Re: Constant Contact
I get junk from these guys all of the time, others that have followed the 'opt-out' IMO just use it to confirm an email address for sale to others, such as themselves. Maybe I am just extra paranoid, but marketers should just stick to a web search for people that want to purchase from them. Unsolicited email is a quagmire, email marketers do it indiscriminately. If they want to advertise on my server, ad time costs money, they can pay me for using my server for their stuff. Once it enters my ethernet port, it is mine, quite frankly, they should pay me to advertise on my servers. Their junk cost me time and maintenance, so I need to recover those costs, or blacklist them. No such thing as a 'good' spammer, JMO.
Header / Plugin / Ruleset, etc.
Question I will be a little vague, as I am sure spammers watch this list, so bear with me... I have observed certain emails coming thru spamassassin, the one thing peculiar is the existance of an IP address that is not a valid address, i.e. it has certain peculiarities that in text, completely make it a bogus message, not a doubt about it. I was wondering if there are any rules already available that validate an IP address. I have written several custom rules for my servers, however, this may have to be done with a plugin, I do not want to re-invent the wheel if someone already has written one.
Re: extract message-id's from logfile
PERL: #!/usr/bin/perl while(STDIN) { if(/mid=(.*)/) { print $1\n; } } cat spamd.log | whatever you name above perl script will give you all of your 'mid' (message ids) from the spamd.log file (or whatever you call you spam log file for SA). Starckjohann, Ove wrote: Hi! bit offtopic, but maybe it's easy and someone is able to drop me the *magic* snippet of code: My logile looks like: Mar 23 10:15:55 admin05 spamd[6084]: spamd: result: Y 5 - AWL,BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOGINHASH2,MIME_HTML _ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=1.8,size=4860,user=(unknown),uid=1002,required_score=5.0,rhost= mailgate.wee.com,raddr=10.10.10.21,rport=9661,mid=15669820.200703231447 [EMAIL PROTECTED],bayes=1.25626575044335e-05,autolearn=no Mar 23 10:19:38 admin05 spamd[6084]: spamd: result: Y 7 - BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,FRT_CONTACT,HTML_30_40,HTML_MESSAGE,H TML_TITLE_UNTITLED,LOGINHASH2,MULTIPART_ALT_NON_TEXT,NO_RECEIVED,NO_RELA YS,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK scantime=2.7,size=12337,user=(unknown),uid=1002,required_score=5.0,rhost =mailgate.wee.com,raddr=10.10.10.21,rport=9897,mid=[EMAIL PROTECTED] hikoi.com,bayes=1.66533453693773e-16,autolearn=no ... i do need to extract the message-id's from there to get the following list: [EMAIL PROTECTED] [EMAIL PROTECTED] How to realize ?? Any skilled grep'ers / awk'ers / sed'ers alive here ? Ove Starckjohann
Re: A New Approach: Find the Ham
Is that the same as whitelisting, maybe I do not understand, but a very rigorous approach would be a whitelist methodology which, once a new account is created, they send email to everyone they want to communicate with, and it 'autowhitelists' those addresses, so you can only receive from those you communicate with (or want to), i.e. the user will have to authorize the receipt of a message into the whitelist (that way the email address owner is soley responsible for what they receive). The main problem (although someone may be able to come up with an appropriate compromise), is that if everyone were using this methodology, how would one ever receive email? But nonetheless, since there is less ham than spam nowadays, it make more since to do what you are saying and deal with only the traffic the user wishes to see instead of that which they don't, seems the actual programming need to deal with this would be less stressful on machine resources as well. I.e. less resources would be consumed dealing with less incoming crap (er mail, I mean) Stop it at the connection... maybe a ulog plugin just a thought Miles Fidelman wrote: Dan wrote: I've developed a new approach to scoring that I want to 1) share with everyone and 2) make into a working system thats as accurate as what I've already built, but easier to use. First, the theory: NEW ASSUMPTION All messages are spam unless x,y,z score says they're ham. NEW APPROACH Block everything, then create rules to not catch what you do want. ie, build tests that target the spam (keeping all the tests you've already built), then score the thousands of ways ham triggers on those tests. It strikes me that the hardest part of this approach is filtering out too much ham. At least for me, it's more important to make sure that people reach me, than to filter out all spam. If we take the approach that everything is to be filtered out, except x,y,z - then the risk of filtering out too much seems pretty high.
Re: How to filter these spam messages
I have adopted the following policy, I run commercial free email. If it is unsolicited it gets blacklisted. If they want to run commercials through my email site, I will let them, provided they use a mailing list and the user can opt out. Random, unsolicited emails go in the blacklist. This method (too me) works the best. While spamassassin works very well also, it becomes much more inflated in terms of code, the more rules there are. I use spamassassin also, but for just standard unsolicited email, it goes to the bit bucket. I will sell them commercials on my site, I will be glad to set up a site wide mailing list and let my customers subscribe to the ones they want (for a monthly fee). I am not going to subsidize email commercials on bandwidth my customers and I pay for, nor do I want to let someone, such as a spammer, use my resources for free, if they want to use them, they will pay for them, through the sales of subscribe/unsubscribe mailing lists. So, if they wanna play, their gonna hafta pay. I believe this is the only way to force spammers to comply with some kind of email policy. Simon wrote: Hello, I'm trying to figure out what to do to filter these spam messages. I can't seem to find a ruleset which would filter them. Perhaps I need to change something in my configuration? any help would be appreciated, thanks! Here are the latest spam I'm receiving: http://optinet.com/spam.txt My config is pretty much default and I have few extra rulesets from rulesemporium Thanks, Simon
Re: Fw: failure notice / spaassassin.apache.org
Comcast has their own blacklist, I do not know how they arrive at what is spam and what is not, in my experience, it is questionable. Your hosting company is the one that is blacklisted. This can be effecting many or just effecting you, it depends on whether they assign individual ip number to each web host or do naming. In the event of naming, it can effect everyone they host for. Your hosting company (the one that is actually responsible for the net block you are assigned will have to resolve this with comcast), alternatively you can probably request it's removal at the following url, there should be instructions at the URL. http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18626 use this IP '66.235.211.53 ' which is what your host gives your website. If you do a search on 'blacklist' and comcast, you will get pages full of their blacklisting anomalies. Also, just as a preventative, I do not know if you use any mass mailers advertising, but if you do, this can cause blacklisting. If you do the best way to avoid blacklisting if you do this is to use as server side mailing list with subscribe/unsubscribe options. The spam situation from an ISP standpoint is getting ever worse to keep its subscriber's email flowing. AOL is similar, they decide which mail is spam by the number of times it's customer's put the same sources of email in their spam folder, if it appears at about a rate of 5%, it's blacklist time. What does this mean, it means whoever you are sending email to, even though in your eyes, it may be legitimate, if they decide they don't want to receive it, they can hit the AOL spam button and they have officially dubbed your email spam and the counter starts. This is where the serverside email lists help but do not eliminate this, depends if the receiver is will to click on the url for your unsubscribe message. Another (though less liked by most), is to only send email that is text, i.e. no images, no html. This will maximize the probably that your mail won't be interpeted as spam. Hope this helps. Tom Myers wrote: To whom it may concern. I need your help. I run a legitimate business ( 27 years ) of Search and Placement in the electronic industry. As you can see for the text below I am unable to contact people about the jobs that they want to interview for. How do I get unlisted from the Spamassassin black list? Every letter I send out is an individual letter not a spam or junk mail. I view resumes on Hot Jobs. I pay for this service. People post their resumes so that a recruiter like myself will contact them with the hope of finding work. By being blocked from contacting that person causes Spamassassin to harm both of us. In addition, several clients have not been able to receive emails from me. These clients are fortune 500 manufactures that have written agreements with our firm to arrange legitimate interviews for valid jobs. Can you help me get delisted ? Sincerely. Tom Myers - President - 310-317-6113 www.electroniccareers.com [EMAIL PROTECTED] - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 29, 2006 9:38 AM Subject: failure notice Hi. This is the qmail-send program at host241.ipowerweb.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. [EMAIL PROTECTED]: Connected to 206.18.177.26 but sender was rejected. Remote host said: 550 66.235.211.53 blocked by ldap:ou=rblmx,dc=comcast,dc=net - BL004 Blocked for spam. Please see http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18628 --- Below this line is a copy of the message. Return-Path: [EMAIL PROTECTED] Received: (qmail 8935 invoked by uid 10025); 29 Sep 2006 16:38:40 - Received: from 66.215.109.14 by host241.ipowerweb.com (envelope-from [EMAIL PROTECTED], uid 1002) with qmail-scanner-1.25st (clamdscan: 0.88/1245. spamassassin: 3.1.0. perlscan: 1.25st. Clear:RC:1(66.215.109.14):. Processed in 0.036045 secs); 29 Sep 2006 16:38:40 - Received: from unknown (HELO TOM1) (66.215.109.14) by host241.ipowerweb.com with SMTP; 29 Sep 2006 16:38:40 - Message-ID: [EMAIL PROTECTED] Reply-To: Tom Myers [EMAIL PROTECTED] From: Tom Myers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Raul resume request Date: Fri, 29 Sep 2006 09:40:01 -0700 Organization: Electronic Careers MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_02E6_01C6E3AB.3C42EE90 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 This is a multi-part message in MIME format. --=_NextPart_000_02E6_01C6E3AB.3C42EE90 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: quoted-printable Raul, I have a job as a Design Engineer in Illinois. =20 If you are still available