> >
>
> Agreed. Seems to me that any discussion related to blocking
> spam is relevant.
>
no Perkel, everthing posted is not necessarily acceptable, helpful and/or
relevant.
especially when spamming the list for your tarbaby stuff, free or not.
it appears to me that you used to be a lot m
>
> this is not urls, but ip blacklisted dns ip
>
> url is another test
>
> --
> xpoint
>
benny,
it appears you might have it backwards...
http://www.spamhaus.org/dbl/
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20DBL#287
- rh
benny
i meant your description of DBL
i went to their website and everything they said was opposite of what you
said
- rh
>
> This is a misunderstanding. I am largely against
> whitelisting or negative score rules. I merely intend to
> increase the variety of legitimate mail in the nightly ham
> corpus so our spam-hostile rules can be better tested for
> safety. This will be interesting especially with non-En
apologies we missed the memo(s)
evidentally doing an rpmbuild -tb after downloading the 3.3.2 tarball doesnt
work for rhel4 / centos4 et al?
wow... always seemed like a 3 minute process to me
anyways, i think ive about exhausted a week of google foo.
rpms or tips anyone?
-rh
>
> It's removal was based at least in part on a belief that it
> was not actually usable for anybody. You could take it up
> with the dev list, particularly if you're up for maintaining
> it in a way that's useful for the major rpm platforms.
> Either way you probably want to talk to Warre
warren
thanks for the info
where is the .spec posted ?
any tips on the .spec and modifying the tree to get 3.3.2 working with EL4
until such time as EL6 server can be installed and tested please?
EL6 isnt that old (comparitively) and lab testing will start on it soon
- rh
does anyone get legit emails that come from the mailengine1.com email
marketing servers?
aka streamsend aka ezpublishing ???
it appears to be all spammy to us
also, has anyone written any rules they care to share in regards to this
organization?
- rh
as you know, some emailing companies have multiple domains for mail serving
mailengine1.com
mailengine2.com
mailengine3.com
.
.
.
mailengineN.com
among other domains...
what is the proper way to write a single rule to deal with N series
combinations?
header __LOCAL_MAILENGINE1 ALL =~ /maileng
> There are a couple of ways to do it.
>
> If you know that the numbers are 1-9, you could do this:
>
> header __LOCAL_MAILENGINE ALL =~ /mailengine[1-9]\.com/i
>
> (this is matching a single character. You could NOT do [1-12])
>
> If you just want to allow for a number, you could do this:
>
>
> And using ALL means that you would match your own thread:
>
> Subject: all spam emails from mailengine1.com servers
>
> I'd suggest you use the X-Spam-Relays-Untrusted pseudo header
> as previously mentioned.
>
thank you
are you suggesting that a person look at
http://wiki.apach
greetings SA users
there sure seems to be a lot of from .info server spamming
wierd temp registered .info domains spamming eh?
for those of you with volume, large or small, care to share an SA tips on
how you deal with .info domains?
i would imagine there is a very small percentage of valid em
>
> On Sun, 6 Nov 2011, darxus
>
> > I'd like to get this added to the default rule set, any objections?
> >
> > header FROM_MYFANBOX From:addr =~ /\@myfanbox\.com$/i score
> > FROM_MYFANBOX 5
>
> Not at that score.
>
> I'll add it to my sandbox right now so we can see what happens.
>
>
some of you, like we did, probably noticed long ago that some ip addys rdns
to "localhost"
example
113.166.175.153
dig -x 113.166.175.153
;; QUESTION SECTION:
;153.175.166.113.in-addr.arpa. IN PTR
;; ANSWER SECTION:
153.175.166.113.in-addr.arpa. 86353 IN PTR localhost.
;; AUTHORIT
apologies in advance for asking
i know part of the answer can be found in the wiki, yet it isnt 100%
definative.
have these older FVGT rulesets been incorporated into the current SA
versions?
i.e. 00_FVGT_File001.cf and 88_FVGT_headers.cf and 99_FVGT_Tripwire.cf
we shouldnt be using these rule
pardon me for my ignorance, yet if you think about it, the OP's idea is why
some royalty had food and drink tester / tasters centuries ago
assume all food and drink is poisoned
problem is, if the poison wasnt fast acting, the royalty would ingest it and
die anyways.
eh?
not or negating theory
christian
i wasnt picking on you or your ideas
locks are not a good anology unless you unplug or close port 25
those were mentioned on the list
you are possibly on to some things, yet part of what you are on to is
already late to the table
i think you are realistically confused about truly "ne
Christian,
when you reply to people, dont put their email address in the post.
please stop that.
again, if you would read the posts slowly and correctly, i was not attacking
you or your ideas.
see the word "not" there...
this is a discussion list, not a discrediting list.
in terms of negation
>
> It's not always just branding. It's also, giving proper attribution.
> Organisations and people should be credited appropriately for
> their contributions. It's the respectful thing to do.
> "GNU/Linux" is the best example of this IMO.
>
> At least you said "free software arena" and not "o
bottom line is
yes, we would mind
mainly about the enabled by default part
there are too many scenarios & reasons to argue for and against it at this
moment in time
- rh
greetings
how are you folks on this list dealing with unwanted solicitations from
companies that spam via netsuite.com ?
-rh
is anyone else getting spam from venamail.com servers ?
they usually come from a something.co.uk type email addy
usually letting spam and now starting to adver other junk
we see a coupla few a week slip through.
how are you dealing with it in terms of spamassassin rules or otherwise?
- rh
> Should be blatantly obvious, but since you asked...
>
> Lack of volunteer time, manpower or a paid position? Maybe
> also a mass- check run, since this might have more overall
> impact? Possibly?
>
i wouldnt know about the internal stuff you mentioned although i didnt
really ponder that.
is this DKIM-Reputation setup for any *general* current spamassassin
deployment or does it only work with certain MTA setups ???
i am asking because i believe what i saw was that Amavis was mentioned, and
nothing else.
TIA
- rh
i was checking a server the other day and i noticed a bunch of these in the
logs
from='"=?utf-8?Q?Joe=20Blow?="
the Joe Blow part is what shows in the email as if it was a real name
i changed it so it was more exaple'ish
how should this be dealt with in a rule ?
i would take that rule and pu
> >
> > from='"=?utf-8?Q?Joe=20Blow?="
> >
> > how should this be dealt with in a rule ?
> >
> > i would take that rule and put it in a meta combination
>
> That's a perfectly valid way to encode text that contains
> non-ASCII characters. Does it appear in mails that you know
> are spam, and th
>
> But this is all *OT* and has no relevance to SA. Why this
> list was spammed with an unscientific spin of a claim in the
> first instance just shows the dark hand of Barracuda at work.
>
>
>
Richard,
i imagine you are far more knowledgable than me (and others) in most
respects re: spam
> Richard Wrote:
> No. Here is why. When someone posts a Barracuda send-up that
> is questionable, it will still end up in the archives. It is,
> therefore, relevant that any counter argument and supporting
> material be archived with it for balance. My follow ups have
> been entirely within t
i want to publicly apologize to richard and the list.
although i firmly stand behind what i posted, i should have done it off
list.
i ask richard and the list to please forgive me
thanks you
- rh
> RW wrote:
> The idea that I'm attacking you is just your paranoid fantasy.
>
RW,
there is a song in those last 4 words...
just need lyrics and a major recording star and you will be more wealthy !
- rh
>
> Then why do it?
>
> If it causes you frustration, is the time worthwhile?. Surely
> readers of this list aren't expecting anyone to develop an
> Aneurysm from dealing with non-subscribers to the list..
>
> Cheers,
> Mike
>
>
i seem to recall that the SA list software accepts submissi
have many, or any of you folks on the list migrated your production servers
to the 3.3.0 alpha 2 or later release?
- rh
> if spf_pass yes :-)
>
> reject neotral and softfail for hotmail.com reduce it nicely
> here without reject valid mail from hotmail, oh yes there is
> still spam sent from hotmail that gets pass, but then its
> surely more easy to complain it was not me
>
benny,
at what stage are you dea
>
> Sorry for the OT post, but the simscan list appears to be
> completely dead and I need to figure this out. I've used
> simscan in the past with no problems; I just can't figure out
> what's happening to spam scoring higher than 6.0 but less
> than 12.0, so anybody who's familiar with t
> but it could be nice that sare rules was checked in the mass
> check for 3.3.x to get the best rules out in new rule sets
>
> or would some other try this ?
>
> --
> xpoint
Benny!
excellent idea in general...
will those in authority in SA team please act upon this and tell us in some
pos
>
> RCVD_HOSTKARMA_BL Black
> RCVD_HOSTKARMA_WL White
> RCVD_HOSTKARMA_YL Yellow
> RCVD_HOSTKARMA_BR Brown
>
> OTOH, I really like these new names. My brain thinks less
> hard to recognize them.
>
> How do other people feel. Should we stick to his old names
> with JMF in the Wiki or these
>
> Marc,
>
> Could you please decide between the existing JMF rule names
> or the above proposed HOSTKARMA names? It seems opinions are
> split here.
>
> Warren
>
>
warren,
marc already decided once, please dont give more choices...
you should have thought that out before putting the l
>
> I'll note that he's the one that said he prefers HOSTKARMA
> names, despite his own Wiki saying JMF.
>
> Warren
>
>
Warren,
so noted...
:-)
his wiki and his entries in the SA wiki too...
and this isnt a witch hunt by any means...
you desiring to set it up and run it through the SA
marc
dont forget this one
http://wiki.apache.org/spamassassin/MarcPerkelsExperiments
- rh
_
From: Marc Perkel [mailto:m...@perkel.com]
snip
Yes - the wiki is updated.
> I have no explanation,
>
> Their supposed complaint is, they don't know *nix. But my
> coworker and I manage those boxes, so even if one of us left,
> there would be at least one person to run those boxes.
>
> SA/ClamAV has been working great. Our BSD box sits in front
> of the Exchan
>
> I grew up in Guadalajara and still have friends there, and in
> 'el De Effe' as well as scattered around a few other places
> in Mexico and I can confirm this is simply not true. No one
> uses all caps as a sign of respect.
>
> I can't speak to other Latin American countries. Perhaps th
>
> Probably because you are not short-circuiting on the whitelist. ;)
>
> Any whitelist rule is just that -- a plain, ordinary rule.
> With a score.
> There is no magic, and other matching rules always can
> overrule any other fraction of the equation.
>
> If you *know* a given message is
> >
> Funny, after the discussions yesterday, I did the same thing
> only to wake up this morning with a mess of mis-marked
> messages due to hits on hostkarma. Until I can do further
> analysis, I've dropped RCVD_IN_HOSTKARMA_BL and
> RCVD_IN_HOSTKARMA_WL to .001 and -.001 respectively.
>
>
> >
> >
>
> All I can say is that if these numbers were real or typical I
> would be out of business.
>
perkel,
i might be wrong, yet it doesnt appear to me that Jari have enough mail
volume to have a reasonable statistical base...
- rh
i used to be able to use wget to "easily" download rules from jhardin and
other sandboxes
now with this new viewvc, it is a total pain in the backside to do anything.
how do we make it so it is easy to get the sandbox rules again?
- rh
>
> I am running a qmail + simscan + spamassassin + clamav on a
> centos 5.3.
>
> Regards
>
s..a..l...@gmail,
there are many ways to do it...
you could try
@example.com
in your
/var/qmail/control/badmailfrom
might work... depending on some factors...
you could smtp reject above a cer
>
> Any other DNSBL's out there that you folks use that are worth
> comparing?
>
> Warren Togami
> wtog...@redhat.com
Warren,
ask michael scheidell... he has a list for you that is 100% effective...
:-)
- rh
> Complaints liks this keep coming up for various whitelists.
> The usage alternative I just suggested may solve this problem
> for many people.
>
> --
> Rob McEwen
Mc,
what usage alternative?
- rh
here is a fine chance for everyone to vote on some new rule names...
ill seed it...
CONSTANT_PITA_BULK1
let's be creative now, it's Friday!
well, it is always Friday, but you get the point...
- rh
>
> So, even though I cringe when I hear a name like Constant
> Contact, it does serve a legitimate business need.
snip
> Chris Hoogendyk
>
Chris,
-1
no disrespect to you intended, yet says who?
our general experience with Constant Contact is negative.
- rh
>
> That domain name should earn an email that came through their
> servers an additional 2.5 points IMO. It has been a thorn in
> my side since 3, maybe 4 years now.
snip
> --
> Cheers, Gene
Gene,
and anyone else that cares to share please...
what are you using for your various rules to
>
> I wouldn't say they are perfect but they try to be. It's
> close enough for my white list. They shut down abusers and
> the opt out works.
>
>
marc,
we shouldnt have to opt out...
-rh
marc,
yes, yes it does make it spam if i have no idea who they are or why they are
emailing me and/or my clients.
it sure as all get out makes it spam.
marc, are you boozing or just tired?
- rh
Perhaps, but it doesn't make it spam.
>
>
> It's amazing to me you have ANY Mac users as customers.
>
> Tell you what, the guys down the hall from me run a
> Mac-oriented hosting service, MacHighway.com. Refer your Mac
> users there. They will not be treated as if they are 'dumb as
> a stamp'.
>
LuKreme!!!
please fly my fam
some centos people are having a pub party and the "kings and queens" in
london
it might be over already based upon time difference from usa
maybe all of you could go there and drink beer and duke it out or something
constructive
;->
- rh
looking for theoretical and practical insight on general multi domain email
hosting type servers...
Q1) on high volume email servers, is it wise to expire more than once a day,
or is once a day the "right" amount so that once is not always in some form
of expiring ???
the setup questions is so t
didnt anyone think that the emailBL project was good enough in adding an
extra factor of protection to continue development?
- rh
> From: Hajdú Zoltán wrote
>
> Then whos job? :) Habeas doesnt monitor Your Inbox.
>
> If You have the time to write here just for 'flaming' against
> a ~good concept...
> ...Maybe it would be a better idea to spend that time on
> supporting them with Your feedback.
>
> Cheers,
Hajdu,
we
just got spammed via constant contact via Aloha Communications Group on our
"email lists" email address from afrit...@aloha-com.ccsend.com
obviously trolling for email addresses
would the Constant Contact employee(s) and advocate on this list please kick
some hiney after you are done rolling ar
thanks Tara, not the hugest biggie...
yet since we are only on a few select lists and use this email address, i
figured several others on this list were getting it too
i did forward both to abuse at your site with headers
happy gobble gobble everyone!
- rh
I've got Compliance on it alre
>
> uri LOCAL_URI_C_CONTACT m{constantcontact\.com\b}
> score LOCAL_URI_C_CONTACT 12
> describe LOCAL_URI_C_CONTACT contains link to
> constant contact [dot] com
>
thanks Ned,
i do have a coupla companies that use CC for email so i wont totally whack.
they
>
> I'm interested in people's opinion of UCEPROTECT. I'm aware
> of how it works, but even UCEPROTECT1 seems to catch an awful
> lot of ham, and I wondered if I was doing something wrong.
>
> I've set the score to 0.01 for now, while I watch and see how
> it works here. What's a more reaso
>
> if it was just for me you would post it on maillists ? :)
>
> thanks for clearify it, atleast for me
>
Benny,
sure we would! as ummm ...well, you know, you are just so lovable... :-)
seriously, and the reason you are so lovable is that even if i read some
(not all) of your posts over
>
> If you disagree with a particular entry on either the
> (formerly Habeas) Safe list or the Certified list, we've made
> it extremely easy for you to tell the people who operate
> those lists. Hint: insulting me on this mailing list has no effect.
>
> --
> J.D. Falk
> Return Path Inc
>
> From: LuKreme
>
> Look, get a room. Or at least take this twisted courtship
> dance offlist and spare us, please.
>
LuKreme,
certainly we understand your point here, yet what about accountability for
Return Path Inc (and other RPI companies) related rules in the default
Spamassassin conf
>
> I'm sure we would all live with the occasional true 'opt-in'
> request, if we knew that the end result would be that it
> would stifle spam by giving the legitimate mailers, the ones
> whose mail we *want* anyway, a better chance to reach us.
>
> - Charles
>
Charles,
Nyet, nyet, nyet
>
> After all this debate about a negatively scored rule I'd
> disable it anyway, because the spammers on the list will
> target it specifically now, knowing it works well for them.
>
> Stucki
Stucki,
it seems to me that you, of all people, would want a small negative or
positive score on th
forgive me for asking this in the middle of this thread yet in all
seriousness...
Q) what is the inverse of Spamassassin ?
i am quite certain that those in the know have spent a lot of time thinking
about HAM signatures.
maybe that isnt quite the right way to say the question...
so, what do yo
>
> Nonsense. I had to score this list -2000 just to keep it from
> scoring so darn high that it was hitting the 'automatic'
> rejection at the SMTP gate before any of my whitelists could
> function. Sometimes legit mail scores high. A 'truly clean
> company' should be permitted to enjoy a 'w
in the post there was mention of
- added or updated many rules; incomplete list in no particular order:
vbounce, lotsa_money, muchmoney, image spam, fill_this_form,
FreeMail...snipped
Q1)is there a location that shows the "complete list" at this time?
if not,
Q2) will there be a complete li
>
> This should be fairly easy to do: configure SA with the
> language(s) you will accept and the ratio of misspellings to
> total words that you'll accept as meaning 'unwanted language'
> after numbers and HTML tags have been excluded from the
> check. Apply the test to the whole body of a
> perkel wrote:
> I have yet to find ANY use for SPF. And SPF causes nothing but problems.
Marc,
why nothing but problems?
is a lot of your system "mail forward" orientated?
care to elaborate w/o going into the same old SPF diatribe?
maybe there is something useful you havent had the
i spose we are concerned about "renames" of rules although there are pry not
many of those...
the main concern would be duplicate rule(s) functionality based upon the
long lifespan of 3.2.5 and ummm sharing on the list and otherwise...
could be same function with different name etc
all will com
snip
>
> But, as I said, I highly trust my well-placed contact who
> vouches for emailreg.org, so I'm satisfied.
>
snip
> --
> Rob McEwen
Rob,
:-)
um you did say it a coupla times.
once was enough though right?
:-)
we know who *you* are, yet if you are going to reference this "trusted
> Still doesn't answer my question. Perhaps I'm "dense". But to
> spell out my question more explicitly:
>
> what do you mean by "personal response spam"? Is that just
> Richard's on-list responses we've all seen? Or something
> else? (did I miss that part of the conversation?). And what
>
>
> When running site wide, how do you get ham to train bayes? I
> can manage spam by spam reporting and such, but getting ham
> without breaching the privacy of our users is my problem.
>
> raj
>
Raj,
one potential option is to setup bayes autolearn thresholds with proper
scores for your
>
> Axb
> PS: If JM posts a link to his Amazon wishlist, maybe we can
> all help him decorate the new place :-)
>
>
>
+1
- rh
marc,
what if there is no RDNS ?
;-)
- rh
>
> I'm the only one? Really? That doesn't jibe with my memory,
> but I'm not scanning the entire list to prove you wrong.
>
> Really?
>
> Yeah, sorry, not buying it.
>
LuKreme et al,
you were not the only one much goes under or over the radar on the
list...
re those rules, we see 2
> I believe on the whole Warren Togami's posting about a
> whitelist performance on a masscheck settles the affair.
> White lists are very reliable. They are also very unnecessary
> within SpamAssassin. So perhaps the whole topic can die.
>
> I also note that the people complaining about the w
as far as museum pieces go, i submit that my first was an Apple 2E if i
remember correctly..
BRUN BEERRUN
was an interesting game, or something to that effect... ;-)
...and (snore) i also programmed a helicopter to fly across the top and drop
a bomb on a "space invader" and go boom...
wow hu
> The absolute, without a doubt, biggest POS I ever had to live
> with was an
> 11/23 that had more hdwe bugs than all issues of windows
> combined since DOS5.0. Dec field engineers changed every
> piece in that thing except the frame rail with the serial
> number and all they managed to do
is this older link still working and keeping realtime track of updates?
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/
specifically this link
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/
since i have been watching these devels
thanks
- rh
>
> or create a bug to have dnswl use trusted_networks from
> local.cf in spamassassin
>
Benny
can you help me / us better understand what you are getting at here and why?
something you already do or implement?
i wish i knew a better way to ask the question(s) so that you could better
hel
>
> Spamassassin is not something trivially installed like a
> piece of Microsoft junkware. In fact, it is nearly impossible
> to get it to do anything useful without reading lots of
> documents Daryl. Couple this with the fact it only *scores*
> mail - it does not block it - any mish mash
>
> In the absence of evidence to the contrary, yes.
>
> If it's that big a problem for you in real life, then you
> should be able to provide FNs to the masscheck corpora that
> will _prove_ these scores are too generous.
>
> We understand your philosophical objection. Providing hard
> evid
Justin,
We were able to knock off 4 items in the Amazon USA list with expedited
shipping 8 to 16 days from USA.
hopefully it will take them off your wish list...
Yes, we would love to see your ummm Sought rules back online if they are not
already
are they?
if you need us to put an ind
>
> Hopefully you didn't buy him that brewing book, or we'll
> NEVER get any more rules out of him! :^)
snip
> Is there anything that would help out the cause,
> hardware-wise? I think I remember Justin saying that privacy
> concerns about the email corpus made sharing the load
> impossible
>
> It would be nice to be able to throw some cycles at this
> problem, but it might take more more to figure out how to do
> that safely than it's worth?
>
> Anyway, if something gets figured out count me in on
> contributing space CPU time.
couldnt the data be encoded and then unencoded
>
> > do i need to read the apache foundation docs somewhere?
>
> You're of course more than welcome to. Perhaps the best
> place to start is here [4] and here [5].
>
> [1] http://spamassassin.apache.org/
> [2] http://svn.apache.org/repos/asf/spamassassin/trunk/CREDITS
> [3] http://www.apache.
>
>
> Nope. It works. I'm looking at 3.3 carefully but nothing
> stands out.
>
> --
> Jo Rhett
Jo,
do you have changes / hopes / ideas / suggestions for SA to make it better
or more better or whatever?
- rh
> Cc: Spamassassin users list
> Subject: Re: [sa] Re: FH_DATE_PAST_20XX
>
> Damn -- mea culpa. When we fixed the bug in SVN trunk in bug
> 5852, I should have immediately backported it to the 3.2.x
> sa-update channel when I commited that patch, but I didn't.
>
> It's now fixed in updates,
>
> The easiest way to see what is being changed since your last
> sa-update is to first sa-update /tmp and diff. The change is
> trivial but significant...
>
snip
>
>
> -jeff
>
thanks Jeff,
umm what we saw was that the first FH_DATE_PAST_20XX update rule push wasnt
actually corrected...
> >
> /20[1-9][0-9]/ --> /20[2-9][0-9]/
>
RW,
thank you...
exactly what we thought.
exactly what others said/thought.
we changed it to this before the update and still had the issue.
so we changed back to the older version and then zero'd the score.
waitied for the update
after the upda
>
> > The rule is probably also defined in some other file.
> > Are you using 00_FVGT_File001.cf? If so check there.
>
> 00_FVGT_File001.cf is updated on the rulesemporium site also
> where its based so you could fetch a new copy there also if needed.
>
> http://rulesemporium.com/rules/00_F
> From: Christian Brel
> Sensible folk know people like Return Path will never grow
> the balls to stand up to eBay, they will just take the money
> and smile.
>
Christian Brel,
are you suggesting that orgs like Return Path buy some body part growth
pharma ?
;->
- rh
> From: tonjg [mailto:t...@freeuk.com]
> On 01/13/2010 07:22 PM, tonjg wrote:
>
> thanks for your response Ned.
> your last line describes exactly what I want to do - reject
> mail, do it at the smtp stage in sendmail - but I don't know
> how to achieve this.
> --
TonJ,
http://lmgtfy.com/
> From: Adam Katz
>
> I can definitely relate. My $10 Titan Peeler is less
> effective than a rusty old pocketknife, and it somehow cost
> me $43 (had to buy two, shipping was about 2x the "cost").
> Not only that, but I never saw the total price until the
> order had finished, and I coul
>
> Ask your customers - block the ads for a while and see if
> anyone complains.
>
>
> /Per Jessen, Zürich
>
>
that's right, experts should always ask the uninformed or unqualified.
;-)
- rh
>
> I have them blocked here because they have sent me two
> totally unsolicited emails that got through hostkarma
> whitelist. They were on my dubious list because of stories
> I've heard about them. This places them on my specific
> blacklist. This is a particularly large problem given thei
1 - 100 of 120 matches
Mail list logo
