I included the results of a find on URIBL_RHS_DOB together with the dig report
on a newly registered spam domain and an extract from the whois report. All
of which was to show that the domain was registered today and that the DOB
service did not appear to have it listed as new. This is what I
Have you looked into Day old bread?
http://wiki.apache.org/spamassassin/Rules/URIBL_RHS_DOB
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
-Original
On 05/15/2014 04:31 PM, James B. Byrne wrote:
On Thu, May 15, 2014 09:08, David Jones wrote:
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
I checked three domain names used by the spam messages received yesterday.
All of the domains were registered
gayle...@eircom.net schrieb am 13. Mai 2014 um 12:56 +0200:
When I send email from my laptop (using KMail)
containing the string in the above URL,
I simply get a message saying
-
Failed to transport message.
The message content was not accepted.
The server responded: Message
James, are these botnet or snowshoe spam?
When you get a chance, please provide some spamples (pastebin or
elsewhere), as Kevin recommended. Please mung JUST the email
addresses (e.g. change all email domains to example.com, and
change the victim account name to victim). If the victim
accounts
On Thu, 15 May 2014, James B. Byrne wrote:
I have to wonder how soon after creation new domains are added to the
fresh lists.
That's a good question. The only way I can see to maintain such a list is
if you have a registrar data feed, and I don't know what the latency in
that is. I would
On 5/14/2014 5:08 PM, James B. Byrne wrote:
Is there any way to limit Bayes content checking to only the first X
characters of the message body? I ask this because it is clear that the spam
messages getting through contain text meant to poison the tests but this
gibberish always trails the main
Hi,
On Mon, May 12, 2014 at 7:08 PM, Karsten Bräckelmann guent...@rudersport.de
wrote:
On Mon, 2014-05-12 at 13:46 -0400, Alex wrote:
On Sun, May 11, 2014 at 9:32 PM, Karsten Bräckelmann
guent...@rudersport.de wrote:
This is supposed to be a rawbody rule. I know, because I've discussed
On Wed, 14 May 2014, James B. Byrne wrote:
Is there any way to limit Bayes content checking to only the first X
characters of the message body? I ask this because it is clear that the spam
messages getting through contain text meant to poison the tests but this
gibberish always trails the main
On Fri, 16 May 2014 07:22:56 -0400
David F. Skoll d...@roaringpenguin.com wrote:
James Is there any way to limit Bayes content checking to only the
James first X characters of the message body? I ask this because it is
James clear that the spam messages getting through contain text meant
James
I implemented a rule that looks for multiple breaks for just that reason.
Can't remember where I stole it from - probably some folks here helped me
with it a few years ago. Can't remember who, but appreciated the assistance.
On Thu, May 15, 2014 09:08, David Jones wrote:
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
I checked three domain names used by the spam messages received yesterday.
All of the domains were registered yesterday as well. None of them report as
being
On Thu, 15 May 2014 09:45:21 -0800
Kevin Miller kevin_mil...@ci.juneau.ak.us wrote:
Have you looked into Day old bread?
http://wiki.apache.org/spamassassin/Rules/URIBL_RHS_DOB
Just for the fun of it, I did a manual whois on the domain of one random
spam I got today which was not killed by SA.
On 5/15/2014 10:31 AM, James B. Byrne wrote:
On Thu, May 15, 2014 09:08, David Jones wrote:
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
I checked three domain names used by the spam messages received yesterday.
All of the domains were registered
On 5/16/2014 2:24 PM, Ian Zimmerman wrote:
On Fri, 16 May 2014 07:22:56 -0400
David F. Skoll d...@roaringpenguin.com wrote:
James Is there any way to limit Bayes content checking to only the
James first X characters of the message body? I ask this because it is
James clear that the spam
On Fri, 16 May 2014 11:24:29 -0700
Ian Zimmerman i...@buug.org wrote:
On close inspection, I see that the hash-busting garbage appended is
(faux) technical computing talk instead of the usual cookbooks or
classical literature :-p That is, scrambled Stack Overflow
discussions and the like.
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
From: James B. Byrne byrn...@harte-lyne.ca
Sent: Wednesday, May 14, 2014 11:51 AM
To: users@spamassassin.apache.org
Subject: SPAM from a registrar
This AM we received
On 05/14/2014 11:08 PM, James B. Byrne wrote:
Is there any way to limit Bayes content checking to only the first X
characters of the message body? I ask this because it is clear that the spam
messages getting through contain text meant to poison the tests but this
gibberish always trails the
On Thu, May 15, 2014 09:08, David Jones wrote:
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
I checked three domain names used by the spam messages received yesterday.
All of the domains were registered yesterday as well. None of them report as
being
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 15-05-14 16:31, James B. Byrne wrote:
On Thu, May 15, 2014 09:08, David Jones wrote:
We use the fresh15.spameatingmonkey.net RBL.
http://spameatingmonkey.com/lists.html
I checked three domain names used by the spam messages received
On 05/14/2014 11:08 PM, James B. Byrne wrote:
Is there any way to limit Bayes content checking to only the first X
characters of the message body? I ask this because it is clear that the spam
messages getting through contain text meant to poison the tests but this
gibberish always trails
On Fri, 2014-05-16 at 11:24 -0700, Ian Zimmerman wrote:
In the last few (~10) days, I have seen a marked increase in FNs,
usually with Bayes values in the 50s and 60s.
That's a neutral bayes classification. Other rules should be able to
still identify the spam.
On close inspection, I see that
On Fri, May 16, 2014 15:50, Kevin A. McGrail wrote:
Enom is a big registrar and in fact owns the registrar I use
(BulkRegister). I'm surprised they are having an issue. I'll try and
reach out to them if you can give me a list of some of the domains you
are seeing problems with spam.
On Fri, 2014-05-16 at 12:14 -0700, Ian Zimmerman wrote:
Just for the fun of it, I did a manual whois on the domain of one random
spam I got today which was not killed by SA.
Sure enough, the domain was a day old.
Running SA --debug on the spam I can see that URIBL_RHS_DOB lookup is
On Sat, 17 May 2014 01:34:58 +0200
Karsten Bräckelmann guent...@rudersport.de wrote:
I don't know whether DOB limits DNS queries of a single host.
However, if you *never* get that rule firing, the NXDOMAIN result may
indicate exceeding a query limit. Do you use a local caching DNS
resolver,
On Fri, 16 May 2014 16:20:21 -0400
Bowie Bailey bowie_bai...@buc.com wrote:
Keep in mind that BAYES_50 and BAYES_60 still contribute positive
scores by default. Though it is technically a neutral result, it
still adds a point or two to the score.
Rather than messing with Bayes, I would
David Jones wrote:
James B. Byrne wrote:
If you keep Bayes well trained (assuming you have enough ham to do so)
Bayes poisoning is a myth.
I'm not sure I agree with the myth statement. I just had to reset my Bayes
DB after years of it slowly drifting due to bad user input and such.
On Wed, 14 May 2014 17:08:26 -0400
James B. Byrne byrn...@harte-lyne.ca wrote:
Is there any way to limit Bayes content checking to only the first X
characters of the message body? I ask this because it is clear that
the spam messages getting through contain text meant to poison the
tests but
28 matches
Mail list logo
