Karsten Bräckelmann wrote:
On Sun, 2010-02-28 at 18:44 -0500, Lee Dilkie wrote:
For what ever reason, my sa-update to 3.30 has buggered itself. In my
efforts to debug it's now at the situation that SA has no rules to run
and I'm getting swamped.
The first sentence is seriously
On Mon, 2010-03-01 at 06:45 -0500, Lee Dilkie wrote:
Karsten Bräckelmann wrote:
Anyway, what comes to mind: Did you run sa-update after the upgrade to
3.3.0 at all? If not, did you install the rules tarball alongside SA?
I was originally running the 3.3 rules and that was fine, and as far
On Sun, 2010-02-28 at 12:13 -0800, damuz wrote:
Martin Gregorie-2 wrote:
How is SA used by your hosted email MTA, IOW is Spamassasin called in
pre-queue before the mail has been accepted or is it called later?
How much control do you have over that server? Can you set up
Imagine my surprise this am when I got a quarantine report from our
ironport email server (when I don't have one!)
Phishers targeting ironport users now. if anyone has ironport, can you
look at this email to see if it looks like an ironport quarantine report?
I do notice the lack of ironport
On Mon, 1 Mar 2010, Benny Pedersen wrote:
On man 01 mar 2010 02:37:37 CET, John Hardin wrote
I've suggested this before, but the current position appears to be if the
MUA doesn't display it automatically, why should we scan it?
same goes for just enter this url when the sender was tired of
On Sun, 28 Feb 2010, damuz wrote:
Secondly, it occurred to me that all the (legit) mail to us will only be to
a handful of email addresses and much of the spam still getting through is
sent to spurious recipie...@mydomain.com.
So with this in mind, is it useful or advisable to setup those legit
On 03/01, Justin Mason wrote:
it's based on who's reported their logs -- give it time to complete.
Thanks.
nope -- preflights have been stopped, as they're quite CPU-intensive and
we don't have the hardware.
How about hit-frequencies output from the corpora used for sa-update
updates?
--
On Sun, 28 Feb 2010, LuKreme wrote:
Your best bet is to check if mail claiming to be from paypal is, in fact,
from paypal.
Actually, I think his problem is that the reference to paypal has been
buried in an attachment, described as 'type' of 'octet/binary' so that SA
won't think it is text
You must create an account here to use this:
http://www.dnswl.org/registerreporter.pl
It is still experimental. I expect it to work flawlessly. If it doesn't,
please email me details off-list.
It causes the spamassassin --report (or -r) command to also report
to the DNSWL.org whitelist, for
Because your first option matches the style inside the brackets
and
your second option does take into account the forward slash
before style?
Todd
Michael Dilworth wrote:
OK, it's late and I'm tired, and this will probably
end up being stupid regex issue, but:
why does...
rawbody
On 3/1/10 10:31 AM, dar...@chaosreigns.com wrote:
You must create an account here to use this:
http://www.dnswl.org/registerreporter.pl
I did, thanks, using the manual reported.
you need some way to exclude the reporters ip address.
(i just reported a spam from badoo. and instead of
Michael Scheidell wrote:
On 3/1/10 10:31 AM, dar...@chaosreigns.com wrote:
You must create an account here to use this:
http://www.dnswl.org/registerreporter.pl
I did, thanks, using the manual reported.
you need some way to exclude the reporters ip address.
(i just reported a spam
On 03/01, Michael Scheidell wrote:
you need some way to exclude the reporters ip address.
Yep. I knew there was one, but it's apparently only currently usable by
admins. Terrible.
I deleted your submission.
The reports are currently including the list of trusted and untrusted
relays, so
On 3/1/10 11:05 AM, dar...@chaosreigns.com wrote:
It does exclude all SA headers, just as --remove-markup or -d does.
Doesn't look like it strips trusted / internal network IPs. Should be
identical to what gets sent to SpamCop, since this module is mostly a copy
of the SpamCop module.
On Mon, Mar 1, 2010 at 15:01, dar...@chaosreigns.com wrote:
On 03/01, Justin Mason wrote:
it's based on who's reported their logs -- give it time to complete.
Thanks.
nope -- preflights have been stopped, as they're quite CPU-intensive and
we don't have the hardware.
How about
On 03/01, Justin Mason wrote:
that's the ruleqa.spamassassin.org UI.
Which data is used for the sa-updates? Just the latest random weekly
network mass-check?
--
Life is but a walking shadow, a poor player that struts and frets his
hour upon the stage--and then is heard no more. It is a tale
On Sun, Feb 28, 2010 at 4:09 PM, Bill Landry b...@inetmsg.com wrote:
Move the back-slash \ before the dot . (\.org) as you currently have it
after the dot (.\org)
Bill
Bill - I got my example from Ralph Hildebrandt's Postfix config
directly from his site:
For what it's worth - if any of you have domains you don't use you can
point them to my virus harvesting server for spam harvesting. That gets
rid of the spam coming to you and it helps block spam for everyone using
my blacklist. Set the MX to a single entry:
tarbaby.junkemailfilter.com
Good
Carlos Williams wrote:
Bill - I got my example from Ralph Hildebrandt's Postfix config
directly from his site:
http://www.arschkrebs.de/postfix/#chapter5
Respectfully it's 3 years old but he does have it the exact way I do:
/^localhost$/ 550 Don't use my own domain
I think I'm misunderstanding something, but I'm not sure what.
Please tell me why I'm confused. :-)
On 2010-02-24 11:30, Chip M. wrote:
Jonas, do you have any performance and/or efficacy stats for your
URLRedirect plugin?
Unfortunately, no. I am logging info from it (to the general mail
On Sun, 28 Feb 2010, LuKreme wrote:
On 28-Feb-10 17:25, David B Funk wrote:
I'm seeing a spate of PayPal/bank phishes that use an html attachment
(base-64 encoded) as the vehicle for the payload.
SPF!
runs; ducking, shucking, and weaving
Actually I'm happy to utilize SPF when I can. But
On Mon, 1 Mar 2010, Charles Gregory wrote:
On Sun, 28 Feb 2010, LuKreme wrote:
Your best bet is to check if mail claiming to be from paypal is, in fact,
from paypal.
Actually, I think his problem is that the reference to paypal has been
buried in an attachment, described as 'type' of
On Mon, 1 Mar 2010, David B Funk wrote:
Looks like he may have to use a 'full' test to look for the references to
paypal
Been there, done that, doesn't work.
AFAIK SA ignores 'octet/binary' attachments for the rule engine. None of
the rules that I tried (uri, body, full, rawbody) saw
On Mon, Mar 1, 2010 at 17:09, dar...@chaosreigns.com wrote:
On 03/01, Justin Mason wrote:
that's the ruleqa.spamassassin.org UI.
Which data is used for the sa-updates? Just the latest random weekly
network mass-check?
Yep, exactly. (with additional checks to ensure the data is good enough
On Mon, 1 Mar 2010, Charles Gregory wrote:
On Mon, 1 Mar 2010, David B Funk wrote:
Looks like he may have to use a 'full' test to look for the references
to
paypal
Been there, done that, doesn't work.
AFAIK SA ignores 'octet/binary' attachments for the rule engine. None of
the
no joy.
doesn't look like the ports version of SA comes with any stock rules
(nothing obvious in the ports dir tree, the work/ directory had en empty
72_active.cf file)... I deinstalled and then installed and it all went
well but it tells me to run sa-update to get the rules, and that's my
progress report.. commented out the place where the lint results were
checked and rules got installed.
looking at 72_active.cf I see a number of lines ending in CR (^M). Is
this intentional?
ie.
header __SUBJ_3DIGIT Subject =~ /\b\d{3}[^0-9]/^M
header __SUBJ_APPROVE
Final update folks, sorry for the noise if it's bothersome...
commented out the three offending lines in 72_active.cf and --lint
passed and I'm back up and running.
No idea what the issue is, those lines looked fine to me. I'm running
perl 5.8.9, could that be an issue?
-lee
details: ##lee is
On Mon, Mar 1, 2010 at 5:56 AM, Michael Scheidell scheid...@secnap.netwrote:
Imagine my surprise this am when I got a quarantine report from our ironport
email server (when I don't have one!)
Phishers targeting ironport users now. if anyone has ironport, can you
look at this email to see if
On 01-Mar-10 12:45, David B Funk wrote:
AFAIK SA ignores 'octet/binary' attachments for the rule engine. None of
the rules that I tried (uri, body, full, rawbody) saw anything that was
known to be in one of those attachments.
So there was no paypal info (spoofed) in the headers at all?
But
http://www.spamhaus.org/dbl/
I think sa-folks would have this already in some URIBL rule. What are
the scores you assign for a dbl positive hit ?
I assume my current datafeed would already extend to data access on the
dbl list. I will have to setup my rbldnsd before trying this out.
31 matches
Mail list logo
