Does Drako know you are posting here Bob?
It's a bit naughty. He had everyone sign a form saying they would not
post to places like this? You really should know better.
We all know that Barraucda are behind emailreg. We know that emailreg is
'cash for spamming'. We know that support have been to
self across as caring and
sharing. It's bullshit and anyone can smell it.
> I am also learning to count Jann among my friends, and I'm sure he would
> *appropriately* acknowledge your greeting.
>
> If your participation is at all typical of this community, that
On Fri, 2009-06-05 at 18:58 +0100, Jeremy Morton wrote:
> Hi,
>
> I've suddenly started getting a new slew of spams that are making their
> way through my SpamAssassin filter. Here's an example of one:
>
> http://pastebin.com/m586e296c
>
> As you can see they tend to hit a couple of blacklists
On Fri, 2009-06-05 at 20:33 +0200, Raymond Dijkxhoorn wrote:
> Hi!
>
> >> http://pastebin.com/m586e296c
> >>
> >> As you can see they tend to hit a couple of blacklists, but don't get a
> >> high enough score to be marked as spam. What do your SpamAssassin
> >> analyses give of this e-mail, and a
On Wed, 2009-06-17 at 13:33 +0200, Paweł Tęcza wrote:
> Ibrahim Harrani pisze:
> > Hi,
> >
> > another header from another image spams.
> > All images contain god, bad and a url with numbers.
>
> The spamers are cunning... It seems that they have stopped sending spams
> with X-Mailer: header cont
Make Her Beeg For More And More" is
> what i got
>
> -----Original Message-
> From: rich...@buzzhost.co.uk [mailto:rich...@buzzhost.co.uk]
> Sent: Wednesday, 17 June 2009 9:43 PM
> To: Paweł Tęcza
> Cc: users@spamassassin.apache.org
> Subject: Re: new spam image wit
On Wed, 2009-06-17 at 15:02 +0200, Matus UHLAR - fantomas wrote:
> On 17.06.09 13:48, rich...@buzzhost.co.uk wrote:
> > But there are certain words you would never expect to see in the
> > subjects of legitimate mail none the less unless you often get mail with
> > words
On Wed, 2009-06-17 at 18:02 +0300, Ibrahim Harrani wrote:
> http://pastebin.com/m6a027715
See if you can spot the keys;
1. Received: from unknown #if you don't know who you are goodbye.
2 (HELO .user.x) #mail servers don't tend to HELO/EHLO with
'user' 'dsl' 'ppp' as a rule.
3.(62.57.252.7
On Thu, 2009-06-18 at 14:04 -0400, Michael Scheidell wrote:
> main sleaze, as in spam from larger, established, 'legit' companies. I
> am seeing a 20% increase in spam that doesn't trigger any of the zombie,
> forged, gappy or dialup list rules. Neither are they triggering SARES
> or SOUGHT ru
On Fri, 2009-06-19 at 13:32 +0200, Arvid Picciani wrote:
> Hi,
> I'm currently convincing my boss to throw away a domain that receives so
> much backscatter, its useless to try filtering the legitimate mail.
> Could i do anything useful with it?
> Spamtrap won't work since 99.99% of mails are ba
On Sun, 2009-06-21 at 13:35 +0200, Benny Pedersen wrote:
> On Sun, June 21, 2009 13:23, Jeremy Morton wrote:
> > My SpamAssassin apparently isn't checking this blocklist; how do I get
> > it to?
>
> cbl is part of zen.spamhaus.org, but some ips is not in sync that fast, so
> check cbl in mta level
Good morning,
Looking at the docs I see a 'don't add your customer rules here' warning
in reference to the default /usr/share/spamassassin dir. Instead it
lists a couple of options including local.cf
Is it possible to ask local.cf to include external files/dir for custom
rules at all?
Thanks
On Mon, 2009-06-22 at 00:26 -0400, Matt Kettler wrote:
> rich...@buzzhost.co.uk wrote:
> > Good morning,
> >
> > Looking at the docs I see a 'don't add your customer rules here' warning
> > in reference to the default /usr/share/spamassassin dir. Instead
On Mon, 2009-06-22 at 00:57 -0600, LuKreme wrote:
> On Jun 21, 2009, at 23:48, "rich...@buzzhost.co.uk" > wrote:
>
> > On Mon, 2009-06-22 at 00:26 -0400, Matt Kettler wrote:
> >> rich...@buzzhost.co.uk wrote:
> >>> Good morning,
> >>>
Noted this over at NANAE;
QUOTE:
All,
Please feel free to forward this message to any other location/mailing
list.
It comes with great sadness that I have to announce the imminent
closure
of SORBS. The University of Queensland have decided not to honor their
agreement with myself and SORBS
On Mon, 2009-06-22 at 07:30 -0400, Matt Kettler wrote:
> rich...@buzzhost.co.uk wrote:
> > On Mon, 2009-06-22 at 00:26 -0400, Matt Kettler wrote:
> >
> >> rich...@buzzhost.co.uk wrote:
> >>
> >>> Good morning,
> >>>
> >>
On Mon, 2009-06-22 at 07:53 -0400, Matt Kettler wrote:
> rich...@buzzhost.co.uk wrote:
> > On Mon, 2009-06-22 at 07:30 -0400, Matt Kettler wrote:
> >
> >> rich...@buzzhost.co.uk wrote:
> >>
> >>> On Mon, 2009-06-22 at 00:26 -0400, Matt Ket
On Mon, 2009-06-22 at 19:40 +0200, Arvid Picciani wrote:
> rich...@buzzhost.co.uk wrote:
> > It comes with great sadness that I have to announce the imminent
> > closure
> > of SORBS. The University of Queensland have decided not to honor their
> > agreement with mys
On Tue, 2009-06-23 at 09:29 -0400, Jeff Moss wrote:
> WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
> organization while SORBS is a POS that helped give all blacklists a
> bad name.
> I don't know if SpamAssassin has ever used it.
>
I respect any block list for targeting t
On Tue, 2009-06-23 at 22:17 +0200, Arvid Picciani wrote:
> >> It does make you wonder why they never seem to end up on any of the
> >> spamhaus lists. Perhaps they are brilliant list washers ?
> >>
> >
> > Same here - I see lots of these and they don't score on many lists.
>
> It might be an unedu
On Tue, 2009-06-23 at 22:50 +0200, Yet Another Ninja wrote:
> On 6/23/2009 10:37 PM, Lee wrote:
> >
> > Hello SpamAssassin fans,
> >
> > Having read and tried various things on the SA site and elsewhere, even
> > including some technically dead stuff in the Web Archive, I'm wondering
> > if any
On Wed, 2009-06-24 at 00:07 +0200, mouss wrote:
> Res a écrit :
> > On Tue, 23 Jun 2009, mouss wrote:
> >
> >> payment were only needed for spam, not for "dul"
> >
> > not really :) despite what their site said/says.. its kind of a
> > detterent i think sunno we never paid
> >
>
> This is w
On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote:
> Benny Pedersen wrote:
> 2) I didn't include free email providers in my list of "large and
> serious hosting providers" - I was thinking more of organisations such
> as 1and1, hetzner, rackspace etc. etc.
My special award goes to 1and1. I get
On Thu, 2009-06-25 at 09:16 +1000, Res wrote:
> On Wed, 24 Jun 2009, rich...@buzzhost.co.uk wrote:
>
> >> This is wrong. if you have evidence, show it. if not, stop spreading
> >> rumours. I have delisted an IP in the past, and I have been watching
> >> people try
On Thu, 2009-06-25 at 17:41 +1000, Res wrote:
> if you jump on a bandwagon without first hand experience, thats *exactly*
> what you are, if you had experienced it first hand of course you become an
> authority on the subject in your your case, and your opinion matters as
> factual, but you by y
A routine look in the logs shows me a steady warn in the logs.
It's probably harmless - but I would like to solve it for tidiness:
Thu Jun 18 16:45:21 2009 [12663] warn: config: created user preferences
file: /var/lib/spamassassin/.spamassassin/user_prefs
Tue Jun 23 16:58:42 2009 [13778] warn: c
On Thu, 2009-06-25 at 18:24 +1000, Res wrote:
> On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote:
>
> > On Thu, 2009-06-25 at 17:41 +1000, Res wrote:
> >
> >> if you jump on a bandwagon without first hand experience, thats *exactly*
> >> what you are, if
On Thu, 2009-06-25 at 03:08 -0600, LuKreme wrote:
> On 24-Jun-2009, at 08:20, Roger Marquis wrote:
> > PostConf http://www.postconf.com for example.
>
>
> Looks interesting, but not FreBSD demo :/
>
Webmin?
http://www.webmin.com/
On Thu, 2009-06-25 at 11:39 +0200, Per Jessen wrote:
> rich...@buzzhost.co.uk wrote:
>
> > On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote:
> >> Benny Pedersen wrote:
> >
> >> 2) I didn't include free email providers in my list of "large and
&g
On Fri, 2009-06-26 at 21:06 -0400, Charles Gregory wrote:
> On Fri, 26 Jun 2009, LuKreme wrote:
> >> > See, it all comes down to what you think 'legitimate' is.
> >> The recipient wants the e-mail. DUH.
> > That's not my definition at all
>
> The very reason for my posting. You need not repeat
On Sat, 2009-06-27 at 16:56 +0930, Cory Hawkless wrote:
> Hi all,
>
>
>
> Been doing some reading on RegEx and even coming from a programming
> background it is a bit intimidating, my problem is I haven’t been able
> to find a good source of information on exactly what\how SpamAssassin
> matche
On Sat, 2009-06-27 at 10:59 +0200, Yet Another Ninja wrote:
> On 6/27/2009 10:55 AM, Arvid Picciani wrote:
> > Michael Grant wrote:
> >> Unless I've missed a message... this is the 100th reply to this
> >> thread. This has to be one of the longest threads I've seen on this
> >> list in years.
> >>
ddy
> to reproduce the expected results?
>
> Has anyone used regexbuddy before?
>
> -Original Message-
> From: rich...@buzzhost.co.uk [mailto:rich...@buzzhost.co.uk]
> Sent: Saturday, 27 June 2009 5:12 PM
> Cc: users@spamassassin.apache.org
> Subject: Re: SA Re
On Tue, 2009-06-30 at 00:46 +0200, Michelle Konzack wrote:
> For some seconds I have goten this spam, which has passed my spmassassin
> but was hit by a seperated ZEN rule in procmail:
>
>
> Return-Path: soria.h.steven...@gmail.com
> X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on
>
On Wed, 2009-07-01 at 01:15 +0200, Michelle Konzack wrote:
> Am 2009-06-30 14:08:33, schrieb John Hardin:
> > If zen worked to catch the message in procmail, how does it not work on
> > your MTA? Or did we misinterpret your original post?
>
> In Debian, the network related scans are activated an
On Wed, 2009-07-01 at 08:26 +0200, Benny Pedersen wrote:
> On Wed, July 1, 2009 07:44, rich...@buzzhost.co.uk wrote:
> > In particular
> > # Enable or disable network checks
> > skip_rbl_checks 0
> > 0 = off 1 = on
>
> wroung
>
> 0 = use rbl
>
On Wed, 2009-07-01 at 08:58 +0200, Yet Another Ninja wrote:
> On 7/1/2009 8:50 AM, rich...@buzzhost.co.uk wrote:
> > Oh, and look: dnsbl.sorbs.net
> >
> > So it seems that the demise of sorbs will add latency if their servers
> > stop answering...
>
>
> See
On Wed, 2009-07-01 at 10:27 +0200, Matus UHLAR - fantomas wrote:
> Note that rbl checks do not only control the IP you are receiving mail from,
> but also an IP others are receiving mail from. That means, rbl checks can
> help you catch spam others are (unintentionally) forwarding to you.
>
> I
On Wed, 2009-07-01 at 11:11 +0200, Per Jessen wrote:
> rich...@buzzhost.co.uk wrote:
>
> > On Wed, 2009-07-01 at 08:58 +0200, Yet Another Ninja wrote:
> >> On 7/1/2009 8:50 AM, rich...@buzzhost.co.uk wrote:
> >> > Oh, and look: dnsbl.sorbs.net
> >> >
re receiving mail from. That means, rbl checks can
> > > help you catch spam others are (unintentionally) forwarding to you.
> > >
> > > I object against disabling RBL checks in SA ...
>
> On 01.07.09 09:40, rich...@buzzhost.co.uk wrote:
> > There is the
On Wed, 2009-07-01 at 14:21 +0200, Matus UHLAR - fantomas wrote:
> > On Wed, 1 Jul 2009, rich...@buzzhost.co.uk wrote:
> >> Jul 1 07:38:46 munged #14781: query: 1.2.3.4.dnsbl.sorbs.net IN A +
> >> Oh, and look: dnsbl.sorbs.net
> >> So it seems that the demise o
On Wed, 2009-07-01 at 18:26 +0200, Benny Pedersen wrote:
> On Wed, July 1, 2009 08:50, rich...@buzzhost.co.uk wrote:
>
> > I'm going to need to disable some of these lists as the MTA has already
> > blocked stuff on them Kind of pointless making repeat lookups for stuff
>
On Wed, 2009-07-01 at 18:26 +0200, Benny Pedersen wrote:
> On Wed, July 1, 2009 08:50, rich...@buzzhost.co.uk wrote:
>
> > I'm going to need to disable some of these lists as the MTA has
already
> > blocked stuff on them Kind of pointless making repeat lookups for
stuff
>
On Wed, 2009-07-01 at 19:21 +0200, Benny Pedersen wrote:
> On Wed, July 1, 2009 19:04, rich...@buzzhost.co.uk wrote:
>
> > You may want to fix that backscatter problem you have too :-)
>
> just stop sending cc to me, then its fixed
>
My apologies. I figured if I sent it tw
On Wed, 2009-07-01 at 16:13 -0600, LuKreme wrote:
> On 1-Jul-2009, at 06:47, rich...@buzzhost.co.uk wrote:
> >
> > But for the paranoid will changing 50_scores.cf from;
> >
> > score RCVD_IN_SORBS_BLOCK 0 # n=1 n=2 n=3
> > score RCVD_IN_SORBS_DUL 0
On Thu, 2009-07-02 at 08:28 +0200, Kasper Sacharias Eenberg wrote:
> On Thu, 2009-07-02 at 05:32 +0100, rich...@buzzhost.co.uk wrote:
> > On Wed, 2009-07-01 at 16:13 -0600, LuKreme wrote:
> > > On 1-Jul-2009, at 06:47, rich...@buzzhost.co.uk wrote:
> > > >
>
On Thu, 2009-07-02 at 09:33 +0200, Matus UHLAR - fantomas wrote:
> > > On Wed, July 1, 2009 08:50, rich...@buzzhost.co.uk wrote:
> > > > I'm going to need to disable some of these lists as the MTA has already
> > > > blocked stuff on them Kind of poi
On Thu, 2009-07-02 at 14:40 +0100, Anthony Peacock wrote:
> http://www.australianit.news.com.au/story/0,27574,25708610-15306,00.html
>
Is that to a Spam Cartel? It's overpriced :-)
I'm probably missing something here - but Constant Contact (who we block
by IP) have been a nagging source of spam for us. I'm just wondering why
25_uribl.cf has this line in it:
## DOMAINS TO SKIP (KNOWN GOOD)
# Don't bother looking for example domains as per RFC 2606.
uridnsbl_skip_domain examp
On Fri, 2009-07-03 at 03:50 -0400, Aaron Wolfe wrote:
> On Fri, Jul 3, 2009 at 2:39 AM,
> rich...@buzzhost.co.uk wrote:
> > I'm probably missing something here - but Constant Contact (who we block
> > by IP) have been a nagging source of spam for us. I'm just wonder
On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
> I've heard that they are diligent about terminating abusive clients.
> Are you reporting these spams to them?
>
Yes - but you would thing a log full of 550's may be a clue.
What concerns me is SpamAssassin effectively white listing spammers
n the
> past, like Habeas certified junk.
>
>
> > On Fri, Jul 3, 2009 at 09:55, Mike
> > Cardwell wrote:
> >> rich...@buzzhost.co.uk wrote:
> >>
> >>> I'm probably missing something here - but Constant Contact (who we block
> >>>
On Fri, 2009-07-03 at 05:16 -0400, Aaron Wolfe wrote:
> >From what I've seen, most of the traffic from them probably doesn't
> qualify as spam by the common definition. It is, however, stuff that
> nobody here wants.
I think we are all to generous in what we consider to be 'spam' -v-
'ham'.
If
On Fri, 2009-07-03 at 12:06 +0200, Yet Another Ninja wrote:
> On 7/3/2009 11:14 AM, rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
> >> I've heard that they are diligent about terminating abusive clients.
> >> Are y
On Fri, 2009-07-03 at 11:19 +0100, Justin Mason wrote:
> On Fri, Jul 3, 2009 at 10:14,
> rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
> >> I've heard that they are diligent about terminating abusive clients.
> >> Ar
On Fri, 2009-07-03 at 11:26 +0100, Mike Cardwell wrote:
> Aaron Wolfe wrote:
>
> > I think the point was that the URIBL's are never going to be listing
> > these domains, so why waste time looking them up
>
> m...@haven:~$ host constantcontact.com.multi.uribl.com
> constantcontact.com.multi.uribl
On Fri, 2009-07-03 at 06:41 -0400, Aaron Wolfe wrote:
> On Fri, Jul 3, 2009 at 6:26 AM, Mike
> Cardwell wrote:
> > Aaron Wolfe wrote:
> >
> >> I think the point was that the URIBL's are never going to be listing
> >> these domains, so why waste time looking them up
> >
> > m...@haven:~$ host consta
On Fri, 2009-07-03 at 14:54 +0200, Jonas Eckerman wrote:
> rich...@buzzhost.co.uk wrote:
>
> >> m...@haven:~$ host constantcontact.com.multi.uribl.com
> >> constantcontact.com.multi.uribl.com A 127.0.0.4
> >> m...@haven:~$
>
> > Oh Dear - that
On Fri, 2009-07-03 at 15:53 +0200, Benny Pedersen wrote:
> On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:
>
> folowup:
>
> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
>
> in dns
>
> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> localhost.
On Fri, 2009-07-03 at 16:54 +0200, Benny Pedersen wrote:
> On Fri, July 3, 2009 16:31, rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-03 at 15:53 +0200, Benny Pedersen wrote:
> >> On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:
> >>
> >> folowup:
&g
On Fri, 2009-07-03 at 17:31 +0200, Benny Pedersen wrote:
> On Fri, July 3, 2009 17:23, rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-03 at 16:54 +0200, Benny Pedersen wrote:
> >> On Fri, July 3, 2009 16:31, rich...@buzzhost.co.uk wrote:
> >> > On Fri, 2009-07-03
On Fri, 2009-07-03 at 18:27 +0200, Jonas Eckerman wrote:
> rich...@buzzhost.co.uk wrote:
>
> >> (You do know what "legacy" means, right?)
>
> > Sure - do you? If it's left in the core code because the URI never
> > listed CC in the past th
On Fri, 2009-07-03 at 10:14 -0700, John Hardin wrote:
> On Fri, 3 Jul 2009, Randal, Phil wrote:
>
> > From http://www.constantcontact.com/pricing/index.jsp , they say:
> >
> > "Monthly fee is based on the number of contacts in your email list"
> >
> > There's an immediate conflict of interest - i
These links are provided in the spirit of Barracuda Networks 'Let's just
help ourselves to the work of others' as an Independence Day 'Liberate
The Rules' gift.
It's not all of them - but the bulk of them. The full 'static' whitelist
is also provided. These may be of interest to other SpamAssassin
On Sat, 2009-07-04 at 07:29 +1000, Res wrote:
> On Fri, 3 Jul 2009, Benny Pedersen wrote:
>
> >
> > On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:
> >
> > folowup:
> >
> > v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> >
> > in
On Sat, 2009-07-04 at 21:49 -0400, Tara Natanson wrote:
> Hello,
>
> Normally I wouldn't jump in on a technical mailing list such as this,
> but I was pointed to the archives by someone on the list and saw that
> someone was asking specific questions on how we operate. I hope I can
> clear up some
On Sun, 2009-07-05 at 18:36 +0200, Benny Pedersen wrote:
> On Sat, July 4, 2009 07:16, rich...@buzzhost.co.uk wrote:
> . Even Benny's
> > "You don't have SPF so I'm blocking you" was clearly b/s when I tried it
> > with other MX's with no SPF.
On Sun, 2009-07-05 at 09:28 -0400, Tara Natanson wrote:
> On Sun, Jul 5, 2009 at 3:05 AM,
> rich...@buzzhost.co.uk wrote:
>
> > Perhaps you can look at your customer;
> >
> > Received: from ccm01.constantcontact.com ([63.251.135.74]) by
> > From:
On Mon, 2009-07-06 at 11:00 -0600, J.D. Falk wrote:
> rich...@buzzhost.co.uk wrote:
>
> >> sorry, I am on several private lists. Lists I have been on for 10
> >> years through a few different employers. If I signed up for those
> >> lists with my @constantcont
On Mon, 2009-07-06 at 10:36 -0700, SM wrote:
> At 10:56 05-07-2009, rich...@buzzhost.co.uk wrote:
> >Well, I can only take you at face value that you are here representing
> >Constant Contact. If I call up the office switchboard Tara, can I speak
> >with you there? It&
From:
Chris Owen
To:
rich...@buzzhost.co.uk
Cc:
Tara Natanson
Subject:
Re: constantcontact.com
Date:
Mon, 6 Jul 2009 13:02:07 -0500
(19:02
On Mon, 2009-07-06 at 20:55 +0200, Benny Pedersen wrote:
> On Mon, July 6, 2009 20:25, rich...@buzzhost.co.uk wrote:
>
> Received-SPF: unknown (nike.apache.org: error in processing during lookup of
> rich...@buzzhost.co.uk)
>
> priseless
>
That should read 'priceless&
On Thu, 2009-07-09 at 18:57 -0700, Marc Perkel wrote:
> For what it's worth I'm now ahead of Barracuda on Jeff Makey's blacklist
> comparison chart. Not a scientific comparison but it's about all there
> is to compare blacklists. Now only abuseat.org and spamhaus have me
> beat. (apews doesn't c
On Fri, 2009-07-10 at 11:01 +0200, Paweł Tęcza wrote:
> Hi,
>
> Because of Apache.org spam filters I can't send here my message about
> spammers again:
>
> Jul 9 22:32:07 hermes2 courieresmtp:
> id=00174B77.4A5653AA.7F82,from=,addr=:
> 552 spam score (15.4) exceeded threshold
On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
> On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
> > Please see my initial post on Pastebin:
> >
> > http://pastebin.com/f6a83e9fb
> >
> If it's true that all those domains resolve to just a handful of IP
> addresses, then why aren't they listed i
On Fri, 2009-07-10 at 10:58 +0100, Steve Freegard wrote:
> rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
> >> On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
> >>> Please see my initial post on Pastebin:
> >>>
> >&
On Fri, 2009-07-10 at 04:57 -0600, LuKreme wrote:
> On 10-Jul-2009, at 01:25, rich...@buzzhost.co.uk wrote:
> > On Thu, 2009-07-09 at 18:57 -0700, Marc Perkel wrote:
> >> For what it's worth I'm now ahead of Barracuda on Jeff Makey's
> >> blackli
On Fri, 2009-07-10 at 06:15 -0400, Matt Kettler wrote:
> rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
> >
> >> On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
> >>
> >>> Please see my initial post on Pasteb
On Fri, 2009-07-10 at 05:42 -0600, LuKreme wrote:
> On 10-Jul-2009, at 05:18, rich...@buzzhost.co.uk wrote:
> > There is a load of noise in NANAE about the Court coming to a
> > compensation decision and Spamhaus being 'broke' hence my concern.
>
> Is NANAE in a t
On Fri, 2009-07-10 at 09:11 -0700, John Hardin wrote:
> On Fri, 10 Jul 2009, Terry Carmen wrote:
>
> > All the supplied domain names have a DNS server in China. It might be
> > worth it to create a rule to based on the link's DNS server's location
> > (Geo IP Lookup).
>
> *that* might actually
On Fri, 2009-07-10 at 18:44 +0200, Yet Another Ninja wrote:
> On 7/10/2009 6:30 PM, rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-10 at 09:11 -0700, John Hardin wrote:
> >> On Fri, 10 Jul 2009, Terry Carmen wrote:
> >>
> >>> All the supplied domain names
On Fri, 2009-07-10 at 22:46 -0500, McDonald, Dan wrote:
> >From: Jason L Tibbitts III [mailto:ti...@math.uh.edu]
> > "MD" == McDonald, Dan writes:
>
> MD> They are using underscores, which are a [:punct:], but don't form
> MD> a \b break.
>
> >I'm becoming confused as to what they could poss
On Fri, 2009-07-10 at 14:08 +0100, David Lomax wrote:
David Lomax. Ummm. You would really think a guy working for Barracuda
Networks;
'The world wide leader in email security'
could figure out how to unsubscribe from a mailing list. Oh dear..
On Sat, 2009-07-11 at 07:14 -0500, McDonald, Dan wrote:
> From: rich...@buzzhost.co.uk [mailto:rich...@buzzhost.co.uk]
> >On Fri, 2009-07-10 at 22:46 -0500, McDonald, Dan wrote:
> >> >From: Jason L Tibbitts III [mailto:ti...@math.uh.edu]
> >> >>>>> &quo
On Sat, 2009-07-11 at 17:08 +0100, Barry Porter wrote:
> You could take a look at ModSecurity if you are on Apache(
> http://www.modsecurity.org/ ) to block the attacks that found the holes in
> the first place, once you have fixed the current issue that is.
>
> The standard ruleset is very good a
On Sat, 2009-07-11 at 14:27 -0700, dmy wrote:
> So is there a way to configure that ALL DNS tests just use the last external
> ip address (or at least NOT the first one?). Because to me it doesn't make
> any sense to test the ip people use to deliver messages to their smarthost
> and it produces qu
e to me it doesn't make
> > > any sense to test the ip people use to deliver messages to their smarthost
> > > and it produces quite a few false positives on my system...
>
> On 12.07.09 05:57, rich...@buzzhost.co.uk wrote:
> > Someone throw me a tin opener - there
On Mon, 2009-07-13 at 10:46 -0400, Charles Gregory wrote:
> (?!www\.[a-z]{2,6}[0-9]{2,6}\.(com|net|org))
> www[^a-z0-9]+[a-z]{2,6}[0-9]{2,6}[^a-z0-9]+(com|net|org)
Does not seem to work with;
www. meds .com
On Mon, 2009-07-13 at 17:19 +0200, Matus UHLAR - fantomas wrote:
> > On Fri, 3 Jul 2009, RW wrote:
> > > I understand that Spamhaus doesn't recommend this, because dynamic IP
> > > addresses can be reassigned from a spambot to another user, but I added
> > > my own rule it does seem to work. In my
t; > > agreed, although, some kind of authentication should be done in either
> > > case,
> > > which should prevent the rules from hitting, but many ISPs and ESPs don';t
> > > push auth informations to Received: headers...
>
> On 13.07.09 16:26, rich.
On Mon, 2009-07-13 at 17:38 +0100, rich...@buzzhost.co.uk wrote:
> On Mon, 2009-07-13 at 18:28 +0200, Matus UHLAR - fantomas wrote:
> > > On Mon, 2009-07-13 at 17:19 +0200, Matus UHLAR - fantomas wrote:
> > > > > On Fri, 3 Jul 2009, RW wrote:
> > > >
Don't you just love them :-)
Love Making Tipps -- Tips for Better And Greater
sex.www[dot]nu26[dot]com
On Thu, 2009-07-16 at 04:38 -0700, twofers wrote:
> 66.59.8.161
TRY:
OrgAbuseEmail: ab...@streamsend.com
On Thu, 2009-07-16 at 13:43 +0200, Chr. von Stuckrad wrote:
[snip]
> (Of course every good spammer will read the spamassassin list ;-)
I don't think they care that much. Once you've got the mail server to
accept it, ending up in a junk folder is still a successful delivery.
If you are running it s
On Thu, 2009-07-16 at 07:55 -0400, Matt Kettler wrote:
> Have you reported the abuse to mailto:habeas@abuse.net, as Neil
> Schwartzman from Return Path (operators of Habeas) requested last time?
>
> Just posting to the sa-users list isn't really going to do very much.
Have to agree (it's nice
On Fri, 2009-07-17 at 03:25 -0700, twofers wrote:
> Neil Rocks !
>
> Thanks Neil.
>
> Wes
>
> --- On Thu, 7/16/09, Neil Schwartzman
> wrote:
>
>
> From: Neil Schwartzman
> Subject: Re: Opt In Spam
> To: "twofers" , "Spamassassin"
>
> Date: T
On Fri, 2009-07-17 at 14:41 -0600, Neil Schwartzman wrote:
>
>
> On 17/07/09 4:03 PM, "Neil Schwartzman"
> wrote:
>
> > Your assertion that we encountered a block and then switched to a new IP
> > netblock is preposterous. We have several ranges and mail streams. You opted
> > in and then opted
On Wed, 2009-07-22 at 19:40 +0100, Ned Slider wrote:
> MySQL Student wrote:
> > Hi,
> >
> > I'm having trouble catching spam that contains lotto/money schemes or
> > simply asks the user to email a particular address for a loan or
> > otherwise. Here's an example:
> >
>
>
>
> >
> > Thanks,
>
On Tue, 2009-07-28 at 04:07 -0700, snowweb wrote:
> I don't know about anyone else, but I'm getting a bit hacked of with this
> 1980's style forum. I'm trying to get to the bottom of an SA issue and this
> list/forum thing is giving me a bigger headache than SA!
If you have difficulty with an email
On Tue, 2009-07-28 at 07:31 -0700, snowweb wrote:
> spamassassin-forum
One way to get that included in web filter block lists.
Registered through: GoDaddy.com, Inc.
Then I noted;
Administrative Contact:
Snow, Peter pe...@snowweb.co.uk
20 Neville Gardens
Emsworth, H
1 - 100 of 215 matches
Mail list logo
