I also block all top, win, science and some other spammy TLDs that
provide free one day trial registrations. All such mail goes to a
folder that I review periodically and so far, I have not seen any
false positives.
I also have an imperfect perl script that determines age of a domain,
and flags
On Sat, Nov 22, 2014 at 07:16:38PM -0800, John Hardin wrote:
On Sat, 22 Nov 2014, Igor Chudov wrote:
I receive spam emails that contain extremely long URLs, about 2,400
characters. I wanted to know if spamassassin has a rule that I can
turn on to flag such URLs. I do not think that I ever
I have a special perl script, that I wrote, that scans emails, makes a
WHOIS query via a perl WHOIS module, and looks at the creation date.
It then flags all messages that are emailed from domains less than a
week old. The reason for this is that spammers register throwaway
domains, spam from
Hello, how can I enable thos DOB URIBL? I have spamassassin --version
SpamAssassin version 3.4.0 running on Perl version 5.14.2. It does
not seem to trigger. Thanks
On Mon, Nov 10, 2014 at 06:49:38PM -0800, John Hardin wrote:
On Mon, 10 Nov 2014, Igor Chudov wrote:
They also are all based
I am receiving a torrent of spam coming from dot-eu and dot-link
domains.
Those spams have perfectly correct mail settings, such as resolvable
nameserver names, SPF, seem to all match.
They also are all based on domains less than one day old.
I deal with them in a custom way, and block any
On Sat, Nov 10, 2012 at 08:47:57AM +0300, Jonathan Nichols wrote:
So, why is it triggering URIBL_BLACK and URIBL_DBL_SPAM etc now, but
not when I received the original spam?
Or was the database updated with those
URLs after I received that particular spam?
i
It is quite likely
I receive a lot of spams similar to this one:
http://igor.chudov.com/tmp/spam014.txt
It is a spam, however it has a low score and hit my mailbox.
When I reran spamassassin -D on this message, it was flagged as spam
and I get the following:
http://igor.chudov.com/tmp/spam014.trace.txt
The
I receive a variety of spams with the From: field containing a
business solicitation in the name tag. They seem to have quite a bit
in common and I wonder why my SA does not catch them.
Here's the spam message: http://igor.chudov.com/tmp/spam013.txt
Here are my results of running spamassassin:
Sorry, I fixed it.
On Wed, Oct 17, 2012 at 06:39:21PM +0100, John ffitch wrote:
cannot read...
Forbidden
You don't have permission to access /tmp/spam013.txt on this server.
Apache/2.2.14 (Ubuntu) Server at igor.chudov.com Port 80
On Wed, 17 Oct 2012, Igor Chudov wrote:
I receive
be blocked.
Igor, what's the threshold of your SA installation?
Alex, from prypiat.
Yes, I recycle.
On 12-10-17 01:44 PM, John Hardin wrote:
On Wed, 17 Oct 2012, Igor Chudov wrote:
Here's the spam message: http://igor.chudov.com/tmp/spam013.txt
No permissions to view that.
, then junk it. You'll
need to test and make sure it doesn't have much FP.
It comes from gmail too, and I am sure from many originating
IPs. GMail does not report originating IP.
i
--Original Message--
From: Igor Chudov
To: Spamassassin Mailing List
ReplyTo: i...@chudov.com
Subject: One
I receive a large number of spams from network IPs belonging to
SharkTech, 70.39.69.99 or so and so on.
They advertise romantic encounters with people born prior to 50 years
ago, small increment auxions, ability to borrow money using house as
collateral, and other scams. Examples are here:
This is a very funny spam, takes the title of dumbest spam of Feb 2010.
http://igor.chudov.com/tmp/spam010.txt
The person who sent it, probably thinks that he is the best phister in
the world.
i
On Mon, Aug 24, 2009 at 12:54:08PM -0700, Evan Platt wrote:
At 12:48 PM 8/24/2009, you wrote:
Lately I have been receiving quite a bit of spams that promote films
of the most indecent kind, involving persons of minor age. Examples
are here:
http://igor.chudov.com/tmp/spam009.txt
By
Lately I have been receiving quite a bit of spams that promote films
of the most indecent kind, involving persons of minor age. Examples
are here:
http://igor.chudov.com/tmp/spam009.txt
By looking at those messages, I would expect them to score higher on
the spamminess scale. Would anyone
Just today a buyer reported that my reply to him ended up in his spam
folder. Concerned by this, I sent an email to my Yahoo! account and
that one disappeared somewhere. The one I sent to gmail, however, got
there quickly. I may be overreacting and, perhaps, it is a coincidence
that Yahoo just
I have a few computers that I can volunteer for checking spam rules.
i
SARE had a nice system where you could submit a rule via email and got
the masscheck results via email. Sadly all the boxes which did this are
dead. I wonder if the SA masscheckers could be taught to do something
On Sat, Apr 25, 2009 at 11:06:47PM +0100, Ned Slider wrote:
John Hardin wrote:
On Fri, 24 Apr 2009, LuKreme wrote:
On 24-Apr-2009, at 10:41, Igor Chudov wrote:
I get a shipload of spams like this one:
http://igor.chudov.com/tmp/spam007.txt
Scores very high here.
2.0 URIBL_BLACK
On Sat, Apr 25, 2009 at 02:09:05PM -0700, John Hardin wrote:
On Sat, 25 Apr 2009, Gary Forrest wrote:
We are receiving the same image spam many times, random text within the
body.
FuzzyOCR. It seems Spammers are trying image spam again, after giving up
on it for a year or so.
Why did
I get a shipload of spams like this one:
http://igor.chudov.com/tmp/spam007.txt
These advertise certain berries, but also other equally worthless
gimmicks. These spammers started snowshoeing but as time went on,
predictably they became more brazen.
I have the latest ubuntu 9.04 and I was
On Fri, Apr 24, 2009 at 11:41:31AM -0500, Igor Chudov wrote:
I get a shipload of spams like this one:
http://igor.chudov.com/tmp/spam007.txt
By the way, look at these spams. The afiliate URL is mentioned once or
twice, and then the remove URL. The remove URL is like affiliate
URL, different
I get plenty of these also, and cannot get them to score well.
These advertise knockoffs of bestselling Pfizer products. The text is
meaningless garbage text. The sales message is contained in a PNG
image, but it could be other image types like jpeg.
On Fri, Apr 24, 2009 at 01:31:37PM -0700, John Hardin wrote:
On Fri, 24 Apr 2009, Igor Chudov wrote:
I get plenty of these also, and cannot get them to score well.
http://igor.chudov.com/tmp/spam008.txt
Any ides what I can do?
Do you have administrative access to ak74.algebra.com
:30PM +0200, Stefan Luetje wrote:
Am 24. Apr 2009 um 22:12 CEST schrieb Igor Chudov:
I get plenty of these also, and cannot get them to score well.
These advertise knockoffs of bestselling Pfizer products. The text is
meaningless garbage text. The sales message is contained in a PNG
Maybe I can clarify how these phishes work. A phisher would send
emails to a large number of people saying, literally, I am your
email administrator, your account is to be suspended, please send me
your username and password.
Any cursory examinationof these letters would make it obvious that
http://igor.chudov.com/tmp/spam006.txt
Not sure what will follow, maybe asking $250 processing fee or
something. Obviously I am not in the mood to write to this guy.
http://igor.chudov.com/tmp/spam005.txt
I get a lot of these, all seemingly sent by the same software and the
same person, any way of filtering them out?
i
I moved from Fedora to Ubuntu Gutsy and am sorting through issues.
Here are both the spam message (at bottom of the web page) as well as
output of SA.
The message is obviously junk about the usual counterfeit mechandise
tat is being peddled everywhere.
http://igor.chudov.com/tmp/spam003.txt
On Fri, Apr 11, 2008 at 02:10:41PM -0400, Rick Macdougall wrote:
Josie Walls wrote:
Hello,
Would this group agree that requiring 5 hits in order to classify an email
as spam is too conservative a number?
I suspect ISPs have their filter settings at 3 or less.
Any insight would be
A while ago I asked what was the scam about those I am a boored
grrl, pleas write me.
I have finally found the answer.
http://ikillspammers.blogspot.com/
The answer is that they get men to talk to them and then start
concocting various stories about how they were beaten up, raped
anally, and
If I recall correctly...
This Habeas is some sort of a braindead business idea to insert an
unauthenticated header in bodies of legitimate emails coming from
their customers, to assure spam filters that the email is legitimate.
Kind of like SPF, but implemented by third graders with multiple
I strongly recommend to block Habeas entirely.
They are a yet another garbage email company.
i
On Tue, Feb 26, 2008 at 03:10:54PM +, Anthony Peacock wrote:
Hi,
Following up to myself...
Anthony Peacock wrote:
Hi Justin,
Justin Mason wrote:
Jason Haar writes:
Anthony Peacock wrote:
I get a lot of spams where I am being offered a lucrative occupation
that involves transferring finanscial assets from one place to
another. It is clearly a scam, however, I am now sure what. Are these
for thieves who are moving stolen money to their real accounts, using
victims as decoys (maybe
I whitelisted some friends, but, to my shock, whitelist ADDS to a
score, I thought it should subtract it? It adds 5 to my scores. What's
wrong?
i
On Tue, Nov 06, 2007 at 11:51:09AM -0500, Theo Van Dinter wrote:
On Tue, Nov 06, 2007 at 10:46:39AM -0600, Igor Chudov wrote:
I whitelisted some friends, but, to my shock, whitelist ADDS to a
score, I thought it should subtract it? It adds 5 to my scores. What's
wrong?
When you say you
I was looking at this article
http://en.wikipedia.org/wiki/E-mail_spam
It claims that only five countries are hosting 99.68% of the global
spammer websites, of which the foremost is China, hosting 73.58% of
all web sites referenced within spam.[30]
I already refuse all email coming from China
I receive a lot of emails from The IT JobBoard or JobsInThe City,
see example at
http://igor.chudov.com/tmp/spam002.txt
They look like outright spams to me, by looking at the way they are
relayed. I tried unsubscribing, which did not help very much.
Are there any more info on those
I have my own add-on filter that looks for patterns (perl regexps) in
the entire email, if it finds such patterns, the messages go to a
certain junk folder that I review periodically. That's exactly where
this discussion is. I simply added word Robert followed by Sexton
to that filter.
Works
[This message has also been posted to comp.mail.sendmail.]
My mailserver gets a lot of errors reported such as:
Oct 1 11:49:36 ak74 sendmail[31464]: l91Gnatt031464: nat.incompany.ru
[83.167.0.4] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 1 11:49:37 ak74 sendmail[31460]:
I am considering a local deal related to hosting by Comcast cable
(8mbps down, 1 mbps up).
I am concerned, however, with me sending email and being on comcast IP
range, due to bad rap that Comcast has due to spamming by Comcast
hosted zombies.
Do you think that my mailserver will have issues if
I am getting stock spams in zip files.
They are a variation of stock spams, are there any rules for them that
I need to know about?
Some time ago, I used to junk all zip files from procmail. I would
like to know how can I write a spamassassin rule to assign a score to
just having a zip
On Tue, Jul 31, 2007 at 10:03:30AM +0200, Rocco Scappatura wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
I am receiving a lot of spams from bored girls, that ask me to email
to some .info email addresses. Just curious what these spams are
promoting, what is the scam behind them?
i
Can I somehow specify an include directive in my user_prefs file, such
as include my_friends.cf?
i
I have several mail folders (linux mailbox files) that are a good
source of whitelist information. For example, I am sure that all To:
addresses in my sent folder, and all From: addresses in my friends or
ebay folder, are good.
So what I would like to do is to generate a file with a list of
I have to respectfully disagree with those who say that whitelisting
my friends is a bad idea.
I do realize that spammers use everyone's addresses -- as they are
using mine -- as fake return addresses, just as often as they would
use any other address.
But the chances of them accidentally
#!/bin/bash
PM=`perl -MConfig -e 'print
$Config{installsitelib}'`/Mail/SpamAssassin/Plugin/PDFInfo.pm
CF=/etc/mail/spamassassin/PDFInfo.cf
cp $PM $PM.bak || exit 1 # Probably I am not root...
cp $CF $CF.bak || exit 1 # same
echo Downloading, veryfying perl module and size of config file...
I would like to disable Bayes analysis entirely if an email has a PDF
attachment.
How can I do it?
i
On Wed, Jul 18, 2007 at 01:17:45PM -0400, Theo Van Dinter wrote:
On Wed, Jul 18, 2007 at 10:22:49AM -0500, Igor Chudov wrote:
I would like to disable Bayes analysis entirely if an email has a PDF
attachment.
How can I do it?
You could theoretically write a plugin that looks
I am receiving a huge amount of these spams:
http://igor.chudov.com/tmp/postcard-spam.txt
Just how much I got is totally incredible. I am afraid that the reason
for the sheer quantity is that I actually did check out the
website. (I assume a hacked computer)
I knew full well that it was a bad
Ken, I just downloaded clamav, it seems to be a file scanning tool?
How do you use it from procmail? Thanks a lot!
i
I do it fully separately from spamassassin.
I have a list of patterns in a file that are matched by saying
m/\b$pattern\b/. (\b means word boundary). If I get more than one or
two spams advertising a particular stock, I put that stock name in the
pattern list.
All messages mentioning those
On Thu, Feb 22, 2007 at 10:07:31PM -0500, David Goldsmith wrote:
Hash: SHA1
Igor Chudov wrote:
Example is here
http://igor.chudov.com/tmp/spam001.txt
They go past spamassassin. I use latest sare rules, run rules du jour
nightly etc.
I catch them after spamassassin, using my
I am getting such an incredible number of these spams that it boggles
my mind. I simply placed the stock ticker in my custom blocklist.
i
On Sat, Nov 25, 2006 at 04:20:10PM +0530, Rajkumar S wrote:
Hi,
I am using the latest SARE stocks rules, and my spamassassin catches
most of the stock
Just as a side note, I recently changed the way SA runs for me. It
runs sitewide for all users except me, and I run it locally as
myself. That is beside the point but I want to thank others for
suggestions.
I run rules_du_jour every night and get SARE rules.
Despite that, I receive a lot of
I am running FC5, spamassassin 3.1.4 installed via cpan (ie not the
stock RPM).
I get these errors and I am a little tired of them.
Sep 12 16:07:47 manifold spamd[4270]: spamd: still running as root: user not
specified with -u, not found, or set to root, falling back to nobody at
I started receiving a lot of spam in my mailbox. That spam regards one
of the most frequently spammed mede cations, with its name somewhat
misspelled in the Subject:. I am afraid that perhaps some of my rules
stopped working (like network identification of open spam relays).
It is strange.
On Sun, Jul 23, 2006 at 03:33:03PM -0500, Igor Chudov wrote:
I started receiving a lot of spam in my mailbox. That spam regards one
of the most frequently spammed mede cations, with its name somewhat
misspelled in the Subject:. I am afraid that perhaps some of my rules
stopped working (like
I started getting the following errors:
This is a multi-part message in MIME format.
=_446A379E.0A06CBBE
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
(no report template found)
that is on spams where spamassassin tries to enclose the
I have a sitewide config where I run spamc from /etc/procmailrc.
Since some of my users want to disable spamassassin, I edited their
file ~/.spamassassin/user_prefs and set required_hits to a high
value.
That does not seem to have any effect!
Some settings:
###ls -ld ~assgm; ls -ld
On Tue, May 02, 2006 at 02:08:23PM -0400, Matt Kettler wrote:
It looks like tinyurl is now being abused by spammers the same way geocities
was. I just got a porn spam using it.
Hm, is geocities no longer abused by spammers? Have they done anything
about it?
o
On Tue, May 02, 2006 at 02:29:09PM -0400, Matt Kettler wrote:
Igor Chudov wrote:
On Tue, May 02, 2006 at 02:08:23PM -0400, Matt Kettler wrote:
It looks like tinyurl is now being abused by spammers the same way
geocities
was. I just got a porn spam using it.
Hm, is geocities
On Tue, May 02, 2006 at 01:39:26PM -0700, List Mail User wrote:
...
For the last week, I feel like I should receive a paycheck from Geocities!
All I've been doing is submitting damn redirect web pages. I even did some
testing and found some sites listed in NANAS as far back as 5 days that were
On Mon, May 01, 2006 at 08:55:17AM +0100, Graham Murray wrote:
Dallas L. Engelken [EMAIL PROTECTED] writes:
skip SA on newsgroup mail (or whitelist_from_rcvd)... if the reason for
running newsgroup mail through SA is because your newsgroups get
spammed, then you have a bigger problem to
A few of my clients are moderated newsgroups that have graphic posts
describing certain sexual perversions. They receive posts via email
and approve/reject them.
Their posts trip spamassassin sometimes, understandably, they talk
about big reproducting o rgans, arouzal, etc.
So... What can I do,
Here's something that I do not understand. What is the point of
spamming people repeatedly not once, twice, or even 10 times, but
hundreds of times. If I wanted to procure pils, or pgrn, or whatever,
I would have done it on the first 10 spams. After 100 or so spams,
what is the benefit of sending
On Thu, Apr 27, 2006 at 09:58:40AM -0400, Matt Kettler wrote:
Ronald I. Nutter wrote:
I have added most of the rule sets from rulesemporium.com as well as
adding several of my own. I update the rules from sare about once a
month.
You mentioned having most of the rulesemporium.com
I upgraded and installed a lot of SA rules. (although I suspect that
bayes still is not working for some reason. more later)
I have a lot of unix mail folders with ham (personal messages,
business messages, some mailing list stuff, etc).
I would like to somehow test run spamassassin on thsm and
Spamd outputs the following into syslog:
Apr 25 09:42:30 ak74 spamd[1703]: spamd: connection from localhost.localdomain
[127.0.0.1] at port 60902
Apr 25 09:42:30 ak74 spamd[1703]: spamd: processing message [EMAIL PROTECTED]
for root:500
Apr 25 09:42:30 ak74 spamd[1703]: spamd: clean message
On Tue, Apr 25, 2006 at 10:59:07AM -0400, Matt Kettler wrote:
Igor Chudov wrote:
Spamd outputs the following into syslog:
Apr 25 09:42:30 ak74 spamd[1703]: spamd: connection from
localhost.localdomain [127.0.0.1] at port 60902
Apr 25 09:42:30 ak74 spamd[1703]: spamd: processing
I use Spamassassin 3.1.1, and specified the following in my local.cf:
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
add_header all Relay-Country _RELAYCOUNTRY_
When I run spamassassin from command line, it does set the
Spam-Relay-Country header, BUT its value is always
empty.
I do
On Mon, Apr 24, 2006 at 01:41:47PM -0400, Matt Kettler wrote:
Igor Chudov wrote:
I use Spamassassin 3.1.1, and specified the following in my local.cf:
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
First: DO NOT put ANY loadplugin statements in your local.cf, unless you
On Mon, Apr 24, 2006 at 07:41:15PM +0200, Andrzej Adam Filip wrote:
Igor Chudov [EMAIL PROTECTED] writes:
I use Spamassassin 3.1.1, and specified the following in my local.cf:
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
add_header all Relay-Country _RELAYCOUNTRY_
When I
On Mon, Apr 24, 2006 at 04:46:40PM -0400, Matt Kettler wrote:
Igor Chudov wrote:
On Mon, Apr 24, 2006 at 04:38:38PM -0400, Matt Kettler wrote:
Igor Chudov wrote:
I have this statement in init.pre
add_header all Relay-Country _RELAYCOUNTRY_
*sigh*.. that should be in your local.cf
On Mon, Apr 24, 2006 at 04:57:20PM -0400, Matt Kettler wrote:
Igor Chudov wrote:
Yes, I did HUP spamc and I see that it works. Thank you Matt! I am
very happy, now I can start banning countries.
Fair enough.. Just remember to unsubscribe yourself from global mailing lists,
like this one
Doing some housecleaning...
I am running spamd as root, at which point it reverts to 'nobody'.
It then proceeds to complain, understandably, that it does not have
permission to write to users' directories.
Apr 24 23:56:57 manifold spamd[21442]: spamd: still running as root:
user not specified
76 matches
Mail list logo