On 2011-08-23 7:38, Michael Scheidell wrote:
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
SA has this already... and more.
read into URIDNSBL.pm an
On Tue, 23 Aug 2011 01:38:08 -0400, Michael Scheidell wrote:
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all
share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
if outright blocking is wanted (its stup
On Mon, 22 Aug 2011 16:13:03 -0700, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all
share
the same set of authoritative nameservers.
1: make the plugin
2: add whitelist/skiplist could ideally be urlbl_skip_domain that are
used
commit code to sandbox
On 2011-08-23 2:21, dar...@chaosreigns.com wrote:
On 08/22, Adam Katz wrote:
this not worth doing? I realize that the potential for collateral
damage is high, so I don't think it'd be wise to try and publish any
sort of data for such a plugin, but it seems like the plugin itself
might be occasi
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
*
On 08/22, Adam Katz wrote:
> > this not worth doing? I realize that the potential for collateral
> > damage is high, so I don't think it'd be wise to try and publish any
> > sort of data for such a plugin, but it seems like the plugin itself
> > might be occasionally useful...
>
> It might be use
On 08/22/2011 04:13 PM, Noah Meyerhans wrote:
> I've recently observed a fair amount of spam from domains that all
> share the same set of authoritative nameservers. It occurred to me
> that it might be nice to be able to blacklist mail from all domains
> sharing these nameservers, or maybe to sim
I've recently observed a fair amount of spam from domains that all share
the same set of authoritative nameservers. It occurred to me that it
might be nice to be able to blacklist mail from all domains sharing
these nameservers, or maybe to simply have that trait count toward the
spam score. I do
On Tue, 23 Aug 2011 00:02:10 +0200, Benny Pedersen wrote:
it did not, lets try www.pastebin.com (i remember explore)
yep this is active link in roundcube with explore 9
On Mon, 22 Aug 2011 23:57:07 +0200, Benny Pedersen wrote:
On Mon, 22 Aug 2011 21:38:31 +0100, Ned Slider wrote:
and make __HAS_ANY_URI (and __DOS_HAS_ANY_URI) a meta of the above
two rules.
lets see if roundcube makes pastebin.com aktive url :=)
imho if it does spamassassin should also do
On Mon, 22 Aug 2011 21:38:31 +0100, Ned Slider wrote:
and make __HAS_ANY_URI (and __DOS_HAS_ANY_URI) a meta of the above
two rules.
lets see if roundcube makes pastebin.com aktive url :=)
imho if it does spamassassin should also do
On 22/08/11 21:46, John Hardin wrote:
On Mon, 22 Aug 2011, Ned Slider wrote:
uri __REALLY_HAS_ANY_URI m{https?://.}
and if we want to test for email addresses:
uri __HAS_ANY_URI_EMAIL /@/
and make __HAS_ANY_URI (and __DOS_HAS_ANY_URI) a meta of the above two
rules.
Given they're the vast m
On Mon, 22 Aug 2011, Ned Slider wrote:
uri __REALLY_HAS_ANY_URIm{https?://.}
and if we want to test for email addresses:
uri __HAS_ANY_URI_EMAIL /@/
and make __HAS_ANY_URI (and __DOS_HAS_ANY_URI) a meta of the above two rules.
Given they're the vast majority, but htt
On 22/08/11 20:37, Adam Katz wrote:
On 08/14/2011 02:17 PM, Ned Slider wrote:
Hi all,
The following email hits __HAS_ANY_URI and I'm not sure why:
http://pastebin.com/jvFrFhA4
When I run the message through SpamAssassin in debug mode I see:
dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __
On 08/14/2011 02:17 PM, Ned Slider wrote:
> Hi all,
>
> The following email hits __HAS_ANY_URI and I'm not sure why:
>
> http://pastebin.com/jvFrFhA4
>
> When I run the message through SpamAssassin in debug mode I see:
>
> dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI
> dbg: ru
On Mon, 22 Aug 2011 14:01:20 -0400
dar...@chaosreigns.com wrote:
> What reason do you have to believe it's a legitimate email from
> spamhaus? Have you tried contacting spamhaus or mxtools about it?
The mail might have been legitimate. We've seen a few of these messages
from MX Tools and they ha
On 08/20, Michael Scheidell wrote:
> Received: from mx1.secnap.com.ionspam.net ([204.89.241.253])
> and, like I said in earlier email, they even have the spf dns records wrong.
> host -t txt mxtools.com
> mxtools.com descriptive text "v=spf1 ip4:68.71.38.3 ip4:209.44.121.50 mx ~all"
>
>
> so, w
On Mon, 22 Aug 2011 15:46:14 +0200, J4K wrote:
# sa-learn --dump magic
0.000 0 3 0 non-token data: bayes db
version
0.000 0640 0 non-token data: nspam
0.000 0 7001 0 non-token data: nham
0.000 0 36689
On 8/19/11 10:27 PM, Noel Butler wrote:
On Sat, 2011-08-20 at 02:04 +, John Levine wrote:
MXTools is real, I know some of the people who work there.
Dunno why they'd think you're querying the Spamhaus lists if you
aren't -- it is my impression that Spamhaus looks at the query logs
and passe
Afternoon gentlemen,
Seems the Bayes dB has become lop-sided in favour of ham. SA is
doing its job as there is little spam coming through these recently. I
had hoped we could keep it one third spam and two thirds spam. Does the
slant shown below (nspam verses nham) cause any problems w
On Tue, 16 Aug 2011 18:29:13 +0200, Geert Haustraete wrote:
I'm running 2 mail servers where one is a backup server in case the
primary is unreachable. Both are set to include the SPF result in the
mail header. I have put these rules into my local.cf file.
(snip-rules)
perldoc Mail::SpamAssa
On 16.08.11 18:29, Geert Haustraete wrote:
I'm running 2 mail servers where one is a backup server in case the
primary is unreachable. Both are set to include the SPF result in the
mail header. I have put these rules into my local.cf file.
#Check for SPF headers
header LOCAL_SPF_PASS Received
22 matches
Mail list logo
