On 06/03/2013 11:51 PM, Alex wrote:
Hi,
Do you not like connection-oriented RBLs? That client IP address is in
both cbl.abuseat.org & pbl.spamhaus.org lists as an infected client.
We run an anti-spam service for about 100K users and sell appliances
that filter for many more. Paying for RBLs
are there that don't add Received: headers?
Hopefully none.
There are already "direct-to-MX" subrules, and rules that use them in
combination with other signs:
http://ruleqa.spamassassin.org/?daterev=20130603-r1488897-n&rule=%2FDIRECT
Suggestions for likely combinations
On Mon, 3 Jun 2013, William Thackrey wrote:
Is there a setting somewhere in Spamassassin to restrict checks to headers
and ignore body content?
No. A couple of questions:
In the current ruleset there is an EMPTY_BODY rule. Is that hitting
consistently?
What is your MTA, and how is SA glued
Hi,
>> Do you not like connection-oriented RBLs? That client IP address is in
>> both cbl.abuseat.org & pbl.spamhaus.org lists as an infected client.
>
> We run an anti-spam service for about 100K users and sell appliances
> that filter for many more. Paying for RBLs is not cost-effective at
> th
On 2013-06-03 14:02, David B Funk wrote:
On Mon, 3 Jun 2013, David F. Skoll wrote:
On Mon, 3 Jun 2013 14:28:36 +0200
Matus UHLAR - fantomas wrote:
you should look at Received: headers to see who passed the mail to
you and complain to abuse@ there. If the mail came from nacha.org, the
ab...@n
On Mon, 3 Jun 2013, David F. Skoll wrote:
On Mon, 3 Jun 2013 14:28:36 +0200
Matus UHLAR - fantomas wrote:
you should look at Received: headers to see who passed the mail to
you and complain to abuse@ there. If the mail came from nacha.org, the
ab...@nacha.org is the right place to send compla
On Mon, 3 Jun 2013 14:34:30 -0500 (CDT)
David B Funk wrote:
> Do you not like connection-oriented RBLs? That client IP address is in
> both cbl.abuseat.org & pbl.spamhaus.org lists as an infected client.
We run an anti-spam service for about 100K users and sell appliances
that filter for many mo
On Mon, 3 Jun 2013, David F. Skoll wrote:
On Mon, 3 Jun 2013 16:11:28 +0200
Matus UHLAR - fantomas wrote:
I believe you are able to track network admins of connecting IPs. Or,
simply check theis rDNS (forward-confirmed) and contact
abuse@delegated.domain...
Well yeah, but in the example I
We're running Spamassassin 3.3.2 (Perl 5.10.1) on Scientific Linux 6.2
(BlueOnyx 5108R).
In trying to fine tune our configuration, I note that the header rules are
working as expected. I'm seeing hits on myriad structure and header
related rules like: URIBL_BLACK, FROM_12LTRDOM, RDNS_NONE, FAKE_R
The default rule scores are generated with an assumed threshold of 5
and a target of 1 false positive in 2,500 non-spams. It sounds like you
may be substantially increasing the false positive rate. Which you are
certainly entitled to do, but I would not recommend.
http://wiki.apache.org/spamassa
Hello.
I am not a major admin. I have used a Linux box w/ Sendmail + Spamassassin off
and on for years, just for personal and small-biz email. I have only two dozen
or so accounts allocated among three domains.
Using third-party email service for many years, which supposedly includes Spam
fi
On Mon, 3 Jun 2013 16:11:28 +0200
Matus UHLAR - fantomas wrote:
> I believe you are able to track network admins of connecting IPs. Or,
> simply check theis rDNS (forward-confirmed) and contact
> abuse@delegated.domain...
Well yeah, but in the example I posted the machine 77.30.72.215 is a
Wind
On Mon, 3 Jun 2013 14:28:36 +0200
Matus UHLAR - fantomas wrote:
you should look at Received: headers to see who passed the mail to
you and complain to abuse@ there. If the mail came from nacha.org, the
ab...@nacha.org is the right place to send complaints..
On 03.06.13 08:52, David F. Skoll w
On Mon, 03 Jun 2013 15:08:55 +0200
Benny Pedersen wrote:
[DFS says no Received: headers]
> and your own mta will not add one ? :)
My MTA will add a header if I let it relay the mail. These messages
were intercepted and stopped as they came in, so I see whatever
headers they had *at the time th
David F. Skoll skrev den 2013-06-03 14:52:
There were no Received: headers in my samples. They were directly
injected
by compromised Windows boxes.
and your own mta will not add one ? :)
hmp!
--
senders that put my email into body content will deliver it to my own
trashcan, so if you like
On Mon, 3 Jun 2013 14:28:36 +0200
Matus UHLAR - fantomas wrote:
> you should look at Received: headers to see who passed the mail to
> you and complain to abuse@ there. If the mail came from nacha.org, the
> ab...@nacha.org is the right place to send complaints..
There were no Received: headers
On 06/03/2013 12:04 PM, Joe Acquisto-j4 wrote:
What's interesting to me is that nacha is the "standards" (my term)
association (www.nacha.org) for ach (the automated check clearing house)
which does such things as direct deposit and other transactions.
On 03.06.13 12:08, Axb wrote:
As they're a
>>> On 6/3/2013 at 6:08 AM, Axb wrote:
> On 06/03/2013 12:04 PM, Joe Acquisto-j4 wrote:
> On 6/2/2013 at 12:30 PM, Wolfgang Zeikat wrote:
>>> In an older episode, on 2013-06-02 16:16, David F. Skoll wrote:
>>>
3) Envelope sender is in the nacha.org domain
>>>
>>> 2 days ago, we received
On 06/03/2013 12:04 PM, Joe Acquisto-j4 wrote:
On 6/2/2013 at 12:30 PM, Wolfgang Zeikat wrote:
In an older episode, on 2013-06-02 16:16, David F. Skoll wrote:
3) Envelope sender is in the nacha.org domain
2 days ago, we received hundreds of mails with that envelope sender
domain containing
>>> On 6/2/2013 at 12:30 PM, Wolfgang Zeikat wrote:
> In an older episode, on 2013-06-02 16:16, David F. Skoll wrote:
>
>> 3) Envelope sender is in the nacha.org domain
>
> 2 days ago, we received hundreds of mails with that envelope sender
> domain containing malware like
> Case_05312013_28192
20 matches
Mail list logo