Re: Barracuda / EmailReg.org protection racket? (OT, but help?)
I appear to be getting a shakedown scam from Barracuda Networks. You are not being shaken down, but you might be slandering. ;-) I'm fairly certain that BN isn't making much profit off of your $20. What they are getting is your commitment, and your ID, that one or more IP addrs under your control will not spam. And if you do spam from those IPs, and BN detects it, they have evidence to tie you to the crime (plus previously accepted agreement that you would voluntarily handle the situation in a mutually agreed upon manner) $20 is $20, but frankly most people pay more than that in snail mail postage each year. -Jim P.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?)
On Sun, Jun 21, 2015 at 4:52 PM, Dianne Skoll d...@roaringpenguin.com wrote: On Sun, 21 Jun 2015 16:26:54 -0400 Jim Popovitch jim...@gmail.com wrote: On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll you should not have to pay for delisting one IP. and with BN you are NOT paying for a delisting. You are splitting hairs. Essentially, you are paying for delisting. /sigh I'm not splitting hairs, you are redefining delisting. Go read the first sentence on emailreg.org and learn something about them. -Jim P.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?)
On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll d...@roaringpenguin.com wrote: you should not have to pay for delisting one IP. and with BN you are NOT paying for a delisting.You are paying for the upfront ID validation and verification process that goes into fast-tracking your email flow. If you don't want that fine, don't pay it. -Jim P.
Re: definition update frequency?
On Thu, Jun 4, 2015 at 8:08 AM, Kevin A. McGrail kmcgr...@pccc.com wrote: Updates were broken by two issues. 1st, there is a bug in svn with files with spaces with mod svn. I introduced a file with a space while preparing the 3.4.1 release. Forgive me if this sounds incendiary, it's not meant to be.At what point did someone realize updates were broken? Is the catalyst for investigation/monitoring inquiries on this list? If not, would it be possible to send this list an email at the point when it is determined updates are broken and may take days/weeks to resolve? -Jim P.
Re: updated RegistrarBoundaries.pm
On Sat, Feb 21, 2015 at 9:35 AM, Axb axb.li...@gmail.com wrote: Many moons ago, obviously before you started using SA, what you *now* consider dynamic, was very static with less than than handfull of changes /release. There's some pointless blabber in that as well. ;-) Irregardless of last century's history, what Reindl said makes good sense. Highly dynamic content shouldn't have to be exported in a .pm from svn every month. -Jim P.
Re: Can't locate object method check_for_spf_helo_permerror via package Mail: [...]:SpamAssassin::PerMsgStatus
On Tue, Feb 10, 2015 at 10:17 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: On 2/10/2015 9:13 AM, Kevin A. McGrail wrote: I would guess I missed the cutoff for yesterday's masscheck and tomorrow's will include it. Rule gen just finished and the update does include the fix if you want to confirm. Looks good KAM. Received the updated 25_spf.cf files ~5 hours ago and no problems since then. Thanks! -Jim P.
Re: Can't locate object method check_for_spf_helo_permerror via package Mail: [...]:SpamAssassin::PerMsgStatus
On Tue, Feb 10, 2015 at 9:13 AM, Kevin A. McGrail kmcgr...@pccc.com wrote: On 2/10/2015 9:00 AM, Jim Popovitch wrote: On Mon, Feb 9, 2015 at 6:30 AM, Kevin A. McGrail kmcgr...@pccc.com wrote: On 2/9/2015 4:12 AM, Reindl Harald wrote: what is that below introduced with tonights update and get triggered now for every single mail and why does such things not automatically get caught before push? It was part of a commit on Jan 30, http://www.gossamer-threads.com/lists/spamassassin/commits/190790, that likely needs a has_ function for a can() if encapsulation if you aren't using the latest trunk to avoid warnings. Working on a patch now and a fix to the rules. Hi KAM, Still seeing these, even after today's update, Can you grab the 25_spf.cf from http://svn.apache.org/viewvc/spamassassin/trunk/rules/25_spf.cf?view=co and see if that works? Confirmed, Yes, that works (3.003002 on Debian Wheezy). Thanks! Then I'll hope the rule update hits tomorrow. There is some vagueness to my understanding of exactly how long rules take from start to finish to go outbound. There are some emergency rule generation procedures if someone wants to help the project. I'm interested. Let me know how to begin. I would guess I missed the cutoff for yesterday's masscheck and tomorrow's will include it. Ahh, that makes sense. Thanks again, -Jim P.
Re: Can't locate object method check_for_spf_helo_permerror via package Mail: [...]:SpamAssassin::PerMsgStatus
On Mon, Feb 9, 2015 at 6:30 AM, Kevin A. McGrail kmcgr...@pccc.com wrote: On 2/9/2015 4:12 AM, Reindl Harald wrote: what is that below introduced with tonights update and get triggered now for every single mail and why does such things not automatically get caught before push? It was part of a commit on Jan 30, http://www.gossamer-threads.com/lists/spamassassin/commits/190790, that likely needs a has_ function for a can() if encapsulation if you aren't using the latest trunk to avoid warnings. Working on a patch now and a fix to the rules. Hi KAM, Still seeing these, even after today's update, Feb 10 13:57:25 svr5 spamd[3922]: rules: failed to run T_SPF_HELO_PERMERROR test, skipping: Feb 10 13:57:25 svr5 spamd[3922]: (Can't locate object method check_for_spf_helo_permerror via package Mail: [...]:SpamAssassin::PerMsgStatus at (eval 1159) line 19, GEN34 line 36. Feb 10 13:57:25 svr5 spamd[3922]: ) Feb 10 13:57:25 svr5 spamd[3922]: rules: failed to run T_SPF_TEMPERROR test, skipping: Feb 10 13:57:25 svr5 spamd[3922]: (Can't locate object method check_for_spf_temperror via package Mail: [...]:SpamAssassin::PerMsgStatus at (eval 1159) line 639, GEN34 line 36. Feb 10 13:57:25 svr5 spamd[3922]: ) Feb 10 13:57:25 svr5 spamd[3922]: rules: failed to run T_SPF_PERMERROR test, skipping: Feb 10 13:57:25 svr5 spamd[3922]: (Can't locate object method check_for_spf_permerror via package Mail: [...]:SpamAssassin::PerMsgStatus at (eval 1159) line 809, GEN34 line 36. Feb 10 13:57:25 svr5 spamd[3922]: ) Feb 10 13:57:25 svr5 spamd[3922]: rules: failed to run T_SPF_HELO_TEMPERROR test, skipping: Feb 10 13:57:25 svr5 spamd[3922]: (Can't locate object method check_for_spf_helo_temperror via package Mail: [...]:SpamAssassin::PerMsgStatus at (eval 1159) line 1154, GEN34 line 36. Feb 10 13:57:25 svr5 spamd[3922]: ) Feb 10 13:57:25 svr5 spamd[3922]: spamd: clean message (-0.1/5.0) for test:106 in 0.2 seconds, 1642 bytes. What can we do to help fix this? -Jim P.
Re: Argument perl_version isn't numeric
On Sun, Nov 30, 2014 at 3:30 PM, Ted Mittelstaedt t...@ipinc.net wrote: I guess the $64K question is, does the new rule that's version dependent Increase the spam catch Because if it does, then I don't regard it as a problem. Instead, I want it! The real $64K question is: If you really want it (in your production systems) would you be willing to just accept only being able to get it via patches posted to a mailinglist? I'm in agreement with Reindl, SA updates should be tested against all versions in use (that info is easy to get), and regular updates shouldn't produce failures on systems that apply them (heck, Microsoft figured that out back in the 90s). Barring that, advanced notifications should go out indicating that future updates will break things, or cause errors that may raise concern. -Jim P.
Re: Argument perl_version isn't numeric
On Sat, Nov 29, 2014 at 5:25 AM, Niamh Holding ni...@fullbore.co.uk wrote: Hello Anyone else seen this in v3.4.0? sa-learn --dump magic Argument perl_version isn't numeric in numeric ge (=) at (eval 530) line 2. Argument perl_version isn't numeric in numeric ge (=) at (eval 1023) line 2. Last night's 3.003002 update spit out this: Argument perl_version isn't numeric in numeric ge (=) at (eval 490) line 1. Argument perl_version isn't numeric in numeric ge (=) at (eval 1000) line 1. -Jim P.
Re: Bayes, Manual and Auto Learning Strategies
On Wed, Jul 2, 2014 at 11:54 AM, Steve Bergman sbergma...@gmail.com wrote: I suggest you join the SDLU list where you can discuss anti spam philosophy. Thanks. I suggest that you consult for an ISP-dependent business someday. ;-) It's an education, too. -Steve Just a heads-up... that sort of biting comment is probably not welcome on the SDLU list. -Jim P.
Re: SPAM from a registrar
On Mon, Jun 9, 2014 at 2:39 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: On 6/9/2014 2:33 PM, John Hardin wrote: On Mon, 9 Jun 2014, Kevin A. McGrail wrote: On 6/9/2014 1:23 PM, Patrick Domack wrote: Comparing my list of new domains, shows that DOB seems to pick them up after they are 2 days old. I wonder how we can use DNS, an RBL and distributed lookups to get the age of domains AND share the information so it's centrally available... Perhaps we should cultivate contacts at a registrar so that the BL can be generated directly off their feed of changes? Perhaps somebody at DailyChanges.com or WhoisAPI.com? Though I agree getting the data for free will be challenging. Good idea. If we can get existing data from trustable sources such as registries, we can add that to the source RBL and then only query the new ones. I haven't been following this whole thread. I always thought it odd to look for new domains. I tend to think that everything is new unless it's been seen before (and there's a bunch of data out there on existing domains) -Jim P.
Re: Plans for a DMARC plugin ???
On Apr 30, 2014 5:09 AM, Tom Hendrikx t...@whyscream.net wrote: On 04/30/2014 11:00 AM, Axb wrote: On 04/30/2014 10:30 AM, Michael Storz wrote: Am 2014-04-30 10:23, schrieb Axb: On 04/30/2014 10:10 AM, Michael Storz wrote: Are there any plans for a DMARC plugin for SpamAssassin? Reacting to a DMARC policy of reject (AOL/Yahoo) seems only feasible with SpamAssassin because so many exceptions are needed for software which destryes DKIM signatures: - mailing lists - MS Exchange - Novell GroupWise - Lotus Domino Server ??? - web form emails - ESPs ... exceptions, which could be configured via SpamAssassin rules. How could a SA plugin help? Isn't this something that should be handled at MTA level? Well, we are using amavisd-new in prequeue filtering mode. In our configuration a score of 5 will quarantine an email, a score of 10 will reject the email. You can submit a feature request in SA's bugzilla and in the meantime may want to look at http://sourceforge.net/projects/opendmarc/ I proposed a DMARC plugin for spamassassin on the dmarc mailing list last year, to make it easier for people to give DMARC a spin. They didn't really like the idea (I still do), because a simple plugin wouldn't do the report sending, which is an important part of DMARC. Regards, Tom Sending reports can leak data (think: HIPAA). Know what you are leaking to others. -Jim P.
Re: Fwd: plonk
On Tue, May 7, 2013 at 12:06 PM, Joe Acquisto-j4 j...@j4computers.com wrote: What I did not get was why my attempts to clarify whatever offense was taken were met by reject messages. Quite simply put, Benny Pedersen m...@junc.eu wants you to respect his signature, which reads: senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it -Jim P.
Re: Fwd: plonk
On May 7, 2013 1:01 PM, Joe Acquisto-j4 j...@j4computers.com wrote: Jim Popovitch jim...@gmail.com 05/07/13 12:13 PM On Tue, May 7, 2013 at 12:06 PM, Joe Acquisto-j4 j...@j4computers.com wrote: What I did not get was why my attempts to clarify whatever offense was taken were met by reject messages. Quite simply put, Benny Pedersen m...@junc.eu wants you to respect his signature, which reads: senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it -Jim P. That did cross my mind, but . . . Then your response (and many other replies to his posts) should plonk as well. True, very true. He probably already /dev/null's me because of my gmail addr. ymmv. -Jim P.
Re: spamass-milter rejecting messages because no score found in large emails
On Sat, Mar 23, 2013 at 6:27 PM, Dave Funk dbf...@engineering.uiowa.edu wrote: On Sat, 23 Mar 2013, Matus UHLAR - fantomas wrote: Am 22.03.2013 22:31, schrieb Benny Pedersen: are spamass-milter using spamc ? On 23.03.13 00:34, Robert Schetterer wrote: at my knowledge spamass-milter uses spamd, the deamon vers of spamc no, no, spamd is the daemon and spamc is an utility that talks to spam daemon :-) and yes, spamass-milter uses spamc. you can pass extra flags to it, e.g. -ssize to send all mail up to given size to spamd (default:500KB) It is true that spamass-milter uses the spamc utility spamass-milter also supports --socket, so it is not limited to only spamc. -Jim P.
Re: spamass-milter rejecting messages because no score found in large emails
On Sat, Mar 23, 2013 at 6:47 PM, Jim Popovitch jim...@gmail.com wrote: spamass-milter also supports --socket, so it is not limited to only spamc. And... that is wrong. Anything passed to spamass-milter after -- (i.e. --socket=...) is passed on to spamc. -Jim P.
Re: why don't banks do more against phishing?
On Sun, Apr 22, 2012 at 10:40 PM, Jason Haar jason_h...@trimble.com wrote: OT but related I just got a bunch of phishing attacks against a bank come through. Following the link leads me to some owned website with the fake bank frontend - and it had a feature that I've seen time and time again: images and links from the real banksite Why don't banks rub two braincells together and start monitoring the referrers on their primary webpages (eg logos, terms and conditions) and return a RUN AWAY!!! IT'S A TRAP!!! page whenever someone views the phishing sites? The Referrer header would allow that instantly They really don't give a damn do they... Bingo! I presented that very idea to a big bank (you would recognize the name) approx 8 years ago. I suggested they monitor the referrers (with the security product we were installing) and automatically increase situational awareness accordingly, and at some point move to replacing images that didn't match certain referrers. I was ignored, almost scoffed at. -Jim P. -Jim P.
Re: Rule update just happened for the first time in two months
On Mon, Oct 31, 2011 at 13:55, dar...@chaosreigns.com wrote: Normally rules get updated every day, via sa-update. They weren't for the last couple months due to a clock on a server being set wrong: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6671 Interesting. In my mind, it's a short walk from out-of-sync-clock-issues to root-password-issues. Does someone know, beyond any doubt, that the system in question wasn't hacked/p0wned? -Jim P.
Re: Rule updates
On Wed, Oct 19, 2011 at 13:51, John Hardin jhar...@impsec.org wrote: On Wed, 19 Oct 2011, dar...@chaosreigns.com wrote: On 10/19, Jim Popovitch wrote: Is the missing entity one person, several people, many people? Was there an untimely death? I believe everyone is now aware that there exists a problem, how to we bridge the gap? My guess is that the only person familiar with the system is the original author of spamassassin, and he doesn't have time to deal with it. There are 12 other people on the Project Management Committee, who I assume could all get sufficient access to the machine(s) running it: http://svn.apache.org/repos/asf/spamassassin/trunk/CREDITS And it seems they are all lacking the time to figure it out. I have access; getting a block of time to focus on figuring out what it's doing, and what it's _supposed_ to be doing, is what I'm having trouble with. I just got a new update. THANKS Now, what can I do to contribute to providing updates? -Jim P.
Re: Disable a Rule
On Sun, Oct 30, 2011 at 21:46, RW rwmailli...@googlemail.com wrote: On Sun, 30 Oct 2011 20:25:25 + Jeremy McSpadden wrote: Very well. DNSMasq setup and running local, yet still returns HI AFAIK DNSMasq isn't a recursive nameserver, it's just a DNS forwarder. Correct. pdns_resolver is an excellent replacement (until other apps crash with libcrypto errors, leaving pdns_resolver to report errors Timeout from remote TCP client 127.0.0.1) -Jim P.
Re: Rule updates
On Wed, Oct 19, 2011 at 12:26, dar...@chaosreigns.com wrote: On 10/05, Jim Popovitch wrote: On Wed, Oct 5, 2011 at 17:41, RW rwmailli...@googlemail.com wrote: The usual reason for a hiatus is that too much spam or ham has aged-out in the corpora, and a top-up is needed. I think it's more accurate to say the usual reason is that too many people have stopped automatically submitting data via masscheck, and we need more people to submit data. I have a graphical representation of the problem here: http://www.chaosreigns.com/dnswl/tot.svg Green is spam, red is non-spam. They both need to be above the blue line (150,000 emails each) for score generation to run to create the rule updates. Counts as of the last (net) run: Non-spams: 136261 (90.8% of the minimum) Spams: 351950 (234.6% of the minimum) So, how do we get it top-up'ed? You contribute your data: http://wiki.apache.org/spamassassin/NightlyMassCheck The more we have, the more accurately we can calculate optimal rule scores, always. Unfortunately the Project Management Committee has a habit of never responding to requests for masscheck accounts. But the current situation appears to be abnormal. For some reason RuleQA / score generation isn't including data submitted by uploading full emails (normally just rule hit stats are uploaded). There is an open bug about that problem here: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6671 It seems there is nobody with the access, knowledge of the system, and time required to fix the problem. There was supposed to be a SpamAssassin v3.4.0 Release Candidate released 19 days ago, which seems to be primarily held up by this rule update problem. Which nobody is working on. -- Go forth, and be excellent to one another. - http://www.jhuger.com/fredski.php http://www.ChaosReigns.com Darxus, thanks for the summation of the situation. Is the missing entity one person, several people, many people? Was there an untimely death? I believe everyone is now aware that there exists a problem, how to we bridge the gap? Thanks! -Jim P.
Re: Spam email many have RCVD_IN_DNSWL_MED
On Wed, Oct 12, 2011 at 02:15, Alessio Cecchi ales...@skye.it wrote: Why Google name server returns an incorrect value? Because sometimes the Google name servers overload the upstream system and get blocked. The same thing happens if you use the Level 3 servers (4.2.2.x). You would be better served by installing a local DNS resolver like pdns_resolver. -Jim P.
Re: Rule updates
On Wed, Oct 5, 2011 at 17:41, RW rwmailli...@googlemail.com wrote: The usual reason for a hiatus is that too much spam or ham has aged-out in the corpora, and a top-up is needed. So, how do we get it top-up'ed? -Jim P.
Re: Rule updates
On Tue, Oct 4, 2011 at 09:39, Michael Scheidell michael.scheid...@secnap.com wrote: On 10/4/11 3:07 AM, Lars Jørgensen wrote: Hi, Is it me or has it been a long time since there has been an update to the spamassassin ruleset? what is 'long'? Since 27-Aug-2011 ? $ ll /var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY -rw-r--r-- 1 root root 225 2011-08-27 21:25 /var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY ~$ dig txt 1.3.3.updates.spamassassin.org 1162027 -Jim P.