You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jon Fullmer <jo...@jonfullmer.com> on 2004/08/07 16:41:13 UTC
Log, but don't tell
I¹m using sendmail 8.12.11, MIMEDefang 2.44, and SpamAssassin 2.64 running
on Linux.
Right now, I have my action_bounce message including only the total score
[$hits]. This is the way I would like to keep it, as I would rather not
give actual spammers more information to circumvent my system.
However, it would be extremely helpful to me to have not only the $hits
logged, but the $names logged as well. In other words, for users who will
just call me up and say, ³hey, why did my message bounce?², it would be
great if I could match their message in the mail log and see not only the
score, but the $names as well.
Is there a way to do this? I tried to add $names to the md_graphdefang_log
line, but MIMEDefang did not like that.
- Jon
Re: Action_bounce does not bounce! (was Re: Log, but don't tell)
Posted by Lucas Albers <ad...@cs.montana.edu>.
Kelson Vibber said:
> At 07:54 AM 8/7/2004, Michele: Blacknight Solutions wrote:
The mimedefang mailing list might be more appropriate to this sort of
question.
This exact topic has been discussed-asked/answered to death hundreds of
times on the mimedefang mailing list.
Nice of Kelson to answer it though.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
Action_bounce does not bounce! (was Re: Log, but don't tell)
Posted by Kelson Vibber <ke...@speed.net>.
At 07:54 AM 8/7/2004, Michele: Blacknight Solutions wrote:
>On Sat 07 Aug 2004 15:41, Jon Fullmer wrote:
>
> > Right now, I have my action_bounce message including only the total score
> > [$hits]. This is the way I would like to keep it, as I would rather not
> > give actual spammers more information to circumvent my system.
>Are you actually bouncing spam?? Please tell me I misread that
I'm about halfway through the giant thread and no one seems to have brought
this up...
MIMEDefang's action_bounce is misnamed. It does NOT bounce mail. It
issues an SMTP reject.
Someone further upstream might generate a bounce, but the server calling
action_bounce server does not.
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: Log, but don't tell
Posted by Dimitrios <se...@altered.com>.
On Sat, 07 Aug 2004 09:25:46 -0600 "Jon Fullmer" <jo...@jonfullmer.com> wrote:
> (Timidly, Jon answers): uh,... yes?
AAAAAAAAAAAAAAAAAAARRRGGRGRAAAAA !!!!!
oh my god...
please someone explain to him....
Re: Log, but don't tell
Posted by Kris Deugau <kd...@vianet.ca>.
Steven Dickenson wrote:
> Reject at SMTP time.
>
> Exim+Exiscan-ACL does this very well.
This is EXACTLY what MIMEDefang's action_bounce() call does- it issues a
negative response after the DATA segment.
However, if the message is being passed in to your system by a
(relatively) innocent relay server- rather than from direct-to-MX
ratware- that relay will then generate the potentially joe-jobbing DSN.
The way I see it, I've already spent network and processing resources to
accept the message and determine that it's probably spam; I might as
well deliver it somewhere locally and either let the nominally intended
recipient poke through their spam folder if they suspect an FP, or drop
it in a semi-centralized administrative spam folder as a number of
others have suggested.
The only systems I'll actually reject mail from are those that have
consistently shown themselves to be poorly configured in some way- one
system recently got the booby prize of an entry in a server's firewall
because it kept trying to resend the same message once (or more) per
SECOND.
There aren't many of these blocked systems- on the systems I administer
at work, because I work for an ISP and I *MUST* accept a lot of mail I
might not otherwise consider acceptable (and one system is two or three
relays deep inside our network, so rejecting is just silly); and on my
personal server because I've yet to have anyone really piss me off that
far.
-kgd
--
Get your mouse off of there! You don't know where that email has been!
Re: Log, but don't tell
Posted by Steven Dickenson <st...@mrchuckles.net>.
Jon Fullmer wrote:
> I can certainly accept the arguments as to why bouncing would be a bad idea.
> What is the alternative? If the messages are simply dropped, the sender
> (nor the recipient) have any knowledge in the case of a false positive.
Reject at SMTP time.
Exim+Exiscan-ACL does this very well.
Steven
Re: Ot: LuKreme's signature
Posted by John Andersen <js...@pen.homeip.net>.
On Sunday 08 August 2004 12:05 am, Kenneth Porter wrote:
> --On Sunday, August 08, 2004 12:02 AM -0800 John Andersen
>
> <js...@pen.homeip.net> wrote:
> > I mean the thing is huge, (far bigger than the message) and Kgpg
> > doesn't know what to do with the?
>
> True. Over 3k. What's the point of signing list mail anyway?
Beats me, Mine is set up to sign automatically, so it all gets signed.
Actually, there's very little point in signing at all, I just set it
up to get all the pieces working, and left it running.
--
_____________________________________
John Andersen
Re: Ot: LuKreme's signature
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Sunday, August 08, 2004 12:02 AM -0800 John Andersen
<js...@pen.homeip.net> wrote:
> I mean the thing is huge, (far bigger than the message) and Kgpg
> doesn't know what to do with the?
True. Over 3k. What's the point of signing list mail anyway?
Re: Ot: LuKreme's signature
Posted by j o a r <jo...@joar.com>.
It's a standard S/MIME signature. You have support for S/MIME in most
modern email clients, like Netscape/Mozilla, Outlook and Express, Apple
Mail, et.c. I usually try to avoid sending signed messages to list
though. An even better solution is probably to have the mailing list
software strip out attachments.
j o a r
On 2004-08-08, at 10.02, John Andersen wrote:
> Yup, I'm hijacking the thread... (hey, it was dead anyway)
>
> How does one deal with these sigs that come out of
> apple mail?
>
> I mean the thing is huge, (far bigger than the message) and Kgpg
> doesn't know what to do with the?
>
> Hear it is... Huge:, and not published anywhere I can find...
Re: LuKreme's signature
Posted by jdow <jd...@earthlink.net>.
OE 6 is odd about it. When I delete an email it automatically steps
to the next one. If one of his emails comes up that way it is not
handled correctly. I have to click on a .txt file in the header as
an attachment to read the text. If I bring the same message up by
double clicking it from the list of emails it reads just fine. Go
figure. If I only had source.... (I'd probably pi** and moan about
its cruftiness and continue to bi*ch about its behavior.)
{^_^}
----- Original Message -----
From: "Bret Miller" <br...@wcg.org>
To: <sp...@incubator.apache.org>
Sent: Monday, 2004 August, 09 10:47
Subject: RE: LuKreme's signature
> Outlook 2002 processes his signature just fine...
>
> Bret
>
>
> > -----Original Message-----
> > From: John Andersen [mailto:jsa@pen.homeip.net]
> > Sent: Sunday, August 08, 2004 1:03 AM
> > To: spamassassin-users@incubator.apache.org
> > Subject: Ot: LuKreme's signature
> >
> >
> > On Saturday 07 August 2004 11:55 pm, LuKreme wrote:
> >
> > Yup, I'm hijacking the thread... (hey, it was dead anyway)
> >
> > How does one deal with these sigs that come out of
> > apple mail?
> >
> > I mean the thing is huge, (far bigger than the message) and Kgpg
> > doesn't know what to do with the?
> >
> > Hear it is... Huge:, and not published anywhere I can find...
> >
> > MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQ
> > AAoIIGFjCCAs8w
> > ggI4oAMCAQICAwr/VzANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMC
> > MGA1UEChMcVGhh
> > d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcn
> > NvbmFsIEZyZWVt
> > YWlsIElzc3VpbmcgQ0EwHhcNMDMxMDI1MDYyNDQ2WhcNMDQxMDI0MDYyNDQ2Wj
> > BDMR8wHQYDVQQD
> > ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFrcmVtZW
> > xzQGtyZW1lLmNv
> > bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDlLD6HFowlLpEgWS
> > CmZc24i5v+aq4L
> > J1g/GEd81vPngcAMhFQWR4VKCpBxF7FW8JYCmlhy34rPjWJ82dcv+S3C1iWJC5
> > QzLp8bWC3o8lkZ
> > qjhBNZkIsocGRh3n/XR7jfVg9CV69yPdsJXfskriY1ZXgMj2WfmQuJMeADmIJY
> > +wFJevb4ijdbNB
> > DHLQ2Qv5eKDsukga7DkuCWwgNrfDMfrG3SEU0OJLxEhFfU8FPnOx4STAfh3TTa
> > 4xEOQyuLG6RKv1
> > 1mKphTl9Vrbw7VkR0a8v8m8mS5S3FzCma1lW0wPnZNTZnCam0+YZ+ycoRZLWoU
> > zZAFcszO4arVaa
> > 6uXARrkCAwEAAaMuMCwwHAYDVR0RBBUwE4ERa3JlbWVsc0BrcmVtZS5jb20wDA
> > YDVR0TAQH/BAIw
> > ADANBgkqhkiG9w0BAQQFAAOBgQCYWKSzadzMxvaYBC862AVbOsDzQ5hj/DDZ4F
> > ZNAW4hbg4WmIWt
> > rVoMmVW959O2uxHW7tT2WU+MWK39d1sl4GPA32khEnXibTvJ4hX7P83B1oG8vM
> > FL0xTbEJv61hS6
> > RGb0fQ1KLrC7Fw1EMXs7Lz6dQqzTth5VNf4dYMKbUfEdzDCCAz8wggKooAMCAQ
> > ICAQ0wDQYJKoZI
> > hvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcG
> > UxEjAQBgNVBAcT
> > CUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBA
> > sTH0NlcnRpZmlj
> > YXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb2
> > 5hbCBGcmVlbWFp
> > bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLm
> > NvbTAeFw0wMzA3
> > MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQ
> > QKExxUaGF3dGUg
> > Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYW
> > wgRnJlZW1haWwg
> > SXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+0
> > 65yplaHmjAdQRw
> > nd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3
> > FWy688Cwfn8R+R
> > NiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB
> > 5kGXJgt/sCAwEA
> > AaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMm
> > h0dHA6Ly9jcmwu
> > dGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDw
> > QEAwIBBjApBgNV
> > HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhv
> > cNAQEFBQADgYEA
> > SIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP
> > 2t4WFiw9k6GX6E
> > sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEB
> > pbNU1341YheILc
> > IRk13iSx0x1G/11fZU8xggLnMIIC4wIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIw
> > YDVQQKExxUaGF3
> > dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc2
> > 9uYWwgRnJlZW1h
> > aWwgSXNzdWluZyBDQQIDCv9XMAkGBSsOAwIaBQCgggFTMBgGCSqGSIb3DQEJAz
> > ELBgkqhkiG9w0B
> > BwEwHAYJKoZIhvcNAQkFMQ8XDTA0MDgwODA3NTUyMVowIwYJKoZIhvcNAQkEMR
> > YEFKp2biJjENi4
> > rPECJRkJtqBns4AZMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJT
> > AjBgNVBAoTHFRo
> > YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZX
> > Jzb25hbCBGcmVl
> > bWFpbCBJc3N1aW5nIENBAgMK/1cwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBg
> > NVBAYTAlpBMSUw
> > IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEy
> > NUaGF3dGUgUGVy
> > c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDCv9XMA0GCSqGSIb3DQEBAQUABI
> > IBAEunQGbjLbrV
> > Ku763VVzPoQWDRYQdUIzAMo4E/ECmXe3IL3id0IdkHyHPw74Cyf6fG8RV680U/
> > VJQKEEeSPgelqu
> > e2xQ1EszgVZ7TZVnbynI9UNoxoQvue+p4zKAtPTRxvs50qqCAlMKGxW3vv0Nke
> > reJ/FmiLkoUBnI
> > m+OE3yqm0R7dAdcm5LTpdgDkdRzuOX/X891OCmu0tshoE12cteB2f8UitkPCgd
> > PUYcLlTiSrvg0n
> > aZBmYY6iDPn+4vVVsdzKBgOxjwGUjZihRVObNOg83I8zoUj+eRrUnpaDeYmaRn
> > oB2KZWJMoHCryX
> > 1hdxSMHN3Zz2a8kBwpJhRLdrvzcAAAAAAAA=
> >
> > --
> > _____________________________________
> > John Andersen
> >
>
>
>
RE: LuKreme's signature
Posted by Bret Miller <br...@wcg.org>.
Outlook 2002 processes his signature just fine...
Bret
> -----Original Message-----
> From: John Andersen [mailto:jsa@pen.homeip.net]
> Sent: Sunday, August 08, 2004 1:03 AM
> To: spamassassin-users@incubator.apache.org
> Subject: Ot: LuKreme's signature
>
>
> On Saturday 07 August 2004 11:55 pm, LuKreme wrote:
>
> Yup, I'm hijacking the thread... (hey, it was dead anyway)
>
> How does one deal with these sigs that come out of
> apple mail?
>
> I mean the thing is huge, (far bigger than the message) and Kgpg
> doesn't know what to do with the?
>
> Hear it is... Huge:, and not published anywhere I can find...
>
> MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQ
> AAoIIGFjCCAs8w
> ggI4oAMCAQICAwr/VzANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMC
> MGA1UEChMcVGhh
> d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcn
> NvbmFsIEZyZWVt
> YWlsIElzc3VpbmcgQ0EwHhcNMDMxMDI1MDYyNDQ2WhcNMDQxMDI0MDYyNDQ2Wj
> BDMR8wHQYDVQQD
> ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFrcmVtZW
> xzQGtyZW1lLmNv
> bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDlLD6HFowlLpEgWS
> CmZc24i5v+aq4L
> J1g/GEd81vPngcAMhFQWR4VKCpBxF7FW8JYCmlhy34rPjWJ82dcv+S3C1iWJC5
> QzLp8bWC3o8lkZ
> qjhBNZkIsocGRh3n/XR7jfVg9CV69yPdsJXfskriY1ZXgMj2WfmQuJMeADmIJY
> +wFJevb4ijdbNB
> DHLQ2Qv5eKDsukga7DkuCWwgNrfDMfrG3SEU0OJLxEhFfU8FPnOx4STAfh3TTa
> 4xEOQyuLG6RKv1
> 1mKphTl9Vrbw7VkR0a8v8m8mS5S3FzCma1lW0wPnZNTZnCam0+YZ+ycoRZLWoU
> zZAFcszO4arVaa
> 6uXARrkCAwEAAaMuMCwwHAYDVR0RBBUwE4ERa3JlbWVsc0BrcmVtZS5jb20wDA
> YDVR0TAQH/BAIw
> ADANBgkqhkiG9w0BAQQFAAOBgQCYWKSzadzMxvaYBC862AVbOsDzQ5hj/DDZ4F
> ZNAW4hbg4WmIWt
> rVoMmVW959O2uxHW7tT2WU+MWK39d1sl4GPA32khEnXibTvJ4hX7P83B1oG8vM
> FL0xTbEJv61hS6
> RGb0fQ1KLrC7Fw1EMXs7Lz6dQqzTth5VNf4dYMKbUfEdzDCCAz8wggKooAMCAQ
> ICAQ0wDQYJKoZI
> hvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcG
> UxEjAQBgNVBAcT
> CUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBA
> sTH0NlcnRpZmlj
> YXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb2
> 5hbCBGcmVlbWFp
> bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLm
> NvbTAeFw0wMzA3
> MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQ
> QKExxUaGF3dGUg
> Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYW
> wgRnJlZW1haWwg
> SXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+0
> 65yplaHmjAdQRw
> nd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3
> FWy688Cwfn8R+R
> NiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB
> 5kGXJgt/sCAwEA
> AaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMm
> h0dHA6Ly9jcmwu
> dGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDw
> QEAwIBBjApBgNV
> HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhv
> cNAQEFBQADgYEA
> SIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP
> 2t4WFiw9k6GX6E
> sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEB
> pbNU1341YheILc
> IRk13iSx0x1G/11fZU8xggLnMIIC4wIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIw
> YDVQQKExxUaGF3
> dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc2
> 9uYWwgRnJlZW1h
> aWwgSXNzdWluZyBDQQIDCv9XMAkGBSsOAwIaBQCgggFTMBgGCSqGSIb3DQEJAz
> ELBgkqhkiG9w0B
> BwEwHAYJKoZIhvcNAQkFMQ8XDTA0MDgwODA3NTUyMVowIwYJKoZIhvcNAQkEMR
> YEFKp2biJjENi4
> rPECJRkJtqBns4AZMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJT
> AjBgNVBAoTHFRo
> YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZX
> Jzb25hbCBGcmVl
> bWFpbCBJc3N1aW5nIENBAgMK/1cwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBg
> NVBAYTAlpBMSUw
> IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEy
> NUaGF3dGUgUGVy
> c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDCv9XMA0GCSqGSIb3DQEBAQUABI
> IBAEunQGbjLbrV
> Ku763VVzPoQWDRYQdUIzAMo4E/ECmXe3IL3id0IdkHyHPw74Cyf6fG8RV680U/
> VJQKEEeSPgelqu
> e2xQ1EszgVZ7TZVnbynI9UNoxoQvue+p4zKAtPTRxvs50qqCAlMKGxW3vv0Nke
> reJ/FmiLkoUBnI
> m+OE3yqm0R7dAdcm5LTpdgDkdRzuOX/X891OCmu0tshoE12cteB2f8UitkPCgd
> PUYcLlTiSrvg0n
> aZBmYY6iDPn+4vVVsdzKBgOxjwGUjZihRVObNOg83I8zoUj+eRrUnpaDeYmaRn
> oB2KZWJMoHCryX
> 1hdxSMHN3Zz2a8kBwpJhRLdrvzcAAAAAAAA=
>
> --
> _____________________________________
> John Andersen
>
Ot: LuKreme's signature
Posted by John Andersen <js...@pen.homeip.net>.
On Saturday 07 August 2004 11:55 pm, LuKreme wrote:
Yup, I'm hijacking the thread... (hey, it was dead anyway)
How does one deal with these sigs that come out of
apple mail?
I mean the thing is huge, (far bigger than the message) and Kgpg
doesn't know what to do with the?
Hear it is... Huge:, and not published anywhere I can find...
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGFjCCAs8w
ggI4oAMCAQICAwr/VzANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0EwHhcNMDMxMDI1MDYyNDQ2WhcNMDQxMDI0MDYyNDQ2WjBDMR8wHQYDVQQD
ExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSAwHgYJKoZIhvcNAQkBFhFrcmVtZWxzQGtyZW1lLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALDlLD6HFowlLpEgWSCmZc24i5v+aq4L
J1g/GEd81vPngcAMhFQWR4VKCpBxF7FW8JYCmlhy34rPjWJ82dcv+S3C1iWJC5QzLp8bWC3o8lkZ
qjhBNZkIsocGRh3n/XR7jfVg9CV69yPdsJXfskriY1ZXgMj2WfmQuJMeADmIJY+wFJevb4ijdbNB
DHLQ2Qv5eKDsukga7DkuCWwgNrfDMfrG3SEU0OJLxEhFfU8FPnOx4STAfh3TTa4xEOQyuLG6RKv1
1mKphTl9Vrbw7VkR0a8v8m8mS5S3FzCma1lW0wPnZNTZnCam0+YZ+ycoRZLWoUzZAFcszO4arVaa
6uXARrkCAwEAAaMuMCwwHAYDVR0RBBUwE4ERa3JlbWVsc0BrcmVtZS5jb20wDAYDVR0TAQH/BAIw
ADANBgkqhkiG9w0BAQQFAAOBgQCYWKSzadzMxvaYBC862AVbOsDzQ5hj/DDZ4FZNAW4hbg4WmIWt
rVoMmVW959O2uxHW7tT2WU+MWK39d1sl4GPA32khEnXibTvJ4hX7P83B1oG8vMFL0xTbEJv61hS6
RGb0fQ1KLrC7Fw1EMXs7Lz6dQqzTth5VNf4dYMKbUfEdzDCCAz8wggKooAMCAQICAQ0wDQYJKoZI
hvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT
CUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmlj
YXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3
MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg
Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg
SXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRw
nd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+R
NiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEA
AaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwu
dGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNV
HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEA
SIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6E
sZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILc
IRk13iSx0x1G/11fZU8xggLnMIIC4wIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3
dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1h
aWwgSXNzdWluZyBDQQIDCv9XMAkGBSsOAwIaBQCgggFTMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTA0MDgwODA3NTUyMVowIwYJKoZIhvcNAQkEMRYEFKp2biJjENi4
rPECJRkJtqBns4AZMHgGCSsGAQQBgjcQBDFrMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBAgMK/1cwegYLKoZIhvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUw
IwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDCv9XMA0GCSqGSIb3DQEBAQUABIIBAEunQGbjLbrV
Ku763VVzPoQWDRYQdUIzAMo4E/ECmXe3IL3id0IdkHyHPw74Cyf6fG8RV680U/VJQKEEeSPgelqu
e2xQ1EszgVZ7TZVnbynI9UNoxoQvue+p4zKAtPTRxvs50qqCAlMKGxW3vv0NkereJ/FmiLkoUBnI
m+OE3yqm0R7dAdcm5LTpdgDkdRzuOX/X891OCmu0tshoE12cteB2f8UitkPCgdPUYcLlTiSrvg0n
aZBmYY6iDPn+4vVVsdzKBgOxjwGUjZihRVObNOg83I8zoUj+eRrUnpaDeYmaRnoB2KZWJMoHCryX
1hdxSMHN3Zz2a8kBwpJhRLdrvzcAAAAAAAA=
--
_____________________________________
John Andersen
Re: Log, but don't tell
Posted by LuKreme <kr...@kreme.com>.
On 07 Aug 2004, at 14:50, John Andersen wrote:
> An occasional
> false positive may register over 5, but several months of analysis
> has never turned up any FP scoring over 10.
Way back in the pre 2.5 days my credit card statements once scored a
14.something.
I still /dev/null/ anything over 9.0 myself, but I am way more
confident in 2.6/3.0 than in 2.1 or whatever it was.
--
"You're an elf and you're going to wear panties like an elf." David
Sedaris, Santaland Diaries
Re: Log, but don't tell
Posted by John Andersen <js...@pen.homeip.net>.
On Saturday 07 August 2004 09:05 am, Jon Fullmer wrote:
> Almost poetic. Thank you.
>
> I can certainly accept the arguments as to why bouncing would be a bad
> idea. What is the alternative? If the messages are simply dropped, the
> sender (nor the recipient) have any knowledge in the case of a false
> positive.
>
> - Jon
The logical thing to do is to configure your procmail to /dev/nul anything
that has a really high score, where really high is determined by inspection
of a few days of spam.
In my case I am happy with really high being values over 10.
(We run Spamassassin sitewide.)
Anything less than 10 gets tagged and sent on to the intended
recipient who is advised to either filter on the score, or wade thru
them individually. Most of my users (even the microsoft users) put
in a rule to divert anything over 4.5 (example) to a probably spam
folder.
If they are too dumb to set up this rule, the get to read all the
spam and upon complaining they get directed to a web page
showing them exactly how to set this up in outlook and outlook
express (and the ones who need help are ALWAYS running one
of those two clients. - Always.)
But the key here is be open to putting in whitelist entries for
some companies who send newsletters that are indistinguishable
from spam, such as some banks and airlines.
We do not handle life and death matters by email. An occasional
false positive may register over 5, but several months of analysis
has never turned up any FP scoring over 10.
(We did this analysis via routing to /var/log/spamtrap and
wading thru it by hand. Every six months or so we re-run
this analysis).
--
_____________________________________
John Andersen
Re: Log, but don't tell
Posted by "Michele: Blacknight Solutions" <mi...@blacknightsolutions.com>.
On Sat 07 Aug 2004 18:05, Jon Fullmer wrote:
> Almost poetic. Thank you.
>
> I can certainly accept the arguments as to why bouncing would be a bad
> idea. What is the alternative? If the messages are simply dropped, the
> sender (nor the recipient) have any knowledge in the case of a false
> positive.
Quarantine it.
--
Mr. Michele Neylon
Blacknight Solutions
http://www.blacknight.ie/
+353 59 9137101
Re: Log, but don't tell
Posted by Jon Fullmer <jo...@jonfullmer.com>.
Almost poetic. Thank you.
I can certainly accept the arguments as to why bouncing would be a bad idea.
What is the alternative? If the messages are simply dropped, the sender
(nor the recipient) have any knowledge in the case of a false positive.
- Jon
on 8/7/04 10:32 AM, jdow at jdow@earthlink.net wrote:
> Please attire your self in your asbestos longjohns, Jon.
>
> You are destined for that special place reserved where it is VERY hot.
> It is right along side the special place reserved for spammers. But it
> has some special properties reserved for tweebles who spam by bouncing
> spam. The joejobbers love you, and saw you coming. Most of the junk in
> your mailbox is from phony addresses. or worse from innocent people on
> the junkmailer's lists. I have issued a very powerful and arcane curse
> that is automatically laid on people who bounce spam.
>
> {O.O} Joanne, who declares that there ARE worse people than spammers
> or politicians. They're people who bounce viruses or spam that
> should be simply dropped into the infinite bit bucket.
> ----- Original Message -----
> From: "Jon Fullmer" <jo...@jonfullmer.com>
>> (Timidly, Jon answers): uh,... yes?
>>
>> on 8/7/04 8:54 AM, Michele: Blacknight Solutions at
>> michele@blacknightsolutions.com wrote:
>>
>>> On Sat 07 Aug 2004 15:41, Jon Fullmer wrote:
>>>
>>>> Right now, I have my action_bounce message including only the total
> score
>>>> [$hits]. This is the way I would like to keep it, as I would rather
> not
>>>> give actual spammers more information to circumvent my system.
>>> Are you actually bouncing spam?? Please tell me I misread that
>>>
>
Re: Log, but don't tell
Posted by jdow <jd...@earthlink.net>.
Please attire your self in your asbestos longjohns, Jon.
You are destined for that special place reserved where it is VERY hot.
It is right along side the special place reserved for spammers. But it
has some special properties reserved for tweebles who spam by bouncing
spam. The joejobbers love you, and saw you coming. Most of the junk in
your mailbox is from phony addresses. or worse from innocent people on
the junkmailer's lists. I have issued a very powerful and arcane curse
that is automatically laid on people who bounce spam.
{O.O} Joanne, who declares that there ARE worse people than spammers
or politicians. They're people who bounce viruses or spam that
should be simply dropped into the infinite bit bucket.
----- Original Message -----
From: "Jon Fullmer" <jo...@jonfullmer.com>
> (Timidly, Jon answers): uh,... yes?
>
> on 8/7/04 8:54 AM, Michele: Blacknight Solutions at
> michele@blacknightsolutions.com wrote:
>
> > On Sat 07 Aug 2004 15:41, Jon Fullmer wrote:
> >
> >> Right now, I have my action_bounce message including only the total
score
> >> [$hits]. This is the way I would like to keep it, as I would rather
not
> >> give actual spammers more information to circumvent my system.
> > Are you actually bouncing spam?? Please tell me I misread that
> >
Re: Log, but don't tell
Posted by Jon Fullmer <jo...@jonfullmer.com>.
(Timidly, Jon answers): uh,... yes?
on 8/7/04 8:54 AM, Michele: Blacknight Solutions at
michele@blacknightsolutions.com wrote:
> On Sat 07 Aug 2004 15:41, Jon Fullmer wrote:
>
>> Right now, I have my action_bounce message including only the total score
>> [$hits]. This is the way I would like to keep it, as I would rather not
>> give actual spammers more information to circumvent my system.
> Are you actually bouncing spam?? Please tell me I misread that
>
Re: Log, but don't tell
Posted by Graham Murray <gr...@gmurray.org.uk>.
LuKreme <kr...@kreme.com> writes:
> That is rejecting, not bouncing.
>
> There's nothing wrong with rejecting spam.
As long as it is done at the 'border' server not an internal one. For
example, if the mail is sent to a secondary MX which accepts it for onward
delivery to the primary, then it is *not* good if the primary then
rejects it (because of unknown user, spam or any other reason) as this
generates a bounce from the secondary.
Re: Log, but don't tell
Posted by LuKreme <kr...@kreme.com>.
On 08 Aug 2004, at 07:16, Jonas Eckerman wrote:
> On Sat, 7 Aug 2004 15:54:11 +0100, Michele: Blacknight Solutions wrote:
>> > Right now, I have my action_bounce message including only the
>> Are you actually bouncing spam?? Please tell me I misread that
> You did not misread, but he's probably rejecting at the SMTP-level
> rather than bouncing.
That is rejecting, not bouncing.
There's nothing wrong with rejecting spam.
--
Instant karma's gonna get you
Re: Log, but don't tell
Posted by Jonas Eckerman <jo...@frukt.org>.
On Sat, 7 Aug 2004 15:54:11 +0100, Michele: Blacknight Solutions wrote:
> > Right now, I have my action_bounce message including only the
> Are you actually bouncing spam?? Please tell me I misread that
You did not misread, but he's probably rejecting at the SMTP-level rather than bouncing.
MIMEDefang's "action_bounce" is poorly named as it normally results in a reject rather than a bounce.
/Jonas
--
Jonas Eckerman, jonas_lists@frukt.org
http://www.fsdb.org/
Re: Log, but don't tell
Posted by "Michele: Blacknight Solutions" <mi...@blacknightsolutions.com>.
On Sat 07 Aug 2004 15:41, Jon Fullmer wrote:
> Right now, I have my action_bounce message including only the total score
> [$hits]. This is the way I would like to keep it, as I would rather not
> give actual spammers more information to circumvent my system.
Are you actually bouncing spam?? Please tell me I misread that
Re: Log, but don't tell
Posted by Jonas Eckerman <jo...@frukt.org>.
On Sat, 07 Aug 2004 08:41:13 -0600, Jon Fullmer wrote:
You really should post questions about MIMEDefang to the MIMEDefang-list rather than the SpamAssassin-list.
> However, it would be extremely helpful to me to have not only the
> $hits logged, but the $names logged as well. In other words, for
I have this in my filter:
md_syslog('info', "spam-info: $hits/$req,$Sender,$relay_host_name,$RelayAddr,$Helo;$names;$all_recipients");
Works fine. More info can be found with the help of "man mimedefang-filter".
/Jonas
--
Jonas Eckerman, jonas_lists@frukt.org
http://www.fsdb.org/