319
>
> "Announcement: We will be publishing a #Femism blacklist to help
> responsible network administrators block undesirable content. A
> blacklist of Feminist websites promoting the feminist, anti male
> agenda."
>
> Caveat Emptor. And it's Feminism, not
; Use tools like http://enc.com.au/itools/inetnum.php and
> http://enc.com.au/itools/person.php to do that.
whois will also tell you.
/Per Jessen, Zürich
franc wrote:
>
>> You may setup a regexp rule in the /etc/local.cf file of your SA
>> installation
>
> Could you give me an example, or where to find one? In the local.cf i
> don't find RegExp-sections.
body FRANCS_RULE /regexp/
/Per Jessen, Zürich
Giles Coochey wrote:
> On Thu, September 16, 2010 15:57, Martin Gregorie wrote:
>> On Thu, 2010-09-16 at 13:36 +0200, Giles Coochey wrote:
>>> On Thu, September 16, 2010 13:28, Martin Gregorie wrote:
>>> > On Thu, 2010-09-16 at 07:28 +0200, Per Jessen wrote:
>&g
>
> What's wrong with querying the public servers?
Sounds more like he wants to do this as an exercise - selven, you could
always rsync the uceprotect lists, if those are useful to you.
/Per Jessen
.
106.42.49.65.dnsbl.sorbs.net has address 127.0.0.10
127.0.0.10 -> dynamic address
Something's clearly not quite right at SORBS.
/Per Jessen, Zürich
but to avoid having the need to
be.
> It's really a case of actions have consequences. Not careful in your
> output, don't expect any sympathy.
Well, in this case, SORBS screwed up royally, so consequence = don't use
them?
/Per Jessen, Zürich
corpus.defero wrote:
> On Fri, 2010-10-08 at 20:13 +0200, Per Jessen wrote:
>> corpus.defero wrote:
>>
>> > On Thu, 2010-10-07 at 08:56 -1000, Alexandre Chapellon wrote:
>> >> Indeed no IP should be blacklisted undefinitely... at least
>> >> withou
corpus.defero wrote:
> This is all OT for a Spamassassin. If you want to bitch about
> blocklists why not do it on SPAM-L or at NANAE?
I'm not bitching about anything.
/Per Jessen, Zürich
and begs for an RFC.
http://www.roaringpenguin.com/draft-dskoll-reputation-reporting-01.txt
/Per Jessen, Zürich
just very slow responses. If you run a message through
spamassassin with -D, you'll be able to see.
> The system is a basic Linode running Ubuntu Linux 8.04 with 512M of
> memory.
How many CPUs/cores?
> I would like to adjust appropriately
>
> Number of Max Children
5 is
p.
>
>> The system is a basic Linode running Ubuntu Linux 8.04 with 512M of
>> memory.
>
> As already proposed, I'd definitely try to raise the system memory.
We have no data on the memory utilization on the OPs system, but two
spamd instances in 512M leaves plenty of room.
/Per Jessen, Zürich
able to have this one particular user have max
> number of spamd connections. And, if possible and effective, increase
> the max number of children to 8 - 10.
10 children on 512M is probably a little much, my spamd instances have a
footprint of about 60Mb each.
/Per Jessen, Zürich
t up in
postfix.
/Per Jessen, Zürich
I got the following reject this morning:
: host mail.example.com[1.2.3.4] said: 550 Dynamic
Style reverse DNS IP=[212.25.14.40].Rejected by MagicSpam 1.0.4-9.1
(http://www.magicspam.com/).
Do a reverse look up of 212.25.14.40, and you'll see that it's perfectly
alrig
Matus UHLAR - fantomas wrote:
> On 10.11.10 08:23, Per Jessen wrote:
>> I got the following reject this morning:
>>
>> : host mail.example.com[1.2.3.4] said: 550
>> Dynamic
>> Style reverse DNS IP=[212.25.14.40].Rejected by MagicSpam
>>
Lee Dilkie wrote:
>
> On 11/10/2010 6:32 AM, Michael Scheidell wrote:
>> On 11/10/10 2:45 AM, Matus UHLAR - fantomas wrote:
>>> On 10.11.10 08:23, Per Jessen wrote:
>>>> I got the following reject this morning:
>>>>
>>>> : host mail.ex
Per Jessen wrote:
> I got the following reject this morning:
>
> : host mail.example.com[1.2.3.4] said: 550
> Dynamic
> Style reverse DNS IP=[212.25.14.40].Rejected by MagicSpam
> 1.0.4-9.1 (http://www.magicspam.com/).
>
>
> Do a reverse look up of 212.25
Michelle Konzack wrote:
> 300-500 INVITE spams per day from more than 400 socialnetworks
> worldwide is realy annoying or better, I would call it terrorism.
Just reject them all?
/Per Jessen, Zürich
r via a debian list. debian
> lists are open (no subscription required) and thus attract a lot of
> spam.
And whilst invitations such as those broadcasted are annoying, they're
not _really_ spam, are they?
/Per Jessen, Zürich
dkim signature.
>
> now the question is, if we know it's an linkedin invitation, if we
> need to verify DKIM at all ;)
>
>> mouss wrote:
>> > the sample posted by Michelle came to her via a debian list. debian
>> > lists are open (no subscription requi
Matus UHLAR - fantomas wrote:
>> Michelle Konzack wrote:
>>
>> > 300-500 INVITE spams per day from more than 400 socialnetworks
>> > worldwide is realy annoying or better, I would call it terrorism.
>
> On 12.12.10 22:03, Per Jessen wrote:
>> Just
Matus UHLAR - fantomas wrote:
>> >> Michelle Konzack wrote:
>> >> > 300-500 INVITE spams per day from more than 400 socialnetworks
>> >> > worldwide is realy annoying or better, I would call it
>> >> > terrorism.
>> >
&g
Michelle Konzack wrote:
> Hello Per Jessen,
>
> Am 2010-12-12 22:03:34, hacktest Du folgendes herunter:
>> Michelle Konzack wrote:
>>
>> > 300-500 INVITE spams per day from more than 400 socialnetworks
>> > worldwide is realy annoying or better, I woul
" and whose URL goes through the motions but doesn't
> actually unsubscribe you.
+1.
/Per Jessen, Zürich
I think I must have asked this before, so I must have forgotten the
answer - is there any way of distinguising between "DKIM verification
negative" and "DKIM could not verify"?
/Per Jessen, Zürich
ut the case of rejecting/scoring obviously forged senders?
I.e. "from-address = facebook.com" and "dkim verification completed,
but failed". That is a pretty good reason for a high score or a
reject, whereas "from-address = facebook.com" and "dkim verification
failed (temp DNS issue)" isn't.
/Per Jessen, Zürich
Mark Martinec wrote:
> On Wednesday December 29 2010 20:05:20 Per Jessen wrote:
>> How about the case of rejecting/scoring obviously forged senders?
>> I.e. "from-address = facebook.com" and "dkim verification completed,
>> but failed". That is a
re as long as they can write emails and address them
to people the way they are used to, i.e. using their local alphabet.
They get confused when they can't, but that is of course something you
can get used to.
/Per Jessen, Zürich
Any ideas?
The fe80: address is link-local, to use it you have to specify the
interface as well. In a browser, you could do that like this:
http://[fe80::20c:29ff:fe28:8af%eth0]
You could try the same syntax with spamc - the %device is a glibc
extension, it might work.
/Per Jessen, Zürich
Per Jessen wrote:
> The fe80: address is link-local, to use it you have to specify the
> interface as well. In a browser, you could do that like this:
>
> http://[fe80::20c:29ff:fe28:8af%eth0]
>
> You could try the same syntax with spamc - the %device is a glibc
> ext
generated by XSLT based on this input:
Other "popular" short tags:- I don't think we should
be judging those to be unbalanced HTML tags.
/Per Jessen, Zürich
Lawrence @ Rogers wrote:
> On 27/01/2011 4:15 AM, Per Jessen wrote:
>> I've just been looking at a mail that got a hit on
>> HTML_TAG_BALANCE_HEAD due to this:
>>
>> > "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd";> > xmlns="
; I believe that the behavior of HTML_TAG_BALANCE_HEAD is valid in this
> case, as is invalid HTML (despite what the validator says) and
> should not be used by anyone.
True, but html_eval_tag() will fire on _any_ short tag.
/Per Jessen, Zürich
Lawrence @ Rogers wrote:
> On 27/01/2011 5:36 PM, Per Jessen wrote:
>>
>>> I believe that the behavior of HTML_TAG_BALANCE_HEAD is valid in
>>> this case, as is invalid HTML (despite what the validator
>>> says) and should not be used by anyone.
>>
>&
Lawrence @ Rogers wrote:
> OT: I am curious to know why the W3C Validator considers to be
> valid, when it goes against every bit of documentation from them I've
> ever read.
It also thinks these are fine:
See http://www.jessen.ch/shorttagstest.html
/Per Jessen, Zürich
4
> Address Space Registry.
The bogon list is now fixed:
0.0.0.0/8
10.0.0.0/8
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.168.0.0/16
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/3
See
https://datatracker.ietf.org/doc/draft-vegoda-no-more-unallocated-slash8s/
/Per Jessen, Zürich
pt is probably a good place to start. Look
for 'defaults'.
/Per Jessen, Zürich
uot;default" MX is the A-record for the domain.
/Per Jessen, Zürich
and how to
get listed is very, very obvious. There are lots of lists where both
are a lot less obvious.
/Per Jessen, Zürich
uld publish a list
of "excused" or whitelisted domains, i.e. domains for whom it is deemed
reasonable to violate the criteria, but this would require rfc-ignorant
to apply judgement, something I would rather be without.
/Per Jessen, Zürich
same everywhere. Far from it. The
Urheberrecht in e.g. Germany and Switzerland is quite different. I
doubt if anyone here would be able to claim Urheberrecht for an email.
/Per Jessen, Zürich
ve set your own expiration date, as have I - much better, imho.
/Per Jessen, Zürich
the US also.
>
>> If I just send you an email
>> saying "pay me back my $200 you stupid bastard", it doesn't make it a
>> copyrighted work.
>
> It depends on how you say it. The above statement isn't original
> so because of that alone it's not creative.
So how can an email be automatically copyrighted when its originality
depends on the contents?
/Per Jessen, Zürich
hing right in outgoing spam
>> prevention.
>>
>> Warren
>>
>
> Exactly.
>
> If Google can manage to do a pretty good job then it just tells me
> Microsoft and Yahoo don't care.
Google does happen to own Postini.
/Per Jessen, Zürich
rday around 10:00UTC, but
left out "!(__FROM_DNS || __FROM_INFO || __SENDER_BOT)". Sofar I have
not seen a single hit.
/Per Jessen, Zürich
with email, it should be
> killed by parrent proccess.
Have you looked at what spamd is doing when it so busy?
/Per Jessen, Zürich
Marcin Mirosław wrote:
> W dniu 30.03.2011 14:06, Per Jessen pisze:
>> Have you looked at what spamd is doing when it so busy?
>
> Did You mean "spamd child"? At this moment bayes engine do very hard
> work with email.
Yes, I meant the child - obviously, it sounds
Marcin Mirosław wrote:
> W dniu 30.03.2011 15:47, Per Jessen pisze:
>> Yes, I meant the child - obviously, it sounds as if it's a problem in
>> the bayes processing. I don't use SA bayes, but that problem ought
>> to be investigated first before we look at work-ar
Marcin Mirosław wrote:
> W dniu 30.03.2011 16:21, Per Jessen pisze:
>> Well, isn't the behaviour you're seeing working-as-expected then? If
>> it was an indefinite loop, setting up a time-out would be a possible
>> work-around. If the bayes code is doing what it
cted to take the cake, seem to be
> limited to 35 or so letters.
From:
http://german.about.com/library/blwort_long.htm
Rindfleischetikettierungsüberwachungsaufgabenübertragungsgesetz
Donaudampfschiffahrtselektrizitätenhauptbetriebswerkbauunterbeamtengesellschaft
/Per Jessen, Zürich
ks? I agree that it has to be
possible to stop SA (or whoever it is) from making those lookups, but
until you've cured the problem, a local authoritative nameserver will
at least deal with the symptoms.
/Per Jessen, Zürich
Is there a way to write a header test on the mime-decoded contents of
Subject: ?
AFAICT, a test such as :
header __BLURP Subject =~ /[^\s]{60}/
works on the mime-encoded Subject, not the decoded version?
/Per Jessen, Zürich
vers that don't do retries - usually unpatched Exchange 2003
servers.
Apart from those, I hardly ever touch any of the greylisting setup. I
don't greylist everything though, maybe that is the difference.
/Per Jessen, Zürich
00 different
>> recipients. Sending to 100 recipients is like a DoS.
>
> That's a bad design. Our system can accept mail to multiple
> recipients with individual filtering and without running many
> SpamAssassin processes in parallel. It can be done.
Sure, it's only a question of queueing.
/Per Jessen, Zürich
David F. Skoll wrote:
> On Tue, 17 May 2011 09:46:09 +0200
> Per Jessen wrote:
>
>> The main/only problem I have with greylisting are otherwise legit
>> servers that don't do retries - usually unpatched Exchange 2003
>> servers.
>
> I've never s
Mark Martinec wrote:
> David F. Skoll wrote:
>> That's a bad design. Our system can accept mail to multiple
>> recipients with individual filtering and without running many
>> SpamAssassin processes in parallel. It can be done.
>
> Indeed.
>
>
&g
s just being
opportunistic about it and hoping not many recipients will have
individual settings?
/Per Jessen, Zürich
here is always http://countries.nerd.dk - I've been using that in
rbldnsd format for a couple of years.
/Per Jessen, Zürich
Henrik K wrote:
> On Sun, Jun 19, 2011 at 09:33:19AM +0200, Per Jessen wrote:
>> Benny Pedersen wrote:
>>
>> > 2011/5/25 Henrik K :
>> >>
>> >> If you are using RelayCountry plugin, you are most likely using
>> >> almost two years
rules
for logically combining rules with 'and' and 'or'. See "man
Mail::Spamassassin::Conf".
/Per Jessen, Zürich
en the INSERT
>>command *MUST FAIL* for me to trust the DB.)
>
> 2003-02-31 is INVALID date and therefore inserting it into the
> database and selecting back CAN NOT return the same data. If you want
> to get the same result, use (VAR)CHAR instead of date.
>
> ... again, does this affect BAYES?
Probably not, but David was asked to explain why he was wary of using
mysql, and he did just that.
/Per Jessen, Zürich
Extract original sender and recipients from message. Then resend:
sendmail
If all intended recipients are listed as to: or cc:,
sendmail -t
/Per Jessen, Zürich
ttp://jessen.ch/articles/spamassassin-and-postfix/
/Per Jessen, Zürich
Per Jessen wrote:
> Max Dunlap wrote:
>
>> Haha, I'm sorry I accidently sent a message. But while I'm at it, I
>> was going to ask a question.
>> I just set up a healthy postfix server on ubuntu, I've been looking
>> at the wiki and I'm not sure
Benny Pedersen wrote:
> On Fri, 01 Jul 2011 08:17:59 +0200, Per Jessen wrote:
>
>>> http://jessen.ch/articles/spamassassin-and-postfix/
>> And now it's also _actually_ available, thanks Benny.
>
> the above page still have 403 errors
> http://timian.jessen.
r than having your own
> resolver, and for many different reasons it's how medium to large
> systems should do things.
+1
/Per Jessen, Zürich
the person down. If we log we
>>use hashes to destroy a trackable connection.
>
> I thought that the EU requires providers to log the sender and
> recipient...
http://en.wikipedia.org/wiki/Telecommunications_data_retention#European_Union
/Per Jessen, Zürich
Simon Loewenthal wrote:
> On 08/23/2011 04:37 PM, Per Jessen wrote:
>> Matus UHLAR - fantomas wrote:
>>
>>>> * Marc Perkel :
>>>>> Just sharing some ideas on blocking outbound spam.
>>> On 20.08.11 21:55, Patrick Ben Koetter wrote:
>>
gt; Smaller than or equal to:
>
> header __SUBJ_LE_100 Subject =~ /^.{0,100}$/
For MIME-encoded, does this work on the raw data or the decoded? (raw I
suspect).
/Per Jessen, Zürich
o greylist a subset. Criteria: DNS, HELO, etc.
In my experience, selective greylisting is way more effective than any
RBL.
/Per Jessen, Zürich
t; with updates... It takes 6-8 hourt to get new URIs ito the zone...
>
> I need my own independant working URIBL server where I can add my
> own captured URIs.
That is what is being suggested - follow the guide, but use it for your
own data.
--
Per Jessen, Zürich (1.7°C)
this update is accurate.
Teach yourself a new foreign language in 10 days
Just being curious. Yesterday I got another 10 different domains.
--
Per Jessen, Zürich (5.4°C)
zone "rbl" {
forward first;
forwarders;
}
--
Per Jessen, Zürich (14.5°C)
Robert Schetterer wrote:
> Am 21.03.2012 09:09, schrieb Per Jessen:
>> Has anyone else noticed this stream of new spamvertized domains :
>>
>> http://files.jessen.ch/list-of-new-domains
>>
>> Typically accompanied by messages/subject lines such as:
>>
>
Robert Schetterer wrote:
> Am 22.03.2012 08:23, schrieb Per Jessen:
>> Robert Schetterer wrote:
>>
>>> Am 21.03.2012 09:09, schrieb Per Jessen:
>>>> Has anyone else noticed this stream of new spamvertized domains :
>>>>
>>>> ht
Axb wrote:
> On 03/22/2012 10:19 AM, Per Jessen wrote:
>> Robert Schetterer wrote:
>>
>>> Am 22.03.2012 08:23, schrieb Per Jessen:
>>>> Robert Schetterer wrote:
>>>>
>>>>> Am 21.03.2012 09:09, schrieb Per Jessen:
>>
Robert Schetterer wrote:
> Am 22.03.2012 10:19, schrieb Per Jessen:
> It's also the rate of change that is
>> interesting - I very rarely see two emails with the same link.
>>
>
> one more indicate for a bright planned campaign
> what are they try to push...?
ks, rack rails,
redundant powersupply, RAID controllers etc etc. :-) (e.g. an HP ML580
or -585).
--
Per Jessen, Zürich (15.9°C)
d
(incorrectly) as spam.
Use of this setting is not recommended, since it blindly trusts the
message, which is routinely and easily forged by spammers and phish
senders. The recommended solution is to instead use "whitelist_auth" or
other authenticated whitelisting methods, or "whitelist_from_rcvd".
--
Per Jessen, Zürich (21.1°C)
ishing and can't be trusted not to fall for it. Don't
> whitelist domains unless they are extremely obscure.
>
>> whitelist_from_rcvd is very reliable.
>
> Not if someone sends an email through a different mail system,
I think that is what "whitelist_allows_relays" is intended to take care
of.
--
Per Jessen, Zürich (23.2°C)
ar -
> particularly when taken out context.
>
> What I mean is that if I whitelist a private email address, the
> chances of a spammer ever sending me a spam spoofing that address is
> very small.
Happened to me twice only yesterday - somebody sent me mails appearing
to come from one of m
I noticed one of these in an email from a domain I had tried to
whitelist with "whitelist_from_dkim". Does anyone know the background
on this?
--
Per Jessen, Zürich (16.5°C)
etup work well without using Amavisd?
Yes, it works very well without amavisd:
http://jessen.ch/articles/spamassassin-and-postfix/
(a bit old, but still valid).
--
Per Jessen, Zürich (20.5°C)
Joseph Acquisto wrote:
> Won't make, anyway. Module Net-addr::IP missing. Finding this for
> SuSe seems to be an adventure in itself.
Just install from source.
--
Per Jessen, Zürich (14.6°C)
Joseph Acquisto wrote:
>>>> On 10/9/2012 at 3:02 PM, Per Jessen wrote:
>> Joseph Acquisto wrote:
>>
>>> Won't make, anyway. Module Net-addr::IP missing. Finding this for
>>> SuSe seems to be an adventure in itself.
>>
>> Just install
these
> things? (Why would you use a distro that doesn't?)
SLES does provide all of that, but not necessarily an upgraded
spamassassin, I don't know.
--
Per Jessen, Zürich (15.7°C)
ank page, and other errors. Supposed
> to work seamlessly, since Attachmate deal.
Actually, why don't you try regular SUSE support? It's part of the deal
with SLES. There is also a mailing list:
http://listx.novell.com/mailman/listinfo/suse-sles-e
--
Per Jessen, Zürich (13.8°C)
FYI, see $SUBJ.
--
Per Jessen, Zürich (-0.7°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
dar...@chaosreigns.com wrote:
> On 12/08, Per Jessen wrote:
>> FYI, see $SUBJ.
>
> Much like the 3.2.5 release which that page still unfortunately
> implies is reasonable to use.
>
> I'd love an explanation of a situation where somebody is running
> spamassass
Bob Proulx wrote:
> Per Jessen wrote:
>> dar...@chaosreigns.com wrote:
>> > Much like the 3.2.5 release which that page still unfortunately
>> > implies is reasonable to use.
>> >
>> > I'd love an explanation of a situation where somebody is
nnection
>>refused
>
> This is what e.g. rfci-ignorant or many other rhsbl blacklists are
> for.
rfc-ignorant has gone off-line.
--
Per Jessen, Zürich (7.7°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
Matthias Leisi wrote:
> On Tue, Feb 5, 2013 at 8:27 AM, Per Jessen wrote:
>
>
>> > This is what e.g. rfci-ignorant or many other rhsbl blacklists are
>> > for.
>>
>> rfc-ignorant has gone off-line.
>>
>
> http://www.rfc-ignorant.de/
>
>
Benny Pedersen wrote:
> Per Jessen skrev den 2013-02-05 08:27:
>
>> rfc-ignorant has gone off-line.
>
> thats why i choiced to use reject_unverified_sender in postfix, and
> yes i know it can be abused, but it solves more problems then it
> creates for me
For me that
many other rhsbl blacklists are
>>>for.
>>
>>thay are dead
>
> they are alive on rfc-ignorant.de :-)
>
Resurrected perhaps, but not quite alive.
--
Per Jessen, Zürich (-0.1°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
w pumpndump, loads of cheap loans&mortgages,
flexible hoses, new cars, car lease, learn foreign languages, Ruby
Palace, dating/mating service.
--
Per Jessen, Zürich (10.9°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
ain 99% of those are false positives. Probably a hiccup
on my installation, I was just wondering if anyone else is seeing this?
--
Per Jessen, Zürich (6.3°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
Axb wrote:
> On 03/16/2015 11:05 AM, Axb wrote:
>> On 03/16/2015 10:54 AM, Per Jessen wrote:
>>> I've recently upgraded to SA 3.4.0 - I'm seeing
>>> URI_DOTDOT_LOW_CNTRST scoring on many legitimate mails. E.g. from
>>> linkedin and distrelec.
&g
Axb wrote:
> On 03/16/2015 11:28 AM, Per Jessen wrote:
>> Axb wrote:
>>
>>> On 03/16/2015 11:05 AM, Axb wrote:
>>>> On 03/16/2015 10:54 AM, Per Jessen wrote:
>>>>> I've recently upgraded to SA 3.4.0 - I'm seeing
>>&g
AFAIK, bind does not accept NS records with CNAMEs, only A or
records. It looks like spamhaus updated their nameserver config and
added cloudflare by way of CNAME.
Brgds
Per
--
Per Jessen, Zürich (1.1°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
1 - 100 of 473 matches
Mail list logo