Re: ANNOUNCE: Apache SpamAssassin 3.3.0-alpha2 available
* Justin Mason j...@jmason.org: Apache SpamAssassin 3.3.0-alpha2 is now available for testing. Downloads are available from: http://people.apache.org/~jm/devel/ md5sum of archive files: 1b396a9df1faa22185263c7526fe6042 Mail-SpamAssassin-3.3.0-alpha2.tar.bz2 sa-update fails with: # /usr/local/bin/sa-update --channel updates.spamassassin.org \ --gpgkey 856AA88A \ --gpgkey 6C6191E3 \ --gpgkey BDE9DC10 rules: failed to run __RCVD_IN_2WEEKS test, skipping: (Can't locate object method received_within_months via package Mail::SpamAssassin::PerMsgStatus at (eval 783) line 19. ) channel: lint check of update failed, channel failed What am I doing wrong?
Re: ANNOUNCE: Apache SpamAssassin 3.3.0-alpha2 available
On Thu, 2009-10-08 at 15:10 +0200, Ralf Hildebrandt wrote:
1b396a9df1faa22185263c7526fe6042 Mail-SpamAssassin-3.3.0-alpha2.tar.bz2
sa-update fails with:
rules: failed to run __RCVD_IN_2WEEKS test, skipping:
(Can't locate object method received_within_months via package
Mail::SpamAssassin::PerMsgStatus at (eval 783) line 19.
)
channel: lint check of update failed, channel failed
From memory, I believe that eval function has been added to the code
after the alpha2 tarball.
With the very latest rules from SVN, you'd need SA from trunk. Sorry.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: ANNOUNCE: Apache SpamAssassin 3.3.0-alpha2 available
* Karsten Bräckelmann guent...@rudersport.de: From memory, I believe that eval function has been added to the code after the alpha2 tarball. With the very latest rules from SVN, you'd need SA from trunk. Sorry. Yes, that fixed it -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Subject Rewrite Based on Score
Spamassassin Version 3.2.5 I am curious if it is possible to rewrite the subject based on the value of the score. A example of this would be if a score of 4.0 was given the subject would state [Potential Spam], but if it was 5.0-10.0 then it is [SPAM] if it was greater then 10.0 it would be [SUPER SPAM]. I understand this may seem odd but I am just trying to fill the request of the client and what they want. I would appreciate any incite, I am willing to do the scripting for this if needed, but I would appreciate a point in the right direction please. Thank you, Shane M. Webster
Re: Subject Rewrite Based on Score
Shane Webster wrote: Spamassassin Version 3.2.5 I am curious if it is possible to rewrite the subject based on the value of the score. A example of this would be if a score of 4.0 was given the subject would state [Potential Spam], but if it was 5.0-10.0 then it is [SPAM] if it was greater then 10.0 it would be [SUPER SPAM]. I understand this may seem odd but I am just trying to fill the request of the client and what they want. It can be done, but not with SpamAssassin. You'll need to work with the program that calls SA. I use MIMEDefang for conditional actions, but there are others.
Re: Subject Rewrite Based on Score
To be honest it sounds like you want MailScanner. Eddie Hallahan Enterprise Management Consulting www.emcuk.com Enterprise Management Consulting is a company registered in England and Wales with company number 3134544. VAT registration number is 681038440. Shane Webster wrote: Spamassassin Version 3.2.5 I am curious if it is possible to rewrite the subject based on the value of the score. A example of this would be if a score of 4.0 was given the subject would state [Potential Spam], but if it was 5.0-10.0 then it is [SPAM] if it was greater then 10.0 it would be [SUPER SPAM]. I understand this may seem odd but I am just trying to fill the request of the client and what they want. I would appreciate any incite, I am willing to do the scripting for this if needed, but I would appreciate a point in the right direction please. Thank you, Shane M. Webster
Re: Subject Rewrite Based on Score
On Thu, 2009-10-08 at 12:01 -0400, Jason Bertoch wrote:
Shane Webster wrote:
I am curious if it is possible to rewrite the subject based on the value
of the score. A example of this would be if a score of 4.0 was given the
subject would state [Potential Spam], but if it was 5.0-10.0 then it is
[SPAM] if it was greater then 10.0 it would be [SUPER SPAM]. I
understand this may seem odd but I am just trying to fill the request of
the client and what they want.
The generic option available with SA is, to use the score template tag
for the rewrite_header config.
It can be done, but not with SpamAssassin. You'll need to work with the
program that calls SA.
This actually should quite easily be doable with a plugin.
Basically, you need a plugin that defines a template tag, with the value
depending on the score. Then use that template tag for Subject
rewriting.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Subject Rewrite Based on Score
I will look into doing this, thank you. On Thu, 2009-10-08 at 19:02 +0200, Karsten Bräckelmann wrote: On Thu, 2009-10-08 at 12:01 -0400, Jason Bertoch wrote: Shane Webster wrote: I am curious if it is possible to rewrite the subject based on the value of the score. A example of this would be if a score of 4.0 was given the subject would state [Potential Spam], but if it was 5.0-10.0 then it is [SPAM] if it was greater then 10.0 it would be [SUPER SPAM]. I understand this may seem odd but I am just trying to fill the request of the client and what they want. The generic option available with SA is, to use the score template tag for the rewrite_header config. It can be done, but not with SpamAssassin. You'll need to work with the program that calls SA. This actually should quite easily be doable with a plugin. Basically, you need a plugin that defines a template tag, with the value depending on the score. Then use that template tag for Subject rewriting.
Re: Subject Rewrite Based on Score
Spamassassin Version 3.2.5 I am curious if it is possible to rewrite the subject based on the value of the score. A example of this would be if a score of 4.0 was given the subject would state [Potential Spam], but if it was 5.0-10.0 then it is [SPAM] if it was greater then 10.0 it would be [SUPER SPAM]. I understand this may seem odd but I am just trying to fill the request of the client and what they want. I would appreciate any incite, I am willing to do the scripting for this if needed, but I would appreciate a point in the right direction please. It is possible to use X-Spam-Level: header to check out the spamminess level. That may or not be what your client needs. I use that for the exact purpose I image they are needing. It's sometimes better to offer an alternative solution to what the client asks.. Dunno.
Re: Subject Rewrite Based on Score
I actually would be doing that but the filter does not know how to handle int(), so I would have to build a filter for all possible number combinations, but if I could just get SA to do the basic math for me and write a header or subject I can filter off of that. On Thu, 2009-10-08 at 20:21 +0300, Jari Fredriksson wrote: Spamassassin Version 3.2.5 I am curious if it is possible to rewrite the subject based on the value of the score. A example of this would be if a score of 4.0 was given the subject would state [Potential Spam], but if it was 5.0-10.0 then it is [SPAM] if it was greater then 10.0 it would be [SUPER SPAM]. I understand this may seem odd but I am just trying to fill the request of the client and what they want. I would appreciate any incite, I am willing to do the scripting for this if needed, but I would appreciate a point in the right direction please. It is possible to use X-Spam-Level: header to check out the spamminess level. That may or not be what your client needs. I use that for the exact purpose I image they are needing. It's sometimes better to offer an alternative solution to what the client asks.. Dunno.
Re: Subject Rewrite Based on Score
On Thursday 08 October 2009 19:26:10 Shane Webster wrote: I actually would be doing that but the filter does not know how to handle int(), so I would have to build a filter for all possible number combinations, but if I could just get SA to do the basic math for me and write a header or subject I can filter off of that. If integer thresholds suffice for the purpose, you can just match on the number of asterisks (or whichever characters) in the X-Spam-Level header field. Mark
Re: Subject Rewrite Based on Score
On Thu, 8 Oct 2009, Shane Webster wrote: I actually would be doing that but the filter does not know how to handle int(), so I would have to build a filter for all possible number combinations, You could check the asterisks in X-Spam-Level: if match X-Spam-Level: ** subject - [ULTRA SPAM] else if match X-Spam-Level: * subject - [SPAM] else if match X-Spam-Level: *** subject - [POSSIBLE SPAM] -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The difference is that Unix has had thirty years of technical types demanding basic functionality of it. And the Macintosh has had fifteen years of interface fascist users shaping its progress. Windows has the hairpin turns of the Microsoft marketing machine and that's all.-- Red Drag Diva --- 7 days since a sunspot last seen - EPA blames CO2 emissions
Re: Subject Rewrite Based on Score
Hi, I actually would be doing that but the filter does not know how to handle int(), so I would have to build a filter for all possible number combinations, but if I could just get SA to do the basic math for me and write a header or subject I can filter off of that. We do something similar here using a procmail/formail script which calls a perl script to match on X-Spam-Status then rewrite the subject to include the bayes score prepended to the subject. We then use a few procmail rules to filter the mail based on the bayes score for analysis. Regards, Alex
Re: Subject Rewrite Based on Score
On tor 08 okt 2009 19:26:10 CEST, Shane Webster wrote I actually would be doing that but the filter does not know how to handle int(), try using: X-Spam-Level header so -- xpoint
Re: Subject Rewrite Based on Score
On 8-Oct-2009, at 09:39, Shane Webster wrote: I am curious if it is possible to rewrite the subject based on the value of the score. A example of this would be if a score of 4.0 was given the subject would state [Potential Spam], but if it was 5.0-10.0 then it is [SPAM] if it was greater then 10.0 it would be [SUPER SPAM]. I understand this may seem odd but I am just trying to fill the request of the client and what they want. You can do this easily with procmail. :0 * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\* | formail -ISubject: SUPER SPAM :0E :0 * ^X-Spam-Level: \*\*\*\*\* | formail -ISubject: SPAM :0E :0 * ^X-Spam-Level: \*\*\*\*\ | formail -ISubject: Probable SPAM -- There is a tragic flaw in our precious Constitution, and I don t know what can be done to fix it. This is it: Only nut cases want to be president.
Re: Subject Rewrite Based on Score
On Thu, 2009-10-08 at 13:47 -0400, MySQL Student wrote:
We do something similar here using a procmail/formail script which
calls a perl script to match on X-Spam-Status then rewrite the subject
to include the bayes score prepended to the subject.
*boggle*
That sounds overly complicated and like a lot of wasted cycles. Calling
a Perl script for each message? What you just described sounds a hell of
lot like this light-weight SA configuration:
rewrite_header Subject _BAYES_
However, rather than munging the Subject, I'd strongly suggest to use
something like this, and have SA add a dedicated header.
add_header spam Bayes _BAYES_
See the Template Tags section in the Conf documentation.
We then use a few procmail rules to filter the mail based on the bayes
score for analysis.
Yes, use the dedicated header as per above. There is NO need to mess
with the Subject or any commonly user-visible header, for analysis. Even
less so, when using something like procmail, which perfectly understands
headers.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Subject Rewrite Based on Score
On Thu, 8 Oct 2009, LuKreme wrote: You can do this easily with procmail. DOGPILE! :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- You do not examine legislation in the light of the benefits it will convey if properly administered, but in the light of the wrongs it would do and the harms it would cause if improperly administered. -- Lyndon B. Johnson --- 7 days since a sunspot last seen - EPA blames CO2 emissions
Re: Subject Rewrite Based on Score
From: Jason Bertoch ja...@i6ix.com
Sent: Thursday, 2009/October/08 09:01
Shane Webster wrote:
Spamassassin Version 3.2.5
I am curious if it is possible to rewrite the subject based on the value
of the score. A example of this would be if a score of 4.0 was given the
subject would state [Potential Spam], but if it was 5.0-10.0 then it is
[SPAM] if it was greater then 10.0 it would be [SUPER SPAM]. I
understand this may seem odd but I am just trying to fill the request of
the client and what they want.
It can be done, but not with SpamAssassin. You'll need to work with the
program that calls SA. I use MIMEDefang for conditional actions, but
there are others.
rewrite_header Subject *SPAM* _SCORE(00)_ **
The result looks like this for spam:
Subject: *SPAM* 065.8 ** RE: Pharmacy Online Sale 88% OFF!
Note that you can sort the spam by score by sorting by subject.
{^_^}
Re: Subject Rewrite Based on Score
Hi, That sounds overly complicated and like a lot of wasted cycles. Calling a Perl script for each message? What you just described sounds a hell of lot like this light-weight SA configuration: Yes, I should have mentioned that it is a copy of the mail that users receive and only visible by a single account. It also only occurs once every four hours as the mail is pulled from the spool. Regards, Alex
Re: Subject Rewrite Based on Score
On Thu, 2009-10-08 at 14:45 -0400, MySQL Student wrote:
That sounds overly complicated and like a lot of wasted cycles. Calling
a Perl script for each message? What you just described sounds a hell of
lot like this light-weight SA configuration:
Yes, I should have mentioned that it is a copy of the mail that users
receive and only visible by a single account. It also only occurs once
every four hours as the mail is pulled from the spool.
It still is spawning a Perl process per message. You can do away with
that processing hog, if you use the add_header rule I mentioned before
and have SA do it instead.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Subject Rewrite Based on Score
Hi, It still is spawning a Perl process per message. You can do away with that processing hog, if you use the add_header rule I mentioned before and have SA do it instead. You may be right. I'll have to investigate doing this for this specific user only. Thanks for the info. Thanks, Alex
results in languages other than english
The spamassassin report comes back in English. Is this configurable to return results in languages other than english. Also can a single spamassassin handle returning results in different languages. One user gets the results back in English, while another gets the results back in Korean all on the same instance of SpamAssassin ?? thanks, Anjali -- View this message in context: http://www.nabble.com/results-in-languages-other-than-english-tp25812153p25812153.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Harvested Fresh .cn URIBL
Warren Togami wrote: http://ruleqa.spamassassin.org/20091006-r822170-n/T_CN_URL/detail A very sizeable amount of spam (currently 50%) contains .cn domains that were registered very recently. They keep registering new domains in order to keep ahead of the URIBL's. I have an account here that gets a lot of spam. There have been 263 unique .cn domain names contained within urls in spam message bodies of that account today. All but 94 of them were listed in uribl or surbl. If I do http requests on http://thedomain/ for each of those domains, every single one of the pages returned for all of those domains matches one of the following two regexes: link [^]*href=/themes/express/img/pharmacyexpress\.ico [^]* titlePrestige Replicas : Luxury at affordable prices!/title I wrote a module a while ago when the groups.yahoo.com spam was happening which pulled down those pages and found that every single one of them contained html like this: font color=red size=6bCLICK HERE TO ENTER!/b/font/a I've updated it to do http requests on the .cn domains now too. It uses memcache to avoid repeated requests for the same websites. This is usually the point where someone asks for the source code, even though it's not fully ready for other people to use, so I've temporarily stuck it up at https://secure.grepular.com/WebsiteScanner/ in case anyone wants to pick it a part and use bits of it. -- Mike Cardwell - IT Consultant and LAMP developer Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Re: spam from noave.net 74.63.109.*
Steve Prior a écrit : I started getting spam that was distinctive for having two boxes - one Email Security Information and one Privacy Policy and viewing source indicated the mails came from a server at noave.net 74.63.109.*. I blocked 74.63.109.* and the spam stopped for a while, but I just got my first spam from 74.63.113.30 so it looks like they've got another block of addresses. Is anyone familiar with this outfit? Does this ISP have any legit traffic and what address ranges are assigned to them? snowshoe. block both - the domain (*.noave.net) BTW, noeave.net is listed on uribl. and - the network: 74.63.64.0/18 (74.63.64.0 - 74.63.127.255).
Valid mail from blacklisted dynamic IPs
Hi, I have a set of users that are authorized to use the mail server via pop-before-smtp, but SA catches the mail they send through the system as spam because they are on blacklisted Verizon or Comcast IPs: X-Spam-Status: Yes, hits=5.4 tag1=-300.0 tag2=5.0 kill=5.0 use_bayes=1 tests=BAYES_50, BOTNET, FH_HOST_EQ_VERIZON_P, RCVD_IN_PBL, RCVD_IN_SORBS_DUL, RDNS_DYNAMIC, RELAYCOUNTRY_US, SPF_SOFTFAIL I also don't understand how SPF_SOFTFAIL could happen when there wasn't any SPF record to test to begin with. One of the Comcast users: X-Spam-Status: Yes, hits=6.4 tag1=-300.0 tag2=5.0 kill=5.0 use_bayes=1 tests=BAYES_50, BOTNET, DYN_RDNS_SHORT_HELO_HTML, HTML_MESSAGE, RCVD_IN_PBL, RCVD_IN_SORBS_DUL, RDNS_DYNAMIC, RELAYCOUNTRY_US, SPF_SOFTFAIL, SUBJ_ALL_CAPS We are working on better Bayes training, but sans that problem, what is the right way to address this, through a rule that whitelists their specific IP? Another mail that I'm dealing with is one sent by Marriott that hit SARE_HTML_URI_REFID, DCC_CHECK, and AE_DETAILS_WITH_MONEY, among being whitelisted by JMF/HOSTKARMA. I don't know how it hit DCC when there are details in there specific to the user, including account numbers, user names, etc. How should I go about allowing this type of mail without disrupting its ability to block mail that should be blocked with these rules? I'm sure I can add a rule subtracting points if it hits these and comes from Marriott, but I thought there might be something that could address the more general problem rather than this specific one from Marriott. Perhaps I'm making it too hard. Thanks, Alex
Re: Valid mail from blacklisted dynamic IPs
MySQL Student wrote: Hi, I have a set of users that are authorized to use the mail server via pop-before-smtp, but SA catches the mail they send through the system as spam because they are on blacklisted Verizon or Comcast IPs: X-Spam-Status: Yes, hits=5.4 tag1=-300.0 tag2=5.0 kill=5.0 use_bayes=1 tests=BAYES_50, BOTNET, FH_HOST_EQ_VERIZON_P, RCVD_IN_PBL, RCVD_IN_SORBS_DUL, RDNS_DYNAMIC, RELAYCOUNTRY_US, SPF_SOFTFAIL Does your pop-before-smtp method cause your MTA to indicate they've been authed in the Received: header? I also don't understand how SPF_SOFTFAIL could happen when there wasn't any SPF record to test to begin with. Are you sure? What was the envelope from domain for the message? (keep in mind, this checks the envelope from, not the from header..) One of the Comcast users: X-Spam-Status: Yes, hits=6.4 tag1=-300.0 tag2=5.0 kill=5.0 use_bayes=1 tests=BAYES_50, BOTNET, DYN_RDNS_SHORT_HELO_HTML, HTML_MESSAGE, RCVD_IN_PBL, RCVD_IN_SORBS_DUL, RDNS_DYNAMIC, RELAYCOUNTRY_US, SPF_SOFTFAIL, SUBJ_ALL_CAPS We are working on better Bayes training, but sans that problem, what is the right way to address this, through a rule that whitelists their specific IP? Another mail that I'm dealing with is one sent by Marriott that hit SARE_HTML_URI_REFID, DCC_CHECK, and AE_DETAILS_WITH_MONEY, among being whitelisted by JMF/HOSTKARMA. I don't know how it hit DCC when there are details in there specific to the user, including account numbers, user names, etc. Some of DCC's signatures are fuzzy, thus will match similar messages with minor differences. This is done to avoid spammers bypassing by simply adding a text counter to the message, or some other similar bit to make each one unique. Combine that with DCC being strictly a measure of bulkiness not spamminess, and you most likely have your answer. You could run it through dccproc to see which of DCC's signatures matched. As for dealing with it: whitelist Marriott at the SA level (as you suggest) whitelist Marriott at the dcc level remove or severely cut back the score of AE_DETAILS_WITH_MONEY, if you ever actually expect to get important email about traveling to the UAE. Personally I strongly recommend the third option if you're likely to get emails about travel to the UAE. That rule (with the IMO overly strong 3.0 score that floats around) is really designed for people who would never travel there, but get hammered with spam offering trips there. For folks that might actually do so, maybe 0.5 is more appropriate. How should I go about allowing this type of mail without disrupting its ability to block mail that should be blocked with these rules? I'm sure I can add a rule subtracting points if it hits these and comes from Marriott, but I thought there might be something that could address the more general problem rather than this specific one from Marriott. Perhaps I'm making it too hard. Thanks, Alex
Re: results in languages other than english
ahattarki wrote: The spamassassin report comes back in English. Is this configurable to return results in languages other than english. Also can a single spamassassin handle returning results in different languages. One user gets the results back in English, while another gets the results back in Korean all on the same instance of SpamAssassin ?? thanks, Anjali SA reads the LANG enviornment variable when it runs, and if it matches one of the extra language sets (see 30_text_*.cf in the ruleset), then it will use that text set. At present, there's no korean translation set, but it's not difficult to write your own, look at some of the other files for examples. As for switching per-user on the fly, AFAIK sa isn't set up for that. In part, this would require the SA instance to maintain strings for all language sets in memory at the same time. Right know, if I remember right, it only loads strings for the language it is set for at the time the ruleset is parsed during load.
Re: Valid mail from blacklisted dynamic IPs
Hi, Does your pop-before-smtp method cause your MTA to indicate they've been authed in the Received: header? I don't believe so. There doesn't appear to be anything additional in the header relating to pop-b4-smtp. I'm using postfix. Perhaps off-topic, but ideas on how to do this, if you think it would be the right approach? I also don't understand how SPF_SOFTFAIL could happen when there wasn't any SPF record to test to begin with. Are you sure? What was the envelope from domain for the message? (keep in mind, this checks the envelope from, not the from header..) No, I'm not sure. I just don't see anything relating to SPF in the message at all. Some of DCC's signatures are fuzzy, thus will match similar messages with minor differences. This is done to avoid spammers bypassing by Yes, understood. The fuz1 and fuz2 max settings are 99, which I assume is the max possible, set by the previous admin. As for dealing with it: whitelist Marriott at the SA level (as you suggest) whitelist Marriott at the dcc level remove or severely cut back the score of AE_DETAILS_WITH_MONEY, if you ever actually expect to get important email about traveling to the UAE. I've whitelisted the Marriott address. I also actually removed the rule entirely, and just relying on John's excellent lotsa and fillform rules. Thanks very much. Best, Alex
Re: Valid mail from blacklisted dynamic IPs
On Thu, 8 Oct 2009, MySQL Student wrote: Does your pop-before-smtp method cause your MTA to indicate they've been authed in the Received: header? I don't believe so. There doesn't appear to be anything additional in the header relating to pop-b4-smtp. I'm using postfix. Perhaps off-topic, but ideas on how to do this, if you think it would be the right approach? Use SSL or TLS with authentication, if possible. Postfix can handle it, and all modern mail clients should be able to. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Phobias should not be the basis for laws. --- 7 days since a sunspot last seen - EPA blames CO2 emissions
Re: spam from noave.net 74.63.109.*
mouss wrote: snowshoe. block both ... the network: 74.63.64.0/18 (74.63.64.0 - 74.63.127.255) +1 That entire block belongs to FDCservers.net, which, from personal experience, AND based on regular discussions on Spam-L, is considered a snowshoe host (could be by conscious choice, could be by semi-conscious incompetence). They also dev-null SpamCop reports (as recently as August 2009). I've been outright blocking them for most of this year, and scoring them since early 2007. Here's a dump of all of their blocks from my main snowshoe source files (there could be more - one was only recently spotted, thanks to the shiny new Spamhaus-CSS): 66.90.64.0 - 66.90.127.255 67.159.0.0 - 67.159.63.255 74.63.64.0 - 74.63.127.255 204.45.0.0 - 204.45.255.255 208.53.128.0 - 208.53.191.255 As always, it's best to be cautious, since MY Ham is not YOUR Ham. :) When in doubt, score and/or quarantine. - Chip
