I am sure this is doable and did some searching but couldn't find it
referenced. How would one create a rule to detect the presence of the To:
local part in the subject, ie spammer sends email To: localp...@domain.com and
the rule triggers on the localpart being present in other headers such
On 10/27/2014 12:49 PM, John Traweek CCNA, Sec+ wrote:
I am sure this is doable and did some searching but couldn't find it
referenced. How would one create a rule to detect the presence of
the To: local part in the subject, ie spammer sends email To:
localp...@domain.com and the rule triggers
Am 27.10.2014 um 12:49 schrieb John Traweek CCNA, Sec+:
I am sure this is doable and did some searching but couldn't find it
referenced. How would one create a rule to detect the presence of the To:
local part in the subject, ie spammer sends email To: localp...@domain.com and
the rule
On 10/26/2014 6:04 PM, Thomas Preißler wrote:
I use SpamAssassin version 3.4.0 from wheezy-backports. Unfortunately,
I get the following line sometimes in mail.log:
warn: spf: lookup failed: addr is not a string at
/usr/share/perl5/IO/Socket/IP.pm line 646.
Attached you'll find a mail.eml
On 10/27/2014 12:22 PM, Thomas Preißler wrote:
I've attached two files which contain the output of spamassassin -D.
- ok.log shows the output when using 8.8.8.8
- failed.log shows the output when using 156.154.70.1
I tried unbound as a local DNS resolver, but it produces the spf
lookup
Hey KAM,
On Oct 27, 2014, at 5:34 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
Using SA really requires a local caching naming server. This fixes more
than a handful of problems. Switch to that and see if your issue is
resolved.
Already tried that. When using unbound as a
Noticed this in the latest KAM updates - does anyone have a copy of this sub
rule?
Paul
--
Paul Stead
Systems Engineer
Zen Internet
On 10/27/2014 12:58 PM, Thomas Preißler wrote:
Hey KAM,
On Oct 27, 2014, at 5:34 PM, Kevin A. McGrail kmcgr...@pccc.com wrote:
Using SA really requires a local caching naming server. This fixes more
than a handful of problems. Switch to that and see if your issue is
resolved.
Already tried
We got this from Kevin Miller kevin_mil...@ci.juneau.ak.us who posted
it to users@ on 15 May 2014.
We've made some tweaks since then and because it's not ours we are
hesitant to post it in KAM.cf, but here is what we are currently using:
# HTML BR
rawbody __CBJ_GiveMeABreak1 /(?:\/?br
On Fri, Sep 19, 2014 at 2:59 PM, John Hardin jhar...@impsec.org wrote:
On Fri, 19 Sep 2014, francis picabia wrote:
On Tue, Sep 16, 2014 at 5:27 PM, John Hardin jhar...@impsec.org wrote:
On Tue, 16 Sep 2014, francis picabia wrote:
Hello,
We just received the most authentic looking
David F. Skoll wrote:
Kevin A. McGrail wrote:
Procmail has some weird syntax
Procmail is also unmaintained abandonware, as far as I can tell.
That isn't really a fair assessment of procmail. It is like saying
that 'cp' is unmaintained abandonware. The original authors no longer
maintain
Thomas Preißler wrote:
Already tried that. When using unbound as a local caching nameserver
and 156.154.70.1 as the resolver, spamassassin produces the same error
message. The same happens when unbound accesses the root nameservers
directly and acts as a local resolver. But when unbound caches
Am 27.10.2014 um 20:00 schrieb Mark Martinec:
Thomas Preißler wrote:
Already tried that. When using unbound as a local caching nameserver
and 156.154.70.1 as the resolver, spamassassin produces the same error
message. The same happens when unbound accesses the root nameservers
directly and
You’re more than welcome to co-opt any rules I share if they’re of some value –
it’s pretty even odds that I either gleaned them from elsewhere and “seasoned
to suit” or had some help writing them from this group.
I’m curious however how they are being used in KAM.cf. Grepping the same, I
Am 27.10.2014 um 19:55 schrieb Bob Proulx:
David F. Skoll wrote:
Kevin A. McGrail wrote:
Procmail has some weird syntax
Procmail is also unmaintained abandonware, as far as I can tell.
That isn't really a fair assessment of procmail. It is like saying
that 'cp' is unmaintained
On 10/27/2014 3:20 PM, Kevin Miller wrote:
You’re more than welcome to co-opt any rules I share if they’re of
some value – it’s pretty even odds that I either gleaned them from
elsewhere and “seasoned to suit” or had some help writing them from
this group.
Thanks.
It seems the meta
A Chris Brandstetter
Linux/UNIX System Administrator
Nebraska Wesleyan University
⌘
signature.asc
Description: Message signed with OpenPGP using GPGMail
On 10/27/2014 3:52 PM, Chris Brandstetter wrote:
A Chris Brandstetter
Linux/UNIX System Administrator
Nebraska Wesleyan University
⌘
You should email users-unsubscr...@spamassassin.apache.org to unsubscribe.
Before you do though, where did you read that this was how to
unsubscribe from the
Am 27.10.2014 um 20:52 schrieb Chris Brandstetter:
here we go again
https://www.google.at/#q=spamassassin%20list%20unsubscribe
signature.asc
Description: OpenPGP digital signature
On Mon, 27 Oct 2014, francis picabia wrote:
uri URI_EXAMPLE_EXTRA m;^https?://(?:www\.)?example\.com[^/?];i
However another spoofed message was received today and the rule
did not capture it.
If I want to detect something in the form of:
random_server.example.com.junk
I need to wildcard
--As of October 27, 2014 8:29:52 PM +0100, Robert Schetterer is alleged to
have said:
by the way
http://www.exploit-db.com/exploits/34896/
always have a shellshock patched system these days with postfix/procmail
--As for the rest, it is mine.
Interesting. I dug a bit further out of
Am 27.10.2014 um 21:04 schrieb Daniel Staal:
--As of October 27, 2014 8:29:52 PM +0100, Robert Schetterer is alleged
to have said:
by the way
http://www.exploit-db.com/exploits/34896/
always have a shellshock patched system these days with postfix/procmail
--As for the rest, it is
I had assumed it was like most lists where a simple unsubscribe on the subject
or in the body would remove me (default settings for Majordomo list manager).
A Chris Brandstetter
Linux/UNIX System Administrator
Nebraska Wesleyan University
⌘
On Oct 27, 2014, at 2:54 PM, Joe Quinn jqu...@pccc.com
Am 27.10.2014 um 21:19 schrieb Chris Brandstetter:
I had assumed it was like most lists where a simple unsubscribe on the subject
or in the body would remove me (default settings for Majordomo list manager).
most lists?
which one?
any list on this earth has a unsubscribe header
and frankly *every* list has a welcome message while the list-software
only can send it, read is the job of the subscriber
leow a quote of the SA weclome messaage which even explicitly states *do
not* send unsubscribe to the list - besides that: what sense does it
make to send every of the
So...
How hard would it be to have the mailing list quarantine a message
whose subject consists solely of the word unsubscribe ?
Do we have the technology? :)
Regards,
David.
signature.asc
Description: PGP signature
Surely a system administrator, especially one for Linux/UNIX, would know to look
in the message headers for things hints if there are none lurking at the bottom
of the messages. That is where said system administrator would find things like
this:
list-unsubscribe:
On 10/27/2014 4:45 PM, David F. Skoll wrote:
So...
How hard would it be to have the mailing list quarantine a message
whose subject consists solely of the word unsubscribe ?
Do we have the technology? :)
Heh... Apparently more needed than I hoped. I'll have to ask the
foundation if they can
Do the pertinent we have more important things to do? I suspect yes. I'd
expect that the proper denizens for this list are not all that naive.
{^_^}
On 2014-10-27 13:45, David F. Skoll wrote:
So...
How hard would it be to have the mailing list quarantine a message
whose subject consists
On 10/27/2014 4:48 PM, Kevin A. McGrail wrote:
On 10/27/2014 4:45 PM, David F. Skoll wrote:
So...
How hard would it be to have the mailing list quarantine a message
whose subject consists solely of the word unsubscribe ?
Do we have the technology? :)
Heh... Apparently more needed than I
On Mon, 27 Oct 2014 13:52:31 -0700
jdow j...@earthlink.net wrote:
Do the pertinent we have more important things to do? I suspect
yes. I'd expect that the proper denizens for this list are not all
that naive.
I dunno. This happens a couple of times a month and spawns threads
5-10 messages
From Bugzilla
(https://lists.bugzilla.org/cgi-bin/mj_wwwusr?user=passw=list=GLOBALfunc=helpextra=unsubscribe)
:
The simplest way to remove your address from a mailing list is
to send the following command in the body of an e-mail message to
majord...@bugzilla.org:
unsubscribe LISTNAME
Replace
On Mon, 27 Oct 2014, Chris Brandstetter wrote:
From Bugzilla
(https://lists.bugzilla.org/cgi-bin/mj_wwwusr?user=passw=list=GLOBALfunc=helpextra=unsubscribe)
:
The simplest way to remove your address from a mailing list is
to send the following command in the body of an e-mail message to
Am 27.10.2014 um 22:27 schrieb Chris Brandstetter:
From Bugzilla
(https://lists.bugzilla.org/cgi-bin/mj_wwwusr?user=passw=list=GLOBALfunc=helpextra=unsubscribe)
:
The simplest way to remove your address from a mailing list is
to send the following command in the body of an e-mail message to
On Mon, 2014-10-27 at 17:00 -0400, Kevin A. McGrail wrote:
On 10/27/2014 4:48 PM, Kevin A. McGrail wrote:
On 10/27/2014 4:45 PM, David F. Skoll wrote:
How hard would it be to have the mailing list quarantine a message
whose subject consists solely of the word unsubscribe ?
Heh...
On Sun, 26 Oct 2014 13:28:12 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
That's an SA directive. It says if the message scores spammy,
prepend '[SPAM][JUNGLEVISION SPAM CHECK]' to the Subject header.
Ah. Missing some messages here.
It does appear that sa is the culprit but why it's
On Mon, 27 Oct 2014, jdebert wrote:
On Sun, 26 Oct 2014 13:28:12 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
That's an SA directive. It says if the message scores spammy,
prepend '[SPAM][JUNGLEVISION SPAM CHECK]' to the Subject header.
Ah. Missing some messages here.
It does appear
Chris, read that CAREFULLY. You send messages to this at
users@spamassassin.apache.org. The mailer is not Majordomo; but, the address for
sending email to various lists with majordomo is pretty much the same. Do,
please, note that listname@listserver_address is quite different from
Is ezmlm == majordomo? As I am saying he ought to take some time out, think, and
gather in some clues. If he is wise he'll treat it as a learning experience.
Only a few people manage to miss this misadventure with mailing lists at least
once in their lives. But when they sign it with system
On Mon, 27 Oct 2014, John Hardin wrote:
On Mon, 27 Oct 2014, jdebert wrote:
On Sun, 26 Oct 2014 13:28:12 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
That's an SA directive. It says if the message scores spammy,
prepend '[SPAM][JUNGLEVISION SPAM CHECK]' to the Subject header.
In the first email:
# The lock file ensures that only 1 spamassassin invocation happens
# at 1 time, to keep the load down.
#
:0fw: spamassassin.lock
* 40
| spamc -x
Kevin A. McGrail wrote:
geoff.spamassassin140903 wrote:
Kevin A. McGrail wrote:
Using procmail without MTA
On Mon, 27 Oct 2014, jdow wrote:
Is ezmlm == majordomo?
And I didn't catch that, either. :)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822
On Mon, 27 Oct 2014 17:00:11 -0400
Kevin A. McGrail kmcgr...@pccc.com wrote:
On 10/27/2014 4:48 PM, Kevin A. McGrail wrote:
On 10/27/2014 4:45 PM, David F. Skoll wrote:
So...
How hard would it be to have the mailing list quarantine a message
whose subject consists solely of the word
On Mon, 27 Oct 2014 15:45:03 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
On Mon, 27 Oct 2014, jdebert wrote:
It does appear that sa is the culprit but why it's doing it is not
evident. There's still not enough data. Perhaps turning up debugging
would be helpful?
The apparent
On Mon, 2014-10-27 at 19:44 -0700, jdebert wrote:
On Mon, 27 Oct 2014 17:00:11 -0400
Kevin A. McGrail kmcgr...@pccc.com wrote:
I've emailed infra with the following request:
...we have been getting consistent unsubscribe messages posted to
the entire users list which begs the
On Mon, 2014-10-27 at 20:19 -0700, jdebert wrote:
On Mon, 27 Oct 2014 15:45:03 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
The apparent culprit is a procmail rule that explicitly passes a
message through the mail system again. The message is being scanned
twice. If she can either
On October 27, 2014 9:45:17 PM David F. Skoll d...@roaringpenguin.com wrote:
Do we have the technology? :)
Or make rule score on unsubscribe with a score of 5, is it not what qpsmpd
scanner check for ? :)
But only hits if its sent to maillist, then owners have more time to keep
asf stable
On October 27, 2014 10:00:11 PM Kevin A. McGrail kmcgr...@pccc.com wrote:
header__KAM_SA_BLOCK_UNSUB1Subject =~ /unsubscribe/i
Unancored subject will keep list trafic low
48 matches
Mail list logo