On Wed, 2 Apr 2008, Justin Mason wrote:
John Hardin writes:
On Tue, 1 Apr 2008, William Terry wrote:
Is there anything I can do to mitigate this?
Do you publish SPF records?
Logically this should have an effect, but in real-world terms, it
doesn't. So don't worry about it.
On
ram wrote:
On Wed, 2008-04-02 at 10:23 -0700, Kelson wrote:
ram wrote:
header __FROMOFFICE From =~/office/i
header __SUBOFFICE Subject =~/office/i
meta OFFICERULE (__FROMOFFICE || __SUBOFFICE )
score OFFICERULE 4.0
And don't forget to add word boundaries. You probably don't
Jo Rhett writes:
On Apr 1, 2008, at 3:14 PM, Justin Mason wrote:
Sorry, I don't the original messages any more. (I looked) But it
wouldn't surprise me if the /16 matched. The mail I send myself is
usually from Wifi or my phone carrier's GSM network, but accepted via
SMTP AUTH on the
Matus UHLAR - fantomas wrote:
On Wed, 2 Apr 2008, Justin Mason wrote:
John Hardin writes:
On Tue, 1 Apr 2008, William Terry wrote:
Is there anything I can do to mitigate this?
Do you publish SPF records?
Logically this should have an effect, but in
Jo Rhett wrote:
On Apr 1, 2008, at 3:14 PM, Justin Mason wrote:
Sorry, I don't the original messages any more. (I looked) But it
wouldn't surprise me if the /16 matched. The mail I send myself is
usually from Wifi or my phone carrier's GSM network, but accepted via
SMTP AUTH on the local
Yes, we have also seen it on many of our clients domains.
Vbounce helps.
--
Michael Scheidell, CTO
|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
Charter member, ICSA labs anti-spam consortium
On Thu, April 3, 2008 05:33, Bob Proulx wrote:
Who to forge? The answer is Everyone! Any address that can be
obtained from a spam-virus infected PC and any address that can be
harvested from a web page. Forge them all.
yes a big problem without spf
They are (mostly) valid email
Yes, we have also seen it on many of our clients domains.
On 03.04.08 14:09, Mark Martinec wrote:
Does anyone have operational experience with a scheme of labeling
envelope sender addresses to recognize legitimate bounces to own mail,
such as the BATV scheme (Bounce Address Tag Validation):
Yes, we have also seen it on many of our clients domains.
Same here.
Does anyone have operational experience with a scheme of labeling
envelope sender addresses to recognize legitimate bounces to own mail,
such as the BATV scheme (Bounce Address Tag Validation):
http://mipassoc.org/batv/
On 03.04.08 07:42, Michael Scheidell wrote:
Yes, we have also seen it on many of our clients domains.
Vbounce helps.
It seems that VBounce doesn't catch quite much of bounces. I was checking
bounces in our company's mailbox and bigger part of them didn't hit...
I hope that will get better.
I
Mark Martinec writes:
Yes, we have also seen it on many of our clients domains.
Same here.
Does anyone have operational experience with a scheme of labeling
envelope sender addresses to recognize legitimate bounces to own mail,
such as the BATV scheme (Bounce Address Tag Validation):
X-Spam-Status: No, score=-8.001 tagged_above=-20 required=5
tests=[BOTNET_SOHO=-2.5, MAILLISTS=-1.5, RCVD_IN_DNSWL_MED=-4,
SPF_PASS=-0.001]
Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
by gate.junc.org (Postfix) with SMTP id C1CC016F4AD
for [EMAIL
Benny Pedersen wrote:
X-Spam-Status: No, score=-8.001 tagged_above=-20 required=5
tests=[BOTNET_SOHO=-2.5, MAILLISTS=-1.5, RCVD_IN_DNSWL_MED=-4,
SPF_PASS=-0.001]
Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
by gate.junc.org (Postfix) with SMTP id C1CC016F4AD
ram wrote:
On Wed, 2008-04-02 at 10:23 -0700, Kelson wrote:
ram wrote:
header __FROMOFFICE From =~/office/i
header __SUBOFFICE Subject =~/office/i
meta OFFICERULE (__FROMOFFICE || __SUBOFFICE )
score OFFICERULE 4.0
And don't forget to add word boundaries. You probably
I'm considering a DNS list that would return strings as TXT records that
contain key words that classify the Forward Confirmed rDNS name based on
a number of flags. For example, if the host is yahoo.com it might
contain yellow freemail indicating that it is yellow listed (mixed
ham/spam) and
We just got hammered by something called trustedopinion.com with
invitations to visit their website. Nearly 100 of these invitations
sailed right through SpamAssassin with the help of two extraordinarily
favorable rules:
-8.0 HABEAS_ACCREDITED_COI RBL: Habeas Accredited Confirmed Opt-In or
On Thu, 3 Apr 2008, Fletcher Mattox wrote:
Surely such trust in them is misplaced? At a minimum, I can guarantee
they are *not* Opt-In or Better.
So register complaints with Habeas and SenderScore and get their
accreditations/certifications pulled.
--
John Hardin KA7OHZ
Hi Mark,
At 05:09 03-04-2008, Mark Martinec wrote:
Does anyone have operational experience with a scheme of labeling
envelope sender addresses to recognize legitimate bounces to own mail,
such as the BATV scheme (Bounce Address Tag Validation):
http://mipassoc.org/batv/
While reading the maillog I found the following errors and wasent sure if it
was coming from SpamAssasin or not. But the error keeps repeating over and
over any ideas?. I'm running SpamAssassin 3.2.3 on CEntOS and was installed
using the Blue Quartz management GUI.
THanks in advanced!
Apr 3
mouss wrote:
...
The approach is flawed. a single word shouldn't be enough to tag mail as
spam.
Furthermore, even checking for word boundaries may not help a lot on the
OEM spammers. Several of them do quite a bit of obfuscation work to
try to bypass simple filtering that the OP is
On Thu, Apr 03, 2008 at 08:58:28AM -0700, John Hardin wrote:
So register complaints with Habeas and SenderScore and get their
accreditations/certifications pulled.
... and also costing the sending company money, since they hit BSP.
--
Randomly Selected Tagline:
Hermes to Bender: What did you
egrossKintera wrote:
Another rule I found confusing was:
0.4 HTML_60_70 BODY: Message is 60% to 70% HTML
versus
0.9 HTML_40_50 BODY: Message is 40% to 50% HTML
I cleaned up an email template for a client, so the code was more
streamlined and had less HTML (keeping the
On Thu, Apr 03, 2008 at 11:44:13AM -0700, Evan Platt wrote:
0.4 HTML_60_70 BODY: Message is 60% to 70% HTML
0.9 HTML_40_50 BODY: Message is 40% to 50% HTML
I cleaned up an email template for a client, so the code was more
streamlined and had less HTML (keeping the
Marc Perkel wrote:
Who likes this idea?
The only way a list is really useful (for fighting spam) is when you
publish 1) how it is collected and 2) what the list-criteria are.
IMHO.
/Per Jessen, Zürich
I'm having a similar problem with understanding SpamAssassin scores and
rules. I have searched and searched for specific explanations of them, but
have had very little luck. The links you provided are a start, but there is
no real explanation for people trying to code emails and eNewsletters.
I'd agree it's useful - the more info the better - Did you already write
a spamassassin plugin or are you saying someone needs to?
Steve Radich - http://www.aspdeveloper.net /
http://www.virtualserverfaq.com
BitShop, Inc. - Development, Training, Hosting, Troubleshooting -
http://www.bitshop.com
I'm not saying anything positive or negative about the different lists,
but there's a long precedent of doing this type of thing w/ bits in a
standard DNS response. Look at SURBL and URIBL, for example -- a single
response encodes multiple individual list entries, and there's no special
code that
I can't seem to catch these emails with blank bodies. I upped the
BLANK_LINES_80_90 score to 3 but the email below didn't get a hit off the rule.
Is there another rule that I don't know about that is designed for
blank message bodies?
Thanks in advance on this one. These things have been
At 11:38 03-04-2008, egrossKintera wrote:
I'm having a similar problem with understanding SpamAssassin scores and
rules. I have searched and searched for specific explanations of them, but
have had very little luck. The links you provided are a start, but there is
no real explanation for people
Ed Kasky wrote:
I can't seem to catch these emails with blank bodies. I upped the
BLANK_LINES_80_90 score to 3 but the email below didn't get a hit off
the rule.
Is there another rule that I don't know about that is designed for
blank message bodies?
Thanks in advance on this one. These
On Thu, 3 Apr 2008, Ed Kasky wrote:
X-Spam-Status: No, score=5.3 required=6.9 tests=BAYES_99,HTML_MESSAGE,
RDNS_DYNAMIC,SARE_OBFU_MILLIONS autolearn=no version=3.2.4
How did it hit SARE_OBFU_MILLIONS with a blank body?
--
John Hardin KA7OHZ
On Thu, 3 Apr 2008 at 16:12 -0400, [EMAIL PROTECTED] confabulated:
the attached email is one of the mails that keeps slipping through.
I have no idea what it says, or why it continues to slip through my filter
(well why it has a lower score than what's required).
kmail runs spamassassin -L
On Thu, 3 Apr 2008, Caleb Cushing wrote:
the attached email is one of the mails that keeps slipping through.
Please don't send 300kb attachments to a mailing list. Post the message
headers and body to a website you control (or use a service like pastebin)
if you wish to provide a sample.
How do I unsubscribe from here? There are no unsubscribe links at the
bottom of these messages.
On Thu, Apr 3, 2008 at 4:12 PM, Caleb Cushing [EMAIL PROTECTED]
wrote:
the attached email is one of the mails that keeps slipping through.
I have no idea what it says, or why it continues to slip
At 01:29 PM Thursday, 4/3/2008, John Hardin wrote -=
On Thu, 3 Apr 2008, Ed Kasky wrote:
X-Spam-Status: No, score=5.3 required=6.9 tests=BAYES_99,HTML_MESSAGE,
RDNS_DYNAMIC,SARE_OBFU_MILLIONS autolearn=no version=3.2.4
How did it hit SARE_OBFU_MILLIONS with a blank body?
I wish I
--
Michael Scheidell, CTO
|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
Charter member, ICSA labs anti-spam consortium
From: Mark Martinec [EMAIL PROTECTED]
Organization: J. Stefan Institute
Date: Thu, 3 Apr 2008 14:09:51
just a hint for those who use blogspot rules:
the uri scheme changed to a random number/character combination.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
On 01.04.08 17:20, Arvid Ephraim Picciani wrote:
actually i mean SORBS and NJABL. they matched the sender.
if we are still talking about mail from 66-211-213-17.velocity.net
[66.211.213.17], they were not matched by any dynamic lists.
sender! not the relay. the realy matching DRNS_DYNAMIC
SM wrote:
The rules catch spam. If your email isn't spam, you shouldn't be
matching the rules. Even if you do hit an occasional rule, unless your
email actually is spam, it shouldn't score high enough to be a problem.
If you are looking for an explanation on how to bypass the rules, you
On Thu, 3 Apr 2008, Michael Scheidell wrote:
I say death penalty to spammers.
That's going to be the only truly effective solution.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79
On Thu, 3 Apr 2008 at 16:51 -0400, [EMAIL PROTECTED] confabulated:
How do I unsubscribe from here? There are no unsubscribe links at the
bottom of these messages.
As found in the headers of ALL list messages:
list-unsubscribe: mailto:[EMAIL PROTECTED]
At 13:51 03-04-2008, Matt wrote:
How do I unsubscribe from here? There are no unsubscribe links at
the bottom of these messages.
The links are in the message headers.
list-help: mailto:[EMAIL PROTECTED]
list-unsubscribe: mailto:[EMAIL PROTECTED]
Regards,
-sm
On Thu, 3 Apr 2008 at 17:00 -0400, [EMAIL PROTECTED] confabulated:
On Thursday 03 April 2008 04:32:40 pm you wrote:
Most of those are getting caught here. Here is what your message scored:
any way to increase the score that language receives?
I have the same:
ok_languages en
I also
mouss wrote:
The approach is flawed. a single word shouldn't be enough to tag mail as
spam.
As a general rule, yes 100% agree...but to play devil's advocate for a
second, I slam any message that contains references to a little blue
pill starting with V and sounding like a play on Niagara
On Thursday 03 April 2008 06:16:51 pm D Hill wrote:
I also have:
ok_locales en
will add
In your headers, I didn't see UNWANTED_LANGUAGE_BODY. Do you have the
TextCat plugin enabled/loaded? In my install, it is found in:
/etc/mail/spamassassin/v310.pre
This is actually the default
On Thu, 2008-04-03 at 16:12 -0400, Caleb Cushing wrote:
I have no idea what it says, or why it continues to slip through my filter
(well why it has a lower score than what's required).
kmail runs spamassassin -L with filters to check for spam
^^
You are explicitly
On Thu, 2008-04-03 at 18:33 -0400, Caleb Cushing wrote:
On Thursday 03 April 2008 06:16:51 pm D Hill wrote:
ok_locales en
will add
Which doesn't help in this case. ok_locales is about the charsets [1],
and your spample does indeed use a Western character set (aka en in
ok_locales terms).
Ed Kasky wrote:
At 01:29 PM Thursday, 4/3/2008, John Hardin wrote -=
On Thu, 3 Apr 2008, Ed Kasky wrote:
X-Spam-Status: No, score=5.3 required=6.9 tests=BAYES_99,HTML_MESSAGE,
RDNS_DYNAMIC,SARE_OBFU_MILLIONS autolearn=no version=3.2.4
How did it hit SARE_OBFU_MILLIONS with a blank
Hi, everybody (but specially developers). I've been running a sitewide
Bayes setup for almost three years, with a wonderful result. Along
with that, I report spam messages to my local spamassassin setup (and
some to spamcop) via a web interface (embedded in our Webmail).
From the last training
Theo Van Dinter wrote:
I'm not saying anything positive or negative about the different lists,
but there's a long precedent of doing this type of thing w/ bits in a
standard DNS response. Look at SURBL and URIBL, for example -- a single
response encodes multiple individual list entries, and
On Thursday 03 April 2008 07:44:04 pm Karsten Bräckelmann wrote:
Yes, you have -- by calling spamassassin with he -L switch. See my
previous post.
I'll have to check and see why kmail has that as the default. enabling RBL's
doesn't have to query them everytime does it? meaning does it cache
On Thursday 03 April 2008 07:43:58 pm Karsten Bräckelmann wrote:
Also, there are constraints like a minimum spam *and* ham learned,
before Bayes kicks in, yada yada -- but you appear to have resolved that
already judging by your later post.
what's the minimum?
--
Caleb Cushing
my blog
At 05:21 PM Thursday, 4/3/2008, Matt Kettler wrote -=
Ed Kasky wrote:
At 01:29 PM Thursday, 4/3/2008, John Hardin wrote -=
On Thu, 3 Apr 2008, Ed Kasky wrote:
X-Spam-Status: No, score=5.3 required=6.9 tests=BAYES_99,HTML_MESSAGE,
RDNS_DYNAMIC,SARE_OBFU_MILLIONS autolearn=no
what's the minimum?
By default 200 of each. It can be changed, but that isn't a good idea.
Loren
I'll have to check and see why kmail has that as the default. enabling
RBL's
doesn't have to query them everytime does it? meaning does it cache them.
No, SA doesn't cache them, and does test them every time. Running a caching
DNS server somewhere near the SA machine (possibly on the same
55 matches
Mail list logo
