Re: Flooded by a SPAM always containing the same picture

2009-05-05 Thread Randy
Adam Cécile (Le_Vert) wrote: Hello, Both my personnal and pro. emails get this stupid spam. Here is the image: http://dedibox.le-vert.net/divers/DSC.png Is there any rules that can block it ? It seems the picture is always the same. Thanks in advance, Regards, Adam. You may be flooded n

Re: Flooded by a SPAM always containing the same picture

2009-05-05 Thread Randy
Charles Gregory wrote: Just a quick question: I'm noticing that these 'png' spams don't have a text section, or any message body text, and yet my SA does not trigger on any 'message does not contain text' rules? I've seen rules trigger when messages are a high percentage of image versus text

Re: Flooded by a SPAM always containing the same picture

2009-05-05 Thread Randy
Adam Cécile (Le_Vert) wrote: RW a écrit : On Tue, 5 May 2009 14:44:29 +0200 Matus UHLAR - fantomas wrote: On 05.05.09 14:16, "Adam Cécile (Le_Vert)" wrote: Both my personnal and pro. emails get this stupid spam. Here is the image: http://dedibox.le-vert.net/divers/DSC.png Is there

Re: Flooded by a SPAM always containing the same picture

2009-05-08 Thread Randy
Ned Slider wrote: Ned Slider wrote: Martin Gregorie wrote: On Wed, 2009-05-06 at 02:08 +0100, Ned Slider wrote: I had one sneak through today which didn't hit any rules at all (it hits a few DNSBLs now but not when I received it). It contained an inline png: Content-Type: image/png Content-

Re: mcafee sees drop in spam?

2009-05-08 Thread Randy
Michael Scheidell wrote: looks like mcafee sees a 20% drop in spam? wonder what that is about. I'm not seeing a drop in ATTEMPTED spam (I see MORE ATTEMPTED spam). Mostly this new 'blank email with a png' in it. Sanesecurity rules seem to be keeping up with it for the most part. I wonder w

Re: mcafee sees drop in spam?

2009-05-08 Thread Randy
Martin Hepworth wrote: Spamcop stats don't show this - yes the number of picture spams is going up, but not spam generally. http://www.spamcop.net/spamgraph.shtml?spamyear -- Martin Hepworth Oxford, UK 2009/5/8 Michael Scheidell > looks like mcafee sees a 20

Re: Increase in Spam since 7am EDT

2009-05-12 Thread Randy
Rick Macdougall wrote: Hi, I'm seeing a massive increase in connection attempts since 7am EDT this morning. Most is being rejected because of not existing users but the majority that is getting through is hitting "Sanesecurity.Casino.11228.UNOFFICIAL". I'm seeing this across 5 different s

Re: Is email becoming unusable due to spam and antispam?

2009-05-15 Thread Randy
Igor Chudov wrote: Just today a buyer reported that my reply to him ended up in his spam folder. Concerned by this, I sent an email to my Yahoo! account and that one disappeared somewhere. The one I sent to gmail, however, got there quickly. I may be overreacting and, perhaps, it is a coincidence

Re: copy spam mail to separate mailbox

2009-07-16 Thread Randy
Evan Platt wrote: > At 11:22 AM 7/16/2009, you wrote: >> I have a postfix/SA setup and I was wondering if anyone knew how to >> COPY an email marked as spam instead of redirecting. >> Not this: >> /^X-Spam-Flag: YES/ REDIRECT spam...@example.com > > As that's really a postfix question, not a Spam

botnet dos

2008-10-14 Thread Randy
ipients? I could also addd thousands of infected hosts to a BL, but is it worth the time and which list would be best for this? Any insight into this would be nice. Thanks, Randy Ramsdell

Re: botnet dos

2008-10-14 Thread Randy
on't quote me on that. Thanks, Randy Ramsdell

Re: botnet dos

2008-10-14 Thread Randy
Ken A wrote: Randy wrote: Martin Gregorie wrote: Why would a botnet waste resources by sending tens of thousands of spam to a single e-mail address? Is it really a spambot or could it be a DDOS attack? Martin It is both but not actually. :) It appears to be a spambot ( botnet

Re: botnet dos

2008-10-14 Thread Randy
John Hardin wrote: On Tue, 14 Oct 2008, Randy wrote: It appears to be a spambot ( botnet ) , and it really isn't enough traffic to cause DDOS so I really should change the topic header. The traffic may be 4 - 10 emails per day for this email address. To a _single_ invalid ad

Re: botnet dos

2008-10-14 Thread Randy
mouss wrote: Ned Slider a écrit : Randy wrote: Ken A wrote: Randy wrote: Are you sure it's not spam bounces (joe job)? This is more common than a spam attack Ken Yeah we get those in spurts, but this appears to not be the case. We are getting thousands of con

Re: How do i block email with a domain in a message like this?

2008-10-16 Thread Randy
mail server to handle it. It is better to block messages from even getting to your filtering applications. Randy Ramsdell Foreclosure.com

Re: How do i block email with a domain in a message like this?

2008-10-16 Thread Randy
John Hardin wrote: On Thu, 16 Oct 2008, Randy wrote: McDonald, Dan wrote: On Thu, 2008-10-16 at 08:02 -0700, linuxbox wrote: > rawbody spam_domains /blockeddomain\.com/i uri spam_domains /blockeddoamin\.com/i If you need to block a domain from sending e-mail, then use the mail server

rfc-ignorant spamassassin score

2008-10-17 Thread Randy
Is this really necessary for yahoo.com generated e-mail? 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org 1.4 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org 1.7 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org RCR

Re: rfc-ignorant spamassassin score

2008-10-17 Thread Randy
Michael Scheidell wrote: Is this really necessary for yahoo.com generated e-mail? 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org 1.4 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org 1.7 DNS_FROM_RFC_POST RBL: Envelope sender in postmaster.rfc-ignorant.org

Re: had it with spaces spam and idiots at hotmail

2008-10-29 Thread Randy
lags ST_SPACES_BUMP net score ST_SPACES_BUMP 5 We are receiving lots of this. Also look out for the university degree spam which seems new and using botnet. Randy Ramsdell

Re: why is this message hitting URIBL_BLACK ...

2008-10-29 Thread Randy
Claudia Burman wrote: ...if the URI is not listed in www.uribl.com ? Return-Path: <[EMAIL PROTECTED]> Received: from [...] (sending to my server) Received: from pikachu.nic.ar (unknown [140.191.48.11]) by maderna.nic.ar (Postfix) with ESMTP id 83E07D7049; Wed, 29 Oct 2008 12:23:19 -0200

Re: Phishing rules?

2008-10-30 Thread Randy
Micah Anderson wrote: I keep getting hit by phishing attacks, and they aren't being stopped by anything I've thrown up in front of them: postfix is doing: reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client lis

appriver.com backskatter

2008-11-13 Thread Randy
Appriver.com, an e-mail filtering company, sends backskatter or it sure appears so. -- Forwarded Message From: <[EMAIL PROTECTED]> Date: Thu, 13 Nov 2008 08:22:41 -0500 To: <[EMAIL PROTECTED]> Subject: WARNING. Mail Delayed: Lose 20 pounds in 3 weeks!!! This is a warning message only. You

Re: New spam-to me-and how do I stop.

2009-01-06 Thread Randy
Craig wrote: Hello All- I have recently been getting MANY spam slipping through Spamassassin and I am looking for help on how to stop. I have used Spamassassin with Bayes successfully for many years now and once I train the system on new spam, the system does an excellent job of stopping. T

Re: New spam-to me-and how do I stop.

2009-01-06 Thread Randy
Craig wrote: >>> Randy 1/6/2009 2:18 PM >>> Craig wrote: > Hello All- > > I have recently been getting MANY spam slipping through Spamassassin > and I am looking for help on how to stop. I have used Spamassassin > with Bayes successfully for many years now

Re: New spam-to me-and how do I stop.

2009-01-08 Thread Randy
Matus UHLAR - fantomas wrote: On 07.01.09 11:46, Craig wrote: X-Mailer: Novell GroupWise Internet Agent 7.0.2 HP Randy 1/6/2009 2:42 PM >>> Post 3 similar messages on pastbin so that we can determine a common factor between them. Use pastbin, not this list to

Re: Novice Installation Help

2009-01-08 Thread Randy
dave_c00 wrote: I dont have any package manager... The people we rent the server from are absolutely useless and provide no help unless you pay them a small fortune. My server details are as follows: Linux 2.6.22-8-server i686 GNU/Linux Perl 5.8 Spamassassin 3.2.5 I may appear thick but when it

SA timeout

2009-01-13 Thread Randy
Hi, Mail occasionally slows down here and the main issue we see is the very long SA checks and SA TIMEOUTS. This forces us to drop the size mail we scan and restart Amavis and Apamassasin otherwise the queues will grow into the thousands. Also note that the Amavis daemons will be running at 1

Re: more habeas spam

2009-01-15 Thread Randy
Neil Schwartzman wrote: On 2009-01-06 22:19:39 GMT LuKreme kreme.com> wrote: If you want the real history of Habeas in a nutshell, the company went to hell when Anne Mitchell left (the same Anne Mitchell who was part of MAPS back in the day). She's now at the Institute for Spam and Intern

Local rules trigger bug

2010-08-06 Thread Randy Ramsdell
I found an bug in spamassassin that can be reliably reproduced when using our local rules. What would be interesting is to track down where this bug is exactly. 1. The process runs @ 100% cpu and hangs there. Has t o be kill -9 'ed 2. I see no errors in spamassassin -D For the time being I ha

Re: Local rules trigger bug

2010-08-06 Thread Randy Ramsdell
Ralf Hildebrandt wrote: * Randy Ramsdell : I found an bug in spamassassin that can be reliably reproduced when using our local rules. What would be interesting is to track down where this bug is exactly. 1. The process runs @ 100% cpu and hangs there. Has t o be kill -9 'ed 2. I s

Re: Local rules trigger bug

2010-08-06 Thread Randy Ramsdell
Dominic Benson wrote: On 06/08/10 17:18, Randy Ramsdell wrote: Yeah that is the fastest way. :) I used a little diff formula and found the issue. My I think this may not be the rule we were going for but ... body__RCR_MEGADK/.*(M.*E.*G.*A.*D.*K).*/ There are

Re: autolearn : lock_file

2010-09-20 Thread Randy Ramsdell
Cédric Jeanneret wrote: Hello, I have an error with SA using autolearn plugin: Sep 20 12:25:06 hostname spamd[6157]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /home/USER/.spamassassin/bayes.lock.host.domain.ltd.6157 for /home/USER/.spamassassin/bayes.lo

using SA as a tool

2010-09-29 Thread Diffenderfer, Randy
I was under the impression that there was a clear-cut way to use SA as a factory within a custom perl wrapper (I have looked at the Mail::SpamAssassin doco). My objective is to do various things to the parsed message, such as distill out URLs for example. Is there indeed a clear way to do this

which LWP::UserAgent for 3.3.1 install?

2010-10-14 Thread Diffenderfer, Randy
Looking at the 3.3.1 install, it wants (well, would like...) module LWP::UserAgent. OK ... off to CPAN, but no simple LWP-UserAgent, only a bunch of LWP-UserAgent-whatever. So, which one do I want? TIA, rnd

Solved: which LWP::UserAgent for 3.3.1 install?

2010-10-14 Thread Diffenderfer, Randy
CPAN search is my friend... it's in libwww-perl! You get too soon old and too late smart... :-) rnd _ From: Diffenderfer, Randy Sent: Thursday, October 14, 2010 4:24 PM To: 'users@spamassassin.apache.org' Subject: which LWP::User

Re: SpamAssassin service file missing after installation

2010-10-27 Thread Randy Ramsdell
Gnanam wrote: Hi, My question is, after installation, spamassassin service file is not available in the location /etc/init.d/spamassassin. Because of this 'service spamassassin start' says "spamassassin: unrecognized service". What could be the reason for spamassassin service file missing

Re: .info spam from Hotmail

2010-11-03 Thread Randy Ramsdell
John Hardin wrote: On Wed, 3 Nov 2010, Kris Deugau wrote: DNSBLs are pretty much useless, since the message *was* legitimately relayed in from Hotmail. A couple of times I've seen enough examples with similar enough URLs to create a uri rule something like: uri MISC_INFOm|https?://rita

Re: .info spam from Hotmail

2010-11-03 Thread Randy Ramsdell
Randy Ramsdell wrote: John Hardin wrote: On Wed, 3 Nov 2010, Kris Deugau wrote: DNSBLs are pretty much useless, since the message *was* legitimately relayed in from Hotmail. A couple of times I've seen enough examples with similar enough URLs to create a uri rule something like:

Re: new headers rule

2010-11-04 Thread Randy Ramsdell
Lawrence @ Rogers wrote: Hi, I've noticed a bunch of spams coming in recently that have no To: and Subject: and have cobbled together the following rule to combat them. Any feedback would be appreciated. # Message has empty To: and Subject: headers # Likely spam header __LW_EMPTY_SUBJECT Sub

Re: new headers rule

2010-11-04 Thread Randy Ramsdell
Lawrence @ Rogers wrote: On 04/11/2010 6:35 PM, Randy Ramsdell wrote: Are the Subject lines blank or missing from the body? And that goes for the "To" also. In the spam I am seeing, there are both present and empty. Example To: Subject: I ran a email through spamc and it hits m

Re: new headers rule

2010-11-05 Thread Randy Ramsdell
Lawrence @ Rogers wrote: On 04/11/2010 8:11 PM, Karsten Bräckelmann wrote: Moving back on-list, since it doesn't appear to be personally directed at me. On Thu, 2010-11-04 at 19:22 -0230, Lawrence @ Rogers wrote: On 04/11/2010 7:13 PM, Karsten Bräckelmann wrote: No, that requires the Subject

Re: new headers rule

2010-11-05 Thread Randy Ramsdell
Lawrence @ Rogers wrote: On 05/11/2010 10:58 AM, Randy Ramsdell wrote: X-MB-Message-Source: WebUI You appear to have records of the same spam influencing your bayes results (it hits BAYES_99, which is good). What are your Bayes threshold settings? Cheers, Lawrence I am not sure what you

Re: new headers rule

2010-11-05 Thread Randy Ramsdell
Lawrence @ Rogers wrote: On 05/11/2010 6:00 PM, Randy Ramsdell wrote: Lawrence @ Rogers wrote: On 05/11/2010 10:58 AM, Randy Ramsdell wrote: X-MB-Message-Source: WebUI You appear to have records of the same spam influencing your bayes results (it hits BAYES_99, which is good). What are

Odd yahoo spam

2010-12-09 Thread Randy Ramsdell
I have been receiving bounces to my yahoo account for email I did not send. From the pastebin, you see the email did originate from the yahoo servers but is not in my sent directory. This is an interesting case and I cannot determine how this happened. One thing could be my account was compromi

Re: Odd yahoo spam

2010-12-09 Thread Randy Ramsdell
Michael Scheidell wrote: On 12/9/10 9:33 AM, Randy Ramsdell wrote: I have been receiving bounces to my yahoo account for email I did not send. From the pastebin, you see the email did originate from the yahoo servers but is not in my sent directory. This is an interesting case and I cannot

mycingular listed on xbl/pbl

2010-12-21 Thread Randy Ramsdell
It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. I have reject at the smtpd level if found. May want to look out for this. Thanks, RCR

Re: mycingular listed on xbl/pbl

2010-12-21 Thread Randy Ramsdell
Benny Pedersen wrote: On tir 21 dec 2010 18:39:52 CET, Randy Ramsdell wrote It appears mycingular ( iphone ) ips are listed on spamhaus ( XBL and PBL ) for 8 days. I have reject at the smtpd level if found. May want to look out for this. iphone ? if mobile phones not using smtp auth it

Re: Irony

2011-02-01 Thread Randy Ramsdell
David F. Skoll wrote: On Tue, 01 Feb 2011 07:30:19 -0700 Danita Zanre wrote: Messages from this list have been bouncing since I started enforcing Reverse DNS lookups on my server. The irony is that you think that's a good idea. -- David. Not sure. If our mail servers did not have reverse,

Re: Irony

2011-02-01 Thread Randy Ramsdell
David F. Skoll wrote: On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdell wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? Microsoft Windows is very common, but that doesn't make it a good idea. W

Re: Irony

2011-02-01 Thread Randy Ramsdell
Michael Scheidell wrote: On 2/1/11 9:49 AM, David F. Skoll wrote: On Tue, 01 Feb 2011 09:43:40 -0500 Randy Ramsdell wrote: Not sure. If our mail servers did not have reverse, we would be rejected all over the place. Seems like a common setting. Or is it? so we should reject your email if

Re: join

2011-06-30 Thread Randy Ramsdell
Max Dunlap wrote: Haha, I'm sorry I accidently sent a message. But while I'm at it, I was going to ask a question. I just set up a healthy postfix server on ubuntu, I've been looking at the wiki and I'm not sure which way is the best to get myself setup with SA. My old method doesnt work anymore,

Help blocking this type of spam

2011-09-13 Thread Randy Ramsdell
Each message uses a different server with different server name and I see no patterns except the style. http://pastebin.com/sJp7Gb75 Thanks, RRCR

Re: Help blocking this type of spam

2011-09-13 Thread Randy Ramsdell
On 09/13/11 10:08, Martin Gregorie wrote: On Tue, 2011-09-13 at 09:48 -0400, Randy Ramsdell wrote: Each message uses a different server with different server name and I see no patterns except the style. http://pastebin.com/sJp7Gb75 That scored around 12.6 here and all from the standard SA

Re: Help blocking this type of spam

2011-09-13 Thread Randy Ramsdell
On 09/13/11 10:27, Stefan König wrote: Randy Ramsdell schrieb: On 09/13/11 10:08, Martin Gregorie wrote: On Tue, 2011-09-13 at 09:48 -0400, Randy Ramsdell wrote: Each message uses a different server with different server name and I see no patterns except the style. http://pastebin.com

Re: Advice

2012-07-05 Thread Randy Ramsdell
On 07/03/2012 12:51 PM, Bowie Bailey wrote: On 7/3/2012 12:25 PM, Kevin A. McGrail wrote: On 7/3/2012 12:19 PM, Robert Fitzpatrick wrote: Looking for some advice, hope it's OK to ask here. I have a few customers over the past several months start getting an unusual amount of messages being bloc

mulitple version_tags

2004-09-28 Thread Randy Gibson
d_20021105-jfs_20021105-rgibson_20040511-majo rdom_2004071403-grobled_20021125-eb_20040122-jh_20021101-pl_20021114 (2004-09-13 I don't understand why I'm getting all the others. ~Randy * Don't read everything you believe.

Global Whitelist_from not working

2004-10-01 Thread Randy Gibson
Since upgrading to SA3.0 user_prefs whitelist_from work but not local.cf whitelist_from. Help, ~Randy * Don't read everything you believe.

RE: Global Whitelist_from not working

2004-10-01 Thread Randy Gibson
~Randy * Don't read everything you believe. -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Friday, October 01, 2004 12:35 PM To: Randy Gibson; users@spamassassin.apache.org Subject: Re: Global Whitelist_from not working At 01:29 PM 10/1/2004, Randy G

RE: mulitple version_tags

2004-10-04 Thread Randy Gibson
Is anyone else having this problem? Have you figured out what's causing this? ~Randy * Don't read everything you believe. -Original Message----- From: Randy Gibson [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 28, 2004 2:57 PM To: users@spamassassin.apache.org Subject

RE: Global Whitelist_from not working

2004-10-04 Thread Randy Gibson
I'm not using SQL so I don't have a place to put the @GLOBAL. Should I put it in may local.cf? ~Randy * Don't read everything you believe. -Original Message- From: Nate Schindler [mailto:[EMAIL PROTECTED] Sent: Friday, October 01, 2004 2:27 PM To: users@spamassa

RE: Global Whitelist_from not working

2004-10-04 Thread Randy Gibson
he systems wide configuration file. ~Randy * Don't read everything you believe. -Original Message- From: Marco van den Bovenkamp [mailto:[EMAIL PROTECTED] Sent: Monday, October 04, 2004 11:00 AM To: users@spamassassin.apache.org Subject: Re: Global Whitelist_from not working

locating/translating geography of IP addresses

2004-10-05 Thread Diffenderfer, Randy
Title: locating/translating geography of IP addresses Folks, Just recently I recall someone mentioning some code or a tool to relate IP addresses to originating geography.  I haven't located the reference by searching the archives. So, can someone recall the reference or point me at it? T

Problem getting SA 3.0.2 to restart

2005-03-07 Thread Diffenderfer, Randy
Title: Problem getting SA 3.0.2 to restart Folks: I invoke spamd using the following command line (as root): /path/to/spamd -d -x -L -u sauser -s local2 -r /var/run/spamassassin/spamd.pid The pid directory is accessible/writable by the sauser and the file does get created with contents a

FW: Problem getting SA 3.0.2 to restart

2005-03-07 Thread Diffenderfer, Randy
not    be able to be sent a SIGHUP to reload the configuration. Sigh.  I thought I had read this more closely than I obviously had! rnd  -Original Message- From:   Diffenderfer, Randy  Sent:   Monday, March 07, 2005 1:58 PM To: 'users@spamassassin.apache.org&

SquirrelMail plugin for SpamAssassin w/ SQL

2005-03-19 Thread Randy Smith
hp?id=167). I have been developing this plugin for around two years. I was hoping we would be able to work together to keep from duplicating effort. Is this something would be considered? -- Randy Smith http://perlstalker.amigo.net/

usr_prefs not working

2005-05-04 Thread Randy Gibson
on a redhat box and using spamd. Any thoughts would be appreciated, Thanks in advance, ~ Randy

FW: Bit OT but it's about SPAM

2007-10-17 Thread Diffenderfer, Randy
Well, as we say here in Detroit, YMMV. We have several customers who have "Ivory" status, >99.44% pure ... spam! The spam is out there. Be happy(ier) if you are only at 70-80% ... :-) rnd -Original Message- From: Bart Schaefer [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 17, 20

Manuel check vs. auto

2007-12-13 Thread Randy Ramsdell
us.org] That is a big difference! Any ideas about why this is? Thanks, Randy Ramsdell

Re: Manuel check vs. auto

2007-12-13 Thread Randy Ramsdell
Theo Van Dinter wrote: On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote: I have doing some checking of spam messages that make it through our mail filtering systems and noticed that the spam score does not reflect what I get when checking manually. An example spam report: X

Re: Manuel check vs. auto

2007-12-13 Thread Randy Ramsdell
Randy Ramsdell wrote: Theo Van Dinter wrote: On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote: I have doing some checking of spam messages that make it through our mail filtering systems and noticed that the spam score does not reflect what I get when checking manually. An

Re: Manuel check vs. auto

2007-12-13 Thread Randy Ramsdell
Richard Frovarp wrote: Randy Ramsdell wrote: Randy Ramsdell wrote: Theo Van Dinter wrote: On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote: I have doing some checking of spam messages that make it through our mail filtering systems and noticed that the spam score does not

Re: FORGED_YAHOO_RCVD

2008-01-02 Thread Randy Ramsdell
Loren Wilton wrote: score FORGED_YAHOO_RCVD 0 Loren Ok thanks turning it off works. I should edit the *.cf files or is there another way to turn it off instead of settings things up so updates kill off the setting? Anyway, I would think the rule is useful to some extent and if not, w

Re: FORGED_YAHOO_RCVD

2008-01-02 Thread Randy Ramsdell
) until we upgrade our servers to a newer version. Thanks, Randy

Re: New credit card scams .. how to catch these

2008-01-04 Thread Randy Ramsdell
? Thanks Ram 1. bayes gave it -2.60, so relearn it. 2. Gather a few messages and look for similarities then create a meta rule that will match those and only those. 3. Since it comes from hotmail, report it. I really don't know how responsive they are so YMMV. Randy Ramsdell

Re: [OT] Yahoo Deferred

2008-02-25 Thread Randy Ramsdell
he largest numbered e-mail accounts, then you will receive bulk mail. Randy Ramsdell

Re: [OT] Yahoo Deferred

2008-02-26 Thread Randy Ramsdell
Matt wrote: Is anyone else having issues sending mail to Yahoo? Yes. I have heard using Domainkeys or DKIM helps greatly? Is that true? We have not implemented it yet but do use SPF records which are much easier to implement with Exim or any MTA and do mostly the same thing if you ask m

Re: Email with no "hits" and "required"

2008-02-26 Thread Randy Ramsdell
Massimiliano Marini wrote: System: Debian with Qmail + QmailScanner + SpamAssassins + ClamAV Installation: qmailrocks.org I've updated SA (original from qmailrocks.org 3.0.2) to 3.2.4 my locale.cf is : rewrite_header Subject *SPAM* report_safe 0 required_score 4 required_hits 5 use_bayes 1 Q

AWL - BAYES_99/ general questions

2008-02-28 Thread Randy Ramsdell
[score: 1.] 0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419) -1.2 AWLAWL: From: address is in the auto white-list Thanks, Randy Ramsdell

Re: AWL - BAYES_99/ general questions

2008-02-28 Thread Randy Ramsdell
is 99 to 100% [score: 1.] 0.0 ADVANCE_FEE_1 Appears to be advance fee fraud (Nigerian 419) -1.2 AWLAWL: From: address is in the auto white-list Thanks, Randy Ramsdell

Re: AWL - BAYES_99/ general questions

2008-02-28 Thread Randy Ramsdell
Karsten Bräckelmann wrote: On Thu, 2008-02-28 at 09:21 -0500, Randy Ramsdell wrote: Hi, One thing I do not understand regarding AWL and BAYES. When a message is reported to me as spam and was not marked as spam, I test is using debug before and after sa-learn. Each time I do this

Re: China TLD links

2008-02-28 Thread Randy Ramsdell
e an issue with blocking or adding a high score for the word "Whore" and could do something with the word "Schoolgirl." Randy Ramsdell

Re: China TLD links

2008-02-29 Thread Randy Ramsdell
Karsten Bräckelmann wrote: On Thu, 2008-02-28 at 18:04 -0500, Daryl C. W. O'Shea wrote: Of course, now that I've used the word "whore" three times and quoted it once I'm sure I'll get a deluge of bounces (not rejects) from people running Microsoft's Antigen for SMTP. http://daryl.dostech.ca/

Re: aren't SPF_ rules network?

2008-02-29 Thread Randy Ramsdell
Matus UHLAR - fantomas wrote: Hello, I wonder if SPF rules shouldn't be considered network... they require DNS lookups, don't they? Yes. Network related.

Re: Whitelist Question

2008-03-11 Thread Randy Ramsdell
[EMAIL PROTECTED] wrote: Here is the header info. What is the alternate solution to using whitelist_from ? I been also trying to setup AWL via MySQL.no luck on that. I use Exim for mail then , it relays to Lotus Domino.if that helps. Content analysis details: (5.7 points, 10.0 re

Re: Improving a spam report?

2008-03-12 Thread Randy Ramsdell
;Untitled" 0.7" this rule doesn't trigger. I don't know for sure, but it says that the "title" is untitled so I would add a title. Randy Ramsdell

Re: Scanning without attachments

2008-03-12 Thread Randy Ramsdell
Drew Burchett wrote: I've noticed a new trend in spam on my mail server that is getting by SpamAssassin. The spammer is creating his message and then attach a couple of garbage PDFs to the email. These PDFs make it too large for SpamAssassin to scan the message, so it gets by the system. I hav

Re: SpamAssassin GUI

2008-03-12 Thread Randy Ramsdell
fact that I wouldn't want some patent issues creeping in. Randy Ramsdell

Re: Scanning without attachments

2008-03-12 Thread Randy Ramsdell
Henrik K wrote: On Wed, Mar 12, 2008 at 09:48:37AM -0400, Randy Ramsdell wrote: Drew Burchett wrote: I've noticed a new trend in spam on my mail server that is getting by SpamAssassin. The spammer is creating his message and then attach a couple of garbage PDFs to the email.

Re: Scanning without attachments

2008-03-12 Thread Randy Ramsdell
Henrik K wrote: On Wed, Mar 12, 2008 at 10:23:14AM -0400, Randy Ramsdell wrote: You can use spamassassin and clamav with or without Amavis, but to check the message, you must make a system wide change that will affect every message. Bypassing file size limits with any of those setups

Re: Scanning without attachments

2008-03-12 Thread Randy Ramsdell
Henrik K wrote: On Wed, Mar 12, 2008 at 11:16:32AM -0400, Randy Ramsdell wrote: Henrik K wrote: On Wed, Mar 12, 2008 at 10:23:14AM -0400, Randy Ramsdell wrote: You can use spamassassin and clamav with or without Amavis, but to check the message, you must make a system wide

Re: Not scoring high enough on this spam...

2008-03-28 Thread Randy Ramsdell
Andrew Hearn wrote: http://pastebin.ca/961075 I've only seen one so far but apart from the 0.0 BAYES_50 (I will learn this message), does anyone have rules that pushes this kind of message over 5.0? thanks! Andrew If you learn the message which = 3.5 wouldn't that put the score +5?

Re: Blank messages

2008-04-03 Thread Randy Ramsdell
Ed Kasky wrote: > I can't seem to catch these emails with blank bodies. I upped the > BLANK_LINES_80_90 score to 3 but the email below didn't get a hit off > the rule. > > Is there another rule that I don't know about that is designed for > blank message bodies? > > Thanks in advance on this one.

Re: What changes would you make to stop spam? - United Nations Paper

2006-08-01 Thread Randy Smith
th... Using the wrong case on the letters/words of your ransom note? -- Randy Smith http://perlstalker.amigo.net/ "Work is the miracle by which talent is brought to the surface and dreams become reality." - Gordon B. Hinckley pgpAyHSpVz7Ff.pgp Description: PGP signature

FW: Spamd not killing children

2006-10-16 Thread Diffenderfer, Randy
Folks, I, too, have been having somewhat similar issues with 3.1.7. On a RH ES 3.0u7 box, kernel 2.4.21-40.ELsmp, I see these symptoms in syslog (spamd running with "-s local2"): Oct 14 21:42:01 samler1 spamd[18694]: prefork: child states: III Oct 14 21:42:01 samler1 spamd[14338]: spamd: connec

OT -- mail-abuse.org

2005-07-01 Thread Diffenderfer, Randy
Title: OT -- mail-abuse.org Anyone having difficulties this evening with using RBL?  The DNS for these guys seems to be biffed… rnd

sasql 3.1.2 released

2005-07-02 Thread Randy Smith
downloaded from http://www.squirrelmail.org/plugin_view.php?id=167 and https://sourceforge.net/project/showfiles.php?group_id=102673. -- Randy Smith http://perlstalker.amigo.net/

Re: handle_user unable to find user

2005-09-29 Thread Randy Smith
=CourierSpamAssassin. It may not all apply to you but it should give you an idea. > > Thanks, > > Dan Horne -- Randy Smith http://perlstalker.amigo.net/ "Work is the miracle by which talent is brought to the surface and dreams become reality." - Gordon B. Hinckley

Re: MySQL on multiple servers

2005-10-30 Thread Randy Smith
ghtly as suggested above should help with that. To control fail-over, we use a pair of Gentoo boxes and ipvs to do load balancing and fail-over. SA talks to the virtual IP which points to the primary box or fails over to the back up if the primary is down. (Note: I am not currently

Re: Hostkarma whitelist problem

2009-06-17 Thread Randy Ramsdell
Marc Perkel wrote: err...@junkemailfilter.com will work. If you have suggestions for automation I'm interested. Bowie Bailey wrote: That one also hit DNSWL_MED and actually ended up with a negative score. I reported to dnswl via their website. It would be useful to have a reporting mechanis

Got one!

2009-06-25 Thread Diffenderfer, Randy
Seems like it's gonna cost some of the big boys a little coin... http://detroit.fbi.gov/dojpressrel/pressrel09/de062209.htm Let's hope there are more indictments where these came from! rnd

  1   2   >