Maybe interesting for those that use dynablock.njabl.org (as I do at the
MTA-level).
Got an email last friday from njabl about dynablock.njabl.org, it's no
longer maintained by njabl but is now only a copy of the pbl.spamhaus.org
list. Eventually the dynablock.njabl.org zone will be emptied.
By
R Lists06 wrote:
It resolves, just remember to do this to test
dig pbl.spamhaus.org any
Or
dig pbl.spamhaus.org ns
- rh
--
Robert - Abba Communications
Computer Internet Services
(509) 624-7159 - www.abbacomm.net
Yes, stupid me didn't read the FAQ :-0
Regards
Chris Santerre wrote:
This isn't the best idea for a large ISP, but for companies I see no
problem
rejecting on RBLs when you have a trained administrator.
I agree! Not that I use spamcop as a blacklist, maybe it's better now but
I've seen them blocking mailservers from aol, hotmail and
Jim Maul wrote:
I think pretty much everyone understand WHY people use these BLs. This
is not the point. The point is, its not a very good solution.
Why I have to use RBL's at the MTA level is because many providers still
allow direct SMTP.
So all the botnets can send their garbage
Robert Fitzpatrick wrote:
I used some recipes found with the help of this list that pretty much
wiped out these images spams until this morning they are coming through
again different, of course. Is the OCR solution what I need to do? If
so, can someone point me to some info or suggest how
Bill Randle wrote:
Would you be willing to share the postfix rules you are using to block
these?
I don't think that would be wise, I'm afraid they are a bit too risky and
simple for general use..
In most of them I've put the mail on HOLD so I can still inspect for FP's,
probably not
Markus Edholm wrote:
I´m looking for some simple statistic script
using amavisd and spamassassin just to se how my own and standard
rules work
There are several simple scripts for amavisd/SA but it depends on what info
you want.
For example in the list on
Ramprasad wrote:
But still this mail is getting thru
http://ecm.netcore.co.in/tmp/imagespam.txt
I tested your mail here with the latest imageinfo.pm and it comes through
indeed. The exact same one in .gif (same text, same background) was detected
though. It was even my first and only
Matthias Keller wrote:
It seems to load fine but I get some errors every time I run a check:
warn: plugin: failed to load plugin /etc/mail/spamassassin/ImageInfo.pm:
No such file or directory
Yes, I had to comment this line in 70_imageinfo.cf:
#loadplugin
Maurice Lucas wrote:
Maybe i'm off there spamlist ;) but I think i'm just lucky for a few
hours.
I've got zero hits here sofar, very little image-spam comes in and what does
is discarded by postfix rules.
We'll see after the weekend..
Regards
Menno
--
View this message in context:
I'm having a bit of troubles to get this ImageInfo to hit anything.
For example the attached image gives no hit, maybe because it seems to be
snowing on the image or because I configured something wrong.
Could somebody check if this viewer81.gif picture triggers the imageinfo
rule?
(first time I
Bill Randle wrote:
In the last 11 hours since I installed the plugin, it's caught 837
messages.
Good for you!
I'm now at 11 hours too and in the meantime only 12 image spams came in, 11
were discarded by postfix rules, 1 new one came through and was catched by
SA but was not marked by the
jdow wrote:
Menno, if the Earthlink progressive delays strategy is adopted then
even spam relayed through ISPs becomes time expensive.
Personally I don't believe much in delaying/throttling, there are so much
zombies that it's just a matter of dispersing the load intelligently. I can
see
jdow wrote:
The direct in that case is probably the fault of the underlying cable
provider more than Earthlink. Did the spam come through the Earthlink
servers or merely from an address that claimed to be Earthlink? By the
way, there is no such address as cable.earthlink.net. The address
Kenneth Porter wrote:
What I don't understand is how making them use the ISP server stops them
from spamming any more than rate-limiting direct port 25 connections. Why
do the packets need to be reassembled in an MTA and stored and forwarded?
What does that step buy you?
I don't want
Kenneth Porter wrote:
Will ISP's do anything? Are they doing anything now for outbound spam?
They will have to otherwise they will end up in a blacklist ;-)
Most of the ISP's here are already scanning on inbound spam, not too hard to
do it for outgoing then.
The ISP I use the most reacts
John Andersen wrote:
The very trouble we are in with spam is caused by the fact that
spammers can hide behind several layers of ISPs and forwarders.
The very thing you suggest is the solution IS THE PROBLEM!.
I guess you get different spam then than I get on my mailservers..
Spam from
Loren Wilton wrote:
Forcing mail through specific gateways has plusses and minuses. It allows
for the institution of traffic cops that can block the speeders from
speeding.
The main thing for me is that it would block the bots on the infected
computers from sending out spam/viruses.
Andrzej Adam Filip wrote:
The core challange in such aproach is to standardize way of blocking
messages from DUL ranges *in SMTP session* that gives sending MTA a
chance to use fallback relay (smarthost provided by ISP).
One suggested approach was to use in greeting message 5?? reject.
Marc Perkel wrote:
Here's what I've written so far. Deadline is today. Still working on it.
http://wiki.ctyme.com/index.php/UN_Spam_Paper
I think in this part you're missing one of the main issues:
Marc Perkel wrote:
Today we have more of a consumer model where consumers run email
John D. Hardin wrote:
On Tue, 1 Aug 2006, John Rudd wrote:
Reducing volume of spam *sent* probably requires fundamental redesign
of the protocols, or some other major change in the cost/benefit
analysis.
Don't think that's needed, if ISP's only allow outgoing SMTP to the ISP's
SMTP
Kenneth Porter wrote:
Does it really have to be funneled through their SMTP servers? Would it
not
be sufficient simply to add a connection-level SYN throttle on that port
at
the routers? Perhaps someone here could propose a set of iptables rules
that would implement this. Or the
hamann.w wrote:
Well, I am customer to an access provider, and have an email address with
them,
so I quite naturally use their smarthost
Now, add in my own domain. If the domain is hosted, one would, of course,
use the hosts
SMTP server, and smtp auth
What happens if the access privider
jdow wrote:
One that made it through here had no URLs in the body, a LOT of HTML
formatting, and hit HTML_IMAGE_RATIO_06, a very low scoring rule.
The HTML formatting is excessive use of this long string for
individually formatting small chunks of text which are then covered
by the
These image spams have recognizable strings, but normally not in the header.
Just collect a few of them and compare (e.g. cat|sort the lines, you will
always find similarities (sometimes only in the Mime-part but even that can
work nicely and safe enough).
You could then make a Spamassassin rule
25 matches
Mail list logo