Re: how to keep updated against german spam?
On Dienstag, 10. Juni 2008 peter pilsl wrote: > I just uploaded three different examples of recent spamwave to my > webpage: > http://www.goldfisch.at/goldfisch/temp/spam1 As others said already, with simple network tests you could filter that mails. Consider using the BOTNET tool, that helps too. I won't write rules for spam that's already recognized by other rules - the ruleset would be too huge and slow. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import" // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: www.keyserver.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
Re: how to keep updated against german spam?
On Dienstag, 10. Juni 2008 peter pilsl wrote: > I just uploaded three different examples of recent spamwave to my > webpage: > http://www.goldfisch.at/goldfisch/temp/spam1 As others said already, with simple network tests you could filter that mails. Consider using the BOTNET tool, that helps too. I won't write rules for spam that's already recognized by other rules - the ruleset would be too huge and slow. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import" // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: www.keyserver.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
Re: how to keep updated against german spam?
On Dienstag, 10. Juni 2008 Mathias Homann wrote: > from sa-update -D: > > [12517] dbg: http: GET request, > http://daryl.dostech.ca/sa-update/zmi/70_zmi_german.cf/200806051042.t >ar.gz.asc [12517] dbg: sha1: verification wanted: > 91eaa15f9a096c202a18b9f5f858fc25058643aa > [12517] dbg: sha1: verification result: > 91eaa15f9a096c202a18b9f5f858fc25058643aa > [12517] dbg: channel: populating temp content file > [12517] dbg: gpg: populating temp signature file > [12517] dbg: gpg: calling gpg > [12517] dbg: gpg: gpg: Signature made Do 05 Jun 2008 10:50:57 CEST > using DSA key ID 856AA88A > [12517] dbg: gpg: [GNUPG:] ERRSIG 3C5C05EB856AA88A 17 2 00 1212655857 > 9 > [12517] dbg: gpg: [GNUPG:] NO_PUBKEY 3C5C05EB856AA88A > [12517] dbg: gpg: gpg: Can't check signature: public key not found > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a > trusted GPG > key. Instead, it was signed with the following keys: > > 856AA88A Sorry that problem is on Daryl's side already, cannot influence it. Daryl, did ya see this? mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import" // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: www.keyserver.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
Re: how to keep updated against german spam?
Am Dienstag, 10. Juni 2008 schrieb Michael Monnerie: > On Dienstag, 10. Juni 2008 peter pilsl wrote: > > I run spamassassin 3.2.3 and every few weeks a new wave of german > > SPAM hits our servers that are not detected by spamassassin... > > > > Is there a webpage where I can get new rules? or any channel I > > can subscribe for sa-update? > > > > I also have a question about sa-update and new channels? If I add > > a new channel that provides new rulesets, do I have to add this > > new rules to my local.cf or are they used automatically as if > > they were sa-rules themselfes? > > I am the maintainer of the GERMAN ruleset. You can download it in > various ways. From the comment within that ruleset: > > # License: Artistic - see http://www.rulesemporium.com/license.txt > # Maintainer: Michael Monnerie ([EMAIL PROTECTED]) from > it-management.at # How to get it: > # SpamAssassin Channel: 70_zmi_german.cf.zmi.sa-update.dostech.net > # Also via RDJ (RulesDuJour) as: ZMI_GERMAN > # RDJ is available at > http://www.exit0.us/index.php?pagename=RulesDuJour # Home: > http://sa.zmi.at/rulesets/70_zmi_german.cf > # HOWTO contribute: > # - write and --lint your own rules > # - be sure it hits more than just one spam > # - try to write rules similar to how we write them recently (see > the # latest body rulesets (the last ones!) to get an example) # > - be sure it actually *is* spam, not just a newsletter from a > company # who bought your e-mail address from another company > (they often don't know...) # - send your rules to the maintainer > (see above) together with the licence # (which MUST be "Artistic" > for me to include it, or you grant me rights #to redistribute > it under the "Artistic" licence) > > mfg zmi from sa-update -D: [12517] dbg: http: GET request, http://daryl.dostech.ca/sa-update/zmi/70_zmi_german.cf/200806051042.tar.gz.asc [12517] dbg: sha1: verification wanted: 91eaa15f9a096c202a18b9f5f858fc25058643aa [12517] dbg: sha1: verification result: 91eaa15f9a096c202a18b9f5f858fc25058643aa [12517] dbg: channel: populating temp content file [12517] dbg: gpg: populating temp signature file [12517] dbg: gpg: calling gpg [12517] dbg: gpg: gpg: Signature made Do 05 Jun 2008 10:50:57 CEST using DSA key ID 856AA88A [12517] dbg: gpg: [GNUPG:] ERRSIG 3C5C05EB856AA88A 17 2 00 1212655857 9 [12517] dbg: gpg: [GNUPG:] NO_PUBKEY 3C5C05EB856AA88A [12517] dbg: gpg: gpg: Can't check signature: public key not found error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: 856AA88A -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Re: how to keep updated against german spam?
On Tue, 10 Jun 2008 at 14:35 +0200, [EMAIL PROTECTED] confabulated: Yet Another Ninja wrote: Is there a place where you posted these spams so potential rule writers know which you're talking about? I just uploaded three different examples of recent spamwave to my webpage: http://www.goldfisch.at/goldfisch/temp/spam1 Using the messages as you have posted them, ALL would have been tagged as spam here regardless of language: X-Spam-Level: xx X-Spam-Status: Bayes:0.5 Score:6.5 Reqrd:5.0 AutoLrn:no Tests:NO_DNS_FOR_FROM=1.407,RCVD_IN_BL_SPAMCOP_NET=2.188,RCVD_IN_XBL=2.896 X-Spam-Level: X-Spam-Status: Bayes:0.5 Score:8.7 Reqrd:5.0 AutoLrn:no Tests:NO_DNS_FOR_FROM=1.407,RCVD_IN_BL_SPAMCOP_NET=2.188,RCVD_IN_PBL=0.509, RCVD_IN_SORBS_DUL=1.615,RCVD_IN_XBL=2.896,RDNS_DYNAMIC=0.1 X-Spam-Level: xxx X-Spam-Status: Bayes:0.5 Score:7.1 Reqrd:5.0 AutoLrn:no Tests:FH_HELO_EQ_D_D_D_D=0.498,NO_DNS_FOR_FROM=1.407, RCVD_IN_BL_SPAMCOP_NET=2.188,RCVD_IN_XBL=2.896,RDNS_DYNAMIC=0.1 You probably don't have network tests enabled.
Re: how to keep updated against german spam?
On Tue, June 10, 2008 14:35, peter pilsl wrote: > I just uploaded three different examples of recent spamwave to my webpage: X-Spam-Status: No, score=0.6 required=2.4 tests=BAYES_05,NO_RELAYS autolearn=ham version=3.2.2 NO_RELAYS should not hit on remote spams have you configured you trusted_networks internal_networks msa_networks in local.cf correct ? perldoc Mail::SpamAssassin::Conf for more info Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: how to keep updated against german spam?
On 6/10/2008 2:35 PM, peter pilsl wrote: Yet Another Ninja wrote: Is there a place where you posted these spams so potential rule writers know which you're talking about? I just uploaded three different examples of recent spamwave to my webpage: http://www.goldfisch.at/goldfisch/temp/spam1 Hardly think you need special rules for these... Everyone of the sender IPs is listed in Zen and/or other RBLs (as probably the rest of this type you got) Don't see any SA hits of any RBL Razor,Pyzor,iXhash would have probably got them as well. You may want to enable SA network tests and use zen.spamhaus.org in your MTA for hard rejects - works wonders. Be prepare to raise your "required=2.4" to "required=5.0" and update your SA version and last but not least, run a weekly sa-update.
Re: how to keep updated against german spam?
Yet Another Ninja wrote: Is there a place where you posted these spams so potential rule writers know which you're talking about? I just uploaded three different examples of recent spamwave to my webpage: http://www.goldfisch.at/goldfisch/temp/spam1 thnx, peter
Re: how to keep updated against german spam?
On 6/10/2008 1:19 PM, peter pilsl wrote: I run spamassassin 3.2.3 and every few weeks a new wave of german SPAM hits our servers that are not detected by spamassassin... Is there a webpage where I can get new rules? or any channel I can subscribe for sa-update? Is there a place where you posted these spams so potential rule writers know which you're talking about? -- Jun 10 13:28:044: NOQUEUE disconnect from unknown; 421 4.7.1 Service unavailable; Crystal ball quota exceeded
Re: how to keep updated against german spam?
On Dienstag, 10. Juni 2008 peter pilsl wrote: > I run spamassassin 3.2.3 and every few weeks a new wave of german > SPAM hits our servers that are not detected by spamassassin... > > Is there a webpage where I can get new rules? or any channel I can > subscribe for sa-update? > > I also have a question about sa-update and new channels? If I add a > new channel that provides new rulesets, do I have to add this new > rules to my local.cf or are they used automatically as if they were > sa-rules themselfes? I am the maintainer of the GERMAN ruleset. You can download it in various ways. From the comment within that ruleset: # License: Artistic - see http://www.rulesemporium.com/license.txt # Maintainer: Michael Monnerie ([EMAIL PROTECTED]) from it-management.at # How to get it: # SpamAssassin Channel: 70_zmi_german.cf.zmi.sa-update.dostech.net # Also via RDJ (RulesDuJour) as: ZMI_GERMAN # RDJ is available at http://www.exit0.us/index.php?pagename=RulesDuJour # Home: http://sa.zmi.at/rulesets/70_zmi_german.cf # HOWTO contribute: # - write and --lint your own rules # - be sure it hits more than just one spam # - try to write rules similar to how we write them recently (see the # latest body rulesets (the last ones!) to get an example) # - be sure it actually *is* spam, not just a newsletter from a company # who bought your e-mail address from another company (they often don't know...) # - send your rules to the maintainer (see above) together with the licence # (which MUST be "Artistic" for me to include it, or you grant me rights #to redistribute it under the "Artistic" licence) mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import" // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: www.keyserver.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
how to keep updated against german spam?
I run spamassassin 3.2.3 and every few weeks a new wave of german SPAM hits our servers that are not detected by spamassassin... Is there a webpage where I can get new rules? or any channel I can subscribe for sa-update? I also have a question about sa-update and new channels? If I add a new channel that provides new rulesets, do I have to add this new rules to my local.cf or are they used automatically as if they were sa-rules themselfes? thnx peter -- mag. peter pilsl - goldfisch.at IT-Consulting Tel: +43-699-11288470 Tel: +43-1-8900602 Fax: +43-1-8900602-15 skype: peter.pilsl [EMAIL PROTECTED] www.goldfisch.at
