greetings,
with 3.2.5 i can't get custom scores working.
i usually added them in /etc/mail/spamassassin/x_90_scores.cf
but that won't work anymore so i added them at the bottom of
/etc/mail/spamassassin/local.cf but no luck either.
for example i have:
score HTML_MESSAGE 0.1
but sa still
*facepalm*
I was testing an already scored message and reading the wrong report.
Thanks anyway, and sorry.
Casartello, Thomas wrote:
The phish are coming from real hacked accounts (Basically people that have
gotten the phish email and fallen for it) at other Educational institutes
(We already use SPF).
I'd go for a non technical solution here, since its effects only a
small amount of
Well, if it was in URIBL/SURBL, you couldn't use it to post samples to
this mail list, which is kinda the purpose, isn't it?
then dont provide urls. use numbers like dating agents.
i posted my sample on the sa spambin. id 213912
- reader checks spambin.apache.org
which has nothing but a
What do you mean its impossible to train bayes?
i was assuming the random text at the end is what couses my bayes db to
behave randomly.
Bayes really can be trained to deal with this message.
For example, I get BAYES_95:
well i get 00
After I learn this message the probability increases
Where can i past the raw header? pastebin triggers it as spam
there is more then one pastebin. just like there is more then one OS.
try:
http://rafb.net/paste/
http://codepad.org/
http://paste.nn-d.de/
http://www.copypaste.at/
http://paste.uni.cc/
etc etc
__ Information from
Single-user, vanilla install with two exceptions: the install will check our
two whitelists and give a pass (-100) to any of our clients so we don't
bounce their mail.
I hope you're not actually considering bouncing spam. That statement
sounds like it.
Either jecect them at smtp time or
http://codepad.org/W53onqK9
i gave on this kind of spam. its impossible to train bayes and changing
to fast to make custom rules. matching senders doesnt work either
becouse those are sent using live.com, gmail, sourceforge, etc
http://codepad.org/W53onqK9
i gave on this kind of spam. its impossible to train bayes and changing
to fast to make custom rules. matching senders doesnt work either
becouse those are sent using live.com, gmail, sourceforge, etc
John Hardin wrote:
It would be somewhat more robust if SA offered multiline rawbody matching,
but try this:
thanks for your effords. unfortunatly spammers read this list and
they'll adapt too quickly to make any use of custom rules
It's also fairly specific to the HTML in the sample
regards
Arvid Ephraim Picciani
Asgaard Technologies
--
The software engineer tribe.
By any chance, didn't your ISP start providing search service for any
web name that does not exist?
btw, whats the workaround for this? opendns didnt work for me as they have
similar features.
do you simply query the bl's dns service directly?
--
best regards
Arvid Ephraim Picciani
HI,
what was the solution again for windows live spam? It hit me finally.
(does this list have a search facility?)
--
best regards
Arvid Ephraim Picciani
Asgaard Technologies
--
The software engineer tribe.
, since
i'm actually not the server admin, i just accidently happen to know unix.
Yet i didnt find any trustworty company or organisation. Colorfull ads and
closed source infrastructures dont realy convince me to trust my companys
entire email trafic to someone.
--
best regards
Arvid Ephraim
negatives. But somone feel free to correct me.
--
best regards
Arvid Ephraim Picciani
Asgaard Technologies
--
Join the Asgaard ASX open alpha and comment early on its design.
http://www.asgaartech.com/asx/openalpha
Server: whois.onlinenic.com
Referral URL: http://www.OnlineNIC.com
did i miss the pun?
--
best regards
Arvid Ephraim Picciani
Asgaard Technologies
--
Join the Asgaard ASX open alpha and comment early on its design.
http://www.asgaartech.com/asx/openalpha
) such as postfix,
exim, qmail, etc. only your mra knows what to do with those mails after
spamassasin has flagged it as spam.
hence, this is unfortunatly the wrong list for your question.
--
best regards
Arvid Ephraim Picciani
Lead Software Engineer
Asgaard Technologies
Ephraim Picciani
Lead Software Engineer
IB C SOLUTIONS LTD
? or are there any neat
scripts for it?
--
best regards
Arvid Ephraim Picciani
Lead Software Engineer
IB C SOLUTIONS LTD
.
--
best regards
Arvid Ephraim Picciani
IB C SOLUTIONS LTD
?
--
best regards
Arvid Ephraim Picciani
IB C SOLUTIONS LTD
submit a feed to a common repo.
Just summing up the previous discussion. Personally i wouldn't offer my
customers domains, but i could add my private one, since i don't care who
reads my mails anyway.
--
best regards
Arvid Ephraim Picciani
maybe i'm missinterpreting the headers, but this message actually looks like
it has been sent by this mailinglist.
--
best regards
Arvid Ephraim Picciani
---BeginMessage---
Attn: webmail Subscriber:
This mail is to inform all our webmail Subscriber that would will be
upgrading our site
--
mit freundlichen Grüßen / best regards
Arvid Ephraim Picciani
a plugin that analyses the
referenced website. That would finally kill canadian pharmacy as well.
--
mit freundlichen Grüßen / best regards
Arvid Ephraim Picciani
-- --
_SUMMARY_
that's it.
--
mit freundlichen Grüßen / best regards
Arvid Ephraim Picciani
---BeginMessage---
Obama vows to win the elections so that he can bring daughters into the Oval
Circle http://segelclub-honau.de/topnews.html
---End Message---
On Saturday 26 July 2008 13:28:23 Arvid Ephraim Picciani wrote:
err ignore the weird received headers. it was resent by multiple people
internaly.
--
mit freundlichen Grüßen / best regards
Arvid Ephraim Picciani
tests just show
SA is working fine. except on that message.
--
mit freundlichen Grüßen / best regards
Arvid Ephraim Picciani
On Sunday 06 July 2008 05:26:03 Banyan He wrote:
SPAMD/1.0 76 Bad header line:
Connection closed by foreign host.
spamd is not an MTA. I don't think it supports smtp. use spamc.
--
mit freundlichen Grüßen / best regards
Arvid Ephraim Picciani
wonder when SA will be able to
differ between content and noise.
the obfuscation of the drug name is quite funny so it might at least be
usefull for some office-fun ;)
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
---BeginMessage---
Saluton,
http://www.capedyinlax[EO]com
Received: from n75.bullet.mail.sp1.yahoo.com ([10.10.10.21]) by
EXCHANGE02.norddeutsche.de with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 30 Jun 2008 18:58:44 +0200
huh? what's that weird IP doing there?
--
best regards
Arvid Ephraim Picciani
configuration, SA might be confused.
--
best regards
Arvid Ephraim Picciani
italian
companies or individuals. So as usually it depends on your environment.
--
mit freundlichen Grüßen / best regards
Arvid Ephraim Picciani
can you fix other peoples SA.
--
best regards
Arvid Ephraim Picciani
.
That doesn't completly eliminate spam checking of course, so if your mail gets
scored very high, it is still flagged as spam.
--
best regards
Arvid Ephraim Picciani
Arvid Ephraim Picciani
is supposed to handle a
non existing message id gracefully and qmail gets away once again.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
saying that an MSA shouldnt
add those either. Obviously if you are the last MX in the chain, adding a
message id is totally useless. i agree on that.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
]) by smtp-sfn.sitkom.cz
(atre there any dnsbls for reserved IPS?)
--
best regards
Arvid Ephraim Picciani
On Tuesday 13 May 2008 15:17:29 Matus UHLAR - fantomas wrote:
On 12.05.08 21:49, Arvid Ephraim Picciani wrote:
http://rafb.net/p/q3eZwd93.html
anyone can see any sense in it? it uses my hostname to fake a bounceback
that claims i sent a message to another faked address, while all doing
from your machines.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
or hostname.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
Grüßen
Arvid Ephraim Picciani
the manual of your mta.
You can as well just send a message to yourself using telnet from your home
computer. a properly setup spamfilter will match XBL, no matter the content
of your message.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
.
If the problem is too small for spamhaus, try getting them on small but
no-one-should-use lists like rfcignorant. Just to slap them around a little.
And link back to the entries ;)
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
/ for blocking the undeliverd reports
It bothered me in my
personal email but it bothers a hundred people at work. I am guessing
it doesn't help white-listing my domain name and many of our normal
emails might get marked as spam as a result.
--
best regards
Arvid Ephraim Picciani
On Wednesday 16 April 2008 11:13:04 Daniel Zaugg wrote:
Wow ! Aren't you guys proud to be postmasters !
no. the real one got fired.
hehe
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
(including forward services, free
hosters, etc)
For most situations there are way better mthods of catching the spam.
like locales_ok.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
and would like to
hear your opinion.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
On Monday 14 April 2008 22:28:58 Bob Proulx wrote:
Martin Gregorie wrote:
Arvid Ephraim Picciani wrote:
I'd like to discuss if returning a mail that went through a
mailing list, back to the sender can be described as backscatter.
I sent the postmaster a mail becouse they filter mails
btw :(
(no i dont block those)
--
best regards
Arvid Ephraim Picciani
.
that doesn't mean it's smart.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
the
language.
--
best regards
Arvid Ephraim Picciani
them but so what? Maybe somone does. Whats the trouble
you speak of?
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
thanks Matt and Mathus. That helps.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
:=)
will do. thanks.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
we've got a domain that got joe jobed.
and found a spam worm on some faildows machine.
where do i send those? I mean, maybe somone can make use of it.
--
best regards
Arvid Ephraim Picciani
just a hint for those who use blogspot rules:
the uri scheme changed to a random number/character combination.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
On 01.04.08 17:20, Arvid Ephraim Picciani wrote:
actually i mean SORBS and NJABL. they matched the sender.
if we are still talking about mail from 66-211-213-17.velocity.net
[66.211.213.17], they were not matched by any dynamic lists.
sender! not the relay. the realy matching DRNS_DYNAMIC
.
On 31.03.08 22:06, Arvid Ephraim Picciani wrote:
True. The problem is, thats exactly what happened but SA matched the
sender anyway becouse he's in the received headers.
iirc they only matched RDNS_DYNAMIC which means reverse DNS looks like
dynamic. That scores 0.1 points and only scores more
[91.151.146.244 listed in dnsbl.sorbs.net]
again a perfectly valid login into gmail.
So if you want to damage an ISP you're going to run some open proxys on dynips
and voila the next user having that ip gets blocked. i dont get it.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
Ephraim Picciani
anyway becouse he's in the received headers.
Somone mentioned trust path but i don't think it's broken. SA matched the
archlinux server perfectly fine as the first dynhost sending to my trusted
network.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
proper MTA
around should be able to do that. just google or ask at their ML.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
I updated from debian to arch and figured my exact same sa configuration
doesn't test uribl anymore. yes spamhaus works fine, so no i dont have a -L
switch.
any clues? i did sa-update once but dunno if that had any effect at all.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Sat, 29 Mar 2008 09:47:08 -0700 (PDT)
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
not allowed to see it becouse they are commies
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
On Saturday 22 March 2008 21:31:13 Karsten Bräckelmann wrote:
On Sat, 2008-03-22 at 19:31 +0100, Arvid Ephraim Picciani wrote:
http://rafb.net/p/S95P6c12.html
Yes, this is a spam alright. The Message-Id alone tells so. See my rule
KB_RATWARE_MSGID in bug 5830 [1].
[1] https
/70_telecomitalia.cf
thank you!
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
rules at the end of local.cf.
whatever you prefer.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
be
in the default ruleset)
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
On Saturday 22 March 2008 19:10:03 Arvid Ephraim Picciani wrote:
http://rafb.net/p/S95P6c12.html
i forgot two things:
thats a dynamic ip from telecomitalia. i'm getting lots of spam from there but
the ips are in no dynamic list. is there a more complete list of dynamic
hosts? i've seen sorbs
.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
Arvid Ephraim Picciani
/Mit freundlichen Grüßen
Arvid Ephraim Picciani
SARE_OEM_PRODS_FEW
0.4 SARE_PRODUCTS_02 SARE_PRODUCTS_02
adjust the scores to your needs
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
Arvid Ephraim Picciani
my Invitation and increase both your Industry connections
and influence. http://www.orglex.com/joinhubs/0306184118f09fe4a7f1/
Thanks
--
best regards
Arvid Ephraim Picciani
)
--
best regards
Arvid Ephraim Picciani
On Thursday 20 March 2008 16:31:54 SM wrote:
At 03:12 20-03-2008, Arvid Ephraim Picciani wrote:
nice. spam on the spamassassin ml. anyone got a rule for those already? :D
It's already included in SpamAssassin:
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MPAR
On Thursday 20 March 2008 18:25:15 SM wrote:
At 08:44 20-03-2008, Arvid Ephraim Picciani wrote:
wow. i got -1.0 here. you're filtering html agressivly?
That's from ASF.
what's ASF?
tests there where:
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 FUZZY_ROLEXBODY
On Thursday 20 March 2008 18:44:14 Arvid Ephraim Picciani wrote:
not really. we don't say things like or * too
often :D
hahahaha i shouldnt have provoked it!
just got a bounceback from some MS filter which was almost filtered by my SA
which would propably result in a bounceback which
[URIs: geocities.com]
3.0 SOFT_AND_URIGREY contains both an url in the URIBL greylist and
software advertisement
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
Arvid Ephraim Picciani
but sa doesn't work with
uribl and subdomains. see previous posts.
SARE_OEM helps a little.
--
best regards
Arvid Ephraim Picciani
=5777
guenther
thanks for that info!
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
file
parameter.
means, no, sa doesn't need the orgininal mail after you feed it to sa-learn
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
Grüßen
Arvid Ephraim Picciani
Ephraim Picciani
err way way worse.
this babelfish translation of the same spam just got autolearned as ham
http://rafb.net/p/99iIHK53.html
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
changing too fast :/
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
The SARE oem software rules shoudl catch this sort of stuff just dandy.
Loren
0.9 SARE_OEM_PRODS_FEW SARE_OEM_PRODS_FEW
0.4 SARE_PRODUCTS_02 SARE_PRODUCTS_02
not enough :(
any aditional rules i could add?
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
. That should be good for about 2 points and
help a lot with a real common spam target. It certainly won't get all of
your spam, but it will get an amazing amount.
Loren
hm indeed. reading how to write rules. thanks alot.
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
urm, i just figured those geocity sites are all on the URIBL. but sa doesn't
seem to check those. any hint how to add it?
thank you
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
be overwritten
the next sa-update anyway. why is it there?
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
? Do you have a central repo for rules?
--
best regards/Mit freundlichen Grüßen
Arvid Ephraim Picciani
98 matches
Mail list logo