On 08/07/2017 02:53 PM, Scott wrote:
David:
re: Postscreen weighted RBLs
I've got my postscreen setup with some weighted RBL's. But I was curious
what others did here. I searched for that subject and didn't get any
specific hits. Any particular thread you know of?
See the bottom of this p
://spamassassin.1065346.n5.nabble.com/Random-word-spams-and-wiki-spams-tp134792p137999.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Thu, 13 Jul 2017, Bill Cole wrote:
In the places where I've been directed to implement quarantining, it has
proven a worse support problem than outright rejection of actually legitimate
mail could reasonably be. The problem is that it is effectively a silent
ailure: mail arrives and is acep
On 8 Jul 2017, at 15:26, Alex wrote:
[Quoting me]
2. That MIME structure is pathological. It merits a specific hard
rejection with a derisive text part. Anything generating FPs (never
seen one...) needs spanking.
I don't understand?
The message is labeled as multipart/mixed but it only has
Hi,
> And here is my /etc/clamav-unofficial-sigs.conf with the ClamAV databases I
> have selected and found to be not overly aggressive to create false
> positives:
>
> https://pastebin.com/vFYBiPLv
>
> NOTE: The above pastebin links are good for 1 month.
It looks like you're missing some of the
On 07/07/2017 11:48 AM, Pedro David Marco wrote:
>Also, setup the KAM.cf rules and extra signatures for ClamAV from
>Sanesecurity. These often help with new spam campaigns. I can post
>which signature DBs I am using if that would be helpful.
>--
>Dave
Hi Dave...
i have had problems i
Hi,
>>> I'm interested in how your system would have (or currently does)
>>> handle this email I received some days ago:
>>> https://pastebin.com/innRFvZt
>>>
>>> Its IP (106.186.119.240) is still not listed with spamhaus, sorbs or
>>> hostkarma, and has an 83 rating with senderscore.
>>
>>
>> Thi
On Sat, 08 Jul 2017 00:29:29 -0400
Bill Cole wrote:
> 1. Null sender with From & Subject both inconsistent with DSN or
> other legit null-sender mail.
In this case it's more a problem with his headers:
Return-Path: <>
...
X-Envelope-From:
I think that a null sender could be the basis of a us
On 07/07/2017 02:04 PM, Alex wrote:
Hi,
I ran that message through one of my filters manually:
One of your filters?
Copy/pasted your email into a file and manually ran spamassassin < msg
on one of my eight mail filters.
-0.2 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnsw
On 07/07/2017 11:29 PM, Bill Cole wrote:
On 7 Jul 2017, at 13:04, Alex wrote:
I'm interested in how your system would have (or currently does)
handle this email I received some days ago:
https://pastebin.com/innRFvZt
Its IP (106.186.119.240) is still not listed with spamhaus, sorbs or
hostkarm
defining own ones.
Will do it this evening
Cheers
tobi
- Originale Nachricht -
Von: Alex
Gesendet: 08.07.2017 - 05:05
An: jahli...@gmx.ch, SA Mailing list
Betreff: Re: Random word spams and wiki spams
> Hi,
>
>> Without that rule it might have flown below my sa-radar.
>> G
-- Originale Nachricht -
Von: Benny Pedersen
Gesendet: 08.07.2017 - 03:27
An: users@spamassassin.apache.org
Betreff: Re: Random word spams and wiki spams
> Tobi skrev den 2017-07-07 19:40:
>
>>> https://pastebin.com/innRFvZt
>
>> __HAS_LIST_ID exists:exists:List-I
On 7 Jul 2017, at 13:04, Alex wrote:
I'm interested in how your system would have (or currently does)
handle this email I received some days ago:
https://pastebin.com/innRFvZt
Its IP (106.186.119.240) is still not listed with spamhaus, sorbs or
hostkarma, and has an 83 rating with senderscore.
Hi,
> Without that rule it might have flown below my sa-radar.
> Got some scoring on it by using this plugin:
> https://github.com/eilandert/Botnet.pm
Be careful with the botnet plugin - it's terribly out of date and very
prone to false-positives. It's just not effective anymore.
HI,
>> __HAS_LIST_ID exists:exists:List-Id
>
> typo ?
It also already exists:
# grep __HAS_LIST_ID *
10_hasbase.cf:header __HAS_LIST_ID exists:List-Id
> imho it should be exists:headername
>
>> HAS_LIST_UNSUB exists:List-Unsubscribe
So does this one:
72_active.cf:header __
Hi,
> Ummm. Well. I don't have any hits on that RHSBL rule in the past 2 weeks
> so maybe that is not a valid rule. Ignore that one. I think I will take it
> out of my ivm.cf file.
>
> To all, please don't setup these rules and flood the IVM DNS servers with
> requests. IVM is a private RBL f
Tobi skrev den 2017-07-07 19:40:
https://pastebin.com/innRFvZt
__HAS_LIST_ID exists:exists:List-Id
typo ?
imho it should be exists:headername
HAS_LIST_UNSUB exists:List-Unsubscribe
that would score 1.0, intended ?
if not change to __HAS_LIST_UNSUB
but check spamasassin own r
Am 07.07.2017 um 19:04 schrieb Alex:
>
> I'm interested in how your system would have (or currently does)
> handle this email I received some days ago:
> https://pastebin.com/innRFvZt
>
that one triggers one of my redpill meta rules and scores at 24.1 :-)
__HAS_LIST_ID exists:exists:List-Id
H
On 07/07/2017 05:39 PM, Alex wrote:
Hi,
urirhssub URIBL_IVMRHSBL uri.invaluement.com. A127.0.0.2
tflags URIBL_IVMRHSBL net
score URIBL_IVMRHSBL 3.2
I did not have this one or the reuse line. Is that "right-hand-side"?
Do you have one such example?
header
Hi,
> urirhssub URIBL_IVMRHSBL uri.invaluement.com. A127.0.0.2
> tflags URIBL_IVMRHSBL net
> score URIBL_IVMRHSBL 3.2
I did not have this one or the reuse line. Is that "right-hand-side"?
Do you have one such example?
> header RCVD_IN_IVMBL
> eval:check
On 07/07/2017 03:08 PM, Alex wrote:
Hi,
On Fri, Jul 7, 2017 at 3:45 PM, John Hardin wrote:
On Fri, 7 Jul 2017, Alex wrote:
It's just a short body with a URI which downloads malware. We got hit
by this pretty hard. This is where the real threats are. Receive one
of these to an Exchange distri
On Fri, 7 Jul 2017, Alex wrote:
On Fri, Jul 7, 2017 at 3:45 PM, John Hardin wrote:
On Fri, 7 Jul 2017, Alex wrote:
It's just a short body with a URI which downloads malware. We got hit
by this pretty hard. This is where the real threats are. Receive one
of these to an Exchange distribution l
Am 07.07.2017 um 19:04 schrieb Alex:
>
> I'm interested in how your system would have (or currently does)
> handle this email I received some days ago:
> https://pastebin.com/innRFvZt
>
that one triggers one of my redpill meta rules and scores at 24.1
__HAS_LIST_ID exists:exists:List-Id
HAS_L
Hi,
On Fri, Jul 7, 2017 at 3:45 PM, John Hardin wrote:
> On Fri, 7 Jul 2017, Alex wrote:
>
>> It's just a short body with a URI which downloads malware. We got hit
>> by this pretty hard. This is where the real threats are. Receive one
>> of these to an Exchange distribution list and your reputat
Mostly autolearn ham and train some spam, have found that one account needed
ham though.
Most user accounts in question are at least 200/200, most are well over a few
thousand each (I believe)
>> I need to read up bayes a bit, I was surprised to learn that after
>> using sa-learn --spam, the
On Fri, 7 Jul 2017, Charles Amstutz wrote:
I need to read up bayes a bit, I was surprised to learn that after using
sa-learn --spam, then bayes only tagged it at Bayes_50 instead of
Bayes_99, Unless I did something incorrect.
There is a minimum level of both spam *and ham* that Bayes must be
On Fri, 7 Jul 2017, Alex wrote:
It's just a short body with a URI which downloads malware. We got hit
by this pretty hard. This is where the real threats are. Receive one
of these to an Exchange distribution list and your reputation with the
customer suffers badly.
Defense in depth. For that s
>> I find many don't contribute (despite it being open source) for fear of
>> spammers using these ideas against us, but the project suffers as a result.
I think others don't due to IP rights. I'm glad people do though.
Hi,
On Fri, Jul 7, 2017 at 2:30 PM, David Jones wrote:
> On 07/07/2017 12:04 PM, Alex wrote:
>>
>> Hi,
>>
>> On Fri, Jul 7, 2017 at 12:14 PM, David Jones wrote:
>>>
>>> On 07/07/2017 11:04 AM, Charles Amstutz wrote:
Thank you everyone for the suggestions, I will look into it. One
I need to read up bayes a bit, I was surprised to learn that after using
sa-learn --spam, then bayes only tagged it at Bayes_50 instead of Bayes_99,
Unless I did something incorrect.
Note: I do not use bayes files in user profiles, I use it in mysql database
On 07/07/2017 12:04 PM, Alex wrote:
Hi,
On Fri, Jul 7, 2017 at 12:14 PM, David Jones wrote:
On 07/07/2017 11:04 AM, Charles Amstutz wrote:
Thank you everyone for the suggestions, I will look into it. One thing
I've noticed is that sometimes it takes a day for any *BL's to pick up some
of the
Hi,
On Fri, Jul 7, 2017 at 12:14 PM, David Jones wrote:
> On 07/07/2017 11:04 AM, Charles Amstutz wrote:
>>
>> Thank you everyone for the suggestions, I will look into it. One thing
>> I've noticed is that sometimes it takes a day for any *BL's to pick up some
>> of the spam, and by that time, th
Has anyone ever got something like machine learning (I get that is what bayes
kind of is) or R working with spam assassin? I’ve seen Books on this and maybe
was refering to Bayes, but not sure.
>Also, setup the KAM.cf rules and extra signatures for ClamAV from
>Sanesecurity. These often help with new spam campaigns. I can post
>which signature DBs I am using if that would be helpful.
>--
>Dave
Hi Dave...
i have had problems in the past with the script to download Sanesecurity
DB
apache.org'
Subject: Re: Random word spams and wiki spams
On 07/07/2017 11:04 AM, Charles Amstutz wrote:
> Thank you everyone for the suggestions, I will look into it. One thing
> I've noticed is that sometimes it takes a day for any *BL's to pick up
> some of the spam,
On 07/07/2017 11:04 AM, Charles Amstutz wrote:
Thank you everyone for the suggestions, I will look into it. One thing I've noticed is
that sometimes it takes a day for any *BL's to pick up some of the spam, and by that
time, the run could be done. Greylisting isn't an option. It sometimes feels
Thank you everyone for the suggestions, I will look into it. One thing I've
noticed is that sometimes it takes a day for any *BL's to pick up some of the
spam, and by that time, the run could be done. Greylisting isn't an option. It
sometimes feels like always reactive vs pro-active in filtering
On 07/07/2017 10:15 AM, Kevin A. McGrail wrote:
On 7/7/2017 9:06 AM, Charles Amstutz wrote:
I am new to the group, but have experience with writing some rules and
some meta rules.
Has anyone come up with a good way to detect spam that has random
words in paragraph forms (usually at the bottom
On 7/7/2017 9:06 AM, Charles Amstutz wrote:
I am new to the group, but have experience with writing some rules and
some meta rules.
Has anyone come up with a good way to detect spam that has random
words in paragraph forms (usually at the bottom of the message body)
or they look like they cop
Hello,
I am new to the group, but have experience with writing some rules and some
meta rules.
Has anyone come up with a good way to detect spam that has random words in
paragraph forms (usually at the bottom of the message body) or they look like
they copy parts from various wiki's or other n
40 matches
Mail list logo
