t under 'support' after searching for 10 mins.
you send email to certificat...@returnpath.net
<mailto:certificat...@returnpath.net>. to report abuse. not 'abuse@'
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security
2000 user box, got hits. (just using
_sender)
looked up the sender's name and found 27 spams sent today that SA had to
deal with (no more!)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrat
0.1.2
25_uribl.cf:urirhssub URIBL_DBL_ERROR dbl.spamhaus.org. A
127.0.1.255
something like this?
header DNS_FROM_DBL
eval:check_rbl_envfrom('dbl','dbl.spamhaus.org.','127.0.1.2')
tflags DNS_FROM_DBL net domains_only
score DNS_FROM_DBL 2.0
--
Micha
clear bayes and reimport.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
*
On 1/19/11 7:56 AM, Helmut Schneider wrote:
Michael Scheidell wrote:
On 1/19/11 6:04 AM, Helmut Schneider wrote:
bayes_auto_expire 1
disable auto expire and run a cronjob.
OK...but..why? :)
to fix your problem.
plus auto expire can seriously degrade the performance
On 1/19/11 6:04 AM, Helmut Schneider wrote:
bayes_auto_expire 1
disable auto expire and run a cronjob.
make sure you run the cronjob for each user in bayes.
mysql mail -AssBbe 'select username from bayes_vars'
--
Michael Scheidell, CTO
o: 561-999-5000
d: 56
aders.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010:
On 1/5/11 4:52 PM, Michael Monnerie wrote:
server88-208-245-26.live-
servers.net
botnet is NOT an stock SA rule
plus, look at the silly DYNAMIC RULE LOOKING rdns.
fix rdns.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporat
Dear list,
I received this info from a customer, whose order confirmation from the
londontheatredirect.com got marked as spam because of BOTNET* rules. Are
those rules too old, or is that server in a botnet? How to find out?
Or which rules scores should I tune to optimize?
-- Forwarde
your local ip addresses in internal_networks.
you will avoid unnecessary rbl lookups, spf failures and it should set a
ALL_TRUSTED flag also.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
Funny thing, and I think John Levine remembers 1994:
OH MY GOD, THE INTERNET WENT COMMERCIAL, with all these new computers,
its the end of the internet.
and the oft quoted:
"Breaking Story: Death of the Internet, gif at 11"
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-94
nd that SA does NOT block spam. it only 'MARKS it'. if
your users are getting spam with '***SPAM***' in the subject line, then
SA is working.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified
On 1/3/11 10:49 AM, Ned Slider wrote:
On 03/01/11 15:41, Michael Scheidell wrote:
some FN's (hint: verizon's new 4g network has
a new /10 block that isn't in spamhaus.org pbl yet.)
Please share so we can consider adding it locally.
a spot check of rdns shows 'ddd.sub-c
compromised accounts.
If they didn't, then it will cause FP's if used at mta level.
We are evaluating spamhaus.org commercial feed right now, and have a
never gotten a FP so far. some FN's (hint: verizon's new 4g network has
a new /10 block that isn't in spamhaus.org pbl yet.)
harvest web sites for
email addresses, so, changing it would be good.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-S
derator of this list and was trying to help you.
you will get exactly what you paid for when you installed spamassassin.
or, are you new to opensource software and support?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
setting => 'force_ipv4',
+default => 0,
+type => $CONF_TYPE_STRING,
+code => sub {
+ my ($self, $key, $value, $line) = @_;
+ if ($value =~ /^(?:yes|1)$/) {
+$self->{force_ipv4} = 'yes';
+ }
+ elsif ($value =~ /^(?:no|0)$/) {
+
. you
should vpn to your office, use your isp's ip's or use exchange, or
submit (again, to your office)
Thanks spamhaus for helping keep us safe! All the more reason to use
xbl,pbl and zen.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *S
On 12/17/10 11:04 PM, Ted Mittelstaedt wrote:
It's shit-for-brains young girl administrative assistants at companies
who are our customers who apparently have too much time on their hands.
Don't hold back,.. how do you REALLY feel about outlook stationary?
--
Michael Scheidell,
cisco), it
will blacklist aol and yahoo addresses on occasion. so, DON'T use it in
prequeue.
Apologies.
C
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Awar
y servers so this point may be moot.
Can anyone add insight as to how this is happening?
http://pastebin.com/WYYLpEJh
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award
On 12/8/10 6:52 PM, Marc Perkel wrote:
punish the spammers.
and, punish any senders who follow the RFC's.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Awar
On 12/8/10 2:46 PM, John Hardin wrote:
On Wed, 8 Dec 2010, Toni Mueller wrote:
I tried the high MX for some time, but in my experience, spammers
usually only hit the first two MXes.
I wonder what Marc Perkel's experience in this regard is...
You just had to stir up the ants.
--
Mi
-Original Message-
From: Michael Scheidell
Sent: Saturday, November 06, 2010 2:59 PM
To: users@spamassassin.apache.org
Subject: Re: Spamhaus Whitelist
found out that below is a violation of the specs, and is NOT recommended
to be used.
I would assume that the specs detail tighter
On 12/6/10 3:45 PM, Michael Scheidell wrote:
can we use the askdns.pm for SA 3.3 or do we have some missing
dependencies?
(I noticed some rules in latest couple of saupdates:
I guess I answered my own question:
Dec 6 16:20:21.941 [44960] warn: plugin: eval failed: Can't call m
cognized
response from Spamhaus DWL
50_scores.cf:score DKIMDOMAIN_IN_DWL 0 -3.5 0 -3.5
50_scores.cf:score DKIMDOMAIN_IN_DWL_UNKNOWN 0 -0.01 0 -0.01
looks like it combines an rbl check with a check for a valid dkim signature.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1
On 12/1/10 10:37 PM, Karsten Bräckelmann wrote:
On Wed, 2010-12-01 at 20:38 -0500, Michael Scheidell wrote:
On 12/1/10 7:02 PM, Karsten Bräckelmann wrote:
Personally, I have *never* received a legit C/R. Every single one that
ended up on my machines have been in response to spam sent with a
poster.
Guess what? I got a CR.
Guess what? luser got blacklisted.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-S
does
someone send you mail if they're not on your contact list? I don't
have any magic answers how to solve that beyond what's already out
there as in return messages with captchas in them or things like Blue
Bottle seem to be quite effective.
Michael Grant
rd those individual users worked to open up that
malware that infected their workstations a while back.
Is it a constant battle of wits between the spammers, hackers, phishers?
yes. But the technology has matured enough in the last couple of years
that its a win able battle.
--
Michael Schei
olite.
ps, I have a new email spec, and if anyone wants to send me email they
have to adhere to this new spec.
ITS CALLED THE CURRENT RFC'S.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrato
ught this battle since 1994. I
have personally fought this battle since 1994.
How much email do you think you will get if you follow ALL the RFC's?
Oh, lets start a NEW spec that no one will follow. Considering how easy
it is to force senders to follow the current specs.
--
Michael Sch
evant headers from 4 example messages where
i would say the date header is in the past of any recieved headers.
Regards
Michael Menge
---
Received: from mailserv08.uni-tuebingen.de ([unix socket])
by mailserv08 (Cyrus v2.3.16) with LMTPA;
Thu, 11 Nov 20
happened again. 1 out of 100, EXACTLY THE SAME SYSTEMS, DOWN TO MD5
CHECKSUMS ON BINARIES, need to remove INET6 perl module.
On 11/5/10 4:44 PM, Michael Scheidell wrote:
On 11/5/10 4:08 PM, Michael Scheidell wrote:
On 11/5/10 4:00 PM, Mark Martinec wrote:
It certainly looks like a DNS
complain of course, if you miss one spam, and complain, of
course if you block one legit email.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executi
for the domain, but that clearly fails
here.
SPF is on ENVELOPE address, not header address.
Microsoft's patented 'sender id' (which they don't use) can use either.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corpor
first time, was one of my facebook_forgery rules
looked for spf_pass (didn' t whitelist it!) but didn't add the 5 points
I assigned for forged facebook, twitter,etc.)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
ttp://secnap.pastebin.com/zTmkSc6J>
ps, scored a 3.5 here. by now, hopefully, it scores higher with
razor/dcc/spamcop, urlbl, etc.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Ho
elay
there was/is a 'DOB' blacklist (day old bread). but I think the dns
servers may be overloaded. some people are complaining about timeouts.
Thanks for any help
Cheers,
Liam
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Co
LO_FAIL 0
score SPF_HELO_NEUTRAL 0
score SPF_HELO_SOFTFAIL 0
score SPF_NEUTRAL 0
score SPF_SOFTFAIL 0
score FROM_MISSP_SPF_FAIL 0
score TO_EQ_FM_DOM_SPF_FAIL 0
score TO_EQ_FM_SPF_FAIL 0
David.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Se
s seems to indicate that you are just as likely to receive a
SPAM from a VALID SPF_PASS as well as a SOFTFAIL.
So, SPF works, if EVERYONE FOLLOWS THE RFC'S AND BEST PRACTICES. Where
it fails is when the sender or receiver doesn't follow the RFC's.
--
Michael Scheidell, CTO
o
, i386/amdf64?
6) did you check to make sure you have the latestest SA and re2c?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* F
On 11/11/10 5:13 PM, Noel Butler wrote:
*and* as an SPF record type, the TXT method is deprecated,
but then again, SA doesn't support SPF record type, only TXT type..
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Cor
host -t a quarantine.spamchek.net
quarantine.spamchek.net is an alias for thorium.enidan.ch.
thorium.enidan.ch has address 212.25.14.40
# host -t a thorium.enidan.ch
thorium.enidan.ch has address 212.25.14.40
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Net
net nice
scoreSPAMHAUS_SWL -2.5
urirhsbl SPAMHAUS_DWL _vouch.dwl.spamhaus.org. A
body SPAMHAUS_DWL eval:check_uridnsbl('SPAMHAUS_DWL')
describe SPAMHAUS_DWL Domain is whitelisted by Spamhaus
tflags SPAMHAUS_DWL net nice
scoreSPAMHAUS_DWL -2.5
Set the scores to your own liki
On 11/5/10 4:44 PM, Jason Haar wrote:
On 11/06/2010 08:39 AM, Michael Scheidell wrote:
debug seems to indicate a DNS problem, but, all 'manual' dns tests
come back immediately (fine)
running a caching dns server, perl 5.10.1, SA 3.3.1. Net::DNS version:
0.66
NOT using ipv6.
your de
On 11/5/10 4:08 PM, Michael Scheidell wrote:
On 11/5/10 4:00 PM, Mark Martinec wrote:
It certainly looks like a DNS resolver problem. What is your
/etc/resolv.conf?
The Net::DNS only uses the first nameserver from that file.
To turn on debugging in Net::DNS (assuming bourne-like shell
uses the first nameserver from that file.
To turn on debugging in Net::DNS (assuming bourne-like shell):
$ RES_OPTIONS="debug" spamassassin -D -t
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNO
; expiry
1D ); minimum
;; rcode = 3, ancount=0
Nov 5 16:04:35.475 [16361] dbg: dns: no ipv6
Nov 5 16:04:35.475 [16361] dbg: dns: is Net::DNS::Resolver available? yes
Nov 5 16:04:35.476 [16361] dbg: dns: Net::DNS version: 0.66
Nov 5 16:04:35.490 [16361] dbg: conf
as far as SA is concerned, they arn't cached.
from cli, its fine:
time host -t txt _adsp._domainkey.cantv.net
Host _adsp._domainkey.cantv.net not found: 3(NXDOMAIN)
0.000u 0.005s 0:00.00 0.0%0+0k 0+0io 0pf+0w
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*13
On 11/1/10 1:52 PM, Robert Blayzor wrote:
On Nov 1, 2010, at 10:38 AM, Michael Scheidell wrote:
Switch to the special mysql bayes. it will also allow you to expire based on
time (with some added table).
sync is dynamic but don't forget the cronjob to expire bayes daily.
Unfortun
On 11/1/10 10:28 AM, Robert Blayzor wrote:
lock_method flock
Switch to the special mysql bayes. it will also allow you to expire
based on time (with some added table).
sync is dynamic but don't forget the cronjob to expire bayes daily.
--
Michael Scheidell, CTO
o: 56
lt; 5) {
>run_one_network_spam_test() or last NETTEST;
> } else {
>run_one_network_nonspam_test() or last NETTEST;
> }
> }
>
Ok, lets assume that this actually buys you something. Good thing that you can
provide your own Check.pm. You can easily provide your own.
Michael
>
dr-IP-4.02.8 Perl module for working with IP addresses and
blocks thereo
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star
8');
$set->add_cidr ('::1');
return $set;
}
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Pa
you have commercial version).
and SA 3.2.* has built in support for the results of the ip queries.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive
B_MI_CPEARnet nice noautolearn
Regards,
Lawrence Williams
LCWSoft
www.lcwsoft.com
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Exe
On 10/9/10 11:35 AM, Dennis German wrote:
The question is: Has anyone seen unpredictable and different results when
processing the same message?
Sure. if your setup is messed up, you will get unpredictable results.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
't let you use user-prefs, there
is no telling what else they did.
I suppose you can't post the spamd options they use when they start SA?
what about the contents of the ../share/mail/spamassassin directory?
the default local.cf?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-9
r.net.
why not just use something like 'ob.lanyon.com', in your HELO, FQDN, and
make sure that both FWD and RDNS match?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Co
circumstances would this happen?
AWL is NOT an 'auto whitelist'. and is not used by default configs
anymore.
instead of including the massive volume of documentation on what AWL is
and is not, just google.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
We mostly concerned about YOUR system getting better. local learning
(sa-learn) will bring 'spam' into your local bayes.
do both.
help out the community as a whole (spamassassin --report-spam)
and yourself (sa-learn-r)
many thanks in advance
Colin
--
Michael Scheidell, CTO
o: 561
spamassassin's web site to see current version.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Prog
<http://secnap.pastebin.com/iVAySSRR>
what in the world is outbind?
(I guess if I click on it on my mac, nothing will happen)
looks like its a MS thing:
<http://www.infosyssec.com/forum/viewtopic.php?t=1374>
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
IS
password and ip address of your server so I can
look at the logs.
Seriously, not without samples of headers that you claim are valid.
better yet, open a bug on bugzilla and document the errors.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Netw
e constant HAS_SQLITE => eval { require DBD::SQLite; };
sub dbg {
my $msg = shift;
Thanks for the tip; I did know about using different delimiters - but
using / is force of habit ;-)
I'll try and remember to use something different for uri rules.
Cheers,
Steve.
--
Michael
ebay... envelope from is members.ebay.com. dkim
signature has d=ebay.com
is that what adsp_discard means? that even though the dkim signature
matched, the domain in the envelope from didn't match the domain that
the signature says it signed?
--
Michael Scheidell, CTO
o: 561-999-5000
d
installs already have db4. I guess maybe, hey, its open
source, get out your flowchart guys and write the db4 module :-)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporat
I've installed SPF::Server in
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SPF,
"
you might be overwritting SPF.pm
you might have perl so messed up you need to start all over.
just read the install file, install what is needed, via ports, rpm's,
yum or cpan if none of the above.
-
ng a defunct dns rbl, or a custom rule. disable
all custom rules and rbl's and try again.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Execu
it its a postfix problem, postfix.
but if you can't telnet to yahoo on port 25, and you are the ISP, there
are more problems than that.
On 8/27/10 11:56 AM, Cimoni Enwis Ogwujiakwu wrote:
which forum can assist?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259
DIRECTOR. THIS IS NOT A SPAMASSASSIN PROBLEM.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009,
eived
header.
"v=spf1 mx ptr ~all"
I'm seeing other domains being hit with SPF_SOFTFAIL, so I am at a
loss as to why this one isn't. What am I missing?
I am using SpamAssassin 3.3.1 provided by Ubuntu 10.04.
Neil
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
IS
On 8/18/10 4:44 PM, a.sm...@ukgrid.net wrote:
Yes, was at 8.0 p2 when I installed it I believe, and worked without
probs. (with perl 5.10.1)
Thanks.
You might not want to go to 8.0 p4 until the problem is figured out.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259
k without 'make pure_perl_install'?
I am trying to decide if this is a SA problem, an Freebsd 8.0 problem or
pilot error.
(I never had a problem with SA on freebsd 5.4, 5.4, 6.2, 6.3, 6.4, 7.1,
7.2 or 7.3)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>
On 8/17/10 7:30 PM, Alexandre Chapellon wrote:
Hi the list,
I am posting the results of my tests in order to have
fedback/feelings/remarqs.
This is not directly spamassassin related, but can be helpful for
people (I saw here) wondering if they would used the barracuda DNSBL.
When other well
an record.
and not sure if sa-update is falling back to an a record, or just fails.
(or needs additional inet6 helpers)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Co
A8 CE6D 6BE0 28C6 5652 03B5 6793 A7DB A67F
#
# $Id: .signature,v 1.3 2007-12-27 21:13:36 sca Exp $
####
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
e one
that causes the problem
post results on bugzilla.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Prog
t for your Internet safety. Learn how to
verify legitimate emails and detect email fraud by visiting GoDaddy.com
<https://www.godaddy.com/default.aspx> and clicking "Security Center"
under "About Go Daddy."
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN:
ignore_site_cf_files => 1,
post_config_text=>
'
skip_rbl_checks 1
use_dcc 0
use_bayes 0
bayes_auto_learn 0
use_razor2 0
use_auto_whitelist 0
',
}
);
my $mail = $spamtest->parse($msg2, 0);
my $status = $spamtest->check ($mail);
$st
way to dial down the Hotmail detection?
Thanks!
Ray Dzek
Network Operations
Specialized Bicycles
Ph: 408-782-5420
www.specialized.com
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 2259*1300
*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008
s) which I look forward to in a
future version of SA as well.
Id like to see it be resilient. allow us to put in more than one hostname.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot
7;swatch' it, maybe you just retry?
or, heck, its just bayes, who care? the spammers will hit you again (and
if you got the deadlock, they did)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot C
you
get pretty quick action.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Secur
you have.
SA is 3.3.1
perl is 5.10.(something)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* B
currently supported version.
does not use /usr/local/share/spamassassin
needs to run sa-update to get factory rules.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Execut
On 7/23/10 3:57 PM, Grant Peel wrote:\
Does anyone know where else I might search to find the answer to this
delema?
I missed the original thread.
im the ports maintainer for freebsd SA.
start over:
freebsd 3.2.x put the FACTORY sigs in /usr/local/share/spamassassin
user configs are in /u
On 7/23/10 12:17 PM, Rosenbaum, Larry M. wrote:
sought_rules_yerp_org/20_sought.cf:body __SEEK_YRQYH9 /\x{a9}2009 Microsoft \|
Unsubscribe \| More Newsletters \| Privacy/
sought_rules_yerp_org/20_sought.cf:body __SEEK_VZ7OQ6 /Copyright \x{a9}2009 by
NACHA - The Electronic Payments Association
On 7/22/10 10:32 AM, Eric A. Hall wrote:
Sometimes the AWL rule doesn't appear in the list. From looking at the
due to performance vs accuracy issues, AWL was demoted in SA 3.3x.
It might not be worth the cpu cycles
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *|
7, RDNS_NONE 0.10)
X-webone-MailScanner-SpamScore: s
X-webone-MailScanner-From: pers...@vivotech.com
X-EsetId: C30D4C20C48D2634974D
-Original Message-
From: Michael Scheidell [mailto:scheid...@secnap.net]
Sent: Friday, 16 July 2010 1:07 p.m.
To: users@spamassassin.apache.org
Subject: Re: png
, rbl's, most of that? isn't it coming from zombie
dialups anyway?
Thanks
Peter
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five
and as a reminder, dcc doesn't test for spam or not spam, just bulk vs
non bulk, and the OPTIONAL reputation filter service also gives you the
percentage of bulk on the connecting ip.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
cover all cases? except the status emails from travel
web sites, and 'email me this link' type emails? (which are FORGED
emails in fact!)
(still think a 'blacklist_from_not_spf *...@secnap.net would be cool)
something similar to what firewalls and routers can now do for what wan
i
9.63.128/28 ip4:63.211.90.16/29 -all"
actually, thats not SPF. :-)
its SENDER-ID
microsoft change the "spf1.0" to "spf2.0" and patented it.
(and they don't use it)
<http://www.openspf.org/SPF_vs_Sender_ID>
--
Michael Scheidell, CTO
Phone: 561-999-500
in the future
and see if the "stock" SA ruleset can do the job before I seek out a
third party ruleset.
> Are you quitting the Java mess to enter into the Perl one? ;)
Every language has it's niche. Filtering SPAM seems like the ideal
task for the Pathologically Eclectic Rubbish Lister.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
Hello,
I have just setup spamassassin. A lot of spam is getting filtered. But
a lot is not.
What are the prevailing additional steps for improving filtering?
Is using bayes worth it?
My default config does not appear to be using bayes. How do I enable
it? The documentation simply says "run sa-l
ments, but I
don't think SA itself, stock does anything.
3. How is spamassassin able to determine that a particular attachment can/can't
be parsed for defined rules?
4. What is the flow of attachment demimeing on spamassassin?
Kindly refer some suitable links too.
Thanks in adva
it in your MTA, and you are using a caching DNS server,
then you are not making any redundant outbound DNS queries, one for the
MTA, one for SA.
SA will use the cached result.
and, in the case of DHA's, that one ip will probally hit your server
25,000 more times today :-)
--
Michael
o the issue of a lack of these ip's in spam corpus since most people
use that as a hard mta rbl.
(chime in, anyone who uses it)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award
501 - 600 of 2444 matches
Mail list logo
