Re: Stop the CCing please. (was "Who is APEWS.ORG" & "Sender Address Verification is NOT abouse and very effective") [signed]

2007-03-30 Thread Matthias Schmidt [c] 
Am/On Fri, 30 Mar 2007 16:12:52 +0200 schrieb/wrote Jonas Eckerman:

>Chris St. Pierre wrote:
>
>> I can't help but note that you have only yourself to blame:
>
>Why?
>
>> From: Jonas Eckerman <[EMAIL PROTECTED]>
>> Reply-To: [EMAIL PROTECTED]
>
>> Fix your Reply-To header and you won't get any more list messages in
>> your private email.
>
>The Reply-To header is correct. When someone decides to reply to 
>me privately I want the reply to get to my normal address.


why so stubborn? Listen what people tell you. That's the way lists do work.
So if you set your reply to header as you did, you will all the time get ccs.
People won't change their ways because of you, so you need to change
your setting.

Thanks and all the best

Matthias



--
- [ SECURITY NOTICE ] -
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
For your security, [EMAIL PROTECTED]
digitally signed this message on 30 March 2007 at 14:23:09 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
 [ CIPHIRE DIGITAL SIGNATURE ] 
Q2lwaGlyZSBTaWcuAjhqb25hc0BmcnVrdC5vcmcsIGpvbmFzX2xpc3RzQGZydWt0
Lm9yZywgdXNlcnNAc3BhbWFzc2Fzc2luLmFwYWNoZS5vcmcAYmV0YUBhZG1pbG9u
Lm5ldABlbWFpbCBib2R5AF0CAAB8AHwBTR0NRl0CAACZAQACAAIAAgAg
/QIttVfKA3wUGZsqy0wHolxR2F63XkgV//gxCHM1YN0BAA6/uCtnNRvhZAyrr0Oc
Qk41FQYdFMhx+9lBo+prc+Z2XarO+MuFC80nrsUowOUjNfwwc0U7Z/Ikwpi1HQQ+
v1ywxi75U2lnRW5k
-- [ END DIGITAL SIGNATURE ] --

Re: Newbie, Has Questions [signed]

2007-03-30 Thread Matthias Schmidt [c] 
Am/On Fri, 30 Mar 2007 10:05:47 -0700 schrieb/wrote dougp23:

>So my questions:
>How do I identify spam with something from the body of the message?  (i.e.
>Viagra in the message,  or Nigeria from that very kind man who has all that
>money and just needs a little cash to get started).
>And then how do I route those messages off to a junk folder??  

use individell rules


place your rules here:
 /etc/mail/spamassassin/

and use greylisting as well:

postgrey works pretty fine for me:




Thanks and all the best

Matthias



--
- [ SECURITY NOTICE ] -
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
For your security, [EMAIL PROTECTED]
digitally signed this message on 31 March 2007 at 02:12:29 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
 [ CIPHIRE DIGITAL SIGNATURE ] 
Q2lwaGlyZSBTaWcuAjhkb3VncDIzQGdtYWlsLmNvbSwgdXNlcnNAc3BhbWFzc2Fz
c2luLmFwYWNoZS5vcmcAYmV0YUBhZG1pbG9uLm5ldABlbWFpbCBib2R5ADQCAAB8
AHwBjcMNRjQCAABWAgACAAIAAgAg/QIttVfKA3wUGZsqy0wHolxR2F63
XkgV//gxCHM1YN0BAA6/uCtnNRvhZAyrr0OcQk41FQYdFMhx+9lBo+prc+Z2qwQD
QOyT/E0CkgrcC5rT7Km0gK8moOc6B9CL0aFKye0LU2lnRW5k
-- [ END DIGITAL SIGNATURE ] --

Re: "Nigerian Connection" Spam was: [***SPAM***Empty Subject] [signed]

2007-04-10 Thread Matthias Schmidt [c] 
Am/On Tue, 10 Apr 2007 20:23:15 +0100 schrieb/wrote Paul Hurley:

>I've received a couple of Spam recently similar to the attached.  They 
>all get through, and all trigger on Empty_Message, except the message 
>body isn't empty, and it contains some phrases that I would expect to 
>score off the scale
>
>Here's the spamassassin report
>
>No, score=4.0 required=6.0 tests=BAYES_50=0.001, EMPTY_MESSAGE=2.308, 
>HTML_40_50=0.496, HTML_MESSAGE=0.1, RM_rb_ANCHOR=0.001, 
>RM_rb_BREAK=0.001, RM_rb_FONT=0.001, RM_rb_PARA=0.001, 
>SUBJ_ALL_CAPS=0.997, cust_LOCAL_TO_RCVD=0.1 autolearn=no version=3.1.7
>
>I'm running Spamassassin V3.1.7.0 on Windows 32 via SAWin32 
>(http://sourceforge.net/projects/sawin32/) with all rules, network tests 
>and some of the common SARE rules.

"Nigerian Connection" Spam.

They get rejected here becaue there domain is usualy invalid.

Thanks and all the best

Matthias



--
- [ SECURITY NOTICE ] -
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
For your security, [EMAIL PROTECTED]
digitally signed this message on 11 April 2007 at 01:40:00 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
 [ CIPHIRE DIGITAL SIGNATURE ] 
Q2lwaGlyZSBTaWcuAjhwYXVsQHBhdWxodXJsZXkuY28udWssIHVzZXJzQHNwYW1h
c3Nhc3Npbi5hcGFjaGUub3JnAGJldGFAYWRtaWxvbi5uZXQAZW1haWwgYm9keQAK
AwAAfAB8AQAAAHA8HEYKAwAAmAEAAgACAAIAIP0CLbVXygN8FBmbKstMB6Jc
Udhet15IFf/4MQhzNWDdAQAOv7grZzUb4WQMq69DnEJONRUGHRTIcfvZQaPqa3Pm
dm4b4Bm+V6n6NWLb47GK0rK19oGWm3wR45PhHKNM5taXuD6LU2lnRW5k
-- [ END DIGITAL SIGNATURE ] --

Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available [signed]

2007-05-02 Thread Matthias Schmidt [c] 
Am/On Wed, 2 May 2007 14:11:34 +0100 schrieb/wrote Justin Mason:

>
>Rick Macdougall writes:
>> Justin Mason wrote:
>> > Apache SpamAssassin 3.2.0 is now available!  This is the official
release,
>> > and contains a significant number of changes and major enhancements --
>> > please use it!
>> 
>> Quick question.
>> 
>> If I use sa-compile, which works very well here btw, do I need to re-run 
>> it after downloading new rules via sa-update ?
>
>yep.  I do this:
>
>  sudo sa-update && sudo sa-compile && sudo /etc/init.d/spamassassin reload

and on a Mac OS 10.4.9 System - there is no init.d/spamassassin - ?

Thanks and all the best

Matthias



--
- [ SECURITY NOTICE ] -
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
For your security, [EMAIL PROTECTED]
digitally signed this message on 02 May 2007 at 14:04:23 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
 [ CIPHIRE DIGITAL SIGNATURE ] 
Q2lwaGlyZSBTaWcuAjhqbUBqbWFzb24ub3JnLCB1c2Vyc0BzcGFtYXNzYXNzaW4u
YXBhY2hlLm9yZwBiZXRhQGFkbWlsb24ubmV0AGVtYWlsIGJvZHkADAIAAHwAfAAA
AAEAAABnmjhGDAIAAAoCAAIAAgACACD9Ai21V8oDfBQZmyrLTAeiXFHYXrdeSBX/
+DEIczVg3QEADr+4K2c1G+FkDKuvQ5xCTjUVBh0UyHH72UGj6mtz5naGpVqEnAYy
PrMxt+2lvlOxHpMQHaIVCkeKlDAipU5AXe6mzQr7U2lnRW5k
-- [ END DIGITAL SIGNATURE ] --

Learning Spam-Error? [signed]

2007-07-15 Thread Matthias Schmidt [c] 
Hello,

while learning Spam I get these errors:
Learning SPAM...
archive-iterator: invalid (undef) format in target list, 2 at /Library/
Perl/5.8.6/Mail/SpamAssassin/ArchiveIterator.pm line 724,  line 1.

and I also get this error from spamassasin:
/bin/sh: line 1: periodic: command not found

any idea how to fix this?


Thanks and all the best

Matthias



--
- [ SECURITY NOTICE ] -
To: [EMAIL PROTECTED]
For your security, [EMAIL PROTECTED]
digitally signed this message on 16 July 2007 at 02:47:37 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
 [ CIPHIRE DIGITAL SIGNATURE ] 
Q2lwaGlyZSBTaWcuAjh1c2Vyc0BzcGFtYXNzYXNzaW4uYXBhY2hlLm9yZwBiZXRh
QGFkbWlsb24ubmV0AGVtYWlsIGJvZHkAMQEAAHwAfAEAAABJ3JpGMQEAALQC
AAIAAgACACD9Ai21V8oDfBQZmyrLTAeiXFHYXrdeSBX/+DEIczVg3QEADr+4K2c1
G+FkDKuvQ5xCTjUVBh0UyHH72UGj6mtz5nY8DrbznJ7U0Ej3/339v+0Ui1PHtsAc
3TyBNGkwFB48cAwgU2lnRW5k
-- [ END DIGITAL SIGNATURE ] --

Re: Thoughts on Isolating Viruses - Port 587 Submission [signed]

2007-07-16 Thread Matthias Schmidt [c] 
Am/On Mon, 16 Jul 2007 06:11:32 -0700 schrieb/wrote Marc Perkel:

>One of the problems with SMTP in my opinion is that it allows end users 
>to talk on port 25 to servers and therefore can't be distinguished from 
>server to server traffic.
>
>Imagine a policy where ISPs blocked port 25 for consumers by default and 
>forced them to talk to mail servers on port 587 to send SMTP. Suppose 
>that all SMTP servers who took email from consumers had port 587 open as 
>well as port 25.
>
>If port 25 were blocked from consumers and they were forced to talk to 
>servers on port 587, even without authentication, then a server could 
>distinguish consumers from other servers. I think this kind of 
>configuration could be used to help isolate virus infected computers 
>from spamming and spreading.
>
>So if I have an SMTP server that is set up to receive email for a bunch 
>of domains and had port 587 closed then I could block out all spam from 
>consumer computers. The idea being that a lot of virus infected spam 
>bots would be isolated. It would force consumer traffic to talk only to 
>smtp servers set up to relay consumer email.
>
>Thoughts?

imho this won't work ... 
how you want to keep infected computers off from 25?

there are already more effective tools to protect your server, like a
good rule combination before the mail even gets to spamassassin.

Thanks and all the best

Matthias



--
- [ SECURITY NOTICE ] -
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
For your security, [EMAIL PROTECTED]
digitally signed this message on 16 July 2007 at 13:49:02 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
 [ CIPHIRE DIGITAL SIGNATURE ] 
Q2lwaGlyZSBTaWcuAjhtYXJjQHBlcmtlbC5jb20sIHVzZXJzQHNwYW1hc3Nhc3Np
bi5hcGFjaGUub3JnAGJldGFAYWRtaWxvbi5uZXQAZW1haWwgYm9keQBtBAAAfAB8
AQAAAE53m0ZtBAAAlAIAAgACAAIAIP0CLbVXygN8FBmbKstMB6JcUdhet15I
Ff/4MQhzNWDdAQAOv7grZzUb4WQMq69DnEJONRUGHRTIcfvZQaPqa3Pmdn7JFyaY
s5jnmxxxsa+4mExNmaIrF8SCHisJW2zI1PXCpCLLU2lnRW5k
-- [ END DIGITAL SIGNATURE ] --

Re: Thoughts on Isolating Viruses - Port 587 Submission [signed]

2007-07-16 Thread Matthias Schmidt [c] 
Am/On Mon, 16 Jul 2007 09:02:58 -0500 schrieb/wrote Richard Frovarp:

>Matthias Schmidt [c] wrote:
>> Am/On Mon, 16 Jul 2007 06:11:32 -0700 schrieb/wrote Marc Perkel:
>>
>>   
>>> One of the problems with SMTP in my opinion is that it allows end users 
>>> to talk on port 25 to servers and therefore can't be distinguished from 
>>> server to server traffic.
>>>
>>> Imagine a policy where ISPs blocked port 25 for consumers by default and 
>>> forced them to talk to mail servers on port 587 to send SMTP. Suppose 
>>> that all SMTP servers who took email from consumers had port 587 open as 
>>> well as port 25.
>>>
>>> If port 25 were blocked from consumers and they were forced to talk to 
>>> servers on port 587, even without authentication, then a server could 
>>> distinguish consumers from other servers. I think this kind of 
>>> configuration could be used to help isolate virus infected computers 
>>> 
>> >from spamming and spreading.
>>   
>>> So if I have an SMTP server that is set up to receive email for a bunch 
>>> of domains and had port 587 closed then I could block out all spam from 
>>> consumer computers. The idea being that a lot of virus infected spam 
>>> bots would be isolated. It would force consumer traffic to talk only to 
>>> smtp servers set up to relay consumer email.
>>>
>>> Thoughts?
>>> 
>>
>> imho this won't work ... 
>> how you want to keep infected computers off from 25?
>>
>>   
>Many ISPs firewall 25 at the edge of their network. If you try to send 
>to port 25 on their network or to their SMTP they allow that traffic. 
>One of the reasons for running the submission port is so that your users 
>can get out of those ISPs to your outgoing server.

I know that .
I just meant it's not possible in the real world to prevent "clients"
from talking to port 25 (of course as long as it is not closed by some
isp) or to distinguish a mail-bot from a real server just through the
port they talk to.

the suggestion from Forrest has indeed some charme.
But how to "teach" a whole bunch of DAUs to set their mail client to use
port 587 instead of the default set port 25?

>
>For another way of doing this, see the PBL:
>http://www.spamhaus.org/pbl/index.lasso
>

Thanks and all the best

Matthias



--
- [ SECURITY NOTICE ] -
To: [EMAIL PROTECTED]
For your security, [EMAIL PROTECTED]
digitally signed this message on 16 July 2007 at 14:15:19 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
 [ CIPHIRE DIGITAL SIGNATURE ] 
Q2lwaGlyZSBTaWcuAjh1c2Vyc0BzcGFtYXNzYXNzaW4uYXBhY2hlLm9yZwBiZXRh
QGFkbWlsb24ubmV0AGVtYWlsIGJvZHkABgcAAHwAfAEAAAB3fZtGBgcAAF8C
AAIAAgACACD9Ai21V8oDfBQZmyrLTAeiXFHYXrdeSBX/+DEIczVg3QEADr+4K2c1
G+FkDKuvQ5xCTjUVBh0UyHH72UGj6mtz5nYjlUEJoNgP9ebYb5GrX+H0xYfag1EA
QNL7PaGtiHvp04nmU2lnRW5k
-- [ END DIGITAL SIGNATURE ] --