On 12-May-2009, at 18:27, John Hardin wrote:
uri URI_HIDDEN/\/\../
Ah, that's very very nice.
Scoring it at 3.0, too aggressive?
--
No matter how fast light travels it finds the darkness has always
go there first, and is waiting for it.
On Wed, 13 May 2009, Lists wrote:
Do you mean in /etc/mail/spamassassin/FuzzyOcr?
I'm not familiar with the module in particular, but that
behaviour - runnable as one user (or root) but not another - is nearly
always some sort of permission issue. So if the permissions in the
directory look a
Benny Pedersen wrote:
> so when does NO_RELAYS trigger ?
>
> i spouted this today as one email sent with smtp localy here, spamassassin
> says all trusted, with is imho okay, but i think it should be NO_RELAYS
> and not ALL_TRUSTED
>
> is this a config error i have done or ?
>
In that case the l
Charles Gregory wrote:
On Wed, 13 May 2009, Kate Kleinschafer wrote:
when I run it as postfix (user that runs spamassassin)
So all the same apart from FuzzyOCR
I am unsure now how to find out why it is behaving this way.
Check for execute group permissions on the FuzzyOCR modules, make sure
th
Bill Landry wrote:
> Hi Henrik,
>
>> I've revamped fully the old code. Works still the same, but has some new
>> functions. It's also a bit more careful when parsing body (new parser,
>> emails inside <> are ignored, as well ones inside urls etc), so it might
>> even reduce FPs and add hits, who k
digital toast...
if you have a good system, them implement it for real with real email
addresses and reject all the fake (not valid) email addresses
to streamline, use a database of some sort if you have to
anything you do after that will at least follow more proper design flow...
isnt using a
Hi Henrik,
> I've revamped fully the old code. Works still the same, but has some new
> functions. It's also a bit more careful when parsing body (new parser,
> emails inside <> are ignored, as well ones inside urls etc), so it might
> even reduce FPs and add hits, who knows.
>
> Domains are now
On 12-May-2009, at 14:21, digitaltoast wrote:
LuKreme wrote:
Seriously, I've had family members who twaddled about with PYLM crap
and they simply stopped getting my emails until they learned.
Lucky them...
Ah, you're one of THOSE.
*plonk*
--
These are the thoughts that kept me out of th
On 12-May-2009, at 14:14, digitaltoast wrote:
often technical lists are full of people who spend their time doing
weird
things like trying to make their emails appear as attachments for
anyone not
using Elm via emacs, in the bizarre belief that:
Oddly, I've been reading mail for over 20 yea
John Hardin wrote:
On Wed, 13 May 2009, Ned Slider wrote:
uriLOCAL_URI_HIDDEN_DIRm{https?://.{1,40}/\.\w}
describeLOCAL_URI_HIDDEN_DIRcontains hidden directory of form
example.com/.something
the fourth might be indicative of a hacked server with a hidden
phishing directo
On Wed, 13 May 2009, Ned Slider wrote:
uri LOCAL_URI_HIDDEN_DIRm{https?://.{1,40}/\.\w}
describe LOCAL_URI_HIDDEN_DIR contains hidden directory of form
example.com/.something
the fourth might be indicative of a hacked server with a hidden
phishing directory.
Any comments?
Mike Cardwell wrote:
Marc Perkel wrote:
Or maybe I'm trying to reinvent a wheel someone already has up and
running :-)
a bank without SPF or DKIM signing is NOT worth using
Yes - but I think what he's saying is that you have to start with a
list of bank domains, the test those domains with
John Hardin a écrit :
> On Tue, 12 May 2009, Ned Slider wrote:
>
>> Then you get phish where the From address is a bank domain, and the
>> envelope address is from a completely unrelated domain with a valid
>> spf record so even a simple From_Bank && spf_pass isn't going to work.
>
> That might m
Marc Perkel a écrit :
>
>
> mouss wrote:
>> Is phishing really a problem for banks? I don't think so.
>
(I'll forgive you for snipping the rest of the paragraph, and thus
isolating a single phrase which was part of a context...).
> You're kidding right?
>
No. I never heard of a bank losin
On Wed, 13 May 2009, Kate Kleinschafer wrote:
when I run it as postfix (user that runs spamassassin)
So all the same apart from FuzzyOCR
I am unsure now how to find out why it is behaving this way.
Check for execute group permissions on the FuzzyOCR modules, make sure
they are in a group of whi
On Tue, 12 May 2009, Yet Another Ninja wrote:
Oh.. you must have skipped the first 52 lines of EmailBL.pm
No I can *now* see the two lines that say where the module gathers
addresses from. If they were there before, my apologies. But I read that
section of the module pretty closely.
St
Hi All
I have found that FuzzyOcr is not being run properly.
On a message that has image spam (png) when I run spamassassin -t
MESSAGE.MAI it picks it up correctly and gives
pts rule name description
--
--
1
LuKreme and guys wrote:
> On 12-May-2009, at 10:11, Adam Katz wrote:
>> I'd go a step farther ... mail sent outside of the work day
>> (local *and* EST) is more commonly spam.
>
> If you mailserver is only used for a normal work-day company and
> normal workday emails, this is possibly true.
He
so when does NO_RELAYS trigger ?
i spouted this today as one email sent with smtp localy here, spamassassin
says all trusted, with is imho okay, but i think it should be NO_RELAYS
and not ALL_TRUSTED
is this a config error i have done or ?
--
http://localhost/ 100% uptime and 100% mirrored :)
Adam, if you'd like to try these out I'd be very happy ;)
masses/bayes-testing/README in the SA svn repository
describes how we test new tokenization strategies, in order to
pick the ones that actually _work_. (It's quite counterintuitive
at times as to what really helps.)
also, there's experime
Adam Katz wrote:
>> vi'aqra pr,ofe'ssio,nal matters very much to your s.e,x
>> be self-satisfied - use vi'aqra sper act,i've
>> vi'aqra prfessional - never forget about your s'e.x
>> test s p a c e d words t w i c e in a line
>> this is an act--i've shown it 5 x, a record!
Ignore the missing /^
LuKreme wrote:
> Seriously, I've had family members who twaddled about with PYLM crap
> and they simply stopped getting my emails until they learned.
Lucky them...
--
View this message in context:
http://www.nabble.com/Boxtrapper-and-Spamassassin-Cpanel-11-strange-behaviour.-tp23483808p23509
Paul Houselander wrote:
> I'm getting some spam slip through with subjects like
>
> vi'aqra pr,ofe'ssio,nal matters very much to your s.e,x
> be self-satisfied - use vi'aqra sper act,i've
> vi'aqra prfessional - never forget about your s'e.x
This is something I'd typically just throw to the bayes
Karsten Bräckelmann-2 wrote:
>
> On Mon, 2009-05-11 at 06:56 -0700, an anonymous Nabble user wrote:
>> THE PROBLEM: I'm signed up to over 300 forums, shops, sites etc, so
>> there's
>> no way I could make an email address box for all of those
>> "pseudoaddresses",
>> as it were. So I can't turn t
On Tuesday 12 May 2009, LuKreme wrote:
>On 11-May-2009, at 17:20, Marc Perkel wrote:
>> mouss wrote:
>>> Is phishing really a problem for banks? I don't think so.
>>
>> You're kidding right?
>
>No, he has a point. The people with the problem are the customers. The
>bank is at best neutral and at wo
On 11-May-2009, at 17:20, Marc Perkel wrote:
mouss wrote:
Is phishing really a problem for banks? I don't think so.
You're kidding right?
No, he has a point. The people with the problem are the customers. The
bank is at best neutral and at worst couldn't care less.
Also, despite the amou
LuKreme wrote:
> On 12-May-2009, at 10:11, Adam Katz wrote:
>> I'd go a step farther ... mail sent outside of the work day
>> (local *and* EST) is more commonly spam.
>
> If you mailserver is only used for a normal work-day company and
> normal workday emails, this is possibly true.
I should have
On 12-May-2009, at 10:11, Adam Katz wrote:
I'd go a step farther ... mail sent outside of the work day (local
*and* EST) is more commonly spam.
If you mailserver is only used for a normal work-day company and
normal workday emails, this is possibly true.
On my mailserver there is a slight
*Newbie Alert*
Afternoon all,
I'm a customer of a large host (Hostgator) and I am using their shared
hosting implementation of SA for my personal email. I also have SSH
access to my server, under a jailed shell.
SA works well for me, but I wanted to add bayes filtering. Hostgator
told me th
Hi
I'm getting some spam slip through with subjects like
vi'aqra pr,ofe'ssio,nal matters very much to your s.e,x
be self-satisfied - use vi'aqra sper act,i've
vi'aqra prfessional - never forget about your s'e.x
I was trying to write a rule to catch and tried
header PH1 Subject =~
On Tue, May 12, 2009 at 04:47:25PM +0200, Wolfgang Zeikat wrote:
> Hi
>
> On 05/12/2009 11:20 AM, Henrik K wrote:
>> http://sa.hege.li/EmailBL.pm (see inside for documentation)
>
> ### About:
> #
> # This plugin creates rbl style DNS lookups for emails.
>
> does this plugin handle emails in the se
I'd go a step farther ... mail sent outside of the work day (local
*and* EST) is more commonly spam.
My current assumption (not yet backed by stats) is to add points to
anything between 12a-6a EST that is also between 1a-5a locally. In
addition, some points (but not as many) can be awarded to wee
Rick Macdougall wrote:
Randy wrote:
Rick Macdougall wrote:
Hi,
I'm seeing a massive increase in connection attempts since 7am EDT
this morning.
Most is being rejected because of not existing users but the majority
that is getting through is hitting
"Sanesecurity.Casino.11228.UNOFFICIAL".
> I've been using them for years. We do a lot of email (5 mail servers) as
> an ISP.
>
> I sometimes get network test access for free, for others I have paid.
> It's either a pay big or pay nothing, with no middle ground
> unfortunately.
>
> Integrate some sort of private purpose p2p system wi
On 5/12/2009 5:45 PM, Charles Gregory wrote:
I haven't been following the long thread about this plugin.
When I followed the links and examined the code/docs, I
found that I really didn't have a sense of WHAT this plugin
does.
At first I thought it was checking for spam 'reply' e-mail addresses
I haven't been following the long thread about this plugin.
When I followed the links and examined the code/docs, I
found that I really didn't have a sense of WHAT this plugin
does.
At first I thought it was checking for spam 'reply' e-mail addresses
within the body of an e-mail (the often used
On 5/12/2009 5:37 PM, Charles Gregory wrote:
On Tue, 12 May 2009, Marc Perkel wrote:
> Here's how you do it in Exim
your idea is a has a MASSIVE drawback.
It queries the mailbl for EVERY address...
That's not the whole code that I'm using. I'm just demonstrating the
concept of how you would
Hello LuKreme,
Looking with your eyes this is righ. Maybe some very low score and something
more particular .. like in geomark
Well, great ! Thanks to share this things ...
Marcelo
Matt Kettler-3 wrote:
>
> LuKreme wrote:
>> On 10-May-2009, at 13:28, M>> I started to check logs and saw
This is right but if you look in an other way you will see:
Monday-Friday: 70% of SPAM and 30% of HAM
Sat-Sund: 95% SPAM and 5% HAM
... do you agree ?
Marcelo
LuKreme wrote:
>
> On 10-May-2009, at 13:28, M> I started to check logs and saw 70%, 80% of emails
>> coming in weekends are spam
On Tue, 12 May 2009, Marc Perkel wrote:
> Here's how you do it in Exim
your idea is a has a MASSIVE drawback.
It queries the mailbl for EVERY address...
That's not the whole code that I'm using. I'm just demonstrating the
concept of how you would make it usable from Exim. I have a lot of othe
I've been using them for years. We do a lot of email (5 mail servers) as
an ISP.
I sometimes get network test access for free, for others I have paid.
It's either a pay big or pay nothing, with no middle ground
unfortunately. Many of these, I run my own dns servers and use rsync to
replicate t
On 5/12/2009 5:02 PM, Marc Perkel wrote:
Do you need more mirrors? I can offer you 4 additional servers.
This is all a proof of concept thing and nobody knows what the outcome
may be.
This zone will disappear in +- 30 days. and unless the mirrors complain
that the load is rising a lot, I d
Do you need more mirrors? I can offer you 4 additional servers.
Henrik K wrote:
Hi,
EmailBL plugin is now available for testing. Small test zone has been
running for a while, it contains trapped addresses from some of the most
popular freemail domains.
http://sa.hege.li/EmailBL.pm (see inside
Yet Another Ninja wrote:
On 5/12/2009 4:32 PM, Marc Perkel wrote:
I'm not using your plugin yet but using it from Exim instead and it's
working well. Lots of hist. I suppose we'll find out if there's any
false positives.
Here's how you do it in Exim
set acl_c_from_address = ${lc:${address:
I've added it to SVN for testing -- my sandbox for now, but I'll move
it to Alex's once his acct is set up ;)
is there a test entry for this zone?
--j.
On Tue, May 12, 2009 at 11:26, Yet Another Ninja wrote:
> On 5/12/2009 11:20 AM, Henrik K wrote:
>>
>> Hi,
>>
>> EmailBL plugin is now availabl
Hi
On 05/12/2009 11:20 AM, Henrik K wrote:
http://sa.hege.li/EmailBL.pm (see inside for documentation)
### About:
#
# This plugin creates rbl style DNS lookups for emails.
does this plugin handle emails in the sense of "email addresses"? Or
does it make md5hashes of emails in the sense of "
On 5/12/2009 4:32 PM, Marc Perkel wrote:
I'm not using your plugin yet but using it from Exim instead and it's
working well. Lots of hist. I suppose we'll find out if there's any
false positives.
Here's how you do it in Exim
set acl_c_from_address = ${lc:${address:$h_From:}}
set acl_c_from_ad
my apologize to the list, i have posted on png issue, without reading before;
there was more mails on this issue than the spam we have received, at least
the spammers get one result, that we become spammers like them and flood our
mailing list
i should buy their produtcs and lasting some minut
I'm not using your plugin yet but using it from Exim instead and it's
working well. Lots of hist. I suppose we'll find out if there's any
false positives.
Here's how you do it in Exim
set acl_c_from_address = ${lc:${address:$h_From:}}
set acl_c_from_address_hash = ${md5:$acl_c_from_address}
dn
Randy wrote:
Rick Macdougall wrote:
Hi,
I'm seeing a massive increase in connection attempts since 7am EDT
this morning.
Most is being rejected because of not existing users but the majority
that is getting through is hitting
"Sanesecurity.Casino.11228.UNOFFICIAL".
Back skatter? Someone
Rick Macdougall wrote:
Hi,
I'm seeing a massive increase in connection attempts since 7am EDT
this morning.
Most is being rejected because of not existing users but the majority
that is getting through is hitting
"Sanesecurity.Casino.11228.UNOFFICIAL".
I'm seeing this across 5 different s
Hi,
I'm seeing a massive increase in connection attempts since 7am EDT this
morning.
Most is being rejected because of not existing users but the majority
that is getting through is hitting "Sanesecurity.Casino.11228.UNOFFICIAL".
I'm seeing this across 5 different servers, all hosting diffe
On Mon, 2009-05-11 at 19:36 -0700, John Hardin wrote:
> On Tue, 12 May 2009, Ned Slider wrote:
>
> > Then you get phish where the From address is a bank domain, and the
> > envelope address is from a completely unrelated domain with a valid spf
> > record so even a simple From_Bank && spf_pass i
On 5/12/2009 11:20 AM, Henrik K wrote:
Hi,
EmailBL plugin is now available for testing. Small test zone has been
running for a while, it contains trapped addresses from some of the most
popular freemail domains.
http://sa.hege.li/EmailBL.pm (see inside for documentation)
http://sa.hege.li/Emai
Hi;
Ned Slider wrote:
>My point is it's really not easy to track down such information even
when banks do occasionally try to do the right thing. Maybe there is
already a >list out there. If not, maybe we should compile one? It's
hard work trying to do it by yourself, but done as a group it w
Hi,
EmailBL plugin is now available for testing. Small test zone has been
running for a while, it contains trapped addresses from some of the most
popular freemail domains.
http://sa.hege.li/EmailBL.pm (see inside for documentation)
http://sa.hege.li/EmailBL.cf (contains the test zone)
http://
56 matches
Mail list logo