On Fri, 10 Jul 2009, a...@exys.org wrote:
David Lomax wrote:
i wish MUAs would start supporting mailinglists.
Whats so hard about offering a button to unsubscribe, or thread view?
*sigh*
SOME MUAs -DO- have built in mail-list support.
When I read this list my MUA synthesizes a footer
On Fri, 2009-07-10 at 22:46 -0500, McDonald, Dan wrote:
From: Jason L Tibbitts III [mailto:ti...@math.uh.edu]
MD == McDonald, Dan dan.mcdon...@austinenergy.com writes:
MD They are using underscores, which are a [:punct:], but don't form
MD a \b break.
I'm becoming confused as to what
On Fri, 2009-07-10 at 14:08 +0100, David Lomax wrote:
David Lomax. Ummm. You would really think a guy working for Barracuda
Networks;
'The world wide leader in email security'
could figure out how to unsubscribe from a mailing list. Oh dear..
New rules:
body __MED_BEG_SP /\bw{2,3}[[:space:]][[:alpha:]]{2,6}\d{2,6}/i
body __MED_BEG_PUNCT /\bw{2,3}[[:punct:]]{1,3}[[:alpha:]]{2,6}\d{2,6}/i
body __MED_BEG_DOT /\bw{2,3}\.[[:alpha:]]{2,6}\d{2,6}/i
body __MED_BEG_BOTH
Dnia 2009-07-10, pią o godzinie 16:48 -0700, fchan pisze:
Don't tempt them, I already get enough spam not only from these guys.
Also they will flood the network with smtp useless connections and
unless you have good network attack mitigation system so you don't
have a DDoS, don't tempt them.
One of our client's websites gets hacked frequently - 1x per month -
usually with some kind of phishing scam.
I understand their first line of defense is to make sure security is
tight and systems are up to date, however, it seems to me that there
must be some scanning utility that would
From: rich...@buzzhost.co.uk [mailto:rich...@buzzhost.co.uk]
On Fri, 2009-07-10 at 22:46 -0500, McDonald, Dan wrote:
From: Jason L Tibbitts III [mailto:ti...@math.uh.edu]
MD == McDonald, Dan dan.mcdon...@austinenergy.com writes:
MD They are using underscores, which are a [:punct:], but don't
One of our client's websites gets hacked frequently - 1x per month -
usually with some kind of phishing scam.
I understand their first line of defense is to make sure security is
tight and systems are up to date, however, it seems to me that there
must be some scanning utility that would
On Sat, 2009-07-11 at 07:14 -0500, McDonald, Dan wrote:
From: rich...@buzzhost.co.uk [mailto:rich...@buzzhost.co.uk]
On Fri, 2009-07-10 at 22:46 -0500, McDonald, Dan wrote:
From: Jason L Tibbitts III [mailto:ti...@math.uh.edu]
MD == McDonald, Dan dan.mcdon...@austinenergy.com writes:
MD
schmero...@gmail.com wrote:
One of our client's websites gets hacked frequently - 1x per month -
usually with some kind of phishing scam.
I understand their first line of defense is to make sure security is
tight and systems are up to date, however, it seems to me that there
must be some
schmero...@gmail.com wrote:
So, if our client was google, the utility would search all files on the
site looking for domains. If it found microsoft.com within one of the
pages and email would be sent to the administrator who could delete the
page and look for other evidence of being hacked or
At 05:06 11-07-2009, schmero...@gmail.com wrote:
One of our client's websites gets hacked frequently - 1x per month -
usually with some kind of phishing scam.
I understand their first line of defense is to make sure security is
tight and systems are up to date, however, it seems to me that
You could take a look at ModSecurity if you are on Apache(
http://www.modsecurity.org/ ) to block the attacks that found the holes in
the first place, once you have fixed the current issue that is.
The standard ruleset is very good and can be relatively easily tweaked.
--
Regards
Barry
On Sat, 2009-07-11 at 17:08 +0100, Barry Porter wrote:
You could take a look at ModSecurity if you are on Apache(
http://www.modsecurity.org/ ) to block the attacks that found the holes in
the first place, once you have fixed the current issue that is.
The standard ruleset is very good and
MrGibbage wrote:
When I test SA, I log into a bash shell. I set my environment
variables in .bash_profile (loading changes with the 'source'
command).
Login bash shells source the .bash_profile. But scripts and system
daemons such as spamd do not. So you are right that there is
potential
MD == McDonald, Dan dan.mcdon...@austinenergy.com writes:
MD The rules I posted last night catch those. They switched from
MD underscores to commas this morning, and my rules still catch them.
FYI, they're also using plus signs, which also seem to be caught
properly by your rules. I think
From: Jason L Tibbitts III [mailto:ti...@math.uh.edu]
MD == McDonald, Dan dan.mcdon...@austinenergy.com writes:
MD The rules I posted last night catch those. They switched from
MD underscores to commas this morning, and my rules still catch them.
I still wonder, though, if we shouldn't be
I have been trying to install Razor2 for two days now. I am on a Dreamhost
VPS, but I don't have root access, so my perl modules go in ~/share/perl. I
have that in my PERL5LIB environment variable. And yet, when I receive an
email, I get the following types of messages in my logs:
[20377] dbg:
I am using Spamassassin 3.2.4-1ubuntu1.1. Spamassassin is used by my Exim
server with spamd.
The problem is have is that sometimes I get RBL hits eventhrough the sender
is using a valid smarthost.
Example:
Received: from fmmailgate04.web.de ([217.72.192.242])
by myMailServer with esmtp
I am using Spamassassin 3.2.4-1ubuntu1.1. Spamassassin is used by my Exim
server with spamd.
The problem is have is that sometimes I get RBL hits eventhrough the
sender
is using a valid smarthost.
Example:
Received: from fmmailgate04.web.de ([217.72.192.242])
by myMailServer with
Thx for the quick reply.
No, I hardly changed the Ubuntu config at all and just to make sure I
scanned all my spamassassin config files and there was no trusted_network
setup.
Now I tested the same message on the console with spamassassin -D
message.txt
It gave me the same hit
On Sat, 11 Jul 2009 12:52:56 -0700 (PDT)
dmy i...@dwsa.de wrote:
As far as I understand SpamAssassin is supposed to just check the ip
that directly delivered the email to my server but not the IP the
email is originally from (as that woundn't make any sense as almost
everyone is using dyn
So is there a way to configure that ALL DNS tests just use the last external
ip address (or at least NOT the first one?). Because to me it doesn't make
any sense to test the ip people use to deliver messages to their smarthost
and it produces quite a few false positives on my system...
RW-15
So is there a way to configure that ALL DNS tests just use the last
external
ip address (or at least NOT the first one?). Because to me it doesn't make
any sense to test the ip people use to deliver messages to their smarthost
and it produces quite a few false positives on my system...
It
Never mind. I'll just use report_safe 0.
On Sat, July 11, 2009 14:06, schmero...@gmail.com wrote:
Any ideas where to look for such a beast /or a mailing list that deals
with this type of issue?
pages and url that have webserver writeble dirs is always a risk, remove this
possible to do this solves the problem
else make use of
On Sun, 12 Jul 2009 00:46:34 +0300 (EEST)
Jari Fredriksson ja...@iki.fi wrote:
So is there a way to configure that ALL DNS tests just use the last
external
ip address (or at least NOT the first one?). Because to me it
doesn't make any sense to test the ip people use to deliver
On Sat, 2009-07-11 at 12:52 -0700, an anonymous Nabble user wrote:
The problem is have is that sometimes I get RBL hits eventhrough the sender
is using a valid smarthost.
Some DNSBLs are *meant* to do deep parsing. PBL style ones are not, and
only check the last external, submitting hop.
On Sat, 2009-07-11 at 12:52 -0700, an anonymous Nabble user wrote:
I am using Spamassassin 3.2.4-1ubuntu1.1. Spamassassin is used by my Exim
server with spamd.
X-Spam-Score: -0.4 (/)
X-Spam-Report: Spam report:
If you have any questions, see postmas...@dwsa.de for details.
From: dmy i...@dwsa.de
Date: Sat, 11 Jul 2009 14:27:34 -0700 (PDT)
So is there a way to configure that ALL DNS tests just use the last external
ip address (or at least NOT the first one?). Because to me it doesn't make
any sense to test the ip people use to deliver messages to
I'd establish a
http://people.apache.org/~jm/devel/README.txt
warning people which one of
http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.3.0-alpha1.tar.bz2
http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.3.0.tar.bz2
they really want. I guessed the former.
Karsten Bräckelmann-2 wrote:
On Sat, 2009-07-11 at 12:52 -0700, an anonymous Nabble user wrote:
The problem is have is that sometimes I get RBL hits eventhrough the
sender
is using a valid smarthost.
Some DNSBLs are *meant* to do deep parsing. PBL style ones are not, and
only check
On Sat, 2009-07-11 at 14:27 -0700, dmy wrote:
So is there a way to configure that ALL DNS tests just use the last external
ip address (or at least NOT the first one?). Because to me it doesn't make
any sense to test the ip people use to deliver messages to their smarthost
and it produces quite
33 matches
Mail list logo