Per Jessen wrote:
dar...@chaosreigns.com wrote:
Much like the 3.2.5 release which that page still unfortunately
implies is reasonable to use.
I'd love an explanation of a situation where somebody is running
spamassassin but can't run sa-update, even once. I hear that exists.
A
Dear list,
Here is the context.
The French-speaking countries receive tons of e-mails, mostly fraud
attempts, fake lotteries, originating from West-Africa and sent by Yahoomail
users.
Often those messages contain big attachments. The payload (text of the
message) is embedded in a 1MB jpeg
Bob Proulx wrote:
Per Jessen wrote:
dar...@chaosreigns.com wrote:
Much like the 3.2.5 release which that page still unfortunately
implies is reasonable to use.
I'd love an explanation of a situation where somebody is running
spamassassin but can't run sa-update, even once. I hear
Hello Frederic,
Sunday, December 9, 2012, 10:16:08 AM, you wrote:
FDM the sender IP (Yahoo) is genuine and has a good reputation
Good reputation! Well as a very common source of spam its reputation
is one of the best.
--
Best regards,
Niamh
I there Frederic,
I think a geoip module exists. I saw that somewhere. Just take a look
for it.
But I think this is a bad idea. You are right about the analysis, but
geoip filtring is not efficient and may lead to FPs.
Take extra care to the rules you are going to build about it. You may
also
On 09/12/12 10:16, Frederic De Mees wrote:
Dear list,
Here is the context.
The French-speaking countries receive tons of e-mails, mostly fraud
attempts, fake lotteries, originating from West-Africa and sent by
Yahoomail users.
Often those messages contain big attachments. The payload (text of
On 02.12.12 14:29, Niamh Holding wrote:
Subject: HELO_DYNAMIC_IPADDR2 HELO_DYNAMIC_SPLIT_IP hitting ham
X-Spam-Report:
* 3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr
* 2)
* 3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious
On 04.12.12 08:28, Matt wrote:
I am using Exim directors to call Spamassassin. I do not scan
messages that come in on port 587 or are in my popb4smtp file.
do you _require_ authentication on 587? Do you really support
pop-before-smtp still? That should be dead for years
This
was done due
On Sun, 9 Dec 2012, Ned Slider wrote:
On 09/12/12 10:16, Frederic De Mees wrote:
Spamassassin misses 100% of them because:
- due to the message size, the analysis is skipped anyway.
look at scoring __FROM_41_FREEMAIL which already combines the above with
FREEMAIL_FROM.
...as well as
On Sun, 9 Dec 2012 11:16:08 +0100
Frederic De Mees wrote:
I would have loved to do it with SA.
This means that the line
Received: from [ip.add.res.ss].*web.*mail.*yahoo\.com via HTTP
should be detected and analysed.
The ip address should be extracted.
The whois of the address should be
On Sun, 9 Dec 2012, Frederic De Mees wrote:
Dear list,
Here is the context.
The French-speaking countries receive tons of e-mails, mostly fraud attempts,
fake lotteries, originating from West-Africa and sent by Yahoomail users.
Often those messages contain big attachments. The payload (text
On Tue, 4 Dec 2012, Eric Krona wrote:
We have a few users who get a lot of emails asking them to report their
webmail usage, often linking to a google spreadsheet. They slip passed
spamassassing, likely because they are translated to swedish, but the mail is
clearly spam.
Is anyone else
From: RW rwmailli...@googlemail.com
It's pretty easy to do this kind of thing with the RelayCountry plugin.
Thank you all for your replies.
Obviously I had already increased the max size.
I will have a look at that plugin.
Frédéric
On Mon, 10 Dec 2012, Frederic De Mees wrote:
Thank you all for your replies.
Obviously I had already increased the max size.
...so what rules *are* they hitting?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a
14 matches
Mail list logo