bodyURIBL_SBLeval:check_uridnsbl('URIBL_SBL')
describeURIBL_SBLContains an URL's NS IP listed in the SBL
blocklist
tflags URIBL_SBLnet
reuse URIBL_SBL
uridnsblURIBL_SBL_Asbl.spamhaus.org. A
Am 03.09.2015 um 09:33 schrieb Matus UHLAR - fantomas:
On 02.09.15 17:49, Reindl Harald wrote:
[harry@mail-gw:~]$ cat maillog | grep URIBL_SBL | wc -l
16
wow
what about "grep -c URIBL_SBL maillog"?
http://porkmail.org/era/unix/award.html
who cares in a one-shot command over a 30 MB file?
On 02.09.15 17:49, Reindl Harald wrote:
[harry@mail-gw:~]$ cat maillog | grep URIBL_SBL | wc -l
16
wow
what about "grep -c URIBL_SBL maillog"?
http://porkmail.org/era/unix/award.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
Am 02.09.2015 um 17:40 schrieb Dave Pooser:
(Sorry for the double post if you saw this message on SDLU as well.)
I just had a Spamassassin FP that hit
URIBL_SBL Contains an URL's NS IP listed in the SBL blocklist
[URIs: www.alfordmedia.com]
Do
(Sorry for the double post if you saw this message on SDLU as well.)
I just had a Spamassassin FP that hit
URIBL_SBL Contains an URL's NS IP listed in the SBL blocklist
[URIs: www.alfordmedia.com]
Doing a whois on alfordmedia.com shows that name ser
> On Nov 14, 2014, at 11.41, Reindl Harald wrote:
>
> Am 14.11.2014 um 17:11 schrieb listsb-spamassas...@bitrate.net:
>> one characteristic that appears to be pretty consistent is the age of the
>> domain name that a given message references [from header, envelope sender,
>> ptr record for rem
On Fri, 14 Nov 2014, Miles Fidelman wrote:
Actually, the OPs notion is an interesting one.
From the point of view of someone who administers a lot of systems
and mailing lists, I end up getting multiple copies of lots of
messages. I've been thinking for a while about how to implement
anti-s
On Fri, 14 Nov 2014 18:24:05 +0100
Matus UHLAR - fantomas wrote:
> >I have an experimental botnet detector that looks for multiple
> >messages with similar subjects that come from many different
> >countries (as determined by geolocating the relay IP.)
> isn't this what DCC is about?
Similar id
On Fri, 14 Nov 2014, listsb-spamassas...@bitrate.net wrote:
one characteristic that appears to be pretty consistent is the age of
the domain name that a given message references [from header, envelope
sender, ptr record for remote mailservers referenced in received
headers, etc]. quite often,
On Fri, 14 Nov 2014, Miles Fidelman wrote:
Actually, the OPs notion is an interesting one.
From the point of view of someone who administers a lot of systems and
mailing lists, I end up getting multiple copies of lots of messages. I've
been thinking for a while about how to implement anti-sp
On Fri, 14 Nov 2014, Reindl Harald wrote:
if they would have that much ressources postscreen even without RBL's would
not be that effective because they don't wait until their turn to speak most
of the time and so have no chance for delivery - the 13407 pregreets this
month are "hurry up i hav
On Fri, 14 Nov 2014 07:45:49 -0500
Miles Fidelman wrote:
From the point of view of someone who administers a lot of systems
and mailing lists, I end up getting multiple copies of lots of
messages. I've been thinking for a while about how to implement
anti-spam rules based on receiving multiple
Am 14.11.2014 um 17:11 schrieb listsb-spamassas...@bitrate.net:
one characteristic that appears to be pretty consistent is the age of the
domain name that a given message references [from header, envelope sender, ptr
record for remote mailservers referenced in received headers, etc]. quite
> On Nov 14, 2014, at 00.35, John Hardin wrote:
>
> On Thu, 13 Nov 2014, listsb-spamassas...@bitrate.net wrote:
>
>> all of the emotional postulative opining aside, one possibility i have been
>> considering is having postfix delay relay of messages to the content filter
>> for a few minutes,
On Fri, 14 Nov 2014 14:58:46 +0100
Reindl Harald wrote:
[David]
> > I don't agree with that contention. Botnet operators have so many
> > resources at their disposal that I doubt they care about or even
> > notice any sort of delaying or tarpitting.
[Harald]
> they don't because they have not m
Am 14.11.2014 um 14:43 schrieb David F. Skoll:
On Fri, 14 Nov 2014 13:35:34 +0100
Reindl Harald wrote:
*but* it makes a ton of troubles for large *legit* sending clusters
which often after a 4xx reject handover that mail to a different node
and so get again a 4xx
With very little loss of e
On Fri, 14 Nov 2014 13:35:34 +0100
Reindl Harald wrote:
> *but* it makes a ton of troubles for large *legit* sending clusters
> which often after a 4xx reject handover that mail to a different node
> and so get again a 4xx
With very little loss of effectiveness, you can modify the algorithm
so
On Fri, 14 Nov 2014 07:45:49 -0500
Miles Fidelman wrote:
> From the point of view of someone who administers a lot of systems
> and mailing lists, I end up getting multiple copies of lots of
> messages. I've been thinking for a while about how to implement
> anti-spam rules based on receiving mu
Actually, the OPs notion is an interesting one.
From the point of view of someone who administers a lot of systems and
mailing lists, I end up getting multiple copies of lots of messages.
I've been thinking for a while about how to implement anti-spam rules
based on receiving multiple copies
Am 14.11.2014 um 13:04 schrieb David F. Skoll:
On Fri, 14 Nov 2014 08:39:13 +0100
Matthias Leisi wrote:
On Fri, Nov 14, 2014 at 6:35 AM, John Hardin
wrote:
if you're in a business environment you may have an uphill battle
with managing expectations, to wit: email is *not* intended to be
i
On Fri, 14 Nov 2014 08:39:13 +0100
Matthias Leisi wrote:
> On Fri, Nov 14, 2014 at 6:35 AM, John Hardin
> wrote:
> > if you're in a business environment you may have an uphill battle
> > with managing expectations, to wit: email is *not* intended to be
> > instant messaging - and may run up aga
On Fri, Nov 14, 2014 at 6:35 AM, John Hardin wrote:
> if you're in a business environment you may have an uphill battle with
> managing expectations, to wit: email is *not* intended to be instant
> messaging - and may run up against the brick wall of management not being
> willing to delay email
On Thu, 13 Nov 2014, listsb-spamassas...@bitrate.net wrote:
all of the emotional postulative opining aside, one possibility i have
been considering is having postfix delay relay of messages to the
content filter for a few minutes, as it seems that when these messages
reach us, they're only min
hi-
i've recently asked about essentially this same topic on the postfix-users
mailing list, so apologies to those subjected to the repetition.
the topic came up for me a couple of weeks ago when i asked about duplicate
spam that was scoring low the first time it was received:
https://mail-arc
Den 2012-03-02 18:15, Jeremy McSpadden skrev:
Leap Year
sure ?
#
# Copyright 2012 Nordea
#
body __COPYRIGHT_NORDEA /Copyright\ 201.\ Nordea/i
meta PHISHMAIL_NORDEA (__COPYRIGHT_NORDEA && !SPF_PASS)
describe PHISHMAIL_NORDEA Meta: __COPYRIGHT_NORDEA && !SPF_PASS
score PHISHMAIL_NORDEA 3.0
if s
Leap Year
--
Jeremy McSpadden
On Mar 2, 2012, at 11:11 AM, "Benny Pedersen" wrote:
> Den 2012-03-02 17:50, Axb skrev:
>> On 03/02/2012 05:36 PM, Benny Pedersen wrote:
>>> just a note to whom it might concern :)
>> why no pastebin a sample?
>
> february had 29 days this yaer ?
>
> its being r
Den 2012-03-02 17:50, Axb skrev:
On 03/02/2012 05:36 PM, Benny Pedersen wrote:
just a note to whom it might concern :)
why no pastebin a sample?
february had 29 days this yaer ?
its being resolved, sorry for the noice
On 03/02/2012 05:36 PM, Benny Pedersen wrote:
just a note to whom it might concern :)
why no pastebin a sample?
Den 2012-03-02 17:40, Jeremy McSpadden skrev:
Ha. Nice
be nice to an old mand
--
Jeremy McSpadden
On Mar 2, 2012, at 10:38 AM, "Michael Scheidell"
wrote:
On 3/2/12 11:36 AM, Benny Pedersen wrote:
just a note to whom it might concern :)
phisting?
OUCH.
--
Michael Scheidell, CTO
o:
It was a last minute decision.
Jeremy McSpadden wrote:
>Ha. Nice
>
>
>--
>Jeremy McSpadden
>
>On Mar 2, 2012, at 10:38 AM, "Michael Scheidell"
> wrote:
>
>> On 3/2/12 11:36 AM, Benny Pedersen wrote:
>>> just a note to whom it might concern :)
>>>
>> phisting?
>>
>> OUCH.
>>
>>
>> --
>> Mich
Ha. Nice
--
Jeremy McSpadden
On Mar 2, 2012, at 10:38 AM, "Michael Scheidell"
wrote:
> On 3/2/12 11:36 AM, Benny Pedersen wrote:
>> just a note to whom it might concern :)
>>
> phisting?
>
> OUCH.
>
>
> --
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> >*| *SECNAP Network
On 3/2/12 11:36 AM, Benny Pedersen wrote:
just a note to whom it might concern :)
phisting?
OUCH.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Com
just a note to whom it might concern :)
Benny Pedersen wrote:
On tir 21 dec 2010 18:39:52 CET, Randy Ramsdell wrote
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL
and PBL ) for 8 days. I have reject at the smtpd level if found.
May want to look out for this.
iphone ?
if mobile phones not using smtp auth it
On tir 21 dec 2010 18:39:52 CET, Randy Ramsdell wrote
> It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL
> and PBL ) for 8 days. I have reject at the smtpd level if found.
>
> May want to look out for this.
iphone ?
if mobile phones not using smtp auth it will f
On 12/21/10 12:39 PM, Randy Ramsdell wrote:
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and
PBL ) for 8 days. I have reject at the smtpd level if found.
May want to look out for this.
Thanks,
RCR
Good.
you should not be sending email directly from your iphone or mifi
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and
PBL ) for 8 days. I have reject at the smtpd level if found.
May want to look out for this.
Thanks,
RCR
coring of those emails which listed in the same (
> spamhaus-ZEN )? If yes, how can we achieve this?
>
> I want to give score 15 to all emails which are listed in spamhaus-ZEN.
>
> Thank you,
SA uses zen by default, although it reports each list that is reported
by zen as a
On Mon, 31 May 2010, Dhaval Soni wrote:
I have installed MailScanner - 4.79 v with sendmail, spamassassin and
clamav on CentOS. I have also enabled "Spam List" from MailScanner.conf
and using spamhaus-ZEN for the same. So is it possible to give scoring
of those emails which listed i
Dear All,
I have installed MailScanner - 4.79 v with sendmail, spamassassin and clamav
on CentOS. I have also enabled "Spam List" from MailScanner.conf and using
spamhaus-ZEN for the same. So is it possible to give scoring of those emails
which listed in the same ( spamhaus-ZEN )? If ye
On Wed, June 24, 2009 14:48, Matus UHLAR - fantomas wrote:
> On 24.06.09 14:39, Benny Pedersen wrote:
>> X-crabtree-dweezil-us-MailScanner-SpamCheck: spam, SpamAssassin (not
>> cached,
>> score=30.667, required 5, autolearn=spam, AWL -1.67, BAYES_50 0.00,
>> CRM114_PROB_SPAM 0.50, CTYME_
On 24.06.09 14:39, Benny Pedersen wrote:
> X-crabtree-dweezil-us-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> score=30.667, required 5, autolearn=spam, AWL -1.67, BAYES_50 0.00,
> CRM114_PROB_SPAM 0.50, CTYME_IXHASH 2.50, FH_RELAY_NODNS 1.45,
> GENERIC_IXHASH 2.50, KAM_ST
X-crabtree-dweezil-us-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=30.667, required 5, autolearn=spam, AWL -1.67, BAYES_50 0.00,
CRM114_PROB_SPAM 0.50, CTYME_IXHASH 2.50, FH_RELAY_NODNS 1.45,
GENERIC_IXHASH 2.50, KAM_STOCKGEN 1.50, KARMA_CONNECT_NEGATIVE 2.00,
R
> > Is the Day Old Bread list a reliable list. I found that their DNS times
> > out a lot of times.
When DOB turned sour last year, I switched to Blaine Fleming's
spameatingmonkey.net. The list is accessible through rsync
and needs to be fed as a zone file to a local DNS.
Contact Blaine for rsync
ld Bread list a reliable list. I found that their DNS times
> out a lot of times.
I'm not to sure how reliable DOB is either, as I just warned them today
that they had aarp.org listed. They finally removed it, but that domain
name was clearly not a recently registered domain:
Created
On Mon, 2009-06-15 at 15:35 +1000, Con Tassios wrote:
> On Mon, 15 Jun 2009, Chip M. wrote:
>
> > DOB ("Day Old Bread") had the same problem last year:
> > http://mail-archives.apache.org/mod_mbox/spamassassin-users/200810.mbox/%3cva.33f1.14690...@news.conactive.com%3e
> >
> > With software b
On Mon, 15 Jun 2009, Chip M. wrote:
> DOB ("Day Old Bread") had the same problem last year:
> http://mail-archives.apache.org/mod_mbox/spamassassin-users/200810.mbox/%3cva.33f1.14690...@news.conactive.com%3e
>
> With software bugs, lightning often DOES strike twice in the same
> spot. :)
I'm
DOB ("Day Old Bread") had the same problem last year:
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200810.mbox/%3cva.33f1.14690...@news.conactive.com%3e
With software bugs, lightning often DOES strike twice in the same
spot. :)
- "Chip"
Yet Another Ninja a écrit :
> On 6/14/2009 10:48 PM, Justin Mason wrote:
>> http://log.perl.org/2009/06/email-issues-org-blocked-now-fixed.html
>>
>> anyone know what URIBL provider this was?
>>
>> --j.
>
> Wouldn't we all have noticed if this would have been the case?
not if they use some unknow
Hi!
http://log.perl.org/2009/06/email-issues-org-blocked-now-fixed.html
anyone know what URIBL provider this was?
Wouldn't we all have noticed if this would have been the case?
Doesnt ring a bell here either, best to ask the guys who posted that?
Bye,
Raymond.
On 6/14/2009 10:48 PM, Justin Mason wrote:
http://log.perl.org/2009/06/email-issues-org-blocked-now-fixed.html
anyone know what URIBL provider this was?
--j.
Wouldn't we all have noticed if this would have been the case?
http://log.perl.org/2009/06/email-issues-org-blocked-now-fixed.html
anyone know what URIBL provider this was?
--j.
Original Message
From: "mouss" <[EMAIL PROTECTED]>
To: "John Hardin" <[EMAIL PROTECTED]>
Cc: "Lars Ebeling" <[EMAIL PROTECTED]>;
Sent: Saturday, November 29, 2008 8:26
PM Subject: Re: Help I am listed on blacklists
John Hardin a
>>
>> On Sat, 29 Nov 2008, Lars Ebeling wrote:
>>
>> > Dear all
>> >
>> > Could someone advice me.
>> > I am listed on dun.dnsrbl.net and spam.dnsrbl.net
>> >
>> > How to get off the lists?
John Hardin wrote:
>&
John Hardin a écrit :
> On Sat, 29 Nov 2008, Lars Ebeling wrote:
>
>> Dear all
>>
>> Could someone advice me.
>> I am listed on dun.dnsrbl.net and spam.dnsrbl.net
>>
>> How to get off the lists?
>
> Both those lists are dead (since mid-2005?
Lars Ebeling a écrit :
> Dear all
>
> Could someone advice me.
> I am listed on dun.dnsrbl.net and spam.dnsrbl.net
>
everybody is listed there, even mister "Luke Al. Host":
$ host 1.0.0.127.spam.dnsrbl.net
1.0.0.127.spam.dnsrbl.net has address 127.0.0.1
you can also
On Sat, 29 Nov 2008, Lars Ebeling wrote:
Dear all
Could someone advice me.
I am listed on dun.dnsrbl.net and spam.dnsrbl.net
How to get off the lists?
Both those lists are dead (since mid-2005?) and appear to be returning
127.0.0.1 for all queries. How did you determine you were listed
Dear all
Could someone advice me.
I am listed on dun.dnsrbl.net and spam.dnsrbl.net
How to get off the lists?
--
Regards
Lars Ebeling
http://leopg9.no-ip.org
Hobbithobbyist
"I am not young enough to know everything."
-- Oscar Wilde
s and by our network traffic monitor) listed as the largest
> source of mail in the columbia.edu domain-- all because a spammer was
> pretending his mail originated at it, by a faked Received header. This
> went on for about a year, and we complained a few times, and they did
> not fix it.
Try using senderbase:
http://www.senderbase.org
Not as accurate as it would appear. They list faked Received headers.
We had a host at columbia.edu that did not send any mail (confirmed by
its own logs and by our network traffic monitor) listed as the largest
source of mail in the
ns exactly? did they pay someone to kill
you? if so, I know places where you can get safe, provided you have
enough money :)
no, you're not listed in "reasonable" DNSBLs. so the "insurance
providers" may be using their own lists and/or checks, or they may be
using trend
> -Original Message-
> From: Jean-Paul Natola [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 23, 2008 7:22 PM
> To: users@spamassassin.apache.org
> Subject: OT: listed
>
> Hi all,
>
> We have been having problems for a couple of days emailing some our
&g
ubject: OT: listed
Hi all,
We have been having problems for a couple of days emailing some our
insurance providers- I then emailed them from a hotmail account and it went
through- how can I see if we've been blacklisted
68.167.21.154
Thanks,
jp
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jean-Paul Natola schrieb:
| through- how can I see if we've been blacklisted
|
| 68.167.21.154
http://www.robtex.com/rbl/68.167.21.154.html is a good start. You don't
seem to be (publicly) blacklisted.
- -- Matthias
-BEGIN PGP SIGNATURE-
Hi all,
We have been having problems for a couple of days emailing some our
insurance providers- I then emailed them from a hotmail account and it went
through- how can I see if we've been blacklisted
68.167.21.154
Thanks,
jp
Johnny Stork <[EMAIL PROTECTED]> wrote:
For now I would like to try and
determine why they keep getting listed on spamhaus.
Go to www.spamhaus.org, click on the unfortunately named link
"Remove IP Address", which actually lets you _look up_ an IP address,
and from there yo
At 08:47 14-04-2008, Johnny Stork wrote:
I have a client running a plesk/qmail hosting service who is having
some trouble with getting their shared ip listed on spamhaus. I
believe they are already running SA in some capacity. I am also
looking into various solutions to suggest to them
I have a client running a plesk/qmail hosting service who is having some
trouble with getting their shared ip listed on spamhaus. I believe they
are already running SA in some capacity. I am also looking into various
solutions to suggest to them, possibly including mailscanner if it can
be
Michael Scheidell escreveu:
hotmail changes their servers like boy george changes eye liner.
unless you keep up with them, you will get FP's
If you can't upgrade, set score to 0.
I'm running spamassassin 3.1.7 and use sa-update, but upgrade is not
possible for now ...
So, I will score FORG
Rejaine Monteiro wrote:
But, I not agree with the " 2.3 FORGED_HOTMAIL_RCVD" score, because
the message come from Hotmail...
to to bugzilla for spamassassin. fill out a report for
forged_hotmail_rcvd (posting to SA list won't help any)
If you are NOT running SA 3.2.4, upgrade. if you ar
Michael Scheidell escreveu:
'However, interestingly enough, you have FORGED_HOTMAIL_RCVD. Did someone
send an email from non hotmail source using a hotmail email address?
No, the message was send from hotmail site (www.hotmail.com)
And, interestingly enough, SCREAMED AT YOU IN THE SUBJ
Sorry,
The original subject was "TESTE_CAXIAS" (in portuguese language and all
capitals)
Rejaine Monteiro escreveu:
Here is...
===
Received: from bay0-omc2-s37.bay0.hotmail.com (65.54.246.173)
by myserver.mydomain with SMTP; 24 Feb 2008 20:34:41 -0300
Receiv
Here is...
===
Received: from bay0-omc2-s37.bay0.hotmail.com (65.54.246.173)
by myserver.mydomain with SMTP; 24 Feb 2008 20:34:41 -0300
Received-SPF: pass (myserver.mydomain: SPF record at spf-a.hotmail.com
designates 65.54.246.173 as permitted sender)
Received: from BAY136
'hotmail' isn't listed in DCC.
DCC only scored on fuzy checksums on the body and portions of the headers.
Also, DCC is NOT a 100% 'spam score'. DCC is a 'bulk email' score.
Even well run technical mailing list emails are SUPPOSED to score high with
DCC. (its
we would need to see the full headers.
Regards,
--
--[ UxBoD ]--
// PGP Key: "curl -s http://www.splatnix.net/uxbod.asc | gpg --import"
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869 2749 SIP Phone: [EMAI
e name
2.2 DCC_CHECK Listed in DCC
(http://rhyolite.com/anti-spam/dcc/)
This FORGED_HOTMAIL_RCVD and DCC_CHECK are false positive???
st to be a list of domains, hosts, and
IP addresses used exclusively by companies that spam.
---
Note that's not "companies that exclusively spam". If Will's gotten UBE
(and possibly just UE, no bulk required) of any sort from your domain,
you're listed. Ho
mouss wrote:
Matt Kettler wrote:
Dale's Stuff wrote:
Hello,
Trying to figure out what the criteria is for getting a domain
listed in sa-blacklist.current, and more importantly how to be
de-listed.
List: AFAIK, you only need to be the From: address on spam sent to
one of Will St
Jeff Chan wrote:
Quoting Per Jessen <[EMAIL PROTECTED]>:
Matt Kettler wrote:
For some reason one of my domains has all of a sudden been listed in
the above listed db. Which is rather ironic since there are only 3
active accounts at this domain. 1 used for a couple of mailing li
Matt Kettler wrote:
Dale's Stuff wrote:
Hello,
Trying to figure out what the criteria is for getting a domain listed
in sa-blacklist.current, and more importantly how to be de-listed.
List: AFAIK, you only need to be the From: address on spam sent to one
of Will Stern's spamtra
Jeff Chan wrote:
> Quoting Per Jessen <[EMAIL PROTECTED]>:
>> I don't use it, but it could very easily be turned into an rbldnsd
>> format list - I'm surprised nobody's done that yet. (assuming
>> there's some actual use for the list).
>
> sa-blacklist is the basis of ws.surbl.org:
>
>http:
Also, the sa-blacklist inclusion policy is at:
http://www.stearns.org/sa-blacklist/README.policy
Jeff C.
Quoting Per Jessen <[EMAIL PROTECTED]>:
Matt Kettler wrote:
For some reason one of my domains has all of a sudden been listed in
the above listed db. Which is rather ironic since there are only 3
active accounts at this domain. 1 used for a couple of mailing lists,
1 - postmaster (i
1 - 100 of 226 matches
Mail list logo
