e constant HAS_SQLITE => eval { require DBD::SQLite; };
sub dbg {
my $msg = shift;
Thanks for the tip; I did know about using different delimiters - but
using / is force of habit ;-)
I'll try and remember to use something different for uri rules.
Cheers,
Steve.
--
Michael
ebay... envelope from is members.ebay.com. dkim
signature has d=ebay.com
is that what adsp_discard means? that even though the dkim signature
matched, the domain in the envelope from didn't match the domain that
the signature says it signed?
--
Michael Scheidell, CTO
o: 561-999-5000
d
installs already have db4. I guess maybe, hey, its open
source, get out your flowchart guys and write the db4 module :-)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporat
I've installed SPF::Server in
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SPF,
"
you might be overwritting SPF.pm
you might have perl so messed up you need to start all over.
just read the install file, install what is needed, via ports, rpm's,
yum or cpan if none of the above.
-
ng a defunct dns rbl, or a custom rule. disable
all custom rules and rbl's and try again.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Execu
it its a postfix problem, postfix.
but if you can't telnet to yahoo on port 25, and you are the ISP, there
are more problems than that.
On 8/27/10 11:56 AM, Cimoni Enwis Ogwujiakwu wrote:
which forum can assist?
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259
DIRECTOR. THIS IS NOT A SPAMASSASSIN PROBLEM.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009,
eived
header.
"v=spf1 mx ptr ~all"
I'm seeing other domains being hit with SPF_SOFTFAIL, so I am at a
loss as to why this one isn't. What am I missing?
I am using SpamAssassin 3.3.1 provided by Ubuntu 10.04.
Neil
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
IS
On 8/18/10 4:44 PM, a.sm...@ukgrid.net wrote:
Yes, was at 8.0 p2 when I installed it I believe, and worked without
probs. (with perl 5.10.1)
Thanks.
You might not want to go to 8.0 p4 until the problem is figured out.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259
k without 'make pure_perl_install'?
I am trying to decide if this is a SA problem, an Freebsd 8.0 problem or
pilot error.
(I never had a problem with SA on freebsd 5.4, 5.4, 6.2, 6.3, 6.4, 7.1,
7.2 or 7.3)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>
On 8/17/10 7:30 PM, Alexandre Chapellon wrote:
Hi the list,
I am posting the results of my tests in order to have
fedback/feelings/remarqs.
This is not directly spamassassin related, but can be helpful for
people (I saw here) wondering if they would used the barracuda DNSBL.
When other well
an record.
and not sure if sa-update is falling back to an a record, or just fails.
(or needs additional inet6 helpers)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Co
A8 CE6D 6BE0 28C6 5652 03B5 6793 A7DB A67F
#
# $Id: .signature,v 1.3 2007-12-27 21:13:36 sca Exp $
########
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
e one
that causes the problem
post results on bugzilla.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Prog
t for your Internet safety. Learn how to
verify legitimate emails and detect email fraud by visiting GoDaddy.com
<https://www.godaddy.com/default.aspx> and clicking "Security Center"
under "About Go Daddy."
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN:
ignore_site_cf_files => 1,
post_config_text=>
'
skip_rbl_checks 1
use_dcc 0
use_bayes 0
bayes_auto_learn 0
use_razor2 0
use_auto_whitelist 0
',
}
);
my $mail = $spamtest->parse($msg2, 0);
my $status = $spamtest->check ($mail);
$st
way to dial down the Hotmail detection?
Thanks!
Ray Dzek
Network Operations
Specialized Bicycles
Ph: 408-782-5420
www.specialized.com
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 2259*1300
*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008
s) which I look forward to in a
future version of SA as well.
Id like to see it be resilient. allow us to put in more than one hostname.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot
7;swatch' it, maybe you just retry?
or, heck, its just bayes, who care? the spammers will hit you again (and
if you got the deadlock, they did)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot C
you
get pretty quick action.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Secur
you have.
SA is 3.3.1
perl is 5.10.(something)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* B
currently supported version.
does not use /usr/local/share/spamassassin
needs to run sa-update to get factory rules.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Execut
On 7/23/10 3:57 PM, Grant Peel wrote:\
Does anyone know where else I might search to find the answer to this
delema?
I missed the original thread.
im the ports maintainer for freebsd SA.
start over:
freebsd 3.2.x put the FACTORY sigs in /usr/local/share/spamassassin
user configs are in /u
On 7/23/10 12:17 PM, Rosenbaum, Larry M. wrote:
sought_rules_yerp_org/20_sought.cf:body __SEEK_YRQYH9 /\x{a9}2009 Microsoft \|
Unsubscribe \| More Newsletters \| Privacy/
sought_rules_yerp_org/20_sought.cf:body __SEEK_VZ7OQ6 /Copyright \x{a9}2009 by
NACHA - The Electronic Payments Association
On 7/22/10 10:32 AM, Eric A. Hall wrote:
Sometimes the AWL rule doesn't appear in the list. From looking at the
due to performance vs accuracy issues, AWL was demoted in SA 3.3x.
It might not be worth the cpu cycles
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *|
7, RDNS_NONE 0.10)
X-webone-MailScanner-SpamScore: s
X-webone-MailScanner-From: pers...@vivotech.com
X-EsetId: C30D4C20C48D2634974D
-Original Message-
From: Michael Scheidell [mailto:scheid...@secnap.net]
Sent: Friday, 16 July 2010 1:07 p.m.
To: users@spamassassin.apache.org
Subject: Re: png
, rbl's, most of that? isn't it coming from zombie
dialups anyway?
Thanks
Peter
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five
and as a reminder, dcc doesn't test for spam or not spam, just bulk vs
non bulk, and the OPTIONAL reputation filter service also gives you the
percentage of bulk on the connecting ip.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
cover all cases? except the status emails from travel
web sites, and 'email me this link' type emails? (which are FORGED
emails in fact!)
(still think a 'blacklist_from_not_spf *...@secnap.net would be cool)
something similar to what firewalls and routers can now do for what wan
i
9.63.128/28 ip4:63.211.90.16/29 -all"
actually, thats not SPF. :-)
its SENDER-ID
microsoft change the "spf1.0" to "spf2.0" and patented it.
(and they don't use it)
<http://www.openspf.org/SPF_vs_Sender_ID>
--
Michael Scheidell, CTO
Phone: 561-999-500
ments, but I
don't think SA itself, stock does anything.
3. How is spamassassin able to determine that a particular attachment can/can't
be parsed for defined rules?
4. What is the flow of attachment demimeing on spamassassin?
Kindly refer some suitable links too.
Thanks in adva
it in your MTA, and you are using a caching DNS server,
then you are not making any redundant outbound DNS queries, one for the
MTA, one for SA.
SA will use the cached result.
and, in the case of DHA's, that one ip will probally hit your server
25,000 more times today :-)
--
Michael
o the issue of a lack of these ip's in spam corpus since most people
use that as a hard mta rbl.
(chime in, anyone who uses it)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award
.
My understanding of PBL is that its at least 99.999% free of FP's)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Prog
ound ip shared
with client b,c,d,e,f,g blacklisted.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
7;t do much good spamming. and if the
spambot is bad enough, the AV checker will block it anyway.
If they do spam, it will take a couple of years for the email to be
delivered :-)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certifie
On 6/21/10 3:25 PM, Sharma, Ashish wrote:
Hi,
I have the latest version of spamassassin, I am unable to find the logic behind
the following rule and it's high spam score.
MANY_SPAN_IN_TEXT 3.099
as for the scoring, it is done autoomaticallay, checking how much 'ham'
has more than 4 jlkj
2.398
1.862 2.398
Thanks in advance
Ashish Sharma
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusine
are coming from?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product
. RFC's
require your mail server to add the header for the SMTP server that
connected to you and add a header.
check your 'contact us' forms on your web site for holes.
then, check the blacklists to see how to get removed.
Thanks,
RCR
--
Michael Scheidell, CTO
Phone: 561-9
On 6/11/10 4:40 PM, Michael Scheidell wrote:
On 6/11/10 3:17 PM, Jean-Paul Natola wrote:
i've got DOZENS of these, shoud i log a bug for each?
also I have TONS of these type of entries as well, it used to come up
clean before the upgrade,
and I'm also concerned because i get massi
no, neither of those are from SA rules.
Jun 11 15:13:15.245 [20711] dbg: rules: flush_evalstr (add_evalstr) compiling
60024 chars of Mail::SpamAssassin::Plugin::Check::_meta_tests_500_1
no, debug output has nothing to do with timeouts.
maybe you should turn debugging off.
--
Michael
/mail/spamassassin/*.cf
/var/db/spamassassin/3.003001/updates_spamassassin_org/50_scores.cf:score AXB_HELO_LH_HOME
3.406 2.059 3.458 3.619
(ps, this is just a WARNING, it don't break anything)
pps, log a bug in spamassassin bugzilla.
TIA
--
Michael Scheidell, CTO
Phone: 561-999-50
he DCC rules for a hint at the new features.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Ant
On 6/11/10 8:10 AM, Michael Scheidell wrote:
tested this on email with
twitter-resetpw-example=domain@postmaster.twitter.com and rule
hits fine on tests, lint likes it, compiles on some systems, but not all.
All running spamassassin 3.3.1 and re2c 0.13.5
def_whitelist_from_spftwitter
jail).
where do I start looking?
adding -D line to sa-compile just echo's lints complaint.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
*
that software.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Netw
spamassassin. that usually helps you get all
the help you need.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2
e a properly
trained Bayesian database. if not, then all the poison emails would
trash it.
No, one email isn't going to take Bayesian from bayes_0 to bayes_95
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrato
strongly warning against it.
(and I think there was some talk about requiring 5.10.1.)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-S
On 5/31/10 8:39 AM, Michael Scheidell wrote:
On 5/31/10 8:12 AM, Per Jessen wrote:
I have just this morning come across an interesting issue (SA 3.2.5). I
was trying to blacklist a From: address using 'blacklist_from', but it
wasn't working. I took a closer look at the ema
s just in the header from?
my understanding of SA (from a while back) is that it will
blacklist_from based on header from, envelope from and/or sender from,
so if that is so, it should have worked.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporatio
in size.
if X-Ymail-OSG is > 1024 bytes, its just about guaranteed to be spam.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star P
.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Gu
ttp://www.google.com/search?q=Debian%2Bspamassassin> ?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
*
like it accepts wildcard email entries (I put in a random
address), so, this will be causing some backscatter as well. Either
bounces, or if using earthlink CR, the forged sender might be getting a
CR challenge backscatter email.
suggest: sed -i '' '/@ress.com/@example.com/g
issue
Freebsd exim clam and sa sw config 3.3
if you are using ports, then upgrade to SA 3.3.1. it has any and all
known critical patches applied.
(as were the 3.3.0_x versions)
--
Michael Scheidell, CTO
(official FreeBSD ports maintainer for SA)
Phone: 561-999-5000, x 1259
> *| *SECNAP
e.com
it is WAY too easy for someone to spam you with video's, porn,
advertisements, etc.
similar to how you can get spammed from linkedin and facebook, you can
get spammed by youtube and cannot opt-out.
(see bug <https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6382>
--
M
ne run a check on the correlation between the length of the
X-YMail-OSG header and spam/ ham?
Justin: you have a gook 'zero day spam' and FP ham corpus, what does it
show?
would adding 1 point for each 1K of header length help?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
&g
For reference, here is a phishing email, intact.
Note that the only body difference is the a href.
Everything else is exactly the same. (well, source isn't the same..
http://secnap.pastebin.com/yScdTeCv
__
This email has been
mx record? what is a +a:alpha.ukgrid.net record?
(I don't know if the + is breaking things, looks optional to me. I
guess I have never seen them formatted like that before)
still: check internal server on internal dns see if it thinks there is
a spf record.
--
Michael Scheidell, CTO
P
ank, and NOT NULL.
(eg: 3.2, a blank header would look like no header at all in 3.2)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Part
On 4/28/10 4:47 PM, Kris Deugau wrote:
Michael Scheidell wrote:
On 4/28/10 3:13 PM, Kris Deugau wrote:
0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
so. its
emails they send, let them be
blocked, or whitelist them.
(or they can pay return path for more credit points.. as long as their
bulk email is double opt in)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integra
arn as ham.
you should set the triggers high and low enough so that you don't
accidentally learn a sneaky spam as ham, etc.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winne
) there were external
pressures on the author that complicated his ability to dialog.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-
ure' (AD) is the keyword here.
is there an author subdomain signature ?
those twits.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* F
..@secnap.com
Message-Id: <4bd097aadfce_30c45526a989198...@mx001.twitter.com.tmail>
Subject: Reset your Twitter password
Mime-Version: 1.0
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Aw
ic5vo$fe...@mx.expedia.com>
Date: 21 Apr 10 12:11 -0800
From: jim.rodg...@domain.net
To: jim.rodg...@domain.net
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
)
Regards
Racke
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2
certain people or
companies to use and modify it in the public.
what about mysql?
Regards
Racke
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Allia
previously posted (by someone else) DCC is free for most
everyone, including ISP's who use it in their mail servers to protect
their own clients.
So, put your money where your mouth is. Why won't debian fix their
broken RPM? someone official from debian want to chime in?
--
Mi
dvising competitors
to use DCC since it is one of our advantages, but I like the product,
the service and I like vernon)
*
what did you upgrade?
Sorry, I upgraded from Debian etch to Debian Lenny, along with that came
an upgrade to spamassassin.
micah
--
Michael Scheidel
On 4/14/10 3:57 PM, Kris Deugau wrote:
Michael Scheidell wrote:
yes, but they are disabled unless you have specific whitelists. the
'original-message content' you are looking for.
vbounce rules are disabled, even if you enable them unless you also
have this in *.cf
whitelist_bou
On 4/14/10 2:23 PM, Kris Deugau wrote:
Michael Scheidell wrote:
On 4/14/10 12:21 PM, Kris Deugau wrote:
Is there a consistent way to match whatever headers might be
available in a returned message?
use the vbounce rules. google for sa and vbounce. its already done
if you are using a newer
mail servers, and it can
catch OOO and vacation messages (anything machine generated)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-S
On 4/12/10 4:55 PM, Micah Anderson wrote:
I'm getting a lot of these log entries ever since I've upgraded:
Apr 9 22:31:14 spamd2 spamd[2774]: dcc: [26896] terminated: exit 241
what version of dcc are you running?
what did you upgrade?
--
Michael Scheidell, CTO
Phone: 561-9
igure something of the
such...
since you are using amavisd-new, you should look at the amavisd-new
mailing list. look for smtp-auth and policy banks.
several examples, depending on what you are doing.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Cor
then read this part if I somehow confused you.
On 4/12/10 12:55 PM, Carlos Mennens wrote:
> other option is set up submit port that only available via vpn, or use smtp
> auth and give anyone coming in via that -100 points.
> (amavisd-new can add credit for smtp-auth users)
-
ive anyone coming in via that -100 points.
(amavisd-new can add credit for smtp-auth users)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five
awyer uses aol for his corporate
email address. and guess what? yes, it ends in a digit since his
lastname , first/last and last/first were already taken.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 20
.
(yes, it costs the scumbags nothing to have aunt martha and her zombot
send out 600MM 1MB spams)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
On 3/26/10 7:39 AM, Michael Scheidell wrote:
OnI can't think of a way for the GA to know that the rule contains the
same info as a DNSBL test. There are rule overlap stats, but I don't
think that would be enough with only a small number of ham occurrences.
https://issues.
, and I don't see that
rule in current SA 3.3.1
so, who is KHOP? I looked in rule sets and don't know them. were these
rules inherited form some outside trusted source?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Ce
On 3/25/10 5:30 PM, Daryl C. W. O'Shea wrote:
On 25/03/2010 2:26 PM, Michael Scheidell wrote:
score KHOP_SC_TOP2003.999 2.65 3.999 2.65
I can't think of a way for the GA to know that the rule contains the
same info as a DNSBL test. There are ru
3.999 3.999 3.999 3.999
shouldn't a minor tweak on the score be something that takes into account
'network tests' ?
something like
score KHOP_SC_TOP2003.999 2.65 3.999 2.65
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNA
;s.
just check the logs, and every week or so, doublecheck servers.
(you using the freebsd SA port?)
Is there anything that I should be concerned about? It seems to be
functioning well, and I like the stats for the rules on rulesqa :)
- Charles
--
Michael Scheidell, CTO
Phone: 561-999-5000,
RBL's,
check your dns performance?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam
their TakeYellow Business
Directory.
<http://www.takeyellow.com/apachemirror/spamassassin/source/Mail-SpamAssassin-3.3.2.tar.gz>
Mark
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot
install sa rules via sa-update, if
possible.
any problems or comments, please open a Freebsd PR at www.freebsd.org/support
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, Wo
, its just too fishy.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Prod
nd someone else is running it.
I have a printscreen from that site (that for some reason I can't email)
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive
On 3/19/10 4:05 PM, Jim Knuth wrote:
/usr/bin/perl -MCPAN -e shell
and then install Mail::SpamAssassin
noop. obviously the mirror(s) that I am pointing to are not updated.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certif
On 3/19/10 2:37 PM, Jim Knuth wrote:
schrieb Michael Scheidell:
On 3/19/10 12:31 PM, Justin Mason wrote:
Release Notes -- Apache SpamAssassin -- Version 3.3.1
http://www.apache.org/dist/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz.md5
error 404
the requested file is not found on
1.1 0 1.1
if can(Mail::SpamAssassin::Plugin::DCC::check_dcc_reputation_range)
...
endif
endif
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* F
On 3/19/10 12:31 PM, Justin Mason wrote:
Release Notes -- Apache SpamAssassin -- Version 3.3.1
I clicked on the download and got redirected (hijacked)? to this site:
http://www.takeyellow.com/apachemirror/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz
TAKEYELLOW IS NO LONGER UNDER C
On 3/19/10 12:31 PM, Justin Mason wrote:
Release Notes -- Apache SpamAssassin -- Version 3.3.1
http://www.apache.org/dist/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz.md5
error 404
the requested file is not found on this server.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
is paypal.com?
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, N
so I don't have to patch it.
<https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6382>
I agree we receive too much spam from genuine facebook server, so I'll
remove its def_whitelist_from_dkim entry - please mention it in a PR
so as not to be forgotten.
Mark
thank
have known, documented
abusive practices.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* B
301 - 400 of 1079 matches
Mail list logo