Have you looked into "Day old bread"?
http://wiki.apache.org/spamassassin/Rules/URIBL_RHS_DOB
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
-Origina
On 05/15/2014 04:31 PM, James B. Byrne wrote:
On Thu, May 15, 2014 09:08, David Jones wrote:
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
I checked three domain names used by the spam messages received yesterday.
All of the domains were registered yes
gayle...@eircom.net schrieb am 13. Mai 2014 um 12:56 +0200:
>When I send email from my laptop (using KMail)
>containing the string in the above URL,
>I simply get a message saying
>-
>Failed to transport message.
>The message content was not accepted.
>The server responded: "M
James, are these botnet or "snowshoe" spam?
When you get a chance, please provide some spamples (pastebin or
elsewhere), as Kevin recommended. Please mung JUST the email
addresses (e.g. change all email domains to "example.com", and
change the victim account name to "victim"). If the victim
acc
On Thu, 15 May 2014, James B. Byrne wrote:
I have to wonder how soon after creation new domains are added to the
fresh lists.
That's a good question. The only way I can see to maintain such a list is
if you have a registrar data feed, and I don't know what the latency in
that is. I would *as
On 5/14/2014 5:08 PM, James B. Byrne wrote:
Is there any way to limit Bayes content checking to only the first X
characters of the message body? I ask this because it is clear that the spam
messages getting through contain text meant to poison the tests but this
gibberish always trails the main
Hi,
On Mon, May 12, 2014 at 7:08 PM, Karsten Bräckelmann wrote:
> On Mon, 2014-05-12 at 13:46 -0400, Alex wrote:
> > On Sun, May 11, 2014 at 9:32 PM, Karsten Bräckelmann <
> guent...@rudersport.de> wrote:
>
> > > This is supposed to be a rawbody rule. I know, because I've discussed
> > > and par
On Wed, 14 May 2014, James B. Byrne wrote:
Is there any way to limit Bayes content checking to only the first X
characters of the message body? I ask this because it is clear that the spam
messages getting through contain text meant to poison the tests but this
gibberish always trails the main
On Fri, 16 May 2014 07:22:56 -0400
"David F. Skoll" wrote:
James> Is there any way to limit Bayes content checking to only the
James> first X characters of the message body? I ask this because it is
James> clear that the spam messages getting through contain text meant
James> to poison the tests
I implemented a rule that looks for multiple breaks for just that reason.
Can't remember where I "stole" it from - probably some folks here helped me
with it a few years ago. Can't remember who, but appreciated the assistance.
###
On Thu, May 15, 2014 09:08, David Jones wrote:
> We use the fresh15.spameatingmonkey.net RBL.
>
> http://spameatingmonkey.com/lists.html
>
I checked three domain names used by the spam messages received yesterday.
All of the domains were registered yesterday as well. None of them report as
bei
On Thu, 15 May 2014 09:45:21 -0800
Kevin Miller wrote:
> Have you looked into "Day old bread"?
> http://wiki.apache.org/spamassassin/Rules/URIBL_RHS_DOB
Just for the fun of it, I did a manual whois on the domain of one random
spam I got today which was not killed by SA.
Sure enough, the domain
On 5/15/2014 10:31 AM, James B. Byrne wrote:
On Thu, May 15, 2014 09:08, David Jones wrote:
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
I checked three domain names used by the spam messages received yesterday.
All of the domains were registered yester
On 5/16/2014 2:24 PM, Ian Zimmerman wrote:
On Fri, 16 May 2014 07:22:56 -0400
"David F. Skoll" wrote:
James> Is there any way to limit Bayes content checking to only the
James> first X characters of the message body? I ask this because it is
James> clear that the spam messages getting through
On Fri, 16 May 2014 11:24:29 -0700
Ian Zimmerman wrote:
> On close inspection, I see that the hash-busting garbage appended is
> (faux) technical computing talk instead of the usual cookbooks or
> classical literature :-p That is, scrambled Stack Overflow
> discussions and the like. And of cour
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
From: James B. Byrne
Sent: Wednesday, May 14, 2014 11:51 AM
To: users@spamassassin.apache.org
Subject: SPAM from a registrar
This AM we received (and are continuing to re
On 05/14/2014 11:08 PM, James B. Byrne wrote:
Is there any way to limit Bayes content checking to only the first X
characters of the message body? I ask this because it is clear that the spam
messages getting through contain text meant to poison the tests but this
gibberish always trails the mai
>On Thu, May 15, 2014 09:08, David Jones wrote:
>> We use the fresh15.spameatingmonkey.net RBL.
>>
>> http://spameatingmonkey.com/lists.html
>>
>I checked three domain names used by the spam messages received yesterday.
>All of the domains were registered yesterday as well. None of them report
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 15-05-14 16:31, James B. Byrne wrote:
>
> On Thu, May 15, 2014 09:08, David Jones wrote:
>> We use the fresh15.spameatingmonkey.net RBL.
>>
>> http://spameatingmonkey.com/lists.html
>>
>
>
> I checked three domain names used by the spam messa
>On 05/14/2014 11:08 PM, James B. Byrne wrote:
>> Is there any way to limit Bayes content checking to only the first X
>> characters of the message body? I ask this because it is clear that the spam
>> messages getting through contain text meant to poison the tests but this
>> gibberish always t
On Fri, 2014-05-16 at 11:24 -0700, Ian Zimmerman wrote:
> In the last few (~10) days, I have seen a marked increase in FNs,
> usually with Bayes values in the 50s and 60s.
That's a neutral bayes classification. Other rules should be able to
still identify the spam.
> On close inspection, I see th
On Fri, May 16, 2014 15:50, Kevin A. McGrail wrote:
> Enom is a big registrar and in fact owns the registrar I use
> (BulkRegister). I'm surprised they are having an issue. I'll try and
> reach out to them if you can give me a list of some of the domains you
> are seeing problems with spam.
>
>
On Fri, 2014-05-16 at 12:14 -0700, Ian Zimmerman wrote:
> Just for the fun of it, I did a manual whois on the domain of one random
> spam I got today which was not killed by SA.
>
> Sure enough, the domain was a day old.
>
> Running SA --debug on the spam I can see that URIBL_RHS_DOB lookup is
>
On Sat, 17 May 2014 01:34:58 +0200
Karsten Bräckelmann wrote:
> I don't know whether DOB limits DNS queries of a single host.
> However, if you *never* get that rule firing, the NXDOMAIN result may
> indicate exceeding a query limit. Do you use a local caching DNS
> resolver, or does SA use your
On Fri, 16 May 2014 16:20:21 -0400
Bowie Bailey wrote:
> Keep in mind that BAYES_50 and BAYES_60 still contribute positive
> scores by default. Though it is technically a neutral result, it
> still adds a point or two to the score.
> Rather than messing with Bayes, I would focus on the spams yo
David Jones wrote:
> > James B. Byrne wrote:
> > If you keep Bayes well trained (assuming you have enough ham to do so)
> > Bayes poisoning is a myth.
>
> I'm not sure I agree with the "myth" statement. I just had to reset my Bayes
> DB after years of it slowly drifting due to bad user input and
On Wed, 14 May 2014 17:08:26 -0400
"James B. Byrne" wrote:
> Is there any way to limit Bayes content checking to only the first X
> characters of the message body? I ask this because it is clear that
> the spam messages getting through contain text meant to poison the
> tests but this gibberish
On Fri, 16 May 2014 16:30:30 -0400
"James B. Byrne" wrote:
[snip]
> Admin Country: US
> Admin Phone: +1.1115463768
^^^ Illegal NPA code in North America.
They never start with 1 or 0. So far.
However, the network allows one to set
28 matches
Mail list logo
