Hi
Barracuda RBL Test are included into SpamAssassin 3.2.5 or only
when we have into local.cf:
header IN_BCUDA_RBL rbleval:check_rbl('bcuda', 'bb.barracudacentral.org')
describe IN_BCUDA_RBL Received via a relay listed by Barracuda BRBL
tflags IN_BCUDA_RBL net
header RCVD_IN_BCUDA_RELAY
Hi
anyone have a small rules sample for this:
header FROM_TEST_NOC_1 To =~ /\...@mydomain\.org/
header FROM_TEST_NOC_2 From =~ /\t...@sender\.org/
header FROM_TEST_NOC_3 Reply-To =~ /\t...@sender\.org/
and if in one Email, we have :
FROM_TEST_NOC_1 + (FROM_TEST_NOC_2 or/and
On Fri, 2009-04-24 at 23:32 +0200, Matus UHLAR - fantomas wrote:
On 24.04.09 18:44, Rik wrote:
Date: Fri, 24 Apr 2009 18:44:07 +0100
I was stumped on a question today about DATE_IN_FUTURE. My googling
offered me nothing more than the obvious 'The message has a date in the
future.
Casartello, Thomas wrote:
The phish are coming from real hacked accounts (Basically people that have
gotten the phish email and fallen for it) at other Educational institutes
(We already use SPF).
I'd go for a non technical solution here, since its effects only a
small amount of
Hi,
I'm facing the following problem lately. Some of my users are connecting
to the mail server (qmail) through mobile phones and the leased IPs from
the GSM operator are blacklisted in spamhaus and spamcop. So, they are
using the smtp server with spamassassin 3.2.5 but their messages are
SM wrote:
One major issue we've been having lately is with phishing emails being
targeted at us. They're being sent to us from hacked accounts at other
educational institutes. The message usually is about Your EDU webmail
account is expiring. Please send us your username and password to fix
Phibee Network Operation Center wrote:
Hi
anyone have a small rules sample for this:
header FROM_TEST_NOC_1 To =~ /\...@mydomain\.org/
header FROM_TEST_NOC_2 From =~ /\t...@sender\.org/
header FROM_TEST_NOC_3 Reply-To =~ /\t...@sender\.org/
and if in one Email, we have :
On Saturday 25 April 2009 07:44:01 Matt Kettler wrote:
Phibee Network Operation Center wrote:
my logs of spamassassin put:
netset: cannot include 127.0.0.1/32 as it has already been included
anyone know what is this ?
I'd guess you tried to declare 127.0.0.1 in either your
On 25-Apr-2009, at 01:55, Rik wrote:
Sadly I have discarded the mail, but the server time stamp and header
stamp were within seconds of each other, so I don't think it's a time
zone issue as such.
Within seconds of each other including the TZ offset?
--
Spontaneity has its time and place.
I've recently started playing with Spamassassin, and I've hit a problem that
I can't find in the Apache documentation.
The RCVD_IN_DNSWL_MED test obviously checks to see if a server is
whitelisted, and reduces the spam score by 4 if it is. Leaving the merits or
otherwise of this whitelist's
Phibee Network Operation Center a écrit :
Hi
Barracuda RBL Test are included into SpamAssassin 3.2.5 or only
when we have into local.cf:
$ grep barracudacentral
/var/db/spamassassin/3.002005/updates_spamassassin_org/*cf
$
so no, it's not included.
header IN_BCUDA_RBL
fjl_london a écrit :
I've recently started playing with Spamassassin, and I've hit a problem that
I can't find in the Apache documentation.
The RCVD_IN_DNSWL_MED test obviously checks to see if a server is
whitelisted, and reduces the spam score by 4 if it is. Leaving the merits or
Well by hacked I mean people that have fallen for the phishing and have sent
their username and password. When I notice it on our network, we immediately
reset the password and inform the user. But the emails we get are coming from
other colleges where users have given away their passwords.
Haha. Unfortunately I agree. Our CIO has sent out two or three emails to
faculty and staff as well as students telling them to ignore these messages
since they started arriving, but yet we've still had faculty and students who
have given them away anyway.
-Original Message-
From: Arvid
Hi Thomas!
Casartello, Thomas wrote ... (4/24/2009 8:05 PM):
One major issue we’ve been having lately is with phishing emails being
targeted at us. They’re being sent to us from hacked accounts at other
educational institutes. The message usually is about “Your EDU webmail
account is
Thanks - this seems to have done the trick - I only had one of these set
(trusted_networks at the last try). There's a subtle difference between the
two I'll obviously have to investigate.
mouss-4 wrote:
fjl_london a écrit :
Spam arrives at server A. Server A is whitelisted. Server A sends
On Sat, 2009-04-25 at 06:47 -0600, LuKreme wrote:
On 25-Apr-2009, at 01:55, Rik wrote:
Sadly I have discarded the mail, but the server time stamp and header
stamp were within seconds of each other, so I don't think it's a time
zone issue as such.
Within seconds of each other including
On Saturday 25 April 2009 16:31:38 Rik wrote:
On Sat, 2009-04-25 at 06:47 -0600, LuKreme wrote:
On 25-Apr-2009, at 01:55, Rik wrote:
Sadly I have discarded the mail, but the server time stamp and header
stamp were within seconds of each other, so I don't think it's a time
zone issue as
On Sat, 2009-04-25 at 17:36 +0200, Mark Martinec wrote:
On Saturday 25 April 2009 16:31:38 Rik wrote:
On Sat, 2009-04-25 at 06:47 -0600, LuKreme wrote:
On 25-Apr-2009, at 01:55, Rik wrote:
Sadly I have discarded the mail, but the server time stamp and header
stamp were within
On Fri, 24 Apr 2009, LuKreme wrote:
On 24-Apr-2009, at 10:41, Igor Chudov wrote:
I get a shipload of spams like this one:
http://igor.chudov.com/tmp/spam007.txt
Scores very high here.
2.0 URIBL_BLACKContains an URL listed in the URIBL blacklist
On Fri, 24 Apr 2009, Igor Chudov wrote:
A phisher would send emails to a large number of people saying,
literally, I am your email administrator, your account is to be
suspended, please send me your username and password.
DKIM will not work,
BAYES should work quite well.
--
John Hardin
John Hardin wrote ... (4/25/2009 12:06 PM):
A phisher would send emails to a large number of people saying,
literally, I am your email administrator, your account is to be
suspended, please send me your username and password.
DKIM will not work,
BAYES should work quite well.
Actually it
On 25-Apr-2009, at 10:23, Dave Koontz wrote:
John Hardin wrote ... (4/25/2009 12:06 PM):
A phisher would send emails to a large number of people saying,
literally, I am your email administrator, your account is to be
suspended, please send me your username and password.
DKIM will not work,
On Sat, 2009-04-25 at 17:36 +0200, Mark Martinec wrote:
It would save us the guesswork if you could provide the header section
of the troublesome message. As Theo pointed out, there may be problem
in Received header fields inserted by your trusted mailer - not necessarily
a problem in the
Hi All
We are receiving the same image spam many times, random text within the
body.
The only common thing is a image attachment, with the filename in the
following format
DSL1234.png
I have made the following ' RAWBODY ' rule
/dsl[0-9]{4}\.png/i
This rule works if the text appears in
Gary Forrest wrote:
Hi All
We are receiving the same image spam many times, random text within the
body.
The only common thing is a image attachment, with the filename in the
following format
DSL1234.png
I have made the following ' RAWBODY ' rule
/dsl[0-9]{4}\.png/i
This rule
On Sat, 25 Apr 2009, Gary Forrest wrote:
We are receiving the same image spam many times, random text within the
body.
FuzzyOCR. It seems Spammers are trying image spam again, after giving up
on it for a year or so.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
On Sat, Apr 25, 2009 at 02:09:05PM -0700, John Hardin wrote:
On Sat, 25 Apr 2009, Gary Forrest wrote:
We are receiving the same image spam many times, random text within the
body.
FuzzyOCR. It seems Spammers are trying image spam again, after giving up
on it for a year or so.
Why did
John Hardin wrote:
On Fri, 24 Apr 2009, LuKreme wrote:
On 24-Apr-2009, at 10:41, Igor Chudov wrote:
I get a shipload of spams like this one:
http://igor.chudov.com/tmp/spam007.txt
Scores very high here.
2.0 URIBL_BLACKContains an URL listed in the URIBL blacklist
On Sat, 25 Apr 2009 16:10:41 -0500
Igor Chudov i...@chudov.com wrote:
On Sat, Apr 25, 2009 at 02:09:05PM -0700, John Hardin wrote:
On Sat, 25 Apr 2009, Gary Forrest wrote:
FuzzyOCR. It seems Spammers are trying image spam again, after
giving up on it for a year or so.
Why did
On Sat, 2009-04-25 at 23:06 +0100, Ned Slider wrote:
John Hardin wrote:
Igor, you might also want to implement greylisting, to give the URIBLs a
chance to list URIs that appear in these messages.
Interesting concept - do you have any data to support the hypothesis?
Nope.
I tried
31 matches
Mail list logo