Re: [Mimedefang] use Net::LDAP and file descriptor error.
Dave O'Neill wrote: > It's safe to ignore. That warning's getting removed in a future version > of MIMEDefang anyway. > > The reason you're getting it is because Net::LDAP::Constant is a > shocking abuse of Perl. That module opens its own source, via the DATA > handle, so that it can parse its own POD documentation to retrieve the > constant values, error names, and error text. > > It's a neat hack, because it removes duplication of the constant values > and error texts, but unless you close(DATA) after using it, it will > leave a dangling open filehandle. > > Cheers, > Dave That is interesting. thanks for the heads up. schu ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] use Net::LDAP and file descriptor error.
On Wed, Nov 01, 2006 at 01:04:11PM -0900, Matthew Schumacher wrote: > Since I'm putting it in filter_initialize and my filters seem to work > fine I'm thinking that I can safely ignore it, but I want to double > check with the list. > > Anyone have thoughts on why this wouldn't work? It's safe to ignore. That warning's getting removed in a future version of MIMEDefang anyway. The reason you're getting it is because Net::LDAP::Constant is a shocking abuse of Perl. That module opens its own source, via the DATA handle, so that it can parse its own POD documentation to retrieve the constant values, error names, and error text. It's a neat hack, because it removes duplication of the constant values and error texts, but unless you close(DATA) after using it, it will leave a dangling open filehandle. Cheers, Dave -- Dave O'Neill <[EMAIL PROTECTED]>Roaring Penguin Software Inc. +1 (613) 231-6599http://www.roaringpenguin.com/ For CanIt technical support, please mail: [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang and greylist-milter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yanick Quirion wrote: > Dear all, > > Is there a way to install the greylist-milter on sendmail when sendmail > is already using mimedefang? > > I want my server answer something similar to the following message on > the first connection to prevent SPAM: > > Deferred: 451 4.7.1 Greylisting in action, please come back > > Can somebody can help me how to do it? > > Regards, > Yanick Quirion Sure. We're doing it with MD and graymilter. Just add another to your mc/m4 config file before your MD filter line, like this: INPUT_MAIL_FILTER(`graymilter',`S=unix:/var/run/graymilter.sock, T=S:4m;R:4m') INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:5m;R:5m;E:5m') As far as I know, there isn't a restriction on the number of milters that can be used in sendmail. Scott Larsen Network Architect Cascade Corporation [EMAIL PROTECTED] Tel: +1.503.669.6208 - --- -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.0 (Build 1202) Charset: ISO-8859-1 wj8DBQFFSRdaD5iRBGe74hkRAtAIAJ9GX2uy9jkBPIZPpTTnXdiPumehoACgmRqK nZXXZZxWSnc1vs2SRFlKaUI= =/tAd -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] use Net::LDAP and file descriptor error.
List, This code: sub filter_initialize { use Net::LDAP; } Causes me to get this error: mimedefang-multiplexor[612]: WARNING: Something in your Perl filter appears to have opened a file descriptor outside of any function. With embedded Perl, you should move any code that opens a file descriptor into filter_initialize. On some systems, the C library may opena descriptor, but you should verify your filter just in case. Since I'm putting it in filter_initialize and my filters seem to work fine I'm thinking that I can safely ignore it, but I want to double check with the list. Anyone have thoughts on why this wouldn't work? schu ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] info cuestions
I need to know subject, sender, recipient in filter_sender Why? Any check you want to do based on sender, recipient and subject can be done in filter_begin. ¿I can obtain this data? Not in "filter_sender". The callback "filter_sender" is called from the SMTP command "MAIL FROM". That is before the sending server tells your system about the recipients and before the actual mail (in wich the subject can be found) is sent. Also i need know the size of a message (i use sendmail/milter) Sendmail have this data but i do not know how i can get this data. Of course you can't do this in "filter_sender", as "filter_sender" is called before your system even knows if the sender wants to send a message. In "filter_begin" and later you can do this: (-s './INPUTMSG') or this: (stat('./INPUTMSG'))[7] /Jonas -- Jonas Eckerman, FSDB & Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/ ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Mimedefang and greylist-milter
Dear all, Is there a way to install the greylist-milter on sendmail when sendmail is already using mimedefang? I want my server answer something similar to the following message on the first connection to prevent SPAM: Deferred: 451 4.7.1 Greylisting in action, please come back Can somebody can help me how to do it? Regards, Yanick Quirion ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] LZW, Gifs, and fingerprinting stock spams
Jason Bertoch [Electronet] wrote: > Where might I find more information on the RPTN system? The searchable > archives don't seem to be working at the moment. We have a white paper (mostly marketing-oriented, alas): http://www.roaringpenguin.com/files/images/resources_files/White-Paper-RPTN.pdf (Sorry for the ridiculous URL; it predates our move to Drupal.) If you want a more technical white paper, please e-mail me off-list. RPTN is only available to CanIt customers, though we continue to mull over the possibility of making a SpamAssassin plugin and selling RPTN subscriptions. We haven't had enough people say "Yes, I'm willing to pay!" to prod us to do it yet, however. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] LZW, Gifs, and fingerprinting stock spams
I have had very good success with this plugin for SA. http://wiki.apache.org/spamassassin/FuzzyOcrPlugin config file allows you to add/remove keywords, and the program keeps a hash of known images so that they are not ocr'ed again. this plugin also understands animated gifs, something I've seen recently. I do not know how well it handles compressed images. needs testing. HTH -Dave Hughes Network Technologies -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip Prindeville Sent: Tuesday, October 31, 2006 10:26 PM To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] LZW, Gifs, and fingerprinting stock spams I'm trying to do some stochastic analysis of stock spams and figure out if there's a common fingerprint that can be used to identify them... But first, I'm bumping up against some Perl issues. Seems that there aren't many modules out there that help deconstruct Gif formats. I'm using Image::Info::GIF, but need to decompress the compressed data portion. I tried to take the data and pass it to Compress::LZW directly, but most GIF's (at least for stocks, which don't use many colors) use 4, 6, or 8 bit codesizes. Unfortunately, Compress::LZW only handles 12 or 16 bits... Anyone familiar enough with either GIF formats or how to decompress the data to offer a leg up? Thanks, -Philip ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] LZW, Gifs, and fingerprinting stock spams
> -Original Message- > Not to blow our own horn too much, but... > > We've had pretty good luck with our RPTN system. > > Regards, > > David. David, Where might I find more information on the RPTN system? The searchable archives don't seem to be working at the moment. Jason A. Bertoch Network Administrator [EMAIL PROTECTED] ElectroNet Intermedia Consulting 3411 Capital Medical Blvd. Tallahassee, FL 32308 (V) 850.222.0229 (F) 850.222.8771 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] LZW, Gifs, and fingerprinting stock spams
Kevin A. McGrail wrote: > I will also say that the stock image spams have been very effective at > thwarting traditional anti-spam techniques. Not to blow our own horn too much, but... We've had pretty good luck with our RPTN system. It's a shared Bayes database. A couple of hundred of our customer sites submit "votes" with word-counts to add to a large shared Bayes database, which we update and redistribute every night. The non-image junk in most of those spams usually scores very high in our Bayes implementation. Our current RPTN database contains words and word-pairs from 451,506 spams and 224,318 hams, for a total of just under 7 million tokens. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] LZW, Gifs, and fingerprinting stock spams
I'm trying to do some stochastic analysis of stock spams and figure out if there's a common fingerprint that can be used to identify them... Philip: Have you looked at Dallas' ImageInfo.pm? See http://www.rulesemporium.com/plugins.htm. It's a great place to start building image rules. However, I think you are barking up the wrong tree. The spams have been very effective at being randomized. I will also say that the stock image spams have been very effective at thwarting traditional anti-spam techniques. It's been an ebb and flow battle for weeks (months?) with them. But I am happy to say that if you use MIMEDefang, I've been VERY pleased with the results of the AOL-esque reverse DNS test that I wrote a few weeks ago. I'm continuing to tweak it but I just put the latest version up in http://www.peregrinehw.com/downloads/MIMEDefang/mimedefang-filter-KAM. I use this in conjunction with my ruleset which only SCORES the emails. I do NOT use this technique to block email like AOL. This may change. The rules are in http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf Good Luck! Regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang