Skip wrote:
mouss wrote:
Jason Haar wrote:
Karsten Bräckelmann wrote:
uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i
That won't stop "blah.exe?token=cookie". Web servers will still
return "blah.exe" (and the attacker can trackback who clicked on it
too that way! ;-)
How ab
mouss wrote:
Jason Haar wrote:
Karsten Bräckelmann wrote:
uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i
That won't stop "blah.exe?token=cookie". Web servers will still
return "blah.exe" (and the attacker can trackback who clicked on it
too that way! ;-)
How about
uri EXE
On Wed, 2008-08-27 at 23:05 -0500, Curtis LaMasters wrote:
> @Andy - I was able to parse the script that you sent me to which had
> neither my problem nor my solution
Actually it DID contain your problem AND the solution:
# Version 1.31 NOTICE! Rules du jour is no longer being maintained. As
the
On Wed, 2008-08-27 at 18:34 -0700, John Hardin wrote:
> On Thu, 28 Aug 2008, Michael Hutchinson wrote:
>
> > I would be hoping to match the same sort of URL:
> > http://ns1.shinwa-com.co.jp/~denso/card.exe
> >
> > But only match it from the last trailing / character. In other words, if
> > the me
On Thu, 2008-08-28 at 14:18 +1200, Jason Haar wrote:
> Karsten Bräckelmann wrote:
> >
> > uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i
>
> That won't stop "blah.exe?token=cookie". Web servers will still return
> "blah.exe" (and the attacker can trackback who clicked on it too that
On Thu, 2008-08-28 at 08:41 -0700, Marc Perkel wrote:
> Here's something I threw together to make sure the /etc/resolv.conf
> points to a working nameserver. I run this once a minute. It checks to
> see what name servers are up and creates /etc/resolv.conf. As you all
> know SA and mail servers
> >On 28.08.08 08:41, Marc Perkel wrote:
> >
> >>Here's something I threw together to make sure the /etc/resolv.conf
> >>points to a working nameserver.
> Matus UHLAR - fantomas wrote:
> >do you have problems with nameservers? Do you run own one?
> >
> >I guess that setting timeout, rotate and
* Marc Perkel <[EMAIL PROTECTED]>:
>
>
> Ralf Hildebrandt wrote:
>> * Matus UHLAR - fantomas <[EMAIL PROTECTED]>:
>>
>>
>>> I guess that setting timeout, rotate and attempts options in resolv.conf
>>> could help you more than such script
>>>
>>
>> Nice tip, but there's no option that will "
Ralf Hildebrandt wrote:
* Matus UHLAR - fantomas <[EMAIL PROTECTED]>:
I guess that setting timeout, rotate and attempts options in resolv.conf
could help you more than such script
Nice tip, but there's no option that will "back off" from a dead DNS.
Of course timeout/attempts and ro
Matus UHLAR - fantomas wrote:
We have 4 DNS servers behind L3 switch
that monitors DNS servers...
This script is a poor man's L3 switch. :)
> * Matus UHLAR - fantomas <[EMAIL PROTECTED]>:
>
> > I guess that setting timeout, rotate and attempts options in resolv.conf
> > could help you more than such script
On 28.08.08 18:05, Ralf Hildebrandt wrote:
> Nice tip, but there's no option that will "back off" from a dead DNS.
> Of course ti
Matus UHLAR - fantomas wrote:
On 28.08.08 08:41, Marc Perkel wrote:
Here's something I threw together to make sure the /etc/resolv.conf
points to a working nameserver.
do you have problems with nameservers? Do you run own one?
I guess that setting timeout, rotate and attempts option
Marc
So what happens if you run a local nameserver in caching mode? You may find
this reduces the DNS related query time (and for that matter overall SA
processing) dramitcally).
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -Original Message-
* Matus UHLAR - fantomas <[EMAIL PROTECTED]>:
> I guess that setting timeout, rotate and attempts options in resolv.conf
> could help you more than such script
Nice tip, but there's no option that will "back off" from a dead DNS.
Of course timeout/attempts and rotate will help a bit.
--
Ralf Hi
On 28.08.08 08:41, Marc Perkel wrote:
> Here's something I threw together to make sure the /etc/resolv.conf
> points to a working nameserver.
do you have problems with nameservers? Do you run own one?
I guess that setting timeout, rotate and attempts options in resolv.conf
could help you more th
On Thu, 28 Aug 2008, John Hardin wrote:
On Thu, 28 Aug 2008, Marc Perkel wrote:
echo > > /etc/resolv.tmp
That space between the >s is going to cause problems.
...WTF? Never mind, PINE betrayed me by reformatting those lines for some
reason.
--
John Hardin KA7OHZhtt
On Thu, 28 Aug 2008, Marc Perkel wrote:
echo > > /etc/resolv.tmp
That space between the >s is going to cause problems.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4
Marc Perkel wrote:
Here's something I threw together to make sure the /etc/resolv.conf
points to a working nameserver. I run this once a minute. It checks to
see what name servers are up and creates /etc/resolv.conf. As you all
know SA and mail servers need the first nameserver to always be w
Here's something I threw together to make sure the /etc/resolv.conf
points to a working nameserver. I run this once a minute. It checks to
see what name servers are up and creates /etc/resolv.conf. As you all
know SA and mail servers need the first nameserver to always be working.
#!/bin/bash
> -Original Message-
> From: Len Conrad [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 28, 2008 10:43 AM
> To: users@spamassassin.apache.org
> Subject: UltraDNS.net?
>
> I'd say UltraDNS should consider getting out of the mail
> business. We're considering a hard block on them for a l
On Thu, 28 Aug 2008, Michael Hutchinson wrote:
Why do you care about the part before the period? You don't like
card.exe but you trust card1.exe?
Good point, but I wouldn't like to block all .exe's. Our local users
wont bother zipping stuff and will complain. I was going to be happy
with jus
Traffic from UltraDNS.net PTRs has been suspect, but I never really
looked at them until today.
The following stats are from one of two equal preference secondary
MXs, where there are 3 equal preference primary MXs active. The
quality of the secondary traffic is extremely low. The overwhelm
Am 2008-08-15 17:22:46, schrieb Gene Heskett:
> On Friday 15 August 2008, Luis Hernán Otegui wrote:
> >Count me in! I know where some local spammers live, I can get a .275
> >sniper rifle from one on my friends, and I have Jui Jitsu training!
> >
> A .275"?, must be a pretty tight barrel for most 2
Am 2008-08-18 13:46:56, schrieb [EMAIL PROTECTED]:
> Hello,
> Long time SA user here. I have googled much for an answer for this. I have a
> few email addresses that are clearly now spam only. I would like to
> blacklist them and use them as a honeypot to help train my Bayes through
> autolearn, do
Lars Ebeling wrote:
Dear All,
what does the different scores mean in this example:
RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
the TFM is a good reading!
$ man Mail::SpamAssassin::Conf
also available on the web:
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html
Search
On 28.08.08 13:34, Lars Ebeling wrote:
> what does the different scores mean in this example:
>
> RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
I think it's described in the documentation... have you read it?
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#item_score_symbolic_
Dear All,
what does the different scores mean in this example:
RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558
--
Regards
Lars Ebeling
http://leopg9.no-ip.org
Hobbithobbyist
"I am not young enough to know everything."
-- Oscar Wilde
patrickbaer wrote:
Hi Martin,
thank you for the info.
So what I can see, Spamassassin is merely a perl module used by amavisd,
right? If I install the new version, it will just replace the old module and
add some little gadgets like sa-update?
you should upgrade both spamassassin and amavi
28 matches
Mail list logo