On Tue, 22 Mar 2011, jon1234 wrote:
From where do they get that bounce message? From a host internal to your
network or from hosts out on the Internet?
The bounce message is only when they send certain domains that are external
to our network.
If that's coming from an internal MTA, I'd
On 23 Mar 2011, at 08:09, Dave Funk wrote:
On Tue, 22 Mar 2011, jon1234 wrote:
From where do they get that bounce message? From a host internal to your
network or from hosts out on the Internet?
The bounce message is only when they send certain domains that are external
to our
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. If you hit them too much, they start returning
100% false positives. Their listed limits are more than 100,000 queries
per day or more than 5 queries per second for more than a few minutes.
To disable them, add
On 3/23/2011 9:56 AM, dar...@chaosreigns.com wrote:
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. If you hit them too much, they start returning
100% false positives. Their listed limits are more than 100,000 queries
per day or more than 5 queries per
On 03/23, Blaine Fleming wrote:
As soon as the bug was reported on the dev list I disabled the
127.0.0.255 response code to avoid any additional issues. I will be
That was very kind of you.
3AM. Personally, I don't think it is unreasonable to start returning
this response code for someone
On Wed, 23 Mar 2011 11:56:25 -0400
dar...@chaosreigns.com wrote:
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. If you hit them too much, they start
returning 100% false positives.
On the bright side, anyone getting 100% false positives on any test has
On 03/21/2011 09:37 AM, Matus UHLAR - fantomas wrote:
Does anyone successfully use plugin or at least rules that catch
fake URLs?
I mean URLs pointing to different address than they appear, like:
a href=phishing.site/fake/webmailhttp://webmail.example.com//a
On 21.03.11 13:36, Adam
On 3/23/11 2:43 PM, Matus UHLAR - fantomas wrote:
I know about the problem with legal mail and spoofed URL's. That's why I
asked about plugin that would be able to accept whitelists.
I don't see if it's possible to combine this with matching some domains
while not matching others, e.g. allow
a
On 3/23/11 2:43 PM, Matus UHLAR - fantomas wrote:
I know about the problem with legal mail and spoofed URL's. That's why I
asked about plugin that would be able to accept whitelists.
I don't see if it's possible to combine this with matching some domains
while not matching others, e.g. allow
On 3/23/11 2:50 PM, Matus UHLAR - fantomas wrote:
On 3/23/11 2:43 PM, Matus UHLAR - fantomas wrote:
I know about the problem with legal mail and spoofed URL's. That's why I
asked about plugin that would be able to accept whitelists.
I don't see if it's possible to combine this with matching
On 03/23/2011 11:43 AM, Matus UHLAR - fantomas wrote:
On 03/21/2011 09:37 AM, Matus UHLAR - fantomas wrote:
Does anyone successfully use plugin or at least rules that
catch fake URLs?
On 21.03.11 13:36, Adam Katz wrote:
__SPOOFED_URL, a rule already shipping with SA, does this.
I know
On 23/03/2011 4:36 PM, Adam Katz wrote:
On 03/23/2011 11:43 AM, Matus UHLAR - fantomas wrote:
On 03/21/2011 09:37 AM, Matus UHLAR - fantomas wrote:
Does anyone successfully use plugin or at least rules that
catch fake URLs?
On 21.03.11 13:36, Adam Katz wrote:
__SPOOFED_URL, a rule already
On 3/23/2011 7:38 AM, Blaine Fleming wrote:
On 3/23/2011 9:56 AM, dar...@chaosreigns.com wrote:
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. If you hit them too much, they start returning
100% false positives. Their listed limits are more than 100,000
On Wed, 2011-03-23 at 10:18 -1000, Warren Togami Jr. wrote:
On 3/23/2011 7:38 AM, Blaine Fleming wrote:
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. [...]
As soon as the bug was reported on the dev list I disabled the
127.0.0.255 response code
On 3/23/2011 10:58 AM, Karsten Bräckelmann wrote:
On Wed, 2011-03-23 at 10:18 -1000, Warren Togami Jr. wrote:
On 3/23/2011 7:38 AM, Blaine Fleming wrote:
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. [...]
As soon as the bug was reported on the dev
On Mon, 2011-03-21 at 05:33 -0400, Michael Scheidell wrote:
32 systems, exactly the same cpu, step software. only minor differences
would be.. well, not even the exact set of rules. but can re2c randomly
compile something different depending on internal cpu cache?
only two of them had a
On Wed, 2011-03-23 at 11:08 -1000, Warren Togami Jr. wrote:
On 3/23/2011 10:58 AM, Karsten Bräckelmann wrote:
Ugh, nasty boy. ;) You do realize they wouldn't be hammering the SEM
DNS servers, if testrules wouldn't have slipped out accidentally -- by
sa-update.
Personally, I'd much
On 3/23/11 5:10 PM, Karsten Bräckelmann wrote:
Michael, I don't think I could follow you. Did you say that these
identical systems do have different rules?
there might be some slight differences in local.cf. thats it.
this one is very strange.
offlist if you want more details...
--
Michael
On 3/22/2011 1:16 PM, Mark Chaney wrote:
Ever notice that a lot of spam seems to have your username in
their from address? Such as an email sent TO b...@domain.com is
FROM blah...@anotherdomain.com (notice 'blah' included in the
from address).
On 3/22/2011 2:31 PM, Adam Katz wrote:
somebody
19 matches
Mail list logo