On Dienstag 19 Mai 2009 Karsten Bräckelmann wrote:
Again, I believe the your fault wasn't the intention. But that this
is a test, *needs* testers, and you can do it without *any* impact to
your results.
Yes of course. I just meant you can't ask people to use your tests and
then blame them for
On Wed, 2009-05-20 at 02:42 +0300, Jari Fredriksson wrote:
Another one. This is from Washington Post. Still with
fetchmail. http://.pastebin.ca/1427982
Marked as BOUNCE.
meta __BOUNCE_RPATH_NULL 0
should be working.
$ spamassassin --cf=meta __BOUNCE_RPATH_NULL 0
1427982 |
On Tue, 19 May 2009, Marc Perkel wrote:
Looking for people with dead domains that still get a lot of spam,
If you have such a domain that you aren't using can you set the MX
Sorry, but that's not dead enough !
We used to have one domain (mi.iasf.cnr.it) under one organization (CNR).
When
Marc Perkel wrote:
BTW - for those who are curious, the lists are generated mostly from
Exim rules. Exim has a feature that allows me to track hosts that don't
use QUIT to close a connection. Thus the combination of fake mx, no
quit, No or bad RDNS or dynamic IP, and various HELO sins is
Marc Perkel wrote:
Other than that, I recently enabled Hostkarma blacklists here, just to
check. FWIW, it's scoring *really* good for me. So good, I seriously
toned it down. I want to evaluate it first. For that, I need something
even close to a considerable, diverse amount of ham.
How,
Karsten Bräckelmann wrote:
This is not about OpenProtect or their decisions. Actually, there are
more than this one sa-update mirror for the SARE rules.
I think you missed my point. The OpenProtect channel adds a bunch of
SARE rulesets in a single channel. This means that when you use that
thanks Pete! looks nifty. Is that linked on the SA wiki?
--j.
On Tue, May 19, 2009 at 16:12, Pete McNeil madscient...@microneil.com wrote:
Hello SA folks,
We have significantly upgraded our plugin for SpamAssassin.
You can find it here:
http://www.armresearch.com/products/index.jsp
Or
Ham: 294
Spam: 163
EmailBL.cf:
Rule Name Score Ham Spam %of Ham %of Spam
---
EMAILBL_TEST_LEM 0.50 0 10 0.00% 6.13%
On 19.05.09 11:12, Pete McNeil wrote:
Hello SA folks,
We have significantly upgraded our plugin for SpamAssassin.
You can find it here:
http://www.armresearch.com/products/index.jsp
Or more specifically here:
http://www.armresearch.com/message-sniffer/download/snf4sa-0.9.2.tar.gz
Karsten Bräckelmann wrote:
And I do have a goal of !00% accuracy although that is difficult to
attain.
While I guess most blacklist operators do aim at a perfect blacklist,
regardless of specific definitions and whether others agree or not...
That's probably one of the worst shift typos in
Ned Slider wrote:
I've also just recently enabled these lists in SA so am still in the
very early stages of testing. I initially did get one FP hit against the
whitelist (spam message sent through an ISP smtp server in the
whitelist)
Can you let us know what that IP is please? Then Marc can
there is another catch, too, for HTML messages -- it's trivial with
CSS or javascript
to pad a HTML page with an initial 500KB of innocuous content, then
overwrite
that padding with a later chunk of HTML loaded from later in the source.
--j.
On Wed, May 20, 2009 at 13:23, Mark Martinec
Mike Cardwell wrote:
Marc Perkel wrote:
BTW - for those who are curious, the lists are generated mostly from
Exim rules. Exim has a feature that allows me to track hosts that
don't use QUIT to close a connection. Thus the combination of fake
mx, no quit, No or bad RDNS or dynamic IP, and
Justin Mason wrote:
thanks Pete! looks nifty. Is that linked on the SA wiki?
Yes :-)
_M
also sprach Jeff Mincy j...@delphioutpost.com [2009.05.19.1445 +0200]:
formail -b -t -I X-Spam-Status: -I X-Spam-Flag: -I X-Spam-Checker-Version: -I
X-Spam-Rbl: -I X-Spam-Pyzor: -I X-Spam-DCC: -I X-Spam-Level: -I X-Spam-Bayes:
-I X-Spam-Relay: -I X-Spam-Report: -I X-Spam-AWL: -I X-Spam-Karma:
Ned Slider wrote:
Karsten Bräckelmann wrote:
And I do have a goal of !00% accuracy although that is difficult to
attain.
While I guess most blacklist operators do aim at a perfect blacklist,
regardless of specific definitions and whether others agree or not...
That's probably one of the
On Wed, May 20, 2009 at 01:41:12PM +0100, Mike Cardwell wrote:
Ned Slider wrote:
I've also just recently enabled these lists in SA so am still in the
very early stages of testing. I initially did get one FP hit against
the whitelist (spam message sent through an ISP smtp server in the
On Wed, May 20, 2009 11:25, Mike Cardwell wrote:
A cool idea would be an application in a similar vain to p0f, but which
passively detected the SMTP client software, rather than operating
system. It might then be possible to distribute signatures that
identified specific zombie software, as
On Tue, May 19, 2009 at 13:24, Steve Freegard st...@stevefreegard.com wrote:
Justin Mason wrote:
http://ruleqa.spamassassin.org/20090516-r775436-n/T_EMAILBL_TEST_LEM/detail
Would be interesting to see if the 5 ham hits really were ham or whether
they were accidentally misclassified and what
Matus UHLAR - fantomas wrote:
snip/
We have significantly upgraded our plugin for SpamAssassin.
snip/
looks to me like collaborative system containg functionalities like those in
SA already (dcc,razor.pyzor,blacklists) and bayes
Well, I suppose all collaborative systems look
-Original Message-
From: Pete McNeil [mailto:madscient...@microneil.com]
Sent: Tuesday, May 19, 2009 5:12 PM
To: users@spamassassin.apache.org
Subject: New Message Sniffer Plugin Released SNF4SA
Hello SA folks,
We have significantly upgraded our plugin for SpamAssassin.
You
-Original Message-
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk]
Sent: Wednesday, May 20, 2009 1:19 PM
To: users@spamassassin.apache.org
Subject: Re: New Message Sniffer Plugin Released SNF4SA
On 19.05.09 11:12, Pete McNeil wrote:
...omissis...
looks to me like
Henrik K wrote:
On Wed, May 20, 2009 at 01:41:12PM +0100, Mike Cardwell wrote:
Ned Slider wrote:
I've also just recently enabled these lists in SA so am still in the
very early stages of testing. I initially did get one FP hit against
the whitelist (spam message sent through an
Benny Pedersen wrote:
On Wed, May 20, 2009 11:25, Mike Cardwell wrote:
A cool idea would be an application in a similar vain to p0f, but which
passively detected the SMTP client software, rather than operating
system. It might then be possible to distribute signatures that
identified
Giampaolo Tomassoni wrote:
snip/
While SNF stuff looks interesting to me, it seems also to me that it is
meant as a SA replacement.
In some cases SNF is used as a replacement - in others it is not. Why
shouldn't a plugin be as powerful as possible? Doesn't that ultimately
make the platform
it is common for one domains to get an order of magnitude more spam
than another that seems just like it. like mark said, it probably
won't stop. low overhead techniques like greylisting or no listing
can reduce the stress on your server quite a bit. configuring your
mta to close
option8 wrote:
it is common for one domains to get an order of magnitude more spam
than another that seems just like it. like mark said, it probably
won't stop. low overhead techniques like greylisting or no listing
can reduce the stress on your server quite a bit. configuring your
mta
Thanks for the tarbaby feed. If you use the
hostkarma.junkemailfilter.com black list it will work better for you
because it's harvesting your data from the high spam domain. If you use
that list to block you can reduce your system load.
yep. i added that at the same time. so far, not
Ned Slider wrote:
I've also just recently enabled these lists in SA so am still in the
very early stages of testing. I initially did get one FP hit against
the whitelist (spam message sent through an ISP smtp server in the
whitelist)
On 20.05.09 13:41, Mike Cardwell wrote:
Can you let
Mike Cardwell wrote:
Ned Slider wrote:
I've also just recently enabled these lists in SA so am still in the
very early stages of testing. I initially did get one FP hit against
the whitelist (spam message sent through an ISP smtp server in the
whitelist)
Can you let us know what that IP is
On Wed, 2009-05-20 at 00:20 +0200, Jonas Eckerman wrote:
Jari Fredriksson wrote:
As the mail contains no text, there propably is not much to learn.
Why not? Bayes learns from headers as well, and headers can be just as
useful as body text for classifying mail.
Indeed. Hence my insisting
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk]
looks to me like collaborative system containg functionalities like
those in
SA already (dcc,razor.pyzor,blacklists) and bayes
On 20.05.09 15:26, Giampaolo Tomassoni wrote:
It looks to me that it goes a bit further by allowing
On Wed, 2009-05-20 at 12:58 +0200, Jonas Eckerman wrote:
Karsten Bräckelmann wrote:
This is not about OpenProtect or their decisions. Actually, there are
more than this one sa-update mirror for the SARE rules.
I think you missed my point. The OpenProtect channel adds a bunch of
SARE
Matus UHLAR - fantomas wrote:
I've also just recently enabled these lists in SA so am still in the
very early stages of testing. I initially did get one FP hit against
the whitelist (spam message sent through an ISP smtp server in the
whitelist)
On 20.05.09 13:41, Mike Cardwell wrote:
Can
Mike Cardwell wrote:
Matus UHLAR - fantomas wrote:
I've also just recently enabled these lists in SA so am still in
the very early stages of testing. I initially did get one FP hit
against the whitelist (spam message sent through an ISP smtp server
in the whitelist)
On 20.05.09 13:41,
Has anyone seen the following when trying to run SA-update?
IO::Zlib does not define $IO::Zlib::VERSION--version check failed at
/usr/bin/sa-update line 82.
BEGIN failed--compilation aborted at /usr/bin/sa-update line 82.
We are running SA Version 3.2.0 and Perl version 5.8.5, I have done some
I've also just recently enabled these lists in SA so am still in
the very early stages of testing. I initially did get one FP hit
against the whitelist (spam message sent through an ISP smtp server
in the whitelist)
On 20.05.09 13:41, Mike Cardwell wrote:
Can you let us know what that
On Wed, 2009-05-20 at 19:59 +0200, Mark Martinec wrote:
Karsten wrote:
That's trivial to do with pure HTML, too, no need for funky tricks some
MUAs might not understand or render. Oh, and it actually is even
trivial to do with the MIME structure and a spammy text/plain payload.
Karsten wrote:
On Wed, 2009-05-20 at 13:52 +0100, Justin Mason wrote:
there is another catch, too, for HTML messages -- it's trivial with
CSS or javascript
That's trivial to do with pure HTML, too, no need for funky tricks some
MUAs might not understand or render. Oh, and it actually is
Marc Perkel wrote:
I just think that a whitelist entry should be an absolute no spam
comes from here unless something goes tits up type entry, and all
hosts on it should be manually checked...
I started querying the whitelist from spamassassin 4 hours ago. I
don't have a high volume of
Mike Cardwell wrote:
Matus UHLAR - fantomas wrote:
I've also just recently enabled these lists in SA so am still in
the very early stages of testing. I initially did get one FP hit
against the whitelist (spam message sent through an ISP smtp server
in the whitelist)
On 20.05.09 13:41,
-Original Message-
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk]
Sent: Wednesday, May 20, 2009 4:36 PM
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk]
looks to me like collaborative system containg functionalities like
those in
SA already
On Wed, 20 May 2009, Karsten Bräckelmann wrote:
The ok_locales setting defaults to all, effectively disabling all
CHARSET_FARAWAY rules. It is intended to be set voluntarily to charsets
you cannot even decipher, let alone read.
Now that I think about it, I would be much happier with a setting
On Wed, 2009-05-20 at 13:04 -0400, Charles Gregory wrote:
On Wed, 20 May 2009, Karsten Bräckelmann wrote:
The ok_locales setting defaults to all, effectively disabling all
CHARSET_FARAWAY rules. It is intended to be set voluntarily to charsets
you cannot even decipher, let alone read.
On Wed, 2009-05-20 at 13:52 +0100, Justin Mason wrote:
there is another catch, too, for HTML messages -- it's trivial with
CSS or javascript
That's trivial to do with pure HTML, too, no need for funky tricks some
MUAs might not understand or render. Oh, and it actually is even
trivial to do
Matus UHLAR - fantomas wrote:
I just think that a whitelist entry should be an absolute no spam comes
from here unless something goes tits up type entry, and all hosts on it
should be manually checked...
IIUC this is whitelist of type don't blacklist these hosts... maybe I'm
wrong
Nope.
Mike Cardwell wrote:
Matus UHLAR - fantomas wrote:
I just think that a whitelist entry should be an absolute no spam
comes from here unless something goes tits up type entry, and all
hosts on it should be manually checked...
IIUC this is whitelist of type don't blacklist these hosts...
What version of IO::Zlib do you have installed? sa-update line 82 is
it trying to load IO::Zlib 1.04 or later:
use IO::Zlib 1.04;
So my guess is that you either have an early non-version exporting
version, or a strange/corrupted module. Either way, reinstalling it
would be the way to go.
On
On Tue, 2009-05-19 at 20:06 -0700, Marc Perkel wrote:
If you are going to use the blacklist it works best if you also use
the tarbaby.junkemailfilter.com high numbered MX record as well
because that way my blacklist will pick up the spambots that are
targeting you. So feel free to use both.
On 19-May-2009, at 22:23, option8 wrote:
is there any particular reason this might be happening to just this
one
domain?
Many possible reasons. The most obvious is they used to accept all
emails (catchall) or they had a lot of users with a lot of virus/
malware on their windows machines.
OK, I know about whitelist_from_spf and whitelist_from_rcvd and, of
course whitelist_from and I seem to recall a whitelist_from_dkim ...
Is that all of them? Where are they documented and what exactly does
_rcvd check? (I did google, found lots of posts, not docs, which makes
me think
On 8-May-2009, at 19:20, Benny Pedersen wrote:
meta __SPF_NOT_PASS (!SPF_PASS)
meta __NOT_LOCAL_TRUSTED (!NO_RELAYS || !ALL_TRUSTED)
meta BLACKLIST_SPF (__SPF_NOT_PASS __NOT_LOCAL_TRUSTED)
describe BLACKLIST_SPF Meta: Blacklisted spf senders
score BLACKLIST_SPF 5.0
meta WHITELIST_SPF
52 matches
Mail list logo
