From: Axb axb.li...@gmail.com
Sent: Wednesday, February 25, 2015 4:32 AM
To: users@spamassassin.apache.org
Subject: Re: Lots of Polish spam
On 02/25/2015 01:42 AM, Alex Regan wrote:
Hi,
On 02/24/2015 07:06 PM, Reindl Harald wrote:
Am 25.02.2015 um
Hi!
As I mentioned earlier I'm (and not only me but other users postmasters
in Poland) getting a lot of spam from botnet. Usually it gets high
scores but from time to time spam is delivered to mailbox. Because this
spam is sended to many mailservers I think it could be worth to create
official or
On Tue, 24 Feb 2015 23:06:02 +0100
Yves Goergen nospam.l...@unclassified.de wrote:
If the mail server now blocks all .exe in .zip without
actually scanning the contents, they're going to complain.
At some point, you need to be firm and take care of your users'
security. We run a commercial
On Feb 24, 2015, at 3:49 PM, Axb axb.li...@gmail.com wrote:
On 02/24/2015 11:39 PM, LuKreme wrote:
On Feb 24, 2015, at 15:24, Axb axb.li...@gmail.com wrote:
*.pdf.zip is a dangerous one to block on sight - FP risk is huge
Really? I've never seen a .pdf.zip that was legitimate.
KDE:
On February 25, 2015 2:55:16 PM Marcin Mirosław mar...@mejor.pl wrote:
http://pastebin.com/bAm2yk8z , http://pastebin.com/6zLjMtM8 .
blacklist_uri_host businessanalyse.be
blacklist_uri_host 143businesssecrets.com
and blacklist_from domains that have spf-pass
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
Email is an inherently untrustworthy transport medium. Any sort of
executable received via email that is
On Wed, 25 Feb 2015, Benny Pedersen wrote:
On February 25, 2015 2:55:16 PM Marcin Mirosław mar...@mejor.pl wrote:
http://pastebin.com/bAm2yk8z , http://pastebin.com/6zLjMtM8 .
blacklist_uri_host businessanalyse.be
blacklist_uri_host 143businesssecrets.com
That risks whack-a-mole. Are all
W dniu 2015-02-25 o 19:17, Benny Pedersen pisze:
On February 25, 2015 2:55:16 PM Marcin Mirosław mar...@mejor.pl wrote:
http://pastebin.com/bAm2yk8z , http://pastebin.com/6zLjMtM8 .
blacklist_uri_host businessanalyse.be
blacklist_uri_host 143businesssecrets.com
and blacklist_from
Am 25.02.2015 um 19:27 schrieb Benny Pedersen:
On February 25, 2015 7:22:40 PM John Hardin jhar...@impsec.org wrote:
That risks whack-a-mole. Are all of the spams referencing the same host,
and is that host *not* already hitting URIBL_BLACK?
i long time dropped uribl_black since so much
On February 25, 2015 7:22:40 PM John Hardin jhar...@impsec.org wrote:
That risks whack-a-mole. Are all of the spams referencing the same host,
and is that host *not* already hitting URIBL_BLACK?
i long time dropped uribl_black since so much spam is not listed, sending
samples to them takes
On 2015-02-25 12:18, David F. Skoll wrote:
On Tue, 24 Feb 2015 23:06:02 +0100
Yves Goergen nospam.l...@unclassified.de wrote:
If the mail server now blocks all .exe in .zip without
actually scanning the contents, they're going to complain.
...
So far, no major complaints. The few who really
On 2015-02-25 11:42, Bill Cole wrote:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
I second this. Either go all the way, or don't do it, it's worse to
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
Email is an inherently untrustworthy transport medium. Any sort of
Am 25.02.2015 um 23:04 schrieb Dave Warren:
I second this. Either go all the way, or don't do it, it's worse to
leave users with a false sense of security. A mentality of The virus
scanner says it's safe, so it won't do any harm is exceedingly dangerous.
The virus scanner doesn't say anything
Am 25.02.2015 um 23:15 schrieb Yves Goergen:
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't block all archives with executable files in them.
Then in all seriousness: why bother filtering email specifically for
malware?
Email is an
Am 25.02.2015 um 23:04 schrieb Dave Warren:
On 2015-02-25 12:18, David F. Skoll wrote:
So far, no major complaints. The few who really need to send such files
rename them to .ex_ before zipping them up. We have a fairly large
userbase (more than 140,000) so I think we would have heard lots of
Am 25.02.2015 um 23:23 schrieb Yves Goergen:
Am 25.02.2015 um 23:04 schrieb Dave Warren:
I second this. Either go all the way, or don't do it, it's worse to
leave users with a false sense of security. A mentality of The virus
scanner says it's safe, so it won't do any harm is exceedingly
That's what I did. I went with Zendto also as David Jones recommended. It
works great, and solves both the restricted file issue as well as an email size
problem. It's not unusual for users to attach half a dozen photos to a message
these days and never realize they're 8-10 MB each...
I don't think I have the Bayesian filter working.
This is some spam that wasn't marked as spam, shouldn't one of the tests be
BAYES_00?
X-Spam-Status: No, score=4.5 required=5.0 tests=FREEMAIL_FROM,FREEMAIL_REPLYTO,
FSL_MY_NAME_IS,HTML_MESSAGE,RDNS_DYNAMIC,T_OBFU_JPG_ATTACH autolearn=no
On Wed, 25 Feb 2015, James wrote:
I don't think I have the Bayesian filter working.
This is some spam that wasn't marked as spam, shouldn't one of the tests be
BAYES_00?
X-Spam-Status: No, score=4.5 required=5.0 tests=FREEMAIL_FROM,FREEMAIL_REPLYTO,
On Wed, 25 Feb 2015, James wrote:
I don't think I have the Bayesian filter working.
You don't:
Feb 25 21:07:55.366 [27839] dbg: bayes: not available for scanning, only 0 ham(s)
in bayes DB 200
Why does it say not enough ham?
Because you need to train ham *as well as* spam. How else
On February 26, 2015 3:36:02 AM John Hardin jhar...@impsec.org wrote:
Feb 25 21:07:55.366 [27839] dbg: bayes: not available for scanning, only
0 ham(s) in bayes DB 200
Why does it say not enough ham?
Because you need to train ham *as well as* spam. How else will it be able
to tell the
From: Yves Goergen nospam.l...@unclassified.de
Sent: Wednesday, February 25, 2015 4:15 PM
To: users@spamassassin.apache.org
Subject: Re: Lots of Polish spam
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't
On 2015-02-25 14:23, Yves Goergen wrote:
Am 25.02.2015 um 23:04 schrieb Dave Warren:
I second this. Either go all the way, or don't do it, it's worse to
leave users with a false sense of security. A mentality of The virus
scanner says it's safe, so it won't do any harm is exceedingly
On 02/25/2015 01:42 AM, Alex Regan wrote:
Hi,
On 02/24/2015 07:06 PM, Reindl Harald wrote:
Am 25.02.2015 um 00:56 schrieb Alex Regan:
Sophos reports it as Troj/Tinba-O, like most others on virustotal.com
ClamAV does not detect anything suspicious.
I really thought clamav was much better.
25 matches
Mail list logo