Hi!
I don't believe that use-case has been considered before.
What does the rule you are using look like and I will double check?
Not even sure why you want to add that with the asteriks there.
Let's assume 2.0.0.0/24 is full of abusers and you decide to throw their
whole /24 in
Hi!
I would suggest to follow rfc’s. So return 127.0.0.1 for example. Or don’t
answer at all. Deliberate giving ‘yes to any request’ is something I can
understand you would do but it’s plain wrong.
Thanks,
Raymond Dijkxhoorn
> Op 12 mei 2021 om 23:17 heeft Michael B Allen het volge
Hi Benny,
It’s the authoritive nameserver giving that answer. With likely a view or acl
response. So adding dnssec would not make much of a difference here.
Thanks,
Raymond Dijkxhoorn
> Op 12 mei 2021 om 23:24 heeft Benny Pedersen het volgende
> geschreven:
>
> On 2021
Hi Benny,
The operator of the specific rbl is doing this, on purpose. Can’t make it more
clear then that.
Dnssec would not add anything here.
Thanks,
Raymond Dijkxhoorn
> Op 13 mei 2021 om 00:01 heeft Benny Pedersen het volgende
> geschreven:
>
> On 2021-05-12 23:30, Raymon
,
Raymond Dijkxhoorn
> Op 13 mei 2021 om 00:12 heeft Matthias Leisi het
> volgende geschreven:
>
>
>>
>> I would suggest to follow rfc’s. So return 127.0.0.1 for example. Or don’t
>> answer at all. Deliberate giving ‘yes to any request’ is something I can
>&
mentioned page is also listed on SURBL)
This has been ongoing for a few months now with page[.]link and not new
unfortunately.
If you see new ones (and not listed) feel free to send them over to me
directly for listing.
Thanks! Raymond Dijkxhoorn - SURBL
Hi!
verified with spamassassin -D that this file is loaded.
...maybe because local.cf is parsed before URI rules are defined?
There is over 500 page[.]link subdomains inside SURBL right now so if
you run the latest code its also having fixes to automaticly lookup the
subdomains of those.
Hai!
I dont understand why they would match your spf record either. Are they sended
out by a IP adres you 'approved' ??
Thanks,
Raymond Dijkxhoorn
> Op 28 jun. 2016 om 03:27 heeft jdebert het volgende
> geschreven:
>
> On Mon, 27 Jun 2016 18:41:04 +0530
> Ram
Hi!
Now i do like this :
uri url_1 /www.domain1.com/
uri url_2 /www.domain2.com/
uri url_3 /www.domain3.com/
uri url_4 /www.domain4.com/
score url_1 10
score url_2 10
score url_3 10
score url_4 10
Isnt this a bit expensive? Report to SURBL or something and you get them
added ;) (send a
Warren,
It appears that under 1% of spam is abusing shortening redirectors.
~40% of the shortening redirector spam has local-only spamassassin
scores below the 5 point threshold. We'll see next
Saturday how it scores with all network rules.
Could you please quote the old messages and not p
Hi!
TVD_SPACED_SUBJECT_WORD3 is.
http://spamassassin.apache.org/tests_3_2_x.html does not give a
description. This rule bit me when sending a mail with the subject "Re:
MySQL".
This rule can hit about anything.
72_active.cf:##{ TVD_SPACED_SUBJECT_WORD3
72_active.cf:header TVD_SPACED_SUBJECT_W
Hi!
TVD_SPACED_SUBJECT_WORD3 is.
http://spamassassin.apache.org/tests_3_2_x.html does not give a
This rule can hit about anything.
As per the link I included I did see *what* the rule looks like.
However, I would like to understand why it is there and what it is
supposed to filter.
Thats
Hi!
For the regexp challenged:
This rule hits a subject with an optional "Re:" or "Fw:" followed by one
word starting with at least one uppercase letter followed by at least
one lowercase letter followed by at least one uppercase letter. It will
not match if there are multiple words or any non
Hi!
Easiest way would be putting them inside a uribl.
Whats the reason to get on this list?
Eg what policy?
Thanks,
Raymond Dijkxhoorn, Prolocation
Op 13 dec. 2011 om 08:54 heeft Tom Kinghorn het
volgende geschreven:
> Good morning List.
>
> The nice guys at Rhyolite.com have
Hi!
I am not able to lookup surbl
Infact the domain surbl.org does not seem to exist at all.
[root@pop2 bin]# dig surbl.org +short
[root@pop2 bin]#
I am sorry if this is old news .. I have no idea since when SURBL went down ?
[raymond@noc ~]$ dig ns surbl.org
; <<>> DiG 9.6.2-P2-RedHat-9.6.
Hi!
Just to follow up we have seen a huge decrease in the amount of SPAM
received since we implemented the Invaluement RBLs.
Overall spam volumes went down generally. So even without any RBL enabled
you would notice this. Stats show this about anywhere.
Just my 2 cents.
Bye,
Raymond.
Hai!
Grin.
Your MTA most likely supports RBL's.
Thanks,
Raymond Dijkxhoorn, Prolocation
Op 25 apr. 2013 om 21:09 heeft Blason rock het volgende
geschreven:
> Hi folks,
>
> Curious to know if i can implement prerbl with SA? What i mean is with SA as
> soon as sombody con
Hai!
Since a couple of years they have something thats called google. :)
The first hit on 'rbl and postfix' gives:
http://www.cyberciti.biz/tips/postfix-spam-filtering-with-blacklists-howto.html
Thanks,
Raymond Dijkxhoorn, Prolocation
Op 25 apr. 2013 om 21:20 heeft Blason rock he
Hai!
How about just cvent.com? I've uploaded the headers from one FP here:
http://pastebin.com/UDuDcp4F
How would another RBL handle a company that I have personally received
evidence of spamming even if it causes FPs?
Apparently none of the other RBLs consider it spam.
Apparently other
) that might be a good match for that
problem but isnt available as a free product.
More information can be requested offlist.
Thanks,
Raymond Dijkxhoorn, SURBL.
> Op 11 aug. 2015 om 05:02 heeft Sujit Acharyya-choudhury
> het volgende geschreven:
>
> The URIBL_PH_SURBL is actua
s work was based on gudo
from Karsten.
SURBL maintains a seperate list of shortners.
It has a little over 2040 entry's...
If that helps.
Bye, Raymond Dijkxhoorn - SURBL
ill do out utterly
best to limit damage of people who try to exploit this as such.
Thanks! Raymond Dijkxhoorn (SURBL)
Hai!
Malwarepatrol has just released a list of 13,000+ domains related to
coronavirus scams:
https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.txt
https://www.malwarepatrol.net/wp-content/uploads/2020/03/covid-19-domains.zip
Anyone else have any rules or changes relati
Hai!
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: techwrestle.com]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist
Hai!
it might help to add your complaint via ab...@sendgrid.com.
I very much doubt it. Sendgrid's business is sending mail and they do not
care if that mail is spam or not. If enough servers block them they will go
away.
They do, however, apparently care about phishing - they did disable t
system a lot i think.
We list new abused subdomains daily and there shiuld be no interaction on
that with the users of the data IMHO.
How could we get something like this into action? File a bug?
Thanks! Raymond Dijkxhoorn - SURBL
.
We report abuse to many organisations, including, but not limited to
company's like sendgrid.
Raymond Dijkxhoorn - SURBL
Ha!
>We report abuse to many organisations, including, but not limited to company's
like sendgrid.
We are so tired af reporting abuse with no answer at all, that we
stopped reporting problems time ago :-( as Marc Roos has said...
we are not paid for it !
Understand completely.
Iron
Hai!
I Tried GoogleSafeBrowsing but not helping much as it has very low
detection ratio.
is another reporting problem
whatever that may mean
if all phishes is reported to google then safebrowsing would be more
usefull
FTR: GoogleSafeBrowsing is not free for all, anymore
If i recall c
Hai!
That isn't only Phishtank data...
+1
and using that data in that particular way hardly scales to bigger setups
data could be stored in DB_File just like GeoIP2, that saves ram imho
Treansferring the complete set over and over might now be the best way of
doing the distribution of
Hi!
OK, this isn't the first time we've had this discussion, but Raymond and I
felt this should be made public again. He ran thru some tests of 1500+
domains and found the following data. Looks like they maybe send from
zombies, and never their hosts. IPs are similar across the board.
219.254.32.1
Hi!
Chris, Raymond ,
I went thru a random few of these and they're were listed at Spamhaus.
Using spamhaus at SMTP level or SA doing RBL lookups would have caught and
stopped them... Spamcop probably has quite a few of them listed as well
No, that wont work. The spams are sended in via trojans/pro
Hi!
No, that wont work. The spams are sended in via trojans/proxys only the
websites are static. SOME are blocked with DSBL and so but most of the
time they start a spamrun with a fresh set it seems.
So yes, they are inside spamhaus, but only the websites, didnt see mails
sended out from there (ye
Hi!
1) Those registers are going to feel some rath soon from the antispam
community.
2) We gonna mark the IP, you silly little monkeys!
I think the code should be added into the SURBL code. It would need to be a
patch for SA 3.0 as it is prbly too late for it to go in now. But it should
be simple t
Hi!
Please do not include broad IPs in SURBLs. That goes against
the way we have designed them. If I find this happening, I will
take action to stop them. PLEASE DO NOT DO IT!!
That was not my intention...
If we can submit them for listing inside the SBL, fine, any submission
method available t
Hi!
1) Spammers can set up multiple ip addresses to an A record. Whatever does
the reporting should check all A records, from the top down. i.e. query each
NS multiple times to make sure it's not being round-robined or reported
differently from multiple DNS servers.
2) I can easily forsee spa
Hi!
OK by auto include them I guess you were referring to domains,
not IPs. If so, that's what I'm proposing for the SC data.
Yes, we need to list the domains.
Very good idea. Ask Larry privately if you can feed SBL.
Lets see if he responds to my other mail first. He's rather busy lately i
notic
Hi!
1) Spammers can set up multiple ip addresses to an A record. Whatever
does the reporting should check all A records, from the top down. i.e.
query each NS multiple times to make sure it's not being round-robined or
reported differently from multiple DNS servers.
2) I can easily forsee spammer
Hi!
Did you actually have a look on the sata provided at the start of this
thread ? Sure, it COULD be different, but somehow, it isnt.
Yes, I did. But I'm trying to think ahead of current practice, by what's
considered a GOOD practice to keep a site up, and what's bad. I'm not saying
they're
Hi!
ADD THEM TO SBL. DO NOT ADD THEM TO SURBL.
kay!
Holy fsck guys! We have a good thing going here. We're put a
lot of work into it so far, and it's working pretty well. Let's
not tear apart the SURBL project, OK?
Give me a chance to make some improvements in the next version
of the data engin
Hi!
Spammer apparently is using [EMAIL PROTECTED] in the FROm field of
the emails he is sending out. Domain is one of my customers virtual domain,
spammer made up the username in the email address. Now I am getting burried
by mail notifications returning to sender...obviously wrong person.
How
Hi!
Welcome to the real world, this is you wakeup call ;)
This is happening all the time, not much you can do about this. A
countermeasuer could be using SPF records, so people at least have a way
to check if its you or not.
Or you could get a digital ID and sign all your outgoing mails :)
Sure,
Hi!
in the last week or two, we have been getting some
spam that spamassassin doesn't seem to recognize.
A common feature of all these messages seems to be
that they contain lots of special characters
(~, ^, `, and others) mixed into the text.
I put some examples up at http://marie.vtl.ee/spam.txt
Hi!
I gotta think this isn't gonna happen... but anyone know if it can? If so,
I'm not going to enable AWL on my server.
You're asking the right questions.
To the best of my knowledge, this has already been addressed.
What goes in the AWL isn't just the raw email address, it's the emai
Hi!
We turned off AWL, we had a customer that forwarded two spam messages to
our helpdesk, the third normal message never came in, since his AWL beat
him...
Probably should not be spam filtering postmaster/abuse/support e-mails.
Probably not, but at the moment its about the only way to get a norma
Hi!
We turned off AWL, we had a customer that forwarded two spam messages to
our helpdesk, the third normal message never came in, since his AWL beat
him...
That's a different issue. If the customer used _forward_ rather
than _bounce_, SA treats the entire message as coming from that emai
Hi!
This is why people are encouraged to _bounce_ the original
message, so the sender email address is still the original one, and then
won't hurt the customer.
http://www.stearns.org/doc/spamassassin-setup.current.html#autoreporting
http://www.stearns.org/doc/spamassassin-setup.current.html#restri
Hi!
Much better to simply not spam filter critical e-mail accounts like
postmaster/abuse/support/sales/etc.
With around 35.000-70.000 mails to those above boxes daily thats not
really do-able...
Do you see a lot of spam to these addresses? The reason I'm asking is
because we don't. To bad there
Hi!
Mozilla Mail and Thunderbird add X-Mozilla-Status and Status2
headers to all emails they recieve. I do not believe they are ever
added to outgoing emails, even if you are forwarding an email that
already has them.
(And the little light goes on...)
Is this why I've been receiving spam that's
Hi!
Since installing the rpm, I am seeing errors like the one below.
Nothing else seems to be a problem. A pointer as to where to look would
be appreciated.
spamd[2714]: Failed to run HEAD_LONG SpamAssassin
test, skipping:__(Can't locate object method "check_for_long_header" via
package "Mail::Spa
Hi!
Any specific reason you want to test a RC version when the final is
released, where a lot of bugs are solved already ??
1. We use rpms for those applications that do not require customization
beyond what is normally found in rpms to make upgrading less time
consuming.
On the list there was a
Hi!
Has somebody updated their Spamassassin old version to v3?
What version of Mailscanner uses?
Which version of Mailscanner I must install why Spamassassin 3 works
correctly?
Latest stabil version works nicely together with SA3. Julian even builded
complete installs to install SA3 also. Of for t
Hi!
Rejects Since Sunday 4:00 am via rbls:
spamcop: 65
maps rbl+: 154
dsbl.org: 9
njabl.org: 18
spamhaus: 18
The question is always, did you block any legit mail...
Bye,
Raymond.
Hi!
I'm getting lots of spam like this. Does anyone know a rule to catch
this type of spam:
Subject: Re:wmcecrgig,HotSt0ck Talk
Message:
I started a stock.cf, but so far the content is vary'ing so much and i
could not find and specific signs so far, so i would also be interested to
get them out
Hi!
Thanks. I've tried all of Fred's rules. Got no scoring from those rules
at all. Currently im using the following rules:
I just looked up a few of the rules I show above from the spam I had, and I
found them in
ratware.cf (now changed to another file, I'm a bit behind on rule
updates)
70_
Chris,
What was the reason WS got such a low score in SA 3.0??? .5 is a joke! Hell
BigEvil was scored a 3 and now one complained, and it is the same data!! I
don't understand. Did the mass check not go well?
We pointed this out several times, the mass checker found way too many
FP's and so SA deci
Hi!
In order to get a significantly different result, they'd need
mass-checks with network tests enabled... That's a pretty
CPU time just to try to get the score of the WS list up.
Uhm we also did put in, not only CPU time, but human cycles to clean out
the list. So i think effords are made on bot
Hi!
I looked thru the mailing list archives and read a few emails that stated
that in 3.0.0 SURBL (specifically, multi) was automatically
installed/invoked, however I am not seeing this in the headers when spam is
processed.
I've looked at a few spams that I have received today, and compared th
Hi!
I'm using SA 3.0 on Win Server 2003. The SPF results never show up in
my reports. It does show up in the debug information. How do I get the
SPF info to show up in the reporting info?
Did you install the needed perl module to do that, and did you also enable
the scores inside your local.c
Hi!
I'm using SA 3.0 on Win Server 2003. The SPF results never show up in my
reports. It does show up in the debug information. How do I get the SPF
info to show up in the reporting info?
Did you install the needed perl module to do that, and did you also enable
the scores inside your local.
Hi!
Naturally these scores are something you could alter, and most likely you
should ;)
Sorry, that is bad advice. Do not do that.
1. Make sure you have the required modules as specified in the INSTALL
document (Net::DNS and Mail::SPF::Query)
You are right. I noticed they were added to the defau
Hi Bill,
The last hit I've seen from any of the following privately defined URIBL
lists was Oct 22 21:09:04, which is when I upgraded to SA 3.0.1:
=
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
headerURIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Contain
Hi!
All SA defined URIBL tests are working fine, it just the ones that I have
defined personally in a uribl.cf file in /etc/mail/spamassassin that are not
working. These all worked fine with all of the SA 3.0.0 release candidates
and with the 3.0.0 release, however, they are not working now since
Hi!
The first two are typically very heavy hitters for me, so to see no hits
since the upgrade is strange. Is anyone else that has upgrade to SA 3.0.1
seeing the same results?
Make sure the plugin is loaded in init.pre. Also, try sending a test message
(see the SURBL web site or this list's rec
Hi!
Make sure the plugin is loaded in init.pre. Also, try sending a test
message (see the SURBL web site or this list's recent archives for details)
while running SA in debug mode to confirm whether the checks are really
being skipped.
They are, 100%, all other URIBL checks are just processed o
Hi!
They are, 100%, all other URIBL checks are just processed ok, ones that i
have inside my local.cf are skipped.
Ok, update. I got it working putting ALL the tags that are related to
URIBL inside the plugin fields. This was not needed with 3.0.0, but it
seems mandatory with 3.0.1.
Its now ins
Hi!
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
headerURIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Contains a URL listed in the JP SURBL blocklist
tflagsURIBL_JP_SURBL net
score URIBL_JP_SURBL 4.0
urir
Hi!
endif # Mail::SpamAssassin::Plugin::URIDNSBL
=
The only difference is that I have my scores included in my .cf file.
Raymond, where do you locate your scores?
Inside the local.cf, but ALSO do a
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
and
endif # Mail::SpamAssassin::Plugin::URI
Hi!
Change this to 'body'
(Just found this myself. Thanks for the input)
From Changelog:
-
r54022 | felicity | 2004-10-07 22:21:30 + (Thu, 07 Oct 2004) | 1
line
bug 3734: uridnsbl rules work on body data, not header data, so change
the rule type from header to body
-
What file
Hi!
Here are the scores:
Content analysis details: (-98.8 points, 6.0 required)
pts rule name description
-- --
0.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
0.5 HELO_DYNAMIC_IPADDR
Hi!
Hello SpamAssassin Users,
I'm pleased to announce a new type of RBL for blocking messages
based on spam domains contained in message bodies called SURBL.
Unlike other RBLs, the Spam URI RBL (SURBL) is not used to block
spam server IP addresses, but instead to block messages based on
Ouch, seems
Hi!
Lint output: Relative score without previous setting in SpamAssassin
configuration, skipping: score VIRUS_WARNING412
Unhelpful 'virus
warning' (412)
Just for clarification, after this update:
Lint fails on 3.0.1 here
Lint does not fail for 2.6.3 here.
Noticed the same here.
Bye,
Raymond.
Hi!
Perhaps someone can help here. I have recently added the SURBL
functionality to my SpamAssassin installation, and things seem to work
wonderfully. However, we do on a fairly regular basis seem to be the
"first" to get hit with the spam. What I mean is that spamassassin
will catch it only
Hi!
I am using the following rules list but still a lot of spam is going thru..
Any extra rules you recommend adding?
70_sare_adult.cf 70_sare_header1.cf 70_sare_html3.cf
71_sare_bml_pre25x.cf
70_sare_bayes_poison_nxm.cf 70_sare_header2.cf 70_sare_html4.cf
71_sare_red
Hi!
What can I use those instead of the lists Im using? Any urls for more info?
Will using SURBL's sllow me to remove all the other cf and just use SURBL's
?
What version SA are you using. I dont think you are using SURBL's right now.
I think that will get you going a lot better then the gazillio
Fransecso,
header spammer_from From =~ /%FROM_USER@/
describe spammer_from Ignorant spammer: variables in From:
scorespammer_from 5.0
header spammer_messageid Message-Id =~ /%MESSAGEID@|RND_LC_CHAR/
describe spammer_messageid Ignorant spammer: variabl
Hi!
SA is running properly on the network of my NGO. However I have a
strange behaviour for some of our colleagues working in another country
(Senegal). Their mail is considered as spam even though they are
whitelisted and their mail have very negative scores
ex:
spam, SBL+XBL,SpamAssassin (sco
Hi!
Since I have moved my mailserver/spamassassin onto my gateway, SPF now fails
on most messages, of which most are forwarded from my ISP's mailerver. Mail
sent direct to my mailserver get SPF_PASS.
E.g. marti.mine.nu saw a message coming from the IP address 62.253.162.47
which is mta07-svc.ntlwor
Hi!
Over the past 24 hours or so, I'm getting a LOT of emails of various
types that all have an 80K file attached to it. e.g.:
++ User-Service: http://www.hotmail.com
++ MailTo: [EMAIL PROTECTED]
[ Part 2, Application/OCTET-STREAM (Name: "hotmail.zip") 78KB. ]
Hi!
somewhere that is pointing to the 2.6 install, and SA is finding the rules
there, rather than in the new directory where you installed.
What "locate" string could I use to locate SA rules?
Locate .cf will show them i guess ;)
Bye,
Raymond.
Hi!
Locate .cf will show them i guess ;)
/root/Mail-SpamAssassin-3.0.2/masses/mass-check.cf
/root/Mail-SpamAssassin-3.0.2/rules/30_text_pl.cf
/root/Mail-SpamAssassin-3.0.2/rules/20_fake_helo_tests.cf
Your install files ;)
/usr/local/share/spamassassin/20_body_tests.cf
/usr/local/share/spamassassin
Hi!
Any good reason why njabl.org would portscan me to anyone knowledge.
Doug Block
Chief Information Officer of Efast Funding
been detected!, From 209.208.0.15/20252 to 66.226.235.118/38994, using
protocol TCP (on zone Untrust,interface ethernet3) occurred 1 times
[3] 2005-01-03 18:23:03 syst
Hi!
Very anecdotal, but of the last 20 messages scored as spam, only 1 of them
did not hit on any SURBL's. On a daily basis about 2 or 3 per user, out
of an average of 200 to 300 non-spam messages delivered, were diagnosed as
non-spam, and were not registered in the SURBL when delievered, but when
Hi!
Its good that you look if its added allready, since only with THOSE
submissions we can add more on the lists ... :)
I have an idea for automatically listing emailed submissions. Suppose
the submissions IDs were checked via whois for who owns the domain.
If it is a name recognized as a spammer
Hi!
Okay, let me give you some real numbers from our inhouse mail for the
last week.. As you can see, half the top rules are network tests, so
people running without them (-L) are really missing out..
TOP SPAM RULES FIRED
RAN
Hi!
Not going to add these, obviously. That's just nuts, even worse than
SPEWS used to be. Top domains among their ham blacklistings:
[in this section of my personal ham corpus]]
57 apache.org
96 ActiveState.com
114 debian.org
Also, yahoo.com, sourceforge.net, julianhaight.com
Hi!
Ohw well, lists.surbl.org also. At some point they hopefully
understand that list will completely useless, and indeed insain for
people to actually use it. Sadly, people still do.
Whatever your unstated reasons are, I beg to differ. Weekly mass-check
results for SURBL:
Daniel -- I think he m
Hi!
Whatever your unstated reasons are, I beg to differ. Weekly
mass-check results for SURBL:
Perhaps he means spews lists lists.surbl.org. I can't see anyone
having issues with any of the SURBL RBL's.
I must not have things set up correctly then.
I get many MANY false positives from the SURBL l
Hi Theo,
http://crazyrxl0wprices-MUNGED.com:/
Maybe that syntax is throwing off SA?
Yeah, it does look like a bug somewhere in 3.0.x. 3.1 catches it fine,
fwiw.
3.0:
debug: URIDNSBL: domains to query:
3.1:
debug: uridnsbl: domains to query: crazyrxl0wprices.com
Any ETA on 3.1 ?
Thanks,
Raymond.
Hi!
I want to use the dns blacklist, but I can't find out how to use it. The
config file is in the /usr/share/spamassassin directory.
Should I change the local.cf file or how will I get this working.
If there are configfiles needed to answer this question I will post them.
Install Net::DNS and you
Hi!
If we disable network tests by using "--local" in our start up of spamd, spam
assassin averages 0.1 to 0.3 seconds per email to process its rules.
If we enable network tests, then spam assassin averages 11 to 15 seconds per
email to process its rules.
Of all the network tests, we find SURBL
Hi!
gh6.net-munged, don't the SURBLs have this one yet? Another from
the taiwanmedialtd.com-munged group (two new domains a day - time for
Spamhaus to take notice; Also they seem to hace given up on the Turkish
address as on last week).
gh6 .net is listed in about every SURBL list. If you
Hi!
He's on 2.64 currently.
You don't say what version of SA you are referring to. The best
thing is to upgrade to latest SA which does a terrific job using
several URL black lists. This is a new feature in SA that looks for
URLs in spam. This will likely stop your problem without having to
write
Hi!
Any caveats to upgrading to 3.x? Any configs I need to check for overwrite?
You should follow the docs, there is much mentioned there. Like upgrading
your bayes databases. If you use those...
You dont happen to have the SURBL plugin installed i guess?
Would be wise to upgrade to SA 3.x or ins
Hi!
We are receiving a lot of faked emails from outside using our own domain
using Dictonary Attacks from the same source IP.
Does anybody know a way (or a trap) to detect and block it ?
The same source ip? What about iptables? ;)
Bye,
Raymond.
Hi!
4898 RAZOR2_CF_RANGE_51_100
4814 RAZOR2_CHECK
3954 HTML_MESSAGE
3525 URIBL_SBL
3262 BAYES_99
3259 URIBL_OB_SURBL
2868 NO_RDNS
2815 DCC_CHECK
2541 URIBL_WS_SURBL
2499 DIGEST_MULTIPLE
1831 URIBL_SC_SURBL
1654 MIME_HTML_ONLY
1515 MSGID_FROM_MTA_ID
1227 URIBL_AB_SURBL
It
Hi!
Subject: SpamAssassin 3.0.3 Released
From: Michael Parker <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], users@spamassassin.apache.org,
dev@spamassassin.apache.org
Date: Thu, 28 Apr 2005 22:22:22 -0500 (20:22 PDT)
check it out! was that d
Hi!
Go Here to Order Online: RxRealness.com
How would one go about adding checks for the omission of http:// ?
Only things that hit were: bayes, base64 raw and drugs_erctile by the way.
may be too resource intensive to check for every possible domain
that doesn't have a URI method. Does this gi
Hi!
Tonight our site is being bombarded by German political spam or
Joe-jobbed bounce fall-out. So far it appears to all be coming
from trojaned PCs. Other than the specific URLs in the messages
havn't found any easily identified parts to create rules for.
anybody else seeing this?
Actually it was
Hi!
Anyone has a full list of subjects yet, time to do some SA magic... ;)
I have quite a few, here is the subjects list:
Subject: 4,8 Mill. Osteuropaeer durch Fischer-Volmer Erlass
Subject: Auf Streife durch den Berliner Wedding
Subject: Auslaender bevorzugt
Subject: Auslaenderpolitik
Subject: DO
1 - 100 of 251 matches
Mail list logo
