Re: dnsbl lookups for X-PHP-Script

2008-10-07 Thread Henrik K 
On Mon, Oct 06, 2008 at 09:39:06PM +0200, Matus UHLAR - fantomas wrote:
  On Mon, Oct 06, 2008 at 05:31:55PM +0200, Matus UHLAR - fantomas wrote:
   did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
   I have patch into PHP that inserts IP address into that header, and 
   looking
   in dnsbl for spam sources could help me filter out spam posted through 
   HTTP.
   
   I could prepare such rules, but if anyone has such, I'd be glad not to
   reinvent the wheel.
 
 On 06.10.08 20:04, Henrik K wrote:
  Why don't you check the BLs directly from PHP?
 
 because it's quite hard to score from PHP script.

No. Form spam is pretty easy, you don't need to score thousand rules. And
even FPs are immediately obvious to a user who sees an error. Most spam can
be eliminated with captchas or such anyway.

 And I expect to benefit from scripts I better would not edit...

Fair enough.

Re: Identifying headers for users@spamassassin.apache.org

2008-10-07 Thread Michelle Konzack 
Am 2008-10-01 08:05:11, schrieb Don Saklad:
 Of the many many subscriptions this is the only subscription that
 doesn't have a bracketed list name inserted in the header subject.
 
 Programming solutions don't work for users not programmers!

I am  currently  on  117  Mailinglists  and  only  postgresql,  php,
exim-users and some LUGs have those crap adds...

Since it is nearly impossibel to  read  2500  messages  per  day,  I  am
looking ONLY at the SUBJECT and if there  is  a  monster  add  like  you
suggested I would not more able to  read  the  subject  in  which  I  am
interested in.

Note:  99% of my Computer-Time I am on a 80x25 character Terminal
   and have the need to read/write my Mails from everywhere...

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant


-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
Michelle Konzack   Apt. 917  ICQ #328449886
+49/177/935194750, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France   IRC #Debian (irc.icq.com)


signature.pgp
Description: Digital signature

Monitoring, or reporting systems similar to MailWatch

2008-10-07 Thread rahlquist 
Hey everyone,

I've always been fond of running MailScanner and MailWatch in my SA
installs to get statistical data. Are there any other good addons for
SA that help in this area? I ask mainly because it seems development
on MailWatch has stopped and I would hate to be wihtout some
statistical reporting altogether.

Thanks!
--
Richard Ahlquist
Systems Analyst
http://www.patentlystupid.com

Re: Identifying headers for users@spamassassin.apache.org

2008-10-07 Thread Don Saklad 
Someday, in the future when we have real computers users would have
things the way they prefer.

On Mon, Oct 6, 2008 at 7:58 PM, Michelle Konzack
linux4michelle at tamay-dogan.net wrote:
 Am 2008-10-01 08:05:11, schrieb Don Saklad:
 Of the many many subscriptions this is the only subscription that
 doesn't have a bracketed list name inserted in the header subject.

 Programming solutions don't work for users not programmers!

 I am  currently  on  117  Mailinglists  and  only  postgresql,  php,
 exim-users and some LUGs have those crap adds...

 Since it is nearly impossibel to  read  2500  messages  per  day,  I  am
 looking ONLY at the SUBJECT and if there  is  a  monster  add  like  you
 suggested I would not more able to  read  the  subject  in  which  I  am
 interested in.

 Note:  99% of my Computer-Time I am on a 80x25 character Terminal
   and have the need to read/write my Mails from everywhere...

 Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant


 --
 Linux-User #280138 with the Linux Counter, http://counter.li.org/
 # Debian GNU/Linux Consultant #
 Michelle Konzack   Apt. 917  ICQ #328449886
 +49/177/935194750, rue de Soultz MSN LinuxMichi
 +33/6/61925193 67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Re: dnsbl lookups for X-PHP-Script

2008-10-07 Thread Matus UHLAR - fantomas 
 On Mon, Oct 06, 2008 at 09:39:06PM +0200, Matus UHLAR - fantomas wrote:
   On Mon, Oct 06, 2008 at 05:31:55PM +0200, Matus UHLAR - fantomas wrote:
did anyone try to use DNSBL lookups for header(s) X-PHP-Script?
I have patch into PHP that inserts IP address into that header, and 
looking
in dnsbl for spam sources could help me filter out spam posted through 
HTTP.

I could prepare such rules, but if anyone has such, I'd be glad not to
reinvent the wheel.
  
  On 06.10.08 20:04, Henrik K wrote:
   Why don't you check the BLs directly from PHP?
  
  because it's quite hard to score from PHP script.

On 07.10.08 10:08, Henrik K wrote:
 No. Form spam is pretty easy, you don't need to score thousand rules.

I've been looking at it, didn't seem that easy for me.

 And even FPs are immediately obvious to a user who sees an error. Most
 spam can be eliminated with captchas or such anyway.

like the google one? :)
Or like this one? http://ars.userfriendly.org/cartoons/?id=20081005

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.

DNS_FROM_SECURITYSAGE broken?

2008-10-07 Thread David B Funk 
I recently noticed that DNS_FROM_SECURITYSAGE was hitting everything.

A quick check revealed:

 # host hp.com.blackhole.securitysage.com.
 hp.com.blackhole.securitysage.com has address 127.0.0.1
 # host blackhole.securitysage.com.
 blackhole.securitysage.com has address 127.0.0.1
 # host securitysage.com.
 securitysage.com has address 127.0.0.1

So it appears that their DNS is totally broken. they've
been seriously hijacked, or they've pulled an ordb.org.

Attempts to contact them havn't worked.

Anybody know what's going on?

-- 
Dave Funk  University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{

securitysage is dead (Was: DNS_FROM_SECURITYSAGE broken?)

2008-10-07 Thread mouss 

David B Funk wrote:

I recently noticed that DNS_FROM_SECURITYSAGE was hitting everything.


Zed's dead, baby. Zed's dead.

They list the universe so that people stop querying their zones.



A quick check revealed:

 # host hp.com.blackhole.securitysage.com.
 hp.com.blackhole.securitysage.com has address 127.0.0.1
 # host blackhole.securitysage.com.
 blackhole.securitysage.com has address 127.0.0.1
 # host securitysage.com.
 securitysage.com has address 127.0.0.1

So it appears that their DNS is totally broken. they've
been seriously hijacked, or they've pulled an ordb.org.

Attempts to contact them havn't worked.

Anybody know what's going on?

Re: DNS_FROM_SECURITYSAGE broken?

2008-10-07 Thread SM 

At 14:22 07-10-2008, David B Funk wrote:

I recently noticed that DNS_FROM_SECURITYSAGE was hitting everything.


http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5672

Regards,
-sm