Please test sc2.surbl.org (and xs.surbl.org)
sc2.surbl.org, the improved version of the SpamCop SURBL list, is
ready for testing. So is the new version of xs.surbl.org, which
is now more accurate, has far fewer FPs, etc.
sc2 adds resolved IP checks, meaning sites hosted on the same
networks are detected immediately upon the first report. It also
means that folks should continue to use SpamCop reporting if they
want to contribute to a very powerful SURBL list. Your SpamCop
reports now have even more power in sc2. In cases of the worst
spammers, SpamCop reporting leads to essentially immediate
listing in sc2.
sc2 is on about 15 public nameservers and xs is on 22. That's
probably not enough for running large production servers on, but
it should be plenty for corpus checks and mail servers with small
to medium message volumes.
If you have rsync access to the SURBL zone files you can also
mirror the files locally for testing of course. The sc2 and xs
zones are currently available via rsync. (If you have a large
volume mail server, please apply for rsync access so that you can
mirror the zone files locally: http://www3.surbl.org/rsync-signup.html
and offload the public nameservers.)
After sc2 is tested for a while we will turn it into the
production sc.surbl.org list, assuming it has better performance
than the current list, which seems quite likely. At that point
sc2 will go away, since it will have become sc.
xs may go into the 128th bit of multi.surbl.org if it tests well.
Please test sc2 and the revised xs and let us know how they
perform for you. Those with large spam and ham corpora (such as
the SpamAssassin developers) are encouraged to test and please
let us know.
Here are SpamAssassin 3.0.1 and later configs for using these two lists:
urirhsbl URIBL_SC2_SURBL sc2.surbl.org.
body URIBL_SC2_SURBL eval:check_uridnsbl('URIBL_SC2_SURBL')
describe URIBL_SC2_SURBL Has URI in SC2 at http://www.surbl.org/lists.html
tflagsURIBL_SC2_SURBL net
score URIBL_SC2_SURBL 3.0
urirhsbl URIBL_XS_SURBL xs.surbl.org.
body URIBL_XS_SURBL eval:check_uridnsbl('URIBL_XS_SURBL')
describe URIBL_XS_SURBL Has URI in XS - Testing
tflagsURIBL_XS_SURBL net
score URIBL_XS_SURBL 2.0
SpamAssassin 2.64 rules and scores using SpamCopURI 0.22 or later look like
this:
uri SC2_URI_RBL eval:check_spamcop_uri_rbl('sc2.surbl.org','127.0.0.2')
describe SC2_URI_RBL Has URI in SC2 at http://www.surbl.org/lists.html
tflagsSC2_URI_RBL net
score SC2_URI_RBL 3.0
uri XS_URI_RBL eval:check_spamcop_uri_rbl('xs.surbl.org','127.0.0.2')
describe XS_URI_RBL Has URI in XS - Testing
tflagsXS_URI_RBL net
score XS_URI_RBL 2.0
Jeff C.
--
Don't harm innocent bystanders.
Re: DNS failing... why? (works fine on cmd line)
All, Thank you to everyone who replied on this thread. FWIW, the issue was in fact with Net::DNS. I actually had previously had contact with him regarding other problems, but 0.51 was working for me on another system, so I was a little surprised that this was the fix. I upgraded to the newest (0.53) and the problem has gone away. Thanks everyone! email builder <[EMAIL PROTECTED]> wrote: I have a new spamd instance I am trying to start up on a server that sitsbehind another firewall (linux) machine (which I *think* is irrelevant, butthat's the only different thing from our other setups that work fine) that issomehow missing DNS connections:'''debug: is Net::DNS::Resolver available? yesdebug: Net::DNS version: 0.51debug: trying (3) motorola.com...debug: looking up NS for 'motorola.com'debug: NS lookup of motorola.com failed horribly => Perhaps your resolv.confisn't pointing at a valid server?debug: All NS queries failed => DNS unavailable (set dns_available tooverride)debug: is DNS available? 0'''However, when I telnet to port 53 of one of the IP addresses given in/etc/resolv.conf, it works just fine:'''[EMAIL PROTECTED] cat /etc/resolv.conf nameserver 123.456.7.8nameserver 987.654.1.1[EMAIL PROTECTED] telnet 123.456.7.8 53Trying 123.456.7.8...Connected to 123.456.7.8.xxx.yyy.net (123.456.7.8).Escape character is '^]'.quitConnection closed by foreign host.'''So, is spamd trying to dig the NS of motorola.com? That works on the commandline too:'''[EMAIL PROTECTED] dig ns motorola.com; <<>> DiG 9.2.5 <<>> ns motorola.com;; global options: printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24784;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;motorola.com. IN NS;; ANSWER SECTION:motorola.com. 3594 IN NS motgate.mot.com.motorola.com. 3594 IN NS ftpbox.mot.com.motorola.com. 3594 IN NS dns31.mot.com.motorola.com. 3594 IN NS dns11.mot.com.motorola.com. 3594 IN NS motgate.motorola.de.;; Query time: 3 msec;; SERVER: 123.456.7.8#53(123.456.7.8);; WHEN: Tue Jul 19 13:14:17 2005;; MSG SIZE rcvd: 150'''So does this mean that it's actually an issue with Net::DNS orNet::DNS::Resolver? They are about as up to date as they get I think(Net::DNS .52 is out now, but I don't really think that's going to fixit...?).What should I look at next? What is spamd doing that I am not doing on thecommand line???TIA!Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs Start your day with Yahoo! - make it your home page
RE: Postfix problem
Fixed my own problem with postsuper –r ALL thanks for listening Robert Peace he would say instead of goodbyepeace my brother. From: Robert Swan Sent: Sunday, July 24, 2005 6:10 PM To: users@spamassassin.apache.org Subject: Postfix problem Hello All, I had a DNS issue and postfix placed all my mail in a “deferred” folder in the “/var/spool/postfix” directory, and after fixing the DNS issue the old mail is still there, anyone know how to flush it out? I am running Spamassassin 3.04 and postfix, spamd spamc on redhat 9 Thanks in advance Robert Peace he would say instead of goodbyepeace my brother.
Postfix problem
Hello All, I had a DNS issue and postfix placed all my mail in a “deferred” folder in the “/var/spool/postfix” directory, and after fixing the DNS issue the old mail is still there, anyone know how to flush it out? I am running Spamassassin 3.04 and postfix, spamd spamc on redhat 9 Thanks in advance Robert Peace he would say instead of goodbyepeace my brother.
Re: URIDNSBL and subdomains
On Thursday, July 21, 2005, 7:28:53 PM, Charles Sprickman wrote: > Hello, > I've been watching some of the misses that have passed through > spamassassin (3.0.4) lately and they are pretty clean; no DNS BL hits, > etc. > One thing I did notice is that many of them have a fairly contorted URL > for the spamvertized products, ie: > kjekliennxi&ffiennnkenc.spamsite.com > This doesn't trigger any URIDNSBL hits, but if I punch the entire URI into > the surbl.org checker it does hit. It seems as if the SA check is looking > only at the domain part and not the subdomain. > Is this expected? Is there a switch to flip to get the whole hostname > checked? As Loren correctly mentions, SURBLs and the applications that use them usually try to check the registered domain, not the full host name. Some exceptions include phishing hosts that might be hosted on a legitimate ISP under their domain name, like phisher.geocities.com or whatever. So there is no switch to check the whole hostname and most of the time the full hostnames would not match the SURBL data. There are a number of reasons for this design decision, some of which can be seen at: http://www.surbl.org/faq.html#random http://www.surbl.org/faq.html#cctlds Most of the major spammers register dozens or hundreds of new domains at a time, use some for a few days or weeks then abandon them and start using others. We're a lot more interested in catching those than some minor abuse at a free host, since the ones using throwaway domains are probably the same ones sending billions of spams per day using botnets, etc. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: ALL_TRUSTED appearing on spam
OK. I added the internal_networks setting listing my only MX (It's not trusted, as it's used by many other users, and isn't under my control.) # Trusted Networks trusted_networks69.25.118.171 # Internal Networks internal_networks 207.234.226.49 OK. So the trusted_networks line, specifies my mail server IP.(Machine running SA.) And, internal_networks has my third-party operated MX. Now, regardless of what I set trusted_networks to, SA sets ALL_TRUSTED to direct delivered spam, or mail. I think this is part of it's design though. My mail host is a webmail box, thus nobody relays through it, except itself. Thus, it shouldn't trust any hosts other than itself. Now, it doesn't set ALL_TRUSTED from spam, or any e-mail which is relayed via another host. It's only for direct delivered mail. Thanks, John > On 7/24/05, John T. Yocum <[EMAIL PROTECTED]> wrote: >> Hello, >> >> I've recently noticed that a lot of spam is getting through >> SpamAssassin, >> and it's getting the ALL_TRUSTED test listed on it. The issue with that >> is, I only have one IP trusted, and that's my own mail server. >> >> >> # Trusted Networks >> trusted_networks 69.25.118.171 >> >> >> As you can see in the below set of headers the message came from >> 218.222.75.209. Yet, it's trusted. >> >> Return-Path: <[EMAIL PROTECTED]> >> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp >> [218.222.75.209]) >> by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id >> j6OKabJS014331 >> for <[EMAIL PROTECTED]>; Sun, 24 Jul 2005 13:36:40 -0700 >> From: "Fortifies T. Noon" <[EMAIL PROTECTED]> >> To: Fawyland <[EMAIL PROTECTED]> >> Subject: Petite 18yo Teen Stripping >> Date: Mon, 25 Jul 2005 11:38:57 -0700 >> Message-ID: <[EMAIL PROTECTED]> >> MIME-Version: 1.0 >> Content-Type: text/plain >> Content-Transfer-Encoding: 7bit >> X-Priority: 3 (Normal) >> X-MSMail-Priority: Normal >> X-Mailer: Microsoft Outlook, Build 10.0.4024 >> Importance: Normal >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. >> X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.10; AVE: >> 6.20.0.1; VDF: 6.20.0.46; host: U075209.ppp.dion.ne.jp) >> X-Spam-Status: No, score=0.0 required=3.0 >> tests=ALL_TRUSTED,BIZ_TLD,CUM_SHOT, >> HOT_NASTY autolearn=disabled version=3.0.4 >> X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on >> kangaroo.publicmx.com >> >> >> I have tried sending a test message from another host to the mail >> server, >> and everything seems fine. As headers show below. >> >> >> Return-Path: <[EMAIL PROTECTED]> >> Received: from mail1.fluidhosting.com (mail1.fluidhosting.com >> [204.14.90.61]) >> by kangaroo.publicmx.com (8.13.4/8.13.4) with SMTP id j6OLZSOU019710 >> for <[EMAIL PROTECTED]>; Sun, 24 Jul 2005 14:35:28 -0700 >> Received: (qmail 43718 invoked by uid 399); 24 Jul 2005 21:35:24 - >> Received: from localhost (HELO ?192.168.102.220?) >> ([EMAIL PROTECTED]@127.0.0.1) >> by localhost with SMTP; 24 Jul 2005 21:35:24 - >> Message-ID: <[EMAIL PROTECTED]> >> Date: Sun, 24 Jul 2005 14:35:21 -0700 >> From: "John T. Yocum" >> User-Agent: Mozilla Thunderbird 1.0.6-1.4.1.centos4 (X11/20050721) >> X-Accept-Language: en-us, en >> MIME-Version: 1.0 >> To: [EMAIL PROTECTED] >> Subject: test >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> Content-Transfer-Encoding: 7bit >> X-Spam-Status: No, score=-0.0 required=4.0 tests=SPF_HELO_PASS,SPF_PASS >> autolearn=disabled version=3.0.4 >> X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on >> kangaroo.publicmx.com >> >> >> My current setup is, SpamAssassin 3.0.4 integrated with Sendmail using >> SpamAssasin-Milter 0.3. >> >> Any ideas why other hosts getting trusted, would be greatly appreciated. >> >> Thanks, >> John >> > > John, there's another setting, called "internal networks", that you're > suppose to put in the local.cf file as well. > > See this: > http://wiki.apache.org/spamassassin/TrustPath?highlight=%28all_trusted%29 > > -RoNNY > >
Re: (OT) SURBL local-DNS sample file?
On Tuesday, July 19, 2005, 5:24:21 AM, Paolo as2594 wrote: > Hi, what follows is certainly OT for SpamAssassin. > I am setting up SA3 with SURBL support, and I am configuring RBLDNSD in > order to run a local SURBL copy. > Before asking for rsync permission, I'd like to test the configuration > on a non-production system (with a non-production IP address). There are some RBLs that have open rsync access, such as dsbl, as described at: http://dsbl.org/usage I use their list rbldns-list.dsbl.org, as shown in our one of our rsync/rbldnsd faq documents: http://www.surbl.org/rbldnsd-bind-freebsd.html Links to more rbldnsd howtos, faqs, etc. can be found at: http://www3.surbl.org/rsync-signup.html http://www.surbl.org/links.html Cheers, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: ALL_TRUSTED appearing on spam
John T. Yocum wrote: Hello, I've recently noticed that a lot of spam is getting through SpamAssassin, and it's getting the ALL_TRUSTED test listed on it. The issue with that is, I only have one IP trusted, and that's my own mail server. # Trusted Networks trusted_networks 69.25.118.171 As you can see in the below set of headers the message came from 218.222.75.209. Yet, it's trusted. Return-Path: <[EMAIL PROTECTED]> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp [218.222.75.209]) by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id j6OKabJS014331 for <[EMAIL PROTECTED]>; Sun, 24 Jul 2005 13:36:40 -0700 My understanding (but I may be wrong) is that ALL_TRUSTED means all received headers are trusted, which seems the case. It doesn't mean the origin client is trusted.
Re: ALL_TRUSTED appearing on spam
On 7/24/05, John T. Yocum <[EMAIL PROTECTED]> wrote: > Hello, > > I've recently noticed that a lot of spam is getting through SpamAssassin, > and it's getting the ALL_TRUSTED test listed on it. The issue with that > is, I only have one IP trusted, and that's my own mail server. > > > # Trusted Networks > trusted_networks 69.25.118.171 > > > As you can see in the below set of headers the message came from > 218.222.75.209. Yet, it's trusted. > > Return-Path: <[EMAIL PROTECTED]> > Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp > [218.222.75.209]) > by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id j6OKabJS014331 > for <[EMAIL PROTECTED]>; Sun, 24 Jul 2005 13:36:40 -0700 > From: "Fortifies T. Noon" <[EMAIL PROTECTED]> > To: Fawyland <[EMAIL PROTECTED]> > Subject: Petite 18yo Teen Stripping > Date: Mon, 25 Jul 2005 11:38:57 -0700 > Message-ID: <[EMAIL PROTECTED]> > MIME-Version: 1.0 > Content-Type: text/plain > Content-Transfer-Encoding: 7bit > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook, Build 10.0.4024 > Importance: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. > X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.10; AVE: > 6.20.0.1; VDF: 6.20.0.46; host: U075209.ppp.dion.ne.jp) > X-Spam-Status: No, score=0.0 required=3.0 tests=ALL_TRUSTED,BIZ_TLD,CUM_SHOT, > HOT_NASTY autolearn=disabled version=3.0.4 > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > kangaroo.publicmx.com > > > I have tried sending a test message from another host to the mail server, > and everything seems fine. As headers show below. > > > Return-Path: <[EMAIL PROTECTED]> > Received: from mail1.fluidhosting.com (mail1.fluidhosting.com [204.14.90.61]) > by kangaroo.publicmx.com (8.13.4/8.13.4) with SMTP id j6OLZSOU019710 > for <[EMAIL PROTECTED]>; Sun, 24 Jul 2005 14:35:28 -0700 > Received: (qmail 43718 invoked by uid 399); 24 Jul 2005 21:35:24 - > Received: from localhost (HELO ?192.168.102.220?) > ([EMAIL PROTECTED]@127.0.0.1) > by localhost with SMTP; 24 Jul 2005 21:35:24 - > Message-ID: <[EMAIL PROTECTED]> > Date: Sun, 24 Jul 2005 14:35:21 -0700 > From: "John T. Yocum" > User-Agent: Mozilla Thunderbird 1.0.6-1.4.1.centos4 (X11/20050721) > X-Accept-Language: en-us, en > MIME-Version: 1.0 > To: [EMAIL PROTECTED] > Subject: test > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > Content-Transfer-Encoding: 7bit > X-Spam-Status: No, score=-0.0 required=4.0 tests=SPF_HELO_PASS,SPF_PASS > autolearn=disabled version=3.0.4 > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > kangaroo.publicmx.com > > > My current setup is, SpamAssassin 3.0.4 integrated with Sendmail using > SpamAssasin-Milter 0.3. > > Any ideas why other hosts getting trusted, would be greatly appreciated. > > Thanks, > John > John, there's another setting, called "internal networks", that you're suppose to put in the local.cf file as well. See this: http://wiki.apache.org/spamassassin/TrustPath?highlight=%28all_trusted%29 -RoNNY
Re: spamc doesn't add headers
christophe, you DO know that "cat spam" merely prints out your raw spam file so it should not have any markup in it. If you want to view a permanent marked up file you need to run: spamc < spam >spam_marked_up Or something like that. Remember that spamc takes stdin, filters, and feeds back out stdout. So "spamc I spent my last days googling, reading tutorials, man pages and spamassassin web sites and tried many differents settings for spamassassin (version 3.0.4) but without success. So i have no other solutions than asking you. Here is the content of my /etc/mail/spamassassin/local.cf file : -- required_hits 5 report_safe 0 add_header spam Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ add_header all Level _STARS(*)_ add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ auto_whitelist_path/var/spool/spamassassin/auto-whitelist auto_whitelist_file_mode 0666 dcc_home /var/lib/dcc -- spamd is running perfectly as a daemon. I copied a spam mail in the file 'spam'. And there i meet a _very_ weird paradox. If i run one of these 2 commands : $spamassassin < spam $spamc -E < spam i get an output with 'X-Spam-Flag: YES', which is what i want to treat the email with my maler. But when i run : $cat spam No line with 'X-Spam-Flag: YES' appears. Yet, i thought my config file was well written. because i put this line : add_header spam Flag _YESNOCAPS_ I don't understand why no header is added in the 'spam' file There must something i forgot. Could anyone help me, please ? -- Christophe
Re: spamc doesn't add headers
On Mon, Jul 25, 2005 at 12:31:46AM +0200, christophe wrote: > spamd is running perfectly as a daemon. > I copied a spam mail in the file 'spam'. Ok. > If i run one of these 2 commands : > $spamassassin < spam > $spamc -E < spam > i get an output with 'X-Spam-Flag: YES', which is what i want to treat the > email with my maler. Right, the message is displayed on STDOUT w/ markup and everything. > But when i run : > $cat spam > No line with 'X-Spam-Flag: YES' appears. Of course not. "spam" is the original file without markup. > I don't understand why no header is added in the 'spam' file > There must something i forgot. > Could anyone help me, please ? Are you expecting SpamAssassin to read in the file "spam", then write the output back to the same file? If so, that's not how SpamAssassin works. Basically you'd want to do something like: $spamc < spam > spam.out That will filter the message in the file 'spam' through spamc<->spamd, and the resulting output will go into the file called spam.out. -- Randomly Generated Tagline: "Now they show you how detergents take out bloodstains, a pretty violent image there. I think if you've got a T-shirt with a bloodstain all over it, maybe laundry isn't your biggest problem. Maybe you should get rid of the body before you do the wash." - Jerry Seinfeld pgp1uvP2yF5fa.pgp Description: PGP signature
spamc doesn't add headers
I spent my last days googling, reading tutorials, man pages and spamassassin web sites and tried many differents settings for spamassassin (version 3.0.4) but without success. So i have no other solutions than asking you. Here is the content of my /etc/mail/spamassassin/local.cf file : -- required_hits 5 report_safe 0 add_header spam Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ add_header all Level _STARS(*)_ add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ auto_whitelist_path/var/spool/spamassassin/auto-whitelist auto_whitelist_file_mode 0666 dcc_home /var/lib/dcc -- spamd is running perfectly as a daemon. I copied a spam mail in the file 'spam'. And there i meet a _very_ weird paradox. If i run one of these 2 commands : $spamassassin < spam $spamc -E < spam i get an output with 'X-Spam-Flag: YES', which is what i want to treat the email with my maler. But when i run : $cat spam No line with 'X-Spam-Flag: YES' appears. Yet, i thought my config file was well written. because i put this line : add_header spam Flag _YESNOCAPS_ I don't understand why no header is added in the 'spam' file There must something i forgot. Could anyone help me, please ? -- Christophe pgpAMJpmBapVW.pgp Description: PGP signature
Re: Account # 555711L Spam
On Sunday 24 July 2005 13:39, jdow wrote:
>From: "Gene Heskett" <[EMAIL PROTECTED]>
>
>> I wonder if perhaps earthlink is not the only ISP with that
>> problem. I have my vz prefs set to delete any detected spam as I
>> have now switched to a fetchmail based mail suck.
>>
>> Haveing a kmail problem the other day, I logged in via the webmail
>> at vz, and found 9 messages, all spam, sitting in the spam folder
>> there.
>>
>> So I checkmarked them to be deleted, and as I had the tech support
>> guy on my ear at the time, I noted that delete didn't, it just
>> moved the stuff to the trash folder. That pulled my trigger and I
>> made it clear to the support drone that when I clicked on delete,
>> thats exactly what I intended to happen. As vz is currently
>> setup, you then have to move to the trash folder, select them all
>> again, and click delete to be able to be truely rid of the wasted
>> space.
>
>That's web mail. I'm highly allergic to that "abortion". So I never
>use it. At one point, though, I had something even web mail could
>not repair. So the whole mail file at Earthlink had to be deleted.
>{^_^}
Chuckle, that makes 2 of us, Joanne. Webmail, IMNSHO, is an invention
by the marketing drones so they can feed you a bunch of commercials
that apparently come with your mail & which OE will no doubt try to
decode, thereby loading up your machine with yet another winderz
viri. I've opted out of that scene to the maximum available.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.35% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
ALL_TRUSTED appearing on spam
Hello, I've recently noticed that a lot of spam is getting through SpamAssassin, and it's getting the ALL_TRUSTED test listed on it. The issue with that is, I only have one IP trusted, and that's my own mail server. # Trusted Networks trusted_networks 69.25.118.171 As you can see in the below set of headers the message came from 218.222.75.209. Yet, it's trusted. Return-Path: <[EMAIL PROTECTED]> Received: from U075209.ppp.dion.ne.jp (U075209.ppp.dion.ne.jp [218.222.75.209]) by kangaroo.publicmx.com (8.13.4/8.13.4) with ESMTP id j6OKabJS014331 for <[EMAIL PROTECTED]>; Sun, 24 Jul 2005 13:36:40 -0700 From: "Fortifies T. Noon" <[EMAIL PROTECTED]> To: Fawyland <[EMAIL PROTECTED]> Subject: Petite 18yo Teen Stripping Date: Mon, 25 Jul 2005 11:38:57 -0700 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.10; AVE: 6.20.0.1; VDF: 6.20.0.46; host: U075209.ppp.dion.ne.jp) X-Spam-Status: No, score=0.0 required=3.0 tests=ALL_TRUSTED,BIZ_TLD,CUM_SHOT, HOT_NASTY autolearn=disabled version=3.0.4 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on kangaroo.publicmx.com I have tried sending a test message from another host to the mail server, and everything seems fine. As headers show below. Return-Path: <[EMAIL PROTECTED]> Received: from mail1.fluidhosting.com (mail1.fluidhosting.com [204.14.90.61]) by kangaroo.publicmx.com (8.13.4/8.13.4) with SMTP id j6OLZSOU019710 for <[EMAIL PROTECTED]>; Sun, 24 Jul 2005 14:35:28 -0700 Received: (qmail 43718 invoked by uid 399); 24 Jul 2005 21:35:24 - Received: from localhost (HELO ?192.168.102.220?) ([EMAIL PROTECTED]@127.0.0.1) by localhost with SMTP; 24 Jul 2005 21:35:24 - Message-ID: <[EMAIL PROTECTED]> Date: Sun, 24 Jul 2005 14:35:21 -0700 From: "John T. Yocum" User-Agent: Mozilla Thunderbird 1.0.6-1.4.1.centos4 (X11/20050721) X-Accept-Language: en-us, en MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: test Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.0 required=4.0 tests=SPF_HELO_PASS,SPF_PASS autolearn=disabled version=3.0.4 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on kangaroo.publicmx.com My current setup is, SpamAssassin 3.0.4 integrated with Sendmail using SpamAssasin-Milter 0.3. Any ideas why other hosts getting trusted, would be greatly appreciated. Thanks, John
Re: Account # 555711L Spam
From: "Gene Heskett" <[EMAIL PROTECTED]>
> I wonder if perhaps earthlink is not the only ISP with that problem.
> I have my vz prefs set to delete any detected spam as I have now
> switched to a fetchmail based mail suck.
>
> Haveing a kmail problem the other day, I logged in via the webmail at
> vz, and found 9 messages, all spam, sitting in the spam folder there.
>
> So I checkmarked them to be deleted, and as I had the tech support guy
> on my ear at the time, I noted that delete didn't, it just moved the
> stuff to the trash folder. That pulled my trigger and I made it
> clear to the support drone that when I clicked on delete, thats
> exactly what I intended to happen. As vz is currently setup, you
> then have to move to the trash folder, select them all again, and
> click delete to be able to be truely rid of the wasted space.
That's web mail. I'm highly allergic to that "abortion". So I never
use it. At one point, though, I had something even web mail could
not repair. So the whole mail file at Earthlink had to be deleted.
{^_^}
Re: Account # 555711L Spam
On Sunday 24 July 2005 11:19, Loren Wilton wrote: >> Haveing a kmail problem the other day, I logged in via the webmail >> at vz, and found 9 messages, all spam, sitting in the spam folder >> there. > >On Dirtlink (which seems from your description to be using the same >near-useless webmail as vz) you have a few choices and a very few > things that happen automatically: > >1If you take the current default configuration, they will do a > decent but not wonderful virus scan first. They will automatically > dump all pure virus messages with no sign that they did so. If you > want to know about these, you can turn on an incredibly innane > option that will send you an email for each deleted virus email. I haven't see such an option on vz's webmail screens. >Any virus email that they can "partially clean" they dump into a > holding tank and then send you an email per virus that they have > "cleaned" this thing. You CAN NOT turn off these stupid annoyance > emails. Fortunately these prnding virus bits are small and will be > deleted in something like 7 days. I've never to my knowledge received one of those. >2By default then then scan for spam. I haven't had this turned > on in a few months, but the last time I did it was really quite > effective; and has been for about a year now. Before that it was > essentially useless, catching maybe 10% of the spam. > :) >These spam mails go into the 'caught spam' folder, and DO NOT count > against your mail quota. They will be deleted after some not large > number of days, 3-5 as I recall. At vz, they do count against your total drive space used. When I first signed up for DSL in april 2 years ago, I never looked at the webmail screens as I was fetching mail directly with kmail. A month later the mail slowed to a trickle and then stopped. This was back when you mailbox was a measly 10 megs, now its 30. On calling tech support to see what the deal was, he had me log into the webmail and I had 10 megs worth of stuff sitting in the spam folder. >3You can move the spam into your real mail folder. This > re-mails it to you, but bypasses scanning. The headers will be > rather strange as a result of this forwarding. Obviously this now > counts against mail quota. > >4You can delete the spam. This doesn't 'delete', it works like > a windows/mac machine and moves it to the 'deleted items' folder. > Now this deleted spam DOES count against your mail quota! > Fortunately the deleted items folder is really deleted after 7 > days, I think. However, it is smart to click the 'empty trash' > button that shows up here and there and jump through the assorted > hoops necessary to get this crud really deleted. It may be that they have a kill after "x" time setup, but its not mentioned. >BTW, if you move something from deleted items back to inbox, it > doesn't move it, it RE-SENDS it to you! It will show up with new > message numbers and get downloaded a second time by pop. > Oh cool, NOT! > >If you just accept the default configuration of virus and spam > scanning and don't muck with the stuff, it is all reasonably > transparent. If you do like I do and disable one or both of these > scans it is also reasonably transparent, but you get all the spams > or virui, depending on your settings. (I leave the virus scan on > and spam scan off.) I have then both turned on, and set to delete. But a lot of stuff gets thru anyway. I haven't looked in the JunqueMail folder since about 5:30 this morning, 42 new messages, with about 38 labeled as spam by spamassassins spamd. The other 4 fell thru my local sort filters and wind up being sorted to the JunqueMail folder too. Once or twice a day I delete the ones labeled as spam, and feed the rest to the learn-spam tool. >Normally your pop3 client will be set to delete the mail as soon as > it is downloaded. I tend to leave it there for about 5 days before > deleting it with a handy little program I cobbled to do that, so I > can get to webmail if I'm not at home, without having to turn off > the home feed. > >OE will delete the mail from the feed for you, either immediately or > after a period of time. However, I have a double-level pop3 feed > because SA sits in the middle on a linux box, so need to reach > around this to delete the stuff from the main folder. I have > fetchmail set to not delete. (I wish it had an option to delete > after N days/hours, but it doesn't seem to.) > >Loren SA's not exactly in the middle here, its a slave to kmail's fetching by pipeing everything thru SA for suitable labelling before it hits my sort rules. My firewall in only firewall, no mail proxies setup. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.35% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene
Re: Account # 555711L Spam
> Haveing a kmail problem the other day, I logged in via the webmail at > vz, and found 9 messages, all spam, sitting in the spam folder there. On Dirtlink (which seems from your description to be using the same near-useless webmail as vz) you have a few choices and a very few things that happen automatically: 1If you take the current default configuration, they will do a decent but not wonderful virus scan first. They will automatically dump all pure virus messages with no sign that they did so. If you want to know about these, you can turn on an incredibly innane option that will send you an email for each deleted virus email. Any virus email that they can "partially clean" they dump into a holding tank and then send you an email per virus that they have "cleaned" this thing. You CAN NOT turn off these stupid annoyance emails. Fortunately these prnding virus bits are small and will be deleted in something like 7 days. 2By default then then scan for spam. I haven't had this turned on in a few months, but the last time I did it was really quite effective; and has been for about a year now. Before that it was essentially useless, catching maybe 10% of the spam. These spam mails go into the 'caught spam' folder, and DO NOT count against your mail quota. They will be deleted after some not large number of days, 3-5 as I recall. 3You can move the spam into your real mail folder. This re-mails it to you, but bypasses scanning. The headers will be rather strange as a result of this forwarding. Obviously this now counts against mail quota. 4You can delete the spam. This doesn't 'delete', it works like a windows/mac machine and moves it to the 'deleted items' folder. Now this deleted spam DOES count against your mail quota! Fortunately the deleted items folder is really deleted after 7 days, I think. However, it is smart to click the 'empty trash' button that shows up here and there and jump through the assorted hoops necessary to get this crud really deleted. BTW, if you move something from deleted items back to inbox, it doesn't move it, it RE-SENDS it to you! It will show up with new message numbers and get downloaded a second time by pop. If you just accept the default configuration of virus and spam scanning and don't muck with the stuff, it is all reasonably transparent. If you do like I do and disable one or both of these scans it is also reasonably transparent, but you get all the spams or virui, depending on your settings. (I leave the virus scan on and spam scan off.) Normally your pop3 client will be set to delete the mail as soon as it is downloaded. I tend to leave it there for about 5 days before deleting it with a handy little program I cobbled to do that, so I can get to webmail if I'm not at home, without having to turn off the home feed. OE will delete the mail from the feed for you, either immediately or after a period of time. However, I have a double-level pop3 feed because SA sits in the middle on a linux box, so need to reach around this to delete the stuff from the main folder. I have fetchmail set to not delete. (I wish it had an option to delete after N days/hours, but it doesn't seem to.) Loren
Re: ampersand in URLs
John Rudd wrote: The only problem I can think of is than an ampersand in a _URL_ is legal (IIRC, in CGI form urls, ampersand is used to delimit different variables, so if the URL question contains some form of context, like ack'ing a sign-up, it might legitimately contain an &). So, you need to distinguish between "& before the third /" and "& after the third / and probably after a ?". The former is bad. The latter should be ok. I find it simpler to just remove the '%' ane '#' from the expression and use http://[\w\d\.]*\&; so that '&' is not matched in the path part even if the slash is encoded. while this doesn't catch all descrepancies, it catches the example spams.
Re: Account # 555711L Spam
On Saturday 23 July 2005 13:13, jdow wrote:
>From: "Jeffrey Lee" <[EMAIL PROTECTED]>
>
>> Are they any rules to stop this type of spam? It is continually
>> growing and doesnt ever let up.
>
>One thing I discovered is that these spams CAN upset the combination
>of fetchmail and the Earthlink pop3 server, NGPOPPER. (No Good
> POPper?)
>
>Until you manually telnet to the Earthlink server and delete the
> offending email you get mailboxes full of the message. Is this by
> any chance what you are seeing?
>
>And yes, there are rules that catch it. Every one has been marked
>spam here, quite handily.
>
>{^_^}
I wonder if perhaps earthlink is not the only ISP with that problem.
I have my vz prefs set to delete any detected spam as I have now
switched to a fetchmail based mail suck.
Haveing a kmail problem the other day, I logged in via the webmail at
vz, and found 9 messages, all spam, sitting in the spam folder there.
So I checkmarked them to be deleted, and as I had the tech support guy
on my ear at the time, I noted that delete didn't, it just moved the
stuff to the trash folder. That pulled my trigger and I made it
clear to the support drone that when I clicked on delete, thats
exactly what I intended to happen. As vz is currently setup, you
then have to move to the trash folder, select them all again, and
click delete to be able to be truely rid of the wasted space.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.35% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
