Re: Why doesn't Spamassassin bounce spam?
From: WLamotte [EMAIL PROTECTED]
Sorry if this is an obvious question but why isn't there an option for
Spamassassin to bounce spam? Sure it does a good job at filtering spam but
I
don't want it from my web(mail)server to my inbox. I want my web- or
mailserver to bounce suspected spam. Is this a feature that could be
implemented?
TIA,
Because there are people like me who submit sites that bounce spam to me
to SpamHaus, SpamCop, and others?
There is no way to bounce spam, is a good general rule to follow.
There is nothing in the message, usually, that tells you precisely who
sent the spam. The return path, reply to, and sender or from fields
are all forgeable. Sites that bounce spam after the receipt transaction
is over are aiding spammers rather than helping poor sods who have been
hacked.
Having been a victim of a forged From: address hack, a Joe Job, I can
tell you reliably that I will crawl through the wires back to the MTA
that bounced back to me and rip the CPU out of the hard drive. And if
the operator is nearby I will rip his heart out through his mouth.
{o.o} Joanne hates idiots who bounce and thus commit joe jobs.
'Nuf said?
Re: Why doesn't Spamassassin bounce spam?
WLamotte wrote: Sorry if this is an obvious question but why isn't there an option for Spamassassin to bounce spam? Sure it does a good job at filtering spam but I don't want it from my web(mail)server to my inbox. I want my web- or mailserver to bounce suspected spam. Is this a feature that could be implemented? TIA, WL Wonderful: I learned something today! Thanks to everyone for your help and suggestions. Thanks to this mailing list I'm again one step closer to combatting spam. As Matt-123, John Rudd, Rick Cooper and a few others already pointed out I indeed should have used reject instead of bounce. Sorry for that, my bad. I see why bounce is a very bad idea. I will look into Nels Lindquist and Duncan Hill-8's suggestions to handle mail. Again thank you all for your time! -- View this message in context: http://www.nabble.com/Why-doesn%27t-Spamassassin-bounce-spam--tf3928175.html#a11161802 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Why doesn't Spamassassin bounce spam?
jdow wrote:
From: WLamotte [EMAIL PROTECTED]
Sorry if this is an obvious question but why isn't there an option
for Spamassassin to bounce spam? Sure it does a good job at
filtering spam but I
don't want it from my web(mail)server to my inbox. I want my web- or
mailserver to bounce suspected spam. Is this a feature that could be
implemented?
TIA,
Because there are people like me who submit sites that bounce spam to
me to SpamHaus, SpamCop, and others?
There is no way to bounce spam, is a good general rule to follow.
There is nothing in the message, usually, that tells you precisely who
sent the spam. The return path, reply to, and sender or from fields
are all forgeable. Sites that bounce spam after the receipt
transaction is over are aiding spammers rather than helping poor sods
who have been hacked.
Having been a victim of a forged From: address hack, a Joe Job, I
can tell you reliably that I will crawl through the wires back to the
MTA that bounced back to me and rip the CPU out of the hard drive.
And if the operator is nearby I will rip his heart out through his
mouth.
{o.o} Joanne hates idiots who bounce and thus commit joe jobs.
'Nuf said?
That is understandable, all people can't manage their anger.
Backscatter still is no SPAM.
Re: Why doesn't Spamassassin bounce spam?
I can
tell you reliably that I will crawl through the wires back to the MTA
that bounced back to me and rip the CPU out of the hard drive. And if
the operator is nearby I will rip his heart out through his mouth.
{o.o} Joanne hates idiots who bounce and thus commit joe jobs.
'Nuf said?
H, I could be a false-positive idiot. I'd better create another special
filter and call it the ex-wife filter. (:-))
(^_^)
Happy trails,
Jack L. Stone
System Admin
Sage-american
Re: Why doesn't Spamassassin bounce spam?
Jari Fredriksson wrote:
jdow wrote:
Having been a victim of a forged From: address hack, a Joe Job, I
can tell you reliably that I will crawl through the wires back to the
MTA that bounced back to me and rip the CPU out of the hard drive.
And if the operator is nearby I will rip his heart out through his
mouth.
{o.o} Joanne hates idiots who bounce and thus commit joe jobs.
'Nuf said?
That is understandable, all people can't manage their anger.
Backscatter still is no SPAM.
True, but it is misconfiguration that can be maliciously abused to
create DDOS attacks.
Backscatter networks are no different than the smurf amplifiers of the
late 1990's, and deserved to be blacklisted for the same reasons.
They're not spammers, they're misconfigured DDoS waypoints that
inadvertently facilitate attacks launched by spammers (joe jobs).
(and for those that don't know what a smurf amplifier is, see
http://en.wikipedia.org/wiki/Smurf_amplifier)
Issues after upgrade Debian from sarge to etch
Hello list! I'm new here so please be nice to me :) Since I upgraded my box to debian etch I have the same errors day by day. I'm running SpamAssassin version 3.2.0 running on Perl version 5.8.8 (standard etch-package) with amavisd-new-2.4.2 (20060627) (also etch-pack). There is a cronjob bundled with amavis which invokes 'spamassassin --lint' once in a while. Command: test -e /usr/sbin/amavisd-new-cronjob /usr/sbin/amavisd-new-cronjob sa-sync The cronjob fails with this message(s): +++ snip plugin: failed to parse plugin (from @INC): Bareword Mail::SpamAssassin::Constants::CHARSETS_LIKELY_TO_FP_AS_CAPS not allowed while strict subs in use at /usr/local/share/perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 965. Compilation failed in require at (eval 70) line 1. plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::HeaderEval: Can't locate object method new via package Mail::SpamAssassin::Plugin::HeaderEval at /usr/local/share/perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 39. plugin: failed to parse plugin (from @INC): CHARSETS_LIKELY_TO_FP_AS_CAPS is not exported by the Mail::SpamAssassin::Constants module Can't continue after import errors at /usr/local/share/perl/5.8.8/Mail/SpamAssassin/Plugin/MIMEEval.pm line 22 BEGIN failed--compilation aborted at /usr/local/share/perl/5.8.8/Mail/SpamAssassin/Plugin/MIMEEval.pm line 22. Compilation failed in require at (eval 72) line 1. plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::MIMEEval: Can't locate object method new via package Mail::SpamAssassin::Plugin::MIMEEval at (eval 73) line 1. +++ /snip Since I'm barely familiar to perl I couldn't get my self rid of these errors. Although spamassassin and amavis work fine together. Can anyone help me out? Thanks in advance, Stefan signature.asc Description: OpenPGP digital signature
Re: Issues after upgrade Debian from sarge to etch
Stefan Hoth wrote: Since I upgraded my box to debian etch I have the same errors day by day. I'm running SpamAssassin version 3.2.0 running on Perl version 5.8.8 (standard etch-package) with amavisd-new-2.4.2 (20060627) (also etch-pack). Hmm... I know you said standard Etch packages but those versions do not match the versions in Etch. They match the versions in Testing. Therefore I conclude that you are actually running Debian testing. For various reasons I recommend Debian Stable (currently Etch) or Debian Unstable (always named Sid). I can't recommend Testing for production use. Command: test -e /usr/sbin/amavisd-new-cronjob /usr/sbin/amavisd-new-cronjob sa-sync ... plugin: failed to parse plugin (from @INC): Bareword Mail::SpamAssassin::Constants::CHARSETS_LIKELY_TO_FP_AS_CAPS not allowed while strict subs in use at /usr/local/share/perl/5.8.8/Mail/SpamAssassin/Plugin/HeaderEval.pm line 965. Compilation failed in require at (eval 70) line 1. Because this file is installed in /usr/local I know that it is not the Debian packaged version but is instead a direct local installation. That is fine. But this is an indication of a typical problem. Often when multiple versions of perl modules are installed simultaneously this will create version mismatch problems. It is certainly possible to install multiple versions but there have also been a lot of reports of problems in those cases too. Since I'm barely familiar to perl I couldn't get my self rid of these errors. Although spamassassin and amavis work fine together. Please check and see if you have SA installed multiple different ways, by package and by direct installation (e.g. CPAN). If you have multiple versions of SpamAssassin installed I suggest removing all of the ones that you are not using. Bob
Re: Issues after upgrade Debian from sarge to etch [SOLVED]
Hello! Hmm... I know you said standard Etch packages but those versions do not match the versions in Etch. They match the versions in Testing. Therefore I conclude that you are actually running Debian testing. Didn't think so but obviously I must mess things up while experimenting with amavisd-new (and spamassassin plugins). For various reasons I recommend Debian Stable (currently Etch) or Debian Unstable (always named Sid). I can't recommend Testing for production use. I know and I agree - my sources.list is only linked to etch - but maybe there was a short time when I had testing in it. Please check and see if you have SA installed multiple different ways, by package and by direct installation (e.g. CPAN). If you have multiple versions of SpamAssassin installed I suggest removing all of the ones that you are not using. Bob, you made my day - thank you! After checking my installation with your hints I could cleanup some cpan-installed modules and replaced the testing-version with the version from the etch repository. Finally I got rid of this error messages. Thank you all for your help! Stefan signature.asc Description: OpenPGP digital signature
Re: Turning the Screws
Hi, With only SARE_STOCKS EVILNUMBERS0 SARE_RANDOM I'm still getting quite a bit of spam. What SARE rule do people recommend? Is it ok to have a lot of them? Mike
Re: Turning the Screws
At 12:39 PM 6/17/2007, Michael B Allen wrote: Hi, With only SARE_STOCKS EVILNUMBERS0 SARE_RANDOM I'm still getting quite a bit of spam. What SARE rule do people recommend? Is it ok to have a lot of them? Mike While no means a special list, here's what I use: updates.spamassassin.org 72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net 70_sare_evilnum0.cf.sare.sa-update.dostech.net 70_sare_evilnum1.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_html0.cf.sare.sa-update.dostech.net 70_sare_header0.cf.sare.sa-update.dostech.net 70_sare_header_eng.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_adult.cf.sare.sa-update.dostech.net 72_sare_bml_post25x.cf.sare.sa-update.dostech.net 99_sare_fraud_post25x.cf.sare.sa-update.dostech.net 70_sare_spoof.cf.sare.sa-update.dostech.net 70_sare_random.cf.sare.sa-update.dostech.net 70_sare_oem.cf.sare.sa-update.dostech.net 70_sare_genlsubj0.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net 70_sare_whitelist_spf.cf.sare.sa-update.dostech.net 70_sare_obfu0.cf.sare.sa-update.dostech.net 70_sare_obfu1.cf.sare.sa-update.dostech.net 70_sare_stocks.cf.sare.sa-update.dostech.net 00_FVGT_File001.cf.sare.sa-update.dostech.net 88_FVGT_headers.cf.sare.sa-update.dostech.net backhair.cf.sare.sa-update.dostech.net chickenpox.cf.sare.sa-update.dostech.net mangled.cf.sare.sa-update.dostech.net weeds.cf.sare.sa-update.dostech.net -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
On Sat, 16 Jun 2007, Marc Perkel wrote: Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Here's instructions on how to use it with SpamAssassin and Exim. http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples I'd like to get some feedback on how well it's working. This filter blocked my last response to you, as I suspect it will for this one. As such, I looked at your wiki to determine why I was listed, but couldn't find a clear reason. The documentation says that only known spam sources are blocked, but if I had to guess, I'd say it's because I'm on a dynamic cable IP address (which I didn't see any text about when I looked on Friday). Mind you, I've gotten used to the idea that places are going to block me because I'm on a Cablemodem, so that doesn't really bother me much. It's just that your documentation didn't mention this as a possible reason for listing, and gave me no real idea as to why I was listed. I would suggest that if you really want to know how well it's working you should, for some time, accept mail that it would drop, filter it to a special place, and then visually inspect for ham/spam ratio. I don't see any better method for gathering hard data on it's success rate. -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool =--+--- All syllogisms contain three lines | [EMAIL PROTECTED] Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
Shane Williams wrote: On Sat, 16 Jun 2007, Marc Perkel wrote: Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Here's instructions on how to use it with SpamAssassin and Exim. http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples I'd like to get some feedback on how well it's working. This filter blocked my last response to you, as I suspect it will for this one. As such, I looked at your wiki to determine why I was listed, but couldn't find a clear reason. The documentation says that only known spam sources are blocked, but if I had to guess, I'd say it's because I'm on a dynamic cable IP address (which I didn't see any text about when I looked on Friday). Mind you, I've gotten used to the idea that places are going to block me because I'm on a Cablemodem, so that doesn't really bother me much. It's just that your documentation didn't mention this as a possible reason for listing, and gave me no real idea as to why I was listed. You're relaying though an MSA (fiat.ischool.utexas.edu [128.83.248.27]) that isn't on a cable connection, though, right? Blocking because someone uses a cable modem, but isn't delivering direct-to-MX from that cable connection, is asinine. Daryl
Re: Turning the Screws
Hi Jerry, I added a bunch of other SARE cfs and I'm doing much much better now. Although rule_du_jour is still giving me HTML for SARE_OEM. Thanks to all who helped, Mike On Sun, 17 Jun 2007 12:45:34 -0700 Jerry Durand [EMAIL PROTECTED] wrote: 70_sare_oem.cf -- Michael B Allen PHP Active Directory Kerberos SSO http://www.ioplex.com/
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
Daryl C. W. O'Shea wrote: Shane Williams wrote: On Sat, 16 Jun 2007, Marc Perkel wrote: Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Here's instructions on how to use it with SpamAssassin and Exim. http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples I'd like to get some feedback on how well it's working. This filter blocked my last response to you, as I suspect it will for this one. As such, I looked at your wiki to determine why I was listed, but couldn't find a clear reason. The documentation says that only known spam sources are blocked, but if I had to guess, I'd say it's because I'm on a dynamic cable IP address (which I didn't see any text about when I looked on Friday). Mind you, I've gotten used to the idea that places are going to block me because I'm on a Cablemodem, so that doesn't really bother me much. It's just that your documentation didn't mention this as a possible reason for listing, and gave me no real idea as to why I was listed. You're relaying though an MSA (fiat.ischool.utexas.edu [128.83.248.27]) that isn't on a cable connection, though, right? Blocking because someone uses a cable modem, but isn't delivering direct-to-MX from that cable connection, is asinine. I definitely want to figure out what the problem is. Any false positive isn't acceptable. However that IP isn't blocked. If you can post the error you got I'd like to see it.
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
Shane Williams wrote: On Sat, 16 Jun 2007, Marc Perkel wrote: Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Here's instructions on how to use it with SpamAssassin and Exim. http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples I'd like to get some feedback on how well it's working. This filter blocked my last response to you, as I suspect it will for this one. As such, I looked at your wiki to determine why I was listed, but couldn't find a clear reason. The documentation says that only known spam sources are blocked, but if I had to guess, I'd say it's because I'm on a dynamic cable IP address (which I didn't see any text about when I looked on Friday). Mind you, I've gotten used to the idea that places are going to block me because I'm on a Cablemodem, so that doesn't really bother me much. It's just that your documentation didn't mention this as a possible reason for listing, and gave me no real idea as to why I was listed. I would suggest that if you really want to know how well it's working you should, for some time, accept mail that it would drop, filter it to a special place, and then visually inspect for ham/spam ratio. I don't see any better method for gathering hard data on it's success rate. Shane, post the error you got to this list in case I don't get it direct. I haven't documented my new trick in the wiki yet because I'm still testing it to see if it works, If it doesn't work then I'll have to give up on it. The wiki give instructions on how to use the black list. As to what I'm doing I talked about it in a different thread. The idea is that I have 3 working servers on low numbered MX records. I have a number of high numbered MX IPs that should never be hit. However spammers don't follow the rules and try the high numbered MX looking to get in the back door. So in theory only spammers will hit the high numbered MX. The idea is that after about 10 hits on the high numbered MX I add them to the blacklist. It seems to be working but I'm still testing this idea. I'm convinced that this method or something similar might be an affective way to catch spammers and I'm testing it out. But - it has to actually work in the real world and when it does, maybe someone who is a better programmer than me will really do it right.
Re: Turning the Screws
On Sun, 2007-06-17 at 19:24 -0400, Michael B Allen wrote: Although rule_du_jour is still giving me HTML for SARE_OEM. Delete /etc/mail/spamassassin/RulesDuJure/70_sare_oem* (or /etc/spamassassin/RulesDuJure/70_sare_oem*) and run rules_du_jour again. -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Re: rules_du_jour script and HTML files
Whats the deal with this?
It looks as if periodically RulesEmporium gets busy and sends a refresh
file instead of a real .cf file, probably with the intent of asking the
requesting client to try again. curl can't deal intelligently with a
http-equiv refresh, so rather than trying again, it simply stores the
refresh file as the result and spamassassin --lint fails. The errant
file retrieved looks like:
HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1
META HTTP-EQUIV=Pragma CONTENT=no-cache
META HTTP-EQUIV=Expires CONTENT=-1
/HEAD/HTML
This happens with relative frequency on 99_FVGT_Tripwire.cf but
apparently (see below) with other files too.
When this happens (perhaps after it's happened twice), two files are
produced in /etc/spamassassin/RulesDuJour; 99_FVGT_Tripwire.cf and
99_FVGT_Tripwire.cf.2. Apparently the rules_du_jour script can't
recover from this and consistently fails on successive runs until the
bad files are manually deleted.
I haven't gone over the bash script in rules_du_jour in detail, but has
anyone looked at this problem in detail? Is there a known fix?
This shouldn't really be hard. A Quick-n-Nasty Unix-style solution
would be to run
grep -il 'META HTTP-EQUIV=Refresh' ${TMPDIR}/* |xargs -n1 rm
before running spamassassin --lint
here's a suggested patch:
*
--- tmp/rules_du_jour~ 2007-06-17 21:01:24.0 -0500
+++ /var/lib/spamassassin/rules_du_jour 2007-06-17 21:01:24.0 -0500
@@ -864,7 +864,7 @@
done
-
+grep -il 'META HTTP-EQUIV=Refresh' ${TMPDIR}/* |xargs -n1 rm
*
This won't pick up the problem file on the current run, but will clear
the way for it to be retrieved next time.
On Sun, 2007-06-17 at 19:43 -0500, Lindsay Haisley wrote:
On Sun, 2007-06-17 at 19:24 -0400, Michael B Allen wrote:
Although rule_du_jour is still giving me HTML for SARE_OEM.
Delete /etc/mail/spamassassin/RulesDuJure/70_sare_oem*
(or /etc/spamassassin/RulesDuJure/70_sare_oem*) and run rules_du_jour
again.
--
Lindsay Haisley | In an open world,| PGP public key
FMP Computer Services |who needs Windows | available at
512-259-1190 | or Gates| http://pubkeys.fmp.com
http://www.fmp.com| |
RE: My Newly Expanded DNS Blacklist - Who wants to try it?
-Original Message- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Sunday, June 17, 2007 8:27 PM To: Shane Williams; Spamass Subject: Re: My Newly Expanded DNS Blacklist - Who wants to try it? As to what I'm doing I talked about it in a different thread. The idea is that I have 3 working servers on low numbered MX records. I have a number of high numbered MX IPs that should never be hit. However spammers don't follow the rules and try the high numbered MX looking to get in the back door. So in theory only spammers will hit the high numbered MX. The idea is that after about 10 hits on the high numbered MX I add them to the blacklist. It seems to be working but I'm still testing this idea. I'm convinced that this method or something similar might be an affective way to catch spammers and I'm testing it out. But - it has to actually work in the real world and when it does, maybe someone who is a better programmer than me will really do it right. And you were told, in original thread, what a stupid idea this is, and why it's a stupid idea, and why using this blacklist is a stupid idea, but I suppose if you want to block all the spam, I have a better list, 100% guarenteed to block spam: the DNS blacklist is 'blocked.secnap.net'. It is as accurate as yours is. Buy, before you use it, I suggest you google for 'blocked.secnap.net' (you will see a 2003 set of posts announcing this list). You will also see why it is way more accurate than yours for blocking spam. If you had half a clue as to how email works you would know why your blacklist is a stupid idea, so this is not being cc'd to you since several people already told you how stupid your idea is and why. This is a warning to anyone who knows even less then you about how email works and might be fooled into trying your list (and start bouncing legitimate email). _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
On Sun, 17 Jun 2007, Marc Perkel wrote: Daryl C. W. O'Shea wrote: Shane Williams wrote: On Sat, 16 Jun 2007, Marc Perkel wrote: Using my new ideas here's my raw blacklist file. It has about 80k IP addresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Here's instructions on how to use it with SpamAssassin and Exim. http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples I'd like to get some feedback on how well it's working. This filter blocked my last response to you, as I suspect it will for this one. As such, I looked at your wiki to determine why I was listed, but couldn't find a clear reason. The documentation says that only known spam sources are blocked, but if I had to guess, I'd say it's because I'm on a dynamic cable IP address (which I didn't see any text about when I looked on Friday). Mind you, I've gotten used to the idea that places are going to block me because I'm on a Cablemodem, so that doesn't really bother me much. It's just that your documentation didn't mention this as a possible reason for listing, and gave me no real idea as to why I was listed. You're relaying though an MSA (fiat.ischool.utexas.edu [128.83.248.27]) that isn't on a cable connection, though, right? That's true when I send to an apache.org list, because at some point it blocked me. By and large I send direct-to-MX from cable-modem, adding exceptions to my mailertable entry as necessary (Nor will yours when I reply to this, so we'll see what happens). Blocking because someone uses a cable modem, but isn't delivering direct-to-MX from that cable connection, is asinine. True, but I don't think that's what Marc is doing, since his server doesn't have a mailtertable entry on my end. I definitely want to figure out what the problem is. Any false positive isn't acceptable. However that IP isn't blocked. If you can post the error you got I'd like to see it. Here's the failed for the last 4 hours message... - Transcript of session follows - ... while talking to mx.junkemailfilter.com.: 550-REJECTED - 70.112.27.10 is blacklisted at hostkarma.junkemailfilter.com 550 (127.0.0.2); 70.112.27.10 ... while talking to mx.junkemailfilter.net.: 550-REJECTED - 70.112.27.10 is blacklisted at hostkarma.junkemailfilter.com 550 (127.0.0.2); 70.112.27.10 ... while talking to mx.junkemailfilter.org.: 451 Temporary local problem - please try later ... while talking to dummy1.junkemailfilter.com.: 451 Temporary local problem - please try later ... while talking to dummy2.junkemailfilter.com.: 451 Temporary local problem - please try later ... while talking to dummy3.junkemailfilter.com.: 451 Temporary local problem - please try later ... while talking to dummy4.junkemailfilter.com.: 451 Temporary local problem - please try later [EMAIL PROTECTED]... Deferred: 451 Temporary local problem - please try later -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool =--+--- All syllogisms contain three lines | [EMAIL PROTECTED] Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
RE: Problems with Received: header checks and ALL_TRUSTED rule...
I've checked my logs and noticed the following entry whenever I restart the spamassassin service: config: dup unknown type msa_networks, Mail::SpamAssassin::NetSet Is this something I should be worried about? Cheers, AK. -Original Message- From: Anthony Kamau [mailto:[EMAIL PROTECTED] Sent: Wednesday, 13 June 2007 5:12 PM To: Daryl C. W. O'Shea Cc: SpamAssassin Mailing List Subject: RE: Problems with Received: header checks and ALL_TRUSTED rule... Thanks a ton Daryl. I've patched my SA 3.1.7 per [1] and it is working as expected. Cheers, AK.
Re: Problems with Received: header checks and ALL_TRUSTED rule...
Anthony Kamau wrote: I've checked my logs and noticed the following entry whenever I restart the spamassassin service: config: dup unknown type msa_networks, Mail::SpamAssassin::NetSet Is this something I should be worried about? As long as you don't have any users calling clear_msa_networks in their per user config I believe it's a harmless warning. In any case, attached is a patch to correct the issue. Daryl Index: lib/Mail/SpamAssassin/Conf.pm === --- lib/Mail/SpamAssassin/Conf.pm (revision 541336) +++ lib/Mail/SpamAssassin/Conf.pm (working copy) @@ -3160,7 +3160,7 @@ # keys that should can be copied using a -clone() method, in -clone() my @CLONABLE_KEYS = qw( -internal_networks trusted_networks +internal_networks trusted_networks msa_networks ); my %done = ();
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
Shane Williams wrote: On Sun, 17 Jun 2007, Marc Perkel wrote: Daryl C. W. O'Shea wrote: Shane Williams wrote: On Sat, 16 Jun 2007, Marc Perkel wrote: Using my new ideas here's my raw blacklist file. It has about 80k IPaddresses and is updated every 10 minutes. http://iplist.junkemailfilter.com/black.txt Here's instructions on how to use it with SpamAssassin and Exim. http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples I'd like to get some feedback on how well it's working. This filter blocked my last response to you, as I suspect it will for this one. As such, I looked at your wiki to determine why I was listed, but couldn't find a clear reason. The documentation says that only known spam sources are blocked, but if I had to guess, I'd say it's because I'm on a dynamic cable IP address (which I didn't see any text about when I looked on Friday). Mind you, I've gotten used to the idea that places are going to block me because I'm on a Cablemodem, so that doesn't really bother me much. It's just that your documentation didn't mention this as a possible reason for listing, and gave me no real idea as to why I was listed. You're relaying though an MSA (fiat.ischool.utexas.edu [128.83.248.27]) that isn't on a cable connection, though, right? That's true when I send to an apache.org list, because at some point it blocked me. By and large I send direct-to-MX from cable-modem, adding exceptions to my mailertable entry as necessary (Nor will yours when I reply to this, so we'll see what happens). Blocking because someone uses a cable modem, but isn't delivering direct-to-MX from that cable connection, is asinine. True, but I don't think that's what Marc is doing, since his server doesn't have a mailtertable entry on my end. I definitely want to figure out what the problem is. Any false positive isn't acceptable. However that IP isn't blocked. If you can post the error you got I'd like to see it. Here's the failed for the last 4 hours message... - Transcript of session follows - ... while talking to mx.junkemailfilter.com.: 550-REJECTED - 70.112.27.10 is blacklisted at hostkarma.junkemailfilter.com 550 (127.0.0.2); 70.112.27.10 ... while talking to mx.junkemailfilter.net.: 550-REJECTED - 70.112.27.10 is blacklisted at hostkarma.junkemailfilter.com 550 (127.0.0.2); 70.112.27.10 ... while talking to mx.junkemailfilter.org.: 451 Temporary local problem - please try later ... while talking to dummy1.junkemailfilter.com.: 451 Temporary local problem - please try later ... while talking to dummy2.junkemailfilter.com.: 451 Temporary local problem - please try later ... while talking to dummy3.junkemailfilter.com.: 451 Temporary local problem - please try later ... while talking to dummy4.junkemailfilter.com.: 451 Temporary local problem - please try later [EMAIL PROTECTED]... Deferred: 451 Temporary local problem - please try later ok - that's a different IP and that IP is blocked on my list and 4 other lists. Based on your logs it doesn't look like it give up after a 550 error. I think you have a spam problem.
RE: My Newly Expanded DNS Blacklist - Who wants to try it?
on 6/17/2007 Michael Scheidell of SECNAP.NET babbled: And you were told, in original thread, what a stupid idea this is, and why it's a stupid idea, and why using this blacklist is a stupid idea, but I suppose if you want to block all the spam, I have a better list, 100% guarenteed to block spam: the DNS blacklist is 'blocked.secnap.net'. It is as accurate as yours is. Buy, before you use it, I suggest you google for 'blocked.secnap.net' (you will see a 2003 set of posts announcing this list). You will also see why it is way more accurate than yours for blocking spam. If you had half a clue as to how email works you would know why your blacklist is a stupid idea, so this is not being cc'd to you since several people already told you how stupid your idea is and why. This is a warning to anyone who knows even less then you about how email works and might be fooled into trying your list (and start bouncing legitimate email). Michael, Them's scrappin words partner.:-| Maybe you could specifically tell us why it is such a bad idea instead of just slamming Perkel based on a few other slam Perkel posts to the list. Are you drunk or what? I went to your website http://www.secnap.com/aboutus.php?pg=8 and it says that you are Chairman of the Board, President, CTO and tells how great and wonderful you have been for the last 25 years. Based upon your reply to the list... I think if you have half a clue, please make sure to purchase the other half to go with it. ;-) The general *idea* or *ideas* does/do have some basic promise in the fight against spam. Notice I said the *idea* or *ideas* and not any specific implementation(s)... I can think of several possible real world implementions... - rh
Re: My Newly Expanded DNS Blacklist - Who wants to try it?
Michael Scheidell wrote: Buy, before you use it, I suggest you google for 'blocked.secnap.net' (you will see a 2003 set of posts announcing this list). Odd - I only get 15 list when I google it.
Re: Problem with sa-update and ImageInfo
Anthony, You were getting the warnings about the plugin being loaded twice since it was being loaded twice. You had added a loadplugin line for your local copy of ImageInfo in v312.pre and SA was loading the copy included with SA 3.2 via v320.pre. So... not a bug. Regards, Daryl
RE: Problems with Received: header checks and ALL_TRUSTED rule...
Thanks Daryl. That error is now no more. Cheers, AK. -Original Message- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Monday, 18 June 2007 12:59 PM To: Anthony Kamau Cc: SpamAssassin Mailing List Subject: Re: Problems with Received: header checks and ALL_TRUSTED rule... As long as you don't have any users calling clear_msa_networks in their per user config I believe it's a harmless warning. In any case, attached is a patch to correct the issue. Daryl
RE: My Newly Expanded DNS Blacklist - Who wants to try it?
-Original Message- From: Robert - eLists [mailto:[EMAIL PROTECTED] Sent: Monday, June 18, 2007 12:24 AM To: users@spamassassin.apache.org Subject: RE: My Newly Expanded DNS Blacklist - Who wants to try it? Michael, Them's scrappin words partner.:-| Maybe you could specifically tell us why it is such a bad idea instead of just slamming Perkel based on a few other slam Perkel posts to the list. Are you drunk or what? Noop, but stupid ideas deserve to be shot down. I went to your website http://www.secnap.com/aboutus.php?pg=8 and it says that you are Chairman of the Board, President, CTO and tells how great and wonderful you have been for the last 25 years. Based upon your reply to the list... I think if you have half a clue, please make sure to purchase the other half to go with it. In the real world, things don't work like Mark wants them do. In the real world, legitmate email servers WILL contact his secondary mx records. The reasons are as varied as traffic on the internet and include congestion at HIS site, congestion at the ORIGINATING site, congestion at any point in the patch between the sender and him which would make the very documented failover of the connection to the primary try the secondary. The proof is the sites who he has already blacklisted. How long have I been doing this? You google far back enough and you will see that in the early days of commercialization of the internet, I was already tracking back and stopping international spammers and hackers. I was in charge of the local (fl.*) Usenet groups before netcom's and globals helped ruin Usenet. I am mentioned in at least one FAQ dealing with Usenet spam. Better than that, there are at least 10 'I hate scheidell for blocking my spam' web site. Yes, I have been involved in discussions like this one before, where someone drags out a tired stupid idea, something that has been hashed to death years ago, and thinks he is the first one to think about it. The next thing that happens is some overzealous email admin uses that list and legitmate traffic is blocked. You google for 'blocked.secnap.net' yet? You see the discussions about abusing blacklists? Unregulated blacklists, who's only use is to screw up the internet? Now you have another one. ;-) The general *idea* or *ideas* does/do have some basic promise in the fight against spam. Not in the real world. Sure, the RFC's say that this is the way things work, but they don't. The RFC's also say you must send an 'ndr' if you don't deliver the email. We know that doesn't work. We also know that several sites still set up their anti-virus to 'bounce' the virus back to the sender. (which is perfectly legal and mandated by RFC's) But, the real world doesn't work like that. _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
RE: My Newly Expanded DNS Blacklist - Who wants to try it?
-Original Message- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Monday, June 18, 2007 12:55 AM To: Michael Scheidell Cc: users@spamassassin.apache.org Subject: Re: My Newly Expanded DNS Blacklist - Who wants to try it? Michael Scheidell wrote: Buy, before you use it, I suggest you google for 'blocked.secnap.net' (you will see a 2003 set of posts announcing this list). Odd - I only get 15 list when I google it. What has that got to do with anything? Did you misread me to say there were QUANTITY2003 ? Should I be more specific and give you a DATE in 2003 when I started it? And what about this: http://search.cpan.org/src/LUISMUNOZ/Mail-Abuse-1.025/bin/scan Someone decided to put 'blocked.secnap.net' in their 'mail abuse' scanner, without ever reading what it was about. (I guess I should have said 2003 AD, or more correctly, now that I google myself, it was 2002AD) Here is a post to the amavisd-new list last year which might explain why I am opposed to people starting up unregulated blacklists: http://archive.netbsd.se/?ml=amavis-usera=2006-04t=1952182 _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
RE: My Newly Expanded DNS Blacklist - Who wants to try it?
-Original Message- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Monday, June 18, 2007 12:21 AM To: Shane Williams Cc: Daryl C. W. O'Shea; users@spamassassin.apache.org Subject: Re: My Newly Expanded DNS Blacklist - Who wants to try it? ok - that's a different IP and that IP is blocked on my list and 4 other lists. Based on your logs it doesn't look like it give up after a 550 error. I think you have a spam problem. Aside from yours, 2 other 'dynamic ip' lists and one sorbs list marked 'don't use this list', there are no entries I think you have a problem with your list and you should stop before someone actually tries to use it. _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
