cool. good to hear it guys ;) I'll get this rigged up soon... right now I'm on
jury service :(
--j.
On Tue, Apr 28, 2009 at 16:29, John Hardin wrote:
> On Tue, 28 Apr 2009, Matt wrote:
>
>> Steve Freegard wrote:
>>>
>>> Is it possible to get SVN access just to the sandboxes though? I'd be
>>>
Rob McEwen wrote:
>>> A word of caution. Be very careful how you use the list.
>>
>> OK. I was wrong. Due to this discussion, I'm convinced that MD5 of the
>> whole (lower case!) e-mail address is best, with the entire e-mail
>> address still showing up in plain text in the DNS txt record.
>>
>>
Hi all,
I just upgraded to 3.2.5 ran sa-update and I got this message with only one
rule tripped
I'm putting a link to the message as well as the headers
If anyone can shed some light here , I would appreciate it.
ftp://ftp.fcimail.org/IT/SA/headers.txt
ftp://ftp.fcimail.org/IT/SA/Would%20you
Jean-Paul Natola wrote:
Hi all,
I just upgraded to 3.2.5 ran sa-update and I got this message with only one
rule tripped
I'm putting a link to the message as well as the headers
If anyone can shed some light here , I would appreciate it.
ftp://ftp.fcimail.org/IT/SA/headers.txt
ftp://ftp.fci
On 30-Apr-2009, at 07:23, Jean-Paul Natola wrote:
Hi all,
I just upgraded to 3.2.5 ran sa-update and I got this message with
only one
rule tripped
I'm putting a link to the message as well as the headers
If anyone can shed some light here , I would appreciate it.
ftp://ftp.fcimail.org/I
On Thu, 30 Apr 2009, Matt Kettler wrote:
An errant trusted_networks isn't going to hurt sa-update, and is
probably a cosmetic bug.
That's what I thought, I just wanted to confirm.
Thanks!
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALahol
Le 30/04/2009 15:23, Jean-Paul Natola a écrit :
If anyone can shed some light here , I would appreciate it.
ftp://ftp.fcimail.org/IT/SA/headers.txt
Content-Type: image/png;
name="DSC0080.png"
Over the last week or so I'd been having some success looking for this
pattern, suggested
On Wed, 29 Apr 2009, LuKreme wrote:
On 29-Apr-2009, at 15:31, Charles Gregory wrote:
Apologies for original brevity, but my comment was a criticism of the
proposal to start weighing *all* mail from a specific sender according to
whether the IP was the 'most common' used for that address Ess
-Original Message-
From: LuKreme [mailto:krem...@kreme.com]
Sent: Thursday, April 30, 2009 10:40 AM
To: users@spamassassin.apache.org
Subject: Re: Almost no score
On 30-Apr-2009, at 07:23, Jean-Paul Natola wrote:
> Hi all,
>
> I just upgraded to 3.2.5 ran sa-update and I got this mes
On 30-Apr-2009, at 09:40, Charles Gregory wrote:
On Wed, 29 Apr 2009, LuKreme wrote:
On 29-Apr-2009, at 15:31, Charles Gregory wrote:
Apologies for original brevity, but my comment was a criticism of
the proposal to start weighing *all* mail from a specific sender
according to whether the IP
On 30-Apr-2009, at 09:53, Jean-Paul Natola wrote:
Where did you get the KB_RATWARE rules from?
Karsten Bräkelmann (guent...@rudersport.de)
You can find KB_RATWARE_BOUNDARY in my sandbox, where it's still
badly
named KB_RATWARE_OUTLOOK_08. I need to rename it and get rid of the
other testin
On Thu, 30 Apr 2009, John Wilcock wrote:
mimeheader DSL4DIG_PNG Content-Type =~ /name\=\"DSL[0-9]{4}\.png\"/
Looks like they've changed from DSL to DSC! I have a few with DSC in
today's quarantine, but they were caught by BOTNET rules. Methinks its
time to update the above rule to look for DS[
On 30-Apr-2009, at 09:03, John Wilcock wrote:
Le 30/04/2009 15:23, Jean-Paul Natola a écrit :
If anyone can shed some light here , I would appreciate it.
ftp://ftp.fcimail.org/IT/SA/headers.txt
Content-Type: image/png;
name="DSC0080.png"
Over the last week or so I'd been having som
At 09:33 AM 4/30/2009, you wrote:
mimeheader DSL4DIG_PNG Content-Type =~ /name\=\"DSL[0-9]{4}\.png\"/
I'd be very careful with that rule (or any related). This file name
pattern is a quite standard pattern for pictures from digital cameras.
DSC? Yes. .PNG? None that I've seen...
-Original Message-
From: Evan Platt [mailto:e...@espphotography.com]
Sent: Thursday, April 30, 2009 12:50 PM
To: users@spamassassin.apache.org
Subject: Re: Almost no score
At 09:33 AM 4/30/2009, you wrote:
>>mimeheader DSL4DIG_PNG Content-Type =~ /name\=\"DSL[0-9]{4}\.png\"/
>
>I'd be
At 10:02 AM 4/30/2009, Jean-Paul Natola wrote:
>I'd be very careful with that rule (or any related). This file name
>pattern is a quite standard pattern for pictures from digital cameras.
>DSC? Yes. .PNG? None that I've seen...
Actually png is portable network graphics
And DSC is the de
On Thu, 30 Apr 2009, LuKreme wrote:
On 30-Apr-2009, at 09:03, John Wilcock wrote:
mimeheader DSL4DIG_PNG Content-Type =~ /name\=\"DSL[0-9]{4}\.png\"/
I'd be very careful with that rule (or any related). This file name
pattern is a quite standard pattern for pictures from digital cameras.
On Thu, 30 Apr 2009, LuKreme wrote:
Clarke's Law: Sufficiently advanced technology is indistinguishable
from magic
somebody's corollary to Clarke's law: Any technology distinguishable
from magic is insufficiently advanced.
--
John Hardin KA7OHZhttp://www.impsec
>> And if bandwidth at the server is a problem, would publishing the ruleset
>> updates via the Coral Cache network work?
>
> Unfortunately, no. In fact, they kind of suck as a CDN. We
> originally were putting updates through there and would regularly have
> issues w/ 404s, corrupt or incomplet
Jeff Moss wrote:
> The chance of a collision really is much smaller than I thought, even
> including the birthday paradox. But rather than just say it's small and
> ask you to take my word for it I'm providing a link. The Wikipedia page
> for Birthday Attack has a chart that shows the probability
On Thu, 30 Apr 2009, LuKreme wrote:
First off, I suppose that if you get real mail from someone who has only
ever been seen as a spam sender, then yes, the first mail would be
penalized. But is this ever the case?
(nod) Any time someone's address has been used as a spoofed sender before
that
I notice there's a:
mx1:/usr/share/perl5/Mail/SpamAssassin/Plugin# ls -lah ImageInfo.pm
-rw-r--r-- 1 root root 11K Aug 8 2007 ImageInfo.pm
and within that there's two subs 'image_named' and 'image_size_exact'
mx1:/usr/share/perl5/Mail/SpamAssassin/Plugin# cat ImageInfo.pm |grep
image_named
On 30-Apr-2009, at 09:53, Jean-Paul Natola wrote:
> Where did you get the KB_RATWARE rules from?
Karsten Bräkelmann (guent...@rudersport.de)
>> You can find KB_RATWARE_BOUNDARY in my sandbox, where it's still
>> badly
>> named KB_RATWARE_OUTLOOK_08. I need to rename it and get rid of the
>> o
Hello!
Wild idea time: I won't be surprised if this is shot down...
Proposal: "Personal SPF" - A DNS-based lookup system to allow individual
sender's of e-mail to publish a *personal* SPF record within the context
of their domain's SPF records, that would identify an IP or range of IP's
which
On Thu, 30 Apr 2009, LuKreme wrote:
mimeheader DSL4DIG_PNG Content-Type =~ /name\=\"DSL[0-9]{4}\.png\"/
I'd be very careful with that rule (or any related). This file name
pattern is a quite standard pattern for pictures from digital cameras.
But digital cameras generally produce jpg, not png
There could be various reasons ranging from "plugin isn't loaded"
(though you'd get an error w/ the rules then) to "image isn't exactly
that size", to "plugin can't determine width+height from image", to
...
Assuming the plugin is loaded ("spamassassin -D plugin --lint" would
tell you), and you've
thanks for the reply:
from the spamassassin -D plugin --lint , i got:
[20759] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC
running -D imageinfo against the msg i get:
mx1:~/spam# cat spam6 |spamassassin -D imageinfo
[21510] dbg: imageinfo: png image DSC5051.png is 240 x
aha i fixed it with the following:
# rule to block annoying viagra spam with scraped text based off image size,
# name and having other rule hits
# 4/30/09 8:45AM
body __ZL_PNG_240_400 eval:image_size_exact('png',240,400)
body __ZL_CAM eval:image_name_regex('/^DS[CL]\d{4}\.png$/')
meta ZL_VIAGRA
RW a écrit :
> On Wed, 29 Apr 2009 20:49:29 +0200
> mouss wrote:
>
>
>> on the other hand, a spammer can forge Received headers. and this is a
>> serious problem. Using "untrusted" received headers is broken.
>
> The point of AWL is to tweak ham scores towards the mean to avoid
> outlying high-
At 11:31 AM 4/30/2009, you wrote:
But digital cameras generally produce jpg, not png Yes?
Yep. Exactly the point I made. TIF, JPG or ORF or RAW.
Hello Geeks,
I get since some days over 43 (yes four hundred tirty thausend) PNG
spams of arround 14-16 kByte and spamassassin tags them all as ham.
This becomes now annoying because they are actualy over 6 GByte and I
can catch thenm only in a procmail recipe when it is to late to reject
On 30-Apr-2009, at 11:50, Charles Gregory wrote:
On Thu, 30 Apr 2009, LuKreme wrote:
First off, I suppose that if you get real mail from someone who has
only ever been seen as a spam sender, then yes, the first mail
would be penalized. But is this ever the case?
(nod) Any time someone's ad
Michelle Konzack wrote:
Does someone know HOW to reject this crap eectively?
SpamAssassin does not reject mail. But with the clamav plugin and the
3rd party clamav signatures from sanesecurity.com, it detects them
pretty well here.
Hope this helps,
wolfgang
On 30-Apr-2009, at 10:50, Evan Platt wrote:
At 09:33 AM 4/30/2009, you wrote:
mimeheader DSL4DIG_PNG Content-Type =~ /name\=\"DSL[0-9]{4}\.png\"/
I'd be very careful with that rule (or any related). This file name
pattern is a quite standard pattern for pictures from digital
cameras.
DSC?
On 30-Apr-2009, at 11:10, John Hardin wrote:
On Thu, 30 Apr 2009, LuKreme wrote:
Clarke's Law: Sufficiently advanced technology is indistinguishable
from magic
somebody's corollary to Clarke's law: Any technology distinguishable
from magic is insufficiently advanced.
O, that's
On 30-Apr-2009, at 12:01, Jean-Paul Natola wrote:
Have the scoring methods changed in SA I noticed in your rules there
are no
scores
This is what I have in local.cf
(single lines)
header KB_RATWARE_OUTLOOK_16 ALL =~ /^Message-Id: <([0-9a-f]{8})\
$([0-9a-f]{8})\$.{100,400}boundary="--
On Fri, 1 May 2009, Michelle Konzack wrote:
I get since some days over 43 (yes four hundred tirty thausend)
PNG spams of arround 14-16 kByte and spamassassin tags them all as ham.
Check the list archives for today, there's been some discussion of
detecting them via ImageInfo.
--
John H
On Thu, 2009-04-30 at 09:23 -0400, Jean-Paul Natola wrote:
> Hi all,
>
> I just upgraded to 3.2.5 ran sa-update and I got this message with only one
> rule tripped
>
> I'm putting a link to the message as well as the headers
>
> If anyone can shed some light here , I would appreciate it.
>
> f
LuKreme wrote:
>> DSC? Yes. .PNG? None that I've seen...
>
> Not specifically, but I, for example, convert photos I want to use for
> Desktops to .png format, and I often don't rename them. If I email them
> to someone they would match that pattern. I have 6 desktop images that
> match DSC[0-90{4}
On 30-Apr-2009, at 18:47, Adam Katz wrote:
LuKreme wrote:
DSC? Yes. .PNG? None that I've seen...
Not specifically, but I, for example, convert photos I want to use
for
Desktops to .png format, and I often don't rename them. If I email
them
to someone they would match that pattern. I have 6
Michelle Konzack wrote:
> I get since some days over 43 (yes four hundred tirty thausend) PNG
> spams of arround 14-16 kByte and spamassassin tags them all as ham.
I have been getting pummeled by the image only spam messages too.
> Does someone know HOW to reject this crap eectively?
I
I have created case 6103 - but this may be a milter-issue, although
the same version of the milter worked very well on centos-4 i386 and
SA 3.1
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6103
thanks in advance
mark
This is a spamass-milter bug. They generate a malformed fake
On Thu, 30 Apr 2009, Bob Proulx wrote:
Michelle Konzack wrote:
I get since some days over 43 (yes four hundred tirty thausend) PNG
spams of arround 14-16 kByte and spamassassin tags them all as ham.
I have been getting pummeled by the image only spam messages too.
Does someone know HO
On Fri, 1 May 2009, mark wrote:
Just posting this for others who may encounter this:-
This turned out to be an interaction between milter-greylist and
spamass-milter. In sendmail.mc the following grey list config was included
as part of the greylist setup:-
define(`confMILTER_MACROS_ENVRC
44 matches
Mail list logo
