at once?
Look for the "Krankenkassa" ruleset, this has been very active these
last weeks. All the time modifications from them, I get reports and
modify the rules accordingly.
And not to forget: Long sentences mean chance for a false positive drops
--
mit freundlichen Grüssen,
orce would be relayed through our servers, not theirs), but it
would raise our cost by 65%.
so, who really cares about netsuite.com them selves.. they are just a
CRM. send complaints to abuse@ and see what happens.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Net
. returning FP on HIGH won't
ever get google's attention, will it? and you still get the bandwidth
and cpu cycles from the largest abusers.
Regards,
KAM
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solution
spam blocking.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integra
sentence, and it prooves very efficient. Stuff like the
__ZMIde_JOBEARN1-28 rules move false positives to 0, and I'm constantly
adding stuff.
I've now tried to remove all old cruft, that means single-line rules.
Rulesize went from 350KB to 296KB, that should save some RAM and CPU.
--
already been
included
netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been
included*
it means that the ipv6 localhost address has already been included.
Ignore this, these are not the droids you are looking for.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SEC
On 12/9/11 7:58 AM, Ram wrote:
If I want to mark *all* invite mails as spam
linkedin, WAYN , facebook , google+ or anything else.
Is there a global way of doing this
copy the rule that marks all phishing emails as spam, and change
'phishing' to 'invites'
--
Mich
21120] dbg: metadata: X-Spam-Relays-External:
Did I do something wrong? I can't see how 203.125.59.147 or 70.34.196.21 should
be trusted or internal IPs?
--
mit freundlichen Grüssen,
Michael Monnerie, Ing. BSc
it-management Internet Services: Protéger
http://proteger.at [gesprochen: Prot-e-
On 12/1/11 10:06 AM, Benny Pedersen wrote:
does not make sense so
hire a unix programmer to help you understand.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevent
On Wed, 30 Nov 2011 08:23:59 -0500, Michael Scheidell wrote:
sed -i '' -e '/INSERT INTO bayes_seen/s/INTO/IGNORE INTO/' MySQL.pm
(hey SA folks.. any reason not to just put that into 3.4.0? won't
hurt anything, will it?)
or simply just
ALTER TABLE `bayes_seen` E
folks.. any reason not to just put that into 3.4.0? won't hurt
anything, will it?)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Fin
just email.
SA will most likely score as spam that joke your brother in law sent.
is that SPAM?
it is sure bulk, and has lots of 'cruft' in it, by the time he has
gotten it forwarded to him by 20 people.
did you want it? no.
is it COMMERCIAL? no.
is it SPAM?
heck yes, I didn'
ack!
>
Everywhere you say "SpamAssassin" you should probably be saying "Apache
SpamAssassin."
Michael
PS Kevin, this also applies to the listing on the Google Code-In site, is that
something that can be fixed?
Freebsd SA port.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certifie
On 11/24/11 3:30 PM, Martin Hepworth wrote
Rfc 5321 says I can discard if I have high confidence it's rubbish !
--
Martin
I wonder what the rfc's say about helo line not matching dns:
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
--
Michael Scheidell,
again, sounds like amavisd-new penpals.
what about if your message was stored in a folder of your
correspondent, his machine is infected by a virus, and this virus
sends fake replies using your message id ? I've seen cases like that
in the past.
you can't whitelist a virus in
addresses that you
haven't replied to for, say, a month but that is about all you can
delete.
sounds like amavisd-new 'penpals'.
(sliding credit score starting at -100, counting down to 0 for your time
period..).
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>
On 11/02/2011 01:26 PM, Michael Cronenworth wrote:
Running sa-update manually as root does not produce any error message.
The update completes successfully. I will file a bug with Fedora,
however, the last Fedora update was over a month ago.
If anyone is curious the problem seems to be
Karsten Bräckelmann wrote:
Manually running 'sa-update -D', and dig through the verbose debug
output for some relevant information.
Running sa-update manually as root does not produce any error message.
The update completes successfully. I will file a bug with Fedora,
however, the last Fedora
1 05:35:21: SpamAssassin: Update available, but download or extract
failed
Is there any thing I can look at to see what's causing this GPG check to
fail?
Thanks,
Michael
7;t use it until now,
and get german spam, download it from
http://sa.zmi.at/rulesets/70_zmi_german.cf
I'm seeking for people helping to cleanup and improve the filters.
Please contact me at spam-ger...@zmi.at
--
mit freundlichen Grüssen,
Michael Monnerie, Ing. BSc
it-management In
mples of hack's, you
must prevent google from indexing those pages.
you might need to have the reader sign up, log in to view them. if
google sees them, they will blacklist you.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best
On 10/11/11 1:47 PM, John Hardin wrote:
Yahoo is in RCVD_IN_DNSWL_HI ?!?! YGBFKM!
there goes the neighborhood.
I am removing RCVD_IN_DNSWL_HI checks on our servers right now.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mob
And I have my own IP reputation project that could use your data:
http://www.chaosreigns.com/iprep/
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot
cal.cf and
restart spamd/
tflags RCVD_IN_DNSWL_HI nice net noautolearn
tflags RCVD_IN_DNSWL_HI net nice noautolearn
tflags RCVD_IN_DNSWL_MED net nice noautolearn
tflags RCVD_IN_DNSWL_LOW net nice noautolearn
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security C
d in, all they needed, to keep me from complaining, was a
link like twitter had: 'report this as abuse', AND, 'I never want to
hear from linked in about anything, ever again', and for US CAN-SPAM
compliance, the full, physical address of the spammer.
--
Michael Scheidell, CT
fwds (incorrectly), OR, dns
doesn't answer in time, you lose email.
best to write a metarule. put your def_ whitelist from (7 points), and
set up some metarules.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile
26 23:32 1162027.tar.gz <-- 3.3.2
-rw-r--r-- 1 rsync rsync 236957 Aug 25 23:23 1161446.tar.gz
-rw-r--r-- 1 rsync rsync 236980 Aug 24 23:22 1161015.tar.gz
-rw-r--r-- 1 rsync rsync 236920 Aug 23 23:18 1160585.tar.gz
-rwxr--r-- 1 rsync rsync 237167 Aug 22 23:17 1160145.tar.gz
--
Michael Scheid
Met vriendelijke groet,
[Beschrijving:
C:\Users\admin_mlonde01\AppData\Roaming\Microsoft\Handtekeningen\akn.gif]
Michael van Londen
informatie & media technologie
netwerkbeheerder
T:
+31356714900 (Extern)/1234 Optie 2 (Intern)
F:
+31356714538
E:
michael.vanlon...@akn.nl
W:
mavisd-new.
if that didn't help by adding more status lines, then ask in amavisd-new
group.
again, this is most likely an amavisd.conf issue, so start your question
in the amavisd-new users group. don't assume they read spamassassin group.
some do, some don't.
--
Mich
char sets that
you expect?
block spanish charset in MTA?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best
.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integra
looking like a legit forum.
I don't see anything in our larger installations, guess you just must
be blessed :-)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prev
d wish to have a
fix - could you do that please? Is there something I can do to fix it?
--
mit freundlichen Grüssen,
Michael Monnerie, Ing. BSc
it-management Internet Services: Protéger
http://proteger.at [gesprochen: Prot-e-schee]
Tel: +43 660 / 415 6531
// Haus zu verkaufen: http://zmi.at/lan
les. sares rules? depricated, private rules? take
them out for now.
perl versions? update modules?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
this already?
I think postfix has some policy services to do this.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Em
be.
same with RFC compliance. (which I think still says that you should
send an NDR if you can't deliver the spam :-)
getting OT here, just ranting this am.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutio
; with the rest
of the world.
(ok, I don't care if it plays nice with aol/hotmail/etc, you get free
email? you get what you pay for).
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best In
area, but 10 years and counting, its never made it into the
official build.
causes a lot of anger, back and forth when this patch is discussed.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
ate as well.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SN
On 8/26/11 4:59 PM, Michael Scheidell wrote:
found a bug in sa-update
bigger bug.. bug is in ../Util.pm.
it will TRY to create a tmpfile on a nonexistant or read only dir,
and anything that trys to use that dir will fail and not know why.
patch to fix included.
--
Michael Scheidell
uot;generic: update tmp directory $UPDTmp");
}
elsif (!clean_update_dir($UPDTmp)) {
die "channel: attempt to clean update dir failed, aborting";
}
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Soluti
now. either delete MIRRORED.BY or run sa-update --refreshmirrors
now.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
ml part has correct to that any modern mail
reader can read it.
oh, ps, ms outlook CAN allow you to bottom post.
you just have to move the mouse down below before you post.
(or so I have been told)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corpo
be patient.. it takes a little time to set up, test, QA and make sure
any new mirror is up and running before adding it to the rotation.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Be
Walter Hurry wrote:
I don't think so. Fedora does not create a cron job for sa-update.
Perhaps OP would be well advised to inspect the script run by cron. My
guess is that it is something made locally.
The cron job:
10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a
/var/log/
Karsten Bräckelmann wrote:
Like a successful update from the second mirror, or any
other non-stock channel?
I'm thinking this is the case (second mirror) but the log file does not
clearly state that the bad mirror is ignored and it continues with a
good mirror for an update file.
To my eyes
On 8/24/11 10:46 AM, Michael Cronenworth wrote:
http://www.sa-update.pccc.com/ weight=5
question is... why didn't it pull from pccc.com?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
Michael Scheidell wrote:
sa-update doesn't pull a new one automatically?
Nope!
$ cat /var/lib/spamassassin/3.003002/updates_spamassassin_org/MIRRORED.BY
# test mirror: zone, cached via Coral
#http://buildbot.spamassassin.org.nyud.net:8090/updatestage/
http://daryl.dostech.ca/sa-updat
On 8/24/11 10:37 AM, Michael Cronenworth wrote:
Michael Scheidell wrote:
if you are trying to update this by hand, you are on your own.
just use sa-update (-D to watch)
it will delete MIRRORED.BY for you, pull a new one, and use it.
I *am* using sa-update. sa-update is continuously failing
Michael Scheidell wrote:
if you are trying to update this by hand, you are on your own.
just use sa-update (-D to watch)
it will delete MIRRORED.BY for you, pull a new one, and use it.
I *am* using sa-update. sa-update is continuously failing.
Fedora 14 box. I'm using the default cro
On 8/24/11 10:27 AM, Michael Cronenworth wrote:
Benny Pedersen wrote:
remove self the mirrored.by file
Where is this file? I cannot find it.
I'm using SpamAssassin 3.3.2.
if you are trying to update this by hand, you are on your own.
just use sa-update (-D to watch)
it will d
On 8/24/11 10:26 AM, Michael Cronenworth wrote:
Michael Scheidell wrote:
pccm mirror is back up again.
Huh?
$ wget daryl.dostech.ca
--2011-08-24 09:25:17-- http://daryl.dostech.ca/
Resolving daryl.dostech.ca... 71.164.246.108
Connecting to daryl.dostech.ca|71.164.246.108|:80...
(hangs
Benny Pedersen wrote:
remove self the mirrored.by file
Where is this file? I cannot find it.
I'm using SpamAssassin 3.3.2.
Michael Scheidell wrote:
pccm mirror is back up again.
Huh?
$ wget daryl.dostech.ca
--2011-08-24 09:25:17-- http://daryl.dostech.ca/
Resolving daryl.dostech.ca... 71.164.246.108
Connecting to daryl.dostech.ca|71.164.246.108|:80...
(hangs forever)
On 8/24/11 10:02 AM, Michael Cronenworth wrote:
Hello,
For the past few days, my SpamAssassin instance has been trying to get
its updates from one mirror and the mirror is down.
Can someone contact the admin of the mirror or remove it from the
mirror list?
Mirror: daryl.dostech.ca
pccm
Hello,
For the past few days, my SpamAssassin instance has been trying to get
its updates from one mirror and the mirror is down.
Can someone contact the admin of the mirror or remove it from the mirror
list?
Mirror: daryl.dostech.ca
Thanks,
Michael
On 8/23/11 11:50 AM, dar...@chaosreigns.com wrote:
On 08/23, Michael Scheidell wrote:
since at least 3am
http: GET http://daryl.dostech.ca/sa-update/asf/1160145.tar.gz
request failed, retrying: 500 Can't connect to daryl.dostech.ca:80
(connect: timeout): 500 Can't connect to daryl.
since at least 3am
http: GET http://daryl.dostech.ca/sa-update/asf/1160145.tar.gz request
failed, retrying: 500 Can't connect to daryl.dostech.ca:80 (connect:
timeout): 500 Can't connect to daryl.dostech.ca:80 (connect: timeout)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 56
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Cor
;s smtp servers should be entered into a DNSBL or two for spamming.
looks like they have to use 68.71.38.2 because
68.71.38.3 is in spamhaus's database:
<http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a68.71.38.3>
SPAMHAUS: YOU NEED TO DISTANCE YOURSELF FROM SPAMMERS AND NET
On 8/20/11 9:38 AM, Benny Pedersen wrote:
you still did not post the envelope sender :(
one clue rule.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Prod
he spf dns records wrong.
host -t txt mxtools.com
mxtools.com descriptive text "v=spf1 ip4:68.71.38.3 ip4:209.44.121.50 mx ~all"
so, what are you suggesting, someone HACKED into mxtools and is sending spam?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Netwo
eople and someone will give them money,
someone who doesn't read their contract too closely.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Com
ng rate limited.
R's,
John
don't run a dns server on that host. so, don't know what they think
they are looking at.
and its spam, UCE (they want me to buy something), has NO remove
instructions, and they harvested whois records.
anti-spam companies spamming.. really great.
--
On 8/19/11 9:27 PM, Michael Scheidell wrote:
Bullshit 3.
There isn't even a dns server on this host.
noop, no dns server here on this ip.
sockstat -4p53
USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
mx1# ps -ax | grep named
37956 p0 S+J0:00.00 grep
On 8/19/11 9:27 PM, Michael Scheidell wrote:
Bullshit 3.
There isn't even a dns server on this host.
and, checking to see if this is a joe job: considering spf failed:
they can't even get THEIR DNS right, and they think I have my DNS set wrong?
lusers.
Received: from smtp.m
Bullshit 3.
There isn't even a dns server on this host.
--
Michael Scheidell, CTO
SECNAP Network Security
-Original message-
From: MXTools Spamhaus Team
To: Michael Scheidell
Sent: Sat, Aug 20, 2011 01:20:11 GMT+00:00
Subject: Caution - access to Spamhaus data-feed may be impro
Bullshit. There is no ipaddress with a rdns below.
Bullshit 2. We arnt querying spamhaus servers.
Isnt this jyst a spam scam ?
Show me packet traces.
--
Michael Scheidell, CTO
SECNAP Network Security
-Original message-
From: MXTools Spamhaus Team
To: Michael Scheidell
Sent: Sat
uple days ago.
not fixed yet.
re2c: error: line 154, column 2: unterminated string constant (missing ")
command failed: exit 1
mx1#
I'm going to remove sought for now.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best
EDT) and was able to stop it from
updating systems in more eastern timezones, so I do have systems with
sought rules that work.
see this diff:
<http://pastebin.com/57fU6X4D>
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Be
On 8/15/11 10:15 AM, Michael Scheidell wrote:
On 8/15/11 10:13 AM, Michael Scheidell wrote:
On 8/15/11 10:07 AM, Daniel McDonald wrote:
mine too. running sa-update again(just now) picks up a new build.
interesting, spamassassin --lint didn't pick anything up.
also note, 'scanne
On 8/15/11 10:13 AM, Michael Scheidell wrote:
On 8/15/11 10:07 AM, Daniel McDonald wrote:
mine too. running sa-update again(just now) picks up a new build.
interesting, spamassassin --lint didn't pick anything up.
also note, 'scanner2.c' is a blank file, 0 bytes\
didn'
build.
interesting, spamassassin --lint didn't pick anything up.
also note, 'scanner2.c' is a blank file, 0 bytes
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prev
ven if you didn't know it. If you get a
spamhaus notice, and arn't pulling spamhaus rbls from their DNS, look at
your sonicwall.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrus
me to join. (join what? linked in? a 501C3 non profit charitable
organization? ).. no, a commercial organization.
no, return path should de-certify linked in until they have a button
like the others have' click here to report abuse' /and/or click here to
never get invitations aga
On 8/11/11 9:53 PM, Benny Pedersen wrote:
why do you self post spam here ?
<http://tools.ietf.org/html/rfc3676>
<http://www.hanselman.com/blog/EmailSignatureEtiquetteTooMuchFlair.aspx>
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corpora
laws)
oh, I forget, your spam is not 'commercial' its transactional (according
to return path who certifies that linked in doesn't spam)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
cat...@returnpath.net
it is NOT on their web site:
google site:returnpath.net report+spam
(something about hitting the 'report spam' button) which linked in does
NOT have in their spam.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corpo
ls are consulted. all could be avoided if ms actually
followed RFC's
<http://technet.microsoft.com/en-us/magazine/gg314976.aspx>
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best I
-0400 (EDT)
received:from MBX1.client.local ([169.254.1.69]) by MBX2.client.local
([169.254.2.63]) with mapi id 14.01.0289.001; Wed, 10 Aug 2011 09:57:51
-0400
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
submit the phishing url...) its not listed either.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Securit
On 8/8/11 6:30 AM, Tom Kinghorn wrote:
On 08/08/2011 12:23, Michael Scheidell wrote:
On 8/8/11 4:16 AM, Tom Kinghorn wrote:
Well spotted.
I missed that.
it was 4am :-)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mob
test message with 2 jpeg images.
it is NOT a blank test message, it includes a 'blank sig' which seems to
want information in your lines 57-62.
to a computer, it looks like you intentionally left this information
blank so the recipient can 'fill the form'.
--
Michael Schei
On 7/29/11 12:41 PM, David F. Skoll wrote:
On Fri, 29 Jul 2011 12:31:01 -0400
Michael Scheidell wrote:
ok, but are you using cdb or postgresql for bayes?
cdb for the Bayes data; PostgreSQL for the journal table.
Regards,
David.
you need custom code to sync bayes? do expires? or just
On 7/29/11 12:20 PM, David F. Skoll wrote:
This INSERT-only
operation cannot block under PostgreSQL MVCC.
ok, but are you using cdb or postgresql for bayes?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Soluti
te to think we go from 1 s/email processing time
to 60 seconds or something while journal is locked.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot
On 7/29/11 11:33 AM, David F. Skoll wrote:
Has anyone investigated writing a CDB backend for SpamAssassin's Bayes
implementation? I'm guessing the need to rewrite the DB each time makes
it a bit complex.
esp for people with 2gb db's?
--
Michael Scheidell, CTO
o: 561-999-
anner.info/doku.php?id=documentation:anti_spam:spamassassin:bayes:sdbm&rev=1269508492
guide , but it describes solution for mailscanner...
but, this is interesting.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Sol
tpout.zixmail.net (smtpout.zixmail.net [63.71.8.106]) (using
TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate
requested) by spammertrap
sample headers offline for the truly self indulgent.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Securit
nyway?
Fired? well, no, but, maybe someone will tell them to stop violating
federal law or dell could be fined.
somewhere, somehow, people should be held accountable for using common
sense.
if they don't BLACKLIST THEM!!!
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>
ters. they really don't like compliants and ip's being
blacklisted by ip reputation lists like spamcop, dcc, spamhaus, etc.
(of course the non legit ones just get a new ipv6 address every 15 mins :-)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Net
hat mean they won't spam me anymore?
And, maybe its not a 'real spam' since this is 'transactional' and not
'sales' related, so it doesn't count, right?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporat
On 7/22/11 12:49 PM, Michael Scheidell wrote:
On 7/22/11 12:08 PM, Michael Scheidell wrote:
On 7/22/11 12:04 PM, Bret Miller wrote:
Well, I don't actually subscribe to any active techtarget lists, but
I do still get marketing garbage from them. Got one on the 19th that
looked fine
es a deficiency with
storage other than the filesystem itself. As I stated before, never
have I seen an issue using MySQL as a backend.
one clue rule
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product
uto_expire' left at its
default being turned on using a per-user configuration.
google for
bayes_auto_expire 0
you will see everyone telling you to turn it off.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutio
On 7/25/11 10:41 AM, Jason Ede wrote:
The force expire is run in middle of the night, but the bayes_auto_expire 0
isn't set. How often does bayes try and do this if this is 1?
just in the middle of when you don't want it to. eg: sorta random
--
Michael Scheidell, CTO
o: 561-999-5
bayes_expiry_max_db_size 100
missing this:
bayes_auto_expire 0
and only run the 'sa-learn –force-expire' late at night, when no one is
doing anything.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2
On 7/22/11 12:08 PM, Michael Scheidell wrote:
On 7/22/11 12:04 PM, Bret Miller wrote:
Well, I don't actually subscribe to any active techtarget lists, but
I do still get marketing garbage from them. Got one on the 19th that
looked fine here.
packet captures SEEMS to indicate its them:
l see if they sent it wrong.
best I can tell:
6/15/ 1605 edt good
6/15/ 1900 edt no good.
I am also running some checks for files that changed in that 3 hour
period. maybe updated something that broke (some) dkim signed emails.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948
301 - 400 of 2444 matches
Mail list logo