Poor choice of words.
Not a virus. A vaccine. ;-)
-Philip
Justin Mason wrote:
er, it's illegal, and we're not criminals like they are? ;)
--j.
Philip Prindeville writes:
Given that spammers read this list to figure out how to defeat us...
Why don't we just secure a copy of ratware
Any takers? ;-)
http://seeker.dice.com/seeker.epl?rel_code=1102op=5type=14dockey=xml/7/a/[EMAIL
PROTECTED]bb=0source=15
their email.
Thanks,
-Philip
to
look like a spam filter release but its far from ideal, does anyone know
of any templates for squirrelmail or have they developed any?
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email: [EMAIL PROTECTED
[9013] dbg: channel: updating MIRRORED.BY contents
[9013] dbg: channel: cleaning out update directory
[9013] dbg: channel: extracting archive
Insecure dependency in open while running with -T switch at
/usr/lib/perl/5.8/IO/File.pm line 70.
Kind Regards,
Philip Seccombe
Turnstone
identifiers.
nibbler:~#
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email: [EMAIL PROTECTED]
Web: www.turnstone.co.nz
-Original Message-
From: Doc Schneider [mailto:[EMAIL PROTECTED]
Sent: Friday, 9
to the calls, please specify them here.
Parameters for the 'perl Build.PL' command?
Typical frequently used settings:
--install_base /home/xxx # different installation
directory
Your choice: []
Oops :s
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64
::ReadKey is up to date (2.30).
Term::ReadLine::Perl is up to date (1.0302).
YAML is up to date (0.62).
Text::Glob is up to date (0.07).
CPAN is up to date (1.8802).
File::Which is up to date (0.05).
nibbler:~#
And there's just nothing happening
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ
the newest version.
0 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.
nibbler:/etc/init.d#
If apt-get will not install it, how do I upgrade it properly?
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email
Apologies if this has been answered before or anything, but where/how
are you generating those stats?
I'm not using SA with SQL so I'm not sure if it will work for me, but
those I like!
Stats in question: http://www.blue-canoe.com/stats/index.php?D1=11
Kind Regards,
Philip Seccombe
Turnstone
Can you blacklist @ returns.groups.yahoo.com and then whitelist
[EMAIL PROTECTED] or something?
I'm not sure how the yahoo groups work, but is the reply address
specific to each group or does it get sent from the person to the group
address like this list?
Kind Regards,
Philip Seccombe
mailbox on the server
else it forwards the message onto the customers mail server
Appologies on the huge email, I wanted to give as much detail as I could
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email
] or
something?
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email: [EMAIL PROTECTED]
Web: www.turnstone.co.nz
-Original Message-
From: Steve Monkhouse [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 13 February 2007 12:13
@spamassassin.apache.org
Subject: Re: SpamAssassin using spamc but not using rules correctly? Is my time
being wasted changing local.cf etc?
On Tue, Feb 13, 2007 at 11:42:22AM +1300, Philip Seccombe wrote:
Hi everyone,
I've taken over a mail server from a previous technician and he's
modified qmail
Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970 5550
Fax: +64 9 970 5559
DDI: +64 9 970 5552
Email: [EMAIL PROTECTED]
Web: www.turnstone.co.nz
-Original Message-
From: Steve Pfister [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 14 February 2007 10:51 a.m.
To: 'Matt
I take it your saving your email on the same server that does the spam
filtering?
Only other thing I could think of if this is not the case is email being sent
directly to your mail server via secondry mx records or something.
I run a server which filters mail for clients which is what made me
mail.abcltd.com goes
to our spamassassin filters ip address.
Email to @abcltd.com goes to our spam filter, it checks it, if its spam
it saves it in a local mailbox, if its ham it forwards it to ABC Ltd's
server.
Kind Regards,
Philip Seccombe
Turnstone Technologies NZ Limited
Phone: +64 9 970
for the enhancement?
-Philip
to support
IP/CIDR addresses as well...
Let's not overload the meanings of trusted_networks and
internal_networks. These latter two are already confusing
enough for most newbies without having them take on
additional unintended meanings.
-Philip
: Microsoft Outlook, Build 10.0.2627
Reply-To: Monster.com [EMAIL PROTECTED]
X-Priority: 3 (Normal)
Message-ID: [EMAIL PROTECTED]
To: Philip Prindeville [EMAIL PROTECTED]
Subject: Money-Investment
Mime-Version: 1.0
Content-Type: multipart/mixed;boundary=--
If someone can prove to me
by potentially
creating more incidents of Spam.
Quelle folie.
-Philip
Philip Prindeville wrote:
I'm looking at the headers I just got from a Canadian
ISP's autoresponder I guess the software is called
KANA. Anyone know who owns this? (Yes, someone
not very clueful, I know... let's be more specific than
that...)
Date: sam., 05 mai 2007 18:46:43
(or
as appropriate) to get them listed on until they start playing well
with others?
Would the FAQ's Reporting Spam section be a good place to mention the
various sites that you can rat out offenders?
Thanks,
-Philip
Michele Neylon :: Blacknight wrote:
Philip Prindeville wrote:
We're seeing a lot of unwanted attempts to relay traffic through our
site by Orange.fr, and we've reported this to their Abuse contact as
well as their upstream provider (rain.fr):
Jul 11 11:30:37 mail mimedefang.pl[31610]: relay
Phil Barnett wrote:
On Wednesday 11 July 2007, Philip Prindeville wrote:
Michele Neylon :: Blacknight wrote:
Philip Prindeville wrote:
No joy.
How long ago did you report it?
Which time? It happens regularly, and it's been going on over a month
Please can somone indicate if they about any gui frontends for
spamassassin except websuers prefs.
I require a front end to handle rules , header , subject and content
filtering , configuration and reporting on spam activity.
any help appreciated.
Thanks
Need a gui interface for a linux enviroment , need to be able to lets
custoemrs see that thier spam is getting blocked and how much is being
blocked and allow them to modify thier own settings as they need.
On Wed, 2005-05-11 at 19:09 -0700, Robert Menschel wrote:
Hello Philip,
Wednesday
I have a custom black list with rules like :
blacklist_from [EMAIL PROTECTED]
How can one make sure these rules are picked up by spamassassin as these
emails are still getting through
Spamassassin running on Freebsd.
getting solicitations for Turkish chain
letters,
etc. Though having separate settings for headers and body text would be
useful, because someone's Organization or full-name might be accented...
but the text of the body shouldn't be... well, except that the signature
line
might be... Sigh.
-Philip
and body text would be useful, because
someone's Organization or full-name might be accented... but the
text of the body shouldn't be... well, except that the signature
line might be... Sigh.
-Philip
Matt Kettler wrote:
Philip Prindeville wrote:
snip
Philip will get no further help from me until he modifies his ACLs.
Final-Recipient: rfc822; [EMAIL PROTECTED]
Action: failed
Status: 5.1.0 MAIL FROM: [EMAIL PROTECTED] 550 REPLY:
550_5.0.0_This_provider_is_blacklisted
Sorry, I don't help
Matt Kettler wrote:
Philip Prindeville wrote:
Matt Kettler wrote:
Philip Prindeville wrote:
snip
Philip will get no further help from me until he modifies his ACLs.
Final-Recipient: rfc822; [EMAIL PROTECTED]
Action: failed
Status: 5.1.0 MAIL FROM: [EMAIL PROTECTED] 550 REPLY
Matt Kettler wrote:
Philip Prindeville wrote:
I'm not protesting anything.
So blocking Comcast is not a public gesture of disapproval?
http://dictionary.reference.com/search?q=protest
noun definition 2:
An individual or collective gesture or display of disapproval
Richard Ozer wrote:
Philip,
Methinks that's a very silly policy. You're aren't hurting Comcast an
iota; but you sure are penalizing yourself, your users, and their
email contacts. A properly configured SA box will block spam from
Comcast subscribers as well as from anyone else so I don't
Matt Kettler wrote:
Philip Prindeville wrote:
I.e. any provider or country that doesn't have an institutional policy
of prosecuting spam senders...
Erm, so you're going to block all of the US, correct?
No. We have laws against spam that hopefully most legitimate ISP's attempt
was a tee-totaler that never left the house and didn't
drive, would anyone try to convince me that I should live
otherwise?
-Philip
Gary W. Smith wrote:
Philip,
From what I have read, people have given you complete and logic advice
on how to do this properly. Yeah, the US has laws regarding
Matt Kettler wrote:
Philip Prindeville wrote:
Matt Kettler wrote:
Philip Prindeville wrote:
I.e. any provider or country that doesn't have an institutional policy
of prosecuting spam senders...
Erm, so you're going to block all of the US, correct
Alan Premselaar wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Philip Prindeville wrote:
Matt Kettler wrote:
Philip Prindeville wrote:
I.e. any provider or country that doesn't have an institutional policy
of prosecuting spam senders...
Erm, so you're
Philip Prindeville wrote:
Then I've not deduced what addresses are used for users and which
block is allocated to servers...
Fair enough. This conversation started when I pointed out you were
blocking comcast's *entire* network. I did so because you failed to
accept mail properly relayed
Anyone else seeing this?
[EMAIL PROTECTED] src]# wget
http://apache.roweboat.net/spamassassin/source/Mail-SpamAssassin-3.1.0.tar.gz
--21:47:02--
http://apache.roweboat.net/spamassassin/source/Mail-SpamAssassin-3.1.0.tar.gz
= `Mail-SpamAssassin-3.1.0.tar.gz'
Resolving
directory `/home/src/redhat/BUILD/Mail-SpamAssassin-3.1.0'
make: *** [spamc/libspamc.so] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.48686 (%build)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.48686 (%build)
[EMAIL PROTECTED] src]#
Is this a known issue?
Thanks,
-Philip
P.S
, but the MAIL FROM: includes a
monotonically increasing integer... so it's never the same string twice.
That's sort of shoots us in the foot, doesn't it? ;-)
-Philip
character sets (like EBCDIC) is operating-system specific character
sets (like Windows-*).
Better granularity and more tweakable knobs in the character set triage
would be welcome here.
-Philip
Scott Russell wrote:
Philip Prindeville wrote:
I brought up this same question a few weeks ago about why ISO-8859-9
would be acceptable for ok_locales en, for instance.
See my posting on 02/03/2006, and:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4794
You probably do
some long unique id:
[EMAIL PROTECTED]
That can't be whitelisted... Grrr...
Is it reasonable to ask if these two tests above can be made to
*not* count bangs associated with names that have a bang as part
of their trademark? I.e. CinemaNow! and Yahoo! etc...
-Philip
Matt Kettler wrote:
Philip Prindeville wrote:
I was noticing that every time that someone forwards me an
article from yahoo! news that it scores high on the
MANY_EXCLAMATIONS and PLING_PLING tests.
Unfortunately Yahoo! also changed the policy about generating
the MAIL FROM: line. It used
.
BTW: An excellent source of spam is (unfortunately) the
alsa-devel mailing list:
alsa-devel@lists.sourceforge.net
If anyone wants to collect spam but not expose their own hosts
as deliberate targets.
-Philip
Matt Kettler wrote:
Philip Prindeville wrote:
Matt Kettler wrote:
Philip Prindeville wrote:
I was noticing that every time that someone forwards me an
article from yahoo! news that it scores high on the
MANY_EXCLAMATIONS and PLING_PLING tests.
Unfortunately Yahoo! also
to really distrust
that connection...
And how sane/smart would doing this be? E.g. having:
score SPF_FAIL 10.0
Thanks,
-Philip
Chris Santerre wrote:
From: Philip Prindeville [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 21, 2006 9:45 PM
To: users@spamassassin.apache.org
Subject: Pling pling, many exclamations, and Yahoo!
I was noticing that every time that someone forwards me an
article from yahoo
manipulated somehow before the regex rules
are run?
Is there any way to see a particular rule being run (whether it matches
or not)?
-Philip
Loren Wilton wrote:
Subject:raw. The charset stuff has been stripped out by the time it is just
Subject.
Loren
Beauty. Thanks.
-Philip
[EMAIL PROTECTED] wrote:
[snip]
Hi Philip,
most phish works that way so it is probably worthwhile...
This question comes up every now and then, and everytime there are a couple of
responses
saying that many legitimate html mail contains similar stuff
a href=somesite.com/buy.php?id
, since
if it looks like spam on that list, it probably is...
Could we add an example of using envelope info?
Thanks,
-Philip
[EMAIL PROTECTED] wrote:
Philip Prindeville wrote:
Could we add an example of using envelope info?
SpamAssassin doesn't see the envelope. Some MTAs add headers for
envelope-header and envelope-recipients (Return-Path:, X-Apparently-To:, etc.)
If you're careful about how you call
-outbound.sourceforge.net A 66.35.250.225
debug: registering glue method for check_for_spf_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x1701c90))
...
Do I need to use:
header EnvelopeFrom =~ /[EMAIL PROTECTED]/
instead? That doesn't seem to work either.
-Philip
Theo Van Dinter wrote:
header EnvelopeFrom =~ /[EMAIL PROTECTED]/
ought to do it.
The header is just the address. envfrom= is output from the SPF
debug line.
Yup.
That works.
Now... Is anyone going to try to talk me out of this, on the basis of it
being unsound? ;-)
-Philip
catching this
stuff.
What better checks are you referring to?
Something I need to pull down from SARE?
-Philip
Other than that, I see no problems with having sender-specific spam checks
that are more draconian than general checks.
Loren
and working?
Hmmm... It would be handy if someone had a mailbox set-up somewhere
that people
could send a test message to, and it would run the SPF test and include
the results in
a reply...
-Philip
I couldn't find any obvious indication of what use_terse_report has been
replaced with... Anyone?
-Philip
David B Funk wrote:
On Wed, 1 Mar 2006, Philip Prindeville wrote:
Loren Wilton wrote:
could I be doing that would avoid this sort of FP?
You don't seem to be running net tests. I see headers for both SPF and
DomainKeys in that mail. These tests should have pulled the score
of whether the message is being submitted locally via a pipe, a
file, loopback socket, etc. or whether it is being relayed on port 25.
-Philip
mouss wrote:
Philip Prindeville a écrit :
I'm curious to know how the message could have been routed and delivered
without ever getting an Message-Id: stamped on it...
Sendmail, for instance, will always add a message-id if one isn't present,
regardless of whether the message is being
accept, and conservative in what you
send.
Well, being liberal in what you accept makes your machine easier to exploit
in what I can tell...
-Philip
Philip Prindeville wrote:
Anyone familiar enough with the srvrsmtp.c code to recommend a
patch that would allow immediate failure
Philip Prindeville wrote:
What about flagging HTML that has:
a href=.* onMouseOver=window.status
I.e. any links that attempt to intercept onMouseOver events and override
the status window should be flagged as suspect...
-Philip
Actually, this seems to work:
rawbody L_PHISH
Kelson wrote:
Philip Prindeville wrote:
Actually, this seems to work:
rawbody L_PHISH /[aA] [hH][rR][eE][fF]=.*
(onMouseOver|onMouseMouse)=window\.status=/
describe L_PHISHTest for PHISH overwrites the status bar
score L_PHISH 6.0
I suppose I
.
For mailing lists catering to newbies who love HTML and can't understand
why us old-timers hate it, we can set the list to exclude all invalid HTML.
Sure, we'll accept your HTML. But only if it's really HTML. Not that crap
that most MUA's write.
Do you mean:
http://validator.w3.org/source/
-Philip
the better. Maybe they can be shamed into fixing it. ;-)
And maybe pigs will grow wings... Sigh.
-Philip
not.
Kind of makes me think twice about posting my resume with them. :-(
-Philip
Kenneth Porter wrote:
On Friday, March 10, 2006 9:43 PM -0700 Philip Prindeville
[EMAIL PROTECTED] wrote:
Do you mean:
http://validator.w3.org/source/
I thought that was just a web form-based validator. I'll have to look at it
to see if the validator can be run over an attachment
Craig Morrison wrote:
Philip Prindeville wrote:
I'm wondering what would be involved in putting in an HTML parser
that could call various rules to check things, like the case of:
a href=http://www.foo.com/xyzzy;http://www.bar.com/aardvark/a
where the link disagrees with the text between
Theo Van Dinter wrote:
On Wed, Mar 15, 2006 at 08:40:51PM -0700, Philip Prindeville wrote:
Does anyone have a way of doing a statistical analysis of ham that contains
http(s?):// as the beginning of the anchor text?
So for the second time today:
http://issues.apache.org/SpamAssassin
Theo Van Dinter wrote:
On Wed, Mar 15, 2006 at 09:58:52PM -0700, Philip Prindeville wrote:
Ok, does anyone have *recent* statistical analysis (i.e. not almost a
year old)
on this? It could be that the people using this boneheaded construct have
realized the error of their ways, and stopped
Bericht is opgesteld in een ongewenste taal
/usr/share/spamassassin/30_text_pl.cf:lang pl describe
UNWANTED_LANGUAGE_BODY Wiadomo\u\u napisana w
niepo\u\udanym j\uzyku
/usr/share/spamassassin/50_scores.cf:score UNWANTED_LANGUAGE_BODY 2.800
#
-Philip
Theo Van Dinter wrote:
On Thu, Mar 16, 2006 at 02:07:31PM -0700, Philip Prindeville wrote:
Hmmm... Couple of questions.. The UPGRADE file on the website still
reports 3.1.0
only...
The UPGRADE file describes how to upgrade to 3.1.x from earlier versions.
Upgrading from 3.1.x to 3.1.y
the messages themselves get flagged?
-Philip
Matt Kettler wrote:
Philip Prindeville wrote:
Grrr... Can we enable whitelisting for list members?
Read the archives, in short, no, because it's a blanket server that covers ALL
ASF email, not just this list.
There's no way that you can add a rule that says if the message
Theo Van Dinter wrote:
On Sat, Mar 18, 2006 at 04:05:03PM -0500, Matt Kettler wrote:
Philip Prindeville wrote:
Grrr... Can we enable whitelisting for list members?
Read the archives, in short, no, because it's a blanket server that covers ALL
ASF email, not just this list
mouss wrote:
Philip Prindeville a écrit :
Matt Kettler wrote:
Philip Prindeville wrote:
Grrr... Can we enable whitelisting for list members?
Read the archives, in short, no, because it's a blanket server that covers
ALL
ASF email, not just this list
Regarding my earlier message that didn't get through (because of its
spamful nature), see it on pastebin:
http://pastebin.com/611864
-Philip
David B Funk wrote:
On Wed, 1 Mar 2006, Philip Prindeville wrote:
Loren Wilton wrote:
could I be doing that would avoid this sort of FP?
You don't seem to be running net tests. I see headers for both SPF and
DomainKeys in that mail. These tests should have pulled the score
by the SPF failure test?
Thanks,
-Philip
that Exchange stores messages natively in a non-RFC 822 format).
So the short answer is that yes, it's legitimate to send text as base64, but
it usually only happens in a very limited set of circumstances.
-Philip
Rob McEwen (PowerView Systems) wrote:
Is there ever a legit reason to Base64 encode
thorny questions about IP security option processing,
for instance...)
What you have here is a failure to interoperate. ;-)
-Philip
It's part of the ISO C standard runtime libraries.
-Philip
jdow wrote:
Oh, let's mix up this top/bottom miscegenation with a topper this time
(We're human. It behooves us to prove it and adapt to the other guy's
peculiarities or necessities.)
Rant out of the way here is a simple
::Country is already present, and since
many sites running SA also install MimeDefang, then there might
be a way to leverage IP::Country... For instance, having filter_helo()
balk at email from countries that aren't well-behaved...
Thanks,
-Philip
Matt Kettler wrote:
It would be viable, but in my experience completely unnecessary. I have VERY
good results with this system and very few misses or miscategorizations.
I'm seeing a higher rate of connections from sites that aren't
in that database.
-Philip
Kai Schaetzl wrote:
Philip Prindeville wrote on Fri, 24 Mar 2006 20:46:21 -0700:
IP::Country
Is that getting used for Plugin::RelayCountry or how can one utilize it?
Kai
It is used by RelayCountry (hence the subject line), but it can also be
used in
MimeDefang
such parties with a vengeance? They need all the
data they can get to present in court.
If the person, on the other hand, really doesn't want to know or doesn't
care,
then let him make the extra effort to filter the bouncers (at his peril).
-Philip
users. However, I don't wish to participate.
Does anyone know much about this service, including any issues
they might have had with privacy, or if there are any known spoofs
or exploits that masquerade as Plaxo?
Thanks,
-Philip
to 6.0)?
-Philip
,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NEXTPART_ALL,__NONEMPTY_BODY,__SANE_MSGID,__TOCC_EXISTS
What am I missing?
-Philip
if someone started forging emails.
While sending spam might not be a crime in all civilized countries,
copyright
infringement is.
Is that too out there?
-Philip
That might not be necessary.
A lot of ISP's have a zero tolerance policy for copyright infringement,
even if they don't enforce spamming policy.
-Philip
Kevin W. Gagel wrote:
So everytime someone uses your copyrighted dns entry YOUR
going to:
Find them
Sue them
Prove in a court of law
Theo Van Dinter wrote:
On Mon, Apr 03, 2006 at 12:07:00PM -0600, Philip Prindeville wrote:
--=_NextPart_000_0016=_NextPart_000_0016
Content-Type: text/plain;
charset=Windows-1252
Content-Transfer-Encoding: 7bit
Using:
# don't allow windows-1252 text attachments
of data). If
you're
in certain parts of the world, it might be worth matching against:
/charset=\windows-125[1-9]\/i
instead.
-Philip
Matt Kettler wrote:
The real answer would be to always display 3-decimal place scores, but that's
rather of ugly and creates a cluttered report. However, you'd always be 100%
accurate.
You'd still have rounding issues, just of a different sort. This is
floating point, right?
-Philip
of the recipients are valid email
addresses.
Thanks,
-Philip
Magnus Holmgren wrote:
onsdag 05 april 2006 06:43 skrev Philip Prindeville:
I was looking on the FAQ and the Wiki, but couldn't find this...
How do I filter based on the recipient mailbox address? For instance, I'm
running Linux, so if I get email sent to [EMAIL PROTECTED] or [EMAIL
, I see:
if ($AddApparentlyToForSpamAssassin and
($#Recipients = 0)) {
push(@sahdrs, Apparently-To: .
join(, , @Recipients) . \n);
}
Are you sure the value of @Recipients is fragmented at this point?
-Philip
101 - 200 of 385 matches
Mail list logo