On Mon, 10 Dec 2012, Frederic De Mees wrote:
Thank you all for your replies.
Obviously I had already increased the max size.
...so what rules *are* they hitting?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar.
From: "RW"
It's pretty easy to do this kind of thing with the RelayCountry plugin.
Thank you all for your replies.
Obviously I had already increased the max size.
I will have a look at that plugin.
Frédéric
On Tue, 4 Dec 2012, Eric Krona wrote:
We have a few users who get a lot of emails asking them to report their
webmail usage, often linking to a google spreadsheet. They slip passed
spamassassing, likely because they are translated to swedish, but the mail is
clearly spam.
Is anyone else seei
On Sun, 9 Dec 2012, Frederic De Mees wrote:
Dear list,
Here is the context.
The French-speaking countries receive tons of e-mails, mostly fraud attempts,
fake lotteries, originating from West-Africa and sent by Yahoomail users.
Often those messages contain big attachments. The payload (text of
On Sun, 9 Dec 2012 11:16:08 +0100
Frederic De Mees wrote:
> I would have loved to do it with SA.
> This means that the line
> "Received: from [ip.add.res.ss].*web.*mail.*yahoo\.com via HTTP"
> should be detected and analysed.
> The ip address should be extracted.
> The whois of the address should
Hi there
We've been getting hit with waves of MMORPG spam claiming to be Diablo
and Runescape account management emails.
The thing that concerns me is that Yahoo seems to associate the
spammer's initial IP through a Received header that SA skips as it is
"unparseable". The header looks like
Rece
On Sun, 9 Dec 2012, Ned Slider wrote:
On 09/12/12 10:16, Frederic De Mees wrote:
Spamassassin misses 100% of them because:
- due to the message size, the analysis is skipped anyway.
look at scoring __FROM_41_FREEMAIL which already combines the above with
FREEMAIL_FROM.
...as well as inc
On 04.12.12 08:28, Matt wrote:
I am using Exim directors to call Spamassassin. I do not scan
messages that come in on port 587 or are in my popb4smtp file.
do you _require_ authentication on 587? Do you really support
pop-before-smtp still? That should be dead for years
This
was done due to
On 02.12.12 14:29, Niamh Holding wrote:
Subject: HELO_DYNAMIC_IPADDR2 & HELO_DYNAMIC_SPLIT_IP hitting ham
X-Spam-Report:
* 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr
* 2)
* 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostn
On 09/12/12 10:16, Frederic De Mees wrote:
Dear list,
Here is the context.
The French-speaking countries receive tons of e-mails, mostly fraud
attempts, fake lotteries, originating from West-Africa and sent by
Yahoomail users.
Often those messages contain big attachments. The payload (text of th
I there Frederic,
I think a geoip module exists. I saw that somewhere. Just take a look
for it.
But I think this is a bad idea. You are right about the analysis, but
geoip filtring is not efficient and may lead to FPs.
Take extra care to the rules you are going to build about it. You may
also ta
Hello Frederic,
Sunday, December 9, 2012, 10:16:08 AM, you wrote:
FDM> the sender IP (Yahoo) is genuine and has a good reputation
Good reputation! Well as a very common source of spam its reputation
is one of the best.
--
Best regards,
Niamhmailto:ni...@fullbore.c
Bob Proulx wrote:
> Per Jessen wrote:
>> dar...@chaosreigns.com wrote:
>> > Much like the 3.2.5 release which that page still unfortunately
>> > implies is reasonable to use.
>> >
>> > I'd love an explanation of a situation where somebody is running
>> > spamassassin but can't run sa-update, even
Dear list,
Here is the context.
The French-speaking countries receive tons of e-mails, mostly fraud
attempts, fake lotteries, originating from West-Africa and sent by Yahoomail
users.
Often those messages contain big attachments. The payload (text of the
message) is embedded in a 1MB jpeg with
Per Jessen wrote:
> dar...@chaosreigns.com wrote:
> > Much like the 3.2.5 release which that page still unfortunately
> > implies is reasonable to use.
> >
> > I'd love an explanation of a situation where somebody is running
> > spamassassin but can't run sa-update, even once. I hear that exists.
15 matches
Mail list logo