> SURBLs on the other hand have mostly domain names with a few IPs.
> Whatever appears in URI host portions is what goes into SURBLs.
> Usually URIs have domain names so that's what most of the SURBL
> records are.
Jeff, the OP (or someone) had an interesting idea, I thought.
It was basically "th
On Friday 03 June 2005 08:10, Loren Wilton typed:
> It was basically "the spammer makes a zillion new domains, and they all
> take time to get into SURBL, so some spam gets through. But they all point
> to the same dotted quad, and I can match on that lookup".
>
> If that statement is true, perhap
--On Friday, June 03, 2005 7:20 AM +0300 Nabil Sabry
<[EMAIL PROTECTED]> wrote:
I have been recently added to this tool.
BOTH the IT team and the ISP claim they know nothing about it!
Is there any means to know who added me?
Check the entire message, including all the headers. There should b
On Friday, June 3, 2005, 12:33:26 AM, Duncan Hill wrote:
> On Friday 03 June 2005 08:10, Loren Wilton typed:
>> It was basically "the spammer makes a zillion new domains, and they all
>> take time to get into SURBL, so some spam gets through. But they all point
>> to the same dotted quad, and I ca
[EMAIL PROTECTED] wrote:
can i whitelisting a host?
If yes, how can i do this ?
This is probably better done in your MTA or Procmail file, but something
like this should suffice.
whitelist_from_rcvd [EMAIL PROTECTED] host.tld
Replace host.tld with the actual hostname of the server you wish
>> If that statement is true, perhaps the surbl lists could automatically
>> include the dotquads for hosts that are known to be pure spam
>> sources and
>> not mixed systems. Then the client could get the ip for a suspect hostname
>> and see if it matched a known spam dotquad.
> I'd swe
On Fri, Jun 03, 2005 at 07:20:36AM +0300, Nabil Sabry wrote:
> Dear all,
> I have been recently added to this tool.
> BOTH the IT team and the ISP claim they know nothing about it!
> Is there any means to know who added me?
> regards
> nabil
>
Some like a harbester wanting to cause trouble.
--
Hello,
I am running a couple stats scripts that output info every day. Does anyone
have a script that ( or know of one ) that will dump the info in a mysql
database for later processing?
TIA
:-)> Mike
MIKE YRABEDRA wrote:
Hello,
I am running a couple stats scripts that output info every day. Does anyone
have a script that ( or know of one ) that will dump the info in a mysql
database for later processing?
I don't know what format you are doing the output in, but I have a
script that I u
Hi,
I've recently started getting spams that contain as a body the exact
same string as the subject and one URI underneath.
Is there any way to carry the result of one match forward to another?
Regs,
Sven
someone had posted here about a month back a neat (albeit long) one line
command he was running
to yank spams from an excachange public folder to feed to sa-learn. I
believe he referred to
a wiki article describing it in detail. I am having much difficulty
locating that article. Can
someone her
At 12:20 AM 6/3/2005, Nabil Sabry wrote:
Dear all,
I have been recently added to this tool.
BOTH the IT team and the ISP claim they know nothing about it!
Is there any means to know who added me?
regards
nabil
Look at the X-Spam-Checker-Version headers in your messages, they should
tell you w
At 08:17 AM 6/3/2005, Sven Riedel wrote:
I've recently started getting spams that contain as a body the exact
same string as the subject and one URI underneath.
Is there any way to carry the result of one match forward to another?
That's tricky, but you might be able to use the fact that SA tr
> Subject: sa-learn ldap to exchange?
>
I am sorry. No more posts before coffee.
I had my acronyms confused. IMAP, not LDAP
big difference! Not surprisingly, I can now find
the 'fetchmail' article in question.
http://wiki.apache.org/spamassassin/RemoteImapFolder
Mike S
At 02:16 AM 6/3/2005, [EMAIL PROTECTED] wrote:
Hi,
can i whitelisting a host?
If yes, how can i do this ?
One trick I've seen used is to (ab)?use whitelist_from_rcvd for this:
whitelist_from_rcvd [EMAIL PROTECTED] somehost.example.com
Why would someone (for example, mailto:[EMAIL PROTECTED] )
signup to an eMail list ... and then require authentication?
Just curious ...
IMO, if you don't want eMail, don't signup to an active eMail list.
Message With Full Headers
From: - Tue May 31 07:28:42 2005
X-UIDL: 11175
I'm definitely interested in such a script.
Thanks,
Kris
-Original Message-
From: Kevin Peuhkurinen [mailto:[EMAIL PROTECTED]
Sent: Friday, June 03, 2005 6:37 AM
To: users@spamassassin.apache.org
Subject: Re: Dump stats into mysql?
MIKE YRABEDRA wrote:
>Hello,
>
>I am running a couple
On Friday 03 June 2005 00:41, Codger wrote:
>Hmmm. You mistake Verizon for someone who gives a care I think.
>
Thats the impression I'm getting, except I would state it a bit more
correct as opposed to PC. The only real way is to speak with your
checkbook, its the only thing they understand. Un
From: "Gene Heskett" <[EMAIL PROTECTED]>
> On Friday 03 June 2005 00:41, Codger wrote:
> >Hmmm. You mistake Verizon for someone who gives a care I think.
> >
> Thats the impression I'm getting, except I would state it a bit more
> correct as opposed to PC. The only real way is to speak with you
On Thu, Jun 02, 2005 at 11:40:39AM -0700, Justin Mason wrote:
> can you repro this reliably? if so, output from -D and/or an "strace
> - -f -p $spamdpid" would be helpful.
>From top:
28702 nobody25 0 781m 714m 1796 R 99.9 35.5 4:11.72 spamd
That's the "runaway process."
# strace -f -p
> Hmmm. You mistake Verizon for someone who gives a care I think.
>
> (Indeed this list will get this reply but most assuredly since
> Verizon chooses to blacklist everyone outside Verizon as a solution
> to spam.)
Still funny that Verizon, because I see them as one of the most active
spammers them
>-Original Message-
>From: Michele Neylon :: Blacknight Solutions
>[mailto:[EMAIL PROTECTED]
>Sent: Tuesday, May 31, 2005 5:05 AM
>To: 'Jeff Chan'; 'SURBL Discussion list'; 'SpamAssassin Users'
>Subject: RE: [SURBL-Discuss] Blogger attacks SURBL
>
>
>[EMAIL PROTECTED] wrote:
>> Pardon the
>-Original Message-
>From: Sven Riedel [mailto:[EMAIL PROTECTED]
>Sent: Friday, June 03, 2005 8:18 AM
>To: users@spamassassin.apache.org
>Subject: Comparing subject and body?
>
>
>Hi,
>
>I've recently started getting spams that contain as a body the exact
>same string as the subject and
On Friday 03 June 2005 10:01, jdow wrote:
>From: "Gene Heskett" <[EMAIL PROTECTED]>
>
>> On Friday 03 June 2005 00:41, Codger wrote:
>> >Hmmm. You mistake Verizon for someone who gives a care I think.
>>
>> Thats the impression I'm getting, except I would state it a bit
>> more correct as opposed t
>-Original Message-
>From: Loren Wilton [mailto:[EMAIL PROTECTED]
>Sent: Friday, June 03, 2005 6:47 AM
>To: Duncan Hill; users@spamassassin.apache.org
>Subject: Re: Is Bayes Really Necessary?
>
>
>>> If that statement is true, perhaps the surbl lists could
>automatically
>>> include the
>...
>
>On Friday, June 3, 2005, 12:33:26 AM, Duncan Hill wrote:
>> On Friday 03 June 2005 08:10, Loren Wilton typed:
>>> It was basically "the spammer makes a zillion new domains, and they all
>>> take time to get into SURBL, so some spam gets through. But they all point
>>> to the same dotted qu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthew Daubenspeck wrote:
>On Thu, Jun 02, 2005 at 11:40:39AM -0700, Justin Mason wrote:
>
>>can you repro this reliably? if so, output from -D and/or an "strace
>>- -f -p $spamdpid" would be helpful.
>
>
>>From top:
>
>28702 nobody 25 0 781m 714m 17
List Mail User wrote:
And adding a URI rule for the completewhois list (basically the same
function as the no longer existing ipwhois.rfc-ignorant.org list) will hit
yet more name servers and spammer IPs with slightly fewer FPs (no issue with
escalations). The list is: combined-HIB.dnsi
>...
>
>At 08:17 AM 6/3/2005, Sven Riedel wrote:
>>I've recently started getting spams that contain as a body the exact
>>same string as the subject and one URI underneath.
>>
>>Is there any way to carry the result of one match forward to another?
>
>That's tricky, but you might be able to use the
Martin G. Diehl wrote:
> Why would someone (for example, mailto:[EMAIL PROTECTED] )
> signup to an eMail list ... and then require authentication?
>
> Just curious ...
>
Because it's easier to make mistakes than it is to make it work.
My guess is pn-systeme.de recently decided to require authen
How do I check that
an incoming email has a valid i.p.?
thanks
E-mail correspondence to and from this address may be subject to the
North Carolina Public Records Law and may be disclosed to third parties by an
authorized county official. If you have received this communication in
error , p
Thomas Deaton wrote:
How do I check that an incoming email has a valid i.p.?
thanks
Hi,
If it's not a valid IP then how does it get to your server ?
Rick
On 6/3/2005 8:31 PM +0200, Thomas Deaton wrote:
How do I check that an incoming email has a valid i.p.?
What is a valid ip ?
Niek Baakman
I mean the people are not who they say they are... take the latest Ebay "click
here" spam, for instance. The "click here" gets you a virus, but the sender is
not from Ebay... he just looks like he is.. sorry if I'm not making more sense.
-Original Message-
From: Rick Macdougall [mailto:[
On 6/3/2005 8:37 PM +0200, Thomas Deaton wrote:
I mean the people are not who they say they are... take the latest Ebay "click here"
spam, for instance. The "click here" gets you a virus, but the sender is not from Ebay...
he just looks like he is.. sorry if I'm not making more sense.
spf
Ni
* Stuart Johnston <[EMAIL PROTECTED]> [20050603 11:09]:
> >Is there any straightforward way to backport some of this goodness to
> >3.0.x? I don't mind running the development snapshots at home but at
> >work I have to answer to a couple thousand users...
>
>
Thomas Deaton wrote:
> I mean the people are not who they say they are... take the latest Ebay
> "click here" spam, for instance. The "click here" gets you a virus, but the
> sender is not from Ebay... he just looks like he is.. sorry if I'm not making
> more sense.
>
Ahh, you don't want to va
Ben Poliakoff wrote:
So I've noticed that the URIDNSBL.pm in the 3.1 snapshots seems to
recognize obfuscated URIs much better than in 3.0.x.
In other words I was looking at a message that my relatively well
maintained 3.0.3 installation didn't catch. Then I tried running the
same message thr
On Jun 2, 2005, at 8:27 PM, Matt Kettler wrote:
If one's wrong, they are ALL wrong.
SA's rule scores are evolved based on a real-world test of a
hand-sorted corpus of fresh spam and ham. The whole scoreset is
evolved simultaneously to optimize the placement pattern.
Of course, one thing that
Rick Macdougall wrote:
>
>
> Thomas Deaton wrote:
>
>> How do I check that an incoming email has a valid i.p.?
>>
>> thanks
>
>
> Hi,
>
> If it's not a valid IP then how does it get to your server ?
Tcp blind spoofing attack? This is not exactly a workable option for most
attackers in tr
On Friday, June 3, 2005, 3:47:05 AM, Loren Wilton wrote:
>>> If that statement is true, perhaps the surbl lists could automatically
>>> include the dotquads for hosts that are known to be pure spam
>>> sources and
>>> not mixed systems. Then the client could get the ip for a suspect hostn
Kevin Sullivan wrote:
> On Jun 2, 2005, at 8:27 PM, Matt Kettler wrote:
>
>> If one's wrong, they are ALL wrong.
>>
>> SA's rule scores are evolved based on a real-world test of a
>> hand-sorted corpus of fresh spam and ham. The whole scoreset is
>> evolved simultaneously to optimize the placement
From: "Matt Kettler" <[EMAIL PROTECTED]>
Sent: Friday, June 03, 2005 9:30 PM
Kevin Sullivan wrote:
On Jun 2, 2005, at 8:27 PM, Matt Kettler wrote:
If one's wrong, they are ALL wrong.
SA's rule scores are evolved based on a real-world test of a
hand-sorted corpus of fresh spam and ham. The w
> "DBF" == David B Funk writes:
DBF> On Thu, 2 Jun 2005, Jake Colman wrote:
>>
>> I posted this problem last week and was told that it might be due to an
>> SA problem when overwhelmed by too many connections. This problem only
>> occurs when my server has been off-line and
RE: Worst "Establishment" or "Household Name" Pseudo-Spammers
I've noticed that certain particular Fortune 500 (or similar "house-hold"
name) companies send an awful lot of e-mail which I can't imagine was signed
up for. In particular, I see a lot of Overstock and Staples messages sent
frequently
Rob McEwen wrote:
RE: Worst "Establishment" or "Household Name" Pseudo-Spammers
I've noticed that certain particular Fortune 500 (or similar "house-hold"
name) companies send an awful lot of e-mail which I can't imagine was signed
up for. In particular, I see a lot of Overstock and Staples messa
Maurice Lucas wrote:
>
> Now we have to wait for 3.0.4 before there will be any change in the
> static score's
I hate to say it, but 3.0.4 is unlikely to change any scores.
Usually there's a new score set at the beginning of a major release, and one
"tweak" score update somewhere in the middle.
On Apr 13, 2005, at 8:16 PM, Robert Menschel wrote:
And since I haven't seen any specific rule set files, I'll offer my
suggestions there:
Thanks for your list you posted a while back... it has been very
helpful configuring my set of custom rules.
Question: what is your opinion on the SA
Jake Colman <[EMAIL PROTECTED]> wrote on 06/03/2005
02:47:15 PM:
> DBF> If the loadave does -not- go up (due to waiting
for things like DNS
> DBF> queries) then you'll have to manually trigger
the queuing behavior.
> DBF> Edit your sendmail.cf (or .mc) file to add the
'Expensive' flag ("
Hello Rob,
Friday, June 3, 2005, 12:50:26 PM, you wrote:
RM> RE: Worst "Establishment" or "Household Name" Pseudo-Spammers
RM> Any comments on Overstock and Staples?
Lots of emails from Staples, and as far as I can tell every one has
been subscribed for. Never seen any spam from them.
No emai
I'm running spamd on a separate server from postfix. Postfix runs
spamc with this configuration in master.cf:
smtp inet n - y - - smtpd -o
content_filter=spamc
smtp unix - - y - - smtp -o
content_filter=spamc
spamc u
51 matches
Mail list logo
