Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-11 Thread Neil Schwartzman
On Jun 10, 2013, at 9:30 PM, Dave Warren wrote: > I doubt it's "a guy", but it wouldn't surprise me if the botnet that performs > the dictionary attack forwards the results off to "a guy" to confirm that > the account works. no, really, it's a bot. They have tens of millions of compromised a

sa-update: MIRRORED.BY is 404 for any channel

2013-06-11 Thread Mike Brown
I'm running 3.3.2 on two FreeBSD 8.3 systems on different networks. Both systems are configured roughly identically with regard to SpamAssassin. One system runs Perl 5.16 (not sure if that matters) and can run sa-update without error, but the other runs Perl 5.12 and gets 404s when it tries to u

Re: sa-update: MIRRORED.BY is 404 for any channel

2013-06-11 Thread John Wilcock
Le 11/06/2013 10:28, Mike Brown a écrit : I'm running 3.3.2 on two FreeBSD 8.3 systems on different networks. Both systems are configured roughly identically with regard to SpamAssassin. One system runs Perl 5.16 (not sure if that matters) and can run sa-update without error, but the other runs P

Re: sa-update: MIRRORED.BY is 404 for any channel

2013-06-11 Thread Mike Brown
John Wilcock wrote: > > Jun 11 00:05:07.327 [43091] dbg: http: GET > > http://spamassassin.apache.org/updates/MIRRORED.BY"; request failed, > > retrying: 404 Not Found: > > 404 Not Found Not Found > > The requested URL /updates/MIRRORED.BY" was not found on this > > server. Apache/2.4.4 (U

RE: sa-update: MIRRORED.BY is 404 for any channel

2013-06-11 Thread Martin
> -Original Message- > From: Mike Brown [mailto:m...@skew.org] > Sent: Tuesday, June 11, 2013 10:38 AM > To: users@spamassassin.apache.org > Subject: Re: sa-update: MIRRORED.BY is 404 for any channel > > John Wilcock wrote: > > > Jun 11 00:05:07.327 [43091] dbg: http: GET > > > http:/

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-11 Thread David F. Skoll
On Mon, 10 Jun 2013 20:27:05 -0700 Marc Perkel wrote: > I'm not sure. I'm wondering if they use automation and maybe it's not > so smart. I don't think there is "a guy" typing passwords. Certainly not, but it's easy enough to program a password-cracker to try to detect honeypots. Regards, Davi

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-11 Thread David F. Skoll
On Mon, 10 Jun 2013 20:33:29 -0700 Marc Perkel wrote: > We'll - it does waste their time and resources. Not so they'd notice. The basic rule is: No matter how much computing power and bandwidth you have, the spammers have a lot more. Trying to tie up their resources is a waste of time. Regard

Re: Large # of Spam getting through all of a sudden.

2013-06-11 Thread Kris Deugau
Alex wrote: >>> Hi Kris, >>> >>> I'm trying to get your extract-data script running, and having some >>> difficulties. It's dying at the $spamtest->check($mail) call. It just >>> never returns. What does that function do? As best I can recall it runs some trailing bits of what you might reasonably

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-11 Thread Dave Warren
On 2013-06-11 00:48, Neil Schwartzman wrote: On Jun 10, 2013, at 9:30 PM, Dave Warren > wrote: I doubt it's "a guy", but it wouldn't surprise me if the botnet that performs the dictionary attack forwards the results off to "a guy" to confirm that the account works

Re: Large # of Spam getting through all of a sudden.

2013-06-11 Thread Alex
Hi, Kris wrote: > As best I can recall it runs some trailing bits of what you might > reasonably call "message parsing", and at least the first stages of > running rule checks. I couldn't find a middle ground that only did the > real minimum necessary for extracting the relay IPs and URIs from th