On Wed, May 6, 2009 21:59, jida...@jidanni.org wrote:
Ah ha, you can use something like
header FROM_SAME_AS_TO ALL=~/\nFrom: ([^\n]+)\n.*To: \1/sm
nice rule, but its not the envelope
add spf to your domain
But see e.g., http://david.woodhou.se/why-not-spf.html
why-spf.html
--
-Original Message-
From: Charles Gregory [mailto:cgreg...@hwcn.org]
Sent: donderdag 7 mei 2009 21:58
To: SpamAssassin Users List
Subject: Odd behaviour under load.
Do yahoo and python.org enforce a shorter time-out?
Highly doubtful. RFC 2821, Section 4.5.3.2 (Timeouts) gives you a 2
On Thu, May 7, 2009 14:11, Matus UHLAR - fantomas wrote:
On 07.05.09 03:59, jida...@jidanni.org wrote:
Ah ha, you can use something like
header FROM_SAME_AS_TO ALL=~/\nFrom: ([^\n]+)\n.*To: \1/sm
add spf to your domain
But see e.g., http://david.woodhou.se/why-not-spf.html
did I misread
On Fri, 2009-05-08 at 12:05 +0200, Benny Pedersen wrote:
On Thu, May 7, 2009 14:11, Matus UHLAR - fantomas wrote:
On 07.05.09 03:59, jida...@jidanni.org wrote:
Ah ha, you can use something like
header FROM_SAME_AS_TO ALL=~/\nFrom: ([^\n]+)\n.*To: \1/sm
add spf to your domain
But see
Ned Slider wrote:
Martin Gregorie wrote:
On Wed, 2009-05-06 at 02:08 +0100, Ned Slider wrote:
I had one sneak through today which didn't hit any rules at all (it
hits a few DNSBLs now but not when I received it). It contained an
inline png:
Content-Type: image/png
Content-Transfer-Encoding:
Ned Slider wrote:
Ned Slider wrote:
Martin Gregorie wrote:
On Wed, 2009-05-06 at 02:08 +0100, Ned Slider wrote:
I had one sneak through today which didn't hit any rules at all (it
hits a few DNSBLs now but not when I received it). It contained an
inline png:
Content-Type: image/png
On Fri, 8 May 2009, Mark wrote:
From: Charles Gregory [mailto:cgreg...@hwcn.org]
Do yahoo and python.org enforce a shorter time-out?
Highly doubtful. RFC 2821, Section 4.5.3.2 (Timeouts) gives you a 2
minutes window while awaiting the 354 Start Input reply to a DATA
command.
...are you
On Fri, 2009-05-08 at 09:27 -0400, Randy wrote:
Also they changed the name
and image ( slightly ) . Now the image is Gibas.png or at least, they
are using this too.
They're using a variety of names these days, but all following the fprm
you quote: PersonalName.png. I've decoupled my image
Mark wrote:
Do yahoo and python.org enforce a shorter time-out?
Highly doubtful. RFC 2821, Section 4.5.3.2 (Timeouts) gives you a 2
minutes window while awaiting the 354 Start Input reply to a DATA
command.
Wich is of course irrelevant since SpamAssassin must be called after the
client
John Hardin wrote:
spamassassin --remove-addr-from-whitelist=problemacco...@clientdomain.com
An additional note (since, IIRC, the OP said he did this already):
Make sure to run this for the same user as that wich scans the mail when
it get's the ridicilously high score.
Regards
/Jonas
--
looks like mcafee sees a 20% drop in spam?
wonder what that is about. I'm not seeing a drop in ATTEMPTED spam (I
see MORE ATTEMPTED spam). Mostly this new 'blank email with a png' in it.
Sanesecurity rules seem to be keeping up with it for the most part.
I wonder what they are using to
-Original Message-
From: Michael Scheidell [mailto:scheid...@secnap.net]
Sent: Friday, May 08, 2009 10:57 AM
To: SpamAssassin Users List
Subject: mcafee sees drop in spam?
looks like mcafee sees a 20% drop in spam?
wonder what that is about. I'm not seeing a drop in
looks like mcafee sees a 20% drop in spam?
Sorry, someone asked me for the reference to the mcafee story:
McAfee Reports Huge Drop in Spam
Ellen Messmer, Network World
May 05, 2009
Global e-mail spam volumes have dropped 20% for the first quarter this year
compared with the same period
Michael Scheidell wrote:
looks like mcafee sees a 20% drop in spam?
wonder what that is about. I'm not seeing a drop in ATTEMPTED spam (I
see MORE ATTEMPTED spam). Mostly this new 'blank email with a png' in
it.
Sanesecurity rules seem to be keeping up with it for the most part.
I wonder
-Original Message-
From: Randy [mailto:rramsd...@livedatagroup.com]
Sent: Friday, May 08, 2009 11:13
To: SpamAssassin Users List
Subject: Re: mcafee sees drop in spam?
Michael Scheidell wrote:
looks like mcafee sees a 20% drop in spam?
wonder what that is about. I'm not seeing a drop
Spamcop stats don't show this - yes the number of picture spams is going up,
but not spam generally.
http://www.spamcop.net/spamgraph.shtml?spamyear
--
Martin Hepworth
Oxford, UK
2009/5/8 Michael Scheidell scheid...@secnap.net
looks like mcafee sees a 20% drop in spam?
wonder what that is
-Original Message-
From: John Hardin [mailto:jhar...@impsec.org]
Sent: vrijdag 8 mei 2009 15:52
To: Mark
Cc: users@spamassassin.apache.org
Subject: RE: Odd behaviour under load.
On Fri, 8 May 2009, Mark wrote:
From: Charles Gregory [mailto:cgreg...@hwcn.org]
Do yahoo and
Hi John,
At 06:50 08-05-2009, John Hardin wrote:
I suspect the sender is timing out waiting for the 250 OK after
sending the message, hence my (humorous) 100 Please hold...
suggestion. (Jeeze, SM, lighten up!)
There has already been such a proposal. Someone might take your
humorous
Martin Hepworth wrote:
Spamcop stats don't show this - yes the number of picture spams is
going up, but not spam generally.
http://www.spamcop.net/spamgraph.shtml?spamyear
--
Martin Hepworth
Oxford, UK
2009/5/8 Michael Scheidell scheid...@secnap.net
mailto:scheid...@secnap.net
looks
Randy wrote:
Michael Scheidell wrote:
looks like mcafee sees a 20% drop in spam?
wonder what that is about. I'm not seeing a drop in ATTEMPTED spam
(I see MORE ATTEMPTED spam). Mostly this new 'blank email with a
png' in it.
Sanesecurity rules seem to be keeping up with it for the most
Maybe it's an old story. I saw a drop last fall but it's come back since
then.
Jason Staudenmayer wrote:
-Original Message-
From: Michael Scheidell [mailto:scheid...@secnap.net]
Sent: Friday, May 08, 2009 10:57 AM
To: SpamAssassin Users List
Subject: mcafee sees drop in spam?
On Fri, 8 May 2009, Mark wrote:
Headers are part of the DATA stream. Hence, at the time a connecting
server is awaiting your 354 Start Input reply to their DATA
command
My apologies. I have misled with the phrase 'data command'.
I was referring to the response that the sending server
On Fri, 8 May 2009, John Hardin wrote:
I suspect the sender is timing out waiting for the 250 OK after
sending the message, hence my (humorous) 100 Please hold...
suggestion. (Jeeze, SM, lighten up!)
(nod) I should not have said data command. Apologies again.
And I can see a busy list server
On Fri, 8 May 2009, Mark wrote:
Okay, working from the idea that indeed the connecting client is timing
out waiting for the 250 OK after sending the message, I would think
DNS lookups are the most costly, time-wise. So, I would examine the RBL
lookups first: it only takes the presence of one
On Thu, 2009-05-07 at 15:40 +0200, Karsten Bräckelmann wrote:
On Thu, 2009-05-07 at 07:28 -0600, LuKreme wrote:
with 3.2.5 i can't get custom scores working.
i usually added them in /etc/mail/spamassassin/x_90_scores.cf
This is NOT how you add custom scores to SA.
Uhm, pardon?
On Fri, 8 May 2009, Charles Gregory wrote:
As a side note, for people wondering why my SA is so slow, I thought I
would mention that my SMTP front end (Mail Avenger) has a bug that
prevents me from properly using 'spamc', so all load issues are
compounded buy having to use 'spamassassin'.
I'm running a CentOS5.2 box with Cpanel. How do I turn on
verbose logging so that within each message header I see each rules results?
I'm getting this new spam which they use stacking of words to make a
sentence and I would like make a rule against it. How does
spamassassin handle this type of stuff? Can I use rawbody?
Below is a sample of this:
hr noshade size=1 color=#ccbr /
font size=1 color=#33 face=Verdana,
On Fri, 8 May 2009, fchan wrote:
I'm getting this new spam which they use stacking of words to make a sentence
and I would like make a rule against it. How does spamassassin handle this
type of stuff? Can I use rawbody?
san-serifWe're
interested in
hearing your
thoughts on
these articles,
On Fri, 8 May 2009, John Hardin wrote:
On Fri, 8 May 2009, fchan wrote:
I'm getting this new spam which they use stacking of words to make a
sentence and I would like make a rule against it. How does spamassassin
handle this type of stuff? Can I use rawbody?
san-serifWe're
interested
John Hardin wrote:
rawbody __TWO_WORD_LINES /^\S\+\s\+\S\+$/
tflags __TWO_WORD_LINES multiple
metaSTACKED_TEXT (__TWO_WORD_LINES 10)
Likely somewhat FP-prone...
I think quite FP-prone; think about emailed system logs, lists,
invoices, etc. Your example used lots of real words, so I'd
John Hardin a écrit :
On Wed, 6 May 2009, Adam Katz wrote:
SpamAssassin does not need to run on your outbound server.
It could be argued that doing so is useful to detect intrusions that
result in a spambot being installed on the local network.
For that to be really helpful, one should
On Fri, 8 May 2009, Adam Katz wrote:
John Hardin wrote:
rawbody __TWO_WORD_LINES /^\S\+\s\+\S\+$/
tflags __TWO_WORD_LINES multiple
metaSTACKED_TEXT (__TWO_WORD_LINES 10)
Likely somewhat FP-prone...
I think quite FP-prone; think about emailed system logs, lists,
invoices, etc. Your
On Fri, 2009-05-08 at 19:09 -0400, Adam Katz wrote:
Finally, IIRC, some of the fuzzy checksum mechanisms go by patterns
that take a keen interest in paragraph structure like that (or at
least one was mentioned as well-loved at the last MIT Spam
Conference), so make sure you're using Razor2,
Chris Hoogendyk wrote:
The first quarter ended just over a week ago.
Actually, it ended over a month ago.
Michael Scheidell wrote:
looks like mcafee sees a 20% drop in spam?
wonder what that is about. I'm not seeing a drop in ATTEMPTED spam
I see a recent (late april or early may)
On Fri, May 8, 2009 14:47, McDonald, Dan wrote:
I would rather have:
blacklist_unless_auth @gmail.com
blacklist_unless_auth @yahoo.*
meta __SPF_NOT_PASS (!SPF_PASS)
meta __NOT_LOCAL_TRUSTED (!NO_RELAYS || !ALL_TRUSTED)
meta BLACKLIST_SPF (__SPF_NOT_PASS __NOT_LOCAL_TRUSTED)
describe
Quite late here, so my logic might be a little bit fuzzy or blurred...
On Sat, 2009-05-09 at 03:20 +0200, Benny Pedersen wrote:
meta __SPF_NOT_PASS (!SPF_PASS)
meta __NOT_LOCAL_TRUSTED (!NO_RELAYS || !ALL_TRUSTED)
Equivalent to ! ( NO_RELAYS ALL_TRUSTED )
Probably not what you intended. De
On Fri, 8 May 2009, John Hardin wrote:
... my SMTP front end (Mail Avenger) has a bug that
prevents me from properly using 'spamc'
You can probably work around it, though, by playing some PATH games and
getting Mail Avenger to see a shell script named spamassassin (that
actually runs
38 matches
Mail list logo