Re: [Meta] Unsubscribe / help footer at the bottom of messages to this list.
On fre 08 okt 2010 03:18:35 CEST, John Hardin wrote But I believe we already crossed the line from meta to OT. ;) This braindead message munging won't happen on this list. Oh, agreed. one could change it to be more helpfull signatures :) To unsubscribe from this mailing list see the list-unsubscribe: header This braindead message munging won't happen on this list. -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Enable function
Hi @ all can you tell me something about enabling special log-functions for my spamd.log!? I want to see the sender, receiver an the subject of every incoming an scanned eMail! Thanks for your Help!
Re: How do I get delisted from SORBS? [OT]
On Thu, 2010-10-07 at 05:27 -0700, Marc Perkel wrote: Got this listing on sorbs: SORBS DNSBL http://www.de.sorbs.net/ 127.0.0.2 Aggregate zone See: http://www.sorbs.net/lookup.shtml?65.49.42.106; http://www.de.sorbs.net/overview.shtml Went to their web site and can't find a way to remove it. Their web site is barely responsive and there doesn't seem to be a removal tool. Anyone else having this problem or can give me some insight as to what is going on? If you create a support ticket they respond ( usually within a month :-) ) and most likely delist the ip address. The problem with sorbs is that they take unreasonably long time to list or delist I have had machines listed because of relaying spams due to bad passwords. While the listing itself is quiet reasonable .. SORBS seems to notice the oubreak only a month after the spam outbreak happened and was stopped. Thanks Ram
Re: Enable function
On Fri, 2010-10-08 at 09:31 +0200, Hans-Werner Friedemann wrote: Hi @ all can you tell me something about enabling special log-functions for my spamd.log!? I want to see the sender, receiver an the subject of every incoming an scanned eMail! The following will only work if your MTA is Postfix or another MTA that sends mail to SA and expects it to be returned via the sendmail utility. Put a program in the pipeline between spamc and sendmail that can scan the message, extract the From:, To: and Subject: headers and log their contents. You'll probably have to write the program, but it should be simple enough in C, Python or Perl. I use a similar, but more complex program to detect bad spam and discard it. It has an option to log the sender, subject and rules hit. You can find it here: http://www.libelle-systems.com/free/ The program is called spamkiller 1.3.2. If you're using more elaborate glue, e.g. a milter, to pass messages to and from SA, you'll need to see if it can do the same trick or if you need to modify it. Martin
Re: Enable function
On Fri, 8 Oct 2010, Hans-Werner Friedemann wrote: can you tell me something about enabling special log-functions for my spamd.log!? I want to see the sender, receiver an the subject of every incoming an scanned eMail! Depending on your MTA that may all already be logged. Take a look in /var/log/maillog. You may need to associate several lines from the log. This has also been covered before, please search the list archives. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Men by their constitutions are naturally divided in to two parties: 1. Those who fear and distrust the people and wish to draw all powers from them into the hands of the higher classes. 2. Those who identify themselves with the people, have confidence in them, cherish and consider them as the most honest and safe, although not the most wise, depository of the public interests. -- Thomas Jefferson --- 70 days until TRON Legacy
RE: [Meta] Unsubscribe / help footer at the bottom of messages to this list.
I was going to suggest the footer should read: To unsubscribe from this mailing list see the list-unsubscribe: header Ahaha! I vote yes to it. ;)
Re: How do I get delisted from SORBS? [OT]
On Thu, 2010-10-07 at 08:56 -1000, Alexandre Chapellon wrote: on getting delisted at SORBS. At least they give a time window :) Try to know why you're listed at barracuda: This is true pain! This is not correct. Barracuda offer a 24 hour phone service when you can speak to a real person should you have an issue. Getting delisted is simple but ongoing offenders can simply forget it. Indeed no IP should be blacklisted undefinitely... at least without checking regularily. I don't agree. An IP that hops on and off lists should stay ON until the blocklist operator is satisfied that no further abuse will come from it. Hoping on and off as spammers/esp's run around a ring of IP's for a few weeks defeats the point somewhat. As for SORBS, the easy way to get delisted and quit whining about how long it takes, is to *not* get listed in the first place. It's really a case of actions have consequences. Not careful in your output, don't expect any sympathy.
Re: How do I get delisted from SORBS? [OT]
corpus.defero wrote: On Thu, 2010-10-07 at 08:56 -1000, Alexandre Chapellon wrote: Indeed no IP should be blacklisted undefinitely... at least without checking regularily. I don't agree. An IP that hops on and off lists should stay ON until the blocklist operator is satisfied that no further abuse will come from it. How does that differ from what Alexandre said? As for SORBS, the easy way to get delisted and quit whining about how long it takes, is to *not* get listed in the first place. Which is clearly not to get *delisted*, but to avoid having the need to be. It's really a case of actions have consequences. Not careful in your output, don't expect any sympathy. Well, in this case, SORBS screwed up royally, so consequence = don't use them? /Per Jessen, Zürich
Re: How do I get delisted from SORBS? [OT]
Le vendredi 08 octobre 2010 à 18:55 +0100, corpus.defero a écrit : On Thu, 2010-10-07 at 08:56 -1000, Alexandre Chapellon wrote: on getting delisted at SORBS. At least they give a time window :) Try to know why you're listed at barracuda: This is true pain! This is not correct. Barracuda offer a 24 hour phone service when you can speak to a real person should you have an issue. Getting delisted is simple but ongoing offenders can simply forget it. Cool! Calling some indian call center to get an idea of why one single IP is listed What a great tool! Indeed no IP should be blacklisted undefinitely... at least without checking regularily. I don't agree. An IP that hops on and off lists should stay ON until the blocklist operator is satisfied that no further abuse will come from it. until the blocklist operator is satisfied... That's exactly what I said. Barracuda was listing more than 8000 of my IPs. Thoose IP was listed years ago and never unlisted. Port 25 was blocked for months for this subnets and Barracuda explicitly refused to do bulk removal ... because it was too much wrok for them... We had to hire someone to manually delist filling their form (with captcha). Now manual delisting is over for weeks and *none* of the delisted IPs has been listed again... Yes am a bit angry against barracuda issue handling :). Hoping on and off as spammers/esp's run around a ring of IP's for a few weeks defeats the point somewhat. As for SORBS, the easy way to get delisted and quit whining about how long it takes, is to *not* get listed in the first place. It's really a case of actions have consequences. Not careful in your output, don't expect any sympathy. -- Follow us on: twitter https://www.twitter.com/manainternet
Re: How do I get delisted from SORBS? [OT]
On Fri, 2010-10-08 at 08:19 -1000, Alexandre Chapellon wrote: This is not correct. Barracuda offer a 24 hour phone service when you can speak to a real person should you have an issue. Getting delisted is simple but ongoing offenders can simply forget it. Cool! Calling some indian call center to get an idea of why one single IP is listed What a great tool! Err, it's *not* an Indian call centre. They have a support office in India, but the majority of calls are handled in the USA and UK - and they operate around the clock 'following the sun'. The only time India would handle a call is if (a) something went very wrong (b) you were located in India seeking service in India. Barracuda are *very* good at reputation lists - one of the best for all their other failings. They can easily tell you the extent of your spamming and support it with evidence. If you've got listed at Barracuda *YOU HAVE SENT SPAM* so quit bleating. Barracuda was listing more than 8000 of my IPs. Thoose IP was listed years ago and never unlisted. Port 25 was blocked for months for this subnets and Barracuda explicitly refused to do bulk removal ... because it was too much wrok for them... We had to hire someone to manually delist filling their form (with captcha). Now manual delisting is over for weeks and *none* of the delisted IPs has been listed again... Yes am a bit angry against barracuda issue handling :). Don't spam then. Simple. I think you've mistaken me for someone that gives a damn.
Re: How do I get delisted from SORBS? [OT]
On Fri, 2010-10-08 at 20:13 +0200, Per Jessen wrote: corpus.defero wrote: On Thu, 2010-10-07 at 08:56 -1000, Alexandre Chapellon wrote: Indeed no IP should be blacklisted undefinitely... at least without checking regularily. I don't agree. An IP that hops on and off lists should stay ON until the blocklist operator is satisfied that no further abuse will come from it. How does that differ from what Alexandre said? It differs because I am saying they *should* remain listed forever. Personally if I were running the show I'd seek a large deposit to remove an IP and any repeat would result in the loss of that deposit with no further chance to remove the IP until it was clearly and demonstrably reassigned. Hopefully my take on it, and how it differs is now clear for you. Warm regards
spamc sometimes complains MISSING_MID sometimes not with same message
First an overview: spamassassin 3.2.5; shared host ISP won't update spamassassin, setup is such that SCORE keyword in user_prefs is ignored. ISP will neither include add_header all report _REPORT_ nor add_header all testscores _TESTSSCORES(,) ++ I have a script to set ~/spamassassin/user_prefs to contain only: add_header all report _REPORT_ add_header all testscores _TESTSSCORES(,) take spam I received and run spamc then set ~/spamassassin/user_prefs to contain a large amount of SCORE entries I would have liked spamassassin to use, including : score MISSING_MID 3.7 run spamc again just to see what would have happened with my SCOREs. This all works very nicely, usually. ++ Today I ran a particular message and the first run included: 0.0 MISSING_MIDMissing Message-Id: header in the report. The second run did not mention MISSING_MID. I reran the script and this time the first run did not mention MISSING_MID in the report but the second run included 3.7 MISSING_MIDMissing Message-Id: header in the report. I have added various greps to the script referencing the message as well as user_prefs and run the script with unpredictable results, that is any given run may or may not show MISSING_MID. I was surprised to find one run where the 0.0 MISSING_MIDMissing Message-Id: header in the report was the last score message as it is usually occurs after complaints of BLs and before HTML issues. Has anyone seen this behavior? Thank you, Dennis German Hello world, goodnight moon
Re: spamc sometimes complains MISSING_MID sometimes not with same message
On 10/8/10 3:26 PM, Dennis German wrote: First an overview: spamassassin 3.2.5; shared host ISP won't update spamassassin, setup is such that SCORE keyword in user_prefs is ignored. [snip]s after complaints of BLs and before HTML issues. Has anyone seen this behavior? as in: A) ISP's that won't update spamassassin? B) This behavior on YOUR specific ISP, with THEIR specific configuration? Its kinda like saying you use a phone provider that you don't like and sometimes it echos and asking if anyone else has echos. If the ISP isn't set up right, and won't let you use user-prefs, there is no telling what else they did. I suppose you can't post the spamd options they use when they start SA? what about the contents of the ../share/mail/spamassassin directory? the default local.cf? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
OT (Was: Unsubscribe / help footer at the bottom of messages to this list.)
Le 07/10/2010 23:28, John Hardin a écrit : On Thu, 7 Oct 2010, Karsten Br�ckelmann wrote: On Thu, 2010-10-07 at 11:11 +0200, Shlomi Fish wrote: before I unsubscribe I should note that the incoming messages from this list should have an Unsubscribe / How-to-get-help footer at teh bottom of their messages. It's not a matter of missing information forced onto each and any post. Ultimately, it boils down to the subscribers' clue level, in particular understanding email and mailing lists. I was going to suggest the footer should read: To unsubscribe from this mailing list see the list-unsubscribe: header John, thanks for this one! (a chance I wasn't drinking coffee while reading...)
Re: spamc sometimes complains MISSING_MID sometimes not with same message
On Fri, 8 Oct 2010, Dennis German wrote: spamassassin 3.2.5; shared host ISP won't update spamassassin, setup is such that SCORE keyword in user_prefs is ignored. ISP will neither include add_header all report _REPORT_ nor add_header all testscores _TESTSSCORES(,) Bummer. Today I ran a particular message and the first run included: 0.0 MISSING_MIDMissing Message-Id: header in the report. The second run did not mention MISSING_MID. And the message did not change between runs? If you can figure it out, how is SA glued onto the MTA? One possible course of action might be to install the current SA locally under your account and run your mail through that for scoring (i.e. ignore the results of the ISP's scan). Whether that's an option depends on how the ISP has SA glued into the MTA and how they handle delivery of high-scoring messages. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The difference is that Unix has had thirty years of technical types demanding basic functionality of it. And the Macintosh has had fifteen years of interface fascist users shaping its progress. Windows has the hairpin turns of the Microsoft marketing machine and that's all.-- Red Drag Diva --- 70 days until TRON Legacy
Re: How do I get delisted from SORBS? [OT]
It differs because I am saying they *should* remain listed forever. False positives are far worst than false negatives for businesses. Some blacklists do not tolerate a FP of more than 1%. Blacklists are behind the line as they don't fight zero-hour attacks, and the only reason why blacklists are appeasing is really their low FP rate. This is why Google made a blacklist to fight phish and malware --- Google wanted FP that is well below 1% (0.04% IIRC) A blacklist with high FP, such as SORBS, is no use. We'd better use heuristics, at least we can fight zero hour attacks with = FP rate. My 0.02. --- Mahmoud Khonji
Re: How do I get delisted from SORBS? [OT]
Hello Marc Perkel, Am 2010-10-07 05:27:39, hacktest Du folgendes herunter: Got this listing on sorbs: SORBS DNSBL http://www.de.sorbs.net/ 127.0.0.2 Aggregate zone See: http://www.sorbs.net/lookup.shtml?65.49.42.106; http://www.de.sorbs.net/overview.shtml Went to their web site and can't find a way to remove it. Their web site is barely responsive and there doesn't seem to be a removal tool. Anyone else having this problem or can give me some insight as to what is going on? Send a drone with a nuclear warhead to there DataCenter! :-D Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
