Am 20.05.2016 um 08:31 schrieb Emin Akbulut:
I tried to train SA with tons of spam messages which contains zip file
(includes .js)
The max spam score was lesser than 5 so I did set 4 to delete messsages.
Then same kind of spam messages appear with the score of lesser than 2.
In short; trainin
Am 20.05.2016 um 10:32 schrieb Reindl Harald:
Am 20.05.2016 um 08:31 schrieb Emin Akbulut:
I tried to train SA with tons of spam messages which contains zip file
(includes .js)
The max spam score was lesser than 5 so I did set 4 to delete messsages.
Then same kind of spam messages appear with
On May 20, 2016, at 2:46 AM, Reindl Harald wrote:
> postscreen_dnsbl_action = enforce
> postscreen_greet_action = enforce
[long list]
What do you set postscreen_dnsbl_threshold to?
--
"Give a man a fire and he's warm for a day, but set fire to him an he's
warm for the rest of his life."
Am 20.05.2016 um 11:40 schrieb @lbutlr:
On May 20, 2016, at 2:46 AM, Reindl Harald wrote:
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
[long list]
What do you set postscreen_dnsbl_threshold to?
8
signature.asc
Description: OpenPGP digital signature
On Fri, 20 May 2016 09:31:48 +0300
Emin Akbulut wrote:
> What do you suggest to fight these spams?
ClamAV is basically useless.
We do it the hard way. We list the contents of attached archives
(using "lsar") and have filename-extension rules that block .js
inside .zip files. While this can le
Am 20.05.2016 um 13:07 schrieb Dianne Skoll:
On Fri, 20 May 2016 09:31:48 +0300
Emin Akbulut wrote:
What do you suggest to fight these spams?
ClamAV is basically useless
no it is not, look at the sanesecurity foxhole signatures
http://sanesecurity.com/usage/signatures/
signature.asc
I hitched a ride in this thread and I appreciate the tip of the foxhole
and clamav!
I was also having problems here! solved now.
On 20-05-2016 09:11, Reindl Harald wrote:
Am 20.05.2016 um 13:07 schrieb Dianne Skoll:
On Fri, 20 May 2016 09:31:48 +0300
Emin Akbulut wrote:
What do you sugges
Emin Akbulut wrote:
> I tried to train SA with tons of spam messages which contains zip file
> (includes .js)
> The max spam score was lesser than 5 so I did set 4 to delete messsages.
>
> Then same kind of spam messages appear with the score of lesser than 2.
>
> In short; training the SA seems
Am 20.05.2016 um 16:20 schrieb Kris Deugau:
Emin Akbulut wrote:
I tried to train SA with tons of spam messages which contains zip file
(includes .js)
The max spam score was lesser than 5 so I did set 4 to delete messsages.
Then same kind of spam messages appear with the score of lesser than 2
Second, the foxhole_js database is what you're looking for
Paul
On 20/05/16 13:11, Reindl Harald wrote:
Am 20.05.2016 um 13:07 schrieb Dianne Skoll:
On Fri, 20 May 2016 09:31:48 +0300
Emin Akbulut wrote:
What do you suggest to fight these spams?
ClamAV is basically useless
no it is no
On 2016-05-20 10:36 AM, Paul Stead wrote:
Second, the foxhole_js database is what you're looking for
Paul
On 20/05/16 13:11, Reindl Harald wrote:
Am 20.05.2016 um 13:07 schrieb Dianne Skoll:
On Fri, 20 May 2016 09:31:48 +0300
Emin Akbulut wrote:
What do you suggest to fight these spams?
Am 20.05.2016 um 16:50 schrieb Rick Macdougall:
On 2016-05-20 10:36 AM, Paul Stead wrote:
Second, the foxhole_js database is what you're looking for
Paul
On 20/05/16 13:11, Reindl Harald wrote:
Am 20.05.2016 um 13:07 schrieb Dianne Skoll:
On Fri, 20 May 2016 09:31:48 +0300
Emin Akbulut
>From: Dianne Skoll
>Sent: Friday, May 20, 2016 6:07 AM
>To: users@spamassassin.apache.org
>Subject: Re: SA cannot block messages with attached zip
>On Fri, 20 May 2016 09:31:48 +0300
>Emin Akbulut wrote:
>> What do you suggest to fight these spams?
>ClamAV is basically useless.
ClamAV helps
On Fri, 20 May 2016 15:00:55 +
David Jones wrote:
> >From: Dianne Skoll
> >ClamAV is basically useless.
> ClamAV helps a little with the unofficial sigatures.
The operative word here is "a little".
I find that the unofficial signatures that are good at actually catching
bad stuff have extr
On 2016-05-20 11:00 AM, Reindl Harald wrote:
Am 20.05.2016 um 16:50 schrieb Rick Macdougall:
On 2016-05-20 10:36 AM, Paul Stead wrote:
Second, the foxhole_js database is what you're looking for
Paul
On 20/05/16 13:11, Reindl Harald wrote:
Am 20.05.2016 um 13:07 schrieb Dianne Skoll:
On
Am 20.05.2016 um 17:11 schrieb Rick Macdougall:
On 2016-05-20 11:00 AM, Reindl Harald wrote:
Am 20.05.2016 um 16:50 schrieb Rick Macdougall:
On 2016-05-20 10:36 AM, Paul Stead wrote:
Second, the foxhole_js database is what you're looking for
Paul
On 20/05/16 13:11, Reindl Harald wrote:
Thanks Andreas! :)
Wednesday am, after re-checking that the specific spam URL was
still forwarding to the spam payload destination, I emailed that
role account... and to my (VERY pleasant) shock, received an
auto-reply which did NOT direct me to an unuseable web form
(i.e. the Google model of prev
At 04:07 AM 5/20/2016, RoaringPenguin wrote:
>filename-extension rules that block .js
>inside .zip files.
+1
We also block these scripting related Windows extensions:
.hta
.jse
.vbs
.wsf
Those were originally "pre-emptive", however I've now seen
both ".hta" and ".
Am 20.05.2016 um 17:29 schrieb Chip M.:
P.S. As of about 1700 UTC yesterday, I'm seeing significant
volume of zipped macro-encrusted "doc" files
/etc/clamd.d/scan.conf:
ScanOLE2 yes
OLE2BlockMacros yes
signature.asc
Description: OpenPGP digital signature
+1
Yesterday, 6% of our mail flow was rejected by Foxhole.Zip family.
They are #1 on our list about 50% of the time for weeks now.
I got a commendation last week for prevention work, so rare in email adminning.
Security team would be swimming in overtime if it weren't for
foxhole_js in particula
Hi,
Is it necessary to use the Envelope-From address when whitelisting
with whitelist_from_spf? The docs are unclear as to whether I can just
use the regular From address, which would be easier for me.
Apparently using the regular From address appears to not be
considered, however. Perhaps I shou
Am 20.05.2016 um 19:03 schrieb Alex:
Is it necessary to use the Envelope-From address when whitelisting
with whitelist_from_spf? The docs are unclear as to whether I can just
use the regular From address, which would be easier for me
SPF is by definition only about envelopes
however, just use
SPF is only about envelopes?
Unless you are Microsoft, who check against the From in the header.
From: Reindl Harald
Sent: Friday, May 20, 2016 10:23:45 AM
To: users@spamassassin.apache.org
Subject: Re: Whitelisting and Expedia/Orbitz
Am 20.05.2016 um 19
Sender-ID is not SPF
On 20. maj 2016 19.28.11 Vincent Fox wrote:
SPF is only about envelopes?
Unless you are Microsoft, who check against the From in the header.
From: Reindl Harald
Sent: Friday, May 20, 2016 10:23:45 AM
To: users@spamassassin.apach
On Fri, 20 May 2016, Dianne Skoll wrote:
On Fri, 20 May 2016 09:31:48 +0300
Emin Akbulut wrote:
What do you suggest to fight these spams?
ClamAV is basically useless.
We do it the hard way. We list the contents of attached archives
(using "lsar") and have filename-extension rules that blo
On 2016-05-20 19:03, Alex wrote:
Is it necessary to use the Envelope-From address when whitelisting
with whitelist_from_spf? The docs are unclear as to whether I can just
use the regular From address, which would be easier for me.
use opendkim for this test, and if you have Sender-ID on your o
Am 20.05.2016 um 19:25 schrieb Vincent Fox:
SPF is only about envelopes?
yes
Unless you are Microsoft, who check against the From in the header.
nonsense
you likely confuse DMARC with SPF
From: Reindl Harald
Sent: Friday, May 20, 2016 10:23:45
On Fri, 20 May 2016 17:47:09 -0500 (CDT)
David B Funk wrote:
> > We do it the hard way. We list the contents of attached archives
> > (using "lsar") and have filename-extension rules that block .js
> > inside .zip files. While this can lead to some FPs, which we handle
> > with selective whitel
clueless newbie troll
microsofts own attempt at SPF did allow checking in "from"
On Sat, May 21, 2016 at 2:50 AM, Reindl Harald
wrote:
>
>
> Am 20.05.2016 um 19:25 schrieb Vincent Fox:
>
>> SPF is only about envelopes?
>>
>
> yes
>
> Unless you are Microsoft, who check against the From in the h
29 matches
Mail list logo
