How to detect this spam..

Hello.. I have received lots of spam mails like below... S B N S.P K IS BLOWING UP ON HEAVY PR CAMPAIGNS! WATCH S B N S.P K TRADE ON TUESDAY OCTOBER 17! So I would like to make a rule to detect spam which use blank for each characters(over 3 characters) like below.. S(blank) B(blank) N(blank

RBL checks not working

I'm having a hard time getting RBL checks to work right. I don't have anything in my local config files regarding RBLs. I'm using SpamAssassin 3.1.5. Here is some debugging output, trimmed for brevity: dbg: generic: SpamAssassin version 3.1.5 dbg: config: score set 0 chosen. dbg: util: running in

Re: RBL checks not working

On Tue, Oct 17, 2006 at 02:33:10AM -0500, Dan Fulbright wrote: > I'm having a hard time getting RBL checks to work right. I don't have > anything in my local config files regarding RBLs. I'm using > SpamAssassin 3.1.5. Here is some debugging output, trimmed for > brevity: Do you have multiple DN

Re: Spamd not killing children

* Chris Lear wrote (16/10/06 10:32): > The problem I'm having is that spamd doesn't seem to be able to clean up > unwanted idle child processes. > [...] I've had a look in the spamd code, and I'm now wondering whether my problem is related to logging bugs (eg http://issues.apache.org/SpamAssassi

Re: false positive on citibank e-mail

Thats the bane of antispam. If there were no FP's spammers would lose their jobs. ( So will we techies managing antispam :-) ) Whitelisting citibank is just too dangerous anyone can forge use def_whitelist_from_spf [EMAIL PROTECTED] Thanks Ram

R: What's with UCEPROTECT List?

> > Well - if they get it wrong and won't fix it and they are causing my > > good emails to bounce for 2500 domains, what am I supposed to do? > Well, Do they in fact "have it wrong"? If their listing criteria > considers sender verification to be "mail abuse", well, you fit their > listing criteri

rulesemporium.com expired

Guys someone forgot to renew the rulesemporium.com name - better get in there quick.. -- Martin Hepworth Senior Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ** This email and any files transmitted with it

RE: false positive on citibank e-mail

Jo Rhett wrote: > I'm sorry, apparently I wasn't technical enough. Yes, I can read. > And > I already opened up and looked at the rule, and I can't figure out why > it failed. Please skip the duh answers. There's enough people on here that need that level of answer, you can't really blame me f

Re: How to disable autolearn for FuzzyOcr?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 16 Oct 2006 15:16:19 -0400 (EDT), Daniel T. Staal wrote: >On Mon, October 16, 2006 3:07 pm, Marc Perkel said: >> What need to be done with messages that are spam is to only learn the >> headers and not the body of the message. What needs to be

RE: ALL_TRUSTED creating a problem

Jo Rhett wrote: > Matt Kettler wrote: > > Jo Rhett wrote: > > > You're still babbling about NAT. I could care less about NAT. > > > All trusted breaks for EVERYONE, and EVERYONE ends up hardcoding > > > trusted_networks because auto detection is completely and utterly > > > broken. > > > > Fine

Re: improving the sa-update process

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 16 Oct 2006 21:56:36 -0400, Daryl C. W. O'Shea wrote: >Jo Rhett wrote: >> Daryl C. W. O'Shea wrote: >>> For now, running an sa-update, then a spamassassin --lint, and then >>> restarting is pretty safe though. >>> sa-update [whatever] && spam

Re: How to detect this spam..

Monty Ree wrote: > Hello.. > > I have received lots of spam mails like below... > > S B N S.P K IS BLOWING UP ON HEAVY PR CAMPAIGNS! > WATCH S B N S.P K TRADE ON TUESDAY OCTOBER 17! > > So I would like to make a rule to detect spam which use blank for each > characters(over 3 characters) like below

Re: ALL_TRUSTED creating a problem

Jo Rhett wrote: > Matt Kettler wrote: >> Jo Rhett wrote: >>> You're still babbling about NAT. I could care less about NAT. All >>> trusted breaks for EVERYONE, and EVERYONE ends up hardcoding >>> trusted_networks because auto detection is completely and utterly >>> broken. >> >> Fine.. We'll ign

Re: How to filter these spam messages

Gary V wrote: uri GEOCITIES /^http:\/\/(..|www)\.geocities\.com\/+.+/i describe GEOCITIES Geocities URL scoreGEOCITIES 3.5 FWIW, if you process large quantities of mail, scoring on just the Geocities URI itself *will* cause a significant number of false positives even at scores as

RE: rulesemporium.com expired

Title: RE: rulesemporium.com expired Trying to get resolved now. Posting it to the SATALK list might not have been the best idea! --Chris > -Original Message- > From: Martin Hepworth [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 17, 2006 6:58 AM > To: SpamAssassin Users > Su

This image is turning frequent..

This type of image spam is getting more common, and is not detected.. At least not here.. -- Anders Norrbring Norrbring Consulting smime.p7s Description: S/MIME Cryptographic Signature

RE: [Sare-users] ImageInfo.pm and config files

>From where do I obtain imageinfo.cf? Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax India: +91 (22) 2530 - 3166 URL: http://www.qualispace.com === For Any

RE: This image is turning frequent..

Title: RE: This image is turning frequent.. > > > This type of image spam is getting more common, and is not > detected.. At > least not here.. A solution is on its way :)  Stay tuned.. Might be end of day. Thanks, Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com

RE: This image is turning frequent..

Even I am getting lot of those. Warm Regards, Suhas System Admin QualiSpace - A QuantumPages Enterprise === Tel India: +91 (22) 6792 - 1480 Tel US: +1 (614) 827 - 1224 Fax India: +91 (22) 2530 - 3166 URL: http://www.qualispace.com === For Any Techni

FORGED_HOTMAIL_RCVD bug??

G'day everyone, I received a legitimate email from Hotmail today, which (I believe) inappropriately triggered the FORGED_HOTMAIL_RCVD rule in my SpamAssassin (version 3.1.5). The email from Hotmail was actually a bounce-back to an email sent by one of my users to a Hotmail address - it was bounc

Re: This image is turning frequent..

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anders Norrbring wrote: > This type of image spam is getting more common, and is not > detected.. At least not here.. Yes, this picture is indeed hard to detect... I'd need a blackbox like Input: Animated gif of any kind Output: NonAnimated gif wh

domainkeys unverified

I just got the domainkeys plugin set up, but it's not working the way I expect. In messages from Yahoo I see: 0.0 DK_SIGNED Domain Keys: message has an unverified signature but I never see DK_VERIFIED Is there something I need to configure? I didn't apply the patch, because I'm assuming it'

Re: This image is turning frequent..

-BEGIN PGP SIGNED MESSAGE- But that is a difficult task considering how many things are possible with the GIF standard. This picture uses offsets and slow frame rates, others use transparency etc. A simple way to block these images would be to scan the GIF for offset frames. I don't think

Re: What's with UCEPROTECT List?

At 20:52 16-10-2006, Marc Perkel wrote: I don't know if other MTAs support sender verification but if they don't they should. It's a very good trick for blocking spam at connect time. It's also a good trick to cause a denial of service. Regards, -sm

Re: R: What's with UCEPROTECT List?

Giampaolo Tomassoni wrote: Well - if they get it wrong and won't fix it and they are causing my good emails to bounce for 2500 domains, what am I supposed to do? Well, Do they in fact "have it wrong"? If their listing criteria considers sender verification to be

Re: What's with UCEPROTECT List?

SM wrote: At 20:52 16-10-2006, Marc Perkel wrote: I don't know if other MTAs support sender verification but if they don't they should. It's a very good trick for blocking spam at connect time. It's also a good trick to cause a denial of service. Regards, -sm Not really. If somene had th

RE: ALL_TRUSTED creating a problem

> > I just wanted to apologize for my pissy attitude. It wasn't you guys, > and you didn't deserve these responses. > > (the rest of this e-mail is off topic, so unless you're bored hit D) > > Some idiot out there keeps sending a hundred megabyte flood against a > customer of a customer. Our n

Re: What's with UCEPROTECT List?

>> I don't know if other MTAs support sender verification but if they >> don't they should. It's a very good trick for blocking spam at connect time. > > It's also a good trick to cause a denial of service. You think so? By my count, my server is transmitting roughly 80 bytes of data (HELO, MAIL

RE: What's with UCEPROTECT List?

> It's also a good trick to cause a denial of service. > > Regards, > -sm > Maybe... under extremely special circumstances, yet more realistically not. Well programmed software can rate limit itself when things look hokey... - rh -- Robert - Abba Communications Computer & Internet Service

Re: What's with UCEPROTECT List?

The way I see it is this. I run a spam filtering company. I'm one of the good guys who are blocking spam. uceprotect.net claims to be a list to block spammers. I have written them several times and even though they know that I am not a spammer they refuse to take me off their spammers list. So

RE: [Sare-users] ImageInfo.pm and config files

On Tue, 17 Oct 2006, Suhas (QualiSpace) wrote: > From: "Suhas (QualiSpace)" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Cc: users@spamassassin.apache.org > Date: Tue, 17 Oct 2006 19:36:53 +0530 > Subject: RE: [Sare-users] ImageInfo.pm and config files > > >From where do I obtain imageinfo.cf?

Re: domainkeys unverified

Chris, > I just got the domainkeys plugin set up, but it's not working the way I > expect. In messages from Yahoo I see: > 0.0 DK_SIGNED Domain Keys: message has an unverified signature > but I never see DK_VERIFIED > Is there something I need to configure? I didn't apply the patch, > because I

Re: Q. about spam directed towards highest MX Record?

Jon Trulson wrote: Hehe, that is an old spammer trick... Our secondary MX is pretty much 100% spam. I implemented greylisting on the secondary which reduced spam through it by about 99% :) The secondary does not do spam scanning, it's simply store and forward. Greylisting really helps in these

Re: Problem with URIBL rules : false positive and not listed while mannually checking

Fabien GARZIANO wrote: And for dns, I'm sorry, I typed it too fast and when I meant no 'dns' i also meant no 'named' process. On mail servers it's usually a good idea to run a local nameserver, even if you have no zone files to publish (e.g., the "caching nameserver" named configuration that

RE: What's with UCEPROTECT List?

> > hat it looks like to me is a way of blacklisting competition to try to > stear business their way. The only way to get off their lists is to pay > them money. It looks more like extortion to me. > Marc After reading their EN website, http://www.uceprotect.net/en/ ...maybe you could be the

R: What's with UCEPROTECT List?

> ...maybe you could be the one to correct their "grammar" as they > put it and > they would bless/pay you by pulling your entry... Ahahah. :) giampaolo > > Yes, I am joking... sort of... > > :-) > > - rh > > -- > Robert - Abba Communications >Computer & Internet Services > (509) 624

Re: What's with UCEPROTECT List?

Matt Kettler wrote: That said, some folks still hate it because you're using some (very little) of their CPU and network to handle your spam. Also, a large number of verifications (say, because someone has been sending lots of spam with forged headers) looks suspiciously like a dictionary att

Script error

Hello everybody.   Today i upgraded spamassassin to last version available (3.1.7). I tried to execute:   /etc/init.d/spamassassin status|restart|stop   and i get the following error message:   spamassassin: spamassassin script is v3.001003, but using modules v3.001007   However, i run spa

Re: This image is turning frequent..

decoder wrote: But that is a difficult task considering how many things are possible with the GIF standard. This picture uses offsets and slow frame rates, others use transparency etc. A simple way to block these images would be to scan the GIF for offset frames. I don't think there is any valid

RE: Scanning aliases for spam

Yes... and here is the answer:   an alias can be a procmail script. So you send the email to this aliased procmail script, have it scanned, and depending on the outcome of the scan, proceed to forward to the real alias, or do something else with the spam.   Thanks, Chris Santerre SysAdmin

Re: What's with UCEPROTECT List?

Kelson wrote: Matt Kettler wrote: That said, some folks still hate it because you're using some (very little) of their CPU and network to handle your spam. Also, a large number of verifications (say, because someone has been sending lots of spam with forged headers) looks suspiciously like a

RE: Script error

Reginaldo Bray Mendoza wrote: > Hello everybody. > > Today i upgraded spamassassin to last version available (3.1.7). I > tried to execute: > > /etc/init.d/spamassassin status|restart|stop > > and i get the following error message: > > spamassassin: spamassassin script is v3.001003, but using

Re: false positive on citibank e-mail

You're the twit who reduced the required score. Fix it. {^_^} - Original Message - From: "Jo Rhett" <[EMAIL PROTECTED]> Included below is a legitimate e-mail on a legitimate payment that I did make. I've looked at the rule, and I can't figure out why it failed. Original Mes

Re: JD_ rule set?

From: "benthere-nine" <[EMAIL PROTECTED]> jdow wrote: The lowest scoring one of those puppies to hit here ran up a score of 7.3: -1.5 JD_SENDER_RELAYGood list with Sender header 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails 3.0 BAYES_95 BOD

Bayes doesn't seem to be running

I have SA configuered to run via amavis-new Regular rbl and other checks do work But bayes doesn't seem to be running. I am not even sure where to go look to find information about what checks are being run to try and track down the problem Any hints? Thomas Lindell System Admin Airbornedatal

RE: Bayes doesn't seem to be running

I have SA configuered to run via amavis-new Regular rbl and other checks do work But bayes doesn't seem to be running. I am not even sure where to go look to find information about what checks are being run to try and track down the problem Any hints? Thomas Lindell System Admin Airbornedata

Re: This image is turning frequent..

Anders Norrbring wrote: This type of image spam is getting more common, and is not detected.. At least not here.. score SARE_GIF_STOX 2.5 2.5 2.5 2.5 That's all it took, and we don't see it any more. -- Jo Rhett Network/Software Engineer Net Consonance

Re: This image is turning frequent..

I think you guys are going down a much harder road. This only makes sense if and when e-mail with only a GIF is a normal type of e-mail that people find acceptable. Otherwise, just score e-mail with only a GIF and/or some extra bayes poison high and don't bother analyzing it. Kelson wrote:

RE: This image is turning frequent..

Title: RE: This image is turning frequent.. Exactly... and that SARE ruleset is coming very soon :) --Chris > -Original Message- > From: Jo Rhett [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 17, 2006 1:28 PM > To: Kelson > Cc: users@spamassassin.apache.org > Subject: Re: Th

Re: What's with UCEPROTECT List?

Marc Perkel wrote: Not really. If somene had the bandwidth to cause a denial of service through sender verification they could do it more easlly by just attacking the target directly. No one is going to use sender verification as a DIS tool. It's to inefficient. What? You mean the same ineff

Re: What's with UCEPROTECT List?

Dave Pooser wrote: Have you actually seen a server DOSed by sender callouts, ever? I never have and I've ever heard of one Um, yes. Well, I've seen it DoSed by just attempts to deliver to an address that doesn't exist. "User not found" after RCPT TO is the exact same traffic load. That

RE: Having issue with a type of spam I havn't seen before

Title: RE: Having issue with a type of spam I havn't seen before I'm just waiting for some votes before I release the SARE ruleset for these guys. I finally believe I got it nailed down. Thanks, Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com www.uribl.com > -Origina

Re: What's with UCEPROTECT List?

Jim Maul wrote: Kelson wrote: Matt Kettler wrote: That said, some folks still hate it because you're using some (very little) of their CPU and network to handle your spam. Also, a large number of verifications (say, because someone has been sending lots of spam with forged headers) looks s

Re: What's with UCEPROTECT List?

Marc Perkel wrote: So if you have a company who is knowingly and deliberately listing people who they know are in the spam fighting business as spammers, what No. Just like RFC_POST and RFC_ABUSE they are listing people who violate a policy. And by using those BLs, I am choosing not to acce

Re: What's with UCEPROTECT List?

R Lists06 wrote: Maybe... under extremely special circumstances, yet more realistically not. Well programmed software can rate limit itself when things look hokey... Right. And rate limiting limits the real service. Thus, you have ... oh yeah, DENIAL OF SERVICE. THINK! It's not hard. -- J

Re: What's with UCEPROTECT List?

Jo Rhett wrote: Marc Perkel wrote: Not really. If somene had the bandwidth to cause a denial of service through sender verification they could do it more easlly by just attacking the target directly. No one is going to use sender verification as a DIS tool. It's to inefficient. What? You

Re: JD_ rule set?

On Tue, October 17, 2006 18:55, jdow wrote: > to subtract even more points to offset various rules that trigger > on patches, source listings, and oops dumps.) this mail list have enorm spams on it, seams that no one cares to kill it at maillist server level, hmm, does spammers sponcer this mail

Re: What's with UCEPROTECT List?

Marc Perkel wrote: I'm using Exim which caches sender verification results so if the attacker uses a single forged address it would only result in a callout ever 2 hours or so. You really didn't read that page, did you? Yes, it works well for you. But if everyone is doing it, it will fail.

Re: What's with UCEPROTECT List?

Marc Perkel wrote: Generally a dictionary attach uses randon to addresses, not from addresses. Sender verification works on the from address. And if I didn't use sender verification it scould result in a bounce message to the address that I would have verified and the bounce message is a far w

Re: This image is turning frequent..

Just FYI increasing SARE_GIX_STOX has removed this spam from my mailbox. It's doing something right. (I was getting 1-2 an hour prior to increasing that rule's score) Chris Santerre wrote: Exactly... and that SARE ruleset is coming very soon :) --Chris > -Original Message- > From

Re: What's with UCEPROTECT List?

Marc Perkel wrote: Jim Maul wrote: Kelson wrote: Matt Kettler wrote: That said, some folks still hate it because you're using some (very little) of their CPU and network to handle your spam. Also, a large number of verifications (say, because someone has been sending lots of spam with for

Re: ALL_TRUSTED creating a problem

Matt Kettler wrote: Matt Kettler wrote: YOUR network is broken because YOUR network doesn't add Received: headers before calling SA.. That's not EVERYONE, that's YOU. Get your tools to add a local Received: header before you call SA, the auto-detection code will start working. After all, if yo

RE: JD_ rule set?

Benny Pedersen wrote: > > this mail list have enorm spams on it, seams that no one cares to > kill it at maillist server level, hmm, does spammers sponcer this > maillist ? :-) Huh? I don't filter this list and I haven't seen any spam. -- Bowie

Re: ALL_TRUSTED creating a problem

Bowie Bailey wrote: Unless you specify it in the configuration, SA has no idea what servers are local for you. In this case, it has to make a guess so it makes the (fairly reasonable) assumption that the most recent received header comes from a local MX. Oh. I get it. We're trusting headers t

SA Webmail Portal

Anyone developed a webmail portal for Spamassassin?  What I mean by this is.. Some sort of webmail which only has a spam folder so people can see their spam.. anything else passes on through..  I'm running SA in two manners.. One of which is going directly to my pop server and tags all the s

dealing with DoS attacks (Re: ALL_TRUSTED creating a problem)

R Lists06 wrote: As you more than likely already know ...I would encourage you to do consider several things here as realistically several federal and local laws are being broken here and others have ... ... We have dealt with issues like this many times and we take not

Re: SA Webmail Portal

Billy Huddleston wrote: Anyone developed a webmail portal for Spamassassin? What I mean by this is.. Some sort of webmail which only has a spam folder so people can see their spam.. anything else passes on through.. I'm running SA in two manners.. One of which is going directly to my pop serv

Re: improving the sa-update process

Frank Bures wrote: Or you can check that spamassassin is running after restart and if not, start it again. Also you can check that there actually was an update before doing the restart in the first place. Works for me :-) I do the latter already. And as I've stated several times before, spa

Re: false positive on citibank e-mail

Ramprasad wrote: Thats the bane of antispam. If there were no FP's spammers would lose their jobs. ( So will we techies managing antispam :-) ) I've heard that nonsense (losing jobs to problems disappearing) so many times over the years, and it has *never* happened. There's always more tech

Re: false positive on citibank e-mail

Nice insult. Can we stick to fixing real problems, please? jdow wrote: You're the twit who reduced the required score. Fix it. {^_^} - Original Message - From: "Jo Rhett" <[EMAIL PROTECTED]> Included below is a legitimate e-mail on a legitimate payment that I did make. I've looked

Re: SA Webmail Portal

On Tue, 17 Oct 2006, Jo Rhett wrote: > Billy Huddleston wrote: >> Anyone developed a webmail portal for Spamassassin? > > Sure. Use the ability to tag to a plussed address, then virtusertable the > plussed address to a local cyrus server with Squirrelmail, and route the > normal > mail onward.

Re: ALL_TRUSTED creating a problem

Jo Rhett wrote: Matt Kettler wrote: Matt Kettler wrote: So perhaps I didn't get the Received header that will be added by this host. Yeah, so how did it get to SA? That's the problem. How can SA be scanning it, if it hasn't reached this host yet? Does this matter? SA *IS* scanning it, a

Re: ALL_TRUSTED creating a problem

Jo Rhett wrote: Bowie Bailey wrote: Unless you specify it in the configuration, SA has no idea what servers are local for you. In this case, it has to make a guess so it makes the (fairly reasonable) assumption that the most recent received header comes from a local MX. Oh. I get it. We're t

Re: SA Webmail Portal

Chris St. Pierre wrote: Remember, SA doesn't filter, file, deliver, or anything else. You can use it to munge the message, but anything else is up to other software -- in this case, probably your IMAP server. Not entirely true. These options change the delivery address. If you use these an

Howto automatically remove spam instead of maked it as [SPAM]

Hello, I would like to know howto automatically remove detected Spam? I don't want spamassassin to deliver the spam with a [SPAM] tag at the begining of the message but preffer to send it (the spam) directly to something like /dev/null -- Gerhard Mourani -- This message has been scanned for vi

RE: This image is turning frequent..

Title: RE: This image is turning frequent.. I'm embarrassed to ask but, what cf file is that from? --Chris > -Original Message- > From: Jo Rhett [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 17, 2006 1:45 PM > To: Chris Santerre > Cc: Kelson; users@spamassassin.apache.org > S

Re: ALL_TRUSTED creating a problem

Daryl C. W. O'Shea wrote: SA knows *nothing* about the connection that isn't in the headers. In your example in this thread you had two headers, one that was added after SA saw it, and one that came in as DATA. You believe the headers entirely? Okay, so auto detection is even more broken th

Re: Howto automatically remove spam instead of maked it as [SPAM]

On Tue, Oct 17, 2006 at 02:33:04PM -0400, Gerhard Mourani wrote: > I would like to know howto automatically remove detected Spam? I don't > want spamassassin to deliver the spam with a [SPAM] tag at the begining of > the message but preffer to send it (the spam) directly to something like > /dev/nu

Re: Howto automatically remove spam instead of maked it as [SPAM]

SA scans and marks inbound email messages, but does not directly dispose of them. Typically your mail delivery agent (such as procmail) delivers the mail to a given destination, based on the headers as modified by SA. Here's a simple case(procmail rule): :0 * ^X-Spam-Status: Yes /dev/null _

Re: ALL_TRUSTED creating a problem

Jo Rhett wrote: Oh. I get it. We're trusting headers to be more accurate than getifaddrs() ? Am I supposed to agree that this makes sense? Seriously... Daryl C. W. O'Shea wrote: Yeah, seriously. Especially when your cluster of 50+ SA machines don't share the same interface as the other cl

Re: This image is turning frequent..

Chris Santerre wrote: I'm embarrassed to ask but, what cf file is that from? [EMAIL PROTECTED] /usr/local/etc]$ find /var/lib/spamassassin -type f -exec grep -l SARE_GIF_STOX {} \; /var/lib/spamassassin/3.001004/70_sare_stocks_cf_sare_sa-update_dostech_net/200609222100.cf -- Jo Rhett Netwo

Re: Howto automatically remove spam instead of maked it as [SPAM]

On Tuesday 17 October 2006 10:33, Gerhard Mourani wrote: > Hello, > > I would like to know howto automatically remove detected Spam? I don't > want spamassassin to deliver the spam with a [SPAM] tag at the begining of > the message but preffer to send it (the spam) directly to something like > /dev

Re: This image is turning frequent..

Chris Santerre wrote: I'm embarrassed to ask but, what cf file is that from? [EMAIL PROTECTED] rulesets]$ grep SARE_GIF_STOX * -R | grep meta 70_sare_stocks.cf/20060803.cf:meta SARE_GIF_STOX ( SARE_GIF_ATTACH && __IMG_ONLY ) 70_sare_stocks.cf/200608271034.cf:meta SARE_GIF_STOX

Re: SA Webmail Portal

Okay, so next question.. might be totally out of topic for SA.. How can I make the front-end mail server know if a email exists on the backend server.. Example.. I use qmail on my front-end.. I don't like receiving tons of invalid emails just to turn around and attempt to deliver bounces that

RE: This image is turning frequent..

Title: RE: This image is turning frequent.. > -Original Message- > From: Jo Rhett [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 17, 2006 2:41 PM > To: Chris Santerre > Cc: users@spamassassin.apache.org > Subject: Re: This image is turning frequent.. > > > Chris Santerre wrote

Re: domainkeys unverified

Chris, > No, I'm referring to the plugin patch, which according to bugzilla was > going to be applied to 3.1.1 (so I assume I don't need to worry about > this, since I'm using 3.1.4): > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4623 That patch is in the current code as far as I can te

RE: What's with UCEPROTECT List?

> > Right. And rate limiting limits the real service. Thus, you have ... > oh yeah, DENIAL OF SERVICE. > > THINK! It's not hard. > > -- > Jo Rhett > Network/Software Engineer > Net Consonance Don't assume Jo. You do not know specifically what I was talking about rate limiting and why or how.

RE: What's with UCEPROTECT List?

> > Um, yes. Well, I've seen it DoSed by just attempts to deliver to an > address that doesn't exist. "User not found" after RCPT TO is the exact > same traffic load. That was very modern hardware, and it happened just > a few weeks ago. > > Think about it. It doesn't require you to stretch yo

Re: New ebay phish

New phish looks like a LEGIT ebay messege from another user I handle all problems like this at the SMTP level using the old, but extremely powerful Obtuse smtpd daemon (http://sd.inodes.org/). All inbound mail is collected by the smtpd daemon on my MX server, then passed to another machine f

RE: dealing with DoS attacks (Re: ALL_TRUSTED creating a problem)

> > Yes, I know. I'm actually one of the supertechs you refer to. Er, at > least top of the food chain in that regard :-) > > Law enforcement in Santa Clara is excellent, but they have to focus on > the big fish. This is small stuff to them. It's also just small enough > to fall under the rad

Re: SA Webmail Portal

On Tue, 17 Oct 2006, Billy Huddleston wrote: > Okay, so next question.. might be totally out of topic for SA.. How can I make > the front-end mail server know if a email exists on the backend server.. > Example.. I use qmail on my front-end.. I don't like receiving tons of > invalid > emails jus

Re: Is there any way to score this?

Micke Andersson wrote: excuse me for my ignorance, but is this really the correct approach right now, since it is quite a lot of badly configured DNS servers out there. Should this not be handled by the SMTP server as is instead! And return an error code of 421 or something like this. Like AOL

unsubscribe

  unsubscribe

Sender verification (was: What's with UCEPROTECT List?)

At 08:32 17-10-2006, Dave Pooser wrote: You think so? By my count, my server is transmitting roughly 80 bytes of data (HELO, MAIL FROM:, RCPT TO: and QUIT); even with overhead from RBL checks on your side that shouldn't contribute to any load. It's not like an evil spammer could carefully synchro

Re: unsubscribe

At 12:24 PM 10/17/2006, you wrote: unsubscribe As the headers of each message say: list-unsubscribe:

Re: SA Webmail Portal

Sounds like it. - Original Message - From: "Chris St. Pierre" <[EMAIL PROTECTED]> To: "Billy Huddleston" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, October 17, 2006 3:20 PM Subject: Re: SA Webmail Portal On Tue, 17 Oct 2006, Billy Huddleston wrote: Okay, so next question.. might be tot

MailScanner & Postfix

Does someone was able to make MailScanner work correctly with Postfix?? I've MailScanner installed and configured to scan for Spam and Virus through Postfix but look like it's not working as expected, I can see that is start its job but still too much spam received. The only way for me to really an

Re: SA Webmail Portal

Billy Huddleston wrote: Anyone developed a webmail portal for Spamassassin? What I mean by this is.. Some sort of webmail which only has a spam folder so people can see their spam.. anything else passes on through.. I'm running SA in two manners.. One of which is going directly to my pop server

sare suggestions.

ylan Bouterse wrote: > What SARE channels are you subscribing to? I just got the rules_du_jour > script running and added several SARE channels and I'm seeing SARE in my > amavisd log a LOT. Just wondering if there are certain hightly > recommended rule sets to use and those to stay away from that

Re: New ebay phish

On Tue, 17 Oct 2006, Peter H. Lemieux wrote: > The Obtuse daemon also has a function that can reject mail > according to the domain of the sending server's DNS host. That > works well with some spamming operations that have dozens of bogus > domains all pointing at a common DNS host. Any stats f

  1   2   >