On Sun, 6 Dec 2009, rich...@buzzhost.co.uk wrote:
A truly clean company that always uses opt-in and never spams has
nothing to fear from any anti-spam measure.
Nonsense. I had to score this list -2000 just to keep it from scoring so
darn high that it was hitting the 'automatic' rejection at
On Fri, 4 Dec 2009, Yet Another Ninja wrote:
. 'just change the score' is not the correct answer.
the answer is totally correct.
No, it is not. No more than it is correct for a spammer to offer me a
(working) 'unsubscribe' link. I don't want to discover I've been letting
spam in the
On Fri, 4 Dec 2009, rich...@buzzhost.co.uk wrote:
Qualifies what, that I get UBE that is Habeas Accredited? Should I start
with the 40 from 'DateTheuk' in the last 8 days?
Okay, let's be methodical. Let us indeed start with those.
Did anyone else get them?
If, so, how did they score?
If not,
All this debate about 'legitimate' mail services like 'returnpath'
being abused by 'sneaky' spammers. How is that possible? There should be
easy ways to prevent it. Here's a few ideas:
As soon as any whitelist service like 'returnpath' accepts
a client, they perform the following:
1)
On Fri, 4 Dec 2009, rich...@buzzhost.co.uk wrote:
Okay, let's be methodical. Let us indeed start with those.
Did anyone else get them?
No answer.
If, so, how did they score?
No answer.
If not, then why did only Richard get them?
No answer.
Point 1 - The Subject that was changed on
On Fri, 4 Dec 2009, rich...@buzzhost.co.uk wrote:
. the default for a spam filter should not be to give
any weight to a white list unless the user modifies the config
themselves specifically. It can be seen to be suspicious and offering a
pecuniary advantage to those involved and using it.
On Fri, 4 Dec 2009, John Hardin wrote:
Both would have to be done any time a new address was added to the
mailing list. And there would have to be some watchdog ensuring the MSP
doesn't relax the policy over time.
Uh-huh. For a -4 in my mail filter? They oughta! :)
It's a great idea. The
On Fri, 4 Dec 2009, rich...@buzzhost.co.uk wrote:
I disagree. I think a spam filter should do it's best to give a
reasonable weight to both whitelists and blacklists.
In which case how about including several other whitelists and not just
giving advantage to one?
SA also scores negatively
On Fri, 4 Dec 2009, Greg Troxel wrote:
A problem with the spam%/ham% checking methodology is that it makes the
accreditation look reasonable for corpuses that have lots of requested
commercial mail. That's certainly fine for those people, but the
outcomes seem very different for those that
On Fri, 4 Dec 2009, J.D. Falk wrote:
They have to police themselves, or else they get kicked off the list.
Simple, neh?
Neh. Definitely NEH. That is the logic of spambots. They get on there,
abuse the heck out of it until someone files a complaint and then they get
cut off, but not before
On Fri, 4 Dec 2009, Ted Mittelstaedt wrote:
That wouldn't ever happen because the whole point of the CAN-SPAM
act is to allow the spammers to send out the first mail. Direct e-mail
mailers just setup fake company after fake company, so they can
repeatedly spam the first time over and over
On Fri, 4 Dec 2009, Per Jessen wrote:
The other side of the argument is - why does any legitimate company need
to employ a service such as Habeas/Returnpath/whatever?
Any legitimate drug company that wants to send price lists to its
legitimate distributors or end customers, upon request, even
On Tue, 1 Dec 2009, Wolfgang Zeikat wrote:
Benny Pedersen wrote:
postfix reject_unverified_sender does a vrfy
Nope. It opens an SMTP connection and waits what the receiving MTA
answers to RCPT TO
Then it closes the connection.
As a side note, among the other many evils of 'callback
On Mon, 30 Nov 2009, rich...@buzzhost.co.uk wrote:
it's funny that you send me private copies for mail that DOES belong to
the list, but you refuse private mail even if it's does NOT belong here.
Well, I figured if you wanted to go on being an ignorant asshole and
keep doing it, I would reply
On Mon, 30 Nov 2009, rich...@buzzhost.co.uk wrote:
PS. If I were a spammer I would be laughing my ass off at this waste of
time. Every effort spent on fighting each other is less spent on them.
Actually, it's reasonable to argue that you are worse - you've just
contributed to an argument that
On Mon, 30 Nov 2009, Chris Owen wrote:
Why anyone replies to this guy about anything is beyond me. Adding him
to a kill file doesn't do much good when you still see the other half of
the argument.
Most e-mail clients insert a line of the form:
On (date) (name) (address) wrote:
So in
On Mon, 30 Nov 2009, rich...@buzzhost.co.uk wrote:
You are just as bad Garretson. I have Chris Owen in my killfile and your
reply means I've had to suffer his garbage quoted post. If you do wish
to dance the 'troll' abuse line, go somewhere else with it because
frankly, I find your input rather
On Mon, 30 Nov 2009, Chris Owen wrote:
Reason plays no role here. There is nothing you can say that the troll
won't feed on. Best to just ignore and move on.
(nod)
Seriously--after his performance the last couple of months just ignore
him. Easiest way to make it stop.
(nod again) Now
On Mon, 23 Nov 2009, Mark Hedges wrote:
OMG I am SO DUMB - I had skip_rbl_checks set in my personal
userconf. DUH.
(nod) Thanks for posting the full logs for both messages.
Once the problem is properly defined, the solution is usually
not too hard to find (though occasionally embarrassing
On Mon, 23 Nov 2009, John Hardin wrote:
Granted, but in metas such a test can be useful:
http://ruleqa.spamassassin.org/?rule=%2FTO_NOsrcpath=jhardin
Every now and then, someone posts a link like this one, and I find myself
looking at a kind of 'index' page that frankly doesn't mean a thing
Analysis 101:
. the rule is correctly loaded, but not run when scanned
but run when I put the message through the command line.
Did you look at the logs you posted?
NONE of the DNS tests are being launched on msg 26661
Also, for that message, there are a suspicious set of entries
On Sat, 14 Nov 2009, jp wrote:
Post your server and bandwidth requirements here. I'm sure many of us
would have the datacenter space and capacity to host a redundant backup.
It's wonderful to see so many people offer 'mirror' space, but as I
understand things, the issue is not with
On Wed, 11 Nov 2009, Philip A. Prindeville wrote:
Return-Path: evan_law...@davidark.net
Received: from web.biz.mail.sk1.yahoo.com
The 'not from our server' response makes me think that Yahell needs
to update their e-mail response robot.
A while ago Yahell started partnering with
On Wed, 4 Nov 2009, Bowie Bailey wrote:
The SA core rules are not updated very often. For the most part, they
just work. If you are not already doing so, you may want to consider
Justin's Sought ruleset. It is dynamically generated and updated every
4 hours or so.
Once again, I'm finding a piece of spam getting through
because of RCVD_IN_DNSWL_MED=-4 .
Is this just the 'occasional' FP that we have to live with?
Or should I rethink scoring that DNSWL?
According to the headers, it looks like an end user of a web mail account
had their password hacked
On Fri, 30 Oct 2009, Terry Carmen wrote:
approval to a plan to permit Web addresses in characters other than the
Latin alphabet, including Arabic, Chinese, Hindi and Korean.
I'd be *really* surprised if these became popular. The last thing any
business wants to do is create a domain name that
On Fri, 30 Oct 2009, Benny Pedersen wrote:
On fre 30 okt 2009 16:39:04 CET, Charles Gregory wrote
Once again, I'm finding a piece of spam getting through
because of RCVD_IN_DNSWL_MED=-4 .
what is the ip ?
Don't think it really matters. As I stated in my OP, it looks like
a reputable ISP
On Tue, 27 Oct 2009, rich...@buzzhost.co.uk wrote:
I just found this one working:
http://uk.geocities.com/midsomerland/midsomerland_indexone.htm
so providence would suggest leaving things alone.
Yes, if you go to the Yahoo FAQ on the close-down, you will find that
one option available prior to
Ah, the old SPAN trick. I haven't seen it, so I imagine my old code is
still catching them. LOL
The key to this trick is the spammer tries to insert 'invisible' text.
Either very small font size, as in your example, or colors that match the
background, or both, so that the intended
On Fri, 2 Oct 2009, RW wrote:
However, if you want to be understood you need to speak the Lingua
Franca. If you choose to use a term differently than everyone else
you WILL be misunderstood and corrected.
If everyone calls an apple an orange, then yeah, it's an orange.
A false match on a
On Fri, 2 Oct 2009, Jefferson Davis wrote:
I have recently updated to 3.2.4 - for some reason my required_score keeps
reverting to 5, basically ignoring or everriding the settings in local.cf.
Some Linux (presumed) disties have non-standard configuration
directories - but when you manually
On Wed, 30 Sep 2009, Nauman Yousuf wrote:
Guys I am getting all my external domain emails tagged as SpamSpam
mail headers
X-Amavis-Alert: BAD HEADER Improper folded header field made up entirely of
whitespace (char 20 hex): Subject: ...?Q?Spam?=\n
=?utf-8?Q?Spam=0D=0A=20helo123?=\n \n
Firstly, PLEASE DIRECT ALL REPLIES TO LIST, not my personal email.
On Wed, 30 Sep 2009, Nauman Yousuf wrote:
i dont know , how subject is filled with spaces , what i need to check
am clue less this is happening from last 3 days
First question of troubleshooting: What changed?
If it worked 4
On Mon, 28 Sep 2009, John Hardin wrote:
At 04:10 PM 9/28/2009, you wrote:
Is it just me, or are others getting multiple copies of list posts the
last hour or so?
Not I Only see a few posts in the last day, and only one of each.
Huh. I guess the ASF MTA doesn't like me, then.
The
On Fri, 25 Sep 2009, jmunjr wrote:
The majority of email coming into my server (Centos5.2, postfix, dovecot)
gets scanned and get the X-Spam-Status inserted just fine by spamassassin
3.2.4 but several get through with no spam header inserted.
The lack of header, by definition, means that
On Fri, 25 Sep 2009, jmunjr wrote:
Thanks Charles. Rats, I meant to say that the message sizes for these are as
small or smaller than other messages getting checked. In fact I don't
believe procmail even has a filesize limit(something I need to change).
Any other thoughts ?
If procmail
On Tue, 15 Sep 2009, Karsten Bräckelmann wrote:
See the List-Help header. A mail to users-help returns, among a lot of
other info, the users-owner address as a last resort. This will reach
the moderators. (Same with all ezmlm lists, btw.)
I had considered this, but another poster made the
On Mon, 14 Sep 2009, Clunk Werclick wrote:
Clearly not - but then, using Spamassassin as a filter ensures just
about everything gets through CUNTFACE.
Congratulations! You've done something I have very rarely seen
on any internet forum. You've gotten everyone to AGREE on something!
I also
On Mon, 14 Sep 2009, Clunk Werclick wrote:
(more drivel)
Good users all. Never heard of a troll?
Nonsensical. Irritating. Taunting.
Best defense against this kind of childish antic is to IGNORE it.
Yes, a firewall setting doesn't hurt.
- Charles
I'm seeing a set of spam, with some very regular easily trapped
text in their headers/body, but with large PDF files that push
the size of the mail outside the 256K limit for running SA.
Anyone have any experience raising that limit? How high can we
go before it really starts to impact
Is the 'bounce handler' for this list a little confused?
I received this notice yesterday for a temporary mailbox overflow
condition that occurred nearly two weeks ago (Aug 4). Now, according to
the list processor, because I received this e-mail, all is well, but
still, why would it be
On Sun, 16 Aug 2009, Kristina wrote:
Hi, all. I've looked through the list and bugzilla, and maybe I've
missed it, but I can't find anything about this problem. Basically, I
upgraded from 3.1.9 to 3.2.5 on our mail servers.
When you compare the hits on a message, is there any difference in
On Wed, 12 Aug 2009, LuKreme wrote:
Is it a custom webmail interface you wrote yourself?
The front end is custom, wrapping a standard client.
Any spammer who personally visited my site would be able to hack
it in seconds (with a stolen password, of course). But any existing
canned scripts
On Thu, 13 Aug 2009, Benny Pedersen wrote:
you belive that email sent from webmail is harder to spam scan then
submitted email from remote ?
No, my statement was that I believe spammers, like the rest of us, follow
the 20/80 rule, and hack the 80 percent of vulnerabilities that require
only
On Tue, 11 Aug 2009, Casartello, Thomas wrote:
Been getting a lot of low scoring stuff like this lately. Any suggestions?
A meta rule that checks for three things:
1) mention of fedex in body or subject or from
2) \+(234|237|44) phone number in body
3) email address (in body) that is
On Tue, 11 Aug 2009, Matus UHLAR - fantomas wrote:
On 10.08.09 14:56, Charles Gregory wrote:
Not at all. I know who logs on when, and I can easily disable their
access.
I should made that more clear: If there are more _concurrent_ users on
the same IP (home/office network with NAT), you only
On Sun, 9 Aug 2009, Res wrote:
if I'm in charge of the network for say this countries 5th largest
ISP, why SHOULD I allow customers of say our countries largest, or 25th
largest relay their mail via my systems...
IMNSHO You shouldn't. You should only allow *your* customers with pop
On Mon, 10 Aug 2009, Rick Macdougall wrote:
I can't speak for others but at my main job (20K+ email accounts) it happens
about once every 2 month's or so. Some how the spammer gets a hold of
someone's password and either uses smtp-auth or webmail to send out spam.
Somehow is not that hard to
On Mon, 10 Aug 2009, Matus UHLAR - fantomas wrote:
On 10.08.09 11:07, Charles Gregory wrote:
IMNSHO You shouldn't. You should only allow *your* customers with pop
e-mail accounts on *your* servers to send mail.
1.
If more customers send spam from the same IP address without authentiaction,
you
On Fri, 7 Aug 2009, Matus UHLAR - fantomas wrote:
I hope those good SAV users are also using some good filtering policy
(reject machines w/o DNS, machines in blacklists, SPF fails) before they are
doing SAV, otherwise they just DoS the victims...
(nod) These arguments (on this list :)
On Fri, 7 Aug 2009, Karsten Bräckelmann wrote:
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
How did you get line
On Wed, 5 Aug 2009, Chris wrote:
http://pastebin.com/m5e126ea
This came to one of my address where what I usually get is 99% spam and
was scored as ham, no matter what I've done...
I find it *extremely* rare for a spammer to use their own e-mail address
and server to send their mail.
So
On Thu, 6 Aug 2009, Tobias Eichner wrote:
all_spam_to bbpe...@domain.tld bbchar...@otherdomain.tld
Although this is set up, people are still reporting that they sometimes
receive mails tagged with SPAM... subject.
As per,
On Thu, 6 Aug 2009, Tobias Eichner wrote:
not examine the delivery envelope. Thus BCC'ed emails, those delivered
by mailing lists, or those with fake TO: lines will not have the
negative score modifier applied.
What do you mean with fake TO: ?
Spammer enters a random address as the
On Tue, 28 Jul 2009, Dave Walker wrote:
The only criticism i have with the SA list is that the Reply-To header
isn't set, meaning most mail clients will reply directly to the person -
rather than the list. Perhaps I should add some procmail foo, but ho hum.
Oh! (smack forehead)
Yeah, thanks!
On Tue, 28 Jul 2009, John Hardin wrote:
Yeah, thanks! I'm always forgetting to fix the To line in my replies!
Procmail/Formail will do nicely!
Post your snippet when it's working, plz. Thanks.
:0fw
* ^(To|Cc):.*(use...@spamassassin|spamassassin.users)
| /usr/bin/formail -IReply-To:
On Wed, 22 Jul 2009, Dan Schaefer wrote:
For those of you that manage these rules,
URI_OBFU_X9_WS, URI_OBFU_WWW, AE_MEDS38, AE_MEDS39 did not mark this
email as spam
http://pastebin.com/m40f7cff4
The URI is not obfuscated, therefore it triggered the URIBL tests
properly (and scored 3
On Wed, 22 Jul 2009, Aaron Bennett wrote:
We're noticing that much of the spam which makes it through our filter
hits the spamhaus pbl rule. However, that rule by itself scores only
0.9.
As per other recent threads, the PBL has become so reliable that it
is now considered 'safe' to use as an
On Tue, 21 Jul 2009, twofers wrote:
so why not let them show us what they've got, show us where we
need to make adjustments and corrections and in turn we will continue to
refine our process, ever so more, squeezing them out...inch by inch.
Because we CAN'T. While the spammers are free
Sometimes I wished everyone getting involved in heated discussions and
proposals, also would carefully read any post with a related topic...
I did leak the other day, that I actually am hacking such a beast.
Sorry. Sometimes the mailbox overload is a bit much, and I just have to
delete things
On Sat, 18 Jul 2009, Charles Gregory wrote:
uri /http:\/\/groups.yahoo.com\/group\/[^\/]{10,20}\/message\/1$/
Oops. Don't forget to throw a RULE NAME into that rule. Sorry.
I keep omitting stuff like that because I edit/save my rules in a handy
little 'shorthand' format file, with everything
On Wed, 15 Jul 2009, Karsten Bräckelmann wrote:
body =~ /(?!www\.[a-z]{2,3}[0-9]{2,3}\.(com|net|org))
This is invalid.
Please ignore. I use a generator
To avoid red herrings, you should have mentioned it. ;)
What I 'shoulda dun' (sic) is type that first bit correctly... :-D
Yeah, well
On Wed, 15 Jul 2009, Gene Heskett wrote:
Or tell them to go pound sand. The last Bilski ruling seems to have pretty
well torpedoed software patents, but some jerks may not have gotten the memo.
Well, I'm not saying this about anyone in particular, as I don't want to
get sued for defaming any
On Wed, 15 Jul 2009, Karsten Bräckelmann wrote:
Actually, in this very rule, the negative look-ahead is useless and
won't match the remaining part of the RE anyway.
Correct. Because this is my 'live' .cf file, I have modified the 'working'
rule (05) to minimize false positives (in the old
On Wed, 15 Jul 2009, MrGibbage wrote:
I wonder if the spammers are reading this forum. That seemed awful fast.
I'm sure they do. But I also suspect that they have a simple 'feedback'
mechanism that let's them know how much of their spew is getting rejected
on their botnets, and when the
On Thu, 16 Jul 2009, Karsten Bräckelmann wrote:
/(?:[^_]{1,30}_+){5}/
Better. ;) However, while that indeed eliminates excessive backtracking
as \S or \w results in (since they contain the underscore), this doesn't
match words ending in underscores. A non-underscore [^_] includes
space,
On Tue, 14 Jul 2009, Damian Mendoza wrote:
Anyone else being sued by Southwest Technology Innovations regarding spam
filtering? It’s odd that they would name my old company (Workgroup
Solutions) since they have very few installations (2 person reseller)
compared to the others named. Any opinions
On Wed, 15 Jul 2009, Karsten Bräckelmann wrote:
body =~ /(?!www\.[a-z]{2,3}[0-9]{2,3}\.(com|net|org))
This is invalid.
Please ignore. I use a generator. To avoid needless discussion of its
syntax, here are the actual rules from my generated .cf file...
body LOC_09061901
If I might interject. This seems to be an excellent occasion for
the PerlRE 'negative look-ahead' code (excuse the line wrap):
body =~ /(?!www\.[a-z]{2,6}[0-9]{2,6}\.(com|net|org))
www[^a-z0-9]+[a-z]{2,6}[0-9]{2,6}[^a-z0-9]+(com|net|org)/i
...unless someone can think of an FP for this
On Mon, 13 Jul 2009, rich...@buzzhost.co.uk wrote:
On Mon, 2009-07-13 at 12:10 +0200, Matus UHLAR - fantomas wrote:
Oh, you again?
Oh you again ? Sigh.
Here we ego again? :)
- C
On Mon, 13 Jul 2009, rich...@buzzhost.co.uk wrote:
On Mon, 2009-07-13 at 10:46 -0400, Charles Gregory wrote:
(?!www\.[a-z]{2,6}[0-9]{2,6}\.(com|net|org))
www[^a-z0-9]+[a-z]{2,6}[0-9]{2,6}[^a-z0-9]+(com|net|org)
Does not seem to work with;
www. meds .com
Correct. With spaces being one
On Mon, 13 Jul 2009, John Hardin wrote:
Why be restrictive on the domain name?
If a conservative spec is sufficient to match the spam, then we're
helping avoid false positives I'd rather tweak the rule to
catch the new tricks of the spammer than overgeneralize. :)
The + signs are a
On Mon, 13 Jul 2009, John Hardin wrote:
The + signs are a little risky, it might be better to use {1,3} instead.
(nod) Though without the '/m' option it would be limited to the same line.
body rules work on paragraphs, but you are right, the badness has an upper
limit.
Ugh. Forgot it was
On Sat, 11 Jul 2009, Jason L Tibbitts III wrote:
I still wonder, though, if we shouldn't be turning these back into
hostnames and looking them up in the regular URI blacklists
Given the obvious objections to having the primary URIBL mechanism try to
parse obfuscations, I once again
A more interesting comparison would be to see how much stuff is NOT caught
by spamhaus, but caught by your list or others :)
-C
On Thu, 9 Jul 2009, Marc Perkel wrote:
For what it's worth I'm now ahead of Barracuda on Jeff Makey's blacklist
comparison chart. Not a scientific comparison
On Wed, 8 Jul 2009, Benny Pedersen wrote:
do you have a dual quad core that idles ? :)
I have a dual Pentium-III that idles 99% of the time, yes.
rawbody takes more cpu power then (body)
I wouldn't think that it takes much more as the only difference
is whether HTML is still present
On Mon, 6 Jul 2009, info-spamassassin-t...@cs.utexas.edu wrote:
I seem to be having a hard time writing rules which anchor
a string to the start of the line in the body of a text message.
What the.? So am I!
I have tried all combinations of:
body LOC_09070701 /^Assets of my deceased
On Tue, 7 Jul 2009, Charles Gregory wrote:
I have tried all combinations of:
body LOC_09070701 /^Assets of my deceased Client/
body LOC_09070702 /^Assets of my deceased Client/m
body LOC_09070703 /^Assets of my deceased Client/ms
And NONE of them match the beginning of line
On Tue, 7 Jul 2009, Charles Gregory wrote:
X-Spam-Status: No, hits=-2004.0 required=10.0 autolearn=disabled
tests=LOC_SAUSERS_RCVD_WL=-1000,LOC_SAUSERS_TO_WL=-1000,
RCVD_IN_DNSWL_MED=-4
On Tue, 7 Jul 2009, Charles Gregory wrote:
I have tried all combinations of:
body LOC_09070701
On Tue, 7 Jul 2009, Charles Gregory wrote:
On Tue, 7 Jul 2009, Charles Gregory wrote:
I have tried all combinations of:
body LOC_09070701 /^Assets of my deceased Client/
body LOC_09070702 /^Assets of my deceased Client/m
body LOC_09070703 /^Assets of my deceased Client/ms
On Wed, 1 Jul 2009, Karsten Bräckelmann wrote:
Be careful with 'full' rules. You'd better paranoidly anchor your RE and
strictly limit matching
(nod) This is why my original question was about using the 'capture'
function. What I WANT to use for a ruleset is something like:
header
On Thu, 2 Jul 2009, Per Jessen wrote:
1) a tiny perl test-script using gethostbyname() will look at /etc/hosts
and try to resolve the name from there. Works fine and just as
expected.
2) a call to gethostbyname() from within an SA plugin does NOT look
at /etc/hosts.
When in doubt, blame
On Wed, 1 Jul 2009, Karsten Bräckelmann wrote:
header FROM_EQ_XM ALL =~
/^From: [...@]+\@(?:[^.]+\.)?([^.]+\.[^.]+)?\$.{0,400}^X-Mailer: \1\$/msi
Firstly, my thanks. This syntax provides the functionality I was asking
for in another thread where I wanted to capture things like the appearance
On Wed, 1 Jul 2009, rich...@buzzhost.co.uk wrote:
Jul 1 07:38:46 munged #14781: query: 1.2.3.4.dnsbl.sorbs.net IN A +
Oh, and look: dnsbl.sorbs.net
So it seems that the demise of sorbs will add latency if their servers
stop answering...
...which leads back to my original question,
Will the
On Thu, 25 Jun 2009, Arvid Picciani wrote:
I still welcome suggestions for handling the few remaining cases where my
procmail chokes on a mailbox limit. Probably more of a PM question than an
SA question, but seeing how the cause for concern is backscatter from
'full mailbox' DSN's I'm
On Fri, 26 Jun 2009, Yet Another Ninja wrote:
what you do is your choice.
(nod) I've already made my choice clear, and would advocate the same
for anyone else. My argument was only that we should not create a false
sense of confidence that we will 'never' see legitimate mail come from a
On 24.06.09 22:56, ferna...@dfcom.com.br wrote:
I'm trying to find a solution allowing user filtering attachments. My
environment uses sql user tables.
Um, do you mean 'reject if mail has attachment of a certain type'?
Or do you mean you want to run an actual filtering program to examine
the
On Fri, 26 Jun 2009, Matus UHLAR - fantomas wrote:
Imho, the important question is, why such home user wants to send large
amounts of mail
Keep in mind, the definition of 'large' may be arbitrarily SMALL for some
ISP's Maybe just 100 recipients.
if (s)he can't find any (free)
Please respond to LIST not to personal e-mail.
On Fri, 26 Jun 2009, ferna...@dfcom.com.br wrote:
I would like spamassassin does:
Read attach extensions from userpref (database),
filter that mime and set a message header,
maildrop (that is my mda), drops this attach and delivery only text part.
On Fri, 26 Jun 2009, LuKreme wrote:
On 26-Jun-2009, at 08:55, Charles Gregory wrote:
we should not create a false sense of confidence that we will 'never' see
legitimate mail come from a PBL-listed IP
Yes, we will *never* see legitimate mail from a PBL-listed IP.
See, it all comes down to what
On Fri, 26 Jun 2009, LuKreme wrote:
See, it all comes down to what you think 'legitimate' is.
The recipient wants the e-mail. DUH.
That's not my definition at all
The very reason for my posting. You need not repeat yourself.
. it's not even the definition of any mailadmin I've ever
On Fri, 26 Jun 2009, John Rudd wrote:
It sounds like Charles' user base and cost/benefit analysis is
different, and that's fine.
Actually no, it's not. I arrive at the same cost/benefit analysis and have
instituted the same general policy - I block all hosts on PBL. Thought I
made that part
On Thu, 25 Jun 2009, Arvid Picciani wrote:
I started blocking some backscattering hosts and would like to inform
them how to fix the issue.
I still welcome suggestions for handling the few remaining cases where my
procmail chokes on a mailbox limit. Probably more of a PM question than an
SA
On Thu, 25 Jun 2009, Benny Pedersen wrote:
On Thu, June 25, 2009 19:34, John Hardin wrote:
Sure, but that doesn't help anybody else that posts to the list.
it will if admins at remote read there logs, but yes we can only wait now
If they do, they don't act very quickly. I've been rejecting
On Wed, 24 Jun 2009, Matus UHLAR - fantomas wrote:
somewhat hesitant to use spamcop as our own servers once had a brief
listing with them (and it wasn't due to spam).
Got more info?
Sadly, we're dealing with my aging memory. :)
While I cannot remember precisely, categorically it was a
On Tue, 23 Jun 2009, mouss wrote:
When I did my research for setting up RBL's, I found old comparisons
between RBL's that seemed to indicate that the spamhaus PBL and the
spamcop lists had slightly higher levels of flase postives.
stop spreading FUD. if you know of false positives, show us so
On Tue, 23 Jun 2009, Jeff Moss wrote:
WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
organization while SORBS is a POS that helped give all blacklists a bad
name.
As an interesting side-note, when I went looking for fresh RBL stats
I found a lot of indications that SORBS
On Mon, 22 Jun 2009, Arvid Picciani wrote:
rich...@buzzhost.co.uk wrote:
It comes with great sadness that I have to announce the imminent
closure of SORBS.
crap ... sorbs is the only list I trust enough to have them at SMTP level.
In the past, I did some tests to determine which lists
On Mon, 22 Jun 2009, rich...@buzzhost.co.uk wrote:
Really? Personally I find the PBL just kicks its ass.
When I did my research for setting up RBL's, I found old comparisons
between RBL's that seemed to indicate that the spamhaus PBL and the
spamcop lists had slightly higher levels of flase
On Fri, 19 Jun 2009, Jason Haar wrote:
Hi there, just a FYI
I just received this: http://pastebin.com/m54006b68
420K in size...
H. Big question for developers: Does the performance 'burden' of a
large e-mail come from the 'reading' of that mail into spamassassin and
initial processing?
201 - 300 of 385 matches
Mail list logo
