Excellent feature - I look forward to using it.
It does lead me to another question however. Using a spam honeypot would
lead to a large corpus of SPAM. My corpus of HAM, but its very nature,
would be much smaller. Are there any negative implication to training
the Bayesian filters with
Am 09.01.2015 um 02:01 schrieb David Flanigan:
Excellent feature - I look forward to using it.
It does lead me to another question however. Using a spam honeypot would
lead to a large corpus of SPAM. My corpus of HAM, but its very nature,
would be much smaller. Are there any negative
On Thu, 8 Jan 2015, Alex Regan wrote:
How about using a domain specifically for creating a honeypot, of
you only need an email@address no point in registering a domain soley
for this, some might think its better, but I see no real advantage to it
over using a well known existing domain,
On 01/07/2015 02:31 PM, Reindl Harald wrote:
Am 07.01.2015 um 20:23 schrieb Alex:
I'm also wondering what exactly you're taking from these messages that
are received? Are you blocking based on IP? Creating header/body
rules? Those are usually transferable to other systems, but what about
How about using a domain specifically for creating a honeypot, of
you only need an email@address no point in registering a domain soley
for this, some might think its better, but I see no real advantage to it
over using a well known existing domain, infact if you examine your logs
you might
Am 08.01.2015 um 22:57 schrieb Alex Regan:
On 01/07/2015 02:31 PM, Reindl Harald wrote:
Am 07.01.2015 um 20:23 schrieb Alex:
I'm also wondering what exactly you're taking from these messages that
are received? Are you blocking based on IP? Creating header/body
rules? Those are usually
How about using a domain specifically for creating a honeypot
you only need an email@address no point in registering a domain soley
for this, some might think its better, but I see no real advantage
This represents the largest problem I have, because any well-known existing
domain has zen
On 08/01/2015 05:23, Alex wrote:
I have an old domain with a number of dormant accounts that I'd like
to use. The domain also uses several RBLs, so a majority of the spam
is rejected before it's ever received, so it's less than effective.
You need to whitelist at least the trap addresses to
Hi,
I was hoping it was okay to resurrect a thread from a few months ago
and ask a few questions regarding creating some type of honeypot for
spammers.
Just search your /var/log/maillog for user unknown messages, and
create email addresses for the unknown users which are showing up
multiple
Am 07.01.2015 um 20:23 schrieb Alex:
I'm also wondering what exactly you're taking from these messages that
are received? Are you blocking based on IP? Creating header/body
rules? Those are usually transferable to other systems, but what about
bayes? How can you use it for bayes when that
On 11/21/2014 09:49 AM, David F. Skoll wrote:
On Fri, 21 Nov 2014 08:43:22 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
On a public mailng list isn't a great place to discuss such tactics...
I suspect spammers are dumb and will just vacuum up any address
they can find. Also, the
On 04/12/2014 00:54, Christian Grunfeld wrote:
It would be very rare, and if so you would ever more rare CC the entire
list of addresses on your spam message - sure this was a lot more common in
years gone by, but I've not seen any such evidence of it in almost 10 years,
and if you
read my reply to Chris, its rather simple - if you care (and we have
some pretty damn illiterate users, if they can get it right, anyone can)
Oh additional point, it also helps if your CSR's also have a clue, and
sound confident when talking to users, if they sound hesitant u's
and
Am 03.12.2014 um 23:56 schrieb Philip Prindeville:
On 11/21/2014 09:49 AM, David F. Skoll wrote:
On Fri, 21 Nov 2014 08:43:22 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
On a public mailng list isn't a great place to discuss such tactics...
I suspect spammers are dumb and will just
On 12/2/2014 5:32 PM, LuKreme wrote:
I have *never* considered Barracuda to be reliable. At least they have stopped
their practice of listing my server and then sending me spam offering to sell
me their crapware to keep it off blacklists for per month.
I think there's a direct
Am 03.12.2014 um 02:32 schrieb LuKreme:
another recent example:
Spamhaus blocked GMX/11/Web.de completly *by a mistake*, no problem in case of
scoring, a ruined weekend if we had used it as only source
The extremely occasional mistaken black is more than made up for by the vast
quantities
On Thu, 4 Dec 2014, Noel Butler wrote:
On 04/12/2014 00:54, Christian Grunfeld wrote:
It would be very rare, and if so you would ever more rare CC the
entire list of addresses on your spam message -
sure this was a lot more common in years gone by, but I've not seen any
such
On 12/04/2014 05:32 AM, Reindl Harald wrote:
Am 03.12.2014 um 23:56 schrieb Philip Prindeville:
On 11/21/2014 09:49 AM, David F. Skoll wrote:
On Fri, 21 Nov 2014 08:43:22 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
On a public mailng list isn't a great place to discuss such
On 12/4/14, 3:10 PM, Philip Prindeville
philipp_s...@redfish-solutions.com wrote:
Not necessarily. If I post to a list with this address, and wait 60
days, I can assume that 99.999% of email that comes back after that date
is not related to the original posting.
Further, after 15 days, anything
On Dec 4, 2014, at 2:30 PM, Dave Pooser dave...@pooserville.com wrote:
On 12/4/14, 3:10 PM, Philip Prindeville
philipp_s...@redfish-solutions.com wrote:
Not necessarily. If I post to a list with this address, and wait 60
days, I can assume that 99.999% of email that comes back after that
It would be very rare, and if so you would ever more rare CC the
entire list of addresses on your spam message - sure this was a lot more
common in years gone by, but I've not seen any such evidence of it in
almost 10 years, and if you did, well, that's not my problem, its the
problem of your
It would be very rare, and if so you would ever more rare CC the entire
list of addresses on your spam message
Really? I see it all the time, often with a message body of TAKE ME OFF
THIS LIST (because four exclamation points will convince a spammer to
stop, while three just amuse the
On 02/12/2014 15:28, Ted Mittelstaedt wrote:
On 12/1/2014 8:47 PM, Noel Butler wrote:
On 02/12/2014 09:07, Reindl Harald wrote: Am 01.12.2014 um 23:46 schrieb
Franck Martin: On Nov 26, 2014, at 10:50 AM, Reindl Harald
h.rei...@thelounge.net mailto:h.rei...@thelounge.net wrote: Am
On 12/2/2014 12:28 AM, Ted Mittelstaedt wrote:
For anyone else, this discussion about honeypots STARTED as a
discussion on where to find good Bayes feeding sources.
No, it started as a discussion about honeypots to help the SOUGHT 2.0
project which could use more volunteers, BTW!
Regards,
On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedt t...@ipinc.net wrote:
This is assuming of course that your instantly blocking everything from a
sender that happens to email a honeypot.
Right. That i the *point* of a honeypot. The only thing going to a honeypot is
going to be a spammer.
Most
On Tue, Dec 2, 2014 at 3:19 PM, LuKreme krem...@kreme.com wrote:
On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedt t...@ipinc.net wrote:
This is assuming of course that your instantly blocking everything from
a sender that happens to email a honeypot.
Right. That i the *point* of a honeypot.
On 12/2/2014 6:19 AM, LuKreme wrote:
On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedtt...@ipinc.net wrote:
This is assuming of course that your instantly blocking everything from a
sender that happens to email a honeypot.
Right. That i the *point* of a honeypot. The only thing going to a
On 12/2/2014 12:24 PM, Ted Mittelstaedt wrote:
On 12/2/2014 6:19 AM, LuKreme wrote:
On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedtt...@ipinc.net wrote:
This is assuming of course that your instantly blocking everything
from a sender that happens to email a honeypot.
Right. That i the
On 12/2/2014 9:31 AM, Kevin A. McGrail wrote:
On 12/2/2014 12:24 PM, Ted Mittelstaedt wrote:
On 12/2/2014 6:19 AM, LuKreme wrote:
On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedtt...@ipinc.net wrote:
This is assuming of course that your instantly blocking everything
from a sender that
Am 02.12.2014 um 18:24 schrieb Ted Mittelstaedt:
On 12/2/2014 6:19 AM, LuKreme wrote:
On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedtt...@ipinc.net wrote:
This is assuming of course that your instantly blocking everything
from a sender that happens to email a honeypot.
Right. That i the
Hello Reindl,
Tuesday, December 2, 2014, 6:14:26 PM, you wrote:
RH no, i am saying nobody right in his mind is rejecting mails because
RH *one* RBL
You do say the sweetest things!
Should I be offended given that we block at SMTP time if an IP address
is listed in just one of a chosen
Am 02.12.2014 um 19:22 schrieb Niamh Holding:
Hello Reindl,
Tuesday, December 2, 2014, 6:14:26 PM, you wrote:
RH no, i am saying nobody right in his mind is rejecting mails because
RH *one* RBL
You do say the sweetest things!
Should I be offended given that we block at SMTP time if an IP
On 12/02/2014 07:22 PM, Niamh Holding wrote:
Hello Reindl,
Tuesday, December 2, 2014, 6:14:26 PM, you wrote:
RH no, i am saying nobody right in his mind is rejecting mails because
RH *one* RBL
You do say the sweetest things!
Should I be offended given that we block at SMTP time if an IP
On 03/12/2014 03:07, Matthias Leisi wrote:
On Tue, Dec 2, 2014 at 3:19 PM, LuKreme krem...@kreme.com wrote:
On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedt t...@ipinc.net wrote:
This is assuming of course that your instantly blocking everything from a
sender that happens to email a
.if *anyone* sends *anything* to that address it is unsolicited mail -
spam, so that IP sender is blacklisted and placed in a DNSBL as well
because there is no possible legitimate reason to send to that address
ït is not really true. If a spammer sends to a list of addresses and among
On 03/12/2014 09:18, Christian Grunfeld wrote:
.if *anyone* sends *anything* to that address it is unsolicited mail -
spam, so that IP sender is blacklisted and placed in a DNSBL as well because
there is no possible legitimate reason to send to that address
ït is not really
On Dec 2, 2014, at 10:24 AM, Ted Mittelstaedt t...@ipinc.net wrote:
On 12/2/2014 6:19 AM, LuKreme wrote:
On Dec 1, 2014, at 10:28 PM, Ted Mittelstaedtt...@ipinc.net wrote:
This is assuming of course that your instantly blocking everything from a
sender that happens to email a
On Dec 2, 2014, at 11:28 AM, Reindl Harald h.rei...@thelounge.net wrote:
Am 02.12.2014 um 19:22 schrieb Niamh Holding:
Hello Reindl,
Tuesday, December 2, 2014, 6:14:26 PM, you wrote:
RH no, i am saying nobody right in his mind is rejecting mails because
RH *one* RBL
You do say
On Nov 26, 2014, at 10:50 AM, Reindl Harald h.rei...@thelounge.net wrote:
Am 26.11.2014 um 19:45 schrieb Franck Martin:
On Nov 26, 2014, at 10:19 AM, Matthias Leisi matth...@leisi.net
mailto:matth...@leisi.net wrote:
Agreed, it is cheap in resources. However, it will be easier to add
Am 01.12.2014 um 23:46 schrieb Franck Martin:
On Nov 26, 2014, at 10:50 AM, Reindl Harald h.rei...@thelounge.net wrote:
Am 26.11.2014 um 19:45 schrieb Franck Martin:
On Nov 26, 2014, at 10:19 AM, Matthias Leisi matth...@leisi.net
mailto:matth...@leisi.net wrote:
Agreed, it is cheap in
Am 01.12.2014 um 23:46 schrieb Franck Martin:
You think that spamhaus, SURBL, URIBL, and any other reputable list service
would add in their blocking list a legit domain because some faced forged
sender?
to make it clearer:
no, but *i know* for sure that *any* of that blacklists is not
On 02/12/2014 09:07, Reindl Harald wrote:
Am 01.12.2014 um 23:46 schrieb Franck Martin:
On Nov 26, 2014, at 10:50 AM, Reindl Harald h.rei...@thelounge.net wrote:
Am 26.11.2014 um 19:45 schrieb Franck Martin: My experience says it is very
useful
my point in context of that thread is
On 02/12/2014 08:46, Franck Martin wrote:
On Nov 26, 2014, at 10:50 AM, Reindl Harald h.rei...@thelounge.net wrote:
Am 26.11.2014 um 19:45 schrieb Franck Martin: On Nov 26, 2014, at 10:19 AM,
Matthias Leisi matth...@leisi.net mailto:matth...@leisi.net wrote:Agreed,
it is cheap in
On 12/1/2014 8:47 PM, Noel Butler wrote:
On 02/12/2014 09:07, Reindl Harald wrote:
Am 01.12.2014 um 23:46 schrieb Franck Martin:
On Nov 26, 2014, at 10:50 AM, Reindl Harald h.rei...@thelounge.net
mailto:h.rei...@thelounge.net wrote:
Am 26.11.2014 um 19:45 schrieb Franck Martin:
My
probably the same time it took to ipv4 become exhausted !
2014-11-27 3:59 GMT-03:00 John Wilcock j...@tradoc.fr:
Le 26/11/2014 19:56, Christian Grunfeld a écrit :
even /64 DNSxLs will be expensive !
/64 lists will have 2^32 times more entries than IPv4 lists.
/64 lists can *theoretically*
On 11/26/2014 1:53 AM, Matthias Leisi wrote:
On Wed, Nov 26, 2014 at 3:45 AM, Franck Martin fmar...@linkedin.com
mailto:fmar...@linkedin.com wrote:
You may want to read
https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Inbound_IPv6_Policy_Issues-2014-09.pdf
I'm well aware of
On Wed, 26 Nov 2014 07:53:20 +0100
Matthias Leisi matth...@leisi.net wrote:
Yes, such an approach might initially double the amount of queries
and has an increased risk of not getting DNS responses, but on the
other hand such tree information can be nicely cached with
reasonably long TTLs,
Am 26.11.2014 um 14:06 schrieb David F. Skoll:
On Wed, 26 Nov 2014 07:53:20 +0100
Matthias Leisi matth...@leisi.net wrote:
Yes, such an approach might initially double the amount of queries
and has an increased risk of not getting DNS responses, but on the
other hand such tree information can
On Wed, 26 Nov 2014 14:10:04 +0100
Reindl Harald h.rei...@thelounge.net wrote:
the unbound stats on our inbound MX saying the opposite
How much of those are DNSBL lookups against DNSBLs with short TTLs?
Regards,
David.
Am 26.11.2014 um 15:07 schrieb David F. Skoll:
On Wed, 26 Nov 2014 14:10:04 +0100
Reindl Harald h.rei...@thelounge.net wrote:
the unbound stats on our inbound MX saying the opposite
How much of those are DNSBL lookups against DNSBLs with short TTLs?
below the stats by RBL and keep in mind
On Nov 26, 2014, at 2:15 AM, Kevin A. McGrail
kmcgr...@pccc.commailto:kmcgr...@pccc.com wrote:
On 11/26/2014 1:53 AM, Matthias Leisi wrote:
On Wed, Nov 26, 2014 at 3:45 AM, Franck Martin
fmar...@linkedin.commailto:fmar...@linkedin.com wrote:
You may want to read
On Wed, Nov 26, 2014 at 6:05 PM, Franck Martin fmar...@linkedin.com wrote:
As for /64, yes there are hosting providers that have all their customers
in the same /64 and other cases like this where infrastructure is not
separated by /64 boundaries. I think IPv6 blocking list will be more last
Am 26.11.2014 um 19:45 schrieb Franck Martin:
On Nov 26, 2014, at 10:19 AM, Matthias Leisi matth...@leisi.net
mailto:matth...@leisi.net wrote:
On Wed, Nov 26, 2014 at 6:05 PM, Franck Martin fmar...@linkedin.com
mailto:fmar...@linkedin.com wrote:
As for /64, yes there are hosting
even /64 DNSxLs will be expensive !
/64 lists will have 2^32 times more entries than IPv4 lists.
2014-11-26 15:45 GMT-03:00 Franck Martin fmar...@linkedin.com:
On Nov 26, 2014, at 10:19 AM, Matthias Leisi matth...@leisi.net wrote:
On Wed, Nov 26, 2014 at 6:05 PM, Franck Martin
Le 26/11/2014 19:56, Christian Grunfeld a écrit :
even /64 DNSxLs will be expensive !
/64 lists will have 2^32 times more entries than IPv4 lists.
/64 lists can *theoretically* have that many entries, yes, but it'll be
a very long time before there are 2^32 times as many *allocated* IPv6
On 11/24/2014 12:30 PM, Reindl Harald wrote:
the world is not black and white and by *blindly* blacklist you gain
nothing than damage
This is absolutely correct, Reindl.
It is why ALL domain names that MY COMPANY accepts mail from HAVE
WEBSITES on them.
You send email to
Am 25.11.2014 um 18:53 schrieb Ted Mittelstaedt:
I see people like you every day who are CONVINCED they can deal with
greyness in the world by a machine. Poor fools that they are, they are
the ones who construct elaborate voice auto responder voice trees
(press 1 for this press 2 for that) as
Am 25.11.2014 um 18:53 schrieb Ted Mittelstaedt:
It is why ALL domain names that MY COMPANY accepts mail from HAVE
WEBSITES on them
don't get me wrong but that is just stupid
a website was enver, is not and will never be a prerequisite for a
mail-domain (or mail subdomain) nor is it a MX
On 11/25/2014 11:24 AM, Reindl Harald wrote:
Am 25.11.2014 um 18:53 schrieb Ted Mittelstaedt:
It is why ALL domain names that MY COMPANY accepts mail from HAVE
WEBSITES on them
don't get me wrong but that is just stupid
a website was enver, is not and will never be a prerequisite for a
On 11/25/2014 11:21 AM, Reindl Harald wrote:
Am 25.11.2014 um 18:53 schrieb Ted Mittelstaedt:
I see people like you every day who are CONVINCED they can deal with
greyness in the world by a machine. Poor fools that they are, they are
the ones who construct elaborate voice auto responder
On Nov 22, 2014, at 4:15 AM, Aban Dokht ml...@abando.de wrote:
On 21.11.2014 18:17, Matthias Leisi wrote:
We are about to simplify the reporting we
previously had, and want to push this especially to detect spam coming
in over IPv6.
We also have honeypots with enabled IPv6 MX, but SPAM
On Wed, Nov 26, 2014 at 3:45 AM, Franck Martin fmar...@linkedin.com wrote:
You may want to read
https://www.m3aawg.org/sites/maawg/files/news/M3AAWG_Inbound_IPv6_Policy_Issues-2014-09.pdf
I'm well aware of the issues of cache efficiency and query volumes due to
the vast address space. The
On Sat, 22 Nov 2014 15:32:26 -0600 (CST)
Dave Funk wrote:
Another way to seed spamtrap addresses is to make up some and
then feed them into unsubscribe links in spam sent to regular
users. I've got some of those I started that way 15 years ago
and they're still going strong.
Isn't there a
Am 24.11.2014 um 13:51 schrieb RW:
On Sat, 22 Nov 2014 15:32:26 -0600 (CST)
Dave Funk wrote:
Another way to seed spamtrap addresses is to make up some and
then feed them into unsubscribe links in spam sent to regular
users. I've got some of those I started that way 15 years ago
and they're
On Sun, 23 Nov 2014 11:12:58 +0100
Aban Dokht ml...@abando.de wrote:
From my opinion, this is not a good idea as you are going to put
those servers onto your list.
This way you'll blacklist bulk senders, with badly configured or even
not bounce management, but they are not all spammers!
Am 24.11.2014 um 18:49 schrieb jdebert:
On Sun, 23 Nov 2014 11:12:58 +0100
Aban Dokht ml...@abando.de wrote:
From my opinion, this is not a good idea as you are going to put
those servers onto your list.
This way you'll blacklist bulk senders, with badly configured or even
not bounce
On 25/11/2014 03:49, jdebert wrote:
No, let's not accomodate incompetent bulk mailers. It has never worked
before. All it does is allow them to continue to make excuses to fail
to do their job properly and it attracts spammers, politicians and
other such ilk. Spammers always take
On Sun, 23 Nov 2014, Reindl Harald wrote:
Am 23.11.2014 um 11:17 schrieb Aban Dokht:
On 22.11.2014 22:32, Dave Funk wrote:
Another way to seed spamtrap addresses is to make up some and
then feed them into unsubscribe links in spam sent to regular
users. I've got some of those I started that
On 22.11.2014 22:05, Ted Mittelstaedt wrote:
That's a lot of work, there's a much easier way
Just search your /var/log/maillog for user unknown messages, and
create email addresses for the unknown users which are showing up
multiple times over multiple days. It's a great trick because it
On 22.11.2014 22:32, Dave Funk wrote:
Another way to seed spamtrap addresses is to make up some and
then feed them into unsubscribe links in spam sent to regular
users. I've got some of those I started that way 15 years ago
and they're still going strong.
Also no good idea, as some of them
Am 23.11.2014 um 11:17 schrieb Aban Dokht:
On 22.11.2014 22:32, Dave Funk wrote:
Another way to seed spamtrap addresses is to make up some and
then feed them into unsubscribe links in spam sent to regular
users. I've got some of those I started that way 15 years ago
and they're still going
On 23/11/2014 20:12, Aban Dokht wrote:
On 22.11.2014 22:05, Ted Mittelstaedt wrote:
domain - I've seen user unknown messages for users who cancelled mailboxes
on the domain over a decade ago. I figure 10 years of getting user unknown
messages is long enough for any real humans and for
On 11/23/2014 2:12 AM, Aban Dokht wrote:
On 22.11.2014 22:05, Ted Mittelstaedt wrote:
That's a lot of work, there's a much easier way
Just search your /var/log/maillog for user unknown messages, and
create email addresses for the unknown users which are showing up
multiple times over
On 11/23/2014 2:17 AM, Aban Dokht wrote:
On 22.11.2014 22:32, Dave Funk wrote:
Another way to seed spamtrap addresses is to make up some and
then feed them into unsubscribe links in spam sent to regular
users. I've got some of those I started that way 15 years ago
and they're still going
On 21.11.2014 18:17, Matthias Leisi wrote:
We are about to simplify the reporting we
previously had, and want to push this especially to detect spam coming
in over IPv6.
We also have honeypots with enabled IPv6 MX, but SPAM over IPv6 is very,
very seldom. But pushing IPv6 anti spam is a
On Sat, 22 Nov 2014 13:15:29 +0100
Aban Dokht ml...@abando.de wrote:
We also have honeypots with enabled IPv6 MX, but SPAM over IPv6 is
very, very seldom.
We keep reputation reports from a large number of mailboxes and
they break down roughly as follows:
IPv4 mail: about 475 million reports
enough for any real
humans and for legitimate mailing lists to remove those entries.
Ted
On 11/21/2014 8:10 AM, Joe Quinn wrote:
We are setting up some honeypot email addresses, and were wondering if
anyone here had tips on how to include those addresses on webpages and
other places.
We're
and for legitimate mailing lists to remove those entries.
Ted
On 11/21/2014 8:10 AM, Joe Quinn wrote:
We are setting up some honeypot email addresses, and were wondering if
anyone here had tips on how to include those addresses on webpages and
other places.
We're currently going with a pretty simple
We are setting up some honeypot email addresses, and were wondering if
anyone here had tips on how to include those addresses on webpages and
other places.
We're currently going with a pretty simple !-- honey...@example.com --
HTML comment. Is that too obvious? Should we put it into a CSS
Am 21.11.2014 um 17:10 schrieb Joe Quinn:
We are setting up some honeypot email addresses, and were wondering if
anyone here had tips on how to include those addresses on webpages and
other places.
We're currently going with a pretty simple !-- honey...@example.com --
HTML comment. Is that too
On Fri, 21 Nov 2014, Reindl Harald wrote:
Am 21.11.2014 um 17:10 schrieb Joe Quinn:
We are setting up some honeypot email addresses, and were wondering if
anyone here had tips on how to include those addresses on webpages and
other places.
We're currently going with a pretty simple
On Fri, 21 Nov 2014 08:43:22 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
On a public mailng list isn't a great place to discuss such tactics...
I suspect spammers are dumb and will just vacuum up any address
they can find. Also, the scammers who sell CDs with millions of
email addresses
Btw., the dnswl.org project is happy to receive whatever spamtrap hits. We
are about to simplify the reporting we previously had, and want to push
this especially to detect spam coming in over IPv6.
Details off list :)
-- Matthias
Am 2008-08-18 13:46:56, schrieb [EMAIL PROTECTED]:
Hello,
Long time SA user here. I have googled much for an answer for this. I have a
few email addresses that are clearly now spam only. I would like to
blacklist them and use them as a honeypot to help train my Bayes through
autolearn, does
jdow wrote:
I believe you could blacklist_from. That would train SpamAssassin's
Bayes filter -
Or not. Both USER_IN_BLACKLIST and USER_IN_BLACKLIST_TO have tflags set
to userconf noautolearn (in current 3.2.5 rules), which means that
SpamAssassin will ignore their scores when deciding whether
Hello,
Long time SA user here. I have googled much for an answer for this. I have a
few email addresses that are clearly now spam only. I would like to
blacklist them and use them as a honeypot to help train my Bayes through
autolearn, does anyone have any suggestions on how to do this?
Thanks!
On Mon, 18 Aug 2008, [EMAIL PROTECTED] wrote:
Long time SA user here. I have googled much for an answer for this. I
have a few email addresses that are clearly now spam only. I would like
to blacklist them and use them as a honeypot to help train my Bayes
through autolearn, does anyone have
On Mon, Aug 18, 2008 at 1:59 PM, John Hardin [EMAIL PROTECTED] wrote:
On Mon, 18 Aug 2008, [EMAIL PROTECTED] wrote:
Long time SA user here. I have googled much for an answer for this. I have
a few email addresses that are clearly now spam only. I would like to
blacklist them and use them as
[EMAIL PROTECTED] wrote:
On Mon, Aug 18, 2008 at 1:59 PM, John Hardin [EMAIL PROTECTED]
wrote:
On Mon, 18 Aug 2008, [EMAIL PROTECTED] wrote:
Long time SA user here. I have googled much for an answer for this. I
have a few email addresses that are clearly now spam only. I would
Maybe this is a completely crazy notion, but if the mail for these accounts is
in fact actually flowing into/through your system, and being sent through SA
already, you might create a rule so that any item with one of those addresses
in it gets a high score so in turn your auto-learn threshold
Yes, because rather than use a honeypot, you can forward as an
attachment to Spamcop. SA uses Spamcop in its scoring so indirectly
you improve your SA scoring accuracy if you do that. I strongly
recommend all our users do that also.
Ron Smith
[EMAIL PROTECTED]
Having an email problem is
From: [EMAIL PROTECTED]
Sent: Monday, 2008, August 18 11:08
On Mon, Aug 18, 2008 at 1:59 PM, John Hardin [EMAIL PROTECTED] wrote:
On Mon, 18 Aug 2008, [EMAIL PROTECTED] wrote:
Long time SA user here. I have googled much for an answer for this. I
have
a few email addresses that are
92 matches
Mail list logo