Hi.
I'm new to the list (but not spam fighting), so please bear with me.
I recently installed mimedefang-2.54 (thanks Axel for making the necessary
Perl modules available as .rpms) on FC3.
I made the following changes to mimedefang-filter, adding:
my %badnetworks = {
'58.71.0.0/17' =>
Matt Selsky wrote:
If you want to have a full-on layered permissions scheme (where the action
applies to the smallest containing subnet) you could store a more complicated
hash...
You could also use a Patricia trie to find the smallest matching
network.
See http://search.cpan.org/~pl
[EMAIL PROTECTED] wrote:
Matthew.van.Eerde wrote:
If you want to have a full-on layered permissions scheme (where the action applies to the smallest containing subnet) you could store a more complicated hash...
[snip]
I thought about all of this, by the way... And then remembered that
[EMAIL PROTECTED] wrote:
Philip Prindeville wrote:
I thought about all of this, by the way... And then remembered that
some networks are made of two or more adjacent CIDR blocks, but of
unequal size, or not aligned (mergeable). Look at:
'212.145.160.0/21' => 'REJECT&
Joseph Brennan wrote:
You will reject legitimate mail from variously misconfigured servers.
They will tend to be run by nonprofits and small businesses. Remember
that the purpose of the exercise is not be RFC cop but to cut down on
spam. I think you'll have to back off rejecting these and have
[EMAIL PROTECTED] wrote:
I don't see why this is a problem... can't Patricia handle unmergeable
neighbors as seperate entries?
Well, yes. But I was hoping to add support for address ranges as
well... I.e. "212.145.160.0-212.145.223.255" (since that's how some
of them are stored in the vari
Joseph Brennan wrote:
We score for bad $Helo and sometimes we reject when a message has other
spammy features. Whenever I get a report of this, it always turns out
to be some small-scale operation like a club, a church, a museum, one
guy sending newsletters, etc. Why? I suppose because larger
Jan Pieter Cornet wrote:
So? Net::CIDR::Lite to the rescue:
$ perl -MNet::CIDR::Lite -le \
'print join("\n",
Net::CIDR::Lite->new("212.145.160.0-212.145.223.255")->list)'
212.145.160.0/19
212.145.192.0/19
I'll have a look at this. In the meantime, a different issue. I've
peppered m
David F. Skoll wrote:
Or, the original poster may be invoking mimedefang without the "-r"
option, in which case filter_relay is never called.
Regards,
David.
So MX_SENDER_CHECK and MX_RELAY_CHECK need to be set
to "yes" in /etc/sysconfig/mimedefang...
-Philip
David F. Skoll wrote:
Or, the original poster may be invoking mimedefang without the "-r"
option, in which case filter_relay is never called.
Regards,
David.
I wasn't paying attention, apparently, that the default config in
/etc/sysconfig/
didn't include sender and relay checking. Or pe
BTW: Are there patches to support calling filter_helo directly, rather
than bundling it as part of filter_sender?
Here's why: certain sites that don't get a lot of external mail but do
need to be "open" to the outside all the same (and no email addresses on
these machines are published in any w
[EMAIL PROTECTED] wrote:
Philip wrote:
I've attached what I've got now in place. Next I'll try to integrate
Net::CIDR.
Can you add this to the wiki too (for posterity?)
http://www.mimedefang.org/kwiki/
I can run it for a bit and see how well it works, do some fine tuning,
and ga
David F. Skoll wrote:
Philip Prindeville wrote:
BTW: Are there patches to support calling filter_helo directly, rather
than bundling it as part of filter_sender?
Not that I'm aware of.
Here's why: certain sites that don't get a lot of external mail but do
need
Kevin A. McGrail wrote:
Philip:
Some follow-up on your work because it mimics a lot of mine (and much
of that worked helped greatly by Joseph Brennan, Les Miksell, Mark
Damrose, Matthew van Eerde and Jan Pieter Cornet).
A) localhost tests will fail for people using norton antivirus.
B) all/
Jan Pieter Cornet wrote:
On Tue, Jan 10, 2006 at 07:11:35PM -0700, Philip Prindeville wrote:
This seems like pretty weak security to me. Is there a valid reason for
having sites answer to an EXPN or VRFY?
Agreed that it's weak security: some legacy management software requir
I'm tired of getting Paypal notifications... And eBay, since I don't use
either.
Any pointers to filters for select message headers? Or is that
something that's
more typically done in SpamAssassin instead?
-Philip
___
NOTE: If there is a disclaime
Perhaps the easiest thing in the world to spoof is the Date: line, and
yet some people manage to botch that up...
--- Begin Message ---
その名の通り完全無料で直電交換&直電閲覧ができるよん♪
http://www.awg5.net/?ts1
メールでダラダラする必要無し!
☆電話で即決だから間違い無し!
☆もちろんメールを読むのも送るのも完全無料♪
☆メールにするも良し!電話にするも良し!貴方次第でどうにでもしてね♪
http://ww
Perhaps the easiest thing in the world to spoof is the Date: line, and
yet some people manage to botch that up...
Message-ID: <[EMAIL PROTECTED]>
To: philipp_subx <[EMAIL PROTECTED]>
Subject: =?ISO-2022-JP?B?GyRCJDwhQSRzJFYhIiU/JUAbKEI=?=
=?ISO-2022-JP?B?GyRCJEAkaCJ2GyhCKF5eKXYbJEJCKDdoG
I remember seeing something that there's a bug in sendmail that might
stop a "filter_helo" from working. Anyone have the specifics of this?
Like what the behavior is, and in what version of sendmail it was
fixed?
I'm running 8.13.1 on FC3, and Mimedefang 2.54. I'll post the patch
for testing wh
I'd like to propose the following patch, as a prequel to the
posting of an amended mimedefang-filter on the Wiki...
--- redhat/mimedefang-spec.in.bak 2004-09-21 19:50:36.0 -0600
+++ redhat/mimedefang-spec.in 2006-01-13 15:51:55.0 -0700
@@ -138,16 +138,17 @@ Release:
Richard Laager wrote:
On Fri, 2006-01-13 at 15:54 -0700, Philip Prindeville wrote:
I'd like to propose the following patch, as a prequel to the
posting of an amended mimedefang-filter on the Wiki...
If your changes are only going on the Wiki, then adding a Requires to
the mimed
Well, the question then becomes is should the shipped .spec file support
all of the example config files and scripts as well?
-Philip
Damrose, Mark wrote:
If your filter example post to the Wiki requires Net-CIDR-Lite, state that in
your Wiki entry. Those who want to use your code can load t
David F. Skoll wrote:
filter_helo is one thing, but adding a dependency on Net::CIDR::Lite
is probably not in the cards. One of the biggest complaints from
people who've tried MIMEDefang is the number of Perl modules it
requires. I really hesitate to make another absolute dependency; I'd
rathe
Damrose, Mark wrote:
FYI: I added an example of using Net::CIDR::Lite to the Helo testing
wiki at http://www.mimedefang.org/kwiki/index.cgi?UseHeloToCatchSpam
Hmm Found some issues (shortcomings, whatever) with the API to
Net::CIDR::Lite.
First is that when you pass it bad param
Apparently, they're not running a very tight ship. I'm seeing:
Jan 15 15:16:04 mail sendmail[17255]: NOQUEUE: connect from
cernmx08.cern.ch [137.138.166.172]
Jan 15 15:16:04 mail sendmail[17255]: AUTH: available mech=DIGEST-MD5
ANONYMOUS
CRAM-MD5, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-
Working on adding filter_helo support...
Hmmm... I'm looking at MXRelayOK, MXSenderOK, MXRecipientOK, etc.
and wondering about why there's duplication of both passing the same
arguments
again (ip, name, helo, etc)... As well as duplicating the validation
logic for
arguments...
Inquiring min
Quick question...
I was wondering about moving the:
write_mx_command(data->cmdFD, 'E', (unsigned char *) data->heloArg);
into the helo() function from envfrom() instead... but I'm not sure at
what point
the file is opened and can be written to... currently that happens in
envfrom()
too,
Ok, some progress... I've installed the package, I'm running it currently.
Anyone have any comments on it?
Thanks,
-Philip
--- examples/init-script.in.bak 2005-10-14 10:16:27.0 -0600
+++ examples/init-script.in 2006-01-17 00:58:34.0 -0700
@@ -39,16 +39,19 @@ [EMAIL PROTECTED]@
Jan Pieter Cornet wrote:
On Tue, Jan 17, 2006 at 02:15:25AM -0700, Philip Prindeville wrote:
Ok, some progress... I've installed the package, I'm running it currently.
Anyone have any comments on it?
Yes: why do you remove the HELO argument in filter_sender? This me
Jan Pieter Cornet wrote:
Also, your code assumes you cannot call smfi_setreply in the helo()
callback, but that assumption is wrong. At least, it is according to
the milter API documentation. It's probably very useful to set a reply
after HELO!
Ok, here are part of the revised diffs to m
David F. Skoll wrote:
But it breaks existing filters; we need the helo arg back.
And there's a good reason to pass HELO in filter_sender (and
filter_recipient, for that matter): You may WANT to defer your
HELO processing until later. Our commercial products, for
example, let individual recipien
Jan Pieter Cornet wrote:
>Also, your code assumes you cannot call smfi_setreply in the helo()
>callback, but that assumption is wrong. At least, it is according to
>the milter API documentation. It's probably very useful to set a reply
>after HELO!
>
Ok, here are part of the revised diffs to mi
David F. Skoll wrote:
Not in filter_sender if we use your patch, unless we parse the
commands file manually.
If you re-work your patch to leave filter_sender as it was, I will
include it in the official release.
Here's the patch again. I was hoping to get some answers about the
set_dsn()
David F. Skoll wrote:
(Btw, I've noticed that almost no patch submitters remember to update
the man pages! :-))
Not true! ;-)
I updated the man page, but that also included edits for changing
filter_sender(),
which I then had to back out...
-Philip
Seems to be working:
Jan 17 08:10:01 mail sendmail[24471]: NOQUEUE: connect from
san-cust-208.57.14.2.mpowercom.net [208.57.14.2]
Jan 17 08:10:01 mail sendmail[24471]: AUTH: available mech=DIGEST-MD5
ANONYMOUS
CRAM-MD5, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Jan 17 08:10:
Give me 3 hours to bang out some updates to the man page.
-Philip
MIMEDefang 2.55-BETA-3 is available at http://www.mimedefang.org/node.php?id=1
The biggest change since BETA-2 is support for the filter_helo function,
courtesy of Philip Prindeville. Please note that in my tests with
I was looking at this module, and noticed a couple of short-comings.
(1) it doesn't return a failure code, only blurts a message via "confess"
with things go wrong;
(2) it doesn't allow you to save a pointer into each address block/range
and then retrieve it later and allow you to use it as
Philip Prindeville wrote:
Anyone want to work with me on getting patches worked out, tested,
and integrated into the next version? I can attach what I've done so
far...
Hold off on this... I ran a regression suite, and found that I had
introduced a bug in this... I'm reworking
Can anyone point me to a guide for creating SSL certificates and sharing
them between Sendmail and Thunderbird clients?
I'd like to test the various authentication info in filter_sender...
Thanks,
-Philip
___
NOTE: If there is a disclaimer or other l
David F. Skoll wrote:
Doh! I forgot. I added it to the generic startup script, but
not the Red Hat ones. Thanks to all the beta testers who caught that! :->
Actually, that should have been in the original set of diffs that I
submitted.
They must have gotten dropped somewhere along the
I was wondering if we could update the HOWTO pages to describe
installing Mimedefang and Spamassassin both on a system, so that
the former is run, then the latter, or incoming email.
I'd like to be able to reject mail that fails certain tests, like containing
Hebrew, Cyrillic, and Han character s
Hmmm I was wondering if we might want to call
ioctl(..., SIOCGIFCONF...) followed by SIOCGIFADDR to get the list
of our IP addresses... So we can do some filtering on people claiming
to be us.
I.e. if someone connects to me and says "helo 71.36.29.88" then I know
for a fact that they aren't
I've noticed that I've been getting email lately that looks like:
Return-Path: <[EMAIL PROTECTED]>
Received: from omc1-s35.bay6.hotmail.com (omc1-s35.bay6.hotmail.com
[65.54.248.237])
by mail.redfish-solutions.com (8.13.1/8.13.1) with ESMTP id k0REdJbh004285
for <[EMAIL PROTECTED]>; Fri
David F. Skoll wrote:
http://search.cpan.org/~tpaba/Net-Ifconfig-Wrapper-0.09/
Too heavy weight. Requires a fork/exec for each iteration.
Easier to just do some ioctl()'s.
Too many false-positives. We own a measly 8 IP addresses where our
colo box sits. If you block us because someone
David F. Skoll wrote:
Philip Prindeville wrote:
From Perl? But the whole thing's pretty silly anyway -- unless your
server is very unusual, you can hard-code its IP address(es) in your
filter.
Well, there are a few reasons:
(1) it makes it turn-key so that neophytes can use it
This is what I came up with. It's been tested on both 32-bit and 64-bit
Linux (amd64).
If you call IfAddrs::get() and you only get a single interface name/address
pair, test it via isunroutable(). If the address ISN'T unroutable, then you
shouldn't be seeing anyone connecting to you with this a
David F. Skoll wrote:
Neophytes shouldn't attempt to use MIMEDefang. Anything that pretends
to make MIMEDefang usable by neophytes is a bug, not a feature, IMO. :-)
Well, you can know something about email, even Perl scripting, and not know
of a better way to get IP addresses than grepping
Cool. Too bad no one has written an XML way of retrieving it and
parsing it out.
-Philip
David Nelson wrote:
Another thing to check out are bogons. Bogons are networks that have
not been allocated by IANA, which means you should never see them as
they "technically" constitute a non-routabl
Ok, so who wants to cooperate on a Perl module to map IP addresses to
CIDR blocks, provider names, and country codes?
-Philip
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Except that if you're using filter_helo(), you haven't yet seen
authentication
information at that point... AUTH happens after HELO.
-Philip
James Ebright wrote:
Something else unrelated to note... if your server talks to MUAs then
you will want to exempt any user from your helo stuff that
Does everyone use the built-in scoring, or do they write their own?
I can see how, at the very least, you'd want to configure your set of
ok_locales for SA.
Perhaps the MdF (RPM) distribution could contain a set of sample
sa-mimedefang.cf.example files?
Also, instead of flagging spam, what abou
Les Mikesell wrote:
I reject values that can only be reached by my local settings
for viagra/porn, and send the rest through with the score
value arranged for easy individual filtering (the asterisk list
as the first thing in the header).
Can you post your configs and diffs?
-Philip
___
So, did the message attached below fire up because it contained the
words "porn" and "viagra"? Does that mean that not only spam, but
talking about spam, is subject to filtration? ;-)
I was going to try the config below... I'll see how it works.
I ran the spamassassin -t -x test that's in the
More confusion... Ok, I used the *CHARSET_FARAWAY tests with
scores of 5.0 in the previous email. Then I ran a message with:
Content-Type: text/plain; charset="ISO-8859-9"
even though my "ok_locales en fr" are set (so tr isn't included).
Didn't see any CHARSET_FARAWAY matches. For both "en"
I was wondering... if you take an email that's more than 3 days old,
and you do a "Redirect" (in T-Bird, i.e. a blind bounce, rather than
forwarding as an attachment... that is only Resent-To:, Resent-From:,
Resent-Date: gets added to it... ) Will is use the correct date when
figuring out the tim
Hmmm... I'm running a Linux shop here, so rarely does anyone send me
legitimately a .exe or .pif file. I was wondering about making the
following
change to the stock mimedefang-filter:
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
# ret
Alexander Dalloz wrote:
BTW: my SpamAssassin pukes at "use_terse_report 1". What version
does that apply to?
Pre SA 3.x
You may now use "remove_header all Report" to remove the verbose report.
Someone want to update the HOWTO installation instructions?
-Philip
__
David F. Skoll wrote:
One other thing I thought about: what about detecting spammers, and
then looking up the CIDR block that their address belongs to, and adding
it to a blacklist automatically in filter_relay()?
Too many false-positives. We own a measly 8 IP addresses where our
colo bo
Anybody have an example of using the Net::CIDR::Lite::spanner objects?
I haven't figured how to use these and the man page could be a bit more
expounding...
-Philip
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it
I was just thinking... We don't export any of the Sendmail variables into
the filter_helo() code:
O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits},
{cert_subject}, {cert_issuer}
What to do about that?
-Philip
___
NOTE: If there is a dis
Damrose, Mark wrote:
That wouldn't work on my system, and many others. If you do a
gethostbyname() you'll get the local unroutable address back -
since the internal and external DNS for my namespace are maintained
on separate servers.
Not if you query one of the root name servers...
If
Paul Murphy wrote:
The stock filter has a non-dangerous set of defaults. If the change you
proposed was included in the stock filter, many sites would be bouncing
important files with no indication to the recipient that anything was going
wrong.
By all means do it in your own filter, but leave
[EMAIL PROTECTED] wrote:
I think this would probably just yield the public IP address of your
DNS resolver, unless you queried the service's own DNS server
directly.
Good point. Still useful if /etc/resolv.conf is "nameserver 127.0.0.1" but
less generally useful than I had thought.
Can't
I've found some bugs and shortcomings in Net::CIDR::Lite and tried
to resolve them with the author/maintainer, but it's extremely slow going.
I don't know if some of the more wanton issues will ever get resolved.
Anyone know of a similar module that provides equivalent functionality?
Thanks,
-P
I'm seeing a lot of the following messages:
...
Feb 10 10:51:38 mail mimedefang-multiplexor[27593]: Killing idle slave 0
(pid 10777): New generation -- forcing reread of filter rules
Feb 10 10:55:51 mail mimedefang-multiplexor[27593]: Killing idle slave 1
(pid 10791): New generation -- forcing
David F. Skoll wrote:
Hmm... I'm seeing that too, and I can't for the life of me track it down.
I built a version with some more debugging code and I'll try to nail down
what's happening.
FWIW: I didn't see this with 2.54.
-Philip
___
NOTE: If
I'm not seeing it...
-Philip
*** redhat/mimedefang-init.in.bak 2006-01-20 06:09:00.0 -0700
--- redhat/mimedefang-init.in 2006-02-11 11:20:16.0 -0700
***
*** 243,248
--- 243,249
$([ -n "$SYSLOG_FACILITY" ] && echo "-S $SYSLOG_FACILITY") \
$([ "$LOG_FIL
I was wondering about how the milter code works in Sendmail,
and the fact that if the filter_helo() rejects the message, then HELO
still responds with 250 and moves to the next stage, but when
a EXPN or MAIL FROM: is seen, then Sendmail gives the
error status from the previous HELO rejection.
Give
[EMAIL PROTECTED] wrote:
>Philip Prindeville wrote:
>
>
>>Given that a filter_helo() rejection typically isn't going to be given
>>to a legitimate mailer to begin with, but to a ratware client, strict
>>conformance with the standard wouldn't seem to be that
Philip Prindeville wrote:
>Anyone familiar enough with the srvrsmtp.c code to recommend a
>patch that would allow immediate failure of the filter_helo() response
>rather than waiting for the next transition in the state machine?
>
>
Question still stands...
I was looking at
Are you interested in just what your users are using, or what is still
out there?
If the former only, then you'll want to either just look at stuff
coming in that's authenticated, or coming in on your submission port,
or else coming from your internal networks... Or on messages that
have no Receiv
Joseph Brennan wrote:
> "Kevin A. McGrail" <[EMAIL PROTECTED]> wrote:
>
>>However, this rule does trigger on the technique I sent. I want to work
>>on the nested anchor idea as well but in the meantime, I'd like to hear
>>feedback on this trigger. It seemed REALLY spammy to me. Anyone get any
>
David F. Skoll wrote:
>
> You might want to change that regexp to something like:
>
> /]{1,200}href\s{0,10}=.{0,200}(onmouseover|onmousemouse)\s{0,10}=\s{0,10}"window\.status\s{0,10}=/i
Ah, yes. Thanks. And it's "onmousemove", not onmousemouse... Sloppy
typing...
The "a", "href", and "onmous
Kevin A. McGrail wrote:
> Philip:
>
> This rule won't hit on the phishing email I was discussing. It doesn't use
> a mouseover. It uses a nested a tag to hide to real link. Thanks to
> Kenneth Porter, here's my original post:
>
> http://thread.gmane.org/gmane.comp.jakarta.tomcat.user/127749
Hi.
I'm working on a prototype mimedefang-filter example modeled after
what we've been using here with fairly good success.
A few questions before I go too far down a dead-end, however...
Any preferences in formats for config files? I was thinking of
using Config::General, but then XML seemed r
When Mimedefang calls SA, what pseudo-headers does it generate
in the message and where in the code does it insert them?
I was wondering about the recipients being inserted...
I see where the "Return-Path:" gets generated, but not the recipient
list...
-Philip
__
[EMAIL PROTECTED] wrote:
>Philip Prindeville wrote:
>
>
>>When Mimedefang calls SA, what pseudo-headers does it generate
>>in the message and where in the code does it insert them?
>>
>>
>
>See the spam_assassin_mail sub in mimedefang.pl
>
>
&
I'm looking at the code:
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
return action_drop_with_warning("An attachment named $fname was
removed from this document as it\nconstituted a security hazard. If you
require this document, please
I added a new example to the Wiki that people can download and paste
in if they wish:
http://www.mimedefang.org/kwiki/index.cgi?PhilipsWorkingFilter
Any comments are appreciated.
Thanks,
-Philip
___
NOTE: If there is a disclaimer or other legal boile
Steffen Kaiser wrote:
>On Wed, 5 Apr 2006, Philip Prindeville wrote:
>
>
>
>>I added a new example to the Wiki that people can download and paste
>>in if they wish:
>>
>>http://www.mimedefang.org/kwiki/index.cgi?PhilipsWorkingFilter
>>
>>Any co
Steffen Kaiser wrote:
>You match the TLD agains $ccpat.
>
>BTW: I don't remember where, but there is perl FAQ with entry like "how
>can I check if a value is part of an ARRAY?", the answer is like "if you
>need to ask this, you certainly have used the wrong data structure and
>should use an HAS
[EMAIL PROTECTED] wrote:
>>Anyone else have any comments about the example or the strategy?
>>
>>
>
>Very nice.
>
>
If anyone ends up using it, and/or making improvements on it, please report
your experience to me or the list. Thanks.
___
NOTE:
Dave Williss wrote:
>- Original Message -
>From: "Gary Funck" <[EMAIL PROTECTED]>
>To:
>Sent: Sunday, April 16, 2006 6:34 PM
>Subject: RE: [Mimedefang] Image validator/OCR SA plugin
>
>
>
>
>>Martin wrote:
>>
>>
>>>But problably the spammers
>>>will soon change their tricks to diff
Hi.
I'm submitting from a host behind a NATed gateway, so the
address that my machine things it is using when it says "HELO [x.x.x.x.x]"
if different from that which my local server is seeing.
The problem is that we check for address spoofing as a basic sanity
test... and it's failing (of course
[EMAIL PROTECTED] wrote:
Philip Prindeville wrote:
I'm submitting from a host behind a NATed gateway, so the
address that my machine things it is using when it says "HELO
[x.x.x.x.x]" if different from that which my local server is seeing.
Hmmm... I would say if at l
David F. Skoll wrote:
>>Except that read_commands_file isn't working. I'm seeing:
>>
>>
>
>
>
>>Apr 18 16:26:28 mail mimedefang[11357]: Error from multiplexor: error:
>>Cannot open COMMANDS file from mimedefang: No such file or directory
>>
>>
>
>Ah! I knew I had another reason for not
I've been thinking about this issue some more, and was
wondering...
Would it be easier to have to sendmail instances, one that
listens on 465 for authenticated email only, and then requeues
it locally by passing it onto the "primary" instance of sendmail,
which would apply mimedefang+spamassassin
I'm getting the following in my logs:
May 2 08:26:08 mail mimedefang-multiplexor[4571]: Slave 0 stderr:
auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot
create tmp lockfile
//.spamassassin/auto-whitelist.lock.mail.redfish-solutions.com.12480 for
//.spamassassin/au
I'm using port 465 and SSL for local submissions, and I'd like
to tweak either Mdf or SA (or both) so that if I forward (for
instance) a copy of a spam to someone outside, that I in
turn don't get my message rejected because it looks like spam.
Now, why isn't trusted_networks taking effect? Beca
[EMAIL PROTECTED] wrote:
>Philip Prindeville wrote:
>
>
>>Do we want to change the line:
>>
>>if ($Features{"SpamAssassin"}) {
>>
>>in mimedefang-filter, for instance, to skip this check if $auth_authen
>>is valid?
>>
I was wondering... Since MdF can be used to invoke SA, and it can
extract information from the headers such as a the envelope recipient
information... I was wondering about a lot of the ML's on
lists.sourceforge.net.
They get a lot of spam. Especially open forums like alsa-devel that you
don'
Kees Theunissen wrote:
[snip]
This looks like SpamAssassin having trouble to determine the home dir
of the MIMEDefang (and SpamAssassin) user when the program is launched
at boot time from the FC4 startup scripts.
Adding the line "export HOME=/path/to/defang/homedir/" (without quotes)
to the conf
Hi.
Been off working on other projects and hence haven't spent a lot of
attention to this list the last few months (sniff!), but I have more free
time lately (largely due to being made redundant, woo-hoo!).
Anyway, if these questions have been asked before, sorry.
A few issues/questions I was th
David F. Skoll wrote:
>Does Lotus Notes/Domino respect the "Precedence: list" header and not
>send auto-replies? Does it avoid sending auto-replies if the
>sender matches *-request, *-relay, *-owner, owner-*,
>postmaster, mailer and mailer-daemon? Does it add an
>Auto-Submitted: auto-replied he
David F. Skoll wrote:
>Philip Prindeville wrote:
>
>
>
>>HELO localhost.localdomain
>>
>>
>
>
>
>>from 192.150.1.3, then it will reject that the session... with a 5xx
>>message... and will also blacklist incoming connections from that
&g
Here's a clue to all of those spammers that regularly read this list
to figure out how to better defeat our counter-measures: Try to
operate under the radar.
I'm looking at the logs below, and frankly, if someone does a single
connect to my site and we reject his connection, it gets logged, but
t
I'm trying to do some stochastic analysis of stock spams and
figure out if there's a common fingerprint that can be used to
identify them...
But first, I'm bumping up against some Perl issues.
Seems that there aren't many modules out there that help
deconstruct Gif formats. I'm using Image::Info
Whoa. There's a plethora of XML modules on CPAN for parsing/
generating XML. Some modules read on, others write only... I'm
looking for something that can do either, and stores the nodes in an
internal representation that makes for intuitive/tight notation in Perl.
Any recommendations?
Thanks,
David F. Skoll wrote:
>Philip Prindeville wrote:
>
>
>
>>Any recommendations?
>>
>>
>
>Why do you want to use XML? IMO, it's a solution looking for a problem.
>
>Regards,
>
>David.
>
>
Cust
David F. Skoll wrote:
>Philip Prindeville wrote:
>
>
>
>>Any recommendations?
>>
>>
>
>Why do you want to use XML? IMO, it's a solution looking for a problem.
>
>Regards,
>
>David.
>
1 - 100 of 276 matches
Mail list logo
