On Fri, June 15, 2007 15:13, WLamotte wrote:
>
> Sorry if this is an obvious question but why isn't there an option for
> Spamassassin to bounce spam? Sure it does a good job at filtering spam but I
> don't want it from my web(mail)server to my inbox. I want my web- or
> mailserver to bounce
> su
On Fri, June 15, 2007 08:20, Helmut Schneider wrote:
> Hi,
>
>
> From: "Justin Mason" <[EMAIL PROTECTED]>
>
>
>>> [EMAIL PROTECTED] ~]# sa-update --nogpg
>>> can't resolve "localhost" to address at
>>> /usr/local/libdata/perl5/site_perl/i386-openbsd/Net/DNS/Resolver/Base.pm
>>> line 751. [EMAIL PR
On Wed, June 13, 2007 10:08, Oenus Tech Services wrote:
> I'm thinking of disabling fuzzyocr for the time being until the problem
> is solved. However, fuzzyocr is still doing a good job on other files. Does
> anybody have
> a suggestion or clue on how to solve this? Is there a way for fuzzyocr t
On Tue, June 12, 2007 13:33, Justin Mason wrote:
> Daniel J McDonald writes:
>> So, you can't build the RPM as root.
>>
>>
>> I just added all of the various groups to my user, set up a user build
>> directory tree, compiled it under my username and it tested fine, at least
>> to the point
>> that
On Sun, May 27, 2007 13:34, David Baron wrote:
> FuzzyOcr prep missing from its normal location and a few other errors as well.
> What would cause this?
>
>
> Had the patched and ready originals available to restore the FuzzyOcr stuff.
> However, I am still getting this error:
>
>
> SpamAssassin Ma
On Mon, May 21, 2007 11:03, Mark || Stream Service wrote:
> Hello,
>
>
> In relation to this:
> - Is it possible to block all messages that contain an url or sites on
> that url? For example to block all messages that have an url to
> imageshack.us (and an image from there)?
I posted a suggestion
On Fri, May 18, 2007 22:01, Loren Wilton wrote:
> Looks like FuzzyOCR should have a field day with that one. ImageInfo
> would probably also help.
Unfortunately, it's a hyperlink, not a cid, so OCR wouldn't even see it.
On Fri, May 18, 2007 15:29, Giampaolo Tomassoni wrote:
>> 1) Your server can be used in a DoS against the distributed services
>>
>
> You mean, by sending valid content on high-scoring mails? Mmmh. Yes, this
> may create trouble to DCC, Pyzor and Razor. Not to SC, since they are
> mostly interest
On Fri, May 18, 2007 14:50, Giampaolo Tomassoni wrote:
> what's wrong with automatically SA-report messages scoring above a given
> threshold (say, 10-12)?
>
> Would it be regarded as *BAD* by DCC, Pyzor, Razor, and/or SC?
>
>
> I often see that high-scoring messages are reported as spam by some o
On Thu, May 17, 2007 09:00, fRANz wrote:
>> From the FVGT ruleset (Fred):
>> header FH_HOST_EQ_D_D_D_D X-Spam-Relays-Untrusted =~ /^[^\]]+
>> rdns=[^ ]+\d{1,3}[^0-9]\d{1,3}[^0-9]\d{1,3}[^0-9]\d{1,3}[^ ]+ / describe
>> FH_HOST_EQ_D_D_D_D Host starts with d-d-d-d
>> scoreFH_HOST_EQ_D_D
On Thu, May 17, 2007 08:21, fRANz wrote:
> Hi.
>
>
> Some mails are positive to this test.
> In wiki section, I can't find any information about it.
> Someone could explain me what does it means?!
>
>
> Regards,
> -f
>
>
Hint: grep is your friend when searching your rule files.
>From the FVGT rule
On Wed, May 16, 2007 11:02, Cedric BUSCHINI wrote:
> Hello everyone,
>
>
> I m running through a problem generating false negatives :
> I m getting e-mails sent to [EMAIL PROTECTED] from
> [EMAIL PROTECTED]
> [EMAIL PROTECTED] is in the whitelist using whitelist_from in
> local.cf .
>
> How can I
On Mon, May 14, 2007 11:32, Matt Hampton wrote:
> http://www.coders.co.uk/slipped.through.txt
>
>
> It has sailed through both a SA3.1.8 and SA3.2.0 (3.2.0-pre2-r512851)
> running on recent versions of MailScanner
The ClamAV engine tends to work well on a large number of that type of
phish. Local
On Sat, May 12, 2007 12:49, Alex Woick wrote:
> Is it possible to display the version and/or publishing date of the
> ruleset in the mail headers, for example in the X-Spam-Checker-Version:
> header? So we can see if the ruleset has been kept up-to-date with
> sa-update.
It could be done with a Ma
On Wed, May 9, 2007 10:37, Chris wrote:
>
> One thing, my hosts say that I'm not able to do this if
> I'm on shared hosting - are you saying that there's a
> way to do this on shared hosting please ?
>
> Out of the ways that have been kindly recommended here,
> which one would be the easiest for a
On Wed, May 9, 2007 10:10, BG Mahesh wrote:
> On 5/9/07, Duncan Hill <[EMAIL PROTECTED]> wrote:
>
>>
>> On Wed, May 9, 2007 09:36, BG Mahesh wrote:
>>
>>
>>> We have tested this on http://cause.greynium.com/spamtest.php
>>> We have constr
On Wed, May 9, 2007 11:13, Chris wrote:
> I will look into that - I would prefer the emails from
> some countries to not even reach my pc in the first place - so bearing that
> in mind, is procmail still recommended in this instance please ?
If your hosting provider offers procmail, yes. The may
On Wed, May 9, 2007 11:29, Chris wrote:
> But what happens to the email that fails the threshold
> of spam filtering ?
If it's below the threshold, it may get a subject modification, it
probably gets a new header or two. If it's above the threshold, it
probably gets a new header or two, and then
On Wed, May 9, 2007 11:13, Chris wrote:
> I will look into that - I would prefer the emails from
> some countries to not even reach my pc in the first place - so bearing that
> in mind, is procmail still recommended in this instance please ?
If your hosting provider offers procmail, yes. The may
On Wed, May 9, 2007 10:10, BG Mahesh wrote:
> On 5/9/07, Duncan Hill <[EMAIL PROTECTED]> wrote:
>
>>
>> On Wed, May 9, 2007 09:36, BG Mahesh wrote:
>>
>>
>>> We have tested this on http://cause.greynium.com/spamtest.php
>>> We have constr
On Wed, May 9, 2007 10:37, Chris wrote:
>
> One thing, my hosts say that I'm not able to do this if
> I'm on shared hosting - are you saying that there's a
> way to do this on shared hosting please ?
>
> Out of the ways that have been kindly recommended here,
> which one would be the easiest for a
On Wed, May 9, 2007 09:57, Ruben Cardenal wrote:
> Chris wrote:
>
>> Hi all,
>>
>>
>> Anyone know if you can get Spamassassin to block and/or
>> delete emails from certain countries if you are on shared hosting please
>> ?
>>
>>
>> Any help very much appreciated.
>>
>>
>> Chris.
>>
>>
>>
> Just add
On Wed, May 9, 2007 09:36, BG Mahesh wrote:
> We have tested this on http://cause.greynium.com/spamtest.php
> We have constructed a Mail header, concatenating $message to $header and
> passing the contents of $header to the code given above.
>
> We have installed the script from rulesemporium to u
On Tue, April 17, 2007 12:22, BG Mahesh wrote:
> hi
>
> I want to pass the comments/text entered by users on a form to
> SpamAssassin
> for approval. If it approves it only then I want to accept the text, else
> I
> want to inform the user that the text is Spam and reject the user's
> comments.
>
>
Yay, spammy has morphed, and the pattern that was working doesn't work
(the morph appears to be making the filenames truly random now):
http://img444.imageshack.us/img444/6834/mchd6.jpg
http://img444.imageshack.us/my.php?image=5bsoda1.jpg
http://img444.imageshack.us/img444/3335/68jo5.jpg
the serv
On Mon, April 2, 2007 19:14, John D. Hardin wrote:
> On Mon, 2 Apr 2007, Randal, Phil wrote:
>
>
>> A large score for ImageShack uris, not a small one, would seem to
>> be in order, otherwise a good proportion end up in people's mailboxes.
>
> I'm not familiar with ImageShack - is it public hosting
On Mon, April 2, 2007 16:34, Rocco Scappatura wrote:
> What I can't figure out is if this is a new kind of spam or if I can
> update it using the available rulesets (with sa-update or RDJ).
> Search engine, fax scanting software?
> http://img133.imageshack.us/img133/5553/webvq2.gif
Custom rulese
On Wednesday 20 December 2006 06:11, Kosmaj wrote:
> Forgive me for spamming the list, but I just realized
> that if I just score -10 to long messages, SP will keep on
> applying other rules, and it will take long time again.
> Therefore, what I need is a rule which will score -10 points
> and tell
On Wednesday 20 December 2006 06:50, John Rudd wrote:
> John D. Hardin wrote:
> > http://www.impsec.org/~jhardin/stupid_spammer_tricks_01.txt
>
> I'm seeing a few of these today too. In fact, at home, I've had maybe 5
> spam messages slip through my defenses today. That's a HUGE increase
> for me
On Tuesday 12 December 2006 15:39, David Birnbaum wrote:
> If you think about the distribution of a normal email users, it's going to
> look like a very sparse matrix:
>
>(few IPs per sender domain) -> (few recipients per recipient domain)
>
> A big email ISP might look more like this:
>
>
On Monday 11 December 2006 16:16, John Rudd wrote:
> Duncan Hill wrote:
> > I just finished a very quick test of the Botnet tool, and the sheer
> > number of FPs against eBy mail coming from eBay's servers was staggering
> > - literally every single mail from eBay. It al
On Monday 11 December 2006 15:57, Duncan, Brian M. wrote:
> ISP's client address). The places I've been using it, and the people I
> hear about who are using it, have seen a high degree of success.
>
> It can be downloaded from:
>
> http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar
I just
On Thursday 07 December 2006 15:11, Justin Mason wrote:
> yeah -- there are any number of ways to do this, if requiring admin
> configuration is OK -- I'm asking for ways we can automatically
> figure it out from SpamAssassin code, without help. ;)
Really and truly, it belongs at the MTA level, n
John Andersen wrote:
On Monday 20 November 2006 15:08, Rick Macdougall wrote:
It's possible that they could send it all twice but I've never seen it.
Remember that some unbelievable number of infected Windows clients are
the main source of spam and it would just be too much trouble for the
spa
On Mon, November 20, 2006 15:00, Nathan Zabaldo wrote:
> I am getting pounded by these types of emails. Does anyone else get
> these? What rule can I apply to have them killed. It's driving me nuts.
SARE Stock ruleset. Available from fine ninjas everywhere. Well trained
Bayes would probably he
On Wed, November 1, 2006 09:27, Suhas \(QualiSpace\) wrote:
> How do I catch these types of mails?
>
> Received: from wk-2022 [125.92.211.28] by ourdomain.com
Don't accept mail from non-fully-qualified HELOs ?
On Wednesday 11 October 2006 12:10, Enrico Pasqualotto wrote:
> Hi at all, I want to deliver mail marked from spamassassin with SPAM to
> admin address and not deliver to the user.
> Is possible?
> After I want to set this setup to specific email address not all user.
> I find in the docs and FAQ b
On Wednesday 04 October 2006 22:23, Alan Munday wrote:
> I've been following your developments and looking at how to integrate with
> my (few) systems. But as I don't have a test environment (until I have
> built a VMWare one) I was cautious at trying this with one of the live
> box's. Zero scorin
On Thursday 07 September 2006 01:58, Chris wrote:
> See the headers below, it 'appears' to me that this message went through
> the spammers isp before being sent to me or is this just another spammers
> 'game'?
More inclined to think it's a botnet, and that the bot was either forced to
use the re
On Thursday 31 August 2006 08:49, Xueron Nee wrote:
> I don't know why njabl.org alse use these data.
>
> http://njabl.org/cgi-bin/lookup.cgi?query=220.181.13.1
>
> 220.181.13.1 is listed in blackholes.njabl.org: China blocked by
> china.blackholes.us
Don't have an IP address in Chinese netspace.
On Wednesday 23 August 2006 10:37, aurora wrote:
> ISP's SMTP server which then hits the customers SMTP/POP server. In most
> cases, your SMTP server will just find a direct route to the destination
> server and only the sending server and receiving server will be involved
> without a server being
On Wednesday 23 August 2006 10:19, aurora wrote:
> Basically, we now get alot of customers calling us saying that they have
> not received our email and it's because it has been held on their spam
> server with a score of 6, even though its a plain text email! We have only
> been getting these issu
On Tuesday 15 August 2006 11:28, Ole Nomann Thomsen wrote:
> Yeah, that is pretty neat. But the Firstclass system is running at 99%
> capacity on the E-mail injection too. I mean, we are really pumping it in,
> trying to level the peak-priod and everything.
>
> Performing callouts will probably ca
On Tuesday 15 August 2006 10:46, Ole Nomann Thomsen wrote:
> I run a qmail frontend for a FirstClass system. The qmail accepts mail for
> about 500 domains, hosted on the FirstClass system, and scans them with SA.
> In then injects them into FirstClass. If the domain is known, but the user
> is
>
On Monday 07 August 2006 15:20, Obantec Support wrote:
> What would 192.com or 118118.com do without these names?
Deal with the fact that the RFCs don't support such names, and petition for a
new RFC that accomodates their names?
Other businesses have had no issues adapting to the requirements
On Monday 07 August 2006 00:02, wrote:
> | 2250 0733.com
> Here are my numbers from last week:
>
>5006 0451.com
>3845 53.com
Not seeing anywhere near as high, but this is only on my personal server:
440733.com
340451.com
110668.com
4 023.com
2 08.com
2 020.com
On Wednesday 02 August 2006 13:53, Marc Perkel wrote:
> I think what you are doing is a step in the right direction. But imagine
> if the users IMAP connection could be used to send mail back up the link
> then you wouldn't need to do SMTP to the users at all. All you would
> have to do is configur
On Wednesday 02 August 2006 08:21, Benny Pedersen wrote:
> On Wed, August 2, 2006 05:10, John Rudd wrote:
> > Having also said the same thing ... Doesn't part of Microsoft's
> > extension to IMAP (called MAPI, oh so original) also support sending
> > via IMAP?
>
> courier-mta does it and friends
>
On Saturday 29 July 2006 00:33, jdow wrote:
> From: "Theo Van Dinter" <[EMAIL PROTECTED]>
>
> Quoth Theo:
>
> Why? us.tt acts as a registrar (www.us.tt -> joynic.com), dolling out
> .us.tt to others, so we want to be able to deal with that.
> Same as other .tt 2TLDs.
> Somebody got VERY clever w
On Friday 21 July 2006 16:07, Golden, James wrote:
> Hi all,
>
> I just took over the administration of spamassassin, since my coworker
> moved on. I'm not really familiar with a lot of this. The problem I am
> having is this:
>
> A user has a legitimatly high AWL score (because of rules determin
On Saturday 11 March 2006 04:25, NW7US, Tomas wrote:
> My scripts are really buttoned down, those that I have written myself.
> The perl scripts do use the CGI code, latest. And I do my own regex
> stuff. I'll double-check my tests. I just don't yet see how the messages
> are getting through.
On Friday 17 February 2006 07:22, Loren Wilton wrote:
> Well that's too much work to turn that back into something I can run here.
> It should probably have scored moderately well.
>
> I do notice this though:
> > tests=UNPARSEABLE_RELAY autolearn=ham version=3.1.0
> > Received: from -1225665360 ([
On Wednesday 01 February 2006 21:58, Matthias Fuhrmann wrote:
> just a question about the purpose of Long.pm. Am I right asuming, it
> just tries to get local machines hostname and domainname. nothing else
> additionaly. Correct? Just to ensure, i dont blow anything :)
>
> well, asuming this, a fr
On Sunday 29 January 2006 21:19, Matthias Fuhrmann wrote:
> On Sun, 29 Jan 2006, Matthias Fuhrmann wrote:
> > Hello,
> >
> > recently i see many of those lines in our syslog:
> >
> > Jan 29 21:56:06 machine spamd[1951]: Insecure dependency in `` while
> > running with -T switch at /opt/gnu/lib/perl
On Thursday 15 December 2005 15:03, Jon Kvebaek wrote:
> Hi,
> we get quite a few messages that have no Received: headers. These seem
> to cause ALL_TRUSTED to fire (with a negative score of course), which
> isn't exactly what I want. Any idea on how I should deal with this
> correctly?
How on ear
On Wednesday 23 Nov 2005 15:07, Bowie Bailey wrote:
> It's always good to have multiple layers. We have ClamAV on the mail
> server and Symantec Corporate Edition on the desktops. I haven't had
> any problems with Clam. We had a few Sober.U get through before the
> definitions updated, but that'
On Tuesday 08 Nov 2005 16:38, shenanigans wrote:
> I was interested in getting feedback from current mail group users.
>
> We have mirrored your mail list in a new application that provides a more
> aggregated and safe environment which utilizes the power of broadband.
>
> Roomity.com v 1.5 is a we
On Sunday 16 October 2005 11:27, Bill Maidment wrote:
> jdow wrote:
> > NOW I have to clean the tea off my monitor.
> >
> Anyway, what *REAL* programmer drinks tea
Those of us who don't like coffee :> Can't stand the smell or taste myself.
On Tuesday 13 September 2005 14:10, Jeffrey N. Miller typed:
> Go a lot of spam last night with subject lines Re[2] or [4] or [5]
> Most are Cialis or sperm pill spam. Also I received one of these emails
> that was addressed to another user???
The To: you see displayed in your mail client is not
On Thursday 25 August 2005 12:31, Chris typed:
> Noted this in my syslog this morning, is this another harmless error, or is
> something borked somewhere?
>
> Aug 24 21:30:09 cpollock spamd[7745]: bad protocol: header error:
> \200__( '$Î__\206 __\2377\200__( '$Ï
On Tuesday 23 August 2005 20:07, Greg Allen wrote:
> Do you have any links to a how-to for the Spamass-Milter? Or does it have
> good install info in the docs? If it does a good job and is relatively
> easy and light-weight, I would like to try it. I have spent days looking
> for something more si
On Monday 15 August 2005 14:44, Fettke, Dirk typed:
> Sorry, I forgot.
>
> I'm using postfix, amavisd, spamassassin
>
> In my local.cf I have insert these lines like Matt Kettler told me.
>
> header BANNED_SUB1 Subject =~ /viagra/i
> score BANNED_SUB1 100
>
> Unfortunately it doesn't wor
On Tuesday 26 July 2005 18:13, David B Funk wrote:
> Got a spam that contains what appears to be an open http
> redirector that is new to me:
> http://adserver.adtech.de/?adlink|2.0|340|436977|1|16|AdId=323398;BnId=1;li
>nk=target.com (where 'target.com' is the spammer site).
> Anybody know anythin
On Tuesday 19 July 2005 18:50, Jay Lee wrote:
> Mark Williams wrote:
> >Server: Linux (RH9.0), with spamassassin installed from
> >spamassassin.org web site using "make" etc (not RPM's). This
> >machine then runs both IMAP and POP3 for clients. MTA is sendmail
>
> Surely your not going live wit
On Friday 15 July 2005 12:05, Loren Wilton typed:
> > Is there information somewhere else
> > that tells people how to unsubscribe from the list.
>
> Yes, its hidden in the headers of the messages from the list, where most
> rational people won't think to look. I guess they did that as a test,
> s
Not sure where to post this, but this should reach a fair number of admins.
themafia.us, hosted on Yahoo! is kindly serving up 2 txt files of email
addresses and a virus.
The mail that tries to get the gullible looks like
You have just
received a virtual
greeting from a friend!
.
You
On Thursday 14 July 2005 16:50, [EMAIL PROTECTED] typed:
> On Jul 14, 2005, at 4:14 AM, Loren Wilton wrote:
> Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29
> -
> Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul
> 2005 21:00:29 -
> >
On Wednesday 13 July 2005 09:06, Dean Baldwin typed:
> Is there anyway of placing a message - say at the top of the mail -
> stating that if this message has been incorrectly flagged as SPAM then
> please let us know. Is there any way of doing this with Spamassassin? I
> only want to flag those re
On Tuesday 05 July 2005 15:41, [EMAIL PROTECTED] typed:
> Received: from 204-161-126-200.fibertel.com.ar ([200.126.161.204])
> by xxx.atco.ca with smtp (Exim )
> id 1Dpnum-0001Yc-RY; Tue, 05 Jul 2005 07:56:46 -0600
Deny traffic from \d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}\.fibertel\.com\.ar perhaps.
>
On Tuesday 28 June 2005 11:38, liyas_m m typed:
> Hi,
> I have installed the lastest version of SpamAssassin.
> But it doest seem to stop the spam email that coming in to my
> server..please help
> How do i check whether my configuration is correct.
You may have misconceptions about how SpamAssass
On Monday 27 June 2005 15:41, Jeff typed:
> I have setup spamassassin to delete messages if they are spam and it seems
> to work. However, I am still getting some that are being marked. How do I
> get them all to be deleted?
SA doesn't delete mails, so you'd have to check the application that do
On Friday 17 June 2005 12:33, Kai Schaetzl wrote:
> I've been getting multiples of messages from this list recently as if the
> list software is sending out a spool again and again. Is the list admin
> aware of the problem?
Check the headers and see if there's anything about SMTPSVC and pickup. I
On Friday 03 June 2005 08:10, Loren Wilton typed:
> It was basically "the spammer makes a zillion new domains, and they all
> take time to get into SURBL, so some spam gets through. But they all point
> to the same dotted quad, and I can match on that lookup".
>
> If that statement is true, perhap
On Thursday 02 June 2005 16:12, Jake Colman typed:
> I use the default number of spamd children and have configured sendmail for
> 25 daemon children. SA works perfectly and is filtering wonderfully except
> for this one situation when I come back on-line and get swampled. The
> initial batch of
On Thursday 02 June 2005 14:33, Gene Heskett typed:
> Greetings;
>
> I rx'd several copies of what I think was a viri yesterday,
> purportedly coming from verizon.net, my isp.
>
> A very short text message mentioning my account, with a 60
> kilobyte .zip file attached. The thing that bothers me is
On Wednesday 01 June 2005 15:21, Tim Macrina typed:
> On 6/1/05, Duncan Hill <[EMAIL PROTECTED]> wrote:
> > This is not the purpose of SpamAssassin. It merely tags the mail. You
> > will need to implement this quarantine after your mail system calls SA.
> > On a *nix
On Wednesday 01 June 2005 15:12, Tim Macrina typed:
> I wish to move all spam scored 15 or more to one specific mail
> account. I want to do this no matter what account the message was sent
> to.
This is not the purpose of SpamAssassin. It merely tags the mail. You will
need to implement this q
On Thursday 26 May 2005 01:55, Thomas Zehetbauer wrote:
> Hi,
>
> I have just started reporting spam and I wonder if SpamCop really
> expects it's users to confirm every submission in the web interface?
Yes. It ensures that most people are actually reporting spam. Doesn't take
that long really.
On Monday 23 May 2005 16:02, Joe Borg typed:
> incorrectly trained it. Is it possible to upgrade but force spamassassin to
> install a new/fresh bayes db?
Remove the bayes files and SA will re-create them.
On Wednesday 18 May 2005 15:05, Thomas Deaton typed:
> another newbie here... how do I block a URL with SpamAssassin?
The most SA will ever do is tag your mail for you saying a URL was present.
uri rules do this. You can then filter based on the headers added by SA.
If you never want to ever s
On Monday 16 May 2005 12:15, Ronan McGlue typed:
> I too have all net tests enabled and have started from a fresh clean new
> database friday, and already Im seeing the german spams hit bayes_00...
> I dont want to switch autolearning off becuase well i find it incredibly
> usefull. i have spam/ha
On Friday 13 May 2005 23:51, Ryan L. Sun wrote:
> If an incomming email is from a IP listed in IP whitelist, we don't
> need to check it at all.
> The whitelist I mentioned here is a large-scale one. Say Microsoft and
> Yahoo's IPs should be added to IP whitelist since we suppose they
> won't send
On Tuesday 10 May 2005 15:59, Johnson, S typed:
> Anyone know the best way to subscribe to receive all the spam I can
> possibly get?
If you get a spam that has a link to a page for opting out, opt-out a
spamtrap :)
Also look for invalid local addresses that get rejected. If they will never
ma
On Tuesday 10 May 2005 05:16, forum wrote:
> I'm testing the SA but my server can't connect to outside world. Thus, i've
> to send mail from localhost to myself to find how accurate SA is.
> Unfortunately, SA don't scan mails that sent from localhost.
SA scans what you hand to it to scan. If your
On Saturday 07 May 2005 07:40, Rakesh wrote:
> Seems Spammers have found a way to evade the URI checks
>
> the domain coolestrxever.com is listed in multi.surbl.org. But the
> spammers managed to to evade the URI checks by appending special
> charaters at the end of the url which are happily allowe
On Tuesday 03 May 2005 15:02, Maurice Lucas typed:
> Hello,
>
> Send a complete sample to spam \-at/ timj.co.uk for addition to
> http://www.timj.co.uk/linux/bogus-virus-warnings.cf
In some ways though, it isn't a spam, and potentially just tagging a viral
mail and feeding it onwards could be a v
On Tuesday 03 May 2005 14:12, Ronald I. Nutter typed:
> We are getting flooded this morning with email that contains the
> following item(s) in the body of the message -
>
> *** Server-AntiVirus: No Virus (Clean)
> *** "GEORGETOWNCOLLEGE" Anti-Virus
> *** http://www.georgetowncollege.edu
>
> OR
>
>
On Thursday 14 April 2005 13:12, Chris Harvey typed:
> > guess the people reading that thread don't know about your problem. I'd
> > suggest next time you send a new message (thus starting a new thread)
> > rather than hijacking an existing thread.
>
> Not sure where you are getting that from. I
On Thursday 07 April 2005 14:22, [EMAIL PROTECTED] typed:
> Hello All
>
> Does someone know a linux command to create a mailbox (mbox) without X11 or
> KDE.
A mbox mailbox is merely a named file in a location. mkdir, touch. So long as
the directory is there, most MTAs and MDAs can deal with the
On Thursday 07 April 2005 09:38, [EMAIL PROTECTED] typed:
> I recently took over admin duty for a mailserver. The system I'm taking
> over is a FreeBSD mailserver with SpamAssassin 3.0.2 running.
> Unfortunately, a significant amount of spam gets through, and I think I
> know the reason.
>
> The sp
On Wednesday 06 April 2005 16:33, Jeff Chan typed:
> I'm not getting any of those, but I am seeing a lot of stock
> spams.
Ditto, but pretty much all of them are hitting high bayes + other local rules
aimed at stock stuff. The stox guy morphed, but the morph was so trivial it
was funny.
On Wednesday 23 March 2005 03:47, List Mail User typed:
> Several people have suggested it. Clearly it is just my latent
> paranoia that make me think this way. (Notice, everybody adds "yet";
> Though it would take a stupid spammer to purposely target this list, such
> creatures do exist. Also,
On Monday 21 March 2005 15:34, Rosenbaum, Larry M. typed:
> We received a drug spam containing the following URL:
>
> http://chkpt.zdnet.com/chkpt/supposedtoallow/fdl%2ev%69%61%67%73.co%6d/p/b/
>kmioa
>
> This URL will actually take you to fdl.viags.com (which then goes to
> www.simply-rx.net). As
On Monday 21 March 2005 11:05, Menno van Bennekom typed:
> > Clever trick. Do legitimate MTAs try to send to the second
> > highest MXer if the primary is down? If so a fake third MX
> > (even to a completely unused IP?) may have little downside.
> >
> > I.e.
> >
> > @ IN MX 5 realprimary.doma
On Friday 11 March 2005 14:17, DNI Support Department typed:
> Greetings Jeff:
>
> These are live examples; but it appears the porn spam all follow the same
> hex (?) directory structure after the domain name.
>
> Hence, wanting a pattern for that purpose.
> > > http://yamanekohm.com/9d70188c4e797
On Sunday 06 March 2005 19:14, Rob Fantini wrote:
> Hellom
>
> We use postfix , procmail and spamassassin.
>
> Generally which is the better place to do RBL checks, postfix or
> spamassassin?
Do you want to score on RBLs, or reject on RBLs? If you want to score, SA.
If you want to reject outri
On Saturday 05 March 2005 14:49, martin smith wrote:
> |uri SpoofPort_URL /.*\:.*|.*\...:.*/ score SpoofPort_URL 1
>
> Ok MK2 that one could FP on genuine URLs with a port specified
>
> uri SpoofPort_URL /.*\:.*|.*\...:.*/
> score SpoofPort_URL 1
> uri OkPort_URL
> /.*\:|.*\...:
On Wednesday 02 March 2005 18:45, David Velásquez wrote:
> Content preview: US Oil and Gas Report Oi| C|imbs, Gains Soar We have
> the |eading track record for finding fast moving, Low-priced energy
> plays. Look at the moves made by our last 2 Hot Picks: SPRL .14 to .36
> in 12 days, up 157
On Thursday 24 February 2005 21:54, Stuart Johnston wrote:
> I've been seeing a ton of stock spam this week, no URLs - no SURBL :(
> Bayes and Razor, etc pick up on it eventually but to speed things up, I
> wrote a rule. One thing that is unique about these messages is that
> they replace l's with
On Monday 31 January 2005 15:27, [EMAIL PROTECTED] might have typed:
> Hello,
>
> I use postfix+spamassassin+maildrop and for now I delivery all the email
> tagged as spam to junk folder, this is very nice except most of the mail is
> actually spam, so far only one false positive, anyway I would li
1 - 100 of 114 matches
Mail list logo
