Re: postini.com
On Tue, 1 Aug 2006, [EMAIL PROTECTED] stipulated: > From: "Nix" <[EMAIL PROTECTED]> > >> On Mon, 31 Jul 2006, negativescore gibbered uncontrollably: >>> Find a floppy disk. Format it. Move cpanel over to the floppy disk. Remove >>> the floppy disk from the system. Wrap the floppy in >>> alternating layers of foil, lead is best, and parafin until it is about 6" >>> thick. Save it until the next full Moon. Take it to a >>> graveyard. In a quiet corner dig a hole about 6' deep with a post hole >>> digger. Drop the disk in making sure it lands flat. Drive >>> a fire hardened oaken stake through the disk and wrappings. Then backfill >>> the hole. >> As far as I can see you're the first person on this thread to mention >> cpanel at all. >> (Also, how do you wrap something in a layer of paraffin?) > > Nix, that was my riff. And it was alternating layers of lead foil > and paraffin. Wrap, dip, and end recurse as necessary. He posted it in the wrong thread, as well, and my MUA sorted it above the post in which cpanel was mentioned. > {^,^} JoanneNegativeScore didn't quote the message in "the > canonical manner. Sometimes MUAs get the quoting > wrong. "Stuff" happens. Getting the quoting *and* threading wrong *and* adding no useful content, though, that takes talent. > His lack of sense of > humor was painfully obvious, though. I'll say. -- `We're sysadmins. We deal with the inconceivable so often I can clearly see the need to define levels of inconceivability.' --- Rik Steenwinkel
Re: postini.com
From: "Nix" <[EMAIL PROTECTED]> On Mon, 31 Jul 2006, negativescore gibbered uncontrollably: Find a floppy disk. Format it. Move cpanel over to the floppy disk. Remove the floppy disk from the system. Wrap the floppy in alternating layers of foil, lead is best, and parafin until it is about 6" thick. Save it until the next full Moon. Take it to a graveyard. In a quiet corner dig a hole about 6' deep with a post hole digger. Drop the disk in making sure it lands flat. Drive a fire hardened oaken stake through the disk and wrappings. Then backfill the hole. As far as I can see you're the first person on this thread to mention cpanel at all. (Also, how do you wrap something in a layer of paraffin?) Nix, that was my riff. And it was alternating layers of lead foil and paraffin. Wrap, dip, and end recurse as necessary. {^,^} JoanneNegativeScore didn't quote the message in "the canonical manner. Sometimes MUAs get the quoting wrong. "Stuff" happens. His lack of sense of humor was painfully obvious, though. I did put a practical answer at the end of my riff. He was trying to use cpanel. I've heard of other inadequacies related to it. A configuration tool with errors is dangerous enough to fire for incompetence. (You know - like Norton Anti-virus.)
Re: postini.com
On Mon, 31 Jul 2006, negativescore gibbered uncontrollably: > Find a floppy disk. Format it. Move cpanel over to the floppy disk. > Remove the floppy disk from the system. Wrap the floppy in alternating > layers of foil, lead is best, and parafin until it is about 6" thick. > Save it until the next full Moon. Take it to a graveyard. In a quiet > corner dig a hole about 6' deep with a post hole digger. Drop the > disk in making sure it lands flat. Drive a fire hardened oaken stake > through the disk and wrappings. Then backfill the hole. As far as I can see you're the first person on this thread to mention cpanel at all. (Also, how do you wrap something in a layer of paraffin?) -- `We're sysadmins. We deal with the inconceivable so often I can clearly see the need to define levels of inconceivability.' --- Rik Steenwinkel
Re: postini.com
\| great! | | Is there any other way to match ascii in a base64 encoded part than by | using a full rule with SpamAssassin? | | Thanks, | | Ken A | Pacific.Net | Ditto Brian
Re: postini.com
Theo Van Dinter wrote: On Mon, Jul 31, 2006 at 04:11:43PM -0700, Ken A wrote: These image spams are not easy to stop. I'm finally getting them with a 'full' rule matching a string that is common in the base64 encoded image part. I'm sure the image will change friday and break my rule for next weekend though. eww, full rule. fwiw, there's a test rule in for tonight which catches a bunch of the new images. barring any problems, it'll be in sa-update tomorrow sometime. great! Is there any other way to match ascii in a base64 encoded part than by using a full rule with SpamAssassin? Thanks, Ken A Pacific.Net
Re: postini.com
On Monday 31 July 2006 15:10, John D. Hardin wrote: > On Mon, 31 Jul 2006, jdow wrote: > > Is postini even remotely legitimate? > > What's even funnier is that they are a commercial spam filter > service provider. > > This might really damage their reputation... Not likely. My ISP uses them as a spam filter service, and I can tell you they have no reputation to be damaged. -- _ John Andersen pgpeXscwfJGFP.pgp Description: PGP signature
RE: postini.com
> -Original Message- > From: Shane Mullins [mailto:[EMAIL PROTECTED] > Sent: Monday, July 31, 2006 10:40 PM > To: users@spamassassin.apache.org > Subject: Re: postini.com > > > I don't know about legitimate, but they have a very rude > staff. When we > first started looking at a anti-spam solution, my boss told > me to contact Accuracy isn't all that bad. I have tested our setup against postini, frontbridge, message labs, mailscanner, GFI, Microsoft's stuff, etc. Postini was by far the best of the ones we tested, and a close second to the setup we are using now. None of the others even came close. (and the ones that charge you for mail delivery actually charged you for delivering spam!) -- Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news
Re: postini.com
I don't know about legitimate, but they have a very rude staff. When we first started looking at a anti-spam solution, my boss told me to contact them. Their staff was extremely rude and arrogant. I had to BEG my boss to let me even try a spamassassin solution. That was several years ago, and Spamassassin has been running great since. Shane - Original Message - From: "jdow" <[EMAIL PROTECTED]> To: Sent: Monday, July 31, 2006 6:58 PM Subject: Re: postini.com From: "jdow" <[EMAIL PROTECTED]> postini.com is spewing an image spam that is getting through filters. Worse yet they are using acm.org as a relay More specifically the first one of these spams I received was from a Brazillian address. The next two, of a set of three, were relayed through LISTSERV.ACM.ORG on two different lists from exprod7mx82.postini.com - WITH "Approved-By: [EMAIL PROTECTED]". Postini received it via SSL: Received: from source ([63.118.7.109]) (using SSLv3) by exprod7mx82.postini.com ([64.18.6.14]) with SMTP; Mon, 31 Jul 2006 01:48:23 EDT The source to postini appears to be a comcast address in one case and nucleus.com for the second of the two relayed through ACM. Is postini even remotely legitimate? {^_^}
Re: postini.com
On 7/31/06, jdow <[EMAIL PROTECTED]> wrote: Both headers seem to feature X-Keywords: . I seem to be dumb this "virtual morning" and can't get a test to work for it. My guess is that X-IMAPbase, X-UID, Content-Length, and X-Keywords were added by the POP3 server at the last hop before your fetchmail. Have you checked whether those are present it other message headers you've received?
Re: postini.com
Earthlink is pretty good about reporting where things come from. And the address IS from an acm.org machine. It is in their netblock. I've never seen a forged Earthlink smtp Received header. It does look like the postini results are forged or are from a hacked DNS setup. - Original Message - From: "Michael Scheidell" <[EMAIL PROTECTED]> To: "jdow" <[EMAIL PROTECTED]>; "John D. Hardin" <[EMAIL PROTECTED]> Cc: Sent: Monday, July 31, 2006 16:35 Subject: RE: postini.com -Original Message- From: jdow [mailto:[EMAIL PROTECTED] Sent: Monday, July 31, 2006 7:16 PM To: John D. Hardin Cc: users@spamassassin.apache.org Subject: Re: postini.com > Sample headers? I am sure you know that the only headers you can 100% truse are the last set (earthlink) I am assuming that earthlink received it from ossie.acm.org, but that cannot be confirmed. Also, cannot be confirmed that postini actually sent it to ozzie.acm.org. (unless you ask postini, who doesn't have a working abuse@ address, or postmaster@, and their whois contacts is invalid also.. Approved-By: [EMAIL PROTECTED] Received: from psmtp.com (exprod7mx59.postini.com) by ozzie.acm.org (LSMTP for Windows NT v1.1b) with SMTP id <[EMAIL PROTECTED]>; Mon, 31 Jul 2006 5:52:36 -0400 Received: from source ([63.118.7.109]) ( 63.118.7.109 doesn't look like a postini email address. Both headers seem to feature X-Keywords: . I seem to be dumb this "virtual morning" and can't get a test to work for it. {^_^}
Re: postini.com
Find a floppy disk. Format it. Move cpanel over to the floppy disk. Remove the floppy disk from the system. Wrap the floppy in alternating layers of foil, lead is best, and parafin until it is about 6" thick. Save it until the next full Moon. Take it to a graveyard. In a quiet corner dig a hole about 6' deep with a post hole digger. Drop the disk in making sure it lands flat. Drive a fire hardened oaken stake through the disk and wrappings. Then backfill the hole. Finally, edit the right files with vi or emacs. {^_-} -- View this message in context: http://www.nabble.com/postini.com-tf2030493.html#a5586140 Sent from the SpamAssassin - Users forum at Nabble.com.
RE: postini.com
> -Original Message- > From: jdow [mailto:[EMAIL PROTECTED] > Sent: Monday, July 31, 2006 7:16 PM > To: John D. Hardin > Cc: users@spamassassin.apache.org > Subject: Re: postini.com > > Sample headers? I am sure you know that the only headers you can 100% truse are the last set (earthlink) I am assuming that earthlink received it from ossie.acm.org, but that cannot be confirmed. Also, cannot be confirmed that postini actually sent it to ozzie.acm.org. (unless you ask postini, who doesn't have a working abuse@ address, or postmaster@, and their whois contacts is invalid also.. Approved-By: [EMAIL PROTECTED] > Received: from psmtp.com (exprod7mx59.postini.com) by > ozzie.acm.org (LSMTP for > Windows NT v1.1b) with SMTP id > <[EMAIL PROTECTED]>; Mon, 31 > Jul 2006 5:52:36 -0400 > Received: from source ([63.118.7.109]) ( 63.118.7.109 doesn't look like a postini email address. > > ===8<--- > Status: OU > Return-Path: <[EMAIL PROTECTED]> > Received: from smtp.earthlink.net [209.86.93.203] > by localhost with POP3 (fetchmail-6.2.5.5) > for [EMAIL PROTECTED] (single-drop); Mon, 31 Jul > 2006 15:36:59 -0700 (PDT) > Received: from ozzie.acm.org ([199.222.69.4]) > by mx-pinchot.atl.sa.earthlink.net (EarthLink SMTP Server) > with SMTP id 1g7Gnj6fA3Nl34d0; > Mon, 31 Jul 2006 18:36:37 -0400 (EDT) > Received: from ozzie (ozzie.acm.org) by ozzie.acm.org (LSMTP > for Windows NT v1.1b) with > SMTP id <[EMAIL PROTECTED]>; Mon, 31 Jul 2006 16:46:34 -0400 > Received: by LISTSERV.ACM.ORG (LISTSERV-TCP/IP release 14.3) > with spool id > 12697299 for [EMAIL PROTECTED]; > Mon, 31 Jul 2006 > 16:45:17 -0400 > Approved-By: [EMAIL PROTECTED] > Received: from psmtp.com (exprod7mx59.postini.com) by > ozzie.acm.org (LSMTP for > Windows NT v1.1b) with SMTP id > <[EMAIL PROTECTED]>; Mon, 31 > Jul 2006 5:52:36 -0400 > Received: from source ([63.118.7.109]) (using SSLv3) by > exprod7mx59.postini.com > ([64.18.6.14]) with SMTP; Mon, 31 Jul 2006 05:51:21 EDT > Received: from psmtp.com ([64.18.2.79]) by acm26-4.acm.org (ACM Email > Forwarding Service) with SMTP id JQE60921 for > <[EMAIL PROTECTED]>; Mon, 31 Jul 2006 05:51:21 -0400 > Received: from source ([66.18.208.253]) by exprod7mx77.postini.com > ([64.18.6.13]) with SMTP; Mon, 31 Jul 2006 02:51:18 PDT > MIME-Version: 1.0 > Content-Type: multipart/related; > boundary="=_NextPart_000_0003_01C6B454.98D38790" > X-Mailer: Microsoft Office Outlook, Build 11.0.5510 > Thread-Index: Aca0VJjVW9FxV5MfQTaS8xX06pxKOg== > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 > X-pstn-levels: (S: 0.05089/99.00590 R:95.9108 P:95.9108 > M:96.8350 C:98.6951 >) > X-pstn-settings: 5 (2.:2.) s gt3 gt2 gt1 r p m c > X-pstn-addresses: from <[EMAIL PROTECTED]> [db-null] > Message-ID: <[EMAIL PROTECTED]> > Date: Mon, 31 Jul 2006 03:51:26 +0600 > Reply-To: "senses." <[EMAIL PROTECTED]> > Sender: ACM PDC Announcement List <[EMAIL PROTECTED]> > From: "senses." <[EMAIL PROTECTED]> > Subject: [ACM-PDC] previous year. > Comments: To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Precedence: list > X-ELNK-Info: spv=0; > X-ELNK-AV: 0 > X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; > X-Spam-Virus: No > X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-06-05) on > morticia.wizardess.wiz > X-Spam-Level: > X-Spam-Status: No, score=4.5 required=5.0 > tests=BAYES_95,HTML_80_90, > HTML_IMAGE_RATIO_06,HTML_MESSAGE,JD_HI_BAYES,JD_VHI_BAYES, > RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB autolearn=disabled > version=3.0.5 > X-Jdow: user jdow > X-IMAPbase: 1142818988 95886 > X-UID: 95886 > Content-Length: 27395 > X-Keywords: > > ===8<--- > Note the VERY long empty "Keywords:". That might make a good > emergency filter? > ===8<--- > Status: OU > Return-Path: <[EMAIL PROTECTED]> > Received: from smtp.earthlink.net [209.86.93.203] > by localhost with POP3 (fetchmail-6.2.5.5) > for [EMAIL PROTECTED] (single-drop); Mon, 31 Jul > 2006 07:12:36 -0700 (PDT) > Received: from 20179087035.user.veloxzone.com.br > ([201.79.87.35]) by mx-clapper.atl.sa.earthlink.net > (EarthLink SMTP Server) with ESMTP id 1g7ytV1HW3Nl34b0 for > <[EMAIL PROTECTED]>; Mon, 31 Jul 2006 10:11:02 -0400 (EDT) > From: "billed" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: iBook > Date: Mon, 31 Jul 2006 11:10:49 +0300 > MIME-Version: 1.0 > Content-Type: multipart/related; > boundary="=_NextPart_000
Re: postini.com
From: "John D. Hardin" <[EMAIL PROTECTED]> On Mon, 31 Jul 2006, jdow wrote: Is postini even remotely legitimate? What's even funnier is that they are a commercial spam filter service provider. This might really damage their reputation... Sample headers? ===8<--- Status: OU Return-Path: <[EMAIL PROTECTED]> Received: from smtp.earthlink.net [209.86.93.203] by localhost with POP3 (fetchmail-6.2.5.5) for [EMAIL PROTECTED] (single-drop); Mon, 31 Jul 2006 15:36:59 -0700 (PDT) Received: from ozzie.acm.org ([199.222.69.4]) by mx-pinchot.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1g7Gnj6fA3Nl34d0; Mon, 31 Jul 2006 18:36:37 -0400 (EDT) Received: from ozzie (ozzie.acm.org) by ozzie.acm.org (LSMTP for Windows NT v1.1b) with SMTP id <[EMAIL PROTECTED]>; Mon, 31 Jul 2006 16:46:34 -0400 Received: by LISTSERV.ACM.ORG (LISTSERV-TCP/IP release 14.3) with spool id 12697299 for [EMAIL PROTECTED]; Mon, 31 Jul 2006 16:45:17 -0400 Approved-By: [EMAIL PROTECTED] Received: from psmtp.com (exprod7mx59.postini.com) by ozzie.acm.org (LSMTP for Windows NT v1.1b) with SMTP id <[EMAIL PROTECTED]>; Mon, 31 Jul 2006 5:52:36 -0400 Received: from source ([63.118.7.109]) (using SSLv3) by exprod7mx59.postini.com ([64.18.6.14]) with SMTP; Mon, 31 Jul 2006 05:51:21 EDT Received: from psmtp.com ([64.18.2.79]) by acm26-4.acm.org (ACM Email Forwarding Service) with SMTP id JQE60921 for <[EMAIL PROTECTED]>; Mon, 31 Jul 2006 05:51:21 -0400 Received: from source ([66.18.208.253]) by exprod7mx77.postini.com ([64.18.6.13]) with SMTP; Mon, 31 Jul 2006 02:51:18 PDT MIME-Version: 1.0 Content-Type: multipart/related; boundary="=_NextPart_000_0003_01C6B454.98D38790" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: Aca0VJjVW9FxV5MfQTaS8xX06pxKOg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 X-pstn-levels: (S: 0.05089/99.00590 R:95.9108 P:95.9108 M:96.8350 C:98.6951 ) X-pstn-settings: 5 (2.:2.) s gt3 gt2 gt1 r p m c X-pstn-addresses: from <[EMAIL PROTECTED]> [db-null] Message-ID: <[EMAIL PROTECTED]> Date: Mon, 31 Jul 2006 03:51:26 +0600 Reply-To: "senses." <[EMAIL PROTECTED]> Sender: ACM PDC Announcement List <[EMAIL PROTECTED]> From: "senses." <[EMAIL PROTECTED]> Subject: [ACM-PDC] previous year. Comments: To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Precedence: list X-ELNK-Info: spv=0; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-Spam-Virus: No X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-06-05) on morticia.wizardess.wiz X-Spam-Level: X-Spam-Status: No, score=4.5 required=5.0 tests=BAYES_95,HTML_80_90, HTML_IMAGE_RATIO_06,HTML_MESSAGE,JD_HI_BAYES,JD_VHI_BAYES, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB autolearn=disabled version=3.0.5 X-Jdow: user jdow X-IMAPbase: 1142818988 95886 X-UID: 95886 Content-Length: 27395 X-Keywords: ===8<--- Note the VERY long empty "Keywords:". That might make a good emergency filter? ===8<--- Status: OU Return-Path: <[EMAIL PROTECTED]> Received: from smtp.earthlink.net [209.86.93.203] by localhost with POP3 (fetchmail-6.2.5.5) for [EMAIL PROTECTED] (single-drop); Mon, 31 Jul 2006 07:12:36 -0700 (PDT) Received: from 20179087035.user.veloxzone.com.br ([201.79.87.35]) by mx-clapper.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1g7ytV1HW3Nl34b0 for <[EMAIL PROTECTED]>; Mon, 31 Jul 2006 10:11:02 -0400 (EDT) From: "billed" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: iBook Date: Mon, 31 Jul 2006 11:10:49 +0300 MIME-Version: 1.0 Content-Type: multipart/related; boundary="=_NextPart_000_0005_01C6B491.FAE3AB80" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: Aca0kfrjTM2IyGkASIC2ZFVp12qh8A== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <[EMAIL PROTECTED]> X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-Spam-Virus: No X-Spam-Checker-Version: SpamAssassin 3.0.5 (2005-06-05) on morticia.wizardess.wiz X-Spam-Level: X-Spam-Status: No, score=4.5 required=5.0 tests=BAYES_80,HELO_EQ_BR, HOST_EQ_BR,HTML_IMAGE_RATIO_06,HTML_MESSAGE,JD_HI_BAYES,JD_MY_IDS, JD_MY_NAME,JD_TO_EARTHLINK autolearn=disabled version=3.0.5 X-Jdow: user jdow X-UID: 95455 Content-Length: 27569 X-Keywords: ===8<--- Yes - lots of blanks after broken X-keywords. {^_^}
Re: postini.com
On Mon, Jul 31, 2006 at 04:11:43PM -0700, Ken A wrote: > These image spams are not easy to stop. I'm finally getting them with a > 'full' rule matching a string that is common in the base64 encoded image > part. I'm sure the image will change friday and break my rule for next > weekend though. eww, full rule. fwiw, there's a test rule in for tonight which catches a bunch of the new images. barring any problems, it'll be in sa-update tomorrow sometime. -- Randomly Generated Tagline: You tell 'em cabbage, You've got the head. pgpASbsVHIccJ.pgp Description: PGP signature
Re: postini.com
jdow wrote: From: "jdow" <[EMAIL PROTECTED]> postini.com is spewing an image spam that is getting through filters. Worse yet they are using acm.org as a relay More specifically the first one of these spams I received was from a Brazillian address. The next two, of a set of three, were relayed through LISTSERV.ACM.ORG on two different lists from exprod7mx82.postini.com - WITH "Approved-By: [EMAIL PROTECTED]". Postini received it via SSL: Received: from source ([63.118.7.109]) (using SSLv3) by exprod7mx82.postini.com ([64.18.6.14]) with SMTP; Mon, 31 Jul 2006 01:48:23 EDT The source to postini appears to be a comcast address in one case and nucleus.com for the second of the two relayed through ACM. Is postini even remotely legitimate? {^_^} Postini does process a huge amount of incoming and outgoing mail, and unless they are able to identify the spam, they will forward it, just like anyone else. :-\ These image spams are not easy to stop. I'm finally getting them with a 'full' rule matching a string that is common in the base64 encoded image part. I'm sure the image will change friday and break my rule for next weekend though. Ken Pacific.Net
Re: postini.com
On Mon, 31 Jul 2006, jdow wrote: > Is postini even remotely legitimate? What's even funnier is that they are a commercial spam filter service provider. This might really damage their reputation... Sample headers? -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like "Oh my God, this place is teeming with utter morons" to incorrect conclusions like "there's nothing of value here".-- Al Petrofsky, in Y! SCOX ---
Re: postini.com
From: "jdow" <[EMAIL PROTECTED]> postini.com is spewing an image spam that is getting through filters. Worse yet they are using acm.org as a relay More specifically the first one of these spams I received was from a Brazillian address. The next two, of a set of three, were relayed through LISTSERV.ACM.ORG on two different lists from exprod7mx82.postini.com - WITH "Approved-By: [EMAIL PROTECTED]". Postini received it via SSL: Received: from source ([63.118.7.109]) (using SSLv3) by exprod7mx82.postini.com ([64.18.6.14]) with SMTP; Mon, 31 Jul 2006 01:48:23 EDT The source to postini appears to be a comcast address in one case and nucleus.com for the second of the two relayed through ACM. Is postini even remotely legitimate? {^_^}