It found "xon, OX" in "Aylesbury Road, Thame, Oxon, OX9 3AT"
It's an aggressive rule that finds anything that might be an
obfuscated Xanax. It only scores 0.8 points because it can produce FPs
like this.
Actually that is my private, custom score. I think the default is 2.8
or something like
It found "xon, OX" in "Aylesbury Road, Thame, Oxon, OX9 3AT"
It's an aggressive rule that finds anything that might be an
obfuscated Xanax. It only scores 0.8 points because it can produce FPs
like this.
Actually that is my private, custom score. I think the default is 2.8
or something like
On 14/11/2014 11:26, Matus UHLAR - fantomas wrote:
On 13.11.14 14:34, Giles Coochey wrote:
I avoid the distribution perl completely, and use perlbrew and
spamassassin 3.4.0 compiled from source, with a specific perlbrew
perl version I avoid breaking the version of perl that comes with the
id breaking the version of perl that comes with the system
and can satisfy all dependencies via CPAN.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Desc
On 12/09/2014 18:34, Rick Macdougall wrote:
On 2014-09-12 1:24 PM, John Hardin wrote:
On Fri, 12 Sep 2014, Reindl Harald wrote:
Am 12.09.2014 um 15:26 schrieb Giles Coochey:
On 12/09/2014 13:47, Rick Macdougall wrote:
I have used imap-sa-learn.pl for years. Works great.
Google imap-sa
On 12/09/2014 17:01, Reindl Harald wrote:
Am 12.09.2014 um 17:48 schrieb Giles Coochey:
On 12/09/2014 14:30, Reindl Harald wrote:
Wouldn't mind using it, but don't think I can get it working as my IMAP server
requires SSL
have you tried it?
these days almost anything works with S
er runs on port 993.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.netsecspec.co.uk
giles.cooc...@netsecspec.co.uk
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.c
On 12/09/2014 13:47, Rick Macdougall wrote:
Hi,
I have used imap-sa-learn.pl for years. Works great.
Google imap-sa-learn.pl to get the perl source code.
Wouldn't mind using it, but don't think I can get it working as my IMAP
server requires SSL
--
Regards,
Giles Coochey,
amassassin?
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
original input).
It is the task of what called it to act upon it.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
aside for later inspection.
For me, I use "unread / read" as a marker to whether I have actioned a
particular email and keep messages "unread" until such time that they
are dealt with.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+4
rying to be funny.:-)
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
ses...
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
elow.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
(expanded from
): unknown user: "devnull"
--
Regards,
Giles
On 20/03/2013 14:24, Axb wrote:
On 03/20/2013 02:59 PM, Giles Coochey wrote:
Hi,
I'm using spamass-milter in conjunction with spamassassin.
I've noticed that emails that are considered too large for spamassassin
to scan appear to be rejected by spamass-milter because it cannot find
Hi,
I'm using spamass-milter in conjunction with spamassassin.
I've noticed that emails that are considered too large for spamassassin
to scan appear to be rejected by spamass-milter because it cannot find a
score in the email.
I've looked at the configuration options for spamass-milter and
the available version is later
than my current version:
$ nslookup
> set type=txt
> 2.3.3.updates.spamassassin.org
Server:172.21.0.66
Address:172.21.0.66#53
Non-authoritative answer:
*2.3.3.updates.spamassassin.orgtext = "1418219"*
Any ideas?
--
Regards,
s aimed at spammers who wanted to reduce their
Spam Assassin score, and I believe it only accepts body and doesn't do
network related checks.
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
implementations have the
ability to block at (say) 12 points, tag at say 5 points (which could be
implemented to leave messages in a moderation queue) and release
everything else.
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http:
I would look at getting a datafeed:
http://www.uribl.com/datafeed.shtml [7]
Out of interest, how much
volume of email are you processing to experience this?
Are you sharing
your external IP with any other of your ISP customers? Does your ISP do
anything strange with DNS queries?
On 2012-01
On Wed, October 5, 2011 18:02, Frank Leonhardt wrote:
>
> On 05/10/2011 16:23, Giles Coochey wrote:
>> On Tue, October 4, 2011 20:59, Frank Leonhardt wrote:
>>> On 04/10/2011 19:22, Kris Deugau wrote:
>>>> Frank Leonhardt wrote:
>>>>> Here's
On Tue, October 4, 2011 20:59, Frank Leonhardt wrote:
> On 04/10/2011 19:22, Kris Deugau wrote:
>> Frank Leonhardt wrote:
>>> Here's the problem:
>>>
>>> I have a single mail server (not commercial) using sendmail to accept
>>> incoming mail from all sources, and filtering using spamassassin. It
>>
On Tue, July 19, 2011 14:50, Thomas Mullins wrote:
> We would like to start monitoring our two smtp servers. They are fairly
> busy boxes, maybe 100,000 messages a day, give or take several thousand.
> They of course run Spamassassin, Postfix is also used. We use MRTG to
> monitor internal server
On Fri, May 13, 2011 17:09, Ted Mittelstaedt wrote:
> On 5/13/2011 1:58 AM, Giles Coochey wrote:
>> Not quite - Google's retry may come from another server in a different
>> range.
>
> if it did then mail from Google would be delayed significantly, like
> 12-24 hours
On Thu, May 12, 2011 18:06, Ted Mittelstaedt wrote:
> On 5/12/2011 4:49 AM, Niamh Holding wrote:
>>
>> Hello Matus,
>>
>> Thursday, May 12, 2011, 12:11:10 PM, you wrote:
>>
>> MUf> Actyally, Michael Scheidell reported that yahoo miebehaves when
>> receiving
>> MUf> 4xx response after RCPT TO:
>>
On 25/02/2011 14:31, Giles Coochey wrote:
On 25/02/2011 14:18, James Lay wrote:
Hi folks,
So…I was sent an email that was pretty much all in Chinese…headers
below:
Date: Tue, 22 Feb 2011 13:44:37 -0700
Subject:
=?utf-8?B?Rlc6IOKWoO+8keaciOOBq+W8iuekvuOBq+WxiuOBhOOBn+aEnw==?=
=?utf-8?B
r-Encoding: base64
MIME-Version: 1.0
Any way to tag this stuff as spam? Thanks folks!
James
Unwanted Language??
e.g.
ok_languages nl en fr de it pt sco es
in local.cf
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350
igation to follow any rules.
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey
smime.p7s
Description: S/MIME Cryptographic Signature
ds existed... non-existent domain is already a standard
MTA check anyway...
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey
smime.p7s
Desc
want to
reject mails right away. I just want to "flag" them with points.
Cheers,
Henry
How do you define 'exists' - do you mean reachable and up? or just
whether a MX record is defined?
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 08
d in/
/ Debian and Redhat in March of 2010./
/ /
/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228/
I thought I committed the patch to CVS, but apparently hadn't. It's
committed now, and I'll do a release this weekend.
--
Dan Nelson
address@hidden
--
Bes
: i386
Version: 0.3.1
Release: 24.rhel5
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey
smime.p7s
Description: S/MIME Cryptographic Signature
sunsite
software on them. Yep, can't remember using DNS in those days...
Never even thought of checking MD5 checksums in those days (not sure if
they even existed!!)
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile:
ve been an idea, as long as it wasn't a
BOGON that had special uses (e.g. RFC1918), however, there are no such
BOGONs left anymore... the last allocatable IPs were given out this very
week.
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31
On 01/02/2011 15:49, Michael Scheidell wrote:
On 2/1/11 9:34 AM, Giles Coochey wrote:
On 01/02/2011 15:30, Danita Zanre wrote:
Messages from this list have been bouncing since I started enforcing
Reverse DNS lookups on my server.
Danita
Why???
Received: from mail.apache.org
e RFC-police to catch nearly all
spam and I'm sure that rejecting on a single issue or dubious fact will
affect the receipt of genuine non-SPAM messages.
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
ess: 193.79.237.39
Non-authoritative answer:
Name:hermes.apache.org
Address: 140.211.11.3
> 140.211.11.3
Server: cache0201.ns.eu.uu.net
Address: 193.79.237.39
Name:hermes.apache.org
Address: 140.211.11.3
>
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 2
Makes you wonder how many servers actually accept these messages these
days!!!
Jan 31 13:46:56 gate sendmail[28364]: p0VCkkxF028364[1]: Milter add:
header: X-Spam-Status: Yes, score=70.8 required=5.0
tests=ADVANCE_FEE_2_NEW_FORM,\n\tADVANCE_FEE_2_NEW_MONEY,ADVANCE_FEE_3_NEW,ADVANCE_FEE_3_NEW_F
On 28/01/2011 10:11, Giles Coochey wrote:
On 28/01/2011 10:02, J4K wrote:
Good morning everyone (almost the week-end),
Is X-IronPort-AV added by SA, or from something else (DCC Clamav
? )
I just noticed that all email from a certain company was flagged with
X-IronPort-AV, and I wonder
ophos.com/products/enterprise/email/security-and-control/appliances/
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey
smime.p7s
Description: S/MIME Cryptographic Signature
. it is the cause of any possible
backscatter.
Thanks
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey
smime.p7s
Description: S/MIME Cryptographic Signature
above it.
spamass-milter can reject according to SA results at the SMTP session
level. The OP mentioned that.
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
s far as I can see.
It's not too difficult to understand the source of the spamass-milter
package... that might be your best documentation and help
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Emai
TA would
make a difference, but I still don't want to take the risk.
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey
smime.p7s
Description: S/MIME Cryptographic Signature
t 24 hours for mail servers to successfully send
me mails - it's the equivalent of sealing my letterbox on Mondays,
Wednesdays and Fridays for me, and I want near-real time email
communication.
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +3
On 13/01/2011 21:06, Brendan Murtagh wrote:
Thank you all for your quick responses and suggestions. I went ahead and
adjusted the threshold from 3.00 to 5.00. I'll continue to monitor how the
server is reacting to spam as we move forward.
Thanks again for your help.
-Brendan
The method I use, a
e that for the recipient it should be like this (I didn't find
any documentation about it):
header TO1 To:name =~ /EuroPrime Casino/i
in particular (to filter the less than symbol):
header TO1 To:name =~ /\
Have you tried escaping it with \x3c ?
--
Best Regards,
Giles Cooch
ffing traffic to be sure.
Where should I be looking for a configuration difference that would cause this?
local.cf:
use_razor2 1
... I would check permisions for the razor-agent and check that it is
registered for the user that runs your site-wide spamassassin.
--
Best Regards,
Giles Co
On Thu, September 16, 2010 15:57, Martin Gregorie wrote:
> On Thu, 2010-09-16 at 13:36 +0200, Giles Coochey wrote:
>> On Thu, September 16, 2010 13:28, Martin Gregorie wrote:
>> > On Thu, 2010-09-16 at 07:28 +0200, Per Jessen wrote:
>> >> http://public.jes
On Thu, September 16, 2010 13:28, Martin Gregorie wrote:
> On Thu, 2010-09-16 at 07:28 +0200, Per Jessen wrote:
>> http://public.jessen.ch/files/mazeweb-spam.jpeg
>>
>>
> A cynic might wonder whether it also harvests valid e-mail addresses.
>
Appears to be a perfectly reputable service to me... wh
> You may setup a regexp rule in the /etc/local.cf file of your SA
> installation, but a simple rule like the one you suggest may easily yield
> FPs (False Positives, ie: non-spam messages may get into your trashcan).
>
> What if a friend of yours sends you an email asking to lend your
> chronomet
On Tue, September 14, 2010 09:41, Hans-Werner Friedemann wrote:
> Hi @ all
>
> i want to achieve a kind of auto-mass-import of eml-Files with sa-learn.
> The SPAM and HAM mails will be saved in different folders.
>
> Is it possible that sa-learn looks ervery 15 Minutes in these folders
> and import
52 matches
Mail list logo