I hope Justin has no problems. if anybody has news, please share that
with me.
Le 15/02/2013 13:42, Kevin A. McGrail a écrit :
On 2/14/2013 6:35 PM, Emmett Culley wrote:
Hi KAM,
Can you give me a hint on who or what to contact. I don't know how
those rules got into my system. It was
Le 15/11/2012 22:16, Per-Erik Persson a écrit :
Is there a way to add spamassin rules without editing the config
and reloading the process?
To be more specific, I can set up a RBL of my own and add
suspicious servers found in the header, no problems to do that.
This can be done today
Le 22/07/2011 17:50, Michael Scheidell a écrit :
any of you subscribed to techtarget or crm emails?
seems on june 16th or 17th, something broke. and I am trying to
determine if its something we did or something they did.
no, it's much older than that. I can see a borked one dating back to 25
Le 26/07/2011 01:57, Michael Scheidell a écrit :
On 7/22/11 12:49 PM, Michael Scheidell wrote:
On 7/22/11 12:08 PM, Michael Scheidell wrote:
On 7/22/11 12:04 PM, Bret Miller wrote:
Well, I don't actually subscribe to any active techtarget lists, but
I do still get marketing garbage from them.
Le 19/02/2011 04:58, Frank Reppin a écrit :
Hi list,
Ok - think of it as beeing solved.
I could make something 'useful' after
digging more in HeaderEval.pm.
did you take a look at the code that implements DATE_IN_FUTURE_* rules?
But later then... this raises another issue.
I'll open a
Le 10/02/2011 10:09, Chip M. a écrit :
mouss wrote:
with a stock config, and without Bayes, it now yields:
Hmmm, interesting!
Yes, all the caught spam here were due to RBL hits.
Which begs the question, what SpamAssassin tests are hitting for
the misses vs the kills?
Here's what
Le 09/02/2011 23:09, Chip M. a écrit :
There's an interesting new insecure-boy-drugs campaign that's
about 8% of our post-gateway traffic. It started early today.
About 58% of these are sneaking thru (plain vanilla) SpamAssassin.
The key features are:
three columns of vertical
Le 03/02/2011 22:51, Adam Moffett a écrit :
That's good. The only useful list (BogusMX) can be discovered without
querying rfc-ignorant anyway. Just get the MX records for the sending
domain (which are almost certainly in cache) and make sure they resolve
to real IP addresses.
We reject
Le 27/01/2011 15:12, Michael Scheidell a écrit :
On 1/26/11 11:58 PM, Sahil Tandon wrote:
reject_rhsbl_sender dbl.spamhaus.org=127.0.1.2,
Sound advice to advocate good practices, but in more recent version of
Postfix, this should not be required.
eh?
reject_rhsbl_sender dbl.spamhaus.org
Le 11/01/2011 22:07, Mark Martinec a écrit :
Consider for a moment how hard it would be for an average spammer to
spoof rDNS
This has nothing to do with DNS. The trusted/internal/msa networks
only checks an IP address as it stands in an Received header field,
it does not check nor depend on
Le 12/01/2011 23:02, Mahmoud Khonji a écrit :
I would highly appreciate if anyone is able to send me his SPAM/Ham email
collection.
sigh. if you can't understand what privacy means, then you are part of
the problem.
I need it to train and test classifiers.
you need to train with
Le 06/01/2011 00:48, Karsten Bräckelmann a écrit :
On Thu, 2011-01-06 at 00:27 +0100, mouss wrote:
Le 05/01/2011 02:15, Karsten Bräckelmann a écrit :
On Tue, 2011-01-04 at 00:58 +0100, mouss wrote:
Recipient unknown: 5318 ( 73.85 %)
DNSBL zen.spamhaus.org...: 816
Le 05/01/2011 02:15, Karsten Bräckelmann a écrit :
On Tue, 2011-01-04 at 00:58 +0100, mouss wrote:
Le 03/01/2011 13:28, Jari Fredriksson a écrit :
I want to secure a postfix site with rbls, no spamassassin at this
moment. (I use SpamAssassin on other sites, and no RBLs at SMTP time, so
I'm
Le 05/01/2011 17:00, Rob McEwen a écrit :
On 1/3/2011 6:58 PM, mouss wrote:
as you can see, all DNSBLs but spamhaus are more or less useless.
Mouss,
[ignoring content filtering for a moment... per the original poster's
request]
If one DNSBL removed 90% of all spams, and that made
Le 03/01/2011 13:28, Jari Fredriksson a écrit :
I want to secure a postfix site with rbls, no spamassassin at this
moment. (I use SpamAssassin on other sites, and no RBLs at SMTP time, so
I'm not very experienced with this. SA has may RBL's, sure, but what to
use to kill them when seen?)
Le 29/12/2010 16:54, Jason Bertoch a écrit :
I'm starting to see a (new to me) pattern of spam, and only spam, with
PTR records consisting of a single dot, such as:
Received: from ejru38.pindmosel.info (. [184.154.78.38] (may be forged))
I used to block these and others in postfix:
pcre =
Le 29/12/2010 15:29, Jack L. Stone a écrit :
[snip]
All of my net checks are done at the MTA level
(sendmail) and none in SA -- it's turned off. What is the benefit of
checking twice? Maybe I missed the benefit.
- with some lists, you want to check the IPs found in the Received
headers (and
Le 23/12/2010 22:56, Bob Proulx a écrit :
mouss wrote:
John Hardin a écrit :
Just out of curiosity, why? An MD5 hash is shorter than an SHA hash (an
important consideration when you're making lots of DNS queries of the
hash), MD5 is computationally lighter than SHA, and MD5 is robust enough
Le 15/12/2010 00:52, John Hardin a écrit :
On Tue, 14 Dec 2010, Cedric Knight wrote:
So a hash is best,
Agreed.
and I'd suggest SHA1 over MD5.
Just out of curiosity, why? An MD5 hash is shorter than an SHA hash (an
important consideration when you're making lots of DNS queries of the
Le 14/12/2010 15:28, Marc Perkel a écrit :
Are there any DNSBLs out there based on email addresses? Since you can't
use an @ in a DNS lookup - how would you do DNSBL on email addresses? Is
there a standard?
you an still use something like
john@example.com = john.doe._address.example.com
Le 23/12/2010 19:40, Chris Owen a écrit :
On Dec 23, 2010, at 12:35 PM, mouss wrote:
do you really think there is a need to list email addresses? if yes,
then may be you can define a subset instead of all possible addresses.
after all, spammers don't use all possible representations, do
Le 13/12/2010 23:45, Martin Gregorie a écrit :
On Mon, 2010-12-13 at 22:19 +0100, mouss wrote:
Le 13/12/2010 10:38, Martin Gregorie a écrit :
As others have said, it depends who sent it and why. Invitations sent
specifically by people who know you aren't spam, but I've heard it said
several
is, if we know it's an linkedin invitation, if we need to
verify DKIM at all ;)
depends on your users.
if it's your own hobby mail system, you can block linkedin, facebook,
twitter, hotmail, yahoo, ... etc. nobody will complain ;-p
mouss wrote:
the sample posted by Michelle came to her via
:04, Matus UHLAR - fantomas a écrit :
now the question is, if we know it's an linkedin invitation, if we need to
verify DKIM at all ;)
On 13.12.10 09:52, mouss wrote:
depends on your users.
if it's your own hobby mail system, you can block linkedin, facebook,
twitter, hotmail, yahoo, ... etc
Le 13/12/2010 15:33, Matus UHLAR - fantomas a écrit :
Michelle Konzack wrote:
300-500 INVITE spams per day from more than 400 socialnetworks
worldwide is realy annoying or better, I would call it
terrorism.
On 12.12.10 22:03, Per Jessen wrote:
Just reject them all?
Matus UHLAR - fantomas
Le 13/12/2010 11:30, Michelle Konzack a écrit :
Hello Per Jessen,
Am 2010-12-12 22:03:34, hacktest Du folgendes herunter:
Michelle Konzack wrote:
300-500 INVITE spams per day from more than 400 socialnetworks
worldwide is realy annoying or better, I would call it terrorism.
Just reject
Le 13/12/2010 10:38, Martin Gregorie a écrit :
On Mon, 2010-12-13 at 08:17 +0100, Per Jessen wrote:
mouss wrote:
the sample posted by Michelle came to her via a debian list. debian
lists are open (no subscription required) and thus attract a lot of
spam.
And whilst invitations such as those
Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit :
How does it work?
I just got blocked by the ATT's blacklist (in contacting ab...@att.com,
besides...), but I'm pretty sure my MX is not an open relay or other kind of
nifty thing.
Maybe ATT blocks whole address bunches from which some hosts
is a public mail. I'm going to zero the
corresponding rules (I prefer false negatives, which help improving
local rule, over false positives, exceptionally when I can't explain
why).
= FP sample
Return-Path: websecurity-return-7218-mouss=ml.netoyen@webappsec.org
Delivered
Le 07/10/2010 23:28, John Hardin a écrit :
On Thu, 7 Oct 2010, Karsten Br�ckelmann wrote:
On Thu, 2010-10-07 at 11:11 +0200, Shlomi Fish wrote:
before I unsubscribe I should note that the incoming messages from
this list
should have an Unsubscribe / How-to-get-help footer at teh bottom of
Le 17/09/2010 00:34, Karsten Bräckelmann a écrit :
[snip]
I had in amavis-conf:
$final_spam_destiny = D_BOUNCE;
$final_banned_destiny = D_BOUNCE;
should be much better like this:
$final_spam_destiny = D_REJECT;
$final_banned_destiny = D_REJECT;
It was default with
Le 16/08/2010 15:53, Bowie Bailey a écrit :
On 8/14/2010 5:51 PM, mouss wrote:
Le 12/08/2010 00:37, Karsten Bräckelmann a écrit :
On Wed, 2010-08-11 at 17:30 -0400, Bowie Bailey wrote:
In case anyone else is following this...
The sa-update process made things a bit more complex than
Le 12/08/2010 00:37, Karsten Bräckelmann a écrit :
On Wed, 2010-08-11 at 17:30 -0400, Bowie Bailey wrote:
In case anyone else is following this...
The sa-update process made things a bit more complex than simply
renaming the file after updates. If that's all you do, then sa-update
loses
Kai Schaetzl a écrit :
Thomas Höhlig wrote on Tue, 06 Apr 2010 14:24:58 +0200:
Can anyone tell me where i can find the option to deactivate the
answer-mail.
Ask on the sa-exim list.
yes. and make sure not to confuse reject (say go away) with bounce
(accept message, then later send a
Giampaolo Tomassoni a écrit :
It seems that the yerp.org www server is irresponsive.
To my knowledge, that server was hosting the sought.rules.yerp.org update
channel.
Anybody knows if it is a transient problem or if that channel moved
elsewhere?
it was working yesterday. most probably
pm...@email.it a écrit :
Hi, in this page: http://wiki.apache.org/spamassassin/BayesInSpamAssassin
i read: *
Do not* train Bayes on different mail streams or public spam corpora.
These methods will mislead Bayes into believing certain tokens are
spammy or hammy when they are not.
So, i
dar...@chaosreigns.com a écrit :
On 02/13, Matus UHLAR - fantomas wrote:
So the only effect of MTX should be confirmation that a machine may send
mail?
Yes.
So why the complicated check for DNS record combining DNS name and IP?
Why not simply requesting that machine has a mail or smtp
Jason Bertoch a écrit :
On 1/18/2010 6:38 PM, mouss wrote:
David B Funk a écrit :
On Wed, 13 Jan 2010, Jason Bertoch wrote:
Can a list admin disable the spamassas...@hundredacrewood.willspc.net
account as we're still getting bounces?
Original Message
Subject: Delivery
jdow a écrit :
From: Christian Brel brel.spamassassin091...@copperproductions.co.uk
Sent: Wednesday, 2010/January/13 07:40
On Wed, 13 Jan 2010 16:17:31 +0100
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
On Wed, 13 Jan 2010 09:39:34 -0500
Jason Bertoch ja...@i6ix.com wrote:
Can a
David B Funk a écrit :
On Wed, 13 Jan 2010, Jason Bertoch wrote:
Can a list admin disable the spamassas...@hundredacrewood.willspc.net
account as we're still getting bounces?
Original Message
Subject: Delivery Status Notification (Failure)
Date: Wed, 13 Jan 2010
Callum Millard a écrit :
I'm sure there's a straight forward way of doing this, but after several of
hours searching, I can't find it.
The problem is spam with a faked 'From:' field. Spammers are sending e-mails
to our domain with the 'From:' field set to a valid e-mail address from our
R P Herrold a écrit :
On Fri, 8 Jan 2010, mouss wrote:
you can query DNS to get the version of the rules. for example:
$ host -t txt *.2.3.updates.spamassassin.org
*.2.3.updates.spamassassin.org descriptive text 895075
(2.3 is the reverse of 3.2, which corresponds to the SA version you
clem...@dwf.com a écrit :
How do I tell if sa-update is actually running?
I mean, yes, I can run it by hand and get no error messages, and with -D
I dont see any problems, still I feel that my stuff isnt current, and that
there
should be an update.
Should I be getting a message in
jdow a écrit :
At least one well respected ninja sort from this list is also a
volunteer SANS Internet Storm Cellar operator. These folks do not seem
to be in the least inexperienced in the ways of malware and malware
delivery. That is why I take that diary entry at face value.
maybe I'm
jdow a écrit :
http://isc.sans.org/diary.html?storyid=7780
It can be quite frustrating to run an ISP and comply with the often
arbitrary, strange, and I suspect contradictory demands of the likes
of SORBS and Trend Micro. An ISP Abuse handler vents in this article.
from the text, there is
jdow a écrit :
[snip]
Per a discussion off the list the $20 is, as mentioned, pretty much a
captcha and as the web site declares, an inoculation against domain
tasting or 10 for a dollar .cn domains. The thousands of names
registration isn't going to get through either ReturnPath or
Bill Landry a écrit :
Christian Brel, AKA rich...@buzzhost.co.uk (among other aliases), is
back...
Bill
he switched MUA, but forgot to switch helo and get a different IP range...
Received-SPF: softfail (nike.apache.org: transitioning domain of
Luis Daniel Lucio Quiroz a écrit :
Hi all,
Again me, Well, in the security scope i use a principle that states that you
souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7
problem that is used to fixed with a Layer 3 solution (RBL).
I'd like a brainstorm to
Warren Togami a écrit :
I am trying to reconfigure my postfix server to get rid of false
positives in the masschecks.
* I run my own postfix server at example.com.
* Several of my users have IMAP accounts on my server. They send their
outgoing mail via my server with SMTP-after-IMAP. This
Steve Prior a écrit :
I started getting spam that was distinctive for having two boxes - one
Email Security Information and one Privacy Policy and viewing source
indicated the mails came from a server at noave.net 74.63.109.*.
I blocked 74.63.109.* and the spam stopped for a while, but I
Quanah Gibson-Mount a écrit :
--On Monday, October 05, 2009 11:50 PM +0200 mouss
mo...@ml.netoyen.net wrote:
Thomas Mullins a écrit :
We have been running Spamassassin for maybe eight years now. But, my
coworkers do not like OpenSource. So they have finally complained
enough that my boss
Thomas Mullins a écrit :
We have been running Spamassassin for maybe eight years now. But, my
coworkers do not like OpenSource. So they have finally complained
enough that my boss is going to replace our reliable
FreeBSD/Spamassassin boxes. They are planning on purchasing something
that
RW a écrit :
On Sun, 04 Oct 2009 15:53:34 +0200
Yet Another Ninja sa-l...@alexb.ch wrote:
why lastexternal ?
would you expect ham traffic from those IPs? and want to loose deeper
header parsing?
Right, although I doubt this list is going to be much use for
SpamAssassin. With zen
RW wrote:
On Fri, 02 Oct 2009 00:14:52 +0200
mouss mo...@ml.netoyen.net wrote:
RW wrote:
The term false-positive can apply to any test. A test for ham
that matches a spam is a false-positive, it's a matter of context.
spam too can be (re)defined. and actually any term. but it is assumed
Karsten Bräckelmann wrote:
On Fri, 2009-10-02 at 00:08 +0200, mouss wrote:
Karsten Bräckelmann wrote:
False positive. Something, that matches (positive) the criterion for a
certain test, but should not (false).
I stand to what I said.
I'm not surprised:)
you can certainly devise
Karsten Bräckelmann wrote:
On Wed, 2009-09-30 at 23:35 +0200, mouss wrote:
Warren Togami wrote:
I scanned my spam folders and found a few false positives that hit on
either DNSWL
FP with DNSWL?
FP = False Positive = legitimaite mail tagged as spam
DNSWL = Whitelist
False positive
RW wrote:
On Wed, 30 Sep 2009 23:35:31 +0200
mouss mo...@ml.netoyen.net wrote:
Warren Togami wrote:
I scanned my spam folders and found a few false positives that hit
on either DNSWL
FP with DNSWL?
FP = False Positive = legitimaite mail tagged as spam
DNSWL = Whitelist
The term
Warren Togami wrote:
I scanned my spam folders and found a few false positives that hit on
either DNSWL
FP with DNSWL?
FP = False Positive = legitimaite mail tagged as spam
DNSWL = Whitelist
if your system adds points because of dnswl, you have a serious problem. ..
or do you mean FN
LuKreme a écrit :
On 3-Sep-2009, at 15:33, mouss wrote:
check_helo_hostname_access hash:/etc/postfix/access_host
If but this in my smtpd_helo_restrictions (with a warn_if_reject for
right now), but where in the smtpd_recipient_restrictions do you
recommend putting
Justin Mason a écrit :
In fairness, they got in touch to ask for help in setting up a more
recent SA, but none of us (ie the PMC) had the spare cycles to help
out. Comparative third-party tests like this always take a lot of
hand-holding. We don't have the same kind of marketing budget as
Clunk Werclick a écrit :
On Thu, 2009-09-03 at 01:36 -0400, Sahil Tandon wrote:
On Thu, 03 Sep 2009, Clunk Werclick wrote:
I'm starting to see plenty of these and they are new to us:
zgrep address not listed /var/log/mail.info
Sep 3 05:26:59 : warning: 222.252.239.56: address not
Dan Schaefer a écrit :
Karsten Bräckelmann wrote:
On Fri, 2009-08-21 at 08:06 -0400, Dan Schaefer wrote:
Any ideas about this one, besides adding a score to match the subject?
Probably not a smart idea, since you insist on re-using that very
subject for your list post...
That
Gary Smith a écrit :
Read the top of the rulesemporium site:
http://www.rulesemporium.com/
SARE rules aren't being updated. Hence, sa-updating them is pointless.
Is it still recommended to run the SARE rules?
you should use
90_2tld_cf_sare_sa-update_dostech_net
to avoid querying
Matus UHLAR - fantomas a écrit :
On 19.08.09 00:48, mouss wrote:
The name of the rule is worng, but the result is ok. Instead of
dynamic, I suggest: UMO for Unidentifiable Mailing Object. whether
static-ip- is static or not doesn't matter. a lot of junk comes from
such hosts, and we can't
pattern to me.
On 19.08.09 00:48, mouss wrote:
The name of the rule is worng, but the result is ok. Instead of
dynamic, I suggest: UMO for Unidentifiable Mailing Object. whether
static-ip- is static or not doesn't matter. a lot of junk comes from
such hosts, and we can't report/complain
Bob Proulx a écrit :
The following header line:
Received: from static-96-254-126-11.tampfl.fios.verizon.net [96.254.126.11]
by
windows12.uvault.com with SMTP; Wed, 12 Aug 2009 08:26:40 -0400
Hits the HELO_DYNAMIC_IPADDR rule. I tested it this way:
$ perl -le 'if
Marc Perkel a écrit :
http://www.sdsc.edu/~jeff/spam/cbc.html
It appears from Jeff's Blacklists Compared list the Barracuda has
overtaken spamhaus for the #1 position. Not sure about the accuracy of
the list as compared to spamhaus but seams reasonably good to me. I
don't really count apews
LuKreme a écrit :
On 16-Aug-2009, at 18:03, Chris wrote:
Received: from spam05.embarq.synacor.com (LHLO
smtpout01.embarq.synacor.com) (10.50.1.5) by md29.embarq.synacor.com
with LMTP; Sun, 16 Aug 2009 19:19:56 -0400 (EDT)
LMTP? Seriously? Does anyone use that? Well, yes, evidently.
of
Chris a écrit :
I keep seeing this when running some messages throught spamassassin -D
-t. Is this having an effect on whether or not short circuit works?
received-header: unparseable: from spam01.embarq.synacor.com (LHLO
smtpout01.embarq.synacor.com) (10.50.1.1) by md29.embarq.synacor.com
Terry Carmen a écrit :
On Sat, 1 Aug 2009 19:33:40 -0400
Terry Carmen te...@cnysupport.com wrote:
The backscatter would not have been received, since the sender is on
a number of RBLs.
It's the IP address of the botnet PC that's on the RBLs, the backscatter
doesn't come from there, it comes
twofers a écrit :
So what makes a spammer want to use a valid email address as a return or
reply-to address to catch all the undeliverable, failure and bounced
email that occures when sending UBE spam.
this is to beat those who use sender verification/sender
callout/(whatever you name it).
Steven W. Orr a écrit :
On 07/26/09 20:01, quoth RW:
On Sat, 25 Jul 2009 18:07:12 -0400
Michael W. Cocke cocke.mich...@gmail.com wrote:
There doesn't seem to be a web interface to subscribe/unscribe from
this list. The email address
users-unsubscr...@spamassassin.apache.org complains
snowweb a écrit :
I don't know about anyone else, but I'm getting a bit hacked of with this
1980's style forum. I'm trying to get to the bottom of an SA issue and this
list/forum thing is giving me a bigger headache than SA!
Spamassassin has more than one or two users now and I personally
Mike Cardwell a écrit :
Henrik K wrote:
Good for you. I've signed up for many mailing lists AND forums. There is
nothing inherently better or worse in either of them,
No that's wrong, they're quite different and both have advantages and
disadvantages.
so, it's YES, not NO. Henrik said
Paweł Tęcza a écrit :
Hello Folks,
Did you also get many spams from United-MAP, a dynamic company with
rapid development, with a united team of professionals in its core.? :)
Or maybe this new spam flood is only Poland targeted?
or maybe we don't see them because they come from clients
Pietro a écrit :
In my installation, SA is called by Postfix. Any idea? Thanks in advance.
This is really a postfix question. Follow up on the postfix-users list
if needed.
you can skip filtering using header_checks. for example
/^X-Spam-Status: Yes/ FILTER smtp:[127.0.0.1]:10025
assuming
Mike Cardwell a écrit :
Just checking through my Spam folder and I came across a message that
contained this in the html:
a target=_blank
href=http://www.kanotiser.se/images/logo.html;https://www.paypal.co/us/webscr.php?cmd=_login-runcmd=_secure
/a
Yet, there was no mention of this
Jari Fredriksson a écrit :
snip
did you see this:
This is really a postfix question. Follow up on the
postfix-users list if needed.
did you see that?
[snip]
Got the following error, when tried that. I'm using stock postfix on Debian
Lenny w/ backports.
postfix/cleanup[1602]:
Martin Gregorie a écrit :
put any custom rules in the database, and modify the spamd? start
scripts to write the custom rules to flat files. modify your update
program to signal a spamd reload every time you modify the rules, or,
use unison. we use unison (not for our VPS spam clusters) but
Evan Platt a écrit :
At 11:22 AM 7/16/2009, you wrote:
I have a postfix/SA setup and I was wondering if anyone knew how to
COPY an email marked as spam instead of redirecting.
Not this:
/^X-Spam-Flag: YES/ REDIRECT spam...@example.com
if you use amavisd-new, configure it to add a +spam
Jari Fredriksson a écrit :
I tried with this:
-(local.cf)---
internal_networks 10.0.0.0/8
trusted_networks 10.0.0.0/8 127.0.0.1
trusted_networks 212.16.98.0/24 212.16.100.0/24 62.142.0.0/16 195.197.172.98
trusted_networks 195.74.0.0/16 213.192.189.2/24 217.30.188.0/24
Jari Fredriksson a écrit :
[snip]
when I put your lines in my config, I only seethe
127.0.0.1/32 warning.
It looks like SA itself configured the trusted.
I removed both the 127.0.0.1 AND 10/8 and this is happy again. It seems to
configure the internal networks as trusted
MrGibbage a écrit :
I have read the help pages for those two settings over and over, and I guess
I'm just not smart enough. I can't figure out what I should put for those
two settings. Can one of you give me a hand by looking at the headers from
an email? I can tell you that my SA
Jari Fredriksson a écrit :
MrGibbage a écrit :
#ps11651.dreamhostps.com and pelorus.org
internal_networks 75.119.219.171
trusted_networks 75.119.219.171 #I think this is wrong
no, it is not wrong. the documentation says:
Every entry in internal_networks must appear in
trusted_net-
Cory Hawkless a écrit :
Hi all,
Been doing some reading on RegEx and even coming from a programming
background it is a bit intimidating, my problem is I haven’t been able
to find a good source of information on exactly what\how SpamAssassin
matches the RegEx rules when scanning and
James Wilkinson a écrit :
mouss wrote (about the PBL):
stop spreading FUD. if you know of false positives, show us so that we
see what you exactly mean.
a lot of people, including $self, use the PBL at smtp time.
As usual, it depends on your definition of “false positive”.
fully agreed
Charles Gregory a écrit :
On Wed, 24 Jun 2009, Matus UHLAR - fantomas wrote:
somewhat hesitant to use spamcop as our own servers once had a brief
listing with them (and it wasn't due to spam).
Got more info?
Sadly, we're dealing with my aging memory. :)
While I cannot remember precisely,
Res a écrit :
On Tue, 23 Jun 2009, mouss wrote:
payment were only needed for spam, not for dul
not really :) despite what their site said/says.. its kind of a
detterent i think sunno we never paid
This is wrong. if you have evidence, show it. if not, stop spreading
rumours. I have
Charles Gregory a écrit :
On Mon, 22 Jun 2009, rich...@buzzhost.co.uk wrote:
Really? Personally I find the PBL just kicks its ass.
When I did my research for setting up RBL's, I found old comparisons
between RBL's that seemed to indicate that the spamhaus PBL and the
spamcop lists had
Gary Smith a écrit :
If you follow the unlisting proceedure and meet all of the requirements, then
you get unlisted. As with all things, it just takes a little patients.
After converting my IP's over from my ISP to my DNS servers, I was listed
(because the ISP no longer listed us a
Michael Scheidell a écrit :
spam, with a url link in it that opens up a yahoo.com web mail page and
asks for yahoo.com credentials.
don't know how that can help spammer, unless spammer is looking to only
get email from yahoo.com users.
see line 119 (highighted)
John Hardin a écrit :
On Fri, 2009-06-19 at 09:24 -0700, John Hardin wrote:
On Fri, 2009-06-19 at 16:21 +0200, Paweł Tęcza wrote:
body AE_MEDS35 /w{2,4}\s{0,4}meds\d{1,4}\s{0,4}(?:net|com|org)/
I've just noticed missing 'i' switch for your rule regexp. Is it a bug
or a feature? :)
That
Bowie Bailey a écrit :
I couldn't find any place on junkmailfilter website to report this, so
I'll put it here.
I received a 419 scam email with this whitelist hit:
so what? I keep getting 419 from google, yahoo, ... but they are still
whitelisted.
and anyway, fighting 419 is not easy.
Bill Landry a écrit :
Res wrote:
On Sat, 13 Jun 2009, Charles Gregory wrote:
On Sun, 14 Jun 2009, Res wrote:
Though now its Sunday, I have socialising to do, and none of that
includes sitting on mailing lists listening to cry babies who expect
people involved in OSSP's to drop everything
David Gibbs a écrit :
Bill Landry wrote:
This may be true if the sender were adding the footer before signing and
sending the message to the list. However, not true if it's the mailing
list that is adding the footer after the original sender has already
signed the message.
As I understand
RW a écrit :
On Sun, 14 Jun 2009 13:20:21 +0200
mouss mo...@ml.netoyen.net wrote:
I am not as convinced as you:
- this modifies the body, thus breaking signatures. when mail gets
back to the same domain (sender and final recipient in same domain),
this may cause problems. I agree
Bill Landry a écrit :
Bill Landry a écrit :
Res wrote:
On Sat, 13 Jun 2009, Charles Gregory wrote:
On Sun, 14 Jun 2009, Res wrote:
Though now its Sunday, I have socialising to do, and none of that
includes sitting on mailing lists listening to cry babies who expect
people involved in
David Gibbs a écrit :
LuKreme wrote:
The unsubscribe link is right there in plain sight. Whether Gmail
conceals it from you has nothing to do with it.
Few consumer mail clients (Gmail, Yahoo, Thunderbird, OE, Outlook,
Lotus/Domino, etc) show the user headers by default. This means they
David Gibbs a écrit :
mouss wrote:
- this modifies the body, thus breaking signatures. when mail gets back
to the same domain (sender and final recipient in same domain), this may
cause problems. I agree that many lists do break signatures so the
receiving site should cope with this, but I am
Yet Another Ninja a écrit :
On 6/14/2009 10:48 PM, Justin Mason wrote:
http://log.perl.org/2009/06/email-issues-org-blocked-now-fixed.html
anyone know what URIBL provider this was?
--j.
Wouldn't we all have noticed if this would have been the case?
not if they use some unknown uri
1 - 100 of 1228 matches
Mail list logo