Henrik K wrote:
On Wed, Mar 19, 2008 at 02:48:34PM +0100, mouss wrote:
Luis Hernán Otegui wrote:
[snip]
how about something like
headerNONFQHELO_DYN1 X-Spam-Relays-Untrusted =~ /^[^\]]+
rdns=\S*[^a-z]{9}\S+ helo=[^\.\s]+ /i
score NONFQHELO_DYN1 3.0
describe
Henrik K wrote:
On Wed, Mar 19, 2008 at 05:35:32PM +0100, mouss wrote:
Henrik K wrote:
On Wed, Mar 19, 2008 at 02:48:34PM +0100, mouss wrote:
Luis Hernán Otegui wrote:
[snip]
how about something like
headerNONFQHELO_DYN1 X-Spam-Relays-Untrusted
Henrik K wrote:
You are missing the point. It doesn't matter if it's not bringing _you_
anything. The correct method is External. If you don't have any extra
trusted_networks set, it works identically no matter which you use. But for
those who want to do something that's documented and correct,
Henrik K wrote:
On Wed, Mar 19, 2008 at 09:27:27PM +0100, mouss wrote:
If the registrar MX relays mail to you, it should be in internal_networks,
thus *-External will match . If it doesn't, then your internal/trusted is
set up wrong.
I always thought internal meant under my control
Jean-Paul Natola wrote:
I just started getting a rush of these,
Coincidentally after adding the 50_blogspot and the 30_software rules and
running sa-update
ftp://ftp.fcimail.org/samples/russian.txt
the second one is in its original Unicode
ftp://ftp.fcimail.org/samples/russ.txt
Arvid Ephraim Picciani wrote:
On Saturday 22 March 2008 19:52:46 SM wrote:
He was referring to the URL that is wrapped into two lines with the
quoted-printable encoding. It is parsed correctly.
so thats no error or invalid markup? ok well in this case... sorry for the
false alert.
mouss wrote:
Arvid Ephraim Picciani wrote:
On Saturday 22 March 2008 19:52:46 SM wrote:
He was referring to the URL that is wrapped into two lines with the
quoted-printable encoding. It is parsed correctly.
so thats no error or invalid markup? ok well in this case... sorry
Matt Kettler wrote:
Sn!per wrote:
Quoting Matt Kettler [EMAIL PROTECTED]:
ie: the two most recent for the 3.2 branch are:
# sa-update_3.2_20080114123639/
# sa-update_3.2_20080114144817/
Which were both made on January 14th, 2008. I suspect the rest is a
timestamp, but I'm not entirely
Marc Perkel wrote:
Henrik K wrote:
Hello,
I updated my FreeMail plugin with a big list of domains
(http://www.rhyolite.com/anti-spam/freemail.html).
Try it out:
http://sa.hege.li/FreeMail.pm
http://sa.hege.li/FreeMail.cf
Pretty good hit ratio here, especially when you add some extra
V V wrote:
My e-mail provider has SpamAssasin-3.2.1 installed.
But it ranks many spam messages very differently than my SpamAssasin-3.2.4 on
my computer.
For example message below is ranked score=2.2 by SpamAssassin-3.2.1 on my
provider with failing tests=RCVD_BAD_ID,RDNS_NONE.
And the same
Daryl C. W. O'Shea wrote:
On 24/03/2008 9:34 PM, Matt Kettler wrote:
Sn!per wrote:
So my cron would look like this then?
00 * * * * /usr/bin/sa-update --gpgkey 6C6191E3 --channel
sought.rules.yerp.org --gpgkey
D1C035168C1EBC08464946DA258CDB3ABDE9DC10 --channel
James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that
it's practically useless and if you are an unfortunate who ends up
incorrectly listed in it, good luck getting off it! Case at hand, the
Mike Hatz wrote:
Hi,
Sorry if this is an old topic, but is Zen from spamhaus still working?
sure it is...
I used to see entries in my sendmail log along the lines of:
550 Mail from spammer-s machine listed here refused - see
http://www.spamhaus.org/lookup.lasso;
And I don't see them
Aaron Wolfe wrote:
It seems like relays.ordb.org (long dead) has started returning
positive answers for *all* IPs.
Today I've had several clients with old configs which still had this
RBL in them suddenly start blocking everything.
Is this a new thing? Maybe the maintainers were tired of all
ajx wrote:
It seems your logic is fundamentally flawed for several reasons. By
returning false positives, you're breaking mail gateways that use this once
useful service. On the contrary, the best way would be to simply return a
DNS host not found error or a connection refused message when a
James Gray wrote:
On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
James Gray wrote:
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that
it's practically useless and if you are an unfortunate who ends up
John Rudd wrote:
Aaron Wolfe wrote:
I think you're mistaken. Generating all hits does not penalize a
good postmaster, because no good postmaster will be using an RBL
that's been dead for over a year.
That's only specific to this case. I'm talking about from day 1 of
the RBL going dark.
Justin Mason wrote:
James Gray writes:
On Wed, 26 Mar 2008 12:09:47 pm D Hill wrote:
Now your confusing the subject. The previous response you made was from:
From: James Gray [EMAIL PROTECTED]
Now you are using:
From: James Gray [EMAIL PROTECTED]
BOTH of those domains point
nws.charlie wrote:
I guess I'm one of the mail admin wannabe's... not by choice, but by
inheritance. It was turned over to me with almost zero training or
experience. :(
I found the initial posts clear, and had to wonder at some of the replies
myself! Just wanted to say thanks for posting the
Jonathan Nichols wrote:
Sorry for the OT. I've been trying to get in touch with whoever is in
charge of URIBL zonefile mirrors without success.
Is this thing on? Ping me offlist, por favor. I may have just been
pinging the wrong people.
you can ask on uribl list:
List-Id:
James Gray wrote:
[snip]
According to SORBS:
Netblock:202.147.75.0/26 (202.147.75.0-202.147.75.63)
Record Created:Thu May 11 02:23:32 2006 GMT
Record Updated:Thu May 11 02:23:32 2006 GMT
Additional Information:[MU] Dynamic/Generic IP/rDNS address, use
your ISPs mail server or
James Gray wrote:
[snip]
I didn't ASK FOR HELP! I asked what people's thoughts were on keeping
a list like SORBS_DUL in the base/default spamassassin rules. I'm
quite capable of fixing the mess I inherited.
As long as
- it doesn't cause FPs
- it helps catch spam
- it is free for
James Gray wrote:
Matt Kettler wrote:
James Gray wrote:
Sorbs sux, don't use it. Last time we had this problem they wanted
money (and not an insignificant amount either) to remove a listing
from their systems. They arbitrarily add addresses to a database
the IP's owner can't control,
R.Smits wrote:
Hello,
Is there something I can do that our company addresses cannot be used
for sending spam ? Is DKIM an answer ?
A lot of our users get delivery failed messages. So a spammer is
sending spam with our addresses :-(
A difficult problem I think ?
you can reject (or tag)
Michael Scheidell wrote:
From:
http://search.cpan.org/src/OLAF/Net-DNS-0.63/Changes
Fix rt.cpan.org #30316 Security issue with Net::DNS Resolver.
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654 allows remote attackers
to cause a denial of service (program croak) via a crafted DNS
response
Jeff Koch wrote:
Our users are getting inundated with bounce-back, joe-job spam. We
have the Vbounce.pm plugin enabled (v3.2.4) and have a
'whitelist_bounce_relays' with the name of the mailserver in the
local.cf file and the 'failure notices', 'mail delay' and
undeliverables don't seem to
Raymond Dijkxhoorn wrote:
Hi!
similar to ISBN)
I just got an order confirmation from a music book store with a
pretty high
score
Easy fix:
In local.cf
score SARE_PROLOSTOCK_SYM3 0
And we will update the rule also, in my local version of the rule i
could not even find that string, so it
peter pilsl wrote:
Our mailserver is behind a NAT-firewall (port 25 is passed through to
the internal mailserver) and I ran into the ALL_TRUSTED-problem. I
looked up the FAQ and set
trusted_networks 127.0.0.1 (which actually gives me a warning that
127.0.0.1 is already part of
Arvid Ephraim Picciani wrote:
Hi so again some undertsanding issue,
i just got a mail from some gmail user.
It got 5.1 points:
1.6 TVD_RCVD_IPTVD_RCVD_IP
1.7 RCVD_IN_NJABL_PROXYRBL: NJABL: sender is an open proxy
[201.20.219.97 listed in
Arvid Ephraim Picciani wrote:
and another mail false positive:
2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see http://www.spamcop.net/bl.shtml?91.151.146.244]
1.1 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
Benny Pedersen wrote:
On Wed, April 2, 2008 02:06, William Terry wrote:
I mostly lurk here, gleaning bits of wisdom from those far more
knowledgeable than me, however...
i have no clue either :-)
I am getting a dramatic increase in bounce messages with my domain
forged sent to
Grant Peel wrote:
- Original Message - From: Henrik K [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Wednesday, April 02, 2008 2:49 AM
Subject: Re: vbounce
On Wed, Apr 02, 2008 at 08:30:37AM +0200, R.Smits wrote:
Hi,
We have exacly the same issue over here. I am very
Agnello George wrote:
how to unsubscribe to this group
grin
It is amzaing how many people succeed to subscribe and can't find out
how to unsubscribe...
/grin
a Google search would easily lead to
http://wiki.apache.org/spamassassin/MailingLists
and reading that page shows how to
Nigel Frankcom wrote:
From the headers of all list emails
list-help: mailto:[EMAIL PROTECTED]
list-unsubscribe: mailto:[EMAIL PROTECTED]
List-Post: mailto:users@spamassassin.apache.org
List-Id: users.spamassassin.apache.org
Delivered-To: mailing list users@spamassassin.apache.org
why
Joseph Brennan wrote:
--On Wednesday, April 2, 2008 2:45 -0700 Loren Wilton
[EMAIL PROTECTED] wrote:
Received: from k2smtpout06-01.prod.mesa1.secureserver.net
([64.202.189.102])
by mx-pigeons.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id
1jGWCE6yu3Nl34g0
for [EMAIL
Joseph Brennan wrote:
[snip]
But 72.167.52.118 gave it to 64.202.189.102, and 64.202.189.102 is
the mail server that sent it out to the recipient.
Client software sends crazy stuff as helo.
client software does not insert qmail received headers. The message was
submitted on a qmail machine
Jean-Paul Natola wrote:
I was thinking of adding a rule that explicity allows or does a -10 on
out of office autoreply as a complete string
If possible
only do so conditionally. you don't want spam to slip this way.
anyway, you'll have a hard time finding all the cases that require
Martin Gregorie wrote:
On Wed, 2008-04-02 at 10:08, Justin Mason wrote:
John Hardin writes:
On Tue, 1 Apr 2008, William Terry wrote:
Is there anything I can do to mitigate this?
Do you publish SPF records?
Logically this should have an effect, but in
Martin Gregorie wrote:
[snip]
I use secureserver.net to host my domain name and I also run my own MTA.
I don't suffer from this problem, so if he rearranges his setup so it is
similar to mine the chances are the problem will go away.
As I said, Secureserver.net is my domain host. Apart from
Jo Rhett wrote:
On Apr 2, 2008, at 12:34 PM, mouss wrote:
no tuning on your side will help solving problems at the other side.
For example, I found that hotmail cache the value
Yes, they cache the results of that DNS query for exactly how long you
tell them to.
This is not my observation
ram wrote:
On Wed, 2008-04-02 at 10:23 -0700, Kelson wrote:
ram wrote:
header __FROMOFFICE From =~/office/i
header __SUBOFFICE Subject =~/office/i
meta OFFICERULE (__FROMOFFICE || __SUBOFFICE )
score OFFICERULE 4.0
And don't forget to add word boundaries. You probably don't
Matus UHLAR - fantomas wrote:
On Wed, 2 Apr 2008, Justin Mason wrote:
John Hardin writes:
On Tue, 1 Apr 2008, William Terry wrote:
Is there anything I can do to mitigate this?
Do you publish SPF records?
Logically this should have an effect, but in
SM wrote:
The rules catch spam. If your email isn't spam, you shouldn't be
matching the rules. Even if you do hit an occasional rule, unless your
email actually is spam, it shouldn't score high enough to be a problem.
If you are looking for an explanation on how to bypass the rules, you
James Gray wrote:
mouss wrote:
The approach is flawed. a single word shouldn't be enough to tag mail
as spam.
As a general rule, yes 100% agree...but to play devil's advocate for a
second, I slam any message that contains references to a little blue
pill starting with V and sounding like
Robert - elists wrote:
My searching came up a tad short on this...
I am guessing there is a howto already on this, I just didn't find it, so I
went digging in the internals some more.
Are all tests for DNS type RBL's in this default 20_dnsbl_tests.cf SA file?
Do I need to grep all the other
network tests. they are
really useful.
Mouss
I wouldn't
I am not concerned with URI tests, I am concerned with dns RBL tests.
We already have them off by default as we have another rbl checking system
before it hits SA.
Much more effective to reject there.
I just need to know where all
Ed Kasky wrote:
On Fri, 4 Apr 2008, Matt Kettler wrote:
SM wrote:
At 04:46 04-04-2008, Matt Kettler wrote:
However, in this case it looks purely accidental. That appears to
be a legitimate HTML document, or at least doesn't appear to be
intentionally malformed.
In this case, the message
Martin Gregorie wrote:
On Wed, 2008-04-09 at 19:04, Jonathan Nichols wrote:
Guys? He's been joe-jobbed.
From the original email: somebody is using my email as the bounce-
back return email.
How do I avoid the problem?
If SPF is supposed to prevent this, I can say that it sure as heck
Jonathan Nichols wrote:
Yup. Even used the wizard and that exact same verification tool, as
well as dnsstuff.com and it reports that the SPF records I added are
just fine.
Yet, I still got plenty of junk thanks to some russian spammer using
my hostmaster@ as the From. :(
But back on
Bob Proulx wrote:
decoder wrote:
We recently discovered that even our own mailserver (Postfix) was a
backscatter source (and 1-2 weeks ago spammers started to actively use
it), there were several reasons and I'd like to share these points with
the list so nobody does the same mistakes.
Steve Prior wrote:
mouss wrote:
But back on topic... the OP has been joe-jobbed.
he's not the only one... seems there's a lot of backscatter coming in
these days.
Thanks for confirming that spf doesn't fix the problem.
The main problem with SPF is that most other servers out there don't
Matus UHLAR - fantomas wrote:
But back on topic... the OP has been joe-jobbed.
mouss wrote:
he's not the only one... seems there's a lot of backscatter coming in
these days.
Thanks for confirming that spf doesn't fix the problem.
SPF is designed to fix
Arvid Ephraim Picciani wrote:
On Thursday 10 April 2008 17:16:40 mouss wrote:
I personally have found that SPF causes more problems than it helps, and
for that I do not recommend setting SPF record for general use domains.
mind explaining more detailed? I use SPF on all 300 domains
Kelson wrote:
Who said anything about spam from an authorized source?
I was misled by SPF... sorry.
The problem *being discussed* is spam with a forged sender address,
causing bounce notices to go to an innocent third party.
which is caused by accept then bounce implementations,
Bob Proulx wrote:
mouss wrote:
Bob Proulx wrote:
I don't think that any of those should match and therefore is safe by
default.
the trouble comes from the default (compatibility) value of
relay_domains and relay_recipient_maps. For this reason, it is
recommended to set
Matus UHLAR - fantomas wrote:
On 10.04.08 20:03, mouss wrote:
Some sites cache results obtained from DNS beyond DNS TTL. I don't think
their DNS server caches the results (though I am willing to accept that
there are borked DNS implementations). It's more likely that whatever
$thing
[EMAIL PROTECTED] wrote:
HI,
unfortunatly lots of our legitime mails are filtered by mass hosters like
web.de and aol.
Does anyone have any clue how to find out why?
I'm not talking about mass mailing here, just regular mails like this one from
exactly the server i am sending from now.
Benny Pedersen wrote:
On Mon, April 14, 2008 00:45, Moritz Borgmann wrote:
Now, this setup entails the well-known problem that if X.com publishes an
SPF record, SpamAssassin (3.2.4) spanks the message with SPF_FAIL since it
checks the first *external* relay (mx.B.com), not the first
Arvid Ephraim Picciani wrote:
Hi,
I'd like to discuss if returning a mail that went through a mailing list, back
to the sender can be described as backscatter. I sent the postmaster a mail
becouse they filter mails that contains specific words and send a bounce to
the sender.
if they can't
Graham Murray wrote:
mouss [EMAIL PROTECTED] writes:
ahuh? how would spf fix the problem if spam gets out from an
authorized client (yahoo, google, hotmail, aol, ...). however you
respond, you'll find out that such (ougoing) spam problem isn't fixed
_by_ SPF. In particular, don't tell me
Koopmann, Jan-Peter wrote:
http://pastebin.com/m16055c85
Content analysis details: (9.6 points, 6.0 required)
pts rule name description
--
--
1.5 URIBL_OB_SURBL Contains an URL listed in the
JasonHirsh wrote:
On Sun, 2008-04-20 at 09:46 -0700, JasonHirsh wrote:
Matt Kettler-3 wrote:
I have SA 3.17 running with amavisd-new, dovecot and Postfix 2.4.3 and
Clama/v on freebsd 6.1
I am trying toteach sa using the following
sa-learn
JasonHirsh wrote:
[snip]
It is possible that I messed up during the original installation
as noted below your post when I deleted the /usr/bin/sa-learn
all ran good. If I am not mistaking a package/rpm would tend to go with
the /usr/bin while
ports (which I did not appreciate whn I started
JasonHirsh wrote:
Err. Or maybe your distro just is not RPM based? One should believe the
mail admin to know about subtle things like these...
guenther
Maybe I should know... I am the server, web, mail and security admin and I
clean floors.
well, I hope you know what OS this is?
#
mouss wrote:
JasonHirsh wrote:
Err. Or maybe your distro just is not RPM based? One should believe the
mail admin to know about subtle things like these...
guenther
Maybe I should know... I am the server, web, mail and security admin
and I
clean floors.
well, I hope you know what
JasonHirsh wrote:
On Sun, 2008-04-20 at 23:51 +0200, mouss wrote:
JasonHirsh wrote:
I do not recall doing two installations. I know I had some problems
with
ports initially (two or three years ago)
But your input solved my SA-Learn problem
you said ports
Chris wrote:
http://wiki.apache.org/spamassassin/MailingLists
is this list open?
Bookworm wrote:
I'm starting to see some new phishing/scam attempts.
What I was thinking was that it might be worthwhile to add a rule to
not so much check links, but count periods.
Here's the example that just came in my email -
(removing http:// ) -
Benny Pedersen wrote:
On Mon, April 21, 2008 04:10, Spamassassin List wrote:
My inbox is flooded by some new spams. Any idea how do I block it?
http://202.42.86.77/1.eml
http://202.42.86.77/2.eml
both hits on spamhaus
but the question I would have is what is the '0' in
Bookworm wrote:
Randy Ramsdell wrote:
[snip]
I noticed you started a thread a few days ago with he exact same body
and a changed subject. There are 10-20 replies to that thread so I am
not sure why start a new exactly the thread a week later.
My suggestion would be to read that thread.
Jean-Paul Natola wrote:
How do I go about shunning the IP - via Exim or via SA?
And where if possible
the most effective is at the firewall level. why let it open a TCP session?
Stefan Jakobs wrote:
Hello list,
here is a part of the header from a mail I like to whitelist:
X-Spam-Status: Yes, score=6.958 tagged_above=-999 required=5
tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, SPOOF_COM2COM=2.272,
SPOOF_COM2OTH=2.044, URIBL_BLACK=1.955,
Benny Pedersen wrote:
On Tue, May 6, 2008 23:02, Stefan Jakobs wrote:
Yes, that's a possibility, but I can not do that. At least not in the near
future. Any other ideas?
depends, but i like to know why spf can't work for you ?
I don't speak for OP, but here is an example:
I
Benny Pedersen wrote:
On Tue, May 6, 2008 23:06, mouss wrote:
you rely on the sender address, make sure to reject it in your smtpd
(you don't want to give spammers an open road).
that was why i sugested spf
blocking a sender in postfix is trivial. adding SPF support requires
mhildebr wrote:
Is there a way to have Spamassassin look for spoofed email addresses being
used as the sender's address ([EMAIL PROTECTED]) but using a different
user name (Viagra instead of myname)? It seems like it would be simple to
check the user name and filter results from that. Thanks
Chris St. Pierre wrote:
On Tue, 6 May 2008, mhildebr wrote:
Is there a way to have Spamassassin look for spoofed email addresses
being
used as the sender's address ([EMAIL PROTECTED]) but using a different
user name (Viagra instead of myname)? It seems like it would be
simple to
check the
Marc Perkel wrote:
Looking for a few volunteers who want to reduce their spambot spam and
at the same time help me track spambots for my black list. This is
free and mutual benefit. I (junkemailfilter.com) want to be your
highest numbered fake MX record. Here's how you would configure your
ram wrote:
At the MTA( postfix) I am inserting X-Envelope-From:
If The mail had already a X-Envelope-From before landing at my MTA then
There would be multiple lines of these
configure postfix to replace previous ones
/^(X\-Envelope\-From:.*)/ REPLACE X-$1
I am assuming you are not
Benny Pedersen wrote:
On Thu, May 8, 2008 23:19, mouss wrote:
configure postfix to replace previous ones
/^(X\-Envelope\-From:.*)/ REPLACE X-$1
envelope from can here be forged
the header check above will rewrite any such header received from the
internet. so forgery
ram wrote:
On Fri, 2008-05-09 at 01:44 +0200, Benny Pedersen wrote:
On Thu, May 8, 2008 23:19, mouss wrote:
configure postfix to replace previous ones
/^(X\-Envelope\-From:.*)/ REPLACE X-$1
envelope from can here be forged
Precisely what I am afraid of. But the issue
Randy Ramsdell wrote:
[snip]
Scratch that and reverse it. If it does match, then it will score the
message header as fake. oops :) sorry. Let me check some more things.
Did outlook really generate this message-id:
Message-ID: [EMAIL PROTECTED]
?
Jeff Koch wrote:
That part (i.e. the top part of the header) was generated by qmail.
Please look at the bottom part of the header after the spam scoring
which shows the header from the user's email which was mistakenly
scored as a forged_mua_outlook.
The message-id is the same, but anyway,
Jeff Koch wrote:
If you guys are going to keep looking at the wrong part of the header
information that I sent in nothing will get done.
What makes you believe we are looking at the wrong part? see below.
Please look at the section below the spam scoring. Here's the header
from the user's
Benny Pedersen wrote:
On Sun, May 11, 2008 03:07, [EMAIL PROTECTED] wrote:
All I know is that I don't use SPF anymore for my domain as there are
just too many problems... e.g., forwarded messages.
and you usely dont know where you forwards going from, :/(
unless you receive spam
Frank Bures wrote:
Hi,
I could not update SANE Security signatures in the last couple of days.
It looks like domain msrbl.com disappeared.
Could please anyone shed some light on this?
$ host msrbl.com
msrbl.com has address 64.22.86.210
msrbl.com mail is handled by 20 newton.8086.net.
Matus UHLAR - fantomas wrote:
On Sun, May 11, 2008 22:39, mouss wrote:
a +all and you are annoying us about forwarding and SPF?
On 12.05.08 23:07, Benny Pedersen wrote:
he, i have +all and forward nothing :)
it's not about what do you forward, it's about others
Arvid Ephraim Picciani wrote:
On Tuesday 13 May 2008 16:51:50 Matus UHLAR - fantomas wrote:
I've looked at it and I've (probably) missed it (again). Why do you think
that it pretends to look like backscatter, and why do you think it is not?
backscatter is what happens if mail systems
Leonardo Rodrigues Magalhães wrote:
Hello Guys,
i got a message that was flagged with MISSING_SUBJECT rule. The
message has, among other headers:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:
Date: Tue, 13 May 2008 17:12:47 -0300
MIME-Version: 1.0
and rules are:
header
Arvid Ephraim Picciani wrote:
On Tuesday 13 May 2008 22:45:43 mouss wrote:
That said, one possibility is this: Some soho have an MSA on a dsl line.
a ratwared box inside (or a web service running on the MSA box) sends
mail to an invalid recipient. the MSA gets rejected and then sends you
Michael Scheidell wrote:
John Hardin wrote:
On Thu, 15 May 2008, Michael Scheidell wrote:
I understand your frustration in receiving unsolicited email. While
we investigate all reported violations against the Yahoo! Terms of
Service (TOS), in this particular case the message you received was
Jari Fredriksson wrote:
I received something like this from my email to a list
Sorry for the inconvinience, but we have started to fight against spam.
Content analysis details: (4.3 points, 4.0 required)
pts rule name description
--
mouss wrote:
Jari Fredriksson wrote:
I received something like this from my email to a list
Sorry for the inconvinience, but we have started to fight against spam.
Content analysis details: (4.3 points, 4.0 required)
pts rule name description
Jari Fredriksson wrote:
mouss wrote:
Please show full headers of the message.
actually, you don't need to. your message to the list has
the same pattern.
the question is whether something is (re)writing the
message-id or if this a new outlook message-id format?
Thanks
Jari Fredriksson wrote:
Jari Fredriksson wrote:
mouss wrote:
Please show full headers of the message.
actually, you don't need to. your message to the list
has the same pattern.
the question is whether something is (re)writing the
message-id or if this a new
Justin Mason wrote:
if there are FP issues with current FORGED_MUA_OUTLOOK, could you
open a bug and attach samples there?
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5910
Justin Mason wrote:
Hey all --
I'm on the technical advisory board for MailChannels, a company who make a
commercial traffic-shaping antispam product, Traffic Control. Basically,
you put it in front of your real MTA, and it applies the easy stuff --
greet-pause, early-talker disconnection,
Ralf Hildebrandt wrote:
* mouss [EMAIL PROTECTED]:
I respect you, but I feel sorry here. Tarpit and slowdown are know since
a long time, so mailchannel bring nothing here (except marketing). In
particular,greet pause has been implemented by some people. the fact
that this is not common
Justin Mason wrote:
mouss writes:
Ralf Hildebrandt wrote:
* mouss [EMAIL PROTECTED]:
I respect you, but I feel sorry here. Tarpit and slowdown are know since
a long time, so mailchannel bring nothing here (except marketing). In
particular,greet pause has been implemented
Bob Cohen wrote:
I'm seeing these entries in my maillog:
May 19 18:16:41 anduril postfix/qmgr[10162]: warning: connect to
transport spamfilter: No such file or directory
May 19 18:16:42 anduril postfix/qmgr[10162]: warning: connect to
transport spamassassin: Connection refused
which
ram wrote:
Yes but the invite option may be abused. Like yahoo calendar invites are
abused to send spam
Mailing-Lists also can be abused (try to subscribe with a forged address).
the question is
- can the abuser put his text or url inside the message? If so, the site
should run the text
201 - 300 of 1228 matches
Mail list logo
