Matt Kettler wrote:
Philip Prindeville wrote:
Karsten Bräckelmann wrote:
Please, do not paste a gigantic blob of multipart MIME messages. Put it
up somewhere, raw, and simply provide a link.
On Sat, 2008-02-16 at 18:44 -0800, Philip Prindeville wrote:
Anyway, I have no idea why I'm seeing
a protocol name (ftp:, http:, tftp:, etc.), a domain name, and a path
name (even if it's just slash).
Or at the very least, to score complete URL's higher than just domain
names alone.
-Philip
Matt Kettler wrote:
Philip Prindeville wrote:
Matt Kettler wrote:
Philip Prindeville wrote:
Depends on whether you equate bare domains with URL's, I suppose.
If MUA's equate them with URLs, spammers will use this, and
SpamAssassin will use it.
There is only so much braindeath in UA's
.
What should I do? Just block their domain? I don't want to deal with their
misconfiguration issues.
-Philip
Received: from localhost (localhost)
by mail.redfish-solutions.com (8.14.1/8.14.1) id m1H2M5XP027602;
Sat, 16 Feb 2008 19:22:05 -0700
Date: Sat, 16 Feb 2008
Karsten Bräckelmann wrote:
Please, do not paste a gigantic blob of multipart MIME messages. Put it
up somewhere, raw, and simply provide a link.
On Sat, 2008-02-16 at 18:44 -0800, Philip Prindeville wrote:
Anyway, I have no idea why I'm seeing some of these scores. URL matches
when
, or copyright reform, etc) come
from Washington D.C. Perhaps in 50 years they'll finally have a handle
on it.
But I dared to hope...
-Philip
ones you're now using. ;-)
-Philip
Kim Hurlbutt wrote:
Wondering if you can point me in the right direction on how to make
our spam scores lower. How can I get information on how to make edits
to our pages to lower our scores? We currently use Kintera to send
our email newsletters. Please
specious argument.
-Philip
, and then if it bounced, mail to the OrgTech mailbox
instead... because that's too much wasted time... So you To: the abuse
mailbox on the odd chance that it exists, and you Bcc: the noc mailbox
(or the hostmaster or whatever) as a fallback address.
-Philip
Thread-Index: AcfzukOHakkCi8HDRJ2nEhvQOY8RZgACopXw
References: [EMAIL PROTECTED]
From: John Doe [EMAIL PROTECTED]
To: Philip Prindeville [EMAIL PROTECTED]
X-OriginalArrivalTime: 10 Sep 2007 16:10:40.0158 (UTC)
FILETIME=[219FDBE0:01C7F3C5]
Could they have just *deleted* the Received: lines
Between the truly clueless administrator, and those that feign ignorance
to cover up their implicit approval of spammers...
What do you do in the case where someone is filtering deliveries to
their abuse mailbox? (Like 99% of mail sent there isn't going to
score positively...)
Sigh.
Steven Kurylo wrote:
Philip Prindeville wrote:
Between the truly clueless administrator, and those that feign
ignorance to cover up their implicit approval of spammers...
What do you do in the case where someone is filtering deliveries to
their abuse mailbox? (Like 99% of mail sent
John D. Hardin wrote:
On Mon, 5 Nov 2007, Steven Kurylo wrote:
Philip Prindeville wrote:
Between the truly clueless administrator, and those that feign
ignorance to cover up their implicit approval of spammers...
What do you do in the case where someone is filtering deliveries
. Others lack them
or don't enforce them.
When these countries put some teeth into the enforcement of their laws,
then they will stop being blacklisted.
-Philip
(or
as appropriate) to get them listed on until they start playing well
with others?
Would the FAQ's Reporting Spam section be a good place to mention the
various sites that you can rat out offenders?
Thanks,
-Philip
Michele Neylon :: Blacknight wrote:
Philip Prindeville wrote:
We're seeing a lot of unwanted attempts to relay traffic through our
site by Orange.fr, and we've reported this to their Abuse contact as
well as their upstream provider (rain.fr):
Jul 11 11:30:37 mail mimedefang.pl[31610]: relay
Phil Barnett wrote:
On Wednesday 11 July 2007, Philip Prindeville wrote:
Michele Neylon :: Blacknight wrote:
Philip Prindeville wrote:
No joy.
How long ago did you report it?
Which time? It happens regularly, and it's been going on over a month
be used for getting the schema instead?
Thanks
Philip S. Hempel
related to spamassasin and ldap.
Thanks.
Philip S. Hempel
Philip Prindeville wrote:
I'm looking at the headers I just got from a Canadian
ISP's autoresponder I guess the software is called
KANA. Anyone know who owns this? (Yes, someone
not very clueful, I know... let's be more specific than
that...)
Date: sam., 05 mai 2007 18:46:43
by potentially
creating more incidents of Spam.
Quelle folie.
-Philip
to support
IP/CIDR addresses as well...
Let's not overload the meanings of trusted_networks and
internal_networks. These latter two are already confusing
enough for most newbies without having them take on
additional unintended meanings.
-Philip
: Microsoft Outlook, Build 10.0.2627
Reply-To: Monster.com [EMAIL PROTECTED]
X-Priority: 3 (Normal)
Message-ID: [EMAIL PROTECTED]
To: Philip Prindeville [EMAIL PROTECTED]
Subject: Money-Investment
Mime-Version: 1.0
Content-Type: multipart/mixed;boundary=--
If someone can prove to me
for the enhancement?
-Philip
mail.abcltd.com goes
to our spamassassin filters ip address.
Email to @abcltd.com goes to our spam filter, it checks it, if its spam
it saves it in a local mailbox, if its ham it forwards it to ABC Ltd's
server.
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970
I take it your saving your email on the same server that does the spam
filtering?
Only other thing I could think of if this is not the case is email being sent
directly to your mail server via secondry mx records or something.
I run a server which filters mail for clients which is what made me
Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email: [EMAIL PROTECTED]
Web: www.turnstone.co.nz
-Original Message-
From: Steve Pfister [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 14 February 2007 10:51 a.m.
To: 'Matt
mailbox on the server
else it forwards the message onto the customers mail server
Appologies on the huge email, I wanted to give as much detail as I could
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email
] or
something?
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email: [EMAIL PROTECTED]
Web: www.turnstone.co.nz
-Original Message-
From: Steve Monkhouse [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 13 February 2007 12:13
@spamassassin.apache.org
Subject: Re: SpamAssassin using spamc but not using rules correctly? Is my time
being wasted changing local.cf etc?
On Tue, Feb 13, 2007 at 11:42:22AM +1300, Philip Seccombe wrote:
Hi everyone,
I've taken over a mail server from a previous technician and he's
modified qmail
Apologies if this has been answered before or anything, but where/how
are you generating those stats?
I'm not using SA with SQL so I'm not sure if it will work for me, but
those I like!
Stats in question: http://www.blue-canoe.com/stats/index.php?D1=11
Kind Regards,
Philip Seccombe
Turnstone
Can you blacklist @ returns.groups.yahoo.com and then whitelist
[EMAIL PROTECTED] or something?
I'm not sure how the yahoo groups work, but is the reply address
specific to each group or does it get sent from the person to the group
address like this list?
Kind Regards,
Philip Seccombe
[9013] dbg: channel: updating MIRRORED.BY contents
[9013] dbg: channel: cleaning out update directory
[9013] dbg: channel: extracting archive
Insecure dependency in open while running with -T switch at
/usr/lib/perl/5.8/IO/File.pm line 70.
Kind Regards,
Philip Seccombe
Turnstone
identifiers.
nibbler:~#
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email: [EMAIL PROTECTED]
Web: www.turnstone.co.nz
-Original Message-
From: Doc Schneider [mailto:[EMAIL PROTECTED]
Sent: Friday, 9
to the calls, please specify them here.
Parameters for the 'perl Build.PL' command?
Typical frequently used settings:
--install_base /home/xxx # different installation
directory
Your choice: []
Oops :s
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64
::ReadKey is up to date (2.30).
Term::ReadLine::Perl is up to date (1.0302).
YAML is up to date (0.62).
Text::Glob is up to date (0.07).
CPAN is up to date (1.8802).
File::Which is up to date (0.05).
nibbler:~#
And there's just nothing happening
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ
the newest version.
0 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.
nibbler:/etc/init.d#
If apt-get will not install it, how do I upgrade it properly?
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email
to
look like a spam filter release but its far from ideal, does anyone know
of any templates for squirrelmail or have they developed any?
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email: [EMAIL PROTECTED
their email.
Thanks,
-Philip
Any takers? ;-)
http://seeker.dice.com/seeker.epl?rel_code=1102op=5type=14dockey=xml/7/a/[EMAIL
PROTECTED]bb=0source=15
Jonas Eckerman wrote:
Philip Prindeville wrote:
Received: (private information removed)
It just boggles my mind why anyone would go through that much trouble
to deliberately damage a header line, rather than just delete it.
The only reason I can think
ratware writer? Who on this list runs Exchange?
Why is this bouncing back to me, and not the envelope sender,
which was:
Return-Path: [EMAIL PROTECTED]
-Philip
---BeginMessage---
Subject of the message: Redundant QP encoding of Subject/From fields...
Recipient of the message: SpamAssassin
hear the New York Times isn't too picky about who they hire.
Someone could create an army of ghost writers and sit back and
collect the paychecks.
-Philip
Given that spammers read this list to figure out how to defeat us...
Why don't we just secure a copy of ratware and engineer a retro-virus
for it?
-Philip
Justin Mason wrote:
there was a very interesting project described in CEAS which did
just this -- engaged 419ers and other spammers
Poor choice of words.
Not a virus. A vaccine. ;-)
-Philip
Justin Mason wrote:
er, it's illegal, and we're not criminals like they are? ;)
--j.
Philip Prindeville writes:
Given that spammers read this list to figure out how to defeat us...
Why don't we just secure a copy of ratware
Don't they? I thought the recommended retry time was 2 minutes,
doubling on each failure, and maxing out at 2 hours.
That's what sendmail does (unless it's retry time has been explicitly
set to more than 2 hours, of course).
-Philip
Richard Frovarp wrote:
I don't think the RFCs specify any
.
Excluding words with pounds and yen in the Subject line might be
a good thing, however...
-Philip
, specifying =?iso-8859-1?Q? is not necessary.
The test SUBJECT_EXCESS_QP seems to handle this (at least the Subject:
part). I'd like to crank it up to 3.5 or higher.
Any intuitive reasons why this wouldn't work? Are there any
valid mailers that are braindead?
Thanks,
-Philip
unknown correspondents would be more effective.
-Philip
.]
It just boggles my mind why anyone would go through that much trouble
to deliberately damage a header line, rather than just delete it.
Well, maybe they'll get a whiff of the errs of their ways in the
Hall of Spam Shame...
-Philip
I'll ask again... Can someone who handles a fair mix of
email content (i.e. not just western European languages)
do a triage (individually) of the rules below for ham versus
spam?
I'd suspect that very little genuine ham contains IBM852
or Unicode or CP12[0-8] these days.
Thanks,
-Philip
is out-of-date and requires a fix.
-Philip
Robert Nicholson wrote:
so what is the conclusion to this issue?
why when I set ok_locales to it th en does it allow any Charset with
Windows in the name
to bypass that setting?
Why is it that is_charset_ok_for_locales written to give exceptions
sub
You'd think, wouldn't you
-Philip
Robert Nicholson wrote:
This is Japanese
# Japanese: Peter Evans writes: iso-2022-jp = rfc approved, rfc 1468,
created
# by Jun Murai in 1993 back when he didnt have white hair! rfc
approved.
# (rfc 2237) -- by M$.
'ja' = 'EUCJP
-rendering character, like the non-break space,
that says, glue these two together as a ligature. It would waste
a lot less of an already limited encoding space, too.
-Philip
SM wrote:
At 18:56 13-11-2006, Philip Prindeville wrote:
I recently saw an email get bounced that was legitimately coming
from Microsoft:
[snip]
I've put into my spamassassin/sa-mimedefang.cf file:
whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com
What am I
SM wrote:
At 11:49 14-11-2006, Philip Prindeville wrote:
The problem with this is that the DNS returns the response (of the multiple
PTR records) in no particular order, so looking up the rDNS can return
one of three different names...
# nslookup
set type=any
server ns4.msft.net
John D. Hardin wrote:
On Tue, 14 Nov 2006, Daryl C. W. O'Shea wrote:
Philip Prindeville wrote:
whitelist_from_rcvd [EMAIL PROTECTED] mail1.microsoft.com
whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com
whitelist_from_rcvd [EMAIL PROTECTED] maila.microsoft.com
and DNS_FROM_RFC_POST correspond to?
Where do I get the descriptions of these tests, why some sites get
tagged with them, etc?
-Philip
Matt Kettler wrote:
Philip Prindeville wrote:
I recently saw an email get bounced that was legitimately coming
from Microsoft:
Nov 13 14:59:26 mail mimedefang.pl[19053]: helo: maila.microsoft.com
(131.107.115.212) said helo smtp.microsoft.com
Nov 13 14:59:26 mail sendmail[21067
-SpamAssassin-3.1.7-1.x86_64.rpm
error: Failed dependencies:
perl-Mail-SpamAssassin = 3.1.5-1 is needed by (installed)
spamassassin-3.1.5-1.x86_64
any ideas why this is happening and what the fix is?
-Philip
Jim Maul wrote:
Philip Prindeville wrote:
Hi.
I'm running FC3 on an AMD64 platform for my mail server,
and I had last installed SpamAssassin 3.1.5. Well, I grabbed the
tarball for 3.1.7, and did a rpmbuild -tb ... of the tarball.
Worked fine.
Then I tried to upgrade via RPM:
# rpm -v -U
,
whereas GIF images are routinely 4, 6, or 8 bits long.
Does anyone have a handle on what Perl modules to use for
dissecting GIF objects?
Thanks,
-Philip
Matt Kettler wrote:
Philip Prindeville wrote:
There's no way to whitelist just the empty address then? Rather than
everything?
-Philip
Not given the simple file-glob format of the whitelist commands. You'd
need a regular expression and negation.
You could do it with a rule
Matt Kettler wrote:
Philip Prindeville wrote:
Matt Kettler wrote:
Philip Prindeville wrote:
There's no way to whitelist just the empty address then? Rather than
everything?
-Philip
Not given the simple file-glob format of the whitelist
Matt Kettler wrote:
Philip Prindeville wrote:
There's no way to whitelist just the empty address then? Rather than
everything?
-Philip
Not given the simple file-glob format of the whitelist commands. You'd
need a regular expression and negation.
You could do it with a rule
Matt Kettler wrote:
Philip Prindeville wrote:
Well, yes, especially since the IP address of the sender is reserved for
a machine that does ticketing and auto-replies exclusively (I was going
to use whitelist_from_rcvd and not just whitelist_from).
At that point, you should
Hmm Maybe if I post with a more obvious subject line
What is the notation for writing a whitelist_from or whitelist_from_rcvd
when the sender is ? (As in MAIL FROM: )
Thanks,
-Philip
Philip Prindeville wrote:
Well, I have the following issue. When I report abuse to [EMAIL
John D. Hardin wrote:
On Wed, 23 Aug 2006, Philip Prindeville wrote:
Hmm Maybe if I post with a more obvious subject line
What is the notation for writing a whitelist_from or
whitelist_from_rcvd when the sender is ? (As in MAIL FROM:
)
Are you sure you want to use
Well, I have the following issue. When I report abuse to [EMAIL PROTECTED],
they send me back an auto-generated email ticket with a broken Date: on
it (honestly, people, how hard is it to correctly format the date???).
They do this as for the sending address.
How does one go about writing a
What are the steps to whitelist email sent from (i.e. Postmaster
when bouncing mail) or [EMAIL PROTECTED]
Thanks,
-Philip
reject the message as it's being sent, then the sender is the spammer,
and he will know he is failing.
With any luck, he might even remove you from the list of addresses
that he will try to spam in the future.
-Philip
. Will need some additional conditions to make it more usable.
Loren
What Perl modules are there that can process (decode, perform certain
inspections and histogram analysis, etc) of GIF files?
I'd like to throw something together...
-Philip
Does SpamAssassin support SPF record checking?
Or is this something I have to patch into my incoming SMTP server?
John D. Hardin wrote:
On Sat, 24 Jun 2006, Philip Prindeville wrote:
the text and the images. The spammers send multipart/alternative
because they want the text/plain section to confuse the Bayes
filters, since they know it won't be rendered...
It seems to me that right
. that at a minimum the host portions of the URL and the
label for the link would have to match...
If the sender REALLY needs to have the link reside somewhere else,
they could always have the published address send a Location: response
that redirects you to the eventual resting place.
-Philip
hosts a lot of the lists that I read...
-Philip
Michael Scheidell wrote:
-Original Message-
From: Philip Prindeville [mailto:[EMAIL PROTECTED]
Sent: Saturday, June 24, 2006 2:10 PM
To: users@spamassassin.apache.org
Subject: On bichromatic GIF stock spam
I get a lot of spam that looks like:
http://pastebin.com/729105
on the alsa
required.
Loren
Yup. Exactly.
-Philip
' they probably entered
the text and their HTML editor escaped it, not figuring it was
raw HTML being entered directly...
-Philip
to
document them.
-Philip
Screaming Eagle wrote:
I getting this type of spam:
Return-Path: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
X-Spam-Virus: No
X-Spam-Status: No, score=1.4 required=8.0 tests=BAYES_50,HTML_30_40,
HTML_MESSAGE autolearn=no version
Is there a blacklist of phone numbers?
A lot of diploma spam I get has totally different message bodies,
except they list the same phone number to call.
usage of submitting messages via a pipe into an exec'd sendmail
process
on the same machine, etc).
If I have a network 192.168.1.0/24, and I have workstations at 10-25 that
submit email, should I just have:
internal_networks 192.168.1.0/24
Thanks,
-Philip
I'm getting about 50+ per day of these spams not being caught by
SpamAssassin (SpamAssassin version 3.1.1 running on Perl version
5.8.4). There's two types:
1. Lose weight type spam, uses bad English e.g. yrs instead of
years, u instead of you, ur instead of your, talks about not
having talked to
, it won't get fixed.
As I remember, setting the default codepage in Windows to be ISO-8859-1
system-wide isn't that hard.
-Philip
Kai Schaetzl wrote:
Philip Prindeville wrote on Fri, 26 May 2006 11:26:33 -0600:
No, it's to a list. At the list exploder, we want to be able to apply
certain per-list policies. For instance, for most lists (but not all),
the following would be applicable:
I don't use MimeDefang
jdow wrote:
From: Philip Prindeville [EMAIL PROTECTED]
are fired... And you might have a specific set of rules for a list
like
alsa-devel (the 'L' in ALSA is for Linux, so it might be reasonable
to assume that no one will be posting with charset='windows-1252'...
it's also an English
Kai Schaetzl wrote:
Philip Prindeville wrote on Fri, 26 May 2006 13:32:10 -0600:
Except that developers aren't vetted in any particular way.
vetted?
You can sign yourself up for most lists, if you have a valid address
and a web browser.
You have to try to get yourself
Well, I didn't get any responses on the MDF mailing list,
so I was wondering if SA was the better angle to be coming
at this with.
Thanks,
-Philip
---BeginMessage---
I was wondering... Since MdF can be used to invoke SA, and it can
extract information from the headers such as a the envelope
Kai Schaetzl wrote:
Philip Prindeville wrote on Thu, 18 May 2006 08:47:48 -0600:
How legitimate is email sent as
windows-1252?
Very, because broken Windows clients use it.
Kai
Ah, the Strong Arm school of standards enforcement. ;-)
-Philip
would you want to use vendor-specific encodings for no reason other than
they're the broken defaults Microsoft chose to use?
-Philip
I've been getting a lot of spam lately ever since I moved my mail
server to a new system. Here's one of the false negatives that slipped
through, for example:
X-Spam-Status: No, score=-2.1 required=5.0 tests=ALL_TRUSTED,BAYES_50,
NO_REAL_NAME,RCVD_BY_IP,YOUR_INCOME autolearn=ham
that?
Same here. I took a couple years of high school Spanish in California and
Comic books. Or bande dessinee as it's called in French.
The story lines are often simple, and the pictures give a lot of context
to what is
being talked about.
-Philip
L_WIN_CHARSET 0.1
should probably do the same for non-MIME content, but it's not as much of a
problem since Outlook prefers MIME content.
If anyone wants to talk to us, they can stick with ISO Latin-1. We
don't need no stinkin'
Windows-125x... (or -839 for that matter).
-Philip
Are you running Mimedefang?
It might be a start.
We block email from subscriber addresses at networks that are known to be
large sources of spam.
See:
http://www.mimedefang.org/kwiki/index.cgi?PhilipsWorkingFilter
in particular, how %bad_tld's is used.
-Philip
Kristopher Austin wrote:
I
instructed us to
Apr 13 16:57:07 mail sendmail[23371]: k3DMv5s4023371: Milter: data,
reject=554 5.7.1 Message rejected; scored too high on the Spam test.
Any ideas? Didn't see any mention of it in previous postings...
Interesting msg-id. Hmmm. Already a rule for that. Good...
-Philip
: Bayesian spam probability is 0 to 1%
[score: 0.0002]
Whoever set the score for BAYES_00 to 3.0 must have been high!
Daryl
That's true, but you'd still be over 5.0 even without it.
-Philip
I tried to do a makedb -u on the .spamassassin/auto-whitelist file, but
it failed with:
makedb: cannot open database file `/root/.spamassassin/auto-whitelist':
Invalid argument
Is there a handy way to manipulate this db manually (no pun intended)?
Thanks,
-Philip
Magnus Holmgren wrote:
onsdag 05 april 2006 06:43 skrev Philip Prindeville:
I was looking on the FAQ and the Wiki, but couldn't find this...
How do I filter based on the recipient mailbox address? For instance, I'm
running Linux, so if I get email sent to [EMAIL PROTECTED] or [EMAIL
, I see:
if ($AddApparentlyToForSpamAssassin and
($#Recipients = 0)) {
push(@sahdrs, Apparently-To: .
join(, , @Recipients) . \n);
}
Are you sure the value of @Recipients is fragmented at this point?
-Philip
Philip Prindeville wrote:
Matt Kettler wrote:
[EMAIL PROTECTED] wrote:
Matt Kettler wrote:
[It] has no access to the message envelope, only the headers and
body, so this information isn't accessible to SA.
Well, unless you add an Apparently
201 - 300 of 385 matches
Mail list logo