Don Levey wrote:
1) Segregate dynamic IPs into one netblock, static IPs into another.
I think as we get closer and closer to running out of IPv4 addresses,
this is going to get less and less common. A lot of places can no
longer afford to have IPs sitting around unused because of subnetting.
Bob Proulx wrote:
Matt Wills wrote:
Does anyone have a ruleset for catching any or all of these stock tips?
This is a little off-topic, but how do spammers expect to make money
from that spam?
A lot of them are pump and dump schemes, I suspect. The spammer buys
a bunch of shares of some
Loren Wilton wrote:
You'ld think that there should be some way to do a reverse DNS to determine
from an ip the domains that exist on that ip. I suspect though that the
whole internet fabric is designed the other way around, and that this
information is probably something that no single
Matt Kettler wrote:
I highly doubt a MS product would take advantage of results from another
product.
On the other hand, IF they're using statistical scoring, and IF they
include the headers in the score, then you might be able to just tag
suspected spam with a header. Eventually the system
Tony pace wrote:
Thanks for all the input.
The diagram was simplistic - the real MSE is a couple layers away.
One thing that no one has mentioned is that it's vitally important that
the edge gateway (the postfix system) have a way of knowing what users
are valid. Otherwise you will end up
Frank Coons wrote:
Does Exim allows LDAP queries across a DMZ or do both machines need to
be either inside or outside the DMZ for it to work?
I've never tried it, but it's just a TCP connection. As far as I know
it should work, as long as the firewall is not blocking the connection.
I
Dimitri Yioulos wrote:
Isn't the landscape bar required in every sysadmin's tool kit?
A 3.5 foot length of sucker rod is also acceptable. (See the Linux
syslogd(8) manpage, 'SECURITY THREATS' section, for details:
http://www.die.net/doc/linux/man/man8/syslogd.8.html)
Cricket bats are, I'm
http://www.securityfocus.com/news/11230?ref=rss
Quick summary: The Federal Trade Commission is launching an educational
campaign to try to convince ISPs to block port 25, rate-limit email
relays, and quarantine infected machines.
David Velásquez Restrepo wrote:
Hi,
I'm user of spamassassin to reviw a lot (a lot!) of incoming mails with
spamassassin lot time ago. Today i have a machine just running
spamassassin, due the high CPU and MEM requirements. Just to be clear
(may be i have something bad) The question is:
Q)
Got this one today. It hit SpamCop but nothing else:
Dear manager:
I have viewed your company profile through internet, and found there
exists an opportunity of establishing business cooperation between two
of us.
We are a Chinese senior precision foundry which producing all kinds of
Thomas Cameron wrote:
On Thu, 2005-05-12 at 12:20 -0500, Jon Dossey wrote:
I'd go through your maillog, and check the spamassassin processing
times, and see if you can pinpoint where the processing time shoots up.
Then, go through your mqueue and take a look at the offending message.
It wasn't
Johnson, S wrote:
Anyone know the best way to subscribe to receive all the spam I can
possibly get?
A post to the alt.test newsgroup used to be highly effective; don't
know if it still is today.
Subscribing to Ameritech DSL might work. ;) My [EMAIL PROTECTED]
email account gets more spam than
On Thu, 7 Apr 2005 12:27:58 +0100, Gray, Richard wrote
You probably also want to learn more about regular expressions too.
There
Was a lot of stuff that I didn't know before I started doing this.
In particular, useful things like back chaining and forward referencing
are useful to
On Wed, 6 Apr 2005 15:08:31 -0400, Don Levey wrote
Niek wrote:
On 4/6/2005 8:29 PM +0100, Florin Andrei wrote:
I guess something has to change. Then change it yourself type of
advices will go straight to /dev/null, thank you, because as far as
SA is concerned, i'm just a user. I am merely
On Tue, 22 Mar 2005 15:49:01 -0500, lister lynch wrote
Our ISP, Covad, is periodically claiming that we have excessive DNS
requests and is threatening to turn off our service. It's primarily
due to SA, I think. Looked around for answers, and already set a
bunch of the BL checks to 0.0 to
Kelson wrote:
Bob McClure Jr wrote:
On Tue, Mar 22, 2005 at 04:49:24PM -0500, David Brodbeck wrote:
I can't give you specific instructions for FC1, but I know older
versions of
RedHat had a package specifically for this, all preconfigured.
I think it was pdnsd, but it appears not to be in the FC
lister lynch wrote:
I checked the PDC of the domain (W2003), and it was running DNS for
forward and reverse lookup zones, as well as caching lookup. There
shouldn't be any problem installing caching-nameserver on the FC box as
well, should there?
No, but why not just make the FC box use the PDC
crisppy fernandes wrote:
Dev community,
This is to know from developers community is spamassassin wrked for
anyone just after upgrade or install.
It worked for me, but I had a very simple 2.x install. No Bayes or
anything. I think I had to update Net::DNS and a couple other Perl
modules, but I
Vicki Brown wrote:
At 10:45 -0800 03/20/2005, Jeff Chan wrote:
The trust path needs to be set correctly for things to
work properly.
If the trust path is not set correctly by default, then the rule should
not be enabled by default. That's just wrong.
A lot of stuff depends on it.
I actually have
On Mon, 21 Mar 2005 12:05:18 +0100 (CET), Menno van Bennekom wrote
I once had a situation where both the primary and the secondary were
down, but still mail to us didn't bounce, old mails just started
streaming in when the servers came up.
Yes, the remote MTAs will queue them. The exact
List Mail User wrote:
You also have the problem of dealing with IP literals, and users
running dynamic DNS which still has stale DNS data (so the response should
be a 4xx code not a 5xx code, if you do something like this).
I think anyone who is running a mail server on a dynamic IP has to
Kelson wrote:
1. You sign up for a group about vintage widgets.
2. Spammer sends a message to your vintage widget list.
3. You get the spam through a whitelisted, opt-in channel.
4. List members owner get up in arms, flame war ensues over whether
the list should be closed or kept open, whether
Steve Prior wrote:
Jim Maul wrote:
Whats strange is i was forced into using verizon. I called 3 other
DSL companies who i KNOW have DSL in my area (my company uses one of
them and they are less than 1 mile away) and they all claim that its
not available. Verizon was the only one who actually
Rob McEwen wrote:
Overall, I was very impressed with the coverage. It worked better than
expected. However, sadly, my house was in a dead spot. Considering my
strategy (giving up the land lines), this was awful. I could see the tower
bars dropping down on the phone as I approached my home... and
This is kind of an odd problem and I'm not sure what to do.
For quite a while I had apparent Perl signal-handling problems -- in
particular, I couldn't kill spamd, I had to use kill -9. Recently I
recompiled Perl in an effort to fix this. I'm using the same Perl version
(5.6.1), however I
On Tue, 14 Dec 2004 13:52:37 -, Clarke Brunt wrote
Jonathan Nichols wrote:
Example: I try to send mail to this list from a T-Mobile Hotspot
(Starbucks) - it gets kicked back because SF.net uses SPF, and my SPF
records don't show m55415454.tmodns.net in the SPF records. So what can
I
Noel K Hall II wrote:
Fighting spam with a virus like attack...let's think about this one...not
only will your ISP end up shutting down your connection for a violation of
their TOS, you could possibly face court charges.
Makes complete sense to me.
My initial thought is, isn't the Internet slow
On Sun, 28 Nov 2004 20:35:31 -0800, Bob Amen wrote
And you said an aggressive greet delay. I tried
that and found too many false positives with legitimate mail servers
that are poorly configured. The only recourse for those false
positives is another means of communication (eg. telephone).
On Tue, 30 Nov 2004 01:53:20 -0800, jdow wrote
From: Rob [EMAIL PROTECTED]
My power supply died on Sunday morning, and as much as I wanted it not
too, the machine powered off. Doesn't meet any of your above
requirements but I'll let it pass this once.
Clearly you need to start ordering
JamesDR wrote:
make sure in writing before you sign anything that your ip(s) will
never be listed by the ISP as res/dynamic/dialup ip. If they do they
may be in breach of contract (and you would need a lawyer for
resolution.)
I doubt any ISP would agree to a contract term like that, because
Daniel Quinlan wrote:
Why? That way I can strongly identify users I know would not spam..
Users of PGP are not the same set of people getting their mail
occasionally flagged as false positives.
There have also been cases of spammers grabbing PGP signatures and
slapping them on the end of
Dan Barker wrote:
What's the thinking for Linux? I'm just running a couple daemons in support
of my Wireless Network subscription services (they diddle the firewall based
on Credit Card income) and the firewall.
I reboot Linux servers when I need to upgrade the kernel, upgrade the
BIOS, or
Duncan Findlay wrote:
On Sat, Nov 27, 2004 at 01:37:57PM -0500, David Brodbeck wrote:
I reboot Linux servers when I need to upgrade the kernel, upgrade the
BIOS, or have a startup script change that needs to be tested. Don't
overlook that last one, it's less inconvenient to reboot right away
Matt Kettler wrote:
At 04:45 AM 11/12/2004, Hanspeter Roth wrote:
Besides adjusting your administrator with a clue-by-four, you can
run it
through spamassassin --remove-markup
I don't know what you mean by 'clue-by-four'. I try to contact the
admin. But he might have some reason for his
Matt Kettler wrote:
At 06:53 AM 11/9/2004 -0800, Gary W. Smith wrote:
Matt,
I did find some information in bugzilla regarding this as well but it
still seems to be open. Is the short fix to add a single trusted net a
per Bowie?
If you've got a NATed server, use trusted_networks. In fact, even if
On Mon, 1 Nov 2004 14:20:35 -0500, Michael Barnes wrote
I was able to change the default CFLAGS by putting the CCFLAGS and
the CFLAGS values in my environment before running perl Makefile.PL.
I would guess that this could be considered a bug, because its not
too uncommon for default CFLAGS
On Wed, 22 Sep 2004 09:15:48 -0700, Justin Mason wrote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Brodbeck writes:
Is there a way to get the SpamAssassin build process to use -O instead of
-O2
while building spamc? I run FreeBSD on a DEC Alpha, and -O2 triggers
optimizer
On Wed, 27 Oct 2004 21:43:16 -0700 (PDT), email builder wrote
Thanks. We were thinking about a NFS server, but SA concerns seemed
more important. If both can coexist peacefully, this may be the
exact same solution that we use.
It seems like it'd be a good match. NFS is highly I/O
On Wed, 6 Oct 2004 14:00:19 -0400, Dave Duffner - NWCWEB.com wrote
Last we heard from this (or another, poss. MailScanner) List
was that SPF's are now a dead issue. Some locations are using it
and trying to keep it alive, but even MicroWreck backed off their
stance in supporting it.
Robin Lynn Frank wrote:
Right. I want to get my key signed by someone I don't know from a hole
in the wall and, in return, sign his. Fine. Let's totally destroy the
value of signatures. I don't think so.
This is a big problem with GPG, really. If you're an isolated user
there's no way to
-- Forwarded Message ---
From: Jeff Chan [EMAIL PROTECTED]
To: David Brodbeck [EMAIL PROTECTED]
Sent: Wed, 29 Sep 2004 08:07:05 -0700
Subject: Re: SA 3.0 and Bigevil
On Wednesday, September 29, 2004, 7:42:04 AM, David Brodbeck wrote:
On Wed, 29 Sep 2004 07:30:51 -0700, Jeff Chan
John Rudd wrote:
1) Greet_Delay (default 30 seconds) -- had some brief false positives
with mac.com, but they fixed their MTA to stop being so impatient.
You might want to keep in mind that some MTAs that do callout
verification use 30 seconds as the default timeout, and if you make them
wait
Pat Lashley wrote:
For example, it would break the Exim port which by
default includes the ExiScan patches. (The Exim port would still
build; but the SpamAssassin support would fail at run time.)
Sure about that? I'm running Exim with Exiscan version 22, built from
the port, and it's working
On Thu, 23 Sep 2004 11:29:49 -0400 (EDT), Dan Mahoney, System Admin wrote
While I'm thinking about this, let me offer up a suggestion...
For those of us that prefer user_prefs in text files but because
SpamAssassin with the preforking is getting much bigger have decided
we need a separate
On Thu, 23 Sep 2004 13:51:36 -0500, Gary Buckmaster wrote
considered setting up spam@ and notspam@ accounts on the gateway
itself, and having local users send appropriate samples to these
accounts, then running sa-learn against these. Does this approach
make a great deal of sense? Has
Kelson wrote:
Mail sent from to a few addresses that we never use for outgoing
mail is rejected with an Invalid bounce explanation. (Don't do this
with postmaster or abuse, or you'll probably end up listed on
RFC-ignorant.)
AFAIK you won't unless someone decides to report you. RFC-ignorant
Is there a way to get the SpamAssassin build process to use -O instead of -O2
while building spamc? I run FreeBSD on a DEC Alpha, and -O2 triggers
optimizer bugs in gcc on that architecture. I've just been editing the
configure script before building, but it'd be nice if there was an easier way.
Juhapekka Tolvanen wrote:
On Wed, 22 Sep 2004, +22:45:09 EEST (UTC +0300),
Dan Mahoney, System Admin [EMAIL PROTECTED] pressed some keys:
On Wed, 22 Sep 2004, Daniel Quinlan wrote:
Juhapekka Tolvanen [EMAIL PROTECTED] writes:
1) Switch off that Bayesian filter of SpamAssassin,
48 matches
Mail list logo
