http://www.rulesemporium.com/rules/90_2tld.cf
have a good weekend
Randy [EMAIL PROTECTED] writes:
Micah Anderson wrote:
Sadly, I do not have an example I can share at the moment, as I
typically delete them in a rage after training my bayes filter on
them. However, I am looking for any suggestions of other things I can
turn on... in particular, are there
Karsten Bräckelmann [EMAIL PROTECTED] writes:
On Thu, 2008-10-30 at 15:56 -0400, Micah Anderson wrote:
I keep getting hit by phishing attacks, and they aren't being stopped by
anything I've thrown up in front of them:
postfix is doing:
reject_rbl_client b.barracudacentral.org,
Joseph Brennan [EMAIL PROTECTED] writes:
Micah Anderson [EMAIL PROTECTED] wrote:
I keep getting hit by phishing attacks, and they aren't being stopped by
anything I've thrown up in front of them:
Do you mean attempts to get your users to send their passwords,
or fake mail pretending to be
Brent Clark [EMAIL PROTECTED] writes:
Hiya
See SA examples
http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists
Also add hostkarma.junkemailfilter.com to you DNSBL.
Thanks, I'll add this to my local.cf and see how it goes.
Another thing I do find is useful is adding additional
At 07:56 01-11-2008, Micah Anderson wrote:
Here is an example one I received recently, note the hideously low bayes
score on this one, caused it to autolearn as ham even, grr.
[snip]
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
autolearn=ham
Reply-to: [EMAIL PROTECTED]
First pass:
header LOCAL_REPLYTO_LIVE Reply-to =~ /[EMAIL PROTECTED]/
score LOCAL_REPLYTO_LIVE8.0
Maybe scoring 8.0 for one thing scares you, but I haven't seen this
fp in a couple of months.
Joseph Brennan
Columbia University Information
Micah Anderson [EMAIL PROTECTED] wrote:
I mean attempts to get my users to send their passwords, are these not
called phishing?
micah
Yes, it's phishing, but for thos you might want to make local rules to
catch things specific to your own web mail system and domain.
I find myself
I've started to see Casino spam in the last week and noticed, that of
the five examples I captured, only one was hit by the FM_VEGAS_CASINO
rule, which appears to be too narrowly targeted on Las Vegas casinos
I've written a rule running that hits all five example messages and none
of the other 59
On Sat, 2008-11-01 at 11:30 -0400, Micah Anderson wrote:
Joseph Brennan [EMAIL PROTECTED] writes:
Do you mean attempts to get your users to send their passwords,
or fake mail pretending to be from banks?
I mean attempts to get my users to send their passwords, are these not
called
Please do not hi-jack threads. Compose a new email rather than hitting
Reply. Changing the subject does not make it a new thread.
Well, at least it's related. ;)
On Sat, 2008-11-01 at 17:00 +, Martin Gregorie wrote:
I've started to see Casino spam in the last week and noticed, that of
the
On Sat, 2008-11-01 at 18:20 +0100, Karsten Bräckelmann wrote:
Also, various URI BLs should include the URIs rather early. Are you
perhaps missing some of these in your SA setup? Maybe put some examples
up a pastebin and send the link here.
I'm running the standard SA setup without any
I hope this isn't too OT for this list, but here goes:
I've just copied and hacked the SentOutDB plugin and its associated rule
to make a plugin for a private whitelist. The plugin queries a view of
my PostgreSQL-based mail archive. This whitelists anybody that mail has
been sent to.
The plugin
Karsten Bräckelmann [EMAIL PROTECTED] wrote:
Anyway, can't you educate your users
Experience tells me the answer is no, or at least a qualified no. And
we're supposed to have smart people here.
I suppose the number of responses might be even higher if we did not
try to educate people.
On Sat, 2008-11-01 at 19:54 +, Martin Gregorie wrote:
On Sat, 2008-11-01 at 18:20 +0100, Karsten Bräckelmann wrote:
Also, various URI BLs should include the URIs rather early. Are you
perhaps missing some of these in your SA setup? Maybe put some examples
up a pastebin and send the
On Sat, Nov 01, 2008 at 11:19:44PM +0100, Karsten Bräckelmann wrote:
On Sat, 2008-11-01 at 19:54 +, Martin Gregorie wrote:
On Sat, 2008-11-01 at 18:20 +0100, Karsten Bräckelmann wrote:
..snip..
and here's one of the messages I mentioned:
http://pastebin.com/m1de987d0
On Sat, 2008-11-01 at 23:19 +0100, Karsten Bräckelmann wrote:
Yes, there is. Your MUA, Evolution, features pre-formatted paragraphs in
the Composer. But I don't feel like repeating myself today.
True enough. It usually merely annoys me when replying to messages sent
some, probably MS, MUA
On Sat, 2008-11-01 at 22:54 +, Martin Gregorie wrote:
On Sat, 2008-11-01 at 23:19 +0100, Karsten Bräckelmann wrote:
Yes, there is. Your MUA, Evolution, features pre-formatted paragraphs in
the Composer. But I don't feel like repeating myself today.
[...] I must remember to use it
On Sat, 2008-11-01 at 18:01 -0400, Joseph Brennan wrote:
Karsten Bräckelmann [EMAIL PROTECTED] wrote:
Anyway, can't you educate your users [...]
Experience tells me the answer is no, or at least a qualified no. And
we're supposed to have smart people here.
I suppose the number of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Micah Anderson wrote:
[...]
Report them where exactly?
Here is an example one I received recently, note the hideously low bayes
score on this one, caused it to autolearn as ham even, grr.
From [EMAIL PROTECTED] Fri Oct 31 20:00:45 2008
Daniel J McDonald wrote:
On Wed, 2008-10-22 at 23:59 +0200, Jonas Eckerman wrote:
Matus UHLAR - fantomas wrote:
In my understanding, these are different concepts. In particular, RMX
doesn't hijack the TXT record, which is one of the major sins of SPF.
Yes, but they both were designed to do
21 matches
Mail list logo