Re: BIG increase in spam today
On 11/2/06, Debbie D [EMAIL PROTECTED] wrote: Yes Chris I did notice.. my server was attacked with spam yesterday morning.. it was coming from several different ip, so fast I could not keep it quiet There's been a lot of chatter about this: http://it.slashdot.org/article.pl?sid=06/11/01/1321226 Actually, it's getting to the extent that some at work are raising questions as to whether our SA setup will be able to maintain adequate protection from this growing onslaught. However, I have a feeling that even the appliance vendors are going to be equally hard pressed to deal with it. Amos
Re: message with drug ad image only
On 12/12/05, Matt Kettler [EMAIL PROTECTED] wrote: (plus DIGEST_MULTIPLE) resulted in 6.27 points. And that's with me trimming down the DCC_CHECK score to 1.5 from 2.17. Any particular reason for this?
Re: SA 3.1.0, PostgreSQL 8.1.0, DBI 1.49, DBD::Pg 1.43
Have folks gotten things to work with previous versions of Postgres and/or DBD-Pg? Since time is tight to fiddle with this box, looks like I'll just continue using DB_File for now. On 12/8/05, Amos [EMAIL PROTECTED] wrote: When I attempt to sa-learn a backup from another system running 3.0.4 with DB_File for the Bayes DB, I get these: [5799] dbg: bayes: tok_get: SQL error: ERROR: invalid input syntax for type bytea [5799] dbg: bayes: _put_token: SQL error: ERROR: invalid input syntax for type bytea [5799] dbg: bayes: error inserting token for line: t_3_23_1134072161_5c96df5ba0 [5799] dbg: bayes: tok_get: SQL error: ERROR: invalid input syntax for type bytea [5799] dbg: bayes: _put_token: SQL error: ERROR: invalid input syntax for type bytea Looks like this may be related to this: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/73358 http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4640 Bummer. Has anybody tried DBD-Pg-1.43_1?
SA 3.1.0, PostgreSQL 8.1.0, DBI 1.49, DBD::Pg 1.43
When I attempt to sa-learn a backup from another system running 3.0.4 with DB_File for the Bayes DB, I get these: [5799] dbg: bayes: tok_get: SQL error: ERROR: invalid input syntax for type bytea [5799] dbg: bayes: _put_token: SQL error: ERROR: invalid input syntax for type bytea [5799] dbg: bayes: error inserting token for line: t_3_23_1134072161_5c96df5ba0 [5799] dbg: bayes: tok_get: SQL error: ERROR: invalid input syntax for type bytea [5799] dbg: bayes: _put_token: SQL error: ERROR: invalid input syntax for type bytea Looks like this may be related to this: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/73358 http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4640 Bummer. Has anybody tried DBD-Pg-1.43_1?
spamcop.net tactics
I must say I'm not particularly thrilled about the tactics employed by SpamCop. At a university it is sometimes difficult to control every single thing that everybody does on campus, unless of course perhaps if this was a complete authoritarian state. We try hard to control and minimize spamming events, but alas, sometimes they happen. Just recently we discovered we've been tagged by spamcop. Since the spamtrap is secrete, there's no way to know what incident triggered this event, which makes it pretty damn difficult to track it down to try to deal with it. Furthermore, a site has only one chance to delist their server. After that, it's a permanent block. So, if we can't tell what source is a problem, only have one chance to delist--EVER--seems to me we're pretty screwed. Lovely. Amos
Re: spamcop.net tactics
On 11/21/05, Jeff Chan [EMAIL PROTECTED] wrote: detect it, then yes your IPs can get blacklisted. The best way to solve that is to stop the emission of spam from your network. It's easier to do when the source is identified. As was already suggested, one good way to do that is to block direct port 25 output from your network and instead direct users Irrelevant in this case since it would appear this incident was instigated by an Exchange user, and Exchange itself is used for sending the mail. (Can Exchange be viewed as virusware?) While SpamCop's trap addresses don't provide visible analyses of headers IIRC, user reports do, so that you can see how the We never received a user report, nor was a report visible using our account, only the indication of the IP being blocked. (Perhaps our greylisting blocked the user report.) You can also sign up for an account that gives periodic reports for your networks. Yup. Already have. As has already been noted, this is not an appropriate place to b!tch about SpamCop. Better to discuss it on the SpamCop forums: Thanks for the reminder, and the followups from others. Amos
