Perhaps the easiest thing in the world to spoof is the Date: line, and
yet some people manage to botch that up...
--- Begin Message ---
その名の通り完全無料で直電交換&直電閲覧ができるよん♪
http://www.awg5.net/?ts1
メールでダラダラする必要無し!
☆電話で即決だから間違い無し!
☆もちろんメールを読むのも送るのも完全無料♪
☆メールにするも良し!電話にするも良し!貴方次第でどうにでもしてね♪
http://ww
On Thu, 2006-01-12 at 15:46, Mack wrote:
> On a tempory rule basis, as nobody but nobody should allow the servers to
> patch themselves ,. look at the dmg this has done in the past !
If you are talking about windows, it's not nearly as much damage
as happens if you don't patch them.
--
Les Mik
On a tempory rule basis, as nobody but nobody should allow the servers to
patch themselves ,. look at the dmg this has done in the past !
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: 12 January 2006 21:02
To: mimedefang@lists.roari
>
> I want to decrease the value of "required_score" or "required_hits". I
> want to decrease it from 5 to 4.3. I edit the file
> /etc/mail/spamassassin/local.cf and put this line:
An alternative to tweaking the threshold is to look at the messages
that are getting through and either upward adj
Yanick Quirion wrote:
> Hello all,
>
> I'm using mimedefang version 2.52 with spamassassin 3.0.4 on
> a Redhat Enterprise 4 box.
>
> I want to decrease the value of "required_score" or
> "required_hits". I want to decrease it from 5 to 4.3. I edit
> the file /etc/mail/spamassassin/local.cf a
You might take a look at "required_hits", in "sa-mimedefang.cf".
At least that's where I find it in Version 3.1.0.
Hope this helps.
On Thursday 12 January 2006 14:11, Yanick Quirion wrote:
> Hello all,
>
> I'm using mimedefang version 2.52 with spamassassin 3.0.4 on a Redhat
> Enterprise 4 box.
> But then how many configure port 80 outbound for a web server !!!
It's a good idea to allow port 80 from IIS servers so you can get patches.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. Yo
> Now, if only you could do the same to all the broken firewalls that
> *other* people run :-)
User: I'm not getting email from $SOMEWHERE
Me: I'm sorry, their system seems to be broken. Have them fix it and then
mail will work.
User: But I need that mail!!! Can't you fix it?
Me: No. It's n
Hello all,
I'm using mimedefang version 2.52 with spamassassin 3.0.4 on a Redhat
Enterprise 4 box.
I want to decrease the value of "required_score" or "required_hits". I
want to decrease it from 5 to 4.3. I edit the file
/etc/mail/spamassassin/local.cf and put this line:
required_score 4.3
I d
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David
F. Skoll
Sent: 12 January 2006 18:15
To: mimedefang@lists.roaringpenguin.com
Subject: Re: [Mimedefang] validating 'possibly forged' helo IP's?
>(The large reply will make the DNS server want to fall ba
[EMAIL PROTECTED] wrote:
> Wearing the DNS hat as well as mail, I made damn sure that the firewalls
> allowed 53 TCP and UDP.
Now, if only you could do the same to all the broken firewalls that
*other* people run :-)
Regards,
David.
___
NOTE: If
> >> 1. There is only one ptr record per IP.
>
> > Not true. I was testing that on my internal DNS:
>
> Try adding 150 PTR records for a given IP address and watch all hell
> break loose. :-)
Ok, I'll give you that you CAN define more than one. My understanding is
that there is no mechanism defi
> Try adding 150 PTR records for a given IP address and watch all hell
> break loose. :-)
>
> (The large reply will make the DNS server want to fall back to TCP,
> which is blocked by a lot of firewalls whose admins forget (if they
> ever knew) that DNS can run over TCP as well as UDP.)
Wearing t
> -Original Message-
> From: David F. Skoll
> [EMAIL PROTECTED] wrote:
>
> >> 1. There is only one ptr record per IP.
>
> > Not true. I was testing that on my internal DNS:
>
> Try adding 150 PTR records for a given IP address and watch
> all hell break loose. :-)
Of course, since mos
[EMAIL PROTECTED] wrote:
>> 1. There is only one ptr record per IP.
> Not true. I was testing that on my internal DNS:
Try adding 150 PTR records for a given IP address and watch all hell
break loose. :-)
(The large reply will make the DNS server want to fall back to TCP,
which is blocked by a
[EMAIL PROTECTED] wrote on 01/12/2006 11:19:10
AM:
> 1. There is only one ptr record per IP.
Not true. I was testing that on my internal DNS:
[EMAIL PROTECTED]:~> dig -x 168.169.93.3
; <<>> DiG 9.3.1 <<>> -x 168.169.93.3
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUE
> > ISPs in my experience don't even really care about setting reverse
> > DNS up.
>
> Isn't it good practice for mail exchanges to have a PTR record?
> I can understand why ISP's don't go to the trouble to rDNS every
> IP in the network, but it would seem to be a good idea to support
> rDNS on the
Gary Funck wrote:
>
> One of the difficulties we run into with MdF in general and
> greylisting in particular is that recipient address
> verification (via the access
> database) is delayed via delay_checks. So, basically we
> tempfail messages with invalid recipient addresses that we
> shoul
Kevin A. McGrail wrote:
> This is a good point that you aren't bouncing the email for this, just
> tempfailing for grey listing purposes. I wonder for how much longer
> greylisting will be effective though. I figure ratware will eventually have
> to figure it out, no?
Greylisting will continue
> Of course what is missing in the log entry above is the
> claimed HELO name. Given that I could try and resolve that to an IP and
> then
> compare that IP to relay IP, which would be a more reliable check.
I think you'll find that relay IPs<=>reverse ptrs<=>helo names hardly ever
match in real
Gary Funck wrote:
> But ... if the internal servers (including
> a dummy server on the relay box for access_db checks) supported
> VRFY, then MdF could check the addresses early on by first consulting
> the internal server(s).
man mimedefang-filter
grep for "md_check_against_smtp_server"
Regard
One of the difficulties we run into with MdF in general and greylisting
in particular is that recipient address verification (via the access
database) is delayed via delay_checks. So, basically we tempfail messages
with invalid recipient addresses that we should reject outright
at the HELO phase,
> ISPs in my experience don't even really care about setting reverse
> DNS up.
Isn't it good practice for mail exchanges to have a PTR record?
I can understand why ISP's don't go to the trouble to rDNS every
IP in the network, but it would seem to be a good idea to support
rDNS on their outwardly
> 4. I don't know what end goal you are trying to achieve but using reverse
> records for any type of sercurity or blocking has pretty high
> false positive
> rates. ISPs in my experience don't even really care about setting reverse
> DNS up.
KAM, thanks. I'm looking to munge my greylist log e
1. There is only one ptr record per IP.
2. Yes.
3. No. Validation is pretty much impossible. Most of the time, validation
consists of it is $ptr ne ''.
4. I don't know what end goal you are trying to achieve but using reverse
records for any type of sercurity or blocking has pretty high false
Kenneth Porter wrote:
A spam filter, like an anti virus, must be constantly updated to match
the spam that comes in. It's not something you install and forget about.
I'd recommend updating SA to 3.1.0 to get better results.
FWIW, I'm still happily using SA 2.64 on three systems for two reasons
If you've been keeping with my drama my
spamassassin/mimedefang box is having trouble
processing 40K+ messages a day. In the evening/early
morning we are fine *but* when our 10 meg pipeline
gets about 50% my box starts to choke. I've added a
local caching dns and that helped a little.
Can some
I need a program that will convert a HELO IP address into a
FQDN with some confidence. I've prototyped one, below.
Is it doing the right thing? Couple of questions:
1. Is it okay to use the first (and only the first) PTR record?
2. Is it okay to use the (default) recursive search?
3. Is it okay
Thanks Alan for you reply.
Let me shed some light on the configuration, i was getting desperate and was
mambling on how poor i am... :-)
I have sendmail 8.13.4 running on debian 3.1.
I install clamAV 0.87.1
and MimeDefang 2.54
I upgraded SA to 3.1 via: perl -MCPAN -e 'install MAIL::SPAMASSASIN'.
> -Original Message-
> From: Joseph Brennan
> Sent: Thursday, January 12, 2006 6:41 AM
>
> You could have Mimedefang do those lookups instead, early in the
> process. If you will reject for being in certain RBLs then you can
> dispose of those messages without running the SA stuff.
>
>
>
> If I have the time, I'll give my suggestions regarding the use
> of SPF and RDNS a shot, and report back on the results. My hunch
> is that they'll offer decent improvements, especially in handling
> first time senders. Better, perhaps I'll process the message logs
> and give some feedback
--On Wednesday, January 11, 2006 19:53 -0800 Gary Funck <[EMAIL PROTECTED]>
wrote:
As a follow-up to the discussion regarding the fact that sendmail
and spamassassin perform a lot of DNS lookups, one thing we do here
to speed up SA a bit is to tell it to limit the time it waits for
a respon
On Thu, 12 Jan 2006, [EMAIL PROTECTED] wrote:
HELP!!!
Actually, without a peek onto your filter and the info about what else
you've installed to sendmail and probably what procmail (or whatever)
filters, it's hard to make even a guess.
Bye,
--
Steffen Kaiser
__
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
[snip]
>
> I have upgraded to SA 3.1 but i get strange actions...
> I think that the SA is now checked before mimedefang filters and skips
> other
> filters...(but i'm not 100% sure about that? how can check?)
>
Did you inst
Quoting Kenneth Porter <[EMAIL PROTECTED]>:
On Wednesday, January 11, 2006 4:51 PM +0200 [EMAIL PROTECTED] wrote:
Sendmail 8.13.4 + mimedefang 2.54 + SA 3.0.3 + clamav
A spam filter, like an anti virus, must be constantly updated to
match the spam that comes in. It's not something you insta
I'm tired of getting Paypal notifications... And eBay, since I don't use
either.
Any pointers to filters for select message headers? Or is that
something that's
more typically done in SpamAssassin instead?
-Philip
___
NOTE: If there is a disclaime
36 matches
Mail list logo