actually, that's not the pb with mySQL command. i just wanna suggestion abt
the script that can extract info from email header in my email db to create
a list (whitelist) for future purpose.
-- whitelist process. I'm working on the plugin but that's not the process
of generating db for my
OK, I have a 'honeypot' email address that is collecting spam.
the bayes mentioning local.cf settings (SA 3.3.1) are:
use_bayes 1
bayes_auto_learn 1
bayes_store_module Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsn DBI:mysql:bayes:localhost:3306
bayes_sql_username user
bayes_sql_password
On Thu, 2011-03-17 at 23:21 -0700, phuong hanu wrote:
actually, that's not the pb with mySQL command. i just wanna suggestion abt
the script that can extract info from email header in my email db to create
a list (whitelist) for future purpose.
IMO doing what you are asking about is asking
On Fri, 18 Mar 2011 04:22:40 +0100, Karsten Bräckelmann
guent...@rudersport.de wrote:
On Thu, 2011-03-17 at 12:58 +, Nigel Frankcom wrote:
Unrelated but reminded me I hadn't posted a thanks to all those that
responded about the sa-update rules. That's partly because I'm
awaiting permission
when local dns server is working there must only be one single nameserver
in resolv.conf and options rotate nust not be enabled
On Friday March 18 2011 04:04:23 Karsten Bräckelmann wrote:
In the SA case, due to some issues with the underlying DNS Perl module,
IIRC the first nameserver is
Subject: Re: SA and Spear Phishing
From: guent...@rudersport.de
To: users@spamassassin.apache.org
Date: Thu, 17 Mar 2011 21:38:19 +0100
Oh, well, the freemail address again is mostly unrelated to discussions
on this list -- though yeah, while hiding behind that address is not a
On Sat, 2011-03-19 at 00:46 +0400, Hamad Ali wrote:
Oh, well, the freemail address again is mostly unrelated to discussions
on this list -- though yeah, while hiding behind that address is not a
show-stopper, using your real address (especially if you provide mail
services) might help gain
From: Hamad Ali crownco...@hotmail.com
Date: Sat, 19 Mar 2011 00:46:08 +0400
## back on topic ##
Anyway, I would highly appreciate any help on spear phishing. A solution, a
guess, or just if you know whether you get spear phish at all is good
information for me (I started to
No wonder I have seen such a huge drop in spam the past few days:
http://timesofindia.indiatimes.com/tech/enterprise-it/security/Microsoft-brings-down-major-fake-drug-spam-network/articleshow/7734903.cms
Anyone else been noticing the decrease in spam?
Bill
On 2011/03/17 13:28, dar...@chaosreigns.com wrote:
On 03/18, Hamad Ali wrote:
No. Michael doesn't want to help you and Karsten doesn't want you to
participate in mass-checks because of your behavior on this list.
Are you referring to ban on masschecks, or ban on receiving any
On 03/18, jdow wrote:
As far as trust for mass checks Hamad Ali would have to trust the
custodians of the mass check data with the raw email stream data he
submits.
No, participating in mass checks does not require sending in all your raw
mail. It's nice when people do, but I believe most
On 2011/03/18 15:48, dar...@chaosreigns.com wrote:
On 03/18, jdow wrote:
As far as trust for mass checks Hamad Ali would have to trust the
custodians of the mass check data with the raw email stream data he
submits.
No, participating in mass checks does not require sending in all your raw
On Fri, 2011-03-18 at 15:39 -0700, jdow wrote:
You replied to a previous thread by creating a new thread. And that's
pissing people off.
Some may figure a person too dumb to use reply rather than creating
a new email is too hopeless to try to work with. Is he worth the energy
to try to
Hello Bill Landry,
Am 2011-03-18 15:11:47, hacktest Du folgendes herunter:
No wonder I have seen such a huge drop in spam the past few days:
??? I get 18-26 mio spams (36 servers with 96.000 users) per day and
nothing has changed. Please read the news (not only one) more carefully
On Sat, 19 Mar 2011 01:08:42 +0100
Michelle Konzack linux4miche...@tamay-dogan.net wrote:
No, because there are ore then one Botnet of this size now...
I also haven't noticed much difference.
Regards,
David.
Hello David F. Skoll,
Am 2011-03-18 20:12:01, hacktest Du folgendes herunter:
I also haven't noticed much difference.
...and fortunately I use zen.spamhaus.org to block on SMTP level! More
then 70% of the spams are blocked here. Spamassasin on USER level stop
arround 25%... The rest are own
On Sat, 2011-03-19 at 01:08 +0100, Michelle Konzack wrote:
No wonder I have seen such a huge drop in spam the past few days:
??? I get 18-26 mio spams (36 servers with 96.000 users) per day and
nothing has changed. Please read the news (not only one) more carefully
See the CBL report
Date: Fri, 18 Mar 2011 16:06:15 -0700
From: j...@earthlink.net
To: users@spamassassin.apache.org
Subject: Re: SA and Spear Phishing
And for well targeted spearfishing, he's still stuck because nothing
distinguishes it from his normal mail flow other than unknown sender
or DNS check
On Sat, 2011-03-19 at 04:38 +0400, Hamad Ali wrote:
[...] The human mind can be a better filter against
such spam than any result of mass checks.
One of the challenges behind spear phishing is that there is no single
performance evaluation against it. And this inlcludes user-training
So when it comes to spear phish, in my view, a big question mark
arises to indicate that its risk is simply unknow to mankind. This
is unknown in the public domain as far as I know, which is why I
posted this mail to see if any of you see any spear phish within the
load of SPAM you detect.
On 3/18/2011 5:08 PM, Michelle Konzack wrote:
Hello Bill Landry,
Am 2011-03-18 15:11:47, hacktest Du folgendes herunter:
No wonder I have seen such a huge drop in spam the past few days:
??? I get 18-26 mio spams (36 servers with 96.000 users) per day and
nothing has changed. Please
Subject: Re: SA and Spear Phishing
From: guent...@rudersport.de
To: users@spamassassin.apache.org
Date: Sat, 19 Mar 2011 02:02:35 +0100
(a) Never hand out your password. Less so in mail. No administrator ever
will ask for the user's password.
The
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next project, and that even a well
trained naive bayes filter might not detect it. let's be on touch on
this matter then. Any progress or collaboration is highly welcomed on
my side
About the only thing I need
Date: Fri, 18 Mar 2011 21:20:53 -0400
From: d...@roaringpenguin.com
To: users@spamassassin.apache.org
Subject: Re: SA and Spear Phishing
Spear phishing is inherently hard to detect because it's carefully
crafted for a small set of victims. We do
Date: Fri, 18 Mar 2011 18:38:44 -0700
From: jhar...@impsec.org
To: users@spamassassin.apache.org
Subject: Re: SA and Spear Phishing
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next project, and that even a well
On Sat, 2011-03-19 at 05:33 +0400, Hamad Ali wrote:
I think we have been always yelling that our users are stupid and blah,
and the reality still shows that users (which we hope to be educated)
are still the weakest element in the security chain. Some people still
focus on user training
On Sat, 2011-03-19 at 05:47 +0400, Hamad Ali wrote:
- John Hardin said: Phishing is his next project, and that even a well
trained naive bayes filter might not detect it. let's be on touch on
this matter then. Any progress or collaboration is highly welcomed on
my side
About
On Sat, 19 Mar 2011, Hamad Ali wrote:
Date: Fri, 18 Mar 2011 18:38:44 -0700
From: jhar...@impsec.org
To: users@spamassassin.apache.org
Subject: Re: SA and Spear Phishing
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next
On Sat, 19 Mar 2011, Karsten Br?ckelmann wrote:
On Sat, 2011-03-19 at 05:47 +0400, Hamad Ali wrote:
- John Hardin said: Phishing is his next project,
Have you considered the public SA ham/spam corpus,
and monkey.org/~jose phishing corpus?
Did we just drop the spear, and downgrade to
(My reply to the direct copy)
On 2011/03/18 17:38, Hamad Ali wrote:
Interesting: (I think you have bigger problems than mere spear-phishing.
Spam detection software, running on the system morticia.wizardess.wiz, has
identified this incoming email as possible spam. The original message
On 2011/03/18 18:33, Hamad Ali wrote:
Subject: Re: SA and Spear Phishing
From: guent...@rudersport.de
To: users@spamassassin.apache.org
Date: Sat, 19 Mar 2011 02:02:35 +0100
(a) Never hand out your password. Less so in mail. No administrator ever
will
On 2011/03/18 18:38, John Hardin wrote:
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next project, and that even a well
trained naive bayes filter might not detect it. let's be on touch on
this matter then. Any progress or collaboration is highly welcomed on
my
On Fri, 2011-03-18 at 20:25 -0700, jdow wrote:
Interesting: (I think you have bigger problems than mere spear-phishing.
1.6 RCVD_IN_NJABL_PROXYRBL: NJABL: sender is an open proxy
[64p79p213p206 listed in combined.njabl.org]
0.8 RCVD_IN_SORBS_SOCKS
On 2011/03/18 21:05, Karsten Bräckelmann wrote:
On Fri, 2011-03-18 at 20:25 -0700, jdow wrote:
Interesting: (I think you have bigger problems than mere spear-phishing.
1.6 RCVD_IN_NJABL_PROXYRBL: NJABL: sender is an open proxy
[64p79p213p206 listed in
Date: Fri, 18 Mar 2011 20:42:25 -0700
From: j...@earthlink.net
To: users@spamassassin.apache.org
Subject: Re: SA and Spear Phishing
Now, I bet SpamAssassin could be run twice, one with the standard setup
and the second one with extremely trimmed
On Fri, 2011-03-18 at 20:58 -0700, jdow wrote:
On 2011/03/18 19:08, Karsten Bräckelmann wrote:
Or, tell your users to *never* write down their password or any other
account details in mail -- by policy, violation warrants getting fired
next day.
Bingo, you've hit on an outgoing
On Fri, 2011-03-18 at 19:59 -0700, John Hardin wrote:
On Sat, 19 Mar 2011, Karsten Bräckelmann wrote:
Did we just drop the spear, and downgrade to general phishing?
For the purposes of my phishing rules project, yes.
Oh, right -- sorry, previously saw this in the context of *targeted*
spear
On Fri, 2011-03-18 at 20:47 -0700, jdow wrote:
Actually it might not be all that hard. Tweak some specific rule matches
that indicate a high probability of phishing or spearfishing to be
artificially high numbers. That will at least get them labeled as spam.
This is a per-site approach only.
On 2011/03/18 21:16, Karsten Bräckelmann wrote:
On Fri, 2011-03-18 at 20:58 -0700, jdow wrote:
Other obvious information to be filtered would include SSNs. For
privacy reasons filter for numbers that look like SSNs, reflect to
user with a were you sure wrapper, and if the user responds yes send
Subject: Re: SA and Spear Phishing
From: guent...@rudersport.de
To: users@spamassassin.apache.org
Date: Sat, 19 Mar 2011 06:02:31 +0100
[]
As I mentioned earlier, spear phishing (which are highly targeted) will
not have a hard time evading any
Just upgrading from Fedora 12 to Fedora 14 and when I run Spamassassin
(spamd) I get this:
spamd: accept failed: Transport endpoint is not connected at
/usr/bin/spamd line 1212
What am I doing wrong? Thanks in advance for your help.
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
41 matches
Mail list logo