Re: Spamc

Eduardo Júnior wrote: Hi, I'm configuring the spamassassin + postfix. I´ve done the follow modifications in /etc/postfix/master.cf : smtp inet n - n - - smtpd -o content_filter=spamd spamd unix - n n - - pipe user=spam argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -o

Spamc

Hi, I'm configuring the spamassassin + postfix. I´ve done the follow modifications in /etc/postfix/master.cf: smtp inet n - n - - smtpd -o content_filter=spamd spamd unix - n n - - pipe user=spam argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} However, when i

Re: disabling rfci (dns_from_rfc*)

Michael Scheidell wrote: header DNS_FROM_RFC_DSN eval:check_rbl_sub('rfci_envfrom', '127.0.0.2') header DNS_FROM_RFC_BOGUSMX eval:check_rbl_sub('rfci_envfrom', '127.0.0.8') header __DNS_FROM_RFC_POST eval:check_rbl_sub('rfci_envfrom', '127.0.0.3') header __DNS_FROM_RFC_ABUSE

RE: Spam flooding recent days

> From: Michał Jęczalik [mailto:[EMAIL PROTECTED] > Subject: Spam flooding recent days > > Hello, > > I've noticed a huge increase of spam rate in past 2-3 weeks. Most of it > are messages with some quite normal Subject:, often (but not > neccesarily) > referring to some fake event (i.e. some polit

Re: [OT] Odd spammer tactic?

On Tue, Jul 22, 2008 at 12:00 PM, Bob McClure Jr <[EMAIL PROTECTED]> wrote: > If I may extend this OT thread, I'd like to know how draconian admins > get with their mail servers. Without considering RBLs, how much do > you limit client connections: > > Allow only those with (PTR and/or A) DNS rec

Re: [OT] Odd spammer tactic?

On Tue, Jul 22, 2008 at 08:38:09PM +0200, mouss wrote: > Bob McClure Jr wrote: > >On Tue, Jul 22, 2008 at 11:37:39AM -0400, Kevin Parris wrote: > >> > >> > >>The spammers are spending other people's money, since much of their > >>"work" is done by hijacked machines, thus they do not care how > >>'e

Re: sa-learn and delete email

Im using freebsd, postfix and spamassassin. I made a script that runs once every night and scans my imap spam folder for emails and if there is any i run sa-learn --spam on the email. My question is, after i scan the email, can i delete the email? Sure, just put it into your script to delete t

sa-learn and delete email

Hi, Im using freebsd, postfix and spamassassin. I made a script that runs once every night and scans my imap spam folder for emails and if there is any i run sa-learn --spam on the email. My question is, after i scan the email, can i delete the email? / Ebbe

Re: [OT] Odd spammer tactic?

On Tue, 2008-07-22 at 11:37 -0400, Kevin Parris wrote: > I believe that until a technique is discovered to eliminate ignorance and > gullibility from the human population, there will be no solution to the spam > problem. Nah, spammers just need to start dying messy, well-publicised deaths. Th

Re: [OT] Odd spammer tactic?

Bob McClure Jr wrote: On Tue, Jul 22, 2008 at 11:37:39AM -0400, Kevin Parris wrote: The spammers are spending other people's money, since much of their "work" is done by hijacked machines, thus they do not care how 'expensive' their project might be, and any responses they do get are practical

Re: Incorrect DNSBL evaluation

Thank you for the explanation of the output. Basically it says the same as the host command before, if I understand this right, and doesn't explain the observed SA behaviour. -- Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]> Visit my web laboratory at http://beta.unclassified.de

Re: [OT] Odd spammer tactic?

Ramprasad wrote: Marc Perkel wrote: There's people out there who are better and faster programmers than I am. I need a simple utility written We can post it on the SA Wiki when we're done. I don't care what it's written in but I'm thinking that xinetd might be easiest. What I want is somethi

Re: Incorrect DNSBL evaluation

On 21.07.2008 23:36 CE(S)T, Karsten Bräckelmann wrote: OK, I told you to check previously received mail for the same broken URIBL hit pattern. So you could just have a look at the X-Spam headers using your MUA. Probably the easiest method anyway, just to spot a few other mails showing the same pa

Re: Incorrect DNSBL evaluation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yves Goergen schrieb: |> $ dig @213.133.100.100 unclassified.de.multi.uribl.com A | | ; <<>> DiG 9.2.4 <<>> @213.133.100.100 unclassified.de.multi.uribl.com A | ;; global options: printcmd | ;; Got answer: | ;; ->>HEADER<<- opcode: QUERY, status: N

Re: [OT] Odd spammer tactic?

Jonas - thanks for your code. I ran it on one of my name servers that is the name server for several hundred domains. Unfortunately in the last hour only 3 IP addresses have hit trying to talk to port 25. So this isn't turning out to be the wellspring of blacklist data I had hoped it would be.

Re: Incorrect DNSBL evaluation

On 22.07.2008 06:28 CE(S)T, Dallas Engelken wrote: Every Hetzner customer using the same DNS by default? Yeah, that indeed looks like these DNS servers are being blocked by the BL operators (see my previous post). Most likely not only URIBL, but every major BL out there... No, there are those N

Re: [OT] Odd spammer tactic?

On Tue, Jul 22, 2008 at 11:37:39AM -0400, Kevin Parris wrote: > > > The spammers are spending other people's money, since much of their > "work" is done by hijacked machines, thus they do not care how > 'expensive' their project might be, and any responses they do get > are practically pure profi

Re: [OT] Odd spammer tactic?

Quoting Marc Perkel <[EMAIL PROTECTED]>: Ramprasad wrote: I don't care what it's written in but I'm thinking that xinetd might be easiest. What I want is something to record the IP address of any host connection to port 25. Then going to need it to run a one line script file that runc

Re: [OT] Odd spammer tactic?

Marc Perkel wrote: I don't care what it's written in but I'm thinking that xinetd might be easiest. What I want is something to record the IP address of any host connection to port 25. You don't really need to accept the connection. Just logging connection attenmpts should be enough. As an

Re: [OT] Odd spammer tactic?

Spammers operate on the premise that lots of stupid people read email. For example, only stupid people would actually respond to an offer to sell medications, from a service that does not spell the product name correctly (they are either too stupid to recognize the deviant spelling even though

Re: [OT] Odd spammer tactic?

Ramprasad wrote: Marc Perkel wrote: There's people out there who are better and faster programmers than I am. I need a simple utility written We can post it on the SA Wiki when we're done. I don't care what it's written in but I'm thinking that xinetd might be easiest. What I want is somet

Re: unresolved_template?

> From: Karsten Bräckelmann <[EMAIL PROTECTED]> > Date: Tue, 22 Jul 2008 14:30:29 +0200 > To: > Subject: Re: unresolved_template? > > On Tue, 2008-07-22 at 07:57 -0400, Michael Scheidell wrote: >> SA 3.25, running sa-update daily. >> got a fp on 'unresolved_template'. describe says 'unresolved_

Re: unresolved_template?

On Tue, 2008-07-22 at 07:57 -0400, Michael Scheidell wrote: > SA 3.25, running sa-update daily. > got a fp on 'unresolved_template'. describe says 'unresolved_template > in headers' > > here are headers. where is the unresolved_template? Oh, come on, Michael, I know you could have tracked this

disabling rfci (dns_from_rfc*)

header DNS_FROM_RFC_DSN eval:check_rbl_sub('rfci_envfrom', '127.0.0.2') header DNS_FROM_RFC_BOGUSMX eval:check_rbl_sub('rfci_envfrom', '127.0.0.8') header __DNS_FROM_RFC_POST eval:check_rbl_sub('rfci_envfrom', '127.0.0.3') header __DNS_FROM_RFC_ABUSE eval:check_rbl_sub('rfci

unresolved_template?

SA 3.25, running sa-update daily. got a fp on 'unresolved_template'. describe says 'unresolved_template in headers' here are headers. where is the unresolved_template? From - Tue Jul 22 07:46:12 2008 X-Mozilla-Status: 0001 X-Mozilla-Status2: Received: from mail.secnap.net (mail.se

Re: [OT] Odd spammer tactic?

Marc Perkel wrote: There's people out there who are better and faster programmers than I am. I need a simple utility written We can post it on the SA Wiki when we're done. I don't care what it's written in but I'm thinking that xinetd might be easiest. What I want is something to record the I

Re: [OT] Odd spammer tactic?

There's people out there who are better and faster programmers than I am. I need a simple utility written We can post it on the SA Wiki when we're done. I don't care what it's written in but I'm thinking that xinetd might be easiest. What I want is something to record the IP address of any hos