Re: xxxl spam

Mark Martinec wrote: The most interesting part in my view is not the IP distance, but the type of OS, illustrated by the following table (derived from the same data as fig2): p0f OS guessham : spam - Windows-XP0.7 % : 99.3 % Windows-2000 5.

Re: xxxl spam

Hi, to read this in other words: while certain analysts (and definitlely microsoft marketing) claim that about 50 % of all servers is running windows, these figures tend to say that real mail servers (those that deliver the ham part of mail) rarely ever run XP but that this OS is the best candi

Rawbody rules information

Hi List, I am looking to understand more about the raw body rules, and examples of them that I could follow to hopefully write a few for myself. Can someone point in a good place to start or a good tutorial on this sort of thing? Thanks in Advance. Regards Nigel

Re: Help needed with spam attack!!!

>> >> Hi! I host a number of domains on a box and I recently added one which >> has resulted in that domain literally being HAMMERED by some spammer >> sending spam to every kind of bogus e-mail address for this new domain you >> can think of. >> >> The server is a Linux box running RedHat 9 wit

Re: Help needed with spam attack!!!

Tom Q. Citizen wrote: > Hi! I host a number of domains on a box and I recently added one which > has resulted in that domain literally being HAMMERED by some spammer > sending spam to every kind of bogus e-mail address for this new domain you > can think of. > > The server is a Linux box running R

Re: sa missed to scan some of email

On Thu, 13 Apr 2006, martin wrote: > thx info, that mean that if email don't given msgid when arrived, sendmail > default will add itself id for this mail and this msgid will not pass to > milter? > So is it no method to find related message from maillog at such case? Exactly so. Usually you c

bayes_journal file and bayes value at spam.log

after the spamassassin had run fine around 2 days, i found that at bayes directory (set to /etc/mail/spamassassin/bayes/), it had a new plain text file bayes_journal created and at spam.log, at even scanned mail, a bayes value like 2006-04-13 03:07:34 [11243] i: result: Y 17 - BAYES_99,DNS_FROM

Help needed with spam attack!!!

Hi! I host a number of domains on a box and I recently added one which has resulted in that domain literally being HAMMERED by some spammer sending spam to every kind of bogus e-mail address for this new domain you can think of. The server is a Linux box running RedHat 9 with Qmail (netqmail-1.05

Re: sa missed to scan some of email

David B Funk engineering.uiowa.edu> writes: > Because some messages arrive at your MTA without a msgid to log > (usually a sign of either a forged message or a brain-damaged > sending MTA). > > The standard sendmail config will add a locally generated msgid to > such messages but the "milter" i

RE: "Rawbody" fooled by line breaks?

On Tue, 11 Apr 2006, Dallas L. Engelken wrote: > > The problem seems to be that rawbody looks at the message "one > > line at a time". I won't bore you with every way I've > > tried to create a rule that spans this line break, but > > none of them have worked. > > > > Has anyone enountered/resolv

Re: sa missed to scan some of email

On Wed, 12 Apr 2006, martin wrote: >also, just wonder why at spam.log, some scanned message can't log down > msgid > (which at maillog using) Because some messages arrive at your MTA without a msgid to log (usually a sign of either a forged message or a brain-damaged sending MTA). The stand

Re: Pb with custom rules

Christophe Journel wrote: > is /etc/init.d/spamassassin restart enough to update all filters in SA ? It's enough to update all the filters in spamd, which affects all mail that you feed to spamc. If you use the "spamassassin" command-line script for testing, then it parses the files every time yo

Re: should I upgrade?

> Consider < 3 months (better: < 1 month) for spam, < 6 months for ham. Thanks! I thought nobody would reply! I know what to do now.

Re: Pb with custom rules

Wednesday 12 April 2006 11:23 skrev Christophe Journel: > Hello ! > i use spamassassion v 3.0.3 > > I added a custom rule, in the local.cf : > > bodyNO_VIOXX/vioxx/i > score NO_VIOXX 999 > description NO_VIOXX messages that contain the word Vioxx > > > then i restart spamassas

Re: Pb with custom rules

is /etc/init.d/spamassassin restart enough to update all filters in SA ?coz i tried with a file containing vioxx only... and the score is not 999 :/ On 4/12/06, Matt Kettler <[EMAIL PROTECTED]> wrote: Christophe Journel wrote:> Hello !> i use spamassassion v 3.0.3>> I added a custom rule, in the lo

Re: Pb with custom rules

Christophe Journel wrote: > Hello ! > i use spamassassion v 3.0.3 > > I added a custom rule, in the local.cf : > > bodyNO_VIOXX/vioxx/i > score NO_VIOXX 999 > description NO_VIOXX messages that contain the word Vioxx > > > > then i restart spamassassin > /etc

Re: xxxl spam

Justin, > Mark Martinec writes: > > As a curiosity (but off topic), harvesting results from p0f > > (passive operating system fingerprinting), here are two more: > > http://www.ijs.si/software/amavisd/fig1.gif > > Spam score vs. IP distance in hops (our server is > > in European academic

Re: Spam and the Internet [Was: xxxl spam]

Matt Kettler writes: > These spams I get from .gt don't offer any kind of online ordering. They > are ads that you'd have to physically travel to the store in Guatemala > to take advantage of them. They're ordinary weekly sales fliers for an > ordinary local store that's so small that only 6 cars

Re: xxxl spam

That's excellent data! Mind if I forward that around to another list or two? The "hops" measurement is particularly interesting. Have you got that implemented as a working rule, in the field? is it expensive? --j. Mark Martinec writes: > mouss wrote: > > since most filters skip large message

Re: xxxl spam

Theo Van Dinter writes: > On Tue, Apr 11, 2006 at 02:14:26PM -0400, Matt Kettler wrote: > > Well, SA automatically ignores attachments in recent versions. However, > > hash-based plugins like razor, dcc, and pyzor work best when seeing all the > > attachments. > > For completeness, the first sent

Pb with custom rules

Hello !i use spamassassion v 3.0.3 I added a custom rule, in the local.cf : bodyNO_VIOXX/vioxx/iscore NO_VIOXX 999description NO_VIOXX messages that contain the word Vioxx then i restart spamassassin/etc/init.d/spamassassin resart.But the problem is :With the spamc -R < test.m

Re: "Rawbody" fooled by line breaks?

Hi Eric, Actually the "full" rules don't ignore HTML at all - they are able to search within HTML tags quite fine, and also take into account line breaks, because they are run before SA does any decoding of the email. I use a bunch of custom full rules for this exact purpose. >From http://spam

Re: sa missed to scan some of email

Matt Kettler comcast.net> writes: > > martin wrote: > > Matt Kettler comcast.net> writes: > > > > > >> martin wrote: > >thx info, that seem the cause, becoz the email att. with a > >image around 250k in size. > >just wonder, can this parameter tuneable from config file? And SA had a