>Hi Pedro, yes but I do not have the ability to share it but I've bcc'd someone
>who does to see if they can mail it to the list.
>Since the rule I made target effectively all of the mailsploit exploits and
>it's already public, it should be safe. But I don't know if he used domains
>he
On 12/8/2017 2:34 AM, Pedro David Marco wrote:
>The tests are not working because of aws send limits. Unlikely to work.
You are right Kevin... fool me..
is there any pastebin sample???
Hi Pedro, yes but I do not have the ability to share it but I've bcc'd
someone who does to see if they can
>The tests are not working because of aws send limits. Unlikely to work.
>Regards,
>KAM
You are right Kevin... fool me..
is there any pastebin sample???
PedroD
On 12/7/2017 7:02 PM, Giovanni Bechis wrote:
On 12/08/17 00:59, Kevin A. McGrail wrote:
On 12/7/2017 6:39 PM, Giovanni Bechis wrote:
unfortunately I cannot use KAM.cf out of the box because some scores are completely wrong
in my environment (working with strange tld, chinese people, medical
On 12/7/2017 1:45 PM, Zulma Pape wrote:
Anyone have any links or rss feeds to stay updated on ISPs latest
changes ?
Here's the Aol postmaster blog :http://postmaster-blog.aol.com/rss.xml
Looking for something similar or better !
The AOL Postmaster page has been reference level for a long
Hi,
Anyone have any links or rss feeds to stay updated on ISPs latest changes ?
Here's the Aol postmaster blog :http://postmaster-blog.aol.com/rss.xml
Looking for something similar or better !
On 12/08/17 00:59, Kevin A. McGrail wrote:
> On 12/7/2017 6:39 PM, Giovanni Bechis wrote:
>> unfortunately I cannot use KAM.cf out of the box because some scores are
>> completely wrong in my environment (working with strange tld, chinese
>> people, medical terms that are sometimes abused, ...),
On 12/7/2017 6:39 PM, Giovanni Bechis wrote:
unfortunately I cannot use KAM.cf out of the box because some scores are completely wrong
in my environment (working with strange tld, chinese people, medical terms that are
sometimes abused, ...), so I have to download the file every now and than
On 12/08/17 00:19, Kevin A. McGrail wrote:
> On 12/7/2017 4:20 PM, John Hardin wrote:
>>
>> I was more thinking about coverage for people who aren't using KAM.cf, but
>> your comment about needing enough examples in the masscheck corpus to
>> promote and score the rule is relevant - perhaps it
On Thu, 7 Dec 2017, Kevin A. McGrail wrote:
On 12/7/2017 4:20 PM, John Hardin wrote:
I was more thinking about coverage for people who aren't using KAM.cf, but
your comment about needing enough examples in the masscheck corpus to
promote and score the rule is relevant - perhaps it is
On 12/7/2017 4:20 PM, John Hardin wrote:
I was more thinking about coverage for people who aren't using KAM.cf,
but your comment about needing enough examples in the masscheck corpus
to promote and score the rule is relevant - perhaps it is important
enough to add as a base header rule,
On 12/7/2017 11:47 AM, John Hardin wrote:
Is that going into the base SA rules as well?
The SA rule prop system is not conducive to how my company works. The
delays are too long to publish rules. I support it in concept but as of
yet do not have an easiest lift to support it.
I need
On 12/7/2017 4:20 PM, John Hardin wrote:
I was more thinking about coverage for people who aren't using KAM.cf,
but your comment about needing enough examples in the masscheck corpus
to promote and score the rule is relevant - perhaps it is important
enough to add as a base header rule,
On Thu, 7 Dec 2017, Kevin A. McGrail wrote:
On 12/7/2017 11:47 AM, John Hardin wrote:
Is that going into the base SA rules as well?
The SA rule prop system is not conducive to how my company works. The delays
are too long to publish rules. I support it in concept but as of yet do not
I managed to run a test about an hour ago on my first try, so maybe
AWS upped his limit or demand has slowed down. Or maybe I just got
lucky...
YMMV
On Thu, 7 Dec 2017, Kevin A. McGrail wrote:
The tests are not working because of aws send limits. Unlikely to work.
Regards,
KAM
On December
The tests are not working because of aws send limits. Unlikely to work.
Regards,
KAM
On December 7, 2017 1:57:41 PM EST, Pedro David Marco
wrote:
>You can get tests here...
>https://www.mailsploit.com/index#demo
>
>---PedroD.
You can get tests here...
https://www.mailsploit.com/index#demo
---PedroD.
On Thu, 7 Dec 2017, Kevin A. McGrail wrote:
On 12/7/2017 9:31 AM, Alex wrote:
https://www.theregister.co.uk/2017/12/06/mailsploit_email_spoofing_bug/
Same issue and the rule I wrote yesterday effectively blocks all the
published issues. I'll make some nuance changes to make it broader
On Thu, 7 Dec 2017, Kevin A. McGrail wrote:
On 12/7/2017 10:37 AM, Nels Lindquist wrote:
What's the minimum version of SA required?
The warning is present on CentOS 7 with the latest repository version
of SA (3.4.0) installed.
3.4.1. It requires "registryboundaries" which was introduced
On 12/7/2017 10:37 AM, Nels Lindquist wrote:
What's the minimum version of SA required?
The warning is present on CentOS 7 with the latest repository version
of SA (3.4.0) installed.
3.4.1. It requires "registryboundaries" which was introduced in 3.4.1
as noted by AXB.
Regards,
KAM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2017/11/23 4:59 AM, Kevin A. McGrail wrote:
> AS = SA. Regards, KAM
>
> On November 23, 2017 6:57:46 AM EST, "Kevin A. McGrail"
> wrote:
>
> Upgrade AS and that should fix it. Happy Thanksgiving, KAM
>
> On
On Wed, 6 Dec 2017 18:03:00 -0800 (PST)
John Hardin wrote:
> On Wed, 6 Dec 2017, Alex wrote:
>
> > John wrote:
> >> It's TVD_SPACE_RATIO plus some exclusions of hits on hammy rules.
> >
> > My point was, does it make sense for this rule to apply to an email
> > with just an image
Hi,
>>> I shouldn't as your entry was:
>>>
>>> whitelist_from_rcvd *@pm.sprintpcs.com sprintpcs.com
>>>
>>> when the sprint addresses are on pm.sprint.com - i.e. without the 'pcs'.
>>
>>
>> My apologies; I typed this from memory. The whitelist entry is correct
>
>
> what about compose *one* mail
On 12/7/2017 9:31 AM, Alex wrote:
Hi,
Is this something we should be concerned with?
https://www.theregister.co.uk/2017/12/06/mailsploit_email_spoofing_bug/
There was a thread the other day regarding UTF and encoding, but I
don't think this is the same?
Same issue and the rule I wrote
Hi,
Is this something we should be concerned with?
https://www.theregister.co.uk/2017/12/06/mailsploit_email_spoofing_bug/
There was a thread the other day regarding UTF and encoding, but I
don't think this is the same?
Hi,
>> >> https://pastebin.com/cYtygBY9
>> >>
>> >> I've tried:
>> >>
>> >> whitelist_from_rcvd *@pm.sprintpcs.com sprintpcs.com
>> >>
>> >> Ideas greatly appreciated.
>> >
>> >
>> > Try to capture an example message as close to the version that gets
>> > fed to your SA as you can. (Your pastebin
On Wed, 6 Dec 2017 20:51:32 -0500
Alex wrote:
> Hi,
>
> >> What is TVD_SPACE_RATIO_MINFP? That appears to be a complex rule,
> >> but adds 2.5 points to a basic email with just an image attachment.
> >>
> >> https://pastebin.com/cYtygBY9
> >>
> >> I've tried:
> >>
> >> whitelist_from_rcvd
27 matches
Mail list logo