Giampaolo Tomassoni wrote:
> Is there any problem with completewhois.com?
>
Not sure if there is a technical issue, but I've stopped using them a
while ago. Way too inaccurate IMHO.
/Per Jessen, Zürich
Marc Perkel <[EMAIL PROTECTED]> writes:
> Yes it does break email forwarding because if you have restrictive SPF and it
> gets forwarded then the forwarding server
> isn't a valid server. Thus if the receiving server enforces SPF rules then it
> bounces the forwared message.
No. Once it has bee
On Mon, 27 Aug 2007, Marc Perkel wrote:
> Matt Kettler wrote:
> > Marc Perkel wrote:
> >
> >> Matt Kettler wrote:
> >>
> >>> Marc Perkel wrote:
> >>>
> >>>
> SPF breaks email forwarding.
>
>
> >>> SPF breaks mail forwarding services that are unwilling to expend a
> >>> little effort
Hello,
On Tue, 28 Aug 2007 00:32:23 -0400, Matt Kettler <[EMAIL PROTECTED]>
wrote:
>> In my MTA (exim) under FreeBSD I have
>> spamd_address = 127.0.0.1 783
>
> Sorry I dropped from the thread.. I missed it when you replied without
> leaving in a "Matt Kettler wrote.." type text in the reply
>
Zbigniew Szalbot wrote:
> Hello,
>
> On Sun, 26 Aug 2007 12:18:46 -0700, "Loren Wilton" <[EMAIL PROTECTED]>
> wrote:
>
>>> How can I check it then?
>>>
>> 1.How does mail get to spamd?
>>
>
> In my MTA (exim) under FreeBSD I have
> spamd_address = 127.0.0.1 783
Sorry I dropped
http://joi.ito.com/archives/2007/08/02/my_email_not_good_enough_for_you.html
...it's because the email is from an Asian ...
.. get my IP address added to some white-list ...
The comment I wanted to add is:
That's right, tell them to put me on the
white-(person-yes-just-like-them,-but-living-in-g
Matt Kettler wrote:
Marc Perkel wrote:
Matt Kettler wrote:
Marc Perkel wrote:
SPF breaks email forwarding.
SPF breaks mail forwarding services that are unwilling to expend a
little effort to modify their MAIL FROM handling. There's documented
ways to do thi
Robert Fitzpatrick wrote:
> On Fri, 2007-08-24 at 06:48 -0700, John D. Hardin wrote:
>> On Fri, 24 Aug 2007, Robert Fitzpatrick wrote:
>>
>>> Anyone seen these, first reported to us today, but a lot...can
>>> they be stopped. Bayes even gives negative score...we are running
>>> SA 3.2.1 with SARE
Marc Perkel wrote:
>
>
> Matt Kettler wrote:
>> Marc Perkel wrote:
>>
>>> SPF breaks email forwarding.
>>>
>>>
>>>
>> SPF breaks mail forwarding services that are unwilling to expend a
>> little effort to modify their MAIL FROM handling. There's documented
>> ways to do this, you're just un
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 27, 2007 5:29 PM
> To: Meng Weng Wong
> Cc: Kelson; users@spamassassin.apache.org
> Subject: Re: SPF-Compliant Spam
>
>
>
> Meng Weng Wong wrote:
> > On Aug 27, 2007, at 11:39 AM, Kel
_
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Monday, August 27, 2007 5:26 PM
To: Bernd Petrovitsch
Cc: users@spamassassin.apache.org
Subject: Re: SPF-Compliant Spam
Bernd Petrovitsch wrote:
On Mon, 2007-08-27 at 12:50 -0700, Marc Perkel wrote:
[...]
I don't support
_
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Monday, August 27, 2007 3:49 PM
To: users@spamassassin.apache.org
Subject: Re: SPF-Compliant Spam
Kai Schaetzl wrote:
Justin Mason wrote on Mon, 27 Aug 2007 14:35:39 +0100:
On the contrary, we in SpamAssassin find it use
On Mon, 2007-08-27 at 14:58 -0700, Marc Perkel wrote:
[...]
> Some of the flaws in SPF
> The flaws in SPF are numerous and severalfold.
>
> * SPF breaks pre-delivery forwarding.
BTW the trivial solution to this problem is that your customers simply
add your mailservers to the SPF rercords.
Bret Miller wrote:
Bret Miller wrote:
* 127.0.0.1 - whilelist - trusted nonspam
* 127.0.0.2 - blacklist - block spam
* 127.0.0.3 - yellowlist - mix of spam
and nonspam
* 127.0.0.4 - brownlist - all spam - but
not yet enough
to blacklist
Bret Miller wrote:
* 127.0.0.1 - whilelist - trusted nonspam
* 127.0.0.2 - blacklist - block spam
* 127.0.0.3 - yellowlist - mix of spam
and nonspam
* 127.0.0.4 - brownlist - all spam - but
not yet e
Marc Perkel wrote:
It isn't even a forgery tool because if will return a false positive
of forwarded email.
If the domain owner doesn't want his domain to be used as sender address
in email not sent by his servers, then there is no FP. It is a policy
enforcement.
Feel free to accept su
2007/8/27, Marc Perkel <[EMAIL PROTECTED]>:
>
> http://homepages.tesco.net/J.deBoynePollard/FGA/smtp-spf-is-harmful.html
>
>
> SPF is harmful. Adopt it. You've come to this page because you've said
> something similar to the following:
>
>
> SPF ("sender permitted from" a.k.a. "sender policy frame
J o a r wrote on Mon, 27 Aug 2007 23:04:31 +0200:
> Why would I, as a SPF publishing domain owner, care if they have
> anything else to check?
> As long as they reject messages that fail SPF checks for my domain,
> my problem is solved.
If you see it from that perspective, yes. But the point
2007/8/27, Marc Perkel <[EMAIL PROTECTED]>:
>
>
>
> Luis Hernán Otegui wrote:
> 2007/8/27, Marc Perkel <[EMAIL PROTECTED]>:
>
>
> Meng Weng Wong wrote:
>
>
> On Aug 27, 2007, at 11:39 AM, Kelson wrote:
>
>
>
> Jason Bertoch wrote:
>
>
> Is it wise to blacklist both, or is this yet another cas
http://homepages.tesco.net/J.deBoynePollard/FGA/smtp-spf-is-harmful.html
SPF is harmful. Adopt it.
You've come to this page because you've said something similar to the
following:
SPF ("sender permitted from" a.k.a. "sender policy framework") is a
scheme designed to prevent forgery of
Marc Perkel wrote:
SPF is useless.
Oh, of course. No matter how many times people point out uses they've
found for it, no matter whether those uses are actually impacted by
email forwarding or not, you're right, obviously we're all living in a
fantasy world because the only *possible* thing
Luis Hernán Otegui wrote:
2007/8/27, Marc Perkel <[EMAIL PROTECTED]>:
Meng Weng Wong wrote:
On Aug 27, 2007, at 11:39 AM, Kelson wrote:
Jason Bertoch wrote:
Is it wise to blacklist both, or is this yet another case where SPF
has failed
to meet projections?
On Monday 27 August 2007 21:54, Marc Perkel wrote:
> Magnus Holmgren wrote:
> > SPF does not in itself break email forwarding. SPF tells MTAs where mail
> > with certain senders may originate from. It's their job to know if the
> > recipient forwards mail from the connecting host. It can be tricky,
Bret Miller wrote:
* 127.0.0.1 - whilelist - trusted nonspam
* 127.0.0.2 - blacklist - block spam
* 127.0.0.3 - yellowlist - mix of spam
and nonspam
* 127.0.0.4 - brownlist - all spam - but
not yet enough
to blacklist
And hotmail.com warrants being blac
2007/8/27, Marc Perkel <[EMAIL PROTECTED]>:
>
>
> Meng Weng Wong wrote:
> > On Aug 27, 2007, at 11:39 AM, Kelson wrote:
> >
> >> Jason Bertoch wrote:
> >>> Is it wise to blacklist both, or is this yet another case where SPF
> >>> has failed
> >>> to meet projections?
> >>
> >> It's a case where the
On Mon, 2007-08-27 at 14:26 -0700, Marc Perkel wrote:
> Bernd Petrovitsch wrote:
> > On Mon, 2007-08-27 at 12:50 -0700, Marc Perkel wrote:
[...]
> > Where is the real problem?
> >
> > BTW I see "from mangling" as a conceptual necessary thing: Simply
> > because the forwarded mail is actually sent
David B Funk wrote:
I guess I didn't make my question clear enough;
How do you deal with mail from legit servers that are blocked by this
configuration?
(IE servers that for what ever reason will ONLY try the first mx, thus
failing to get past your fake MX.)
well, rfc mandates that they try
Andy Sutton wrote:
On Mon, 2007-08-27 at 12:59 -0700, Marc Perkel wrote:
I've not run into a single instance where a legit server only tried
the lowest MX. However, if I did there's a simple solution. If the
fake lowest MX points to an IP on the same server as the working MX
then you can us
> * 127.0.0.1 - whilelist - trusted nonspam
> * 127.0.0.2 - blacklist - block spam
> * 127.0.0.3 - yellowlist - mix of spam
> and nonspam
> * 127.0.0.4 - brownlist - all spam - but
> not yet enough
>
On Mon, 2007-08-27 at 12:59 -0700, Marc Perkel wrote:
> I've not run into a single instance where a legit server only tried
> the lowest MX. However, if I did there's a simple solution. If the
> fake lowest MX points to an IP on the same server as the working MX
> then you can use iptables to block
the last byte of the return is a number from 1-255. This is the hosts
1 means "not only have we never seen ham come from this host, it has all
kinds of danger signals that indicate you shouldn't ever trust them to do
anything useful".
You probably really need one bit somewhere that says "th
On Mon, 27 Aug 2007, Marc Perkel wrote:
> David B Funk wrote:
> > On Mon, 27 Aug 2007, Marc Perkel wrote:
> >
> >> There aren't any false positives. That's what is so great about this trick.
> >>
> >
> > I guess I didn't make my question clear enough;
> > How do you deal with mail from legit serve
Bill Landry wrote:
j o a r wrote:
On 27 aug 2007, at 21.20, Kai Schaetzl wrote:
That's wrong. Even if all servers in the world would check SPF you would
achieve *nothing* as the big majority of mail doesn't have anything to
check.
Why would I, as a SPF publishing domain owner
Bret Miller wrote:
Before you look at this as just another blacklist - the real
power is in the white and yellow lists. First - an overview.
My list returns these codes:
* 127.0.0.1 - whilelist - trusted nonspam
* 127.0.0.2 - blacklist - block spam
* 127.0.0.3 - yellowlist - mix of spam
Meng Weng Wong wrote:
On Aug 27, 2007, at 11:39 AM, Kelson wrote:
Jason Bertoch wrote:
Is it wise to blacklist both, or is this yet another case where SPF
has failed
to meet projections?
It's a case where the spammer has just handed you useful information:
You know for sure that the doma
j o a r wrote:
>
> On 27 aug 2007, at 21.20, Kai Schaetzl wrote:
>
>> That's wrong. Even if all servers in the world would check SPF you would
>> achieve *nothing* as the big majority of mail doesn't have anything to
>> check.
>
>
> Why would I, as a SPF publishing domain owner, care if they ha
Bernd Petrovitsch wrote:
On Mon, 2007-08-27 at 12:50 -0700, Marc Perkel wrote:
[...]
I don't support from mangling and I'm talking about email forwarded to
us from other servers who also don't do from mangling.
So "not from-mangled" forwarded email cannot be (technically and quite
si
Bret Miller wrote:
Before you look at this as just another blacklist - the real
power is in the white and yellow lists. First - an overview.
My list returns these codes:
* 127.0.0.1 - whilelist - trusted nonspam
* 127.0.0.2 - blacklist - block spam
* 127.0.0.3 - yellowlist - mix of spam an
> Before you look at this as just another blacklist - the real
> power is in the white and yellow lists. First - an overview.
> My list returns these codes:
>
>
>
> * 127.0.0.1 - whilelist - trusted nonspam
> * 127.0.0.2 - blacklist - block spam
> * 127.0.0.3 - yellowlist - mix
On 27 aug 2007, at 21.20, Kai Schaetzl wrote:
That's wrong. Even if all servers in the world would check SPF you
would
achieve *nothing* as the big majority of mail doesn't have anything to
check.
Why would I, as a SPF publishing domain owner, care if they have
anything else to check?
As
On Mon, 2007-08-27 at 12:50 -0700, Marc Perkel wrote:
[...]
> I don't support from mangling and I'm talking about email forwarded to
> us from other servers who also don't do from mangling.
So "not from-mangled" forwarded email cannot be (technically and quite
simply) distinguished from intended s
Can you? I already commented some header_remove lines but their effect was
that emails which were considered not spam, their headers were not
modified. The below config file shows only uncommented lines.
http://szalbot.homedns.org/exim.txt
As I said, I'm not an exim guy. But just looking at t
On Aug 27, 2007, at 11:39 AM, Kelson wrote:
Jason Bertoch wrote:
Is it wise to blacklist both, or is this yet another case where
SPF has failed
to meet projections?
It's a case where the spammer has just handed you useful
information: You know for sure that the domain name is, indeed, the
David B Funk wrote:
On Mon, 27 Aug 2007, Marc Perkel wrote:
David B Funk wrote:
On Sun, 26 Aug 2007, Marc Perkel wrote:
If you have one MX and you create a fake low MX and a fake high MX (or
many fake high MX) about 75% to 95% of your spam goes away. It's that
simple.
Magnus Holmgren wrote:
On Monday 27 August 2007 15:26, Marc Perkel wrote:
Jason Bertoch wrote:
I think it's safe to say I'm not in the minority when I receive
SPF-Compliant spam. I'm looking for opinions on what we can honestly
derive from such messages regarding the sending server's
Matt Kettler wrote:
Marc Perkel wrote:
SPF breaks email forwarding.
SPF breaks mail forwarding services that are unwilling to expend a
little effort to modify their MAIL FROM handling. There's documented
ways to do this, you're just unwilling, and instead you'll continue to
repeat t
Kai Schaetzl wrote:
Justin Mason wrote on Mon, 27 Aug 2007 14:35:39 +0100:
On the contrary, we in SpamAssassin find it useful.
I have to agree with Marc in this special case. It's not very useful. The
reason I think this is that the amount of domains that use SPF is scarce,
*reall
On Mon, 27 Aug 2007, Derek Harding wrote:
> On Sun, 2007-08-26 at 12:37 -0700, John D. Hardin wrote:
> > On Sat, 25 Aug 2007 [EMAIL PROTECTED] wrote:
> >
> > > And no wonder you don't seem to get many new customers from
> > > elsewhere anyway, I bet. They can't get a word in edgewise. But
> > > n
J o a r wrote on Mon, 27 Aug 2007 19:37:41 +0200:
> The number of domains publishing SPF records have nothing to do with
> how useful it is. The number of servers checking and respecting these
> SPF records is what matters
That's wrong. Even if all servers in the world would check SPF you wou
Justin Mason wrote on Mon, 27 Aug 2007 19:39:28 +0100:
> It looks like they've entirely disappeared
I guess it was too much for them, they didn't know what to expect when
they lightly said "ok".
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conact
> -Messaggio originale-
> Da: Kelson [mailto:[EMAIL PROTECTED]
> Inviato: lunedì 27 agosto 2007 20.46
> A: 'SpamAssassin Users List'
> Oggetto: Re: R: completewhois.com
>
> Giampaolo Tomassoni wrote:
> > Wow...
> >
> > whois completewhois.com
> > ...
> > Record expires on 21-Se
Giampaolo Tomassoni wrote:
Wow...
whois completewhois.com
...
Record expires on 21-Sep-2007.
...
whois completewhois.org
...
Expiration Date:21-Sep-2007 02:09:06 UTC
...
Isn't that they forgot to renew their domains?
Not likely
Wow...
whois completewhois.com
...
Record expires on 21-Sep-2007.
...
whois completewhois.org
...
Expiration Date:21-Sep-2007 02:09:06 UTC
...
Isn't that they forgot to renew their domains?
Giampaolo
> -Messaggio originale--
Giampaolo Tomassoni writes:
> Is there any problem with completewhois.com?
>
> I'm getting a lot of SERVFAIL querying
> combined-HIB.dnsiplists.completewhois.com.
>
> Also, a "dig ns completewhois.com" results in no reply if queried from my
> ISP's DNS servers, while it works by directly "asking
Jason Bertoch wrote:
I think it's safe to say I'm not in the minority when I receive SPF-Compliant
spam. I'm looking for opinions on what we can honestly derive from such
messages regarding the sending server's IP and the sending address' domain name.
Is it wise to blacklist both, or is this yet
Is there any problem with completewhois.com?
You aren't the only one having problems, but I don't know if they have gone
away or if this is a DOS, or what.
Loren
Hello,
On Mon, 27 Aug 2007 09:37:18 -0700, "Loren Wilton" <[EMAIL PROTECTED]>
wrote:
>>> 2.How does mail get from spamd to the users?
>>
>> When the check has been finished, mail is delivered by exim to an
>> appropriate user.
>
> Hum. I don't know exim, although others here do. It sounds
Is there any problem with completewhois.com?
I'm getting a lot of SERVFAIL querying
combined-HIB.dnsiplists.completewhois.com.
Also, a "dig ns completewhois.com" results in no reply if queried from my
ISP's DNS servers, while it works by directly "asking" to .COM's dns
servers.
I can't even reac
I use IP::Country::Fast to add an additional score based on originating
country, and am about to allow my end-users to select allowed countries.
i.e. the user pulls up the screen for spam settings and selects "block all
non-US servers" "unblock all non-US servers" or selects specific countries
to b
On Sun, 2007-08-26 at 12:37 -0700, John D. Hardin wrote:
> On Sat, 25 Aug 2007 [EMAIL PROTECTED] wrote:
>
> > And no wonder you don't seem to get many new customers from
> > elsewhere anyway, I bet. They can't get a word in edgewise. But
> > never mind. You won't see this message either.
>
> Whoa
On 27 aug 2007, at 18.55, Per Jessen wrote:
From a professional standpoint, it's not (yet) particularly useful.
Domains that publish an SPF record are still very rare (around here).
The number of domains publishing SPF records have nothing to do with
how useful it is. The number of server
On Mon, 27 Aug 2007, Marc Perkel wrote:
> David B Funk wrote:
> > On Sun, 26 Aug 2007, Marc Perkel wrote:
> >
> >> If you have one MX and you create a fake low MX and a fake high MX (or
> >> many fake high MX) about 75% to 95% of your spam goes away. It's that
> >> simple.
> >
> > How do you deal
"Jason Bertoch" <[EMAIL PROTECTED]> writes:
> I think it's safe to say I'm not in the minority when I receive SPF-Compliant
> spam. I'm looking for opinions on what we can honestly derive from such
> messages regarding the sending server's IP and the sending address' domain
> name.
> Is it wise
> since rulesrc is independent of the SA distribution.
Good to know.
Perhaps I *should* know. Can't find that stated/clarified anywhere in
the src tree. I've looked repeatedly. If it's supposed to be
obvious, i'm clueless.
My -- incorrect -- presumption has been, since its DISTRIBUTED *with*
> > also, when did plugins move (back?) to rulesrc/sandbox/... as opposed
> > to rules/...?
>
> I suspect you had the output of a "mkrules" compilation step in
> your "rules" dir; they were always there, in the sandbox, but
> mkrules copies them into "rules".
bingo.
i always build SA from src w/,
Kai Schaetzl wrote:
> I have to agree with Marc in this special case. It's not very useful.
> The reason I think this is that the amount of domains that use SPF is
> scarce, *really* scarce. I kept an eye on this for some weeks with the
> help of milter-spf and less than 5% of all mail had SPF.
On Mon, 27 Aug 2007, Matt wrote:
> I have a file on my server that contains a list of IP's that have
> successfully authenticated to my server with POP3.
>
> /etc/virtual/pophosts
>
> Its updated on the fly by popb4smtp. I would like spamassassin to
> treat all the IP's in this file as trusted
Matt Kettler wrote:
> SPF breaks mail forwarding services that are unwilling to expend a
> little effort to modify their MAIL FROM handling.
Forwarding services are only a minor issue. We have the forwarding
issue every day - people forward mail from a personal domain to their
work address. An
Jason Bertoch wrote:
I think it's safe to say I'm not in the minority when I receive SPF-Compliant
spam. I'm looking for opinions on what we can honestly derive from such
messages regarding the sending server's IP and the sending address' domain name.
Is it wise to blacklist both, or is this yet
snowcrash+sa writes:
> fair enuf.
>
> where are such removals documented? my point being simply: it *was*
> in the src tree, suddenly it isn't. even if well-justified, shouln't
> that action be *mentioned* in Changelog?
svn log. It was never a released file.
> also, when did plugins move (ba
2.How does mail get from spamd to the users?
When the check has been finished, mail is delivered by exim to an
appropriate user.
Hum. I don't know exim, although others here do. It sounds to me like exim
must have been modifying the SA produced markup and passing that along. You
could
If you have one MX and you create a fake low MX and a fake high MX (or
many fake high MX) about 75% to 95% of your spam goes away. It's that
simple.
How do you deal with the false-positives, legit servers that are blocked
by this configuration?
There aren't any false positives. That
On Mon, Aug 27, 2007 at 09:22:41AM -0700, snowcrash+sa wrote:
> where are such removals documented? my point being simply: it *was*
> in the src tree, suddenly it isn't. even if well-justified, shouln't
> that action be *mentioned* in Changelog?
It'll be in the svn log info for the rulesrc (aka
I have a file on my server that contains a list of IP's that have
successfully authenticated to my server with POP3.
/etc/virtual/pophosts
Its updated on the fly by popb4smtp. I would like spamassassin to
treat all the IP's in this file as trusted networks on the fly.
Anyway to do that?
Matt
fair enuf.
where are such removals documented? my point being simply: it *was*
in the src tree, suddenly it isn't. even if well-justified, shouln't
that action be *mentioned* in Changelog?
also, when did plugins move (back?) to rulesrc/sandbox/... as opposed
to rules/...?
it was a sandbox plugin that didn't work, hence, now gone.
--j.
snowcrash+sa writes:
> hi,
>
> i've a script that keeps me up to date with latest 32x-branch svn.
>
> in today's DL/co of r570165
>
>
> svn co http://svn.apache.org/repos/asf/spamassassin/branches/3.2 spamassassin
>
>
> i note
hi,
i've a script that keeps me up to date with latest 32x-branch svn.
in today's DL/co of r570165
svn co http://svn.apache.org/repos/asf/spamassassin/branches/3.2 spamassassin
i note that,
rules/SIQ.pm
rules/SendmailID.pm
are no longer there (iirc, they were 'fairly recentl
On Mon, 2007-08-27 at 08:59 -0400, Jason Bertoch wrote:
> I think it's safe to say I'm not in the minority when I receive SPF-Compliant
> spam. I'm looking for opinions on what we can honestly derive from such
> messages regarding the sending server's IP and the sending address' domain
> name.
>
On Mon, 27 Aug 2007, OliverScott wrote:
1. Most users don't know how, arn't allowed, or can't be bothered to train
Bayes. In most cases spamassassin is left to auto-train bayes.
Disagree. With proper training -- or if you make it trivially easy,
like GMail/Yahoo's "Report as Spam" links -- th
On Mon, 2007-08-27 at 09:47 -0400, Jason Bertoch wrote:
> On Monday, August 27, 2007 9:27 AM Magnus Holmgren wrote:
>
> > For spammers to be able to send SPF-authenticated spam using botnets,
> > they usually have to authorize ridiculously large address blocks, for
> > example with "+all" or "+a:0
You need to either get him to change the way he sends his emails or adjust
your scores!
If he is sending directly from a dynamic IP address then he will be blocked
by a lot of peoples filters - for instance there is no chance of his emails
being accepted by AOL!
The way round this is for him to
On Monday 27 August 2007 15:26, Marc Perkel wrote:
> Jason Bertoch wrote:
> > I think it's safe to say I'm not in the minority when I receive
> > SPF-Compliant spam. I'm looking for opinions on what we can honestly
> > derive from such messages regarding the sending server's IP and the
> > sending
Marc Perkel wrote:
>
>
> Justin Mason wrote:
>> On the contrary, we in SpamAssassin find it useful.
>>
>>
>
> How do you avoid a false positive on forwarded email?
Since my other mail is long, a short reply to this direct question is in
order.
put the forwarder in trusted_networks and internal_
Site Wide Bayes or Per User Bayes?
This is somthing I have been thinking about and thought I would share to see
what other people think...
Site wide bayes has one database. Per User bayes has one per user or domain
(depending on how your server is configured). For example if you have 40
users wi
Marc Perkel wrote:
>
>
> SPF breaks email forwarding.
>
>
SPF breaks mail forwarding services that are unwilling to expend a
little effort to modify their MAIL FROM handling. There's documented
ways to do this, you're just unwilling, and instead you'll continue to
repeat this partial truth. (everyt
Justin Mason wrote on Mon, 27 Aug 2007 14:35:39 +0100:
> On the contrary, we in SpamAssassin find it useful.
I have to agree with Marc in this special case. It's not very useful. The
reason I think this is that the amount of domains that use SPF is scarce,
*really* scarce. I kept an eye on this
Justin Mason wrote:
Marc Perkel writes:
Jason Bertoch wrote:
I think it's safe to say I'm not in the minority when I receive
SPF-Compliant spam. I'm looking for opinions on what we can honestly
derive from such messages regarding the sending server's IP and the
sending address' domai
On Monday, August 27, 2007 9:27 AM Magnus Holmgren wrote:
> For spammers to be able to send SPF-authenticated spam using botnets,
> they usually have to authorize ridiculously large address blocks, for
> example with "+all" or "+a:0.0.0.0/2 +a:64.0.0.0/2 +a:128.0.0.0/2
> +a:192.0.0.0/2", so it's p
Hi to all,
I have a guest, that use an ADSL with Dynamic IP and is always spammed
by my spamassassin.
The guest is on my same domain. I receive normally only if I put that
address into whitelist.
I tried also, to give some ham including that address, but nothing change.
Always spammed as follow:
-
Marc Perkel writes:
> Jason Bertoch wrote:
> > I think it's safe to say I'm not in the minority when I receive
> > SPF-Compliant spam. I'm looking for opinions on what we can honestly
> > derive from such messages regarding the sending server's IP and the
> > sending address' domain name. Is it w
On Monday 27 August 2007 14:59, Jason Bertoch wrote:
> I think it's safe to say I'm not in the minority when I receive
> SPF-Compliant spam. I'm looking for opinions on what we can honestly
> derive from such messages regarding the sending server's IP and the sending
> address' domain name. Is it
Jason Bertoch wrote:
I think it's safe to say I'm not in the minority when I receive SPF-Compliant
spam. I'm looking for opinions on what we can honestly derive from such
messages regarding the sending server's IP and the sending address' domain name.
Is it wise to blacklist both, or is this y
David B Funk wrote:
On Sun, 26 Aug 2007, Marc Perkel wrote:
If you have one MX and you create a fake low MX and a fake high MX (or
many fake high MX) about 75% to 95% of your spam goes away. It's that
simple.
How do you deal with the false-positives, legit servers that are blocked
b
Jason Bertoch wrote:
> I think it's safe to say I'm not in the minority when I receive SPF-Compliant
> spam. I'm looking for opinions on what we can honestly derive from such
> messages regarding the sending server's IP and the sending address' domain
> name.
> Is it wise to blacklist both, or is
I think it's safe to say I'm not in the minority when I receive SPF-Compliant
spam. I'm looking for opinions on what we can honestly derive from such
messages regarding the sending server's IP and the sending address' domain name.
Is it wise to blacklist both, or is this yet another case where SP
On 27/08/07 12:19, martin f krafft wrote:
> also sprach mouss <[EMAIL PROTECTED]> [2007.08.26.1930 +0200]:
>> Indeed. reject != score. Moreover, I wouldn't put
>> - MX => private IP
>> - MX = "*.mx.*"
>
> Why *.mx.*?
>
> I happen to run all my MX as ?.mx.$my_domain and there is no reason
> why th
Hi List
I've asked this question on the MIMEDefang list, but on reflection and some
digging in the bugzilla, I think its probably a question for this list.
I'm using user prefs in a MySQL database and calling them through MIMEDefang
using 'load_scoresonly_sql($user)'. Currently I'm only adding re
Justin Mason wrote on Mon, 27 Aug 2007 10:27:03 +0100:
> > And as you mention, one would be crazy to download 3.003000.
>
> actually, I run 3.3.0 SVN trunk. works for me! ;)
Well, didn't he say one would need to be crazy ;-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Inter
also sprach mouss <[EMAIL PROTECTED]> [2007.08.26.1930 +0200]:
> Indeed. reject != score. Moreover, I wouldn't put
> - MX => private IP
> - MX = "*.mx.*"
Why *.mx.*?
I happen to run all my MX as ?.mx.$my_domain and there is no reason
why this should be indicative of anything.
--
martin;
On Sun, 26 Aug 2007, Dave Pooser wrote:
>
> Except that I can verify addresses after checking blacklists, RDNS and other
> checks to make dictionary attacks harder on the spammers. It may be possible
> to put ACLs on VRFY in Exim, but I haven't looked into it.
I don't believe dictionary attacks ar
1 - 100 of 105 matches
Mail list logo
