Adam Katz wrote:
Mike Cardwell contended:
It would definitely require a hashing algorithm, like MD5. IIRC
there is a maximum length for a hostname, and that is 255
characters. What if the hostname in your email address is 255
characters long on it's own...?
When MD5sums were first proposed
Le 29/04/2009 02:40, Adam Katz a écrit :
replaces the @ with a dot (not an underscore, that's not a legal
character).
Won't that pose problems distinguishing between fred.blo...@example.tld
and f...@bloggs.example.tld ?
John.
--
-- Over 3000 webcams from ski resorts around the world -
On Tue, 28 Apr 2009 22:14:21 -0400
Matt Kettler mkettler...@verizon.net wrote:
Matt Kettler wrote:
LuKreme wrote:
Of course, first, or last depends on your perspective. I assume RW
was thinking of first from a starting at the inside, working
backwards in time approach. This is
Adam Katz wrote:
This was actually rather simple to set up. I'll publish the code
[snip]
Thanks for your efforts with this. I forwarded your message to the APER
mailing list.
A word of caution. Be very careful how you use the list. The intended
usage for the list is to prevent (or
Jesse Thompson wrote:
A word of caution. Be very careful how you use the list.
OK. I was wrong. Due to this discussion, I'm convinced that MD5 of the
whole (lower case!) e-mail address is best, with the entire e-mail
address still showing up in plain text in the DNS txt record.
But I have some
On Tuesday, April 28, 2009, 6:04:50 PM, Karsten Bräckelmann wrote:
On Tue, 2009-04-28 at 19:43 -0400, Casartello, Thomas wrote:
Has anyone else noticed these messages as a problem? I have had a few
complaints about messages getting through my spam filter involving
“Physicians List in the USA”
On Wed, 2009-04-29 at 06:42 -0700, Jeff Chan wrote:
On Tuesday, April 28, 2009, 6:04:50 PM, Karsten Bräckelmann wrote:
I have seen quite a few myself. Unfortunately, they tend to slip by.
Made a first attempt at catching them, which helped -- though I do see
new variants going under the
Rob McEwen wrote:
A word of caution. Be very careful how you use the list.
OK. I was wrong. Due to this discussion, I'm convinced that MD5 of the
whole (lower case!) e-mail address is best, with the entire e-mail
address still showing up in plain text in the DNS txt record.
But I have some
Rob McEwen wrote:
Jesse Thompson wrote:
A word of caution. Be very careful how you use the list.
OK. I was wrong. Due to this discussion, I'm convinced that MD5 of the
whole (lower case!) e-mail address is best, with the entire e-mail
address still showing up in plain text in the DNS txt
On Wed, 29 Apr 2009, Jesse Thompson wrote:
A word of caution. Be very careful how you use the list. The intended
usage for the list is to prevent (or monitor) local users from sending
email to the listed addresses. The phishers frequently use compromised
end-user accounts to receive the
On Wed, 29 Apr 2009, Jesse Thompson wrote:
A word of caution. Be very careful how you use the list. The intended
usage for the list is to prevent (or monitor) local users from sending
email to the listed addresses. The phishers frequently use compromised
end-user accounts to receive the
John Hardin wrote:
On Wed, 29 Apr 2009, Jesse Thompson wrote:
A word of caution. Be very careful how you use the list. The
intended usage for the list is to prevent (or monitor) local users
from sending email to the listed addresses. The phishers frequently
use compromised end-user
Steve Freegard wrote:
A word of caution. Be very careful how you use the list. The
intended usage for the list is to prevent (or monitor) local users
from sending email to the listed addresses. The phishers frequently
use compromised end-user accounts to receive the phishing replies, so
On Wed, 2009-04-29 at 03:04 +0200, Karsten Bräckelmann wrote:
I have seen quite a few myself. Unfortunately, they tend to slip by.
Made a first attempt at catching them, which helped -- though I do see
new variants going under the radar of a few of my meta's.
I'd be interested in getting
Mike Cardwell wrote:
Steve Freegard wrote:
A word of caution. Be very careful how you use the list. The
intended usage for the list is to prevent (or monitor) local users
from sending email to the listed addresses. The phishers frequently
use compromised end-user accounts to receive the
Steve Freegard wrote:
For listing both emails and uri's it would be useful if you could add
regular expressions. I'm not sure how you'd serve such an RBL though
without writing your own custom software or modifying an existing dns
server. Eg, it would be nice if you could add entries like this
On Tue, April 28, 2009 12:19, Henrik K wrote:
On Tue, Apr 28, 2009 at 10:51:33AM +0100, Matt wrote:
Henrik K wrote:
If someone wants to try it on their mail feed:
http://sa.hege.li/pra.cf
can be made to milter-regex.conf ?
--
http://localhost/ 100% uptime and 100% mirrored :)
I just turned off my AWL today, because of FP issues but
f...@example.com sends me lots of mail. Say it's over 100. It's all ham and
it all comes from mail.example.com. The AWL for this email couplet is , say
-2.1. An email comes in from f...@example.com but sent from
RW a écrit :
On Tue, 28 Apr 2009 22:14:21 -0400
Matt Kettler mkettler...@verizon.net wrote:
Matt Kettler wrote:
LuKreme wrote:
Of course, first, or last depends on your perspective. I assume RW
was thinking of first from a starting at the inside, working
backwards in time approach.
RW wrote:
By your cronological definition of first and last (which is the same as
mine), that's the the FIRST non-private address.
Or the address in the fake Received header the spambot put in the mail?
I hope this is not how it works...
It makes sense to me, if I send you an email, the
From: Charles Gregory cgreg...@hwcn.org
Date: Wed, 29 Apr 2009 14:31:22 -0400 (EDT)
I just turned off my AWL today, because of FP issues but
f...@example.com sends me lots of mail. Say it's over 100. It's all ham
and
it all comes from mail.example.com. The
When MD5sums were first proposed (in place of my wild escaping), it
seemed like a great idea. However, a voice in the back of my head,
now spoken (typed?) by Rob, has been growing louder. My
implementation now merely truncates email usernames to 16 characters
(plus the noted defanging,
David B Funk wrote:
Repeat after me, ALMOST ALL characters (octets actually) are now
LEGAL in DNS queries (see RFC-2181 section 11).
There is NO need for -any- kind of munging.
First, you must start and end a domain label (octet refers to IP
addresses) with a letter or number, so munging is
On Wed, 29 Apr 2009, Jeff Mincy wrote:
*someone* is getting their AWL reputation trashed every time a
spammer forges their e-mail.
AWL stores the IP/16 address with the email address. So your awl
reputation is not being trashed by forged e-mail that comes from a
different IP address.
David B Funk wrote:
When MD5sums were first proposed (in place of my wild escaping), it
seemed like a great idea. However, a voice in the back of my head,
now spoken (typed?) by Rob, has been growing louder. My
implementation now merely truncates email usernames to 16 characters
(plus the
On Wed, 29 Apr 2009, Adam Katz wrote:
David B Funk wrote:
Repeat after me, ALMOST ALL characters (octets actually) are now
LEGAL in DNS queries (see RFC-2181 section 11).
There is NO need for -any- kind of munging.
First, you must start and end a domain label (octet refers to IP
On Wed, 29 Apr 2009, Adam Katz wrote:
But your very next topic is contrary to that philosophy...
BTW notice that the Google data is multi-valued in the TYPE field.
rather than a simple enumeration of that data into an address it
is better to turn it into a bit-mask, as then multiple
David B Funk wrote:
Umm, I guess you didn't understand what the .phish.icaen.uiowa.edu part
of address.phish.icaen.uiowa.edu ment.
D'oh! Sorry, doing too many things at once. You're right, that
worked for me. However, you still have Mike's issue of 63 characters
per label and 255 characters
Mike Cardwell wrote:
For listing both emails and uri's it would be useful if you could add
regular expressions. [...]
Steve Freegard responded:
Yuck; if you want to do stuff using regexp then:
uri RULE_NAME /regexp/
score RULE_NAME nn.nnn
Is the best way to do this - not via DNS.
Mike
Adam Katz wrote:
For listing both emails and uri's it would be useful if you could add
regular expressions. [...]
Steve Freegard responded:
Yuck; if you want to do stuff using regexp then:
uri RULE_NAME /regexp/
score RULE_NAME nn.nnn
Is the best way to do this - not via DNS.
Mike
On Wed, Apr 29, 2009 at 6:24 PM, Adam Katz antis...@khopis.com wrote:
The mechanism for sa-update is brilliant, but
doesn't lend itself to enormous indices of frequently-changing rulesets.
I guess it depends what you mean by enormous. A sought rule update is 135k.
The likelihood is, imo, that
On 29-Apr-2009, at 15:31, Charles Gregory wrote:
Apologies for original brevity, but my comment was a criticism of
the proposal to start weighing *all* mail from a specific sender
according to whether the IP was the 'most common' used for that
address Essentially changing it from what
Jesse Thompson wrote:
A word of caution. Be very careful how you use the list. The
intended usage for the list is to prevent (or monitor) local users
from sending email to the listed addresses. The phishers
frequently use compromised end-user accounts to receive the
phishing replies, so
Theo Van Dinter wrote:
On Wed, Apr 29, 2009 at 6:24 PM, Adam Katz antis...@khopis.com wrote:
The mechanism for sa-update is brilliant, but
doesn't lend itself to enormous indices of frequently-changing rulesets.
I guess it depends what you mean by enormous. A sought rule update is 135k.
On Wed, 29 Apr 2009, Adam Katz wrote:
Okay, back to using the second half of the MD5 (simple enough, since
that was my original implementation). Relevant code:
$hash =~ s/@.*//;
$hash =~ tr [A-Z] [a-z];
$hash = substr(Digest::MD5::md5_hex($hash),16); # 2nd 16 of 32 chars
...can you go
On Wed, 29 Apr 2009, Adam Katz wrote:
Theo Van Dinter wrote:
On Wed, Apr 29, 2009 at 6:24 PM, Adam Katz antis...@khopis.com wrote:
The mechanism for sa-update is brilliant, but
doesn't lend itself to enormous indices of frequently-changing rulesets.
I guess it depends what you mean by
On Wed, 29 Apr 2009 20:49:29 +0200
mouss mo...@ml.netoyen.net wrote:
on the other hand, a spammer can forge Received headers. and this is a
serious problem. Using untrusted received headers is broken.
The point of AWL is to tweak ham scores towards the mean to avoid
outlying high-scores
RW wrote:
Maybe one of us is reading the perl wrong (and it could well be me), or
we are talking at cross purposes. As I see it, it's going through the
list of IP address, starting with the mail client and working its way
towards the SA Server. When it finds a routable IP address it sets
-Original Message-
From: mouss [mailto:mo...@ml.netoyen.net]
Sent: woensdag 29 april 2009 20:53
To: users@spamassassin.apache.org
Subject: Re: 'anti' AWL
on the other hand, a spammer can forge Received headers. and this is
a serious problem. Using untrusted received headers is broken.
On Wed, Apr 29, 2009 at 8:06 PM, John Hardin jhar...@impsec.org wrote:
And 135k doesn't add up to a lot of bandwidth?
...so don't look for updates more than once every day or two.
Yeah, but I think the point was that a frequently changing ruleset
would be downloaded frequently.
And if
On Wed, 29 Apr 2009, Theo Van Dinter wrote:
On Wed, Apr 29, 2009 at 8:06 PM, John Hardin jhar...@impsec.org wrote:
And 135k doesn't add up to a lot of bandwidth?
And if bandwidth at the server is a problem, would publishing the ruleset
updates via the Coral Cache network work?
...I thought 127/8 was in trusted networks by default with 3.2.mumble?
# sa-update -D
[27722] dbg: generic: SpamAssassin version 3.2.5
...
[27722] dbg: conf: trusted_networks are not configured; it is recommended
that you configure trusted_networks manually
Or is trusted_networks even
John Hardin wrote:
...I thought 127/8 was in trusted networks by default with 3.2.mumble?
# sa-update -D
[27722] dbg: generic: SpamAssassin version 3.2.5
...
[27722] dbg: conf: trusted_networks are not configured; it is
recommended that you configure trusted_networks manually
If nothing is
RW wrote:
On Wed, 29 Apr 2009 20:49:29 +0200
mouss mo...@ml.netoyen.net wrote:
on the other hand, a spammer can forge Received headers. and this is a
serious problem. Using untrusted received headers is broken.
The point of AWL is to tweak ham scores towards the mean to avoid
On Wed, Apr 29, 2009 at 7:56 PM, Adam Katz antis...@khopis.com wrote:
I guess it depends what you mean by enormous. A sought rule update is
135k.
And 135k doesn't add up to a lot of bandwidth? I suppose it depends
on the number of users, and I'm figuring worst-case scenario, e.g.
when/if
On Wed, Apr 29, 2009 at 08:27:34PM +0200, Benny Pedersen wrote:
On Tue, April 28, 2009 12:19, Henrik K wrote:
On Tue, Apr 28, 2009 at 10:51:33AM +0100, Matt wrote:
Henrik K wrote:
If someone wants to try it on their mail feed:
http://sa.hege.li/pra.cf
can be made to milter-regex.conf
On Wed, 29 Apr 2009, Matt Kettler wrote:
John Hardin wrote:
...I thought 127/8 was in trusted networks by default with 3.2.mumble?
# sa-update -D
[27722] dbg: generic: SpamAssassin version 3.2.5
...
[27722] dbg: conf: trusted_networks are not configured; it is
recommended that you configure
John Hardin wrote:
On Wed, 29 Apr 2009, Matt Kettler wrote:
John Hardin wrote:
...I thought 127/8 was in trusted networks by default with 3.2.mumble?
# sa-update -D
[27722] dbg: generic: SpamAssassin version 3.2.5
...
[27722] dbg: conf: trusted_networks are not configured; it is
48 matches
Mail list logo
