Re: not everyone is happy with SA
On Friday 20 July 2007, Loren Wilton wrote: I guess that's just another chapter in the proof that there is one born every minute. When P.T. Barnum made that statement the population of the US was about 60 million. It is now somewhere north of 250 million. Loren Humm, so we must be averaging around 4 a minute in order to keep the curve rising that steeply? -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Q: What do Winnie the Pooh and John the Baptist have in common? A: The same middle name.
Re: not everyone is happy with SA
On Friday 20 July 2007, John Rudd wrote: someone that Skip Brott didn't attribute wrote: Why is it my responsibility as a holder of a valid email address to accept mail from anyone who wants to send me the mail? As the owner of the email address or, as the admin of the domain's mail server, I have no obligation to accept your mail at all. Obligations should be on the sender. You are correct that you have no obligation to accept email from me (nor anyone else for that matter), the issue of obligations upon the sender depends on which obligations you're talking about, and which sender you're talking about. If I'm replying to a question you asked, then you are the _original_ sender, and no, it is not my obligation to jump through your C/R hoops in order to get the answer to you. If you want the answer to your question, it's YOUR obligation to make sure you can receive my answer. If I didn't send the message at all, but this is backscatter, then it is your obligation to prevent backscatter to innocent bystanders. It's not my obligation to deal with your challenge messages, and it's entirely my digression as to whether or not I'm going to report you to a blacklist for producing backscatter. At that point, it becomes YOUR obligation to get yourself off of a blacklist. Further, I as the sender have no obligation to participate in your anti-spam mechanism. It's YOUR mechanism. You feed it, you configure it, your CPU cycles are spent on it. I have no obligation to participate in the program you use for deciding is this spam or not. I have no obligation to devote my time and my CPU cycles to your anti-spam program. It's rather rude for you to assume otherwise. All very well stated. So if you send me a C/R, for any reason whatsoever, if it actually gets past SA, it either is fed back as spam to train my bayes or deleted and promptly forgotten about. But don't expect any of us to be happy when, after composing a 4 kilobyte response from scratch in response to your plea for help, something that took half an hour of my time typing with 72 year old fingers, and looking up the data so that my answer might be correct, only to be greeted 90 seconds later on my next mail suck, with a C/R from you. Then, because you're an ass, you didn't get the answers you asked for, so you keep on flooding the list with your question. At that point, I'll not reply again, but I will add your email address to my procmailrc file as one to be delivered to /dev/null. And you had better believe me when I say I am not the only one here who will do that, there are far more knowledgeable people here than I who will do that, maybe even quicker. And I do not make it a habit to expire those entries in my procmailrc. Once you are there, goodbye. And no one but you gave me reason to put you there. Oh, did I mention I don't like C/R systems? I don't... -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Q: What do Winnie the Pooh and John the Baptist have in common? A: The same middle name.
Re: not everyone is happy with SA
On Friday 20 July 2007, jdow wrote: From: Steven Stern [EMAIL PROTECTED] John Rudd wrote: Further, I as the sender have no obligation to participate in your anti-spam mechanism. It's YOUR mechanism. You feed it, you configure it, your CPU cycles are spent on it. I have no obligation to participate in the program you use for deciding is this spam or not. I have no obligation to devote my time and my CPU cycles to your anti-spam program. It's rather rude for you to assume otherwise. My company's website has a click here and we'll send you your password (or something similar). You'd be amazed how many calls we get claiming it doesn't work. When I track through the logs, I find most come from people with CR systems. You can't use a CR when you're talking to a robot. These things make me sooo mad. I wonder how many I can't get off this #)$([EMAIL PROTECTED] mailing list! messages are due to a recently installed C/R system. C/R systems CAN be their own punishment. {^_-} Not CAN my dear girl, ARE... -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Whistler's Law: You never know who is right, but you always know who is in charge.
Re: Sa-update question
On Friday 20 July 2007, Richard Frovarp wrote: Gene Heskett wrote: Also, how about /etc/mail/spamassassin/RuleDuJour? Can that copy of all this go away also? It is not being mentioned in the --lint -D report output. That was just a staging area for RDJ and never used by spamassassin. Updates were downloaded there first and then linted to make sure they worked. Blow it away. And finally, I assume I have to add this PDFInfo.pm to a config file someplace as its not being mentioned in the --lint -D output either. SA is 3.20, so where do I enable that? Instruction are in the pm file. The only thing is, either I'm blind, or its now working. I edited /etc/mail/spamassassin/v320.pre intending to add it, and found it already there, so I re-ran the --lint -D, and it was there. So I just restarted spamassassin. Now, I can presume to delete any earlier v3xx.pre files I guess. Amazing how this cruft collects, and many thanks to all the responders here. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) *** Topic for #redhat: ReDHaT is the answer to all your problems. It could be the start too!
Re: Sa-update question
Gene Heskett wrote: On Friday 20 July 2007, Richard Frovarp wrote: Gene Heskett wrote: Also, how about /etc/mail/spamassassin/RuleDuJour? Can that copy of all this go away also? It is not being mentioned in the --lint -D report output. That was just a staging area for RDJ and never used by spamassassin. Updates were downloaded there first and then linted to make sure they worked. Blow it away. And finally, I assume I have to add this PDFInfo.pm to a config file someplace as its not being mentioned in the --lint -D output either. SA is 3.20, so where do I enable that? Instruction are in the pm file. The only thing is, either I'm blind, or its now working. I edited /etc/mail/spamassassin/v320.pre intending to add it, and found it already there, so I re-ran the --lint -D, and it was there. So I just restarted spamassassin. v320.pre has ImageInfo by default, but not PDFInfo. Now, I can presume to delete any earlier v3xx.pre files I guess. No. Daryl
Re: not everyone is happy with SA
Gene Heskett wrote: On Friday 20 July 2007, John Rudd wrote: All very well stated. So if you send me a C/R, for any reason whatsoever, if it actually gets past SA, it either is fed back as spam to train my bayes or deleted and promptly forgotten about. But don't expect any of us to be happy when, after composing a 4 kilobyte response from scratch in response to your plea for help, something that took half an hour of my time typing with 72 year old fingers, and looking up the data so that my answer might be correct, only to be greeted 90 seconds later on my next mail suck, with a C/R from you. Then, because you're an ass, you didn't get the answers you asked for, so you keep on flooding the list with your question. At that point, I'll not reply again, but I will add your email address to my procmailrc file as one to be delivered to /dev/null. And you had better believe me when I say I am not the only one here who will do that, there are far more knowledgeable people here than I who will do that, maybe even quicker. And I do not make it a habit to expire those entries in my procmailrc. Once you are there, goodbye. And no one but you gave me reason to put you there. Oh, did I mention I don't like C/R systems? I don't... uh... did you actually read my message? You're attacking me for being anti-C/R, and then stating some of my exact same arguments against me? Did you have a few too many beers while out on Friday night?
Uninstall SA
We have moved from hula email system to zimbra. Zimbra has built-in SA. We installed SA from source; how do we uninstall, completely, SA? begin:vcard n:Arnold;Chris fn:Arnold, Chris url:http://www.mytimewithgod.net version:2.1 email;internet:[EMAIL PROTECTED] end:vcard
Re: Uninstall SA
[EMAIL PROTECTED] wrote: We have moved from hula email system to zimbra. Zimbra has built-in SA. We installed SA from source; how do we uninstall, completely, SA? First, you need to undo whatever you did to integrate SA into your mailsystem. If you added it to procmail, remove it from procmail, etc. Since there's dozens of ways to integrate SA, and you've not specified what method you're using, I can't really be any more specific here. You must do this part first, and I would strongly recommend confirming that incoming mail is no longer being processed by SA. Note: if you proceed past the first step without disabling SA, your mail chain will contiune to call SA, and fail, which may result in your mail tools getting tangled up. Second, if you use spamd, shut it down. Finally, go to the source you installed from and run make uninstall. This won't actually uninstall SA, but will provide you a list of files to delete. Proceed to delete them manually.
Spam Du Jour ? *.XLS
LOL investors news-76212.xls, et all no real challenge
Include directives in user_prefs was Whitelist of my friends -- followup
Can I somehow specify an include directive in my user_prefs file, such as include my_friends.cf? i
Excel Stock Spam
Hi i received a Spam Email with an Excel File as Atachment may some one want to have a look on a sample http://its-h.de/spam_sample/xls_spam.txt -- IT Service Häker Matthias Häker Fettstr. 3 20357 Hamburg Tel: +49 (0)40 98238807 Fax: +49 (0)40 52596583 Mob: +49 (0)176 65571482
Screwed up Perl install [OT]
If I have a machine with a screwed up perl configuration, some installed in /usr/lib/perl5 and some in /usr/local/lib/perl5, is there any easy way to get everything back under /usr/lib/perl5 without starting over? Running Fedora Core 6. Thanks in Advance
RE: Screwed up Perl install [OT]
-Original Message- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Saturday, July 21, 2007 12:14 PM To: users@spamassassin.apache.org Subject: Screwed up Perl install [OT] If I have a machine with a screwed up perl configuration, some installed in /usr/lib/perl5 and some in /usr/local/lib/perl5, is there any easy way to get everything back under /usr/lib/perl5 without starting over? After tarballing /usr/lib/perl5... Some careful use of rsync and -u and -n flags might be fun. Running Fedora Core 6. Thanks in Advance _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Bye for good FuzzyOCR
Hi, i just uninstalled FuzzyOCR from my system as it seems like its become out of fashion to send those spam images that FuzzyOCR can read and I noticed that I dont even need it to get the remaining imagespam above a score of 10. Thanks alot to the author, the plugin was great when imagespam was on a high and no good rules existed to bust them through metadata ;-) arni
Re: Bye for good FuzzyOCR
i just uninstalled FuzzyOCR from my system as it seems like its become out of fashion to send those spam images that FuzzyOCR can read and I noticed that I dont even need it to get the remaining imagespam above a score of 10. Thanks alot to the author, the plugin was great when imagespam was on a high and no good rules existed to bust them through metadata ;-) So what are u using now?
RE: DKIM vs DomainKeys plugins
-Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Friday, July 20, 2007 10:38 PM To: Michael Scheidell Cc: users@spamassassin.apache.org Subject: Re: DKIM vs DomainKeys plugins However, AFAIK, the DKIM versions of the rules should fire in the place of the DK_* rules. SHOULD, as in RFC's? :-) (doesn't.. Actually) but when I get a chance I'll troubleshoot it and make a PR Does anyone have any emails from yahoo? They all have domainkeys. How is your dkim/domainkeys set up? What rules triggered? Or is this just me? _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: Screwed up Perl install [OT]
Marc Perkel wrote: If I have a machine with a screwed up perl configuration, some installed in /usr/lib/perl5 and some in /usr/local/lib/perl5, is there any easy way to get everything back under /usr/lib/perl5 without starting over? Running Fedora Core 6. On my system and I believe on FC too but you should check, a stock system has no files in the /usr/local tree at all. This means that you can simply remove all files from there and return the system to a stock state, with regards to that directory hierarchy. find /usr/local -type f -print Bob
Re: Bye for good FuzzyOCR
Spamassassin List schrieb: i just uninstalled FuzzyOCR from my system as it seems like its become out of fashion to send those spam images that FuzzyOCR can read and I noticed that I dont even need it to get the remaining imagespam above a score of 10. Thanks alot to the author, the plugin was great when imagespam was on a high and no good rules existed to bust them through metadata ;-) So what are u using now? HTML_IMAGE_ONLY_XX, SHORT_HELO_AND_INLINE_IMAGE, DC_IMAGE_SPAM_TEXT, DC_IMAGE_SPAM_HTML, DC_GIF_UNO_LARGO, SARE_GIF_ATTACH together with botnet, bayes and other standard rules is enough to bring all my image spam to above 10 points, even without cpu intensive FuzzyOCR. I'm not recieving much of it anymore anyways. arni
Re: Sa-update question
On Sat, Jul 21, 2007 at 05:10:49AM -0400, Daryl C. W. O'Shea wrote: Now, I can presume to delete any earlier v3xx.pre files I guess. No. More specifically, the other pre files load other plugins. You can never just assume to delete config files unless you fully know that they're not being used for anything. In SA's case, it reads *.pre not just v320.pre. -- Randomly Selected Tagline: A gift of a flower will soon be made to you. pgppuu4xEnEg6.pgp Description: PGP signature
Re: Include directives in user_prefs was Whitelist of my friends -- followup
On Sat, Jul 21, 2007 at 10:37:01AM -0500, Igor Chudov wrote: Can I somehow specify an include directive in my user_prefs file, such as include my_friends.cf? Did you look at perldoc Mail::SpamAssassin::Conf ? :) -- Randomly Selected Tagline: Cloning and the reprogramming of DNA is the first serious step in becoming one with God.- Scientist G. Richard Seed pgpmYFYH6HLzQ.pgp Description: PGP signature
Re: Bye for good FuzzyOCR
Spamassassin List schrieb: i just uninstalled FuzzyOCR from my system as it seems like its become out of fashion to send those spam images that FuzzyOCR can read and I noticed that I dont even need it to get the remaining imagespam above a score of 10. Thanks alot to the author, the plugin was great when imagespam was on a high and no good rules existed to bust them through metadata ;-) So what are u using now? HTML_IMAGE_ONLY_XX, SHORT_HELO_AND_INLINE_IMAGE, DC_IMAGE_SPAM_TEXT, DC_IMAGE_SPAM_HTML, DC_GIF_UNO_LARGO, SARE_GIF_ATTACH together with botnet, bayes and other standard rules is enough to bring all my image spam to above 10 points, even without cpu intensive FuzzyOCR. I'm not recieving much of it anymore anyways. How do u get DC_IMAGE_SPAM_HTML, DC_GIF_UNO_LARGO? Using ImageInfo?
Re: Bye for good FuzzyOCR
Spamassassin List schrieb: Spamassassin List schrieb: i just uninstalled FuzzyOCR from my system as it seems like its become out of fashion to send those spam images that FuzzyOCR can read and I noticed that I dont even need it to get the remaining imagespam above a score of 10. Thanks alot to the author, the plugin was great when imagespam was on a high and no good rules existed to bust them through metadata ;-) So what are u using now? HTML_IMAGE_ONLY_XX, SHORT_HELO_AND_INLINE_IMAGE, DC_IMAGE_SPAM_TEXT, DC_IMAGE_SPAM_HTML, DC_GIF_UNO_LARGO, SARE_GIF_ATTACH together with botnet, bayes and other standard rules is enough to bring all my image spam to above 10 points, even without cpu intensive FuzzyOCR. I'm not recieving much of it anymore anyways. How do u get DC_IMAGE_SPAM_HTML, DC_GIF_UNO_LARGO? Using ImageInfo? must be on updates.spamassassin.org or saupdates.openprotect.com, otherwise i wouldnt have them arni
Re: Bye for good FuzzyOCR
Spamassassin List schrieb: Spamassassin List schrieb: i just uninstalled FuzzyOCR from my system as it seems like its become out of fashion to send those spam images that FuzzyOCR can read and I noticed that I dont even need it to get the remaining imagespam above a score of 10. Thanks alot to the author, the plugin was great when imagespam was on a high and no good rules existed to bust them through metadata ;-) So what are u using now? HTML_IMAGE_ONLY_XX, SHORT_HELO_AND_INLINE_IMAGE, DC_IMAGE_SPAM_TEXT, DC_IMAGE_SPAM_HTML, DC_GIF_UNO_LARGO, SARE_GIF_ATTACH together with botnet, bayes and other standard rules is enough to bring all my image spam to above 10 points, even without cpu intensive FuzzyOCR. I'm not recieving much of it anymore anyways. How do u get DC_IMAGE_SPAM_HTML, DC_GIF_UNO_LARGO? Using ImageInfo? must be on updates.spamassassin.org or saupdates.openprotect.com, otherwise i wouldnt have them Thanks
Re: DKIM vs DomainKeys plugins
Michael Scheidell wrote the following on 7/21/2007 10:07 AM -0800: -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Friday, July 20, 2007 10:38 PM To: Michael Scheidell Cc: users@spamassassin.apache.org Subject: Re: DKIM vs DomainKeys plugins However, AFAIK, the DKIM versions of the rules should fire in the place of the DK_* rules. SHOULD, as in RFC's? :-) (doesn't.. Actually) but when I get a chance I'll troubleshoot it and make a PR Does anyone have any emails from yahoo? They all have domainkeys. How is your dkim/domainkeys set up? What rules triggered? Or is this just me? I only use the DKIM SA plugin now with the latest Mail::DKIM perl module (version 0.26), which supports validation of both DK DKIM signature, and with this, both DK DKIM hits will both show up as DKIM hits. Test from yahoo (uses DK signature only): X-Spam-Status: No, score=-4.263 required=5 tests=[AWL=0.892, BAYES_00=-2.599, BOTNET_SERVERWORDS=-0.5, DKIM_SIGNED=0.001, DKIM_VERIFIED=-0.001, IP_NOT_FRIENDLY=0.334, L_P0F_D9=-0.4, L_P0F_Unix=-1, RCVD_IN_MXRATE_WL=-1, RELAY_US=0.01] X-Amavis-OS-Fingerprint: FreeBSD 4.7-5.2 (or MacOS X 10.2-10.4) (2) (up: 1800 hrs), (distance 9, link: ethernet/modem), [69.147.95.82] Received: from smtp119.plus.mail.sp1.yahoo.com (smtp119.plus.mail.sp1.yahoo.com [69.147.95.82]) by mail.inetmsg.com (INetMsg Mail Service) with SMTP id 980546D0C45 for [EMAIL PROTECTED]; Sat, 21 Jul 2007 13:36:17 -0700 (PDT) Received: (qmail 56102 invoked from network); 21 Jul 2007 20:36:17 - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-YMail-OSG:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding; b=KyMFQ/KnTUWMW4INZwzDVKi1jpqcixQQiBodqZ4fnptqcvbdAXR3/R/tYDU3Lvh+dLdoRtwLWm+zXgi50Q9K9xyOhL+HdZBoNkU1Tepe5udc6yJxWdEGzLi7VQrdoUYQwM4oDH+4DrtyO2HRzE0by3OdxY53OWwSAW23ebmflvE= ; Test from gmail (which now uses both DK DKIM signatures): X-Spam-Score: -4.563 X-Spam-Status: No, score=-4.563 required=5 tests=[AWL=-0.273, BAYES_00=-2.599, DKIM_SIGNED=0.001, DKIM_VERIFIED=-0.001, L_P0F_D16=-0.2, L_P0F_Linux=-0.5, RCVD_IN_MXRATE_WL=-1, RELAY_US=0.01, SPF_PASS=-0.001] X-Amavis-OS-Fingerprint: Linux 2.6 (newer, 2) (firewall!) [high throughput] (up: 7718 hrs), (distance 16, link: (Google 2)), [209.85.146.177] Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.177]) by mail.inetmsg.com (INetMsg Mail Service) with ESMTP id 1373F6D0C46 for [EMAIL PROTECTED]; Sat, 21 Jul 2007 13:35:57 -0700 (PDT) Received: by wa-out-1112.google.com with SMTP id l24so1615659waf for [EMAIL PROTECTED]; Sat, 21 Jul 2007 13:35:56 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; b=A9KjJ1nUil/AqVtycDlwIKYfKE1clx5MkEnB5RkRgiTwLXBnPsSxSDRDuuypTQIHFfS93z/ypCuxZbqQ7eTrc+JLmRfyAN5vlZuo5vtjDXX8p4PTh5WtGw52c22ar72dpn6zYXTrnQhdxQT+BTfgpm+Qg6JSEpWrS8uHLEInooM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding; b=MLl9a61usX0iHxBuGV0Jgx0kIxfegRla6Rh6Xn/TODe+kpYt1afI8Cxkyum9ltKPlTHJK5xbmPpZtGJEE3eEq178fQ8sBx96xxMeyG4/KUhBbZaNeumG4oZoiTO7vDh5CXIBNG6zO/dL8wjdbpO0Po013J3kqBDQPHMnJj+B488= Bill
Re: not everyone is happy with SA
On 20 Jul 2007, [EMAIL PROTECTED] spake thusly: Um, captcha? Then I'd doubly never respond to the abortion. It wasted bandwidth on the captcha AND I CANNOT READ THE CAPTCHA IN PLAIN TEXT. I use plain text for security reasons. What, are you worried about Langford basilisks? More significant is the disability problem, and the problem that spammers have long since defeated captcha anyway (what you do is, you put up the captcha images on a nasty porn site run by your affiliate and the drooling masses fill them in for you).
New PDF?
I have a few PDF's getting through now after doing pretty good, the latest 0.4 pdfinfo + sa 3.1.7 + sare rules + sa-update is not scoring enough on these: http://esmtp.webtent.net/mail1.txt http://esmtp.webtent.net/mail2.txt Do I need to tweak my rules scores to catch or is someone else able to block these otherwise? All of these seem to hit the same two rules, would it be OK to test for only those two rules and block or raise their score, or would that hit too much ham? 0.6 GMD_PDF_ENCRYPTED BODY: Attached PDF is encrypted 1.0 TVD_PDF_FINGER01 Mail matches standard pdf spam fingerprint -- Robert
Re: New PDF?
On Sat, Jul 21, 2007 at 06:52:14PM -0400, WebTent wrote: Do I need to tweak my rules scores to catch or is someone else able to block these otherwise? All of these seem to hit the same two rules, would it be OK to test for only those two rules and block or raise their score, or would that hit too much ham? 0.6 GMD_PDF_ENCRYPTED BODY: Attached PDF is encrypted 1.0 TVD_PDF_FINGER01 Mail matches standard pdf spam fingerprint I don't know what the first rule is so have no information about its hit rates. The second one hits 0 ham in the SA nightly test runs. If you aren't likely to receive legit mails in a similar format, feel free to up that score. -- Randomly Selected Tagline: I left it unlocked overnight, and it was finally stolen. The insurance check paid for a textbook. - Unknown about the Renault LeCar pgpizqEvmSBPe.pgp Description: PGP signature
Re: Spam Du Jour ? *.XLS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yet Another Ninja schrieb: LOL investors news-76212.xls, et all no real challenge jep , got 3 xls spams today - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGopH6fGH2AvR16oERAr7rAJ4vNizIo/EsmdJYGDiIGNsMFifqPwCfYSj6 U6jT3MLdWIbvV8Lmx0oEfg8= =g5DS -END PGP SIGNATURE-
Re: Spam Du Jour ? *.XLS
On Sun, 22 Jul 2007, Robert Schetterer wrote: investors news-76212.xls, et all no real challenge jep , got 3 xls spams today well, here too, but I think soon we'll get the whole mix ... a combinatoric explosion of envelope formats and content variants, meaning 'any windows-showable-fileformat' * 'all the already known picture-tricks embedded' Anybody working on generic detectors yet? (I really would like to plug that (w)hole :-) Something like amavis or clamav to first unpack and then spamassassin to analyze it? Stucki
Re: Sa-update question
On Saturday 21 July 2007, Theo Van Dinter wrote: On Sat, Jul 21, 2007 at 05:10:49AM -0400, Daryl C. W. O'Shea wrote: Now, I can presume to delete any earlier v3xx.pre files I guess. No. More specifically, the other pre files load other plugins. You can never just assume to delete config files unless you fully know that they're not being used for anything. In SA's case, it reads *.pre not just v320.pre. So I've been made to understand now, thanks. I hadn't deleted them yet pending an affirmative answer. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Life is knowing how far to go without crossing the line.
Re: Spam Du Jour ? *.XLS
On Sun, 22 Jul 2007 01:55:20 +0200 Chr. v. Stuckrad [EMAIL PROTECTED] wrote: On Sun, 22 Jul 2007, Robert Schetterer wrote: investors news-76212.xls, et all no real challenge jep , got 3 xls spams today well, here too, but I think soon we'll get the whole mix ... a combinatoric explosion of envelope formats and content variants, meaning 'any windows-showable-fileformat' * 'all the already known picture-tricks embedded' Anybody working on generic detectors yet? (I really would like to plug that (w)hole :-) Something like amavis or clamav to first unpack and then spamassassin to analyze it? Stucki You might also want to keep in mind if some versions of Outlook are being used to generate these spams, you could start seeing just a winmail.dat attachment. This would indicate a message was generated in RTF (rich text format). See: http://en.wikipedia.org/wiki/TNEF If that's the case, non Outlook users won't be able to open the attachments period. That is unless they have loaded the proper tools to extract what's inside.
DNS Perl Help? [ot]
OK - I'm not experienced at Perl by trying to do something that should be fairly simple for those of you who are good at it. I need a subroutine that I can pass and IP address to. It will do a reverse DNS lookup and get a hostname. Then lookup the hostname to verify that one of the IP addresses it returns matched the IP that was looked up. Return the host name if it succeeds ot an empty string if not. How do you do that? I'm building what will be an impressive public DNS blacklist/whitelist which I will share when it's working. Thanks in advance. Oh - also. If I have a string, what's that fastest way to count the number of periods in the string?
Re: Include directives in user_prefs was Whitelist of my friends -- followup
Theo Van Dinter wrote: On Sat, Jul 21, 2007 at 10:37:01AM -0500, Igor Chudov wrote: Can I somehow specify an include directive in my user_prefs file, such as include my_friends.cf? Did you look at perldoc Mail::SpamAssassin::Conf ? :) To be a bit more specific, yes, that exact option exists and is in the docs, at least for 3.0.x and higher. Exact text from the 3.2 docs: PREPROCESSING OPTIONS *include filename* Include configuration lines from |filename| http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#item_filename. Relative paths are considered relative to the current configuration file or user preferences file.