Hello,
I'm new hear, so please bear with me...
Under the heading What is SpamBox? the SpamAssassin Interface Help panel
in my cPanel tells me this:
**
This feature allows emails identified as spam by SpamAssassin to be
delivered to a separate
Hi!
For what it's worth I'm now ahead of Barracuda on Jeff Makey's blacklist
comparison chart. Not a scientific comparison but it's about all there is to
compare blacklists. Now only abuseat.org and spamhaus have me beat. (apews
doesn't count because they blacklist everything)
On Thu, 2009-07-09 at 18:57 -0700, Marc Perkel wrote:
For what it's worth I'm now ahead of Barracuda on Jeff Makey's blacklist
comparison chart. Not a scientific comparison but it's about all there
is to compare blacklists. Now only abuseat.org and spamhaus have me
beat. (apews doesn't
Hi,
Because of Apache.org spam filters I can't send here my message about
spammers again:
Jul 9 22:32:07 hermes2 courieresmtp:
id=00174B77.4A5653AA.7F82,from=pte...@uw.edu.pl,addr=users@spamassassin.apache.org:
552 spam score (15.4) exceeded threshold
Jul 9 22:32:07 hermes2
On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
Please see my initial post on Pastebin:
http://pastebin.com/f6a83e9fb
If it's true that all those domains resolve to just a handful of IP
addresses, then why aren't they listed in - oh wait - SURBLs don't cover
IPs just the DNS names - argh!
Is
On Fri, July 10, 2009 11:01, Pawe? T?cza wrote:
http://pastebin.com/f6a83e9fb
one rule:
meta URI_NOT_WHITELISTED (__HAS_ANY_URI !__LOCAL_WHITE)
make a __LOCAL_WHITE list in sa eithter with rbldnsd or direct as rule in sa
will stop such lammers forever :)
--
xpoint
On Fri, 2009-07-10 at 11:01 +0200, Paweł Tęcza wrote:
Hi,
Because of Apache.org spam filters I can't send here my message about
spammers again:
Jul 9 22:32:07 hermes2 courieresmtp:
id=00174B77.4A5653AA.7F82,from=pte...@uw.edu.pl,addr=users@spamassassin.apache.org:
On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
Please see my initial post on Pastebin:
http://pastebin.com/f6a83e9fb
If it's true that all those domains resolve to just a handful of IP
addresses, then why aren't they listed in - oh
rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
Please see my initial post on Pastebin:
http://pastebin.com/f6a83e9fb
If it's true that all those domains resolve to just a handful of IP
addresses, then why
On Fri, 2009-07-10 at 10:58 +0100, Steve Freegard wrote:
rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
Please see my initial post on Pastebin:
http://pastebin.com/f6a83e9fb
If it's true that all those
rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
Please see my initial post on Pastebin:
http://pastebin.com/f6a83e9fb
If it's true that all those domains resolve to just a handful of IP
On Fri, July 10, 2009 11:58, Steve Freegard wrote:
See 'uridnsbl' in Mail::SpamAssassin::Plugin::URIDNSBL
its more or less a URIDNSWL plugin needed, with can reverse all black into
white eg if not found on uribl_black gives -negative
scores, and if its still have some uri at all give positive
On 7/10/2009 12:20 PM, Benny Pedersen wrote:
On Fri, July 10, 2009 11:58, Steve Freegard wrote:
See 'uridnsbl' in Mail::SpamAssassin::Plugin::URIDNSBL
its more or less a URIDNSWL plugin needed, with can reverse all black into
white eg if not found on uribl_black gives -negative
scores, and
On Sat, 04 Jul 2009 08:56:35 -0400
Matt Kettler mkettler...@verizon.net wrote:
Please be aware the AWL is NOT whitelist, or a blacklist, and the
scores don't really quite work the way they look. The AWL is
essentially an averager, and as such, it's sometimes going to assign
ALL_TRUSTED is a bit odd. If you you look back through the debug, it
has identified untrusted relays:
[11689] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=194.230.33.137
rdns=mx.xm-rz.net helo=mail.xm-rz.net by=myhost.mydomain.com ident=
envfrom= intl=0 id=B94C2118004 auth= msa=0 ] [
On 10-Jul-2009, at 01:25, rich...@buzzhost.co.uk wrote:
On Thu, 2009-07-09 at 18:57 -0700, Marc Perkel wrote:
For what it's worth I'm now ahead of Barracuda on Jeff Makey's
blacklist
comparison chart. Not a scientific comparison but it's about all
there
is to compare blacklists. Now only
On 04.07.09 20:50, MySQL Student wrote:
I am stuck trying to figure out why the attached spam isn't caught properly.
In fact, BAYES_99 isn't flagged
and I know it should be, and the total score is 0.0, despite several rules
being flagged. The LOCAL_BODY_1577053434 and LOCAL_BODY_4046600451
On 10-Jul-2009, at 00:01, HerbEppel wrote:
Under the heading What is SpamBox? the SpamAssassin Interface Help
panel
in my cPanel tells me this:
This is a cPanel question,a nd needs asking on a cPanel list, not this
list.
--
Love is like oxygen / You get too much / you get too high
/ Not
LuKreme wrote:
On 10-Jul-2009, at 00:01, HerbEppel wrote:
Under the heading What is SpamBox? the SpamAssassin Interface Help
panel
in my cPanel tells me this:
This is a cPanel question,a nd needs asking on a cPanel list, not this
list.
Yes, I had wondered who I should pester
On Fri, July 10, 2009 12:29, Yet Another Ninja wrote:
5 minutes later.. idea buried?
a frind one time said to me anyone can hate, it cost to love thats why i
belive whitelist it a better route then blacklist is
--
xpoint
Benny Pedersen wrote:
On Fri, July 10, 2009 13:03, HerbEppel wrote:
Yes, I had wondered who I should pester with my question :blush:
Thanks for the clarification.
also make them clearify why use pop3 and folders :)
pop3 is only for getting mails not for remote store of mails, use
On Fri, 2009-07-10 at 04:57 -0600, LuKreme wrote:
On 10-Jul-2009, at 01:25, rich...@buzzhost.co.uk wrote:
On Thu, 2009-07-09 at 18:57 -0700, Marc Perkel wrote:
For what it's worth I'm now ahead of Barracuda on Jeff Makey's
blacklist
comparison chart. Not a scientific comparison but it's
Matt Kettler wrote:
rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
Please see my initial post on Pastebin:
http://pastebin.com/f6a83e9fb
If it's true that all those domains resolve to just a
spamassassin 21 -D --lint
search here for missing perl modules
On 05.07.09 18:57, MySQL Student wrote:
How effective are razor/pyzor and SPF/DKIM?
very effective, razor/pyzor altogether with DCC.
SPF also helps much, although it should be implemented at SMTP level and
refuse all messages
On Fri, 10 Jul 2009 12:33:51 +0200
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
On Sat, 04 Jul 2009 08:56:35 -0400
Matt Kettler mkettler...@verizon.net wrote:
Please be aware the AWL is NOT whitelist, or a blacklist, and
the scores don't really quite work the way they look. The
Steve Freegard wrote:
Matt Kettler wrote:
rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
Please see my initial post on Pastebin:
http://pastebin.com/f6a83e9fb
On 10-Jul-2009, at 05:18, rich...@buzzhost.co.uk wrote:
There is a load of noise in NANAE about the Court coming to a
compensation decision and Spamhaus being 'broke' hence my concern.
Is NANAE in a time-warp? The court (in the US) has no power to compel
spamhaus (in the UK) to pay a cent.
On Fri, July 10, 2009 13:03, HerbEppel wrote:
Yes, I had wondered who I should pester with my question :blush:
Thanks for the clarification.
also make them clearify why use pop3 and folders :)
pop3 is only for getting mails not for remote store of mails, use imap in
thunderbird and discover
On Fri, 2009-07-10 at 06:15 -0400, Matt Kettler wrote:
rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 21:26 +1200, Jason Haar wrote:
On 07/10/2009 09:01 PM, Paweł Tęcza wrote:
Please see my initial post on Pastebin:
http://pastebin.com/f6a83e9fb
If it's
On Fri, July 10, 2009 12:29, Yet Another Ninja wrote:
5 minutes later.. idea buried?
there is more then one way of make a white ?
meta URI_WHITE (!__URIBL_BLACK || !__URIBL_GREY)
no ?
meta URI_NOT_WHITELISTED (__HAS_ANY_URI URI_WHITE)
how many non spam domains exists really to be a big
On Fri, 2009-07-10 at 05:42 -0600, LuKreme wrote:
On 10-Jul-2009, at 05:18, rich...@buzzhost.co.uk wrote:
There is a load of noise in NANAE about the Court coming to a
compensation decision and Spamhaus being 'broke' hence my concern.
Is NANAE in a time-warp? The court (in the US) has no
RW wrote:
On Fri, 10 Jul 2009 12:33:51 +0200
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
On Sat, 04 Jul 2009 08:56:35 -0400
Matt Kettler mkettler...@verizon.net wrote:
Please be aware the AWL is NOT whitelist, or a blacklist, and
the scores don't really quite work the way
I'm running SA daemonized. I know that it reads
/.spamassassin/user_prefs (not a typo), /etc/mail/spamassassin/local.cf,
and /usr/share/spamassassin/ for configuration. I know I don't have
something set right, because /.spamassassin/user_prefs is being read
because spamd is run with
On Thu, 2009-07-09 at 19:42 -0700, Evan Platt wrote:
As the headers of every message state:
list-unsubscribe: mailto:users-unsubscr...@spamassassin.apache.org
I tried that when I went on vacation last month. My ack bounced after
three days, so it never unsubscribed me. I'm back from
Hi,
Because of Apache.org spam filters I can't send here my message about
spammers again:
. . .
http://pastebin.com/f6a83e9fb
I'm new to this list, and may be missing something obvious, but this looks
like a great candidate for a firewall DROP rule.
Is there any reason you don't just drop
Just a little off topic here, but relevant. When I test SA, I log into a
bash shell. I set my environment variables in .bash_profile (loading
changes with the 'source' command). Sometimes when testing, I get different
results than I do when processing real mail. I think it is because when my
David Lomax wrote:
Did ANYONE read Evan's response?
--
Dan Schaefer
Application Developer
Performance Administration Corp.
David Lomax wrote:
i wish MUAs would start supporting mailinglists.
Whats so hard about offering a button to unsubscribe, or thread view?
*sigh*
Quoting Terry Carmen te...@cnysupport.com:
Hi,
Because of Apache.org spam filters I can't send here my message about
spammers again:
. . .
http://pastebin.com/f6a83e9fb
I'm new to this list, and may be missing something obvious, but this looks
like a great candidate for a firewall DROP
Terry Carmen pisze:
Hi,
Because of Apache.org spam filters I can't send here my message about
spammers again:
. . .
http://pastebin.com/f6a83e9fb
I'm new to this list, and may be missing something obvious, but this looks
like a great candidate for a firewall DROP rule.
Hi Terry,
You
Matt Kettler wrote:
It's no plugin I know of, but it's a feature we intentionally left out
of SA for security reasons. So given that it's a really bad idea I'd
guess barracuda did implement it themselves.
Are you forgetting URIBL_SBL?? That requires the A or NS records of
the URI to
On Fri, 10 Jul 2009, Terry Carmen wrote:
Because of Apache.org spam filters I can't send here my message about
spammers again:
. . .
http://pastebin.com/f6a83e9fb
I'm new to this list, and may be missing something obvious, but this
looks like a great candidate for a firewall DROP rule.
On Fri, 10 Jul 2009, David Lomax wrote:
[nothing]
Unsubscribing from a mailing list is an intelligence test.
You just failed.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 --
My local root user sends me nightly emails with mail/spam statistics and
information. Because of the spam information contained in the email, it
sometimes flagged as spam itself.
In my local.cf, I have put the root user's email address in the
whitelist_from line, however whenever I send an
So - you attempted to unsubscribe. You didn't reply to the
confirmation e-mail that was sent. You weren't unsubscribed.
The process worked properly. Otherwise, anyone would be able to
subscribe or unsubscribe anyone else.
At 05:44 AM 7/10/2009, you wrote:
I tried that when I went on
boogybren wrote:
Any suggestions would be greatly appreciated. Attached is my local.cf
Simple solution, but you may not have tried it...restart spamassassin
--
Dan Schaefer
Application Developer
Performance Administration Corp.
A more interesting comparison would be to see how much stuff is NOT caught
by spamhaus, but caught by your list or others :)
-C
On Thu, 9 Jul 2009, Marc Perkel wrote:
For what it's worth I'm now ahead of Barracuda on Jeff Makey's blacklist
comparison chart. Not a scientific comparison
On Fri, 2009-07-10 at 06:56 -0700, Evan Platt wrote:
So - you attempted to unsubscribe. You didn't reply to the
confirmation e-mail that was sent.
I did reply, but the ezlm software refused to accept the message. And
exchange is dumb enough that it didn't tell me that it failed for 3
days.
Oh ok.. I'm going to go out on a limb here and blame Exchange. :)
At 07:40 AM 7/10/2009, you wrote:
On Fri, 2009-07-10 at 06:56 -0700, Evan Platt wrote:
So - you attempted to unsubscribe. You didn't reply to the
confirmation e-mail that was sent.
I did reply, but the ezlm software refused
Rosenbaum, Larry M. wrote:
I have found the Xpdf package [...] has a pdftotext command line utility.
If you build it with the --without-x option,
Ah. I didn't see that option. That's nice. I'm now using pdftotext
instead of pdftohtml here as well. :-)
And I've just uploaded a new version
On Fri, 2009-07-10 at 06:12 -0700, MrGibbage wrote:
Just a little off topic here, but relevant. When I test SA, I log into a
bash shell. I set my environment variables in .bash_profile (loading
changes with the 'source' command).
I use spamc/spamd and the answer is simple. I use a script
Thanks Dan, indeed I have bounced the daemon after modifying the local.cf.
Brenden
Daniel Schaefer wrote:
boogybren wrote:
Any suggestions would be greatly appreciated. Attached is my local.cf
Simple solution, but you may not have tried it...restart spamassassin
--
Dan Schaefer
Steven W. Orr wrote:
http://wiki.apache.org/spamassassin/ClamAVPlugin
It looks like what I thought I wanted already exists. Based on what I wrote
above, and that I like the result of running sa + clamav via the two milters,
does anyone have any caveats for me?
1: When running ClamAV inside
chauhananshul wrote:
I'm new to linux world can some one please help in understanding .cf .pm
files.
Neither of those files are specific to linux.
The .pm files are perl modules. To understand how those works in detail
you need to learn perl. You don't need to know this when using
/\bwww(?:\s|\s\W|\W\s)\w{3,6}\d{2,6}(?:\s|s\W|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
^
John,
Thanks a lot for rule update! It works fine. I can say it's nearly
perfect, because it missing only one small back-slash :) Please look
above.
On Fri, 2009-07-10 at 17:11 +0200, Sim wrote:
/\bwww(?:\s|\s\W|\W\s)\w{3,6}\d{2,6}(?:\s|s\W|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
^
John,
Thanks a lot for rule update! It works fine. I can say it's nearly
perfect, because it missing
Marc Perkel wrote:
Does anyone have a list of all domains that provide short url
redirection?
An added wish from me:
Does anyone have a list of URL shorteners actively used by spammers?
Thanks for the lists. I'm not sure what I'm going to do with it but I'm
going to see if I can find a way
evolution does.
David
On Fri, 2009-07-10 at 15:20 +0200, a...@exys.org wrote:
David Lomax wrote:
i wish MUAs would start supporting mailinglists.
Whats so hard about offering a button to unsubscribe, or thread view?
*sigh*
McDonald, Dan wrote:
Yes, remove the outer parentheses.
Here are the rules I am using:
bodyAE_MEDS35 /w{2,4}\s(?:meds|shop)\d{1,4}\s(?:net|com|org)/
describe AE_MEDS35 obfuscated domain seen in spam
score AE_MEDS35 3.00
bodyAE_MEDS38
Jonas Eckerman wrote:
chauhananshul wrote:
I'm new to linux world can some one please help in understanding .cf
.pm
files.
Neither of those files are specific to linux.
The .pm files are perl modules. To understand how those works in
detail you need to learn perl. You don't need to know
At 03:57 09-07-2009, McDonald, Dan wrote:
I recently received a spam with a mailbox-list in the from: and senderd:
headers
From: Inversiones inversiones.fo...@live.com,
i...@lasinversionesforex.com
Sender: Inversiones inversiones.fo...@live.com,
On Fri, 10 Jul 2009, boogybren wrote:
My local root user sends me nightly emails with mail/spam statistics and
information. Because of the spam information contained in the email, it
sometimes flagged as spam itself.
I would suggest you look into MTA configs that will allow you to
At 08:31 09-07-2009, Bob Proulx wrote:
I just wanted to confirm that I am seeing twitter invite spam that
appears AFAICT to be from twitter.com to addresses that are not and
never have been associated with Twitter. Mostly moderated mailing
lists. It looks to me like there is some type of
On Fri, 10 Jul 2009, Sim wrote:
/\bwww(?:\s\W?\s?|\W\s)\w{3,6}\d{2,6}(?:\s\W?\s?|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
I'm using it without good results for this format:
bla bla www. site. net. bla bla
Have you any idea?
There are no digits in that URI.
If this becomes common,
On Fri, 2009-07-10 at 11:39 -0400, Daniel Schaefer wrote:
McDonald, Dan wrote:
Since we're sharing rules for this recent Spam outbreak, here is my rule:
body DRUG_SITE /www(\.|\
)*(med|meds|gen|pill|shop|via|cu|co|ba|da|bu|ba)[0-9]{2}(\.|\ )*(net|com)/
You should avoid the use of *, as it
On Fri, 10 Jul 2009, Terry Carmen wrote:
Because of Apache.org spam filters I can't send here my message about
spammers again:
. . .
http://pastebin.com/f6a83e9fb
I'm new to this list, and may be missing something obvious, but this
looks like a great candidate for a firewall DROP rule.
On Fri, 10 Jul 2009, SM wrote:
Multiple addresses rarely appear in the From: header.
...and because of that it might be a useful spam sign worth a point, even
though it's completely valid syntax.
It's better to have a rule for the multiple addresses in the Sender:
header if you are
On Fri, Jul 10, 2009 at 05:01:14PM +0200, Jonas Eckerman wrote:
Steven W. Orr wrote:
http://wiki.apache.org/spamassassin/ClamAVPlugin
It looks like what I thought I wanted already exists. Based on what I wrote
above, and that I like the result of running sa + clamav via the two milters,
On Fri, 10 Jul 2009, Terry Carmen wrote:
All the supplied domain names have a DNS server in China. It might be
worth it to create a rule to based on the link's DNS server's location
(Geo IP Lookup).
*that* might actually be a good test, and one that is safer than resolving
the offending
On Fri, 2009-07-10 at 12:40 +0200, Benny Pedersen wrote:
there is more then one way of make a white ?
Not being blacklisted does not justify any shade of white. The absence
of a listing is nothing more than no information. You can't deduct any
inverted information.
meta URI_WHITE
On Fri, 2009-07-10 at 09:11 -0700, John Hardin wrote:
On Fri, 10 Jul 2009, Terry Carmen wrote:
All the supplied domain names have a DNS server in China. It might be
worth it to create a rule to based on the link's DNS server's location
(Geo IP Lookup).
*that* might actually be a good
On 7/10/2009 6:30 PM, rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 09:11 -0700, John Hardin wrote:
On Fri, 10 Jul 2009, Terry Carmen wrote:
All the supplied domain names have a DNS server in China. It might be
worth it to create a rule to based on the link's DNS server's location
(Geo
McDonald, Dan wrote:
Since we're sharing rules for this recent Spam outbreak, here is my
rule:
body DRUG_SITE /www(\.|\
)*(med|meds|gen|pill|shop|via|cu|co|ba|da|bu|ba)[0-9]{2}(\.|\ )*(net|
com)/
You should avoid the use of *, as it allows spammers to consume all of
your memory and
Charles Gregory wrote:
A more interesting comparison would be to see how much stuff is NOT
caught by spamhaus, but caught by your list or others :)
Right -- that gives you more of a sense of the value of a new list for a
system which already checks other lists.
--
J.D. Falk
Return Path
Gerry Maddock wrote:
McDonald, Dan wrote:
Since we're sharing rules for this recent Spam outbreak, here is my
rule:
body DRUG_SITE /www(\.|\
)*(med|meds|gen|pill|shop|via|cu|co|ba|da|bu|ba)[0-9]{2}(\.|\ )*(net|
com)/
You should avoid the use of *, as it allows
On Fri, 2009-07-10 at 18:44 +0200, Yet Another Ninja wrote:
On 7/10/2009 6:30 PM, rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 09:11 -0700, John Hardin wrote:
On Fri, 10 Jul 2009, Terry Carmen wrote:
All the supplied domain names have a DNS server in China. It might be
worth it
Hi there,
I do not see spamassassin processing information in the SMTP header of
incoming messages. So I am fairly sure that the processing is not
working. I am hoping to get the postfix-procmail-spamc processing
path working system-wide. I need some help though since it is not working.
On Fri, 10 Jul 2009, Yet Another Ninja wrote:
On 7/10/2009 6:30 PM, rich...@buzzhost.co.uk wrote:
On Fri, 2009-07-10 at 09:11 -0700, John Hardin wrote:
On Fri, 10 Jul 2009, Terry Carmen wrote:
All the supplied domain names have a DNS server in China. It might be
worth it to create
I have been wanting to do something like that but haven't done the legwork to
figure it out.
I will certainly look up how to do this in sendmail. Do you have any
suggestions?
John Hardin wrote:
On Fri, 10 Jul 2009, boogybren wrote:
My local root user sends me nightly emails with
On Fri, 10 Jul 2009 08:09:04 -0400
Matt Kettler mkettler...@verizon.net wrote:
RW wrote:
The much more common scenario is that the first spam hits BAYES_50
and subsequent BAYES_99 hits are countered by a negative AWL score.
Technically, this only counters half the score. It also gets
Yes, remove the outer parentheses.
Here are the rules I am using:
body AE_MEDS35 /w{2,4}\s(?:meds|shop)\d{1,4}\s(?:net|com|org)/
describe AE_MEDS35 obfuscated domain seen in spam
score AE_MEDS35 3.00
body AE_MEDS38
2009/7/10 John Hardin jhar...@impsec.org:
On Fri, 10 Jul 2009, Sim wrote:
/\bwww(?:\s\W?\s?|\W\s)\w{3,6}\d{2,6}(?:\s\W?\s?|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
I'm using it without good results for this format:
bla bla www. site. net. bla bla
Have you any idea?
There are no
On Fri, 10 Jul 2009, boogybren wrote:
I have been wanting to do something like that but haven't done the
legwork to figure it out.
I will certainly look up how to do this in sendmail. Do you have any
suggestions?
We also need to know how you're gluing SA into your mailer chain.
Procmail?
Am using procmail.
John Hardin wrote:
On Fri, 10 Jul 2009, boogybren wrote:
I have been wanting to do something like that but haven't done the
legwork to figure it out.
I will certainly look up how to do this in sendmail. Do you have any
suggestions?
We also need to know how
On Fri, 10 Jul 2009, Daniel Schaefer wrote:
Gerry Maddock wrote:
McDonald, Dan wrote:
body DRUG_SITE /www(\.|\
) *(med|meds|gen|pill|shop|via|cu|co|ba|da|bu|ba)[0-9]{2}(\.|\
) )*(net|com)/
You should avoid the use of *, as it allows spammers to consume all
of your memory
On Fri, 10 Jul 2009, boogybren wrote:
Am using procmail.
Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA
ruleset that skips mail originating from localhost. If you need help
generalizing that for your situation, contact me offlist.
Also, try to stop top-posting.
John Hardin wrote:
On Fri, 10 Jul 2009, Daniel Schaefer wrote:
Gerry Maddock wrote:
McDonald, Dan wrote:
body DRUG_SITE /www(\.|\
) *(med|meds|gen|pill|shop|via|cu|co|ba|da|bu|ba)[0-9]{2}(\.|\
) )*(net|com)/
You should avoid the use of *, as it allows spammers to consume
all
On Fri, 10 Jul 2009, Daniel Schaefer wrote:
Doesn't the . (period) need escaped in this? [.\s]{1,3}
Nope. [] means explicit set of characters, and . = any character
conflicts with that context.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
John Hardin wrote:
On Fri, 10 Jul 2009, Daniel Schaefer wrote:
Doesn't the . (period) need escaped in this? [.\s]{1,3}
Nope. [] means explicit set of characters, and . = any
character conflicts with that context.
Thanks for the clarification. I'm still learning REs.
--
Dan Schaefer
On Fri, July 10, 2009 18:17, Karsten Bräckelmann wrote:
Anyway, as I've told you before with some hastily scribbled logic, you
seriously should read up on De Morgan's law. The above meta equals
! ( __URIBL_BLACK __URIBL_GREY )
are you sure this logic holds in sa ?
|| is imho or not and
Benny Pedersen wrote:
On Fri, July 10, 2009 18:17, Karsten Bräckelmann wrote:
Anyway, as I've told you before with some hastily scribbled logic, you
seriously should read up on De Morgan's law. The above meta equals
! ( __URIBL_BLACK __URIBL_GREY )
are you sure this logic holds in
Am 2009-07-10 11:39:02, schrieb Daniel Schaefer:
Since we're sharing rules for this recent Spam outbreak, here is my rule:
body DRUG_SITE /www(\.|\
)*(med|meds|gen|pill|shop|via|cu|co|ba|da|bu|ba)[0-9]{2}(\.|\
)*(net|com)/
score DRUG_SITE 0.5
describe DRUG_SITE Test to find spam drug
On Fri, July 10, 2009 15:20, a...@exys.org wrote:
i wish MUAs would start supporting mailinglists.
Whats so hard about offering a button to unsubscribe, or thread view?
*sigh*
as easy/hard as try squirrelmail ?
both issues above is not a problem here
--
xpoint
On Fri, 2009-07-10 at 22:42 +0200, Benny Pedersen wrote:
On Fri, July 10, 2009 18:17, Karsten Bräckelmann wrote:
Anyway, as I've told you before with some hastily scribbled logic, you
seriously should read up on De Morgan's law. The above meta equals
On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote:
My local root user sends me nightly emails with mail/spam statistics and
information. Because of the spam information contained in the email, it
sometimes flagged as spam itself.
In my local.cf, I have put the root user's
On Fri, 2009-07-10 at 11:30 -0700, John Hardin wrote:
On Fri, 10 Jul 2009, an anonymous Nabble user wrote:
Am using procmail.
Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA
ruleset that skips mail originating from localhost. If you need help
generalizing that
Here are the headers:
Return-Path: r...@myphonydomain.com
X-Spam-Tests:
* -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score: 0.]
* 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
From: Karsten Bräckelmann guent...@rudersport.de
Date: Fri, 10 Jul 2009 23:43:03 +0200
On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote:
My local root user sends me nightly emails with mail/spam statistics and
information. Because of the spam information
On Fri, 2009-07-10 at 14:53 -0700, an anonymous Nabble user wrote:
Here are the headers:
Return-Path: r...@myphonydomain.com
X-Spam-Tests:
* -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score:
1 - 100 of 114 matches
Mail list logo