RBL is added or score updated by upstream.
Is there any way of avoiding that?
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
on a hardcoded per user or
IP setting.
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
that reverses the score of each RBL
and SPF rule if your condition fires.
Any chance you could point me to an example of how to do this?
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924
and bl.spamcop.net. There is no noticable
difference in the FP rate between them here and all three hit on a *lot*
of spam.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog - https://secure.grepular.com/
Follow me on Twitter - http://twitter.com
on no-more-funn.moensted.dk 127.0.0.2
127.0.0.2 is listed on ips.backscatterer.org 127.0.0.2
127.0.0.2 is listed on dnsbl-3.uceprotect.net 127.0.0.2
m...@haven:~$
It does the lookups concurrantly so it's quite quick.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech
A 208.73.210.27
m...@haven:~$
Wonder how many people that has tripped up in its time.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog - https://secure.grepular.com/
Follow me on Twitter - http://twitter.com/mickeyc
Hire me - http://cardwellit.com
On 03/03/2010 13:22, twofers wrote:
I have 52 of these sitting in my inbox this morning when I came in to
work. this is just the beginning. I get literally hundreds of these a
day and Spamassassin does not even check them.
Suggest you configure SpamAssassin to check them then.
--
Mike
URIBL_DBL dbl.spamhaus.org. A 2130706688
Yeah. You shouldn't be using it like that on 3.3.0. Go to
http://www.spamhaus.org/dbl and look for SpamAssassin on the FAQ page.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog - https
to me.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog - https://secure.grepular.com/
Follow me on Twitter - http://twitter.com/mickeyc
Hire me - http://cardwellit.com/ http://uk.linkedin.com/in/mikecardwell
it might cause collateral damage.
The positive aspects of *any* mail being signed with SPF, ham *or*
spam, are so damn obvious, I don't know how you manage to mis-represent
them so blatantly and so poorly.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd
On 26/02/2010 14:20, LuKreme wrote:
On 26-Feb-2010, at 07:13, LuKreme wrote:
SPF_PASS 0.001
SPF_fail 5.0
whitelist_from_spf *...@ebay.com
whitelist_from_spf *...@paypal.com
You forgot whitelist_from_spf *...@*.apache.org
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux
of mime parsing and decoding.
You could score on the koi8-r charset. You could score on the fact the
email came from South Korea. You could use the TextCat language plugin.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
.
You've failed to convince me.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
features from my system.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
help prevent someone from performing a DOS.
If you *can* do SMTP time spam scanning, then that's the best place for it.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog
.
To me this just says that we don't have enough servers to deal with the
spikes, but it happens infrequently enough that it's not worth
investing. I still think SMTP time scanning is both practical and desirable.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
.
I want you to describe a scenario where the sender or recipient are
actually worse off because of the particular two features I've
described. You've failed to even attempt that so far.
I know this system works well because I've been using it for a long time.
--
Mike Cardwell: UK based
and
trackable forwarding, SPF or not.
The forwardind without changing sender is imho already broken, however the
breakage gets visible with SPF adoption.
Yes. A more accurate statement than, SPF breaks forwarding, would be,
Broken forwarding is incompatible with SPF.
--
Mike Cardwell: UK
above is a long list of dubious predictions of what
spammers would do if everybody used the same system as me. I can't be
bothered with this thread anymore. Feel free to make dubious assumptions
of why that may be. Out.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
on this list. It's very good. But if my
additions knock 0.1% more off the rate, then I'm happy. Out.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https
isn't
bothered by Spam, however if they're expecting a message which doesn't
arrive due to spam filtering, they know they can just peak in their
Junk E-Mail folder and it will be there.
Best of both Worlds.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell
: bar\n\nviagra CIALIS\n|spamassassin
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
a blank subject line? Using SpamAssassin 3.3 here, if I
run this command:
echo -ne Subject:\nX-Foo: bar\n\nviagra CIALIS\n|spamassassin
I end up with a single Subject line of:
Subject: *SPAM*
And no additional empty subject line. That's how it should work.
--
Mike Cardwell: UK based
, not something that is
going to be very popular.
Alternatively, configure your MTA to deliver an unmodified second copy
of all incoming email to a separate maildir.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
on a limb here and
suggest that maybe gpg wasn't found, but is required, and that you
should install it?
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https
of it in a From field, so I can't be sure it happens.
Space followed by www. ?
header WWW_IN_FROM From =~ / www\./
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https
)?
Decide how much spam you're willing to manually check, then parse your
logs to determine the largest threshold you could set which wouldn't
exceed that volume.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
...
By forwarding the email the way you have, your email client has stripped
out most of the useful header information. Try pasting the message
including the full set of headers into http://spamalyser.com/ or
http://pastebin.com/ or similar and then come back here with a link to it.
--
Mike Cardwell: UK
restrictions in order to prevent content being uploaded and then
linked to from spam, which is why the wget failed. I have removed
referer checks for user agents matching /wget|lwp|lynx|links|python/i
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK
help you there.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
--
Mike Cardwell
for doing it with
CommuniGate Pro:
https://secure.grepular.com/CommuniGate_Pro_Contact_Folders_as_a_Whitelist_Source_for_Exim
I also add recipient addresses to a MySQL based whitelist on my MSA
(Exim): https://secure.grepular.com/Whitelist_Recipients_in_Exim
--
Mike Cardwell: UK based IT Consultant
whitelist_from or
even whitelist_from_rcvd. Personally I use this to whitelist all
Apache mailing lists, including the SpamAssassin one:
whitelist_from_spf *...@*.apache.org
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
emails. Is
such an infrequently triggering rule worth having a dedicated DNS based
lookup system?
It's *much* more sensible to just push out the changes with sa-update.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
Greek though.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog/
Spamalyser : Spam Tool - http://spamalyser.com/
On 19/01/2010 10:07, mamalos wrote:
I just pasted that email into spamalyser.com and it gave this:
http://spamalyser.com/v/u32d10ix/mime
The subject looks fully capitalised to me when decoded? I'm not overly
proficient on my Greek though.
--
Mike Cardwell: UK based IT Consultant, LAMP
SPF checks on the From header of this email it would be
rejected due to an SPF failure.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog
off topic now.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog/
Spamalyser : Spam Tool - http://spamalyser.com/
probably move there. Any
further announcements will happen there, not here.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog/
Spamalyser
On 11/01/2010 14:55, Charles Gregory wrote:
On Mon, 11 Jan 2010, Mike Cardwell wrote:
: I just copied and pasted that out of pastebin into a little project I've
: been working on. Here's the result:
: http://spamalyser.com/v/6xnb26gp/mime
Question: What does spamalyzer do with an HTML message
just firewalled out his server after
the first dozen or so bounces.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog/
Spamalyser
to an internal
user?
That would break a lot of list mail. Look at the From header compared to
the envelope sender on this email for example. I *think* you could
achieve what you're looking for by using DKIM and *requiring* that mail
from your domain is signed.
--
Mike Cardwell: UK based
... That doesn't sound to me as
though this ruke was based on the results of a mass check...
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]
Doesn't look particularly sane to me... I have given that rule a score
of 0 in my local.cf for now.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https
was:
10HABEAS_ACCREDITED_SOI 367 1.450.00 17.36
So it hit on 17.36% of my Ham, and 0% of my Spam.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
addresses with a key word like spam, ham,
or other useful messages that we might want to gather information about.
Data might look like this:
spam 1.2.3.4 example.com
ham 5.6.7.8 example2.com
What is example.com ? The envelope sender domain? The PTR? The From
header domain?
--
Mike Cardwell
.
That particular email was sent from a host in Nigeria connecting to a
host in Brazil. The Nigerian host is listed on Barracuda, the SBL and
the XBL. The From header uses a domain name that isn't registered
(swinepro.net) and a freemail Reply-To. It's also currently hitting Pyzor.
--
Mike Cardwell
can register your IPs...
Which is it? Do I have to register a domain, or don't I? So I signed up
for an account and all I see is an option to register my domains with
them, and that costs money... I see no option for registering the IPs of
my resolvers.
--
Mike Cardwell - IT Consultant and LAMP
worked up some people get about the spam
problem. There are worse problems in life to get angry about.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
as the nobody user. This allows me to have per
user preferences and bayes applied to the vast majority of incoming
mail, during SMTP; only a tiny proportion of incoming mail here is
multi-recipient... YMMV
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company
whitelist_from_spf *...@spam-l.com
Very useful.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
. Then we can look at what is causing
the rules to trigger.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
every other feature of his lists without
using this particulary part. You wouldn't use a DNSBL without knowing
how it works first would you?
When I say, you, I'm refering to the people using the JMF lists, not
specifically you Benny.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell
of this software.
rsync? unison? glusterfs? gfs over drdb? A nas with NFS/CIFS mounts?
DropBox? s3fs? There are a million ways to share files between multiple
servers.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog
geocities specific rules any more if geocities doesn't
exist? It's not as if spammers can host their websites on geocities
anymore so there's no reason why a spammer would include a geocities url
in their spam. May as well just delete the rules...
--
Mike Cardwell - IT Consultant and LAMP developer
0.00 19.77
10DKIM_VERIFIED 244 1.910.46 16.41
11RCVD_IN_DNSWL_LOW 176 1.110.04 11.84
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https
a description of Meta
rules with a good example.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
for the source code, even
though it's not fully ready for other people to use, so I've temporarily
stuck it up at https://secure.grepular.com/WebsiteScanner/ in case
anyone wants to pick it a part and use bits of it.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd
= zen.spamhaus.org=127.0.0.4
You can be 100% backwards compatible by leaving all of your lists as
they are, but then adding another one which is a combined version of all
of them...
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
checks before SpamAssassin, but until then I may as
well use the resources I have available.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
RCVD_IN_XBL - 127.0.0.[45678]
RCVD_IN_PBL - 127.0.0.1[01]
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
RCVD_IN_SBL to
match 127.0.0.[23] for now, but I wouldn't expect it to be added to the
main distribution until it was properly tested.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
to the list.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
on the HostKarma
whitelist. In comparison, it's very rare that I see any spam from hosts
listed on dnswl.org. I chose a score of -0.2 here.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
under the .BIZ, .COM, .INFO,
.NAME, .NET and .US TLDs
Doesn't work for .cn's, or any other country level tld's (apart from .us)
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
.
There's probably loads of other little things.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
: is 96 hours or more before Received: date
Although the date header was badly formatted, it wasn't actually
incorrect as far as when the message was sent. I don't think the
DATE_IN_PAST rules should fire if the date isn't valid in the first place...
--
Mike Cardwell - IT Consultant and LAMP
How would I create a rule to match when a subject line begins /^Re: /i
but the message contains no References or In-Reply-To headers?
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
of all of the hostkarma
lists. I still use them sensibly in my own SpamAssassin configuration
though for applying low scores.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
rich...@buzzhost.co.uk wrote:
I've not laughed so much since I added a low priority mx pointing to
127.0.0.1 .
Heh. Looks like someone got there before me:
http://rfc-ignorant.org/tools/lookup.php?domain=buzzhost.co.uk
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd
error
if it can't speak to SpamAssassin.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Matus UHLAR - fantomas wrote:
I've read the sender callouts page and I don't see any evidence that it
mentions the SAV problem.
On 07.08.09 15:33, Mike Cardwell wrote:
I went to the front page, and then clicked Sender Callouts ... The
very first line says:
Sendercallouts (Sender Verify
or does sender callouts
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
, not the SAV,
and I'm interested if the backscatterer.org blacklists IPs with SAV or only
those that send real mails...
It does both. The minimal amount of text on the front page couldn't be
clearer about that ...
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd
the list.
This might be more accurate:
accept !senders = :
dnslists= ips.backscatterer.org
I see. You think Host sends backscatter therefore Host never sends
spam. An interesting hypothesis.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226
would disagree, that you're more likely
to get a false positive from the first than the second.
Or were you ignoring the large bright red warning signs and usage
information on http://www.backscatterer.org/ ?
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd
snowweb wrote:
What makes you think anyone can answer that? The message you posted to
pastebin for us to test and review was nonexistent.
What is 'pastebin' and how do I use it?
http://lmgtfy.com/?q=pastebin
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd
.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
.
Set up the forum. It might work. I'm not anti-forum, I just think
mailing lists are generally better.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
have an addon installed named Reply to
mailing list which adds a button Reply list inbetween Reply and
Reply All which has been very useful.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Hi,
I just started using the SOUGHT rules for the first time. They seem to
be triggering on emails now, but the default score for hits against the
rules seems to be 3.0 and 4.0. That seems quite high to me. Are these
rules considered to have an extremely low false positive impact?
--
Mike
, bidirectional mailing list-newsgroup gating.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
headers like this:
bayes_ignore_header X-CudaHeader1
bayes_ignore_header X-CudaHeader2
bayes_ignore_header X-CudaHeader3
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
:
http://search.cpan.org/~arich/Email-ConstantContact-0.02/lib/Email/ConstantContact.pm
I just thought it was a weird coincidence, seeing as I'd never heared of
them before today.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http
Aaron Wolfe wrote:
I think the point was that the URIBL's are never going to be listing
these domains, so why waste time looking them up
m...@haven:~$ host constantcontact.com.multi.uribl.com
constantcontact.com.multi.uribl.com A 127.0.0.4
m...@haven:~$
--
Mike Cardwell
to
make sure it's valid, before doing the uribl lookup. Eg:
m...@haven:~$ host -t ns invented.by
invented.by does not exist, try again
m...@haven:~$
You'd also want to cache your results. This conversation however is
pointless. Why not just try it and see how well it works.
--
Mike Cardwell
Hi,
I've started seeing spam email containing an X-Mailer header which is
the domain name of the From header. Eg:
From: Compare and Cover Life i...@3009943.webguide103.com
X-Mailer: webguide103.com
How would I construct a spamassassin rule to check for this?
--
Mike Cardwell - IT Consultant
that using the whitelist was causing a lot of spam to get
through but not helping to get more ham through, so I decided to
reduce the recommended score on the website from -5 to -0.2.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http
.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
...@haven:~#
Still, if you were doing that, you'd want to use an integer rather than
a varchar preferably.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
be an application in a similar vain to p0f, but which
passively detected the SMTP client software, rather than operating
system. It might then be possible to distribute signatures that
identified specific zombie software, as well as real mtas.
--
Mike Cardwell
(https://secure.grepular.com/) (http
.
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
explain how it
managed to get on the whitelist. No ISP SMTP server should be in a
whitelist imho...
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
Matus UHLAR - fantomas wrote:
I've also just recently enabled these lists in SA so am still in the
very early stages of testing. I initially did get one FP hit against
the whitelist (spam message sent through an ISP smtp server in the
whitelist)
On 20.05.09 13:41, Mike Cardwell wrote:
Can
warnings. Eg, Email Marketing
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
from whitelisted hosts is ham.
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
advantage of if it had such an interface...
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
...
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
Mike Cardwell wrote:
Justin Mason wrote:
hi -- this stuff is generally recorded in the Received header, and SA
will act on it if it's there. that's the place to do it...
The STARTTLS example is recorded in the received headers, yes. None of
the other 3 examples are recorded
extension, and the
connecting host then uses it, the connecting host probably isn't a
zombie. What you do with that metric is up to you...
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
1 - 100 of 122 matches
Mail list logo
