> Arthur Kerpician wrote:
> >> I'm facing the following problem lately. Some of my users are
> >> connecting to the mail server (qmail) through mobile phones and the
> >> leased IPs from the GSM operator are blacklisted in spamhaus and
> >> spamcop. So, they are using the smtp server with spamassas
Matus UHLAR - fantomas schrieb:
>> Arthur Kerpician wrote:
I'm facing the following problem lately. Some of my users are
connecting to the mail server (qmail) through mobile phones and the
leased IPs from the GSM operator are blacklisted in spamhaus and
spamcop. So, they are usi
Marc Perkel wrote:
Or maybe I'm trying to reinvent a wheel someone already has up and
running :-)
a bank without SPF or DKIM signing is NOT worth using
Yes - but I think what he's saying is that you have to start with a list
of bank domains, the test those domains with higher scrutiny.
Do
On Mon, May 11, 2009 09:34, Matus UHLAR - fantomas wrote:
> But I'd recommend to use that one only if you know that your MTA won't be
> able to auth users and put the auth info into Received: headers.
> Using SMTP authentication is much much better than pop-before-smtp
POP-before-smtp is okay if
On 11.05.09 10:30, Robert Schetterer wrote:
> if you use spamass-milter patched
> there is an option no to check sasl authed users
I don't recommend skipping checks of authenticated users. Even they may
send spam - some malware uses outlook's SMTP code (happened here a few times)
The issue was w
> On Mon, May 11, 2009 09:34, Matus UHLAR - fantomas wrote:
> > But I'd recommend to use that one only if you know that your MTA won't be
> > able to auth users and put the auth info into Received: headers.
> > Using SMTP authentication is much much better than pop-before-smtp
On 11.05.09 11:04, B
Mike Cardwell wrote:
Marc Perkel wrote:
Yes - but I think what he's saying is that you have to start with a
list of bank domains, the test those domains with higher scrutiny.
Does such a list exist? One of my users was getting a lot of spam
pretending to be from banks. I ended up just compi
Ned Slider wrote:
Yes - but I think what he's saying is that you have to start with a
list of bank domains, the test those domains with higher scrutiny.
Does such a list exist? One of my users was getting a lot of spam
pretending to be from banks. I ended up just compiling a regular
expressi
Mike Cardwell wrote:
Ned Slider wrote:
Yes - but I think what he's saying is that you have to start with a
list of bank domains, the test those domains with higher scrutiny.
Does such a list exist? One of my users was getting a lot of spam
pretending to be from banks. I ended up just compili
Matus UHLAR - fantomas schrieb:
> On 11.05.09 10:30, Robert Schetterer wrote:
>> if you use spamass-milter patched
>> there is an option no to check sasl authed users
>
> I don't recommend skipping checks of authenticated users. Even they may
> send spam - some malware uses outlook's SMTP code (ha
Matus UHLAR - fantomas schrieb:
>> On Mon, May 11, 2009 09:34, Matus UHLAR - fantomas wrote:
>>> But I'd recommend to use that one only if you know that your MTA won't be
>>> able to auth users and put the auth info into Received: headers.
>>> Using SMTP authentication is much much better than pop-
On Sun, May 10, 2009 at 01:08:29PM +0300, Henrik K wrote:
>
> Hello,
>
> I've revamped fully the old code. Works still the same, but has some new
> functions. It's also a bit more careful when parsing body (new parser,
> emails inside <> are ignored, as well ones inside urls etc), so it might
> e
Forgive my ambling pre-amble, but it's to pre-empt all the obvious questions!
Firstly, just to say I have googled and forum-searched myself silly, as
you'll see. So although it looks long, please bear with me.
For my own historical (but very good!) reasons, here's how I have my email
setup:
All
> On 10.05.09 22:49, Adam Katz wrote:
>> The best solution I've seen for this kind of thing is the POPAuth
>> plugin, which uses the IMAP/POP authentication tables (as populated for
>> the old fashioned POP-before-SMTP scheme) to temporarily add senders'
>> IPs to SpamAssassin's trusted_networks li
--On Sunday, May 10, 2009 13:53 -0600 LuKreme wrote:
I mean, I would feel comfortable scoring anything that claimed to come
from bankofamerica.com and did not come from there at +1000, myself. Is
there any surer spam sign?
Some of their legit mail has come from customercenter.com and par
One thing I do is run a separate Daemon with AUTH on alternate ports for
those 'external' users that would fall into that category (and for those
users where standard ports are blocked). That alternate daemon doesn't
run through (in my case) MailScanner/SA and instead just throws it in
the already
On 11-May-2009, at 03:11, Ned Slider wrote:
My thinking is that combined as a meta with a few simple keywords/
phrases (eg, alert, security, account suspended etc) it might make a
very effective rule against bank phish.
The only thing that needs to be done to prevent bank phish is to check
On 11-May-2009, at 09:58, Joseph Brennan wrote:
--On Sunday, May 10, 2009 13:53 -0600 LuKreme
wrote:
I mean, I would feel comfortable scoring anything that claimed to
come
from bankofamerica.com and did not come from there at +1000,
myself. Is
there any surer spam sign?
Some of their
On Mon, 2009-05-11 at 06:56 -0700, an anonymous Nabble user wrote:
> THE PROBLEM: I'm signed up to over 300 forums, shops, sites etc, so there's
> no way I could make an email address box for all of those "pseudoaddresses",
> as it were. So I can't turn the catchall off.
Sure can, why not? Just al
On 11-May-2009, at 12:15, Karsten Bräckelmann wrote:
The problem is with the design itself. Only the real sender can and
will
confirm.
Only the real sender CAN confirm, but the real sender is UNLIKELY to
confirm. I have -=never=- confirmed for a Prove-You-Love-Me email.
Never have, neve
> The problem is with the design itself. Only the real sender can and will
> confirm. The challenge to the *forged* sender of spam will not be
> responded to.
Not necessarily true-- anytime I see one of those challenges to a (forged
sender) address I control I'll click the confirmation link just t
fwiw, I also confirm any CR mails that I get. I just wanted to paste
in this quote... :)
"challenge response is a great way to tell people they are less important
than you" - Dan Quinlan via IRC
On Mon, May 11, 2009 at 2:33 PM, Dave Pooser wrote:
> Not necessarily true-- anytime I see o
On Mon, 2009-05-11 at 12:25 -0600, LuKreme wrote:
> On 11-May-2009, at 12:15, Karsten Bräckelmann wrote:
[ OP and challenge response question goes here ]
> > The problem is with the design itself. Only the real sender can and will
> > confirm.
>
> Only the real sender CAN confirm, but the real
Ned Slider a écrit :
> [snip]
> I
> would really like to see the creation of a tld along the lines of .bank,
> and make it like .gov or .edu (ac.uk) where only confirmed banks and
> financial institutions can register such domains.
my $devil{"advocate"}->mode = $status->enabled;
and after banks
> > In the meantime I'm left working on the basis that for the large part,
> > banks simply don't send email to my clients so *any* email claiming to
> > be from a bank is immediately highly suspicious and could probably be
> > scored well on the way to being spam.
> >
>
> I personally use dedica
mouss wrote:
Is phishing really a problem for banks? I don't think so.
You're kidding right?
On Mon, 11 May 2009, Marc Perkel wrote:
mouss wrote:
Is phishing really a problem for banks? I don't think so.
You're kidding right?
I think mouss' point is that if banks considered phishing "their problem"
they would be pursuing effective technological and policy solutions like
proper S
John Hardin wrote:
On Mon, 11 May 2009, Marc Perkel wrote:
mouss wrote:
Is phishing really a problem for banks? I don't think so.
You're kidding right?
I think mouss' point is that if banks considered phishing "their
problem" they would be pursuing effective technological and policy
sol
I wrote:
> I'm also toying with the idea of making the khop-sc-neighbors list
> (currently an sa-update channel) a DNSBL with return codes indicating
> its networks' rank on an inverse scale from 1-100 (though not
> necessarily with a hundred entries), so 127.0.0.100 means the
> top-ranked spamming
On Tue, 12 May 2009, Ned Slider wrote:
Then you get phish where the From address is a bank domain, and the
envelope address is from a completely unrelated domain with a valid spf
record so even a simple From_Bank && spf_pass isn't going to work.
That might make a useful general rule, though:
LuKreme wrote:
> On 10-May-2009, at 13:28, M> I started to check logs and saw 70%, 80% of emails
>> coming in weekends are spam (in my case).
>
> But more than 70-80% of the emails coming in on any day of the week
> are spam.
>
> 09-May-09: 85%
> 08-May-09: 87%
> 07-May-09: 82%
> 06-May-09: 88%
> 0
31 matches
Mail list logo
