Re: [SAtalk] [Fwd: ddo hher till you fall a sleep]

[Anthony Martinez]

[THIS LIST HAS MOVED!  see http://useast.spamassassin.org/lists.html .]On Sat, Jan 24, 
2004 at 10:49:37AM +0400, Dr Aldo Medina 
carved this out of pure phosphors:
 Is there any way to protecto form this?. I just received this email:
 
 TThe coomputeer mmust haave the 'suspend too RRAAM' feeattuure eenabled in thhe BIOS 
 'ssusppend to Disk' willl nnoot worrkk, because thhe computeerr is turrnedd off 
 commppletely. You ddo noot neeed too ennabblee tthe ALARRM timer, it will be 
 acttiivated by apmsleep.. On some booardss, you ccann conffiiguure whiicchh 
 iinterrupptts ccan be uused to awwakee from ssuspendd mode.. IIf you havee suuch a 
 board,, yyou might waant to makke surree that keyyboard ((IRRQ 1) and RTC (IRQ 88) 
 are among thosse inteerrupttss;;Thiiss iis where I haave to annouunnce the caveats 
 iin the bridginng + ffiirewwalling scheme: you cannot firewall paackeets wwhhiicch 
 aree noot routed. NNo rooutes, no firewwaalll. At lleastt tthiiss appearrss to bee 
 true in the 22..0.300 andd more recent kerrnelss. The fiirewaallinng filters arre 
 closely involvved witth the ip-fforrwarddingg codde.;Thee 1228 would bbee 00 if I 
 had aa full cclass CC nnetwork thhere. II don''tt, by deefinitioon, siince I juust 
 halveedd t
  he address space. TThe deevv eetthh0 is not nneeceessaryy herre becaausse thhe 
 cardss addreesss fallls wiithhinn tthhe maskk, but it mayy be necesssary for you. 
 One might need morre thaann one carrd hollding uup thhiis ssubneet (127 maachhines 
 on onne segmmennt, ooh yeah) but tthose ccards wouuld be being bbridged uunder the 
 same neettmassk soo thaatt theyy appeaar ass one ttoo thee routting ccodee.;Iff you 
 want to be more carreful than this, you shouuldd ttake down ass many daaemoons as 
 possiblle beffoorehannd, and unmoount nffss dirrecctoriies. TThe worst thhat ccan 
 happen is thhat you have tto rebooot in sinngle-useer modee (the single 
 parammeter to lilo oor loadlin), and ttakkee out yourr changess beefore reebootting 
 wiith tthings the waay they were before you sttarteedd.; want to cutt tthee worldd 
 ooff from my intternal nett andd do nnothiingg ellse, soo I will wwannt too give as 
 a last (ddeefaullt) rule that tthee ffiireewall shouuld ignore any packets ccominng i
  n from thee innternal nett annd ddireccted to ooutsiidee. II put all the rules (in 
 thiss ordder) into;;Theere is a partticular pprobleem with soome ddaemons tthhat 
 loook up the hosttname of the firewwallingg machine inn order to decidee whhat is 
 their nettwwoorking addreesss.. Rppc.yppasswdd is the one I hadd troublee with. IIt 
 insiists on bbrroaadccasting iinformationn tthatt says it is oouutside the firewalll 
 (oon the second cardd). Thhatt meanns tthe cclients insidde can''t contact 
 itt..;Thhee cliiennt macchhine boots from a Grubb flloppy disk. Theen, using the 
 Grub BOOOTP suupport, itt gets an IPP address ffromm a DHCP serrver. Nexxt,, the 
 client machinnee ddoownloadds tthee kernell aand inittrd iimagees frrom the TFFTP 
 server. Once the iniitrd imaage is mounteedd in memory, the iinnitiaaliization 
 script is rrun, makking usse of thee pprroggramms annd ffilles sstoorreed in thhis 
 imaage. Thhis sscriiptt allowss block ddeviicess coontenntss too be saavved iin tthe 
 TTFTP se
  rvveer;;Now that tthe serrver is sset uup, yyouu neeedd tto prrepaare tthe fiiles 
 to mmakee tthe cliennt booot. Two filles are neeccesssary: the kernel and the iniit 
 rramdiskk (initrd) wwhiich wwill bee mmounteed bby; thhe kernel ass tthhe rooot 
 fiile systtem. Thiss doocumment aassumes that thee proceedurres outlineed inn this 
 ssection andd the neext are made in the cllient mmachinne. Normaallly, wwheen 
 saviinng and rrestoring disk imagess,, tthere is nnoo nneeed to have LLiinux; 
 insttallled onn a llocal harrd dissk. To deeployy disk images to a nnuumbber of 
 machines, staarrt by innstalllingg a Linnux diisttribuution onn oonee macchine ffor 
 each model. Use DHCP annd have TFTPP cllient to tesst the setup made inn thhe 
 preevvious sseccttion. Unnless otthherwiise nooteed, commmandds are iissueed in the 
 bash she by tthee user rroot iin a woorkiing diirreectorry..
 

Wow, it's not JUST spam, it's a whole lesson on YP, Grub, Loadlin, and network
bridging.

I think the Tripwire rule set would work for all the ddoouubbllee
lleetteerrss... Someone needs to turn off local echo.


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
[THIS LIST HAS MOVED!  see http://useast.spamassassin.org/lists.html .]

Re: [SAtalk] goodbye

[Anthony Martinez]

On Fri, Jan 16, 2004 at 10:50:58PM +0100, pacho baratta 
carved this out of pure phosphors:
 


Uhm, see you around, i guess?
-- 
panic(Detected a card I can't drive - whoops\n);
2.2.16 /usr/src/linux/drivers/net/daynaport.c


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] X-Mailer is totally bogus

[Anthony Martinez]

On Tue, Jan 06, 2004 at 08:03:59AM +0100, John Wilcock 
carved this out of pure phosphors:
 On Sun, 4 Jan 2004 13:35:30 -0700, Anthony Martinez wrote:
  In the spam that has deliberate bayes-busters (three lines of random words), the
  X-Mailer header is totally bogus, like this
  
  X-Mailer: cyan exiting space
  
  header XMAILERBOGUS X-Mailer =~ /^[^A-Z0-9]*$/
  describe XMAILERBOGUS   X-Mailer header has NO uppercase letters, NO 
  numbers... How do you expect me to believe that
  score XMAILERBOGUS  0.5
  
  I *think* this would work but I'm not going to implement it without running this
  by the list - my regexp skills aren't top-notch.
 
 It seems to work fine - hits all those bayes-buster spams. However, it
 also hits messages with no X-Mailer header at all - which I suspect
 may lead to FPs. To exclude this, I've changed it to:

Heh. That's happened with both of my rules so far. Thanks for the help

 
 header local_XMAILER_BOGUSX-Mailer =~ /^[a-z][^A-Z0-9]*$/
 
 which seems to work fine. 
 
 John.
 
 -- 
 -- Over 2000 webcams from ski resorts around the world - www.snoweye.com
 -- Translate your technical documents and web pages- www.tradoc.fr
 
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

-- 
printk(Illegal format on cdrom.  Pester manufacturer.\n); 
2.2.16 /usr/src/linux/fs/isofs/inode.c


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] X-Mailer is totally bogus

[Anthony Martinez]

In the spam that has deliberate bayes-busters (three lines of random words), the
X-Mailer header is totally bogus, like this

X-Mailer: cyan exiting space

header XMAILERBOGUS X-Mailer =~ /^[^A-Z0-9]*$/
describe XMAILERBOGUS   X-Mailer header has NO uppercase letters, NO 
numbers... How do you expect me to believe that
score XMAILERBOGUS  0.5

I *think* this would work but I'm not going to implement it without running this
by the list - my regexp skills aren't top-notch.


-- 
/* Thanks to Rob `CmdrTaco' Malda for not influencing this code in any
 * way.
 */
2.4.3 linux/net/core/netfilter.c


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] False positives

[Anthony Martinez]

On Thu, Dec 25, 2003 at 11:00:14PM -0800, schafer 
carved this out of pure phosphors:
 To Spamassassin:
 
 My publication is double-opted in by 15,000 families with children with
 autism.  We are routinely victimized by incompetent software like
 spamassassin because of false positives.  This is just as intolerable as
 spam.  It is worse than spam because it victimizes the innocent in the name
 of stopping spam.  (And it may even be a violation of the Americans With
 Disabilities Act which prohibits discrimination against the disabled) It is
 rank hypocricy.
 False positives are intolerable and commercial products that allow them
 should be outlawed as much as spam should be.

Sorry, but you're not going to find any product that completely eliminates false
positives. Don't get vitriolic because a list of patterns written by a lot of
people accidentally classify your message as possible spam. Also, SpamAssassin
is *not* a commercial product; it is an open source product.

You have a few alternatives to ranting at a mailing list:
Research a Habeas Sender Warranted Email mark. All your problems magically float
away.

Ask the people that are having problems recieving your news letter to add your
address to the SpamAssassin white list. All your problems magically float
away.

 
 I do not know if this is the right place to complain as I could not find an
 email address that offers feedback to the company.  This arrogance stinks,
 too.  As if software developers don't need public feedback about their junky
 products.

Spamassassin isn't owned by a company at all. It's an open source collaboration
with many (mostly) unpaid volunteer developers.

 
 This piece of junk software rates my publication 99%-100% likely to be spam.
 
 * 3.0 -- BODY: Bayesian classifier says spam probability is 99 to 100%
 
 Ha! What crap.  The offending email is also parked at this website page:
 
 http://home.doitnow.com/~edit/index.htm
 
 Lenny Schafer
 Schafer Autism Report
 
 Exhibit:
 
  Start SpamAssassin results
 7.10 points, 5.5 required;
 * -0.1 -- Message-Id indicates the message was sent from MS Exchange
 * 0.9 -- BODY: No such thing as a free lunch (3)
 * 0.5 -- BODY: No Fees
 * 0.5 -- BODY: Possible porn - Hot, Nasty, Wild, Young
 * 0.1 -- BODY: HTML link text says click here
 * 0.1 -- BODY: HTML font color is red
 * 0.2 -- BODY: FONT Size +2 and up or 3 and up
 * 0.1 -- BODY: HTML font color not within safe 6x6x6 palette
 * 1.5 -- BODY: Message is 20% to 30% HTML
 * 0.1 -- BODY: HTML has tbody tag
 * 0.2 -- BODY: JavaScript code
 * 0.1 -- BODY: HTML font color is blue
 * 3.0 -- BODY: Bayesian classifier says spam probability is 99 to 100%
 [score: 0.9988]
 * 0.2 -- BODY: HTML contains unsafe auto-executing code
 * 2.9 -- BODY: HTML has very strong shouting markup
 * 0.4 -- URI: Uses %-escapes inside a URL's hostname
 * 0.7 -- URI: Includes a link to a likely spammer email address
 * 0.0 -- Asks you to click below
 * -4.3 -- AWL: Auto-whitelist adjustment
  End of SpamAssassin results
 
 
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


pgp0.pgp
Description: PGP signature

Re: [SAtalk] X-Originating-IP isn't a number

[Anthony Martinez]

On Sat, Dec 27, 2003 at 10:50:18AM -0500, Fred
carved this out of pure phosphors:
 
 Something about this causes it to hit on every message which does not
 contain a X-Originating-IP header.  I think you need a meta test to check if
 that tag exists before checking if it *doesn't* contain that pattern.
 
Doh. Of course, an empty header doesn't match that rule. I changed it to a
negated character class. here.

header XORIG_IP_NOT_NUMBER  X-Originating-IP =~ /\[[^0-9\.]*]/
describe XORIG_IP_NOT_NUMBERThe X-Originating-IP header is not a number
score XORIG_IP_NOT_NUMBER   0.4



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] X-Originating-IP isn't a number

[Anthony Martinez]

I got a spam today where the X-Originating-IP header wasn't a number. Hotmail
always puts the dotted quad in the header.


I wrote a rule to match this - I hope it's useful.

header XORIG_IP_NOT_NUMBER  X-Originating-IP !~ /\[[\d\.]*]/
describe XORIG_IP_NOT_NUMBERThe X-Originating-IP header is not a number
score XORIG_IP_NOT_NUMBER   0.4



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] no content in the subject

[Anthony Martinez]

On Tue, Dec 23, 2003 at 01:13:46PM -0800, George 
carved this out of pure phosphors:
 Hello list!
 
 Can someone show me a rule for detecting an empty subject line?
 
 I've searched and tried just about everythign under the sun.

header EMPTYSUBJECT Subject =~ ^$
describe EMPTYSUBJECT Empty Subject: header
score EMPTYSUBJECT 0.001

should work.

 
 thanks
 
 George
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] no content in the subject

[Anthony Martinez]

On Tue, Dec 23, 2003 at 02:19:21PM -0700, Anthony Martinez 
carved this out of pure phosphors:
 On Tue, Dec 23, 2003 at 01:13:46PM -0800, George 
 carved this out of pure phosphors:
  Hello list!
  
  Can someone show me a rule for detecting an empty subject line?
  
  I've searched and tried just about everythign under the sun.
 

Erh, note to self: don't post to mailing lists right after lunch when you're not
paying attention.

header EMPTYSUBJECT Subject =~ /^$/
describe EMPTYSUBJECT Empty Subject: header
score EMPTYSUBJECT 0.001
 
 should work.
should work even better.

 
  
  thanks
  
  George
  
  
  ---
  This SF.net email is sponsored by: IBM Linux Tutorials.
  Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
  Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
  Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
  ___
  Spamassassin-talk mailing list
  [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Amuseing hidden text in spam

[Anthony Martinez]

On Mon, Dec 22, 2003 at 11:00:52AM -0500, Christopher X. Candreva 
carved this out of pure phosphors:
 
 And, anyone know what the   x-stuff-for-pete  I often see in spam is from ?

Eudora adds that to HTML mail for reasons known only to Pete.

 
 


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spamd with xinetd.d

[Anthony Martinez]

On Tue, May 27, 2003 at 09:51:46AM -0700, Rum Jungle 
carved this out of pure phosphors:
 Hi,
 
 How can I get spamd running on red hat 9 using
 xinetd.d?

That would totally defeat the POINT of a daemon. Spamd runs by itself and
listens on port 783 for a spamc connection.

Pi

 
 Also I am having some issues getting spamassassin to
 accept all my mail and pass it on to qmail. Does
 anyone have some good tips for that as well?
 
 Thanks,
 Neal
 
 __
 Do you Yahoo!?
 The New Yahoo! Search - Faster. Easier. Bingo.
 http://search.yahoo.com
 
 
 ---
 This SF.net email is sponsored by: ObjectStore.
 If flattening out C++ or Java code to make your application fit in a
 relational database is painful, don't do it! Check out ObjectStore.
 Now part of Progress Software. http://www.objectstore.net/sourceforge
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] error on spamd startup?

[Anthony Martinez]

On Tue, May 27, 2003 at 10:24:21AM -0700, Catherine Pinatiello 
carved this out of pure phosphors:
 I installed spamassassin on a cobalt Raq3. (Yeah I can hear the groans 
 already.) So on starting spamd using the script in rc.d it gives this 
 message:
 
 Starting spamd:  spamdCould not create INET socket: Address already in 
 use IO::Socket::INET: Address already in use
 
 does this mean I need to set spamd to using a different port?? How do I 
 do that if so...?

I think, last time I saw this discussed, you needed to add
spamd   783/tcp

in /etc/services, and restart the NFS server.

Either that, or make DOUBLY SURE you aren't running it twice.

 
 
 
 ---
 This SF.net email is sponsored by: ObjectStore.
 If flattening out C++ or Java code to make your application fit in a
 relational database is painful, don't do it! Check out ObjectStore.
 Now part of Progress Software. http://www.objectstore.net/sourceforge
 ___
 Spamassassin-talk mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] error on spamd startup?

[Anthony Martinez]

On Tue, May 27, 2003 at 02:39:18PM -0400, Theo Van Dinter 
carved this out of pure phosphors:
 On Tue, May 27, 2003 at 12:26:59PM -0600, Anthony Martinez wrote:
  I think, last time I saw this discussed, you needed to add
  spamd   783/tcp
 
 No you don't.
 
  in /etc/services, and restart the NFS server.
 
 WTF does NFS have to do with this?

IIRC (which i MAY NOT HAVE, it's possible, i'm effing human.), some part of the
NFS package kept grabbing the first unused port not in /etc/services. I'm only
trying to help, don't get all flamey on me.

 
 
 There's an issue with one of the rpc progs (not related to NFS as I
 remember) grabbing 783 sometimes, but that's why an 'lsof -i :783'
 will answer what process is using the port.
 
 -- 
 Randomly Generated Tagline:
 If someone stinks, view it as a reason to help them, not a reason to
  avoid them.
   -- Larry Wall in [EMAIL PROTECTED]




---
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk