RE: Detecting short-TTL domains?

From: John Rudd [mailto:[EMAIL PROTECTED] Sent: Fri 8/10/2007 12:27 PM To: Jared Hall Cc: users@spamassassin.apache.org Subject: Re: Detecting short-TTL domains? I'm a prophet now!? :-) Hm. So, I'm sure I can figure this out eventually, but does anyone kn

RE: Detecting short-TTL domains?

I agree. To catch the fast-flux servers you have to check not only low ttl values but ALSO how frequently the IP addresses assigned to that domain change. I think everyone is looking for a fast fast-flux fix. I believe, and this is just my opinion, that a dnsbl is the way to go. That way if the pe

RE: Detecting short-TTL domains?

pointing out my misconception. I always appreciate being corrected - really I do. -Original Message- From: Kai Schaetzl [mailto:[EMAIL PROTECTED] Sent: Sunday, August 12, 2007 7:31 AM To: users@spamassassin.apache.org Subject: Re: Detecting short-TTL domains? Thomas Raef wrote on Sun, 12

RE: And interesting way to detect spambots

> -Original Message- > From: Marc Perkel [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 28, 2007 9:53 AM > To: users@spamassassin.apache.org > Subject: And interesting way to detect spambots > > I'm doing some interesting experimenting and discovered and interesting > way to detect spa

RE: SPAM FILTERING RATE

We get a small percentage of SPAM being tagged by SA as well due to most of it being caught by the rblsmtpd option in tcpserver. What does your qmail config file look like? I say not to look at just your spamd logs but also your smtp(d) logs. You might see more of what's being tagged/blocked ther

RE: Book Recommendation

I have two books on SA and while they were helpful in getting started 2 years ago, today they sit on my shelf. Longing for the days when they were useful. I agree with the group and wiki suggestion. If you need printed material - print the necessary parts of the information online. That's what I

RE: running sa-update gives error

> -Original Message- > From: Olivier Nicole [mailto:[EMAIL PROTECTED] > Sent: Friday, November 02, 2007 5:12 AM > To: [EMAIL PROTECTED] > Cc: users@spamassassin.apache.org > Subject: Re: running sa-update gives error > > > error: gpg required but not found! > > Install gpg, for example fr

RE: Pretty good, Paypal are making their own phish these days!

> > Funny, my reaction to seeing (I assume) the same message was that they'd > > learned how *not* to look like a phish. > > > > In particular, they used their own domain name for *everything*, > including > > the sending server, the return address, matching forward & reverse DNS > on > > the send

RE: Spamassassin simscan newbie question

I am very new to SpamAssassin and Simscan , both of which are installed on a server by a previous administer. I want simscan to reject spam mail per domain basis. I tried to modify simcontrol file and ran simscanmk, but it ended up in rejecting even normal mails to some users. I had to revert

RE: Exchange Question - OT

I think you want to read up on smart hosts and front-end server in an Exchange environment. It sounds like you want a gateway??? It's too complex to explain here and knowing how smart you are, I'm sure you could understand it better by reading than by me explaining. HTH Thomas J. Raef e-Based

RE: [OT] Bogus MX opinions

> Good morning everyone, i'm in charge of reducing SPAM at a customer > site. Already have SPAMASSASSIN, sa-update weeklyexecuted. > > I'd like to implement a "Bogus MX" for further filtering of SPAM. I > don't know if this is the correct name, by "Bogus MX" i mean setting up > a low priority MX r

RE: Loading Rules - Possible Memory Issue

What does your spamd/current log show? If that's what you have. Sounds like one of the rules is hosing spamd. I'm speaking from recent experience. Just a thought. -Original Message- From: Duane Hill [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 14, 2006 8:16 AM To: users@spamassassin.

RE: How to detect current images-only messages?

Title: Re: How to detect current images-only messages? This thread might be dead, but I just read this and thought it might provide some insight, or thought, or something:   Network World's Messaging Newsletter, 06/20/06 How IronPort tackles image-based spam By Michael Osterman Following m

Spammers and images...

I’m sure you’ve read this by now, but as this has been a topic in this group I thought it was at least worth bringing to everyone’s attention:   http://www.usatoday.com/tech/news/computersecurity/wormsviruses/2006-06-28-spam-images_x.htm     Thomas J. Raef e-Based Security, Inc. www.

RE: Bayes resolution gettin weaker

To use automatic learning, set the bayes_auto_learn flag to 1. This can be configured site-wide in the /etc/mail/spamassassin/local.cf file, and can be overridden in a user's ~/.spamassassin/user_prefs file. Two other configuration flags also affect auto-learning, and are the thresholds for lear

RE: Spamassassin filter files?

Look into simscan at www.inter7.com From: night duke [mailto:[EMAIL PROTECTED] Sent: Monday, March 05, 2007 11:57 AM To: users@spamassassin.apache.org Subject: Spamassassin filter files? Hi i wish to know if it's possible to fi

RE: Detecting Vulnerable Link

Do you mean like 70_sare_uri0 ??? From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: Fri 3/30/2007 3:07 AM To: users@spamassassin.apache.org Subject: Re: Detecting Vulnerable Link First thing I'd do would be to use a uri rule instead of a body rule. -

RE: So what about rulesemporium.com and these anti-PDF rules?

I for one agree with the protected model. I've read post after post in this group and others where people complain that some new method is no longer effective due to the "other guys" knowing our every step. If there were an application process, which would be too burdensome on the maintainers, I'

RE: Iron Port experiences

Ironport can make those claims because they work on reputation - which means that when new SPAM comes out their reputation filters work on it without having to make any modifications. This also means that SPAM from bots gets through until their filters catch up and start building a negative reputa

RE: Scan by IP ranges with simscan

Yes. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 "You're either hardened, or you're hacked!" -Original Message- From: Diego Pomatta [mailto:[EMAIL PROTECTED] Sent: Monday, July 16, 2007 7:50 AM To: users@spamassassin.apache.org Subject: Scan by IP ranges w

RE: not everyone is happy with SA

I think you should rename your subject to: SPAM filtering alone is not accepted as well as Challenge-Response. If you read the article and the report, you'll notice that it does not combine various methods. SA can be used with RBLs which would increase it's effectiveness and not everyone uses t

RE: not everyone is happy with SA

You went into some fantastic depth in investigating the "truth" of this PR. You, sir, ROCK!!! Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 "You're either hardened, or you're hacked!" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent

RE: Upgrade problem from 3.1.7 to 3.2.1

Is there an ETA for 3.2.2 yet? -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Monday, July 23, 2007 8:08 AM To: Balzi Andrea Cc: users@spamassassin.apache.org Subject: Re: Upgrade problem from 3.1.7 to 3.2.1 Balzi Andrea wrote: > Hi > > In to my smtp-relay (debian

RE: Now its zip attachments ^^

Wait, would that ban on smoking include cigars too? Are regular neo-cons okay? Please delete. -Original Message- From: Jerry Glomph Black [mailto:[EMAIL PROTECTED] Sent: Monday, July 23, 2007 10:32 AM To: John Rudd Cc: users@spamassassin.apache.org Subject: Re: Now its zip attachments ^