filtering? (short of writing my own custom module).
I've got my own local RBL that I use for spamvertizing DNS names but the default
SA processing doesn't seem to 'see' those imbedded names.
Dave
--
Dave Funk University of Iowa
College of
y the "discourages use of" message. Also, I noticed
Spamassassin 3.4.6 is being used. Would Spamassassin 4.0 have done a better
job at processing these headers?
Thanks!
Tom
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FA
(UTC)
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYZPR04MB790
--
For SpamAssassin Users List
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol
rs, the Bayes parser knows to
ignore such data.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include
documentation for confFROM_HEADER is a somewhat cryptic:
https://www.sendmail.org/~ca/email/doc8.12/cf/m4/tweaking_config.html#confFROM_HEADER
I'd rather it say instead, or reject it entirely.
Thanks,
Kirk
--
Dave Funk University of Iowa
College of Engine
SIGNED=0.1, DKIM_INVALID=0.1
So eventho you think 'passed DKIM' SA clearly does NOT think it does. That
DKIM_INVALID will prevent the whitelist_auth from firing, thus you need to
investigate what's going wrong there.
--
Dave Funk Universit
ing messages to figure out the problem ?
Thanks
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
ew database should be too empty for SA to be willing to
use it.
So if you -are- getting Bayes scores then that indicates that SA is using some
database other than what you think it has.
Now start manually training more messages (spam & ham). When you hit the 200
count threashold Bayes score
iguration to run that milter
before the spamassassin 'glue' milter. Milter results are chained so any headers
explicitly added by one milter are passed on to succeeding milters.
If those headers are being generated by the MTA then it may not be possible for
milters to see the
'PayPaI' to try to fool people.
I've also seen attempts using European character sets with letters that look
like O or e to fake common domain names.
I've hand coded rules to check for this stuff when frequently abused but I don't
know of a programmatic algorithm to do it a
this an issue with the DecodeShortURLs plugin or with SA?
Where would I find the most recent version of DecodeShortURLs plugin?
Thanks,
Dave
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S
header data and match if there's none
of Subject, From, To, Reply-To entries.
IE a really malformed message.
Dave
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103
o do it just for your own messages then some kind of custom
delivery filter (EG procmail) would be the way to go.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postm
secretadultnightclub.page.link but not
just page.link
Think of it like you would link shortner URLs (EG bit.ly).
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin
In SA 3.4.1 the host value of From:addr was automagically added to the URIHOSTS
list and thus exposed to URIBL lookups.
SA 3.4.6 does not do that. Is there a configuration option to reactivate that
feature?
Thanks,
Dave
--
Dave Funk University of Iowa
ter -i 127.0.0.1 -4"
Add the option "-D 127.0.0.1" in that spamass-milter OPTIONS.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell
md"
IE the '--helper-home-dir' option needs an '=' with no spaces, or use the -H
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell
but meta
with other things such as Bayes to jack up the score.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242
8.1.30]" is the representation of IPv4: 193.168.1.30
which is a Public IP address, thus that 'hit' is in error.
This should be considered a parsing bug.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Se
ains: value: avg.com
So why is SA 3.4.6 much less sensitive about picking up hosts in URLs?
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
spamass-milter
specifically because of this issue.
Writing a milter that directly talks the spamd protocol via a socket (local or
network) is more work but safer and more efficient.
(been there, done that, got the code to prove it).
--
Dave Funk University of Iowa
Henrik K wrote:
How about upgrading to latest 3.4.6?
This release includes fixes for the following:
- Fixed URIDNSBL not triggering meta rules
On Mon, Jul 19, 2021 at 01:42:51AM -0500, Dave Funk wrote:
I recently updated from SA 3.4.1 to 3.4.5 and noticed that a number of my
"meta" rul
massassin -D" does not give any clues what's going
wrong.
Any suggestions about how to debug this?
Thanks,
Dave
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capito
quot; plugin with extra
rules and heuristics/algorithms enabled.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
0
Jun 26 09:26 spamass.sock
>
> or
>
> srw-rw 1 spamass-milter spamass-milter 0 Jun 26 09:26
spamass.sock
>
>/etc/group
> spamass-milter:x:128:postfix
>
> thanks for any help
--
Dave Funk
bly better to use a whole different tool that comes with that kind of
capability built-in (EG ClamAV).
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cel
mework
to take what ever kinds of actions you want based on what components 'fired'.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin
As the header would have at least 6 characters but less than 150 I then tried:
header L_MY_HEADER X-My-Header =~ /^.{5,200}/
Which would fire only once, even if there were 5 or more instances of the
header.
What am I doing wrong? How should I craft a rule to count the number of
instances of that h
:
ls -la /var/spamassassin/bayesdb/bayes*
(taken from the bayes_path parameter) should get you what you want.
even better:
ls -la /var/spamassassin/bayesdb/
(to see if there's any leftover lock files in that directory)
--
Dave Funk University of Iowa
Co
me special status/command that spamd returns to the milter for this
kind of modification? If so the milters may need to be recoded to implement it.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Cen
egardless of how high the SA score is. (needed for "postmaster"
messages).
What version of sendmail are you using?
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_
s if the tests are still run, and it's just the score is
artificially offset based on which setting is used.
I'm wanting to not run RBL tests for the specific recipient email address.
--
Grant. . . .
unix || die
--
Dave Funk University of Io
in "clamav.pm"
#
full L_CLAMAV eval:check_clamav()
describe L_CLAMAV Clam AntiVirus detected a virus
score L_CLAMAV 5
#
header T__MY_CLAMAV X-Spam-Virus =~ /Yes/i
header T__MY_CLAMAV_SANE X-Spam-Virus =~ /Yes.{1,50}Sanesecurity/i
#
--
Dave Funk
er in other rules to add points for
various kinds of things detected or "meta"ed with other rules.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Post
e creator of a given
signature is.
There's nothing to prevent each system in the SMTP hand-off chain from adding
their own signature, provided they do nothing to invalidate earlier signatures.
More than two is unusual/overkill, but it's not uncommon to see two.
--
Dave Funk
m rule if
they don't like how that particular rule works.
See:
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WhereDoLocalSettingsGo
Once all the rules are read and parsed spamassassin has an internal order to how
specific rules get run.
--
Dave Funk Univ
the letter G brought to you by Oscar the grouch.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include
Better
write/update the data file, no
need to restart spamd) and could create a custom scoring value based on the DNS
data (EG 127.0.0.2 for really 'good' TLDs, 127.0.0.4 for 'so-so' and 127.0.0.8
for truely spammy names).
--
Dave Funk University of
y of users' mail to O-365 so
this is a battle I'm fighting now).
Bottom line, in this brave new world address based auth(n/z) decisions are
going to be increasingly problematic and an increasing reliance on things
such as digital signatures.
Dave
--
Dave Funk
g for trouble.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
pient & creator).
And then there's the case where somebody forwards to you a reply that they
got so you get a message "Re: blah de blah (fwd)"
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-05
otentially with the "want recursion" bit set) and then doing the work of
chasing down all the different stake-holders necessary to answer the
question (performing the recursive query)
VS handing the query off to a 3'rd party and letting them do the
dicators) but the
other components of that message (such as that '.vn.local' message ID)
would be learned as spam signs.
This is why you MUST also train your Bayes with HAM messages (and train
them with the --ham flag) so Bayes knows how to recognise 'hammy' or
'neutral&#x
RBLs here, including some that I use at the SMTP level to
out-right block incoming traffic (such as cbl.abuseat.org , Spamhaus PBL,
SBL).
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
ch.
I once wrote a rule to detect such obfuscation but it had too many FPs.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 5
B_PLL __B_PLL
describe B_PLL Body: Paragraph Length Limit
score B_PLL 1.0
I would be most grateful if you could spot the but in the above rule.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384
0000111
001
So it works.
It's a single data byte but since the display field is a two byte
object, where within that two byte object does that single byte show up?
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384
in my generation of the
RFC 2822. I did not change it as
spamassassin did not assign a score.
2) I have set a threshold of -10 to see how spamassassin assigns a score for every mail.
On Mon, May 30, 2016 at 8:25 PM, Dave Funk wrote:
That message is either a fabrication or something f
le relay lines
2.0 XPRIO Has X-Priority header
Notice that none of the other body tags are triggered.
Thanks,
Shivram
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_ad
he hard way by doing mime-checks on webservers
+1 for this, similar experience here.
I've seen "application/octet-stream" typing on ".htm" components of mail
messages created by major brand e-mail clients. The lazy authors assume
that the correct file ex
.
Look up enlist_uri_host in your SA Conf documentation.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is
a Bayes that is mostly fed via auto-learning. I occasionally
hand feed corner cases that get mis-classified (usually things like phishes, or
conference announcments that can look shakey).
--
Dave Funk University of Iowa
College of Engineering
319/335-5751
e 132983 hits on the combo of DKIM_SIGNED MAILTO_LINK
RDNS_DYNAMIC
but only 59189 hits on DKIM_SIGNED by itself?
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/ce
they'll never even see it
to try pounding on it.
To provide fault tolerance, you can set up rbldnsd's on multiple
machines and put multiple addresses in that 'forwarders' stanza.
You will need to put that zone definition in your primary bind and
each secondary.
--
Dave Funk
VICTIM
describe CT_GOD_BENEFICIARY God and Beneficiary
score CT_GOD_BENEFICIARY 4
meta CT_GOD_BEGGER__CT_GOD && __CT_BEGGER
describe CT_GOD_BEGGERBegging in Religious Language
score CT_GOD_BEGGER3
--
Dave Funk
m.eml"
Then:
if (spamc -c < spam.eml ) ; then
echo "is ham"
else
echo "is spam"
fi
will execute the 'echo "is spam"' clause
and if you feed it the ham.eml will execute the 'echo "is ham"'
?
The '*' repeat operator is "zero or more" instances.
So that pattern degenerates to // which will match everything.
Guaranteed FP generator.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549
to distinguish them for debugging. And then when things
don't work as expected (EG: FPs) it helps to determine if the problem is
self-inflicted.
Final note; now that we've discussed this spam sign, it will probably
become useless as spammers follow this list and mutate their crap
accordi
hat's 271 times faster than root-servers's lookup.
did you EMPTY cache after each query?
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin
tings.
You might argue about the clarity, but the info is there.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
As others have alluded to, forwarding opens up a while can-of-worms
but forwarding to gmail is the most problematic.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster
s built with non-standard internal settings.
Invoke spamassassin with the "--lint -D" flags and it will tell you which
config files it's using. The 'local' variants of the config files that it
says it's reading are the ones you want to modify.
For the last method you&#
d some kind of business logic that sets the compatibility
matrix at the beginning of a session and 452's any recipient that
isn't compatible.
Note that Gmail is already doing something like this (the "multiple
destinations not supported in one transaction" status).
--
Dave Funk
ied headers and doesn't mess with the body.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better
ur report
to see if things are working as expected.
Note that a DNS fubar (even temporary) will break whitelist_from_rcvd.
Also if the sender changes MSP, it will break thus is a maintanance
head-ache.
I see that message has a valid DKIM signature, why not use
whitelist_auth. Same goodness with l
re running spamassasin:
$ sudo -u debian-spamd sa-learn --dump magic
and see what you get.
Other possibility is that sa-learn is looking at a different bayes
database. Try running that "sa-learn --dump magic" with the "-D" option
to see what bayes database it's looking at
uft inside them.
Are you saying that doesn't work or are you saying that the malware is
mutating fast enough that the ClamAV signatures aren't keeping up with it?
If the latter case, is there -any- AV kit that is?
Are the Sanesecurity add-in ClamAV signatur
|wll|wpc|wsc|wsf|wsh))(?:\?=)?"?\s*(;|$)/x
REJECT Attachment Blocked (Executables And RAR-Files Not Allowed) "$1"
(.rar because ClamAV can't scan the content on Fedora)
Is that a politically inspired limitation? If you build ClamAV from source
it can scan RAR.
--
Dave Funk
=~
/^(\)$/i
score CUST_MANY_SPAM_TO -4.0
describe CUST_MANY_SPAM_TO Custom Scoring
Umm, SA is written in Perl, not PHP. So you should look at Perl
regex documentation, not PHP docs.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751
ence but those are things that I've done
here to help improve deliverability.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA
ve got the smartest, best educated users who will never make
that mistake and a totally perfect spam filtering system that never has a
FN there are other people/systems in the world which may be on that
"shotgun" spam recpient list which may be less than perfect.
--
Dave Funk
're currently going with a pretty simple
HTML comment. Is that too obvious? Should we put it into a CSS invisible
div as well? Any other ideas?
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 S
ing a "bad hair day" this morning. I saw a number of
FP hits on DOB for stuff that hadn't changed in years (EG amtrak.com ).
It looks better now.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549
have been plenty of posts to this list about URIBL_BLOCKED and how
to fix it.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242
add a similar comment about ".link" URLs inside the
message. Last week I created a uri rule to fire on any ".link" hosted URL
and so far havn't seen a single FP.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FA
ng spam
characteristics can cause them to adapt their tactics.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
t;
There were a couple of possible solutions discussed, including new
features added to the latest version (trunk) of spamassassin.
I took one of them (new functions in MIMEEval) back-ported it to my SA
kit and it has been hitting pretty regularly on that kind of spam.
sbl checks for auth'ed mail submissions.
You could whitelist your client IP address in your 'access' file but
what happens when that address changes? (I assume your ISP gives you
a DHCP address).
--
Dave Funk University of Iowa
College of
rning at a site with ~3000 users
and have had to flush & restart our Bayes database twice in 10 years.
Dave
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin
ay, could be in some kind of
memory resident set of tables, or something else???).
So you have a multi-dimensional matrix WRT your Bayes system
configuration, and manual VS auto learning is just one factor.
It's been this way for the past 10+ years AFAIK (well, maybe 10 years
resence of those headers aren't definitive
spam signs but I was hoping to combine that info with other clues to
create meta rules. However cannot test out this hypothesis with out the
ability to detect those headers.
--
Dave Funk University of Iowa
l.org" what do you expect? That's
truth in advertising. It's 'invalid', as a matter of fact all of those
addresses aren't usable, they're either RFC-1918 or multicast/local-scope.
So none of those are valid for remote queries.
Do NOT use rhsbl
t be used at all but
just with care.
So if you see that warning about uncompileable rules, take a second look
at those specific rules.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_ad
ncation feature in the milter so no need to
modify the MTA nor spamd.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#i
won't fire at all because it's missing some
necessary component and thus that rule will be effectively disabled but the
whole SA engine should still run.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549
ncluded in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4901]
0.8 RDNS_NONE Delivered to internal network by a host with no
rDNS
X-SA-Exim-Connect-IP: x.x.x.x
X-SA-Exim-Mail-From: xxx
X-SA-Exim-Scanned: No (on ); SAEximRunCond expa
e SPF or DKIM, create a whitelist_auth entry for them
then either black list them or create rules to hit on any sign of the
comnpany's messages. The whitelist_auth will override any rules so real
messages will get thru and the blacklist/targeted rules will hit the
the MiB who snoop all incoming & outgoing
emails (would perplex the c**p outta them, they'd assue he was
up to something ;).
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
to hostmas...@ngdc.net and ask them to fix that.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is
rdin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
WSJ on the Fi
File system permissions issues? Are the new rules files readable by the
"exim" user?
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin
100) to make them balance out each other.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
("/nonexistent/") it's something that you need
to explicitly create and change your configuration to point to.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/P
ack) but
it still simplifies configuration. (allow all queries on lo0 and
selected queries on eth*).
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa
A scanner machine (are you
running a local caching DNS server? Are you using some explicit DNS
forwarder? Does your ISP do anything special with DNS queries? ...
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549
was about 6-7 times as fast on random reads as Berkeley DB.
If CDB is read-only, how do you store the a-time values on lookups so you
know which tokens aren't being used to facilitate expiry?
--
Dave Funk University of Iowa
College of Engineering
31
Donesh,
Thanks for your prompt response.
Do you just want the domain names or do you also want copies of the spam?
Dave
On Sun, 5 May 2013, doneshlaher wrote:
Hello Dave Funk,
Thank you for providing us with the list of domain names. We are acting on
them and will be taken down within 24/48
e.pw
specialzland.pw
specialztoday.pw
successtopdeals.pw
superbtopdeals.pw
supertopdeals.pw
usdirects1.pw
vision-virtualhosting12.pw
vision-virtualhosting14.pw
visionsvirtualwebhost2.pw
zbidnow.pw
avanheertyu.pw
getsuperiordeal.pw
sleeplessdaysnow.pw
gwampuer.pw
treelendnews.pw
getmatchedn
ty L_UI_PHISHs
#
meta MY_CLAMAV_SANE (L_CLAMAV && T__MY_CLAMAV_SANE)
meta MY_CLAMAV_MSRBL (L_CLAMAV && T__MY_CLAMAV_MSRBL)
[snip..]
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549
it to copy your IMAP spam/ham folders to local (on your SA server)
'mbox' format folders and then learn from them.
Dave
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Po
1 - 100 of 156 matches
Mail list logo
