Spam Assassin at work
The last two digests I received came equipped with the following: SPAM: Start SpamAssassin results -- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (5.27 hits, 5 required) SPAM: Hit! (1.2 points) From: does not include a real name SPAM: Hit! (1 point) Missing Date: header SPAM: Hit! (1.27 points) BODY: Includes a link to send a mail with a subject SPAM: Hit! (1.8 points) No MX records for the From: domain SPAM: SPAM: End of SpamAssassin results - Curiously, a piece of genuine spam that arrived at the same time was not so tagged. We have a long way to go... :-( -- Leon A. Goldstein Powered by Libranet 1.9.1 Debian Linux System 5151 ___ Linux-users mailing list - http://linux.nf/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
Re: spam
On Sun, 02 Dec 2001 18:19:03 -0500 David A. Bandel wrote: Alan Jackson wrote: On Wed, 28 Nov 2001 18:27:18 -0700 Collins Richey wrote: Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? You can't - with complete reliability. If you are more ineterested in the topic than is probably healthy, I suggest you join the spam-l and spamtools lists : mailto:[EMAIL PROTECTED]?body=subscribe%20spamtools http://www.claws-and-paws.com/spam-l (from someone with an unhealthy obsession...) I do have perl code for filtering e-mail, poorly documented. I suggest you try Vipul's Razor. Works for me. http://razor.sourceforge.net/ Very timely, I noticed that the first 2 entries on the Perl Advent Calendar are for filtering e-mail. http://www.twoshortplanks.com/xmas/ -- --- | Alan K. Jackson| To see a World in a Grain of Sand | | [EMAIL PROTECTED] | And a Heaven in a Wild Flower, | | www.ajackson.org | Hold Infinity in the palm of your hand | | Houston, Texas | And Eternity in an hour. - Blake | --- ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
On Wed, 28 Nov 2001 18:27:18 -0700 Collins Richey wrote: Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? You can't - with complete reliability. If you are more ineterested in the topic than is probably healthy, I suggest you join the spam-l and spamtools lists : mailto:[EMAIL PROTECTED]?body=subscribe%20spamtools http://www.claws-and-paws.com/spam-l (from someone with an unhealthy obsession...) I do have perl code for filtering e-mail, poorly documented. -- --- | Alan K. Jackson| To see a World in a Grain of Sand | | [EMAIL PROTECTED] | And a Heaven in a Wild Flower, | | www.ajackson.org | Hold Infinity in the palm of your hand | | Houston, Texas | And Eternity in an hour. - Blake | --- ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
Alan Jackson wrote: On Wed, 28 Nov 2001 18:27:18 -0700 Collins Richey wrote: Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? You can't - with complete reliability. If you are more ineterested in the topic than is probably healthy, I suggest you join the spam-l and spamtools lists : mailto:[EMAIL PROTECTED]?body=subscribe%20spamtools http://www.claws-and-paws.com/spam-l (from someone with an unhealthy obsession...) I do have perl code for filtering e-mail, poorly documented. I suggest you try Vipul's Razor. Works for me. http://razor.sourceforge.net/ Ciao, David A. Bandel -- Focus on the dream, not the competition. -- Nemesis Racing Team motto ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
Collins Richey [EMAIL PROTECTED] said: Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? It's all spam if it is soliciting fo commercial purposes and you didn't ask for it. Some just may be more palatable than others, depending on your taste. Frankly I have trouble dealing with any company that spams. I think it says a lot about their ethics and the quality of that business (lack thereof). -- burns ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
On Wed, 28 Nov 2001 23:29:44 -0500 Bruce Marshall [EMAIL PROTECTED] wrote: On Wednesday 28 November 2001 23:13 pm, Collins Richey wrote: All the spam I get is addressed to my email address. How would I get mail that isn't addressed to me? Gee, why don't you whip up a few of those nifty Sylpheed filters and get rid of all your spam? from the couldn't resist dept:o) Actually, this is what I do. All of the groups I subscribe to have a filter to separate folder. The only thing that shows up in my inbox is either mail from my sister-in-law, my wife's relatives, or trash. Fortunately, I get a max of 2-3 trash mails a day. -- Collins Richey Denver Area gentoo_rc6 k2.4.16+ext3+xfce+sylpheed+galeon ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
On Thu, 29 Nov 2001 05:03:16 -0700 Collins Richey [EMAIL PROTECTED] wrote: Actually, this is what I do. All of the groups I subscribe to have a filter to separate folder. The only thing that shows up in my inbox is either mail from my sister-in-law, my wife's relatives, or trash. == There's a difference ducks; runs ;-) Mike -- The great question... which I have not been able to answer... is, `What does woman want?' -- Sigmund Freud _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
Collins Richey [EMAIL PROTECTED] said: Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? I don't personally have a clue on that one, but I'd love to find a procmail recipe that can distinguish messages in chinese and dump them to /dev/null. I'm finding about 30 - 40 pieces of spam a day coming in, mostly from Hong Kong or Taiwan based on the otherwise hopelessly garbled sender specification. rickf -- This message was sent using KTB.net InTouch with Tomorrow. For more information visit http://www.ktb.net ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
On Thursday 29 November 2001 16:54, you wrote: Collins Richey [EMAIL PROTECTED] said: Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? What bothers me is mail from my usual aquaintances where they have hit Reply to all. It's usually 2Mb of a joke, or wry experience with a failed punch line, perhaps a bmp, or yards of html which only looks something in Outlook (Is that how you spell it?). Wouldn't you like if your computer had this button?, or that sort of thing. The best answer for that I have discovered to date is to inform them that I forgive them their e-mail; not scientific or organised at all. -- Regards, Declan Moriarty Applied Researches - Ireland's Foremost Electronic Hardware Genius A Slightly Serious(TM) Company Success covers a multitude of blunders - G.B. Shaw. ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
spam
Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? -- Collins Richey Denver Area gentoo_rc6 k2.4.16+ext3+xfce+sylpheed+galeon ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
On Wednesday 28 November 2001 20:27 pm, Collins Richey wrote: Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? One basic fact that I use is that: if the email isn't addressed specifically to my email address(es), then I consider it spam unless qualified some other way... (such as list mail) It's doubtful that any friend would send you email addressed to 'undisclosed recipients' or some other bogus address. -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 11/28/01 22:18 + ++ If you think nobody cares about you, try missing a couple of payments. ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
On Wed, 28 Nov 2001 22:21:04 -0500 Bruce Marshall [EMAIL PROTECTED] wrote: On Wednesday 28 November 2001 20:27 pm, Collins Richey wrote: Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? One basic fact that I use is that: if the email isn't addressed specifically to my email address(es), then I consider it spam unless qualified some other way... (such as list mail) It's doubtful that any friend would send you email addressed to 'undisclosed recipients' or some other bogus address. All the spam I get is addressed to my email address. How would I get mail that isn't addressed to me? -- Collins Richey Denver Area gentoo_rc6 k2.4.16+ext3+xfce+sylpheed+galeon ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: spam
On Wednesday 28 November 2001 23:13 pm, Collins Richey wrote: On Wed, 28 Nov 2001 22:21:04 -0500 Bruce Marshall [EMAIL PROTECTED] wrote: On Wednesday 28 November 2001 20:27 pm, Collins Richey wrote: Here's a good question. I see a lot of postings about ways of eliminating spam. How does one differentiate between spam and really interesting new mail that doesn't happen to come from your known and most frequent correspondents? One basic fact that I use is that: if the email isn't addressed specifically to my email address(es), then I consider it spam unless qualified some other way... (such as list mail) It's doubtful that any friend would send you email addressed to 'undisclosed recipients' or some other bogus address. All the spam I get is addressed to my email address. How would I get mail that isn't addressed to me? I'm referring to the To: field. Here's what the list sent to me: From: Collins Richey [EMAIL PROTECTED] To: [EMAIL PROTECTED] Yet it gets here probably by the X-RCPT-TO or some other field in the header. I wrote a program to scan headers against a spam list: for the To: field for the From: field for ANY field The list is pretty simple but the program isn't. For instance, I toss all mail coming from .kr, .tw, etcand even if someone addresses specifically to me, I can TWIT them based on either the FROM field or the ANY catchall. Works quite well. -- ++ + Bruce S. Marshall [EMAIL PROTECTED] Bellaire, MI 11/28/01 23:22 + ++ I get enough exercise just pushing my luck. ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: SPAM Denial
On Wed, Nov 28, 2001 at 04:48:50PM -0500, Matthew Carpenter wrote: I'm looking for a little help turning on blackholing on my email server (running sendmail). It looks like the m4 files are there for it, but I am looking for someone who has implemented it on eS or COL S3.1. I am running both. I'm planning to implement blacklisting as well as procmail to ditch any additional SPAM or junk mail which are legit but unwanted. Can't say about sendmail as we're running smail-3.2 with tcp_wrappers and RBL support. Postfix appears to have good support as well. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ Government is actually the worst failure of civilized man. There has never been a really good one, and even those that are most tolerable are arbitrary, cruel, grasping and unintelligent. -- H. L. Mencken ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: Spam filters:Spambouncer
At 21:37 01/10/01 -0400, you wrote: I just get a sircam virus sent to my linux box. I guess it is time to set up a mail filter. I came across the following. Looks easy enuf: Works off procmail. The SpamBouncer *** I'm not sure spambouncer is what you need in your case. Try and have a look at procmail sanitizer which does a bit of spam bouncing but especially sanitizing of mail messages (checking the attachments for virus messages) It's a set of procmail rules - so you could add spambouncer later on if you need to. It consists of several files each with their particular function. The whole setup is initiated by your /etc/procmailrc file. You can make the config as complicated as you wish. Once setup you don't touch the main files, your own local rules or new procmail sanitizing rules go in local-rules.procmail. Once a suspicious file has been detected it will go to a mailbox assigned by you as the quarantine, renamed to whatever.doc.txt. The sanitizer will automatically mail a preformed message (found in security-policy.txt) to the sender and/or its ISP. The setup will take you anything between 2 hours and half a day depending on your motivation. It took me half a day because 1/ I WAS motivated ;-) and 2/ it works so well you want to make it the most perfect filtering setup in the world ;-)))... The URL is http://www.impsec.org/email-tools/for the download directory. The main page is under renovation (?) for the last 6 months and one of the pages says the filters haven't been updated for the last 2 years (!)... This might sound as a bad thing, and it probably is for the average user, but it's really not a problem. In fact the sanitizer gives you a nice basis to start with and with all the procmail resources available on the Net you'll be able to put together something that fits your needs. I've been running the sanitizer for the last 7 months on my mail server and I can confirm it works very well. While McAfee and others where trying to figure out what was happening I already got several viruses isolated in my quarantine mailbox. Mail me if you need more info... Zoran. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Spam filters:Spambouncer
At 21:37 01/10/01 -0400, you wrote: I just get a sircam virus sent to my linux box. I guess it is time to set up a mail filter. I came across the following. Looks easy enuf: Works off procmail. The SpamBouncer snip The URL is http://www.impsec.org/email-tools/ for the download directory. The main page is under renovation (?) for the last 6 months and one of the pages says the filters haven't been updated for the last 2 years (!)... snip *** Mail ver. 2. Changelog: typo in the URL... ;-) Found another URL for the sanitizer and to my surprise there's an august 2001 update to it. http://www.impsec.org/email-tools/procmail-security.html I'll informe the webmaster about his contradictory pages. Zoran ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users