rdin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
WSJ on the Fi
ses in the
TO field. I believe that in general, this one will be a wash, although
there certainly will be specific situations where this type of filtering
may be useful.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
to hostmas...@ngdc.net and ask them to fix that.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is
a representative flow of both spam and
ham, and you can still perform manual training against the master
database from other servers.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
interpretation is that when you have an IP specified properly
[192.2.0.55], it's treated as a IPv4 address literal and is deliverable.
When you have a bare IP, 192.2.0.55, you follow normal DNS lookups.
Since the 55 TLD doesn't exist, you get a NXDOMAIN from the root-servers
and reject the mail.
On 2013-10-30 14:48, Benny Pedersen wrote:
Dave Warren skrev den 2013-10-30 22:08:
192.2.0.55 has a TLD... 55.
dig 192.2.0.55
what name have the nic ns then ?
None. That's actually my entire point.
Since the 55 TLD doesn't exist, you get a NXDOMAIN from the
root-servers and
the MiB who snoop all incoming & outgoing
emails (would perplex the c**p outta them, they'd assue he was
up to something ;).
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
st periodically discusses spam filtering techniques that
can include terms that will be filtered (for example, domain names which
may be listed on blacklists), this is normal and expected behaviour, and
whitelisting is required.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
and
time zone set correctly?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
If you've had half as much fun reading this as I've had writing it,
I've had twice as much fun as you.
On 2014-01-15 22:51, Marc Perkel wrote:
I'm seeing a lot of "Do you want to buy this domain name" spam lately.
Is it just me or is anyone else seeing this?
It's not just you. Mostly to addresses harvested from WHOIS, at least
that I've noticed.
--
Dave Warren
http
e SPF or DKIM, create a whitelist_auth entry for them
then either black list them or create rules to hit on any sign of the
comnpany's messages. The whitelist_auth will override any rules so real
messages will get thru and the blacklist/targeted rules will hit the
ier to whitelist
"Anything from example.com where (SPF:PASS or DKIM:PASS)" than it is to
figure out the IP ranges example.com uses today and tomorrow and at this
point, I all but refuse to whitelist by IP, or by domain unless there is
some authentication method.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Are you tired of having your hands cut off by snowblowers?
trator the ability to understand what is happening.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
> On Feb 6, 2014, at 18:04, "Kevin A. McGrail" wrote:
>
>> On 2/6/2014 8:32 PM, Dave Warren wrote:
>>> On 2014-02-06 17:17, John Hardin wrote:
>>>> On Thu, 6 Feb 2014, Kevin A. McGrail wrote:
>>>>
>>>> I've discussed it
peaketh regarding SpamAssassin" policy, and non-commercial (free access
to the data, without any preconditions), I'm having trouble seeing the
problem.
I'd also like to say that I think it's awesome when commercial vendors
give back to the community, in large or smal
e to adapt the spec that's included with fedora for v3.4.0,
attached.
Let me know if you have any questions.
Regards,
Dave
# OVERRIDE RHEL VERSION HERE, RHEL BUILDSYSTEM DOESN'T HAVE DIST TAG
#%%define rhel 4
# Define Variables that must exist
%{?!rhel:%define rhel 0}
%{?!fedora:%define f
y, but I'd rather tinker with that sometime when $DAYJOB is
not requiring 12-hour days from me
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across t
O_BAYES_VBD DP_FRM_INFO && (BAYES_99 || BAYES_999)
under normal conditions?
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside,
to whinge. The bright side is it's
given me an impetus to redesign my meta rules with an abstraction layer in
between stock rules and my meta rules so I'll be better positioned to take
advantage of new rules in future.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is n
he next couple of rule updates.
Can we get a posting to this list when that rule update happens?
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish
ncluded in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4901]
0.8 RDNS_NONE Delivered to internal network by a host with no
rDNS
X-SA-Exim-Connect-IP: x.x.x.x
X-SA-Exim-Mail-From: xxx
X-SA-Exim-Scanned: No (on ); SAEximRunCond expa
ac OS X? For Solaris/Illumos?)
As far as I'm concerned, the proper role for the project in binary
distribution is the same as it has been-- when other sources create the
packages, the SA project provides links (and disclaims support). Anything
beyond that is suboptimal allocation of an a
won't fire at all because it's missing some
necessary component and thus that rule will be effectively disabled but the
whole SA engine should still run.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549
and similar rules
will skew.
Is a ham-only corpus submission useful? Our ham is well cleaned, but we
don't archive spam on an ongoing basis, and users primarily just delete
spam. But most of our users archive ham and retain it, so depending on
what the results look like, it might be u
On 2014-04-06 17:21, John Hardin wrote:
On Sun, 6 Apr 2014, Dave Warren wrote:
Is older ham useful? It specifically mentions that older spam isn't
useful, and why, but I'm thinking older ham is probably useful since
old mail clients and legitimately sent mail never dies. But I cou
other changes made.
No -- This issue just means that rule updates may not get created, but
the last valid set of rules will still available to sa-update.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
us. But that's just a hopeful guess, given that I've put some
resources into setting up appropriate systems and preparing some
messages to start the process.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
On 2014-04-08 03:56, Kevin A. McGrail wrote:
On 4/8/2014 1:16 AM, Dave Warren wrote:
On 2014-04-07 19:23, Thomas Harold wrote:
NOTE: New masscheck contributors are now being accepted since about
2012-08-09.
Is that supposed to say "now being" or "not being"?
I'm a
On 2014-04-08 11:17, Kevin A. McGrail wrote:
On 4/8/2014 2:15 PM, Dave Warren wrote:
On 2014-04-08 03:56, Kevin A. McGrail wrote:
On 4/8/2014 1:16 AM, Dave Warren wrote:
On 2014-04-07 19:23, Thomas Harold wrote:
NOTE: New masscheck contributors are now being accepted since
about 2012-08-09
ble default for stock SA?
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside, thoroughly used up, worn out, leaking oil, a
On 2014-04-13 12:22, Dave Pooser wrote:
And looking at the IADB web page, what I see is them bragging about how
little checking they do. What I don't see on their Web site is any way to
report spam to them.
I've gone ahead and set all IADB scores to 0 locally, but I'm curious
On 2014-04-15 06:42, Kevin A. McGrail
wrote:
On
4/14/2014 7:34 PM, Dave Warren wrote:
On 2014-04-13 12:22, Dave Pooser wrote:
And looking at the IADB web page, what I
see is them bragging about how
little
ncation feature in the milter so no need to
modify the MTA nor spamd.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#i
t be used at all but
just with care.
So if you see that warning about uncompileable rules, take a second look
at those specific rules.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_ad
e queried on DOB?
Did you leave your local BIND instance acting as a full resolver, or did
you set forwarders? If so, removing the forwarder configuration should help.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
On 2014-06-05 21:48, zespri wrote:
As I read it, it means that "non-forwarding dnsmasq" is simply nonsensical.
What am I missing?
Yeah... I don't believe dnsmasq would be a good choice, unbound or BIND
would be better choices.
--
Dave Warren
http://www.hireahit.com/
http://
l.org" what do you expect? That's
truth in advertising. It's 'invalid', as a matter of fact all of those
addresses aren't usable, they're either RFC-1918 or multicast/local-scope.
So none of those are valid for remote queries.
Do NOT use rhsbl
ntribute hardware and/or VM space at $WORKPLACE for an
offsite replica as long as we wouldn't need to sync more than 2-4GB/day
after the initial setup completed.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
t particular
flavor of spam that I'm considering making David's modifications locally
to Message.pm -- but obviously I'd prefer to leave the core modules
unmolested if there's an "official" fix in the works.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
&q
On 6/17/14 3:31 PM, "Kevin A. McGrail" wrote:
>On 6/17/2014 4:22 PM, Dave Pooser wrote:
>> Did any decision on this get reached?
>>
>Yes, I believe it was committed to trunk and considered resolved.
Presumably that will be released in 3.4.1 -- is there a target dat
resence of those headers aren't definitive
spam signs but I was hoping to combine that info with other clues to
create meta rules. However cannot test out this hypothesis with out the
ability to detect those headers.
--
Dave Funk University of Iowa
ay, could be in some kind of
memory resident set of tables, or something else???).
So you have a multi-dimensional matrix WRT your Bayes system
configuration, and manual VS auto learning is just one factor.
It's been this way for the past 10+ years AFAIK (well, maybe 10 years
rning at a site with ~3000 users
and have had to flush & restart our Bayes database twice in 10 years.
Dave
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin
On 2014-07-03 11:51, Brent Kennedy wrote:
remove
Try list-unsubscribe: <mailto:users-unsubscr...@spamassassin.apache.org>
instead?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
sent messages as
well.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
we
would be living in a much nicer world than the one we currently inhabit.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside,
thing to be tampered with lightly.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
thing like "dig @8.8.8.8
asdfalksdflk.example.com a", Rackspace intercepts the packet on port 53
and does something with it?
And it's taken them since October to resolve it?
And you still pay for this service?
Or is there more going on than is immediately obvious h
sbl checks for auth'ed mail submissions.
You could whitelist your client IP address in your 'access' file but
what happens when that address changes? (I assume your ISP gives you
a DHCP address).
--
Dave Funk University of Iowa
College of
r to that
resolver over port other than 53.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
amAssassin, SA's score is directly added
to various other rules for the final decision)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
, but you do have to work
a lot harder at areas that the big guys can't compete with.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
27;m pretty sure I'm not getting a discount or anything for this.)
:-)
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside, th
? To take up arms against a sea of troubles)
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside, thoroughly used up, worn
On 2014-07-29 12:20, Axb wrote:
On 07/29/2014 08:21 PM, Dave Pooser wrote:
On 7/29/14, 2:13 PM, "Asai" wrote:
My question regarding all of this interesting topic is, isn't there
some
kind of RBL or something which can be subscribed to for a nominal fee
per year that can a
Took just
about a month to get it under control (read: routed to my spam folder)
If spam filtering were the only consideration, I'd switch to Gmail
(well, Google Apps) in a heartbeat, and I'd figure out a way to make
money putting my customers over on Google Apps too.
But it isn&
er-level blocks.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
urrent
customers, you might be able to afford to block Gmail. At $DAYJOB, we can't.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
es your own history to
make that decision on freshly received messages.
To me, it's not worth the price as a primary mailbox (privacy, security,
control of data, terrible UI usability), but the filtering alone is
impressive.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
x27;s too soon to actually start blocking, but if certain TLDs
have an uptick in spam use, it would be worth evaluating their
usefulness in email in general, and potentially worth applying low-level
scores.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
the
current-but-about-to-be-outdated 3.4.0, or you can switch to Fedora, or
start using CPAN, or But trying to fight spam with a 4.5-year-old
version of SpamAssassin is as likely to succeed as using a 4.5 year old
set of virus definitions for your virus filtering.
--
Dave Pooser
Cat-Herder-i
hunderbird has a decent bayesian implementation, I've heard good things
about it but I don't use it myself.
(I use Thunderbird, but not it's spam filtering capabilities)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
users can create whatever disaster
of client-side rules their client is capable of implementing
(although we never recommend these, and do not support them, since users
create a nightmare of crap that we aren't willing to invest the time
into understanding and fixing)
--
Dave Warren
in 6 straight months of higher spam load.
I've had similar results on a Gmail spamtrap I've got (an address I've
never used and don't use, but happens to be a common firstname.lastname
combination, so it gets tons of typo'd mail seeding the trap)
--
Dave Warren
On 2014-08-13 17:47, Steve Bergman wrote:
On 08/13/2014 01:06 PM, Dave Warren wrote:
In short, yes, it is unproductive. The quasi-legitimate stuff does go
away, but the rest doesn't. This was confirmed just recently by Laura on
Word To The Wise, who posted about this just 5 days ago:
MARC's feedback mechanism.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
ly able to game.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
t;
There were a couple of possible solutions discussed, including new
features added to the latest version (trunk) of spamassassin.
I took one of them (new functions in MIMEEval) back-ported it to my SA
kit and it has been hitting pretty regularly on that kind of spam.
sage is:
Return-path:
for my recipient address of da...@hireahit.com.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
ess relevance.
They've made their choice, now you get to make yours. Personally, I'm
quite pleased with their performance, and I have no problem identifying
myself when I contact a company. If I'm acting on my own behalf, I'd put
"Personal" or "None" or &
On 2014-08-29 02:41, Michael Opdenacker wrote:
I find it hard to believe I'm the only one getting spam in Chinese
characters;)
I get a fair amount in my spamtraps, but only because my trap addresses
are very permissive. None of it would have been accepted for normal
delivery.
--
ds compliant, it's only when you export
directly from Outlook that you get this mess.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
ng spam
characteristics can cause them to adapt their tactics.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
'm a vote for the hideously ugly
preoptimized blob over adding a new dependency.
That said, I'd rather have the new dependency than keep the configuration
embedded in the rules.
So, in order of preference:
1) Pre-optimized blob
2) Regexp::List dependency
3) Current method
--
Dave Pooser
>>embedded in the rules.
> ^
>Code, not rules. Which basically is the issue here...
Just read what I *mean* and not what I type. ;-)
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
saf
A servers for sa-learn.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside, thoroughly used up, worn out, leaking oil, and
shouting
>Dave> At $DAYJOB we export the spam folder (and a ham folder for FPs)
>Dave> via NFS and mount them on the frontline SA servers for sa-learn.
>
>Doesn't that smell of locking issues?
To be honest, I'd just assumed that NFS wouldn't do any locking on a
read-only
ues.
Thanks, Ian, for the warning and thanks, Bob, for setting my mind at ease.
;-)
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
other, including passive-agressive "I'm not speaking to him but would you
please tell him he's a big ol' poopy-head" comments?
Alternately, may I request a list moderator review the signal:noise ratio
associated with this feud and take appropriate action?
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
configured per-list, not all
lists list 127.0.0.2, and some lists use status codes, so "should not be
listed" and "should be listed" are really "match/do-not-match some
condition"
In the case of DNSWL, $MYIP should be listed, if I get de-listed, I want
to kn
under attack or whatever, odds are that 127.0.0.2 (or whatever
is applicable) will disappear.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
; would chain commands together and run both in sequence
regardless of the results, whereas && is a conditional for if the
previous command succeeded and || was a conditional for if the previous
command failed?
At least in bash...
--
Dave Warren
http://www.hireahit.com/
http://ca
add a similar comment about ".link" URLs inside the
message. Last week I created a uri rule to fire on any ".link" hosted URL
and so far havn't seen a single FP.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FA
ly aliased, and I can confirm
that all the ones I encountered are now fixed.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
the -unsubscribe address works, and got a reply in
under a minute from there too. I'm obviously not completing the loop
since I would prefer to stay subscribed.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
have been plenty of posts to this list about URIBL_BLOCKED and how
to fix it.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242
sly read their policies
and ensure you're okay with part of your mail stream passing through a
third party.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
e to contact me off-list to discuss
further.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
scoring so that the subject has more
weight, or so that words have more weight the closer they are to the
beginning of the body vs the end? That seems like it would help. Is
such an approach even feasible?
--
Dave Brondsema : d...@brondsema.net
http://www.brondsema.net : personal
http
On 11/8/14, 5:57 PM, "Reindl Harald" wrote:
>what is that garbage worth for?
It's from a book by Terry Pratchett. Are we really so hard up for things
to talk about that we're going to have a .sig flamewar now?
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
Program
ing a "bad hair day" this morning. I saw a number of
FP hits on DOB for stuff that hadn't changed in years (EG amtrak.com ).
It looks better now.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549
're currently going with a pretty simple
HTML comment. Is that too obvious? Should we put it into a CSS invisible
div as well? Any other ideas?
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 S
to /dev/null, and write your own monitoring script
to tell you if sa-update broke spamd
5) Run SA in some kind of container or VM so you can optimize for
spamassassin without tainting the purity of your RHEL install
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the
The decision to run spamassassin on a distribution
that is constitutionally opposed to modern perl is not the fault of the
spamassassin team. The problem is in the system administrator who tries to
hammer every use case into the same square hole. It should be fixed there.
--
Dave Pooser
distro channels to gain version_check
capabilities
2) Take the version_check out and break sa-update on computers running
older versions of perl
3) Write all spamassassin rules to use the lowest-common-denominator perl,
which would be the "crufty version of perl" I referred to above.
Do you
be positive that the honeypot did NOT sign up
for an email list and then start marking it as spam in lieu of the
unsubscribe button.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved
'm not going into in a
public forum :)
So educate them well, and let SA do its job, and we wouldnt need to read your
posts either.
I have to agree with Dave, Christian, et-all. It's not frequent but not
rare to see a reply-all "Take me off this list!!!".
Even if you'
er find
the fix for that problem $FOO you were having?" since I can't assume
they're still subscribed to the list. I may or may not copy the list on
that email, though I certainly will if I come up with an answer.
http://xkcd.com/979/ reference here>
--
Dave Pooser
Cat-Herder-in
ont-size: 10pt' and
this one omitted font-size entirely.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
On 12/4/14 10:27 PM, "Nick Edwards" wrote:
>> It's also not wrapping the text at all.
> it wraps fine here
Look at the last roundcube post, the one sent at 01:06 GMT. The line of
quoted text runs 273 columns without a linewrap.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
401 - 500 of 855 matches
Mail list logo
