Re: Now its zip attachments ^^
On Mon, 2007-07-23 at 03:35 +0200, Hendrik Helmvoigt wrote: > This night it seems like we're beeing spammed again by xml documents, > but this time neatly packed into a zipfile: > > I'm really excited whats going to happen next. Maybe psd files embedded > in pdf and then rar'ed. > > And i'd still like to meet the person that goes through all that trouble > to read that spam, and then performs the action that the spammer wants > from him. > You are right in that. I dont think spammers are getting any positive hits. Probably the spammer of today no longer wishes to reach the end user with such mails IMHO it is either that 1) Spammers just want to exasperate the smaller spam filter providers by sending worthless spam. I have heard so many times the stupid declaration that spamassassin is "useless". 2) The Anti-spam giants ( with so many takeovers very few players left now ) are funding these spammers for obvious reasons > arni
Re: Stuff getting through
On Monday 23 July 2007, David Baron wrote: >>I mean the obvious stuff like "viagra" and such. Usually the spam is caught >>but sporadically it does get through. >> >>What is happening. > >Simply, there are no X-Spam headers on these (and none or some of the "ham" > as well). In other words, messages are being delivered before sa is > running! > >Originally, I was starting everything by their standard packaged /etc/init.d >scripts. All is fine except sa would start before the internet connection > was working, sa_update would fail, leaving ALL spam getting through! (To > me, this behavior is a bug--no sa_update today? Leave yesterday's rules > intact.) > >So I included in my 99z_end-all-catch-all script (needed because of other >things) which tries until ntpdate has worked implying a working internet >connection and then ran sa_update and started spamassassin from there. The >problem is now a catch 22: Fetchmail and exim are running beforehand and a >few messages can get delivered before sa comes up. > >I could move all of this to my script but there must be a better, more > correct and standard way to accomplish this. Any ideas? Humm, with my lashup here that Joanne helped me setup, S78spamassassin starts a few copies of spamd, and fetchmail is started much later in S99local. Its fetchmail that calls procmail, and its procmail that calls the spamd's, so there is no time that SA can be bypassed. I thought everyone was doing it. Somebodies better idea isn't? -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Corruption is not the #1 priority of the Police Commissioner. His job is to enforce the law and fight crime. -- P.B.A. President E. J. Kiernan
Re: Now its zip attachments ^^
> Hendrik Helmvoigt wrote: > >This night it seems like we're beeing spammed again by xml documents, > >but this time neatly packed into a zipfile: > > > >I'm really excited whats going to happen next. Maybe psd files embedded > >in pdf and then rar'ed. > > > >And i'd still like to meet the person that goes through all that trouble > >to read that spam, and then performs the action that the spammer wants > >from him. On 22.07.07 18:47, John Rudd wrote: > As I've said for years: we should just ban attachments. They're not > really useful for anything that can't be done a better way. Which only > leaves them being useful for attacks of one form or another. some people just want, some just need attachments. I think that if a filter (word plugin is used with different meaning in SA) would preprocess/convert those attachments to text, SA could just run standard rules over it and catch unwelcome words, do BAYES check over it, etc etc. So the words "dear winner" would match no matter if stored in text, HTML, .doc (tnef), gif or pdf ... Is there any such plan for SA? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set.
Re: migrating from clamav before mta to SA ClamAV plugin experiences
> > which MTA are you using? The clamav plugin should reject the e-mail the > > same way SA plugin does that (with much less CPU time spent) On 22.07.07 15:32, Robert - eLists wrote: > Uhlar ... and I thought that spelling my surname in capitals would preserver from this title ... :) > I use qmail-scanner-queue.pl, clamav, spamassassin and qmail > > I can reject spam over a certain scoring threshold this way, yet I have not > figured out a way to just reject email based upon having a virus signature > per clamav. what does clamav checking in that scanner do then? It should call clamdscan asap (before SA) and when a virus is found, the mail should be imediately rejected, the same way it's rejected when SA tells so. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. A day without sunshine is like, night.
Re: Now its zip attachments ^^
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matus UHLAR - fantomas schrieb: >> Hendrik Helmvoigt wrote: >>> This night it seems like we're beeing spammed again by xml documents, >>> but this time neatly packed into a zipfile: >>> >>> I'm really excited whats going to happen next. Maybe psd files embedded >>> in pdf and then rar'ed. >>> >>> And i'd still like to meet the person that goes through all that trouble >>> to read that spam, and then performs the action that the spammer wants >> >from him. > > On 22.07.07 18:47, John Rudd wrote: >> As I've said for years: we should just ban attachments. They're not >> really useful for anything that can't be done a better way. Which only >> leaves them being useful for attacks of one form or another. > > some people just want, some just need attachments. I think that if a filter > (word plugin is used with different meaning in SA) would preprocess/convert > those attachments to text, SA could just run standard rules over it and > catch unwelcome words, do BAYES check over it, etc etc. > > So the words "dear winner" would match no matter if stored in text, HTML, > .doc (tnef), gif or pdf ... > > Is there any such plan for SA? Hi all, meanwhile http://sanesecurity.co.uk/clamav/ catches also these zip spam - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGpHENfGH2AvR16oERAiqDAJ4uK6HD1Zvnz/dLb5+NeO5dtYSLJACeJwqN Y899WBOLLZz8G0UoSQw3KrQ= =cDw5 -END PGP SIGNATURE-
Re: Now its zip attachments ^^
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert Schetterer schrieb: > Matus UHLAR - fantomas schrieb: >>> Hendrik Helmvoigt wrote: This night it seems like we're beeing spammed again by xml documents, but this time neatly packed into a zipfile: I'm really excited whats going to happen next. Maybe psd files embedded in pdf and then rar'ed. And i'd still like to meet the person that goes through all that trouble to read that spam, and then performs the action that the spammer wants >>> >from him. >> On 22.07.07 18:47, John Rudd wrote: >>> As I've said for years: we should just ban attachments. They're not >>> really useful for anything that can't be done a better way. Which only >>> leaves them being useful for attacks of one form or another. >> some people just want, some just need attachments. I think that if a filter >> (word plugin is used with different meaning in SA) would preprocess/convert >> those attachments to text, SA could just run standard rules over it and >> catch unwelcome words, do BAYES check over it, etc etc. > >> So the words "dear winner" would match no matter if stored in text, HTML, >> .doc (tnef), gif or pdf ... > >> Is there any such plan for SA? > Hi all, > meanwhile > http://sanesecurity.co.uk/clamav/ > catches also these zip spam i forgot read the story here http://sanesecurity.blogspot.com/2007/07/from-pdf-to-xls-to-zipped-xls-stock.html and thx to steve for its work - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGpHGXfGH2AvR16oERAtV7AJ4+brYiSRH6Vw2lPVhJyKQ5tmUhlgCfWk77 QiSPZGpUdTKEWesgbfVh7So= =W6Xw -END PGP SIGNATURE-
Re: migrating from clamav before mta to SA ClamAV plugin experiences
On Mon, 23 Jul 2007 11:08:47 +0200, Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: >> > which MTA are you using? The clamav plugin should reject the e-mail the >> > same way SA plugin does that (with much less CPU time spent) > >On 22.07.07 15:32, Robert - eLists wrote: >> Uhlar > >... and I thought that spelling my surname in capitals would preserver from >this title ... :) > >> I use qmail-scanner-queue.pl, clamav, spamassassin and qmail >> >> I can reject spam over a certain scoring threshold this way, yet I have not >> figured out a way to just reject email based upon having a virus signature >> per clamav. > >what does clamav checking in that scanner do then? It should call clamdscan >asap (before SA) and when a virus is found, the mail should be imediately >rejected, the same way it's rejected when SA tells so. Umm, I may be missing the point here, but SA doesn't bounce mail, it just scores it. Considering the time that can be taken up with various scans it's not really feasible to hold open the smtp connection that long, so even if it could, bouncing may well not work. You then hit the problem that the chances of the sending address being legit are pretty low. So some poor sod is going to cop umpteen gazzilion bounce messages. I use a simpler solution here. If you send an email that gets tagged as a virus by any of the av scanners your IP address is put into a blocklist for a set period. The thought behind this is that viruses very rarely come in one at a time; if a host is infected it will send again and again. The blocking is done at MTA level. HTH Nigel
Re: migrating from clamav before mta to SA ClamAV plugin experiences
> >On 22.07.07 15:32, Robert - eLists wrote: > >> I use qmail-scanner-queue.pl, clamav, spamassassin and qmail > >> > >> I can reject spam over a certain scoring threshold this way, yet I have not > >> figured out a way to just reject email based upon having a virus signature > >> per clamav. > On Mon, 23 Jul 2007 11:08:47 +0200, Matus UHLAR - fantomas > <[EMAIL PROTECTED]> wrote: > >what does clamav checking in that scanner do then? It should call clamdscan > >asap (before SA) and when a virus is found, the mail should be imediately > >rejected, the same way it's rejected when SA tells so. On 23.07.07 10:19, Nigel Frankcom wrote: > Umm, I may be missing the point here, you seem to be :-) > but SA doesn't bounce mail, it just scores it. however according to his informations, his qmail queue scanner rejects the mail if it's spam, but not if it's virus (which is sick and a bug imho) > Considering the time that can be taken up with various > scans it's not really feasible to hold open the smtp connection that > long, should not be a problem if scaning does not count more than ~4 minutes (after 5 minutes many clients close connection and re-try, which results into a multiple mail delivery). > I use a simpler solution here. If you send an email that gets tagged > as a virus by any of the av scanners your IP address is put into a > blocklist for a set period. The thought behind this is that viruses > very rarely come in one at a time; if a host is infected it will send > again and again. this solution can be done as additional to , but imho should not be done instead of, virus checking. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot.
Attaching the spam message
Hello, I have spamassassin configured and running fine with postfix, amavisd-new and clamav. However, I would like to have spamassassin attach the spam message and report it to my recipient when I receive a spam message. I think it is the same message that appears when you: spamassassin -tD < mail.txt Also how can I customize that message? Pointing me to the right direction or documentation will be highly appreciated as I don't know where to look for it in the spamassassin docs. Thanks in advance for any help.. -- --- |Yousef Raffah| http://yousef.raffah.com |
Re: migrating from clamav before mta to SA ClamAV plugin experiences
On Mon, 23 Jul 2007 11:32:21 +0200, Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: >> >On 22.07.07 15:32, Robert - eLists wrote: >> >> I use qmail-scanner-queue.pl, clamav, spamassassin and qmail >> >> >> >> I can reject spam over a certain scoring threshold this way, yet I have >> >> not >> >> figured out a way to just reject email based upon having a virus signature >> >> per clamav. > >> On Mon, 23 Jul 2007 11:08:47 +0200, Matus UHLAR - fantomas >> <[EMAIL PROTECTED]> wrote: >> >what does clamav checking in that scanner do then? It should call clamdscan >> >asap (before SA) and when a virus is found, the mail should be imediately >> >rejected, the same way it's rejected when SA tells so. > >On 23.07.07 10:19, Nigel Frankcom wrote: >> Umm, I may be missing the point here, > >you seem to be :-) > >> but SA doesn't bounce mail, it just scores it. > >however according to his informations, his qmail queue scanner rejects the >mail if it's spam, but not if it's virus (which is sick and a bug imho) > >> Considering the time that can be taken up with various >> scans it's not really feasible to hold open the smtp connection that >> long, > >should not be a problem if scaning does not count more than ~4 minutes >(after 5 minutes many clients close connection and re-try, which results >into a multiple mail delivery). > >> I use a simpler solution here. If you send an email that gets tagged >> as a virus by any of the av scanners your IP address is put into a >> blocklist for a set period. The thought behind this is that viruses >> very rarely come in one at a time; if a host is infected it will send >> again and again. > >this solution can be done as additional to , but imho should not be done >instead of, virus checking. Ahh - it's not unheard of for me to miss the salient points :-) I don't think bouncing spam is such a good idea though, just my opinion, but it rarely originates from wherever it *says* it originates from. As far as AV scanning is concerned here, all mail that gets past the mta gets checked. My mta does various blocks and greylistings based on previous emails sent. This does throw up a very few fp's but in several years of running clam and 5 years plus of running my other virus scanners it's never happened with a virus. Still, never say never, it's bound to bite me in the ass one day. :-) Kind regards Nigel
Re: Stuff getting through
On Monday 23 July 2007, Gene Heskett wrote: > On Monday 23 July 2007, David Baron wrote: > >>I mean the obvious stuff like "viagra" and such. Usually the spam is > >> caught but sporadically it does get through. > >> > >>What is happening. > > > >Simply, there are no X-Spam headers on these (and none or some of the > > "ham" as well). In other words, messages are being delivered before sa is > > running! > > > >Originally, I was starting everything by their standard packaged > > /etc/init.d scripts. All is fine except sa would start before the > > internet connection was working, sa_update would fail, leaving ALL spam > > getting through! (To me, this behavior is a bug--no sa_update today? > > Leave yesterday's rules intact.) > > > >So I included in my 99z_end-all-catch-all script (needed because of other > >things) which tries until ntpdate has worked implying a working internet > >connection and then ran sa_update and started spamassassin from there. The > >problem is now a catch 22: Fetchmail and exim are running beforehand and a > >few messages can get delivered before sa comes up. > > > >I could move all of this to my script but there must be a better, more > > correct and standard way to accomplish this. Any ideas? > > Humm, with my lashup here that Joanne helped me setup, S78spamassassin > starts a few copies of spamd, and fetchmail is started much later in > S99local. Its fetchmail that calls procmail, and its procmail that calls > the spamd's, so there is no time that SA can be bypassed. > > I thought everyone was doing it. Somebodies better idea isn't? Problem is that the S78 will start spamassassin but that start does not necessarily get a valid rule-set. For that, the internet connection must be up at the time. So I moved the spamassassin start to a 99 level script. But fetchmail can be up before. So I guess the fetchmail start needs to be moved to after the effective spamassassin start. Problem is that with every upgrade, those rc#.d files may be restored if I am not careful :-)
Apply specific SA rulesets per domain
Hello all, I was wondering if any of you know if the following is possible : It would be nice to tell SA to use certain rule sets or exclude certain rulesets depending on the domain a mail is sent to. If at all possible , then a MySQL based list to tell which rules to use for a domain would be the nicest solution. Thanks in advance, Gerard de Brieder -- View this message in context: http://www.nabble.com/Apply-specific-SA-rulesets-per-domain-tf4128880.html#a11741382 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Attaching the spam message
On 07/23/07 11:56, Yousef Raffah wrote: Hello, I have spamassassin configured and running fine with postfix, amavisd-new and clamav. However, I would like to have spamassassin attach the spam message and report it to my recipient when I receive a spam message. AFAIK, with amavisd-new, you need to configure that in amavisd.conf using $defang_spam See amavisd.conf-sample and amavisd.conf-default # MIME defanging wraps the entire original mail in a MIME container of type # 'Content-type: multipart/mixed', where the first part is a text/plain with # a short explanation, and the second part is a complete original mail, # enclosed in a 'Content-type: message/rfc822' MIME part. # Defanging is only done when enabled (selectively by malware type), # and mail is considered malware (virus/spam/...), and the malware is allowed # to pass (*_lovers or *_destiny=D_PASS) # $defang_virus = 1; # default is false: don't modify mail body $defang_banned = 1; # default is false: don't modify mail body # $defang_bad_header = 1; # default is false: don't modify mail body # $defang_undecipherable = 1; # default is false: don't modify mail body # $defang_spam = 1; # default is false: don't modify mail body I think it is the same message that appears when you: spamassassin -tD < mail.txt Also how can I customize that message? Pointing me to the right direction or documentation will be highly appreciated as I don't know where to look for it in the spamassassin docs. Thanks in advance for any help..
Solved: Was: DKIM vs DomainKeys plugins
Here is what I found out: You only need the DKIM SpamAssassin plugin activated (you don't need the DomainKeys plugin) BUT, you need BOTH Mail-DKIM (> .20) perl AND Mail-DomainKkeys perl functions loaded. I suppose the SA DKIM plugin works for both. (I am not sure that was clear on INSTALL) Thanks for everyone who sent me signed email. -- Michael Scheidell, CTO SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
RE: DKIM vs DomainKeys plugins
> -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: Sunday, July 22, 2007 11:21 AM > To: Michael Scheidell > Cc: users@spamassassin.apache.org > Subject: Re: DKIM vs DomainKeys plugins > > > Looking at the messages, apparently verizon re-arranges the > message headers for no good reason. Being on the ICSA labs anti-spam consortium, and ICSA labs just purchased by verizon, maybe I can mention it needs fixing.; OBVIOUSLY, a meta DKIM_SIGNED && !DKIM_VERIFIED with a high score would FP on verison. (and I would say that if verizon violates RFC.. But then again, that is another argument) _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: migrating from clamav before mta to SA ClamAV plugin experiences
> On Mon, 23 Jul 2007 11:32:21 +0200, Matus UHLAR - fantomas > <[EMAIL PROTECTED]> wrote: > >however according to his informations, his qmail queue scanner rejects the > >mail if it's spam, but not if it's virus (which is sick and a bug imho) On 23.07.07 10:59, Nigel Frankcom wrote: > Ahh - it's not unheard of for me to miss the salient points :-) and I'm afraid you missed it again :-) > I don't think bouncing spam is such a good idea though, just my > opinion, but it rarely originates from wherever it *says* it > originates from. (at least I hope) it does not bounce, but reject the spam. The bounce is on sending side, which is, for most of the cases, the infected machine, and viruses do not generate bounces... (at least I don't know of any) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average.
RE: Now its zip attachments ^^
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, July 23, 2007 3:03 AM > To: Hendrik Helmvoigt > Cc: users@spamassassin.apache.org > Subject: Re: Now its zip attachments ^^ > > 1) Spammers just want to exasperate the smaller spam filter > providers by sending worthless spam. I have heard so many > times the stupid declaration that spamassassin is "useless". The positive results of the stock pump and dump shows just how stupid the end users are! > > > 2) The Anti-spam giants ( with so many takeovers very few > players left now ) are funding these spammers for obvious reasons Spammers harvesting email addresses from usenet groups: news.admin.net-abuse.email, and from anti-spam mailing lists shows just hos stupid the spammers are. _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
RE: migrating from clamav before mta to SA ClamAV plugin experiences
> -Original Message- > From: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED] > Sent: Monday, July 23, 2007 7:27 AM > To: users@spamassassin.apache.org > Subject: Re: migrating from clamav before mta to SA ClamAV > plugin experiences > > On 23.07.07 10:59, Nigel Frankcom wrote: > > Ahh - it's not unheard of for me to miss the salient points :-) > > (at least I hope) it does not bounce, but reject the spam. > The bounce is on sending side, which is, for most of the > cases, the infected machine, and viruses do not generate > bounces... (at least I don't know of any) Maybe try clamassassin? I don't know if it can send smtp reject during the initial session, maybe it can. _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: Attaching the spam message
On 23.07.07 12:56, Yousef Raffah wrote: > I have spamassassin configured and running fine with postfix, > amavisd-new and clamav. However, I would like to have spamassassin > attach the spam message and report it to my recipient when I receive a > spam message. I think it is the same message that appears when you: so, instead of getting the spam, received will get infromation about spam with the spam attached? Doesn't it defeat the whole idea of spam filtering? If you want to make sure no "regular" mail is lost, configure MTA to tag all mail, but reject only spam with score over safe treshold (10 is usually OK) So even possible-spams will get delivered and users can check them once in a period for false positives... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool.
Delivering [Spam] to the .Spam Folder
I am using Spamassassin 3.1.8 which is the most recent available of the 3.1.x series to Gentoo users. Using qmail, vpopmail, and qmail-scanner to invoke spamassassin. I am using verbose spamassassin mode, and am trying to get mails tagged with rewrite_subject [Spam] to be auto-delivered to the Maildir/.Spam folder. The challenge is that I want this to be done site-wide, and for some reason that I cannot tell, this no longer works for me. Meaning that it was working, and I cannot explain why not any longer. Except that on Friday, I needed to remove fprot from the qmail-scanner process. It was throwing some nasty errors on my box, and when I recompiled everything, I've just been getting no love at all. However, one thing that is of interest is that MOST of the [Spam] ends up in the proper place. Some [Spam] slips by. The stuff that slips by is somehow using the /etc/spamassassin/local.cf preferences. All the [Spam] that is properly delivered to Maildir/.Spam is using my /var/vpopmail/domains/%d/%l/.spamassassin/user_prefs file. What would be the cause of two different prefs files in use by the same account? It's the weirdest thing. Qmail-scanner config options: ./configure --spooldir /var/spool/qmailscan --qmaildir /var/qmail --bindir /var/qmail/bin --qmail-queue-binary /var/qmail/bin/qmail-queue --admin postmaster --domain ark --notify psender,nmlvadm --local-domains ark --silent-viruses auto --lang en_GB --debug 1 --unzip 1 --block-password-protected 0 --add-dscr-hdrs 0 --archive 0 --redundant yes --log-details syslog --log-crypto 0 --fix-mime 2 --ignore-eol-check 0 --scanners "auto" --install 1 Spamd runtime options: -c -d -v -s local4 -q -u vpopmail --virtual-config-dir=/var/vpopmail/domains/%d/%l/.spamassassin/ -H /var/vpopmail Any help would be greatly appreciated, I have lost 3 days looking for an answer but have just exhausted myself trying. Thanks. -- View this message in context: http://www.nabble.com/Delivering--Spam--to-the-.Spam-Folder-tf4129345.html#a11742651 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Solved: Was: DKIM vs DomainKeys plugins
Michael Scheidell wrote: > Here is what I found out: > > You only need the DKIM SpamAssassin plugin activated (you don't need the > DomainKeys plugin) BUT, you need BOTH Mail-DKIM (> .20) perl AND > Mail-DomainKkeys perl functions loaded. > I suppose the SA DKIM plugin works for both. > > (I am not sure that was clear on INSTALL) > > Thanks for everyone who sent me signed email. > This is not correct. I don't have the DomainKeys perl module (Mail::DomainKeys) installed, and DK and DKIM work fine here with only the SA DKIM plugin enabled. perl -e 'use Mail::DKIM; print $Mail::DKIM::VERSION,"\n"' 0.26 === perl -e 'use Mail::DomainKeys; print $Mail::DomainKeys::VERSION,"\n"' Can't locate Mail/DomainKeys.pm in @INC (@INC contains: /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at -e line 1. BEGIN failed--compilation aborted at -e line 1. Bill
Upgrade problem from 3.1.7 to 3.2.1
Hi In to my smtp-relay (debian dabsed) I've installed spamassassin from debian-package and after upgrade it by the follow command: /usr/bin/cpan Mail::SpamAssassin Now when I trying to upgrade spamassassin v3.1.7 to v3.2.1 with the same command I saw the following messages: t/spamc_optCNot found: reported spam = Message successfully reported/revoked # Failed test 2 in t/SATest.pm at line 635 Output can be examined in: log/d.spamc_optC/out.1 t/spamc_optCNOK 2 Not found: revoked ham = Message successfully reported/revoked # Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 t/spamc_optCNOK 4 Not found: failed to report spam = Unable to report/revoke message # Failed test 6 in t/SATest.pm at line 635 fail #3 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 log/d.spamc_optC/out.5 t/spamc_optCNOK 6 Not found: failed to revoke ham = Unable to report/revoke message # Failed test 8 in t/SATest.pm at line 635 fail #4 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 log/d.spamc_optC/out.5 log/d.spamc_optC/out.7 t/spamc_optCFAILED tests 2, 4, 6, 8 Failed 4/9 tests, 55.56% okay t/spamc_optL# Failed test 1 in t/spamc_optL.t at line 20 Not found: learned spam = Message successfully un/learned # Failed test 2 in t/SATest.pm at line 635 Output can be examined in: t/spamc_optLNOK 2# Failed test 3 in t/spamc_optL.t at line 24 Not found: already learned spam = Message was already un/learned # Failed test 4 in t/SATest.pm at line 635 fail #2 t/spamc_optLNOK 3Output can be examined in: t/spamc_optLNOK 4ERROR: Bayes dump returned an error, please re-run with -D for more information # Failed test 5 in t/spamc_optL.t at line 28 Not found: spam in database = 1 0 non-token data: nspam t/spamc_optLNOK 5# Failed test 6 in t/SATest.pm at line 635 fail #3 Output can be examined in: t/spamc_optLNOK 6# Failed test 7 in t/spamc_optL.t at line 32 Not found: forget spam = Message successfully un/learned # Failed test 8 in t/SATest.pm at line 635 fail #4 Output can be examined in: t/spamc_optLNOK 8# Failed test 9 in t/spamc_optL.t at line 36 Not found: learned ham = Message successfully un/learned # Failed test 10 in t/SATest.pm at line 635 fail #5 t/spamc_optLNOK 9Output can be examined in: t/spamc_optLNOK 10# Failed test 11 in t/spamc_optL.t at line 40 Not found: already learned ham = Message was already un/learned # Failed test 12 in t/SATest.pm at line 635 fail #6 Output can be examined in: t/spamc_optLNOK 12ERROR: Bayes dump returned an error, please re-run with -D for more information # Failed test 13 in t/spamc_optL.t at line 44 Not found: ham in database = 1 0 non-token data: nham # Failed test 14 in t/SATest.pm at line 635 fail #7 Output can be examined in: t/spamc_optLNOK 14# Failed test 15 in t/spamc_optL.t at line 48 Not found: learned ham = Message successfully un/learned # Failed test 16 in t/SATest.pm at line 635 fail #8 Output can be examined in: t/spamc_optLFAILED tests 1-16 Failed 16/16 tests, 0.00% okay t/spamd_allow_user_rulesok 3/5 Not found: myfoo = 1.0 MYFOO # Failed test 4 in t/SATest.pm at line 635 Output can be examined in: log/d.spamd_allow_user_rules/out.2 log/d.spamd_allow_user_rules/spamd.err.1 t/spamd_allow_user_rulesFAILED test 4 Failed 1/5 tests, 80.00% okay At the follow error I've stop all. Which is it the problem? Lack some library? Can You suggest how can solve it? Andrea Balzi
Re: Upgrade problem from 3.1.7 to 3.2.1
On Mon, 2007-07-23 at 14:58 +0200, Balzi Andrea wrote: > Hi > > In to my smtp-relay (debian dabsed) I've installed spamassassin from > debian-package and after upgrade it by the follow command: > > /usr/bin/cpan Mail::SpamAssassin > > Now when I trying to upgrade spamassassin v3.1.7 to v3.2.1 with the same > command I saw the following messages: > > t/spamc_optCNot found: reported spam = Message Bug 5510 > > At the follow error I've stop all. > Which is it the problem? Lack some library? Can You suggest how can > solve it? Don't compile it as root. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com
Re: DKIM vs DomainKeys plugins
Michael Scheidell wrote: >> -Original Message- >> From: Matt Kettler [mailto:[EMAIL PROTECTED] >> Sent: Sunday, July 22, 2007 11:21 AM >> To: Michael Scheidell >> Cc: users@spamassassin.apache.org >> Subject: Re: DKIM vs DomainKeys plugins >> >> >> Looking at the messages, apparently verizon re-arranges the >> message headers for no good reason. >> > > Being on the ICSA labs anti-spam consortium, and ICSA labs just > purchased by verizon, maybe I can mention it needs fixing.; > Well, they're also partnered with yahoo for email services (ie: you have the option of using MSN, yahoo, or verizon's own mailservers). You'd think that partnership would cause them to have an interest in making DK work.. but > OBVIOUSLY, a meta DKIM_SIGNED && !DKIM_VERIFIED with a high score would > FP on verison. > (and I would say that if verizon violates RFC.. But then again, that is > another argument) > __ They also don't insert any kind of return-path or similar header, so by the time I get my email I can't tell what the envelope sender was. In general Verizon is nearly as incompetent as Comcast is, so I'd not expect to get terribly far.
Re: Upgrade problem from 3.1.7 to 3.2.1
Balzi Andrea wrote: > Hi > > In to my smtp-relay (debian dabsed) I've installed spamassassin from > debian-package and after upgrade it by the follow command: > > /usr/bin/cpan Mail::SpamAssassin > > Now when I trying to upgrade spamassassin v3.1.7 to v3.2.1 with the same > command I saw the following messages: > At the follow error I've stop all. > Which is it the problem? Lack some library? Can You suggest how can > solve it? > Known bug in SA 3.2.1 and 3.1.8. Due to a bug in the test scripts, it will always fail if make test is run as root. There's a trick to get CPAN to do a make-test as non-root (which I forget what is).. The other alternatives would be: use a source-tarball and manually build/test it as a non-root user then su to root for the make install stage tell CPAN to force install wait for 3.2.2 to be released, which fixes this issue.
Re: Attaching the spam message
Yousef Raffah wrote: > Hello, > > I have spamassassin configured and running fine with postfix, > amavisd-new and clamav. However, I would like to have spamassassin > attach the spam message and report it to my recipient when I receive a > spam message. I think it is the same message that appears when you: > > spamassassin -tD < mail.txt Amavis generates its own markups, but I think if you turn off the "fast spamassassin" option it might use SA's markups.. > > Also how can I customize that message? see report_template in man Mail::SpamAssassin::Conf. > > Pointing me to the right direction or documentation will be highly > appreciated as I don't know where to look for it in the spamassassin > docs. > > Thanks in advance for any help.. >
RE: Upgrade problem from 3.1.7 to 3.2.1
Is there an ETA for 3.2.2 yet? -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Monday, July 23, 2007 8:08 AM To: Balzi Andrea Cc: users@spamassassin.apache.org Subject: Re: Upgrade problem from 3.1.7 to 3.2.1 Balzi Andrea wrote: > Hi > > In to my smtp-relay (debian dabsed) I've installed spamassassin from > debian-package and after upgrade it by the follow command: > > /usr/bin/cpan Mail::SpamAssassin > > Now when I trying to upgrade spamassassin v3.1.7 to v3.2.1 with the same > command I saw the following messages: > At the follow error I've stop all. > Which is it the problem? Lack some library? Can You suggest how can > solve it? > Known bug in SA 3.2.1 and 3.1.8. Due to a bug in the test scripts, it will always fail if make test is run as root. There's a trick to get CPAN to do a make-test as non-root (which I forget what is).. The other alternatives would be: use a source-tarball and manually build/test it as a non-root user then su to root for the make install stage tell CPAN to force install wait for 3.2.2 to be released, which fixes this issue.
Re: migrating from clamav before mta to SA ClamAV plugin experiences
There are a number of qmail specific programs that use clamav other than qmail-scanner (which, based on a quick skim of their page, doesn't seem to support SMTP-time rejection). The ClamAV website has several alternatives, a couple of which appear to do SMTP-time rejection, listed at http://www.clamav.net/download/third-party-tools/3rdparty-mta/ Hope that helps... On Sun, 22 Jul 2007, Robert - eLists wrote: Would anyone care to share their experiences of migrating from having their pre MTA program handoff to clamav for email virus scanning changed to doing it with the SA ClamAV plugin way ??? The reason I am thinking about migrating and doing it with the SA ClamAV plugin way is that I can just reject the email at the SMTP level instead of storing it as a quarantine... Well, at least I haven't figured out how to do smtp reject the other way yet. Thanks in advance - rh -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool =--+--- All syllogisms contain three lines | [EMAIL PROTECTED] Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: Apply specific SA rulesets per domain
>>> On 7/23/2007 at 6:38 AM, in message <[EMAIL PROTECTED]>, smeevil <[EMAIL >>> PROTECTED]> wrote: Hello all, I was wondering if any of you know if the following is possible : It would be nice to tell SA to use certain rule sets or exclude certain rulesets depending on the domain a mail is sent to. If at all possible , then a MySQL based list to tell which rules to use for a domain would be the nicest solution. Thanks in advance, Gerard de Brieder -- View this message in context: http://www.nabble.com/Apply-specific-SA-rulesets-per-domain-tf4128880.html#a11741382 Sent from the SpamAssassin - Users mailing list archive at Nabble.com. It'd be a little work to start with, but you could write a script that read the SA documentation and parsed out every rule and input it into your database, and 0 out the rules you don't want to use? Matt Yette Network Analyst I Faxton St. Lukes Healthcare 315-624-5843 [EMAIL PROTECTED] <¤#/srv/gw/mvndom/wptemp/43ccc243.qm8
Re: Now its zip attachments ^^
Matus UHLAR - fantomas wrote: On 22.07.07 18:47, John Rudd wrote: As I've said for years: we should just ban attachments. They're not really useful for anything that can't be done a better way. Which only leaves them being useful for attacks of one form or another. some people just want, some just need attachments. "some people just want" -- yup, no disagreement there. No matter how many alternatives you give them, some people just want the ease and convenience of attachments. "some just need" -- no, I can't agree there. I have yet to come across ANY situation where a person _NEEDED_ attachments. As I said above, there's nothing that can be done with attachments that you can't do another way.
Re: Now its zip attachments ^^
> "some just need" -- no, I can't agree there. I have yet to come across > ANY situation where a person _NEEDED_ attachments. As I said above, > there's nothing that can be done with attachments that you can't do > another way. In fact, nobody _NEEDS_ email, because we could just FTP text files around and then IM each other to say "I dropped a message in your FTP inbox." But in real twenty-first-century life, our users expect email to be a combination of near-real-time communications and file transfer, and since they're the people who are responsible for our getting paid it seems worthwhile to deliver what they expect instead of getting hung up on the purpose of email as defined in 1970-whatever. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com "...Life is not a journey to the grave with the intention of arriving safely in one pretty and well-preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!!" -- Bill McKenna
Re: Now its zip attachments ^^
I would start by banning Outlook along with attachments. Why stop there, ban -all- Microsoft products from the internet. Next, I would ban smoking, unhealthy foods, and moronic neo-cons. Come on, this is Earth we are talking about. The whole point of SpamAssassin is to attempt to make ordinary people's use of email tolerable again, under the onslaught of crap. SA, along with the various external services it employs, does a fantastic job, thanks to a great bunch of guys who appear here every day. _ On Mon, 23 Jul 2007, John Rudd wrote: Matus UHLAR - fantomas wrote: On 22.07.07 18:47, John Rudd wrote: As I've said for years: we should just ban attachments. They're not really useful for anything that can't be done a better way. Which only leaves them being useful for attacks of one form or another. some people just want, some just need attachments. "some people just want" -- yup, no disagreement there. No matter how many alternatives you give them, some people just want the ease and convenience of attachments. "some just need" -- no, I can't agree there. I have yet to come across ANY situation where a person _NEEDED_ attachments. As I said above, there's nothing that can be done with attachments that you can't do another way.
Suddenly getting terse reports and don't know why.
Why would I be all of a sudden getting a terse report in the body of my messages? This is with 3.2.0
Re: Now its zip attachments ^^
John Rudd wrote: Matus UHLAR - fantomas wrote: On 22.07.07 18:47, John Rudd wrote: As I've said for years: we should just ban attachments. They're not really useful for anything that can't be done a better way. Which only leaves them being useful for attacks of one form or another. some people just want, some just need attachments. "some people just want" -- yup, no disagreement there. No matter how many alternatives you give them, some people just want the ease and convenience of attachments. "some just need" -- no, I can't agree there. I have yet to come across ANY situation where a person _NEEDED_ attachments. As I said above, there's nothing that can be done with attachments that you can't do another way. Of course these things COULD be done another way. But not always as easily or as quickly as with attachments. Can you recommend a quick and easy replacement to attachments when my boss wants me to send him an excel file he needs for a meeting with an auditor? 1. FTP? Easy for me to setup and upload the file to the server. But now my boss has to open an ftp client (yes you can use a browser but does he know this?) He doesnt even know what ftp is..and now he needs to use a username and password just to get this file I could have easily emailed him? Too much work on his part. 2. Put it up on our company intranet? This is somewhat less work than ftp but since it is publicly accessible (inside our organization), there would need to be some authentication. This ALMOST worked for us here except for that time when the ceo needed a report sent to him but he was not in the building. He wanted it on his blackberry..hmm..how to get a report to a blackberry remotely without email and attachments? 3. ??
Re: Stuff getting through
On Monday 23 July 2007, David Baron wrote: >On Monday 23 July 2007, Gene Heskett wrote: >> On Monday 23 July 2007, David Baron wrote: [...] >> Humm, with my lashup here that Joanne helped me setup, S78spamassassin >> starts a few copies of spamd, and fetchmail is started much later in >> S99local. Its fetchmail that calls procmail, and its procmail that calls >> the spamd's, so there is no time that SA can be bypassed. >> >> I thought everyone was doing it. Somebodies better idea isn't? > >Problem is that the S78 will start spamassassin but that start does not >necessarily get a valid rule-set. For that, the internet connection must be >up at the time. And why would it not be when the network start is S10network? >So I moved the spamassassin start to a 99 level script. But >fetchmail can be up before. So I guess the fetchmail start needs to be moved >to after the effective spamassassin start. > >Problem is that with every upgrade, those rc#.d files may be restored if I > am not careful :-) Sounds like it may be time to see why your network isn't up and running. Note that I am on a desktop here, so network manager, which has so far been the cause of more network failures than all of my combined typu's ever have, is NOT running and has been nuked from the system. But, even my lappy, which uses DHCP, is getting started from S10network, NM has also been nuked there. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) GREAT MOMENTS IN HISTORY (#7): April 2, 1751 Issac Newton becomes discouraged when he falls up a flight of stairs.
Re: Now its zip attachments ^^
On Monday 23 July 2007, Jerry Glomph Black wrote: >I would start by banning Outlook along with attachments. >Why stop there, ban -all- Microsoft products from the internet. > >Next, I would ban smoking, unhealthy foods, and moronic neo-cons. > >Come on, this is Earth we are talking about. > >The whole point of SpamAssassin is to attempt to make ordinary people's use > of email tolerable again, under the onslaught of crap. SA, along with the > various external services it employs, does a fantastic job, thanks to a > great bunch of guys who appear here every day. I'll probably have to stand in line longer than my kidneys will hold out, but I have to say a hearty Amen! to those that do help here. It is much appreciated. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Blessed is he who expects no gratitude, for he shall not be disappointed. -- W.C. Bennett
RE: Now its zip attachments ^^
Wait, would that ban on smoking include cigars too? Are regular neo-cons okay? Please delete. -Original Message- From: Jerry Glomph Black [mailto:[EMAIL PROTECTED] Sent: Monday, July 23, 2007 10:32 AM To: John Rudd Cc: users@spamassassin.apache.org Subject: Re: Now its zip attachments ^^ I would start by banning Outlook along with attachments. Why stop there, ban -all- Microsoft products from the internet. Next, I would ban smoking, unhealthy foods, and moronic neo-cons. Come on, this is Earth we are talking about. The whole point of SpamAssassin is to attempt to make ordinary people's use of email tolerable again, under the onslaught of crap. SA, along with the various external services it employs, does a fantastic job, thanks to a great bunch of guys who appear here every day. _ On Mon, 23 Jul 2007, John Rudd wrote: > Matus UHLAR - fantomas wrote: > >> On 22.07.07 18:47, John Rudd wrote: >>> As I've said for years: we should just ban attachments. They're not >>> really useful for anything that can't be done a better way. Which only >>> leaves them being useful for attacks of one form or another. >> >> some people just want, some just need attachments. > > "some people just want" -- yup, no disagreement there. No matter how many > alternatives you give them, some people just want the ease and convenience of > attachments. > > > "some just need" -- no, I can't agree there. I have yet to come across ANY > situation where a person _NEEDED_ attachments. As I said above, there's > nothing that can be done with attachments that you can't do another way. >
disable use of ~/.spamassassin
Hi, I'm trying to disable spamassassin (spamd) attempts
to use ~/.spamassassin all configurations are in cf files.
I invoking with:
exec spamd --nouser-config --username=qmaild -m ${MAX} --syslog=stderr 2>&1
and config includes:
use_bayes 0
auto-whitelist 0
use_auto_whitelist 0
Yet my logs still have the errors.
2007-07-23 10:09:00.670259500 [9905] info: spamd: connection from ohm
[127.0.0.1] at port 57157
2007-07-23 10:09:00.679882500 [9905] error: mkdir /var/qmail/.spamassassin:
Permission denied at /usr/local/share/perl/5.6.1/Mail/SpamAssassin.pm line 1480
2007-07-23 10:09:00.717337500 [9905] info: spamd: checking message <[EMAIL
PROTECTED]> for qmaild:1004
2007-07-23 10:09:02.206015500 [9905] error: mkdir /var/qmail/.spamassassin:
Permission denied at /usr/local/share/perl/5.6.1/Mail/SpamAssassin.pm line 1480
2007-07-23 10:09:02.208906500 [9905] error: locker: safe_lock: cannot create
tmp lockfile /var/qmail/.spamassassin/auto-whitelist.lock.ohm.9905 for
/var/qmail/.spamassassin/auto-whitelist.lock: No such file or directory
2007-07-23 10:09:02.210097500 [9905] warn: auto-whitelist: open of
auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile
/var/qmail/.spamassassin/auto-whitelist.lock.ohm.9905 for
/var/qmail/.spamassassin/auto-whitelist.lock: No such file or directory
2007-07-23 10:09:02.250679500 [9905] info: spamd: clean message (1.1/5.0) for
qmaild:1004 in 1.6 seconds, 3578 bytes.
2007-07-23 10:09:02.255049500 [9905] info: spamd: result: . 1 -
HTML_FONT_BIG,HTML_IMAGE_ONLY_32,HTML_MESSAGE,MIME_HTML_ONLY
scantime=1.6,size=3578,user=qmaild,uid=1004,required_score=5.0,rhost=ohm,raddr=127.0.0.1,rport=57157,mid=<[EMAIL
PROTECTED]>,autolearn=no
SpamAssassin Server version 3.1.2
SpamAssassin Client version 3.1.2
How can I disable the use of ~/.spamassassin altogether?
// George
--
George Georgalis, information system scientist <
Re: not everyone is happy with SA
On 7/20/07 12:55 PM, "Skip Brott" <[EMAIL PROTECTED]> ostensibly wrote: > If I send an email to a valid > address, I find it a bit offensive that they send a challenge back. Why is > it my responsibility as the sender to teach another system to accept mail > from me? Why is it my responsibility as a holder of a valid email address to accept mail from anyone who wants to send me the mail? As the owner of the email address or, as the admin of the domain's mail server, I have no obligation to accept your mail at all. Obligations should be on the sender. -- Robot Terror ³Always a treat, never a threat² http://robotterror.com [EMAIL PROTECTED]
Re: R: Any mailbox-challenge plugin?
and isn't considered to be that much better than C/R (it doesn't clutter a forged-sender's mail box, but it can bog down a forged-sender's mail server with verification requests). Well, it may be. I know, however, that a lot of people is doing this at the MTA level in order to reject mails with forget sender. Also, SAV's drawbacks may probably be mitigated by caching the results. Except that many ISP's will blacklist you for probing them in this manner. It even mentions it right in the postfix documentation. http://www.postfix.org/ADDRESS_VERIFICATION_README.html#limitations
Re: Now its zip attachments ^^
I have to mention how pleased we are with the sanesecurity clamav tool. We have always used spamassassin with many custom rule sets, dcc and rbls, with clamd for virus scanning. We have been getting a large number (~4,500 per day) of these PDF and other attachment spams making it through SA, even with PDFinfo and everything else we could throw at them. After adding the sanesecurity sigs to clamd last week not one PDF has made it through. And since clamd unpacks and examines every attachment anyway it is no additional load. In fact, due to the messages not hitting SA it probably reduced load slightly. John P. Scully President/CTO iSupportISP LLC 33 North high st Suite 1000 Columbus, OH 43215 614-586-4040 614-226-6110 Mobile 614-586-4044 Fax [EMAIL PROTECTED] Your Private Label Internet and Digital Phone Provider - Original Message - From: "Robert Schetterer" <[EMAIL PROTECTED]> To: Sent: Monday, July 23, 2007 5:15 AM Subject: Re: Now its zip attachments ^^ > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Robert Schetterer schrieb: > > Matus UHLAR - fantomas schrieb: > >>> Hendrik Helmvoigt wrote: > This night it seems like we're beeing spammed again by xml documents, > but this time neatly packed into a zipfile: > > I'm really excited whats going to happen next. Maybe psd files embedded > in pdf and then rar'ed. > > And i'd still like to meet the person that goes through all that trouble > to read that spam, and then performs the action that the spammer wants > >>> >from him. > >> On 22.07.07 18:47, John Rudd wrote: > >>> As I've said for years: we should just ban attachments. They're not > >>> really useful for anything that can't be done a better way. Which only > >>> leaves them being useful for attacks of one form or another. > >> some people just want, some just need attachments. I think that if a filter > >> (word plugin is used with different meaning in SA) would preprocess/convert > >> those attachments to text, SA could just run standard rules over it and > >> catch unwelcome words, do BAYES check over it, etc etc. > > > >> So the words "dear winner" would match no matter if stored in text, HTML, > >> .doc (tnef), gif or pdf ... > > > >> Is there any such plan for SA? > > Hi all, > > meanwhile > > http://sanesecurity.co.uk/clamav/ > > catches also these zip spam > > i forgot > read the story here > > http://sanesecurity.blogspot.com/2007/07/from-pdf-to-xls-to-zipped-xls-stock.html > > and thx to steve for its work > > - -- > Mit freundlichen Gruessen > Best Regards > > Robert Schetterer > > https://www.schetterer.org > Germany > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org > > iD8DBQFGpHGXfGH2AvR16oERAtV7AJ4+brYiSRH6Vw2lPVhJyKQ5tmUhlgCfWk77 > QiSPZGpUdTKEWesgbfVh7So= > =W6Xw > -END PGP SIGNATURE- > >
Re: DNS Perl Help? [ot]
> OK - Thanks for your help on that one, Still need the DNS stuff figured
> out, That's the last piece in what will be an extrodinarilly powerful
> whitelisting system. I'll publish the code once it is tested. I think a
> lot of people will want to use it and improve it.
Using Net::DNS, here is a snip of what I have used in the past. It
returns the PTR record, and if not available, returns the IP.
sub get_ame {
my $ip = shift;
my $res = Net::DNS::Resolver->new;
my $query = $res->search("$ip");
if ($query) {
foreach my $rr ($query->answer) {
next unless $rr->type eq "PTR";
return ($rr->rdatastr);
}
} else {
return ($ip);
}
}
HTH,
Steve
Re: Now its zip attachments ^^
John Rudd wrote: > "some just need" -- no, I can't agree there. I have yet to come > across > ANY situation where a person _NEEDED_ attachments. As I said above, > there's nothing that can be done with attachments that you can't do > another way. That is very similar to saying that a person does not NEED a car - he could just walk. Or take the bus or a train. Or all three combined. /Per Jessen, Zürich
cf for GIFs
Hi all, I had to rebuild my machine and , although I have the 70_ rules, and have run sa-update, I think I'm missing the CF that catches the gif image spam- the pharmacy specials Can someone tell me which one that was TIA Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Phone:212-941-5300 xt 36 Fax: 212-941-5563 Mailto: [EMAIL PROTECTED]
Re: not everyone is happy with SA
On Fri, 20 Jul 2007, Robot Terror wrote: > Why is it my responsibility as a holder of a valid email address > to accept mail from anyone who wants to send me the mail? Who ever said *that*? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Where We Want You To Go Today 07/05/07: Microsoft patents in-OS adware architecture incorporating spyware, profiling, competitor suppression and delivery confirmation (U.S. Patent #20070157227) --- 12 days until The 272nd anniversary of John Peter Zenger's acquittal
Routing messages marked as [Spam] to Maildir/.Spam
I apologize if this is a duplicate. I posted the original using Nabble, but there was an error message and not sure if it went through or not. Here goes: I am using Qmail-Scanner 1.25 and Spamassassin 3.1.8 which is the most recent available of the 3.1.x series to Gentoo users. Using qmail, vpopmail, and qmail-scanner to invoke spamassassin. I am using verbose spamassassin mode, and am trying to get mails tagged with rewrite_subject [Spam] to be auto-delivered to the Maildir/.Spam folder. The challenge is that I want this to be done site-wide, and for some reason that I cannot tell, this no longer works for me. Meaning that it was working, and I cannot explain why not any longer. Except that on Friday, I needed to remove fprot from the qmail-scanner process. It was throwing some nasty errors on my box, and when I recompiled everything, I've just been getting no love at all. However, one thing that is of interest is that MOST of the [Spam] ends up in the proper place. Some [Spam] slips by. The stuff that slips by is somehow using the /etc/spamassassin/local.cf preferences. All the [Spam] that is properly delivered to Maildir/.Spam is using my /var/vpopmail/domains/%d/%l/.spamassassin/user_prefs file. What would be the cause of two different prefs files in use by the same account? It's the weirdest thing. Qmail-scanner config options: ./configure --spooldir /var/spool/qmailscan --qmaildir /var/qmail --bindir /var/qmail/bin --qmail-queue-binary /var/qmail/bin/qmail-queue --admin postmaster --domain ark --notify psender,nmlvadm --local-domains ark --silent-viruses auto --lang en_GB --debug 1 --unzip 1 --block-password-protected 0 --add-dscr-hdrs 0 --archive 0 --redundant yes --log-details syslog --log-crypto 0 --fix-mime 2 --ignore-eol-check 0 --scanners "auto" --install 1 Spamd runtime options: -c -d -v -s local4 -q -u vpopmail --virtual-config-dir=/var/vpopmail/domains/%d/%l/.spamassassin/ -H /var/vpopmail Any help would be greatly appreciated, I have lost 3 days looking for an answer but have just exhausted myself trying. Thanks.
Re: Now its zip attachments ^^
On Mon, 23 Jul 2007, John Scully wrote: >... After adding the sanesecurity sigs to clamd last > week not one PDF has made it through. And since clamd unpacks and examines > every attachment anyway it is no additional load. In fact, due to the > messages not hitting SA it probably reduced load slightly. I have a 'political problem' with that. We 'drop' knowv viruses into a quarantine directory without further notice, and only once in years somebody complained and wanted his virus back :-) We *only* TAG spam with headers, then users decide to drop, move, or read it. So if I 'simply insert' those clamav sigs, spam would be handled as a virus, not as 'our spam', which I'm not allowed to destroy. Did somebody of you create an extra 'instance' of clamad-filter to fight spam with spam-sigs only, without scaning for virus-sigs? Does that sound feasible? Stucki
Re: Now its zip attachments ^^
Chr. v. Stuckrad wrote: On Mon, 23 Jul 2007, John Scully wrote: ... After adding the sanesecurity sigs to clamd last week not one PDF has made it through. And since clamd unpacks and examines every attachment anyway it is no additional load. In fact, due to the messages not hitting SA it probably reduced load slightly. I have a 'political problem' with that. We 'drop' knowv viruses into a quarantine directory without further notice, and only once in years somebody complained and wanted his virus back :-) We *only* TAG spam with headers, then users decide to drop, move, or read it. So if I 'simply insert' those clamav sigs, spam would be handled as a virus, not as 'our spam', which I'm not allowed to destroy. Did somebody of you create an extra 'instance' of clamad-filter to fight spam with spam-sigs only, without scaning for virus-sigs? Does that sound feasible? What I did for nearly the same reason is: Using amavisd-new which scans ONLY the attachments - which is OK for me, when these PDF get treated as virus. But I didn't want the other (especially scam, spam and stuff) rules to treat the mail as virus... So I added the clamplugin to SA which receives the WHOLE mail and sorts out the rest then... This is configurable in amavisd-new if you want to hand the full mail to clamav or only the attachments - this solved the problem for me. If you want it to be more separate, you'll have to run two clamav instances which isn't that hard either but uses a bit more resources... You basically just need a separate startup script and a second directory with the signatures and a config file pointing to them - I vaguely remember having seen instructions for such a setup somewhere on msrbl or sanesecurity if I'm not mistaken. Matt
Re: Now its zip attachments ^^
On Mon, 23 Jul 2007, Chr. v. Stuckrad wrote:
> On Mon, 23 Jul 2007, John Scully wrote:
>
> >... After adding the sanesecurity sigs to clamd last
> > week not one PDF has made it through. And since clamd unpacks and examines
> > every attachment anyway it is no additional load. In fact, due to the
> > messages not hitting SA it probably reduced load slightly.
>
> I have a 'political problem' with that. We 'drop' knowv viruses into
> a quarantine directory without further notice, and only once in years
> somebody complained and wanted his virus back :-)
>
> We *only* TAG spam with headers, then users decide to drop, move, or read it.
>
> So if I 'simply insert' those clamav sigs, spam would be handled as a virus,
> not as 'our spam', which I'm not allowed to destroy.
>
> Did somebody of you create an extra 'instance' of clamad-filter to fight
> spam with spam-sigs only, without scaning for virus-sigs? Does that
> sound feasible?
>
> Stucki
Doing exactly that here, easily done.
Create two instances of "clamd" (same binary, different config files
with different "DatabaseDirectory"s). First instance has only standard
AV sigs, second "DatabaseDirectory" has all supplemental sigs.
One trick, in the second "DatabaseDirectory" make 'daily.inc' and
'main.inc' be soft-links pointing to the real subdirectories in the
first "DatabaseDirectory". That way you only need to run one instance
of freshclam to keep everything up-2-date for the standard ClamAV sigs.
Install the ClamAVPlugin in your SA, config it to 'talk' to the second
clamd instance, score appropriately.
You can then also try out the experimental anti-phishing features
in the second clamd instance with less risk of loosing messages.
More details upon request.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
Force autolearn=ham for manual whitelist
Hello, I completed configuring all my network tests and the bayes database has passed 200 ham messages and is being used. The bayes database has been accumulating knowledge so far through autolearn. I was concerned about how one sided the autolearning has been since over 90% of our email is spam. To avoid FP, I put our customer database of email addresses into a manual whitelist. Although these addresses are making it through fine, only a few are being reported as autolearn=ham in the X-Spam-Status header, most are being reported as autolearn=no. Is there any way to force these messages through the autolearn process? -- View this message in context: http://www.nabble.com/Force-autolearn%3Dham-for-manual-whitelist-tf4132168.html#a11751873 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: not everyone is happy with SA
> -Original Message- > From: Robot Terror [mailto:[EMAIL PROTECTED] > Sent: Friday, July 20, 2007 4:28 PM > To: Skip Brott; spamd > Subject: Re: not everyone is happy with SA > > > On 7/20/07 12:55 PM, "Skip Brott" <[EMAIL PROTECTED]> ostensibly wrote: > > > If I send an email to a valid > > address, I find it a bit offensive that they send a > challenge back. > > Why is it my responsibility as the sender to teach another > system to > > accept mail from me? > > Why is it my responsibility as a holder of a valid email > address to accept mail from anyone who wants to send me the > mail? As the owner of the email address or, as the admin of > the domain's mail server, I have no obligation to accept your > mail at all. Right, you have the right to drop any email you want on the floor. You don't have the right to bounce crap back to me (so, knowing you probably have CR, I didn't cc you) > > Obligations should be on the sender. > Why? Where is that in the RFC's or common law in any civilized nation? Or is this just in your mind? _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
RE: Solved: Was: DKIM vs DomainKeys plugins
> -Original Message- > From: Bill Landry [mailto:[EMAIL PROTECTED] > Sent: Monday, July 23, 2007 8:56 AM > To: Michael Scheidell > Cc: users@spamassassin.apache.org > Subject: Re: Solved: Was: DKIM vs DomainKeys plugins > > > Michael Scheidell wrote: > > Here is what I found out: > > > > You only need the DKIM SpamAssassin plugin activated (you > don't need > > the DomainKeys plugin) BUT, you need BOTH Mail-DKIM (> .20) > perl AND > > Mail-DomainKkeys perl functions loaded. I suppose the SA > DKIM plugin > > works for both. > > > > (I am not sure that was clear on INSTALL) > > > > Thanks for everyone who sent me signed email. > > > This is not correct. I don't have the DomainKeys perl module > (Mail::DomainKeys) installed, and DK and DKIM work fine here > with only the SA DKIM plugin enabled. > But will it work for DomainKeys ONLY signed email? I didn't have any problem with DKIM signed email (well, except for verizon's mess) but if I remove (uninstall) Mail-DomainKeys.pm, I don't get any DKIM-SIGNED or DKIM-VERIFIED hits on any email with DomainKeys signatures only. _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: disable use of ~/.spamassassin
On Mon, Jul 23, 2007 at 11:46:58AM -0400, George Georgalis wrote: >How can I disable the use of ~/.spamassassin altogether? nevermind... --siteconfigpath=$CONF // George -- George Georgalis, information system scientist <
Re: Now its zip attachments ^^
hi, On Mon, Jul 23, 2007 at 10:13:22PM +0200, Matthias Keller told us: > Using amavisd-new... actually, with amavisd-new, you can treat virus names in a special way via regexes, so that it doesn't get recognized as a virus, but instead you can add extra points to the spamassassin score. This feature is available from version 2.5.0 (IIRC), look at @virus_name_to_spam_score_maps, e.g. @virus_name_to_spam_score_maps = (new_RE( [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 0.1 ], [ qr'^(Email|Html)\.Malware\.Sanesecurity\.'=> undef ], [ qr'^(Email|Html)(\.[^., ]*)*\.Sanesecurity\.' => 0.1 ], # [ qr'^(Email|Html)\.(Hdr|Img|ImgO|Bou|Stk|Loan|Cred|Job|Dipl|Doc) # (\.[^., ]*)* \.Sanesecurity\.'x => 0.1 ], [ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 0.1 ], )); Sven -- Linux zion.homelinux.com 2.6.20-1.2962.fc6xen #1 SMP Tue Jun 19 19:47:34 EDT 2007 i686 athlon i386 GNU/Linux 23:10:18 up 13 days, 9:53, 1 user, load average: 0.09, 0.42, 0.55 pgpdUzO1Ec6H2.pgp Description: PGP signature
Re: Stuff getting through
David Baron wrote: Problem is that the S78 will start spamassassin but that start does not necessarily get a valid rule-set. This is the bit puzzling me: Why must sa-update complete sucessfully for spamd to start? The default SA rules should be shipped in the package, and be placed in (typically) /usr/share/spamassassin; rules from sa-update will be placed somewhere like /var/lib/spamassassin (by default), and the SA rule-loading code will check both locations. Where do you get your SA package from? It sounds like the package maintainer may need to learn a bit more about how SA works for the next package release... -kgd
Re: Solved: Was: DKIM vs DomainKeys plugins
Michael Scheidell wrote: >> -Original Message- >> From: Bill Landry [mailto:[EMAIL PROTECTED] >> Sent: Monday, July 23, 2007 8:56 AM >> To: Michael Scheidell >> Cc: users@spamassassin.apache.org >> Subject: Re: Solved: Was: DKIM vs DomainKeys plugins >> >> >> Michael Scheidell wrote: >>> Here is what I found out: >>> >>> You only need the DKIM SpamAssassin plugin activated (you >> don't need >>> the DomainKeys plugin) BUT, you need BOTH Mail-DKIM (> .20) >> perl AND >>> Mail-DomainKkeys perl functions loaded. I suppose the SA >> DKIM plugin >>> works for both. >>> >>> (I am not sure that was clear on INSTALL) >>> >>> Thanks for everyone who sent me signed email. >>> >> This is not correct. I don't have the DomainKeys perl module >> (Mail::DomainKeys) installed, and DK and DKIM work fine here >> with only the SA DKIM plugin enabled. >> > > But will it work for DomainKeys ONLY signed email? > > I didn't have any problem with DKIM signed email (well, except for > verizon's mess) but if I remove (uninstall) Mail-DomainKeys.pm, I don't > get any DKIM-SIGNED or DKIM-VERIFIED hits on any email with DomainKeys > signatures only. Yes, DK only signed mail works fine, as my previous yahoo.com message sample showed. Here it is again: Test from yahoo.com (which uses DK signature only): X-Spam-Status: No, score=-4.263 required=5 tests=[AWL=0.892, BAYES_00=-2.599, BOTNET_SERVERWORDS=-0.5, DKIM_SIGNED=0.001, DKIM_VERIFIED=-0.001, IP_NOT_FRIENDLY=0.334, L_P0F_D9=-0.4, L_P0F_Unix=-1, RCVD_IN_MXRATE_WL=-1, RELAY_US=0.01] X-Amavis-OS-Fingerprint: FreeBSD 4.7-5.2 (or MacOS X 10.2-10.4) (2) (up: 1800 hrs), (distance 9, link: ethernet/modem), [69.147.95.82] Received: from smtp119.plus.mail.sp1.yahoo.com (smtp119.plus.mail.sp1.yahoo.com [69.147.95.82]) by mail.inetmsg.com (INetMsg Mail Service) with SMTP id 980546D0C45 for <[EMAIL PROTECTED]>; Sat, 21 Jul 2007 13:36:17 -0700 (PDT) Received: (qmail 56102 invoked from network); 21 Jul 2007 20:36:17 - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-YMail-OSG:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:X-Enigmail-Version:Content-Type:Content-Transfer-Encoding; b=KyMFQ/KnTUWMW4INZwzDVKi1jpqcixQQiBodqZ4fnptqcvbdAXR3/R/tYDU3Lvh+dLdoRtwLWm+zXgi50Q9K9xyOhL+HdZBoNkU1Tepe5udc6yJxWdEGzLi7VQrdoUYQwM4oDH+4DrtyO2HRzE0by3OdxY53OWwSAW23ebmflvE= ; What version of Mail::DKIM are you running, as I had thought only the latest version (0.26) supported verification of both DM and DMIM keys (but I could be mistaken)? I just know that I use DKIM.pm 0.26 and it works fine for verifying both DK and DKIM signatures. Bill
Re: not everyone is happy with SA
The ridiculousness of that sentiment that prompted my first post to this list came from the following comments: > I have found this whole line of debate somewhat interesting, but it has > clearly strayed from the real core question: > > Who is responsible? > > Is it the responsibility of the sender to verify that they indeed intended > to send the email? > Or is it the responsibility of the recipient to verify senders? > > My personal opinion is that it is the latter. If I send an email to a valid > address, I find it a bit offensive that they send a challenge back. Why is > it my responsibility as the sender to teach another system to accept mail > from me? I admit I don¹t know the full context of the comments, but based on the preamble (³the real core question²) these comments assert a stand-alone absoluteness. It is to that ³absolute standard² of recipient is responsible to verify sender that I made my reply. In fact, I am adamant that no sender should expect their message to be delivered by another¹s service. The Post Office (in real world terms) exists outside any recipient¹s ability to pay. In that world, the sender pays so the PO services the sender. In electronic mail many parties outside the sender PAY for the service. Therefore the PAYER has the right to put up roadblocks to delivery as he/she sees fit. Let the sender pay for my infrastructure costs and I¹ll gladly bear the responsibility to auto-trash his messages to me. Otherwise, get used to difficulty sending messages of any kind to others. The world is turning on SMTP and people are realizing the most common scenario is that a sender is illegitimately sending a message to a recipient (that is, spam out numbers ham). That the current system defaults in favor of carrying every message, no matter how inane or large, through the entire infrastructure of the Internet and then puts the onus on the client to ³filter² the message is stupid. Instead of such a sender-preferential system, a recipient-biased system would result in lower bandwidth utilization and reduced processing needs (therefore exposing that, perhaps, spam benefits the bandwidth sellers, processor sellers, and storage sellers ultimately!). As an aside, such a proposal to put the responsibility for bandwidth/processing use on the sender is on the table and is called ³Stub Email² or ³Hypertext Mail Transport Protocol²: http://www.circleid.com/posts/hypertext_mail_protocol_aka_stub_emaill/ http://techrepublic.com.com/5208-6230-0.html?forumID=9&threadID=194716&start =0 http://icl.pku.edu.cn/bswen/_old_stuff/Email++/index.html http://autodesk.blogs.com/between_the_lines/2006/10/misc_interestin.html Of course, such a proposal will be ignored as the spammers have the money to prop-up the status quo. -- Robot Terror ³Always a treat, never a threat² http://robotterror.com [EMAIL PROTECTED] On 7/23/07 12:27 PM, "John D. Hardin" <[EMAIL PROTECTED]> ostensibly wrote: > On Fri, 20 Jul 2007, Robot Terror wrote: > >> Why is it my responsibility as a holder of a valid email address >> to accept mail from anyone who wants to send me the mail? > > Who ever said *that*? > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > Where We Want You To Go Today 07/05/07: Microsoft patents in-OS > adware architecture incorporating spyware, profiling, competitor > suppression and delivery confirmation (U.S. Patent #20070157227) > --- > 12 days until The 272nd anniversary of John Peter Zenger's acquittal > <>
Re: Suddenly getting terse reports and don't know why.
Robert Nicholson wrote: > Why would I be all of a sudden getting a terse report in the body of > my messages? > > This is with 3.2.0 Were you getting a fuller report before? or none at all? Has anyone changed your "report" options in your config to use _REPORT_ instead of _SUMMARY_? Are you actually using SA to do your markup, or are you using something like MailScanner or amavis that does its own?
Re: Force autolearn=ham for manual whitelist
dalchri wrote: > Hello, > > I completed configuring all my network tests and the bayes database has > passed 200 ham messages and is being used. The bayes database has been > accumulating knowledge so far through autolearn. > > I was concerned about how one sided the autolearning has been since over 90% > of our email is spam. To avoid FP, I put our customer database of email > addresses into a manual whitelist. > > Although these addresses are making it through fine, only a few are being > reported as autolearn=ham in the X-Spam-Status header, most are being > reported as autolearn=no. > > Is there any way to force these messages through the autolearn process? > No, in fact, the autolearner currently intentionally ignores manual whitelists when deciding if it should autolearn. This is largely done to prevent whitelisting mistakes from creating a "bayes hangover", where the autolearning causes a lot of mistakenly whitelisted spam to get learned as nonspam. This risk is quite realistic if you're whitelist_from, particularly if you do whole domains, and inevitable if you use "whitelist_from [EMAIL PROTECTED]". This is because whitelist_from offers no protections at all against forgery. Fundamentally, whitelist_from is a tool of last resort, and only exists for a few rare situations where no other option exists. (were it not for those situations, there are strong arguments that would likely result in whitelist_from being removed from SA) Ok, I suppose I lied a bit, you could modify the tflags for the USER_IN_WHITELIST rule so it no longer has userconf or noautolearn. That should cause the autolearner to start considering the score of the whitelist, which will almost certainly result in most of the messages being learned as nonspam. (however, if they score really high in the BAYES_* rules, it will still refuse to autolearn something that strongly contradicts the existing training) However, proceed with due caution, and only if you're using whitelist_from_rcvd or whitelist_from_spf. Don't do this with whitelist_from.
Re: not everyone is happy with SA
"Knowing I have CR"? Hah! I have Greylisting and SA. That's it. Oh, I also block Spamhaus.org's DROP list net blocks. Other than that, nothing. I just resent being told I have the "burden" of verifying senders, regardless of the context. You wanna send a message to me? Prove yourself worthy. (Not you, personally, of course; I speak w/r/t the bulk -- pun intended -- of Internet senders.) -- Robot Terror ³Always a treat, never a threat² http://robotterror.com [EMAIL PROTECTED] On 7/23/07 3:55 PM, "Michael Scheidell" <[EMAIL PROTECTED]> ostensibly wrote: > >> -Original Message- >> From: Robot Terror [mailto:[EMAIL PROTECTED] >> Sent: Friday, July 20, 2007 4:28 PM >> To: Skip Brott; spamd >> Subject: Re: not everyone is happy with SA >> >> >> On 7/20/07 12:55 PM, "Skip Brott" <[EMAIL PROTECTED]> ostensibly wrote: >> >>> If I send an email to a valid >>> address, I find it a bit offensive that they send a >> challenge back. >>> Why is it my responsibility as the sender to teach another >> system to >>> accept mail from me? >> >> Why is it my responsibility as a holder of a valid email >> address to accept mail from anyone who wants to send me the >> mail? As the owner of the email address or, as the admin of >> the domain's mail server, I have no obligation to accept your >> mail at all. > > Right, you have the right to drop any email you want on the floor. > You don't have the right to bounce crap back to me (so, knowing you > probably have CR, I didn't cc you) > >> >> Obligations should be on the sender. >> > Why? > Where is that in the RFC's or common law in any civilized nation? Or is > this just in your mind? > _ > This email has been scanned and certified safe by SpammerTrap(tm). > For Information please see http://www.spammertrap.com > _
Re: not everyone is happy with SA
On Mon, 23 Jul 2007, Robot Terror wrote: > It is to that ³absolute standard² of recipient is responsible to > verify sender that I made my reply. Okay, but that is vastly different from: > "[it is] my responsibility as a holder of a valid email address > to accept mail from anyone who wants to send me the mail" To me the latter says "you have to accept email whether you want to or not!" which nobody here is proposing. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Where We Want You To Go Today 07/05/07: Microsoft patents in-OS adware architecture incorporating spyware, profiling, competitor suppression and delivery confirmation (U.S. Patent #20070157227) --- 12 days until The 272nd anniversary of John Peter Zenger's acquittal
Re: Now its zip attachments ^^
Per Jessen wrote: John Rudd wrote: "some just need" -- no, I can't agree there. I have yet to come across ANY situation where a person _NEEDED_ attachments. As I said above, there's nothing that can be done with attachments that you can't do another way. That is very similar to saying that a person does not NEED a car - he could just walk. Or take the bus or a train. Or all three combined. Or ride a bike. However, the difference from the car analogy is that there's actually quite a bit that does require a car in modern life. There isn't anything that needs an attachment.
Re: Now its zip attachments ^^
Chr. v. Stuckrad wrote: On Mon, 23 Jul 2007, John Scully wrote: ... After adding the sanesecurity sigs to clamd last week not one PDF has made it through. And since clamd unpacks and examines every attachment anyway it is no additional load. In fact, due to the messages not hitting SA it probably reduced load slightly. I have a 'political problem' with that. We 'drop' knowv viruses into a quarantine directory without further notice, and only once in years somebody complained and wanted his virus back :-) We *only* TAG spam with headers, then users decide to drop, move, or read it. So if I 'simply insert' those clamav sigs, spam would be handled as a virus, not as 'our spam', which I'm not allowed to destroy. Did somebody of you create an extra 'instance' of clamad-filter to fight spam with spam-sigs only, without scaning for virus-sigs? Does that sound feasible? The clamav helper I'm working on for CommuniGate Pro can do exactly that. You could have: a) clamav #1 running with regular signatures, detecting viruses and phishing, rejecting them or adding a set of headers that say "this is a virus". b) clamav #2 running against 3rd party scanners, and generating different headers that say "this is something else". You could even do it as 5 different instances (1 for base clamav sigs, 1 for each of the signature files from sanesecurity, 1 for each of the signature files from msrbl), and mark them accordingly. I have no idea if anyone is doing something similar for other clamav mechanisms.
Re: not everyone is happy with SA
Robot Terror wrote: On 7/20/07 12:55 PM, "Skip Brott" <[EMAIL PROTECTED]> ostensibly wrote: If I send an email to a valid address, I find it a bit offensive that they send a challenge back. Why is it my responsibility as the sender to teach another system to accept mail from me? Why is it my responsibility as a holder of a valid email address to accept mail from anyone who wants to send me the mail? As the owner of the email address or, as the admin of the domain's mail server, I have no obligation to accept your mail at all. Obligations should be on the sender. Nor am I obligated to accept and read messages from you. Including your C/R challenges. You're also not obligated to be a good "net citizen", but if you're not, then you can and should expect to have your mail server black listed by people who consider that to be important. After all, just as you are not required to accept and read someone's email, the internet at large is also not required to accept and read yours. And things like C/R and SAV are both good criteria of "not being a good net citizen".
Re: disable use of ~/.spamassassin
George Georgalis wrote: > On Mon, Jul 23, 2007 at 11:46:58AM -0400, George Georgalis wrote: > >> How can I disable the use of ~/.spamassassin altogether? >> > > nevermind... > > --siteconfigpath=$CONF Actually, that over-rides the site config, which would normally be /etc/mail/spamassassin, and is where local.cf and other site-specific .cf and .pre files live, not user_prefs. you need --virtual-config-dir if you want to over-ride where user_prefs lives. However, user_prefs isn't your problem. The error messages you saw were related to the AWL trying to create its database. Fortunately virtual-config-dir will also change where the AWL db lives. Or you can just disable the AWL entirely.
Re: Now its zip attachments ^^
From: "John Rudd" <[EMAIL PROTECTED]>
Matus UHLAR - fantomas wrote:
On 22.07.07 18:47, John Rudd wrote:
As I've said for years: we should just ban attachments. They're not
really useful for anything that can't be done a better way. Which only
leaves them being useful for attacks of one form or another.
some people just want, some just need attachments.
"some people just want" -- yup, no disagreement there. No matter how many
alternatives you give them, some people just want the ease and convenience
of attachments.
"some just need" -- no, I can't agree there. I have yet to come across
ANY situation where a person _NEEDED_ attachments. As I said above,
there's nothing that can be done with attachments that you can't do
another way.
I could send files to my customer other ways. But ANY alternative way
involves opening a security hole in his mind, on my machines, or both.
If he gets used to retrieving files via ftp when I send him email with
a link, he's in trouble. If I open an ftp port that is one more firewall
security hole for me. If I throw the files onto my ISP's web facilities
that's one more hole for the whole project if somebody guesses the name
used.
The same applies for http and a host of other alternatives.
His son and I have almost trained him not to click on links in email
unless he scrutinizes the link and knows exactly where it goes, which
is not possible with many email programs. (He uses
AOL, which is a security hole in itself judging from how badly his
computer was infected the last time we all checked.) We also have
almost trained him to check attachments CAREFULLY before opening them.
Is he sure he knows what they are, that they are from a trustworthy
source, and that he was expecting the attachment.
(He is a good salesman who knows his business. He's not very technically
minded, which leaves him vulnerable.)
If I have to get new telecommuting files to him I have to settle on
which vulnerability to allow. (I am NOT going to VPN into his network,
both for his security and mine. Setting it up on his network is pretty
much out of the question, anyway.)
You just can't win, John. All you can do is try to stay ahead of the
game.
{^_^}
Re: Now its zip attachments ^^
From: "Dave Pooser" <[EMAIL PROTECTED]>
"some just need" -- no, I can't agree there. I have yet to come across
ANY situation where a person _NEEDED_ attachments. As I said above,
there's nothing that can be done with attachments that you can't do
another way.
In fact, nobody _NEEDS_ email, because we could just FTP text files around
and then IM each other to say "I dropped a message in your FTP inbox." But
in real twenty-first-century life, our users expect email to be a
combination of near-real-time communications and file transfer, and since
they're the people who are responsible for our getting paid it seems
worthwhile to deliver what they expect instead of getting hung up on the
purpose of email as defined in 1970-whatever.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
And I often feel like I am trying to train cats to herd mice.
{^_-}
Re: Now its zip attachments ^^
You mean my not smoking and never have smoked status gets me drummed
out of the neo-con corps? What will those who know me and think I am
somewhere off to the right of would be
astonished. But then my friends on the right figure I am quite
"squishy" as a "conservative." Ah well. I grew up outside the out group
and I guess I'm still not a pigeon to stuff in a hole.
{^_-}
- Original Message -
From: "Thomas Raef" <[EMAIL PROTECTED]>
Wait, would that ban on smoking include cigars too?
Are regular neo-cons okay?
Please delete.
-Original Message-
From: Jerry Glomph Black [mailto:[EMAIL PROTECTED]
I would start by banning Outlook along with attachments.
Why stop there, ban -all- Microsoft products from the internet.
Next, I would ban smoking, unhealthy foods, and moronic neo-cons.
Come on, this is Earth we are talking about.
The whole point of SpamAssassin is to attempt to make ordinary people's
use of
email tolerable again, under the onslaught of crap. SA, along with the
various
external services it employs, does a fantastic job, thanks to a great
bunch of
guys who appear here every day.
_
On Mon, 23 Jul 2007, John Rudd wrote:
Matus UHLAR - fantomas wrote:
On 22.07.07 18:47, John Rudd wrote:
As I've said for years: we should just ban attachments. They're not
really useful for anything that can't be done a better way. Which
only
leaves them being useful for attacks of one form or another.
some people just want, some just need attachments.
"some people just want" -- yup, no disagreement there. No matter how
many
alternatives you give them, some people just want the ease and
convenience of
attachments.
"some just need" -- no, I can't agree there. I have yet to come
across ANY
situation where a person _NEEDED_ attachments. As I said above,
there's
nothing that can be done with attachments that you can't do another
way.
uol.com.br is back, getting thru my procmail rules too.
Greetings; It looks like uol dot com dot br is back. I just added two more procmail rules to /dev/null that crap before it ever gets to SA. Has anyone else been getting it today?, he's hitting most of the linux mailing lists again. Can't someone send them a box of Alfreds Finest? -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Sic transit gloria Monday!
Re: not everyone is happy with SA
From: "John D. Hardin" <[EMAIL PROTECTED]>
On Fri, 20 Jul 2007, Robot Terror wrote:
Why is it my responsibility as a holder of a valid email address
to accept mail from anyone who wants to send me the mail?
Who ever said *that*?
Anyone who holds to the snail mail analogy certainly would.
At the very least any email recipient has the responsibility to
handle incoming messages as they see fit WITHOUT bothering other
people with their decisions.
If you decide my address is not good and elect to simply drop emails
from me on the floor or issue a permanent error as the initial mail
exchange takes place, that's fine. But if you challenge me, that
violates the "without bothering other people with their decisions."
With snail mail it is nigh on to impossible to interrupt the reception
process and reject a piece of mail. I simply place it into the trash
on my way into the house. (Some things, like unwanted subscription
offers or credit card offers, I tear in half. One half goes out this
week in recylecables and the other goes out next week in the cat poop.)
That is to say I make the decision myself as a multitasking project as
I walk the 250' from the mailbox to the house. No particular loss to
me there. If I wanted to perform a snail mail challenge/response it
would cost me time, money (bandwidth waste on the Internet), and bother
the sender. To do it right I'd have to waste the same time it'd take
to figure out it is junk as to figure out I need to challenge. So I do
not bother. And if the mail has a forged return address I'd bother
somebody innocent if I sent a cat poop to the return address.
I treat email the same way. *I* decide what I want to see. I do not
delegate this to some third party, even the purported sender. For
snail mail my brain is performing the SpamAssassin duties reasonably
quickly. The volume of spam snail mail is light; and, it is usually
VERY easy to distinguish. (If it isn't in an envelope or have postage
on it the destination is the trashbin. That covers the loose collections
of trash with separate address cards, for example. And I do keep musing
about sending it all back to PennySaver with an enclosed cat poop, too.
But it's less work to simply drop it in the trash on the way in the
door.)
I've been tempted more than once to respond to somebody's challenge
and then forward a week's worth of spam to them as punishment. That's
also too much work.
{^_^}
Please remove "[EMAIL PROTECTED]" from the list
He is bouncing emails. (See attachment.)
Scroom and the camel he rode in on.
{`,'}
--- Begin Message ---
The original message was received at Mon, 23 Jul 2007 22:30:06 -0400
from localhost.localdomain [127.0.0.1]
- The following addresses had permanent fatal errors -
[EMAIL PROTECTED]
(reason: 553 sorry, that domain isn't in my list of allowed rcpthosts
(#5.7.1))
(expanded from: <[EMAIL PROTECTED]>)
- Transcript of session follows -
... while talking to mail.mx05.net.:
>>> RCPT To:<[EMAIL PROTECTED]>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
550 5.1.1 [EMAIL PROTECTED] User unknown
Reporting-MTA: dns; ns.mx04.com
Received-From-MTA: DNS; localhost.localdomain
Arrival-Date: Mon, 23 Jul 2007 22:30:06 -0400
Final-Recipient: RFC822; ahadi@localhost
X-Actual-Recipient: RFC822; zajil7@saudihub.net
Action: failed
Status: 5.1.3
Remote-MTA: DNS; mail.mx05.net
Diagnostic-Code: SMTP; 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
Last-Attempt-Date: Mon, 23 Jul 2007 22:31:06 -0400
Return-Path: <[EMAIL PROTECTED]>
Received: from localhost (localhost.localdomain [127.0.0.1])
by ns.mx04.com (8.11.6/8.11.6) with ESMTP id l6O2U5t20008
for <[EMAIL PROTECTED]>; Mon, 23 Jul 2007 22:30:06 -0400
Received: from pop.zajil.net [212.24.224.61]
by localhost with POP3 (fetchmail-6.2.5)
for [EMAIL PROTECTED] (single-drop); Mon, 23 Jul 2007 22:30:06 -0400 (EDT)
Received: from bmwebin.zajil.net ([212.24.224.151])
by pop.zajil.net (Merak 8.3.6) with ESMTP id DJX73437
for <[EMAIL PROTECTED]>; Tue, 24 Jul 2007 05:25:37 +0300
Received: from bmwebin.zajil.net (unknown [127.0.0.1])
by bmwebin.zajil.net (Symantec Mail Security) with ESMTP id E9F0D305FC
for <[EMAIL PROTECTED]>; Tue, 24 Jul 2007 04:34:50 +0300 (AST)
X-AuditID: d418e097-ad874bb00a3b-ae-46a557388c2f
Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
by bmwebin.zajil.net (Symantec Mail Security) with SMTP id 4930F30793
for <[EMAIL PROTECTED]>; Tue, 24 Jul 2007 04:34:48 +0300 (AST)
Received: (qmail 51064 invoked by uid 500); 24 Jul 2007 02:21:15 -
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 51055 invoked by uid 99); 24 Jul 2007 02:21:15 -
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jul 2007 19:21:15 -0700
X-ASF-Spam-Status: No, hits=0.0 required=10.0
tests=
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: local policy)
Received: from [209.86.89.66] (HELO elasmtp-spurfowl.atl.sa.earthlink.net) (209.86.89.66)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jul 2007 19:21:13 -0700
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=dk20050327; d=earthlink.net;
b=ZCXNG3k3rcZhmUolda/jS4v7ASk3LkX0YP1SBErGMKzsmotxb7G6NFuk8Z9IuOgH;
h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
Received: from [68.183.128.120] (helo=wednesday)
by elasmtp-spurfowl.atl.sa.earthlink.net with asmtp (Exim 4.34)
id 1IDA16-0002uz-Dg
for users@spamassassin.apache.org; Mon, 23 Jul 2007 22:20:52 -0400
Message-ID: <[EMAIL PROTECTED]>
From: "jdow" <[EMAIL PROTECTED]>
To:
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Subject: Re: Now its zip attachments ^^
Date: Mon, 23 Jul 2007 19:20:49 -0700
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-ELNK-Trace: bb89ecdb26a8f9f24d2b10475b571120d2e9e0a57d7de930f9a1fb0a298149b60ab065f23fdadbf7350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 68.183.128.120
X-Virus-Checked: Checked by ClamAV on apache.org
X-Brightmail-Tracker: AA==
--- End Message ---
graphic spam
Hi, Other than FuzzyOCR, is there other way to filter graphic spams? I had ImageInfo but seem like it is not working. regards LC
Re: Please remove "[EMAIL PROTECTED]" from the list
He is bouncing emails. (See attachment.) Scroom and the camel he rode in on. I am getting the same thing
RE: migrating from clamav before mta to SA ClamAV plugin experiences
Nigel SA integrated via qmail-scanner-queue.pl allows smtp rejection based upon score thresholds - rh
RE: migrating from clamav before mta to SA ClamAV plugin experiences
> > what does clamav checking in that scanner do then? It should call > clamdscan > asap (before SA) and when a virus is found, the mail should be imediately > rejected, the same way it's rejected when SA tells so. > Matus It quarantines and notifies admin via email. Real PAIN If you read the post it says I don't know how to do it the other way nor have I figured out how to do it yet if ever. Hence the post to the SA list regarding integrating clamav into SA functions for scoring so I can reject the mail based upon high score. - rh
Re: Please remove "[EMAIL PROTECTED]" from the list
removed
On Mon, Jul 23, 2007 at 07:59:41PM -0700, jdow wrote:
> He is bouncing emails. (See attachment.)
>
> Scroom and the camel he rode in on.
>
> {`,'}
> Date: Mon, 23 Jul 2007 22:31:06 -0400
> From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Returned mail: see transcript for details
>
> The original message was received at Mon, 23 Jul 2007 22:30:06 -0400
> from localhost.localdomain [127.0.0.1]
>
>- The following addresses had permanent fatal errors -
> [EMAIL PROTECTED]
> (reason: 553 sorry, that domain isn't in my list of allowed rcpthosts
> (#5.7.1))
> (expanded from: <[EMAIL PROTECTED]>)
>
>- Transcript of session follows -
> ... while talking to mail.mx05.net.:
> >>> RCPT To:<[EMAIL PROTECTED]>
> <<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
> 550 5.1.1 [EMAIL PROTECTED] User unknown
> Reporting-MTA: dns; ns.mx04.com
> Received-From-MTA: DNS; localhost.localdomain
> Arrival-Date: Mon, 23 Jul 2007 22:30:06 -0400
>
> Final-Recipient: RFC822; [EMAIL PROTECTED]
> X-Actual-Recipient: RFC822; [EMAIL PROTECTED]
> Action: failed
> Status: 5.1.3
> Remote-MTA: DNS; mail.mx05.net
> Diagnostic-Code: SMTP; 553 sorry, that domain isn't in my list of allowed
> rcpthosts (#5.7.1)
> Last-Attempt-Date: Mon, 23 Jul 2007 22:31:06 -0400
> Return-Path: <[EMAIL PROTECTED]>
> Received: from localhost (localhost.localdomain [127.0.0.1])
> by ns.mx04.com (8.11.6/8.11.6) with ESMTP id l6O2U5t20008
> for <[EMAIL PROTECTED]>; Mon, 23 Jul 2007 22:30:06 -0400
> Received: from pop.zajil.net [212.24.224.61]
> by localhost with POP3 (fetchmail-6.2.5)
> for [EMAIL PROTECTED] (single-drop); Mon, 23 Jul 2007 22:30:06 -0400
> (EDT)
> Received: from bmwebin.zajil.net ([212.24.224.151])
> by pop.zajil.net (Merak 8.3.6) with ESMTP id DJX73437
> for <[EMAIL PROTECTED]>; Tue, 24 Jul 2007 05:25:37 +0300
> Received: from bmwebin.zajil.net (unknown [127.0.0.1])
> by bmwebin.zajil.net (Symantec Mail Security) with ESMTP id E9F0D305FC
> for <[EMAIL PROTECTED]>; Tue, 24 Jul 2007 04:34:50 +0300 (AST)
> X-AuditID: d418e097-ad874bb00a3b-ae-46a557388c2f
> Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
> by bmwebin.zajil.net (Symantec Mail Security) with SMTP id 4930F30793
> for <[EMAIL PROTECTED]>; Tue, 24 Jul 2007 04:34:48 +0300 (AST)
> Received: (qmail 51064 invoked by uid 500); 24 Jul 2007 02:21:15 -
> Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
> Precedence: bulk
> list-help:
> list-unsubscribe:
> List-Post:
> List-Id:
> Delivered-To: mailing list users@spamassassin.apache.org
> Received: (qmail 51055 invoked by uid 99); 24 Jul 2007 02:21:15 -
> Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
> by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jul 2007 19:21:15 -0700
> X-ASF-Spam-Status: No, hits=0.0 required=10.0
> tests=
> X-Spam-Check-By: apache.org
> Received-SPF: pass (herse.apache.org: local policy)
> Received: from [209.86.89.66] (HELO elasmtp-spurfowl.atl.sa.earthlink.net)
> (209.86.89.66)
> by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jul 2007 19:21:13 -0700
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
> s=dk20050327; d=earthlink.net;
> b=ZCXNG3k3rcZhmUolda/jS4v7ASk3LkX0YP1SBErGMKzsmotxb7G6NFuk8Z9IuOgH;
>
> h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP;
> Received: from [68.183.128.120] (helo=wednesday)
> by elasmtp-spurfowl.atl.sa.earthlink.net with asmtp (Exim 4.34)
> id 1IDA16-0002uz-Dg
> for users@spamassassin.apache.org; Mon, 23 Jul 2007 22:20:52 -0400
> Message-ID: <[EMAIL PROTECTED]>
> From: "jdow" <[EMAIL PROTECTED]>
> To:
> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
> <[EMAIL PROTECTED]>
> Subject: Re: Now its zip attachments ^^
> Date: Mon, 23 Jul 2007 19:20:49 -0700
> MIME-Version: 1.0
> Content-Type: text/plain;
> format=flowed;
> charset="iso-8859-1";
> reply-type=response
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.3138
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
> X-ELNK-Trace:
> bb89ecdb26a8f9f24d2b10475b571120d2e9e0a57d7de930f9a1fb0a298149b60ab065f23fdadbf7350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
> X-Originating-IP: 68.183.128.120
> X-Virus-Checked: Checked by ClamAV on apache.org
> X-Brightmail-Tracker: AA==
--
Randomly Selected Tagline:
"No Vir, the universe is an evil place, but at least it has a sense of
humor about the whole thing." - Londo on Babylon 5
pgpUqR2BHIUBe.pgp
Description: PGP signature
Re: Please remove "[EMAIL PROTECTED]" from the list
On Monday 23 July 2007, jdow wrote:
>He is bouncing emails. (See attachment.)
>
>Scroom and the camel he rode in on.
>
>{`,'}
not the same jerk that's bugging me, and the camel?, that's the camel that
rode in on him...
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Breeding rabbits is a hare raising experience.
sa-update error
Hello, I'd be glad for your suggestions re sa-update error. $ sa-update can't resolve "l27.0.0.1" to address at /usr/local/lib/perl5/site_perl/5.8.8/mach/Net/DNS/Resolver/Base.pm line 751. I think the issue started when I switched from my ISP DNS server to using my own caching name server at localhost. All things work properly but I see this error when the system boots and when I issue sa-update. Many thanks in advance for pointing me in the right direction! -- Zbigniew Szalbot
Re: graphic spam
On Tue, 24 Jul 2007 11:04:23 +0800, "Spamassassin List" <[EMAIL PROTECTED]> wrote: >Hi, > >Other than FuzzyOCR, is there other way to filter graphic spams? I had >ImageInfo but seem like it is not working. > >regards >LC ClamD with http://www.sanesecurity.co.uk/ work pretty well here. Be sure and read http://www.sanesecurity.co.uk/clamav/usage.htm Hope that helps Kind regards Nigel
Re: graphic spam
On Tue, 24 Jul 2007 11:04:23 +0800, "Spamassassin List" <[EMAIL PROTECTED]> wrote: >Hi, > >Other than FuzzyOCR, is there other way to filter graphic spams? I had >ImageInfo but seem like it is not working. > >regards >LC PS... also check out ImageInfo.pm http://www.rulesemporium.com/plugins.htm Nigel
Re: sa-update error
Zbigniew Szalbot wrote: Hello, I'd be glad for your suggestions re sa-update error. $ sa-update can't resolve "l27.0.0.1" to address at L27.0.0.1 isn't quite the same as 127.0.0.1. Daryl /usr/local/lib/perl5/site_perl/5.8.8/mach/Net/DNS/Resolver/Base.pm line 751. I think the issue started when I switched from my ISP DNS server to using my own caching name server at localhost. All things work properly but I see this error when the system boots and when I issue sa-update. Many thanks in advance for pointing me in the right direction!
