On May 28, 2008, at 10:38 AM, Rocco Scappatura wrote:
Hello,
Hello,
I'm using SA with SQL support under Amavid-new. My DBMS is MySQL.
I 'm preparing one another Antispam server and I ve installed the
latest stable software available.
I ve dumped bayes DB (schema + data) from
Joseph Brennan wrote:
Just a few months ago we did not get much spam at all from gmail.
Something changed.
On 28.05.08 20:24, Bob Proulx wrote:
One change seems to be that Google's captcha has been broken.
http://www.google.com/search?q=google+captcha+broken
don't they block found
We are getting lot of unmarked spam. The header is as follows:
From: Feed Blaster
To: [EMAIL PROTECTED]
Subject: Feed Blaster puts your ad right to the screens of millions in
15 Minutes !
Date: 26 May 2008 21:42:41 -0700
Message-ID: [EMAIL PROTECTED]
And the message contains:
More and more
Randy Ramsdell wrote:
How so? How does spamassassin URI check determine Kuxun.cn in a URI
as opposed to someone who forgot to add a space after a sentence end?
Well, CN is a rather strange word to start a sentence with, but it
doesn't know the difference between an intentional domain and a
On Thu, 2008-05-29 at 11:52 +0100, Sujit Acharyya-Choudhury wrote:
We are getting lot of unmarked spam. The header is as follows:
From: Feed Blaster
To: [EMAIL PROTECTED]
Subject: Feed Blaster puts your ad right to the screens of millions in
15 Minutes !
Date: 26 May 2008 21:42:41 -0700
Please do remember that I am in no way trying to stop or hinder
you in implementing your fix. The fact that I have other
suggestions does not mean that I'm opposing you.
Jo Rhett wrote:
I don't trust my users in this context.
Nothing I said implied or required trust in your users.
A lot
Greg Troxel wrote:
In my SA stats, the majority (+90%) of email inbound is classified as
rdns_none.
I have a suspicion that this is due to the IPv6-IPv4 mapped address
being written into the headers when I am speaking to a non-native IPv6
MTA:
Received: from unknown (HELO
As requested full header is as follows:
Microsoft Mail Internet Headers Version 2.0
Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by
isls-exch-be-1.intranet.wmin.ac.uk with Microsoft
SMTPSVC(6.0.3790.3959);
Tue, 27 May 2008 05:42:34 +0100
Received: from [124.236.241.119]
Received: from unknown (HELO mail.apache.org) (:::140.211.11.2)
by pearl.ibctech.ca with SMTP; 28 May 2008 09:13:00 -
Can someone inform me if this is an SA thing, and if so, where to
begin looking/testing with the source to correct this issue?
The Received headers are parsed in
Hmmm...just out of curiosity, what is the first entry below used for, if
Resolver.pm is used for header checks?
pearl# locate Resolver.pm
/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm
/usr/local/lib/perl5/site_perl/5.8.8/mach/Net/DNS/Resolver.pm
...nevermind, sorry
On Thu, May 29, 2008 15:15, Sujit Acharyya-Choudhury wrote:
As requested full header is as follows:
Microsoft Mail Internet Headers Version 2.0
Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by
isls-exch-be-1.intranet.wmin.ac.uk with Microsoft
SMTPSVC(6.0.3790.3959);
Tue, 27
On Thu, May 29, 2008 15:15, Sujit Acharyya-Choudhury wrote:
As requested full header is as follows:
Microsoft Mail Internet Headers Version 2.0
Received: from isls-mx20.wmin.ac.uk ([161.74.14.113]) by
isls-exch-be-1.intranet.wmin.ac.uk with Microsoft
SMTPSVC(6.0.3790.3959);
I've added debugging code to new_dns_packet() and bgsend()
(DnsResolver.pm) to print out $host, $type and $class to a log file.
What I found is that the mapped address entries are not even seen by
DnsResolver.pm at all, hence, there is no DNS lookup even attempted on them.
I'm off to find
Steve Bertrand wrote:
I've added debugging code to new_dns_packet() and bgsend()
(DnsResolver.pm) to print out $host, $type and $class to a log file.
What I found is that the mapped address entries are not even seen by
DnsResolver.pm at all, hence, there is no DNS lookup even attempted on
First, I would advise you not to use mapped addresses unless you really
need to use them. On BSD, there's a sysctl to control whether v4
connections will match v6 sockets:
net.inet6.ip6.v6only = 1
Best practice seems to be to have daemons open a v4 and v6 socket
separately, and avoid mapped
Hello,
Did anyone experience razor timeout today ? I saw my spools grew and
grew up, and saw that spamassassin took very long time to check
messages. I tried to disable plugin after plugin and saw that the
problem came from razor.
Any feedback would be appreciate.
Tanks by advance.
Sébastien AVELINE wrote:
Hello,
Did anyone experience razor timeout today ? I saw my spools grew and
grew up, and saw that spamassassin took very long time to check
messages. I tried to disable plugin after plugin and saw that the
problem came from razor.
Any feedback would be appreciate.
Lukas Garberg a écrit :
Sébastien AVELINE wrote:
Hello,
Did anyone experience razor timeout today ? I saw my spools grew and
grew up, and saw that spamassassin took very long time to check
messages. I tried to disable plugin after plugin and saw that the
problem came from razor.
Any
I now have a name based DNS lookup for freemail domains. If anyone finds
this useful let me know.
example:
dig yahoo.com.freemaildomains.junkemailfilter.com
I've also created a DNS based list of domains that provide consumer
dynamic IP address space. I'm using this list internally but thought I'd
make it public in case others can use it.
Trying to inspire innovation.
Example:
dig comcast.com.isphosts.junkemailfilter.com
This list was created by
Marc Perkel wrote:
I've also created a DNS based list of domains that provide consumer
dynamic IP address space. I'm using this list internally but thought
I'd make it public in case others can use it.
Trying to inspire innovation.
Example:
dig comcast.com.isphosts.junkemailfilter.com
This
On Thu, May 29, 2008 20:52, Marc Perkel wrote:
Here's my list in dnsrbl format. I only do rsync so far to paid
subscribers or people who I'm trading with.
could you atleast stop posting html on maillist ?
the list is around 60k and the recieved email here is doubled to 129k ://
Benny
I just got an email that hit the following:
* 2.0 SPOOF_COM2OTH URI: URI contains .com in middle
* 2.3 SPOOF_COM2COM URI: URI contains .com in middle and end
* 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
* 2.5 SARE_SPOOF_COM2COM URI: a.com.b.com
Did the SARE_SPOOF rules get included in the
From: Bowie Bailey [EMAIL PROTECTED]
Date: Thu, 29 May 2008 15:25:36 -0400
To: Spamassassin List (E-mail) users@spamassassin.apache.org
Subject: SARE_SPOOF included in base rules?
SPOOF_COM2OTH
Been a couple of weeks I think. You are running sa-update, right. I
remember seeing that
We are getting lot of unmarked spam. The header is as follows:
From: Feed Blaster
To: [EMAIL PROTECTED]
Subject: Feed Blaster puts your ad right to the screens of millions in
15 Minutes !
Date: 26 May 2008 21:42:41 -0700
Message-ID: [EMAIL PROTECTED]
Reject if the From field has no @ in it.
On Thu, May 29, 2008 21:52, Joseph Brennan wrote:
Reject if the From field has no @ in it. That knocked out the
one (1) of these that we saw here yesterday.
the from was not envelope sender, but yes one could make a header rule for
this in spamassassin :-)
postfix cant see the From: in
Marc Perkel wrote:
Here's my list in dnsrbl format. I only do rsync so far to paid
subscribers or people who I'm trading with.
snip
Dude. Seriously. The data is appreciated but next time please post it
on a website or something. Your mail pissed off my smart phone! It
might not be the
Matus UHLAR - fantomas wrote:
I think it's more about spammers, law and security of (mostly) home
computers. In my employer's company we also notice spam increase from our
network etc. and google as free mail provider is also just the victim.
Victims? IMNTBHO, if a company is going to provide
How can I set-up a whitelist via MySql.so SA does not check those
addresses that are legit. Any help will much appreciated.
Jeremy Davila
Systems Administrator
Direct: 646-205-2136
The LanguageWorks, Inc.
1123 Broadway, Suite 201
New York, NY 10010
The LanguageWorks, Inc. is an ISO
On Thu, 29 May 2008, [EMAIL PROTECTED] wrote:
How can I set-up a whitelist via MySql.so SA does not check those
addresses that are legit. Any help will much appreciated.
If you don't want SA to check legit addresses, then you need to
whitelist them in whatever passes the message to SA
Blaine Fleming wrote:
Marc Perkel wrote:
Here's my list in dnsrbl format. I only do rsync so far to paid
subscribers or people who I'm trading with.
snip
Dude. Seriously. The data is appreciated but next time please post
it on a website or something. Your mail pissed off my smart phone!
Marc Perkel wrote:
I've also created a DNS based list of domains that provide consumer
dynamic IP address space. I'm using this list internally but thought I'd
make it public in case others can use it.
Trying to inspire innovation.
Example:
dig comcast.com.isphosts.junkemailfilter.com
This
We use exim as a MTA. But our legit e-mail get tagged as spam . So I
wanted to dump our frequent e-mailers and pump into MySql so they can get
bypassed. I am using the whitelist_from email command in the local.cf
file. and that has over 12K entries . The legit email addresses that I
specified
Ken A wrote:
Marc Perkel wrote:
I've also created a DNS based list of domains that provide consumer
dynamic IP address space. I'm using this list internally but thought
I'd make it public in case others can use it.
Trying to inspire innovation.
Example:
dig
On Thu, 29 May 2008, Ken A wrote:
http://www.rhyolite.com/anti-spam/you-might-be.html
So how is a proponent of the Hunt down and kill spammers very messily
FUSSP classified?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174
On Thu, 29 May 2008, [EMAIL PROTECTED] wrote:
We use exim as a MTA. But our legit e-mail get tagged as spam. So I
wanted to dump our frequent e-mailers and pump into MySql so they can get
bypassed. I am using the whitelist_from email command in the local.cf
file. and that has over 12K entries
mouss wrote:
are you using an old imode phone :) The message was about 125Ko.
That's less than a small photo (I say this because that's what a
smartphone is for, no?).
Samsung SCH-i760 on Verizon that takes forever to download mail so when
something longer than about 4k comes in it takes a
John Hardin wrote:
So how is a proponent of the Hunt down and kill spammers very
messily FUSSP classified?
In the US, they would be classified as a felon.
--Blaine
On Thu, 29 May 2008, Blaine Fleming wrote:
John Hardin wrote:
So how is a proponent of the Hunt down and kill spammers very
messily FUSSP classified?
In the US, they would be classified as a felon.
Nah, I think that one falls under praiseworthy.
--
John Hardin KA7OHZ
39 matches
Mail list logo
