Hi,
Excuse my ignorance (I'm new to this...), but what is the difference between
filter_helo and filter_relay?
My assumption is that helo is used when a client directly logs in through
SMTP to send an email (generally a local user, so most likely going to be
OUTBOUND or INTERNAL emails) whereas r
Hi,
I want to put disclaimer on all outgoing messages.
My relay serve mail from the internet to 10 domains and this same relay addresse
the internet for those domain.
When this relay receive a mail from on of those domains to the internet i must
add the good disclaimer to the mail and do the sa
On Thu, 2006-04-20 at 15:30, David F. Skoll wrote:
> > Last, I don't worry about them hitting my machines with 10's or 100's of
> > connections per zombie (parallelizing their attempts within a given
> > zombie). For non-trusted mail relays, I limit the number of connections
> > to 2.
>
> Right,
On Apr 20, 2006, at 16:34, nathan r. hruby wrote:
- ratware infected boxen on campus use campus relays which relay by IP.
They spew, we queue. Badness for everyone.
We no longer have our student-residential IP block in our relay domain
for this reason. They were, by far, our biggest sour
David F. Skoll wrote:
I'm not saying greet_pause or greylisting are useless... you might as well
keep using them to get the low-hanging fruit. But I predict they will
become less useful in future.
Greylisting and greet_pause share one characteristic: They apply
selection pressure to encourage
Sorry for the delayed reply...
On Tue, 18 Apr 2006, David F. Skoll wrote:
Hi,
I think greylisting is nearing the end of its useful life. I'm
noticing a new kind of ratware that retries every 5 minutes
like clockwork, mutating message bodies. Our CanIt software tempfails
mail until it's appro
John Rudd wrote:
> Except that the more they flex their zombies, the more attention it
> draws to the zombie's real owner that something is wrong with their
> computer and needs to be fixed.
Uh.
The zombie's real owner is most likely an unsophisticated Windows user
who wouldn't have a clue t
On Apr 20, 2006, at 9:49, David F. Skoll wrote:
The ones who use "legitimate" mail relays will get past greylisting
and greet_pause. The more sophisticated ones *DO* have essentially
unlimited resources. So, some recipients throttle one of my zombie
computers
to sending an e-mail every 5 sec
On 20 Apr 2006 at 8:26, Cormack, Ken wrote:
> > What version of SpamAssassin are you running? If it's 3.1.1, you
> > might try running sa-update. I was pleasantly surprised to see a
> > bunch of new rules in 80_additional.cf (most of them seem to start
> > with "TVD_") which detect these mess
John Rudd wrote:
> The reason for that is exactly the opposite of you earlier assertion:
> spammers do _NOT_ have unlimited resources.
There are two classes of spammers: Unsophisticated ones who send their
419 scams via Yahoo and Hotmail, and sophisticated ones who use zombie
networks.
The ones
On Apr 20, 2006, at 7:58 AM, David F. Skoll wrote:
Kenneth Porter wrote:
I'm beginning to favor the idea of challenge/response systems, but
only
for "rich" content (ie. anything not pure text/plain).
Intriguing... I normally hate C/R systems, but that might be a good
idea.
Anything to ma
Kenneth Porter wrote:
> I'm beginning to favor the idea of challenge/response systems, but only
> for "rich" content (ie. anything not pure text/plain).
Intriguing... I normally hate C/R systems, but that might be a good idea.
Anything to make it more of a hassle to send non-plain-text e-mail is
Hi,
I should have been clearer. I don't even believe they aren't even modifying
the image. Indications are that they are simply truncating or adding random
bits to the file because even a slightly corrupted image is still displayed.
We already do 'Image checksumming' here with a modified pyz
On Thursday, April 20, 2006 2:06 PM +0100 Paul Murphy <[EMAIL PROTECTED]>
wrote:
Imagine an animated GIF file where the first frame says "Click here for",
the second shows a V, the third an I, the fourth an A, then G, R and A -
the brain can join the dots, but can any software?
In other words
On Thu, 20 Apr 2006, Cormack, Ken wrote:
> Yes, I'm running 3.1.1. Yours is an excellent idea, Nels. (I didn't know
> about the sa-update command).
It was the first I had heard about it also. Gotta give this a try!
Jim McCullars
University of Alabama in Huntsville
_
I should have been clearer. I don't even believe they aren't even modifying
the image. Indications are that they are simply truncating or adding random
bits to the file because even a slightly corrupted image is still displayed.
> I expect some ratware is already doing that. You don't need a who
[EMAIL PROTECTED] wrote:
> The same can be said for any spam blockling technique: It's effective
> until they work around it.
Except that ratware producers are now seasoned by 4+ years of battle
with anti-spam technology, so they are more likely to think of these
things and implement workaround
Hi all,
I am attempting to get bayes working under mimedefang, and I am having a
bit of a hard time figuring out exactly *how* mimedefang calls
spamassassin. Some background:
I have spamassassin setup. I have everything usable to the defang
user. When I `su - defang`, I can run `spamassas
- Original Message -
From: "David F. Skoll" <[EMAIL PROTECTED]>
To:
Sent: Thursday, April 20, 2006 8:02 AM
Subject: Re: [Mimedefang] Image blocking idea
[EMAIL PROTECTED] wrote:
Here's an idea for blocking image spam: What about taking the idea of
SURBL and DNSRBls and extending it
DFS wrote on 04/20/2006 09:02:24 AM:
> This is a good idea until spammers start mutating their images.
The same can be said for any spam blockling technique: It's effective
until they work around it. Grey listing worked until they started
honoring 450 responses. Bayes worked until the starte
David is right. I've already seen similar obfuscation where they are taking
advantage of adding (or removing) small amounts of data to the image file.
The end result is the user sees the image fine but the sha1/md5/check sums
are different because places were already doing that.
However, here's a
> Here's an idea for blocking image spam: What about taking the idea of
> SURBL and DNSRBls and extending it to images. My proposal is to hash the
> image and do a DNS query using the hash value and domain hosting the image
> RBL.
You'd need to do some more complex processing, as the image ca
[EMAIL PROTECTED] wrote:
> Here's an idea for blocking image spam: What about taking the idea of
> SURBL and DNSRBls and extending it to images. My proposal is to hash the
> image and do a DNS query using the hash value and domain hosting the image
> RBL.
This is a good idea until spammers s
Here's an idea for blocking image spam: What about taking the idea of
SURBL and DNSRBls and extending it to images. My proposal is to hash the
image and do a DNS query using the hash value and domain hosting the image
RBL.
This eliminates the need to OCR the graphic, and if they obscure the t
--On Thursday, April 20, 2006 0:00 +0200 Jan Pieter Cornet
<[EMAIL PROTECTED]> wrote:
On Wed, Apr 19, 2006 at 03:34:19PM -0600, Philip Prindeville wrote:
But since I'm submitting on port 465 with authentication, and
not on port 25... it doesn't make sense to make certain blanket
tests that
> What version of SpamAssassin are you running? If it's 3.1.1, you
> might try running sa-update. I was pleasantly surprised to see a
> bunch of new rules in 80_additional.cf (most of them seem to start
> with "TVD_") which detect these messages quite handily, kicking the
> score above our re
26 matches
Mail list logo