ram r...@netcore.co.in wrote in message
news:1267506187.16095.11.ca...@darkstar.netcore.co.in...
http://www.spamhaus.org/dbl/
I think sa-folks would have this already in some URIBL rule. What are
the scores you assign for a dbl positive hit ?
I assume my current datafeed would already extend to
On Tuesday, March 2, 2010, 1:16:17 AM, Jeremy Fairbrass wrote:
ram r...@netcore.co.in wrote in message
news:1267506187.16095.11.ca...@darkstar.netcore.co.in...
http://www.spamhaus.org/dbl/
I think sa-folks would have this already in some URIBL rule. What are
the scores you assign for a dbl
You'll love this..
My nightly sa-update cron ran last night and upgraded my modified
rules (was version 916621) to a newer version (version 917420). This, of
course, undid my changes. And equally surprising, --lint passed.
I looked at the diffs and sure enough, the same lines were back (number
If you have spamassassin's trusted_networks value configured properly, this
module will now always report the correct IP to DNSWL when you run
spamassassin --report.
trusted_networks needs to be right for all DNS Blacklist checks (and DNSWL)
to know which IP to check. Mine currently looks like:
Greetings all.
I am sure that I would be better able to diagnose this problem if I was
able to capture the incident email traffic, however, at this point I
have not been able to retrieve the emails.
The situation is that upon registration of a new username for comcast
services, which is
On Tue, 2010-03-02 at 11:58 -0500, MGW-Discussions wrote:
I am sure that I would be better able to diagnose this problem if I was
able to capture the incident email traffic, however, at this point I
have not been able to retrieve the emails.
Check your logs for the rules the email triggered.
On Mon, 1 Mar 2010, Marc Perkel wrote:
For what it's worth - if any of you have domains you don't use you can
point them to my virus harvesting server for spam harvesting.
Hmm ... how dead is dead ? :-)
We had for some time three domains (our institute was moved from one
national
On Tue, Mar 2, 2010 at 8:58 AM, MGW-Discussions
mailinglistmem...@mgwigglesworth.net wrote:
Greetings all.
I am sure that I would be better able to diagnose this problem if I was able
to capture the incident email traffic, however, at this point I have not
been able to retrieve the emails.
Quoting Lucio Chiappetti lu...@lambrate.inaf.it:
On Mon, 1 Mar 2010, Marc Perkel wrote:
For what it's worth - if any of you have domains you don't use you can
point them to my virus harvesting server for spam harvesting.
Hmm ... how dead is dead ? :-)
We had for some time three domains
On Mon, 1 Mar 2010, Marc Perkel wrote:
For what it's worth - if any of you have domains you don't use you can
point them to my virus harvesting server for spam harvesting.
(SNIP)
The sender has to do
several other things in order to be blacklisted.
Simple question: Does your 'harvester' have
I've been running it since 1:51 Eastern (US) time, yesterday.
You risk wrongly flagging legitimate email if you make IP queries
to the DBL.
For now, I'm :) cheating, by mapping one of the (officially)
unused high bits to a negative score, which should wipe out the
positive score for a raw IP URL
On Sun, 28 Feb 2010, LuKreme wrote:
SPF!
runs; ducking, shucking, and weaving
You're a brave person. ;)
It's easier to understand the challenge Dave faces, if we look at
some actual From headers.
In my stream, these started in early November of last year, so I
just checked a few months
Lucio Chiappetti wrote:
On Mon, 1 Mar 2010, Marc Perkel wrote:
For what it's worth - if any of you have domains you don't use you can
point them to my virus harvesting server for spam harvesting.
Hmm ... how dead is dead ? :-)
We had for some time three domains (our institute was moved
On Tue, 2010-03-02 at 10:32 -0500, dar...@chaosreigns.com wrote:
If you have spamassassin's trusted_networks value configured properly, this
module will now always report the correct IP to DNSWL when you run
spamassassin --report.
trusted_networks needs to be right for all DNS Blacklist
On Tue, 2 Mar 2010, Chip M. wrote:
Since these started, they've had 19 of these phish:
1 Bank of Americasupp...@boa.com
1 PayPaIupd...@paypai.com
1 Paypal Inc.cust_s...@paypalsecurity.com
1 serv...@irs.govserv...@irs.gov
1 serv...@paypal.comc
1
On Tue, 2 Mar 2010, John Hardin wrote:
Would you be willing to test this and see how well it does in practice?
{grumble} reply-to {grumble}
Sorry for spamming the list with this, it was meant just for Chip.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
The problem was multiline rules with rawbody. Changing it
to full and things work. (I missed that little detail in
the wiki, and there are body rules in the dist that have /is)
Request
A rule in-between rawbody/full? I.e. the whole body, but not the
headers? Or even better, in addition to
Thanks for the advice guys.
I will try to get a good sample, however, I will have to tweak some
rulesets to even get it to stay in citadel long enough to view it.
I haven't been able to play with my spamassassin install very much,
other than automating the updates on rules.
Thanks again,
On 02-Mar-10 09:58, MGW-Discussions wrote:
when the test email comes through, it is rejected with a score of 5.2/5.0
You are REJECTING at a score of 5.0?
That's a bad idea.
Generally if you run SA at transaction you will tag at a score of 5.0
through maybe 10.0 or maybe even 12.0, it is
19 matches
Mail list logo