On Thu, 28 Oct 2010 11:19:50 -0400
dar...@chaosreigns.com wrote:
Having nothing to prevent someone from registering millions of
accounts and spewing data from a single IP is not acceptable to me.
Umm...
Perhaps you have heard of a recent phenomenon called a botnet? Just
what security do you
OK,
On a somewhat less sarcastic note: One reason we didn't use TCP is that
it simply doesn't scale. If you have clients that open a TCP connection,
do a report, and then close the TCP connection, there's a huge bandwidth
penalty. On the other hand, if your clients maintain persistent TCP
On Thu, 28 Oct 2010 13:56:08 -0230
Lawrence @ Rogers lawrencewilli...@nl.rogers.com wrote:
What reporting system do you use?
Although our Perl client library is free, the server-side code is proprietary.
and how does one avail of the data it provides?
We sell rsync access to our lists. We
On Thu, 28 Oct 2010 12:43:51 -0400
dar...@chaosreigns.com wrote:
On 10/28, David F. Skoll wrote:
Perhaps you have heard of a recent phenomenon called a botnet?
Just what security do you think TCP really buys you?
Requiring them to use the botnet.
In other words: No security at all
On Sat, 06 Nov 2010 00:41:53 -0700
Bill Landry b...@inetmsg.com wrote:
You could also test the envelope sender:
header SPAMHAUS_ENV eval:check_rbl_envfrom('SPAMHAUS_ENV',
'_vouch.dwl.spamhaus.org.')
But that's an abuse... you should not be using Vouch-by-reference unless
either DKIM
On Thu, 11 Nov 2010 21:35:11 -0500
Jason Bertoch ja...@i6ix.com wrote:
After many complaints from the DNS community over SPF hijacking the
TXT record, a new SPF record type was eventually accepted.
The proper fix would have been to make SPF lookups for example.com
request the TXT record for
On Mon, 15 Nov 2010 11:30:59 -0500
Michael Scheidell michael.scheid...@secnap.com wrote:
So, SPF works, if EVERYONE FOLLOWS THE RFC'S AND BEST PRACTICES.
Not really. SPF is too weasely. If the SPF authors really wanted a
useful standard, then:
1) The only return codes would have been pass,
On Mon, 15 Nov 2010 11:50:50 -0500
Michael Scheidell michael.scheid...@secnap.com wrote:
then don't use it:
Our record follows the way I said SPF should work. It specifies only
4 hosts as authorized to send for us and has a hard -all at the end.
That's because we took the time and trouble to
On Mon, 15 Nov 2010 08:07:43 -1000
Alexandre Chapellon alexandre.chapel...@mana.pf wrote:
I use it just the same for the domains I have complete controm over.
Unfortunately, be aware that this setup maybe forbid your legitimate
emails to be forwarded by a foreign host:
Yes, this is a
On Mon, 15 Nov 2010 13:43:57 -0500
Kris Deugau kdeu...@vianet.ca wrote:
I noticed recently that the average ~0.8s scan time on our filter
cluster had jumped to just over 3s.
We noticed a huge jump in scan times on several of our customers' systems.
Try disabling the Day-old Bread rules. We
On Wed, 01 Dec 2010 07:27:13 -0800
Marc Perkel m...@perkel.com wrote:
I've been thinking about what it would take to actually eliminate
spam or reduce it to less than 10% of what it is now. One of the
problems is the SMTP protocol itself. And a big problem with that is
that mail servers talk
On Wed, 01 Dec 2010 16:55:17 +
Martin Gregorie mar...@gregorie.org wrote:
Besides, I seem to remember hearing that IPV6 is never anonymous
Where did you hear that? I can't imagine that
IPv6 is any less (or any more) anonymous than IPv4.
OT comment 1: if IPV6 is indeed never anonymous,
On Wed, 01 Dec 2010 12:47:16 -0500
Rob McEwen r...@invaluement.com wrote:
One HUGE problem is that IPv6 will be a spammer's dream and a DNSBL's
nightmare. A spammers (and blackhat ESPs) would potentially send out
each spam from a different IP and then not use each IP again for
YEARS!
On Wed, 01 Dec 2010 13:29:28 -0500
Rob McEwen r...@invaluement.com wrote:
When DNSBL resources are order of magnitudes higher... when the
largest data files for DNSBLs go from 100MB to probably Terabytes...
and then trying to transfer that via rsync... and getting all the
mirrors to handle
On Wed, 1 Dec 2010 16:02:03 -0500
Michael Grant mgr...@grant.org wrote:
The main problem with this approach is how does
someone send you mail if they're not on your contact list? I don't
have any magic answers how to solve that beyond what's already out
there as in return messages with
On Wed, 08 Dec 2010 15:52:37 -0800
Marc Perkel supp...@junkemailfilter.com wrote:
For those who want to try the Fake MX trick you can set your highest
MX to tarbaby.junkemailfilter.com.
Sure. I'll publish an MX record potentially sending my domain's mail
to a machine I don't control... not.
On Fri, 17 Dec 2010 11:24:51 -0800
Ted Mittelstaedt t...@ipinc.net wrote:
It is possible this is because I use sa-milter.
If you want to make complex policy decisions, you might want to use
something like MIMEDefang (note: I'm the author. :))
It lets you encode your mail processing logic in
On Thu, 23 Dec 2010 16:33:59 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
[...]
To digress, I would suggest the solution to that (and what I wish PGP
had implemented from day one) is to sign using two different
cryptographic hash algorithms (e.g. MD5 _and_ SHA1). It's extremely
unlikely
On Thu, 23 Dec 2010 17:08:11 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
But the known-evil addresses aren't the data being protected (however
poorly) - the email addresses from your inbound mail that you're
checking against the list of evil addresses (which may include
correspondents
On Thu, 23 Dec 2010 18:16:31 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
The response time for listing an email address in a phishing emailRBL
may be too great to see much benefit.
We see a pretty good benefit from the anti-phishing email reply list.
It's not so much a good tool to catch
On Mon, 27 Dec 2010 12:46:39 -0500
Jason Bertoch ja...@i6ix.com wrote:
Dec 24 08:54:05 mail spamd[24172]: Issuing rollback() due to DESTROY
without explicit disconnect() of DBD::mysql::db handle
bayes:127.0.0.1:3306
at /usr/local/lib/perl5/site_perl/5.8.9/Mail/SpamAssassin/Plugin/Bayes.pm
On Mon, 27 Dec 2010 12:25:28 -0600
Jack L. Stone ja...@sage-american.com wrote:
I don't think so. That message typically comes about when a DBI
database handle goes out of scope without disconnect() having been
called.
That was also one of my thoughts but noticed (as I recall) that the
On Mon, 27 Dec 2010 11:16:23 -0800
Ted Mittelstaedt t...@ipinc.net wrote:
Larry Wall never envisioned the octopus monstrosity that Perl has
become.
Um.
Just because you can write overly-complex slow Perl code doesn't mean that
all Perl code is necessarily overly-complex or slow.
Not that I
On Mon, 27 Dec 2010 13:46:34 -0600
Jack L. Stone ja...@sage-american.com wrote:
In my case a very small percentage of mail actually reaches SA
because of several filters in front of it. Sendmail, Regex-milter,
Greylist-milter, and other milters catch most of the truly bad stuff,
and then
On Mon, 27 Dec 2010 12:37:00 -0800
Ted Mittelstaedt t...@ipinc.net wrote:
greylisting, though, is by far the best. But I have noticed an
increasing number of sites out there - and this is large sites - who
apparently are honked-off that people greylist, and they will bounce
delivery of mail
On Mon, 27 Dec 2010 13:36:39 -0800
Ted Mittelstaedt t...@ipinc.net wrote:
[...]
We do not find virus-scanning before spam-scanning to be
effective. A tiny percentage of our mail is flagged as containing
a virus,
That's subject to interpretation I think. I would guess that your
On Wed, 29 Dec 2010 09:33:25 -0800
Marc Perkel supp...@junkemailfilter.com wrote:
Yes - there's no point in doing DNS blacklist lookups on yahoo,
hotmail, and gmail as well as thousands of other mixed source
providers.
I disagree. I have a strong feeling that some of those providers
route
On Wed, 29 Dec 2010 11:50:56 -0800
Marc Perkel supp...@junkemailfilter.com wrote:
My idea doesn't preclude you from having a bad yahoo list and
adding points. I'm just saying that when it comes to checking other
blacklists to see if any yahoo server is listed it's a waste of
resources. If
On Wed, 29 Dec 2010 21:09:42 +0100
Matthias Leisi matth...@leisi.net wrote:
I'm not sure whether that would be more appropriate for the dev list,
but I guess this is relevant/of interest to the SpamAssassin project,
and I don't know whether this has caught attention here yet.
In the draft,
On Wed, 29 Dec 2010 21:34:47 +0100
Matthias Leisi matth...@leisi.net wrote:
It's not certain that ISPs will always allocate /64. Some may allocate
/56 or something entirely different,
Bigger than /64 is no problem.
and shared hosting providers may
allocate smaller ranges to their customers
On Wed, 29 Dec 2010 22:05:16 +0100
Matthias Leisi matth...@leisi.net wrote:
Today, querying IPv4 DNSxLs is more or less limited to individual IPs.
Making a new protocol that has more flexibility is very much needed -
one size will not fit all, especially not in the protocol design.
OK. But I
On Wed, 29 Dec 2010 15:42:58 -0800
Ted Mittelstaedt t...@ipinc.net wrote:
What this really calls for is a reworking of the SpamAssassin code.
SA is going to have to start caching the results of any IPv6 DNS
BL queries for a set period of time, probably 2 days.
Why? Isn't caching the results
On Thu, 30 Dec 2010 10:15:42 +0100
Matthias Leisi matth...@leisi.net wrote:
Can you be really, absolutely sure that there will never, ever be a
need to report reputation on anything else than /64?
I think it's a safe bet, especially for whitelists. If you're
whitelisting someone, chances are
On 30 Dec 2010 17:13:07 -
John Levine jo...@taugh.com wrote:
We'll have to change our software to handle v6 lookups no matter what,
so I don't see it as a big deal whether it's a small change or a
slightly larger change.
I agree, so I propose a much larger change: Stop using DNS for this
On Thu, 30 Dec 2010 13:19:03 -0500
Rob McEwen r...@invaluement.com wrote:
If blacklists like CBL are currently at 100 MBs (for IPv4)... the
bloat for IPv6 could break DNSBLs. RSYNCing Gigabyte (or terabyte!)
-sized files is memory and CPU intensive.
Well, not really... John Levine proposes a
On Thu, 30 Dec 2010 13:34:16 -0500
Rob McEwen r...@invaluement.com wrote:
Does John's system do anything to prevent a spammer from sending a
million different spams from a million different IPs (one-ip-per-spam)
...with that IP never to be heard from again)?
Well, obviously not. Nothing can
On Thu, 30 Dec 2010 10:36:59 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
Timeliness? How often are you going to refresh the local copy of the
entire WL/BL? Or are you assuming the WL/BL will be relatively
unchanging over time?
A WL should be relatively unchanging over time. I doubt
On 30 Dec 2010 18:43:50 -
John Levine jo...@taugh.com wrote:
I agree, so I propose a much larger change: Stop using DNS for this
purpose. I don't think it's the right tool for the job.
Sigh. Yes, that's one of the bad ideas.
What is? Using DNS or using something else? :)
[...]
On 30 Dec 2010 18:57:44 -
John Levine jo...@taugh.com wrote:
Hey! I have an idea! How about if we form the data into a B-tree and
let people download pages on demand via the DNS?
Nah, I have a better idea... a B-ish tree where some nodes can get
out of sync because of caching. Won't be
On Thu, 30 Dec 2010 14:18:13 -0500
Rob McEwen r...@invaluement.com wrote:
On 12/30/2010 2:09 PM, David F. Skoll wrote:
But I think it's really
stretching DNS way beyond what it was designed for and it might be
time to look at a different approach.
But David, every example you've provided
On 30 Dec 2010 17:49:46 -0500
John R Levine jo...@taugh.com wrote:
[...]
I'm not wedded to the CNAME hack.
Actually, I was thinking about that. Consider a hack on a DNS server
that gives all records an absolute expiry time that marches forward
in (say) 5-minute intervals. Then when the DNS
On 31 Dec 2010 01:19:16 -
John Levine jo...@taugh.com wrote:
Now obviously, there's a breakpoint at which synchronizing the local
database from the master becomes cheaper than doing lookups. Right
now, that's quite high, but it will move lower with IPv6.
Why do you say that? The number
On Thu, 30 Dec 2010 19:21:25 -0800
Ted Mittelstaedt t...@ipinc.net wrote:
No, I am assuming the spammers will do as they have always done in the
past - attempt to use other people's computers for free. Other
computers that are NOT cycling through lots of IP number in the
normal case.
Hi, all,
We run a system of data collection that collects reputation information
about IP addresses. Our system has data on over 18 million IPv4 addresses
and 2658 IPv6 addresses (which shows how poor the penetration of IPv6
is.) For details of our system, see http://mimedefang.org/reputation
A couple more cents on this topic...
If the problem is blowing DNS caches, then one solution is to query only
authoritative name servers.
Spamhaus, for example, permits 300,000 free queries per day. I bet
many small sites will be under this limit even if they query Spamhaus
directly with no
On Tue, 4 Jan 2011 06:18:55 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
DNS needs to deal with an exponentially-increased address space
regardless of how RBLs behave. Perhaphs DNS caching needs to be
partitioned so that a huge number of queries on *.spamhaus.org don't
blow everything
On Tue, 04 Jan 2011 10:34:43 -0500
Rob McEwen r...@invaluement.com wrote:
game over.. the spammers have already won. And they are quite amused
right now reading us discuss all different ways to rearrange the deck
chairs on the Titanic.
We are talking at cross-purposes here, but I think we
On Tue, 04 Jan 2011 11:01:52 -0500
Rob McEwen r...@invaluement.com wrote:
I've thought this through and... best case scenario is that spammers
then get 5+ years of play time because it will take at least that time
for those other techniques to catch up.
Umm.. no. We have plenty of effective
On Tue, 4 Jan 2011 06:18:55 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
[DFS says all queries should be to authoritative name servers to avoid
cache blowouts.]
You can't compare them. The nature of the queries is vastly different
- the root nameservers only get queries like where are the
Following up on myself...
I ran a little experiment.
Just for fun, I took a day's worth of logs from a fairly busy server.
There were just over 3.1 million SMTP connections/day. If they'd been
using a DNSBL with a 15-minute TTL, they would have had about 1.13 million
cache misses and 1.97
On Wed, 12 Jan 2011 23:23:39 +0100
mouss mo...@ml.netoyen.net wrote:
[...]
you need to train with _your_mail. do not train with somebody else's
mail. one of the defence args is that attackers can't guess your
setup. if every one of us uses the same corpus then it'll be easy for
an attacker
On Thu, 13 Jan 2011 13:51:14 +
RW rwmailli...@googlemail.com wrote:
Is there anything to prevent spammers signing up and using your
databases to autogenerate spam?
Not really, but then we only make our database available to customers
using our commercial product, so the cost would probably
On Mon, 17 Jan 2011 22:12:42 +0100
JKL ju...@klunky.co.uk wrote:
I know this is off-topic but is there a way for a third party
programme to silently drop spam from delivery?
You could use a milter such as MIMEDefang (www.mimedefang.org).
Although it's primarily used by Sendmail admins, it
On Tue, 18 Jan 2011 13:37:40 -0200
Rejaine Monteiro reja...@bhz.jamef.com.br wrote:
I'm not prepared to wait 24 hours for mail servers to successfully
send me mails - it's the equivalent of sealing my letterbox on
Mondays, Wednesdays and Fridays for me, and I want near-real time
email
On Tue, 18 Jan 2011 16:55:42 +0100
Giles Coochey gi...@coochey.net wrote:
The legitimate mail that passes through my mail server comes from
hosts / networks I might not hear from again for months, by which
time I have to potentially wait 24 hours for the greylisting / mail
server to try
On Tue, 18 Jan 2011 22:18:33 +0100
Rolf E. Sonneveld r.e.sonnev...@sonnection.nl wrote:
RFC821/RFC2821/RFC5321 points out that a client has to wait a minimum
of 30 minutes before a retry attempt should be made,
That's fine. I don't care if an email from someone I've never heard
from before is
On Tue, 18 Jan 2011 22:18:20 +
Gary Forrest ga...@netnorth.co.uk wrote:
Interesting 2 of our 3 scanning heads use a grey list system that
uses /32 addresses as part of the process, these two servers have
100's of emails delayed for well over a day. Our 3rd scanning head
uses a grey list
On Tue, 18 Jan 2011 23:37:07 +0100
Rolf E. Sonneveld r.e.sonnev...@sonnection.nl wrote:
I agree with you, looking at my own personal situation. However, many
mail admins (and maybe you too) are responsible for the e-mail
handling of many (tens/hundreds/thousands) of users. Most users have
On Wed, 19 Jan 2011 09:56:47 -0500
Lee Dilkie l...@dilkie.com wrote:
The second was that I've found that the other spam-catching filtering
is doing a much better job than it was years ago and turning off
greylisting didn't adversely affect the amount of spam that got
through.
That's possibly
On Thu, 20 Jan 2011 11:06:31 -1000
Warren Togami Jr. wtog...@gmail.com wrote:
Ham is a lot easier to define than Spam. Ham is simply anything that
you subscribed for.
Not necessarily. You could subscribe to a list expecting it to contain
useful content. A few months later, the organization
On Thu, 20 Jan 2011 16:12:58 -0500
Bowie Bailey bowie_bai...@buc.com wrote:
Of course it is. You subscribed to it. If you don't want it anymore,
unsubscribe.
I disagree. When you subscribe to a list, there's an implicit understanding
of the content you are signing up for. If the list owner
On Thu, 20 Jan 2011 16:31:50 -0500
Bowie Bailey bowie_bai...@buc.com wrote:
When you sign up for a company's email list, you get whatever they
decide to send you.
OK. I guess we'll agree to disagree on our definitions, then.
Regards,
David.
On Mon, 24 Jan 2011 08:03:52 -0800 (PST)
ecrews ecr...@anvault.com wrote:
Is it possible to install SpamAssassin with out gcc?
Looking for a spam filter for a project. Would like to use
SpamAssassin but am not allowed to install gcc, project lead is
worried about security issues with gcc.
On Fri, 28 Jan 2011 18:10:08 +
Dominic Benson domi...@lenny.cus.org wrote:
Recently, in order to balance the ham/spam ratio given to sa-learn, I
have started to pass mail submitted by authenticated users to
sa-learn --ham.
I haven't seen any mention of this strategy on-list or on the
On Tue, 01 Feb 2011 07:30:19 -0700
Danita Zanre dan...@caledonia.net wrote:
Messages from this list have been bouncing since I started enforcing
Reverse DNS lookups on my server.
The irony is that you think that's a good idea.
-- David.
On Tue, 01 Feb 2011 09:43:40 -0500
Randy Ramsdell rramsd...@activedg.com wrote:
Not sure. If our mail servers did not have reverse, we would be
rejected all over the place. Seems like a common setting. Or is it?
Microsoft Windows is very common, but that doesn't make it a good idea.
We add a
On Tue, 1 Feb 2011 09:49:36 -0500
Michael Scheidell michael.scheid...@secnap.com wrote:
because HELO doesn't match RDNS.
Rejecting on that basis would also cause tons of false-positives.
Regards,
David.
On Tue, 1 Feb 2011 09:52:04 -0500
Michael Scheidell michael.scheid...@secnap.com wrote:
[204.89.241.253] mail from:
250 OK
rcpt to: ab...@caledonia.net
550 Missing, invalid or expired BATV signature
A long time ago, I was involved with an argument with the RFC-Ignorant
maintainer. The
On Thu, 03 Feb 2011 10:42:27 -1000
Warren Togami Jr. wtog...@gmail.com wrote:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6526
We finally agreed that rfc-ignorant.org is useless, or slightly more
harmful than good. Spamassassin will be disabling these rules by
default sometime
Ha! I tried posting some log lines and they
got rejected because of SURBL hits! :)
Here goes again... remove the capital X from domain names and IP addresses :)
On Thu, 03 Feb 2011 16:51:15 -0500
Adam Moffett adamli...@plexicomm.net wrote:
That's an interesting point of view. It was
Hi, Steve,
http://www.fsl.com/index.php/resources/whitepapers/99
Interesting. I think you should credit me for this:
Once that has been proven then that â is exempted from further
greylisting for 40 days since it was last seen.
Our CanIt system has been doing that since at least 2005, and
On Tue, 08 Feb 2011 15:47:12 +
Steve Freegard st...@stevefreegard.com wrote:
See http://www.fsl.com/index.php/resources/whitepapers/99
Once that has been proven then that 'hostid' is exempted from further
greylisting for 40 days since it was last seen.
:) Our CanIt system has been doing
On Tue, 08 Feb 2011 17:04:37 +
Steve Freegard st...@stevefreegard.com wrote:
Sure - credit where it is due; I've you to the 'Thanks' section.
Thanks. And also, my apologies for posting to the list... that was supposed
to be a private message. :(
/me mutters something about email amateurs
On Thu, 10 Feb 2011 12:42:40 -0500
Michael Scheidell michael.scheid...@secnap.com wrote:
heads up:
Aieee popen() in security-sensitive software!??!??
Also, why does the milter process run as root? That seems like a huge
hole all by itself.
Regards,
David.
On Fri, 11 Feb 2011 09:50:05 +1300
Jason Haar jason.h...@trimble.co.nz wrote:
That exploit is dated Mar 2010? Has this really not been fixed in
about a year???
If everyone is talking about http://savannah.nongnu.org/projects/spamass-milt/,
it looks like the last release was in 2006. It looks
Sorry to follow up on myself...
If everyone is talking about
http://savannah.nongnu.org/projects/spamass-milt/, it looks like the
last release was in 2006. It looks like that project is abandoned.
I cannot edit the wiki, but I think spamass-milt should be removed from
On Fri, 11 Feb 2011 12:08:35 -0800
Adam Katz antis...@khopis.com wrote:
I consider it a mission-critical component to be able to deliver a
rejection notice at SMTP-time (to avoid backscatter from an emailed
bounce message). The other systems out there (specifically amavis and
mailscanner)
On Wed, 23 Feb 2011 18:43:58 +0100
Michelle Konzack linux4miche...@tamay-dogan.net wrote:
And WHY should my domain news.electronica.tamay-dogan.net have a
MX record if the will NEVER receive any mails?
Well... any domain that sends mail must be prepared to receive it
also, if only to receive
On Wed, 23 Feb 2011 23:03:46 +0400
Mahmoud Khonji m...@khonji.org wrote:
However, since many legit senders ignore this, it turns out that FP
rate is too high for now.
I am unaware of a single FP from our policy of rejecting
MAIL FROM:sen...@example.org where example.org lacks MX, A and
On Wed, 23 Feb 2011 18:48:51 +
RW rwmailli...@googlemail.com wrote:
That's true for person to person mail, but there are kinds of mail
where loss is inconsequential and no-one is going to read the DSNs
e.g. newsletters.
Strongly disagree.
If you're sending newsletters, you'd *darn
On Wed, 23 Feb 2011 22:17:47 -0500
Alex mysqlstud...@gmail.com wrote:
While some of the mail from that sender seems legitimate, other mail
clearly isn't, but it has the same header as a legitimate mail, making
it very difficult to properly train bayes or otherwise accurately
determine that
On Fri, 25 Feb 2011 12:57:39 +
Martin Gregorie mar...@gregorie.org wrote:
However, the thing I hadn't seen before is that its IP, 208.115.216.98
resolves to 98-216-115-208.static.reverse.lstn.net
So, is this a normal, expected reverse DNS result that I just haven't
seen before or is it
On Fri, 25 Feb 2011 21:55:12 +0100
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
Incorrect. You must have abuse@addresses iat your domain registration
boundary, if you can receive e-mail.
http://www.rfc-ignorant.org/policy-abuse.php
That quotes RFC 2142, which is only a proposed standard.
On Sat, 26 Feb 2011 16:17:28 +0100
Matus UHLAR - fantomas uh...@fantomas.sk wrote:
[...]
...and we still don't have better standardized and documented way to
report abuse, do we?
postmaster@ *has* to be there for sure, so if abuse@ is not, send
your reports to postmaster@
I understand what
On Mon, 28 Feb 2011 14:42:56 -0600
Matt lm7...@gmail.com wrote:
I think this would be a great idea.
I think it's dumb on so many levels it's hard to know where to begin.
1) Having an Expires: header would make naive users think that it's actually
technically possible to force their email
On Mon, 28 Feb 2011 15:51:32 -0600
Matt lm7...@gmail.com wrote:
Looking at top 8 newest messages from my personnel email account:
[Spammy subjects deleted]
It looks like you need some sort of anti-spam system. Maybe
someone on this list can recommend one to you.
(You aren't trolling for the
On Tue, 01 Mar 2011 21:15:13 -0800
Ted Mittelstaedt t...@ipinc.net wrote:
Please, instead of just randomly selecting terms related to copyright,
why don't you try to make a coherent and logical argument why
expiration dates on copyrighted material are illegal and should be
ignored.
The
On Mon, 07 Mar 2011 19:51:47 +
Ned Slider n...@unixmail.co.uk wrote:
Like you, I've yet to find a reliable set of meta rules to
effectively deal with this junk and invariably it turns into a game
of chasing one's tail.
We use an in-house DNSBL based on our reputation-reporting code
On Fri, 11 Mar 2011 12:51:44 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
...your email is so time-critical that you can't wait an extra ten
seconds for it to be delivered?
On a busy server, a ten-second latency in scanning mail could kill you...
As another poster said, 10s for network
On Sat, 19 Mar 2011 01:08:42 +0100
Michelle Konzack linux4miche...@tamay-dogan.net wrote:
No, because there are ore then one Botnet of this size now...
I also haven't noticed much difference.
Regards,
David.
So when it comes to spear phish, in my view, a big question mark
arises to indicate that its risk is simply unknow to mankind. This
is unknown in the public domain as far as I know, which is why I
posted this mail to see if any of you see any spear phish within the
load of SPAM you detect.
On Sat, 19 Mar 2011 05:42:22 +0400
Hamad Ali crownco...@hotmail.com wrote:
Can I assume that your solution that detected a portion of the spear
phish is 100% SA? In case not fully SA, any hints on its mechanics?
It's not fully SA. We don't use the SA Bayes implementation; we have
our own that
On Tue, 29 Mar 2011 10:26:15 -0400
Jason Bertoch ja...@i6ix.com wrote:
Apparently, messagelabs has something broken and/or the DNSWL
listing needs adjustment.
Yes, some of MessageLabs' customers seem to be spamming or (more
likely) compromised:
$ reputation-check 216.82.242.115
On Wed, 30 Mar 2011 16:51:57 +0200
Marcin Mirosław mar...@mejor.pl wrote:
I'm using postgresql, but machine isn't quick... Any db is slowly
there.
Using Pg for Bayes data will be really slow. We don't use the SpamAssassin
Bayes implementation and we went through three iterations of storage
On Fri, 1 Apr 2011 19:52:54 +0200
Mark Martinec mark.martinec...@ijs.si wrote:
I can very much believe and agree that for a read-only bayes database
the CDB provides the best performance - as long as you can afford
(or have no other choice in large scale environments) to update it
On Fri, 1 Apr 2011 14:34:16 -0400
dar...@chaosreigns.com wrote:
Out of the 86,899 IPs I have data for, all but 38 are either 100%
spam or 100% ham,
That sounds a bit funny.
We have data on over 17 million IP addresses (collected using
http://mimedefang.org/reputation) Of those, about 9
On 9 Apr 2011 14:29:24 -
John Levine jo...@taugh.com wrote:
Anyone know of any legitimate use of multiple email addresses in a
from line?
Yes. I know a few IETF people who do it. Stuff like notes to a
working group from both chairs.
RFC 5322 does allow multiple addresses in the From:
On Sun, 10 Apr 2011 08:30:46 -0400
Michael Scheidell michael.scheid...@secnap.com wrote:
header __MANY_SENDER sender =~ /@.*@/
Trying to match email addresses with regexes is dangerous. The string:
funny@last@roaringpenguin.com
is a valid email address. Check the RFCs if you don't
On Wed, 11 May 2011 13:10:31 -0700
Ted Mittelstaedt t...@ipinc.net wrote:
Yahoo's SMTP mailers are unable to handle a standard
SMTP error 4xx, if they get one they abort the
transmission and return the message to the sender
Do you have evidence to back up that claim? I don't believe
it's
On Wed, 11 May 2011 16:35:50 -0400
Michael Scheidell michael.scheid...@secnap.com wrote:
if someone sends an email to 175 people, once they hit 'x' number in
the first email attempt, we send '4xx too many emails'
Ah, ok. We avoid issuing 4xx in response to a RCPT command because
quite a lot
1 - 100 of 486 matches
Mail list logo