Re: Barracuda Blacklist
On 28.05.09 14:12, Neil Schwartzman wrote: * see the attachment for gross numbers, sorry, I can't show you specifics. [-- Attachment #2: DNSBL Summary.pdf --] [-- Type: video/x-flv, Encoding: base64, Size: 182K --] ... nice joke I'd say. Is there any reason not to put the att. somewhere to the web/ftp(/gopher)? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Two words: Windows survives. - Craig Mundie, Microsoft senior strategist So does syphillis. Good thing we have penicillin. - Matthew Alton
Problem with check_invalid_ip()
Hi, I'm having trouble with the check invalid_ip subroutine in the RelayEval.pm. See http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385 After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are not valid with respect to the regexp. Is this a bug? or am I wrong about the test? I used http://www.fileformat.info/tool/regex.htm with RegExp: (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+ Tests: 127.0.0.1 192.168.1.1 87.248.121.75 193.1.1.1 194.1.1.1 Could someone explain me which ip are valid according to this test ? Thanks Eric Rodriguez
Re: Problem with check_invalid_ip()
Hi, I removed the negation ~ , the begin ^ and end $ charaters from the original source: sub check_for_illegal_ip { my ($self, $pms) = @_; foreach my $rcvd ( @{$pms-{relays_untrusted}} ) { # (note this might miss some hits if the Received.pm skips any invalid IPs) foreach my $check ( $rcvd-{ip}, $rcvd-{by} ) { return 1 if ($check =~ /^ (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+ $/x); } } return 0; } Here are my results: Test Target String matches() replaceFirst() replaceAll() lookingAt() find() group(0) 1 127.0.0.1 No 12 12 No Yes 7.0.0.1 2 192.168.1.1 No 19 19 No Yes 2.168.1.1 3 87.248.121.75 No 8 8 No Yes 7.248.121.75 4 193.1.1.1 No 193.1.1.1 193.1.1.1 No No 5 194.1.1.1 No 194.1.1.1 194.1.1.1 No No If I understand correctly the first 3 tests are valid IP, but not the 193.1.1.1 and 194.1.1.1 ?? Eric Rodriguez On Fri, May 29, 2009 at 13:53, Matt Kettler mkettler...@verizon.net wrote: Eric Rodriguez wrote: Hi, I'm having trouble with the check invalid_ip subroutine in the RelayEval.pm. See http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385 After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are not valid with respect to the regexp. Is this a bug? or am I wrong about the test? I used http://www.fileformat.info/tool/regex.htm with RegExp: (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+ Tests: 127.0.0.1 192.168.1.1 87.248.121.75 193.1.1.1 194.1.1.1 Could someone explain me which ip are valid according to this test ? Thanks Eric Rodriguez Using the above tool I get results telling me that 193.1.1.1 and 194.1.1.1 do NOT match, and therefore are valid IPs. TestTarget String matches() replaceFirst() replaceAll() lookingAt() find() group(0) 1 193.1.1.1 *No*193.1.1.1 193.1.1.1 No No 2 194.1.1.1 *No*194.1.1.1 194.1.1.1 No No In fact, NONE of your test strings match the regex. But 127.1.1.1, correctly, does.
Re: Problem with check_invalid_ip()
Eric Rodriguez wrote: Hi, I'm having trouble with the check invalid_ip subroutine in the RelayEval.pm. See http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385 After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are not valid with respect to the regexp. Is this a bug? or am I wrong about the test? I used http://www.fileformat.info/tool/regex.htm with RegExp: (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+ Tests: 127.0.0.1 192.168.1.1 87.248.121.75 193.1.1.1 194.1.1.1 Could someone explain me which ip are valid according to this test ? Thanks Eric Rodriguez Using the above tool I get results telling me that 193.1.1.1 and 194.1.1.1 do NOT match, and therefore are valid IPs. TestTarget String matches() replaceFirst() replaceAll() lookingAt() find() group(0) 1 193.1.1.1 *No*193.1.1.1 193.1.1.1 No No 2 194.1.1.1 *No*194.1.1.1 194.1.1.1 No No In fact, NONE of your test strings match the regex. But 127.1.1.1, correctly, does.
[no subject]
Hi, How are you doing recently? I would like to introduce you a very good company which I know. Their website is esurfingonline.com They can offer you all kinds of electronic products Please take some time to have a check, They must have something you'd like to buy.
Filtering through mailing lists
I have a situation where by mail passes through a mailing list and then goes on to the destination mailbox that's subscribed in the mailing list. Here's my problem: SpamAssasin checks the emails going through the mailing list for SPAM and adds the subject [**SPAM**] to the email, and then when it's going to the mailbox it checks the email again and adds the [**SPAM**] header a second time. So my emails end up looking like: [**SPAM**] [**SPAM**] My_email_subject Is there anything that can be done so there's only one instance of [**SPAM**] in the subject? Have postfix strip out the spam headers from the subject, or is there another solution? Someone would have run across this problem before me. I'm running SpamAssasin 3.1.7, MailMan using Postfix. Any help would be welcome, Garik
Re:
Oh, the irony. On 29/05/09 9:26 AM, Doni Mediono Indrawan medi...@gmail.com wrote: Hi, How are you doing recently? I would like to introduce you a very good company which I know. Their website is esurfingonline.com They can offer you all kinds of electronic products Please take some time to have a check, They must have something you'd like to buy. -- Neil Schwartzman Director, Accreditation Security Standards Certified | Safelist Return Path Inc. 0142002038
Re: Barracuda Blacklist
Neil Schwartzman wrote: Given the huge amount of bumph I've seen and heard about emailreg.org, I figured it would be an interesting experiment to see if what everybody feared was happening was true. It isn't. No big extortion plan on the part of emailreg and Barracuda that I can see. Neil, I certainly respect what you are saying based on the information you have. However, I have a fact to toss out about emailreg.org. I run a small email filtering company with a small cluster of servers for load balancing and reliability. In early April I found I was unable to send email to a new customer. They were currently using the Barracuda Networks Reputation system and it was blocking my emails. I found this somewhat silly considering we receive over 500 million emails a month but rarely ever SEND email (we only filter incoming email so far). ie, our outgoing email is mostly just business correspondence and filter stats reports to our customers. And then I got to emailreg.org and found that: 1. I could not find out WHY our IPs (we have a block of 32 for the cluster of servers that my email was being sent from) were being listed 2. I would have to pay a competitor to get off this list and be able to send any correspondence to anyone using the Barracuda Networks Reputation system. 3. Given how our email system is set up (multiple servers on multiple IPs supporting many, many domains) I could not even begin to figure out how to fill out their on-line forms nor how much money it would eventually cost us. In fact, if we add outgoing filtering to our service, our expense to be allowed to send our customer's valid emails would probably run into the hundreds of thousands of dollars. So, in order to do legitimate business filtering spam, not sending it, we must pay a competitor to let our email reach a new customer? I would not mind so much if someone would tell us WHY they are blocking our IPs so we could fix whatever it is. But even that has been denied to us. I finally gave up and phoned our new customer to explain why they could not get our emails and we handled setting up their service with us via subsequent phone calls. And I desperately hope emailreg.org either unblocks our IPs or goes out of business by the time we start offering outgoing filtering. If not then our only recourse may be the courts. And NOBODY wins when it gets to that point. Just wanted you to have ALL the facts when considering emailreg.org. -- Andy Dorman Ironic Design, Inc. AnteSpam.com, HomeFreeMail.com, ComeHome.net
Re: Barracuda Blacklist
On 29/05/09 9:32 AM, Andy Dorman ador...@ironicdesign.com wrote: Neil Schwartzman wrote: Given the huge amount of bumph I've seen and heard about emailreg.org, I figured it would be an interesting experiment to see if what everybody feared was happening was true. It isn't. No big extortion plan on the part of emailreg and Barracuda that I can see. Neil, I certainly respect what you are saying based on the information you have. However, I have a fact to toss out about emailreg.org. I run a small email filtering company with a small cluster of servers for load balancing and reliability. In early April I found I was unable to send email to a new customer. They were currently using the Barracuda Networks Reputation system and it was blocking my emails. I found this somewhat silly considering we receive over 500 million emails a month but rarely ever SEND email (we only filter incoming email so far). ie, our outgoing email is mostly just business correspondence and filter stats reports to our customers. And then I got to emailreg.org and found that: [...] Just wanted you to have ALL the facts when considering emailreg.org. Hold up now. Why did you goto emailreg.org?? That is the whitelisting service. I'd go ahead and request a delist at http://www.barracudacentral.org/rbl/removal-request Worked well for me. -- Neil Schwartzman Director, Accreditation Security Standards Certified | Safelist Return Path Inc. 0142002038
Re: Barracuda Blacklist
Neil Schwartzman wrote: Hold up now. Why did you goto emailreg.org?? That is the whitelisting service. I'd go ahead and request a delist at http://www.barracudacentral.org/rbl/removal-request Worked well for me. Good question. I went to emailreg.org because the bounce I got back directed me to this page http://www.barracudacentral.org/reputation?r=1 which included this quarter-page ad: --- One way to get your email through spam filters even if you are listed on the BRBL is to register your domain and IPs at EmailReg.org. Email administrators can configure their systems to use EmailReg.org to apply policy to inbound email. Emails from domain names and IP addresses that are properly registered on EmailReg.org can be automatically exempted from spam filtering defense layers on Barracuda Spam Firewalls, preventing your email from being accidentally blocked. --- But you have an excellent point. And I am NOT trying to be sarcastic when I say I was trying for a more or less permanent solution and I actually completely missed the point that I could have continued with the more traditional process and request to be de-listed. So I was NOT compelled to send them money and I did have another option that I ignored. That was dumb of me. And in the spirit of full disclosure...the other good news is the IP in our block that was being blocked back in early April is no longer blocked. Not sure why (as I am also not sure why we were blocked in the first place). But happy about it none the less. However, I do still feel it is a little self-serving to block someone and then offer to unblock them for money. Thank you Neil for pointing out what I missed. -- Andy Dorman Ironic Design, Inc. AnteSpam.com, HomeFreeMail.com, ComeHome.net
Re: Barracuda Blacklist
On Fri, 29 May 2009, Andy Dorman wrote: I went to emailreg.org because the bounce I got back directed me to this page http://www.barracudacentral.org/reputation?r=1 which included this quarter-page ad: --- One way to get your email through spam filters even if you are listed on the BRBL is to register your domain and IPs at EmailReg.org. {etc.} It might be less confusing if that ad was presented *after* you've completed the traditional unlisting request... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Our government wants to do everything it can for the children, except sparing them crushing tax burdens. --- 8 days until the 65th anniversary of D-Day
Re: Barracuda Blacklist
John Hardin wrote: It might be less confusing if that ad was presented *after* you've completed the traditional unlisting request... Good point. And I also wonder, how many emailreg payments were made by disparately frantic e-mail admins who normally don't ever send spam, but had a security problem that warranted their initial blacklisting, but where the security problem was already fixed. And I wonder how often those types would have been delisted anyways, but the sysadmin was disparate, rushed, and willing to do anything, including paying $20, under those circumstances? Additionally, I'd like to ask, other than being a superb cash-generating machine, what good is a whitelist built upon pay-to-enter and NOT based on editorial decisions made by non-biased e-mail administrators? At some point, pay-for-whitelisting will likely lead to FNs as well as free passes for dark-gray or blackhat ESPs. It may also lead to FNs the next time that same email admin I described has another security hole spewing out millions of spams months/years later. (do they then get a free pass due to the payment to emailreg?) sarcasmReally, I find this whole conversation quite bizarre. It reminds me of a joke I once made to my wife about how I felt led by the Lord to minister and share the Gospel to strippers at strip clubs. There'd be no lust or adultery involved on my part. Na. Just genuine concern about saving those lost souls. Likewise I'm sure emailreg.org is just a whitelisting service trying to give back to the community and help those poor innocent system admins from getting unfairly blacklisted in the future, right?/sarcasm -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Problem with check_invalid_ip()
None of the IPs you listed will match. Have you tried simply running a loop in Perl to see what the results are? Also, negation ~ ? What do you mean? =~ is not a negation (that would be !~). Also also, the ^ and $ chars are important. If you remove them, you change the RE. On Fri, May 29, 2009 at 7:59 AM, Eric Rodriguez thewa...@gmail.com wrote: Hi, I removed the negation ~ , the begin ^ and end $ charaters from the original source: sub check_for_illegal_ip { my ($self, $pms) = @_; foreach my $rcvd ( @{$pms-{relays_untrusted}} ) { # (note this might miss some hits if the Received.pm skips any invalid IPs) foreach my $check ( $rcvd-{ip}, $rcvd-{by} ) { return 1 if ($check =~ /^ (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+ $/x); } } return 0; } Here are my results: Test Target String matches() replaceFirst() replaceAll() lookingAt() find() group(0) 1 127.0.0.1 No 12 12 No Yes 7.0.0.1 2 192.168.1.1 No 19 19 No Yes 2.168.1.1 3 87.248.121.75 No 8 8 No Yes 7.248.121.75 4 193.1.1.1 No 193.1.1.1 193.1.1.1 No No 5 194.1.1.1 No 194.1.1.1 194.1.1.1 No No If I understand correctly the first 3 tests are valid IP, but not the 193.1.1.1 and 194.1.1.1 ?? Eric Rodriguez On Fri, May 29, 2009 at 13:53, Matt Kettler mkettler...@verizon.net wrote: Eric Rodriguez wrote: Hi, I'm having trouble with the check invalid_ip subroutine in the RelayEval.pm. See http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385 After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are not valid with respect to the regexp. Is this a bug? or am I wrong about the test? I used http://www.fileformat.info/tool/regex.htm with RegExp: (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+ Tests: 127.0.0.1 192.168.1.1 87.248.121.75 193.1.1.1 194.1.1.1 Could someone explain me which ip are valid according to this test ? Thanks Eric Rodriguez Using the above tool I get results telling me that 193.1.1.1 and 194.1.1.1 do NOT match, and therefore are valid IPs. Test Target String matches() replaceFirst() replaceAll() lookingAt() find() group(0) 1 193.1.1.1 *No* 193.1.1.1 193.1.1.1 No No 2 194.1.1.1 *No* 194.1.1.1 194.1.1.1 No No In fact, NONE of your test strings match the regex. But 127.1.1.1, correctly, does.
Re: Filtering through mailing lists
Sure, change your mail system so it doesn't call SA more than once on the same message. :) On Fri, May 29, 2009 at 9:26 AM, Garik garik@gmail.com wrote: Is there anything that can be done so there's only one instance of [**SPAM**] in the subject? Have postfix strip out the spam headers from the subject, or is there another solution? Someone would have run across this problem before me.
Re: Problem with check_invalid_ip()
Hi, You're right. removing begin and end chars was a bad idea. I just tried in a perl routine, and all is fine... So I'll have to find why an 194.X.X.X ip got stuck as a ILLEGAL_IP ... Thanks for your help Eric Rodriguez On Fri, May 29, 2009 at 18:35, Theo Van Dinter felic...@apache.org wrote: None of the IPs you listed will match. Have you tried simply running a loop in Perl to see what the results are? Also, negation ~ ? What do you mean? =~ is not a negation (that would be !~). Also also, the ^ and $ chars are important. If you remove them, you change the RE. On Fri, May 29, 2009 at 7:59 AM, Eric Rodriguez thewa...@gmail.com wrote: Hi, I removed the negation ~ , the begin ^ and end $ charaters from the original source: sub check_for_illegal_ip { my ($self, $pms) = @_; foreach my $rcvd ( @{$pms-{relays_untrusted}} ) { # (note this might miss some hits if the Received.pm skips any invalid IPs) foreach my $check ( $rcvd-{ip}, $rcvd-{by} ) { return 1 if ($check =~ /^ (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+ $/x); } } return 0; } Here are my results: Test Target String matches() replaceFirst() replaceAll() lookingAt() find() group(0) 1 127.0.0.1 No 12 12 No Yes 7.0.0.1 2 192.168.1.1 No 19 19 No Yes 2.168.1.1 3 87.248.121.75 No 8 8 No Yes 7.248.121.75 4 193.1.1.1 No 193.1.1.1 193.1.1.1 No No 5 194.1.1.1 No 194.1.1.1 194.1.1.1 No No If I understand correctly the first 3 tests are valid IP, but not the 193.1.1.1 and 194.1.1.1 ?? Eric Rodriguez On Fri, May 29, 2009 at 13:53, Matt Kettler mkettler...@verizon.net wrote: Eric Rodriguez wrote: Hi, I'm having trouble with the check invalid_ip subroutine in the RelayEval.pm. See http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385 http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/RelayEval.pm?view=logr1=451385pathrev=451385 After a couple test, it seems that 193.X.X.X and 194.X.X.X ip's are not valid with respect to the regexp. Is this a bug? or am I wrong about the test? I used http://www.fileformat.info/tool/regex.htm with RegExp: (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+ Tests: 127.0.0.1 192.168.1.1 87.248.121.75 193.1.1.1 194.1.1.1 Could someone explain me which ip are valid according to this test ? Thanks Eric Rodriguez Using the above tool I get results telling me that 193.1.1.1 and 194.1.1.1 do NOT match, and therefore are valid IPs. TestTarget String matches() replaceFirst() replaceAll() lookingAt() find() group(0) 1 193.1.1.1 *No*193.1.1.1 193.1.1.1 No No 2 194.1.1.1 *No*194.1.1.1 194.1.1.1 No No In fact, NONE of your test strings match the regex. But 127.1.1.1, correctly, does.
whitelists (was Re: Barracuda Blacklist)
Rob McEwen wrote: Additionally, I'd like to ask, other than being a superb cash-generating machine, what good is a whitelist built upon pay-to-enter and NOT based on editorial decisions made by non-biased e-mail administrators? Those two aren't necessarily exclusive. The standards for inclusion in a whitelist can (and in many cases do) include the same performance metrics that help e-mail administrators stay non-biased, such as user complaint rate, spamtrap hits, and so forth. (I don't know whether Barracuda's whitelist includes those metrics.) The additional value to admins is that they don't have to keep watch over the whitelisted IPs -- the whitelist operator handles that. The fees cover that monitoring, and consulting on improving practices where necessary. And, of course, if the whitelist operator is lying or slow or otherwise not living up to expectations, the admin simply stops using that whitelist. Lists that nobody uses don't get much business, so there's a direct incentive for the whitelist operator to keep their list squeaky-clean. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Problem with check_invalid_ip()
Eric Rodriguez wrote: Hi, I removed the negation ~ , the begin ^ and end $ charaters from the original source: sub check_for_illegal_ip { my ($self, $pms) = @_; foreach my $rcvd ( @{$pms-{relays_untrusted}} ) { # (note this might miss some hits if the Received.pm skips any invalid IPs) foreach my $check ( $rcvd-{ip}, $rcvd-{by} ) { return 1 if ($check =~ /^ (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+ $/x); } } return 0; } Here are my results: Test Target String matches() replaceFirst() replaceAll() lookingAt() find() group(0) 1 127.0.0.1 No 12 12 No Yes 7.0.0.1 2 192.168.1.1 No 19 19 No Yes 2.168.1.1 3 87.248.121.75 No 8 8 No Yes 7.248.121.75 4 193.1.1.1 No 193.1.1.1 193.1.1.1 No No 5 194.1.1.1 No 194.1.1.1 194.1.1.1 No No If I understand correctly the first 3 tests are valid IP, but not the 193.1.1.1 and 194.1.1.1 ?? Eric Rodriguez No, none of the 5 has yes in the matches column so they're all valid (ie: none of them matches the regex). The other columns are irrelevant to the application here. Please ignore them unless you fully understand them.
Re: Filtering through mailing lists
Garik a écrit : I have a situation where by mail passes through a mailing list and then goes on to the destination mailbox that's subscribed in the mailing list. Here's my problem: SpamAssasin checks the emails going through the mailing list for SPAM and adds the subject [**SPAM**] to the email, and then when it's going to the mailbox it checks the email again and adds the [**SPAM**] header a second time. So my emails end up looking like: [**SPAM**] [**SPAM**] My_email_subject Is there anything that can be done so there's only one instance of [**SPAM**] in the subject? Have postfix strip out the spam headers from the subject, or is there another solution? Someone would have run across this problem before me. I'm running SpamAssasin 3.1.7, MailMan using Postfix. configure mailman to resubmit mail to a port that is unfiltered. no point to filter mail twice. $ cat mm_cfg.py ... SMTPHOST = '127.0.0.1' SMTPPORT = 10025 ... Any help would be welcome, Garik
Re: Filtering through mailing lists
On Fri, May 29, 2009 22:04, mouss wrote: configure mailman to resubmit mail to a port that is unfiltered. no point to filter mail twice. $ cat mm_cfg.py ... SMTPHOST = '127.0.0.1' SMTPPORT = 10025 doing so here disables dkim sign in my amavisd, have not found a way around this here -- http://localhost/ 100% uptime and 100% mirrored :)