Hi,
EmailBL plugin is now available for testing. Small test zone has been
running for a while, it contains trapped addresses from some of the most
popular freemail domains.
http://sa.hege.li/EmailBL.pm (see inside for documentation)
http://sa.hege.li/EmailBL.cf (contains the test zone)
Hi;
Ned Slider wrote:
snip
My point is it's really not easy to track down such information even
when banks do occasionally try to do the right thing. Maybe there is
already a list out there. If not, maybe we should compile one? It's
hard work trying to do it by yourself, but done as a group
On 5/12/2009 11:20 AM, Henrik K wrote:
Hi,
EmailBL plugin is now available for testing. Small test zone has been
running for a while, it contains trapped addresses from some of the most
popular freemail domains.
http://sa.hege.li/EmailBL.pm (see inside for documentation)
On Mon, 2009-05-11 at 19:36 -0700, John Hardin wrote:
On Tue, 12 May 2009, Ned Slider wrote:
Then you get phish where the From address is a bank domain, and the
envelope address is from a completely unrelated domain with a valid spf
record so even a simple From_Bank spf_pass isn't
Hi,
I'm seeing a massive increase in connection attempts since 7am EDT this
morning.
Most is being rejected because of not existing users but the majority
that is getting through is hitting Sanesecurity.Casino.11228.UNOFFICIAL.
I'm seeing this across 5 different servers, all hosting
Rick Macdougall wrote:
Hi,
I'm seeing a massive increase in connection attempts since 7am EDT
this morning.
Most is being rejected because of not existing users but the majority
that is getting through is hitting
Sanesecurity.Casino.11228.UNOFFICIAL.
I'm seeing this across 5 different
Randy wrote:
Rick Macdougall wrote:
Hi,
I'm seeing a massive increase in connection attempts since 7am EDT
this morning.
Most is being rejected because of not existing users but the majority
that is getting through is hitting
Sanesecurity.Casino.11228.UNOFFICIAL.
Back skatter? Someone
my apologize to the list, i have posted on png issue, without reading before;
there was more mails on this issue than the spam we have received, at least
the spammers get one result, that we become spammers like them and flood our
mailing list
i should buy their produtcs and lasting some
On 5/12/2009 4:32 PM, Marc Perkel wrote:
I'm not using your plugin yet but using it from Exim instead and it's
working well. Lots of hist. I suppose we'll find out if there's any
false positives.
Here's how you do it in Exim
set acl_c_from_address = ${lc:${address:$h_From:}}
set
Hi
On 05/12/2009 11:20 AM, Henrik K wrote:
http://sa.hege.li/EmailBL.pm (see inside for documentation)
### About:
#
# This plugin creates rbl style DNS lookups for emails.
does this plugin handle emails in the sense of email addresses? Or
does it make md5hashes of emails in the sense of
I've added it to SVN for testing -- my sandbox for now, but I'll move
it to Alex's once his acct is set up ;)
is there a test entry for this zone?
--j.
On Tue, May 12, 2009 at 11:26, Yet Another Ninja sa-l...@alexb.ch wrote:
On 5/12/2009 11:20 AM, Henrik K wrote:
Hi,
EmailBL plugin is now
Yet Another Ninja wrote:
On 5/12/2009 4:32 PM, Marc Perkel wrote:
I'm not using your plugin yet but using it from Exim instead and it's
working well. Lots of hist. I suppose we'll find out if there's any
false positives.
Here's how you do it in Exim
set acl_c_from_address =
I'm not using your plugin yet but using it from Exim instead and it's
working well. Lots of hist. I suppose we'll find out if there's any
false positives.
Here's how you do it in Exim
set acl_c_from_address = ${lc:${address:$h_From:}}
set acl_c_from_address_hash = ${md5:$acl_c_from_address}
Do you need more mirrors? I can offer you 4 additional servers.
Henrik K wrote:
Hi,
EmailBL plugin is now available for testing. Small test zone has been
running for a while, it contains trapped addresses from some of the most
popular freemail domains.
http://sa.hege.li/EmailBL.pm (see
On 5/12/2009 5:02 PM, Marc Perkel wrote:
Do you need more mirrors? I can offer you 4 additional servers.
This is all a proof of concept thing and nobody knows what the outcome
may be.
This zone will disappear in +- 30 days. and unless the mirrors complain
that the load is rising a lot, I
I've been using them for years. We do a lot of email (5 mail servers) as
an ISP.
I sometimes get network test access for free, for others I have paid.
It's either a pay big or pay nothing, with no middle ground
unfortunately. Many of these, I run my own dns servers and use rsync to
replicate
On Tue, 12 May 2009, Marc Perkel wrote:
Here's how you do it in Exim
your idea is a has a MASSIVE drawback.
It queries the mailbl for EVERY address...
That's not the whole code that I'm using. I'm just demonstrating the
concept of how you would make it usable from Exim. I have a lot of
This is right but if you look in an other way you will see:
Monday-Friday: 70% of SPAM and 30% of HAM
Sat-Sund: 95% SPAM and 5% HAM
... do you agree ?
Marcelo
LuKreme wrote:
On 10-May-2009, at 13:28, MGaleti wrote:
I started to check logs and saw 70%, 80% of emails
coming in weekends
On 5/12/2009 5:37 PM, Charles Gregory wrote:
On Tue, 12 May 2009, Marc Perkel wrote:
Here's how you do it in Exim
your idea is a has a MASSIVE drawback.
It queries the mailbl for EVERY address...
That's not the whole code that I'm using. I'm just demonstrating the
concept of how you would
Hello LuKreme,
Looking with your eyes this is righ. Maybe some very low score and something
more particular .. like in geomark
Well, great ! Thanks to share this things ...
Marcelo
Matt Kettler-3 wrote:
LuKreme wrote:
On 10-May-2009, at 13:28, MGaleti wrote:
I started to check logs
I haven't been following the long thread about this plugin.
When I followed the links and examined the code/docs, I
found that I really didn't have a sense of WHAT this plugin
does.
At first I thought it was checking for spam 'reply' e-mail addresses
within the body of an e-mail (the often
On 5/12/2009 5:45 PM, Charles Gregory wrote:
I haven't been following the long thread about this plugin.
When I followed the links and examined the code/docs, I
found that I really didn't have a sense of WHAT this plugin
does.
At first I thought it was checking for spam 'reply' e-mail
I've been using them for years. We do a lot of email (5 mail servers) as
an ISP.
I sometimes get network test access for free, for others I have paid.
It's either a pay big or pay nothing, with no middle ground
unfortunately.
Integrate some sort of private purpose p2p system with
Rick Macdougall wrote:
Randy wrote:
Rick Macdougall wrote:
Hi,
I'm seeing a massive increase in connection attempts since 7am EDT
this morning.
Most is being rejected because of not existing users but the majority
that is getting through is hitting
Sanesecurity.Casino.11228.UNOFFICIAL.
I'd go a step farther ... mail sent outside of the work day (local
*and* EST) is more commonly spam.
My current assumption (not yet backed by stats) is to add points to
anything between 12a-6a EST that is also between 1a-5a locally. In
addition, some points (but not as many) can be awarded to
On Tue, May 12, 2009 at 04:47:25PM +0200, Wolfgang Zeikat wrote:
Hi
On 05/12/2009 11:20 AM, Henrik K wrote:
http://sa.hege.li/EmailBL.pm (see inside for documentation)
### About:
#
# This plugin creates rbl style DNS lookups for emails.
does this plugin handle emails in the sense of
Hi
I'm getting some spam slip through with subjects like
vi'aqra pr,ofe'ssio,nal matters very much to your s.e,x
be self-satisfied - use vi'aqra super act,i've
vi'aqra professional - never forget about your s'e.x
I was trying to write a rule to catch and tried
header PH1 Subject
*Newbie Alert*
Afternoon all,
I'm a customer of a large host (Hostgator) and I am using their shared
hosting implementation of SA for my personal email. I also have SSH
access to my server, under a jailed shell.
SA works well for me, but I wanted to add bayes filtering. Hostgator
told me
On 12-May-2009, at 10:11, Adam Katz wrote:
I'd go a step farther ... mail sent outside of the work day (local
*and* EST) is more commonly spam.
If you mailserver is only used for a normal work-day company and
normal workday emails, this is possibly true.
On my mailserver there is a slight
LuKreme wrote:
On 12-May-2009, at 10:11, Adam Katz wrote:
I'd go a step farther ... mail sent outside of the work day
(local *and* EST) is more commonly spam.
If you mailserver is only used for a normal work-day company and
normal workday emails, this is possibly true.
I should have said
On 11-May-2009, at 17:20, Marc Perkel wrote:
mouss wrote:
Is phishing really a problem for banks? I don't think so.
You're kidding right?
No, he has a point. The people with the problem are the customers. The
bank is at best neutral and at worst couldn't care less.
Also, despite the
On Tuesday 12 May 2009, LuKreme wrote:
On 11-May-2009, at 17:20, Marc Perkel wrote:
mouss wrote:
Is phishing really a problem for banks? I don't think so.
You're kidding right?
No, he has a point. The people with the problem are the customers. The
bank is at best neutral and at worst couldn't
Karsten Bräckelmann-2 wrote:
On Mon, 2009-05-11 at 06:56 -0700, an anonymous Nabble user wrote:
THE PROBLEM: I'm signed up to over 300 forums, shops, sites etc, so
there's
no way I could make an email address box for all of those
pseudoaddresses,
as it were. So I can't turn the catchall
Paul Houselander wrote:
I'm getting some spam slip through with subjects like
vi'aqra pr,ofe'ssio,nal matters very much to your s.e,x
be self-satisfied - use vi'aqra super act,i've
vi'aqra professional - never forget about your s'e.x
This is something I'd typically just throw to the bayes
LuKreme wrote:
Seriously, I've had family members who twaddled about with PYLM crap
and they simply stopped getting my emails until they learned.
Lucky them...
--
View this message in context:
Adam Katz wrote:
vi'aqra pr,ofe'ssio,nal matters very much to your s.e,x
be self-satisfied - use vi'aqra super act,i've
vi'aqra professional - never forget about your s'e.x
test s p a c e d words t w i c e in a line
this is an act--i've shown it 5 x, a record!
Ignore the missing /^test /
Adam, if you'd like to try these out I'd be very happy ;)
masses/bayes-testing/README in the SA svn repository
describes how we test new tokenization strategies, in order to
pick the ones that actually _work_. (It's quite counterintuitive
at times as to what really helps.)
also, there's
so when does NO_RELAYS trigger ?
i spouted this today as one email sent with smtp localy here, spamassassin
says all trusted, with is imho okay, but i think it should be NO_RELAYS
and not ALL_TRUSTED
is this a config error i have done or ?
--
http://localhost/ 100% uptime and 100% mirrored :)
LuKreme and guys wrote:
On 12-May-2009, at 10:11, Adam Katz wrote:
I'd go a step farther ... mail sent outside of the work day
(local *and* EST) is more commonly spam.
If you mailserver is only used for a normal work-day company and
normal workday emails, this is possibly true.
Hello
Hi All
I have found that FuzzyOcr is not being run properly.
On a message that has image spam (png) when I run spamassassin -t
MESSAGE.MAI it picks it up correctly and gives
pts rule name description
--
--
On Tue, 12 May 2009, Yet Another Ninja wrote:
Oh.. you must have skipped the first 52 lines of EmailBL.pm
No I can *now* see the two lines that say where the module gathers
addresses from. If they were there before, my apologies. But I read that
section of the module pretty closely.
On Wed, 13 May 2009, Kate Kleinschafer wrote:
when I run it as postfix (user that runs spamassassin)
So all the same apart from FuzzyOCR
I am unsure now how to find out why it is behaving this way.
Check for execute group permissions on the FuzzyOCR modules, make sure
they are in a group of
Marc Perkel a écrit :
mouss wrote:
Is phishing really a problem for banks? I don't think so.
(I'll forgive you for snipping the rest of the paragraph, and thus
isolating a single phrase which was part of a context...).
You're kidding right?
No. I never heard of a bank losing money
John Hardin a écrit :
On Tue, 12 May 2009, Ned Slider wrote:
Then you get phish where the From address is a bank domain, and the
envelope address is from a completely unrelated domain with a valid
spf record so even a simple From_Bank spf_pass isn't going to work.
That might make a
Mike Cardwell wrote:
Marc Perkel wrote:
Or maybe I'm trying to reinvent a wheel someone already has up and
running :-)
a bank without SPF or DKIM signing is NOT worth using
Yes - but I think what he's saying is that you have to start with a
list of bank domains, the test those domains
On Wed, 13 May 2009, Ned Slider wrote:
uri LOCAL_URI_HIDDEN_DIRm{https?://.{1,40}/\.\w}
describe LOCAL_URI_HIDDEN_DIR contains hidden directory of form
example.com/.something
the fourth might be indicative of a hacked server with a hidden
phishing directory.
Any comments?
John Hardin wrote:
On Wed, 13 May 2009, Ned Slider wrote:
uriLOCAL_URI_HIDDEN_DIRm{https?://.{1,40}/\.\w}
describeLOCAL_URI_HIDDEN_DIRcontains hidden directory of form
example.com/.something
the fourth might be indicative of a hacked server with a hidden
phishing
On 12-May-2009, at 14:14, digitaltoast wrote:
often technical lists are full of people who spend their time doing
weird
things like trying to make their emails appear as attachments for
anyone not
using Elm via emacs, in the bizarre belief that:
Oddly, I've been reading mail for over 20
On 12-May-2009, at 14:21, digitaltoast wrote:
LuKreme wrote:
Seriously, I've had family members who twaddled about with PYLM crap
and they simply stopped getting my emails until they learned.
Lucky them...
Ah, you're one of THOSE.
*plonk*
--
These are the thoughts that kept me out of
Hi Henrik,
I've revamped fully the old code. Works still the same, but has some new
functions. It's also a bit more careful when parsing body (new parser,
emails inside are ignored, as well ones inside urls etc), so it might
even reduce FPs and add hits, who knows.
Domains are now
digital toast...
if you have a good system, them implement it for real with real email
addresses and reject all the fake (not valid) email addresses
to streamline, use a database of some sort if you have to
anything you do after that will at least follow more proper design flow...
isnt using
Bill Landry wrote:
Hi Henrik,
I've revamped fully the old code. Works still the same, but has some new
functions. It's also a bit more careful when parsing body (new parser,
emails inside are ignored, as well ones inside urls etc), so it might
even reduce FPs and add hits, who knows.
Charles Gregory wrote:
On Wed, 13 May 2009, Kate Kleinschafer wrote:
when I run it as postfix (user that runs spamassassin)
So all the same apart from FuzzyOCR
I am unsure now how to find out why it is behaving this way.
Check for execute group permissions on the FuzzyOCR modules, make sure
Benny Pedersen wrote:
so when does NO_RELAYS trigger ?
i spouted this today as one email sent with smtp localy here, spamassassin
says all trusted, with is imho okay, but i think it should be NO_RELAYS
and not ALL_TRUSTED
is this a config error i have done or ?
In that case the local
On Wed, 13 May 2009, Lists wrote:
Do you mean in /etc/mail/spamassassin/FuzzyOcr?
I'm not familiar with the module in particular, but that
behaviour - runnable as one user (or root) but not another - is nearly
always some sort of permission issue. So if the permissions in the
directory look
On 12-May-2009, at 18:27, John Hardin wrote:
uri URI_HIDDEN/\/\../
Ah, that's very very nice.
Scoring it at 3.0, too aggressive?
--
No matter how fast light travels it finds the darkness has always
go there first, and is waiting for it.
56 matches
Mail list logo
