Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

On Tue, 22 Jul 2014 13:30:13 -0800 Kevin Miller wrote: > I guess catting the output of the ldap > query onto the access table and hash it once a night would be just as > easy. I'll give that test. Another option, since you're running Sendmail, is to use a milter such as MIMEDefang and do a real

RE: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

ssage- From: Kevin A. McGrail [mailto:kmcgr...@pccc.com] Sent: Tuesday, July 22, 2014 12:01 PM To: Kevin Miller; users@spamassassin.apache.org Subject: Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued)) On 7/22/2014 3:54 PM, Kevin Miller wrote: > Resurrec

Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

On 7/22/2014 3:54 PM, Kevin Miller wrote: Resurrecting an old thread here. We're finally migrating to Exchange 2013, and I have a script that will extract email addresses from ldap, but when looking at the virtualuser table it seems that it's used to map one address to another. The script pu

RE: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

amassassin.apache.org Subject: Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued)) Just be aware that Microsoft's "standard" is to use LDAP queries to the AD. Every major commercial antispam product does this and you will save yourself a lot of work

Re: one word spam (still trying...)

Marcio Humpris skrev den 2013-11-25 23:26: I imagine I have to do this, correct? rawbody __RB_GT_200 /^.{201}/s meta__RB_LE_200 !__RB_GT_200 score __RB_LE_200 1.5 nope rules beginning with __ cant score for spamtests meta RB_LE_200 (__RB_LE_200) describe RB_LE_200 Meta: less then

Re: one word spam (still trying...)

On Mon, 2013-11-25 at 22:26 +, Marcio Humpris wrote: > Dear Karsten, > Really appreciate it. Thanks John Hardin also. > Can you kindly tell me how I can add this to my local.cf so I can test it? > I imagine I have to do this, correct? > > rawbody __RB_GT_200 /^.{201}/s > meta__RB_LE

Re: one word spam (still trying...)

Dear Karsten, Really appreciate it. Thanks John Hardin also. There was no original rule actually. And yes, 2 words in the case, sorry. Can you kindly tell me how I can add this to my local.cf so I can test it? rawbody __RB_GT_200 /^.{201}/s meta__RB_LE_200 !__RB_GT_200 I imagine I ha

Re: one word spam (still trying...)

On Thu, 2013-11-07 at 21:01 -0200, Marcio Humpris wrote: > This didnt work for me also: > > /^\s{0,80}\S{1,20}\s{0,80}$/ That RE matches a complete line with a single "word" (anything but whitespace) of up to 20 chars, and optional whitespace \s before and after the word. > Heres the origi

Re: one word spam (still trying...)

On Thu, 7 Nov 2013, Marcio Humpris wrote: Hi, John This didnt work for me also: /^\s{0,80}\S{1,20}\s{0,80}$/ can you kindly check it works here? http://www.softlion.com/webTools/RegExpTest/default.aspx The slashes at the ends should be removed if you're testing the RE with that tool.

one word spam (still trying...)

Hi, John This didnt work for me also: /^\s{0,80}\S{1,20}\s{0,80}$/ can you kindly check it works here? http://www.softlion.com/webTools/RegExpTest/default.aspx Heres the original email I want to block: http://pastebin.com/download.php?i=0D7tfsjf Thank you!

Re: one word spam part 3

On Mon, 28 Oct 2013 19:45:31 -0200 Marcio Humpris wrote: > Also, please, sorry for the off topic, but if someone can explain, how > can I reply to a certain post when Im in digest mode and dont receive > each email in the list system individually? It depends on what's supported by your mail clie

Re: one word spam part 3

On Mon, 28 Oct 2013, Marcio Humpris wrote: Hi everyone Martin, I tried /\s{0,80}\S{1,20}\s{0,80}/ but it didnt work for me. That RE is not anchored so it will match on any line that has at least one non-space character in it. You need to anchor the beginning and ending of the line explici

one word spam part 3

Hi everyone Martin, I tried /\s{0,80}\S{1,20}\s{0,80}/ but it didnt work for me. if you can kindly confirm it works here, i appreciate it: http://www.softlion.com/webTools/RegExpTest/default.aspx Also, please, sorry for the off topic, but if someone can explain, how can I reply to a certain po

Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

On 17/10/13 09:03, Kevin A. McGrail wrote: > We've done similar real time checks using Sendmail but seen this > actually bring down Exchange Servers (more like bringing it to its > knees from a resource perspective than actually crashing it) from the > LDAP queries associated with these type of is

Re: one word spam (continued)

On Wed, 16 Oct 2013, Martin Gregorie wrote: On Wed, 2013-10-16 at 11:47 -0400, Bowie Bailey wrote: I'm not quite sure what you were intending to match. On more mature reflection, neither am I! I should have said: /^\s{0,80}\S{0,20}\s{0,80}$/ ...which matches /^$/, or any message having a

Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

On 10/16/2013 3:46 PM, David F. Skoll wrote: On Wed, 16 Oct 2013 15:41:04 -0400 "Kevin A. McGrail" wrote: So in the beginning for our issue, our firm implemented something similar and it's documented at http://www.pccc.com/downloads/ldap/ thanks primarily to Brian Landers and his work. This

Re: one word spam (continued)

On Wed, 2013-10-16 at 11:47 -0400, Bowie Bailey wrote: > I'm not quite sure what you were intending to match. > On more mature reflection, neither am I! I should have said: /^\s{0,80}\S{0,20}\s{0,80}$/ which should catch messages of 20 characters or less. I was in a hurry (quite a bit of C to w

Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

On Wed, 16 Oct 2013 15:41:04 -0400 "Kevin A. McGrail" wrote: > So in the beginning for our issue, our firm implemented something > similar and it's documented at http://www.pccc.com/downloads/ldap/ > thanks primarily to Brian Landers and his > work. This is a nice solution that uses LDAP an

Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

On 10/16/2013 2:27 PM, David F. Skoll wrote: I think this is a deliberate strategy on the part of Microsoft. I think they're making Exchange so complicated and such a PITA that people give up and go to the cloud, ideally to Office 365. For many small companies, going to the cloud probably makes

Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

"David F. Skoll" 10/16/13 2:32 PM >>> >. . . .as long as they don't mind >paying extra and don't mind the NSA having access to their email. :) > >Regards, > >David. Of course you mean "easier access" . . . ? joe a.

Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

On Wed, 16 Oct 2013 10:52:08 -0700 Ted Mittelstaedt wrote: > Just be aware that Microsoft's "standard" is to use LDAP queries to > the AD. True, and we support that. But not everyone wants to open up their LDAP to the outside world, even to a few outside IPs. Furthermore, if you use Office 365

Re: Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

Just be aware that Microsoft's "standard" is to use LDAP queries to the AD. Every major commercial antispam product does this and you will save yourself a lot of work later when MS changes the next version of Exchange to not support the 2525 hack. (which they could easily do) if you do it that

Re: one word spam (continued)

On 10/16/2013 9:42 AM, David F. Skoll wrote: On 16 Oct 2013 09:15:07 -0700 "Neil Schwartzman" wrote: List verification. Many receiving sites will block after X bounces, clean up your you mean "their" list list from 550s, and spam the real thing from another botted IP. And you know who

Exchange 2013 and rejection of invalid RCPTs (was Re: one word spam (continued))

On Wed, 16 Oct 2013 09:21:46 -0800 Kevin Miller wrote: > So if I'm reading this right, milters such as smf-sav or milter-ahead > will no longer be of any use? You are reading it correctly. On our anti-spam service, we require some sort of recipient validation so we don't go insane scanning mess

Re: one word spam (continued)

lto:axb.li...@gmail.com] Sent: Wednesday, October 16, 2013 9:18 AM To: users@spamassassin.apache.org Subject: Re: one word spam (continued) On 10/16/2013 06:42 PM, David F. Skoll wrote: On 16 Oct 2013 09:15:07 -0700 "Neil Schwartzman" wrote: List verification. Many receiving sites will block af

RE: one word spam (continued)

07357 -Original Message- From: Axb [mailto:axb.li...@gmail.com] Sent: Wednesday, October 16, 2013 9:18 AM To: users@spamassassin.apache.org Subject: Re: one word spam (continued) On 10/16/2013 06:42 PM, David F. Skoll wrote: > On 16 Oct 2013 09:15:07 -0700 > "Neil Schwartzman&qu

Re: one word spam (continued)

On 10/16/2013 06:42 PM, David F. Skoll wrote: On 16 Oct 2013 09:15:07 -0700 "Neil Schwartzman" wrote: List verification. Many receiving sites will block after X bounces, clean up your list from 550s, and spam the real thing from another botted IP. And you know who we can thank [sic] for thi

Re: one word spam (continued)

On 16 Oct 2013 09:15:07 -0700 "Neil Schwartzman" wrote: > List verification. Many receiving sites will block after X bounces, > clean up your list from 550s, and spam the real thing from another > botted IP. And you know who we can thank [sic] for this mechanism of list verification? Microsoft

Re: one word spam (continued)

arcio Humpris wrote: >>> Hi everyone >>> >>> If I use digest mode how do I reply to a specific mail? >>> >>> In reply to axb... >>> >>> about one word spam >>> http://mail-archives.apache.org/mod_mbox/spamassassin-users/201308.mb

Re: one word spam (continued)

On 10/16/2013 04:58 PM, Marcio Humpris wrote: In reply to axb... about one word spam http://mail-archives.apache.org/mod_mbox/spamassassin-users/201308.mbox/browser here is the sample http://pastebin.com/download.php?i=0D7tfsjf Can you help with some regex pls? This has two words :) and no

Re: one word spam (continued)

On 10/16/2013 11:33 AM, Martin Gregorie wrote: On Wed, 2013-10-16 at 11:58 -0300, Marcio Humpris wrote: Hi everyone If I use digest mode how do I reply to a specific mail? In reply to axb... about one word spam http://mail-archives.apache.org/mod_mbox/spamassassin-users/201308.mbox/browser

Re: one word spam (continued)

On Wed, 2013-10-16 at 11:58 -0300, Marcio Humpris wrote: > Hi everyone > > If I use digest mode how do I reply to a specific mail? > > In reply to axb... > > about one word spam > http://mail-archives.apache.org/mod_mbox/spamassassin-users/201308.mbox/browser >

Re: one word spam (continued)

mail? In reply to axb... about one word spam http://mail-archives.apache.org/mod_mbox/spamassassin-users/201308.mbox/browser here is the sample http://pastebin.com/download.php?i=0D7tfsjf Can you help with some regex pls? Not one work is it? However, this catches it: /\s{0,80}\S{1,20}\s{0,80

one word spam (continued)

Hi everyone If I use digest mode how do I reply to a specific mail? In reply to axb... about one word spam http://mail-archives.apache.org/mod_mbox/spamassassin-users/201308.mbox/browser here is the sample http://pastebin.com/download.php?i=0D7tfsjf Can you help with some regex pls? Tks

Re: one word spam

!-- On Sat 24.Aug'13 at 0:40:26 BST, Marcio Humpris (marciohump...@gmail.com), wrote: > please, i know its been talked about before, but isnt there a rule to deal > with 1 word spams? > > spams that just have text "Hi!" and thats it. It's unlikely, imo, that emails with just hi! will be spam.

Re: one word spam

On 08/27/2013 03:27 PM, Marcio Humpris wrote: Someone please? 2013/8/23 Marcio Humpris please, i know its been talked about before, but isnt there a rule to deal with 1 word spams? spams that just have text "Hi!" and thats it. If not, if someone can pls advise on a regex to catch this. p

Re: one word spam

On Tue, 27 Aug 2013, Marcio Humpris wrote: Someone please? I thought I'd replied to this... There's really no easy way to do this because the Subject: header is included in the text the body rules scan, so any rule looking for the absence of word breaks would be defeated by a multiple-work

Re: one word spam

27.08.2013 16:27, Marcio Humpris kirjoitti: > Someone please? > > > 2013/8/23 Marcio Humpris > > > please, i know its been talked about before, but isnt there a rule > to deal with 1 word spams? > > spams that just have text "Hi!" and thats it. > > I

Re: one word spam

Someone please? 2013/8/23 Marcio Humpris > please, i know its been talked about before, but isnt there a rule to deal > with 1 word spams? > > spams that just have text "Hi!" and thats it. > > If not, if someone can pls advise on a regex to catch this. > > Thank you. >

one word spam

please, i know its been talked about before, but isnt there a rule to deal with 1 word spams? spams that just have text "Hi!" and thats it. If not, if someone can pls advise on a regex to catch this. Thank you.

Re: One word spam

On 4/25/2007 1:08 AM, Marc Perkel wrote: I'm seeing a lot of one words spam. I'm guessing they are probing for capabilities. Is anyone else seeing this? If so - what do you know about it? more probably spammy borked templates

Re: One word spam

--- Luis Hernán Otegui <[EMAIL PROTECTED]> wrote: > As I recall, this has been discussed earlier on the list. It seems > like > spammers are "fishing" for valid addresses Not lately, but I have > seen > this kind of spam a lot two months ago or so... > > Luix > > 2007/4/24, Marc Perkel <[EM

Re: One word spam

As I recall, this has been discussed earlier on the list. It seems like spammers are "fishing" for valid addresses Not lately, but I have seen this kind of spam a lot two months ago or so... Luix 2007/4/24, Marc Perkel <[EMAIL PROTECTED]>: I'm seeing a lot of one words spam. I'm guessing

One word spam

I'm seeing a lot of one words spam. I'm guessing they are probing for capabilities. Is anyone else seeing this? If so - what do you know about it?