On 2010-03-01 15:39, John Hardin wrote:
[ About ExtractText.pm]
Jonas, what's the current status of that plugin? It looks pretty stable
to me.
It works fine here. Don't know how it works for others. I haven't tested
it with 3.3 yet.
And, can it extract from basic text attachments? I
I use spamassasin 3.2.4 with amavisd-new 2.5 and sendmail 8.13.1 on Redhat
Enterprise LINUX 4.8
Several of my network's users receive quarantine Emails from other providers
that contain lots of spam-tokens without being spam. As different rules
detect these mails as spam it is accidently learned
David B Funk wrote:
On Wed, 10 Mar 2010, Dennis B. Hopp wrote:
I have put a sample at:
http://pastebin.com/9BDXrxmm
Note I did change the real e-mail address in this message but the
hotmail address used is valid just masked.
Look at that X-Originating-IP: [41.155.87.236] header, its a
On Thu, 2010-03-11 at 12:26 +, Ned Slider wrote:
David B Funk wrote:
On Wed, 10 Mar 2010, Dennis B. Hopp wrote:
I have put a sample at:
http://pastebin.com/9BDXrxmm
Note I did change the real e-mail address in this message but the
hotmail address used is valid just masked.
On Wed, Mar 10, 2010 at 6:04 PM, Martin Gregorie mar...@gregorie.org wrote:
Post the entire message to pastebin or a similar site and send the URL
here together with your explanation of what happened so we have
something to work with.
I am sorry I didn't post enough data.
On 2010/03/11 6:32 AM, idahank wrote:
I use spamassasin 3.2.4 with amavisd-new 2.5 and sendmail 8.13.1 on Redhat
Enterprise LINUX 4.8
Several of my network's users receive quarantine Emails from other providers
that contain lots of spam-tokens without being spam. As different rules
detect
On Thu, 2010-03-11 at 08:18 -0500, Carlos Mennens wrote:
On Wed, Mar 10, 2010 at 6:04 PM, Martin Gregorie mar...@gregorie.org wrote:
Post the entire message to pastebin or a similar site and send the URL
here together with your explanation of what happened so we have
something to work with.
1) Spammers rotate sender addresses and hijacked account info more
often than most of us change our underwear. An account *may* get
reused; chances are it'll be months before it does, and the spammers
will have rotated through hundreds or thousands of others - both
phish-cracked and
Its not conditional, just using a meta rule and negating the Reply-to
test in the meta:
describe FORGED_HOTMAIL Hotmail with non-Hotmail Reply-to address
header __FORGED_HM1 From ~= /\...@hotmail\.com/i
header __FORGED_HM2 Reply-to ~= /\...@hotmail\.com/i
meta
On Thu, 2010-03-11 at 07:55 -0600, Dennis B. Hopp wrote:
1) Spammers rotate sender addresses and hijacked account info more
often than most of us change our underwear. An account *may* get
reused; chances are it'll be months before it does, and the spammers
will have rotated through
On Thu, 11 Mar 2010 08:41:06 -0500
Jason Bertoch ja...@i6ix.com wrote:
For what it's worth, whitelisted addresses are excluded from Bayes
autolearn.
No, they can be autolearned. The autolearn plugin computes
it's own version of the score that ignores noautolearn rules.
On Thu, Mar 11, 2010 at 8:46 AM, Martin Gregorie mar...@gregorie.org wrote:
That 'male enhancement junk' advert may well contain something that
could be the basis of an additional rule - don't omit *anything* in
future, at least until you understand how to write custom rules.
Spammers often
On 11.3.2010 15:18, Carlos Mennens wrote:
On Wed, Mar 10, 2010 at 6:04 PM, Martin Gregorie mar...@gregorie.org wrote:
Post the entire message to pastebin or a similar site and send the URL
here together with your explanation of what happened so we have
something to work with.
I am sorry I
Thank you very much. The bayes_ignore_from option was exactly was I was
searching for. I really looking forward to the next mail from the account to
see whether the modification works.
Jason Bertoch-2 wrote:
On 2010/03/11 6:32 AM, idahank wrote:
Several of my network's users receive
On Thu, Mar 11, 2010 at 9:28 AM, Jari Fredriksson ja...@iki.fi wrote:
You still posted not enough data. There is only the headers the link.
Here is the entire message:
http://pastebin.com/MtXWXdvc
On 2010/03/11 9:10 AM, RW wrote:
On Thu, 11 Mar 2010 08:41:06 -0500
Jason Bertochja...@i6ix.com wrote:
For what it's worth, whitelisted addresses are excluded from Bayes
autolearn.
No, they can be autolearned. The autolearn plugin computes
it's own version of the score that ignores
On 11.3.2010 16:41, Carlos Mennens wrote:
On Thu, Mar 11, 2010 at 9:28 AM, Jari Fredriksson ja...@iki.fi wrote:
You still posted not enough data. There is only the headers the link.
Here is the entire message:
http://pastebin.com/MtXWXdvc
That is hard. Only one URL in the body.
On Thu, Mar 11, 2010 at 10:09 AM, Jari Fredriksson ja...@iki.fi wrote:
That is hard. Only one URL in the body.
X-Spam-Status: No, score=1.1 required=5.0 tests=AWL,BAYES_00,
DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
Dennis B. Hopp wrote:
I don't want to blacklist the address, hence the reason why in my
original e-mail I said other then blacklisting.
Whups, got your original message confused with something you replied
with later.
I know blacklisting
would block these bogus e-mails as well as legit
I installed
postfix-2.6.5
amavis-new-2.6.4
spamassassin-3.3.0
amavis home is /var/spool/amavisd
I create /var/spool/amavisd/.spamassassin (drwx--)
Now I want create in this directory auto-whitelist and user_prefs files.
How can I do?
Thanks
Andrea
On Wed, 10 Mar 2010, Stephen Carville wrote:
On Wed, Mar 10, 2010 at 9:14 AM, John Hardin jhar...@impsec.org wrote:
It looks like a simple matter of a very short spam with a URI that
wasn't broadly recognized as bad the first time you saw it. Train your
bayes with it, and consider adding
On Thu, 11 Mar 2010 09:41:39 -0500
Jason Bertoch ja...@i6ix.com wrote:
On 2010/03/11 9:10 AM, RW wrote:
On Thu, 11 Mar 2010 08:41:06 -0500
Jason Bertochja...@i6ix.com wrote:
For what it's worth, whitelisted addresses are excluded from Bayes
autolearn.
No, they can be
On Thu, 2010-03-11 at 09:11 -0500, Carlos Mennens wrote:
On Thu, Mar 11, 2010 at 8:46 AM, Martin Gregorie mar...@gregorie.org wrote:
That 'male enhancement junk' advert may well contain something that
could be the basis of an additional rule - don't omit *anything* in
future, at least until
On Thu, 2010-03-11 at 07:55 -0600, Dennis B. Hopp wrote:
I'm going to look at what Martin suggested and compare it to what
samples I have.
FWIW, I have 2 or three portmanteau rules that are effectively
collections of misspelled words (such as v1agra, improove, ...),
medspamming phrases,
On Thu, 2010-03-11 at 10:22 -0500, Kris Deugau wrote:
Ouch. :( Offhand, I'd say you might as well go ahead and blacklist
them anyway, because if the passwords on these freemail accounts have
been changed, I don't think there's much chance the original users will
get access back. It
On Thu, Mar 11, 2010 at 12:06 PM, Martin Gregorie mar...@gregorie.org wrote:
You certainly changed the required score: the default is 5.0. The
standard rule scores are set on that basis. Mine are:
required_score 6.0
rewrite_header subject SPAM:
report_safe 1
use_bayes
A scam of this type needs to be pretty tightly targeted to work. The
scammer would need at least a matched pair of addresses and a good
probability that the supposed sender could be somewhere near the place
where the alleged robbery was said to have happened.
If I've got access to your
On Tue, 9 Mar 2010 11:56:56 -1000, Julian Yap julianok...@gmail.com wrote:
Just wanted to add that this particular line is incorrect:
meta SC_HAM (USER_IN_WHITELIST||USER_IN_DEF_WHITELIST||
USER_IN_ALL_SPAM_TO||NO_RELAYS||ALL_TRUSTED||USER_IN_BLACKLIST_TO||
USER_IN_BLACKLIST)
That will have
On Thu, 2010-03-11 at 11:56 -0600, Dave Pooser wrote:
A scam of this type needs to be pretty tightly targeted to work. The
scammer would need at least a matched pair of addresses and a good
probability that the supposed sender could be somewhere near the place
where the alleged robbery was
I don't think the accounts were hijacked: the headers showed that the
messages the OP posted were not sent from the domain hosting the mail
accounts. It looked to me as if somebody has sold on lists of valid
hotmail etc. accounts.
I smell an inside job, or at least some careful
...and I suppose the same would apply to social networks. I don't use
either, so am somewhat clueless about what goodies are available if you
can access their accounts.
I have some free e-mail accounts that I use as throw away accounts.
When a site just HAS to have a valid e-mail so you can
Hello,
Am 2010-03-10 22:17:05, schrieb Carlos Mennens:
OK so today I got my 1st spam email from someone at a yahoo.com email
address. Basically SA didn't score it at all and 'Postgray' did it's
job. Below are the headers from SA:
Be happy, you got only one...
My question is what do you
I've seen an increase of pop3 dictionary attacks. The cracking daemons
usually are running from china.
[]s Fosforo
--
O caminho do homem justo é rodeado por todos os lados pelas
injustiças dos egoístas e pela tirania dos homens de mal. Abençoado é
aquele que, em nome da caridade e da boa-vontade
Hello,
Am 2010-03-10 13:37:20, schrieb Dennis B. Hopp:
We seem to be having a problem where clients that we interact with
regularly are having their hotmail/gmail/yahoo accounts hijacked. We
are receiving e-mails from their accounts that legitimately go through
the correct servers
Hello Martin,
Am 2010-03-10 22:13:59, schrieb Martin Gregorie:
describe FORGED_HOTMAIL Hotmail with non-Hotmail Reply-to address
header __FORGED_HM1 From ~= /\...@hotmail\.com/i
header __FORGED_HM2 Reply-to ~= /\...@hotmail\.com/i
meta FORGED_HOTMAIL (__FORGED_HM1
Earlier today I mentioned that I have a number of portmanteau rules that
fire on misspelt words in body text, etc. These are all structured along
the lines of:
describe PORTMANTEAU Example of a somewhat unwieldy rule
body __PM1 /(word1|worrd2|wooord3|)/i
body __PM2
On Thu, Mar 11, 2010 at 08:11:37PM +, Martin Gregorie wrote:
Earlier today I mentioned that I have a number of portmanteau rules that
fire on misspelt words in body text, etc. These are all structured along
the lines of:
describe PORTMANTEAU Example of a somewhat unwieldy rule
body
37 matches
Mail list logo