Hello Martin,
Wednesday, May 11, 2005, 2:48:27 PM, you wrote:
MGD> Now for my serious questions ...
MGD> (1) Is there a simple rule to detect the incomprehensible ...
MGD> hint: for the most part, those letters have code values that are greater
MGD> than 128.
MGD> In the same line of thinking,
RM> Monday, May 9, 2005, 11:30:36 AM, Devon wrote:
DH>> Many thanks to Bob on the recent SARE rules release. This
DH>> caught those HTML Table SPAMS!!!
RM> But I notice there was no description on those report lines. I'll
RM> have that fixed by the weekend.
With the help of several SARE mass-che
Jeff Chan wrote:
> George Breahna wrote:
> > Not sure why this is happening but I just received an e-mail that
> > I use ONLY with go daddy. The e-mail is: [EMAIL PROTECTED]
> >
> > In it I have receivedSPAM!
>
> > Is Go Daddy selling our e-mails to the lowest of the lowest ?
>
> Does your ad
Need a gui interface for a linux enviroment , need to be able to lets
custoemrs see that thier spam is getting blocked and how much is being
blocked and allow them to modify thier own settings as they need.
On Wed, 2005-05-11 at 19:09 -0700, Robert Menschel wrote:
> Hello Philip,
>
> Wednesday,
Thanks Matt, a new multitrade domain, pics-4-showMUNGED.com. Even
with private registration, it is using a set of their private name servers.
Paul Shupak
[EMAIL PROTECTED]
On Wednesday, May 11, 2005, 2:52:45 PM, George Breahna wrote:
> Not sure why this is happening but I just received an e-mail that I use ONLY
> with go daddy. The e-mail is: [EMAIL PROTECTED]
> In it I have receivedSPAM!
> Is Go Daddy selling our e-mails to the lowest of the lowest ?
Does yo
Just to keep up with listing the spam gangs; coolestrxever. com
belongs to the taiwantelco/taiwanmedial group. (and is one of their fake
Beverly Hills 90210/90211 addresses). BTW. The latest registrations have
moved back to Turkey (where they started), but use a Pakistani cellular
phone a
Hello Philip,
Wednesday, May 11, 2005, 4:10:19 PM, you wrote:
PW> Please can somone indicate if they about any gui frontends for
PW> spamassassin except websuers prefs.
PW> I require a front end to handle rules , header , subject and
PW> content filtering , configuration and reporting on spam
Hello Frederic,
Wednesday, May 11, 2005, 7:01:42 AM, you wrote:
FG> For the last weeks I have received a lot of spam concerning
FG> stock alerts and different investissments.
FG> Their bayes score is 99, but they don't score enough to be
FG> classified as spam. ...
Correction:
FG> X-spam-status:
--On Wednesday, May 11, 2005 6:01 PM -0700 Justin Mason <[EMAIL PROTECTED]>
wrote:
I think you want to run something like "spamassassin --mbox --test <
in.mbox > out.mbox".
Ok, I'll give that a try. I think I'll need to dig up mailutil so I can
lock the input and output files during processing.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
wolfgang writes:
> In an older episode (Wednesday 11 May 2005 21:12), Kenneth Porter wrote:
> > Is there a way to process an mbox folder to add the full report
> > unconditionally to all the messages in it?
> > so I don't want to globally
> > reques
In an older episode (Wednesday 11 May 2005 21:12), Kenneth Porter wrote:
> Is there a way to process an mbox folder to add the full report
> unconditionally to all the messages in it?
> so I don't want to globally
> request a full report on every message.
> So I'd like to add another command to
George Breahna wrote:
Not sure why this is happening but I just received an e-mail that I use ONLY
with go daddy. The e-mail is: [EMAIL PROTECTED]
In it I have receivedSPAM!
Is Go Daddy selling our e-mails to the lowest of the lowest ?
Guys..beware!
Here's what I got:
OEM
What is it? OEM stands
A long time ago, I noticed spammers were including rot-13 encodings of
email addresses in message bodies.
Things like this:
zxrggyre^riv-vap(pbz
Which decodes to:
mkettler^evi-inc(com
Why exactly ^ replaces @ and ( replaces . was never really clear, but
this provided a really nice spam sign, and
How many users do you plan on using this for? Do you use a webmail
client? I could always write something in about a week. Open source
of course using php.
Could be with a database back end, could be just using the user_prefs file,
could have the option for both.
Thanks,
Antonio DeLaCruz
Quot
--On Wednesday, May 11, 2005 3:22 PM -0700 Mike Jackson
<[EMAIL PROTECTED]> wrote:
FWIW, I checked two servers I admin (one with two domains and roughly
8000 messages over the last seven days, one with about 30 domains and
roughly 34000 messages over the last seven days), and I didn't see any
mes
4) dictionary attack
FWIW, I checked two servers I admin (one with two domains and roughly 8000
messages over the last seven days, one with about 30 domains and roughly
34000 messages over the last seven days), and I didn't see any messages in
my maillogs addressed to [EMAIL PROTECTED] That's an
George Breahna wrote:
>Aside from the Dictionary Attack idea, I don't know what to think.
>
>
>
As best I can think, these are all the possibilities:
1) godaddy is selling address lists
2) godaddy got hacked and had it's address list stolen (this is popular
sport nowadays)
3) your machine bec
George Breahna wrote:
> Not sure why this is happening but I just received an e-mail that I
> use ONLY with go daddy. The e-mail is: [EMAIL PROTECTED]
I receive occasional spam to my e-mail used only for whois with Network
Solutions, i wouldn't accuse them of selling my addy but I would think it's
Aside from the Dictionary Attack idea, I don't know what to think.
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 65404 invoked by uid 89); 11 May 2005 19:45:01 -
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 65401 invoked by uid 1010); 11 May 2005 19:45:
No it does not.
The Contact E-mails listed under the whois are from an old account of mine.
This e-mail was only used at godaddy so they can send me my login/password.
-Original Message-
From: Tuc at Beach House [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 12, 2005 12:57 AM
To: Georg
George Breahna wrote:
>Not sure why this is happening but I just received an e-mail that I use ONLY
>with go daddy. The e-mail is: [EMAIL PROTECTED]
>
>In it I have receivedSPAM!
>
>
That's hardly a unique email address. Are you sure it wasn't a
dictionary attack result?
Post the headers.
How do you know it isn't spoofed?
- Original Message -
From: "George Breahna" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, May 11, 2005 3:52 PM
Subject: Godaddy selling e-mails ?
|
| Not sure why this is happening but I just received an e-mail that I use
ONLY
| wit
Not sure why this is happening but I just received an e-mail that I use ONLY
with go daddy. The e-mail is: [EMAIL PROTECTED]
In it I have receivedSPAM!
Is Go Daddy selling our e-mails to the lowest of the lowest ?
Guys..beware!
Here's what I got:
OEM
What is it? OEM stands for "Original
Evan Platt wrote:
At 11:03 AM 5/11/2005, you wrote:
Or maybe they're just early for next year?
A few years ago, right before X-Mas (ok, 2 weeks), the company I then
worked at got a fax spam telling us about their great grandfather
clocks. "Order NOW for Christmas Delivery!"
3 weeks later (AFTER
Greetings,
A small non-scientific sample of some SPAM subjects ...
(and an actual serious question later in this message).
[incomprehensible SPAM]
Subject: ¡Ú±¹³»1À§ Á÷ÀåÀδ롤Ãâ ½ºÆä¼È·Ð 5000¸¸¿ø¿ø±îÁö ³â5~12% 100%½ÂÀÎ!
Subject: ¡á¡áÇö±ÝÀÌ¿À°¡´Â Ä«Áö³ë °í½ºÅé.Æ÷Ä¿¡á¡á[À̹ÌÁöº¸±âŬ¸¯] cvkuhfq
Subje
Eric A. Hall wrote:
On 5/11/2005 2:51 PM, Kevin W. Gagel wrote:
On 5/11/2005 6:58 AM, Martin G. Diehl wrote:
[snip]
Trying to figure out who/where this is happening is the exercise
Those words should be carved into stone on the doorposts of every
Tech Support cube farm and every Computer Science cl
At 11:03 AM 5/11/2005, you wrote:
Or maybe they're just early for next year?
A few years ago, right before X-Mas (ok, 2 weeks), the company I then
worked at got a fax spam telling us about their great grandfather clocks.
"Order NOW for Christmas Delivery!"
3 weeks later (AFTER Christmas), a NEW
On 5/11/2005 3:28 PM, Justin Mason wrote:
> BTW I've seen some similar messages -- as far as I can see, when it
> happens in my case, it's one of postfix, procmail or my MUA which is
> interpreting the message structure wrongly due to the whitespace
> wierdness.
That's possible too, if whitespac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
BTW I've seen some similar messages -- as far as I can see, when it
happens in my case, it's one of postfix, procmail or my MUA which is
interpreting the message structure wrongly due to the whitespace
wierdness.
Since SpamAssassin 3.1.0 now puts the
Hi,
I am posting this to both the Mimedefang list and the Spamassassin list
since I'm not exactly sure if this is a Mimedefang problem or a
Spamassassin one.
I have installed spamassassin 2.20 (I think) in conjunction with Mimedefang
2.51 on a FreeBSD 4.6 box running Sendmail 8.13
When I star
On 5/11/2005 2:51 PM, Kevin W. Gagel wrote:
>>On 5/11/2005 6:58 AM, Martin G. Diehl wrote:
>>I haven't really looked into this much yet, but it appears
>>that some embedded CR or LF characters are getting
>>processed by SA and then fed back to Postfix, which then
>>cleans up the message and split
Is there a way to process an mbox folder to add the full report
unconditionally to all the messages in it?
I've got an "Uncaught" IMAP folder that I drag all the day's missed spam to
for a nightly sa-learn run. I'd like to be able to inspect the messages in
the morning to see the full score rep
On 5/11/2005 3:02 PM, Martin G. Diehl wrote:
> Eric A. Hall wrote:
>>I haven't really looked into this much yet, but it appears that some
>>embedded CR or LF characters are getting processed by SA and then fed back
>>to Postfix, which then cleans up the message and splits the headers where
>>it s
Eric A. Hall wrote:
On 5/11/2005 6:58 AM, Martin G. Diehl wrote:
I saw a SPAM message with the SPAMassassin message headers
(X-spam headers) grossly out of sequence. The message
was recognized as SPAM ... but because the X-spam headers
were written in the wrong part of the message, it was able
I g
Try adding the "Return-Path:
<[EMAIL PROTECTED]>" address and see if thats
it.
> I can't manage to whitelist this mailing list. hrm. I'm
> using amavisd-new and the SpamAssassin squirrelmail
> plugin as an interface. I have no trouble
> whitelisting/blacklisting other lists, but this one keeps
> On 5/11/2005 6:58 AM, Martin G. Diehl wrote:
>
> > I saw a SPAM message with the SPAMassassin message
> > headers (X-spam headers) grossly out of sequence. The
> > message was recognized as SPAM ... but because the
> > X-spam headers were written in the wrong part of the
> message, it was able
I can't manage to whitelist this mailing list. hrm. I'm using
amavisd-new and the SpamAssassin squirrelmail plugin as an interface. I
have no trouble whitelisting/blacklisting other lists, but this one
keeps getting tagged...
Here's what I have in the mysql db:
| 0 | 0 |6 | [EMAIL P
On 5/11/2005 6:58 AM, Martin G. Diehl wrote:
> I saw a SPAM message with the SPAMassassin message headers
> (X-spam headers) grossly out of sequence. The message
> was recognized as SPAM ... but because the X-spam headers
> were written in the wrong part of the message, it was able
I get this p
Or maybe they're just early for next year?
--- Begin Message ---
He's got your eyes, Dad's nose and his own busy little feet which can
lead to an occasional unexpected accident. But never fear, PayDayOK is
there
Yes, most spams use either invented addresses or other addresses off spam
lists. Once your address is "in the wild" you can't do much about it. And a
lot of spammers choose another address in your domain as the sender, to take
advantage of possible domain-level whitelists.
I use whitelist_fro
This will be boring for many of you, but I need some advice. I run a
low-volume mail server for friends/family/church and have had a very good
experience with SA and site-wide Bayes. I know that email addys can be
spoofed, but I know nothing about the details of that.
I just got my first spam
>-Original Message-
>From: Matt Kettler [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, May 11, 2005 12:39 PM
>To: Chris Santerre
>Cc: 'Stuart Gall'; users@spamassassin.apache.org
>Subject: Re: Custom Rule question
>
>
>Chris Santerre wrote:
>
>>Eval solution: Count hits, yes. Change score ba
Chris Santerre wrote:
>Eval solution: Count hits, yes. Change score based on hits, no.
>
>
Chris, using an eval solution you could do ranges, much like bayes does.
It would be computationally efficient if done the way bayes does it too
(storing the result on the first call, and only checking va
Chris Santerre wrote:
> Long answer: Multiple meta rules. Take to much computational effort.
> The regex isn't slick for these type of rules either.
The multiple meta rules are the easiest approach to doing this. I have a
number of rulesets which use this trick to count different things. Not
exa
Mick Szucs wrote:
2) Possibly not related to the upgrade specifically, I'm getting the
following error from Pyzor 0.4.0:
spamd[877]: debug: Pyzor: couldn't grok response "Traceback (most
recent call last):"
I should add that when I run spammassassin -D --lint Pyzor works
fine. The problem see
>-Original Message-
>From: Stuart Gall [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, May 11, 2005 10:58 AM
>To: users@spamassassin.apache.org
>Subject: Custom Rule question
>
>
>Hello,
>Sometimes when I create a custom rule I want the score to be added for
>each match in the body. and not
Hello,
Sometimes when I create a custom rule I want the score to be added for
each match in the body. and not just an on or off rule.
Is there anyway to do this?
TIA
Stuart Gall
Mick Szucs wrote:
2) Possibly not related to the upgrade specifically, I'm getting the
following error from Pyzor 0.4.0:
spamd[877]: debug: Pyzor: couldn't grok response "Traceback (most
recent call last):"
I should add that when I run spammassassin -D --lint Pyzor works fine.
The problem see
At 10:05 AM 5/11/2005, Mick Szucs wrote:
Hello,
Two questions that I didn't find an answer to while hunting through the
archives.
1) Is there a replacement for the defang_mime configuration option from
2.x in the 3.x series?
defang_mime isn't even supported by 2.60, so you're currently not usin
At 05:51 AM 5/11/2005, Marco Herrn wrote:
It seems that the --max-children option doesn't do as one expects, since
spamd now uses a preforking. And it seems that the processes are not
limited at all.
Are you sure? Are there more than 5 spamd's in ps ax?
Really, with the prefork model, 5 should be t
Please can somone indicate if they about any gui frontends for
spamassassin except websuers prefs.
I require a front end to handle rules , header , subject and content
filtering , configuration and reporting on spam activity.
any help appreciated.
Thanks
Hello,
Two questions that I didn't find an answer to while hunting through the
archives.
1) Is there a replacement for the defang_mime configuration option from
2.x in the 3.x series?
2) Possibly not related to the upgrade specifically, I'm getting the
following error from Pyzor 0.4.0:
spam
Hello,
For the last weeks I have received a lot of spam concerning stock alerts and
different investissments.
Their bayes score is 99, but they don't score enough to be classified as spam.
I use rules_du_jour and the standard spamassassin set
with SURBL...
This spam does not trigger a lot of r
Loren Wilton wrote:
You should open a Bugzilla ticket on this, and ATTACH, NOT COPY/PASTE the
ENTIRE original message as an attachment to the bug ticket. That way
someone will be able to look at it and see what is really happening.
Someone else made an eMail request for the entire message ... I se
[RESEND ... one correspondent could not read the
quoted header lines when placed following my name]
Greetings,
I saw a SPAM message with the SPAMassassin message headers
(X-spam headers) grossly out of sequence. The message
was recognized as SPAM ... but because the X-spam headers
were written in
Matthew Newton wrote:
What would be the benefits of creating rules that fired on bounce
messages only (i.e. came from <>), and hit stuff like this. Are there
any reasons why giving a score of 10 when matching "Spam-Score: "
on a bounce would cause a real bounce to get rejected?
Yes, if the
Look at Time Jackson's Bogus Virus Warning ruleset. It is designed to catch
backscatter of this general sort. Might not handle your exact case, but
worth a try.
Loren
You should open a Bugzilla ticket on this, and ATTACH, NOT COPY/PASTE the
ENTIRE original message as an attachment to the bug ticket. That way
someone will be able to look at it and see what is really happening.
Since you pasted that into the text, I have no clue on what any transport
agents or m
ï
Assuming you were on 3.0.something, this is probably the
problem that init.pre doesn't get updated, and a whole pile of stuff has been
moved to plugins, which have to be initialized in init.pre.
Loren
Nico,
In an older episode (Wednesday 11 May 2005 13:24), Nico Prenzel wrote:
> Content-Type: text/html;
> =3D2>Hi, Net::DNS is version 0.49
*please* do not send HTML mails, especially not to this list.
At least, please send your mails as text *and* HTML so that recipients with
text based cli
Hi, Net::DNS is version 0.49. Wed May 11 01:19:40 2005 [24292] warn: _(Can't call method "check_hashcash_value" on an undefined value at (eval 178) line 7, line 47.Wed May 11 01:19:40 2005 [24292] warn: )So, I think it has something to do with the plugin.pm's. Any other thoughts? NicoP. -Niek
Hi all
I have had reports of someone here having been sent a lot of bounced
messages because their e-mail address has been forged in spam. I know
that this is unavoidable, and that there isn't a lot we can do about it,
but having looked at the sample mail had a slight idea.
The bounce message in
Greetings,
I saw a SPAM message with the SPAMassassin message headers
(X-spam headers) grossly out of sequence. The message
was recognized as SPAM ... but because the X-spam headers
were written in the wrong part of the message, it was able
to 'appear' as a non-SPAM message.
I have included all of
On 5/11/2005 10:52 AM +0200, Nico Prenzel wrote:
I've yesterday installed new SpamAssassin version from trunk and got following
errors from spamassassin:
[snip errors]
Is this a allready know bug, or have I missed something?
Thanks.
NicoP.
Update the perl module: Net::DNS
Niek
On Tuesday, May 10, 2005, 9:32:45 AM, John Stewart wrote:
> SA lints fine... running it in debug mode, it appears to not be checking
> anything but the multi records. See below.
> I've grepped through /usr/share/spamassassin and /etc/mail/spamassasin, and
> the only URI_RBL reference I find in an
Hi, I am using spamassassin 3.0.2 with spamd. spamd is running all the
time and the spamc processes are called from my MTA (exim) each time a
message comes in and the receipient wants the message to be scanned.
spamd is called with the following options:
--create-prefs --max-children 5 --helper-h
Hi,
I'm using spamassassin with qmail, vpopmail and qmail-scanner.
My baysian database is located at /var/qmail/vpopmail/.spamassassin.
When I manually try to synch or train the database the sa-learn program
creates a new database at /root/.spamassassin. Even when I start
sa-learn with --username
I was looking around in my awl table (MySQL) and was surprised to find
that the /16 network that my trusted and internal servers is inside made
it to the second place when doing the following query:
SELECT ip, count(ip) AS rows FROM awl GROUP BY ip ORDER BY rows DESC
LIMIT 10
After doing a lit
I've yesterday installed new SpamAssassin version from trunk and got following errors from spamassassin: Wed May 11 01:24:42 2005 [24293] warn: rules: failed to run HASHCASH_20 test, skipping:Wed May 11 01:24:42 2005 [24293] warn: _(Can't call method "check_hashcash_value" on an undefined value at
Michael Parker wrote:
On Tue, May 10, 2005 at 05:36:53PM +0100, Tim Bishop wrote:
I've been running with bayes in a MySQL database for a while now, and I
need to start dealing with cleaning up users who are no longer here. I
also have AWL and configuration in the database.
So, I think I'm looki
71 matches
Mail list logo