And spammer are becoming more faster as the time goes on.. Is it
convenient to use gray listing
newer bots retry, so GL is only effective is the time
interval is large enough, but that's not a neutral thing so
should be restricted to suspicious mail. That's what I use GL
for anyway.
Hi,
ram wrote:
On Tue, 2008-02-26 at 08:49 +, Anthony Peacock wrote:
Hi,
I have just received a number of spam emails which got through the
filtering system because they hit the HABEAS_ACCREDITED_COI rule, which
give them -8. They all came to role based addresses that are never used
On 26.02.08 19:20, Miguel Angel wrote:
They are getting high score because are using dynamic ip ranges and they
match rbl lists.
If you relay mail from your dynamic addresses w/o authentication, they
should be in your trusted_networks. Then they'll get ALL_TRUSTED and
probably DOS_*_TO_MX,
Rocco Scappatura wrote:
And spammer are becoming more faster as the time goes on.. Is it
convenient to use gray listing
newer bots retry, so GL is only effective is the time
interval is large enough, but that's not a neutral thing so
should be restricted to suspicious mail. That's what
On 26.02.08 19:20, Miguel Angel wrote:
They are getting high score because are using dynamic ip ranges and they
match rbl lists.
If you relay mail from your dynamic addresses w/o authentication, they
should be in your trusted_networks. Then they'll get ALL_TRUSTED and
probably DOS_*_TO_MX,
On Wed, 2008-02-27 at 08:21 +, Anthony Peacock wrote:
For anyone interested here is the full email (well one of them)...
http://www.chime.ucl.ac.uk/~rmhiajp/habeas-misfire.eml
Looks to me as though someone has found a way to abuse ning.com's
platform/systems. I suspect they'd be very
Hi Jason,
This is and always has been documented behaviour in Qmail-Scanner.
Please read the FAQ
I tried to find the link but I have not found. You may send me the
right link?
Cheers
--
Massimiliano Marini - http://www.linuxtime.it/massimilianomarini/
It's easier to invent the future than to
On 26.02.08 11:18, Igor Chudov wrote:
If I recall correctly...
This Habeas is some sort of a braindead business idea to insert an
unauthenticated header in bodies of legitimate emails coming from
their customers, to assure spam filters that the email is legitimate.
afaiuc, Habeas is sort
On 26.02.08 11:56, Russell Jones wrote:
For some reason spamd is not scoring email nearly as high as
spamassassin scores if you run the message through manually. I do not
understand this, and it is causing spam to get through that should have
been blocked. As you can see when running
Marc Perkel wrote:
Postfix allows you to use blacklists as follows:
reject_rbl_client blacklist.junkemailfilter.com
Does Postfix allow you to use white lists? If so - what's the syntax?
I'm about to publish my whitelist for Postfix.
No. DNSWL offer an rsync access. This is better for
On 26.02.08 19:30, aritza sobrinos wrote:
Im getting false positives like this:
X-Spam-Status: Yes, score=3.776 tag=x tag2=3.5 kill=3.5 tests=[BAYES_50=
0.001,
HTML_10_20=0.246, HTML_MESSAGE=0.001, HTML_SHORT_LENGTH=0.389,
SPF_HELO_SOFTFAIL=3.14, SPF_PASS=-0.001]
SPF_HELO_SOFTFAIL
On 2/27/2008 10:16 AM, Derek Harding wrote:
On Wed, 2008-02-27 at 08:21 +, Anthony Peacock wrote:
For anyone interested here is the full email (well one of them)...
http://www.chime.ucl.ac.uk/~rmhiajp/habeas-misfire.eml
Looks to me as though someone has found a way to abuse ning.com's
Derek Harding writes:
On Wed, 2008-02-27 at 08:21 +, Anthony Peacock wrote:
For anyone interested here is the full email (well one of them)...
http://www.chime.ucl.ac.uk/~rmhiajp/habeas-misfire.eml
Looks to me as though someone has found a way to abuse ning.com's
http://www.chime.ucl.ac.uk/~rmhiajp/habeas-misfire.eml
disable DomainKey plugin and add DKIM plugin will help on that msg
and search on DKIM mta scores for not being sent from a DKIM signer
Hi Benny,
Benny Pedersen wrote:
http://www.chime.ucl.ac.uk/~rmhiajp/habeas-misfire.eml
disable DomainKey plugin and add DKIM plugin will help on that msg
and search on DKIM mta scores for not being sent from a DKIM signer
I will have a look at this.
But I have already made sufficient
policyd works a treat :) V2 is also in development aswell.
Regards,
--
--[ UxBoD ]--
// PGP Key: curl -s http://www.splatnix.net/uxbod.asc | gpg --import
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID: 0x2C5A3A84
// Phone: +44 845 869
--[ UxBoD ]-- wrote:
policyd works a treat :) V2 is also in development aswell.
it's not the same. I don't know why they call it V2.
As far as I know, Cami is no more involved. so I would stick with the
current (which is a single C threaded program).
policyd works a treat :) V2 is also in development aswell.
I will take in account your judge..
:-)
rocsca
What do I need to set up GL? Only the command below or there is
something other parameter that I could set up (eg: the time spent
before a message is accepted and so on)?
of course, you need to install a policy server! Cami's
policyd is a good choice (it also has other features
Matthias Leisi wrote:
mouss schrieb:
| Does Postfix allow you to use white lists? If so - what's the syntax?
| I'm about to publish my whitelist for Postfix.
|
|
| No. DNSWL offer an rsync access.
That's the exact reason we offer rsync access *to a specially formatted
file* (see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
mouss schrieb:
| Does Postfix allow you to use white lists? If so - what's the syntax?
| I'm about to publish my whitelist for Postfix.
|
|
| No. DNSWL offer an rsync access.
That's the exact reason we offer rsync access *to a specially formatted
Hi,
Here http://pastebin.com/m309761a5
Thank
--
View this message in context:
http://www.nabble.com/Need-rule-for-this-type-of-spam-tp15714057p15714459.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
score here as follows :-
Content analysis details: (17.1 points, 5.0 required)
pts rule name description
-- --
5.0 BOTNET Relay might be a spambot or virusbot
Hi,
My spamassassin setup work great but I receive alot spam like this :
Subject: M!cro soft Office_2OO7 for XP,Vis+a 79. Retail 838 -save 2466-
sas jmp statistical discovery 7 - 129
use -newsoftdeal .com- |n Web Browser
Erase - before you use |n Web Browser
ulead photoImpact x3 - 29
intuit
Matthias Leisi wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
mouss schrieb:
| Does Postfix allow you to use white lists? If so - what's the syntax?
| I'm about to publish my whitelist for Postfix.
|
|
| No. DNSWL offer an rsync access.
That's the exact reason we offer rsync access
Hello Everyone,
My hostkarma black/white/yellow lists were too complex to be accessed by
Postfix. So I have created a Postfix compatible blacklist for those of
you who want to bounce a lot of spam before routing it into SA.
reject_rbl_client blacklist.junkemailfilter.com
If you're using
please post the full message via something like pastebin. we need to see the
headers aswell.
Regards,
--
--[ UxBoD ]--
// PGP Key: curl -s http://www.splatnix.net/uxbod.asc | gpg --import
// Fingerprint: F57A 0CBD DD19 79E9 1FCC A612 CB36 D89D 2C5A 3A84
// Keyserver: www.keyserver.net Key-ID:
I will check that.
Thank a lot
--[ UxBoD ]-- wrote:
score here as follows :-
Content analysis details: (17.1 points, 5.0 required)
pts rule name description
--
--
5.0 BOTNET
It appears that Postfix only does DNS blacklists and not whitelists
then. I was going to publish my whitelist and Postfix instructions but I
guess I can't do that.
http://linux.softpedia.com/get/Communications/Email-Filters/maRBL-16435.shtml
this link helps :-)
test for rbl blacklist and if
I have a MIMEDefang(2.63)+SpamAssassin(3.1.9) setup that is catching a lot of
spam, but specific spam messages are slipping through. It appears to be
fairly consistent day-to-day.
If the email is a HTML message, spamassassin will hit on the HTML_MESSAGE
rule and that's it. These spam emails
created a patch so it does
--- /var/lib/spamassassin/3.002004/70_sare_uri_cf_sare_sa-update_dostech_net/200510102200.cf.orig 2008-02-25 06:15:39.0 +0100
+++ /var/lib/spamassassin/3.002004/70_sare_uri_cf_sare_sa-update_dostech_net/200510102200.cf 2008-02-27 18:21:47.0 +0100
@@
everyday i get 2 or three of these coming through.
it seems like they could/should be caught but they often have very low
scores.
they all have yahoo.co.uk in the from address
---example1---
---
headers
---
From: [EMAIL PROTECTED]
This email was received and is very much spam, (February 77% off, Viagra
HTML spam), and was sent to this user FROM this user (which they
obviously did not spam themselves). What can I do to make the score
higher than what it was scored, as well as why didn't the SPF fail? The
record for
At 11:02 27-02-2008, Russell Jones wrote:
This email was received and is very much spam, (February 77% off,
Viagra HTML spam), and was sent to this user FROM this user (which
they obviously did not spam themselves). What can I do to make the
score higher than what it was scored, as well as why
Forgot to put this address in CC. In case anyone is interested in
following the convo:
Original Message
Subject:
Re: No SPF_FAIL flag, why?
Date:
Wed, 27 Feb 2008 13:27:52 -0600
From:
Russell Jones [EMAIL
Marc Perkel wrote:
It appears that Postfix only does DNS blacklists and not whitelists
then. I was going to publish my whitelist and Postfix instructions but I
guess I can't do that.
That would be a better question for the postfix-users list. Probably
the way to do this is with the
On Wed, Feb 27, 2008 at 2:50 PM, Bob Proulx [EMAIL PROTECTED] wrote:
Marc Perkel wrote:
It appears that Postfix only does DNS blacklists and not whitelists
then. I was going to publish my whitelist and Postfix instructions but I
guess I can't do that.
That would be a better question
On Wed, Feb 27, 2008 at 3:12 PM, Henrik K [EMAIL PROTECTED] wrote:
On Wed, Feb 27, 2008 at 03:00:49PM -0500, Aaron Wolfe wrote:
On Wed, Feb 27, 2008 at 2:50 PM, Bob Proulx [EMAIL PROTECTED] wrote:
Marc Perkel wrote:
It appears that Postfix only does DNS blacklists and not whitelists
They look like this:
http://docs.google.com/doc?id=MUNGED_MUNGED
I'm not sure if the id is personally identifiable, so MUNGED both halves of
it.
I've only seen two so far, and haven't visited either (again, due to the
potential PII - both samples were from other people).
Very little
I'll give this a shot. thanks
Matt Kettler wrote:
Mike Fahey wrote:
This page specifically uses /etc/mail/spamassassin.
Yeah, I read that the first time. It is wrong. In fact, I'd say it's
stupid.
I'll go edit the wiki article when I get a chance, but I want to have
some time to
On Wed, Feb 27, 2008 at 02:38:50PM -0600, Chip M. wrote:
They look like this:
http://docs.google.com/doc?id=MUNGED_MUNGED
I've added doc to my list of tokens that are word matched in my own
battery of anti Google Tricks tests.
What's the trick here? Looks like a normal docs URL to
At 11:27 27-02-2008, Russell Jones wrote:
That doesn't make sense. Maybe I am misunderstanding this. From openspf.org:
What does SPF actually DO?
Suppose a spammer forges a hotmail.com address and tries to spam you.
They connect from somewhere other than Hotmail.
When his message is sent,
That doesn't make sense. Maybe I am misunderstanding this. From openspf.org:
What does SPF actually DO?
Suppose a spammer forges a hotmail.com address and tries to spam you.
They connect from somewhere other than Hotmail.
When his message is sent, you see MAIL FROM: [EMAIL PROTECTED],
On Wed, 27 Feb 2008, Theo Van Dinter wrote:
What's the trick here? Looks like a normal docs URL to me.
Poor terminology on my part. I am Only An Egg. :)
Is exploit a more correct term?
I meant that this is the latest way that spammers are taking advantage of
the trusting attitude most folks
On Wed, 27 Feb 2008, JP Kelly wrote:
it seems like they could/should be caught but they often have very low
scores.
they all have yahoo.co.uk in the from address
In and of itself, yahoo.co.uk in the From isn't too helpful, unless you
know you'll never get anything legit from there, then you
In article [EMAIL PROTECTED], Chip M.
[EMAIL PROTECTED] writes
A brief search shows this actually started at least a month ago:
http://chris.pirillo.com/2007/01/16/google-docs-spam/
Erm, that's from 13 months ago :-)
Kevin
On Tue, Feb 26, 2008 at 19:13 -0500, Daryl C. W. O'Shea wrote:
[...]
If you or your company would like to fund the development of it, I'm
willing to prioritize the work. Seriously. Otherwise, should have by
now does not apply to free software. Especially free software that is
easily
On 27/02/2008 6:18 PM, Asif Iqbal wrote:
What is short of putting the sender email to white list to reduce the
score of this email. It is a valid email. Here is the report
As presented to SpamAssassin, it was not a valid email. It had no headers.
Daryl
X-Spam-Flag: YES
On Wed, 27 Feb 2008, Matt wrote:
The MTA never really sees whats in the headers. It only adds to the
headers. When an SMTP connection first begins the connecting MTA says
helo this [EMAIL PROTECTED] Thats what SPF looks
at. The MTA then adds that as the return path to the headers.
On Wed, 27 Feb 2008, Asif Iqbal wrote:
What is short of putting the sender email to white list to reduce the
score of this email. It is a valid email. Here is the report
* 0.1 TW_XC BODY: Odd Letter Triples with XC
* 0.1 TW_KK BODY: Odd Letter Triples with KK
* 0.1
It is completely accurate and copied and pasted from the message file
itself.
I am running Exim. What configuration should I be looking at on how to
block messages with return paths like that?
Dave Funk wrote:
On Wed, 27 Feb 2008, Matt wrote:
The MTA never really sees whats in the
Daryl C. W. O'Shea wrote:
On 27/02/2008 6:18 PM, Asif Iqbal wrote:
What is short of putting the sender email to white list to reduce the
score of this email. It is a valid email. Here is the report
As presented to SpamAssassin, it was not a valid email. It had no headers.
Daryl
52 matches
Mail list logo