On Wed, 25 May 2005 16:13:45 -0700
[EMAIL PROTECTED] wrote:
> Jeff wrote:
> >On Tuesday, May 24, 2005, 6:56:08 AM, Ronan McGlue wrote:
> >> I added a dummy mx record (lowest preference) as we all know its
> >> generally the one th spammers target first, which is getting hit
> >> with about 50% of
On Wed, 25 May 2005 19:31:34 -0500
[EMAIL PROTECTED] wrote:
> Midphase is NOT the one sending spam. Yes, they are the registrant
> of the domain, and the server does resolve to a midphase server.
> This is normal for a shared hosting company.
No, it's *not* normal in the slightest. Why on earth
>...
>
>On Wednesday, May 25, 2005, 4:13:45 PM, lists lists wrote:
>>>On Tuesday, May 24, 2005, 6:56:08 AM, Ronan McGlue wrote:
I added a dummy mx record (lowest preference) as we all know its
generally the one th spammers target first, which is getting hit with
about 50% of our d
On Wednesday, May 25, 2005, 9:19:43 PM, Robert Menschel wrote:
> Just a quick note that the SARE whitelist rules file has been updated.
> Documentation at http://www.rulesemporium.com/rules.htm#whitelist
> Bob Menschel
A couple questions:
1. Are these envelope senders or URI domains?
2. Woul
On Wednesday, May 25, 2005, 4:13:45 PM, lists lists wrote:
>>On Tuesday, May 24, 2005, 6:56:08 AM, Ronan McGlue wrote:
>>> I added a dummy mx record (lowest preference) as we all know its
>>> generally the one th spammers target first, which is getting hit with
>>> about 50% of our daily connect
On Wednesday, May 25, 2005, 5:43:41 PM, evan wrote:
> Also look at honeyd.org for how honeypots are catching spammers.
> Spamhaus uses
> a similar scheme where unknown and unused domains sit on servers across the
> world. Any mail the server gets is obviously spam since no one should be
> sending
On Thursday 26 May 2005 01:55, Thomas Zehetbauer wrote:
> Hi,
>
> I have just started reporting spam and I wonder if SpamCop really
> expects it's users to confirm every submission in the web interface?
Yes. It ensures that most people are actually reporting spam. Doesn't take
that long really.
Just a quick note that the SARE whitelist rules file has been updated.
Documentation at http://www.rulesemporium.com/rules.htm#whitelist
Bob Menschel
> "LW" == Loren Wilton <[EMAIL PROTECTED]> writes:
>> Clearly, some of my emails are skipping SA!
LW> Which version were you running, again? This was a known-to-happen
LW> 'feature' with the 2.6x series, although nobody ever really figured
LW> out why. There are conditions where
At 04:56 PM 5/25/2005, Bryan Oswalt wrote:
I have Spamassassin setup in a spamd/spamc type configuration, along
with spamass-milter and the INPUT_MAIL_FILTER
option configured in sendmail with procmail as my MDA. The server I have
this running on is to be setup as a mail filtering gateway for
Hello Mark,
Wednesday, May 25, 2005, 10:29:16 AM, you wrote:
MGT> I'm new here, and am not positive if this is the right place to
MGT> ask this question.
Yes, it is.
MGT> I am not sure how to proceed in determining what broke and why.
MGT> I had no troubles with SpamAssassin-3.0.2, but after f
Hi,
I have just started reporting spam and I wonder if SpamCop really
expects it's users to confirm every submission in the web interface?
Tom
--
T h o m a s Z e h e t b a u e r ( TZ251 )
PGP encrypted mail preferred - KeyID 96FFCB89
finger [EMAIL PROTECTED] for key
Those, who ar
Do you have any links to linux based "fake proxypots" ?
They sound cool, or maybe its just fun to say...
Look for implementations of "Teergrube" on google.
A famous one which shut down awhile back is LaBrea - which uses similar
technology for catching worms.
There is a Linux netfilter plugin
Loren and Chris,
thanks for your replies.
I am aware of SA, I have been using it from a very long time ago - having it
well trained and updated - as best as I can.
I understand about all issues you both mentioned about a raw SA and other
solutions out there.
I post such inquiry to the list beca
Robert Menschel wrote:
> MK> However, these attempts are only going to be effective against the bayes
> portion
> MK> of SA.
>
> As I've said before, my opinion is that these attempts are NOT
> effective against SpamAssassin's Bayes system.
>
> As a rule, we do NOT receive hams which contain su
Sorry for all the crossposting, this is being forwarded to people who can so
something definitive on these issues. 1 - to midphase to address the possible
wrong-doings from one of their customers, and 2 - to [EMAIL PROTECTED]
(and the
list as he doesn't get my mail) so he can adjust his rules t
Hello Matt, John,
Tuesday, May 24, 2005, 7:15:16 PM, you wrote:
MK> John August wrote:
>> I've noticed spam which has a section of "extracted" text after the spam
>> content. It seems to me that by taking things line by line, you'll reach
>> a point at which the spam index peaks, and then trails
>...
>
>Quoting List Mail User <[EMAIL PROTECTED]>:
>
>> Try a Google search on 88puppydog. com, then look at who owns and
>> operates it (just "whois") and decide for yourself.
>
>Midphase is bulk hosting provider for both end-users and resellers. Nothing
>more. A WHOIS on "CoolRunningConc
On Tuesday, May 24, 2005, 6:56:08 AM, Ronan McGlue wrote:
I added a dummy mx record (lowest preference) as we all know its
generally the one th spammers target first, which is getting hit with
about 50% of our daily connections, of which i defer all of them at a
very low overhead.
Some of t
> I added a dummy mx record (lowest preference) as we all know its
generally the one th spammers target first, which is getting hit with
about 50% of our daily connections, of which i defer all of them at a
very low overhead.
May I ask what kind of software/settings do you use to defer the
>...
>
>Everyone else - this may be off-topic, but consider it a lesson on what
>happens
>when your spam rules are too intrusive over silly things instead of asking the
>question "Is this mail spam?". The method I proposed earlier is much more
>effective at identifying spam than looking at what
Does "dul.dnsbl.sorbs.net" list all the dynamic IPs?
Or just the dynamic IPs which fall in spamtrap?
Thanks.
On 5/25/05, Ing. Alejandro Rodriguez <[EMAIL PROTECTED]> wrote:
> I have the same problem that you, with dsbl, record are keep over years,
> and the delist process is complex. So most
> of
> Clearly, some of my emails are skipping SA!
Which version were you running, again? This was a known-to-happen 'feature'
with the 2.6x series, although nobody ever really figured out why. There
are conditions where it can happen on 3.0.1 or .2, I believe, if the spamd
children all get themselve
I previously posted about SA being bypassed when email came in through my
backup MX. I no longer think that that is the issue sice the headers seem
identical for my emails whether it works or doesn't. Also, even though my
sendmail is running I just received an email that is missing my SA headers
> "MK" == Matt Kettler <[EMAIL PROTECTED]> writes:
MK> Jake Colman wrote:
>> I am seeing this error in my maillog. I followed the directions in the
>> wiki for creating site-wide bayes database, razor and pyzor. I think I
>> did it correctly and yet I am getting this error.
>
> Is there any *good* and *trustable* comparison between SA and other
> commercial solutions?
It depends on what kind of comparison you are interested in. Every few
months some magazine or online info service will run a comparison of various
spam tools, and the report of their report ends up gene
Jake Colman wrote:
> I am seeing this error in my maillog. I followed the directions in the wiki
> for creating site-wide bayes database, razor and pyzor. I think I did it
> correctly and yet I am getting this error.
>
> My local.cf specifies 'bayes_path /etc/mail/spamassassin/bayes' and
> 'baye
> > In the mean time, I will try Chris Conn's solution:
> > rawbody __LW_URI_CR1 /href=\"[^"]*\r[^\n]/is
> > full__LW_URI_CR2 /href=\"[^"]*\r[^\n]/is
> > metaLW_URI_CR__LW_URI_CR1 || __LW_URI_CR2
> > score LW_URI_CR(YOUR CHOICE)
> > describe
> Someone correct me if I am wrong, however the multi-line URI spams with
> ampersands need a patch that is not yet integrated into the default
> 3.0.3 distribution.
The ampersands (and ther special characters, like colons) was a separate
problem from the unescaped cr's in the url. The later was
I have
Spamassassin setup in a spamd/spamc type configuration, along with
spamass-milter and the INPUT_MAIL_FILTER
option configured
in sendmail with procmail as my MDA. The server I have this running on is to be
setup as a mail filtering gateway for tagging spam and blocking e-mails wit
Quoting List Mail User <[EMAIL PROTECTED]>:
Try a Google search on 88puppydog. com, then look at who owns and
operates it (just "whois") and decide for yourself.
Midphase is bulk hosting provider for both end-users and resellers. Nothing
more. A WHOIS on "CoolRunningConcepts.com" wi
Everyone else - this may be off-topic, but consider it a lesson on what
happens
when your spam rules are too intrusive over silly things instead of asking the
question "Is this mail spam?". The method I proposed earlier is much more
effective at identifying spam than looking at what host has a
Quoting "Ing. Alejandro Rodriguez" <[EMAIL PROTECTED]>:
I have the same problem that you, with dsbl, record are keep over years,
and the delist process is complex. So most
of unskilled Net Admin never take care of this list.
IMHO the dynamic IPs list is dul.dnsbl.sorbs.net
In fact I'm rejecting
>-Original Message-
>From: Aecio F. Neto [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, May 25, 2005 2:22 PM
>To: users@spamassassin.apache.org
>Subject: Comparison of SA and commercial solutions
>
>
>Hi, there.
>Is there any *good* and *trustable* comparison between SA and other
>commercia
I am seeing this error in my maillog. I followed the directions in the wiki
for creating site-wide bayes database, razor and pyzor. I think I did it
correctly and yet I am getting this error.
My local.cf specifies 'bayes_path /etc/mail/spamassassin/bayes' and
'bayes_file_mode 0770'.
The .../sp
"Ryan L. Sun" <[EMAIL PROTECTED]>
wrote on 05/25/2005 01:33:19 PM:
> Hi, all
>
> I am using spamhaus sbl+xbl RBL and dsbl RBL. It seems they got too
> much false positive, especially dynamic IPs.
> Do you guys know how can I get all the dynamic IP range on internet,
> or is that possible?
> Any
I have the same problem that you, with dsbl, record are keep over years,
and the delist process is complex. So most
of unskilled Net Admin never take care of this list.
IMHO the dynamic IPs list is dul.dnsbl.sorbs.net
In fact I'm rejecting mails at SMTP conection time using,
sbl-xbl.spamhaus.org
Hi, all
I am using spamhaus sbl+xbl RBL and dsbl RBL. It seems they got too
much false positive, especially dynamic IPs.
Do you guys know how can I get all the dynamic IP range on internet,
or is that possible?
Any other RBL suggestion? False positive is critical to me. I can
accept 40% catch rat
Hi, there.
Is there any *good* and *trustable* comparison between SA and other
commercial solutions?
Any feedback much appreciated.
Regards
Hi,
I'm new here, and am not positive if this is the right place to ask
this question.
I am not sure how to proceed in determining what broke and why.
I had no troubles with SpamAssassin-3.0.2, but after following the same
configure and build steps, I'm getting a test failure on 3.0.3, for a
tes
Eddy Beliveau wrote:
Hi!
Thanks to all for your replies
I cannot upgrade right now, the current academic semester is not yet
completed
In the mean time, I will try Chris Conn's solution:
rawbody __LW_URI_CR1 /href=\"[^"]*\r[^\n]/is
full__LW_URI_CR2 /href=\"[^"]*\r[^\n]/
On Wed, 2005-05-25 at 09:19 -0400, Eddy Beliveau wrote:
> Hi!
>
> I'm running spamassassin 2.4 with pamCopURI 0.24 and it work perfectly.
> Thanks ;-)
>
> My current problem is that I cannot get rid of those online pharmacy spams.
> (see attached picture).
> The email contains a picture an
Thomas Deaton wrote:
> For the header rules, you can put Subject or From. Is there a way to put
> something from the "TO:" line?
>
> thanks
A header rule can be written to examine *any* header. To: From: Subject:
X-SomeGarbageYouNeverSawBefore:. There's even a special meta header "ToCc" which
ma
Theo Van Dinter wrote:
On Wed, May 25, 2005 at 11:07:06AM -0400, Kevin Peuhkurinen wrote:
Thanks for clearing that up Theo. Is it worth my while to file a
feature request in bugzilla?
I can't think of a reason why it couldn't be supported, but I also don't think
it'll be a high prio
http://www.securityfocus.com/news/11230?ref=rss
Quick summary: The Federal Trade Commission is launching an educational
campaign to try to convince ISPs to block port 25, rate-limit email
relays, and quarantine infected machines.
On Wed, May 25, 2005 at 11:07:06AM -0400, Kevin Peuhkurinen wrote:
> Thanks for clearing that up Theo. Is it worth my while to file a
> feature request in bugzilla?
I can't think of a reason why it couldn't be supported, but I also don't think
it'll be a high priority to do it unless someone al
Theo Van Dinter wrote:
On Wed, May 25, 2005 at 08:57:43AM -0400, Kevin Peuhkurinen wrote:
Forgive my ignorance, but I cannot for the life of me figure out if I
can split long lines in a rules file. I'm trying to make some meta
rules that will include some really long lines if I cannot spli
I was very original when naming my server and called it ... server.
When an email comes into my server it comes to the computer called server
and goes through an antivirus gateway. This adds the following header:
Received: from cm218-254-253-168.hkcable.com.hk ([218.254.253.168])
by server. (NAVG
On Wed, May 25, 2005 at 08:57:43AM -0400, Kevin Peuhkurinen wrote:
> Forgive my ignorance, but I cannot for the life of me figure out if I
> can split long lines in a rules file. I'm trying to make some meta
> rules that will include some really long lines if I cannot split them.
> Anyone?
No
Martin Hepworth wrote:
Kevin
how does this compare with
http://www.rulesemporium.com/rules.htm#fraud
Hi Martin. The reason I wrote these rules is because I use the SARE
fraud rules, but not a single one hits on these particular emails. An
example of the text of the emails that I am targett
Kevin
how does this compare with
http://www.rulesemporium.com/rules.htm#fraud
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Kevin Peuhkurinen wrote:
I've started working on some rules to catch some pesky "export company"
scams. I'll expand them to in
Hi!
Thanks to all for your replies
I cannot upgrade right now, the current academic semester is not yet completed
In the mean time, I will try Chris Conn's solution:
rawbody __LW_URI_CR1 /href=\"[^"]*\r[^\n]/is
full__LW_URI_CR2 /href=\"[^"]*\r[^\n]/is
metaLW_URI_
I've started working on some rules to catch some pesky "export company"
scams. I'll expand them to include the Yukos and Con oil scams soon.
Meanwhile, I'd appreciate any feedback. The ruleset can be found here:
http://www.exit0.us/index.php?pagename=ExportFraudRules
Thanks,
Kevin
Eddy
Have you tried updating to a newer version?
I suspect it will be many peoples first suggestion.
Alan
Hello,
Someone correct me if I am wrong, however the multi-line URI spams with
ampersands need a patch that is not yet integrated into the default
3.0.3 distribution.
http://bugzil
On Wednesday, May 25, 2005, 6:19:49 AM, Eddy Beliveau wrote:
> I'm running spamassassin 2.4 with pamCopURI 0.24 and it work perfectly.
> Thanks ;-)
> My current problem is that I cannot get rid of those online pharmacy spams.
> (see attached picture).
> The email contains a picture and many w
Eddy Beliveau wrote:
Hi!
I'm running spamassassin 2.4 with pamCopURI 0.24 and it work perfectly.
Thanks ;-)
My current problem is that I cannot get rid of those online pharmacy
spams. (see attached picture). The email contains a picture and many
words in font size 1.
Am I the only on
> "w" == wolfgang <[EMAIL PROTECTED]> writes:
w> In an older episode (Friday 20 May 2005 18:07), Jake Colman wrote:
>> When my server is up, all email is processed by my SA. If my server is
>> down, my email is held for me at the backup MX. When my server comes
>> back, the bac
Eddy Beliveau wrote the following on 25/05/2005 14:19:
Hi!
I'm running spamassassin 2.4 with pamCopURI 0.24 and it work perfectly.
Thanks ;-)
Eddy
Have you tried updating to a newer version?
I suspect it will be many peoples first suggestion.
Alan
For the header rules, you can put Subject or From. Is there a way to put
something from the "TO:" line?
thanks
E-mail correspondence to and from this address may be subject to the
North Carolina Public Records Law and may be disclosed to third parties by an
authorized county official. If you h
Hi! Rishi,
Many thanks for your reply
I'm already using that antidrug.cf rule
My problem is that the drug name does not appear as text in the spam
It is included in the gif picture
So the spam contains a picture and many tiny words in the email's body
Does it sound familiar ?
Thanks,
Eddy
-
Hi!
I'm running spamassassin 2.4 with pamCopURI 0.24 and it work perfectly. Thanks
;-)
My current problem is that I cannot get rid of those online pharmacy spams. (see attached picture).
The email contains a picture and many words in font size 1.
Am I the only one to receive this junk.
C
Forgive my ignorance, but I cannot for the life of me figure out if I
can split long lines in a rules file. I'm trying to make some meta
rules that will include some really long lines if I cannot split them.
Anyone?
Thanks!
I've been noticing a lot of spam coming from unsecured webmail pages
these days so brewed up a ruleset to catch them. If you want to try it
out, the rules are here:
http://www.exit0.us/index.php?pagename=WebMailRules
Kevin
OK Ninja's, here's your chance to pre-empt the next wave of male
empowerment medications.
Some truth's, some embellshment (Dr. Longwell?):
http://www.pugbus.net/artman/publish/05252005_premature.shtml
(how many variations of dapoxetine can be generated?)
Baltasar wrote:
X-Spam-Status: Yes, hits=6.687 tag=3 tag2=6.31 kill=6.31 tests=HTML_70_80,
HTML_MESSAGE, MSGID_FROM_MTA_SHORT, RCVD_IN_DYNABLOCK, RCVD_IN_NJABL,
RCVD_IN_NJABL_DIALUP, RCVD_IN_SORBS
I'm not familiar with MSGID_FROM_MTA_SHORT because for some reason it
doesn't appear to be in m
> It's obsiouly not a pb but how can i white-list specific adresses with per
> users setting.
>
> ex: for users1, i want to white list [EMAIL PROTECTED] but not for users2.
> I already put in mysql: whitelist_to [EMAIL PROTECTED] for users1
> but that doesn't for as MATT said earlier, "Unfortunatel
Hello,
As Devin, I actually run spamassassin SA 3.03 with per user bayes store into
a mysql DB.
What are the favour and the disadvantage of that solution?
What are the favour and the disadvantage of a global bayes solution?
I also see a number of person who stop to use bayes. Is it a good idea?
> I have a postfix(2.x) - amavisd-new (2.3.1) - spamasassin (3.0.3) - razor
> - pyzor - dcc setup and have some troubles with html emails which where
> marked as spam but are false positives. Even a blank html email with just
> the signature added will be marked as spam. As you can see later they
>
Hi Loren,
I put your rule in my local.cf file and it's working great.
As i run spamassassin on qmail/maildrop with mysql per users setting and
that i put it in the global conf, everybody white-list the SA list.
It's obsiouly not a pb but how can i white-list specific adresses with per
users settin
Thomas
you'll prob find the issue is the RCVD_IN_DYNABLOCK,
RCVD_IN_NJABL_DIALUP, RCVD_IN_NJABL and RCVD_IN_SORBS rules
I turn off the RCVD_IN_DYNABLOCK, RCVD_IN_NJABL_DIALUP, RCVD_IN_NJABL
off due to too many false positives like this. SORBS is normally quite
good and I use that along with
Hello List!
I have a postfix(2.x) - amavisd-new (2.3.1) - spamasassin (3.0.3) - razor
- pyzor - dcc setup and have some troubles with html emails which where
marked as spam but are false positives. Even a blank html email with just
the signature added will be marked as spam. As you can see later t
71 matches
Mail list logo
