Re: RCVD_IN_SORBS_SPAM and google IPs
i receive tons of Ransonware from Google and MS Office365 IPs.. ---PedroD From: Bowie Bailey To: users@spamassassin.apache.org Sent: Friday, September 9, 2016 3:35 PM Subject: Re: RCVD_IN_SORBS_SPAM and google IPs On 9/9/2016 9:24 AM, li...@rhsoft.net wrote: > > > Am 09.09.2016 um 15:20 schrieb Bowie Bailey: >> On 9/8/2016 6:29 PM, RW wrote: >>> On Thu, 8 Sep 2016 15:53:00 -0500 (CDT) >>> Shane Williams wrote: I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in digging deeper, I realize that there are zero hits on this rule for the two weeks prior to Aug. 31, and now I'm seeing it thousands of times per week (not just against google IPs). Was this rule added/changed/re-scored in a recent sa-update? >>> It was commented out for a long time because it had a delisting fee, >>> but was recently re-enabled. >>> >>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=2221#c16 >> >> Granted, my system is fairly low volume, but out of over 15,000 messages >> scanned, I have only seen 88 hits for SORBS rules in general and no hits >> at all for RCVD_IN_SORBS_SPAM. If there's a problem, I'm not seeing it > > depends just on luck > > * how many mails came from gmail, yahoo, gmx & friends > * from which server did they came > > sorbs don't list gmail or other freemail providers as a whole, just > the nodes which recently was absued by spammers and contacted > honeypots or where reported repeatly > > you can write the exactly same message to the same RCPT from a > freemail provider within 5 seconds and they may hit completly > different DNSBL/DNSWL listings True, only 550 of my messages came from gmail or yahoo. But if Shane is seeing thousands of hits a week, I would expect to see a few -- particularly if there is any problem with the SORBS listings or the rule definition. I'm not trying to draw any conclusion, I'm just providing another data point. -- Bowie
trusted_networks question...
Hi there... i have this in my local.cf: trusted_networks 88.2.890.3 when i run SA in debug mode i see this: [17721] dbg: received-header: relay 88.2.890.3 trusted? no internal? no msa? no there is no error or warns anywhere... is this normal? Thanks! ---PedroD
RE: trusted_networks question...
From: Pedro David Marco [mailto:pedrod_ma...@yahoo.com] Sent: Saturday, September 10, 2016 9:51 AM To: users@spamassassin.apache.org Subject: trusted_networks question... Hi there... i have this in my local.cf: trusted_networks88.2.890.3 when i run SA in debug mode i see this: [17721] dbg: received-header: relay 88.2.890.3 trusted? no internal? no msa? no there is no error or warns anywhere... is this normal? Thanks! --- PedroD 88.2.890.3 is an invalid IP address Martin
Re: trusted_networks question...
Ops... sorry it's a typo... i have this in my local.cf: trusted_networks 88.2.89.3 when i run SA in debug mode i see this: [17721] dbg: received-header: relay 88.2.89.3 trusted? no internal? no msa? no there is no error or warns anywhere... is this normal? ---PedroD From: Martin To: users@spamassassin.apache.org Sent: Saturday, September 10, 2016 10:56 AM Subject: RE: trusted_networks question... From: Pedro David Marco [mailto:pedrod_ma...@yahoo.com] Sent: Saturday, September 10, 2016 9:51 AM To: users@spamassassin.apache.org Subject: trusted_networks question... Hi there... i have this in my local.cf: trusted_networks 88.2.890.3 when i run SA in debug mode i see this: [17721] dbg: received-header: relay 88.2.890.3 trusted? no internal? no msa? no there is no error or warns anywhere... is this normal? Thanks! --- PedroD 88.2.890.3 is an invalid IP address Martin
Re: trusted_networks question...
On Sat, 10 Sep 2016 11:13:02 + (UTC) Pedro David Marco wrote: > > i have this in my local.cf: > > trusted_networks 88.2.89.3 > ... > [17721] dbg: received-header: relay 88.2.89.3 trusted? no > internal? no msa? no > > is this normal? It is if the chain of trust is already broken. Is there another address before that that isn't trusted?
Plugin development help needed...
Hi there... i am not an expert OO developer so i am somehow flying blind in here and need your help please Basically i want to write my own plugin and i have some repeated calculations in each and every plugin method that i would like to reduce to just one, but i am not sure on how to do it... My understanding is that i can do it inside the constructor (the "sub new") and put the results in a data structure that can be accessed later by any method inside the plugin. My main problem is that i do not know how to access the email content from inside the "sub new" constructor. Can anyone provide any help and if possible, an example, please??? have a nice weekend!---PedroD
Re: Plugin development help needed...
On Sat, 2016-09-10 at 13:09 +, Pedro David Marco wrote: > Hi there... > i am not an expert OO developer so i am somehow flying blind in here > and need your help please > Basically i want to write my own plugin and i have some repeated > calculations in each and every plugin method that i would like to > reduce to just one, but i am not sure on how to do it... > My understanding is that i can do it inside the constructor (the "sub > new") and put the results in a data structure that can be accessed > later by any method inside the plugin. > ... or abstract it into a method. It will help a lot if you learn the basics of OO programming before tackling a plugin. See "Programming Perl", aka the Camel book, chapter 12. Written by Larry Wall, Tom Christiansen and Jon Orwant, pub. O'Reilly. Martin
Re: Plugin development help needed...
Thanks Martin! This is exactly the book i have right now but experts opinions are always a good idea! :-) Abstracting calculations in a method would mean one call from each other method right? I would prefer to have done just once (maybe in the constrcutor?) but... Thanks again.. ---PedroD. From: Martin Gregorie To: users@spamassassin.apache.org Sent: Saturday, September 10, 2016 3:33 PM Subject: Re: Plugin development help needed... On Sat, 2016-09-10 at 13:09 +, Pedro David Marco wrote: > Hi there... > i am not an expert OO developer so i am somehow flying blind in here > and need your help please > Basically i want to write my own plugin and i have some repeated > calculations in each and every plugin method that i would like to > reduce to just one, but i am not sure on how to do it... > My understanding is that i can do it inside the constructor (the "sub > new") and put the results in a data structure that can be accessed > later by any method inside the plugin. > ... or abstract it into a method. It will help a lot if you learn the basics of OO programming before tackling a plugin. See "Programming Perl", aka the Camel book, chapter 12. Written by Larry Wall, Tom Christiansen and Jon Orwant, pub. O'Reilly. Martin
Re: Plugin development help needed...
On Sat, 2016-09-10 at 13:58 +, Pedro David Marco wrote: > Thanks Martin! > This is exactly the book i have right now but experts opinions are > always a good idea! :-) > IMO the Camel book should be part of every Perl programmer's library. If you don't write much Perl, I'm primarily a C and Java programmer BTW, it probably covers everything you'll need. However, I don't think Perl is a wonderful language to learn about OO from, because it seems to implement OO by extending other language features so I may pay you to get comfortable with OO concepts by using another language - Java and Python are probably best here. I think that of the two Java shows the concepts most clearly since its impossible to write Java without declaring classes, but OTOH it has a dauntingly large standard class library. Python, like Perl, can be used both procedurally and for OO programming, but this may tend to leave OO concepts a bit less clear. Neither language has any particularly clear introductory texts, though O'Reilly's "Python in a Nutshell" is OK. > Abstracting calculations in a method would mean one call from each > other method right? I would prefer to have done just once (maybe in > the constrcutor?) but... > Procedural abstraction is common in all modern programming languages from the Algols and C onwards. As you say, abstraction is the concept of writing a commonly used piece of code only once and calling it whenever its needed. This has nothing to do with a class's constructor(s): their only function is to initialise the class when it is first instantiated. Conversely, it is quite normal for some of a class's methods to be called by one or more of its constructors. Martin
