On Søn, Juni 14, 2009 03:10, MySQL Student wrote:
Home | Contact Us | Privacy Policy | Terms of Use | Unsubscribe |
this is spammy line, with often faked domains (content looks like
micro$oft) but url is not there domain
Where can I go from here?
sa-learn --spam msg
and or make a rule for
David Gibbs a écrit :
LuKreme wrote:
The unsubscribe link is right there in plain sight. Whether Gmail
conceals it from you has nothing to do with it.
Few consumer mail clients (Gmail, Yahoo, Thunderbird, OE, Outlook,
Lotus/Domino, etc) show the user headers by default. This means they
On Sat, 13 Jun 2009, MySQL Student wrote:
Received: from [78.97.185.89] (unknown
[78.97.185.89])
Message-ID:
krszdjkabfqdkcf.iodbkvqhqtyymyw83588989...@[78.97.185.89]
Do they all have message ID's that include the IP?
Yeah, great, it looks like
Got a usage question. Is there a simple mechanism, similar to Perl's use
of parantheses and $1 to 'capture' a value in one rule and USE that
captured value in the next rule?
For example:
To: Bob re...@wherever
Followed by one of
Subject: hello Bob
Subject: hello re...@whatever
So I would
No, SA doesn't do that. The best way to do this is to write a plugin
where you can do whatever you want. :)
On Sun, Jun 14, 2009 at 3:18 PM, Charles Gregorycgreg...@hwcn.org wrote:
Got a usage question. Is there a simple mechanism, similar to Perl's use
of parantheses and $1 to 'capture' a
On Sun, 14 Jun 2009, Charles Gregory wrote:
On Sat, 13 Jun 2009, MySQL Student wrote:
Received: from [78.97.185.89] (unknown
[78.97.185.89])
Message-ID:
krszdjkabfqdkcf.iodbkvqhqtyymyw83588989...@[78.97.185.89]
Do they all have message ID's
Hi,
I recently got a lot of crashes, any idea how I could find out why?
My mail log doesn't contain anything suspicious.
thanks
--
Arvid
mouss wrote:
- this modifies the body, thus breaking signatures. when mail gets back
to the same domain (sender and final recipient in same domain), this may
cause problems. I agree that many lists do break signatures so the
receiving site should cope with this, but I am not sure they really
On Sun, 14 Jun 2009, Arvid Picciani wrote:
I recently got a lot of crashes, any idea how I could find out why?
What information *do* you have?
My mail log doesn't contain anything suspicious.
Does running a sample message through spamassassin and spamc manually
yield any clues?
--
On Sun, 14 Jun 2009, Arvid Picciani wrote:
I recently got a lot of crashes, any idea how I could find out why?
What information *do* you have?
Umm. It crashed and spamc can't connect to it anymore.
So I guess the answer is none.
My mail log doesn't contain anything suspicious.
http://log.perl.org/2009/06/email-issues-org-blocked-now-fixed.html
anyone know what URIBL provider this was?
--j.
On Sun, 14 Jun 2009, John Hardin wrote:
header MSGIDIP Message-Id =~ /\...@\[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\]/
Refine that just a tiny bit:
header MSGIDIP Message-Id =~
/\...@\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]/
LOL! Busted! I was being lazy!
- C
On 13-Jun-2009, at 22:04, David Gibbs wrote:
LuKreme wrote:
The unsubscribe link is right there in plain sight. Whether Gmail
conceals it from you has nothing to do with it.
Few consumer mail clients (Gmail, Yahoo, Thunderbird, OE, Outlook,
Lotus/Domino, etc) show the user headers by
David Gibbs a écrit :
mouss wrote:
- this modifies the body, thus breaking signatures. when mail gets back
to the same domain (sender and final recipient in same domain), this may
cause problems. I agree that many lists do break signatures so the
receiving site should cope with this, but I am
On 14-Jun-2009, at 10:23, David Gibbs wrote:
mouss wrote:
- this modifies the body, thus breaking signatures. when mail gets
back
to the same domain (sender and final recipient in same domain),
this may
cause problems. I agree that many lists do break signatures so the
receiving site should
On 6/14/2009 10:48 PM, Justin Mason wrote:
http://log.perl.org/2009/06/email-issues-org-blocked-now-fixed.html
anyone know what URIBL provider this was?
--j.
Wouldn't we all have noticed if this would have been the case?
Hi!
http://log.perl.org/2009/06/email-issues-org-blocked-now-fixed.html
anyone know what URIBL provider this was?
Wouldn't we all have noticed if this would have been the case?
Doesnt ring a bell here either, best to ask the guys who posted that?
Bye,
Raymond.
Yet Another Ninja a écrit :
On 6/14/2009 10:48 PM, Justin Mason wrote:
http://log.perl.org/2009/06/email-issues-org-blocked-now-fixed.html
anyone know what URIBL provider this was?
--j.
Wouldn't we all have noticed if this would have been the case?
not if they use some unknown uri
a...@ibcsolutions.de a écrit :
Excerpts from Charles Gregory's message of Thu Jun 11 07:13:02 -0700 2009:
How many accounts are we talking about here?
If it is just one or two addresses, and the user(s) being 'spoofed' have
distinctive *names* on their genuine 'From' headers, then you can
On Sat, 13 Jun 2009, John Hardin wrote:
On Sun, 14 Jun 2009, Res wrote:
It's the weekend and I was bored :)
This list does not exist to provide you amusement.
Last time I looked, Justin ran this list, not you.
--
Res
-Beware of programmers who carry screwdrivers
On Sat, 13 Jun 2009, Charles Gregory wrote:
On Sun, 14 Jun 2009, Res wrote:
Though now its Sunday, I have socialising to do, and none of that includes
sitting on mailing lists listening to cry babies who expect people involved
in OSSP's to drop everything and be their servants.
So we'll
On Sun, 14 Jun 2009, Arvid Picciani wrote:
I recently got a lot of crashes, any idea how I could find out why?
My mail log doesn't contain anything suspicious.
In the absence of evidence/logs, ask yourself 'what changed'? Did you add
anything new to your system around the time this started
On Sun, 14 Jun 2009, Arvid Picciani wrote:
On Sun, 14 Jun 2009, Arvid Picciani wrote:
I recently got a lot of crashes, any idea how I could find out why?
What information *do* you have?
Umm. It crashed and spamc can't connect to it anymore.
So I guess the answer is none.
...and there's
On Mon, 15 Jun 2009, Res wrote:
On Sat, 13 Jun 2009, Charles Gregory wrote:
On Sun, 14 Jun 2009, Res wrote:
Though now its Sunday, I have socialising to do, and none of that
includes sitting on mailing lists listening to cry babies who expect
people involved in OSSP's to drop
Res wrote:
On Sat, 13 Jun 2009, Charles Gregory wrote:
On Sun, 14 Jun 2009, Res wrote:
Though now its Sunday, I have socialising to do, and none of that
includes sitting on mailing lists listening to cry babies who expect
people involved in OSSP's to drop everything and be their servants.
On Sun, 14 Jun 2009 13:20:21 +0200
mouss mo...@ml.netoyen.net wrote:
I am not as convinced as you:
- this modifies the body, thus breaking signatures. when mail gets
back to the same domain (sender and final recipient in same domain),
this may cause problems. I agree that many lists do
On Mon, 15 Jun 2009, Res wrote:
On Sat, 13 Jun 2009, John Hardin wrote:
On Sun, 14 Jun 2009, Res wrote:
It's the weekend and I was bored :)
This list does not exist to provide you amusement.
Last time I looked, Justin ran this list, not you.
That's true. Fair enough, comment
DOB (Day Old Bread) had the same problem last year:
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200810.mbox/%3cva.33f1.14690...@news.conactive.com%3e
With software bugs, lightning often DOES strike twice in the same
spot. :)
- Chip
mouss wrote:
- mail admin at example.com configures his mail system to sign all
outbound mail with DKIM
- he rejects any mail with a From: in his domain if it doesn't have a
valid DKIM signature
- j...@example.com posts to a list that appends a footer (or munges the
Reply-To header, assuming
David Gibbs wrote:
mouss wrote:
- mail admin at example.com configures his mail system to sign all
outbound mail with DKIM
- he rejects any mail with a From: in his domain if it doesn't have a
valid DKIM signature
- j...@example.com posts to a list that appends a footer (or munges the
Charles Gregory wrote:
Do they all have message ID's that include the IP? You could score
that 0.3 or so to help push it over the line. Also give a bit mroe
Shiny - I had not noticed this pattern. Thanks guys! :)
LuKreme wrote:
and found it hit more mailinglist ham than spam, so I'd tread
Bill Landry wrote:
This may be true if the sender were adding the footer before signing and
sending the message to the list. However, not true if it's the mailing
list that is adding the footer after the original sender has already
signed the message.
As I understand it, in order for the
David Gibbs wrote:
Bill Landry wrote:
This may be true if the sender were adding the footer before signing and
sending the message to the list. However, not true if it's the mailing
list that is adding the footer after the original sender has already
signed the message.
As I understand
Chris Owen wrote:
On Jun 14, 2009, at 8:10 PM, Bill Landry wrote:
Mailman has specific functionality to remove signature headers so
that the message can be resigned as it's sent out.
If that happens then the message is no longer signed by the original
sender, but rather by the mailing
On Jun 14, 2009, at 18:59, Chip M. sa_c...@iowahoneypot.com wrote:
In all (5) of the hams I found, the IP was in IANA Reserved space
(specifically 192.168.0.0/16).
Most where in reserved space, but by no means all of them.
I checked 2.5 months worth of logs for my most diverse domain, and
On Mon, 15 Jun 2009, Chip M. wrote:
DOB (Day Old Bread) had the same problem last year:
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200810.mbox/%3cva.33f1.14690...@news.conactive.com%3e
With software bugs, lightning often DOES strike twice in the same
spot. :)
I'm quite
36 matches
Mail list logo