from
the original From address while providing a functional From address
using a domain name which passes SPF, a sufficient condition for
passing DMARC.
--
Lindsay Haisley | "The world is full of monsters with friendly
FMP Computer Services | faces and angels with scars."
512-259-1190 |
http://www.fmp.com| - Heather Brewer
use with
email redirection via the Courier MTA. The Mailman code substitutes the
word "at" in the comment field for the ampersand to avoid this sort of
problem, but other implementation may not.
--
Lindsay Haisley | "The world is full of monsters with friendly
FMP Comput
getting a number of these, and someone else on this list
reported the same format. I haven't seen a SA rules solution to
blocking these.
--
Lindsay Haisley | "The first casualty when
FMP Computer Services | war comes is truth."
512-259-1190 |
http://www.fmp.com| -- Hiram W Johnson
ut I doubt if it does any good. The Big Guys don't need
to allocate any of their hard-earned resources to clamping down on spam
sent trom their customers' accounts :(
--
Lindsay Haisley | "UNIX is user-friendly, it just
FMP Computer Services | chooses its friends."
512-259-1190 | -- Andreas Bogk
http://www.fmp.com|
es, so I'm looking for a way to block
them with a finer tool.
--
Lindsay Haisley | "The first casualty when
FMP Computer Services | war comes is truth."
512-259-1190 |
http://www.fmp.com| -- Hiram W Johnson
On Sat, 2016-09-24 at 00:15 -0500, Dave Funk wrote:
> On Fri, 23 Sep 2016, Lindsay Haisley wrote:
>
> >
> > On Fri, 2016-09-23 at 19:03 -0400, listsb-spamassas...@bitrate.net
> > wrote:
> > >
> > > consider that, to do the work described as "for
;
What am I missing?
Justin Ellingwood, who wrote the DigitalOcean piece, is a very
experienced documenter. From his rather impressive resume, I'd be
inclined to trust what he posts.
--
Lindsay Haisley |"Friends are like potatoes.
FMP Computer Services |If you eat them,
gh.
So why is this bad informaton?
--
Lindsay Haisley | "The voice of dissent was arrested before
FMP Computer Services | the president cleared his throat to
512-259-1190 |speak of freedom"
http://www.fmp.com|
|-- Chris Chandler
en vetted and reviewed by
competent peers, as is the way of the world with open source software.
--
Lindsay Haisley | "The first casualty when
FMP Computer Services | war comes is truth."
512-259-1190 |
http://www.fmp.com| -- Hiram W Johnson
surface in itself and is a richer prize if hijacked, either
> directly or as a consequence of a general system compromise.
>
> On 23 Sep 2016, at 16:10, Lindsay Haisley wrote:
> >
> >
> > On Fri, 2016-09-23 at 15:28 -0400, Bill Cole wrote:
> > >
> >
On Fri, 2016-09-23 at 20:21 -0400, Bill Cole wrote:
> On 23 Sep 2016, at 16:10, Lindsay Haisley wrote:
>
> >
> > On Fri, 2016-09-23 at 15:28 -0400, Bill Cole wrote:
> > >
> > > As much as I love BIND (no, seriously, I do) it's very hard to
> >
On Fri, 2016-09-23 at 17:10 -0400, btb wrote:
> On 2016.09.23 16.16, Lindsay Haisley wrote:
> >
> > On Fri, 2016-09-23 at 18:43 +0100, RW wrote:
> > >
> > > Right, but the question here is why isn't a forwarding server also a
> > > recursive s
821/what-s-the-difference-between-recursion-and-forwarding-in-bind
--
Lindsay Haisley | "The difference between a duck is because
FMP Computer Services |one leg is both the same"
512-259-1190 | - Anonymous
http://www.fmp.com|
ents {
1.2.3.0/24;
4.5.6.0/24;
127.0.0.1;
etc
};
options {
..
recursion yes;
allow-query { goodclients; };
etc...
};
--
Lindsay Haisley | "The first casualty when
FMP Computer Services | war comes is truth."
512-259-1
can be.
options {
directory "/var/cache/bind";
recursion yes;
allow-query { goodclients; };
etc
};
--
Lindsay Haisley | "Never expect the people who caused a problem
FMP Computer Services | to solve it." - Albert Einstein
512-259-1190 |
http://www.fmp.com|
No sooner did I complete a small python filter to divert untrapped
style gibberish spams than I started getting these without the
his may be out of the realm of SA. I apply this test using a python
program written to work with Gordon Messmer's courier-pythonfilter for
Courier-MTA.
--
Lindsay Haisley | "We have met the enemy and he is us."
FMP Computer Services |
512-259-1190 | -- Pogo
http://www.fmp.com|
I'm getting a _lot_ of spam slipping through the STYLE_GIBBERISH
filter, probably more than is getting caught (although some of it _is_
getting caught). An example body is
http://82.145.55.127//ql.html?r=ref_02*mbsEcorbeag1039osdfrj=oth.sh4a.j6ujae.44yoh.c0497__0sv4Yb82/ln";>http://82.145.55
> example is a U.S. company that uses recombinant DNA to put an unusual
> color in a bean. Then they patent it and sue a Mexican company and block
> imports of a bean that the Mexicans have been growing for generations.
> That's just nucking futs.
Sounds like Monsant
he bounces is mailer-dae...@linda.intranet which is obviously bogus,
likewise violating RFCs. The envelope sender on the bounces is "<>",
which is correct.
--
Lindsay Haisley | "Everything works|Accredited
FMP Computer Services | if you let it" | by the
512-259-1190 |(The Roadie) | Austin Better
http://www.fmp.com| | Business Bureau
user".
I would expect that a list devoted to making the Internet mail system
run to everyone's benefit rather than to everyone's detriment would be
operated in a more professional manner!
Is anyone minding the store
--
Lindsay Haisley | "Everything works|Ac
user".
I would expect that a list devoted to making the Internet mail system
run to everyone's benefit rather than to everyone's detriment would be
operated in a more professional manner!
Is anyone minding the store
--
Lindsay Haisley | "Everything works|Ac
t; videos, Slashdot for illegal content (egregious copyright violation),
> and registrars for aiding identified spammers.
>
> I would expect all those who need to be in the supply path for a
> misdeed to work to remove themselves from that supply path upon proper
> notification. I would NOT expect them to be proactive in this regard.
> Reactive is fine and proper.
>
> {^_^} Joanne
--
Lindsay Haisley | "Everything works|Accredited
FMP Computer Services | if you let it" | by the
512-259-1190 |(The Roadie) | Austin Better
http://www.fmp.com| | Business Bureau
r whois database, although they do have the authority
to disable a name for which they're the registrar of record.
I'm as offended by spam to me and my customers as anyone, but I'm also a
big proponent of open source and net neutrality, and like to see
pressure applied where the act
It may explain exactly why it didn't work when you tried it.
It'll take you less time to read the relatively short section than it
will to reply to this email :-)
--
Lindsay Haisley |"Fighting against human | PGP public key
FMP Computer Services | creativity is like |
tried that and it didn't work.
See <http://en.wikipedia.org/wiki/Wildcard_DNS_record> and in particular
the quote from RFC 1912.
--
Lindsay Haisley | "Everything works|Accredited
FMP Computer Services | if you let it" | by the
512-259-1190
this, but it
appears that this isn't the case. Instead I've found several people of
good will who don't seem to know a whole lot more about SA than I do,
but have given me some good points to think about.
Do you have any idea where I might inquire to get advice from people
with mor
em
a little more intelligently.
Thanks!
--
Lindsay Haisley | "Everything works|Accredited
FMP Computer Services | if you let it" | by the
512-259-1190 |(The Roadie) | Austin Better
http://www.fmp.com| | Business Bureau
On Fri, 2009-02-13 at 16:51 -0600, Lindsay Haisley wrote:
> Scenario 2: spamc on box A communicates with a _local_ spamd, which
> accesses local config files but uses a MySQL connection _over the
> network_ to box A to access the Bayes/userpref database.
Sorry, this should read:
S
communicates with a _local_ spamd, which
accesses local config files but uses a MySQL connection _over the
network_ to box A to access the Bayes/userpref database.
Sorry if I wasn't entirely clear before. I hope this clarifies the
choice, which looks at this point as if I'd be better off with
) I think I agree with you.
--
Lindsay Haisley | "Everything works|Accredited
FMP Computer Services | if you let it" | by the
512-259-1190 |(The Roadie) | Austin Better
http://www.fmp.com| | Business Bureau
On Fri, 2009-02-13 at 15:24 -0600, Lindsay Haisley wrote:
> Although I appreciate your advice, my question here is not _whether_ I
> should do the integration, but which of the two methods of integrating
> the databases will be most efficient of bandwidth and other resources.
After think
On Fri, 2009-02-13 at 15:21 -0500, Kris Deugau wrote:
> Lindsay Haisley wrote:
> > I have two servers. Currently they're both running instances of spamd
> > with separate mysql databases, however I'd like run both instances from
> > the same database on one of the
On Fri, 2009-02-13 at 12:43 -0600, McDonald, Dan wrote:
> On Fri, 2009-02-13 at 12:20 -0600, Lindsay Haisley wrote:
> > On Fri, 2009-02-13 at 17:43 +, Martin Gregorie wrote:
> > > I've heard it said that IPV6 will...
> > You can always spoof an IP address of any
il header
you can trust absolutely is the topmost Received header in an email.
This address can't be spoofed. If it were, it would have been
technically impossible to send the email.
--
Lindsay Haisley | "Everything works|Accredited
FMP Computer Services | if you l
conservative of bandwidth between the boxes?
--
Lindsay Haisley | "Everything works|Accredited
FMP Computer Services | if you let it" | by the
512-259-1190 |(The Roadie) | Austin Better
http://www.fmp.com| | Business Bureau
cores.cf on the basis of a call to
> > eval:check_from_in_whitelist() in 60_whitelist.cf.
> >
> What about whitelist_from_rcvd, or whitelist_from_spf?
>
> Do you have any whitelist commands at the site config level (ie:
> local.cf or add-on rulesets)?
--
Lindsay Haisley
_ in my AWL database which
should assign a much smaller (possibly positive) spam score, and
shouldn't evoke a hit on USER_IN_WHITELIST.
Am I missing something here, or is this a SA bug?
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services |who n
* 2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end
> * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> * [score: 0.]
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services |who needs Wi
alled. Defaults to
"/etc/mail/spamassassin".
If your local.cf is in /etc/mail/spamassassin, then apparently the
answer is yes. My undersanding is that everything in that directory
gets read.
--
Lindsay Haisley | "In an open world,| PGP p
worth mentioning that, as someone pointed out to me yesterday,
there's a mirroring service for SARE rules at
http://saupdates.openprotect.com, along with instructions on
incorporating these into sa-update, thus avoiding problems with
rules_du_jour altogether.
--
Lindsay Haisley |"Figh
On Fri, 2007-06-29 at 06:46 -0700, jdow wrote:
> You will have to wait for up to a day for the Prolexic block to go
> away.
I got blocked for checking out their anti-DDoS measures. The block went
away in about 15 minutes.
--
Lindsay Haisley |"Fighting against human | PGP
On Thu, 2007-06-28 at 18:56 -0500, Lindsay Haisley wrote:
> By running a curl hit repeatedly on the RE server I reproduced the
> problem.
By running this test a couple of times I'm apparently now blocked by
RE :-P
Oh well .
Hope the info I sent was useful.
--
Lindsay Haisley
t; I'd rather fix the actual problem and not patch around it.
Absolutely!!
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services |who needs Windows | available at
512-259-1190 | or Gates"| http://pubkeys.fmp.com
http://www.fmp.com| |
with -D and
looking at my log files produced the answer.
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services |who needs Windows | available at
512-259-1190 | or Gates"| http://pubkeys.fmp.com
http://www.fmp.com| |
asked for some suggestions on how best to do this,
so specific suggestions will be welcome.
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services |who needs Windows | available at
512-259-1190 | or Gates"| http://pubkeys.fmp.com
http://www.fmp.com| |
he same rules data as per the instructions at
http://saupdates.openprotect.com .
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services |who needs Windows | available at
512-259-1190 | or Gates"| http://pubkeys.fmp.com
http://www.fmp.com| |
On Thu, 2007-06-28 at 15:43 -0400, Theo Van Dinter wrote:
> On Thu, Jun 28, 2007 at 02:27:36PM -0500, Lindsay Haisley wrote:
> > So what's the best fix for this? Should one just freeze SA at an
> > earlier version on a production server until this is fixed upstream? Is
>
aupdates.openprotect.com/ has instructions for this, I see. I
may try this.
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services |who needs Windows | available at
512-259-1190 | or Gates"| http://pubkeys.fmp.com
http://www.fmp.com| |
ch works just fine on my installation.
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services |who needs Windows | available at
512-259-1190 | or Gates"| http://pubkeys.fmp.com
http://www.fmp.com| |
On Thu, 2007-06-28 at 15:39 -0400, Theo Van Dinter wrote:
> Why not just use sa-update and not deal with this?
sa-update and rules_du_jour deal with different rules repositories. I
use both.
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services
.06.2007 08:14, Lindsay Haisley wrote:
> >> On Wed, 2007-06-27 at 22:24 -0500, Lindsay Haisley wrote:
> >>> I just upgraded from SA 3.1.8-gr1 to SA 3.2.1-gr1 (Gentoo) and notice
> >>> that I'm no longer getting any BAYES_NN test notices in my X-Spam-Status
--lint failure in spamassassin.
--
Lindsay Haisley |"Fighting against human | PGP public key
FMP Computer Services | creativity is like | available at
512-259-1190 | trying to eradicate |<http://pubkeys.fmp.com>
http://www.fmp.com| dandelions&qu
ng in the
> >> /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand.
> >>
> >> That worked for me on CentOS 4.5
> >>
> >> The bug has been reported and a fix is due in 3.2.2 I believe.
> >
> >Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection?
> >
> Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the
> sa-update errors confused. I guess maybe I should dye my hair blonde.
>
> Apologies for any confusion I've caused.
>
> Kind regards
>
> Nigel
--
Lindsay Haisley <[EMAIL PROTECTED]>
FMP Computer Services
On Wed, 2007-06-27 at 22:24 -0500, Lindsay Haisley wrote:
> I just upgraded from SA 3.1.8-gr1 to SA 3.2.1-gr1 (Gentoo) and notice
> that I'm no longer getting any BAYES_NN test notices in my X-Spam-Status
> summary in my mail headers, or in the content analysis details in
>
since I'm well over the minimum required count of both spam
and ham. Is there something I need to do to turn this on? I have all
Bayes stuff in MySQL, and seem to remember someone else posting with a
similar problem a while back with 3.2.0.
Where should I look for the answer to this?
-
ep -il 'META HTTP-EQUIV' ${TMPDIR}/*|xargs -n1 rm -f
+
cd ${OLDDIR};
exit;
rules_du_jour will still fail, but this will clean up the mess and next
time (hopefully) it'll run properly. I'm plumb out of time to figure
this out today so I'll revisit it later and submit a bett
n1 rm
*
This won't pick up the problem file on the current run, but will clear
the way for it to be retrieved next time.
On Sun, 2007-06-17 at 19:43 -0500, Lindsay Haisley wrote:
> On Sun, 2007-06-17 at 19:24 -0400, Michael B Allen wrote:
> > Although r
On Sun, 2007-06-17 at 19:24 -0400, Michael B Allen wrote:
> Although rule_du_jour is still giving me HTML for SARE_OEM.
Delete /etc/mail/spamassassin/RulesDuJure/70_sare_oem*
(or /etc/spamassassin/RulesDuJure/70_sare_oem*) and run rules_du_jour
again.
--
Lindsay Haisley | "In
that contain half spam and
> half mumbo-jumbo of unrelated random text that should probably irritate
> bayes filters, score in fact almost always bayes_99. I can only imagine
> that the additional random text is not really random but taken from a
> fixed library that is not very big
On Sat, 2007-06-16 at 15:49 -0700, SM wrote:
> Unfortunately, nobody reads that or else we would not be seeing one
> week of messages about SARE RBJ failures.
Oh well
I guess you have to be an old-time UNIX geek to know to look in script
files for clues on how to use them.
--
L
Rules Emporium has been having some issues with a DDoS attack and made
some configuration changes pursuant to overcoming this and probably
balancing their load. Looks like they had a redirect and curl doesn't
understand a http-equiv="refresh" or else the HTML was incorrect and
curl just barfed on
at it with your favorite text editor.
--
Lindsay Haisley | "We are all broken | PGP public key
FMP Computer Services | toasters, but we | available at
512-259-1190 | still manage to make |<http://pubkeys.fmp.com>
http://www
on here is on a commercial server, and is in beta until
I can determine whether or not it's working as expected. My wife and I
are beta testers until I determine that everything is working properly,
at which point I'll turn it loose on my customers :-)
--
Lindsay Haisley | "In an o
spamc will return the email
unmodified, as it should. I've only been using SpamAssassin for a
couple of days and have seen one such instance already.
--
Lindsay Haisley | "We are all broken | PGP public key
FMP Computer Services | toasters, but we | available at
512-2
s in one
of the files in /etc/spamassassin.
The Mail::SpamAssassin::Conf is silent on this issue. Is there a way to
do this?
--
Lindsay Haisley | "In an open world,| PGP public key
FMP Computer Services |who needs Windows | available at
512-259-1190
66 matches
Mail list logo
