Re: Constant Contact

2009-10-19 Thread Mark Samples 

I get junk from these guys all of the time,  others that have followed
the 'opt-out' IMO just use it
to confirm an email address for sale to others, such as themselves. 
Maybe I am just extra
paranoid, but marketers should just stick to a web search for people
that want to purchase from
them.

Unsolicited email is a quagmire, email marketers do it
indiscriminately.  If they want to advertise on
my server, ad time costs money, they can pay me for using my server for
their stuff.  Once it enters
my ethernet port, it is mine, quite frankly, they should pay me to
advertise on my servers.  Their
junk cost me time and maintenance, so I need to recover those costs, or
blacklist them.

No such thing as a 'good' spammer, JMO.

Header / Plugin / Ruleset, etc.

2007-05-27 Thread Mark Samples 

Question

I will be a little vague, as I am sure spammers watch this list, so bear 
with me...


I have observed certain emails coming thru spamassassin, the one thing 
peculiar is the existance
of an IP address that is not a valid address, i.e. it has certain 
peculiarities that in text, completely
make it a bogus message, not a doubt about it.  I was wondering if there 
are any rules already
available that validate an IP address.  I have written several custom 
rules for my servers, however,
this may have to be done with a plugin, I do not want to re-invent the 
wheel if someone already
has written one.

Re: extract message-id's from logfile

2007-03-23 Thread Mark Samples 

PERL:
#!/usr/bin/perl

while(STDIN) {
   if(/mid=(.*)/) {
   print $1\n;
   }
}

cat spamd.log | whatever you name above perl script

will give you all of your 'mid' (message ids) from the spamd.log file 
(or whatever you

call you spam log file for SA).

Starckjohann, Ove wrote:


Hi!

bit offtopic, but maybe it's easy and someone is able to drop me the
*magic* snippet of code:

My logile looks like:

Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 -
AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML
_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK
scantime=1.8,size=4860,user=(unknown),uid=1002,required_score=5.0,rhost=
mailgate.wee.com,raddr=10.10.10.21,rport=9661,mid=15669820.200703231447
[EMAIL PROTECTED],bayes=1.25626575044335e-05,autolearn=no
Mar 23 10:19:38 admin05 spamd[6084]: spamd: result: Y 7 -
BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,FRT_CONTACT,HTML_30_40,HTML_MESSAGE,H
TML_TITLE_UNTITLED,LOGINHASH2,MULTIPART_ALT_NON_TEXT,NO_RECEIVED,NO_RELA
YS,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK
scantime=2.7,size=12337,user=(unknown),uid=1002,required_score=5.0,rhost
=mailgate.wee.com,raddr=10.10.10.21,rport=9897,mid=[EMAIL PROTECTED]
hikoi.com,bayes=1.66533453693773e-16,autolearn=no
...

i do need to extract the message-id's from there to get the following
list:
[EMAIL PROTECTED]
[EMAIL PROTECTED]

How to realize ??

Any skilled grep'ers / awk'ers / sed'ers alive here ?


Ove Starckjohann

Re: A New Approach: Find the Ham

2007-02-10 Thread Mark Samples 
Is that the same as whitelisting, maybe I do not understand, but a very 
rigorous approach would
be a whitelist methodology which, once a new account is created, they 
send email to everyone they
want to communicate with, and it 'autowhitelists' those addresses, so 
you can only receive from those
you communicate with (or want to), i.e. the user will have to authorize 
the receipt of a message into the
whitelist (that way the email address owner is soley responsible for 
what they receive).  The main problem
(although someone may be able to come up with an appropriate 
compromise), is that if everyone were using
this methodology, how would one ever receive email?  But nonetheless, 
since there is less ham than spam
nowadays, it make more since to do what you are saying and deal with 
only the traffic the user wishes
to see instead of that which they don't,  seems the actual programming 
need to deal with this would be
less stressful on machine resources as well.  I.e. less resources would 
be consumed dealing with less
incoming crap (er mail, I mean)  Stop it at the connection... maybe 
a ulog plugin just a thought

Miles Fidelman wrote:


Dan wrote:

I've developed a new approach to scoring that I want to 1) share with 
everyone and 2) make into a working system thats as accurate as what 
I've already built, but easier to use.  First, the theory:


NEW ASSUMPTION
All messages are spam unless x,y,z score says they're ham.

NEW APPROACH
Block everything, then create rules to not catch what you do want.  
ie, build tests that target the spam (keeping all the tests you've 
already built), then score the thousands of ways ham triggers on 
those tests.


It strikes me that the hardest part of this approach is filtering out 
too much ham.  At least for me, it's more important to make sure that 
people reach me, than to filter out all spam.  If we take the approach 
that everything is to be filtered out, except x,y,z - then the risk of 
filtering out too much seems pretty high.

Re: How to filter these spam messages

2006-10-15 Thread Mark Samples 
I have adopted the following policy, I run commercial free email.  If it 
is unsolicited
it gets blacklisted.  If they want to run commercials through my email 
site, I will let them,
provided they use a mailing list and the user can opt out.  Random, 
unsolicited emails
go in the blacklist.  This method (too me) works the best.  While 
spamassassin works very well
also, it becomes much more inflated in terms of code, the more rules 
there are.  I use spamassassin also,
but for just standard unsolicited email, it goes to the bit bucket.  I 
will sell them commercials
on my site, I will be glad to set up a site wide mailing list and let my 
customers subscribe to the
ones they want (for a monthly fee).  I am not going to subsidize email 
commercials on bandwidth
my customers and I pay for, nor do I want to let someone, such as a 
spammer, use my resources
for free, if they want to use them, they will pay for them, through the 
sales of subscribe/unsubscribe

mailing lists.  So, if they wanna play, their gonna hafta pay.

I believe this is the only way to force spammers to comply with some 
kind of email policy.


Simon wrote:


Hello,

I'm trying to figure out what to do to filter these spam messages. I can't seem 
to
find a ruleset which would filter them. Perhaps I need to change something in
my configuration? any help would be appreciated, thanks! 


Here are the latest spam I'm receiving:

http://optinet.com/spam.txt

My config is pretty much default and I have few extra rulesets from 
rulesemporium

Thanks,
Simon

Re: Fw: failure notice / spaassassin.apache.org

2006-09-29 Thread Mark Samples 
Comcast has their own blacklist, I do not know how they arrive at what 
is spam and what is
not, in my experience, it is questionable.   Your hosting company is the 
one that is blacklisted.
This can be effecting many or just effecting you, it depends on whether 
they assign individual
ip number to each web host or do naming.  In the event of naming, it can 
effect everyone
they host for.  Your hosting company (the one that is actually 
responsible for the net block
you are assigned will have to resolve this with comcast), alternatively 
you can probably request

it's removal at the following url, there should be instructions at the URL.

http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18626

use this IP '66.235.211.53 ' which is what your host gives your website.

If you do a search on 'blacklist' and comcast, you will get pages full 
of their blacklisting anomalies.
Also, just as a preventative, I do not know if you use any mass mailers 
advertising, but if you
do, this can cause blacklisting.  If you do the best way to avoid 
blacklisting if you do this is to use
as server side mailing list with subscribe/unsubscribe options.  The 
spam situation from an ISP
standpoint is getting ever worse to keep its subscriber's email 
flowing.  AOL is similar, they
decide which mail is spam by the number of times it's customer's put the 
same sources of
email in their spam folder, if it appears at about a rate of 5%, it's 
blacklist time.
What does this mean, it means whoever you are sending email to, even 
though in your eyes,
it may be legitimate, if they decide they don't want to receive it, they 
can hit the AOL spam button

and they have officially dubbed your email spam and the counter starts.
This is where the serverside email lists help but do not eliminate this, 
depends if the receiver
is will to click on the url for your unsubscribe message.  Another 
(though less liked by most),
is to only send email that is text, i.e. no images, no html.  This will 
maximize the probably

that your mail won't be interpeted as spam.

Hope this helps.

Tom Myers wrote:


To whom it may concern.

I need your help.   I run a legitimate business ( 27 years )  of 
Search and Placement in the electronic industry.  As you can see for 
the text below I am unable to contact people about the jobs that they 
want to interview for.


How do I get unlisted from the Spamassassin black list?   Every 
letter I send out is an individual letter not a spam or junk mail.   I 
view resumes on Hot Jobs.  I pay for this service. People post their 
resumes so that a recruiter like myself will contact them with the 
hope of finding work.  By being blocked from contacting that person 
causes Spamassassin to harm both of us.  In addition, several clients 
have not been able to receive emails from me.  These clients are 
fortune 500 manufactures that have written agreements with our firm to 
arrange legitimate interviews for valid jobs.


Can you help me get delisted ?

Sincerely.

Tom Myers - President - 310-317-6113
www.electroniccareers.com
[EMAIL PROTECTED]

- Original Message - From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, September 29, 2006 9:38 AM
Subject: failure notice



Hi. This is the qmail-send program at host241.ipowerweb.com.
I'm afraid I wasn't able to deliver your message to the following 
addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

[EMAIL PROTECTED]:
Connected to 206.18.177.26 but sender was rejected.
Remote host said: 550 66.235.211.53 blocked by 
ldap:ou=rblmx,dc=comcast,dc=net - BL004 Blocked for spam.  Please 
see 
http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628


--- Below this line is a copy of the message.

Return-Path: [EMAIL PROTECTED]
Received: (qmail 8935 invoked by uid 10025); 29 Sep 2006 16:38:40 -
Received: from 66.215.109.14 by host241.ipowerweb.com (envelope-from 
[EMAIL PROTECTED], uid 1002) with qmail-scanner-1.25st

(clamdscan: 0.88/1245. spamassassin: 3.1.0. perlscan: 1.25st.
Clear:RC:1(66.215.109.14):.
Processed in 0.036045 secs); 29 Sep 2006 16:38:40 -
Received: from unknown (HELO TOM1) (66.215.109.14)
 by host241.ipowerweb.com with SMTP; 29 Sep 2006 16:38:40 -
Message-ID: [EMAIL PROTECTED]
Reply-To: Tom Myers [EMAIL PROTECTED]
From: Tom Myers [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Raul resume request
Date: Fri, 29 Sep 2006 09:40:01 -0700
Organization: Electronic Careers
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary==_NextPart_000_02E6_01C6E3AB.3C42EE90
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962

This is a multi-part message in MIME format.

--=_NextPart_000_02E6_01C6E3AB.3C42EE90
Content-Type: text/plain;
charset=Windows-1252
Content-Transfer-Encoding: quoted-printable

Raul,

I have a job as a Design Engineer in Illinois. =20

If you are still available