Re: Unsubscribe

2014-10-16 Thread Derek Harding
On 10/15/14, 10:09 AM, Reindl Harald wrote: and *why* do you NOT state that in your *first* message? That was my first message.

Re: Unsubscribe

2014-10-16 Thread Derek Harding
On 10/15/14, 11:35 AM, Dave Warren wrote: On 2014-10-15 10:16, Kevin A. McGrail wrote: I've looked into this and tested the process without issue. The only issue I've seen to date is someone who joined who did not know what email address they joined as and does not know how to read the email

Re: Unsubscribe

2014-10-16 Thread Derek Harding
On 10/16/2014 7:14 PM, Duane Hill wrote: Are you sending the unsubscribe request from an address subscribed? Yes

Re: Unsubscribe

2014-10-15 Thread Derek Harding
On 9/25/14, 2:00 PM, Reindl Harald wrote: irrelevant - every list has a welcome message and there is no logic in ask other members to unsubscribe yourself, one did also not ask them for subscribe https://www.google.at/search?q=spamassassin+mailing+list

Re: Return Path Safe whitelist UPDATE [was: Opt In Spam]

2009-07-17 Thread Derek Harding
LuKreme wrote: In my mailspool they are a spam indicator and I have them scored as such: score HABEAS_ACCREDITED_COI 1.0 score HABEAS_ACCREDITED_SOI 1.5 It's very simple, Habeas headers are a fairly strong indicator of spam in my mail spool. I search all the mail for habeas headers and it

Re: matching the notorius www+aa11-com like spam?

2009-07-15 Thread Derek Harding
Benny Pedersen wrote: On Thu, July 16, 2009 02:14, MrGibbage wrote: uribl did not hit on any of the real uri's in the message. Not sure why you think they would have been triggered by the www[dot]da39[dot]com though. SA wouldn't have sent them that URI to even check, would it? Or am I

Re: please help, getting hammered with snowshoe spam

2009-01-23 Thread Derek Harding
Dennis Hardy wrote: Hi, I'm getting hammered by snowshoe spam :-( Any thoughts/advice are appreciated :-) When this started happening to us the only solution I found was manual CIDR blocks. Yea I know very last millennium but I didn't find anything else to work with. Some particular

RE: adding score for email from noreply@

2008-09-04 Thread Derek Harding
On Wed, 2008-09-03 at 14:13 +1200, Michael Hutchinson wrote: Check out http://wiki.apache.org/spamassassin/WritingRules for writing custom rules. I learnt how to do it from that page, and then by looking at how everyone else makes rules (check out the ones that already come with Spamassassin -

Re: adding score for email from noreply@

2008-09-02 Thread Derek Harding
On Tue, 2008-08-26 at 14:31 -0500, Curtis LaMasters wrote: I'm having a pretty hard time with this one for some reason, mainly because I don't understand regex. I have a large number of emails that are getting past my spamassassin setup (Maia Mailguard 1.02a) as well as my Barracuda. I would

Re: [offtopic] Are 8-bit characters completely illegal in a raw message?

2008-03-31 Thread Derek Harding
On Mon, 2008-03-31 at 16:32 -0700, SM wrote: Hi Vitas, At 09:27 31-03-2008, [EMAIL PROTECTED] wrote: So, as I've found in RFC's all header fields in message should be encoded to 7-bit data. In addition my SMTP server does *not* support 8-bit MIME for incoming e-mail. The message body

Re: HABEAS_ACCREDITED_COI

2008-02-27 Thread Derek Harding
On Wed, 2008-02-27 at 08:21 +, Anthony Peacock wrote: For anyone interested here is the full email (well one of them)... http://www.chime.ucl.ac.uk/~rmhiajp/habeas-misfire.eml Looks to me as though someone has found a way to abuse ning.com's platform/systems. I suspect they'd be very

Re: URICountry not working - any clue?

2007-11-11 Thread Derek Harding
SpankTheSpam wrote: but the message sent from polish servers gets NO additional scoring because of that rule. I can see URICountry in spamassassin -D -t testmessage: URICountry doesn't score based on country of origin (that's RelayCountry). URICountry scores based on the country in which

Re: Top spam hosters, how to decline email mentioning them

2007-10-21 Thread Derek Harding
JP Kelly wrote: that makes sense to me but after that it says THE CODE followed by a bunch of code. i am unclear on what needs to be done with this code. Typically you put it in a file called something like URICountry.pm and then load it in your local.cf or vN.pre (eg. v320.pre) using the

Re: Bouncing emails from certain countries

2007-08-27 Thread Derek Harding
On Sun, 2007-08-26 at 12:37 -0700, John D. Hardin wrote: On Sat, 25 Aug 2007 [EMAIL PROTECTED] wrote: And no wonder you don't seem to get many new customers from elsewhere anyway, I bet. They can't get a word in edgewise. But never mind. You won't see this message either. Whoa. Is

Re: Folks using amavisd-new and SA...

2007-06-18 Thread Derek Harding
On Mon, 2007-06-18 at 17:38 -0700, Jonathan Nichols wrote: Just a quick question to those that are using those two together. I have: $max_servers = 10; $max_requests = 15; in amavisd.conf. But the box's load average seems to be hovering around 2.00 all the time. Sometimes a little

Re: How to use SpamAssassin from PHP?

2007-04-17 Thread Derek Harding
On Tue, 2007-04-17 at 16:52 +0530, BG Mahesh wrote: hi I want to pass the comments/text entered by users on a form to SpamAssassin for approval. If it approves it only then I want to accept the text, else I want to inform the user that the text is Spam and reject the user's comments.

Re: Message is Piped to a PHP script. CPANEL glitch preventing SA from Scanning before feeding to script.

2007-03-02 Thread Derek Harding
On Fri, 2007-03-02 at 12:40 -0800, Derek Harding wrote: On Fri, 2007-03-02 at 13:08 -0500, Don Ireland wrote: Is there a way to have my PHP Script feed a message to SA to be scanned? I can save the message as a text file if that'll help. #!/usr/bin/php -q ? open(TMP, /tmp/sa

Re: Message is Piped to a PHP script. CPANEL glitch preventing SA from Scanning before feeding to script.

2007-03-02 Thread Derek Harding
On Fri, 2007-03-02 at 13:08 -0500, Don Ireland wrote: Is there a way to have my PHP Script feed a message to SA to be scanned? I can save the message as a text file if that'll help. #!/usr/bin/php -q ? open(TMP, /tmp/sa.$$) || die(Error opening temp file: /tmp/sa.$$); print TMP $mess .

Re: Spam with image and tons of nonsense words, works fantastic for spammers

2007-02-01 Thread Derek Harding
On Thu, 2007-02-01 at 16:02 -0800, Rich Shepard wrote: On Thu, 1 Feb 2007, z3r0 wrote: My hosting is cool, but I'm spammed. Never thought custom rules where something beyond common users, but seems like it is. Perhaps living with pharmaceutical messages in inbox is not so bad when you get

Re: Real fix for stock spams - pick up a pen

2006-11-16 Thread Derek Harding
On Thu, 2006-11-16 at 10:57 -0800, Evan Platt wrote: Imagine if ABC Corp is already public, and along comes XYZ, Inc, about to go public. XYZ competes with ABC. ABC hires Spammer in Foreign Country to spam for 'XYZ'. So now it looks like XYZ is spamming. The FTC crawls all over XYZ, who

Re: RelayChecker 0.3

2006-11-16 Thread Derek Harding
On Sun, 2006-11-12 at 17:26 -0800, John Rudd wrote: http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar I've been running this for a few days now and am finding it to be pretty effective, especially against the bots that are producing all the image spam. Currently it's running about

Re: is there a way to block email coming from

2006-11-10 Thread Derek Harding
Benny Pedersen wrote: header URICOUNTRY_GB eval:check_uricountry('URICOUNTRY_GB') what if a spammer sends mails from another ip outside GB ? imho such rules only changes the problem, not solving it :( URICOUNTRY scores on spams that URIs hosted in a given country rather than spam

Re: mail bounce warning for the list

2006-11-09 Thread Derek Harding
On Mon, 2006-11-06 at 23:55 -0800, Derek Harding wrote: Anyone dumb enough to block outright on the spamcop BL deserves whatever they don't get. Sorry for the delay. I need to apologise for the short temperedness of my response. I should have tempered my response and been more helpful. My

Re: Do something useful with bad addresses?

2006-11-06 Thread Derek Harding
On Mon, 2006-11-06 at 15:49 -0800, Evan Platt wrote: Just to clarify.. Yes, these would definitely be targeted addresses. I grepped my mail log for common spam I get and I'll add those. There is one problem with this approach though. All spam is learned. I tried this and I suspect that the

Re: mail bounce warning for the list

2006-11-06 Thread Derek Harding
Gary W. Smith wrote: Was the SA group listed by spamcop last month? I just now received this for messages from October 26th. Who cares? [EMAIL PROTECTED]: 209.209.82.24 does not like recipient. Remote host said: 554 5.7.1 Service unavailable; Client host [140.211.11.2] blocked using

RE: Having issue with a type of spam I havn't seen before

2006-10-13 Thread Derek Harding
On Fri, 2006-10-13 at 15:22 -0600, Chris Stone wrote: On Fri, 2006-10-13 at 10:38 -0400, Dylan Bouterse wrote: I’m trying to write a rule to score src=cid” but I can’t seem to get it right. Can somebody shed some light on what I’d use for the 20_phrases.cf file so I can start scoring this?

Re: Hashcash plugin to stamp outgoing mails (for postfix only)

2006-08-16 Thread Derek Harding
On Wed, 2006-08-16 at 17:22 +0200, decoder wrote: Well, you can read about the hashcash system at hashcash.org, basically, it is a per recipient hash generation that assures that a specific amount of time was required to compute this hash per recipient. Spammers don't have this time, they send

Re: Image spams getting thru

2006-08-02 Thread Derek Harding
[EMAIL PROTECTED] wrote: Hi, a friend of mine is using outlook stationary with a logo. This would hit the rule ... I am not sure whether many senders do that, however Stationery and image sig files are the two main false positives that I can think of. However I think those uses are fairly

Re: My thoughts on image spam strategies

2006-08-02 Thread Derek Harding
John Rudd wrote: On Aug 1, 2006, at 10:30 PM, Derek Harding wrote: John Rudd wrote: Um, how exactly will they fail? How about a nice black white speckled image with red text on it? Explain to me how you think it will fail? So you're dropping three bits? White is FF, Black 00

Re: My thoughts on image spam strategies

2006-08-02 Thread Derek Harding
John Rudd wrote: No, 70 would still be 70. 07 would become 00. And 07 is a pretty faint red. Looking at it now, I can't distinguish it from black. (70 is 0111 so the lower 3 or 4 bits are already 0's, whereas 07 is 0111 .. THAT becomes 0 and is indistinguishable from

Re: Am I wasting my time with SpamCop?

2006-08-02 Thread Derek Harding
On Wed, 2006-08-02 at 16:37 -0400, Tom Ray wrote: Anyone serious about stopping SPAM should not use SpamCop. They have no real checking method, it's like AOL's spam blocking method...they just let users submit what they think is spam and then block it. It's pointless. There's not even a way

Re: Image spams getting thru

2006-08-01 Thread Derek Harding
On Tue, 2006-08-01 at 17:49 -0400, Theo Van Dinter wrote: Except now you've also delayed your valid mail by 30 minutes or an hour which sucks (and is sometimes completely unacceptable). True though it would be more accurate to say that you've delayed some of your valid mail by 30 minutes to an

Re: Image spams getting thru

2006-08-01 Thread Derek Harding
Rob Mangiafico wrote: Anyone else find this to be a good rule to catch these image stock spams without too much collateral damage? After writing this I did some checks on the SA public corpus. The rule didn't hit on any of the hard ham. It didn't hit much of the spam either since very

Re: My thoughts on image spam strategies

2006-08-01 Thread Derek Harding
John Rudd wrote: Um, how exactly will they fail? How about a nice black white speckled image with red text on it? BTW I think the OCR approach is unlikely to succeed due to processing constraints. Derek

SUBJECT_ENCODED_TWICE question

2006-01-04 Thread Derek Harding
This may be more a dev question but I thought I'd start here. I've been seeing this rule (SUBJECT_ENCODED_TWICE) trigger recently and it is confusing me. 3.1.0 defines it as :header SUBJECT_ENCODED_TWICE Subject:raw =~ /= \?\S+\?[BQ]\?.*=\?\S+\?[BQ]\?/i It checks for a subject line having two

Re: Parse and check URIs

2006-01-01 Thread Derek Harding
Markus Mayer wrote: What I would like to do now is to somewhat combine the two approaches: parse mail-bodies for URIs (just as it's done with the Geocities example), then use the IP the link resolves to with the countries blackhole-list to find out if the site is in China, Korea or any of the

Re: [SPAM] RE: GeoCities Link-only spam

2005-08-22 Thread Derek Harding
On Sun, 2005-08-21 at 20:05 -0400, Eric A. Hall wrote: What's the benefit of using this instead of the uridnsbl plugin? The code below will look for the IP address behind a URI and then query the cn-kr.blackholes.us RBL to see if that addr is in China: This one doesn't require a DNS lookup

RE: GeoCities Link-only spam

2005-08-08 Thread Derek Harding
On Sun, 2005-08-07 at 12:27 -0400, Greg Allen wrote: They are also using non-Geocities addresses now. Most of the IPs they use seem to been from China, so you could RBL china at the front end, if you are allowed to block China that is... (my users won't let me block China...uggh)

Re: [SPAM] RE: GeoCities Link-only spam

2005-08-08 Thread Derek Harding
On Mon, 2005-08-08 at 15:53 -0500, [EMAIL PROTECTED] wrote: It allows rules such as: uricountry URICOUNTRY_CN CN header URICOUNTRY_CN eval:check_uricountry('URICOUNTRY_CN') describeURICOUNTRY_CN Contains a URI hosted in China tflags URICOUNTRY_CN