On Wed, 2010-03-10 at 13:37 -0600, Dennis B. Hopp wrote:
We seem to be having a problem where clients that we interact with
regularly are having their hotmail/gmail/yahoo accounts hijacked. We
are receiving e-mails from their accounts that legitimately go through
the correct servers
On Fri, 2010-03-12 at 08:15 +0200, Henrik K wrote:
Why don't you simply maintain your wordlists in some files and use a script
to generate portmanteau.cf? You could use Regexp::Assemble module to
optimize also. Who cares what the actual rules look like? The more words
(simple alternations)
Martin Gregorie wrote:
On Fri, 2010-03-12 at 08:15 +0200, Henrik K wrote:
Why don't you simply maintain your wordlists in some files and use a script
to generate portmanteau.cf? You could use Regexp::Assemble module to
optimize also. Who cares what the actual rules look like? The more
On Fri, Mar 12, 2010 at 01:52:01PM +, Martin Gregorie wrote:
On Fri, 2010-03-12 at 08:15 +0200, Henrik K wrote:
Why don't you simply maintain your wordlists in some files and use a script
to generate portmanteau.cf? You could use Regexp::Assemble module to
optimize also. Who cares
On Thu, 11 Mar 2010 20:11:37 +
Martin Gregorie mar...@gregorie.org wrote:
- am I right about all regexes in a portmanteau rule being applied
to every message?
I would presume not and that meta-rules short-circuit the way that
logical expressions do in perl.
It shouldn't make much
Quoting Bowie Bailey bowie_bai...@buc.com:
Martin Gregorie wrote:
On Fri, 2010-03-12 at 08:15 +0200, Henrik K wrote:
Why don't you simply maintain your wordlists in some files and use a script
to generate portmanteau.cf? You could use Regexp::Assemble module to
optimize also. Who cares what
On Fri, 2010-03-12 at 16:27 +0200, Henrik K wrote:
If you have enough words to require multiple REs, then sorting doesn't hurt.
So the start boundaries for a single RE to catch on are minimized.
OK, so there are benefits if every alternate in a regex starts with the
same letter?
Almost
I just received the dreaded URIBL You send us to many DNS queries notice.
This is fine. We have been growing and I am sure our queries have gone up.
But when looking at their data feed service options the first thing I noticed
was that there is no fee structure. I don't know about you, but
Martin Gregorie wrote:
On Fri, 2010-03-12 at 16:27 +0200, Henrik K wrote:
If you have enough words to require multiple REs, then sorting doesn't hurt.
So the start boundaries for a single RE to catch on are minimized.
OK, so there are benefits if every alternate in a regex starts
On Fri, 2010-03-12 at 07:48 -0800, Ray Dzek wrote:
I just received the dreaded URIBL “You send us to many DNS queries”
notice. This is fine. We have been growing and I am sure our queries
have gone up. But when looking at their data feed service options the
first thing I noticed was that
On 12/03/10 15:48, Ray Dzek wrote:
I just received the dreaded URIBL “You send us to many DNS queries”
notice. This is fine. We have been growing and I am sure our queries
have gone up. But when looking at their data feed service options the
first thing I noticed was that there is no fee
describe FORGED_HOTMAIL Hotmail with non-Hotmail Reply-to address
header __FORGED_HM1 From ~= /\...@hotmail\.com/i
header __FORGED_HM2 Reply-to ~= /\...@hotmail\.com/i
meta FORGED_HOTMAIL (__FORGED_HM1 !__FORGED_HM2)
scoreFORGED_HOTMAIL 5.0
and write cookie
Hello,
I would like to know if someone here is part of the returnpath.net
(http://www.returnpath.net/emailserviceprovider/certification/)
certification program?
Does it really increase deliverability of email and to which MSP?
What are the necessary steps to get into that program and is it free
On Fri, 12 Mar 2010, Dennis B. Hopp wrote:
describe FORGED_YAHOO Yahoo with non-Yahoo Reply-to address
header __FORGED_YH1 From =~ /\...@yahoo\.com/i
header __FORGED_YH2 Reply-to =~ /\...@yahoo\.com/i
meta FORGED_YAHOO (__FORGED_YH1 !__FORGED_YH2)
The problem with this
The problem with this is that the !__FORGED_YH2 matches
when there is *NO* Reply-To header at all!
You need something like this:
header __FORGED_YH2 Reply-To =~ /\@([^y]|y[^a]|ya[^h]|yah[^o])/i
meta FORGED_YAHOO (__FORGED_YH1 __FORGED_YH2)
(remove the negation from the meta)
On Fri, 2010-03-12 at 12:52 -0600, Dennis B. Hopp wrote:
The problem with this is that the !__FORGED_YH2 matches
when there is *NO* Reply-To header at all!
You need something like this:
header __FORGED_YH2 Reply-To =~ /\@([^y]|y[^a]|ya[^h]|yah[^o])/i
meta FORGED_YAHOO
On 2010-03-12 16:48, Ray Dzek wrote:
I just received the dreaded URIBL You send us to many DNS queries
notice. This is fine. We have been growing and I am sure our
queries have gone up. But when looking at their data feed service
options the first thing I noticed was that there is no fee
I have an odd situation - it seems like I must be missing something but I
don't know what.
In my local.cf, I had the following lines:
dns_available yes
skip_rbl_checks 0
I noticed that no RBL checks were being run.
If I change dns_available to test or comment out the line (same function),
now
Yet Another Ninja wrote:
These stats are for small trap box which only accepts mail from bots
and rejects stuff listed by DNSWL and other public WLs. Since midnight
CET-
These are only URI BL tats - so you woun't see other dnsbls like
Spamcop, etc.
Alex,
about those stats...
(1) Do those
Quoting Jeff_47 pyt...@finity.org:
I have an odd situation - it seems like I must be missing something but I
don't know what.
In my local.cf, I had the following lines:
dns_available yes
skip_rbl_checks 0
I noticed that no RBL checks were being run.
If I change dns_available to test or
On Thu, Mar 11, 2010 at 12:56 PM, Martin Gregorie mar...@gregorie.org wrote:
They'd normally be in local.cf and are needed for any of the URIBL etc
blacklists to work correctly. See:
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#network_test_options
I guess I am
d.hill wrote:
Quoting Jeff_47:
I have an odd situation - it seems like I must be missing something but
I
don't know what.
In my local.cf, I had the following lines:
dns_available yes
skip_rbl_checks 0
I noticed that no RBL checks were being run.
If I change dns_available to test
Quoting Jeff_47 pyt...@finity.org:
d.hill wrote:
Quoting Jeff_47:
I have an odd situation - it seems like I must be missing something but
I
don't know what.
In my local.cf, I had the following lines:
dns_available yes
skip_rbl_checks 0
I noticed that no RBL checks were being run.
If I
My headers look like:
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on mail.iamghost.com
X-Spam-Level: *
X-Spam-Status: No, score=1.0 required=6.3
tests=EXTRA_MPART_TYPE,HTML_MESSAGE autolearn=no version=3.3.0
*
The message scored a 1.0 (score=1.0) but the
d.hill wrote:
Have you attempted doing a local (on your server) lookup of the IP
address in question? What DNS servers are your server using for
resolution?
It turns out your comment about a DNS problem on my server was spot-on. The
first ns was down - apparently if 'dns_available
On Fri, 2010-03-12 at 14:28 -0500, Carlos Mennens wrote:
I guess I am still lost. SA appears to be working and everything looks
fine however my emails don't appear to be getting a score and I don't
understand how that link applies to why SA isn't setting a score on my
messages when it is
On Fri, 2010-03-12 at 13:19 -0500, Charles Gregory wrote:
describe FORGED_YAHOO Yahoo with non-Yahoo Reply-to address
header __FORGED_YH1 From =~ /\...@yahoo\.com/i
header __FORGED_YH2 Reply-to =~ /\...@yahoo\.com/i
meta FORGED_YAHOO (__FORGED_YH1 !__FORGED_YH2)
On 2010-03-12 20:23, Rob McEwen wrote:
Yet Another Ninja wrote:
These stats are for small trap box which only accepts mail from bots
and rejects stuff listed by DNSWL and other public WLs. Since midnight
CET-
These are only URI BL tats - so you woun't see other dnsbls like
Spamcop, etc.
Alex,
Hello,
Using SA 3.3.0. Any reason why RDNS_NONE now scores 1.3, when it was down to
0.1 with the previous releases ?
The below headers trigger the rule only because the remote LAN SMTP client,
with IP 10.10.3.3, has no rDNS.
Received: from my.public.name ([public_IP] helo=john.fr)
by
On Fri, 2010-03-12 at 22:57 +, Christian Gregoire wrote:
Using SA 3.3.0. Any reason why RDNS_NONE now scores 1.3, when it was
down to 0.1 with the previous releases ?
The score was pretty much informational only previously and arbitrarily
set. The current score is what the mass-checks and
Yet Another Ninja wrote:
there are no users - its trap domains which have never had any real
users - ever.
no prefiltering except rejecting potential bounces and stuff leaking
from whatever may be on DNSWL and a coupleof other WLs.
Alex,
Your stats are certainly valuable and
On 2010-03-13 0:50, Rob McEwen wrote:
Yet Another Ninja wrote:
there are no users - its trap domains which have never had any real
users - ever.
no prefiltering except rejecting potential bounces and stuff leaking
from whatever may be on DNSWL and a coupleof other WLs.
Alex,
Your
On Fri, 2010-03-12 at 18:50 -0500, Rob McEwen wrote:
Your stats are certainly valuable and illustrative... but not reflective
of the stats one would see in a MOST real world mail streams where:
(A) the spams were sent to actual users (which would be a distinctively
different mix of spams
On Mar 12, 2010, at 6:17 PM, Karsten Bräckelmann wrote:
Just for comparison, below are some stats gathered quickly from 2
different and entirely unrelated systems. Real mail stream, real users
only, no traps.
Here are mine from yesterday while we are at it:
On Sat, 2010-03-13 at 01:17 +0100, Karsten Bräckelmann wrote:
RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
--
8 URIBL_BLACK 57241.12 78.360.00
Hello,
Am 2010-03-12 13:38:57, schrieb Benny Pedersen:
On tor 11 mar 2010 19:52:01 CET, Michelle Konzack wrote
I mean, on one of my domains tdwave.net it should be ALWAYS the same
From: and Reply-To:.
i have a plugin that does this, contact me offlist if you like to
have it, its alpha
Hello,
Am 2010-03-12 18:24:14, schrieb ram:
Why only free accounts , The 419'ers hijack legitimate corporate
accounts too. Again , As Ips have good reputation and the mails land in
the inbox
I think the only way of handling this to send proper abuse reports
Probably the free mail
On Thu, Mar 11, 2010 at 7:58 AM, micah anderson mi...@riseup.net wrote:
On Tue, 9 Mar 2010 11:56:56 -1000, Julian Yap julianok...@gmail.com
wrote:
Just wanted to add that this particular line is incorrect:
meta SC_HAM (USER_IN_WHITELIST||USER_IN_DEF_WHITELIST||
Hello,
Am 2010-03-12 22:57:47, schrieb Christian Gregoire:
The below headers trigger the rule only because the remote LAN SMTP
client, with IP 10.10.3.3, has no rDNS.
Received: from my.public.name ([public_IP] helo=john.fr)
by mymta.fr with esmtps (TLSv1:AES256-SHA:256)
id
Michelle Konzack wrote:
I mean exactly, IF Reply-To: is set, verify, that it match the sender,
otherwise reject if it does not match From:.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian
40 matches
Mail list logo