subject:"Romance spam"

Re: Romance spam

2013-03-09 Thread Benny Pedersen


Kenneth Porter skrev den 2013-03-09 14:44:


Presumably the autolearn=ham applies to anything that doesn't get
marked as spam.


nope, it still need to score below -0.1 to learn as ham, so i would 
check whitelist scores, or scores that hits on negatives



Once I move it to my Uncaught folder, it gets
retrained that night as spam.


super

But I need to upgrade SA on my servers. I missed the upgrade 
announcements.


here i just need to figure out udev with gentoo kernel 3.7.x :)

Re: Romance spam

2013-03-09 Thread Kenneth Porter

--On Thursday, March 07, 2013 11:26 PM +0100 Benny Pedersen  
wrote:



only bayes hitting ?, and it autolearns ham ?


Presumably the autolearn=ham applies to anything that doesn't get marked as 
spam. Once I move it to my Uncaught folder, it gets retrained that night as 
spam.


But I need to upgrade SA on my servers. I missed the upgrade announcements.

Re: Romance spam

2013-03-07 Thread Benny Pedersen


Kenneth Porter skrev den 2013-03-06 18:04:

--On Wednesday, March 06, 2013 9:27 AM -0500 "Kevin A. McGrail"
 wrote:

I haven't seen any of this at all.  Do you have an example on 
pastebin

and I can look through my logs? Might be getting hammered by another
rule/rbl/etc.


Here's an example:




only bayes hitting ?, and it autolearns ham ?

Re: Romance spam

2013-03-06 Thread Axb


On 03/06/2013 05:52 PM, Kenneth Porter wrote:

--On Wednesday, March 06, 2013 3:35 PM +0100 Axb 
wrote:


aren't these the ones with the @yandex.ru dropbox in the body?


Good catch. I just checked for that in my Uncaught folder (which I feed
to Bayes each night) and the List-Id appears in most but not all that
have that dropbox address.


the List-Id  was faked.
Bayes & BLs took care of mine.

Re: Romance spam

2013-03-06 Thread Kevin A. McGrail


On 3/6/2013 12:04 PM, Kenneth Porter wrote:
--On Wednesday, March 06, 2013 9:27 AM -0500 "Kevin A. McGrail" 
 wrote:



I haven't seen any of this at all.  Do you have an example on pastebin
and I can look through my logs? Might be getting hammered by another
rule/rbl/etc.


Here's an example:


Yeah, these are not getting through our filters so I've never looked at 
them before.  We are hammering these with RBLs and reverse pointer 
Checks without even getting near content.  Scored 14.3.  You might 
consider 3.4.0 and adding some RBLs.


regards,
KAM

Re: Romance spam

2013-03-06 Thread Kenneth Porter

--On Wednesday, March 06, 2013 9:27 AM -0500 "Kevin A. McGrail" 
 wrote:



I haven't seen any of this at all.  Do you have an example on pastebin
and I can look through my logs? Might be getting hammered by another
rule/rbl/etc.


Here's an example:

Re: Romance spam

2013-03-06 Thread Kenneth Porter

--On Wednesday, March 06, 2013 3:35 PM +0100 Axb  
wrote:



aren't these the ones with the @yandex.ru dropbox in the body?


Good catch. I just checked for that in my Uncaught folder (which I feed to 
Bayes each night) and the List-Id appears in most but not all that have 
that dropbox address.

Re: Romance spam

2013-03-06 Thread Axb


On 03/06/2013 03:27 PM, Kevin A. McGrail wrote:

I haven't seen any of this at all.  Do you have an example on pastebin
and I can look through my logs? Might be getting hammered by another
rule/rbl/etc.

On 2/21/2013 8:03 PM, Kenneth Porter wrote:

I'm noticing the following header in recent "romance" spam that looks
like it might be an easy pattern to match. It's an unsubscribe link
with a mailto link with a hex digit username of up to 20 digits. This
is from a grep of my  Uncaught folder.


aren't these the ones with the @yandex.ru dropbox in the body?

Re: Romance spam

2013-03-06 Thread Kevin A. McGrail

I haven't seen any of this at all.  Do you have an example on pastebin 
and I can look through my logs? Might be getting hammered by another 
rule/rbl/etc.


On 2/21/2013 8:03 PM, Kenneth Porter wrote:
I'm noticing the following header in recent "romance" spam that looks 
like it might be an easy pattern to match. It's an unsubscribe link 
with a mailto link with a hex digit username of up to 20 digits. This 
is from a grep of my  Uncaught folder.


List-Unsubscribe: <mailto:816c9403033bffad...@splendulousgifts.com>
List-Unsubscribe: <mailto:453f2d1cbd47b57...@aspevaagen.no>
List-Unsubscribe: <mailto:7648b5248a42...@blizzartgraphique.com>
List-Unsubscribe: <mailto:ac5aeee2ec9495...@morrishullinger.com>
List-Unsubscribe: <mailto:6ad4a4e864e6e...@hirschauer.at>
List-Unsubscribe: <mailto:0dab50f483e2951c5...@johnchalk.tv>
List-Unsubscribe: <mailto:9b92bab480cb5d92...@snowbike.com.ar>
List-Unsubscribe: <mailto:49a465ab87c6...@oxfest.net>
List-Unsubscribe: <mailto:80bb6e2aa646cdaac...@iptcorporation.com>
List-Unsubscribe: <mailto:a60c607a37c0762...@szetela.com>
List-Unsubscribe: <mailto:789c5d11b771...@irc.nl>
List-Unsubscribe: <mailto:e0a62942af01...@bohumin.cz>
List-Unsubscribe: <mailto:0e22f018e88cb45...@asajohansson.se>
List-Unsubscribe: <mailto:183ad8a2f0735...@cwtec.de>
List-Unsubscribe: <mailto:a24645528c713d51...@unitedtelecominc.tv>
List-Unsubscribe: <mailto:673f8ab63d3e7c5d...@cinziaboutique.com>

Re: Romance spam

2013-02-22 Thread Benny Pedersen


Kenneth Porter skrev den 2013-02-22 02:03:

I'm noticing the following header in recent "romance" spam that looks
like it might be an easy pattern to match.


its easy to make clamav sigs aswell :)

but is the envelope-sender matching the unsubscribe domain ?, if so 
reject sender domain in mta

Romance spam

2013-02-21 Thread Kenneth Porter

I'm noticing the following header in recent "romance" spam that looks like 
it might be an easy pattern to match. It's an unsubscribe link with a 
mailto link with a hex digit username of up to 20 digits. This is from a 
grep of my  Uncaught folder.


List-Unsubscribe: <mailto:816c9403033bffad...@splendulousgifts.com>
List-Unsubscribe: <mailto:453f2d1cbd47b57...@aspevaagen.no>
List-Unsubscribe: <mailto:7648b5248a42...@blizzartgraphique.com>
List-Unsubscribe: <mailto:ac5aeee2ec9495...@morrishullinger.com>
List-Unsubscribe: <mailto:6ad4a4e864e6e...@hirschauer.at>
List-Unsubscribe: <mailto:0dab50f483e2951c5...@johnchalk.tv>
List-Unsubscribe: <mailto:9b92bab480cb5d92...@snowbike.com.ar>
List-Unsubscribe: <mailto:49a465ab87c6...@oxfest.net>
List-Unsubscribe: <mailto:80bb6e2aa646cdaac...@iptcorporation.com>
List-Unsubscribe: <mailto:a60c607a37c0762...@szetela.com>
List-Unsubscribe: <mailto:789c5d11b771...@irc.nl>
List-Unsubscribe: <mailto:e0a62942af01...@bohumin.cz>
List-Unsubscribe: <mailto:0e22f018e88cb45...@asajohansson.se>
List-Unsubscribe: <mailto:183ad8a2f0735...@cwtec.de>
List-Unsubscribe: <mailto:a24645528c713d51...@unitedtelecominc.tv>
List-Unsubscribe: <mailto:673f8ab63d3e7c5d...@cinziaboutique.com>

Re: Romance spam

Re: Romance spam

Re: Romance spam

Re: Romance spam

Re: Romance spam

Re: Romance spam

Re: Romance spam

Re: Romance spam

Re: Romance spam

Re: Romance spam

Romance spam

11 matches

Site Navigation

Mail list logo

Footer information