/dnsblusage/
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
off-list a complete
copy of the headers of this test message? I can't guarantee
anything, but I'll run it through SpamAssassin here to see if I
can work anything out.
Thanks,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services
, there could be a problem if it's picked up a v4 address
to test, when the mail actually came to you from a v6 address. I'm
no expert in SA/BOTNET here, but at a guess, maybe your list of
trusted hosts is wrong?
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX
On Thu, Jun 30, 2011 at 12:06:06PM +0100, Matthew Newton wrote:
Doesn't seem to work. It's a false positive again. And Botnet recognises
the incoming IPv6 address as some IPv4 address and reports that one.
That doesn't look right - unless your munging has really messed it
up. BOTNET seemed
Hi,
On Thu, Jun 30, 2011 at 04:07:57PM +0200, Mark Martinec wrote:
(I'm Cc'ing to Matthew in case he wants to check how it turns out
on his mailer).
Arrived over IPv6 fine here, and did not hit (patched) BOTNET.
Cheers
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect
Hi,
On Sat, Jun 11, 2011 at 02:44:19AM +0300, Jari Fredriksson wrote:
11.6.2011 0:41, Matthew Newton kirjoitti:
I've therefore hacked together the following patch to Botnet.pm
(0.8). It should fix the main issue that BOTNET does not do any
lookups for IP addresses that look like
# permutations of combined decimal octets into single decimal values
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
Publishing (spaces
added!) which is the name of their company.
I know SOUGHT is an auto-generated ruleset; just wondering if
there is there any way to remove false positives before the set is
generated? Otherwise I'll add local rules to compensate against
this one.
Thanks,
Matthew
--
Matthew
Hi,
On Fri, Apr 16, 2010 at 01:53:55PM +0200, Karsten Bräckelmann wrote:
On Fri, 2010-04-16 at 12:20 +0100, Matthew Newton wrote:
We had a legitimate e-mail hit the JM_SOUGHT_3 yesterday. It also
hit a few other rules that pushed it over our reject threshold of
10, and easily over
://www.postfix.org/BACKSCATTER_README.html#real but still getting
pounded. Here is the header from on such mail:
I don't know how easy it is in Postfix (I use exim, and it's
fairly trivial in that), but one effective solution for this is
BATV.
http://mipassoc.org/batv/
Cheers
Matthew
--
Matthew Newton
expansion.
HTH,
Matthew
--
Matthew Newton [EMAIL PROTECTED]
Network Support and UNIX Systems Administrator, Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, [EMAIL PROTECTED]
Maximum chickenpox score with this is 3.5, if over 9 rules hit.
HTH,
Matthew
--
Matthew Newton [EMAIL PROTECTED]
Network Support and UNIX Systems Administrator, Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253
real
typesetting software. ;-)
Matthew
--
Matthew Newton [EMAIL PROTECTED]
Network Support and UNIX Systems Administrator, Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, [EMAIL PROTECTED]
On Thu, May 10, 2007 at 12:27:38PM -0700, Marc Perkel wrote:
What's this use bytes thing and where do you add it and what does it do?
#! /usr/bin/perl
use Google;
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Services,
I.T. Services, University
in /etc/mail/spamassassin ... or
wherever you want to put your plugins) are:
I'll drop it on our mailers (probably with a smaller score than
the default) and let you know how many times the phone rings
before I have to tweak it or remove it ;-).
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX
anything by sending a direct SMTP message
rather than using their ISP; they were just using their webmail.
Comments?
Thanks,
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH
.
I'd be more inclined to just dump it into a mail store on the exim
box for administrator investigation if necessary.
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United
task.
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
(definitely
adjust score until you are happy: it seems OK for me but you
should start lower...)
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
On Thu, Oct 20, 2005 at 05:59:22AM -0700, jdow wrote:
From: Matthew Newton [EMAIL PROTECTED]
On Wed, Oct 19, 2005 at 08:57:44PM +0200, Jon Kvebaek wrote:
Hi,
we are currently receiving a lot of mail like the one listed beneath. No
rules seem to hit it at all, and it gets a low negative
:\/\/..\.geocities\.com\/[A-Za-z0-9_]{2,40}\/\?[\w=\.]{3}/
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
On Wed, Oct 05, 2005 at 06:28:48AM +0100, John Hodson wrote:
I have solved this problem with the help of suggestions from Rick
Macdougall, Matthew Newton, and Bob Menchal. Thanks chaps!
Excellent!
suggestions were using spamassassin -D to debug, corrupt Rule in .cf file,
and corrupt bayes
thing, together with the fact that
Word is trying to use XML stuff which doesn't stick to the standard HTML
tags. It's strange that there are tags around single letters, generally
l, but if Word's HTML generator is creating that then I'm not
particularly surprised.
Matthew
--
Matthew Newton [EMAIL
isn't good to use (as people
have said before), and that if you do use them they will come back to
get you later!
Removed the rules and all is happy again. I can finally rest for the
weekend! Yup, I've learnt my lesson now ;-).
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems
On Fri, Jul 08, 2005 at 09:33:50AM -0700, Justin Mason wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Let me guess -- these were full rules, too?
yep, * really isn't a good thing to use. ;)
Yes...!
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator
a file lookup as the condition,
of course.
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
not all bounces include info about the original message, but
this might help cut down some of them, maybe?
Any comments?
Thanks
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1
and distinctly, and to repeat
words and phrases. However, don't underestimate your baby's grasp of what you
are saying. Well before they can respond with words, babies and toddlers can
understand a lot of what is said.
Have a good day.
- End forwarded message -
--
Matthew Newton [EMAIL
is corrupt, just that we have a very wide range of different
types of e-mail coming in here.
Thanks
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
writing my own. I'm no expert, but basic
rule-writing isn't that hard if you can write regular expressions.
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
On Thu, Apr 07, 2005 at 11:00:52AM +0100, Ron McKeating wrote:
On Thu, 2005-04-07 at 10:53 +0100, Matthew Newton wrote:
Ron,
On Thu, Apr 07, 2005 at 10:23:24AM +0100, Ron McKeating wrote:
Thanks to all of you who replied about the job offer spams. Could
anybody point at the best site
UOLCC_ZETA_TRADE
UOLCC_ZETA_TRADE
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
***
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
probability is 40 to 60%
[score: 0.5000]
0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
If there isn't a standard rule out there then I'll put one together
for it.
Thanks!
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section
:/ is not picked up
http://blocked-domain.com:80/ is picked up
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
BODY: HTML tag for a big font size
0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76
+chars
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network
On Fri, Mar 04, 2005 at 11:57:37AM -0500, Daryl C. W. O'Shea wrote:
Matt Kettler wrote:
At 10:23 AM 3/4/2005, Matthew Newton wrote:
Just had a spam arrive that was given a -3.3 score for ALL_TRUSTED.
Funny thing is that my local.cf contains the following:
# we trust our local network
(getting increasingly confused about the whole issue!)
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
On Fri, Mar 04, 2005 at 12:23:10PM -0500, Daryl C. W. O'Shea wrote:
Matthew Newton wrote:
OK, thanks. I still have problems exactly understanding the difference
between trusted_networks and internal_networks is, though. My
understanding is that trusted_networks is our entire ip address range
by
this on Solaris 9.
Sent an e-mail with a suggested fix to the module creator a couple of
months ago, but heard nothing back.
--
Matthew Newton [EMAIL PROTECTED]
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United
on this.
I would guess that something like the output of sa-learn --dump all
from each server could be merged, and then uploaded with sa-learn
--restore?
Thanks
--
Matthew Newton [EMAIL PROTECTED]
UNIX Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester
, --restore will not read the --dump all format.
OK, thanks. It was just a guess!
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
Hi
On Mon, Dec 13, 2004 at 04:43:28PM -0800, jdow wrote:
I've seen another variant about by Matthew Newton that makes a bunch of
rules for both subject and body separately. I generally don't do this as
the body rules will match the subject line, so there's really no need,
other than
On Thu, Dec 09, 2004 at 10:32:22AM +, Matthew Newton wrote:
On Wed, Dec 08, 2004 at 04:51:27PM -0800, Justin Mason wrote:
try turning off AWL -- if the usage goes down, it's either
a massive AWL file or a bug in DB_File on solaris...
Thanks, I've now tried that. Unfortunately, memory
On Wed, Dec 08, 2004 at 02:22:07PM +0100, Alex Broens wrote:
Matthew Newton wrote:
I've recently installed SA 3.0.1, and found some junk was
getting through with scores too low for my liking, especially before the
URLs made it into SURBL. I've put together a few rules to match some
it swapping?
The machines each process around 8 mails/day and we have something
like 25000 users.
Thanks for any help/advice you can give.
Matthew
--
Matthew Newton [EMAIL PROTECTED]
UNIX Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester
it uses, if that's useful. The machines are configured to
give them around 5Gb memory including swap, but I couldn't do this on
all machines because of the perfomance hit of using swap.
Thanks!
--
Matthew Newton [EMAIL PROTECTED]
UNIX Systems Administrator, Network Support Section,
Computer
begin with caps letter
score UOLCC_CAPWORD_TEST 0.1
Hope these are of use to someone. If anyone can show me that they are
likely to pick up false positives, I'd be most grateful.
Thanks,
--
Matthew Newton [EMAIL PROTECTED]
UNIX Systems Administrator, Network Support Section,
Computer Centre
49 matches
Mail list logo