Hi all,
this mail:
Subject: Die E-Mail Adresse [EMAIL PROTECTED] wird gesperrt
Body:
Sehr geehrte Damen und Herren,
Ihre Email "[EMAIL PROTECTED]" wird wegen Missbrauch innerhalb der naechsten 24
Stunden gesperrt. Es sind \d{2} Beschwerden wegen Spamversand bei uns
eingegangen.
Details und moeg
On 12/2/2008 12:22 PM, Richard Hartmann wrote:
Hi all,
this mail:
Subject: Die E-Mail Adresse [EMAIL PROTECTED] wird gesperrt
Body:
Sehr geehrte Damen und Herren,
Ihre Email "[EMAIL PROTECTED]" wird wegen Missbrauch innerhalb der naechsten 24
Stunden gesperrt. Es sind \d{2} Beschwerden wegen
2008/12/2 Yet Another Ninja <[EMAIL PROTECTED]>:
> these should be caught by your AV - submit samples to your vendor if its
> still not being detected.
While I agree in general, the text is very static and antivirus eats CPU,
SA does not (so much).
Richard
On Tue, Dec 2, 2008 at 13:03, Kai Schaetzl <[EMAIL PROTECTED]> wrote:
> http://wiki.apache.org/spamassassin/WritingRules
Works like a charm, thank you very much! Added to my local wiki :)
Is there a keyword to drop mail instead of changing its score, as well?
Googling for that proved to be futil
Original-Nachricht
> Datum: Tue, 2 Dec 2008 06:30:20 -0600
> Von: Chris <[EMAIL PROTECTED]>
> An: users@spamassassin.apache.org
> Betreff: Re: Bug in iXhash plugin - fixed version available
> On Tuesday 02 December 2008 4:32 am, Dirk Bonengel wrote:
> > I'm looking into it. Only
Hi,
i'm a bit alerted. Up to now, messages containing windows executables didnt
affect our users becouse all of them are english and users disgard them right
away. neither did anyone ever respond to messages claiming to be from the ISP,
since we are the ISP, and our support doesnt even speak e
> 2008/12/2 Yet Another Ninja <[EMAIL PROTECTED]>:
>
> > these should be caught by your AV - submit samples to your vendor if its
> > still not being detected.
On 02.12.08 13:04, Richard Hartmann wrote:
> While I agree in general, the text is very static and antivirus eats CPU,
> SA does not (so
On Tue, 2008-12-02 at 05:55 -0500, Matt Kettler wrote:
> You need a second parameter to whitelist_from_rcvd. The second parameter
> is the hostname (or fragment thereof) that should be found in the
> Received: headers generated by the last internal host (ie: your mx).
> This part does assume that
I've been reading threads saying that whitelist_from is spoofable and
that I should be using whitelist_from_rcvd instead, so I checked the
three whitelist entries I use to whitelist_from_rcvd. Here is an
example:
whitelist_from_rcvd [EMAIL PROTECTED]
However, I'm getting them rejected with the me
I'm looking into it. Only thing - seems to work here.
Maybe one of you can send me his .cf file per PM?
Dirk
Original-Nachricht
> Datum: Tue, 02 Dec 2008 09:12:45 +
> Von: [EMAIL PROTECTED]
> An: Spamass
> Betreff: Re: Re: Bug in iXhash plugin - fixed version available
>
Martin Gregorie wrote:
> I've been reading threads saying that whitelist_from is spoofable and
> that I should be using whitelist_from_rcvd instead, so I checked the
> three whitelist entries I use to whitelist_from_rcvd. Here is an
> example:
>
> whitelist_from_rcvd [EMAIL PROTECTED]
>
> However,
> Hi,
> i'm a bit alerted. Up to now, messages containing windows executables didnt
> Is there anything else that we should take
> care of in order to minimize the harm done by the likely comming waves?
>
You might enable the loadplugin Mail::SpamAssassin::Plugin::AntiVirus
I don't think its 1
Arvid Ephraim Picciani wrote on Tue, 2 Dec 2008 14:02:53 +0100:
> Now i just saw a spike of spam/scam/ and virus messages in very well formed
> german. It's 200% spam all sudden. They all have a similar writing style,
> hence i assume they are from a single group trying to build up on german
Martin Gregorie wrote on Tue, 02 Dec 2008 12:42:37 +:
> at the end of the INSTALL document it says to
> look at the USAGE document, but if this still exists it is not mentioned
> on the 'Doc' page.
/usr/share/doc/spamassassin-3.2.5/USAGE
> I admit I skipped over the Mail::Spamassassin::Conf
Richard Hartmann wrote on Tue, 2 Dec 2008 13:04:31 +0100:
> While I agree in general, the text is very static and antivirus eats CPU,
> SA does not (so much).
In general, that's absolutely not true. If you have a correctly configured
MTA most of this spam will not even make it on your system.
K
Richard Hartmann wrote on Tue, 2 Dec 2008 13:26:23 +0100:
> Is there a keyword to drop mail instead of changing its score, as well?
SA does not "drop" anything, it only detects spamminess.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
On Dec 2, 2008 4:05am, Martin Knipper <[EMAIL PROTECTED]> wrote:
Hi Dirk, Hi Marc,
Am 02.12.2008 05:08 schrieb Marc Perkel:
> Hi Dirk,
>
> I'm not getting any hits on the new version either.
>
Yes, ... same here. Just installed the 1.5.1 Version yesterday
an did not get one hit in abou
Hi Dirk, Hi Marc,
Am 02.12.2008 05:08 schrieb Marc Perkel:
> Hi Dirk,
>
> I'm not getting any hits on the new version either.
>
Yes, ... same here. Just installed the 1.5.1 Version yesterday
an did not get one hit in about 500 messages.
Greetings,
Martin
Martin Gregorie wrote on Tue, 02 Dec 2008 10:27:05 +:
> I can't find anything in the wiki or on the SA website
> that shows the valid arguments for whitelist_from_rcvd, so what am I
> doing wrong?
Please?
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html
Is this the fi
On Tue, 2008-12-02 at 11:55 +0100, Kai Schaetzl wrote:
> Martin Gregorie wrote on Tue, 02 Dec 2008 10:27:05 +:
>
> > I can't find anything in the wiki or on the SA website
> > that shows the valid arguments for whitelist_from_rcvd, so what am I
> > doing wrong?
>
> Please?
> http://spamassass
Richard Hartmann wrote on Tue, 2 Dec 2008 12:22:00 +0100:
> If not, what doc should I read to create my own?
http://wiki.apache.org/spamassassin/WritingRules
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
additonal i just figured everyone else apears to be as unprepared as me:
http://alpha.cesmail.net/graphics/spammonth.gif
The amount of reports stays low while the amount of spam actually rises fas.
That tells me spammer changed tactics and everyone actually has their inboxes
full of false negat
On Tuesday 02 December 2008 4:32 am, Dirk Bonengel wrote:
> I'm looking into it. Only thing - seems to work here.
> Maybe one of you can send me his .cf file per PM?
>
> Dirk
>
>
Dirk, running spamassassin -D -t on a spam I see this:
[3677] dbg: plugin: loading Mail::SpamAssassin::Plugin::iXhash
Richard Hartmann schrieb:
> Hi all,
>
> this mail:
>
> Subject: Die E-Mail Adresse [EMAIL PROTECTED] wird gesperrt
>
> Body:
> Sehr geehrte Damen und Herren,
>
> Ihre Email "[EMAIL PROTECTED]" wird wegen Missbrauch innerhalb der naechsten
> 24
> Stunden gesperrt. Es sind \d{2} Beschwerden wege
Good morning,
I am trying to write a negative scoring rule that files on the following:
PO
PO#
PO #
Following is the rule I am using:
header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
score PO_AND_ORDERS-0.50
describe PO_AND_ORDERSA negative scoring rule that searches the
subject f
Ray Jette wrote:
> Good morning,
> I am trying to write a negative scoring rule that files on the
> following: PO
> PO#
> PO #
>
> Following is the rule I am using:
>
> header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
> score PO_AND_ORDERS-0.50
> describe PO_AND_ORDERSA negative sco
On Tue, 2 Dec 2008, Ray Jette wrote:
Good morning,
I am trying to write a negative scoring rule that files on the following:
PO
PO#
PO #
Following is the rule I am using:
header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
score PO_AND_ORDERS-0.50
describe PO_AND_ORDERSA negative sc
Bowie Bailey wrote:
Ray Jette wrote:
Good morning,
I am trying to write a negative scoring rule that files on the
following: PO
PO#
PO #
Following is the rule I am using:
header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
score PO_AND_ORDERS-0.50
describe PO_AND_ORDERSA negative
> >> I am trying to write a negative scoring rule that files on the
> >> following: PO
> >> PO#
> >> PO #
> >>
> >> Following is the rule I am using:
> >>
> >> header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
In REs, the asterisk '*' is a quantifier, not a wildcard as it is with
the shell, and m
> Ihre Email "[EMAIL PROTECTED]" wird wegen Missbrauch innerhalb der naechsten
> 24
> Stunden gesperrt. Es sind \d{2} Beschwerden wegen Spamversand bei uns
> eingegangen.
> Details und moegliche Schritte zur Entsperrung finden Sie im Anhang.
>
> Attachment:
> randomly named zip file which contain
On Tue, 2008-12-02 at 14:07 +0100, Arvid Ephraim Picciani wrote:
> additonal i just figured everyone else apears to be as unprepared as me:
> http://alpha.cesmail.net/graphics/spammonth.gif
> The amount of reports stays low while the amount of spam actually rises fas.
> That tells me spammer chan
Karsten Bräckelmann wrote:
I am trying to write a negative scoring rule that files on the
following: PO
PO#
PO #
Following is the rule I am using:
header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
In REs, the asterisk '*' is a quantifier, not a wildcard as it is with
the shell, and
Ray Jette wrote:
> Bowie Bailey wrote:
> > Ray Jette wrote:
> >
> > > Good morning,
> > > I am trying to write a negative scoring rule that files on the
> > > following: PO PO#
> > > PO #
> > >
> > > Following is the rule I am using:
> > >
> > > header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
Karsten Bräckelmann wrote:
> > > >
> > > > header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
>
> Btw, you need to escape the hash '#', not because this is an RE, but
> because it is Perl. :)
You don't need to escape the hash in a Perl RE unless you are using hash
characters for the RE boundary
On Tue, Dec 2, 2008 at 18:20, Karsten Bräckelmann
<[EMAIL PROTECTED]> wrote:
> This is not spam but malware. Got a virus scanner?
Yes. But when your scanners do not detect it yet, alternatives are
needed.
> sa-update generally is *not* meant for "signature style updates" once an
> hour like tha
> > This is not spam but malware. Got a virus scanner?
>
> Yes. But when your scanners do not detect it yet, alternatives are
> needed.
Does your virus scanner support custom signatures? :)
> > sa-update generally is *not* meant for "signature style updates" once an
> > hour like that.
>
> Note
Hi All,
I was doing a bit of "spamassassin -D" testing with SA 3.2.4 and noticed
that it's running my own mail server name through various DNSBL tests.
Here are the headers of the particular message I am testing:
>From [EMAIL PROTECTED] Tue Dec 2 05:24:59 2008
Return-Path: <[EMAIL PROTECTED]>
Bowie Bailey wrote:
Ray Jette wrote:
Bowie Bailey wrote:
Ray Jette wrote:
Good morning,
I am trying to write a negative scoring rule that files on the
following: PO PO#
PO #
Following is the rule I am using:
header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
score PO_AND_ORDE
> > Please note that you do *not* need to specify all variations explicitly,
> > if you actually want to match *anything* that starts with "PO"...
>
> Thanks for the information I will make sure to read it. I am going to
> try /\bPO\b now and see if it helps.
Since this isn't your first attempt
Karsten Bräckelmann wrote:
Please note that you do *not* need to specify all variations explicitly,
if you actually want to match *anything* that starts with "PO"...
Thanks for the information I will make sure to read it. I am going to
try /\bPO\b now and see if it helps.
Since thi
On Tue, 2008-12-02 at 12:35 -0500, Bowie Bailey wrote:
> Karsten Bräckelmann wrote:
> > Btw, you need to escape the hash '#', not because this is an RE, but
> > because it is Perl. :)
>
> You don't need to escape the hash in a Perl RE unless you are using hash
> characters for the RE boundary mar
> > Rather than trying to catch FPs like this, I first would investigate why
> > any need for this in the place. *Why* are your hams looking that spammy?
> > Which rules do they trigger?
>
> I have users reporting missing e-mails but when i ask for specifics for
> the messages they never have the
Thanks for all the help. I am still having issues. Let me try to explain
a little more. Subjects can contain the following
PO
PO
PO#
PO#
PO #
PO #
I can match PO with /\bPO/i but this does not fill my requirements.
I need to be able to match all above and i'm not sure where to start.
Thank y
Ray Jette wrote:
Good morning,
I am trying to write a negative scoring rule that files on the following:
PO
PO#
PO #
Following is the rule I am using:
header PO_AND_ORDERSSubject =~ /\bPO*?#?/i
score PO_AND_ORDERS-0.50
describe PO_AND_ORDERSA negative scoring rule that searc
Ray Jette wrote:
> PO
> PO
> PO#
> PO#
> PO #
> PO #
Try:
Subject =~ /PO ?\#? ?\d+/i
If you don't need case insensitivity, remove the trailing 'i'.
On Tue, 2008-12-02 at 12:48 -0500, Ray Jette wrote:
> Thanks again.
> I am using the following rule:
> /\bPO(?:\b|\d)/i
> This rule working when matching 'PO' but it will not match 'po'. It ends
> in a /i so I can't see why this would not work.
The rule is just fine, and it does match lower case,
Matt Garretson wrote:
Ray Jette wrote:
PO
PO
PO#
PO#
PO #
PO #
Try:
Subject =~ /PO ?\#? ?\d+/i
If you don't need case insensitivity, remove the trailing 'i'.
Thanks for the reply. I tryed to use Subject ~
That matched PO but it did not match po. I have /i at the end.
On Tue, 2008-12-02 at 13:20 -0500, Ray Jette wrote:
> I am having a lot of issues with this. Sorry but my regex skills are not
> very good. I'm trying to learn through. This is a skill I need to learn.
> I decided to start at the beginning and build the expression up from
> there. I have the fol
Back on-list.
On Tue, 2008-12-02 at 13:40 -0500, Ray Jette wrote:
> > Yes, and it does match case insensitively.
> >
> > I guess the issue is with your testing environment. How are you testing
> > the rule, err, regexp for a rule?
>
> I sent to messages from yahoo. One with a subject of PO and th
Ray Jette wrote:
Thanks for all the help. I am still having issues. Let me try to
explain a little more. Subjects can contain the following
PO
PO
PO#
PO#
PO #
PO #
I can match PO with /\bPO/i but this does not fill my requirements.
I need to be able to match all above and i'm not sure wher
Karsten Bräckelmann wrote:
Back on-list.
On Tue, 2008-12-02 at 13:40 -0500, Ray Jette wrote:
Yes, and it does match case insensitively.
I guess the issue is with your testing environment. How are you testing
the rule, err, regexp for a rule?
I sent to messages from yahoo. One with a
On Tue, 2008-12-02 at 14:06 -0500, Ray Jette wrote:
[ *snipp* ]
> I reset the daemon. How do I cann spamassassin with the message. I'm not
> sure how to create a message from the server with out sending one.
If all else fails, just save the message out of your MUA.
You can then test with the sa
Ray Jette a écrit :
> Karsten Bräckelmann wrote:
>> Back on-list.
>>
>> On Tue, 2008-12-02 at 13:40 -0500, Ray Jette wrote:
>>
Yes, and it does match case insensitively.
I guess the issue is with your testing environment. How are you testing
the rule, err, regexp for a rule?
>
Karsten Bräckelmann wrote:
> On Tue, 2008-12-02 at 12:35 -0500, Bowie Bailey wrote:
> > Karsten Bräckelmann wrote:
>
> > > Btw, you need to escape the hash '#', not because this is an RE,
> > > but because it is Perl. :)
> >
> > You don't need to escape the hash in a Perl RE unless you are using
Karsten Bräckelmann wrote:
On Tue, 2008-12-02 at 14:06 -0500, Ray Jette wrote:
[ *snipp* ]
I reset the daemon. How do I cann spamassassin with the message. I'm not
sure how to create a message from the server with out sending one.
If all else fails, just save the message out of your M
mouss wrote:
Ray Jette a écrit :
Karsten Bräckelmann wrote:
Back on-list.
On Tue, 2008-12-02 at 13:40 -0500, Ray Jette wrote:
Yes, and it does match case insensitively.
I guess the issue is with your testing environment. How are you testing
the rule, err, regexp for a rule?
On Tue, 2008-12-02 at 11:32 +0100, Dirk Bonengel wrote:
> I'm looking into it. Only thing - seems to work here.
The reason why hash one is broken is the "workaround" introduced into
version 1.5.
$body_copy =~ s/[[:graph:]]+//go;
This can not work.
Hash one is supposed to do this: Condense all
Tell me if you think this is a good idea.
I'm thinking about offering a free MX backup service that people without
backup servers can use. I'm thinking about doing this as a way of
promoting my spam filtering business because users will see a
significant reduction in spam and might want to upg
mouss wrote:
Ray Jette a écrit :
Karsten Bräckelmann wrote:
Back on-list.
On Tue, 2008-12-02 at 13:40 -0500, Ray Jette wrote:
Yes, and it does match case insensitively.
I guess the issue is with your testing environment. How are you testing
the rule, err, regexp for a rule?
On Tue, Dec 2, 2008 at 2:51 PM, Marc Perkel <[EMAIL PROTECTED]> wrote:
> Tell me if you think this is a good idea.
>
> I'm thinking about offering a free MX backup service that people without
> backup servers can use. I'm thinking about doing this as a way of promoting
> my spam filtering business
Ray Jette wrote:
>
> I created the test message and ran it through both ways. One with PO
> and the other with po. The rule fired on both.
> When receiving mail from the outside the rule only fires on PO and not
> po. Is there any reason for this to happen?
Sure. There are two reasons this could
On Tue, 2008-12-02 at 14:55 -0500, Ray Jette wrote:
> I created the test message and ran it through both ways. One with PO and
> the other with po. The rule fired on both.
Err, this is bad, isn't it?
What rule *exactly* are you talking about? Copy-n-paste it from the cf
file. What file name does
Aaron Wolfe wrote:
On Tue, Dec 2, 2008 at 2:51 PM, Marc Perkel <[EMAIL PROTECTED]> wrote:
Tell me if you think this is a good idea.
I'm thinking about offering a free MX backup service that people without
backup servers can use. I'm thinking about doing this as a way of promoting
my spam f
On Tue, 2008-12-02 at 21:11 +0100, Karsten Bräckelmann wrote:
> > I created the test message and ran it through both ways. One with PO and
> > the other with po. The rule fired on both.
>
> Err, this is bad, isn't it?
Doh! Ignore that line. A brain-fart made me read "with no".
--
char *t="[
At 11:51 02-12-2008, Marc Perkel wrote:
Tell me if you think this is a good idea.
Everything that helps to promote your business is a good idea. :-)
Regards,
-sm
I'm experimenting with a new list. Been testing it for a couple of
months. Got a radical idea.
The problem with lists like Day Old Bread which lists new domains that
spammers use is that there's a delay between when they are activated and
when they are listed. It's just too hard to get a list
SM wrote:
At 11:51 02-12-2008, Marc Perkel wrote:
Tell me if you think this is a good idea.
Everything that helps to promote your business is a good idea. :-)
Thanks - but there are some other benefits to me. It will help enhance
my black lists which will make them more useful. And as you
Marc Perkel wrote:
Thanks Aaron, that is a good point. But I'm running Exim and I think I
can code it so that it will not generate backscatter. I'll have to
design that in up front.
Interesting, how would you do that without dropping email (which is BAD).
Rick
Rick Macdougall wrote:
Marc Perkel wrote:
Thanks Aaron, that is a good point. But I'm running Exim and I think
I can code it so that it will not generate backscatter. I'll have to
design that in up front.
Interesting, how would you do that without dropping email (which is BAD).
Rick
On Tue, Dec 2, 2008 at 12:02, Aaron Wolfe <[EMAIL PROTECTED]> wrote:
> You could try to use
> callouts to the primary to establish whether a user account is valid
> before accepting the message, but then you arent much of a backup when
> the primary goes down.
Unless you're caching the results of
If the legitimate sender (even ones not on any whitelists) wont
receive a notification of a message that didn't go through due to
unknown recipient, recipient over quota, and similar mechanisms ...
then I wouldn't touch your service with a 10' pole.
On Tue, Dec 2, 2008 at 12:59, Marc Perkel <[EMA
On Tue, Dec 2, 2008 at 3:59 PM, Marc Perkel <[EMAIL PROTECTED]> wrote:
>
>
> Rick Macdougall wrote:
>>
>> Marc Perkel wrote:
>>>
>>> Thanks Aaron, that is a good point. But I'm running Exim and I think I
>>> can code it so that it will not generate backscatter. I'll have to design
>>> tha
On Tue, 2 Dec 2008, Ray Jette wrote:
> Karsten Bräckelmann wrote:
> > On Tue, 2008-12-02 at 14:06 -0500, Ray Jette wrote:
> > [ *snipp* ]
> >
> > If all else fails, just save the message out of your MUA.
> >
> > You can then test with the saved file and investigate the output:
> > spamassassin <
I'm having much spam that has html with the common alt test portion.
The http link to where ever and the images always changes so I need
to use the alt text portion of the is html to key off. Below is the
paste link of the html:
http://pastebin.ca/1274188
Thank you,
Frank
> From: Brian J. Murrell [mailto:[EMAIL PROTECTED]
>
> Hi All,
>
> I was doing a bit of "spamassassin -D" testing with SA 3.2.4 and
> noticed
> that it's running my own mail server name through various DNSBL tests.
>
> Here are the headers of the particular message I am testing:
>
> >From [EMAIL PR
On Tue, 2008-12-02 at 14:12 -0800, fchan wrote:
> I'm having much spam that has html with the common alt test portion.
> The http link to where ever and the images always changes so I need
> to use the alt text portion of the is html to key off. Below is the
> paste link of the html:
>
> http:
Karsten Bräckelmann schrieb:
On Tue, 2008-12-02 at 11:32 +0100, Dirk Bonengel wrote:
I'm looking into it. Only thing - seems to work here.
The reason why hash one is broken is the "workaround" introduced into
version 1.5.
$body_copy =~ s/[[:graph:]]+//go;
This can not work.
Hash on
OK, I found the bug.
I just released a fixed release. Thanks to Lars Uhlmann for finding the
culprit and delivering a fix.
Problem was the regular expression checking the IP returned if it
belongs to the 127.x.x.x range.
Hmm, I had this working before
Soryy again for the trouble
Dirk
On Mon, Dec 01, 2008 at 10:33:07PM +0100, Dirk Bonengel wrote:
> Folks,
>
> as some of you already noticed I f... up the last (1.5) release of the
> iXhash plugin.
> Plain simple a wrong regular expression practically disables hash #1.
>
> I just uploaded a fixed version to ixhash.sf.net that run
Hello,
SpamAssassin tags mail with headers X-Spam- But, what if there were
some headers like these, as with mail that already passed someones
SpamAssassin and has X-Spam-Score, before being recieved by my server?
Will it remove them, replace them or simply add new ones? In the latter
cas
Aaron Wolfe wrote:
On Tue, Dec 2, 2008 at 3:59 PM, Marc Perkel <[EMAIL PROTECTED]> wrote:
Rick Macdougall wrote:
Marc Perkel wrote:
Thanks Aaron, that is a good point. But I'm running Exim and I think I
can code it so that it will not generate backscatter. I'll have
it's WORKING
Dirk Bonengel wrote:
OK, I found the bug.
I just released a fixed release. Thanks to Lars Uhlmann for finding
the culprit and delivering a fix.
Problem was the regular expression checking the IP returned if it
belongs to the 127.x.x.x range.
Hmm, I had this working before..
On Tue, 2008-12-02 at 23:48 +0100, Dirk Bonengel wrote:
> Karsten Bräckelmann schrieb:
> > The "workaround" above removes words *first*, usually resulting in a
> > bunch of spaces per line. With the original algorithm, these are exactly
> > what's being hashed! With the "workaround", they falsely
On Tue, December 2, 2008 23:12, fchan wrote:
> http://pastebin.ca/1274188
domain listed in URIBL
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Your correct. However they have several thousand or more these sites
for their phishing schemes so each message I get is from a different
domain and some are not blacklisted yet so they get through. The only
common theme is the alt text.
Thank you,
Frank
On Tue, December 2, 2008 23:12, fcha
Thank you. This is what I needed. Silly of me missing that.
Frank
On Tue, 2008-12-02 at 14:12 -0800, fchan wrote:
I'm having much spam that has html with the common alt test portion.
The http link to where ever and the images always changes so I need
to use the alt text portion of the is h
1. I am running Spamassassin from within MailScanner. I don't believe spamd
would have to be restarted but I will try.
2. I don't think this is the case. When I added the rule it worked half way.
the \i does not seem to work through.
Thanks
-Original Message-
From: Bowie Bailey [mailto
I am using:
/bPO(?:\b ?#?|\d)/i
Here is what I am getting from sa:
Content analysis details: (-0.1 points, 5.0 required)
pts rule name description
-- --
0.0 MISSING_MIDMissing Message-Id: head
On Tue, 2008-12-02 at 20:09 -0500, Raymond Jette wrote:
> I am using:
> /bPO(?:\b ?#?|\d)/i
I asked you more than once, if you --lint check your configuration. This
answers it. You do NOT.
> My rules is not listed.
Yes.
> > > You don't need to escape the hash in a Perl RE unless you are using
--On Thursday, November 27, 2008 10:44 PM -0600 Luis Daniel Lucio Quiroz
<[EMAIL PROTECTED]> wrote:
I wonder if there is any module for SA to detect pornographic photos, not
only OCR.
How about setting up a system like the captcha-breakers, but in reverse?
Instead of giving access to porn b
On Tue, 2 Dec 2008, Raymond Jette wrote:
I am using:
/bPO(?:\b ?#?|\d)/i
You're missing a backslash in front of that first "b". Others have already
commented on the hashmark.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174
Dan Mahoney, System Admin wrote:
On Mon, 1 Dec 2008, SM wrote:
At 23:01 30-11-2008, Dan Mahoney, System Admin wrote:
So then, you're saying the behavior for ipv4 and ipv6 is somehow
different?
If you start spamd without specifying the IP addresses to listen on,
spamd will listen on the 127.
On Tue, 2008-12-02 at 17:17 -0500, Rosenbaum, Larry M. wrote:
>
> The checks it's doing below are all RHBL checks, so it's probably testing the
> Return-Path:.
Indeed, this was the case. What's even better is that is only for the
case where I test out of my mailbox as that Return-Path: is only
If I get a spam and I need to have SA learn that it's spam with
sa-learn, wouldn't it be useful to also skew the AWL for that sender so
that future uses of the AWL for that spammer will push the overall spam
score up?
Thots?
b.
Kai Schaetzl wrote
>>
>> > We're blocking IPs from dialups from countries no one receives mail here
>> > anyway.
>>
>> Why just block dialups then?
>>
Hi Kai,
I am frequently trying to report unwanted behaviour to ISPs, using their
published
abuse or tech contacts. And, unfortunately, quit
Brian J. Murrell wrote:
> If I get a spam and I need to have SA learn that it's spam with
> sa-learn, wouldn't it be useful to also skew the AWL for that sender so
> that future uses of the AWL for that spammer will push the overall spam
> score up?
>
> Thots?
>
If a spammer is using the same s
Hi,
is somebody here using bohunu.com
Is it worth testing it ?
BR Niels
>
> If they are online then I do forward callouts to see if the recipient
> is valid and based on that I would return a 550 at connect time
> indicating an invalid account.
And return a 450 if the callout connection times-out , I guess ?
On the primary MX too this may be already being done, Wil
> >
> If the recipient is bad then no one would have got the email
> anyway. But there wouldn't a a notification to the sender. I
> suppose I could make it smarter so that if the message is
> blessed in one of my many white lists then I would do a
> bounce message, otherwise not.
>
> OTOH,
RobertH wrote:
If the recipient is bad then no one would have got the email
anyway. But there wouldn't a a notification to the sender. I
suppose I could make it smarter so that if the message is
blessed in one of my many white lists then I would do a
bounce message, otherwise not.
OT
100 matches
Mail list logo
