...@haven:~#
Still, if you were doing that, you'd want to use an integer rather than
a varchar preferably.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
that using the whitelist was causing a lot of spam to get
through but not helping to get more ham through, so I decided to
reduce the recommended score on the website from -5 to -0.2.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http
to
make sure it's valid, before doing the uribl lookup. Eg:
m...@haven:~$ host -t ns invented.by
invented.by does not exist, try again
m...@haven:~$
You'd also want to cache your results. This conversation however is
pointless. Why not just try it and see how well it works.
--
Mike Cardwell
Hi,
I've started seeing spam email containing an X-Mailer header which is
the domain name of the From header. Eg:
From: Compare and Cover Life i...@3009943.webguide103.com
X-Mailer: webguide103.com
How would I construct a spamassassin rule to check for this?
--
Mike Cardwell - IT Consultant
:
http://search.cpan.org/~arich/Email-ConstantContact-0.02/lib/Email/ConstantContact.pm
I just thought it was a weird coincidence, seeing as I'd never heared of
them before today.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http
Aaron Wolfe wrote:
I think the point was that the URIBL's are never going to be listing
these domains, so why waste time looking them up
m...@haven:~$ host constantcontact.com.multi.uribl.com
constantcontact.com.multi.uribl.com A 127.0.0.4
m...@haven:~$
--
Mike Cardwell
headers like this:
bayes_ignore_header X-CudaHeader1
bayes_ignore_header X-CudaHeader2
bayes_ignore_header X-CudaHeader3
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
snowweb wrote:
What makes you think anyone can answer that? The message you posted to
pastebin for us to test and review was nonexistent.
What is 'pastebin' and how do I use it?
http://lmgtfy.com/?q=pastebin
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd
.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
.
Set up the forum. It might work. I'm not anti-forum, I just think
mailing lists are generally better.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
have an addon installed named Reply to
mailing list which adds a button Reply list inbetween Reply and
Reply All which has been very useful.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Hi,
I just started using the SOUGHT rules for the first time. They seem to
be triggering on emails now, but the default score for hits against the
rules seems to be 3.0 and 4.0. That seems quite high to me. Are these
rules considered to have an extremely low false positive impact?
--
Mike
, bidirectional mailing list-newsgroup gating.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
would disagree, that you're more likely
to get a false positive from the first than the second.
Or were you ignoring the large bright red warning signs and usage
information on http://www.backscatterer.org/ ?
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd
the list.
This might be more accurate:
accept !senders = :
dnslists= ips.backscatterer.org
I see. You think Host sends backscatter therefore Host never sends
spam. An interesting hypothesis.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226
or does sender callouts
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
, not the SAV,
and I'm interested if the backscatterer.org blacklists IPs with SAV or only
those that send real mails...
It does both. The minimal amount of text on the front page couldn't be
clearer about that ...
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd
Matus UHLAR - fantomas wrote:
I've read the sender callouts page and I don't see any evidence that it
mentions the SAV problem.
On 07.08.09 15:33, Mike Cardwell wrote:
I went to the front page, and then clicked Sender Callouts ... The
very first line says:
Sendercallouts (Sender Verify
error
if it can't speak to SpamAssassin.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
of all of the hostkarma
lists. I still use them sensibly in my own SpamAssassin configuration
though for applying low scores.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
rich...@buzzhost.co.uk wrote:
I've not laughed so much since I added a low priority mx pointing to
127.0.0.1 .
Heh. Looks like someone got there before me:
http://rfc-ignorant.org/tools/lookup.php?domain=buzzhost.co.uk
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd
How would I create a rule to match when a subject line begins /^Re: /i
but the message contains no References or In-Reply-To headers?
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
: is 96 hours or more before Received: date
Although the date header was badly formatted, it wasn't actually
incorrect as far as when the message was sent. I don't think the
DATE_IN_PAST rules should fire if the date isn't valid in the first place...
--
Mike Cardwell - IT Consultant and LAMP
.
There's probably loads of other little things.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
under the .BIZ, .COM, .INFO,
.NAME, .NET and .US TLDs
Doesn't work for .cn's, or any other country level tld's (apart from .us)
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
on the HostKarma
whitelist. In comparison, it's very rare that I see any spam from hosts
listed on dnswl.org. I chose a score of -0.2 here.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
to the list.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
RCVD_IN_XBL - 127.0.0.[45678]
RCVD_IN_PBL - 127.0.0.1[01]
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
RCVD_IN_SBL to
match 127.0.0.[23] for now, but I wouldn't expect it to be added to the
main distribution until it was properly tested.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
checks before SpamAssassin, but until then I may as
well use the resources I have available.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
= zen.spamhaus.org=127.0.0.4
You can be 100% backwards compatible by leaving all of your lists as
they are, but then adding another one which is a combined version of all
of them...
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
for the source code, even
though it's not fully ready for other people to use, so I've temporarily
stuck it up at https://secure.grepular.com/WebsiteScanner/ in case
anyone wants to pick it a part and use bits of it.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd
a description of Meta
rules with a good example.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
0.00 19.77
10DKIM_VERIFIED 244 1.910.46 16.41
11RCVD_IN_DNSWL_LOW 176 1.110.04 11.84
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https
geocities specific rules any more if geocities doesn't
exist? It's not as if spammers can host their websites on geocities
anymore so there's no reason why a spammer would include a geocities url
in their spam. May as well just delete the rules...
--
Mike Cardwell - IT Consultant and LAMP developer
of this software.
rsync? unison? glusterfs? gfs over drdb? A nas with NFS/CIFS mounts?
DropBox? s3fs? There are a million ways to share files between multiple
servers.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog
every other feature of his lists without
using this particulary part. You wouldn't use a DNSBL without knowing
how it works first would you?
When I say, you, I'm refering to the people using the JMF lists, not
specifically you Benny.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell
whitelist_from_spf *...@spam-l.com
Very useful.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
. Then we can look at what is causing
the rules to trigger.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
as the nobody user. This allows me to have per
user preferences and bayes applied to the vast majority of incoming
mail, during SMTP; only a tiny proportion of incoming mail here is
multi-recipient... YMMV
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company
worked up some people get about the spam
problem. There are worse problems in life to get angry about.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
can register your IPs...
Which is it? Do I have to register a domain, or don't I? So I signed up
for an account and all I see is an option to register my domains with
them, and that costs money... I see no option for registering the IPs of
my resolvers.
--
Mike Cardwell - IT Consultant and LAMP
.
That particular email was sent from a host in Nigeria connecting to a
host in Brazil. The Nigerian host is listed on Barracuda, the SBL and
the XBL. The From header uses a domain name that isn't registered
(swinepro.net) and a freemail Reply-To. It's also currently hitting Pyzor.
--
Mike Cardwell
was:
10HABEAS_ACCREDITED_SOI 367 1.450.00 17.36
So it hit on 17.36% of my Ham, and 0% of my Spam.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
addresses with a key word like spam, ham,
or other useful messages that we might want to gather information about.
Data might look like this:
spam 1.2.3.4 example.com
ham 5.6.7.8 example2.com
What is example.com ? The envelope sender domain? The PTR? The From
header domain?
--
Mike Cardwell
FH_DATE_PAST_20XX Date =~ /20[1-9][0-9]/ [if-unset: 2006]
Doesn't look particularly sane to me... I have given that rule a score
of 0 in my local.cf for now.
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https
... That doesn't sound to me as
though this ruke was based on the results of a mass check...
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Technical Blog: https://secure.grepular.com/blog/
to an internal
user?
That would break a lot of list mail. Look at the From header compared to
the envelope sender on this email for example. I *think* you could
achieve what you're looking for by using DKIM and *requiring* that mail
from your domain is signed.
--
Mike Cardwell: UK based
just firewalled out his server after
the first dozen or so bounces.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog/
Spamalyser
On 11/01/2010 14:55, Charles Gregory wrote:
On Mon, 11 Jan 2010, Mike Cardwell wrote:
: I just copied and pasted that out of pastebin into a little project I've
: been working on. Here's the result:
: http://spamalyser.com/v/6xnb26gp/mime
Question: What does spamalyzer do with an HTML message
off topic now.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog/
Spamalyser : Spam Tool - http://spamalyser.com/
probably move there. Any
further announcements will happen there, not here.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog/
Spamalyser
SPF checks on the From header of this email it would be
rejected due to an SPF failure.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog
Greek though.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/blog/
Spamalyser : Spam Tool - http://spamalyser.com/
On 19/01/2010 10:07, mamalos wrote:
I just pasted that email into spamalyser.com and it gave this:
http://spamalyser.com/v/u32d10ix/mime
The subject looks fully capitalised to me when decoded? I'm not overly
proficient on my Greek though.
--
Mike Cardwell: UK based IT Consultant, LAMP
emails. Is
such an infrequently triggering rule worth having a dedicated DNS based
lookup system?
It's *much* more sensible to just push out the changes with sa-update.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
whitelist_from or
even whitelist_from_rcvd. Personally I use this to whitelist all
Apache mailing lists, including the SpamAssassin one:
whitelist_from_spf *...@*.apache.org
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
for doing it with
CommuniGate Pro:
https://secure.grepular.com/CommuniGate_Pro_Contact_Folders_as_a_Whitelist_Source_for_Exim
I also add recipient addresses to a MySQL based whitelist on my MSA
(Exim): https://secure.grepular.com/Whitelist_Recipients_in_Exim
--
Mike Cardwell: UK based IT Consultant
help you there.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
--
Mike Cardwell
...
By forwarding the email the way you have, your email client has stripped
out most of the useful header information. Try pasting the message
including the full set of headers into http://spamalyser.com/ or
http://pastebin.com/ or similar and then come back here with a link to it.
--
Mike Cardwell: UK
restrictions in order to prevent content being uploaded and then
linked to from spam, which is why the wget failed. I have removed
referer checks for user agents matching /wget|lwp|lynx|links|python/i
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK
.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
)?
Decide how much spam you're willing to manually check, then parse your
logs to determine the largest threshold you could set which wouldn't
exceed that volume.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
on a limb here and
suggest that maybe gpg wasn't found, but is required, and that you
should install it?
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https
of it in a From field, so I can't be sure it happens.
Space followed by www. ?
header WWW_IN_FROM From =~ / www\./
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https
a blank subject line? Using SpamAssassin 3.3 here, if I
run this command:
echo -ne Subject:\nX-Foo: bar\n\nviagra CIALIS\n|spamassassin
I end up with a single Subject line of:
Subject: *SPAM*
And no additional empty subject line. That's how it should work.
--
Mike Cardwell: UK based
, not something that is
going to be very popular.
Alternatively, configure your MTA to deliver an unmodified second copy
of all incoming email to a separate maildir.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
isn't
bothered by Spam, however if they're expecting a message which doesn't
arrive due to spam filtering, they know they can just peak in their
Junk E-Mail folder and it will be there.
Best of both Worlds.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell
: bar\n\nviagra CIALIS\n|spamassassin
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
.
You've failed to convince me.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
features from my system.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/
help prevent someone from performing a DOS.
If you *can* do SMTP time spam scanning, then that's the best place for it.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog
.
To me this just says that we don't have enough servers to deal with the
spikes, but it happens infrequently enough that it's not worth
investing. I still think SMTP time scanning is both practical and desirable.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
.
I want you to describe a scenario where the sender or recipient are
actually worse off because of the particular two features I've
described. You've failed to even attempt that so far.
I know this system works well because I've been using it for a long time.
--
Mike Cardwell: UK based
and
trackable forwarding, SPF or not.
The forwardind without changing sender is imho already broken, however the
breakage gets visible with SPF adoption.
Yes. A more accurate statement than, SPF breaks forwarding, would be,
Broken forwarding is incompatible with SPF.
--
Mike Cardwell: UK
above is a long list of dubious predictions of what
spammers would do if everybody used the same system as me. I can't be
bothered with this thread anymore. Feel free to make dubious assumptions
of why that may be. Out.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
on this list. It's very good. But if my
additions knock 0.1% more off the rate, then I'm happy. Out.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https
of mime parsing and decoding.
You could score on the koi8-r charset. You could score on the fact the
email came from South Korea. You could use the TextCat language plugin.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com
it might cause collateral damage.
The positive aspects of *any* mail being signed with SPF, ham *or*
spam, are so damn obvious, I don't know how you manage to mis-represent
them so blatantly and so poorly.
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd
On 26/02/2010 14:20, LuKreme wrote:
On 26-Feb-2010, at 07:13, LuKreme wrote:
SPF_PASS 0.001
SPF_fail 5.0
whitelist_from_spf *...@ebay.com
whitelist_from_spf *...@paypal.com
You forgot whitelist_from_spf *...@*.apache.org
--
Mike Cardwell: UK based IT Consultant, Perl developer, Linux
On 03/03/2010 13:22, twofers wrote:
I have 52 of these sitting in my inbox this morning when I came in to
work. this is just the beginning. I get literally hundreds of these a
day and Spamassassin does not even check them.
Suggest you configure SpamAssassin to check them then.
--
Mike
URIBL_DBL dbl.spamhaus.org. A 2130706688
Yeah. You shouldn't be using it like that on 3.3.0. Go to
http://www.spamhaus.org/dbl and look for SpamAssassin on the FAQ page.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog - https
to me.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog - https://secure.grepular.com/
Follow me on Twitter - http://twitter.com/mickeyc
Hire me - http://cardwellit.com/ http://uk.linkedin.com/in/mikecardwell
on no-more-funn.moensted.dk 127.0.0.2
127.0.0.2 is listed on ips.backscatterer.org 127.0.0.2
127.0.0.2 is listed on dnsbl-3.uceprotect.net 127.0.0.2
m...@haven:~$
It does the lookups concurrantly so it's quite quick.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech
A 208.73.210.27
m...@haven:~$
Wonder how many people that has tripped up in its time.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog - https://secure.grepular.com/
Follow me on Twitter - http://twitter.com/mickeyc
Hire me - http://cardwellit.com
and bl.spamcop.net. There is no noticable
difference in the FP rate between them here and all three hit on a *lot*
of spam.
--
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog - https://secure.grepular.com/
Follow me on Twitter - http://twitter.com
this should be sorted within SpamAssassin its
self. Opinions?
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
the usernames follow
a very specific format, and our password policy is quite strict meaning
that the number of possible username/password combos we pull out of
emails is quite low.
It has been very successful for us.
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
using Kochi by hooking it
into Squid or some other HTTP proxy. It should be no more difficult than
scanning outgoing email is.
Of course, that only helps if your users are accessing the web from
within your sphere of control at the time. Phishers are unlikely to use
SSL for this.
--
Mike
use rbls like sbl-xbl.spamhaus.org if you wanted as well
of course.
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
on $dnslist_domain
--
Mike Cardwell
(https://secure.grepular.com) (http://perlcv.com/)
the size, DNS will start looking
attractive..
This might sound a big picky, but using backticks to call the date
command in a perl script is horrible. Try using the standard gmtime
function. Eg:
$date = gmtime().' (UTC)';
Rather than:
$date = `date -u`; chomp($date);
--
Mike Cardwell
(https
serious or is this some geek humor that I don't get?
I was serious. Your code is a bit shit. I was just trying to help. Never
mind.
If you are serious, would you be willing to audit SpamAssassin code with such
enthusiasm? It might actually _matter_.
No, I'm too busy.
--
Mike Cardwell
(https
be an inspiration for all coders out there.
Now back to the real world..
Sorry, I assumed that if you were releasing source code to the public,
you'd want to make sure it was cross platform compatible. I wont point
out the various other limitations with your script then.
--
Mike Cardwell
(https
in the TXT record rather than having a separate file, apart from
keeping the data together.
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
Adam Katz wrote:
Mike Cardwell contended:
It would definitely require a hashing algorithm, like MD5. IIRC
there is a maximum length for a hostname, and that is 255
characters. What if the hostname in your email address is 255
characters long on it's own...?
When MD5sums were first proposed
)
There's actually a mailing list for the project. You're probably better
off asking these questions there:
http://groups.google.com/group/anti-phishing-email-reply-discuss
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
:
^(?i)https?://[a-z]+\.example\.com/unsubscribe\.cgi\?id=\d+$
And:
^(?i)customer-service-[a-z]...@example\.(?:com|co\.uk)$
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
*to* those addresses. Many organisations rightly or
wrongly don't perform spam filtering on their outgoing relays so
spamassassin is a bit over the top when you can just use another dns
based bl.
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
1 - 100 of 122 matches
Mail list logo