OK, I know SA is not an anti virus tool, and frankly I don't care about
viruses anyway, but I am getting a lot of exe file attachements the last
day or two
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1])
by mail.syth.serveftp.ne
On Friday 03 May 2002 10:48 am, Viraj Alankar wrote:
> Some questions I have is if anyone in a similar situation that I'm in? And
> if so, would you think such a system like the above would be useful? I'd
> appreciate any suggestions.
First check the mail against a private DCC server which SA au
On Sat, 4 May 2002, LuKreme wrote:
> OK, I know SA is not an anti virus tool, and frankly I don't care
> about viruses anyway, but I am getting a lot of exe file attachements
> the last day or two
[...]
> I was surprised there wasn't a .exe rule or a application/octet-stream
> rule.
Those two s
Hi
I have followed all the various documents I can find on setting up the PHP
interface for spamassassin, but I am still unable to past the user login.
Can someone point me in the right direction or offer some suggestions as to
why the authentication is failing.
Regards
Andrew
___
Hi,
> Take a look at the new vpopmail integration in SA 2.20 first before
> resorting to SQL. See the README.spamd-vpopmail in the spamd dir of the
> 2.20 distribution for details. It gives support for virtual
> vpopmail users.
> I wrote the patch and use it daily and works great.
great, thank
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Saturday 04 May 2002 03:26 am, Daniel Pittman wrote:
> On Sat, 4 May 2002, LuKreme wrote:
> > OK, I know SA is not an anti virus tool, and frankly I
> > don't care about viruses anyway, but I am getting a lot of
> > exe file attachements the last d
In most cases these EXEs are caught by virus scanners under the "Trojan"
category.
Daz
> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:spamassassin-
> [EMAIL PROTECTED]] On Behalf Of Richie Laager
> Sent: 04 May 2002 14:00
> To: Daniel Pittman
> Cc: [EMAIL PROTECTED]
> Subject: Re
This may be a big task, but has anyone thought about incorporating
SpamAssassin into qmail-smtpd. Doing this will allow the admin to have the
ability to reject spam, and return an ERROR to the initial relay/mailer.
Doing this should help in getting usernames removed from spam email lists,
or havi
> > If you want to filter these, try something that's designed
> > for the purpose.
>
> Correction: "If you want to filter [viruses], try something
> that's designed for the purpose."
>
> I feel that a rule to catch .exe attachments would be great.
> However, if this gets taken as far as blockin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 4 May 2002, LuKreme yowled:
> OK, I know SA is not an anti virus tool, and frankly I don't care
> about viruses anyway, but I am getting a lot of exe file attachements
> the last day or two
>
> Return-Path: <[EMAIL PROTECTED]> Delivered-To:
From: "Craig R Hughes" <[EMAIL PROTECTED]>
> Derek Broughton wrote:
>
> DB> From: "CertaintyTech - Ed Henderson" <[EMAIL PROTECTED]>
> DB> > they used to improve rules or just added the spam corpus?
> DB>
> DB> Aren't the two things synonymous? ;-) I'm sure that that is, at
least, the
> DB> inte
On Saturday, May 4, 2002, at 02:26 AM, Daniel Pittman wrote:
> On Sat, 4 May 2002, LuKreme wrote:
>> OK, I know SA is not an anti virus tool, and frankly I don't care
>> about viruses anyway, but I am getting a lot of exe file attachements
>> the last day or two
>
> [...]
>
>> I was surprised th
On Sat, 4 May 2002, Nathan Neulinger wrote:
> I personally couldn't care less about doing generalized virus scanning.
>
> I am however concerned about the constant load on my mail server dealing
> with the worm traffic from these klez/melissa/hybrid/etc. infections.
>
> I would not be intereste
On Sat, 4 May 2002, LuKreme wrote:
> Still, it seems that Spamassassin is already running a lot of checks and
> having a application/octet-stream or a check for attachment types would
> be trivial to add.
I get application/octet-stream attachments all the time that are comletely
innocent. Often
On Sat, May 04, 2002 at 09:17:14AM -0700, Bart Schaefer wrote:
| On Sat, 4 May 2002, LuKreme wrote:
|
| > Still, it seems that Spamassassin is already running a lot of checks and
| > having a application/octet-stream or a check for attachment types would
| > be trivial to add.
|
| I get applicat
On Sat, May 04, 2002 at 09:25:09AM -0500, Nathan Neulinger wrote:
| > > If you want to filter these, try something that's designed
| > > for the purpose.
| >
| > Correction: "If you want to filter [viruses], try something
| > that's designed for the purpose."
| >
| > I feel that a rule to catch
I started using subject_tag _HITS_ and find it's fun to see just what
creates a 56 point score :-) I'm sure thats no where near the highest..
How about a page for the highest scoring spam as a way to educate the
public and promote Spamassassin?
--
John Lang,
E-mail: [EMAIL PROTECTED]
Bri
FYI, I've been quite happy with creating two folders Spam (for scores of
8 or higher) and Possible Spam (for scores higher than 5 but lower than
8). This is easily accomplished after SA 2.20 has been run on the mail
by adding the following two rules at the top of Outlook Rules Wizard:
Apply this
There's a lot of nonspam which uses IMG too, thing like Amazon order
confirmations, fancier newsletters, etc, etc. Still, might be the case that
it's a useful rule with a low score.
C
___
Have big pipes? SourceForge.net is looking fo
> There's a lot of nonspam which uses IMG too, thing like Amazon order
> confirmations, fancier newsletters, etc, etc. Still, might be the case
> that it's a useful rule with a low score.
But is it more useful than the HTML check?
Is there a reason to have both?
--
You are responsible for y
> I added my own rule to check the message body (no mime-parsing)
> instead of the Content-Type: header since klez usually comes as an
> attachment :
That looks pretty nice. Can procmail do that as well? (Never used
procmail except to trigger SA).
If so, that would solve the problem for me as
SpamAssassin does not do virus checking for one simple reason:
it would be horrendously innefficient at it. Virus checking vs Spam checking is
analogous to the different between cmp and diff. One is looking at the
bit-level (more or less), while the other is looking for much higher-order
patter
On Sat, 4 May 2002, LuKreme wrote:
>
>
> > I added my own rule to check the message body (no mime-parsing)
> > instead of the Content-Type: header since klez usually comes as an
> > attachment :
>
> That looks pretty nice. Can procmail do that as well?
Of course. See for example
ht
--On Saturday, May 4, 2002 1:00 AM -0600 Syth <[EMAIL PROTECTED]> is rumoured to
have written:
> OK, related question: What's the best way to allow emails from this list
> to get through to me without completely whitelisting the list? Is there
> a way I can define a user_pref that says "If Fro
freebsd 4.5-stable
exim 4.03
procmail 3.15
spamassassin 2.1q
i admin many majordomo lists. i get garbage such as
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from
[¹é¸¸ÀåÀÚŬ·´ <[EMAIL PROTECTED]>]
Date: Fri, 03 Ma
I'm a Mac user, so I presume a virus-checker wouldn't find the Windows viruses.
I'm getting enough Klezes that just the sheer volume is a nuisance.
There are a lot of virii that use the same basic vector: using
to launch the attachment as soon as the message is viewed.
Thus, looking fo
I get a few of these and almost without exception they don't hit any
existing rule. So, how about:
body WANT_TO_DRIVE /(want|need|desire|like).{,20}(drivers?[ \t]+)?licen[sc]e/i
describe WANT_TO_DRIVE Asks if you want a drivers license.
full INTERNATIONAL_LICENSE /international.{1,15}(driv
On Sat, 04 May 2002, Kaitlin Duck Sherwood wrote:
> Craig said:
>> > There's a lot of nonspam which uses I-M-G too, thing like Amazon
>> > order confirmations, fancier newsletters, etc, etc.
>
> Though those are easy to whitelist. Is the philosophy here to assume
> that the user isn't whiteli
Jeremy,
>STARTTLS tunneled mail does not take kindly to being transparently
>redirected, especially if client certificates are being used. Not
>sure what percentage of your customers would be using TLS mail, but a
>false positive redirect would break things.
I'd beleive not many spammer use TL
Beside the intrest for selected languages, I see another general
interest in that piece of code, is to apply rules depending on the
language.
Why trying to find "click below" if the message is detected to be in
French.
That could lead to buid rules with language variants, one single
CLICKBELOW r
> > install SA and silently drop spam traffic.
> Oooo! that is clever. I like it I like it.
Remember it is droping the mail at source, not at destination.
Any why taking any precaution with identified spammers, that have been
going against the rules for years. If they are not happy they can
s
Olivier Nicole <[EMAIL PROTECTED]> writes:
> As I said, redirect only identified, and complained about, spammers.
Good luck on avoiding false positives. Any reason you think you can
completely avoid them when _every_ previous attempt has failed?
--
Alan Shutko <[EMAIL PROTECTED]> - In a vari
>Good luck on avoiding false positives. Any reason you think you can
>completely avoid them when _every_ previous attempt has failed?
Once again, I am not the ISP, but I would have no remorse at all to
miss handle false positive for a known spammer (the kind of guy you
receive 50 complains a wee
> I would not be interested in putting in rules for catching every pissant
> windows virus out there, however, if there were a provided set of rules
> (i.e. in a contrib section or similar) that would catch the
> headline-making-windows-worms stuff, that would be a great improvement.
> (I underst
34 matches
Mail list logo
