On Mon, 01 Dec 2003 14:02:35 -0500
Matt Kettler [EMAIL PROTECTED] wrote:
At 04:59 AM 12/1/2003, Korchmenuk Nickolay wrote:
I want mark e-mails with empty body as spam.
Ho can I do this?
That would be pretty difficult to do in SA using a rule.
The big problem is that SA's body ruletype
New ciphers added, update time for anyone that uses 'em.
http://www.wot.no-ip.com/cgi-bin/detoken.pl
With the exception of a few missing letters, that's all I have left, no
more ciphers to crack. Anyone spotted any others?
--
Dave
---
This
On Sat, 15 Nov 2003 13:17:10 -0500
Fred I-IS.COM [EMAIL PROTECTED] wrote:
P.S. Your message contains this week's new tracking header, thanks
for posting it, this person has been rotating the tracking header
about once a week.
Hel-Tracking: bGV4aWNvbm5AbGV4aWNvbm4uY29t
That's base64,
On Sat, 2003-09-06 at 21:03, Theo Van Dinter wrote:
On Wed, Aug 27, 2003 at 01:29:52AM +0100, Yorkshire Dave wrote:
0=
0=Q
A quick roundup. Can anyone fill any gaps?
2queers cipher
--
in html comment
plain = abcdefghijklmnopqrstuvwxyz0123456789-_.@
coded = dO,9F_ [EMAIL
.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Spamassassin-talk mailing list
[EMAIL
to the uniqueness of the message-id.
RFC2822(3.6.4) recommends using the domain name, domain literal ip
address, or some domain identifier as a method of achieving uniqueness.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
or see it before?
A partial set of that one was submitted to me a couple of months ago.
it's a lot closer to complete now tho, just needs someone to sign up a
disposable address to get the last few letters and find out if the
numbers map to anything :)
--
Yorkshire Dave
--
Scanned by MailScanner
hashbusters, so a more efficient rule would need to be an eval
test to compare the text/plain to de-html'd text/html.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek
an easy way to get jailed.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
On Wed, 2003-08-27 at 03:03, Larry Gilson wrote:
Hi Dave,
-Original Message-
From: Yorkshire Dave
I'm not sure that having an @foo or @foo.localdomain
message-id actually breaks any standards, although it may bend them
slightly.
RFC822/2822 seem to refer mainly
that is to run a copy of it locally or for
small groups of users to share it between them, can anyone help?
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http
@foo.localdomain or something similar?
Please let me know if anyone disagrees with this line of reasoning.
Me! :)
Thanks again Carlo!
--Larry
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.net email is sponsored
of regexs in a filter to toss them elsewhere
which amounts to double-filtering.
I parse the X-Spam-Status line in procmail, there's no need for a virus
bounce to have a special X header all of its own.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
On Fri, 2003-08-22 at 19:47, AltGrendel wrote:
Sorry folk, this is a continuing saga. I can't email Yorkshire Dave
directly.
YD:
This is the latest trace that I have when attpempting to get to your
site.
You're getting all the way except the last hop, me.
Heading back
of ham which looks like that, windows machines
helo'ing with their netbios name. Might be safe if you don't relay for
windows clients.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.net email is sponsored by Dice.com
instructed me to /dev/null anything marked as spam, and all
attempts to explain why that was bad had failed, i think a deliberate
typo would see it all piling up in a mailbox called .dev.null ready for
when they realise they made a mistake :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no
spammers switch technique to avoid a rule doesn't mean that
rule isn't good anymore, think of it as something else we've stopped
them doing, or at very least we've used up some of their time and
reduced their profit.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
commercial too.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.net email is sponsored by Dice.com.
Did you know that Dice has over 25,000 tech jobs available today? From
careers in IT to Engineering to Tech Sales, Dice has
On Wed, 2003-08-20 at 18:51, Kai MacTane wrote:
At 8/20/03 09:46 AM , Yorkshire Dave wrote:
If someone instructed me to /dev/null anything marked as spam, and all
attempts to explain why that was bad had failed, i think a deliberate
typo would see it all piling up in a mailbox called
it to /dev/null rather than spraying it all over the internet.
Cheers,
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals
of fp combos in another day or so.
I should really have used faster hardware, it's taking forever.
--snipped excellent code--
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Free pre-built
balance, some of my client accounts are way off
balance, auto-learning 500+ spam and only 10-12 ham a day every day for
2 months or more. I'm just waiting to see what happens when it breaks.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
On Tue, 2003-08-19 at 17:03, Chris Barnes wrote:
Yorkshire Dave [EMAIL PROTECTED] wrote:
I'd figure it's better to use your recent ham, the same as with spam,
that way your bayes database contains tokens from what's happening now
as opposed to what happened years ago.
I understand
almost tempted to install
exim right now :))
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.net email is sponsored by Dice.com.
Did you know that Dice has over 25,000 tech jobs available today? From
careers
( [EMAIL PROTECTED] )
---
There's no healthy way to mess with the line between wrong and right.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
:0fw
| /usr/bin/spamc
off the top of my head and untested, something like this.
SUBJECT=`formail -c -xSubject: | sed -e 's/\*\*\*\*\*SPAM\*\*\*\*\*//g'`
:0fhw
| formail -ISubject: ${SUBJECT}
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
obvious permutations such as banned--C.D
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now
On Mon, 2003-08-18 at 20:03, Kai MacTane wrote:
At 8/18/03 09:35 AM , Yorkshire Dave wrote:
I've had people sending me listwashing tokens for
months, and to date I've only seen 2 which I couldn't get anywhere with.
I suspect blowfish or similar is beyond the ability of some of them
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual
, but I think it's about ready for a public
test. Pos/Neg feedback and new ciphers or token types are always
welcomed :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Free pre-built ASP.NET
are.
End result, listees either end up in a verbal punch-up or get chased
away, with only the most persistent and flame-resistant listees getting
helped.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email
of them that got there by spam. My feelings for them cannot be
expressed without spilling blood. I'm going to shut up now before I
start sounding like a raging nanae-ite :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
On Fri, 2003-08-15 at 15:16, John Rudd wrote:
On Friday, Aug 15, 2003, at 00:44 US/Pacific, Yorkshire Dave wrote:
I totally disagree with the innocent victim bit. Sure they're innocent
until they find out, but as soon as they become aware they're on a
spamhaven ISP their next payment makes
On Fri, 2003-08-15 at 18:19, Justin Mason wrote:
Yorkshire Dave writes:
My original intention was to write an eval to run through the range of
caesar ciphers and import a list of substitution cipher codes, but it's
too slow (probably because I write very poor perl), so here's the next
On Fri, 2003-08-15 at 20:03, Justin Mason wrote:
Henry Stern writes:
Yorkshire Dave writes:
My original intention was to write an eval to run through the range of
caesar ciphers and import a list of substitution cipher codes, but it's
too slow (probably because I write very poor
It's my understanding that if a score is set to 0 the associated test is
not run, so setting the scores to 0 achieves exactly what you want.
and yes, it would be clearer if 'off' was an alias for 0 :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
to me to be a convenient way of
plugging an external test into SA, you can even remove the header again
immediately after sa to keep it all neat and tidy.
just don't forget to add a bayes_ignore_header line for it :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
;)
Safest easiest easy way to match headers from only your own SA without
being vulnerable to forged or pre-existing SA headers would be to match
the SA version info, after adding your own site-specific version_tag in
local.cf.
version_tag something
--
Yorkshire Dave
--
Scanned by MailScanner
dorkslayers, jeez I hope this isn't a trend.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now
utility to import a list and turn it into a file
full of SA rules scores if that's any help.
http://www.wot.no-ip.com/Projects/Blocklist/reg2rule.pl
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email
for rejecting mail. personally I think it's silly of
them but it's their right to block whatever they want to block.
I couldn't tell you how to go about that on an MS2000 box as I don't do
MS stuff, but I'm sure there's a readme somewhere.
--
Matt Jones
--
Yorkshire Dave
--
Scanned by MailScanner
SA, at least one of them has checked out the
non-standard rules on Chris Santierre's page as well.
Hey spammer, I know you're reading this, the header was first, the
listwashing token is next, give it up, you can't win.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
identify and label
spam, and SPEWS is to pressurise spamhost ISPs to make it harder for
spammers to operate.
They both do a good job of what they do, and I wouldn't want to be
looking down the wrong end of either of them :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
to say trust me only to have to say sorry we can't keep up in a few
months time, and I'd hate to say it and have it blow up in my face with
glaring false positives
Lots more thinking needed, I reckon :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
thing, including the line you're matching from the original spam will
help you improve the rule if the spammer morphs.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Free pre-built
form field for users
to comment why they're disabling or re-scoring a rule, and the ability
for admin to display all users notes for any given rule. More feedback
is always better.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
the score low, lots
of people forget the subject sometimes, including me :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce
this technique to add a rule which catches my own usenet+date@
email addresses and adds points for older addresses. I also have the
same technique running on a customer's server with an early version of
my listwashing token identification code.
-Chris
--
Yorkshire Dave
--
Scanned by MailScanner
On Mon, 2003-07-28 at 08:52, Daniel Carrera wrote:
What's UBE? I'm sure that the U stands for Un and the E for Email. What's
the B for?
Bulk or Boilerplate
the other two definitions you'll often see are UCE where the C means
Commercial, and UAE where the A means Automated.
--
Scanned by
On Mon, 2003-07-28 at 16:36, AltGrendel wrote:
On Fri, 2003-07-25 at 14:36, Yorkshire Dave wrote:
On Fri, 2003-07-25 at 16:51, AltGrendel wrote:
On Thu, 2003-07-24 at 21:16, Yorkshire Dave wrote:
It's been unreachable from here since you announced it.
I know its up because
.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
--
Yorkshire Dave
--
Scanned by MailScanner
On Fri, 2003-07-25 at 16:51, AltGrendel wrote:
On Thu, 2003-07-24 at 21:16, Yorkshire Dave wrote:
It's been unreachable from here since you announced it.
I know its up because I can get at it from elsewhere, but from here it
stops 3 hops short. your upstream got me blocked
;at.aspnet_072303_01/01
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
the new rules wiki at www.exit0.us.
It's been unreachable from here since you announced it.
I know its up because I can get at it from elsewhere, but from here it
stops 3 hops short. your upstream got me blocked or something?
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
to filter for that.
version_tag 2468xyz.
:0fw
* 256000
* ! ^X-Spam-Status: .*2468xyz
| spamc
better safe than sorry :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.net email is sponsored by: VM Ware
With VMware you
running all the spam through sa twice. A few bits
added to a procmail recipe and a formail -I are a lot more cpu friendly
than even the most streamlined spamassassin configuration.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
through the
second instance of sendmail. How much of that do you get?
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing more.
Download eval
get added at all :(
Regards,
Simon
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing more.
Download eval WebKing and get a free book
of headers #
#
blah
blah
HX-Envelope-From: $g
HX-Envelope-To: $u
if i recall correctly :)
Thanks,
Dan O'Brien
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email sponsored
out the quantities learned.
This isn't a perfect solution because it means bayes never gets to learn
my spammiest looking ham, so bayes isn't as efficient as it might be,
but it seems to work pretty good and shows no signs of degrading so far.
--
Yorkshire Dave
--
Scanned by MailScanner
of the easiest ways to set up space for
collaborative contributions.
-Abigail
Thats just what I was looking at doing after last time I dropped
rule-sharing hints on this list :)
I have a few rules to start the whole thing rolling
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no
of the easiest ways to set up space for
collaborative contributions.
-Abigail
Thats just what I was looking at doing after last time I dropped
rule-sharing hints on this list :)
Count me in, I have a few rules to start the whole thing rolling
--
Yorkshire Dave
--
Scanned by MailScanner
of broken
antivirus progs spraying bogus report messages everywhere.
--
Yorkshire Dave
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them
address, otherwise we get a spew like
this with every new address-forging virus release.
--
Yorkshire Dave
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now
names and descriptions are a little informal
in places. I've seen some effort go into tidying up some rule names for
2.60, it would be nice to see them all with management-safe
descriptions as well.
--
Yorkshire Dave
---
This SF.Net email
on,
or maybe just for bayes to modify its behaviour against messages with
large differences in mime parts.
--
Yorkshire Dave
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner.
Refer
.
--
Yorkshire Dave
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http
of ranting as any :)
--
Yorkshire Dave
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated
blocking them outright.
--
Yorkshire Dave
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU
it in public. :))
--
Yorkshire Dave
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed
or program takes a second or two at most. In
the very worst case you may delay a piece of mail by an hour or two.
--
Yorkshire Dave
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner
On Thu, 2003-06-19 at 19:25, Ralph Seichter wrote:
Yorkshire Dave [EMAIL PROTECTED] wrote:
I strongly suggest sticking with the MTA you know, for improved
reliability and safety, at least until you're familiar with the
other pieces in the puzzle.
I admit you got a point here. However
On Thu, 2003-06-19 at 20:41, Jonathan Vanasco wrote:
having any html comments at all pretty much signifies spam
or normal email between a couple of web designers.
--
Yorkshire Dave
---
This SF.Net email is sponsored by: INetU
Attention
-tag type stupidity, even the image and web-bug urls had
comment tags in, wouldn't render in anything I could find, I'll bet that
spamware doesnt stay around long enough to be worth writing a filter :)
--
Yorkshire Dave
---
This SF.Net email
On Fri, 2003-06-20 at 02:53, Justin Mason wrote:
Yorkshire Dave said:
Essentially on the same subject, I just received one spam with an html
comment inserted every 5 characters, which resulted in an unrenderable
page of TA!-- gfrel --BLE B!-- nrwtc --ORDER!-- irlls --=0
tag-inside-tag
links to a free beer to friends on various webmail
services and see if any of them get it intact :))
--
Yorkshire Dave
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner.
Refer
and doesn't break anything :)
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage
spamassassin, razor, dcc, dnsbl's etc, and we appreciate
that work, so let's show our appreciation by working just as hard
spreading the word.
--
Yorkshire Dave, on a mission to save the world :)
--
Scanned by MailScanner at wot.no-ip.com
:)
--
Yorkshire Dave
If I'm ranting, sorry, it's the medication
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email is sponsored by: INetU
Attention Web Developers Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers
good.
Educating and empowering ordinary users is even better, because two can
bite better than one, and if you educate a user well they will educate
others.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.Net email
it for long?
Regards: Jim Ford
Don't just throw it away, dump it in news.admin.net-abuse.sightings, It
might be useful to someone.
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.NET email is sponsored by: eBay
://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
On Thu, 2003-06-12 at 15:50, Mike Scheidler wrote:
There was some discussion last week about custom site-wide rules that are
based on knowledge of the local mail domain. Here are two custom rules I
have been using recently that have been very successful. The first rule is
based on the
On Thu, 2003-06-12 at 17:08, Mike Scheidler wrote:
Yorkshire == Yorkshire Dave [EMAIL PROTECTED] writes:
Yorkshire
# Long-gone user listed in the To: or Cc: line
headerANCIENT_RCPT ToCc =~ /(joeuser1|joeuser2|joeuser3)/i
describe ANCIENT_RCPT LOCAL: Long-departed user ID
will look for them.
--
Yorkshire Dave
Stuart Gall
Systems Administrator
-
Critical Error: REALITY.SYS Corrupted! Reboot universe? (y/n) [y
.
shouldn't that be failed or reported ? times or just not there at all?
--
Yorkshire Dave
--
Scanned by MailScanner at wot.no-ip.com
---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http
On Mon, 2003-06-02 at 00:32, Justin Shore wrote:
I noticed a problem just now that I really hadn't though about before. I
recently added a number of DNSBLs to my sa-mimedefang.cf that weren't in
the stock SA (2.6.0-cvs).
proxy.relays.osirusoft.com
socks.relays.osirusoft.com
all of
On Mon, 2003-06-02 at 03:38, AltGrendel wrote:
Did anyone else get a s2.txt attachment with this? If so does anyone
have an idea as to what it is?
It appears to be a damaged copy of the list .sig and ebay's sponsor
message, the same as the one below with everything except A-Za-z0-9/
On Mon, 2003-06-02 at 03:25, Justin Shore wrote:
Howdy, Dave. Thanks for the reply.
On 2 Jun 2003, Yorkshire Dave wrote:
Call them all and use a meta || rule for the score, or call and score
them all then use a meta rule to subtract some score back off, that's
what I'm doing here
89 matches
Mail list logo
