RE: RulesDuJour Recommendation
Title: RE: RulesDuJour Recommendation > > Yea...those are really good. I didn't mention them as they > are enabled > by default in the latest SA versions. At least, they are if > the network > tests in general are enabled. > URIBL isn't on by default. Just SURBL. I believe the next SA release it will be. --Chris
Re: RulesDuJour Recommendation
On Wednesday 08 February 2006 07:47 am, Chris Santerre wrote: > > Don't forget to use URIBL and SURBL Joey. They will stop a ton of spam. Indeed they do, but.. If you are one of those poor souls who are still using dialup AND you have to restart your system while offline, spamassassin will not see an available network and will disable network tests. Took me a while to figure that one out and it still bites me on occasion, if I don't think about it. Connect to your ISP and restart spamd and all will be well again. -- Jerry Gaiser in North Plains, Oregon USA (Zone8a) - 45.6933N 123.0418W
Re: RulesDuJour Recommendation
Joey wrote: > Hello everyone, > > As I'm sure you are aware the spam these days seems to be getting worse. > In an attempt to be more aggressive we started using RulesDuJour. > What I would like to know is which rules are you using without too much > headache so that we can implement them into our configuration. > I didn't want to load them all because I felt that it may be too aggressive > and cause many client complaints. > > Also if you have found any solutions for the recent barrage of image spam I > would appreciate you sharing them with me. > My only advice is do not use RDJ for antidrug if you're using SA 3.0.0 or higher. The antidrug.cf file is only for users of SA 2.6x and older, and the rules are built into 3.0.0 and newer.
RE: RulesDuJour Recommendation
Loren Wilton wrote: > > These are the ones that I use. I haven't had any problems with > > them. > > > > SARE_EVILNUMBERS0 > > SARE_GENLSUBJ0 > > SARE_HTML0 > > SARE_HEADER0 > > SARE_OBFU0 > > SARE_URI0 > > I would add that most people could probably run the "1" versions of > the above "0" rule files *in addition to the "0" version* with > absolutely no problems and probably catch even more spam. The 0 > versions are the most conservative, but the 1 versions are still > pretty conservative. Yea. I've thought about adding those, but I'll have to watch the mail flow more closely for a while afterwards and I don't want to add to my workload at the moment. :) -- Bowie
Re: RulesDuJour Recommendation
> These are the ones that I use. I haven't had any problems with them. > > SARE_EVILNUMBERS0 > SARE_GENLSUBJ0 > SARE_HTML0 > SARE_HEADER0 > SARE_OBFU0 > SARE_URI0 I would add that most people could probably run the "1" versions of the above "0" rule files *in addition to the "0" version* with absolutely no problems and probably catch even more spam. The 0 versions are the most conservative, but the 1 versions are still pretty conservative. Loren
Re: RulesDuJour Recommendation
> I am, and have been for a while, using SARE_REDIRECT_POST300 SARE_HTML > SARE_BAYES_POISON_NXM TRIPWIRE EVILNUMBERS SARE_RANDOM SARE_WHITELIST > SARE_OBFU SARE_STOCKS SARE_SPOOF to good effect (though someone will > probably tell me that at least one of those is no longer advisable). Nope, all still good rulesets. EvilNumbers isn't updated as often as it really should be these days (I think), but they are all still live rulesets. Loren
RE: RulesDuJour Recommendation
Chris Santerre wrote: > From: Bowie Bailey [mailto:[EMAIL PROTECTED] > > Joey wrote: > > > > > > As I'm sure you are aware the spam these days seems to be getting > > > worse. In an attempt to be more aggressive we started using > > > RulesDuJour. What I would like to know is which rules are you > > > using without too much headache so that we can implement them > > > into our configuration. I didn't want to load them all because I > > > felt that it may be too aggressive and cause many client > > > complaints. > > > > > > Also if you have found any solutions for the recent barrage of > > > image spam I would appreciate you sharing them with me. > > > > These are the ones that I use. I haven't had any problems with > > them. > > > > SARE_ADULT > > SARE_EVILNUMBERS0 > > SARE_FRAUD > > SARE_GENLSUBJ0 > > SARE_HTML0 > > SARE_HEADER0 > > SARE_OBFU0 > > SARE_RANDOM > > SARE_SPECIFIC > > SARE_SPOOF > > SARE_STOCKS > > SARE_UNSUB > > SARE_URI0 > > SARE_WHITELIST_SPF > > SARE_WHITELIST_RCVD > > Boy those SARE people sure rock! ;) They sure do! :) > Don't forget to use URIBL and SURBL Joey. They will stop a ton of > spam. Yea...those are really good. I didn't mention them as they are enabled by default in the latest SA versions. At least, they are if the network tests in general are enabled. I should also mention Razor2, Pyzor, and DCC as being very useful for stopping the image spams. (I don't use Pyzor myself, but that's just because I've been too lazy to do the installation) -- Bowie
RE: RulesDuJour Recommendation
Title: RE: RulesDuJour Recommendation > -Original Message- > From: Bowie Bailey [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 08, 2006 10:09 AM > To: SpamAssassin > Subject: RE: RulesDuJour Recommendation > > > Joey wrote: > > > > As I'm sure you are aware the spam these days seems to be getting > > worse. In an attempt to be more aggressive we started using > > RulesDuJour. What I would like to know is which rules are you using > > without too much headache so that we can implement them into our > > configuration. I didn't want to load them all because I > felt that it > > may be too aggressive and cause many client complaints. > > > > Also if you have found any solutions for the recent barrage of image > > spam I would appreciate you sharing them with me. > > These are the ones that I use. I haven't had any problems with them. > > SARE_ADULT > SARE_EVILNUMBERS0 > SARE_FRAUD > SARE_GENLSUBJ0 > SARE_HTML0 > SARE_HEADER0 > SARE_OBFU0 > SARE_RANDOM > SARE_SPECIFIC > SARE_SPOOF > SARE_STOCKS > SARE_UNSUB > SARE_URI0 > SARE_WHITELIST_SPF > SARE_WHITELIST_RCVD Boy those SARE people sure rock! ;) Don't forget to use URIBL and SURBL Joey. They will stop a ton of spam. Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com
RE: RulesDuJour Recommendation
Joey wrote: > > As I'm sure you are aware the spam these days seems to be getting > worse. In an attempt to be more aggressive we started using > RulesDuJour. What I would like to know is which rules are you using > without too much headache so that we can implement them into our > configuration. I didn't want to load them all because I felt that it > may be too aggressive and cause many client complaints. > > Also if you have found any solutions for the recent barrage of image > spam I would appreciate you sharing them with me. These are the ones that I use. I haven't had any problems with them. SARE_ADULT SARE_EVILNUMBERS0 SARE_FRAUD SARE_GENLSUBJ0 SARE_HTML0 SARE_HEADER0 SARE_OBFU0 SARE_RANDOM SARE_SPECIFIC SARE_SPOOF SARE_STOCKS SARE_UNSUB SARE_URI0 SARE_WHITELIST_SPF SARE_WHITELIST_RCVD -- Bowie
Re: RulesDuJour Recommendation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joey wrote: > Hello everyone, > > As I'm sure you are aware the spam these days seems to be getting worse. > In an attempt to be more aggressive we started using RulesDuJour. > What I would like to know is which rules are you using without too much > headache so that we can implement them into our configuration. > I didn't want to load them all because I felt that it may be too aggressive > and cause many client complaints. > > Also if you have found any solutions for the recent barrage of image spam I > would appreciate you sharing them with me. I am, and have been for a while, using SARE_REDIRECT_POST300 SARE_HTML SARE_BAYES_POISON_NXM TRIPWIRE EVILNUMBERS SARE_RANDOM SARE_WHITELIST SARE_OBFU SARE_STOCKS SARE_SPOOF to good effect (though someone will probably tell me that at least one of those is no longer advisable). I also have a bunch of homebrew rules which add weigh to the specific types of spam I see here. They're on the website below if your interested. If you are getting a lot of pump-and-dump stock/microcap image spam, I can heartily recommend SARE_STOCKS. It's a masterpiece. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD6fHuMDDagS2VwJ4RAtCtAKDwILYsdZOAu0urBJ7pN2ZlqOHE1wCdGUPd 6vGN6heBBMSEUtKA755v8rE= =tQw7 -END PGP SIGNATURE-
RulesDuJour Recommendation
Hello everyone, As I'm sure you are aware the spam these days seems to be getting worse. In an attempt to be more aggressive we started using RulesDuJour. What I would like to know is which rules are you using without too much headache so that we can implement them into our configuration. I didn't want to load them all because I felt that it may be too aggressive and cause many client complaints. Also if you have found any solutions for the recent barrage of image spam I would appreciate you sharing them with me. Thanks!!! Joey
