Re: Non scoring 'Bank Deposit' spam
On Sun, 2009-09-13 at 20:57 +0100, RW wrote:
On Sun, 13 Sep 2009 14:19:35 +0100
Clunk Werclick mailbacku...@googlemail.com wrote:
On Sun, 2009-09-13 at 14:06 +0100, RW wrote:
On Sun, 13 Sep 2009 06:56:27 +0100
Clunk Werclick mailbacku...@googlemail.com wrote:
{trimmed down to the relevant point you make}
Adding irrelevant text to a spam may make it less likely likely to
be caught,
Thank you. So if your bayes 'good' tokens that happen to catch on this
'irrelevant' text, the result of having the bayes is near pointless.
For example, something like this:
In practise I find it doesn't make much difference unless the spammer
makes a significant effort to reduce the number of spammy tokens, both
in the headers and the body. And that commonly leads them into hitting
other rules, and constrains the number of spams that can be sent from
the same IP address. The majority of the spams I get don't have such
text and most that do still hit BAYES_99. It's obviously not such a
powerful technique as you think.
It's also wrong to assume that when spam hits BAYES_50, BAYES hasn't
done anything useful. This is a fallacy that comes from the arbitrary
assignment of zero to BAYES_50. If you add 2.599 to all the BAYES rules
and than multiply all the rule scores by 0.658 you get an equivalent
scoreset (i.e. one that produces the same classifications) in which
zero is assigned to BAYES_00 instead. We than have:
BAYES_00 0.00
BAYES_50 1.71
BAYES_99 4.01
In this scoreset BAYES_50 actually looks like a fairly strong result
(which it is).
OK, I won't dismiss it out of hand and I'm open to observation. So, I'll
give bayes a whirl. I must confess that I found the documentation on the
simple act of enabling it less than ideal and reference to
use_bayes_rules is currently missing in action. I've cobbled together:
# Enable the Bayes system
use_bayes 1
use_bayes_rules 0
bayes_path /home/mail/bayes/bayes
bayes_file_mode 0777
# Enable Bayes auto-learning
bayes_auto_learn0
And trained some spam and I'll see how we get on.
--
---
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
On Sun, 2009-09-13 at 22:54 +0200, Benny Pedersen wrote: On søn 13 sep 2009 07:57:59 CEST, Clunk Werclick wrote **PLEASE READ THE REST OF THE THREAD TO ANSWER YOU QUESTION** are you using sa-update ? Yes, every night. remember this is public maillist, dont shuth the help you get why not set the reply-to to supp...@microsoft.com ? no i dont like the idear but you are on public maillist and want the answer to come there not in private forgede mailbox, sorry i have a bad day What are you prattling on about? -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote: On 12-Sep-2009, at 10:27, Clunk Werclick wrote: I disagree. It can do as much harm as good. My own view and observation from the past have rendered it pointless in my context. It adds latency, is easily poisoned and rarely makes much difference to the score. I do appreciate some people like it, but my own view is spam has moved on beyond the point of it being useful. Facts? we don't need no pesky facts. You are very misinformed. Myself, I've seen some very poor Bayesian databases where users have been allowed to categorize mail as spam-v-ham. One company who deal with Pharmaceuticals for famine relief in Uganda and other poor African countries found bayes to mess with their core mail to a point that made it worthless in their context. It really comes down to the context and effort -v- the return. No thanks, I'll pass on that. In this specific case it still would not have increased the score to a point where the clock cycles made it worth it. The Bayes score ALONE would have pushed this over the spam threshold on my machine. My point is the content of that mail, which has been circulating for weeks almost unchanged, really should bite on a core rule, not rely on plugins and bayes to catch it. tangentInterestingly, It is fair to say that Jari's follow up *did* show Bayes giving it 5 points. This was then destroyed by AWL dropping 4.1 off of it: 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% -4.1 AWL: From: address is in the auto machine./tangent I've created a custom meta rule; I'm almost sorry I came here and asked. Some of the people here on this list are just so rude, and you sir, are an Arsehole! -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
On Sun, 2009-09-13 at 22:54 +0200, Benny Pedersen wrote: remember this is public maillist, dont shuth the help you get why not set the reply-to to supp...@microsoft.com ? no i dont like the idear but you are on public maillist and want the answer to come there not in private forgede mailbox, sorry i have a bad day Benny, better get a mailer that supports List-Reply ... On 14.09.09 08:37, Clunk Werclick wrote: Subject: Re: Non scoring 'Bank Deposit' spam From: Clunk Werclick mailbacku...@googlemail.com Reply-To: mailbacku...@googlemail.com To: users@spamassassin.apache.org In-Reply-To: 20090913225422.98502zg1g6e9c...@www.jersore.net Date: Mon, 14 Sep 2009 08:37:22 +0100 What are you prattling on about? He doesn't like our Reply-To: header set to your address. Of course it's useless (when set to same address than yout From: address). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory.
Re: Non scoring 'Bank Deposit' spam
On 12-Sep-2009, at 10:27, Clunk Werclick wrote: I disagree. It can do as much harm as good. My own view and observation from the past have rendered it pointless in my context. It adds latency, is easily poisoned and rarely makes much difference to the score. I do appreciate some people like it, but my own view is spam has moved on beyond the point of it being useful. On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote: Facts? we don't need no pesky facts. You are very misinformed. On 14.09.09 08:48, Clunk Werclick wrote: Myself, I've seen some very poor Bayesian databases where users have been allowed to categorize mail as spam-v-ham. One company who deal with Pharmaceuticals for famine relief in Uganda and other poor African countries found bayes to mess with their core mail to a point that made it worthless in their context. I would say that is a result of badly trained BAYES, not fgrom its bad design. If you insist on not using bayes, just because it can be mistrained, better don't use any configurable software, because _everything_ configurable will go wrong if miscongured. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot.
Re: Non scoring 'Bank Deposit' spam
I was somewhat surprised that this failed to score; http://pastebin.com/m4c75e3ac Log excerpt; Sat Sep 12 05:08:57 2009 [7319] info: spamd: result: . 0 - HTML_MESSAGE,UNPARSEABLE_RELAY scantime=0.3,size=5400,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=55111,mid=00fada512664885bffba277008395...@aim.com,autolearn=disabled Did this miss - or just missfire? On 12.09.09 16:05, Jari Fredriksson wrote: Content analysis details: (17.0 points, 5.0 required) pts rule name description -- -- 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9996] ... manually changed score 1.2 TO_MALFORMED To: has a malformed address 0.7 SPF_NEUTRALSPF: sender does not match SPF record (neutral) 4.0 BOTNET Relay might be a spambot or virusbot [botnet0.8,ip=87.208.178.204,rdns=ip204-178-208-87.adsl2.static.versatel.nl,maildomain=aim.com,client,ipinhostname,clientwords] ... third-party ruleset (may misfire for ISPs) 0.6 SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral) 1.0 HTML_MESSAGE BODY: HTML included in message 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) you may be late recipient, while he may be an early recipient. 1.0 DIGEST_MULTIPLEMessage hits more than one network digest check ... late recipient + either manually updated score, or not updated ruleset - DIGEST_MULTIPLE gives max 0.001 points for some time 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns ... late recipient + third party ruleset (Although I believe this is safe to use) -4.1 AWLAWL: From: address is in the auto white-list ... ouch! Generally, this really could be a FN for early recipients, but I advise to check whether plugins like DCC and RAZOR2 are loaded and the SOUGHT ruleset is being used. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name.
Re: Non scoring 'Bank Deposit' spam
- Clunk Werclick mailbacku...@googlemail.com wrote: | On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote: | On 12-Sep-2009, at 10:27, Clunk Werclick wrote: | I disagree. It can do as much harm as good. My own view and | observation | from the past have rendered it pointless in my context. It adds | latency, | is easily poisoned and rarely makes much difference to the score. | I do | appreciate some people like it, but my own view is spam has moved | on | beyond the point of it being useful. | | Facts? we don't need no pesky facts. You are very misinformed. | Myself, I've seen some very poor Bayesian databases where users have | been allowed to categorize mail as spam-v-ham. One company who deal | with | Pharmaceuticals for famine relief in Uganda and other poor African | countries found bayes to mess with their core mail to a point that | made | it worthless in their context. | | It really comes down to the context and effort -v- the return. | No thanks, I'll pass on that. In this specific case it still would | not | have increased the score to a point where the clock cycles made it | | worth | it. | | The Bayes score ALONE would have pushed this over the spam threshold | | on my machine. | My point is the content of that mail, which has been circulating for | weeks almost unchanged, really should bite on a core rule, not rely | on | plugins and bayes to catch it. | | tangentInterestingly, It is fair to say that Jari's follow up *did* | show Bayes giving it 5 points. This was then destroyed by AWL | dropping | 4.1 off of it: | | 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% | -4.1 AWL: From: address is in the auto machine./tangent | | I've created a custom meta rule; I'm almost sorry I came here and | asked. | Some of the people here on this list are just so rude, and you sir, | are | an Arsehole! | | | | -- | --- | C Werclick .Lot | Technical incompetent | Loyal Order Of The Teapot. | | This e-mail and its attachments is intended only to be used as an | e-mail | and an attachment. Any use of it for other purposes other than as an | e-mail and an attachment will not be covered by any warranty that may | or | may not form part of this e-mail and attachment. | And that kind of post can get you banned aswell! Bayes works and any issues found are normally down to bad training. Perhaps the second line of your sig may be the reason ? ;) -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
tangentInterestingly, It is fair to say that Jari's follow up *did* show Bayes giving it 5 points. This was then destroyed by AWL dropping 4.1 off of it: AWL, which is simply an averager, can get badly off target with some mixes of ham/spam. It did with my mail feed, so I disabled it. Martin
Re: Non scoring 'Bank Deposit' spam
On 12-Sep-2009, at 10:27, Clunk Werclick wrote: tangentInterestingly, It is fair to say that Jari's follow up *did* show Bayes giving it 5 points. This was then destroyed by AWL dropping 4.1 off of it: 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100% -4.1 AWL: From: address is in the auto machine./tangent No. AWL disabled the BOTNET ;) Many rules to disable, the total was 17 what counts.
Re: Non scoring 'Bank Deposit' spam
On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote: On 12-Sep-2009, at 10:27, Clunk Werclick wrote: I disagree. It can do as much harm as good. My own view and observation from the past have rendered it pointless in my context. It adds latency, is easily poisoned and rarely makes much difference to the score. I do appreciate some people like it, but my own view is spam has moved on beyond the point of it being useful. On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote: Facts? we don't need no pesky facts. You are very misinformed. On 14.09.09 08:48, Clunk Werclick wrote: Myself, I've seen some very poor Bayesian databases where users have been allowed to categorize mail as spam-v-ham. One company who deal with Pharmaceuticals for famine relief in Uganda and other poor African countries found bayes to mess with their core mail to a point that made it worthless in their context. I would say that is a result of badly trained BAYES, not fgrom its bad design. If you insist on not using bayes, just because it can be mistrained, better don't use any configurable software, because _everything_ configurable will go wrong if miscongured. The *issue* with bayes is it *can* have user input. Would you trust your users influencing system wide policy? I've already stated I'll try it. So read the fucking follow up before shouting your thick foreign mouth off you stupid cunt! -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
- Clunk Werclick mailbacku...@googlemail.com wrote: | On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote: |On 12-Sep-2009, at 10:27, Clunk Werclick wrote: | I disagree. It can do as much harm as good. My own view and | observation from the past have rendered it pointless in my | context. It | adds latency, is easily poisoned and rarely makes much | difference to | the score. I do appreciate some people like it, but my own | view is | spam has moved on beyond the point of it being useful. | | On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote: |Facts? we don't need no pesky facts. You are very misinformed. | | On 14.09.09 08:48, Clunk Werclick wrote: | Myself, I've seen some very poor Bayesian databases where users | have | been allowed to categorize mail as spam-v-ham. One company who | deal with | Pharmaceuticals for famine relief in Uganda and other poor | African | countries found bayes to mess with their core mail to a point that | made | it worthless in their context. | | I would say that is a result of badly trained BAYES, not fgrom its | bad | design. | | If you insist on not using bayes, just because it can be mistrained, | better | don't use any configurable software, because _everything_ | configurable will go wrong | if miscongured. | | The *issue* with bayes is it *can* have user input. Would you trust | your | users influencing system wide policy? | | I've already stated I'll try it. So read the xx follow up before | shouting your thick foreign mouth off you stupid ! | If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. BR, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
- Matus UHLAR - fantomas uh...@fantomas.sk wrote: | On 12-Sep-2009, at 10:27, Clunk Werclick wrote: | I disagree. It can do as much harm as good. My own view and | observation from the past have rendered it pointless in my | context. It | adds latency, is easily poisoned and rarely makes much | difference to | the score. I do appreciate some people like it, but my own | view is | spam has moved on beyond the point of it being useful. | |On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote: | Facts? we don't need no pesky facts. You are very | misinformed. | | On 14.09.09 08:48, Clunk Werclick wrote: |Myself, I've seen some very poor Bayesian databases where users | have |been allowed to categorize mail as spam-v-ham. One company who | deal with |Pharmaceuticals for famine relief in Uganda and other poor | African |countries found bayes to mess with their core mail to a point | that made |it worthless in their context. | | On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote: | I would say that is a result of badly trained BAYES, not fgrom its | bad | design. | | On 14.09.09 12:06, Clunk Werclick wrote: | The *issue* with bayes is it *can* have user input. Would you trust | your | users influencing system wide policy? | | That only happens if you allow your users to train system-wide BAYES. | However this is usually also called misconfiguration - in common | situations either users have their own bayes databases, or they can't | train | the site-wide one. | | If you insist on not using bayes, just because it can be | mistrained, | better don't use any configurable software, because _everything_ | configurable will go wrong if miscongured. | | I've already stated I'll try it. So read the fucking follow up | before | shouting your thick foreign mouth off you stupid cunt! | | I have read your previous posts, I only wanted to react on some of | your | arguments. I would post the private email I received from Clunk but I will not lower myself or expose the list to such vulgarity. BR, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
On Mon, 2009-09-14 at 12:24 +0100, --[ UxBoD ]-- wrote: - Clunk Werclick mailbacku...@googlemail.com wrote: | On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote: |On 12-Sep-2009, at 10:27, Clunk Werclick wrote: | I disagree. It can do as much harm as good. My own view and | observation from the past have rendered it pointless in my | context. It | adds latency, is easily poisoned and rarely makes much | difference to | the score. I do appreciate some people like it, but my own | view is | spam has moved on beyond the point of it being useful. | | On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote: |Facts? we don't need no pesky facts. You are very misinformed. | | On 14.09.09 08:48, Clunk Werclick wrote: | Myself, I've seen some very poor Bayesian databases where users | have | been allowed to categorize mail as spam-v-ham. One company who | deal with | Pharmaceuticals for famine relief in Uganda and other poor | African | countries found bayes to mess with their core mail to a point that | made | it worthless in their context. | | I would say that is a result of badly trained BAYES, not fgrom its | bad | design. | | If you insist on not using bayes, just because it can be mistrained, | better | don't use any configurable software, because _everything_ | configurable will go wrong | if miscongured. | | The *issue* with bayes is it *can* have user input. Would you trust | your | users influencing system wide policy? | | I've already stated I'll try it. So read the xx follow up before | shouting your thick foreign mouth off you stupid ! | If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Then stop off list mailing me you thick cunt and tell someone that fucking cares. BR, -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Clunk Werclick mailbacku...@googlemail.com wrote: | On Mon, 2009-09-14 at 12:24 +0100, --[ UxBoD ]-- wrote: | - Clunk Werclick mailbacku...@googlemail.com wrote: | | | On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote: | |On 12-Sep-2009, at 10:27, Clunk Werclick wrote: | | I disagree. It can do as much harm as good. My own view | and | | observation from the past have rendered it pointless in | my | | context. It | | adds latency, is easily poisoned and rarely makes much | | difference to | | the score. I do appreciate some people like it, but my | own | | view is | | spam has moved on beyond the point of it being useful. | | | | On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote: | |Facts? we don't need no pesky facts. You are very | misinformed. | | | | On 14.09.09 08:48, Clunk Werclick wrote: | | Myself, I've seen some very poor Bayesian databases where | users | | have | | been allowed to categorize mail as spam-v-ham. One company | who | | deal with | | Pharmaceuticals for famine relief in Uganda and other poor | | African | | countries found bayes to mess with their core mail to a point | that | | made | | it worthless in their context. | | | | I would say that is a result of badly trained BAYES, not fgrom | its | | bad | | design. | | | | If you insist on not using bayes, just because it can be | mistrained, | | better | | don't use any configurable software, because _everything_ | | configurable will go wrong | | if miscongured. | | | | The *issue* with bayes is it *can* have user input. Would you | trust | | your | | users influencing system wide policy? | | | | I've already stated I'll try it. So read the xx follow up | before | | shouting your thick foreign mouth off you stupid ! | | | If the OP cannot refrain from that sort of foul language when | presented with counter arguments then please ban. The list would be | far happier IMHO. | Then stop off list mailing me you thick cunt and tell someone that | fucking cares. | | BR, | Pity! all my posts have been on list - only direct one was to respond to your private message. Ho hum. Move along. -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
On man 14 sep 2009 11:46:21 CEST, Matus UHLAR - fantomas wrote If you insist on not using bayes, just because it can be mistrained, better don't use any configurable software, because _everything_ configurable will go wrong if miscongured. excactly, spamassassin without any rules and plugins would be like postfix with empty main.cf :) setting reply-to to ones own mail addr will stop maillist to be usefull, why? it will soon be one that have plenty of questions and no answers, so using reply-to properly will be best for all and freemail will also help others to understand it :) -- xpoint
Re: Non scoring 'Bank Deposit' spam
On man 14 sep 2009 11:51:32 CEST, Matus UHLAR - fantomas wrote -4.1 AWL AWL: From: address is in the auto white-list ... ouch! ? just means that this msg was more spammy then what jari have seen from same from email ip pairs maybe i am wroung :=) -- xpoint
Re: Non scoring 'Bank Deposit' spam
On man 14 sep 2009 12:39:21 CEST, Martin Gregorie wrote AWL, which is simply an averager, can get badly off target with some mixes of ham/spam. It did with my mail feed, so I disabled it. in that case you dont understand what awl does, why not adjust awl factor ? (i hope ip can be set to other then /16 in 3.3.x) for the fyzzy matching ip ranges imho /24 should be default -- xpoint
Re: Non scoring 'Bank Deposit' spam
On Mon, 2009-09-14 at 13:57 +0200, Benny Pedersen wrote: On man 14 sep 2009 12:39:21 CEST, Martin Gregorie wrote AWL, which is simply an averager, can get badly off target with some mixes of ham/spam. It did with my mail feed, so I disabled it. in that case you dont understand what awl does, why not adjust awl factor ? I understand exactly what it does, thankyou. Attempting to mitigate an occasional spammy message from a correspondent is no use to me at all. I have an automatic system that whitelists any address I've previously sent mail to and doesn't affect any other senders. Martin
Re: Non scoring 'Bank Deposit' spam
On Mon, 14 Sep 2009, Clunk Werclick wrote: And trained some spam and I'll see how we get on. Don't forget you also need to train some ham before Bayes will be able to start analyzing. As a general rule of thumb it's a good idea to keep the trained ham:spam token ratio near even, or slightly heavier to the spam side (as the raw message volume is generally more spam than ham). -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...to announce there must be no criticism of the President or to stand by the President right or wrong is not only unpatriotic and servile, but is morally treasonous to the American public. -- Theodore Roosevelt, 1918 --- 3 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: Non scoring 'Bank Deposit' spam
On Monday 14 September 2009 13:57:44 Benny Pedersen wrote: why not adjust awl factor ? (i hope ip can be set to other then /16 in 3.3.x) for the fyzzy matching ip ranges imho /24 should be default Benny, I very much agree with you, the /16 is too wide, and I've seen cases where good and bad sites share the same /16 address range. Would you please open a problem report on this. Perhaps there's still time to get it to a 3.3. Mark
Re: Non scoring 'Bank Deposit' spam
On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote: If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Based on his reply to Matus I put him on my 'soft' kill list. (soft because all it does is mark his messages as read when they are received, so I still have them… but chances are I never see them). I did have to lookup his real address clunk.wercl...@wibblywobblyteapot.co.uk so I could mark both his throw-away gmail address and his 'real' address. I found it in my postfix spool. Still, based on his ignorance and his volatile behavior *I* certainly don't have any interest in his getting helped, and I don't have to read his xenophobic abuse ever again. -- Beware of the Leopard!
Re: [sa] Re: Non scoring 'Bank Deposit' spam
- Charles Gregory cgreg...@hwcn.org wrote: | On Mon, 14 Sep 2009, Clunk Werclick wrote: | Clearly not - but then, using Spamassassin as a filter ensures just | about everything gets through CUNTFACE. | | Congratulations! You've done something I have very rarely seen | on any internet forum. You've gotten everyone to AGREE on something! | | I also agree: +1 Ban Clunk. | | - Charles | | PS When signing e-mails, leave a blank line, and also, your name | doesn't have to be in all-caps. | | -- | This message has been scanned for viruses and | dangerous content and is believed to be clean. | | SplatNIX IT Services :: Innovation through collaboration As expressed to a couple of other members, off list, the OP also launched a SMTP DoS attack against me. If anybody would like further information please let me know. Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: [sa] Re: Non scoring 'Bank Deposit' spam
On Mon, 14 Sep 2009, Charles Gregory wrote:
On Mon, 14 Sep 2009, Clunk Werclick wrote:
{childish rant snipped}
Congratulations! You've done something I have very rarely seen on any
internet forum. You've gotten everyone to AGREE on something!
I also agree: +1 Ban Clunk.
Public warning: he is apparently attempting a SMTP DoS on at least one
participant in this thread.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
Our government should bear in mind the fact that the American
Revolution was touched off by the then-current government
attempting to confiscate firearms from the people.
---
3 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: Non scoring 'Bank Deposit' spam
John Hardin wrote: On Mon, 14 Sep 2009, LuKreme wrote: On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote: If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Based on his reply to LuKreme, +1 on a ban. Maybe we can put some special rules into the base SA release, too... :) He's only the second person in 16 years to make it into my kill file. So +1 from me as well. Rick
Re: Non scoring 'Bank Deposit' spam
On Mon, 2009-09-14 at 07:54 -0700, Bill Landry wrote: Clunk Werclick wrote: On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote: On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote: If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Based on his reply to Matus I put him on my 'soft' kill list. (soft because all it does is mark his messages as read when they are received, so I still have them… but chances are I never see them). I did have to lookup his real address clunk.wercl...@wibblywobblyteapot.co.uk so I could mark both his throw-away gmail address and his 'real' address. I found it in my postfix spool. Still, based on his ignorance and his volatile behavior *I* certainly don't have any interest in his getting helped, and I don't have to read his xenophobic abuse ever again. Man, I'm going to lose *so* much sleep about that. From what I have read, the majority of you are a bunch of gay arse lovers up eachother. And fuckwits too boot. I hope you die ejaculating up each others arse holes. So how far does someone have to go before getting banned from the list? Is this not far enough yet? Bill Clearly not - but then, using Spamassassin as a filter ensures just about everything gets through CUNTFACE. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
On 14-Sep-2009, at 10:17, jdow wrote: :0 * 9876543210^0 ^From: .*\mailbacku...@googlemail.com\ * 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk /dev/null Will work better. (and you don't need a lock on /dev/null) -- In England 100 miles is a long distance. In the US 100 years is a long time
Re: [sa] Re: Non scoring 'Bank Deposit' spam
On Mon, 14 Sep 2009, Clunk Werclick wrote: Clearly not - but then, using Spamassassin as a filter ensures just about everything gets through CUNTFACE. Congratulations! You've done something I have very rarely seen on any internet forum. You've gotten everyone to AGREE on something! I also agree: +1 Ban Clunk. - Charles PS When signing e-mails, leave a blank line, and also, your name doesn't have to be in all-caps.
Re: Non scoring 'Bank Deposit' spam
On 14-Sep-2009, at 09:45, Gene Heskett wrote: On Monday 14 September 2009, Bill Landry wrote: Clunk Werclick wrote: On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote: Based on his reply to Matus I put him on my 'soft' kill list. Now see, when you all quote his messages in full it's kind of defeating my soft kill file! :) -- Generalizations are always inaccurate. --Mugsy
Re: Non scoring 'Bank Deposit' spam
On Mon, 14 Sep 2009, Clunk Werclick wrote: On Mon, 2009-09-14 at 17:30 +0100, --[ UxBoD ]-- wrote: As expressed to a couple of other members, off list, the OP also launched a SMTP DoS attack against me. If anybody would like further information please let me know. Now you are living in a fantasy world. You sent me an off list mail saying 'you are blocked'. I replied a thousand times to test that. How mature. Clearly your blocking is a sack of shit then. *plonk* Try mine. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Our government should bear in mind the fact that the American Revolution was touched off by the then-current government attempting to confiscate firearms from the people. --- 3 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: Non scoring 'Bank Deposit' spam
- Chris Owen ow...@hubris.net wrote: | On Sep 14, 2009, at 11:38 AM, LuKreme wrote: | | On 14-Sep-2009, at 10:17, jdow wrote: | :0 | * 9876543210^0 ^From: .*\mailbacku...@googlemail.com\ | * 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk | /dev/null | | Will work better. (and you don't need a lock on /dev/null) | | I usually also use the 'h' flag on /dev/null rules: | | :0h | | I'm sure writing to /dev/null doesn't take very long but why bother | writing the body of the message. | | Chris | | - | Chris Owen - Garden City (620) 275-1900 - Lottery (noun): | President - Wichita (316) 858-3000 -A stupidity tax | Hubris Communications Inc www.hubris.net | - | Well I happen to know the MD of my ISP so perhaps I shall have a word ... I am sure he would not want DoS going in through his network ... These things can bring a list into dis-repute. It is okay to voice one owns opinion; but without profanity and blatant disrepect to anothers resources! We all sit on these lists to help each other and learn. Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
On Sep 14, 2009, at 11:38 AM, LuKreme wrote: On 14-Sep-2009, at 10:17, jdow wrote: :0 * 9876543210^0 ^From: .*\mailbacku...@googlemail.com\ * 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk /dev/null Will work better. (and you don't need a lock on /dev/null) I usually also use the 'h' flag on /dev/null rules: :0h I'm sure writing to /dev/null doesn't take very long but why bother writing the body of the message. Chris - Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net -
Re: Non scoring 'Bank Deposit' spam
On Mon, 2009-09-14 at 11:06 -0400, Rick Macdougall wrote: John Hardin wrote: On Mon, 14 Sep 2009, LuKreme wrote: On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote: If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Based on his reply to LuKreme, +1 on a ban. Maybe we can put some special rules into the base SA release, too... :) He's only the second person in 16 years to make it into my kill file. So +1 from me as well. Rick And let me guess, you've been running Windows 7 for all of those 16 years *yawn* -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
On Monday 14 September 2009, Bill Landry wrote: Clunk Werclick wrote: On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote: On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote: If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Based on his reply to Matus I put him on my 'soft' kill list. (soft because all it does is mark his messages as read when they are received, so I still have them… but chances are I never see them). I did have to lookup his real address clunk.wercl...@wibblywobblyteapot.co.uk so I could mark both his throw-away gmail address and his 'real' address. I found it in my postfix spool. Still, based on his ignorance and his volatile behavior *I* certainly don't have any interest in his getting helped, and I don't have to read his xenophobic abuse ever again. Man, I'm going to lose *so* much sleep about that. From what I have read, the majority of you are a bunch of gay arse lovers up eachother. And fuckwits too boot. I hope you die ejaculating up each others arse holes. So how far does someone have to go before getting banned from the list? Is this not far enough yet? Bill You beat me to it Bill. Its time this potty mouth was silenced. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Artificial intelligence has the same relation to intelligence as artificial flowers have to flowers. -- David Parnas
Re: Non scoring 'Bank Deposit' spam
On Sep 14, 2009, at 11:34 AM, John Hardin wrote: Public warning: he is apparently attempting a SMTP DoS on at least one participant in this thread. From Google ;-] He obviously isn't capable for running his own mail server. Chris
Re: Non scoring 'Bank Deposit' spam
- LuKreme krem...@kreme.com wrote: | On 14-Sep-2009, at 10:17, jdow wrote: | :0 | * 9876543210^0 ^From: .*\mailbacku...@googlemail.com\ | * 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk | /dev/null | | Will work better. (and you don't need a lock on /dev/null) | | -- | In England 100 miles is a long distance. In the US 100 years is a | long time | | Perhaps the OP should read the AUP ! http://www.zen.co.uk/policies/acceptable-use-policy.aspx Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote: On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote: If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Based on his reply to Matus I put him on my 'soft' kill list. (soft because all it does is mark his messages as read when they are received, so I still have them… but chances are I never see them). I did have to lookup his real address clunk.wercl...@wibblywobblyteapot.co.uk so I could mark both his throw-away gmail address and his 'real' address. I found it in my postfix spool. Still, based on his ignorance and his volatile behavior *I* certainly don't have any interest in his getting helped, and I don't have to read his xenophobic abuse ever again. Man, I'm going to lose *so* much sleep about that. From what I have read, the majority of you are a bunch of gay arse lovers up eachother. And fuckwits too boot. I hope you die ejaculating up each others arse holes. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
On Mon, 14 Sep 2009, LuKreme wrote: On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote: If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Based on his reply to LuKreme, +1 on a ban. Maybe we can put some special rules into the base SA release, too... :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control is marketed to the public using the appealing delusion that violent criminals will obey the law. --- 3 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: Non scoring 'Bank Deposit' spam
Clunk Werclick wrote: On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote: On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote: If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO. Based on his reply to Matus I put him on my 'soft' kill list. (soft because all it does is mark his messages as read when they are received, so I still have them… but chances are I never see them). I did have to lookup his real address clunk.wercl...@wibblywobblyteapot.co.uk so I could mark both his throw-away gmail address and his 'real' address. I found it in my postfix spool. Still, based on his ignorance and his volatile behavior *I* certainly don't have any interest in his getting helped, and I don't have to read his xenophobic abuse ever again. Man, I'm going to lose *so* much sleep about that. From what I have read, the majority of you are a bunch of gay arse lovers up eachother. And fuckwits too boot. I hope you die ejaculating up each others arse holes. So how far does someone have to go before getting banned from the list? Is this not far enough yet? Bill
.cn domain age query?
(resend, first attempted about 14 hours ago) I noticed that many spam (in English) have links like can't include in this post because of apache.org's spam filter.cn where the domains are not triggering URIBL's. It seems that they have thousands of randomword.cn domains (very cheap to register?), and I very rarely see them repeat from one spam to the next. One thing they all have in common is their registration dates are very young according to whois lookups. It seems in general if we had a reliable way to lookup domain age we might be able to differentiate spam. Is there any good way to query for the age of a domain? Unfortunately it seems whois is too slow and the text format is non-standard. Warren Togami wtog...@redhat.com
Re: .cn domain age query?
On Mon, 14 Sep 2009, Warren Togami wrote: One thing they all have in common is their registration dates are very young according to whois lookups. It seems in general if we had a reliable way to lookup domain age we might be able to differentiate spam. What's the current status of the Day Old Bread BL? Has it moved to subscription-only? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- USMC Rules of Gunfighting #12: Have a plan. USMC Rules of Gunfighting #13: Have a back-up plan, because the first one won't work. --- 3 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: .cn domain age query?
On Sep 14, 2009, at 12:41 PM, John Hardin wrote: On Mon, 14 Sep 2009, Warren Togami wrote: One thing they all have in common is their registration dates are very young according to whois lookups. It seems in general if we had a reliable way to lookup domain age we might be able to differentiate spam. What's the current status of the Day Old Bread BL? Has it moved to subscription-only? It don't think it has but you can drill down a bit further with the SEM lists: http://spameatingmonkey.com/lists.html They will tell you domains that are 5, 10 and 15 days old. Chris - Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net -
Re: .cn domain age query?
- Bill Landry b...@inetmsg.com wrote: | On Mon, 14 Sep 2009, Warren Togami wrote: | | One thing they all have in common is their registration dates are | very | young according to whois lookups. It seems in general if we had a | reliable way to lookup domain age we might be able to | differentiate | spam. | | What's the current status of the Day Old Bread BL? Has it moved to | subscription-only? | | Still working fine for me here, 51 hits so far today against DOB. | | Bill | Not come across that RBL before! Thanks :) Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: .cn domain age query?
Chris Owen wrote: One thing they all have in common is their registration dates are very young according to whois lookups. It seems in general if we had a reliable way to lookup domain age we might be able to differentiate spam. What's the current status of the Day Old Bread BL? Has it moved to subscription-only? It don't think it has but you can drill down a bit further with the SEM lists: http://spameatingmonkey.com/lists.html They will tell you domains that are 5, 10 and 15 days old. That wouldn't help in this particular case: All domains registered in the last 5 days under the .BIZ, .COM, .INFO, .NAME, .NET and .US TLDs Doesn't work for .cn's, or any other country level tld's (apart from .us) -- Mike Cardwell - IT Consultant and LAMP developer Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Re: .cn domain age query?
On Mon, 14 Sep 2009, Warren Togami wrote: One thing they all have in common is their registration dates are very young according to whois lookups. It seems in general if we had a reliable way to lookup domain age we might be able to differentiate spam. What's the current status of the Day Old Bread BL? Has it moved to subscription-only? Still working fine for me here, 51 hits so far today against DOB. Bill
Re: .cn domain age query?
On Mon, 14 Sep 2009, Mike Cardwell wrote: Chris Owen wrote: http://spameatingmonkey.com/lists.html They will tell you domains that are 5, 10 and 15 days old. That wouldn't help in this particular case: All domains registered in the last 5 days under the .BIZ, .COM, .INFO, .NAME, .NET and .US TLDs Doesn't work for .cn's, or any other country level tld's (apart from .us) Query sent about adding .cn TLD. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- One death is a tragedy; thirty is a media sensation; a million is a statistic. -- Joseph Stalin, modernized --- 3 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: .cn domain age query?
On Mon, 2009-09-14 at 18:55 +0100, --[ UxBoD ]-- wrote:
| Still working fine for me here, 51 hits so far today against DOB.
Not come across that RBL before! Thanks :)
grep _DOB *.cf# Part of the stock rule-set.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Non scoring 'Bank Deposit' spam
On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote So how far does someone have to go before getting banned from the list? Is this not far enough yet? he just come back with another sender email, with another reply-to, it will be endless banning new email adresses -- xpoint
Re: .cn domain age query?
- Karsten Bräckelmann guent...@rudersport.de wrote:
| On Mon, 2009-09-14 at 18:55 +0100, --[ UxBoD ]-- wrote:
| | Still working fine for me here, 51 hits so far today against DOB.
|
| Not come across that RBL before! Thanks :)
|
| grep _DOB *.cf# Part of the stock rule-set.
|
|
| --
| char
| *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
| main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8?
| c=1:
| (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){
| putchar(t[s]);h=m;s=0; }}}
|
How dumb me be ;) Thanks Karsten :D
Should have checked ... Been to busy defending a previous naughty OP ;)
Best Regards,
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
- Benny Pedersen m...@junc.org wrote: | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote | So how far does someone have to go before getting banned from the | list? Is this not far enough yet? | | he just come back with another sender email, with another reply-to, it | | will be endless banning new email adresses | | -- | xpoint | | Blocked now @ FW .. Will contact Zen tomorrow and report as the OP is in violation of the ISP AUP. Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote: - Benny Pedersen m...@junc.org wrote: | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote | So how far does someone have to go before getting banned from the | list? Is this not far enough yet? | | he just come back with another sender email, with another reply-to, it | | will be endless banning new email adresses | | -- | xpoint | | Blocked now @ FW .. Will contact Zen tomorrow and report as the OP is in violation of the ISP AUP. go *right* ahead. Here you go: ab...@zen.co.uk I guess it will take a retard like you a *whole* day to find it. Best Regards, -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: .cn domain age query?
On Mon, 2009-09-14 at 19:51 +0100, UxBoD wrote:
- Karsten Bräckelmann wrote:
| grep _DOB *.cf# Part of the stock rule-set.
How dumb me be ;) Thanks Karsten :D
Heh, no problem. :) Just figured I should spare you the time of adding
it, and prevent you from scoring twice.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Non scoring 'Bank Deposit' spam
- Clunk Werclick mailbacku...@googlemail.com wrote: | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote: | - Benny Pedersen m...@junc.org wrote: | | | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote | | So how far does someone have to go before getting banned from | the | | list? Is this not far enough yet? | | | | he just come back with another sender email, with another | reply-to, it | | | | will be endless banning new email adresses | | | | -- | | xpoint | | | | | Blocked now @ FW .. Will contact Zen tomorrow and report as the OP | is in violation of the ISP AUP. | | go *right* ahead. Here you go: | ab...@zen.co.uk | | I guess it will take a retard like you a *whole* day to find it. | | | Best Regards, | Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful. It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place? Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery. And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business. I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased. Thank you for your time. Best Regards, -- This message has been scanned for viruses and dangerous content and is believed to be clean. SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote: - Clunk Werclick mailbacku...@googlemail.com wrote: | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote: | - Benny Pedersen m...@junc.org wrote: | | | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote | | So how far does someone have to go before getting banned from | the | | list? Is this not far enough yet? | | | | he just come back with another sender email, with another | reply-to, it | | | | will be endless banning new email adresses | | | | -- | | xpoint | | | | | Blocked now @ FW .. Will contact Zen tomorrow and report as the OP | is in violation of the ISP AUP. | | go *right* ahead. Here you go: | ab...@zen.co.uk | | I guess it will take a retard like you a *whole* day to find it. | | | Best Regards, | Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful. It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place? Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery. And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business. I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased. Thank you for your time. Best Regards, And had you not taken to emailing me off list, you would have been spared the abuse you deserved. Grow up with your 'DoS' crap. I look forward to hearing from Zen. Keep you shitty posts *on* list in future. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
--[ UxBoD ]-- wrote: - Clunk Werclick mailbacku...@googlemail.com wrote: | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote: | - Benny Pedersen m...@junc.org wrote: | | | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote | | So how far does someone have to go before getting banned from | the | | list? Is this not far enough yet? | | | | he just come back with another sender email, with another | reply-to, it | | | | will be endless banning new email adresses | | | | -- | | xpoint | | | | | Blocked now @ FW .. Will contact Zen tomorrow and report as the OP | is in violation of the ISP AUP. | | go *right* ahead. Here you go: | ab...@zen.co.uk | | I guess it will take a retard like you a *whole* day to find it. | | | Best Regards, | Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful. It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place? Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery. And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business. You might also consider reporting his googlemail address to Google, as well, and provide proof of the denial of smtp server attack he ran against your mail server. That should get his account shutdown, as well. I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased. Don't waste your breath (keystrokes) on this guy, he has no common sense - things like this are way beyond his comprehension level. Bill
Re: .cn domain age query?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Let's try this again with sending to the list. Sorry Mike! Mike Cardwell wrote: That wouldn't help in this particular case: All domains registered in the last 5 days under the .BIZ, .COM, .INFO, .NAME, .NET and .US TLDs Doesn't work for .cn's, or any other country level tld's (apart from .us) Unfortunately, ccTLDs aren't very cooperative in matters such as this. There are a few exceptions but most of them will ignore requests for zone file access or outright tell you they can't for security reasons. The operators of the .cn TLD are unwilling to work with me at all. If anyone has any contacts at various ccTLDs that are willing to grant people access to zone files then please let the list know. I'm sure there are several others that would like to get access. - --Blaine -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAkqunckACgkQLp9/dJH6k+MKQwCgh+9L8+5edKSwRKUAcelT1BDR hQUAn2beU0Vy4oFULDaZjh8IQluQ7exT =ZO2c -END PGP SIGNATURE-
Re: Non scoring 'Bank Deposit' spam
Clunk Werclick wrote: On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote: - Clunk Werclick mailbacku...@googlemail.com wrote: | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote: | - Benny Pedersen m...@junc.org wrote: | | | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote | | So how far does someone have to go before getting banned from | the | | list? Is this not far enough yet? | | | | he just come back with another sender email, with another | reply-to, it | | | | will be endless banning new email adresses | | | | -- | | xpoint | | | | | Blocked now @ FW .. Will contact Zen tomorrow and report as the OP | is in violation of the ISP AUP. | | go *right* ahead. Here you go: | ab...@zen.co.uk | | I guess it will take a retard like you a *whole* day to find it. | | | Best Regards, | Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful. It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place? Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery. And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business. I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased. Thank you for your time. Best Regards, And had you not taken to emailing me off list, you would have been spared the abuse you deserved. Grow up with your 'DoS' crap. I look forward to hearing from Zen. Keep you shitty posts *on* list in future. Are all of the list admins on vacation? This kind of crap would not be tolerated on most lists I'm subscribed to. This stuff happens way too often on this list without repercussion. If the list admins don't put a stop to these kinds of posts, expect people to start unsubscribing, as it's not just not worth the hassle. Bill
Re: Non scoring 'Bank Deposit' spam
On Mon, 2009-09-14 at 12:49 -0700, Bill Landry wrote: Clunk Werclick wrote: On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote: - Clunk Werclick mailbacku...@googlemail.com wrote: | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote: | - Benny Pedersen m...@junc.org wrote: | | | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote | | So how far does someone have to go before getting banned from | the | | list? Is this not far enough yet? | | | | he just come back with another sender email, with another | reply-to, it | | | | will be endless banning new email adresses | | | | -- | | xpoint | | | | | Blocked now @ FW .. Will contact Zen tomorrow and report as the OP | is in violation of the ISP AUP. | | go *right* ahead. Here you go: | ab...@zen.co.uk | | I guess it will take a retard like you a *whole* day to find it. | | | Best Regards, | Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful. It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place? Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery. And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business. I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased. Thank you for your time. Best Regards, And had you not taken to emailing me off list, you would have been spared the abuse you deserved. Grow up with your 'DoS' crap. I look forward to hearing from Zen. Keep you shitty posts *on* list in future. Are all of the list admins on vacation? This kind of crap would not be tolerated on most lists I'm subscribed to. This stuff happens way too often on this list without repercussion. If the list admins don't put a stop to these kinds of posts, expect people to start unsubscribing, as it's not just not worth the hassle. Bill Then stop following it up to try and be smart. If it's not of interest to you, just shut the fuck up and ignore it twonk. -- --- C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only to be used as an e-mail and an attachment. Any use of it for other purposes other than as an e-mail and an attachment will not be covered by any warranty that may or may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
From: LuKreme krem...@kreme.com
Sent: Monday, 2009/September/14 09:38
On 14-Sep-2009, at 10:17, jdow wrote:
:0
* 9876543210^0 ^From: .*\mailbacku...@googlemail.com\
* 9876543210^0 ^From:.*clunk\.wercl...@wibblywobblyteapot\.co\.uk
/dev/null
Will work better. (and you don't need a lock on /dev/null)
Simply used * ^From:.*wibblywobblyteapot\.co\.uk
And the basic formula has a lock for writing to a file. I use it
for pre-sorting things I might want to look at sometime but do not
want in my normal mail.
===8--- (This one is for a ham radio rectal cranial inversion case.)
:0:
* ^From: .*\bcrow...@excite\.com
/$HOME/mail/billygoat
===8---
Cut and past is quick even if it does lead to locks on /dev/null writes.
{^_-}
Re: Non scoring 'Bank Deposit' spam
On man 14 sep 2009 20:52:29 CEST, --[ UxBoD ]-- wrote Blocked now @ FW .. Will contact Zen tomorrow and report as the OP is in violation of the ISP AUP. i use sa2dnsbl plugin, it have aroud 400 ips not listed elsewhere :) wondered if zen wants my data ? -- xpoint
Spamc issues with remote userprefs
Hi,
We're rebuilding a mail server and are having some issues with SQL-based
SA preference lookups. We're running Postfix 2.5.5 and SA 3.2.5 (Debian
Lenny version) - here's our Postfix config from master.cf:
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -u ${user} -e /usr/sbin/sendmail -oi -f
${sender} ${recipient}
old non-lookup line:
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender}
${recipient}
What's happening is that individual incoming messages get handed off to
SA using the spamc command above, but SA is only processing the first
message and never handing it back to Postfix, while the other messages
never seem to get processed at all (nothing at all about them in the
logs). The old non-lookup line works fine. Has anyone here experienced
similar issues?
Ryan Thoryk
--
Ryan Thoryk
System Administrator
onShore Networks, LLC
completeIT® services
1407 West Chicago Avenue
Chicago, Illinois 60642-5231
312.850.5200 x146
ry...@onshore.com
www.onshore.com
Drivel
On Mon, 14 Sep 2009, Clunk Werclick wrote: (more drivel) Good users all. Never heard of a troll? Nonsensical. Irritating. Taunting. Best defense against this kind of childish antic is to IGNORE it. Yes, a firewall setting doesn't hurt. - Charles
Re: Non scoring 'Bank Deposit' spam
On man 14 sep 2009 15:46:22 CEST, Mark Martinec wrote
Benny, I very much agree with you, the /16 is too wide, and I've
seen cases where good and bad sites share the same /16 address range.
is the dkim awl not solveing it in 3.3 ?
why is spf not added ?
Would you please open a problem report on this. Perhaps there's
still time to get it to a 3.3.
i created a patch to 3.2.5
diff -urp
sa/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm
sa-patch/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm
---
sa/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm 2008-06-10
11:20:22.0 +0200
+++
sa-patch/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm 2009-09-14 23:36:51.0
+0200
@@ -271,7 +271,9 @@ sub pack_addr {
# the user running add-addr-to-*.
$origip = 'none';
} else {
-$origip =~ s/\.\d{1,3}\.\d{1,3}$//gs;
+# patch 3.2.5 to use /24 where default is /16
+# $origip =~ s/\.\d{1,3}\.\d{1,3}$//gs;
+$origip =~ s/\.\d{1,3}\.\d{1,3}\.\d{1,3}$//gs;
}
$origip =~ s/[^0-9\.noe]/_/gs; # paranoia
warning i dont know perl to be sure its working :)
hope this is all that is needed to change the hardcoded /16 to hardcoded /24
--
xpoint
RE: Non scoring 'Bank Deposit' spam
-Original Message- From: --[ UxBoD ]-- [mailto:ux...@splatnix.net] Sent: Monday, 14 September 2009 11:27 p.m. To: Matus UHLAR - fantomas Cc: users@spamassassin.apache.org Subject: Re: Non scoring 'Bank Deposit' spam - Matus UHLAR - fantomas uh...@fantomas.sk wrote: | On 12-Sep-2009, at 10:27, Clunk Werclick wrote: | I disagree. It can do as much harm as good. My own view and | observation from the past have rendered it pointless in my | context. It | adds latency, is easily poisoned and rarely makes much | difference to | the score. I do appreciate some people like it, but my own | view is | spam has moved on beyond the point of it being useful. | |On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote: | Facts? we don't need no pesky facts. You are very | misinformed. | | On 14.09.09 08:48, Clunk Werclick wrote: |Myself, I've seen some very poor Bayesian databases where users | have |been allowed to categorize mail as spam-v-ham. One company who | deal with |Pharmaceuticals for famine relief in Uganda and other poor | African |countries found bayes to mess with their core mail to a point | that made |it worthless in their context. | | On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote: | I would say that is a result of badly trained BAYES, not fgrom its | bad | design. | | On 14.09.09 12:06, Clunk Werclick wrote: | The *issue* with bayes is it *can* have user input. Would you trust | your | users influencing system wide policy? | | That only happens if you allow your users to train system-wide BAYES. | However this is usually also called misconfiguration - in common | situations either users have their own bayes databases, or they can't | train | the site-wide one. | | If you insist on not using bayes, just because it can be | mistrained, | better don't use any configurable software, because _everything_ | configurable will go wrong if miscongured. | | I've already stated I'll try it. So read the fucking follow up | before | shouting your thick foreign mouth off you stupid cunt! | | I have read your previous posts, I only wanted to react on some of | your | arguments. I would post the private email I received from Clunk but I will not lower myself or expose the list to such vulgarity. Why not? Everyone else seems to be able to get away with it! M.
RE: Drivel
-Original Message- From: Charles Gregory [mailto:cgreg...@hwcn.org] Sent: Tuesday, 15 September 2009 9:34 a.m. To: users@spamassassin.apache.org Subject: Drivel On Mon, 14 Sep 2009, Clunk Werclick wrote: (more drivel) Good users all. Never heard of a troll? Nonsensical. Irritating. Taunting. Best defense against this kind of childish antic is to IGNORE it. Yes, a firewall setting doesn't hurt. Yes, and as previously asked, where are the list moderators? On a very long smoke break? Sure we can Ignore it. That doesn't mean that a list moderator shouldn't get involved and solve the problem. Should be pretty easy to do, right? There have been too many cases recently. Cheers, Mike
Re: Spamc issues with remote userprefs
Hi,
We're rebuilding a mail server and are having some issues
with SQL-based SA preference lookups. We're running
Postfix 2.5.5 and SA 3.2.5 (Debian Lenny version) -
here's our Postfix config from master.cf:
spamassassin unix - n n - -
pipe
user=spamd argv=/usr/bin/spamc -u ${user} -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
old non-lookup line:
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}
What's happening is that individual incoming messages get
handed off to SA using the spamc command above, but SA is
only processing the first message and never handing it
back to Postfix, while the other messages never seem to
get processed at all (nothing at all about them in the
logs). The old non-lookup line works fine. Has anyone
here experienced similar issues?
Ryan Thoryk
The old non-lookup line works fine
spamc has no option -f
How can that work fine?
If the old line works fine, why do you try to raplace with a new line?
Re: Spamc issues with remote userprefs
Quoting Jari Fredriksson ja...@iki.fi:
Hi,
We're rebuilding a mail server and are having some issues
with SQL-based SA preference lookups. We're running
Postfix 2.5.5 and SA 3.2.5 (Debian Lenny version) -
here's our Postfix config from master.cf:
spamassassin unix - n n - -
pipe
user=spamd argv=/usr/bin/spamc -u ${user} -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
old non-lookup line:
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}
What's happening is that individual incoming messages get
handed off to SA using the spamc command above, but SA is
only processing the first message and never handing it
back to Postfix, while the other messages never seem to
get processed at all (nothing at all about them in the
logs). The old non-lookup line works fine. Has anyone
here experienced similar issues?
Ryan Thoryk
The old non-lookup line works fine
spamc has no option -f
How can that work fine?
If the old line works fine, why do you try to raplace with a new line?
You are correct. It is a sendmail option. This is what I have:
spamass unix - n n - 6 pipe
user=spamd argv=/usr/local/bin/spamc -u ${recipient} -s 524288
-e /usr/local/sbin/sendmail -oi -f ${sender} ${recipient}
Sorry for the confusion.
