On 14-May-2009, at 21:57, Mark wrote:
v=spf1 mx a:spf.orange.es ip4:213.143.52.0/24 -all
What's the CIDR there for if not to identify the valid range of IPs
for the SPF records?
Wait a minute, are they saying that their ENTIRE CLASS C is allowed
to send mail 'from' orange.es?
The /24 CIDR
-Original Message-
From: LuKreme [mailto:krem...@kreme.com]
Sent: vrijdag 15 mei 2009 8:05
To: users@spamassassin.apache.org
Subject: Re: whitelist_from_spf
On 14-May-2009, at 21:57, Mark wrote:
v=spf1 mx a:spf.orange.es ip4:213.143.52.0/24 -all
What's the CIDR there for if not to
On Fri, 15 May 2009 02:01:34 +0200, Karsten Bräckelmann
guent...@rudersport.de wrote:
This made it through. As can be seen from the headers it got a 2.9
score only and didn't match MIME_IMAGE_ONLY which certainly would have
pushed it over the top.
Does match MIME_IMAGE_ONLY for me.
Another request, please: what score does SpamAssassin give this email for
you?
http://rafb.net/p/FMejnS80.html
I'm really starting to think mine is missing a lot of rules. :-(
Best regards,
Jeremy Morton (Jez)
On Thu, May 14, 2009 at 22:44, John Hardin jhar...@impsec.org wrote:
On Thu, 14 May 2009, John Hardin wrote:
On Thu, 14 May 2009, Michael Scheidell wrote:
Id LOVE to get back to 15 min compiles.
I'm not familiar with the details of RE compilation - would it be possible
for Justing to have
On Sun, May 10, 2009 at 01:08:29PM +0300, Henrik K wrote:
http://sa.hege.li/FreeMail.pm (see inside for some documentation)
http://sa.hege.li/FreeMail.cf (for some examples)
I've added suggestion for this:
header __freemail_reply eval:check_freemail_replyto('reply')
meta FREEMAIL_REPLY
One of SpamAssassins weaknesses is that it only has access to the
message body of the email. It can't create rules to detect certain
behaviours of the connecting host during delivery.
For example, during SMTP. If the connecting client sends:
MAIL FROM: u...@example.com
Instead of:
MAIL
hi -- this stuff is generally recorded in the Received header, and SA
will act on it if it's there. that's the place to do it...
--j.
On Fri, May 15, 2009 at 09:42, Mike Cardwell
spamassassin-us...@lists.grepular.com wrote:
One of SpamAssassins weaknesses is that it only has access to the
Justin Mason wrote:
hi -- this stuff is generally recorded in the Received header, and SA
will act on it if it's there. that's the place to do it...
The STARTTLS example is recorded in the received headers, yes. None of
the other 3 examples are recorded in the received headers though...
I run spamassassin on my mail server from milter-spam
(http://www.snertsoft.com/sendmail/milter-spamc/). One mail server is
no longer sufficient for both reliability and load so I'm building 2
identical mail servers (two mx mailers).
Ideally I'd like both of them to share the bayes database.
Mike Cardwell wrote:
Justin Mason wrote:
hi -- this stuff is generally recorded in the Received header, and SA
will act on it if it's there. that's the place to do it...
The STARTTLS example is recorded in the received headers, yes. None of
the other 3 examples are recorded in the
Justin Mason wrote:
this has been done ages ago.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5594
maybe we can get it committed to 3.2.6?
patch has been out there 16 months and 4 weeks.
best I can tell, from all the notes, we need to apply this patch to
3.2.x branch,
Michael Grant wrote:
I run spamassassin on my mail server from milter-spam
(http://www.snertsoft.com/sendmail/milter-spamc/). One mail server is
no longer sufficient for both reliability and load so I'm building 2
identical mail servers (two mx mailers).
aside from the issues of trying to
Mike Cardwell wrote:
One of SpamAssassins weaknesses is that it only has access to the
message body of the email. It can't create rules to detect certain
behaviours of the connecting host during delivery.
MAIL FROM:u...@example.com SIZE=12345
am i mistaken, or is SIZE only offered if the
and sooner or later, adobe will put captha on their system to keep them
from being blacklisted.
Jason Haar wrote:
I just received this (can't use pastebin any more :-(). Looks like
spammers are using createpdf.adobe.com to create their spam for them.
--
Michael Scheidell, CTO
Phone:
LuKreme wrote:
On 12-May-2009, at 18:27, John Hardin wrote:
uri URI_HIDDEN/\/\../
Ah, that's very very nice.
Scoring it at 3.0, too aggressive?
I'd say so - I'm seeing lots of FPs on this, most prominently on mail
from mail.elsevier-alerts.com
--
no -- I mean it was released in 3.2.4 ;)
On Fri, May 15, 2009 at 10:40, Michael Scheidell scheid...@secnap.net wrote:
Justin Mason wrote:
this has been done ages ago.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5594
maybe we can get it committed to 3.2.6?
patch has been out
another alternative is to use SQL for bayes.
--j.
On Fri, May 15, 2009 at 11:24, Michael Scheidell scheid...@secnap.net wrote:
Michael Grant wrote:
I run spamassassin on my mail server from milter-spam
(http://www.snertsoft.com/sendmail/milter-spamc/). One mail server is
no longer
Justin Mason wrote:
no -- I mean it was released in 3.2.4 ;)
Im running 3.2.5 and it still takes 45 mins to compile the sought rules.
(so, why does the bug say 'resolved' and not closed? and why does SOME
of the patch apply?
chunks 1,2, 5,6 and 7 seemed to apply.
--
Michael Scheidell,
Mike Cardwell wrote:
One of SpamAssassins weaknesses is that it only has access to the
message body of the email. It can't create rules to detect certain
behaviours of the connecting host during delivery.
MAIL FROM:u...@example.com SIZE=12345
On 15.05.09 07:28, Michael Scheidell
Michael Scheidell wrote:
One of SpamAssassins weaknesses is that it only has access to the
message body of the email. It can't create rules to detect certain
behaviours of the connecting host during delivery.
MAIL FROM:u...@example.com SIZE=12345
am i mistaken, or is SIZE only offered if
yes, but he wants two servers, right? I guess I was assuming he meant
sql (mysql)
you can't 'replicate' the bayes from mx1 to mx2, get lots of weird issues.
ps, my patches for ooo messages and vbounce rules... .
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
*| *SECNAP
Mike Cardwell wrote:
Mike Cardwell wrote:
Justin Mason wrote:
hi -- this stuff is generally recorded in the Received header, and SA
will act on it if it's there. that's the place to do it...
The STARTTLS example is recorded in the received headers, yes. None
of the other 3 examples are
I did not realize one could store the bayes scores in sql.
So I'd store the bayes scores on a third server and let both mxes use
the same database.
Two equal weighted mx records are a good idea.
Michael Grant
On Fri, May 15, 2009 at 11:47, Michael Scheidell scheid...@secnap.net wrote:
Justin Mason wrote:
no -- I mean it was released in 3.2.4 ;
Im running 3.2.5 and it still takes 45 mins to compile the sought rules.
in that case, the patch isn't helping you, and attempting to reapply
it won't,
Justin Mason wrote:
On Fri, May 15, 2009 at 11:47, Michael Scheidell scheid...@secnap.net wrote:
Justin Mason wrote:
no -- I mean it was released in 3.2.4 ;
Im running 3.2.5 and it still takes 45 mins to compile the sought rules.
in that case, the patch isn't helping you, and
On Fri, 15 May 2009, Jeremy Morton wrote:
OK, didn't take long to get such an example. :-)
http://rafb.net/p/rqOjCJ11.html
The only time I've ever seen anything like this was on my old SA 2.x
when it didn't properly handle 'quoted printable' and stuff like that.
The problem is, by the time
A: Because they are not defined. (See second half of this post.)
On Fri, 2009-05-15 at 09:23 +0100, Jeremy Morton wrote:
On Fri, 15 May 2009 02:01:34 +0200, Karsten Bräckelmann wrote:
Hmm, well now it's getting 6.4 from the commandline and seems to be
matching more appropriate rules.
x-spam-status: No, score=2.4 required=5.0 tests=DCC_CHECK,RCVD_IN_FIVETENSG,
^
Hits on 50% of your HAM, doesn't it?
Yea, it hits a lot but not enough to cause false positives.
I score it 1.0 but also use it with some
that would trash everyone running cisco firewalls with smtp fixup (or as
we call it here, smtp screwup)
hm?
http://www.google.com/search?q=cisco+smtp+fixup
http://www.issociate.de/board/post/195084/SMTP_Fixup_--_On_or_Off???.html
Telnet (someone who does NOT use smtp screwup on cisco pix:
On Fri, 15 May 2009, Michael Scheidell wrote:
any idea why the sought rules affect it so much?
Caching doesn't help if the ruleset changes _every time_ you try to
recompile it...
Justin, did you see my suggestion that the base string caching should also
include checking the sa-update
On Thu, 14 May 2009, LuKreme wrote:
On 14-May-2009, at 16:38, Lists wrote:
I really need to see all the debug output as I am trying to see which user
is running when trying to access FuzzyOCR.
You are directing stdout, you need to redirect stderr as well. How to do
this depends on your
On Fri, 15 May 2009, Mike Cardwell wrote:
I was thinking along the lines of an interface where the mta connects to
SpamAssassin when a connection comes in, and it then sends the full smtp
transaction to SpamAssassin as it happens.
Ugh. Why alter SA that much? It would be better if the MTA
On Fri, 15 May 2009, Adam Stephens wrote:
LuKreme wrote:
On 12-May-2009, at 18:27, John Hardin wrote:
uri URI_HIDDEN/\/\../
Ah, that's very very nice.
Scoring it at 3.0, too aggressive?
I'd say so - I'm seeing lots of FPs on this, most prominently on mail
from
Adam Stephens wrote:
LuKreme wrote:
On 12-May-2009, at 18:27, John Hardin wrote:
uri URI_HIDDEN/\/\../
Ah, that's very very nice.
Scoring it at 3.0, too aggressive?
I'd say so - I'm seeing lots of FPs on this, most prominently on mail
from mail.elsevier-alerts.com
I
John Hardin wrote:
On Fri, 15 May 2009, Adam Stephens wrote:
LuKreme wrote:
On 12-May-2009, at 18:27, John Hardin wrote:
uri URI_HIDDEN/\/\../
Ah, that's very very nice.
Scoring it at 3.0, too aggressive?
I'd say so - I'm seeing lots of FPs on this, most prominently on mail
On Fri, 15 May 2009, Ned Slider wrote:
Adam Stephens wrote:
LuKreme wrote:
On 12-May-2009, at 18:27, John Hardin wrote:
uri URI_HIDDEN/\/\../
Ah, that's very very nice.
Scoring it at 3.0, too aggressive?
I'd say so - I'm seeing lots of FPs on this, most prominently
John Hardin wrote:
On Fri, 15 May 2009, Ned Slider wrote:
Adam Stephens wrote:
LuKreme wrote:
On 12-May-2009, at 18:27, John Hardin wrote:
uri URI_HIDDEN/\/\../
Ah, that's very very nice.
Scoring it at 3.0, too aggressive?
I'd say so - I'm seeing lots of FPs on this,
Karsten Bräckelmann wrote:
A: Because they are not defined. (See second half of this post.)
What I was getting at with MIME_IMAGE_ONLY is, is this a really
fundamental test that's supposed to be defined in the tests in
/usr/share/spamassassin/ ?
No, it is not. That's a *custom* rule that
Hi,
How do I manually override the default scores that SA assigns to various
rules?
Best regards,
Jeremy Morton (Jez)
On Fri, 15 May 2009, Mike Cardwell wrote:
For example, during SMTP. If the connecting client sends:
MAIL FROM: u...@example.com ...
That is a *high* indicator that the email is going to be spam. I haven't
found a real mail server that adds that whitespace it's self...
I have. I get
On 15.05.09 17:28, Jeremy Morton wrote:
How do I manually override the default scores that SA assigns to various
rules?
have you read the docs?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie:
On Fri, 15 May 2009, Jeremy Morton wrote:
It seemed like quite an obvious one to me - an image only and no body?
Anyway, OK so I can manually put this rule in. But is there a way to do
things in a more automated fashion? I don't want to be manually
entering new rules all the time. I tried
Yes. All I could find was stuff about creating your own rules, not
actually changing the weightings of existing rules.
Best regards,
Jeremy Morton (Jez)
Matus UHLAR - fantomas wrote:
On 15.05.09 17:28, Jeremy Morton wrote:
How do I manually override the default scores that SA assigns to
On Fri, 2009-05-15 at 17:26 +0100, Jeremy Morton wrote:
Karsten Bräckelmann wrote:
A: Because they are not defined. (See second half of this post.)
Where did you come across that rule at all? How did you get the
impression it should be in your stock install?
Would you mind contributing
On Fri, 15 May 2009, Jeremy Morton wrote:
Yes. All I could find was stuff about creating your own rules, not actually
changing the weightings of existing rules.
Please don't top-post.
{reads}
Well, I guess the docs _don't_ explicitly state that later score
commands will override previous
On Fri, 2009-05-15 at 09:25 +0100, Jeremy Morton wrote:
Another request, please: what score does SpamAssassin give this email for
you?
http://rafb.net/p/FMejnS80.html
Hmm, that looks like a stupid auto-response, likely backscatter.
Subject: Ihre Anfrage an AVM Records
X-Mailer: Confixx
Karsten Bräckelmann wrote:
On Fri, 2009-05-15 at 17:26 +0100, Jeremy Morton wrote:
Karsten Bräckelmann wrote:
A: Because they are not defined. (See second half of this post.)
Where did you come across that rule at all? How did you get the
impression it should be in your stock install?
Karsten Bräckelmann wrote:
On Fri, 2009-05-15 at 09:25 +0100, Jeremy Morton wrote:
Another request, please: what score does SpamAssassin give this email for
you?
http://rafb.net/p/FMejnS80.html
Hmm, that looks like a stupid auto-response, likely backscatter.
Subject: Ihre Anfrage an AVM
On Fri, 2009-05-15 at 09:46 -0700, John Hardin wrote:
On Fri, 15 May 2009, Jeremy Morton wrote:
Yes. All I could find was stuff about creating your own rules, not
actually
changing the weightings of existing rules.
Well, I guess the docs _don't_ explicitly state that later score
On Fri, 2009-05-15 at 18:05 +0100, Jeremy Morton wrote:
Karsten Bräckelmann wrote:
Where did you come across that rule at all? How did you get the
impression it should be in your stock install?
Would you mind contributing to this thread? Please do answer my
questions. They are not
On Fri, 15 May 2009, Jeremy Morton wrote:
It seemed like an image-only email was the kind of thing that was very
sinister and that this kind of rule would've been added to SA a long
time ago.
SA *has* had image-only rules for a while, just not this particular
variant.
--
John Hardin
On Fri, 15 May 2009, Karsten Br?ckelmann wrote:
On Fri, 2009-05-15 at 09:46 -0700, John Hardin wrote:
On Fri, 15 May 2009, Jeremy Morton wrote:
Yes. All I could find was stuff about creating your own rules, not actually
changing the weightings of existing rules.
Well, I guess the docs
On Fri, 2009-05-15 at 18:11 +0100, Jeremy Morton wrote:
Karsten Bräckelmann wrote:
Hmm, that looks like a stupid auto-response, likely backscatter.
Envelope-to: crush...@game-point.net
Is that a real, valid user? Do you use catch-all by chance?
I do use catch-all, yes,
On Fri, 2009-05-15 at 10:25 -0700, John Hardin wrote:
On Fri, 15 May 2009, Karsten Bräckelmann wrote:
Ah, the hard way. ;) That's useful, if you want to change the score
*relative* to the stock score, and thus change when the stock score
changes for whatever reason.
It is, however,
Here's another e-mail that got through SpamAssassin:
http://rafb.net/p/cFMnIy61.html
As you can see I've effectively disabled the BAYES_00 rule as it's
giving false credit to a ton of backscatter crud messages, but is there
really a way to block these kinds of backscatter? Is my Bayesian
John Hardin wrote:
http://pastebin.com/m1268fbe6
Thanks. Here's the problematic URI:
http://../cd.asp?i=572550545UserID=4DFEDDHIIBCFBH55
in the unsunscribe link.
Which was actually:
a href=3D=22=2E=
=2E/cd=2Easp?i=3D572550545=26UserID=3D4DFEDDHIIBCFBH55=22
And thus:
a
On Fri, 2009-05-15 at 18:45 +0100, Jeremy Morton wrote:
Here's another e-mail that got through SpamAssassin:
http://rafb.net/p/cFMnIy61.html
Backscatter. These types of arbitrarily phrased I changed my email
address auto-responses are pretty much impossible to catch.
As you can see I've
Karsten Bräckelmann wrote:
On Fri, 2009-05-15 at 18:45 +0100, Jeremy Morton wrote:
Here's another e-mail that got through SpamAssassin:
http://rafb.net/p/cFMnIy61.html
Backscatter. These types of arbitrarily phrased I changed my email
address auto-responses are pretty much impossible to
Adam Katz wrote:
John Hardin wrote:
http://pastebin.com/m1268fbe6
Thanks. Here's the problematic URI:
http://../cd.asp?i=572550545UserID=4DFEDDHIIBCFBH55
in the unsunscribe link.
Which was actually:
a href=3D=22=2E=
=2E/cd=2Easp?i=3D572550545=26UserID=3D4DFEDDHIIBCFBH55=22
And thus:
On Fri, 15 May 2009, Karsten Br�ckelmann wrote:
On Fri, 2009-05-15 at 10:25 -0700, John Hardin wrote:
As I said, doing that is only _implied_ in the docs.
Site-specific configuration data is used to override any values which
had already been set.
John, so that merely *implies* but
Karsten Bräckelmann wrote:
It's unwanted e-mail, so it's pretty close to spam in my
book. Just because it's some moron who bounced a message
instead of someone explicitly spamming me doesn't make it
much better.
It is unwanted, but would you send a report to the sender's ISP because of
Adam Katz wrote:
Relative URIs are only safe when prefacing the URI. Requiring the
protocol beforehand should do the trick. Since http://; is the
implied protocol and is 8 chars, we get this:
uri URI_HIDDEN /.{8}\/\../
Ned Slider wrote:
Yep - that works great for me and I understand the
On Fri, 2009-05-15 at 19:27 +0100, Jeremy Morton wrote:
Karsten Bräckelmann wrote:
Backscatter. These types of arbitrarily phrased I changed my email
address auto-responses are pretty much impossible to catch.
I feared as much.
Since BAYES_00 is a strong sign for ham, I would have at
On Fri, 2009-05-15 at 11:25 -0700, John Hardin wrote:
On Fri, 15 May 2009, Karsten Bräckelmann wrote:
Site-specific configuration data is used to override any values which
had already been set.
John, so that merely *implies* but doesn't specifically state that
configuration
On Fri, 15 May 2009, Adam Katz wrote:
Adam Katz wrote:
Relative URIs are only safe when prefacing the URI. Requiring the
protocol beforehand should do the trick. Since http://; is the
implied protocol and is 8 chars, we get this:
uri URI_HIDDEN /.{8}\/\../
Ned Slider wrote:
Yep - that
This just snuck into my inbox:
On Fri, 15 May 2009, StrongWebmail wrote:
StrongWebmail launches the world's first email account that can't be
hacked. Nobody gets in unless he gets a phone call.
{snip}
A new service is putting an end to this nightmare. StrongWebmail.com is
the first email
I've got a couple of users getting 419 scams, and it looks like
20_advance_fee.cf has got most of the good stuff for finding these
nasties. Unfortunately, it's only matching one of the sub-tests
( __FRAUD_DBI ).
If I wanted to extend it a bit, how should I go about it? Maybe create:
meta
Adam Katz wrote:
Adam Katz wrote:
Relative URIs are only safe when prefacing the URI. Requiring the
protocol beforehand should do the trick. Since http://; is the
implied protocol and is 8 chars, we get this:
uri URI_HIDDEN /.{8}\/\../
Ned Slider wrote:
Yep - that works great for me and I
John Hardin wrote:
What about an explicit https://..; URI?
I have no problem marking that as spam (you're thinking too hard).
I should also have noted that while this works around the SA bug, it
also ignores hidden dirs and files appearing early in relative paths,
like a href=a.bc/.secret
McDonald, Dan wrote:
If I wanted to extend it a bit, how should I go about it? Maybe create:
meta __ADVANCE_FEE_1 (__FRAUD_KJV + __FRAUD_IRJ + __FRAUD_NEB +
__FRAUD_XJR + __FRAUD_EZY + __FRAUD_ZFJ + __FRAUD_KDT + __FRAUD_BGP +
__FRAUD_FBI + __FRAUD_JBU + __FRAUD_JYG + __FRAUD_XVW +
On Fri, 15 May 2009, McDonald, Dan wrote:
Or would it be better to just overwrite ADVANCE_FEE_{2,3,4} with more
subtests?
The sought_fraud rules are dynamically generated from current 419 emails.
Were you aware of them? Granted, they are rather large...
--
John Hardin KA7OHZ
Bowie Bailey wrote:
John Hardin wrote:
On Thu, 14 May 2009, Bowie Bailey wrote:
I have the whitelist_bounce_relays options set for vbounce and the
rules are hitting on bounce messages, but the whitelists don't seem
to be working.
In my local.cf, I have:
whitelist_bounce_relays
On May 15, 2009, at 5:44, Adam Stephens adam.steph...@bristol.ac.uk
wrote:
LuKreme wrote:
On 12-May-2009, at 18:27, John Hardin wrote:
uri URI_HIDDEN/\/\../
Ah, that's very very nice.
Scoring it at 3.0, too aggressive?
I'd say so - I'm seeing lots of FPs on this, most
On Fri, 2009-05-15 at 12:15 -0700, John Hardin wrote:
On Fri, 15 May 2009, McDonald, Dan wrote:
Or would it be better to just overwrite ADVANCE_FEE_{2,3,4} with more
subtests?
The sought_fraud rules are dynamically generated from current 419 emails.
Were you aware of them? Granted,
On Thu, 2009-05-14 at 12:42 -0400, Bowie Bailey wrote:
I have the whitelist_bounce_relays options set for vbounce and the rules
are hitting on bounce messages, but the whitelists don't seem to be working.
In my local.cf, I have:
whitelist_bounce_relays bnofimage1.buc.com
But, an
On Fri, 15 May 2009, McDonald, Dan wrote:
But there are still 419's getting through. One lady has been inundated
with them.
You might also consider the SARE fraud rulesets as well, they still
perform well for me.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
On 15-May-2009, at 10:46, Karsten Bräckelmann wrote:
Yes, because it IS NOT in sa-update. As I mentioned before, it is a
rule
that has been written very recently, to catch a very specific, recent
spam run.
The rule hasn't even seen much mass-checks, most notably against ham
corpora. Thus it
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
That won't catch http://www.spammer.example.com/.../hidden-
malware.asf, it will only catch the relative url form ../path/to/
content which SA improperly prefaces with http://;
uri URI_HIDDEN /.{8}\/\../
Will catch
Karsten Bräckelmann wrote:
On Thu, 2009-05-14 at 12:42 -0400, Bowie Bailey wrote:
I have the whitelist_bounce_relays options set for vbounce and the rules
are hitting on bounce messages, but the whitelists don't seem to be working.
In my local.cf, I have:
whitelist_bounce_relays
On Fri, 15 May 2009, LuKreme wrote:
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
That won't catch http://www.spammer.example.com/.../hidden-malware.asf,
How so? That rule matches ple.com/.. in that URI.
--
John Hardin KA7OHZ
On 15-May-2009, at 14:35, LuKreme wrote:
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
That won't catch http://www.spammer.example.com/.../hidden-
malware.asf, it will only catch the relative url form ../path/to/
content which SA improperly prefaces with http://;
On Fri, 15 May 2009, LuKreme wrote:
Of course, if SA didn't preface URIs with http:// on its own, this
wouldn't be an issue. However, I am not willing to call that a bug as I
suspect there is a very good reason for it.
It's a bug in the specific case of a URI like ../whatever, as it doesn't
Just today a buyer reported that my reply to him ended up in his spam
folder. Concerned by this, I sent an email to my Yahoo! account and
that one disappeared somewhere. The one I sent to gmail, however, got
there quickly. I may be overreacting and, perhaps, it is a coincidence
that Yahoo just
After doing some more testing, I found that if I put the system that
*sends* the email into whitelist_bounce_relays, it will work. Is this
right? Should I have to list every machine in my network in order to
have vbounce work correctly? It looks like the original email has to be
received
On Fri, 2009-05-15 at 16:40 -0400, Bowie Bailey wrote:
Karsten Bräckelmann wrote:
The VBounce plugin does *not* check the messages headers. Instead, it
has a look at the plain text body and any message/* MIME attachments.
If it finds your own, whitelisted SMTP relay in there, it is not a
Igor Chudov wrote:
Just today a buyer reported that my reply to him ended up in his spam
folder. Concerned by this, I sent an email to my Yahoo! account and
that one disappeared somewhere. The one I sent to gmail, however, got
there quickly. I may be overreacting and, perhaps, it is a
Igor Chudov :
No, email is not unusable.
The only problem are inept admins and the people who hire them.
--
René Berber
On Fri, 2009-05-15 at 17:04 -0400, Bowie Bailey wrote:
After doing some more testing, I found that if I put the system that
*sends* the email into whitelist_bounce_relays, it will work. Is this
right? Should I have to list every machine in my network in order to
have vbounce work
On Fri, 15 May 2009, Randy wrote:
They all suck.
Which is why _years_ ago I decided never to trust anyone but myself to
handle my email.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key:
Karsten Bräckelmann wrote:
On Fri, 2009-05-15 at 17:04 -0400, Bowie Bailey wrote:
After doing some more testing, I found that if I put the system that
*sends* the email into whitelist_bounce_relays, it will work. Is this
right? Should I have to list every machine in my network in order to
Igor,
I'd say your paranoid, but I had a crazy problem recently with my outgoint
email.
This is my $0.02.
About middle March emails sent from our domain to craiglist started bouncing
back saying that they would not accept email from hosts with the works dyn or
static in their RDNS zones.
On 15-May-2009, at 15:12, René Berber wrote:
Igor Chudov :
No, email is not unusable.
The only problem are inept admins and the people who hire them.
The most inept admins seem to be the ones working for the large ISPs.
Comcast and yahoo and aol have all had long ignoble histories of
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
LuKreme wrote:
That won't catch
http://www.spammer.example.com/.../hidden-malware.asf, it will only
catch the relative url form ../path/to/content which SA improperly
prefaces with http://;
uri URI_HIDDEN /.{8}\/\../
On Fri, 2009-05-15 at 17:17 -0400, Bowie Bailey wrote:
Here is a real sample. The only way I can get this message to pass
VBounce as legitimate is to add bnifstg2.buc.com to the whitelist.
However, this is *not* a mailserver, this is the client.
bnofimage1.buc.com is my mailserver, and
On 5/15/2009 11:29 PM, LuKreme wrote:
On 15-May-2009, at 15:12, René Berber wrote:
Igor Chudov :
No, email is not unusable.
The only problem are inept admins and the people who hire them.
The most inept admins seem to be the ones working for the large ISPs.
Comcast and yahoo and aol have
On Fri, 15 May 2009, Yet Another Ninja wrote:
Maybe this thread should be moved to NANAE or Spam-Watch
whatever it was, it now has nothing to do with SA.
Did it ever?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a
On Fri, 2009-05-15 at 23:36 +0200, Karsten Bräckelmann wrote:
On Fri, 2009-05-15 at 17:17 -0400, Bowie Bailey wrote:
Here is a real sample. The only way I can get this message to pass
VBounce as legitimate is to add bnifstg2.buc.com to the whitelist.
However, this is *not* a mailserver,
On 15-May-2009, at 11:27, Karsten Bräckelmann wrote:
If there's any chance to correct this, and compile a list of valid,
actually used, customized addresses -- I guess I'd give it a try.
You'll
note that getting rid of the catch-all will significantly cut down on
your spam volume.
grep
On 15-May-2009, at 12:27, Jeremy Morton wrote:
It's unwanted e-mail, so it's pretty close to spam in my book. Just
because it's some moron who bounced a message instead of someone
explicitly spamming me doesn't make it much better.
But it is NOT spam, which means that you screwing up the
1 - 100 of 106 matches
Mail list logo