You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Spamassassin List <sp...@gmail.com> on 2007/07/24 05:04:23 UTC
graphic spam
Hi,
Other than FuzzyOCR, is there other way to filter graphic spams? I had
ImageInfo but seem like it is not working.
regards
LC
Re: graphic spam
Posted by Duane Hill <d....@yournetplus.com>.
On Tue, 24 Jul 2007 at 20:48 +0800, spamassassinlist@gmail.com confabulated:
>>>>> Other than FuzzyOCR, is there other way to filter graphic spams? I had
>>>>> ImageInfo but seem like it is not working.
>>>> PS... also check out ImageInfo.pm
>>>> http://www.rulesemporium.com/plugins.htm
>>> Yes I had that, but it is not working for me.
>>>
>>> [26559] dbg: config: read file /etc/mail/spamassassin/imageinfo.cf
>> Probably you're missing the needed LoadPlugin line?
>>
>> Put this on top of the imageinfo.cf or any .pre file:
>> loadplugin Mail::SpamAssassin::Plugin::ImageInfo /path/to/ImageInfo.pm
>
> I have loadplugin Mail::SpamAssassin::Plugin::ImageInfo in v320.pre
The plugin is loaded by default in v320.pre.
> I have also move ImageInfo.pm to
> /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/
ImageInfo.pm by default lives here.
> In imageinfo.cf
>
> # Version: 0.7
> # Requires: ImageInfo.pm plugin
>
> ifplugin Mail::SpamAssassin::Plugin::ImageInfo
>
> I still dont see any hit for image email.
You should see at least one of these in the logs:
DC_GIF_UNO_LARGO
DC_IMAGE_SPAM_HTML
DC_IMAGE_SPAM_TEXT
DC_PNG_UNO_LARGO
I'm seeing several log entries as such:
Jul 24 04:12:05 smtpgate spamd[918]: spamd: result: Y 39 -
CLAMAV,DATE_IN_PAST_03_06,DC_GIF_UNO_LARGO,DC_IMAGE_SPAM_HTML,DC_IMAGE_SPAM_TEXT,DRUGS_ERECTILE,DRUG_ED_SILD,EXTRA_MPART_TYPE,HELO_DYNAMIC_IPADDR,HTML_IMAGE_ONLY_12,HTML_MESSAGE,J_CHICKENPOX_73,MY_CID_AND_ARIAL2,MY_CID_AND_STYLE,MY_CID_ARIAL_STYLE,PART_CID_STOCK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_DUL,RDNS_NONE,SARE_GIF_ATTACH,SARE_SUB_NUM_PILLS,T_TVD_FW_GRAPHIC_ID1,XMAILER_MIMEOLE_OL_22B61
scantime=0.6,size=53663,user=me@example.com,uid=58,required_score=5.0,rhost=localhost.example.com,raddr=127.0.0.1,rport=53137,mid=<01...@cat>,autolearn=disabled
-------
_|_
(_| |
Re: graphic spam
Posted by Spamassassin List <sp...@gmail.com>.
>>>> Other than FuzzyOCR, is there other way to filter graphic spams? I had
>>>> ImageInfo but seem like it is not working.
>>> PS... also check out ImageInfo.pm
>>> http://www.rulesemporium.com/plugins.htm
>> Yes I had that, but it is not working for me.
>>
>> [26559] dbg: config: read file /etc/mail/spamassassin/imageinfo.cf
> Probably you're missing the needed LoadPlugin line?
>
> Put this on top of the imageinfo.cf or any .pre file:
> loadplugin Mail::SpamAssassin::Plugin::ImageInfo /path/to/ImageInfo.pm
I have loadplugin Mail::SpamAssassin::Plugin::ImageInfo in v320.pre
I have also move ImageInfo.pm to
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/
In imageinfo.cf
# Version: 0.7
# Requires: ImageInfo.pm plugin
ifplugin Mail::SpamAssassin::Plugin::ImageInfo
I still dont see any hit for image email.
Thanks
Re: graphic spam
Posted by Matthias Keller <li...@matthias-keller.ch>.
Spamassassin List wrote:
>>> Other than FuzzyOCR, is there other way to filter graphic spams? I
>>> had ImageInfo but seem like it is not working.
>> PS... also check out ImageInfo.pm
>> http://www.rulesemporium.com/plugins.htm
> Yes I had that, but it is not working for me.
>
> [26559] dbg: config: read file /etc/mail/spamassassin/imageinfo.cf
Probably you're missing the needed LoadPlugin line?
Put this on top of the imageinfo.cf or any .pre file:
loadplugin Mail::SpamAssassin::Plugin::ImageInfo /path/to/ImageInfo.pm
Matt
Re: graphic spam
Posted by Spamassassin List <sp...@gmail.com>.
>>Other than FuzzyOCR, is there other way to filter graphic spams? I had
>>ImageInfo but seem like it is not working.
>PS... also check out ImageInfo.pm
>http://www.rulesemporium.com/plugins.htm
Yes I had that, but it is not working for me.
[26559] dbg: config: read file /etc/mail/spamassassin/imageinfo.cf
Re: graphic spam
Posted by Nigel Frankcom <ni...@blue-canoe.com>.
On Tue, 24 Jul 2007 11:04:23 +0800, "Spamassassin List"
<sp...@gmail.com> wrote:
>Hi,
>
>Other than FuzzyOCR, is there other way to filter graphic spams? I had
>ImageInfo but seem like it is not working.
>
>regards
>LC
PS... also check out ImageInfo.pm
http://www.rulesemporium.com/plugins.htm
Nigel
Re: How do you stop others from sending emails from your email addresses ?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> Wednesday, July 25, 2007, 1:46:56 PM, you wrote:
> > I constantly, (about 15-20 times a day), receive s**m
> > emails from other people, but addressed from my email
> > address. Is there any way of using SA to help on this
> > in any way at all please ?
>
> > I want to stop myself from receiving them, but even
> > more importantly, how do I stop someone from sending
> > from my email address - can it be done please ?
On 26.07.07 15:21, Peter Mikeska (MiKi) wrote:
> Hi,you can solve it on MTA level or in SA level.
> you dont say what kind of MTA you are using, for example in qmail its
> simple, just use "badmailfrom" where you can put wildcard for whole
> domain eg: @mydomain.com - in case noone is sending mail outside your
> domain.
The badmailfrom will only affect his server. so if he put any domain into
badmailfrom, he won't be able to send/receive mail with that domain in mail
from: envelope, which would keep him off using his domain for mail.
That would not affect other servers, so any abuser could send any mail to
any server in the internet using this domain in mail from: and all the
e-mail would return back to him. So he would still get all those notices.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
Re: How do you stop others from sending emails from your email addresses ?
Posted by "Peter Mikeska (MiKi)" <pe...@gmail.com>.
Hello Chris,
Wednesday, July 25, 2007, 1:46:56 PM, you wrote:
> I constantly, (about 15-20 times a day), receive s**m
> emails from other people, but addressed from my email
> address. Is there any way of using SA to help on this
> in any way at all please ?
> I want to stop myself from receiving them, but even
> more importantly, how do I stop someone from sending
> from my email address - can it be done please ?
> Any help much appreciated.
> Chris.
Hi,you can solve it on MTA level or in SA level.
you dont say what kind of MTA you are using, for example in qmail its
simple, just use "badmailfrom" where you can put wildcard for whole
domain eg: @mydomain.com - in case noone is sending mail outside your
domain.
just my 2 cents ;)
--
Best regards,
Peter mailto:peter.mikeska@gmail.com
Re: How do you stop others from sending emails from your email addresses ?
Posted by François Rousseau <fr...@gmail.com>.
Hi Chris,
You can't stop other from using your email address. You can help
reducing the usage of your email address by implementing SPF on your
domain.
I will let other specify more detail or I will let you search on SPF
because I don't have experience with SPF.
François Rousseau
2007/7/25, Chris <Ch...@011005.com>:
> I constantly, (about 15-20 times a day), receive s**m
> emails from other people, but addressed from my email
> address. Is there any way of using SA to help on this
> in any way at all please ?
>
> I want to stop myself from receiving them, but even
> more importantly, how do I stop someone from sending
> from my email address - can it be done please ?
>
> Any help much appreciated.
>
> Chris.
>
>
>
Re: graphic spam
Posted by John Rudd <jr...@ucsc.edu>.
Jerry Durand wrote:
> At 11:43 PM 7/23/2007, Nigel Frankcom wrote:
>> ClamD with http://www.sanesecurity.co.uk/ work pretty well here.
>>
>> Be sure and read http://www.sanesecurity.co.uk/clamav/usage.htm
>
> Warning to Mac users:
>
> I tried to use their automated script in OS X Server and got a script
> error (SED error). I contacted the person who wrote the script and he
> gave me some suggestions. I patched it, still got the error, hard-coded
> the db path on my system, then other parts failed. I gave up.
>
> I think OS X is just too weird for this script and I haven't the time to
> figure one out on my own at the moment.
>
>
This is what I use on OS X 10.3.x. Be careful of the linewraps (the
lines with "$retcode =" and "$diffout =" each should be one long line).
If you're using clamd, you'll need to tell it to reload. And you'll
need to install wget, or change the wget line to do the equivalent
mechanics with curl.
The configuration I have is going to grab sanesecurity, msrbl, and mbl.
You can just remove entries from %urls for ones you don't want to use.
The first time you run it, it'll complain about the diff output I think.
But I think if you just run it once or twice by hand, then you can
just run it with -all via cron. I do that about every 4 hours.
#!/usr/local/bin/perl
my $chmod = "/bin/chmod";
my $mv = "/bin/mv";
my $cp = "/bin/cp";
my $gunzip = "/usr/bin/gunzip";
my $clamscan = "/usr/local/bin/clamscan";
my $testfile = "/bin/sh";
my $diff = "/usr/bin/diff";
my $clamdbdir = "/usr/local/share/clamav";
my %methods =
("http" => "/usr/local/bin/wget -qN",
"rsync" => "/usr/bin/rsync -qt");
my %urls =
("msrbl-spam" => "rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-SPAM.ndb",
"msrbl-imgs" =>
"rsync://rsync.mirror.msrbl.com/msrbl/MSRBL-Images.hdb",
"mbl" =>
"http://www.malware.com.br/cgi/submit?action=list_clamav",
"sane-phish" =>
"http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz",
"sane-scam" =>
"http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz");
my %basedirs =
("msrbl-spam" => $clamdbdir . "/msrbl",
"msrbl-imgs" => $clamdbdir . "/msrbl",
"mbl" => $clamdbdir . "/mbl",
"sane-phish" => $clamdbdir . "/sanesecurity",
"sane-scam" => $clamdbdir . "/sanesecurity");
# even though these are all the same now, in the future, I may separate
# them into different directories used by different programs.
my %destdirs =
("msrbl-spam" => $clamdbdir,
"msrbl-imgs" => $clamdbdir,
"mbl" => $clamdbdir,
"sane-phish" => $clamdbdir,
"sane-scam" => $clamdbdir);
my (@distros, $dist, $tmpdir, $proto, $method, $file, $retcode);
my ($ufile, $diffout, $destdir, $basedir);
if ($ARGV[0] =~ "--?al?l?") {
@distros = keys(%urls);
}
else {
@distros = @ARGV;
}
foreach $dist (sort (@distros)) {
$basedir = $basedirs{$dist};
$tmpdir = $basedir . "/tmp";
$destdir = $destdirs{$dist};
$url = $urls{$dist};
$proto = $url; $proto =~ s/:.*$//;
$method = $methods{$proto};
$file = $url; $file =~ s"^.*/([^/]*)$"$1";
$ufile = $file; $ufile =~ s/\.gz$//;
if ((-e $basedir) && (!(-d $basedir))) {
rename ($basedir, ($basedir . ".bad"))
|| die "basedir $basedir isn't a directory, can't rename it";
mkdir ($basedir) || die "can't make basedir $basedir";
}
elsif (! (-e $basedir)) {
mkdir ($basedir) || die "can't make basedir $basedir";
}
system ("$chmod 755 $basedir");
if ((-e $tmpdir) && (!(-d $tmpdir))) {
rename ($tmpdir, ($tmpdir . ".bad"))
|| die "tmpdir $tmpdir isn't a directory, can't rename it";
mkdir ($tmpdir) || die "can't make tmpdir $tmpdir";
}
elsif (! (-e $tmpdir)) {
mkdir ($tmpdir) || die "can't make tmpdir $tmpdir";
}
system ("$chmod 755 $tmpdir");
if ((-e $destdir) && (!(-d $destdir))) {
rename ($destdir, ($destdir . ".bad"))
|| die "destdir $destdir isn't a directory, can't rename it";
mkdir ($destdir) || die "can't make destdir $destdir";
}
elsif (! (-e $destdir)) {
mkdir ($destdir) || die "can't make destdir $tmpdir";
}
system ("$chmod 775 $destdir");
chdir ($tmpdir);
# attempting to download signature file
if ($proto eq "rsync") {
system("$method $url $file");
}
elsif ($proto eq "http") {
system("$method $url");
}
else {
print " unknown protocol for $dist\n";
last;
}
unless (-e $file) {
print " $file for $dist doesn't appear to exist\n";
last;
}
if ($dist eq "mbl") {
rename ($file, "mbl.db");
$file = "mbl.db";
$ufile = $file;
}
if ($file =~ /\.gz$/) {
if (-e $ufile) {
unlink ($ufile);
}
system("$gunzip -c $file > $ufile");
$file = $ufile;
}
# test against clamav
$retcode = system("$clamscan --database=$tmpdir $testfile >
/dev/null 2>&1")
/ 256;
if ($retcode == 0) {
# clamscan of testfile worked and didn't find a virus
# now lets see if it's different from the production copy
$diffout = (system("$diff --brief --speed-large-files
$tmpdir/$file $destdir/$file > /dev/null 2>/dev/null")) / 256;
if ($diffout != 0) {
# move to destination
system("$chmod 644 $tmpdir/$file");
system("$cp -p $tmpdir/$file $destdir/$file");
#system("$chmod 644 $destdir/$file");
}
}
elsif ($retcode == 1) {
print " found a virus in $testfile while testing $dist\n";
}
else {
print " new $dist download $file appears to be corrupt\n";
}
}
Re: How do you stop others from sending emails from your emailaddresses ?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Wed, 2007-07-25 at 14:10 +0200, Magnus Holmgren wrote:
> > Within SA, you can create a rule that matches if your mail address is found in
> > one of the sender headers, and use whitelist_from_rcvd, whitelist_from_spf
> > etc. to whitelist it.
On 25.07.07 07:25, McDonald, Dan wrote:
> I know I could write meta rules to do it, but is there a simple
> mechanism that could be set up for
> blacklist_from_unless_{rcvd,spf,dkim} ?
No, and I doubt there will be any. This is exactly what SPF is for, so you
only can be sure about this rule when SPF is set up.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.
Re: How do you stop others from sending emails from your emailaddresses ?
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Wed, 2007-07-25 at 14:10 +0200, Magnus Holmgren wrote:
> Within SA, you can create a rule that matches if your mail address is found in
> one of the sender headers, and use whitelist_from_rcvd, whitelist_from_spf
> etc. to whitelist it.
I know I could write meta rules to do it, but is there a simple
mechanism that could be set up for
blacklist_from_unless_{rcvd,spf,dkim} ?
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com
Re: How do you stop others from sending emails from your email addresses ?
Posted by Magnus Holmgren <ho...@lysator.liu.se>.
Please start a new thread instead of using the "Reply" function when you have
a new issue.
On Wednesday 25 July 2007 13:46, Chris wrote:
> I constantly, (about 15-20 times a day), receive s**m
> emails from other people, but addressed from my email
> address. Is there any way of using SA to help on this
> in any way at all please ?
I'd say that it's easier/better to tell your MTA to reject mail from your
address that is not authenticated or coming from the machines you use.
Within SA, you can create a rule that matches if your mail address is found in
one of the sender headers, and use whitelist_from_rcvd, whitelist_from_spf
etc. to whitelist it.
But unless you have used whitelist_from to whitelist your address (never do
that!), spam using your address shouldn't slip through more often than other
spam.
> I want to stop myself from receiving them, but even
> more importantly, how do I stop someone from sending
> from my email address - can it be done please ?
You can publish SPF records saying that mail from your address always
originates from certain IP addresses. You can deploy DKIM and publish DKIM
records saying that mail from your address is always DKIM-signed. This won't
directly stop others from abusing your email address, but sites verifying SPF
or DKIM can tell when they get a forgery. You can also start PGP-signing your
mail and tell your friends and other folks you correspond with not to trust
unsigned or badly signed mail purporting to come from you.
--
Magnus Holmgren holmgren@lysator.liu.se
(No Cc of list mail needed, thanks)
"Exim is better at being younger, whereas sendmail is better for
Scrabble (50 point bonus for clearing your rack)" -- Dave Evans
How do you stop others from sending emails from your email addresses ?
Posted by Chris <Ch...@011005.com>.
I constantly, (about 15-20 times a day), receive s**m
emails from other people, but addressed from my email
address. Is there any way of using SA to help on this
in any way at all please ?
I want to stop myself from receiving them, but even
more importantly, how do I stop someone from sending
from my email address - can it be done please ?
Any help much appreciated.
Chris.
Re: graphic spam
Posted by Jerry Durand <jd...@interstellar.com>.
At 11:43 PM 7/23/2007, Nigel Frankcom wrote:
>ClamD with http://www.sanesecurity.co.uk/ work pretty well here.
>
>Be sure and read http://www.sanesecurity.co.uk/clamav/usage.htm
Warning to Mac users:
I tried to use their automated script in OS X Server and got a script
error (SED error). I contacted the person who wrote the script and
he gave me some suggestions. I patched it, still got the error,
hard-coded the db path on my system, then other parts failed. I gave up.
I think OS X is just too weird for this script and I haven't the time
to figure one out on my own at the moment.
--
Jerry Durand, Durand Interstellar, Inc. www.interstellar.com
tel: +1 408 356-3886, USA toll free: 1 866 356-3886
Skype: jerrydurand
Re: graphic spam
Posted by Nigel Frankcom <ni...@blue-canoe.com>.
On Tue, 24 Jul 2007 11:04:23 +0800, "Spamassassin List"
<sp...@gmail.com> wrote:
>Hi,
>
>Other than FuzzyOCR, is there other way to filter graphic spams? I had
>ImageInfo but seem like it is not working.
>
>regards
>LC
ClamD with http://www.sanesecurity.co.uk/ work pretty well here.
Be sure and read http://www.sanesecurity.co.uk/clamav/usage.htm
Hope that helps
Kind regards
Nigel