Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Sun, 2009-09-13 at 20:57 +0100, RW wrote:
> On Sun, 13 Sep 2009 14:19:35 +0100
> Clunk Werclick  wrote:
> 
> > On Sun, 2009-09-13 at 14:06 +0100, RW wrote:
> > > On Sun, 13 Sep 2009 06:56:27 +0100
> > > Clunk Werclick  wrote:
> > > 
> > {trimmed down to the relevant point you make}
> > > Adding irrelevant text to a spam may make it less likely likely to
> > > be caught, 
> > Thank you. So if your bayes 'good' tokens that happen to catch on this
> > 'irrelevant' text, the result of having the bayes is near pointless.
> > For example, something like this:
> 
> In practise I find it doesn't make much difference unless the spammer
> makes a significant effort to reduce the number of spammy tokens, both
> in the headers and the body. And that commonly leads them into hitting
> other rules, and constrains the number of spams that can be sent from
> the same IP address. The majority of the spams I get don't have such
> text and most that do still hit BAYES_99. It's obviously not such a
> powerful technique as you think.
> 
> 
> It's also wrong to assume that when spam hits BAYES_50, BAYES hasn't
> done anything useful. This is a fallacy that comes from the arbitrary
> assignment of zero to BAYES_50. If you add 2.599 to all the BAYES rules
> and than multiply all the rule scores  by 0.658 you get an equivalent
> scoreset (i.e. one that produces the same classifications) in which
> zero is assigned to BAYES_00 instead. We than have:
> 
>  BAYES_00  0.00
>  BAYES_50  1.71
>  BAYES_99  4.01 
> 
> In this scoreset BAYES_50 actually looks like a fairly strong result
> (which it is).

OK, I won't dismiss it out of hand and I'm open to observation. So, I'll
give bayes a whirl. I must confess that I found the documentation on the
simple act of enabling it less than ideal and reference to
"use_bayes_rules" is currently missing in action. I've cobbled together:


# Enable the Bayes system
use_bayes   1
use_bayes_rules 0
bayes_path /home/mail/bayes/bayes
bayes_file_mode 0777
# Enable Bayes auto-learning
bayes_auto_learn0

And trained some spam and I'll see how we get on.


-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Sun, 2009-09-13 at 22:54 +0200, Benny Pedersen wrote:
> On søn 13 sep 2009 07:57:59 CEST, Clunk Werclick wrote
> 
> > **PLEASE READ THE REST OF THE THREAD TO ANSWER YOU QUESTION**
> >> are you using sa-update ?
> > Yes, every night.
> 
> remember this is public maillist, dont shuth the help you get
> 
> why not set the reply-to to supp...@microsoft.com ? no i dont like the  
> idear but you are on public maillist and want the answer to come there  
> not in private forgede mailbox, sorry i have a bad day

What are you prattling on about?
-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> > I disagree. It can do as much harm as good. My own view and  
> > observation
> > from the past have rendered it pointless in my context. It adds  
> > latency,
> > is easily poisoned and rarely makes much difference to the score. I do
> > appreciate some people like it, but my own view is spam has moved on
> > beyond the point of it being useful.
> 
> Facts? we don't need no pesky facts. You are very misinformed.
Myself, I've seen some very poor Bayesian databases where users have
been allowed to categorize mail as spam-v-ham. One company who deal with
Pharmaceuticals for famine relief in Uganda and other poor African
countries found bayes to mess with their core mail to a point that made
it worthless in their context.

It really comes down to the context and effort -v- the return.
> > No thanks, I'll pass on that. In this specific case it still would not
> > have increased the score to a point where the clock cycles made it  
> > worth
> > it.
> 
> The Bayes score ALONE would have pushed this over the spam threshold  
> on my machine.
My point is the content of that mail, which has been circulating for
weeks almost unchanged, really should bite on a core rule, not rely on
plugins and bayes to catch it.

Interestingly, It is fair to say that Jari's follow up *did*
show Bayes giving it 5 points. This was then destroyed by AWL dropping
4.1 off of it:

5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
-4.1 AWL: From: address is in the auto  machine.

I've created a custom meta rule; I'm almost sorry I came here and asked.
Some of the people here on this list are just so rude, and you sir, are
an Arsehole!

> 

-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Matus UHLAR - fantomas 
> On Sun, 2009-09-13 at 22:54 +0200, Benny Pedersen wrote:
> > remember this is public maillist, dont shuth the help you get
> > 
> > why not set the reply-to to supp...@microsoft.com ? no i dont like the  
> > idear but you are on public maillist and want the answer to come there  
> > not in private forgede mailbox, sorry i have a bad day

Benny, better get a mailer that supports List-Reply ...

On 14.09.09 08:37, Clunk Werclick wrote:
> Subject: Re: Non scoring 'Bank Deposit' spam
> From: Clunk Werclick 
> Reply-To: mailbacku...@googlemail.com
> To: users@spamassassin.apache.org
> In-Reply-To: <20090913225422.98502zg1g6e9c...@www.jersore.net>
> Date: Mon, 14 Sep 2009 08:37:22 +0100
> 
> What are you prattling on about?

He doesn't like our Reply-To: header set to your address. Of course it's
useless (when set to same address than yout From: address).

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Matus UHLAR - fantomas 
> > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> > > I disagree. It can do as much harm as good. My own view and
> > > observation from the past have rendered it pointless in my context. It
> > > adds latency, is easily poisoned and rarely makes much difference to
> > > the score. I do appreciate some people like it, but my own view is
> > > spam has moved on beyond the point of it being useful.

> On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> > Facts? we don't need no pesky facts. You are very misinformed.

On 14.09.09 08:48, Clunk Werclick wrote:
> Myself, I've seen some very poor Bayesian databases where users have
> been allowed to categorize mail as spam-v-ham. One company who deal with
> Pharmaceuticals for famine relief in Uganda and other poor African
> countries found bayes to mess with their core mail to a point that made
> it worthless in their context.

I would say that is a result of badly trained BAYES, not fgrom its bad
design. 

If you insist on not using bayes, just because it can be mistrained, better
don't use any configurable software, because _everything_ configurable will go 
wrong
if miscongured.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Matus UHLAR - fantomas 
> > I was somewhat surprised that this failed to score;
> > 
> > http://pastebin.com/m4c75e3ac
> > 
> > Log excerpt;
> > Sat Sep 12 05:08:57 2009 [7319] info: spamd: result: . 0 -
> > HTML_MESSAGE,UNPARSEABLE_RELAY
> > scantime=0.3,size=5400,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=55111,mid=<00fada512664885bffba277008395...@aim.com>,autolearn=disabled
> > 
> > Did this miss - or just missfire?

On 12.09.09 16:05, Jari Fredriksson wrote:
> Content analysis details:   (17.0 points, 5.0 required)
> 
>  pts rule name  description
>  -- --
>  5.0 BAYES_99   BODY: Bayesian spam probability is 99 to 100%
> [score: 0.9996]

... manually changed score

>  1.2 TO_MALFORMED   To: has a malformed address
>  0.7 SPF_NEUTRALSPF: sender does not match SPF record (neutral)

>  4.0 BOTNET Relay might be a spambot or virusbot
> [botnet0.8,ip=87.208.178.204,rdns=ip204-178-208-87.adsl2.static.versatel.nl,maildomain=aim.com,client,ipinhostname,clientwords]

... third-party ruleset (may misfire for ISPs)

>  0.6 SPF_HELO_NEUTRAL   SPF: HELO does not match SPF record (neutral)
>  1.0 HTML_MESSAGE   BODY: HTML included in message

>  0.5 RAZOR2_CHECK   Listed in Razor2 (http://razor.sf.net/)
>  1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
> above 50%
> [cf: 100]
>  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> [cf: 100]
>  2.2 DCC_CHECK  Listed in DCC (http://rhyolite.com/anti-spam/dcc/)

you may be late recipient, while he may be an early recipient.

>  1.0 DIGEST_MULTIPLEMessage hits more than one network digest check

... late recipient + either manually updated score, or not updated ruleset -
DIGEST_MULTIPLE gives max 0.001 points for some time

>  3.0 JM_SOUGHT_FRAUD_3  Body contains frequently-spammed text patterns

... late recipient + third party ruleset (Although I believe this is safe to
use)

> -4.1 AWLAWL: From: address is in the auto white-list

... ouch!

Generally, this really could be a FN for early recipients, but I advise to
check whether plugins like DCC and RAZOR2 are loaded and the SOUGHT ruleset
is being used.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread --[ UxBoD ]-- 
- "Clunk Werclick"  wrote:

| On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
| > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
| > > I disagree. It can do as much harm as good. My own view and  
| > > observation
| > > from the past have rendered it pointless in my context. It adds  
| > > latency,
| > > is easily poisoned and rarely makes much difference to the score.
| I do
| > > appreciate some people like it, but my own view is spam has moved
| on
| > > beyond the point of it being useful.
| > 
| > Facts? we don't need no pesky facts. You are very misinformed.
| Myself, I've seen some very poor Bayesian databases where users have
| been allowed to categorize mail as spam-v-ham. One company who deal
| with
| Pharmaceuticals for famine relief in Uganda and other poor African
| countries found bayes to mess with their core mail to a point that
| made
| it worthless in their context.
| 
| It really comes down to the context and effort -v- the return.
| > > No thanks, I'll pass on that. In this specific case it still would
| not
| > > have increased the score to a point where the clock cycles made it
|  
| > > worth
| > > it.
| > 
| > The Bayes score ALONE would have pushed this over the spam threshold
|  
| > on my machine.
| My point is the content of that mail, which has been circulating for
| weeks almost unchanged, really should bite on a core rule, not rely
| on
| plugins and bayes to catch it.
| 
| Interestingly, It is fair to say that Jari's follow up *did*
| show Bayes giving it 5 points. This was then destroyed by AWL
| dropping
| 4.1 off of it:
| 
| 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
| -4.1 AWL: From: address is in the auto  machine.
| 
| I've created a custom meta rule; I'm almost sorry I came here and
| asked.
| Some of the people here on this list are just so rude, and you sir,
| are
| an Arsehole!
| 
| > 
| 
| -- 
| ---
| C Werclick .Lot
| Technical incompetent
| Loyal Order Of The Teapot.
| 
| This e-mail and its attachments is intended only to be used as an
| e-mail
| and an attachment. Any use of it for other purposes other than as an
| e-mail and an attachment will not be covered by any warranty that may
| or
| may not form part of this e-mail and attachment. 
| 
And that kind of post can get you banned aswell!

Bayes works and any issues found are normally down to bad training.

Perhaps the second line of your sig may be the reason ? ;)

-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Martin Gregorie 
> Interestingly, It is fair to say that Jari's follow up *did*
> show Bayes giving it 5 points. This was then destroyed by AWL dropping
> 4.1 off of it:
> 
AWL, which is simply an averager, can get badly off target with some
mixes of ham/spam. It did with my mail feed, so I disabled it.
 

Martin

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Jari Fredriksson 
>> On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> 
> Interestingly, It is fair to say that Jari's
> follow up *did* show Bayes giving it 5 points. This was
> then destroyed by AWL dropping 
> 4.1 off of it:
> 
> 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> -4.1 AWL: From: address is in the auto  machine.
> 

No. AWL disabled the BOTNET ;)

Many rules to disable, the total was 17 what counts.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
> > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> > > > I disagree. It can do as much harm as good. My own view and
> > > > observation from the past have rendered it pointless in my context. It
> > > > adds latency, is easily poisoned and rarely makes much difference to
> > > > the score. I do appreciate some people like it, but my own view is
> > > > spam has moved on beyond the point of it being useful.
> 
> > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> > > Facts? we don't need no pesky facts. You are very misinformed.
> 
> On 14.09.09 08:48, Clunk Werclick wrote:
> > Myself, I've seen some very poor Bayesian databases where users have
> > been allowed to categorize mail as spam-v-ham. One company who deal with
> > Pharmaceuticals for famine relief in Uganda and other poor African
> > countries found bayes to mess with their core mail to a point that made
> > it worthless in their context.
> 
> I would say that is a result of badly trained BAYES, not fgrom its bad
> design. 
> 
> If you insist on not using bayes, just because it can be mistrained, better
> don't use any configurable software, because _everything_ configurable will 
> go wrong
> if miscongured.

The *issue* with bayes is it *can* have user input. Would you trust your
users influencing system wide policy? 

I've already stated I'll try it. So read the fucking follow up before
shouting your thick foreign mouth off you stupid cunt!



-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Matus UHLAR - fantomas 
> > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> > > > > I disagree. It can do as much harm as good. My own view and
> > > > > observation from the past have rendered it pointless in my context. It
> > > > > adds latency, is easily poisoned and rarely makes much difference to
> > > > > the score. I do appreciate some people like it, but my own view is
> > > > > spam has moved on beyond the point of it being useful.
> > 
> > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> > > > Facts? we don't need no pesky facts. You are very misinformed.
> > 
> > On 14.09.09 08:48, Clunk Werclick wrote:
> > > Myself, I've seen some very poor Bayesian databases where users have
> > > been allowed to categorize mail as spam-v-ham. One company who deal with
> > > Pharmaceuticals for famine relief in Uganda and other poor African
> > > countries found bayes to mess with their core mail to a point that made
> > > it worthless in their context.

> On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
> > I would say that is a result of badly trained BAYES, not fgrom its bad
> > design. 

On 14.09.09 12:06, Clunk Werclick wrote:
> The *issue* with bayes is it *can* have user input. Would you trust your
> users influencing system wide policy? 

That only happens if you allow your users to train system-wide BAYES.
However this is usually also called "misconfiguration" - in common
situations either users have their own bayes databases, or they can't train
the site-wide one.

> > If you insist on not using bayes, just because it can be mistrained,
> > better don't use any configurable software, because _everything_
> > configurable will go wrong if miscongured.

> I've already stated I'll try it. So read the fucking follow up before
> shouting your thick foreign mouth off you stupid cunt!

I have read your previous posts, I only wanted to react on some of your
"arguments".
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread --[ UxBoD ]-- 
- "Clunk Werclick"  wrote:

| On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
| > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
| > > > > I disagree. It can do as much harm as good. My own view and
| > > > > observation from the past have rendered it pointless in my
| context. It
| > > > > adds latency, is easily poisoned and rarely makes much
| difference to
| > > > > the score. I do appreciate some people like it, but my own
| view is
| > > > > spam has moved on beyond the point of it being useful.
| > 
| > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
| > > > Facts? we don't need no pesky facts. You are very misinformed.
| > 
| > On 14.09.09 08:48, Clunk Werclick wrote:
| > > Myself, I've seen some very poor Bayesian databases where users
| have
| > > been allowed to categorize mail as spam-v-ham. One company who
| deal with
| > > Pharmaceuticals for famine relief in Uganda and other poor
| African
| > > countries found bayes to mess with their core mail to a point that
| made
| > > it worthless in their context.
| > 
| > I would say that is a result of badly trained BAYES, not fgrom its
| bad
| > design. 
| > 
| > If you insist on not using bayes, just because it can be mistrained,
| better
| > don't use any configurable software, because _everything_
| configurable will go wrong
| > if miscongured.
| 
| The *issue* with bayes is it *can* have user input. Would you trust
| your
| users influencing system wide policy? 
| 
| I've already stated I'll try it. So read the xx follow up before
| shouting your thick foreign mouth off you stupid !
| 
If the OP cannot refrain from that sort of foul language when presented with 
counter arguments then please ban.  The list would be far happier IMHO.

BR,

-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread --[ UxBoD ]-- 
- "Matus UHLAR - fantomas"  wrote:

| > > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
| > > > > > I disagree. It can do as much harm as good. My own view and
| > > > > > observation from the past have rendered it pointless in my
| context. It
| > > > > > adds latency, is easily poisoned and rarely makes much
| difference to
| > > > > > the score. I do appreciate some people like it, but my own
| view is
| > > > > > spam has moved on beyond the point of it being useful.
| > > 
| > > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
| > > > > Facts? we don't need no pesky facts. You are very
| misinformed.
| > > 
| > > On 14.09.09 08:48, Clunk Werclick wrote:
| > > > Myself, I've seen some very poor Bayesian databases where users
| have
| > > > been allowed to categorize mail as spam-v-ham. One company who
| deal with
| > > > Pharmaceuticals for famine relief in Uganda and other poor
| African
| > > > countries found bayes to mess with their core mail to a point
| that made
| > > > it worthless in their context.
| 
| > On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
| > > I would say that is a result of badly trained BAYES, not fgrom its
| bad
| > > design. 
| 
| On 14.09.09 12:06, Clunk Werclick wrote:
| > The *issue* with bayes is it *can* have user input. Would you trust
| your
| > users influencing system wide policy? 
| 
| That only happens if you allow your users to train system-wide BAYES.
| However this is usually also called "misconfiguration" - in common
| situations either users have their own bayes databases, or they can't
| train
| the site-wide one.
| 
| > > If you insist on not using bayes, just because it can be
| mistrained,
| > > better don't use any configurable software, because _everything_
| > > configurable will go wrong if miscongured.
| 
| > I've already stated I'll try it. So read the fucking follow up
| before
| > shouting your thick foreign mouth off you stupid cunt!
| 
| I have read your previous posts, I only wanted to react on some of
| your
| "arguments".
I would post the private email I received from Clunk but I will not lower 
myself or expose the list to such vulgarity.

BR,

-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Mon, 2009-09-14 at 12:24 +0100, --[ UxBoD ]-- wrote:
> - "Clunk Werclick"  wrote:
> 
> | On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
> | > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> | > > > > I disagree. It can do as much harm as good. My own view and
> | > > > > observation from the past have rendered it pointless in my
> | context. It
> | > > > > adds latency, is easily poisoned and rarely makes much
> | difference to
> | > > > > the score. I do appreciate some people like it, but my own
> | view is
> | > > > > spam has moved on beyond the point of it being useful.
> | > 
> | > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> | > > > Facts? we don't need no pesky facts. You are very misinformed.
> | > 
> | > On 14.09.09 08:48, Clunk Werclick wrote:
> | > > Myself, I've seen some very poor Bayesian databases where users
> | have
> | > > been allowed to categorize mail as spam-v-ham. One company who
> | deal with
> | > > Pharmaceuticals for famine relief in Uganda and other poor
> | African
> | > > countries found bayes to mess with their core mail to a point that
> | made
> | > > it worthless in their context.
> | > 
> | > I would say that is a result of badly trained BAYES, not fgrom its
> | bad
> | > design. 
> | > 
> | > If you insist on not using bayes, just because it can be mistrained,
> | better
> | > don't use any configurable software, because _everything_
> | configurable will go wrong
> | > if miscongured.
> | 
> | The *issue* with bayes is it *can* have user input. Would you trust
> | your
> | users influencing system wide policy? 
> | 
> | I've already stated I'll try it. So read the xx follow up before
> | shouting your thick foreign mouth off you stupid !
> | 
> If the OP cannot refrain from that sort of foul language when presented with 
> counter arguments then please ban.  The list would be far happier IMHO.
Then stop off list mailing me you thick cunt and tell someone that
fucking cares.
> 
> BR,
> 
-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread --[ UxBoD ]-- 
 "Clunk Werclick"  wrote:

| On Mon, 2009-09-14 at 12:24 +0100, --[ UxBoD ]-- wrote:
| > - "Clunk Werclick"  wrote:
| > 
| > | On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
| > | > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
| > | > > > > I disagree. It can do as much harm as good. My own view
| and
| > | > > > > observation from the past have rendered it pointless in
| my
| > | context. It
| > | > > > > adds latency, is easily poisoned and rarely makes much
| > | difference to
| > | > > > > the score. I do appreciate some people like it, but my
| own
| > | view is
| > | > > > > spam has moved on beyond the point of it being useful.
| > | > 
| > | > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
| > | > > > Facts? we don't need no pesky facts. You are very
| misinformed.
| > | > 
| > | > On 14.09.09 08:48, Clunk Werclick wrote:
| > | > > Myself, I've seen some very poor Bayesian databases where
| users
| > | have
| > | > > been allowed to categorize mail as spam-v-ham. One company
| who
| > | deal with
| > | > > Pharmaceuticals for famine relief in Uganda and other poor
| > | African
| > | > > countries found bayes to mess with their core mail to a point
| that
| > | made
| > | > > it worthless in their context.
| > | > 
| > | > I would say that is a result of badly trained BAYES, not fgrom
| its
| > | bad
| > | > design. 
| > | > 
| > | > If you insist on not using bayes, just because it can be
| mistrained,
| > | better
| > | > don't use any configurable software, because _everything_
| > | configurable will go wrong
| > | > if miscongured.
| > | 
| > | The *issue* with bayes is it *can* have user input. Would you
| trust
| > | your
| > | users influencing system wide policy? 
| > | 
| > | I've already stated I'll try it. So read the xx follow up
| before
| > | shouting your thick foreign mouth off you stupid !
| > | 
| > If the OP cannot refrain from that sort of foul language when
| presented with counter arguments then please ban.  The list would be
| far happier IMHO.
| Then stop off list mailing me you thick cunt and tell someone that
| fucking cares.
| > 
| > BR,
| > 
Pity! all my posts have been on list - only direct one was to respond to your 
private message.  Ho hum.  Move along.

-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Benny Pedersen 

On man 14 sep 2009 11:46:21 CEST, Matus UHLAR - fantomas wrote


If you insist on not using bayes, just because it can be
mistrained, better don't use any configurable software, because  
_everything_ configurable will go wrong if miscongured.


excactly, spamassassin without any rules and plugins would be like  
postfix with empty main.cf :)


setting reply-to to ones own mail addr will stop maillist to be usefull, why?

it will soon be one that have plenty of questions and no answers, so  
using reply-to properly will be best for all


and freemail will also help others to understand it :)

--
xpoint

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Benny Pedersen 

On man 14 sep 2009 11:51:32 CEST, Matus UHLAR - fantomas wrote

-4.1 AWL AWL: From: address is in the auto white-list

... ouch!


?

just means that this msg was more spammy then what jari have seen from  
same from email ip pairs


maybe i am wroung :=)

--
xpoint

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Benny Pedersen 

On man 14 sep 2009 12:39:21 CEST, Martin Gregorie wrote

AWL, which is simply an averager, can get badly off target with
some mixes of ham/spam. It did with my mail feed, so I disabled it.


in that case you dont understand what awl does, why not adjust awl factor ?

(i hope ip can be set to other then /16 in 3.3.x) for the fyzzy  
matching ip ranges


imho /24 should be default

--
xpoint

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Martin Gregorie 
On Mon, 2009-09-14 at 13:57 +0200, Benny Pedersen wrote:
> On man 14 sep 2009 12:39:21 CEST, Martin Gregorie wrote
> > AWL, which is simply an averager, can get badly off target with
> > some mixes of ham/spam. It did with my mail feed, so I disabled it.
> 
> in that case you dont understand what awl does, why not adjust awl factor ?
> 
I understand exactly what it does, thankyou. Attempting to mitigate an
occasional spammy message from a correspondent is no use to me at all. I
have an automatic system that whitelists any address I've previously
sent mail to and doesn't affect any other senders.

  
Martin

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread John Hardin 

On Mon, 14 Sep 2009, Clunk Werclick wrote:


And trained some spam and I'll see how we get on.


Don't forget you also need to train some ham before Bayes will be able to 
start analyzing.


As a general rule of thumb it's a good idea to keep the trained ham:spam 
token ratio near even, or slightly heavier to the spam side (as the raw 
message volume is generally more spam than ham).


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  ...to announce there must be no criticism of the President or to
  stand by the President right or wrong is not only unpatriotic and
  servile, but is morally treasonous to the American public.
  -- Theodore Roosevelt, 1918
---
 3 days until the 222nd anniversary of the signing of the U.S. Constitution

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Mark Martinec 
On Monday 14 September 2009 13:57:44 Benny Pedersen wrote:
>why not adjust awl factor ?
> 
> (i hope ip can be set to other then /16 in 3.3.x) for the fyzzy
> matching ip ranges
> 
> imho /24 should be default

Benny, I very much agree with you, the /16 is too wide, and I've seen
cases where good and bad sites share the same /16 address range.

Would you please open a problem report on this. Perhaps there's
still time to get it to a 3.3.

  Mark

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread LuKreme 

On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
If the OP cannot refrain from that sort of foul language when  
presented with counter arguments then please ban.  The list would be  
far happier IMHO.


Based on his reply to Matus I put him on my 'soft' kill list.

(soft because all it does is mark his messages as read when they are  
received, so I still have them… but chances are I never see them).


I did have to lookup his "real" address clunk.wercl...@wibblywobblyteapot.co.uk 
 so I could mark both his throw-away gmail address and his 'real'  
address. I found it in my postfix spool.


Still, based on his ignorance and his volatile behavior *I* certainly  
don't have any interest in his getting helped, and I don't have to  
read his xenophobic abuse ever again.


--
Beware of the Leopard!

Re: [sa] Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread --[ UxBoD ]-- 

- "Charles Gregory"  wrote:

| On Mon, 14 Sep 2009, Clunk Werclick wrote:
| > Clearly not - but then, using Spamassassin as a filter ensures just
| > about everything gets through CUNTFACE.
| 
| Congratulations! You've done something I have very rarely seen
| on any internet forum. You've gotten everyone to AGREE on something!
| 
| I also agree: +1 Ban "Clunk".
| 
| - Charles
| 
| PS When signing e-mails, leave a blank line, and also, your name
| doesn't have to be in all-caps.
| 
| -- 
| This message has been scanned for viruses and
| dangerous content and is believed to be clean.
| 
| SplatNIX IT Services :: Innovation through collaboration

As expressed to a couple of other members, off list, the OP also launched a 
SMTP DoS attack against me.  If anybody would like further information please 
let me know.

Best Regards,


-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: [sa] Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread John Hardin 

On Mon, 14 Sep 2009, Charles Gregory wrote:


On Mon, 14 Sep 2009, Clunk Werclick wrote:


{childish rant snipped}


Congratulations! You've done something I have very rarely seen on any 
internet forum. You've gotten everyone to AGREE on something!


I also agree: +1 Ban "Clunk".


Public warning: he is apparently attempting a SMTP DoS on at least one 
participant in this thread.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Our government should bear in mind the fact that the American
  Revolution was touched off by the then-current government
  attempting to confiscate firearms from the people.
---
 3 days until the 222nd anniversary of the signing of the U.S. Constitution

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Rick Macdougall 

John Hardin wrote:

On Mon, 14 Sep 2009, LuKreme wrote:


On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:

If the OP cannot refrain from that sort of foul language when 
presented with counter arguments then please ban.  The list would be 
far happier IMHO.


Based on his reply to LuKreme, +1 on a ban.

Maybe we can put some special rules into the base SA release, too... :)



He's only the second person in 16 years to make it into my kill file.

So +1 from me as well.

Rick

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Mon, 2009-09-14 at 07:54 -0700, Bill Landry wrote:
> Clunk Werclick wrote:
> > On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
> >> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
> >>> If the OP cannot refrain from that sort of foul language when  
> >>> presented with counter arguments then please ban.  The list would be  
> >>> far happier IMHO.
> >> Based on his reply to Matus I put him on my 'soft' kill list.
> >>
> >> (soft because all it does is mark his messages as read when they are  
> >> received, so I still have them… but chances are I never see them).
> >>
> >> I did have to lookup his "real" address 
> >> clunk.wercl...@wibblywobblyteapot.co.uk 
> >>   so I could mark both his throw-away gmail address and his 'real'  
> >> address. I found it in my postfix spool.
> >>
> >> Still, based on his ignorance and his volatile behavior *I* certainly  
> >> don't have any interest in his getting helped, and I don't have to  
> >> read his xenophobic abuse ever again.
> > Man, I'm going to lose *so* much sleep about that. From what I have
> > read, the majority of you are a bunch of gay arse lovers up eachother.
> > And fuckwits too boot.
> > 
> > I hope you die ejaculating up each others arse holes.
> 
> So how far does someone have to go before getting banned from the list?
>  Is this not far enough yet?
> 
> Bill
Clearly not - but then, using Spamassassin as a filter ensures just
about everything gets through CUNTFACE.

-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread LuKreme 

On 14-Sep-2009, at 10:17, jdow wrote:

:0
* 9876543210^0 ^From: .*\

* 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk

/dev/null


Will work better. (and you don't need a lock on /dev/null)

--
In England 100 miles is a long distance. In the US 100 years is a
long time

Re: [sa] Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Charles Gregory 

On Mon, 14 Sep 2009, Clunk Werclick wrote:

Clearly not - but then, using Spamassassin as a filter ensures just
about everything gets through CUNTFACE.


Congratulations! You've done something I have very rarely seen
on any internet forum. You've gotten everyone to AGREE on something!

I also agree: +1 Ban "Clunk".

- Charles

PS When signing e-mails, leave a blank line, and also, your name
doesn't have to be in all-caps.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread LuKreme 

On 14-Sep-2009, at 09:45, Gene Heskett wrote:

On Monday 14 September 2009, Bill Landry wrote:

Clunk Werclick wrote:

On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:

Based on his reply to Matus I put him on my 'soft' kill list.


Now see, when you all quote his messages in full it's kind of  
defeating my soft kill file!


:)


--
Generalizations are always inaccurate.
--Mugsy

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread John Hardin 

On Mon, 14 Sep 2009, Clunk Werclick wrote:


On Mon, 2009-09-14 at 17:30 +0100, --[ UxBoD ]-- wrote:


As expressed to a couple of other members, off list, the OP also 
launched a SMTP DoS attack against me.  If anybody would like further 
information please let me know.


Now you are living in a fantasy world. You sent me an off list mail
saying 'you are blocked'. I replied a thousand times to test that.


How mature.


Clearly your blocking is a sack of shit then.


*plonk*

Try mine.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Our government should bear in mind the fact that the American
  Revolution was touched off by the then-current government
  attempting to confiscate firearms from the people.
---
 3 days until the 222nd anniversary of the signing of the U.S. Constitution

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread --[ UxBoD ]-- 
- "Chris Owen"  wrote:

| On Sep 14, 2009, at 11:38 AM, LuKreme wrote:
| 
| > On 14-Sep-2009, at 10:17, jdow wrote:
| >> :0
| >> * 9876543210^0 ^From: .*\
| > * 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk
| >> /dev/null
| >
| > Will work better. (and you don't need a lock on /dev/null)
| 
| I usually also use the 'h' flag on /dev/null rules:
| 
| :0h
| 
| I'm sure writing to /dev/null doesn't take very long but why bother  
| writing the body of the message.
| 
| Chris
| 
| -
| Chris Owen - Garden City (620) 275-1900 -  Lottery (noun):
| President  - Wichita (316) 858-3000 -A stupidity tax
| Hubris Communications Inc  www.hubris.net
| -
| 
Well I happen to know the MD of my ISP so perhaps I shall have a word ... I am 
sure he would not want DoS going in through his network ...

These things can bring a list into dis-repute.  It is okay to voice one owns 
opinion; but without profanity and blatant disrepect to anothers resources!

We all sit on these lists to help each other and learn.

Best Regards,

-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Chris Owen 

On Sep 14, 2009, at 11:38 AM, LuKreme wrote:


On 14-Sep-2009, at 10:17, jdow wrote:

:0
* 9876543210^0 ^From: .*\

* 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk

/dev/null


Will work better. (and you don't need a lock on /dev/null)


I usually also use the 'h' flag on /dev/null rules:

:0h

I'm sure writing to /dev/null doesn't take very long but why bother  
writing the body of the message.


Chris

-
Chris Owen - Garden City (620) 275-1900 -  Lottery (noun):
President  - Wichita (316) 858-3000 -A stupidity tax
Hubris Communications Inc  www.hubris.net
-

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Mon, 2009-09-14 at 11:06 -0400, Rick Macdougall wrote:
> John Hardin wrote:
> > On Mon, 14 Sep 2009, LuKreme wrote:
> > 
> >> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
> >>
> >>> If the OP cannot refrain from that sort of foul language when 
> >>> presented with counter arguments then please ban.  The list would be 
> >>> far happier IMHO.
> > 
> > Based on his reply to LuKreme, +1 on a ban.
> > 
> > Maybe we can put some special rules into the base SA release, too... :)
> > 
> 
> He's only the second person in 16 years to make it into my kill file.
> 
> So +1 from me as well.
> 
> Rick
And let me guess, you've been running Windows 7 for all of those 16
years *yawn*
-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Gene Heskett 
On Monday 14 September 2009, Bill Landry wrote:
>Clunk Werclick wrote:
>> On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
>>> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
 If the OP cannot refrain from that sort of foul language when
 presented with counter arguments then please ban.  The list would be
 far happier IMHO.
>>>
>>> Based on his reply to Matus I put him on my 'soft' kill list.
>>>
>>> (soft because all it does is mark his messages as read when they are
>>> received, so I still have them… but chances are I never see them).
>>>
>>> I did have to lookup his "real" address
>>> clunk.wercl...@wibblywobblyteapot.co.uk so I could mark both his
>>> throw-away gmail address and his 'real' address. I found it in my
>>> postfix spool.
>>>
>>> Still, based on his ignorance and his volatile behavior *I* certainly
>>> don't have any interest in his getting helped, and I don't have to
>>> read his xenophobic abuse ever again.
>>
>> Man, I'm going to lose *so* much sleep about that. From what I have
>> read, the majority of you are a bunch of gay arse lovers up eachother.
>> And fuckwits too boot.
>>
>> I hope you die ejaculating up each others arse holes.
>
>So how far does someone have to go before getting banned from the list?
> Is this not far enough yet?
>
>Bill
You beat me to it Bill.  Its time this potty mouth was silenced.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.


Artificial intelligence has the same relation to intelligence as
artificial flowers have to flowers.
-- David Parnas

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Chris Owen 

On Sep 14, 2009, at 11:34 AM, John Hardin wrote:

Public warning: he is apparently attempting a SMTP DoS on at least  
one participant in this thread.


From Google ;-]  He obviously isn't capable for running his own mail  
server.


Chris

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread --[ UxBoD ]-- 
- "LuKreme"  wrote:

| On 14-Sep-2009, at 10:17, jdow wrote:
| > :0
| > * 9876543210^0 ^From: .*\
| * 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk
| > /dev/null
| 
| Will work better. (and you don't need a lock on /dev/null)
| 
| -- 
| In England 100 miles is a long distance. In the US 100 years is a
|   long time
| 
| 
Perhaps the OP should read the AUP ! 
http://www.zen.co.uk/policies/acceptable-use-policy.aspx

Best Regards,


-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
> > If the OP cannot refrain from that sort of foul language when  
> > presented with counter arguments then please ban.  The list would be  
> > far happier IMHO.
> 
> Based on his reply to Matus I put him on my 'soft' kill list.
> 
> (soft because all it does is mark his messages as read when they are  
> received, so I still have them… but chances are I never see them).
> 
> I did have to lookup his "real" address 
> clunk.wercl...@wibblywobblyteapot.co.uk 
>   so I could mark both his throw-away gmail address and his 'real'  
> address. I found it in my postfix spool.
> 
> Still, based on his ignorance and his volatile behavior *I* certainly  
> don't have any interest in his getting helped, and I don't have to  
> read his xenophobic abuse ever again.
Man, I'm going to lose *so* much sleep about that. From what I have
read, the majority of you are a bunch of gay arse lovers up eachother.
And fuckwits too boot.

I hope you die ejaculating up each others arse holes.

-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread John Hardin 

On Mon, 14 Sep 2009, LuKreme wrote:


On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:

If the OP cannot refrain from that sort of foul language when presented 
with counter arguments then please ban.  The list would be far happier 
IMHO.


Based on his reply to LuKreme, +1 on a ban.

Maybe we can put some special rules into the base SA release, too... :)

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Gun Control is marketed to the public using the appealing delusion
  that violent criminals will obey the law.
---
 3 days until the 222nd anniversary of the signing of the U.S. Constitution

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Bill Landry 
Clunk Werclick wrote:
> On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
>> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
>>> If the OP cannot refrain from that sort of foul language when  
>>> presented with counter arguments then please ban.  The list would be  
>>> far happier IMHO.
>> Based on his reply to Matus I put him on my 'soft' kill list.
>>
>> (soft because all it does is mark his messages as read when they are  
>> received, so I still have them… but chances are I never see them).
>>
>> I did have to lookup his "real" address 
>> clunk.wercl...@wibblywobblyteapot.co.uk 
>>   so I could mark both his throw-away gmail address and his 'real'  
>> address. I found it in my postfix spool.
>>
>> Still, based on his ignorance and his volatile behavior *I* certainly  
>> don't have any interest in his getting helped, and I don't have to  
>> read his xenophobic abuse ever again.
> Man, I'm going to lose *so* much sleep about that. From what I have
> read, the majority of you are a bunch of gay arse lovers up eachother.
> And fuckwits too boot.
> 
> I hope you die ejaculating up each others arse holes.

So how far does someone have to go before getting banned from the list?
 Is this not far enough yet?

Bill

.cn domain age query?

2009-09-14 Thread Warren Togami 

(resend, first attempted about 14 hours ago)

I noticed that many spam (in English) have links like this post because of apache.org's spam filter>.cn where the domains are 
not triggering URIBL's.  It seems that they have thousands of 
.cn domains (very cheap to register?), and I very rarely see 
them repeat from one spam to the next.


One thing they all have in common is their registration dates are very 
young according to whois lookups.  It seems in general if we had a 
reliable way to lookup domain age we might be able to differentiate spam.


Is there any good way to query for the age of a domain?  Unfortunately 
it seems whois is too slow and the text format is non-standard.


Warren Togami
wtog...@redhat.com

Re: .cn domain age query?

2009-09-14 Thread John Hardin 

On Mon, 14 Sep 2009, Warren Togami wrote:

One thing they all have in common is their registration dates are very 
young according to whois lookups.  It seems in general if we had a 
reliable way to lookup domain age we might be able to differentiate 
spam.


What's the current status of the Day Old Bread BL? Has it moved to 
subscription-only?


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  USMC Rules of Gunfighting #12: Have a plan.
  USMC Rules of Gunfighting #13: Have a back-up plan, because the
  first one won't work.
---
 3 days until the 222nd anniversary of the signing of the U.S. Constitution

Re: .cn domain age query?

2009-09-14 Thread Chris Owen 

On Sep 14, 2009, at 12:41 PM, John Hardin wrote:


On Mon, 14 Sep 2009, Warren Togami wrote:

One thing they all have in common is their registration dates are  
very young according to whois lookups.  It seems in general if we  
had a reliable way to lookup domain age we might be able to  
differentiate spam.


What's the current status of the Day Old Bread BL? Has it moved to  
subscription-only?


It don't think it has but you can drill down a bit further with the  
SEM lists:


http://spameatingmonkey.com/lists.html

They will tell you domains that are 5, 10 and 15 days old.

Chris

-
Chris Owen - Garden City (620) 275-1900 -  Lottery (noun):
President  - Wichita (316) 858-3000 -A stupidity tax
Hubris Communications Inc  www.hubris.net
-

Re: .cn domain age query?

2009-09-14 Thread --[ UxBoD ]-- 
- "Bill Landry"  wrote:

| > On Mon, 14 Sep 2009, Warren Togami wrote:
| >
| >> One thing they all have in common is their registration dates are
| very
| >> young according to whois lookups.  It seems in general if we had a
| >> reliable way to lookup domain age we might be able to
| differentiate
| >> spam.
| >
| > What's the current status of the Day Old Bread BL? Has it moved to
| > subscription-only?
| 
| Still working fine for me here, 51 hits so far today against DOB.
| 
| Bill
| 
Not come across that RBL before! Thanks :)

Best Regards,

-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: .cn domain age query?

2009-09-14 Thread Mike Cardwell 

Chris Owen wrote:

One thing they all have in common is their registration dates are 
very young according to whois lookups.  It seems in general if we had 
a reliable way to lookup domain age we might be able to differentiate 
spam.


What's the current status of the Day Old Bread BL? Has it moved to 
subscription-only?


It don't think it has but you can drill down a bit further with the SEM 
lists:


http://spameatingmonkey.com/lists.html

They will tell you domains that are 5, 10 and 15 days old.


That wouldn't help in this particular case:

"All domains registered in the last 5 days under the .BIZ, .COM, .INFO, 
.NAME, .NET and .US TLDs"


Doesn't work for .cn's, or any other country level tld's (apart from .us)

--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/

Re: .cn domain age query?

2009-09-14 Thread Bill Landry 
> On Mon, 14 Sep 2009, Warren Togami wrote:
>
>> One thing they all have in common is their registration dates are very
>> young according to whois lookups.  It seems in general if we had a
>> reliable way to lookup domain age we might be able to differentiate
>> spam.
>
> What's the current status of the Day Old Bread BL? Has it moved to
> subscription-only?

Still working fine for me here, 51 hits so far today against DOB.

Bill

Re: .cn domain age query?

2009-09-14 Thread John Hardin 

On Mon, 14 Sep 2009, Mike Cardwell wrote:


Chris Owen wrote:


 http://spameatingmonkey.com/lists.html

 They will tell you domains that are 5, 10 and 15 days old.


That wouldn't help in this particular case:

"All domains registered in the last 5 days under the .BIZ, .COM, .INFO, 
.NAME, .NET and .US TLDs"


Doesn't work for .cn's, or any other country level tld's (apart from .us)


Query sent about adding .cn TLD.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  One death is a tragedy; thirty is a media sensation;
  a million is a statistic.  -- Joseph Stalin, modernized
---
 3 days until the 222nd anniversary of the signing of the U.S. Constitution

Re: .cn domain age query?

2009-09-14 Thread Karsten Bräckelmann 
On Mon, 2009-09-14 at 18:55 +0100, --[ UxBoD ]-- wrote:
> | Still working fine for me here, 51 hits so far today against DOB.
> 
> Not come across that RBL before! Thanks :)

grep _DOB *.cf# Part of the stock rule-set.


-- 
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Benny Pedersen 

On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote

So how far does someone have to go before getting banned from the
list? Is this not far enough yet?


he just come back with another sender email, with another reply-to, it  
will be endless banning new email adresses


--
xpoint

Re: .cn domain age query?

2009-09-14 Thread --[ UxBoD ]-- 
- "Karsten Bräckelmann"  wrote:

| On Mon, 2009-09-14 at 18:55 +0100, --[ UxBoD ]-- wrote:
| > | Still working fine for me here, 51 hits so far today against DOB.
| > 
| > Not come across that RBL before! Thanks :)
| 
| grep _DOB *.cf# Part of the stock rule-set.
| 
| 
| -- 
| char
| *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
| main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){
| putchar(t[s]);h=m;s=0; }}}
| 
How dumb me be ;) Thanks Karsten :D

Should have checked ... Been to busy defending a previous naughty OP ;)

Best Regards,



-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread --[ UxBoD ]-- 
- "Benny Pedersen"  wrote:

| On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
| > So how far does someone have to go before getting banned from the
| > list? Is this not far enough yet?
| 
| he just come back with another sender email, with another reply-to, it
|  
| will be endless banning new email adresses
| 
| -- 
| xpoint
| 
| 
Blocked now @ FW .. Will contact Zen tomorrow and report as the OP is in 
violation of the ISP AUP.

Best Regards,

-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
> - "Benny Pedersen"  wrote:
> 
> | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> | > So how far does someone have to go before getting banned from the
> | > list? Is this not far enough yet?
> | 
> | he just come back with another sender email, with another reply-to, it
> |  
> | will be endless banning new email adresses
> | 
> | -- 
> | xpoint
> | 
> | 
> Blocked now @ FW .. Will contact Zen tomorrow and report as the OP is in 
> violation of the ISP AUP.

go *right* ahead. Here you go:
ab...@zen.co.uk

I guess it will take a retard like you a *whole* day to find it.

> 
> Best Regards,
> 
-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: .cn domain age query?

2009-09-14 Thread Karsten Bräckelmann 
On Mon, 2009-09-14 at 19:51 +0100, UxBoD wrote:
> - "Karsten Bräckelmann" wrote:

> | grep _DOB *.cf# Part of the stock rule-set.
> 
> How dumb me be ;) Thanks Karsten :D

Heh, no problem. :)  Just figured I should spare you the time of adding
it, and prevent you from scoring twice.


-- 
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread --[ UxBoD ]-- 
- "Clunk Werclick"  wrote:

| On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
| > - "Benny Pedersen"  wrote:
| > 
| > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
| > | > So how far does someone have to go before getting banned from
| the
| > | > list? Is this not far enough yet?
| > | 
| > | he just come back with another sender email, with another
| reply-to, it
| > |  
| > | will be endless banning new email adresses
| > | 
| > | -- 
| > | xpoint
| > | 
| > | 
| > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
| is in violation of the ISP AUP.
| 
| go *right* ahead. Here you go:
| ab...@zen.co.uk
| 
| I guess it will take a retard like you a *whole* day to find it.
| 
| > 
| > Best Regards,
| > 
Not at all ... If you were so kind as to have stopped the profanity and 
vulgarity then people would have been more approachable and helpful.

It was kindly asked that you refrained from such posting yet you felt you were 
excempted.  As I have already said the lists are here to help people and learn. 
 We should not be exposed to such rubbish.  Otherwise why have the lists in the 
first place?

Every individual has the right to put forward their view and opinion; but when 
using the language you felt easy to adopt it makes a mockery.

And I must say thank you for the email address; that really helps (not).  A 
phone call is a lot easier to explain on the potential impact a ISP subscriber 
could be having to the providers business.

I believe you could put some valid viewpoints forward, and if this was done in 
a mature, professional manner I am sure everyone would be very pleased.

Thank you for your time.

Best Regards,



-- 
This message has been scanned for viruses and
dangerous content and is believed to be clean.

SplatNIX IT Services :: Innovation through collaboration

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote:
> - "Clunk Werclick"  wrote:
> 
> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
> | > - "Benny Pedersen"  wrote:
> | > 
> | > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> | > | > So how far does someone have to go before getting banned from
> | the
> | > | > list? Is this not far enough yet?
> | > | 
> | > | he just come back with another sender email, with another
> | reply-to, it
> | > |  
> | > | will be endless banning new email adresses
> | > | 
> | > | -- 
> | > | xpoint
> | > | 
> | > | 
> | > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
> | is in violation of the ISP AUP.
> | 
> | go *right* ahead. Here you go:
> | ab...@zen.co.uk
> | 
> | I guess it will take a retard like you a *whole* day to find it.
> | 
> | > 
> | > Best Regards,
> | > 
> Not at all ... If you were so kind as to have stopped the profanity and 
> vulgarity then people would have been more approachable and helpful.
> 
> It was kindly asked that you refrained from such posting yet you felt you 
> were excempted.  As I have already said the lists are here to help people and 
> learn.  We should not be exposed to such rubbish.  Otherwise why have the 
> lists in the first place?
> 
> Every individual has the right to put forward their view and opinion; but 
> when using the language you felt easy to adopt it makes a mockery.
> 
> And I must say thank you for the email address; that really helps (not).  A 
> phone call is a lot easier to explain on the potential impact a ISP 
> subscriber could be having to the providers business.
> 
> I believe you could put some valid viewpoints forward, and if this was done 
> in a mature, professional manner I am sure everyone would be very pleased.
> 
> Thank you for your time.
> 
> Best Regards,
> 

And had you not taken to emailing me off list, you would have been
spared the abuse you deserved.

Grow up with your 'DoS' crap. I look forward to hearing from Zen. 

Keep you shitty posts *on* list in future.

-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Bill Landry 
--[ UxBoD ]-- wrote:
> - "Clunk Werclick"  wrote:
> 
> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
> | > - "Benny Pedersen"  wrote:
> | > 
> | > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> | > | > So how far does someone have to go before getting banned from
> | the
> | > | > list? Is this not far enough yet?
> | > | 
> | > | he just come back with another sender email, with another
> | reply-to, it
> | > |  
> | > | will be endless banning new email adresses
> | > | 
> | > | -- 
> | > | xpoint
> | > | 
> | > | 
> | > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
> | is in violation of the ISP AUP.
> | 
> | go *right* ahead. Here you go:
> | ab...@zen.co.uk
> | 
> | I guess it will take a retard like you a *whole* day to find it.
> | 
> | > 
> | > Best Regards,
> | > 
> Not at all ... If you were so kind as to have stopped the profanity and 
> vulgarity then people would have been more approachable and helpful.
> 
> It was kindly asked that you refrained from such posting yet you felt you 
> were excempted.  As I have already said the lists are here to help people and 
> learn.  We should not be exposed to such rubbish.  Otherwise why have the 
> lists in the first place?
> 
> Every individual has the right to put forward their view and opinion; but 
> when using the language you felt easy to adopt it makes a mockery.
> 
> And I must say thank you for the email address; that really helps (not).  A 
> phone call is a lot easier to explain on the potential impact a ISP 
> subscriber could be having to the providers business.

You might also consider reporting his googlemail address to Google, as
well, and provide proof of the denial of smtp server attack he ran
against your mail server.  That should get his account shutdown, as well.

> I believe you could put some valid viewpoints forward, and if this was done 
> in a mature, professional manner I am sure everyone would be very pleased.

Don't waste your breath (keystrokes) on this guy, he has no common sense
- things like this are way beyond his comprehension level.

Bill

Re: .cn domain age query?

2009-09-14 Thread Blaine Fleming 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Let's try this again with sending to the list.  Sorry Mike!

Mike Cardwell wrote:
> That wouldn't help in this particular case:
> 
> "All domains registered in the last 5 days under the .BIZ, .COM, .INFO,
> .NAME, .NET and .US TLDs"
> 
> Doesn't work for .cn's, or any other country level tld's (apart from .us)

Unfortunately, ccTLDs aren't very cooperative in matters such as this.
There are a few exceptions but most of them will ignore requests for
zone file access or outright tell you they can't for "security reasons".

The operators of the .cn TLD are unwilling to work with me at all.

If anyone has any contacts at various ccTLDs that are willing to grant
people access to zone files then please let the list know.  I'm sure
there are several others that would like to get access.

- --Blaine
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)

iEYEARECAAYFAkqunckACgkQLp9/dJH6k+MKQwCgh+9L8+5edKSwRKUAcelT1BDR
hQUAn2beU0Vy4oFULDaZjh8IQluQ7exT
=ZO2c
-END PGP SIGNATURE-

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Bill Landry 
Clunk Werclick wrote:
> On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote:
>> - "Clunk Werclick"  wrote:
>>
>> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
>> | > - "Benny Pedersen"  wrote:
>> | > 
>> | > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
>> | > | > So how far does someone have to go before getting banned from
>> | the
>> | > | > list? Is this not far enough yet?
>> | > | 
>> | > | he just come back with another sender email, with another
>> | reply-to, it
>> | > |  
>> | > | will be endless banning new email adresses
>> | > | 
>> | > | -- 
>> | > | xpoint
>> | > | 
>> | > | 
>> | > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
>> | is in violation of the ISP AUP.
>> | 
>> | go *right* ahead. Here you go:
>> | ab...@zen.co.uk
>> | 
>> | I guess it will take a retard like you a *whole* day to find it.
>> | 
>> | > 
>> | > Best Regards,
>> | > 
>> Not at all ... If you were so kind as to have stopped the profanity and 
>> vulgarity then people would have been more approachable and helpful.
>>
>> It was kindly asked that you refrained from such posting yet you felt you 
>> were excempted.  As I have already said the lists are here to help people 
>> and learn.  We should not be exposed to such rubbish.  Otherwise why have 
>> the lists in the first place?
>>
>> Every individual has the right to put forward their view and opinion; but 
>> when using the language you felt easy to adopt it makes a mockery.
>>
>> And I must say thank you for the email address; that really helps (not).  A 
>> phone call is a lot easier to explain on the potential impact a ISP 
>> subscriber could be having to the providers business.
>>
>> I believe you could put some valid viewpoints forward, and if this was done 
>> in a mature, professional manner I am sure everyone would be very pleased.
>>
>> Thank you for your time.
>>
>> Best Regards,
>>
> 
> And had you not taken to emailing me off list, you would have been
> spared the abuse you deserved.
> 
> Grow up with your 'DoS' crap. I look forward to hearing from Zen. 
> 
> Keep you shitty posts *on* list in future.

Are all of the list admins on vacation?  This kind of crap would not be
tolerated on most lists I'm subscribed to.  This stuff happens way too
often on this list without repercussion.  If the list admins don't put a
stop to these kinds of posts, expect people to start unsubscribing, as
it's not just not worth the hassle.

Bill

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Clunk Werclick 
On Mon, 2009-09-14 at 12:49 -0700, Bill Landry wrote:
> Clunk Werclick wrote:
> > On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote:
> >> - "Clunk Werclick"  wrote:
> >>
> >> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
> >> | > - "Benny Pedersen"  wrote:
> >> | > 
> >> | > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> >> | > | > So how far does someone have to go before getting banned from
> >> | the
> >> | > | > list? Is this not far enough yet?
> >> | > | 
> >> | > | he just come back with another sender email, with another
> >> | reply-to, it
> >> | > |  
> >> | > | will be endless banning new email adresses
> >> | > | 
> >> | > | -- 
> >> | > | xpoint
> >> | > | 
> >> | > | 
> >> | > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
> >> | is in violation of the ISP AUP.
> >> | 
> >> | go *right* ahead. Here you go:
> >> | ab...@zen.co.uk
> >> | 
> >> | I guess it will take a retard like you a *whole* day to find it.
> >> | 
> >> | > 
> >> | > Best Regards,
> >> | > 
> >> Not at all ... If you were so kind as to have stopped the profanity and 
> >> vulgarity then people would have been more approachable and helpful.
> >>
> >> It was kindly asked that you refrained from such posting yet you felt you 
> >> were excempted.  As I have already said the lists are here to help people 
> >> and learn.  We should not be exposed to such rubbish.  Otherwise why have 
> >> the lists in the first place?
> >>
> >> Every individual has the right to put forward their view and opinion; but 
> >> when using the language you felt easy to adopt it makes a mockery.
> >>
> >> And I must say thank you for the email address; that really helps (not).  
> >> A phone call is a lot easier to explain on the potential impact a ISP 
> >> subscriber could be having to the providers business.
> >>
> >> I believe you could put some valid viewpoints forward, and if this was 
> >> done in a mature, professional manner I am sure everyone would be very 
> >> pleased.
> >>
> >> Thank you for your time.
> >>
> >> Best Regards,
> >>
> > 
> > And had you not taken to emailing me off list, you would have been
> > spared the abuse you deserved.
> > 
> > Grow up with your 'DoS' crap. I look forward to hearing from Zen. 
> > 
> > Keep you shitty posts *on* list in future.
> 
> Are all of the list admins on vacation?  This kind of crap would not be
> tolerated on most lists I'm subscribed to.  This stuff happens way too
> often on this list without repercussion.  If the list admins don't put a
> stop to these kinds of posts, expect people to start unsubscribing, as
> it's not just not worth the hassle.
> Bill
Then stop following it up to try and be smart. If it's not of interest
to you, just shut the fuck up and ignore it twonk.


-- 
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.

This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread jdow 

From: "LuKreme" 
Sent: Monday, 2009/September/14 09:38



On 14-Sep-2009, at 10:17, jdow wrote:

:0
* 9876543210^0 ^From: .*\

* 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk

/dev/null


Will work better. (and you don't need a lock on /dev/null)


Simply used "* ^From:.*wibblywobblyteapot\.co\.uk"

And the basic formula has a lock for writing to a file. I use it
for pre-sorting things I might want to look at sometime but do not
want in my normal mail.
===8<--- (This one is for a ham radio rectal cranial inversion case.)
:0:
* ^From: .*\
/$HOME/mail/billygoat
===8<---

Cut and past is quick even if it does lead to locks on /dev/null "writes".
{^_-}

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Benny Pedersen 

On man 14 sep 2009 20:52:29 CEST, "--[ UxBoD ]--" wrote


Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
is in violation of the ISP AUP.


i use sa2dnsbl plugin, it have aroud 400 ips not listed elsewhere :)

wondered if zen wants my data ?

--
xpoint

Spamc issues with remote userprefs

2009-09-14 Thread Ryan Thoryk 
Hi,

We're rebuilding a mail server and are having some issues with SQL-based
SA preference lookups.  We're running Postfix 2.5.5 and SA 3.2.5 (Debian
Lenny version) - here's our Postfix config from master.cf:
spamassassin unix - n   n   -   -   pipe
user=spamd argv=/usr/bin/spamc -u ${user} -e /usr/sbin/sendmail -oi -f
${sender} ${recipient}

old non-lookup line:
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender}
${recipient}

What's happening is that individual incoming messages get handed off to
SA using the spamc command above, but SA is only processing the first
message and never handing it back to Postfix, while the other messages
never seem to get processed at all (nothing at all about them in the
logs).  The old non-lookup line works fine.  Has anyone here experienced
similar issues?

Ryan Thoryk


-- 
Ryan Thoryk
System Administrator
onShore Networks, LLC
completeIT® services
1407 West Chicago Avenue
Chicago, Illinois 60642-5231
312.850.5200 x146
ry...@onshore.com
www.onshore.com

Drivel

2009-09-14 Thread Charles Gregory 

On Mon, 14 Sep 2009, Clunk Werclick wrote:
(more drivel)

Good users all. Never heard of a troll?
Nonsensical. Irritating. Taunting.

Best defense against this kind of childish antic is to IGNORE it.

Yes, a firewall setting doesn't hurt.

- Charles

Re: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Benny Pedersen 

On man 14 sep 2009 15:46:22 CEST, Mark Martinec wrote

Benny, I very much agree with you, the /16 is too wide, and I've
seen cases where good and bad sites share the same /16 address range.


is the dkim awl not solveing it in 3.3 ?

why is spf not added ?


Would you please open a problem report on this. Perhaps there's
still time to get it to a 3.3.


i created a patch to 3.2.5

diff -urp  
sa/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm  
sa-patch/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm
---  
sa/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm	2008-06-10  
11:20:22.0 +0200
+++  
sa-patch/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm	2009-09-14 23:36:51.0  
+0200

@@ -271,7 +271,9 @@ sub pack_addr {
 # the user running "add-addr-to-*".
 $origip = 'none';
   } else {
-$origip =~ s/\.\d{1,3}\.\d{1,3}$//gs;
+# patch 3.2.5 to use /24 where default is /16
+# $origip =~ s/\.\d{1,3}\.\d{1,3}$//gs;
+$origip =~ s/\.\d{1,3}\.\d{1,3}\.\d{1,3}$//gs;
   }

   $origip =~ s/[^0-9\.noe]/_/gs;   # paranoia





warning i dont know perl to be sure its working :)

hope this is all that is needed to change the hardcoded /16 to hardcoded /24

--
xpoint

RE: Non scoring 'Bank Deposit' spam

2009-09-14 Thread Michael Hutchinson 
> -Original Message-
> From: --[ UxBoD ]-- [mailto:ux...@splatnix.net]
> Sent: Monday, 14 September 2009 11:27 p.m.
> To: Matus UHLAR - fantomas
> Cc: users@spamassassin.apache.org
> Subject: Re: Non scoring 'Bank Deposit' spam
> 
> - "Matus UHLAR - fantomas"  wrote:
> 
> | > > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> | > > > > > I disagree. It can do as much harm as good. My own view and
> | > > > > > observation from the past have rendered it pointless in my
> | context. It
> | > > > > > adds latency, is easily poisoned and rarely makes much
> | difference to
> | > > > > > the score. I do appreciate some people like it, but my own
> | view is
> | > > > > > spam has moved on beyond the point of it being useful.
> | > >
> | > > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> | > > > > Facts? we don't need no pesky facts. You are very
> | misinformed.
> | > >
> | > > On 14.09.09 08:48, Clunk Werclick wrote:
> | > > > Myself, I've seen some very poor Bayesian databases where users
> | have
> | > > > been allowed to categorize mail as spam-v-ham. One company who
> | deal with
> | > > > Pharmaceuticals for famine relief in Uganda and other poor
> | African
> | > > > countries found bayes to mess with their core mail to a point
> | that made
> | > > > it worthless in their context.
> |
> | > On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
> | > > I would say that is a result of badly trained BAYES, not fgrom
> its
> | bad
> | > > design.
> |
> | On 14.09.09 12:06, Clunk Werclick wrote:
> | > The *issue* with bayes is it *can* have user input. Would you trust
> | your
> | > users influencing system wide policy?
> |
> | That only happens if you allow your users to train system-wide BAYES.
> | However this is usually also called "misconfiguration" - in common
> | situations either users have their own bayes databases, or they can't
> | train
> | the site-wide one.
> |
> | > > If you insist on not using bayes, just because it can be
> | mistrained,
> | > > better don't use any configurable software, because _everything_
> | > > configurable will go wrong if miscongured.
> |
> | > I've already stated I'll try it. So read the fucking follow up
> | before
> | > shouting your thick foreign mouth off you stupid cunt!
> |
> | I have read your previous posts, I only wanted to react on some of
> | your
> | "arguments".

> I would post the private email I received from Clunk but I will not
> lower myself or expose the list to such vulgarity.
> 

Why not? Everyone else seems to be able to get away with it!

M.

RE: Drivel

2009-09-14 Thread Michael Hutchinson 
> -Original Message-
> From: Charles Gregory [mailto:cgreg...@hwcn.org]
> Sent: Tuesday, 15 September 2009 9:34 a.m.
> To: users@spamassassin.apache.org
> Subject: Drivel
> 
> On Mon, 14 Sep 2009, Clunk Werclick wrote:
> (more drivel)
> 
> Good users all. Never heard of a troll?
> Nonsensical. Irritating. Taunting.
> 
> Best defense against this kind of childish antic is to IGNORE it.
> 
> Yes, a firewall setting doesn't hurt.
> 

Yes, and as previously asked, where are the list moderators? On a very
long smoke break?

Sure we can Ignore it. That doesn't mean that a list moderator shouldn't
get involved and solve the problem. Should be pretty easy to do, right?

There have been too many cases recently.

Cheers,
Mike

Re: Spamc issues with remote userprefs

2009-09-14 Thread Jari Fredriksson 
> Hi,
> 
> We're rebuilding a mail server and are having some issues
> with SQL-based SA preference lookups.  We're running
> Postfix 2.5.5 and SA 3.2.5 (Debian Lenny version) -
> here's our Postfix config from master.cf: 
> spamassassin unix - n   n   -   -  
> pipe 
> user=spamd argv=/usr/bin/spamc -u ${user} -e
> /usr/sbin/sendmail -oi -f ${sender} ${recipient}
> 
> old non-lookup line:
> user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail
> -oi -f ${sender} ${recipient}
> 
> What's happening is that individual incoming messages get
> handed off to SA using the spamc command above, but SA is
> only processing the first message and never handing it
> back to Postfix, while the other messages never seem to
> get processed at all (nothing at all about them in the
> logs).  The old non-lookup line works fine.  Has anyone
> here experienced similar issues? 
> 
> Ryan Thoryk

"The old non-lookup line works fine"

spamc has no option -f

How can that work fine?

If the old line works fine, why do you try to raplace with a new line?

Re: Spamc issues with remote userprefs

2009-09-14 Thread d . hill 

Quoting Jari Fredriksson :


Hi,

We're rebuilding a mail server and are having some issues
with SQL-based SA preference lookups.  We're running
Postfix 2.5.5 and SA 3.2.5 (Debian Lenny version) -
here's our Postfix config from master.cf:
spamassassin unix - n   n   -   -
pipe
user=spamd argv=/usr/bin/spamc -u ${user} -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}

old non-lookup line:
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}

What's happening is that individual incoming messages get
handed off to SA using the spamc command above, but SA is
only processing the first message and never handing it
back to Postfix, while the other messages never seem to
get processed at all (nothing at all about them in the
logs).  The old non-lookup line works fine.  Has anyone
here experienced similar issues?

Ryan Thoryk


"The old non-lookup line works fine"

spamc has no option -f

How can that work fine?

If the old line works fine, why do you try to raplace with a new line?


You are correct. It is a sendmail option. This is what I have:

spamass   unix  -   n   n   -   6  pipe
  user=spamd argv=/usr/local/bin/spamc -u ${recipient} -s 524288
  -e /usr/local/sbin/sendmail -oi -f ${sender} ${recipient}

Sorry for the confusion.