Re: Spaces.man spam was:RE: [AMaViS-user] User complaints of spam
lør, 20.08.2005 kl. 16.06 skrev [EMAIL PROTECTED]: Zitat von Michael Scheidell [EMAIL PROTECTED]: According to the auto-ignore I just got from msn.com, it looks like they will be ignoring complaints about spaces msn com spam because it doesn't originate from an msn.com email address: This seams to be a common approach today from the MS mail providers. Just got the reply below for a complaint about some spam from a hotmail server (bay5-f13.bay5.hotmail.com [65.54.173.13]) without a hotmail address as envelope sender : Unfortunately, we cannot take action on the mail you sent us because it does not reference a Hotmail account. Please send us another message that contains the full Hotmail e-mail address and the full e-mail message to: [EMAIL PROTECTED] I guess i should block the whole *.hotmail.com crap anyway... That would be stupid. Get yourself a proper MTA, such as Postfix 2.1.x or more recent. If you already have it and are using it, learn to configure it. My site, mail.barlaeus.nl (1150+ users, Postfix 2.1.5), using gld greylisting *and* recent amavisd-new for AV, gets masses of Hotmail stuff, obviously. If you want to reject spam from hotmail addresses, they should definitely have a hotmail envelope sender address. Likewise msn addresses, which should have msn env --Tonni -- To Liza Picquard (?), by Phil Williams on BBC Radio 5, Wed. 10th Aug. 2005, 15:59 CEST: What is your definition of 'poor'? Well, if your only occupation is collecting dog turds for a living, you're pretty poor ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] User complaints of spam
Michael Scheidell [EMAIL PROTECTED] 08/15/05 6:27 PM (isn't spam illegal in the UK?) It is illegal to send UCE to business e-mail accounts, but not personal ones. SteveC --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] User complaints of spam
bodyUK_GEOCITIES /uk.geocities.com/i describe UK_GEOCITIES Body contains spammed domain score UK_GEOCITIES 5.0 Don't use sloppy regexps. A dot matches any character for example. Also, anchoring is a good idea. And in this particular case the URI is perhaps more appropriate than BODY: uri UK_GEOCITIES m'^http://uk\.geocities\.com\b'i Mark --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] User complaints of spam
Hi all, We're getting some user complaints of spam and they all seem to follow the same general template. Something like this: ---snip--- nicky http://uk.geocities.com/Hyman_Barrientos/?Wn=Seek_quick.and_effective.cures ---snip--- After which they have some random words at the end (random english dictionary words). Some of them don't. A lot of these are making it to the quarantine but some of them aren't even getting a positive score. Is there a rule out there I can find, or possibly an additional blacklist I can add on top of the default (razor)? I'm not a big fan of blacklists but as long as we're only just tagging spam (and not deleting it) and the blacklist is fairly conservative, I wouldn't mind allowing it to add some points to messages. Thanks, Matt --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] User complaints of spam
And complaining to geocities, aka yahoo goes into the blackhole. Until they do something about it, all email from users of uk.geocities.com should be bounces.. (isn't spam illegal in the UK?) This will do it. Add this to local.cf (adjust the score to your tastes) bodyUK_GEOCITIES /uk.geocities.com/i describe UK_GEOCITIES Body contains spammed domain score UK_GEOCITIES 5.0 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] User complaints of spam
On Mon, 15 Aug 2005, Michael Scheidell wrote: And complaining to geocities, aka yahoo goes into the blackhole. Until they do something about it, all email from users of uk.geocities.com should be bounces.. (isn't spam illegal in the UK?) This will do it. Add this to local.cf (adjust the score to your tastes) bodyUK_GEOCITIES /uk.geocities.com/i describe UK_GEOCITIES Body contains spammed domain score UK_GEOCITIES 5.0 Are you experiencing this spam too? --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] User complaints of spam
Matt wrote: Hi all, We're getting some user complaints of spam and they all seem to follow the same general template. Something like this: ---snip--- nicky http://uk.geocities.com/Hyman_Barrientos/?Wn=Seek_quick.and_effective.cures ---snip--- After which they have some random words at the end (random english dictionary words). Some of them don't. A lot of these are making it to the quarantine but some of them aren't even getting a positive score. Is there a rule out there I can find, or possibly an additional blacklist I can add on top of the default (razor)? I'm not a big fan of blacklists but as long as we're only just tagging spam (and not deleting it) and the blacklist is fairly conservative, I wouldn't mind allowing it to add some points to messages. Thanks, Matt Make sure you set: $sa_local_tests_only = 0; in amavisd.conf. Otherwise SpamAssassin will not perform network tests (Razor included). I think you are using FreeBSD, so there should be a /usr/local/etc/mail/spamassassin/init.pre file. This file normally will contain: loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::SPF If you did not install from ports, then it might be in /etc/mail/spamassassin Verify that init.pre exists in the same place you have local.cf and at the very least 'loadplugin Mail::SpamAssassin::Plugin::URIDNSBL' is there. You might consider using Pyzor. It is slower than some of the other tests (only one server) and it has made a bit of a mess on some machines when the Pyzor server was unavailable. The author will change the server on occasion, so it may be a good idea to make sure the server is up by maybe doing a 'pyzor ping' in a cron job, with the result mailed to you. If you use ports, it should be there: /usr/ports/mail/pyzor install, then run both: pyzor discover and su vscan -c 'pyzor discover' (pyzor discover provides pyzor the IP address of the Pyzor server) then 'pyzor ping' to see if the Pyzor server is up run su vscan -c 'spamassassin --lint -D' and you should see debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0 if all is working well. I don't think you even need to reload amavisd-new. DCC is very good, but as an ISP, and due to the volume of mail you receive, and due to the license, I believe you would need to run the DCC server (dccd I think) on one of your machines and then provide your data (flood your data) to the main servers. At least something to that effect, I think. You would have to study how to set this up. If you don't have $sa_local_tests_only = 0; set, then this would be the main problem. An email like this should hit on a couple of the networks tests, with URIDNSBL the most likely to help. There is not much for SpamAssassin to key on if network test are not performed. Gary V --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] User complaints of spam
On Mon, 2005-08-15 at 11:56 -0600, Gary V wrote: Matt wrote: Hi all, Make sure you set: $sa_local_tests_only = 0; in amavisd.conf. Otherwise SpamAssassin will not perform network tests (Razor included). I think you are using FreeBSD, so there should be a /usr/local/etc/mail/spamassassin/init.pre file. This file normally will contain: loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::SPF [...] If you don't have $sa_local_tests_only = 0; set, then this would be the main problem. An email like this should hit on a couple of the networks tests, with URIDNSBL the most likely to help. There is not much for SpamAssassin to key on if network test are not performed. It won't be listed in uribl's since it is a legitimate domain. Most of mine are being hit by normal spamassassin tests, like: X-Spam-Status: No, hits=2.868 tagged_above=-1 required=4.5 tests=DATE_IN_FUTURE_06_12, SARE_RECV_IP_061172 or X-Spam-Status: Yes, hits=4.84 tagged_above=-1 required=4.5 tests=DATE_IN_FUTURE_12_24, RCVD_IN_XBL or even: X-Spam-Status: No, hits=2.757 tagged_above=-1 required=4.5 tests=DATE_IN_FUTURE_96_XX, SUBJ_HAS_UNIQ_ID, UPPERCASE_25_50 I should probably hit them with 3 points or so... -- Daniel J McDonald, CCIE # 2495, CNX, CISSP # 78281 Austin Energy [EMAIL PROTECTED] --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/