Re: [SAtalk] [Fwd: ddo hher till you fall a sleep]
[THIS LIST HAS MOVED! see http://useast.spamassassin.org/lists.html .]On Sat, Jan 24, 2004 at 10:49:37AM +0400, Dr Aldo Medina carved this out of pure phosphors: Is there any way to protecto form this?. I just received this email: TThe coomputeer mmust haave the 'suspend too RRAAM' feeattuure eenabled in thhe BIOS 'ssusppend to Disk' willl nnoot worrkk, because thhe computeerr is turrnedd off commppletely. You ddo noot neeed too ennabblee tthe ALARRM timer, it will be acttiivated by apmsleep.. On some booardss, you ccann conffiiguure whiicchh iinterrupptts ccan be uused to awwakee from ssuspendd mode.. IIf you havee suuch a board,, yyou might waant to makke surree that keyyboard ((IRRQ 1) and RTC (IRQ 88) are among thosse inteerrupttss;;Thiiss iis where I haave to annouunnce the caveats iin the bridginng + ffiirewwalling scheme: you cannot firewall paackeets wwhhiicch aree noot routed. NNo rooutes, no firewwaalll. At lleastt tthiiss appearrss to bee true in the 22..0.300 andd more recent kerrnelss. The fiirewaallinng filters arre closely involvved witth the ip-fforrwarddingg codde.;Thee 1228 would bbee 00 if I had aa full cclass CC nnetwork thhere. II don''tt, by deefinitioon, siince I juust halveedd t he address space. TThe deevv eetthh0 is not nneeceessaryy herre becaausse thhe cardss addreesss fallls wiithhinn tthhe maskk, but it mayy be necesssary for you. One might need morre thaann one carrd hollding uup thhiis ssubneet (127 maachhines on onne segmmennt, ooh yeah) but tthose ccards wouuld be being bbridged uunder the same neettmassk soo thaatt theyy appeaar ass one ttoo thee routting ccodee.;Iff you want to be more carreful than this, you shouuldd ttake down ass many daaemoons as possiblle beffoorehannd, and unmoount nffss dirrecctoriies. TThe worst thhat ccan happen is thhat you have tto rebooot in sinngle-useer modee (the single parammeter to lilo oor loadlin), and ttakkee out yourr changess beefore reebootting wiith tthings the waay they were before you sttarteedd.; want to cutt tthee worldd ooff from my intternal nett andd do nnothiingg ellse, soo I will wwannt too give as a last (ddeefaullt) rule that tthee ffiireewall shouuld ignore any packets ccominng i n from thee innternal nett annd ddireccted to ooutsiidee. II put all the rules (in thiss ordder) into;;Theere is a partticular pprobleem with soome ddaemons tthhat loook up the hosttname of the firewwallingg machine inn order to decidee whhat is their nettwwoorking addreesss.. Rppc.yppasswdd is the one I hadd troublee with. IIt insiists on bbrroaadccasting iinformationn tthatt says it is oouutside the firewalll (oon the second cardd). Thhatt meanns tthe cclients insidde can''t contact itt..;Thhee cliiennt macchhine boots from a Grubb flloppy disk. Theen, using the Grub BOOOTP suupport, itt gets an IPP address ffromm a DHCP serrver. Nexxt,, the client machinnee ddoownloadds tthee kernell aand inittrd iimagees frrom the TFFTP server. Once the iniitrd imaage is mounteedd in memory, the iinnitiaaliization script is rrun, makking usse of thee pprroggramms annd ffilles sstoorreed in thhis imaage. Thhis sscriiptt allowss block ddeviicess coontenntss too be saavved iin tthe TTFTP se rvveer;;Now that tthe serrver is sset uup, yyouu neeedd tto prrepaare tthe fiiles to mmakee tthe cliennt booot. Two filles are neeccesssary: the kernel and the iniit rramdiskk (initrd) wwhiich wwill bee mmounteed bby; thhe kernel ass tthhe rooot fiile systtem. Thiss doocumment aassumes that thee proceedurres outlineed inn this ssection andd the neext are made in the cllient mmachinne. Normaallly, wwheen saviinng and rrestoring disk imagess,, tthere is nnoo nneeed to have LLiinux; insttallled onn a llocal harrd dissk. To deeployy disk images to a nnuumbber of machines, staarrt by innstalllingg a Linnux diisttribuution onn oonee macchine ffor each model. Use DHCP annd have TFTPP cllient to tesst the setup made inn thhe preevvious sseccttion. Unnless otthherwiise nooteed, commmandds are iissueed in the bash she by tthee user rroot iin a woorkiing diirreectorry.. Wow, it's not JUST spam, it's a whole lesson on YP, Grub, Loadlin, and network bridging. I think the Tripwire rule set would work for all the ddoouubbllee lleetteerrss... Someone needs to turn off local echo. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ [THIS LIST HAS MOVED! see http://useast.spamassassin.org/lists.html .]
Re: [SAtalk] goodbye
On Fri, Jan 16, 2004 at 10:50:58PM +0100, pacho baratta carved this out of pure phosphors: Uhm, see you around, i guess? -- panic(Detected a card I can't drive - whoops\n); 2.2.16 /usr/src/linux/drivers/net/daynaport.c --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] X-Mailer is totally bogus
On Tue, Jan 06, 2004 at 08:03:59AM +0100, John Wilcock carved this out of pure phosphors: On Sun, 4 Jan 2004 13:35:30 -0700, Anthony Martinez wrote: In the spam that has deliberate bayes-busters (three lines of random words), the X-Mailer header is totally bogus, like this X-Mailer: cyan exiting space header XMAILERBOGUS X-Mailer =~ /^[^A-Z0-9]*$/ describe XMAILERBOGUS X-Mailer header has NO uppercase letters, NO numbers... How do you expect me to believe that score XMAILERBOGUS 0.5 I *think* this would work but I'm not going to implement it without running this by the list - my regexp skills aren't top-notch. It seems to work fine - hits all those bayes-buster spams. However, it also hits messages with no X-Mailer header at all - which I suspect may lead to FPs. To exclude this, I've changed it to: Heh. That's happened with both of my rules so far. Thanks for the help header local_XMAILER_BOGUSX-Mailer =~ /^[a-z][^A-Z0-9]*$/ which seems to work fine. John. -- -- Over 2000 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages- www.tradoc.fr --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- printk(Illegal format on cdrom. Pester manufacturer.\n); 2.2.16 /usr/src/linux/fs/isofs/inode.c --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] X-Mailer is totally bogus
In the spam that has deliberate bayes-busters (three lines of random words), the X-Mailer header is totally bogus, like this X-Mailer: cyan exiting space header XMAILERBOGUS X-Mailer =~ /^[^A-Z0-9]*$/ describe XMAILERBOGUS X-Mailer header has NO uppercase letters, NO numbers... How do you expect me to believe that score XMAILERBOGUS 0.5 I *think* this would work but I'm not going to implement it without running this by the list - my regexp skills aren't top-notch. -- /* Thanks to Rob `CmdrTaco' Malda for not influencing this code in any * way. */ 2.4.3 linux/net/core/netfilter.c --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] False positives
On Thu, Dec 25, 2003 at 11:00:14PM -0800, schafer carved this out of pure phosphors: To Spamassassin: My publication is double-opted in by 15,000 families with children with autism. We are routinely victimized by incompetent software like spamassassin because of false positives. This is just as intolerable as spam. It is worse than spam because it victimizes the innocent in the name of stopping spam. (And it may even be a violation of the Americans With Disabilities Act which prohibits discrimination against the disabled) It is rank hypocricy. False positives are intolerable and commercial products that allow them should be outlawed as much as spam should be. Sorry, but you're not going to find any product that completely eliminates false positives. Don't get vitriolic because a list of patterns written by a lot of people accidentally classify your message as possible spam. Also, SpamAssassin is *not* a commercial product; it is an open source product. You have a few alternatives to ranting at a mailing list: Research a Habeas Sender Warranted Email mark. All your problems magically float away. Ask the people that are having problems recieving your news letter to add your address to the SpamAssassin white list. All your problems magically float away. I do not know if this is the right place to complain as I could not find an email address that offers feedback to the company. This arrogance stinks, too. As if software developers don't need public feedback about their junky products. Spamassassin isn't owned by a company at all. It's an open source collaboration with many (mostly) unpaid volunteer developers. This piece of junk software rates my publication 99%-100% likely to be spam. * 3.0 -- BODY: Bayesian classifier says spam probability is 99 to 100% Ha! What crap. The offending email is also parked at this website page: http://home.doitnow.com/~edit/index.htm Lenny Schafer Schafer Autism Report Exhibit: Start SpamAssassin results 7.10 points, 5.5 required; * -0.1 -- Message-Id indicates the message was sent from MS Exchange * 0.9 -- BODY: No such thing as a free lunch (3) * 0.5 -- BODY: No Fees * 0.5 -- BODY: Possible porn - Hot, Nasty, Wild, Young * 0.1 -- BODY: HTML link text says click here * 0.1 -- BODY: HTML font color is red * 0.2 -- BODY: FONT Size +2 and up or 3 and up * 0.1 -- BODY: HTML font color not within safe 6x6x6 palette * 1.5 -- BODY: Message is 20% to 30% HTML * 0.1 -- BODY: HTML has tbody tag * 0.2 -- BODY: JavaScript code * 0.1 -- BODY: HTML font color is blue * 3.0 -- BODY: Bayesian classifier says spam probability is 99 to 100% [score: 0.9988] * 0.2 -- BODY: HTML contains unsafe auto-executing code * 2.9 -- BODY: HTML has very strong shouting markup * 0.4 -- URI: Uses %-escapes inside a URL's hostname * 0.7 -- URI: Includes a link to a likely spammer email address * 0.0 -- Asks you to click below * -4.3 -- AWL: Auto-whitelist adjustment End of SpamAssassin results --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk pgp0.pgp Description: PGP signature
Re: [SAtalk] X-Originating-IP isn't a number
On Sat, Dec 27, 2003 at 10:50:18AM -0500, Fred carved this out of pure phosphors: Something about this causes it to hit on every message which does not contain a X-Originating-IP header. I think you need a meta test to check if that tag exists before checking if it *doesn't* contain that pattern. Doh. Of course, an empty header doesn't match that rule. I changed it to a negated character class. here. header XORIG_IP_NOT_NUMBER X-Originating-IP =~ /\[[^0-9\.]*]/ describe XORIG_IP_NOT_NUMBERThe X-Originating-IP header is not a number score XORIG_IP_NOT_NUMBER 0.4 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] X-Originating-IP isn't a number
I got a spam today where the X-Originating-IP header wasn't a number. Hotmail always puts the dotted quad in the header. I wrote a rule to match this - I hope it's useful. header XORIG_IP_NOT_NUMBER X-Originating-IP !~ /\[[\d\.]*]/ describe XORIG_IP_NOT_NUMBERThe X-Originating-IP header is not a number score XORIG_IP_NOT_NUMBER 0.4 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] no content in the subject
On Tue, Dec 23, 2003 at 01:13:46PM -0800, George carved this out of pure phosphors: Hello list! Can someone show me a rule for detecting an empty subject line? I've searched and tried just about everythign under the sun. header EMPTYSUBJECT Subject =~ ^$ describe EMPTYSUBJECT Empty Subject: header score EMPTYSUBJECT 0.001 should work. thanks George --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] no content in the subject
On Tue, Dec 23, 2003 at 02:19:21PM -0700, Anthony Martinez carved this out of pure phosphors: On Tue, Dec 23, 2003 at 01:13:46PM -0800, George carved this out of pure phosphors: Hello list! Can someone show me a rule for detecting an empty subject line? I've searched and tried just about everythign under the sun. Erh, note to self: don't post to mailing lists right after lunch when you're not paying attention. header EMPTYSUBJECT Subject =~ /^$/ describe EMPTYSUBJECT Empty Subject: header score EMPTYSUBJECT 0.001 should work. should work even better. thanks George --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Amuseing hidden text in spam
On Mon, Dec 22, 2003 at 11:00:52AM -0500, Christopher X. Candreva carved this out of pure phosphors: And, anyone know what the x-stuff-for-pete I often see in spam is from ? Eudora adds that to HTML mail for reasons known only to Pete. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] spamd with xinetd.d
On Tue, May 27, 2003 at 09:51:46AM -0700, Rum Jungle carved this out of pure phosphors: Hi, How can I get spamd running on red hat 9 using xinetd.d? That would totally defeat the POINT of a daemon. Spamd runs by itself and listens on port 783 for a spamc connection. Pi Also I am having some issues getting spamassassin to accept all my mail and pass it on to qmail. Does anyone have some good tips for that as well? Thanks, Neal __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com --- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] error on spamd startup?
On Tue, May 27, 2003 at 10:24:21AM -0700, Catherine Pinatiello carved this out of pure phosphors: I installed spamassassin on a cobalt Raq3. (Yeah I can hear the groans already.) So on starting spamd using the script in rc.d it gives this message: Starting spamd: spamdCould not create INET socket: Address already in use IO::Socket::INET: Address already in use does this mean I need to set spamd to using a different port?? How do I do that if so...? I think, last time I saw this discussed, you needed to add spamd 783/tcp in /etc/services, and restart the NFS server. Either that, or make DOUBLY SURE you aren't running it twice. --- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] error on spamd startup?
On Tue, May 27, 2003 at 02:39:18PM -0400, Theo Van Dinter carved this out of pure phosphors: On Tue, May 27, 2003 at 12:26:59PM -0600, Anthony Martinez wrote: I think, last time I saw this discussed, you needed to add spamd 783/tcp No you don't. in /etc/services, and restart the NFS server. WTF does NFS have to do with this? IIRC (which i MAY NOT HAVE, it's possible, i'm effing human.), some part of the NFS package kept grabbing the first unused port not in /etc/services. I'm only trying to help, don't get all flamey on me. There's an issue with one of the rpc progs (not related to NFS as I remember) grabbing 783 sometimes, but that's why an 'lsof -i :783' will answer what process is using the port. -- Randomly Generated Tagline: If someone stinks, view it as a reason to help them, not a reason to avoid them. -- Larry Wall in [EMAIL PROTECTED] --- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk