Re: ways to react faster to spam attacks
On Wed, March 19, 2008 13:53, Henrik K wrote: Also: http://ixhash.sourceforge.net/ Using all three lists works great here. it olso calc the md5 sum pr lists :/ so internal it can imho be speeded up by a rewrite :) flow: md5 sum rule test #1 test sum on all lists you define md5 sum rule test #2 test sum on all list you define md5 sum rule test #3 test sum on all list you define speed improvements, one thing is now left, what about the scores pr test ? i have disabled the ixhash, and enabled the myixhash with mysql backend, works better :-) Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: ways to react faster to spam attacks
From: Arvid Ephraim Picciani [EMAIL PROTECTED] Organization: IB C SOLUTIONS LTD Date: Mon, 17 Mar 2008 21:43:27 +0100 To: users@spamassassin.apache.org Subject: ways to react faster to spam attacks greetings. most of the spam we get (like 90%) is the usual internet noise. sa filters them perfectly with 10 to 20 points. Unfortunatly from time to time there are waves of very prefessional spam. I wonder how you react on those. Do you quickly hack up an sa rule to filter by specific words? Do you have a central repo for rules? -- I don't know if anyone has mentioned it yet, but you might want to make sure you have razor and DCC running. Both are good at catching new spams as they begin to move around the world. In fact, can react a lot faster than you can in setting up custom keywords. One more thing, the commercial DCC reputation scores give a percentage of 'bulk' for every ip that connects to your system (you need the commercial DCC server and Mark Martinec's patches to DCC.pm so SA can see the scores). best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: ways to react faster to spam attacks
James E. Pratt wrote: -Original Message- From: Arvid Ephraim Picciani [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2008 4:43 PM To: users@spamassassin.apache.org Subject: ways to react faster to spam attacks greetings. most of the spam we get (like 90%) is the usual internet noise. sa filters them perfectly with 10 to 20 points. Unfortunatly from time to time there are waves of very prefessional spam. I wonder how you react on those. Do you quickly hack up an sa rule to filter by specific words? Do you have a central repo for rules? -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani Like these? http://pastebin.com/m159c02de just tested the first: ... Content analysis details: (5.9 points, 5.0 required) pts rule name description -- -- 2.9 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL [82.132.122.145 listed in zen.spamhaus.org] 2.9 TVD_SPACE_RATIOBODY: TVD_SPACE_RATIO 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
Re: ways to react faster to spam attacks
On Tuesday 18 March 2008 02:47:00 James E. Pratt wrote: Like these? rather like this http://rafb.net/p/L5BnTY79.html not really free software. rather warez sales. problem: the url isnt blocked by any blocklist becouse its different in every mail. -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani
Re: ways to react faster to spam attacks
err way way worse. this babelfish translation of the same spam just got autolearned as ham http://rafb.net/p/99iIHK53.html -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani
Re: ways to react faster to spam attacks
On Tuesday 18 March 2008 02:47:00 James E. Pratt wrote: Like these? rather like this http://rafb.net/p/L5BnTY79.html not really free software. rather warez sales. The SARE oem software rules shoudl catch this sort of stuff just dandy. Loren
Re: ways to react faster to spam attacks
On Tuesday 18 March 2008 23:08:03 Loren Wilton wrote: On Tuesday 18 March 2008 02:47:00 James E. Pratt wrote: Like these? rather like this http://rafb.net/p/L5BnTY79.html not really free software. rather warez sales. The SARE oem software rules shoudl catch this sort of stuff just dandy. Loren ah thanks. will read on howto add these. err way way worse. this babelfish translation of the same spam just got autolearned as ham http://rafb.net/p/99iIHK53.html And that one has a geocities url, which shoudl be good for an automatic 2-3 points or more. Loren It's changing too fast :/ -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani
Re: ways to react faster to spam attacks
The SARE oem software rules shoudl catch this sort of stuff just dandy. Loren 0.9 SARE_OEM_PRODS_FEW SARE_OEM_PRODS_FEW 0.4 SARE_PRODUCTS_02 SARE_PRODUCTS_02 not enough :( any aditional rules i could add? -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani
Re: ways to react faster to spam attacks
And that one has a geocities url, which shoudl be good for an automatic 2-3 points or more. It's changing too fast :/ I meant a rule against http://(?:www\.)geocities\b or the like, not against the specific site on geocities. That should be good for about 2 points and help a lot with a real common spam target. It certainly won't get all of your spam, but it will get an amazing amount. Loren
Re: ways to react faster to spam attacks
On Tuesday 18 March 2008 23:28:09 Loren Wilton wrote: And that one has a geocities url, which shoudl be good for an automatic 2-3 points or more. It's changing too fast :/ I meant a rule against http://(?:www\.)geocities\b or the like, not against the specific site on geocities. That should be good for about 2 points and help a lot with a real common spam target. It certainly won't get all of your spam, but it will get an amazing amount. Loren hm indeed. reading how to write rules. thanks alot. -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani
Re: ways to react faster to spam attacks
On Tue, 18 Mar 2008, Arvid Ephraim Picciani wrote: The SARE oem software rules shoudl catch this sort of stuff just dandy. 0.9 SARE_OEM_PRODS_FEW SARE_OEM_PRODS_FEW 0.4 SARE_PRODUCTS_02 SARE_PRODUCTS_02 not enough :( any aditional rules i could add? I think the SOUGHT dynamically-generated rules have a bunch of OEMsoftware text... http://wiki.apache.org/spamassassin/SoughtRules -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The yardstick you should use when considering whether to support a given piece of legislation is what if my worst enemy is chosen to administer this law? --- 68 days until the Mars Phoenix lander arrives at Mars
ways to react faster to spam attacks
greetings. most of the spam we get (like 90%) is the usual internet noise. sa filters them perfectly with 10 to 20 points. Unfortunatly from time to time there are waves of very prefessional spam. I wonder how you react on those. Do you quickly hack up an sa rule to filter by specific words? Do you have a central repo for rules? -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani
RE: ways to react faster to spam attacks
-Original Message- From: Arvid Ephraim Picciani [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2008 4:43 PM To: users@spamassassin.apache.org Subject: ways to react faster to spam attacks greetings. most of the spam we get (like 90%) is the usual internet noise. sa filters them perfectly with 10 to 20 points. Unfortunatly from time to time there are waves of very prefessional spam. I wonder how you react on those. Do you quickly hack up an sa rule to filter by specific words? Do you have a central repo for rules? -- best regards/Mit freundlichen Grüßen Arvid Ephraim Picciani Like these? http://pastebin.com/m159c02de (free software. Eww.) Tia,regards, jp