On 8/9/2011 8:28 AM, Dave Wreski wrote:
Hi,
I noticed that the site that provided the malware.blocklist.cf has
been unavailable since at least the 8th of August.
URL for the file was on
http://www.malware.com.br/cgi/submit?action=list_sa
The FQDN no longer resolves to an address. I have
No wonder I have seen such a huge drop in spam the past few days:
http://timesofindia.indiatimes.com/tech/enterprise-it/security/Microsoft-brings-down-major-fake-drug-spam-network/articleshow/7734903.cms
Anyone else been noticing the decrease in spam?
Bill
On 3/18/2011 5:08 PM, Michelle Konzack wrote:
Hello Bill Landry,
Am 2011-03-18 15:11:47, hacktest Du folgendes herunter:
No wonder I have seen such a huge drop in spam the past few days:
??? I get 18-26 mio spams (36 servers with 96.000 users) per day and
nothing has changed. Please
FYI: Spamhaus created a new URL shortener/redirector zone in the
DBL. See:
http://www.spamhaus.org/news.lasso?article=667
Will Spamassassin be adding support for this new DBL
shortener/redirector response code?:
127.0.1.3 spammed redirector domain
For details, see:
On 1/5/2011 5:11 PM, Mark Martinec wrote:
Combining p0f with BOTNET is indended to *reduce* the high number
of false positives that BOTNET alone produces, *at least* for the
non-windows machines. The windows hosts are left alone and are
not protected by p0f from BOTNET FP.
If someone is scoring
On 11/5/2010 11:40 PM, Dan Mahoney, System Admin wrote:
All,
Has anyone come up with a ruleset yet to score against the new spamhaus
whitelists, and deduct points appropriately?
You could try something like:
header SPAMHAUS_SWL eval:check_rbl('SPAMHAUS_SWL', 'swl.spamhaus.org.')
describe
On 11/6/2010 12:19 AM, Bill Landry wrote:
On 11/5/2010 11:40 PM, Dan Mahoney, System Admin wrote:
All,
Has anyone come up with a ruleset yet to score against the new spamhaus
whitelists, and deduct points appropriately?
You could try something like:
header SPAMHAUS_SWL eval:check_rbl
On 11/6/2010 12:50 AM, David F. Skoll wrote:
On Sat, 06 Nov 2010 00:41:53 -0700
Bill Landryb...@inetmsg.com wrote:
You could also test the envelope sender:
header SPAMHAUS_ENV eval:check_rbl_envfrom('SPAMHAUS_ENV',
'_vouch.dwl.spamhaus.org.')
But that's an abuse... you should not
On Thu, May 20, 2010 4:26 pm, Benny Pedersen wrote:
On fre 21 maj 2010 00:05:26 CEST, Michael Scheidell wrote
On 5/20/10 6:00 PM, Robert Palmer wrote:
I am running spamassassin version 3.2.4 and notice my rules have
not updated (sa-update) for many months and I have started getting
a lot of
On Mon, March 22, 2010 9:01 am, Bill Landry wrote:
On 3/22/2010 4:31 AM, Kai Schaetzl wrote:
Warren Togami wrote on Sun, 21 Mar 2010 22:13:10 -0400:
I highly recommend NOT building the RPM package from the spec file
contained
within the spamassassin tarball. It has never been tested to work
On Mon, March 22, 2010 10:31 am, Kai Schaetzl wrote:
Bill Landry wrote on Mon, 22 Mar 2010 09:01:26 -0700:
I tried it with Fedora 12
I didn't say anything about Fedora.
But Warren certainly did in his original post. And BTW, he didn't say
anything about CentOS is his original post
On 3/3/2010 1:40 PM, Mike Cardwell wrote:
On 03/03/2010 21:32, Michael Scheidell wrote:
tracking down some FP's on Sa 3.3.0, they all hit URIBL_DBL.
(every email hits that rule)
# DBL, http://www.spamhaus.org/dbl/ . Note that hits return 127.0.1.x
# A records, so we use a 32-bit mask to
On Wed, March 3, 2010 5:38 am, Jari Fredriksson wrote:
On 3.3.2010 15:34, Jari Fredriksson wrote:
On 3.3.2010 15:22, twofers wrote:
I have 52 of these sitting in my inbox this morning when I came in to
work. this is just the beginning. I get literally hundreds of these a
day and Spamassassin
On Wed, March 3, 2010 5:20 pm, Karsten Bräckelmann wrote:
On Wed, 2010-03-03 at 16:06 -0800, Bill Landry wrote:
On Wed, March 3, 2010 5:38 am, Jari Fredriksson wrote:
We're not going to re-hash one of the many discussions, err, heated
flame-fests from the clamav and sanesecurity lists, are we
On 2/28/2010 11:35 AM, Carlos Williams wrote:
On Fri, Feb 26, 2010 at 4:38 PM, Benny Pedersenm...@junc.org wrote:
I do the following but from my MTA. I don't know if you're using
Postfix or Sendmail but I have the following 'helo_checks.pcre' in my
Postfix directory:
/^localhost$/
On 2/27/2010 5:35 PM, João Gouveia wrote:
Hi all,
we are aiming to provide free usage of our DNSBL to the general anti spam
community as soon as possible.
However, in order to do this we would need to deploy more DNS mirrors or we
risk providing a poor service due to the amount of DNS traffic
On 2/27/2010 6:42 PM, João Gouveia wrote:
Hi Bill,
- Bill Landryb...@inetmsg.com wrote:
On 2/27/2010 5:35 PM, João Gouveia wrote:
Hi all,
we are aiming to provide free usage of our DNSBL to the general anti
spam community as soon as possible.
However, in order
Mark Martinec wrote:
On Thursday 28 January 2010 14:40:56 Graham Murray wrote:
Since upgrading to SA 3.3.0, botnet (version 0.8) is showing a false
positive on every email I receive via IPv6.
Has anyone contacted the author?
As most here on the list know: Good luck with that. From what
LuKreme wrote:
On 9-Jan-2010, at 21:23, Rosenbaum, Larry M. wrote:
It's the number of seconds since the epoch (Jan 1, 1970). One easy way to
convert it to a readable time is
# perl -e 'print scalar localtime 1263044805, \n'
Sat Jan 9 08:46:45 2010
Or even simpler:
perl -le 'print
Rosenbaum, Larry M. wrote:
-Original Message-
From: Bill Landry [mailto:b...@inetmsg.com]
Sent: Sunday, January 10, 2010 12:42 PM
To: users@spamassassin.apache.org
Subject: Re: About upgrading
LuKreme wrote:
On 9-Jan-2010, at 21:23, Rosenbaum, Larry M. wrote:
It's the number
Christian Brel, AKA rich...@buzzhost.co.uk (among other aliases), is
back...
Bill
Ralf Hildebrandt wrote:
* Benny Pedersen m...@junc.org:
On tir 10 nov 2009 15:26:43 CET, rich...@buzzhost.co.uk wrote
Please keep this in your mind in future before trotting out that tired
old gas.
imho Ralf have never being banned in maillist here, if you dont like
his answers just
Just FYI, in case you might be using the Karmasphere plug-in with
Spamassassin.
Bill
Original Message
Subject: ** IMPORTANT: Karmasphere Reputation Service End of Life ***
Date: Mon, 2 Nov 2009 19:31:55 + (GMT)
From: D J Stewart d...@karmasphere.com
To:
John Hardin wrote:
On Fri, 2 Oct 2009, Igor Bogomazov wrote:
whitelist_from_rcvd s...@domain.mail prefix.domain.mail
doesn't work.
I've checked rDNS of the prefix.domain.mail with 'host' utility - it's
all right.
You don't check rDNS using host, you check it using dig -x
On Tue, 2009-09-15 at 18:34 -0400, Charles Gregory wrote:
I had considered this, but another poster made the worthy point that
the (ab)user in question was likely the sort to get another fake address
just so they could keep posting their crud. Sometimes 'ignore them' is
the
simplest and best
On Tue, 2009-09-15 at 18:34 -0400, Charles Gregory wrote:
I had considered this, but another poster made the worthy point that
the (ab)user in question was likely the sort to get another fake
address
just so they could keep posting their crud. Sometimes 'ignore them' is
the
simplest and
Karsten Bräckelmann wrote:
On Tue, 2009-09-15 at 16:36 -0700, Bill Landry wrote:
Yes, the buzzard has also displayed the same abusive nature under his
other email address many times in the past. He uses the same email client
(X-Mailer: Evolution 2.24.3), the same reference in his Message-Id
Clunk Werclick wrote:
On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
If the OP cannot refrain from that sort of foul language when
presented with counter arguments then please ban. The list would be
far happier IMHO.
Based on his reply
On Mon, 14 Sep 2009, Warren Togami wrote:
One thing they all have in common is their registration dates are very
young according to whois lookups. It seems in general if we had a
reliable way to lookup domain age we might be able to differentiate
spam.
What's the current status of the Day
--[ UxBoD ]-- wrote:
- Clunk Werclick mailbacku...@googlemail.com wrote:
| On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
| - Benny Pedersen m...@junc.org wrote:
|
| | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
| | So how far does someone have to go before
Clunk Werclick wrote:
On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote:
- Clunk Werclick mailbacku...@googlemail.com wrote:
| On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
| - Benny Pedersen m...@junc.org wrote:
|
| | On man 14 sep 2009 16:54:39 CEST, Bill Landry
Giampaolo Tomassoni wrote:
Are you experiencing the same?
Some of them are even sleeping through FuzzyOcr. Any tuning to suggest?
Yes, shake them as they are passing through FuzzyOcr, that should wake
them up so that FuzzyOcr can detect them as they pass through... ;-)
Bill
mouss wrote:
Mailman has specific functionality to remove signature headers so
that the message can be resigned as it's sent out.
which doesn't help, because if I get mail claiming to come From:
mo...@netoyen.net, yet it doesn't have a sig of mine, I don't
really care if some fancy mailman
ram wrote:
On Mon, 2009-06-15 at 15:35 +1000, Con Tassios wrote:
On Mon, 15 Jun 2009, Chip M. wrote:
DOB (Day Old Bread) had the same problem last year:
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200810.mbox/%3cva.33f1.14690...@news.conactive.com%3e
With software bugs,
Bill Landry a écrit :
Res wrote:
On Sat, 13 Jun 2009, Charles Gregory wrote:
On Sun, 14 Jun 2009, Res wrote:
Though now its Sunday, I have socialising to do, and none of that
includes sitting on mailing lists listening to cry babies who expect
people involved in OSSP's to drop everything
Res wrote:
On Sat, 13 Jun 2009, Charles Gregory wrote:
On Sun, 14 Jun 2009, Res wrote:
Though now its Sunday, I have socialising to do, and none of that
includes sitting on mailing lists listening to cry babies who expect
people involved in OSSP's to drop everything and be their servants.
David Gibbs wrote:
mouss wrote:
- mail admin at example.com configures his mail system to sign all
outbound mail with DKIM
- he rejects any mail with a From: in his domain if it doesn't have a
valid DKIM signature
- j...@example.com posts to a list that appends a footer (or munges the
David Gibbs wrote:
Bill Landry wrote:
This may be true if the sender were adding the footer before signing and
sending the message to the list. However, not true if it's the mailing
list that is adding the footer after the original sender has already
signed the message.
As I understand
Chris Owen wrote:
On Jun 14, 2009, at 8:10 PM, Bill Landry wrote:
Mailman has specific functionality to remove signature headers so
that the message can be resigned as it's sent out.
If that happens then the message is no longer signed by the original
sender, but rather by the mailing
I just love these kinds of responses (talk about 5yo tantrums), as they
only server to prove my point about your credibility and the value of
your opinions. Thank you! :-)
Bill
Res wrote:
On Thu, 11 Jun 2009, Bill Landry wrote:
I'm sure John might be happier to stay awake later and work
Res wrote:
No because I seem to have reliable DNS and have never exhibited the issue.
Oh, and if in fact you really had a clue, you would know that DNS
reliability has absolutely nothing to do with this issue... ;-)
Bill
John Rudd wrote:
Further, Bill, I don't answer to you for my time constraints. Now
quit your whining and put your money where your mouth is. If it's so
important, then provide a fix that replaces Net::DNS with SA's
internal DNS routines, and I'll use it. If it's not important enough
to
Benny Pedersen wrote:
On Sat, June 13, 2009 14:31, Bill Landry wrote:
However, if
you are willing to release something to the open source community, you
should also be willing to take on the responsibility of providing
ongoing support for it.
who says that ?, i have maybe missunderstod gpl
Res wrote:
On Sat, 13 Jun 2009, Bill Landry wrote:
I just love these kinds of responses (talk about 5yo tantrums), as they
only server to prove my point about your credibility and the value of
your opinions. Thank you! :-)
truth hurts dont it landry, just like i tell those who demand
McDonald, Dan wrote:
On Wed, 2009-06-10 at 21:40 -0700, John Rudd wrote:
On Wed, Jun 10, 2009 at 21:11, Bill Landryb...@inetmsg.com wrote:
Jake Maul wrote:
Interesting that I'm just now running into this... I've been using
Botnet on this server for several months without issue.
Thanks for
I've had no trouble with Botnet timeouts, but just now patched anyway,
to avoid any potential trouble. I, and many others appreciate how
responsive you've been with your sanesecurity work, but not everyone has
the same resources.
Whenever I install GNU free software, I have to remember this.
Well I suppose you could always take the product that you dislike so
badly back to the store and ask for a refund of your purchase price.
Sometimes it really amazes me how much, and how severely, some people
will gripe about free products that exist only because other people
volunteer their
This issue has been unresolved for way too long. All of this, in my
mind, this makes the plugin orphaned and unusable if not patched with
Mark's patch.
Actually it's a patch by Daniel J McDonald from 2007-06-15.
I just refreshed it for 0.8 and reposted it two months later.
Credits where
Jake Maul wrote:
Interesting that I'm just now running into this... I've been using
Botnet on this server for several months without issue.
Thanks for the link, shorter timeouts should cure it. :)
Even though Mark Martinec had provided John Rudd with a nice, neat patch
for botnet.pm well
John Rudd wrote:
On Wed, Jun 10, 2009 at 21:11, Bill Landryb...@inetmsg.com wrote:
Jake Maul wrote:
Interesting that I'm just now running into this... I've been using
Botnet on this server for several months without issue.
Thanks for the link, shorter timeouts should cure it. :)
Even though
I'm not sure the purpose is of this kind of email, as the links are not
clickable, even though they appear to be. The message scored high, but
wondering what others think about this one:
http://pastebin.com/m74dd8503
Is it simply a poorly written piece of vbscript that could be dangerous
if
Kurt Buff wrote:
On Sun, May 17, 2009 at 16:23, Bill Landry b...@inetmsg.com wrote:
I'm not sure the purpose is of this kind of email, as the links are not
clickable, even though they appear to be. The message scored high, but
wondering what others think about this one:
http
LuKreme wrote:
On 17-May-2009, at 06:32, Yet Another Ninja wrote:
On 5/17/2009 2:09 PM, LuKreme wrote:
On 16-May-2009, at 21:25, Bill Landry wrote:
LuKreme wrote:
grep EMAILBL /var/log/maillog.1 | grep -v is spam | wc -l
??
How is that going to work if you are telling grep to output
LuKreme wrote:
On 16-May-2009, at 02:43, Yet Another Ninja wrote:
On 5/13/2009 9:33 AM, Yet Another Ninja wrote:
Assuming Henrik may appreciate some stats, even if minimal like below:
Yesterday's hits:
grep EMAILBL/var/log/maillog.1 | wc -l
1263
Friday's count:
grep 'is spam'
Henrik K wrote:
When I run spamassassin --lint no problems are reported. Any thoughts
on why this is happening only when updating the sought rules?
It seems sa-update only lints the directory that it downloaded, thus no
freemail_domains cf is ever seen. I've now reduced the warning when
Hi Henrik,
I've revamped fully the old code. Works still the same, but has some new
functions. It's also a bit more careful when parsing body (new parser,
emails inside are ignored, as well ones inside urls etc), so it might
even reduce FPs and add hits, who knows.
Domains are now
Bill Landry wrote:
Hi Henrik,
I've revamped fully the old code. Works still the same, but has some new
functions. It's also a bit more careful when parsing body (new parser,
emails inside are ignored, as well ones inside urls etc), so it might
even reduce FPs and add hits, who knows
Ok, this horse is not only dead, but it's been totally pulverized. Can
we now please kill this ridiculously drawn-out thread - or maybe it can
be taken off-line by those that wish to continue this diatribe?
Thanks!
Bill
Bill Landry wrote:
I do a sought rules update once per day using sa-update, but today I
am seeing:
http: request failed: 500 read timeout: 500 read timeout
channel: could not find working mirror, channel failed
I cannot access the site via web browser either. Just curious if anyone
Igor Chudov wrote:
OK, dumb question, how would I implement greylisting (I have Ubuntu)
That depends on what MTA you are using. Most greylisting is performed
by milters or, if using Postfix, policy delegation. Check your MTA's
web site, they will usually advise you on how to implement
Matus UHLAR - fantomas wrote:
On 22.04.09 13:39, Benny Pedersen wrote:
still running here as server and client
On 24.04.09 15:19, Matus UHLAR - fantomas wrote:
client only here. searching for PYZOR string in SA logs didn't findanything
for last two days (gotta re-check).
seems I will turn
Hi Folks,
Sorry for the cross-postings, but I wanted to try an reach as many
people that uses the unofficial-clamav-sigs script as possible.
I have been asked by some package and port maintainers to rename the
script and tarball to better support their efforts to package the script
for
I do a sought rules update once per day using sa-update, but today I
am seeing:
http: request failed: 500 read timeout: 500 read timeout
channel: could not find working mirror, channel failed
I cannot access the site via web browser either. Just curious if anyone
else seeing this, as
Karsten Bräckelmann wrote:
On Wed, 2009-04-22 at 10:47 -0700, Bill Landry wrote:
I do a sought rules update once per day using sa-update, but today I
am seeing:
http: request failed: 500 read timeout: 500 read timeout
channel: could not find working mirror, channel failed
Updated
mouss wrote:
Bill Landry a écrit :
Karsten Bräckelmann wrote:
On Wed, 2009-04-22 at 10:47 -0700, Bill Landry wrote:
I do a sought rules update once per day using sa-update, but today I
am seeing:
http: request failed: 500 read timeout: 500 read timeout
channel: could not find working
stefan novak wrote:
I've updatet the file with the headers:
http://pastebin.com/m6e31520c
Scored high here:
Content analysis details: (32.9 points, 10.0 required)
pts rule name description
--
--
3.5
John Rudd wrote:
I know there used to be a nice convenient set of RBL's based upon
countries, such that you could easily track an IP address back to
which country it came from. But, IIRC, that RBL went under.
1) Does anyone know of a convenient command line tool (perl library
being ideal)
John Rudd wrote:
I know there used to be a nice convenient set of RBL's based upon
countries, such that you could easily track an IP address back to
which country it came from. But, IIRC, that RBL went under.
1) Does anyone know of a convenient command line tool (perl library
being ideal)
alexus wrote:
I have maildrop installed on my system and I was thinking to enable a
global rule among of all my maildrop users
where all emails that have score 5.0 and higher would move into junk
e-mail folder, and rest should go to INBOX as it was in the past
can someone help me out with
Dennis German wrote:
Attempting to see how spamassassin would score a message
I tried
spamassassin lottery.msg
[32179] warn: config: could not find site rules directory
check: no loaded plugin implements 'check_main': cannot scan! at
Gene Heskett wrote:
Using cpan, trying to install Net::Ident (the other bits except razor were
nominal from the same source)
Checking for Apache.pm... not found
Writing Makefile for Net::Ident
cp Ident.pm blib/lib/Net/Ident.pm
Manifying blib/man3/Net::Ident.3pm
Dirk Bonengel wrote:
Hello all,
just to make it official: he iXhash plugin has now reached version
1.5.5. Recent changes are:
- Adam Stephens noted that hash#3 would be checked even though it ahd
not been computed in the first place.
In other words: Hash #2 would be checked against twice.
Rosenbaum, Larry M. wrote:
From: Daryl C. W. O'Shea [mailto:spamassas...@dostech.ca]
Sent: Saturday, December 20, 2008 2:48 AM
On 19/12/2008 5:40 AM, Marcin Krol wrote:
Daryl C. W. O'Shea wrote:
do it all at once. See my SARE sa-update page for details:
LuKreme wrote:
On 9-Dec-2008, at 08:15, Karsten Bräckelmann wrote:
On Tue, 2008-12-09 at 08:51 +, Nigel Frankcom wrote:
I haven't seen an update from sa-update in months. What version is
current?
Nigel, Chris wasn't talking about the stock rule-set, but the
third-party JM_SOUGHT rules.
Giampaolo Tomassoni wrote:
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2008 12:04 AM
it's WORKING
Well,
it hangs my SA 3.2.4 setup on waiting for a reply from ctyme.ixhash.net .
The strange thing is that it consumes a lot
Marc Perkel wrote:
Bill Landry wrote:
Giampaolo Tomassoni wrote:
-Original Message-
From: Marc Perkel [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 03, 2008 12:04 AM
it's WORKING
Well,
it hangs my SA 3.2.4 setup on waiting for a reply from
Rose, Bobby wrote:
Has anyone who switched to 1.5 of iXHash received any hits? I haven't seen
any since switching. One thing that I've noticed is if I pass the same
message thru SA using the old iXhash, the hash is computed via Method 1 and
2, if I use 1.5 of iXhash, it's only computed
Bill Landry wrote:
mouss wrote:
Bill Landry wrote:
I've posted a short pharma spam message to:
http://www.inetmsg.com/spam.txt
and debug output to:
http://www.inetmsg.com/sa-debug.txt
It displays a single URI linked line in an e-mail client that only
displays: Please visit our shop
Found this posted on another list, thought others here might find this
of interest, as well.
Major Source of Online Scams and Spams Knocked Offline:
http://voices.washingtonpost.com/securityfix/2008/11/major_source_of_online_scams_a.html
SpamCop.net - Total spam report volume:
I've posted a short pharma spam message to:
http://www.inetmsg.com/spam.txt
and debug output to:
http://www.inetmsg.com/sa-debug.txt
It displays a single URI linked line in an e-mail client that only
displays: Please visit our shop. There seems to be something about
the URI in the message
mouss wrote:
Bill Landry wrote:
I've posted a short pharma spam message to:
http://www.inetmsg.com/spam.txt
and debug output to:
http://www.inetmsg.com/sa-debug.txt
It displays a single URI linked line in an e-mail client that only
displays: Please visit our shop. There seems
Micah Anderson wrote:
I keep getting hit by phishing attacks, and they aren't being stopped by
anything I've thrown up in front of them:
postfix is doing:
reject_rbl_client b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client
Here are some stats for this past weekend comparing Pyzor to other hash
tests:
36 CTYME_IXHASH
38 HOSTEUROPE_IXHASH
92 GENERIC_IXHASH
129 NIXSPAM_IXHASH
218 RAZOR2_CF_RANGE_E4_51_100
256 PYZOR_CHECK
388 RAZOR2_CF_RANGE_E8_51_100
411 RAZOR2_CF_RANGE_51_100
Forgot to include Karmasphere:
160 KARMA_CONTENT_NEGATIVE
210 KARMA_CONNECT_NEGATIVE
Bill
Bill Landry wrote:
Here are some stats for this past weekend comparing Pyzor to other hash
tests:
36 CTYME_IXHASH
38 HOSTEUROPE_IXHASH
92 GENERIC_IXHASH
129
Chris wrote:
I've changed the ixhash.cf per Dirk's instructions, the whole error is:
[15617] warn: rules: failed to run CYTME_IXHASH test, skipping:
[15617] warn: (Can't locate object method check_ixhash via package
Mail::SpamAssassin::PerMsgStatus at (eval 1500) line 1450.
[15617] warn:
Steven Stern wrote:
I'm getting the following error from various perl programs:
$sa-update
Use of uninitialized value in concatenation (.) or string at
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/Scalar/Util.pm line 30.
OK... maybe we need an update:
[EMAIL PROTECTED] ~]# perl -MCPAN
Nigel Frankcom wrote the following on 10/21/2007 11:22 PM -0800:
On Sat, 20 Oct 2007 23:27:41 -0500, Igor Chudov [EMAIL PROTECTED]
wrote:
I was looking at this article
http://en.wikipedia.org/wiki/E-mail_spam
It claims that only five countries are hosting 99.68% of the global
spammer
JP Kelly wrote the following on 10/21/2007 11:41 AM -0800:
this looks interesting to me as well
i am a little confused about how to use/install it
on the page you provided a link to it says under USAGE to add the
following to your local.cf file
loadplugin
Igor Chudov wrote the following on 10/20/2007 9:27 PM -0800:
I was looking at this article
http://en.wikipedia.org/wiki/E-mail_spam
It claims that only five countries are hosting 99.68% of the global
spammer websites, of which the foremost is China, hosting 73.58% of
all web sites
[EMAIL PROTECTED] wrote the following on 10/18/2007 11:01 PM -0800:
Check your $HOME for an ever growing ~/razor-agent.log apparently
brought in by sa-update two days ago, which will one day fill your
disk, according to a web search.
How to tell it that just like the other 99% of
Kris Deugau wrote:
Mikael Syska wrote:
I'm not sure about all the diff black list options ... but I guess it
would be rather easy to test it .
header RCVD_IN_LASHBACK eval:check_rbl('LASHBACK','ubl.unsubscore.com')
describe RCVD_IN_LASHBACK lashback
tflags RCVD_IN_LASHBACK net
score
Dan Mahoney, System Admin wrote:
On Mon, 8 Oct 2007, Rob McEwen wrote:
Therefore, I recommend that you re-think your choices here! Don't let
your quest for guaranteed long-term perfection keep you from making
**substantial** progress today!
Rob,
Then help rally the SA team to include
Saw this posted on another list:
http://sunbeltblog.blogspot.com/2007/10/botmaster-busted.html
United States Attorney McGregor W. Scott announced today the arrest of GREG
KING, 21, of Fairfield, California, and...
Tim Litwiller wrote:
We are running spamassassin on a Dual processor P4 Dell.
How can I make sure that spamassassin is using both processors. Top is
showing spamd using between 39% and 89% of the processor constantly.
there are times during the day when we are processing 1800+ email per
j o a r wrote:
On 27 aug 2007, at 21.20, Kai Schaetzl wrote:
That's wrong. Even if all servers in the world would check SPF you would
achieve *nothing* as the big majority of mail doesn't have anything to
check.
Why would I, as a SPF publishing domain owner, care if they have
Marc Perkel wrote:
Jo Rhett wrote:
On Aug 21, 2007, at 11:17 AM, Duane Hill wrote:
On Tue, 21 Aug 2007 at 11:03 -0700, [EMAIL PROTECTED]
confabulated:
It seems to mostly help when it drops the message into a file for
clamav to scan.
Is that using the ClamAV plugin or outside of SA
Rick Zeman wrote:
From: Jiyoon franc [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: The poor man' -- Koroviev let some tremor into his voice and
pointed to Behemoth, who immediately concocted a woeful physiognomy - 'the
poor man spends all day reparating primuses.
Date: Fri, 17 Aug 2007
Jason Bennett wrote:
Over the past few days, I’ve been seeing a ton of spam with every second
letter replace with punctuation or other symbol that are getting past SA.
Are there any Rulesets out there that can take care of this? I am using SARE
and most of the SA plugins. You can see a
Michael Scheidell wrote:
Here is what I found out:
You only need the DKIM SpamAssassin plugin activated (you don't need the
DomainKeys plugin) BUT, you need BOTH Mail-DKIM ( .20) perl AND
Mail-DomainKkeys perl functions loaded.
I suppose the SA DKIM plugin works for both.
(I am not sure
Michael Scheidell wrote:
-Original Message-
From: Bill Landry [mailto:[EMAIL PROTECTED]
Sent: Monday, July 23, 2007 8:56 AM
To: Michael Scheidell
Cc: users@spamassassin.apache.org
Subject: Re: Solved: Was: DKIM vs DomainKeys plugins
Michael Scheidell wrote:
Here is what I found
1 - 100 of 220 matches
Mail list logo
