header MY_AUTH ALL =~ /\(authenticated
bits=\d+\)\s+by\s+myserver.mydomain.at/
On 31.01.14 16:58, Rainer Fügenstein wrote:
thanks. looks plausible, but doesn't work, unfortunately. I figured out
that rules matching the first line work, but rules for lines 2+ never
match, regardless of \n \s
Hi List,
recently, we're experiencing very high loads on our spamassassin-cluster.
What struck us in the search for a possible culprits were the recent
addition of the tests named
SINGLE_HEADER_\dK
All of which haver extremely low scores in our contect (nonet, nobayes).
From our point of view
On 02/06/2014 12:38 PM, Torge Husfeldt wrote:
Hi List,
recently, we're experiencing very high loads on our spamassassin-cluster.
What struck us in the search for a possible culprits were the recent
addition of the tests named
SINGLE_HEADER_\dK
All of which haver extremely low scores in our
On Thu, 6 Feb 2014, Matus UHLAR - fantomas wrote:
header MY_AUTH ALL =~ /\(authenticated
bits=\d+\)\s+by\s+myserver.mydomain.at/
On 31.01.14 16:58, Rainer Fügenstein wrote:
thanks. looks plausible, but doesn't work, unfortunately. I figured out
that rules matching the first line work, but
On 1/30/2014 6:37 PM, David B Funk wrote:
On Thu, 30 Jan 2014, Amir Caspi wrote:
On Jan 30, 2014, at 10:28 AM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
If you want to share the complete rule, I can throw it into my
sandbox and see what masscheck thinks as well.
The complete rule
On 2/6/2014 6:38 AM, Torge Husfeldt wrote:
recently, we're experiencing very high loads on our spamassassin-cluster.
What struck us in the search for a possible culprits were the recent
addition of the tests named
SINGLE_HEADER_\dK
All of which haver extremely low scores in our contect
I have 700,000 IP addresses of hackers trying to send email using stolen
authentication. Anyone interested?
http://ipadmin.junkemailfilter.com/auth-hack.txt
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
On Thu, 2014-02-06 at 14:41 -0800, Marc Perkel wrote:
I have 700,000 IP addresses
This is the second, no, third time I've seen this on this list in recent
times, amazing that someone who claims to be in anti-spam, spams an
anti-spam list, what do they say, three strikes and your out...
On 2/6/2014 6:59 PM, Noel Butler wrote:
spams an anti-spam list
so sharing/discussing data/intel about spammers on an anti-spam list...
is spamming? Really?
--
Rob McEwen
invaluement.com
On Thu, 2014-02-06 at 19:20 -0500, Rob McEwen wrote:
On 2/6/2014 6:59 PM, Noel Butler wrote:
spams an anti-spam list
so sharing/discussing data/intel about spammers on an anti-spam list...
is spamming? Really?
When you post the same thing almost weekly, yes, it is.
you only need ask
Err,
I have received automated emails from Mark's service multiple times about
compromised users.
He and his services are definitely white hat, and have helped us knock infected
users off line.
Not sure what your problem is.
Regards,
Rick
Sent from my iPad
On Feb 6, 2014, at 6:59 PM,
On 2/6/2014 8:17 PM, John Hardin wrote:
On Thu, 6 Feb 2014, Kevin A. McGrail wrote:
I've discussed it with Alex a bit but one of my next ideas for the
Rules QA process is the following:
- we measure and report on metrics for the rules that are promoted
such as rank (existing), computational
On Thu, 6 Feb 2014, Kevin A. McGrail wrote:
I've discussed it with Alex a bit but one of my next ideas for the Rules QA
process is the following:
- we measure and report on metrics for the rules that are promoted such as
rank (existing), computational expense, time spent on rule.
I assume
On 2/6/2014 8:51 PM, Daniel Staal wrote:
I would probably give the meta-rule no cost - add up the cost of the
components if you want it. (With the understanding that all no-cost
rules are meta rules.)
Meta rules are a scenario that has to be considered for sure. This is
good discussion and
On 2014-02-06 17:17, John Hardin wrote:
On Thu, 6 Feb 2014, Kevin A. McGrail wrote:
I've discussed it with Alex a bit but one of my next ideas for the
Rules QA process is the following:
- we measure and report on metrics for the rules that are promoted
such as rank (existing), computational
On 2/6/2014 8:32 PM, Dave Warren wrote:
On 2014-02-06 17:17, John Hardin wrote:
On Thu, 6 Feb 2014, Kevin A. McGrail wrote:
I've discussed it with Alex a bit but one of my next ideas for the
Rules QA process is the following:
- we measure and report on metrics for the rules that are
Don't know if you noticed but his email earlier today included a link to a txt
file with the list if IPs. Free. Just DL if you want. No sale, no money.
I don't see commercial pressure here when he gave it away already.
(I don't know the guy and don't plan to use the list, but just wanted to
--As of February 6, 2014 5:32:47 PM -0800, Dave Warren is alleged to have
said:
On 2014-02-06 17:17, John Hardin wrote:
On Thu, 6 Feb 2014, Kevin A. McGrail wrote:
I've discussed it with Alex a bit but one of my next ideas for the
Rules QA process is the following:
- we measure and report
On 07/02/2014 10:36, Rick Macdougall wrote:
Err,
I have received automated emails from Mark's service multiple times about
compromised users.
He and his services are definitely white hat, and have helped us knock
infected users off line.
Not sure what your problem is.
On Feb 6, 2014, at 18:04, Kevin A. McGrail kmcgr...@pccc.com wrote:
On 2/6/2014 8:32 PM, Dave Warren wrote:
On 2014-02-06 17:17, John Hardin wrote:
On Thu, 6 Feb 2014, Kevin A. McGrail wrote:
I've discussed it with Alex a bit but one of my next ideas for the Rules
QA process is the
On 2/6/2014 9:11 PM, Dave Warren wrote:
Without triple checking the code, my 99.9% belief is Rules are cached. Calling
them multiple times does not trigger a re-check.
I believe so too, which is why this matters. If they were re-evaluated, you
could just sum up a meta rule and not care.
On 2014-02-06 19:30, Noel Butler wrote:
so, how about EVERYONE with list of IP's who try compromise or abuse
systems, start offering them for sale on here, then lets see what you
think.
Maybe you were reading a different mailing list than I am, but the
message I received didn't have any
On 02/07/2014 03:04 AM, Kevin A. McGrail wrote:
On 2/6/2014 8:32 PM, Dave Warren wrote:
On 2014-02-06 17:17, John Hardin wrote:
On Thu, 6 Feb 2014, Kevin A. McGrail wrote:
I've discussed it with Alex a bit but one of my next ideas for the
Rules QA process is the following:
- we measure and
Hi,
I was considering, instead of plainly dropping the phishing emails, why
not deceiving it: having automatic replys with invalid informations.
I guess that people who launch phishing campaings get few answers, but
the answers they get are correct, the username and password match. What
would
On 02/07/2014 07:30 AM, Olivier Nicole wrote:
Hi,
I was considering, instead of plainly dropping the phishing emails, why
not deceiving it: having automatic replys with invalid informations.
I guess that people who launch phishing campaings get few answers, but
the answers they get are
25 matches
Mail list logo