On 02-Mar-10 09:58, MGW-Discussions wrote:
when the test email comes through, it is rejected with a score of 5.2/5.0
You are REJECTING at a score of 5.0?
That's a bad idea.
Generally if you run SA at transaction you will tag at a score of 5.0
through maybe 10.0 or maybe even 12.0, it is only
Thanks for the advice guys.
I will try to get a good sample, however, I will have to tweak some
rulesets to even get it to stay in citadel long enough to view it.
I haven't been able to play with my spamassassin install very much,
other than automating the updates on rules.
Thanks again, an
The problem was multiline rules with rawbody. Changing it
to full and things work. (I missed that little detail in
the wiki, and there are body rules in the dist that have /is)
A rule in-between rawbody/full? I.e. the whole body, but not the
headers? Or even better, in addition to that, p
On 03/03/2010 01:54 PM, John Hardin wrote:
>
> mimeheader OBFU_PDF_ATTACH Content-Type =~
> m,application/octet-stream;.+\.pdf\b,i
> describe OBFU_PDF_ATTACH PDF attachment with generic MIME type
> scoreOBFU_PDF_ATTACH 0.25
FYI I've noticed Outlook sends all PDF att
On Tue, 2 Mar 2010, John Hardin wrote:
Would you be willing to test this and see how well it does in practice?
{grumble} reply-to {grumble}
Sorry for spamming the list with this, it was meant just for Chip.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@im
On Tue, 2 Mar 2010, Chip M. wrote:
Since these started, they've had 19 of these phish:
1 "Bank of America"
1 "PayPaI"
1 "Paypal Inc."
1 "serv...@irs.gov"
1 "serv...@paypal.com"
1 "serv...@paypal.com"
3 "serv...@paypal.com"
1 "U.S. Bancorp"
1 "Wachovia"
1 "Wells Fargo Online"
1 Bank of
On Tue, 2010-03-02 at 10:32 -0500, dar...@chaosreigns.com wrote:
> If you have spamassassin's trusted_networks value configured properly, this
> module will now always report the correct IP to DNSWL when you run
> spamassassin --report.
>
> trusted_networks needs to be right for all DNS Blacklist
Lucio Chiappetti wrote:
On Mon, 1 Mar 2010, Marc Perkel wrote:
For what it's worth - if any of you have domains you don't use you can
point them to my virus harvesting server for spam harvesting.
Hmm ... how dead is dead ? :-)
We had for some time three domains (our institute was moved fro
On Sun, 28 Feb 2010, LuKreme wrote:
> SPF!
>
>
You're a brave person. ;)
It's easier to understand the challenge Dave faces, if we look at
some actual From headers.
In my stream, these started in early November of last year, so I
just checked a few months of data from one domain which has h
I've been running it since 1:51 Eastern (US) time, yesterday.
>You risk wrongly flagging legitimate email if you make IP queries
>to the DBL.
For now, I'm :) cheating, by mapping one of the (officially)
unused high bits to a negative score, which should wipe out the
positive score for a raw IP UR
On Mon, 1 Mar 2010, Marc Perkel wrote:
For what it's worth - if any of you have domains you don't use you can
point them to my virus harvesting server for spam harvesting.
(SNIP)
The sender has to do
several other things in order to be blacklisted.
Simple question: Does your 'harvester' have
Quoting Lucio Chiappetti :
On Mon, 1 Mar 2010, Marc Perkel wrote:
For what it's worth - if any of you have domains you don't use you can
point them to my virus harvesting server for spam harvesting.
Hmm ... how dead is dead ? :-)
We had for some time three domains (our institute was moved f
On Tue, Mar 2, 2010 at 8:58 AM, MGW-Discussions
wrote:
> Greetings all.
>
> I am sure that I would be better able to diagnose this problem if I was able
> to capture the incident email traffic, however, at this point I have not
> been able to retrieve the emails.
>
> The situation is that upon reg
On Mon, 1 Mar 2010, Marc Perkel wrote:
For what it's worth - if any of you have domains you don't use you can
point them to my virus harvesting server for spam harvesting.
Hmm ... how dead is dead ? :-)
We had for some time three domains (our institute was moved from one
national organizatio
On Tue, 2010-03-02 at 11:58 -0500, MGW-Discussions wrote:
> I am sure that I would be better able to diagnose this problem if I was
> able to capture the incident email traffic, however, at this point I
> have not been able to retrieve the emails.
Check your logs for the rules the email triggere
Greetings all.
I am sure that I would be better able to diagnose this problem if I was
able to capture the incident email traffic, however, at this point I
have not been able to retrieve the emails.
The situation is that upon registration of a new username for comcast
services, which is actu
If you have spamassassin's trusted_networks value configured properly, this
module will now always report the correct IP to DNSWL when you run
spamassassin --report.
trusted_networks needs to be right for all DNS Blacklist checks (and DNSWL)
to know which IP to check. Mine currently looks like:
You'll love this..
My nightly sa-update cron ran last night and upgraded my "modified"
rules (was version 916621) to a newer version (version 917420). This, of
course, undid my changes. And equally surprising, --lint passed.
I looked at the diffs and sure enough, the same lines were back (number
On Tuesday, March 2, 2010, 1:16:17 AM, Jeremy Fairbrass wrote:
> "ram" wrote in message
> news:1267506187.16095.11.ca...@darkstar.netcore.co.in...
>> http://www.spamhaus.org/dbl/
>> I think sa-folks would have this already in some URIBL rule. What are
>> the scores you assign for a dbl positive h
"ram" wrote in message
news:1267506187.16095.11.ca...@darkstar.netcore.co.in...
http://www.spamhaus.org/dbl/
I think sa-folks would have this already in some URIBL rule. What are
the scores you assign for a dbl positive hit ?
I assume my current datafeed would already extend to data access on t
20 matches
Mail list logo
