Steven Stern wrote:
>> >
>>
>> My company's website has a "click here and we'll send you your password"
>> (or something similar). You'd be amazed how many calls we get claiming
>> it doesn't work. When I track through the logs, I find most come from
>> people with CR systems. You can't use a C
Theo Van Dinter wrote:
> On Fri, Jul 20, 2007 at 09:10:18PM -0500, Igor Chudov wrote:
>
>> So, if whitelist_from is scalable to a few thousand addresses, I would
>> like to use it.
>>
>
> It probably won't scale that far since it's super inefficient to have a flat
> file config w/ that man
On Fri, Jul 20, 2007 at 09:10:18PM -0500, Igor Chudov wrote:
> So, if whitelist_from is scalable to a few thousand addresses, I would
> like to use it.
It probably won't scale that far since it's super inefficient to have a flat
file config w/ that many entries. You'd want to have some kind of p
Michael Scheidell wrote:
> Matt Kettler wrote:
>>
>> Michael Scheidell wrote:
>> > SA 3.2.1 INSTALL seems to indicate that if I use Mail-DKIM .20 or
>> > better, I don't need Mail-DomainKeys.
>> >
>>
>
> I loaded Mail-DomainKeys perl libraries and will be doing some testing
> to see if I can see wh
Igor Chudov wrote:
> I have to respectfully disagree with those who say that whitelisting
> my friends is a bad idea.
>
I never said that whitelisting your friends is a bad idea. I said
whitelisting based on email address ALONE is a bad idea in general.
It's a lot better to use tools that are
I have to respectfully disagree with those who say that whitelisting
my friends is a bad idea.
I do realize that spammers use everyone's addresses -- as they are
using mine -- as fake return addresses, just as often as they would
use any other address.
But the chances of them accidentally using
Crossposted to Karmasphere-users and to SpamAssassin-users
Igor Chudov wrote:
I have several mail folders (linux mailbox files) that are a good
source of whitelist information. For example, I am sure that all To:
addresses in my sent folder, and all From: addresses in my friends or
ebay fold
From: "Steven Stern" <[EMAIL PROTECTED]>
John Rudd wrote:
Further, I as the sender have no obligation to participate in your
anti-spam mechanism. It's YOUR mechanism. You feed it, you configure
it, your CPU cycles are spent on it. I have no obligation to
participate in the program you use
From: "John Rudd" <[EMAIL PROTECTED]>
someone that Skip Brott didn't attribute wrote:
Why is it my responsibility as a holder of a valid email address to
accept
mail from anyone who wants to send me the mail? As the owner of the
email
address or, as the admin of the domain's mail server, I hav
From: "Skip Brott" <[EMAIL PROTECTED]>
Why is it my responsibility as a holder of a valid email address to
accept
mail from anyone who wants to send me the mail? As the owner of the email
address or, as the admin of the domain's mail server, I have no
obligation
to
accept your mail at all.
O
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Rudd wrote:
>
> Further, I as the sender have no obligation to participate in your
> anti-spam mechanism. It's YOUR mechanism. You feed it, you configure
> it, your CPU cycles are spent on it. I have no obligation to
> participate in the prog
Igor Chudov wrote:
> I have several mail folders (linux mailbox files) that are a good
> source of whitelist information. For example, I am sure that all To:
> addresses in my sent folder, and all From: addresses in my friends or
> ebay folder, are good.
>
> So what I would like to do is to genera
I guess that's just another chapter in the proof that there is one born
every
minute.
When P.T. Barnum made that statement the population of the US was about 60
million. It is now somewhere north of 250 million.
Loren
someone that Skip Brott didn't attribute wrote:
Why is it my responsibility as a holder of a valid email address to accept
mail from anyone who wants to send me the mail? As the owner of the email
address or, as the admin of the domain's mail server, I have no obligation
to
accept your mail at
Igor Chudov wrote:
> I have several mail folders (linux mailbox files) that are a good
> source of whitelist information. For example, I am sure that all To:
> addresses in my sent folder, and all From: addresses in my friends or
> ebay folder, are good.
>
> So what I would like to do is to genera
> Why is it my responsibility as a holder of a valid email address to accept
> mail from anyone who wants to send me the mail? As the owner of the email
> address or, as the admin of the domain's mail server, I have no obligation
to
> accept your mail at all.
> Obligations should be on the sender.
From: "Skip Brott" <[EMAIL PROTECTED]>
I have found this whole line of debate somewhat interesting, but it has
clearly strayed from the real core question:
Who is responsible?
Is it the responsibility of the sender to verify that they indeed intended
to send the email?
Or is it the responsibil
From: "John Rudd" <[EMAIL PROTECTED]>
David B Funk wrote:
On Fri, 20 Jul 2007, John Rudd "@ucsc.edu" wrote:
Jonas Eckerman wrote:
What do they think will happen when someone who doesn't know english
tries to send to a user of such a system that outputs english error
mesages that directs the
On Fri, 20 Jul 2007, Matthias Keller wrote:
> I'm only using the signatures with the spamassassin plugin because I found
> them to be too invasive. I dont allow anyone to block a mail at SMTP level
> just because it contains ONE sentence. The sanesecurity signatures also
> contain a LOT of single
Matt Kettler wrote:
Michael Scheidell wrote:
> SA 3.2.1 INSTALL seems to indicate that if I use Mail-DKIM .20 or
> better, I don't need Mail-DomainKeys.
>
I loaded Mail-DomainKeys perl libraries and will be doing some testing
to see if I can see what and why, and will post it later.
( have u
Steven Stern wrote:
> Did you import his key with sa-update --import his.key.file.here
Yes and I found my problem. I missed the last line where I also had to
include the --gpgkey option. I had been thinking that the --import option
took care of it, but is required both.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Skip Brott wrote:
> Using the recommended actions from this list, I run this:
>
> sa-update --channelfile
> /etc/mail/spamassassin/saupdate/sare-sa-update-channels.txt -D
>
> I get this result from each channel:
>
> [29610] dbg: gpg: gpg: Signature
Gene Heskett wrote:
Also, how about /etc/mail/spamassassin/RuleDuJour? Can that copy of all this
go away also? It is not being mentioned in the --lint -D report output.
That was just a staging area for RDJ and never used by spamassassin.
Updates were downloaded there first and then linted
On Friday 20 July 2007, Richard Frovarp wrote:
>Gene Heskett wrote:
>> On Friday 20 July 2007, Richard Frovarp wrote:
>>> Skip Brott wrote:
I ran with the --nogpg option and was able to get all the files to
download. Yay! But do I really want to run it that way?
And on that no
On Friday 20 July 2007, Kelson wrote:
>Gene Heskett wrote:
>>> I've been toying with "DANGER - DIHYDROGEN-MONOXIDE IN USE" signs
>>> recommending use of appropriate protective gear. But in today's terrorism
>>> atmosphere some idiot might not get it and
>>
>> Chuckle...
>>
>> Only if they faile
I have several mail folders (linux mailbox files) that are a good
source of whitelist information. For example, I am sure that all To:
addresses in my sent folder, and all From: addresses in my friends or
ebay folder, are good.
So what I would like to do is to generate a file with a list of
addre
I have found this whole line of debate somewhat interesting, but it has
clearly strayed from the real core question:
Who is responsible?
Is it the responsibility of the sender to verify that they indeed intended
to send the email?
Or is it the responsibility of the recipient to verify senders?
M
>>> "Matthew Yette" <[EMAIL PROTECTED]> 7/20/2007 8:24 AM >>>
>>> "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> 7/19/2007 4:51 PM >>>
>You would have to get the calling software to pass as the username
>either (i) something like @example.com; or (ii) a non-existent account
>at the domain.
>Get it t
David B Funk wrote:
On Fri, 20 Jul 2007, John Rudd "@ucsc.edu" wrote:
Jonas Eckerman wrote:
What do they think will happen when someone who doesn't know english
tries to send to a user of such a system that outputs english error
mesages that directs the sender to web pages with english instru
Gene Heskett wrote:
I've been toying with "DANGER - DIHYDROGEN-MONOXIDE IN USE" signs
recommending use of appropriate protective gear. But in today's terrorism
atmosphere some idiot might not get it and
Chuckle...
Only if they failed introductory chemistry 101, but it should be good for a
Gene Heskett wrote:
On Friday 20 July 2007, Richard Frovarp wrote:
Skip Brott wrote:
I ran with the --nogpg option and was able to get all the files to
download. Yay! But do I really want to run it that way?
And on that note, how does SA know where to find the .cf files in
/var/lib/s
On Fri, 20 Jul 2007, John Rudd "@ucsc.edu" wrote:
> Jonas Eckerman wrote:
>
> > What do they think will happen when someone who doesn't know english
> > tries to send to a user of such a system that outputs english error
> > mesages that directs the sender to web pages with english instructions?
>
On Friday 20 July 2007, Richard Frovarp wrote:
>Skip Brott wrote:
>> I ran with the --nogpg option and was able to get all the files to
>> download. Yay! But do I really want to run it that way?
>>
>> And on that note, how does SA know where to find the .cf files in
>> /var/lib/spamassassin? Doe
Jonas Eckerman wrote:
John Rudd wrote:
If they're not multi-lingual, and only speak english, then there
wasn't any point in the non-english speaker trying to contact them,
was there? :-)
The fact that the mail system and it's supporting sites aren't
multilingual does not mean that the mail
Leonardo Rodrigues Magalhães wrote:
John Rudd escreveu:
If they're not multi-lingual, and only speak english, then there
wasn't any point in the non-english speaker trying to contact them,
was there? :-)
And what about non-english companies that host their domains
worldwide, sometim
John Rudd wrote:
What do they think will happen when someone who doesn't know english
tries to send to a user of such a system that outputs english error
One possibility is, it could just spit out a url, with no other text,
and assume that the sender will understand
They can, but my *guess
On Thu, 19 Jul 2007, SM wrote:
At 18:23 19-07-2007, David B Funk wrote:
You can control the order that milers are run but IIRC, each milter
gets a copy of the -original- input message before any local
modifications are done. So the final message will have the headers
added by each milter but
Leonardo Rodrigues Magalhães wrote:
John Rudd escreveu:
If they're not multi-lingual, and only speak english, then there
wasn't any point in the non-english speaker trying to contact them,
was there? :-)
And what about non-english companies that host their domains
worldwide, sometim
John Rudd escreveu:
If they're not multi-lingual, and only speak english, then there
wasn't any point in the non-english speaker trying to contact them,
was there? :-)
And what about non-english companies that host their domains
worldwide, sometimes in USA servers or even in other co
Jonas Eckerman wrote:
What do they think will happen when someone who doesn't know english
tries to send to a user of such a system that outputs english error
mesages that directs the sender to web pages with english instructions?
One possibility is, it could just spit out a url, with no othe
Skip Brott wrote:
I ran with the --nogpg option and was able to get all the files to
download. Yay! But do I really want to run it that way?
And on that note, how does SA know where to find the .cf files in
/var/lib/spamassassin? Does it see subfolders and load the .cf files
from there? O
I ran with the --nogpg option and was able to get all the files to download.
Yay! But do I really want to run it that way?
And on that note, how does SA know where to find the .cf files in
/var/lib/spamassassin? Does it see subfolders and load the .cf files from
there? Or do those downloaded u
Using the recommended actions from this list, I run this:
sa-update --channelfile
/etc/mail/spamassassin/saupdate/sare-sa-update-channels.txt -D
I get this result from each channel:
[29610] dbg: gpg: gpg: Signature made Mon 04 Jun 2007 08:14:08 PM CDT using
DSA key ID 856AA88A
[29610] dbg: gpg:
if you could open it as a bug (and attach a couple of sample
read-receipts it's marking incorrectly) I'd be much obliged ;)
--j.
neil writes:
> Hi;
> Just commented out the short circuit vbounce rule on the box I did
> the tests on and I get a low score (3.3). I dont know if you want to
>
Dave Pooser wrote:
Yes, it used a CAPTCHA. And if we can design a system where sending spam
requires more effort from the spammer (reading the error message, browsing
to the site, reading the CAPTCHA, typing it in, and then clicking "Release"
Ah. Of course. A system that prevents all blind use
Hi;
Just commented out the short circuit vbounce rule on the box I did
the tests on and I get a low score (3.3). I dont know if you want to
test this and update the wiki or if I should raise it as a bug.
I'd better remove that rule from my production boxen. Changes to
live servers, on
Andy Dills wrote:
On Fri, 20 Jul 2007, Yet Another Ninja wrote:
Guys
These are NOT AV signatures to be updated every day/hour, whatever
Hammering the site won't make it any better and not help to keep it going.
Seems some ppl still haven't understood that hammer-leeching spoils it for
eve
Yep, this is entirely possible; I don't think I tested with any
read receipts :(
--j.
neil writes:
> Hi;
>Any one else seeing random FPs with VBounce rules and short circuit
> as described here:
> http://wiki.apache.org/spamassassin/ShortcircuitingRuleset
>
> # bounce messages: always igno
Hi;
Any one else seeing random FPs with VBounce rules and short circuit
as described here:
http://wiki.apache.org/spamassassin/ShortcircuitingRuleset
# bounce messages: always ignored if the vbounce plugin is active
priority ANY_BOUNCE_MESSAGE -700
shortcircuit ANY_BOUNCE_MESSAGE spam
score A
>>> "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> 7/19/2007 4:51 PM >>>
>You would have to get the calling software to pass as the username
>either (i) something like @example.com; or (ii) a non-existent account
>at the domain.
>Get it to do that and you'll see the results you want. SA will be happy
On Fri, 20 Jul 2007, Yet Another Ninja wrote:
> Guys
>
> These are NOT AV signatures to be updated every day/hour, whatever
>
> Hammering the site won't make it any better and not help to keep it going.
>
> Seems some ppl still haven't understood that hammer-leeching spoils it for
> everyone an
Per Jessen wrote:
> Like I said - provided that the objective is to avoid spam, it might
> work for the individual user. The objective of C-R was never (IMO) to
> help reduce or eliminate spam other than for one person.
However, there isn't just one email user; there's a lot of them.
If every pri
Michael Scheidell wrote:
> SA 3.2.1 INSTALL seems to indicate that if I use Mail-DKIM .20 or
> better, I don't need Mail-DomainKeys.
>
> Because of this, I removed the Mail-DomainKeys dependency from the
> FreeBsd SA port (I am the official maintainer)
>
> I have seen a couple of issues that indica
Andy Sutton wrote:
> On Thu, 2007-07-19 at 21:35 +0200, Per Jessen wrote:
>> Well, provided the objective is to avoid spam, it still might work
>> well for that individual user.
>
> Avoid? For whom? The objective should be to reduce or eliminate
> spam, not pass filtering costs off on others.
Guys
These are NOT AV signatures to be updated every day/hour, whatever
Hammering the site won't make it any better and not help to keep it going.
Seems some ppl still haven't understood that hammer-leeching spoils it
for everyone and themselves.
Igor Chudov wrote:
> #!/bin/bash
Since there are no bash specific features this could be a standard
/bin/sh just as easily and then does not depend upon bash.
> PM=`perl -MConfig -e 'print
> "$Config{installsitelib}"'`/Mail/SpamAssassin/Plugin/PDFInfo.pm
> CF=/etc/mail/spamassassin/PDFInfo.cf
>
Hi all,
We had this night a DOS Attack with well prepared PDFs. Those PDFs
had wrong image offsets (looks like they generated a loop in pdfimages.
The result was that some pdfimages commands were hangin around and
generating thousands of pictures. The commands where using all
system time and slo
Marc Perkel schrieb:
I've written a best practices guide and suggestions on how to defeat
the spam bot armies. If anyone wants to comment I'm looking for
feedback and new ideas.
http://wiki.junkemailfilter.com/index.php/How_to_put_an_end_to_Virus_Infected_Spam_Bots
do you have a own
58 matches
Mail list logo