You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Clunk Werclick <ma...@googlemail.com> on 2009/09/12 09:00:44 UTC
Non scoring 'Bank Deposit' spam
I was somewhat surprised that this failed to score;
http://pastebin.com/m4c75e3ac
Log excerpt;
Sat Sep 12 05:08:57 2009 [7319] info: spamd: result: . 0 -
HTML_MESSAGE,UNPARSEABLE_RELAY
scantime=0.3,size=5400,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=55111,mid=<00...@aim.com>,autolearn=disabled
Did this miss - or just missfire?
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Benny Pedersen <me...@junc.org>.
On man 14 sep 2009 11:46:21 CEST, Matus UHLAR - fantomas wrote
> If you insist on not using bayes, just because it can be
> mistrained, better don't use any configurable software, because
> _everything_ configurable will go wrong if miscongured.
excactly, spamassassin without any rules and plugins would be like
postfix with empty main.cf :)
setting reply-to to ones own mail addr will stop maillist to be usefull, why?
it will soon be one that have plenty of questions and no answers, so
using reply-to properly will be best for all
and freemail will also help others to understand it :)
--
xpoint
Re: Non scoring 'Bank Deposit' spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
---- "Clunk Werclick" <ma...@googlemail.com> wrote:
| On Mon, 2009-09-14 at 12:24 +0100, --[ UxBoD ]-- wrote:
| > ----- "Clunk Werclick" <ma...@googlemail.com> wrote:
| >
| > | On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
| > | > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
| > | > > > > I disagree. It can do as much harm as good. My own view
| and
| > | > > > > observation from the past have rendered it pointless in
| my
| > | context. It
| > | > > > > adds latency, is easily poisoned and rarely makes much
| > | difference to
| > | > > > > the score. I do appreciate some people like it, but my
| own
| > | view is
| > | > > > > spam has moved on beyond the point of it being useful.
| > | >
| > | > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
| > | > > > Facts? we don't need no pesky facts. You are very
| misinformed.
| > | >
| > | > On 14.09.09 08:48, Clunk Werclick wrote:
| > | > > Myself, I've seen some very poor Bayesian databases where
| users
| > | have
| > | > > been allowed to categorize mail as spam-v-ham. One company
| who
| > | deal with
| > | > > Pharmaceuticals for famine relief in Uganda and other poor
| > | African
| > | > > countries found bayes to mess with their core mail to a point
| that
| > | made
| > | > > it worthless in their context.
| > | >
| > | > I would say that is a result of badly trained BAYES, not fgrom
| its
| > | bad
| > | > design.
| > | >
| > | > If you insist on not using bayes, just because it can be
| mistrained,
| > | better
| > | > don't use any configurable software, because _everything_
| > | configurable will go wrong
| > | > if miscongured.
| > |
| > | The *issue* with bayes is it *can* have user input. Would you
| trust
| > | your
| > | users influencing system wide policy?
| > |
| > | I've already stated I'll try it. So read the xxxxxx follow up
| before
| > | shouting your thick foreign mouth off you stupid xxxx!
| > |
| > If the OP cannot refrain from that sort of foul language when
| presented with counter arguments then please ban. The list would be
| far happier IMHO.
| Then stop off list mailing me you thick cunt and tell someone that
| fucking cares.
| >
| > BR,
| >
Pity! all my posts have been on list - only direct one was to respond to your private message. Ho hum. Move along.
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 12:24 +0100, --[ UxBoD ]-- wrote:
> ----- "Clunk Werclick" <ma...@googlemail.com> wrote:
>
> | On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
> | > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> | > > > > I disagree. It can do as much harm as good. My own view and
> | > > > > observation from the past have rendered it pointless in my
> | context. It
> | > > > > adds latency, is easily poisoned and rarely makes much
> | difference to
> | > > > > the score. I do appreciate some people like it, but my own
> | view is
> | > > > > spam has moved on beyond the point of it being useful.
> | >
> | > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> | > > > Facts? we don't need no pesky facts. You are very misinformed.
> | >
> | > On 14.09.09 08:48, Clunk Werclick wrote:
> | > > Myself, I've seen some very poor Bayesian databases where users
> | have
> | > > been allowed to categorize mail as spam-v-ham. One company who
> | deal with
> | > > Pharmaceuticals for famine relief in Uganda and other poor
> | African
> | > > countries found bayes to mess with their core mail to a point that
> | made
> | > > it worthless in their context.
> | >
> | > I would say that is a result of badly trained BAYES, not fgrom its
> | bad
> | > design.
> | >
> | > If you insist on not using bayes, just because it can be mistrained,
> | better
> | > don't use any configurable software, because _everything_
> | configurable will go wrong
> | > if miscongured.
> |
> | The *issue* with bayes is it *can* have user input. Would you trust
> | your
> | users influencing system wide policy?
> |
> | I've already stated I'll try it. So read the xxxxxx follow up before
> | shouting your thick foreign mouth off you stupid xxxx!
> |
> If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO.
Then stop off list mailing me you thick cunt and tell someone that
fucking cares.
>
> BR,
>
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 11:06 -0400, Rick Macdougall wrote:
> John Hardin wrote:
> > On Mon, 14 Sep 2009, LuKreme wrote:
> >
> >> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
> >>
> >>> If the OP cannot refrain from that sort of foul language when
> >>> presented with counter arguments then please ban. The list would be
> >>> far happier IMHO.
> >
> > Based on his reply to LuKreme, +1 on a ban.
> >
> > Maybe we can put some special rules into the base SA release, too... :)
> >
>
> He's only the second person in 16 years to make it into my kill file.
>
> So +1 from me as well.
>
> Rick
And let me guess, you've been running Windows 7 for all of those 16
years *yawn*
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Rick Macdougall <ri...@ummm-beer.com>.
John Hardin wrote:
> On Mon, 14 Sep 2009, LuKreme wrote:
>
>> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
>>
>>> If the OP cannot refrain from that sort of foul language when
>>> presented with counter arguments then please ban. The list would be
>>> far happier IMHO.
>
> Based on his reply to LuKreme, +1 on a ban.
>
> Maybe we can put some special rules into the base SA release, too... :)
>
He's only the second person in 16 years to make it into my kill file.
So +1 from me as well.
Rick
Re: Non scoring 'Bank Deposit' spam
Posted by John Hardin <jh...@impsec.org>.
On Mon, 14 Sep 2009, LuKreme wrote:
> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
>
>> If the OP cannot refrain from that sort of foul language when presented
>> with counter arguments then please ban. The list would be far happier
>> IMHO.
Based on his reply to LuKreme, +1 on a ban.
Maybe we can put some special rules into the base SA release, too... :)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Gun Control is marketed to the public using the appealing delusion
that violent criminals will obey the law.
-----------------------------------------------------------------------
3 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: Non scoring 'Bank Deposit' spam
Posted by LuKreme <kr...@kreme.com>.
On 14-Sep-2009, at 09:45, Gene Heskett wrote:
> On Monday 14 September 2009, Bill Landry wrote:
>> Clunk Werclick wrote:
>>> On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
>>>> Based on his reply to Matus I put him on my 'soft' kill list.
Now see, when you all quote his messages in full it's kind of
defeating my soft kill file!
:)
--
Generalizations are always inaccurate.
--Mugsy
Re: Non scoring 'Bank Deposit' spam
Posted by Gene Heskett <ge...@verizon.net>.
On Monday 14 September 2009, Bill Landry wrote:
>Clunk Werclick wrote:
>> On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
>>> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
>>>> If the OP cannot refrain from that sort of foul language when
>>>> presented with counter arguments then please ban. The list would be
>>>> far happier IMHO.
>>>
>>> Based on his reply to Matus I put him on my 'soft' kill list.
>>>
>>> (soft because all it does is mark his messages as read when they are
>>> received, so I still have them… but chances are I never see them).
>>>
>>> I did have to lookup his "real" address
>>> clunk.werclick@wibblywobblyteapot.co.uk so I could mark both his
>>> throw-away gmail address and his 'real' address. I found it in my
>>> postfix spool.
>>>
>>> Still, based on his ignorance and his volatile behavior *I* certainly
>>> don't have any interest in his getting helped, and I don't have to
>>> read his xenophobic abuse ever again.
>>
>> Man, I'm going to lose *so* much sleep about that. From what I have
>> read, the majority of you are a bunch of gay arse lovers up eachother.
>> And fuckwits too boot.
>>
>> I hope you die ejaculating up each others arse holes.
>
>So how far does someone have to go before getting banned from the list?
> Is this not far enough yet?
>
>Bill
You beat me to it Bill. Its time this potty mouth was silenced.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>
Artificial intelligence has the same relation to intelligence as
artificial flowers have to flowers.
-- David Parnas
Re: Non scoring 'Bank Deposit' spam
Posted by Chris Owen <ow...@hubris.net>.
On Sep 14, 2009, at 11:34 AM, John Hardin wrote:
> Public warning: he is apparently attempting a SMTP DoS on at least
> one participant in this thread.
From Google ;-] He obviously isn't capable for running his own mail
server.
Chris
Re: [sa] Re: Non scoring 'Bank Deposit' spam
Posted by John Hardin <jh...@impsec.org>.
On Mon, 14 Sep 2009, Charles Gregory wrote:
> On Mon, 14 Sep 2009, Clunk Werclick wrote:
>
>> {childish rant snipped}
>
> Congratulations! You've done something I have very rarely seen on any
> internet forum. You've gotten everyone to AGREE on something!
>
> I also agree: +1 Ban "Clunk".
Public warning: he is apparently attempting a SMTP DoS on at least one
participant in this thread.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Our government should bear in mind the fact that the American
Revolution was touched off by the then-current government
attempting to confiscate firearms from the people.
-----------------------------------------------------------------------
3 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: Non scoring 'Bank Deposit' spam
Posted by John Hardin <jh...@impsec.org>.
On Mon, 14 Sep 2009, Clunk Werclick wrote:
> On Mon, 2009-09-14 at 17:30 +0100, --[ UxBoD ]-- wrote:
>>
>> As expressed to a couple of other members, off list, the OP also
>> launched a SMTP DoS attack against me. If anybody would like further
>> information please let me know.
>
> Now you are living in a fantasy world. You sent me an off list mail
> saying 'you are blocked'. I replied a thousand times to test that.
How mature.
> Clearly your blocking is a sack of shit then.
*plonk*
Try mine.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Our government should bear in mind the fact that the American
Revolution was touched off by the then-current government
attempting to confiscate firearms from the people.
-----------------------------------------------------------------------
3 days until the 222nd anniversary of the signing of the U.S. Constitution
Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 17:30 +0100, --[ UxBoD ]-- wrote:
> ----- "Charles Gregory" <cg...@hwcn.org> wrote:
>
> | On Mon, 14 Sep 2009, Clunk Werclick wrote:
> | > Clearly not - but then, using Spamassassin as a filter ensures just
> | > about everything gets through CUNTFACE.
> |
> | Congratulations! You've done something I have very rarely seen
> | on any internet forum. You've gotten everyone to AGREE on something!
> |
> | I also agree: +1 Ban "Clunk".
> |
> | - Charles
> |
> | PS When signing e-mails, leave a blank line, and also, your name
> | doesn't have to be in all-caps.
> |
> | --
> | This message has been scanned for viruses and
> | dangerous content and is believed to be clean.
> |
> | SplatNIX IT Services :: Innovation through collaboration
>
> As expressed to a couple of other members, off list, the OP also launched a SMTP DoS attack against me. If anybody would like further information please let me know.
>
> Best Regards,
>
>
Now you are living in a fantasy world. You sent me an off list mail
saying 'you are blocked'. I replied a thousand times to test that.
Clearly your blocking is a sack of shit then.
NOW FUCK OFF.
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: [sa] Re: Non scoring 'Bank Deposit' spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- "Charles Gregory" <cg...@hwcn.org> wrote:
| On Mon, 14 Sep 2009, Clunk Werclick wrote:
| > Clearly not - but then, using Spamassassin as a filter ensures just
| > about everything gets through CUNTFACE.
|
| Congratulations! You've done something I have very rarely seen
| on any internet forum. You've gotten everyone to AGREE on something!
|
| I also agree: +1 Ban "Clunk".
|
| - Charles
|
| PS When signing e-mails, leave a blank line, and also, your name
| doesn't have to be in all-caps.
|
| --
| This message has been scanned for viruses and
| dangerous content and is believed to be clean.
|
| SplatNIX IT Services :: Innovation through collaboration
As expressed to a couple of other members, off list, the OP also launched a SMTP DoS attack against me. If anybody would like further information please let me know.
Best Regards,
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
Re: [sa] Re: Non scoring 'Bank Deposit' spam
Posted by Charles Gregory <cg...@hwcn.org>.
On Mon, 14 Sep 2009, Clunk Werclick wrote:
> Clearly not - but then, using Spamassassin as a filter ensures just
> about everything gets through CUNTFACE.
Congratulations! You've done something I have very rarely seen
on any internet forum. You've gotten everyone to AGREE on something!
I also agree: +1 Ban "Clunk".
- Charles
PS When signing e-mails, leave a blank line, and also, your name
doesn't have to be in all-caps.
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 07:54 -0700, Bill Landry wrote:
> Clunk Werclick wrote:
> > On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
> >> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
> >>> If the OP cannot refrain from that sort of foul language when
> >>> presented with counter arguments then please ban. The list would be
> >>> far happier IMHO.
> >> Based on his reply to Matus I put him on my 'soft' kill list.
> >>
> >> (soft because all it does is mark his messages as read when they are
> >> received, so I still have them… but chances are I never see them).
> >>
> >> I did have to lookup his "real" address clunk.werclick@wibblywobblyteapot.co.uk
> >> so I could mark both his throw-away gmail address and his 'real'
> >> address. I found it in my postfix spool.
> >>
> >> Still, based on his ignorance and his volatile behavior *I* certainly
> >> don't have any interest in his getting helped, and I don't have to
> >> read his xenophobic abuse ever again.
> > Man, I'm going to lose *so* much sleep about that. From what I have
> > read, the majority of you are a bunch of gay arse lovers up eachother.
> > And fuckwits too boot.
> >
> > I hope you die ejaculating up each others arse holes.
>
> So how far does someone have to go before getting banned from the list?
> Is this not far enough yet?
>
> Bill
Clearly not - but then, using Spamassassin as a filter ensures just
about everything gets through CUNTFACE.
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Benny Pedersen <me...@junc.org>.
On man 14 sep 2009 20:52:29 CEST, "--[ UxBoD ]--" wrote
> Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
> is in violation of the ISP AUP.
i use sa2dnsbl plugin, it have aroud 400 ips not listed elsewhere :)
wondered if zen wants my data ?
--
xpoint
Re: Moderation? (was: Drivel)
Posted by Benny Pedersen <me...@junc.org>.
On ons 16 sep 2009 01:08:30 CEST, Karsten Bräckelmann wrote
> *Please*, everyone -- don't feed the trolls.
well i still can drink my beers alone :)
but it would be more fun to see the trolls dont have one
--
xpoint
Re: Moderation?
Posted by Bill Landry <bi...@inetmsg.com>.
Karsten Bräckelmann wrote:
> On Tue, 2009-09-15 at 16:36 -0700, Bill Landry wrote:
>> Yes, the "buzz"ard has also displayed the same abusive nature under his
>> other email address many times in the past. He uses the same email client
>> (X-Mailer: Evolution 2.24.3), the same reference in his Message-Id
>> (camel), and the same source IP address (192.168.1.56), so not hard to
>> figure out.
>>
>> Sorry, couldn't resist...
>
> Bill, since you mentioned it...
>
> Camel is just the Evolution Mail backend. The part after the "@" in the
> Message-Id is much more interesting and the machine's hostname.
Ah, ok, didn't know that about Evolution, but I now see that your
Message-Id contains "camel", as well. However, his 2 email accounts use
something different after the "@" in the Message-Id. One uses
"camel@rubikscube" and the other "camel@testicle".
Wonder what the latter signifies about him...?
Bill
Re: Moderation? (was: Drivel)
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2009-09-15 at 16:36 -0700, Bill Landry wrote:
> Yes, the "buzz"ard has also displayed the same abusive nature under his
> other email address many times in the past. He uses the same email client
> (X-Mailer: Evolution 2.24.3), the same reference in his Message-Id
> (camel), and the same source IP address (192.168.1.56), so not hard to
> figure out.
>
> Sorry, couldn't resist...
Bill, since you mentioned it...
Camel is just the Evolution Mail backend. The part after the "@" in the
Message-Id is much more interesting and the machine's hostname.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Moderation? (was: Drivel)
Posted by Bill Landry <bi...@inetmsg.com>.
>> On Tue, 2009-09-15 at 18:34 -0400, Charles Gregory wrote:
>>> I had considered this, but another poster made the worthy point that
>>> the (ab)user in question was likely the sort to get another fake
>>> address
>>> just so they could keep posting their crud. Sometimes 'ignore them' is
>>> the
>>> simplest and best policcy. :)
>>
>> I am aware of this. There is no final way to get someone off a public
>> mailing list. There's always the possibility to get a new address, or
>> even a new netblock. Sounds familiar?
>>
>> I do agree that ignoring the offender is the best solution. I have seen
>> this working on other lists before. So...
>>
>> *Please*, everyone -- don't feed the trolls.
>>
>>
>> Oh, and BTW, we *are* aware he is still following. One of his
>> identities, that is. No rocket science.
>
> Yes, the "buzz"ard has also displayed the same abusive nature under his
> other email address many times in the past. He uses the same email client
> (X-Mailer: Evolution 2.24.3), the same reference in his Message-Id
> (camel), and the same source IP address (192.168.1.56), so not hard to
> figure out.
Oh, and I forgot to mention that both Google and the Spamassassin list
server receive deliveries from the same IP address (82.70.24.238).
Bill
Re: Moderation? (was: Drivel)
Posted by Bill Landry <bi...@inetmsg.com>.
> On Tue, 2009-09-15 at 18:34 -0400, Charles Gregory wrote:
>> I had considered this, but another poster made the worthy point that
>> the (ab)user in question was likely the sort to get another fake address
>> just so they could keep posting their crud. Sometimes 'ignore them' is
>> the
>> simplest and best policcy. :)
>
> I am aware of this. There is no final way to get someone off a public
> mailing list. There's always the possibility to get a new address, or
> even a new netblock. Sounds familiar?
>
> I do agree that ignoring the offender is the best solution. I have seen
> this working on other lists before. So...
>
> *Please*, everyone -- don't feed the trolls.
>
>
> Oh, and BTW, we *are* aware he is still following. One of his
> identities, that is. No rocket science.
Yes, the "buzz"ard has also displayed the same abusive nature under his
other email address many times in the past. He uses the same email client
(X-Mailer: Evolution 2.24.3), the same reference in his Message-Id
(camel), and the same source IP address (192.168.1.56), so not hard to
figure out.
Sorry, couldn't resist...
Bill
Re: Moderation? (was: Drivel)
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2009-09-15 at 18:34 -0400, Charles Gregory wrote:
> I had considered this, but another poster made the worthy point that
> the (ab)user in question was likely the sort to get another fake address
> just so they could keep posting their crud. Sometimes 'ignore them' is the
> simplest and best policcy. :)
I am aware of this. There is no final way to get someone off a public
mailing list. There's always the possibility to get a new address, or
even a new netblock. Sounds familiar?
I do agree that ignoring the offender is the best solution. I have seen
this working on other lists before. So...
*Please*, everyone -- don't feed the trolls.
Oh, and BTW, we *are* aware he is still following. One of his
identities, that is. No rocket science.
> But thanks, as always, for your fine efforts. :)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: [sa] Re: Moderation? (was: Drivel)
Posted by Charles Gregory <cg...@hwcn.org>.
On Tue, 15 Sep 2009, Karsten Bräckelmann wrote:
> See the List-Help header. A mail to users-help returns, among a lot of
> other info, the users-owner address as a last resort. This will reach
> the moderators. (Same with all ezmlm lists, btw.)
I had considered this, but another poster made the worthy point that
the (ab)user in question was likely the sort to get another fake address
just so they could keep posting their crud. Sometimes 'ignore them' is the
simplest and best policcy. :)
But thanks, as always, for your fine efforts. :)
- Charles
Re: Moderation? (was: Drivel)
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2009-09-15 at 14:10 -0700, Evan Platt wrote:
> At 01:59 PM 9/15/2009, you wrote:
>
> > Please feel free to directly ping the list owners or use some other
> > channel to quickly trigger the PMC's attention if need be. Rather than
> > just posting yet another message to an already crowded thread. The
> > latter is exactly where your call for authority is much more likely to
> > go unnoticed for a while.
> >
> > If you're calling for the police, don't stand in the crowd and ask where
> > they are. Call 'em!
>
> I agree, but I didn't know the e-mail address for the mods here
> otherwise, believe me, I would have too long ago.
>
> Might I suggest a header added with a list owner address? If I missed
> the header, please let me know! Or maybe something in a group sig?
See the List-Help header. A mail to users-help returns, among a lot of
other info, the users-owner address as a last resort. This will reach
the moderators. (Same with all ezmlm lists, btw.)
A mail to dev@ might be appropriate, too. Unless you're subscribed, it
will end up in the moderation queue anyway, waiting for the moderators
to notice it.
Still, we're only two of 'em, and real humans. Please be patient. :)
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Moderation? (was: Drivel)
Posted by Evan Platt <ev...@espphotography.com>.
At 01:59 PM 9/15/2009, you wrote:
>Please feel free to directly ping the list owners or use some other
>channel to quickly trigger the PMC's attention if need be. Rather than
>just posting yet another message to an already crowded thread. The
>latter is exactly where your call for authority is much more likely to
>go unnoticed for a while.
>
>If you're calling for the police, don't stand in the crowd and ask where
>they are. Call 'em!
I agree, but I didn't know the e-mail address for the mods here
otherwise, believe me, I would have too long ago.
Might I suggest a header added with a list owner address? If I missed
the header, please let me know! Or maybe something in a group sig?
Moderation? (was: Drivel)
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
Guys,
first of all, I personally *highly* welcome the community to step up
like you did in this case. There's no need to wait for the PMC to tell
some seriously mis-behaving subscriber to watch his language. Thanks for
that!
Oh, and just in case -- this is not about words, but meaning and
intention. ;)
On Tue, 2009-09-15 at 10:11 +1200, Michael Hutchinson wrote:
> > From: Charles Gregory [mailto:cgregory@hwcn.org]
> > Good users all. Never heard of a troll?
> > Nonsensical. Irritating. Taunting.....
> >
> > Best defense against this kind of childish antic is to IGNORE it.
> Yes, and as previously asked, where are the list moderators? On a very
> long smoke break?
We are listening -- though not constantly monitoring, and doing this in
our spare time. Things might slip under the radar. Sorry. :/
Please feel free to directly ping the list owners or use some other
channel to quickly trigger the PMC's attention if need be. Rather than
just posting yet another message to an already crowded thread. The
latter is exactly where your call for authority is much more likely to
go unnoticed for a while.
If you're calling for the police, don't stand in the crowd and ask where
they are. Call 'em!
> Sure we can Ignore it. That doesn't mean that a list moderator shouldn't
> get involved and solve the problem. Should be pretty easy to do, right?
I've taken care of this...
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: Drivel
Posted by Bob O'Brien <bo...@barracuda.com>.
Michael Hutchinson [mailto:mhutchinson@manux.co.nz] wrote:
> > -----Original Message-----
> > From: Charles Gregory [mailto:cgregory@hwcn.org]
> > Good users all. Never heard of a troll?
> > Nonsensical. Irritating. Taunting.....
> >
> > Best defense against this kind of childish antic is to IGNORE it.
> >
> > Yes, a firewall setting doesn't hurt.
> >
>
> Yes, and as previously asked, where are the list moderators? On a very
> long smoke break?
>
> Sure we can Ignore it. That doesn't mean that a list moderator shouldn't
> get involved and solve the problem. Should be pretty easy to do, right?
>
> There have been too many cases recently.
Not expecting democracy, but this earns my "vote" as well.
Bob
----------------------------------
Check out the Barracuda Spam & Virus Firewall - offering the fastest
virus & malware protection in the industry: www.barracudanetworks.com/spam
RE: Drivel
Posted by Michael Hutchinson <mh...@manux.co.nz>.
> -----Original Message-----
> From: Charles Gregory [mailto:cgregory@hwcn.org]
> Sent: Tuesday, 15 September 2009 9:34 a.m.
> To: users@spamassassin.apache.org
> Subject: Drivel
>
> On Mon, 14 Sep 2009, Clunk Werclick wrote:
> (more drivel)
>
> Good users all. Never heard of a troll?
> Nonsensical. Irritating. Taunting.....
>
> Best defense against this kind of childish antic is to IGNORE it.
>
> Yes, a firewall setting doesn't hurt.
>
Yes, and as previously asked, where are the list moderators? On a very
long smoke break?
Sure we can Ignore it. That doesn't mean that a list moderator shouldn't
get involved and solve the problem. Should be pretty easy to do, right?
There have been too many cases recently.
Cheers,
Mike
Drivel
Posted by Charles Gregory <cg...@hwcn.org>.
On Mon, 14 Sep 2009, Clunk Werclick wrote:
(more drivel)
Good users all. Never heard of a troll?
Nonsensical. Irritating. Taunting.....
Best defense against this kind of childish antic is to IGNORE it.
Yes, a firewall setting doesn't hurt.
- Charles
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 12:49 -0700, Bill Landry wrote:
> Clunk Werclick wrote:
> > On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote:
> >> ----- "Clunk Werclick" <ma...@googlemail.com> wrote:
> >>
> >> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
> >> | > ----- "Benny Pedersen" <me...@junc.org> wrote:
> >> | >
> >> | > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> >> | > | > So how far does someone have to go before getting banned from
> >> | the
> >> | > | > list? Is this not far enough yet?
> >> | > |
> >> | > | he just come back with another sender email, with another
> >> | reply-to, it
> >> | > |
> >> | > | will be endless banning new email adresses
> >> | > |
> >> | > | --
> >> | > | xpoint
> >> | > |
> >> | > |
> >> | > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
> >> | is in violation of the ISP AUP.
> >> |
> >> | go *right* ahead. Here you go:
> >> | abuse@zen.co.uk
> >> |
> >> | I guess it will take a retard like you a *whole* day to find it.
> >> |
> >> | >
> >> | > Best Regards,
> >> | >
> >> Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful.
> >>
> >> It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place?
> >>
> >> Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery.
> >>
> >> And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business.
> >>
> >> I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased.
> >>
> >> Thank you for your time.
> >>
> >> Best Regards,
> >>
> >
> > And had you not taken to emailing me off list, you would have been
> > spared the abuse you deserved.
> >
> > Grow up with your 'DoS' crap. I look forward to hearing from Zen.
> >
> > Keep you shitty posts *on* list in future.
>
> Are all of the list admins on vacation? This kind of crap would not be
> tolerated on most lists I'm subscribed to. This stuff happens way too
> often on this list without repercussion. If the list admins don't put a
> stop to these kinds of posts, expect people to start unsubscribing, as
> it's not just not worth the hassle.
> Bill
Then stop following it up to try and be smart. If it's not of interest
to you, just shut the fuck up and ignore it twonk.
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Bill Landry <bi...@inetmsg.com>.
Clunk Werclick wrote:
> On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote:
>> ----- "Clunk Werclick" <ma...@googlemail.com> wrote:
>>
>> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
>> | > ----- "Benny Pedersen" <me...@junc.org> wrote:
>> | >
>> | > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
>> | > | > So how far does someone have to go before getting banned from
>> | the
>> | > | > list? Is this not far enough yet?
>> | > |
>> | > | he just come back with another sender email, with another
>> | reply-to, it
>> | > |
>> | > | will be endless banning new email adresses
>> | > |
>> | > | --
>> | > | xpoint
>> | > |
>> | > |
>> | > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
>> | is in violation of the ISP AUP.
>> |
>> | go *right* ahead. Here you go:
>> | abuse@zen.co.uk
>> |
>> | I guess it will take a retard like you a *whole* day to find it.
>> |
>> | >
>> | > Best Regards,
>> | >
>> Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful.
>>
>> It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place?
>>
>> Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery.
>>
>> And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business.
>>
>> I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased.
>>
>> Thank you for your time.
>>
>> Best Regards,
>>
>
> And had you not taken to emailing me off list, you would have been
> spared the abuse you deserved.
>
> Grow up with your 'DoS' crap. I look forward to hearing from Zen.
>
> Keep you shitty posts *on* list in future.
Are all of the list admins on vacation? This kind of crap would not be
tolerated on most lists I'm subscribed to. This stuff happens way too
often on this list without repercussion. If the list admins don't put a
stop to these kinds of posts, expect people to start unsubscribing, as
it's not just not worth the hassle.
Bill
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 20:38 +0100, --[ UxBoD ]-- wrote:
> ----- "Clunk Werclick" <ma...@googlemail.com> wrote:
>
> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
> | > ----- "Benny Pedersen" <me...@junc.org> wrote:
> | >
> | > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> | > | > So how far does someone have to go before getting banned from
> | the
> | > | > list? Is this not far enough yet?
> | > |
> | > | he just come back with another sender email, with another
> | reply-to, it
> | > |
> | > | will be endless banning new email adresses
> | > |
> | > | --
> | > | xpoint
> | > |
> | > |
> | > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
> | is in violation of the ISP AUP.
> |
> | go *right* ahead. Here you go:
> | abuse@zen.co.uk
> |
> | I guess it will take a retard like you a *whole* day to find it.
> |
> | >
> | > Best Regards,
> | >
> Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful.
>
> It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place?
>
> Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery.
>
> And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business.
>
> I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased.
>
> Thank you for your time.
>
> Best Regards,
>
And had you not taken to emailing me off list, you would have been
spared the abuse you deserved.
Grow up with your 'DoS' crap. I look forward to hearing from Zen.
Keep you shitty posts *on* list in future.
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Bill Landry <bi...@inetmsg.com>.
--[ UxBoD ]-- wrote:
> ----- "Clunk Werclick" <ma...@googlemail.com> wrote:
>
> | On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
> | > ----- "Benny Pedersen" <me...@junc.org> wrote:
> | >
> | > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> | > | > So how far does someone have to go before getting banned from
> | the
> | > | > list? Is this not far enough yet?
> | > |
> | > | he just come back with another sender email, with another
> | reply-to, it
> | > |
> | > | will be endless banning new email adresses
> | > |
> | > | --
> | > | xpoint
> | > |
> | > |
> | > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
> | is in violation of the ISP AUP.
> |
> | go *right* ahead. Here you go:
> | abuse@zen.co.uk
> |
> | I guess it will take a retard like you a *whole* day to find it.
> |
> | >
> | > Best Regards,
> | >
> Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful.
>
> It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place?
>
> Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery.
>
> And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business.
You might also consider reporting his googlemail address to Google, as
well, and provide proof of the denial of smtp server attack he ran
against your mail server. That should get his account shutdown, as well.
> I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased.
Don't waste your breath (keystrokes) on this guy, he has no common sense
- things like this are way beyond his comprehension level.
Bill
Re: Non scoring 'Bank Deposit' spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- "Clunk Werclick" <ma...@googlemail.com> wrote:
| On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
| > ----- "Benny Pedersen" <me...@junc.org> wrote:
| >
| > | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
| > | > So how far does someone have to go before getting banned from
| the
| > | > list? Is this not far enough yet?
| > |
| > | he just come back with another sender email, with another
| reply-to, it
| > |
| > | will be endless banning new email adresses
| > |
| > | --
| > | xpoint
| > |
| > |
| > Blocked now @ FW .. Will contact Zen tomorrow and report as the OP
| is in violation of the ISP AUP.
|
| go *right* ahead. Here you go:
| abuse@zen.co.uk
|
| I guess it will take a retard like you a *whole* day to find it.
|
| >
| > Best Regards,
| >
Not at all ... If you were so kind as to have stopped the profanity and vulgarity then people would have been more approachable and helpful.
It was kindly asked that you refrained from such posting yet you felt you were excempted. As I have already said the lists are here to help people and learn. We should not be exposed to such rubbish. Otherwise why have the lists in the first place?
Every individual has the right to put forward their view and opinion; but when using the language you felt easy to adopt it makes a mockery.
And I must say thank you for the email address; that really helps (not). A phone call is a lot easier to explain on the potential impact a ISP subscriber could be having to the providers business.
I believe you could put some valid viewpoints forward, and if this was done in a mature, professional manner I am sure everyone would be very pleased.
Thank you for your time.
Best Regards,
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 19:52 +0100, --[ UxBoD ]-- wrote:
> ----- "Benny Pedersen" <me...@junc.org> wrote:
>
> | On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> | > So how far does someone have to go before getting banned from the
> | > list? Is this not far enough yet?
> |
> | he just come back with another sender email, with another reply-to, it
> |
> | will be endless banning new email adresses
> |
> | --
> | xpoint
> |
> |
> Blocked now @ FW .. Will contact Zen tomorrow and report as the OP is in violation of the ISP AUP.
go *right* ahead. Here you go:
abuse@zen.co.uk
I guess it will take a retard like you a *whole* day to find it.
>
> Best Regards,
>
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- "Benny Pedersen" <me...@junc.org> wrote:
| On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
| > So how far does someone have to go before getting banned from the
| > list? Is this not far enough yet?
|
| he just come back with another sender email, with another reply-to, it
|
| will be endless banning new email adresses
|
| --
| xpoint
|
|
Blocked now @ FW .. Will contact Zen tomorrow and report as the OP is in violation of the ISP AUP.
Best Regards,
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
Posted by Benny Pedersen <me...@junc.org>.
On man 14 sep 2009 16:54:39 CEST, Bill Landry wrote
> So how far does someone have to go before getting banned from the
> list? Is this not far enough yet?
he just come back with another sender email, with another reply-to, it
will be endless banning new email adresses
--
xpoint
Re: Non scoring 'Bank Deposit' spam
Posted by Bill Landry <bi...@inetmsg.com>.
Clunk Werclick wrote:
> On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
>> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
>>> If the OP cannot refrain from that sort of foul language when
>>> presented with counter arguments then please ban. The list would be
>>> far happier IMHO.
>> Based on his reply to Matus I put him on my 'soft' kill list.
>>
>> (soft because all it does is mark his messages as read when they are
>> received, so I still have them… but chances are I never see them).
>>
>> I did have to lookup his "real" address clunk.werclick@wibblywobblyteapot.co.uk
>> so I could mark both his throw-away gmail address and his 'real'
>> address. I found it in my postfix spool.
>>
>> Still, based on his ignorance and his volatile behavior *I* certainly
>> don't have any interest in his getting helped, and I don't have to
>> read his xenophobic abuse ever again.
> Man, I'm going to lose *so* much sleep about that. From what I have
> read, the majority of you are a bunch of gay arse lovers up eachother.
> And fuckwits too boot.
>
> I hope you die ejaculating up each others arse holes.
So how far does someone have to go before getting banned from the list?
Is this not far enough yet?
Bill
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 08:05 -0600, LuKreme wrote:
> On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
> > If the OP cannot refrain from that sort of foul language when
> > presented with counter arguments then please ban. The list would be
> > far happier IMHO.
>
> Based on his reply to Matus I put him on my 'soft' kill list.
>
> (soft because all it does is mark his messages as read when they are
> received, so I still have them… but chances are I never see them).
>
> I did have to lookup his "real" address clunk.werclick@wibblywobblyteapot.co.uk
> so I could mark both his throw-away gmail address and his 'real'
> address. I found it in my postfix spool.
>
> Still, based on his ignorance and his volatile behavior *I* certainly
> don't have any interest in his getting helped, and I don't have to
> read his xenophobic abuse ever again.
Man, I'm going to lose *so* much sleep about that. From what I have
read, the majority of you are a bunch of gay arse lovers up eachother.
And fuckwits too boot.
I hope you die ejaculating up each others arse holes.
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by LuKreme <kr...@kreme.com>.
On 14-Sep-2009, at 05:24, --[ UxBoD ]-- wrote:
> If the OP cannot refrain from that sort of foul language when
> presented with counter arguments then please ban. The list would be
> far happier IMHO.
Based on his reply to Matus I put him on my 'soft' kill list.
(soft because all it does is mark his messages as read when they are
received, so I still have them… but chances are I never see them).
I did have to lookup his "real" address clunk.werclick@wibblywobblyteapot.co.uk
so I could mark both his throw-away gmail address and his 'real'
address. I found it in my postfix spool.
Still, based on his ignorance and his volatile behavior *I* certainly
don't have any interest in his getting helped, and I don't have to
read his xenophobic abuse ever again.
--
Beware of the Leopard!
Re: Non scoring 'Bank Deposit' spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- "Clunk Werclick" <ma...@googlemail.com> wrote:
| On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
| > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
| > > > > I disagree. It can do as much harm as good. My own view and
| > > > > observation from the past have rendered it pointless in my
| context. It
| > > > > adds latency, is easily poisoned and rarely makes much
| difference to
| > > > > the score. I do appreciate some people like it, but my own
| view is
| > > > > spam has moved on beyond the point of it being useful.
| >
| > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
| > > > Facts? we don't need no pesky facts. You are very misinformed.
| >
| > On 14.09.09 08:48, Clunk Werclick wrote:
| > > Myself, I've seen some very poor Bayesian databases where users
| have
| > > been allowed to categorize mail as spam-v-ham. One company who
| deal with
| > > Pharmaceuticals for famine relief in Uganda and other poor
| African
| > > countries found bayes to mess with their core mail to a point that
| made
| > > it worthless in their context.
| >
| > I would say that is a result of badly trained BAYES, not fgrom its
| bad
| > design.
| >
| > If you insist on not using bayes, just because it can be mistrained,
| better
| > don't use any configurable software, because _everything_
| configurable will go wrong
| > if miscongured.
|
| The *issue* with bayes is it *can* have user input. Would you trust
| your
| users influencing system wide policy?
|
| I've already stated I'll try it. So read the xxxxxx follow up before
| shouting your thick foreign mouth off you stupid xxxx!
|
If the OP cannot refrain from that sort of foul language when presented with counter arguments then please ban. The list would be far happier IMHO.
BR,
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
RE: Non scoring 'Bank Deposit' spam
Posted by Michael Hutchinson <mh...@manux.co.nz>.
> -----Original Message-----
> From: --[ UxBoD ]-- [mailto:uxbod@splatnix.net]
> Sent: Monday, 14 September 2009 11:27 p.m.
> To: Matus UHLAR - fantomas
> Cc: users@spamassassin.apache.org
> Subject: Re: Non scoring 'Bank Deposit' spam
>
> ----- "Matus UHLAR - fantomas" <uh...@fantomas.sk> wrote:
>
> | > > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> | > > > > > I disagree. It can do as much harm as good. My own view and
> | > > > > > observation from the past have rendered it pointless in my
> | context. It
> | > > > > > adds latency, is easily poisoned and rarely makes much
> | difference to
> | > > > > > the score. I do appreciate some people like it, but my own
> | view is
> | > > > > > spam has moved on beyond the point of it being useful.
> | > >
> | > > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> | > > > > Facts? we don't need no pesky facts. You are very
> | misinformed.
> | > >
> | > > On 14.09.09 08:48, Clunk Werclick wrote:
> | > > > Myself, I've seen some very poor Bayesian databases where users
> | have
> | > > > been allowed to categorize mail as spam-v-ham. One company who
> | deal with
> | > > > Pharmaceuticals for famine relief in Uganda and other poor
> | African
> | > > > countries found bayes to mess with their core mail to a point
> | that made
> | > > > it worthless in their context.
> |
> | > On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
> | > > I would say that is a result of badly trained BAYES, not fgrom
> its
> | bad
> | > > design.
> |
> | On 14.09.09 12:06, Clunk Werclick wrote:
> | > The *issue* with bayes is it *can* have user input. Would you trust
> | your
> | > users influencing system wide policy?
> |
> | That only happens if you allow your users to train system-wide BAYES.
> | However this is usually also called "misconfiguration" - in common
> | situations either users have their own bayes databases, or they can't
> | train
> | the site-wide one.
> |
> | > > If you insist on not using bayes, just because it can be
> | mistrained,
> | > > better don't use any configurable software, because _everything_
> | > > configurable will go wrong if miscongured.
> |
> | > I've already stated I'll try it. So read the fucking follow up
> | before
> | > shouting your thick foreign mouth off you stupid cunt!
> |
> | I have read your previous posts, I only wanted to react on some of
> | your
> | "arguments".
> I would post the private email I received from Clunk but I will not
> lower myself or expose the list to such vulgarity.
>
Why not? Everyone else seems to be able to get away with it!
M.
Re: Non scoring 'Bank Deposit' spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- "Matus UHLAR - fantomas" <uh...@fantomas.sk> wrote:
| > > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
| > > > > > I disagree. It can do as much harm as good. My own view and
| > > > > > observation from the past have rendered it pointless in my
| context. It
| > > > > > adds latency, is easily poisoned and rarely makes much
| difference to
| > > > > > the score. I do appreciate some people like it, but my own
| view is
| > > > > > spam has moved on beyond the point of it being useful.
| > >
| > > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
| > > > > Facts? we don't need no pesky facts. You are very
| misinformed.
| > >
| > > On 14.09.09 08:48, Clunk Werclick wrote:
| > > > Myself, I've seen some very poor Bayesian databases where users
| have
| > > > been allowed to categorize mail as spam-v-ham. One company who
| deal with
| > > > Pharmaceuticals for famine relief in Uganda and other poor
| African
| > > > countries found bayes to mess with their core mail to a point
| that made
| > > > it worthless in their context.
|
| > On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
| > > I would say that is a result of badly trained BAYES, not fgrom its
| bad
| > > design.
|
| On 14.09.09 12:06, Clunk Werclick wrote:
| > The *issue* with bayes is it *can* have user input. Would you trust
| your
| > users influencing system wide policy?
|
| That only happens if you allow your users to train system-wide BAYES.
| However this is usually also called "misconfiguration" - in common
| situations either users have their own bayes databases, or they can't
| train
| the site-wide one.
|
| > > If you insist on not using bayes, just because it can be
| mistrained,
| > > better don't use any configurable software, because _everything_
| > > configurable will go wrong if miscongured.
|
| > I've already stated I'll try it. So read the fucking follow up
| before
| > shouting your thick foreign mouth off you stupid cunt!
|
| I have read your previous posts, I only wanted to react on some of
| your
| "arguments".
I would post the private email I received from Clunk but I will not lower myself or expose the list to such vulgarity.
BR,
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> > > > > I disagree. It can do as much harm as good. My own view and
> > > > > observation from the past have rendered it pointless in my context. It
> > > > > adds latency, is easily poisoned and rarely makes much difference to
> > > > > the score. I do appreciate some people like it, but my own view is
> > > > > spam has moved on beyond the point of it being useful.
> >
> > > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> > > > Facts? we don't need no pesky facts. You are very misinformed.
> >
> > On 14.09.09 08:48, Clunk Werclick wrote:
> > > Myself, I've seen some very poor Bayesian databases where users have
> > > been allowed to categorize mail as spam-v-ham. One company who deal with
> > > Pharmaceuticals for famine relief in Uganda and other poor African
> > > countries found bayes to mess with their core mail to a point that made
> > > it worthless in their context.
> On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
> > I would say that is a result of badly trained BAYES, not fgrom its bad
> > design.
On 14.09.09 12:06, Clunk Werclick wrote:
> The *issue* with bayes is it *can* have user input. Would you trust your
> users influencing system wide policy?
That only happens if you allow your users to train system-wide BAYES.
However this is usually also called "misconfiguration" - in common
situations either users have their own bayes databases, or they can't train
the site-wide one.
> > If you insist on not using bayes, just because it can be mistrained,
> > better don't use any configurable software, because _everything_
> > configurable will go wrong if miscongured.
> I've already stated I'll try it. So read the fucking follow up before
> shouting your thick foreign mouth off you stupid cunt!
I have read your previous posts, I only wanted to react on some of your
"arguments".
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average.
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 17:52 +0100, --[ UxBoD ]-- wrote:
> ----- "Chris Owen" <ow...@hubris.net> wrote:
>
> | On Sep 14, 2009, at 11:38 AM, LuKreme wrote:
> |
> | > On 14-Sep-2009, at 10:17, jdow wrote:
> | >> :0
> | >> * 9876543210^0 ^From: .*\<mailbackup19@googlemail.com\>
> | > * 9876543210^0 ^From:.*clunk\.werclick@wibblywobblyteapot\.co\.uk
> | >> /dev/null
> | >
> | > Will work better. (and you don't need a lock on /dev/null)
> |
> | I usually also use the 'h' flag on /dev/null rules:
> |
> | :0h
> |
> | I'm sure writing to /dev/null doesn't take very long but why bother
> | writing the body of the message.
> |
> | Chris
> |
> | -------------------------------------------------------------------------
> | Chris Owen - Garden City (620) 275-1900 - Lottery (noun):
> | President - Wichita (316) 858-3000 - A stupidity tax
> | Hubris Communications Inc www.hubris.net
> | -------------------------------------------------------------------------
> |
> Well I happen to know the MD of my ISP so perhaps I shall have a word
I've slept with his wife, I'll have a word too.
> ... I am sure he would not want DoS going in through his network ...
>
> These things can bring a list into dis-repute. It is okay to voice one owns opinion; but without profanity and blatant disrepect to anothers resources!
Then shut your fucking retarded mouth.
>
> We all sit on these lists to help each other and learn.
Learn to butt out, wanker.
>
> Best Regards,
>
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- "Chris Owen" <ow...@hubris.net> wrote:
| On Sep 14, 2009, at 11:38 AM, LuKreme wrote:
|
| > On 14-Sep-2009, at 10:17, jdow wrote:
| >> :0
| >> * 9876543210^0 ^From: .*\<mailbackup19@googlemail.com\>
| > * 9876543210^0 ^From:.*clunk\.werclick@wibblywobblyteapot\.co\.uk
| >> /dev/null
| >
| > Will work better. (and you don't need a lock on /dev/null)
|
| I usually also use the 'h' flag on /dev/null rules:
|
| :0h
|
| I'm sure writing to /dev/null doesn't take very long but why bother
| writing the body of the message.
|
| Chris
|
| -------------------------------------------------------------------------
| Chris Owen - Garden City (620) 275-1900 - Lottery (noun):
| President - Wichita (316) 858-3000 - A stupidity tax
| Hubris Communications Inc www.hubris.net
| -------------------------------------------------------------------------
|
Well I happen to know the MD of my ISP so perhaps I shall have a word ... I am sure he would not want DoS going in through his network ...
These things can bring a list into dis-repute. It is okay to voice one owns opinion; but without profanity and blatant disrepect to anothers resources!
We all sit on these lists to help each other and learn.
Best Regards,
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
Posted by Chris Owen <ow...@hubris.net>.
On Sep 14, 2009, at 11:38 AM, LuKreme wrote:
> On 14-Sep-2009, at 10:17, jdow wrote:
>> :0
>> * 9876543210^0 ^From: .*\<mailbackup19@googlemail.com\>
> * 9876543210^0 ^From:.*clunk\.werclick@wibblywobblyteapot\.co\.uk
>> /dev/null
>
> Will work better. (and you don't need a lock on /dev/null)
I usually also use the 'h' flag on /dev/null rules:
:0h
I'm sure writing to /dev/null doesn't take very long but why bother
writing the body of the message.
Chris
-------------------------------------------------------------------------
Chris Owen - Garden City (620) 275-1900 - Lottery (noun):
President - Wichita (316) 858-3000 - A stupidity tax
Hubris Communications Inc www.hubris.net
-------------------------------------------------------------------------
Re: Non scoring 'Bank Deposit' spam
Posted by jdow <jd...@earthlink.net>.
From: "LuKreme" <kr...@kreme.com>
Sent: Monday, 2009/September/14 09:38
> On 14-Sep-2009, at 10:17, jdow wrote:
>> :0
>> * 9876543210^0 ^From: .*\<mailbackup19@googlemail.com\>
> * 9876543210^0 ^From:.*clunk\.werclick@wibblywobblyteapot\.co\.uk
>> /dev/null
>
> Will work better. (and you don't need a lock on /dev/null)
Simply used "* ^From:.*wibblywobblyteapot\.co\.uk"
And the basic formula has a lock for writing to a file. I use it
for pre-sorting things I might want to look at sometime but do not
want in my normal mail.
===8<--- (This one is for a ham radio rectal cranial inversion case.)
:0:
* ^From: .*\<bcrowell@excite\.com>
/$HOME/mail/billygoat
===8<---
Cut and past is quick even if it does lead to locks on /dev/null "writes".
{^_-}
Re: Non scoring 'Bank Deposit' spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- "LuKreme" <kr...@kreme.com> wrote:
| On 14-Sep-2009, at 10:17, jdow wrote:
| > :0
| > * 9876543210^0 ^From: .*\<mailbackup19@googlemail.com\>
| * 9876543210^0 ^From:.*clunk\.werclick@wibblywobblyteapot\.co\.uk
| > /dev/null
|
| Will work better. (and you don't need a lock on /dev/null)
|
| --
| In England 100 miles is a long distance. In the US 100 years is a
| long time
|
|
Perhaps the OP should read the AUP ! http://www.zen.co.uk/policies/acceptable-use-policy.aspx
Best Regards,
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
Posted by LuKreme <kr...@kreme.com>.
On 14-Sep-2009, at 10:17, jdow wrote:
> :0
> * 9876543210^0 ^From: .*\<mailbackup19@googlemail.com\>
* 9876543210^0 ^From:.*clunk\.werclick@wibblywobblyteapot\.co\.uk
> /dev/null
Will work better. (and you don't need a lock on /dev/null)
--
In England 100 miles is a long distance. In the US 100 years is a
long time
Re: Non scoring 'Bank Deposit' spam
Posted by jdow <jd...@earthlink.net>.
From: "Clunk Werclick" <ma...@googlemail.com>
> I've already stated I'll try it. So read the fucking follow up before
> shouting your thick foreign mouth off you stupid cunt!
And this person who is incapable of expressing himself without profanity,
indicative of a weak mind, has managed to get me to put in a very simple
procmail rule:
:0:
* ^From: .*\<mailbackup19@googlemail.com\>
/dev/null
The weak minded putz called the people on THIS list out for bad behavior.
Then I guess he had to trump them with his own bad behavior. What a
loser. He's gone - forever.
{^_^}
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Mon, 2009-09-14 at 11:46 +0200, Matus UHLAR - fantomas wrote:
> > > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> > > > I disagree. It can do as much harm as good. My own view and
> > > > observation from the past have rendered it pointless in my context. It
> > > > adds latency, is easily poisoned and rarely makes much difference to
> > > > the score. I do appreciate some people like it, but my own view is
> > > > spam has moved on beyond the point of it being useful.
>
> > On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> > > Facts? we don't need no pesky facts. You are very misinformed.
>
> On 14.09.09 08:48, Clunk Werclick wrote:
> > Myself, I've seen some very poor Bayesian databases where users have
> > been allowed to categorize mail as spam-v-ham. One company who deal with
> > Pharmaceuticals for famine relief in Uganda and other poor African
> > countries found bayes to mess with their core mail to a point that made
> > it worthless in their context.
>
> I would say that is a result of badly trained BAYES, not fgrom its bad
> design.
>
> If you insist on not using bayes, just because it can be mistrained, better
> don't use any configurable software, because _everything_ configurable will go wrong
> if miscongured.
The *issue* with bayes is it *can* have user input. Would you trust your
users influencing system wide policy?
I've already stated I'll try it. So read the fucking follow up before
shouting your thick foreign mouth off you stupid cunt!
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> > > I disagree. It can do as much harm as good. My own view and
> > > observation from the past have rendered it pointless in my context. It
> > > adds latency, is easily poisoned and rarely makes much difference to
> > > the score. I do appreciate some people like it, but my own view is
> > > spam has moved on beyond the point of it being useful.
> On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> > Facts? we don't need no pesky facts. You are very misinformed.
On 14.09.09 08:48, Clunk Werclick wrote:
> Myself, I've seen some very poor Bayesian databases where users have
> been allowed to categorize mail as spam-v-ham. One company who deal with
> Pharmaceuticals for famine relief in Uganda and other poor African
> countries found bayes to mess with their core mail to a point that made
> it worthless in their context.
I would say that is a result of badly trained BAYES, not fgrom its bad
design.
If you insist on not using bayes, just because it can be mistrained, better
don't use any configurable software, because _everything_ configurable will go wrong
if miscongured.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
42.7 percent of all statistics are made up on the spot.
Re: Non scoring 'Bank Deposit' spam
Posted by Mark Martinec <Ma...@ijs.si>.
I've opened the:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6203
you can add your e-mail address as a CC if you want.
> is the dkim awl not solveing it in 3.3 ?
Only if a mail has a valid DKIM signature and the feature is enabled
( auto_whitelist_distinguish_signed 1 ) and AWL database is on SQL.
> why is spf not added ?
Nobody seems to care. It's not obvious what should be
stored in AWL in case of a successful SPF test.
> and my patch posted on maillist also works for non sql setups ?
I believe it should.
> i would go full route if i know how to add the hardcore /16 into
> settings cidr in awl.cf
Not sure I understand this. If you are referring to adding a new
configuration setting, I don't think this is something that should
be configurable.
Followups to that PR please.
Mark
Re: Non scoring 'Bank Deposit' spam
Posted by Benny Pedersen <me...@junc.org>.
On man 14 sep 2009 15:46:22 CEST, Mark Martinec wrote
> Benny, I very much agree with you, the /16 is too wide, and I've
> seen cases where good and bad sites share the same /16 address range.
is the dkim awl not solveing it in 3.3 ?
why is spf not added ?
> Would you please open a problem report on this. Perhaps there's
> still time to get it to a 3.3.
i created a patch to 3.2.5
diff -urp
sa/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm
sa-patch/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm
---
sa/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm 2008-06-10
11:20:22.000000000 +0200
+++
sa-patch/Mail-SpamAssassin-3.2.5/lib/Mail/SpamAssassin/AutoWhitelist.pm 2009-09-14 23:36:51.000000000
+0200
@@ -271,7 +271,9 @@ sub pack_addr {
# the user running "add-addr-to-*".
$origip = 'none';
} else {
- $origip =~ s/\.\d{1,3}\.\d{1,3}$//gs;
+ # patch 3.2.5 to use /24 where default is /16
+ # $origip =~ s/\.\d{1,3}\.\d{1,3}$//gs;
+ $origip =~ s/\.\d{1,3}\.\d{1,3}\.\d{1,3}$//gs;
}
$origip =~ s/[^0-9\.noe]/_/gs; # paranoia
warning i dont know perl to be sure its working :)
hope this is all that is needed to change the hardcoded /16 to hardcoded /24
--
xpoint
Re: Non scoring 'Bank Deposit' spam
Posted by Mark Martinec <Ma...@ijs.si>.
On Monday 14 September 2009 13:57:44 Benny Pedersen wrote:
>why not adjust awl factor ?
>
> (i hope ip can be set to other then /16 in 3.3.x) for the fyzzy
> matching ip ranges
>
> imho /24 should be default
Benny, I very much agree with you, the /16 is too wide, and I've seen
cases where good and bad sites share the same /16 address range.
Would you please open a problem report on this. Perhaps there's
still time to get it to a 3.3.
Mark
Re: Non scoring 'Bank Deposit' spam
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2009-09-14 at 13:57 +0200, Benny Pedersen wrote:
> On man 14 sep 2009 12:39:21 CEST, Martin Gregorie wrote
> > AWL, which is simply an averager, can get badly off target with
> > some mixes of ham/spam. It did with my mail feed, so I disabled it.
>
> in that case you dont understand what awl does, why not adjust awl factor ?
>
I understand exactly what it does, thankyou. Attempting to mitigate an
occasional spammy message from a correspondent is no use to me at all. I
have an automatic system that whitelists any address I've previously
sent mail to and doesn't affect any other senders.
Martin
Re: Non scoring 'Bank Deposit' spam
Posted by Benny Pedersen <me...@junc.org>.
On man 14 sep 2009 12:39:21 CEST, Martin Gregorie wrote
> AWL, which is simply an averager, can get badly off target with
> some mixes of ham/spam. It did with my mail feed, so I disabled it.
in that case you dont understand what awl does, why not adjust awl factor ?
(i hope ip can be set to other then /16 in 3.3.x) for the fyzzy
matching ip ranges
imho /24 should be default
--
xpoint
Re: Non scoring 'Bank Deposit' spam
Posted by Martin Gregorie <ma...@gregorie.org>.
> <tangent>Interestingly, It is fair to say that Jari's follow up *did*
> show Bayes giving it 5 points. This was then destroyed by AWL dropping
> 4.1 off of it:
>
AWL, which is simply an averager, can get badly off target with some
mixes of ham/spam. It did with my mail feed, so I disabled it.
Martin
Re: Non scoring 'Bank Deposit' spam
Posted by "--[ UxBoD ]--" <ux...@splatnix.net>.
----- "Clunk Werclick" <ma...@googlemail.com> wrote:
| On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
| > On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
| > > I disagree. It can do as much harm as good. My own view and
| > > observation
| > > from the past have rendered it pointless in my context. It adds
| > > latency,
| > > is easily poisoned and rarely makes much difference to the score.
| I do
| > > appreciate some people like it, but my own view is spam has moved
| on
| > > beyond the point of it being useful.
| >
| > Facts? we don't need no pesky facts. You are very misinformed.
| Myself, I've seen some very poor Bayesian databases where users have
| been allowed to categorize mail as spam-v-ham. One company who deal
| with
| Pharmaceuticals for famine relief in Uganda and other poor African
| countries found bayes to mess with their core mail to a point that
| made
| it worthless in their context.
|
| It really comes down to the context and effort -v- the return.
| > > No thanks, I'll pass on that. In this specific case it still would
| not
| > > have increased the score to a point where the clock cycles made it
|
| > > worth
| > > it.
| >
| > The Bayes score ALONE would have pushed this over the spam threshold
|
| > on my machine.
| My point is the content of that mail, which has been circulating for
| weeks almost unchanged, really should bite on a core rule, not rely
| on
| plugins and bayes to catch it.
|
| <tangent>Interestingly, It is fair to say that Jari's follow up *did*
| show Bayes giving it 5 points. This was then destroyed by AWL
| dropping
| 4.1 off of it:
|
| 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
| -4.1 AWL: From: address is in the auto machine.</tangent>
|
| I've created a custom meta rule; I'm almost sorry I came here and
| asked.
| Some of the people here on this list are just so rude, and you sir,
| are
| an Arsehole!
|
| >
|
| --
| -----------------------------------------------------------
| C Werclick .Lot
| Technical incompetent
| Loyal Order Of The Teapot.
|
| This e-mail and its attachments is intended only to be used as an
| e-mail
| and an attachment. Any use of it for other purposes other than as an
| e-mail and an attachment will not be covered by any warranty that may
| or
| may not form part of this e-mail and attachment.
|
And that kind of post can get you banned aswell!
Bayes works and any issues found are normally down to bad training.
Perhaps the second line of your sig may be the reason ? ;)
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
Re: Non scoring 'Bank Deposit' spam
Posted by Jari Fredriksson <ja...@iki.fi>.
>> On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
>
> <tangent>Interestingly, It is fair to say that Jari's
> follow up *did* show Bayes giving it 5 points. This was
> then destroyed by AWL dropping
> 4.1 off of it:
>
> 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> -4.1 AWL: From: address is in the auto machine.</tangent>
>
No. AWL disabled the BOTNET ;)
Many rules to disable, the total was 17 what counts.
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Sun, 2009-09-13 at 16:37 -0600, LuKreme wrote:
> On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> > I disagree. It can do as much harm as good. My own view and
> > observation
> > from the past have rendered it pointless in my context. It adds
> > latency,
> > is easily poisoned and rarely makes much difference to the score. I do
> > appreciate some people like it, but my own view is spam has moved on
> > beyond the point of it being useful.
>
> Facts? we don't need no pesky facts. You are very misinformed.
Myself, I've seen some very poor Bayesian databases where users have
been allowed to categorize mail as spam-v-ham. One company who deal with
Pharmaceuticals for famine relief in Uganda and other poor African
countries found bayes to mess with their core mail to a point that made
it worthless in their context.
It really comes down to the context and effort -v- the return.
> > No thanks, I'll pass on that. In this specific case it still would not
> > have increased the score to a point where the clock cycles made it
> > worth
> > it.
>
> The Bayes score ALONE would have pushed this over the spam threshold
> on my machine.
My point is the content of that mail, which has been circulating for
weeks almost unchanged, really should bite on a core rule, not rely on
plugins and bayes to catch it.
<tangent>Interestingly, It is fair to say that Jari's follow up *did*
show Bayes giving it 5 points. This was then destroyed by AWL dropping
4.1 off of it:
5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
-4.1 AWL: From: address is in the auto machine.</tangent>
I've created a custom meta rule; I'm almost sorry I came here and asked.
Some of the people here on this list are just so rude, and you sir, are
an Arsehole!
>
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by LuKreme <kr...@kreme.com>.
On 12-Sep-2009, at 10:27, Clunk Werclick wrote:
> I disagree. It can do as much harm as good. My own view and
> observation
> from the past have rendered it pointless in my context. It adds
> latency,
> is easily poisoned and rarely makes much difference to the score. I do
> appreciate some people like it, but my own view is spam has moved on
> beyond the point of it being useful.
Facts? we don't need no pesky facts. You are very misinformed.
> No thanks, I'll pass on that. In this specific case it still would not
> have increased the score to a point where the clock cycles made it
> worth
> it.
The Bayes score ALONE would have pushed this over the spam threshold
on my machine.
--
Take my hand and I'll show you what was and will be.
Re: Non scoring 'Bank Deposit' spam
Posted by John Hardin <jh...@impsec.org>.
On Mon, 14 Sep 2009, Clunk Werclick wrote:
> And trained some spam and I'll see how we get on.
Don't forget you also need to train some ham before Bayes will be able to
start analyzing.
As a general rule of thumb it's a good idea to keep the trained ham:spam
token ratio near even, or slightly heavier to the spam side (as the raw
message volume is generally more spam than ham).
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...to announce there must be no criticism of the President or to
stand by the President right or wrong is not only unpatriotic and
servile, but is morally treasonous to the American public.
-- Theodore Roosevelt, 1918
-----------------------------------------------------------------------
3 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Sun, 2009-09-13 at 20:57 +0100, RW wrote:
> On Sun, 13 Sep 2009 14:19:35 +0100
> Clunk Werclick <ma...@googlemail.com> wrote:
>
> > On Sun, 2009-09-13 at 14:06 +0100, RW wrote:
> > > On Sun, 13 Sep 2009 06:56:27 +0100
> > > Clunk Werclick <ma...@googlemail.com> wrote:
> > >
> > {trimmed down to the relevant point you make}
> > > Adding irrelevant text to a spam may make it less likely likely to
> > > be caught,
> > Thank you. So if your bayes 'good' tokens that happen to catch on this
> > 'irrelevant' text, the result of having the bayes is near pointless.
> > For example, something like this:
>
> In practise I find it doesn't make much difference unless the spammer
> makes a significant effort to reduce the number of spammy tokens, both
> in the headers and the body. And that commonly leads them into hitting
> other rules, and constrains the number of spams that can be sent from
> the same IP address. The majority of the spams I get don't have such
> text and most that do still hit BAYES_99. It's obviously not such a
> powerful technique as you think.
>
>
> It's also wrong to assume that when spam hits BAYES_50, BAYES hasn't
> done anything useful. This is a fallacy that comes from the arbitrary
> assignment of zero to BAYES_50. If you add 2.599 to all the BAYES rules
> and than multiply all the rule scores by 0.658 you get an equivalent
> scoreset (i.e. one that produces the same classifications) in which
> zero is assigned to BAYES_00 instead. We than have:
>
> BAYES_00 0.00
> BAYES_50 1.71
> BAYES_99 4.01
>
> In this scoreset BAYES_50 actually looks like a fairly strong result
> (which it is).
OK, I won't dismiss it out of hand and I'm open to observation. So, I'll
give bayes a whirl. I must confess that I found the documentation on the
simple act of enabling it less than ideal and reference to
"use_bayes_rules" is currently missing in action. I've cobbled together:
# Enable the Bayes system
use_bayes 1
use_bayes_rules 0
bayes_path /home/mail/bayes/bayes
bayes_file_mode 0777
# Enable Bayes auto-learning
bayes_auto_learn 0
And trained some spam and I'll see how we get on.
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by RW <rw...@googlemail.com>.
On Sun, 13 Sep 2009 14:19:35 +0100
Clunk Werclick <ma...@googlemail.com> wrote:
> On Sun, 2009-09-13 at 14:06 +0100, RW wrote:
> > On Sun, 13 Sep 2009 06:56:27 +0100
> > Clunk Werclick <ma...@googlemail.com> wrote:
> >
> {trimmed down to the relevant point you make}
> > Adding irrelevant text to a spam may make it less likely likely to
> > be caught,
> Thank you. So if your bayes 'good' tokens that happen to catch on this
> 'irrelevant' text, the result of having the bayes is near pointless.
> For example, something like this:
In practise I find it doesn't make much difference unless the spammer
makes a significant effort to reduce the number of spammy tokens, both
in the headers and the body. And that commonly leads them into hitting
other rules, and constrains the number of spams that can be sent from
the same IP address. The majority of the spams I get don't have such
text and most that do still hit BAYES_99. It's obviously not such a
powerful technique as you think.
It's also wrong to assume that when spam hits BAYES_50, BAYES hasn't
done anything useful. This is a fallacy that comes from the arbitrary
assignment of zero to BAYES_50. If you add 2.599 to all the BAYES rules
and than multiply all the rule scores by 0.658 you get an equivalent
scoreset (i.e. one that produces the same classifications) in which
zero is assigned to BAYES_00 instead. We than have:
BAYES_00 0.00
BAYES_50 1.71
BAYES_99 4.01
In this scoreset BAYES_50 actually looks like a fairly strong result
(which it is).
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Sun, 2009-09-13 at 14:06 +0100, RW wrote:
> On Sun, 13 Sep 2009 06:56:27 +0100
> Clunk Werclick <ma...@googlemail.com> wrote:
>
{trimmed down to the relevant point you make}
> Adding irrelevant text to a spam may make it less likely likely to be
> caught,
Thank you. So if your bayes 'good' tokens that happen to catch on this
'irrelevant' text, the result of having the bayes is near pointless. For
example, something like this:
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by RW <rw...@googlemail.com>.
On Sun, 13 Sep 2009 06:56:27 +0100
Clunk Werclick <ma...@googlemail.com> wrote:
> Well crafted accurate rules - that should really catch this very
> common type of spam - will always be very much preferable to
> something that can be easily broken by feeding it a mail full of junk
> words.
I don't particularly want to get into an argument about the merits of
Bayes, but I can't let that piece of disinformation go uncorrected.
Bayes poisoning is 99% myth and 1% misnomer. It does no significant
harm to a database except make it larger, and slightly more aggressive,
so in no sense is it genuine poisoning. This is pretty obvious if you
think about the mathematics.
Adding irrelevant text to a spam may make it less likely likely to be
caught, but it seems to me that it's mostly the use of 0bfu5cation
and multiple sources that gets these through. Spams that use these
techniques are typically caught by obfuscation rules, BOTNET, URLBLs,
Pyzor, Razor etc.
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Sun, 2009-09-13 at 01:34 +0100, RW wrote:
> On Sat, 12 Sep 2009 17:27:00 +0100
> Clunk Werclick <ma...@googlemail.com> wrote:
>
> > On Sat, 2009-09-12 at 08:54 -0700, John Hardin wrote:
> > > On Sat, 12 Sep 2009, Clunk Werclick wrote:
> > >
> > > > On Sat, 2009-09-12 at 16:15 +0300, Jari Fredriksson wrote:
> > > >>
> > > >> What's wrong with the bayes?
> > > >
> > > > Bayes is going out of fashion.
> > >
> > > Since when? And according to whom? Bayes is one of the stronger
> > > tools available.
> > I disagree. It can do as much harm as good. My own view and
> > observation from the past have rendered it pointless in my context.
> > It adds latency, is easily poisoned and rarely makes much difference
> > to the score. I do appreciate some people like it, but my own view is
> > spam has moved on beyond the point of it being useful.
>
>
> Unless you're importing porn and viagra from Nigerian lawyers, I doubt
> your circumstances make the difference between "one of the stronger
> tools" and "pointless". So you might entertain the possibility that
> you're are not doing it right.
>
Like I said, I disagree for the reasons I have given.
>
> > > > It's just as easy to make a bad one by bad training than a good
> > > > one.
> > >
> > > Any system can be rendered useless by mismanagement. That's not a
> > > flaw of the system, or a reason to discard it as pointless. And
> > > GIGO will never become obsolete.
> >
> > > Set up bayes and make the commitment to train it properly and
> > > you'll get good results.
> > No thanks, I'll pass on that. In this specific case it still would not
> > have increased the score to a point where the clock cycles made it
> > worth it.
>
>
> I doubt that's significant compared with the thousands of regular
> expressions that SA runs. If Bayes slows down SA it's usually a
> database problem.
Well crafted accurate rules - that should really catch this very common
type of spam - will always be very much preferable to something that can
be easily broken by feeding it a mail full of junk words.
This is has drifted off topic. If you want to start a war bayes-v-non
bayes go right ahead, but I don't want to play. I don't agree with you,
but if you are happy with it then bully for you :-)
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by RW <rw...@googlemail.com>.
On Sat, 12 Sep 2009 17:27:00 +0100
Clunk Werclick <ma...@googlemail.com> wrote:
> On Sat, 2009-09-12 at 08:54 -0700, John Hardin wrote:
> > On Sat, 12 Sep 2009, Clunk Werclick wrote:
> >
> > > On Sat, 2009-09-12 at 16:15 +0300, Jari Fredriksson wrote:
> > >>
> > >> What's wrong with the bayes?
> > >
> > > Bayes is going out of fashion.
> >
> > Since when? And according to whom? Bayes is one of the stronger
> > tools available.
> I disagree. It can do as much harm as good. My own view and
> observation from the past have rendered it pointless in my context.
> It adds latency, is easily poisoned and rarely makes much difference
> to the score. I do appreciate some people like it, but my own view is
> spam has moved on beyond the point of it being useful.
Unless you're importing porn and viagra from Nigerian lawyers, I doubt
your circumstances make the difference between "one of the stronger
tools" and "pointless". So you might entertain the possibility that
you're are not doing it right.
> > > It's just as easy to make a bad one by bad training than a good
> > > one.
> >
> > Any system can be rendered useless by mismanagement. That's not a
> > flaw of the system, or a reason to discard it as pointless. And
> > GIGO will never become obsolete.
>
> > Set up bayes and make the commitment to train it properly and
> > you'll get good results.
> No thanks, I'll pass on that. In this specific case it still would not
> have increased the score to a point where the clock cycles made it
> worth it.
I doubt that's significant compared with the thousands of regular
expressions that SA runs. If Bayes slows down SA it's usually a
database problem.
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Sat, 2009-09-12 at 08:54 -0700, John Hardin wrote:
> On Sat, 12 Sep 2009, Clunk Werclick wrote:
>
> > On Sat, 2009-09-12 at 16:15 +0300, Jari Fredriksson wrote:
> >>
> >> What's wrong with the bayes?
> >
> > Bayes is going out of fashion.
>
> Since when? And according to whom? Bayes is one of the stronger tools
> available.
I disagree. It can do as much harm as good. My own view and observation
from the past have rendered it pointless in my context. It adds latency,
is easily poisoned and rarely makes much difference to the score. I do
appreciate some people like it, but my own view is spam has moved on
beyond the point of it being useful.
>
> > It's just as easy to make a bad one by bad training than a good one.
>
> Any system can be rendered useless by mismanagement. That's not a flaw of
> the system, or a reason to discard it as pointless. And GIGO will never
> become obsolete.
> Set up bayes and make the commitment to train it properly and you'll get
> good results.
No thanks, I'll pass on that. In this specific case it still would not
have increased the score to a point where the clock cycles made it worth
it.
>
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by John Hardin <jh...@impsec.org>.
On Sat, 12 Sep 2009, Clunk Werclick wrote:
> On Sat, 2009-09-12 at 16:15 +0300, Jari Fredriksson wrote:
>>
>> What's wrong with the bayes?
>
> Bayes is going out of fashion.
Since when? And according to whom? Bayes is one of the stronger tools
available.
> It's just as easy to make a bad one by bad training than a good one.
Any system can be rendered useless by mismanagement. That's not a flaw of
the system, or a reason to discard it as pointless. And GIGO will never
become obsolete.
Set up bayes and make the commitment to train it properly and you'll get
good results.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
An entitlement beneficiary is a person or special interest group
who didn't earn your money, but demands the right to take your
money because they *want* it. -- John McKay, _The Welfare State:
No Mercy for the Middle Class_
-----------------------------------------------------------------------
5 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: Non scoring 'Bank Deposit' spam
Posted by Jari Fredriksson <ja...@iki.fi>.
> On Sat, 2009-09-12 at 16:15 +0300, Jari Fredriksson wrote:
>>>
>>> I don't want the Bayes, but I'm not seeing any rules
>>> like this:
>>>
>>> 4.0 BOTNET Relay might be a spambot or
>>> virusbot
>>>
>>> This is a vanilla Spamassassin - but I'm surprised I'm
>>> not getting any score on these here.
>>
>> What's wrong with the bayes? It works for me.
>>
>> Botnet is a separate plugin.
>>
>>
> Bayes is going out of fashion. It's just as easy to make
> a bad one by bad training than a good one.
>
> I guess the core vanilla Spamassassin is failing to score
> this very well, and that the scores you have pasted here
> are mostly from plug-ins ?
Yes, Botnet, DCC and Razor2 are addons, as well as the extra rules from
sought.rules.yerp.org
saupdates.openprotect.com
90_sare_freemail.cf.sare.sa-update.dostech.net
that I use.
However, DCC and Razor2 work with vanilla SA if those separate applications are installed on the machine.
Re: Non scoring 'Bank Deposit' spam
Posted by LuKreme <kr...@kreme.com>.
On 12-Sep-2009, at 08:36, Clunk Werclick wrote:
> Bayes is going out of fashion.
Ridiculous.
--
Why can't you be in a good mood? How hard is it to decide to be in
a good mood and be in a good mood once in a while?"
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Sat, 2009-09-12 at 16:15 +0300, Jari Fredriksson wrote:
> >
> > I don't want the Bayes, but I'm not seeing any rules like
> > this:
> >
> > 4.0 BOTNET Relay might be a spambot or
> > virusbot
> >
> > This is a vanilla Spamassassin - but I'm surprised I'm
> > not getting any score on these here.
>
> What's wrong with the bayes? It works for me.
>
> Botnet is a separate plugin.
>
>
Bayes is going out of fashion. It's just as easy to make a bad one by
bad training than a good one.
I guess the core vanilla Spamassassin is failing to score this very
well, and that the scores you have pasted here are mostly from
plug-ins ?
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Jari Fredriksson <ja...@iki.fi>.
>
> I don't want the Bayes, but I'm not seeing any rules like
> this:
>
> 4.0 BOTNET Relay might be a spambot or
> virusbot
>
> This is a vanilla Spamassassin - but I'm surprised I'm
> not getting any score on these here.
What's wrong with the bayes? It works for me.
Botnet is a separate plugin.
Re: Non scoring 'Bank Deposit' spam
Posted by LuKreme <kr...@kreme.com>.
On 12-Sep-2009, at 07:10, Clunk Werclick wrote:
> I don't want the Bayes
Then resign yourself to getting lots of extra spam.
--
Exit, pursued by a bear.
Re: Non scoring 'Bank Deposit' spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Sun, 2009-09-13 at 22:54 +0200, Benny Pedersen wrote:
> > remember this is public maillist, dont shuth the help you get
> >
> > why not set the reply-to to support@microsoft.com ? no i dont like the
> > idear but you are on public maillist and want the answer to come there
> > not in private forgede mailbox, sorry i have a bad day
Benny, better get a mailer that supports List-Reply ...
On 14.09.09 08:37, Clunk Werclick wrote:
> Subject: Re: Non scoring 'Bank Deposit' spam
> From: Clunk Werclick <ma...@googlemail.com>
> Reply-To: mailbackup19@googlemail.com
> To: users@spamassassin.apache.org
> In-Reply-To: <20...@www.jersore.net>
> Date: Mon, 14 Sep 2009 08:37:22 +0100
>
> What are you prattling on about?
He doesn't like our Reply-To: header set to your address. Of course it's
useless (when set to same address than yout From: address).
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Sun, 2009-09-13 at 22:54 +0200, Benny Pedersen wrote:
> On søn 13 sep 2009 07:57:59 CEST, Clunk Werclick wrote
>
> > **PLEASE READ THE REST OF THE THREAD TO ANSWER YOU QUESTION**
> >> are you using sa-update ?
> > Yes, every night.
>
> remember this is public maillist, dont shuth the help you get
>
> why not set the reply-to to support@microsoft.com ? no i dont like the
> idear but you are on public maillist and want the answer to come there
> not in private forgede mailbox, sorry i have a bad day
What are you prattling on about?
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Benny Pedersen <me...@junc.org>.
On søn 13 sep 2009 07:57:59 CEST, Clunk Werclick wrote
> **PLEASE READ THE REST OF THE THREAD TO ANSWER YOU QUESTION**
>> are you using sa-update ?
> Yes, every night.
remember this is public maillist, dont shuth the help you get
why not set the reply-to to support@microsoft.com ? no i dont like the
idear but you are on public maillist and want the answer to come there
not in private forgede mailbox, sorry i have a bad day
--
xpoint
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <cl...@wibblywobblyteapot.co.uk>.
On Sun, 2009-09-13 at 06:36 +0200, Benny Pedersen wrote:
> On lør 12 sep 2009 15:10:41 CEST, Clunk Werclick wrote
>
> i ignore your reply-to :)
>
> > I don't want the Bayes, but I'm not seeing any rules like this:
>
> why not ?
**PLEASE READ THE REST OF THE THREAD TO ANSWER YOU QUESTION**
>
> > 4.0 BOTNET Relay might be a spambot or virusbot
>
> botnet is not standard sa plugin that might be why you not see the hit
>
> > This is a vanilla Spamassassin - but I'm surprised I'm not getting
> > any score on these here.
>
> are you using sa-update ?
Yes, every night.
>
Re: Non scoring 'Bank Deposit' spam
Posted by Benny Pedersen <me...@junc.org>.
On lør 12 sep 2009 15:10:41 CEST, Clunk Werclick wrote
i ignore your reply-to :)
> I don't want the Bayes, but I'm not seeing any rules like this:
why not ?
> 4.0 BOTNET Relay might be a spambot or virusbot
botnet is not standard sa plugin that might be why you not see the hit
> This is a vanilla Spamassassin - but I'm surprised I'm not getting
> any score on these here.
are you using sa-update ?
--
xpoint
Re: Non scoring 'Bank Deposit' spam
Posted by Clunk Werclick <ma...@googlemail.com>.
On Sat, 2009-09-12 at 16:05 +0300, Jari Fredriksson wrote:
> > I was somewhat surprised that this failed to score;
> >
> > http://pastebin.com/m4c75e3ac
> >
> > Log excerpt;
> > Sat Sep 12 05:08:57 2009 [7319] info: spamd: result: . 0 -
> > HTML_MESSAGE,UNPARSEABLE_RELAY
> > scantime=0.3,size=5400,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=55111,mid=<00...@aim.com>,autolearn=disabled
> >
> > Did this miss - or just missfire?
>
> Content analysis details: (17.0 points, 5.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> [score: 0.9996]
> 1.2 TO_MALFORMED To: has a malformed address
> 0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
> 4.0 BOTNET Relay might be a spambot or virusbot
> [botnet0.8,ip=87.208.178.204,rdns=ip204-178-208-87.adsl2.static.versatel.nl,maildomain=aim.com,client,ipinhostname,clientwords]
> 0.6 SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral)
> 1.0 HTML_MESSAGE BODY: HTML included in message
> 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
> above 50%
> [cf: 100]
> 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> [cf: 100]
> 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
> 1.0 DIGEST_MULTIPLE Message hits more than one network digest check
> 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns
> -4.1 AWL AWL: From: address is in the auto white-list
>
>
I've just had two more that have also failed to score (identical):
X-Spam-Status: No, score=0.0 required=5.0
tests=HTML_MESSAGE,UNPARSEABLE_RELAY autolearn=disabled version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10)
I don't want the Bayes, but I'm not seeing any rules like this:
4.0 BOTNET Relay might be a spambot or virusbot
This is a vanilla Spamassassin - but I'm surprised I'm not getting any
score on these here.
--
-----------------------------------------------------------
C Werclick .Lot
Technical incompetent
Loyal Order Of The Teapot.
This e-mail and its attachments is intended only to be used as an e-mail
and an attachment. Any use of it for other purposes other than as an
e-mail and an attachment will not be covered by any warranty that may or
may not form part of this e-mail and attachment.
Re: Non scoring 'Bank Deposit' spam
Posted by Benny Pedersen <me...@junc.org>.
On man 14 sep 2009 11:51:32 CEST, Matus UHLAR - fantomas wrote
>> -4.1 AWL AWL: From: address is in the auto white-list
> ... ouch!
?
just means that this msg was more spammy then what jari have seen from
same from email ip pairs
maybe i am wroung :=)
--
xpoint
Re: Non scoring 'Bank Deposit' spam
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > I was somewhat surprised that this failed to score;
> >
> > http://pastebin.com/m4c75e3ac
> >
> > Log excerpt;
> > Sat Sep 12 05:08:57 2009 [7319] info: spamd: result: . 0 -
> > HTML_MESSAGE,UNPARSEABLE_RELAY
> > scantime=0.3,size=5400,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=55111,mid=<00...@aim.com>,autolearn=disabled
> >
> > Did this miss - or just missfire?
On 12.09.09 16:05, Jari Fredriksson wrote:
> Content analysis details: (17.0 points, 5.0 required)
>
> pts rule name description
> ---- ---------------------- --------------------------------------------------
> 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> [score: 0.9996]
... manually changed score
> 1.2 TO_MALFORMED To: has a malformed address
> 0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
> 4.0 BOTNET Relay might be a spambot or virusbot
> [botnet0.8,ip=87.208.178.204,rdns=ip204-178-208-87.adsl2.static.versatel.nl,maildomain=aim.com,client,ipinhostname,clientwords]
... third-party ruleset (may misfire for ISPs)
> 0.6 SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral)
> 1.0 HTML_MESSAGE BODY: HTML included in message
> 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
> above 50%
> [cf: 100]
> 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> [cf: 100]
> 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
you may be late recipient, while he may be an early recipient.
> 1.0 DIGEST_MULTIPLE Message hits more than one network digest check
... late recipient + either manually updated score, or not updated ruleset -
DIGEST_MULTIPLE gives max 0.001 points for some time
> 3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns
... late recipient + third party ruleset (Although I believe this is safe to
use)
> -4.1 AWL AWL: From: address is in the auto white-list
... ouch!
Generally, this really could be a FN for early recipients, but I advise to
check whether plugins like DCC and RAZOR2 are loaded and the SOUGHT ruleset
is being used.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
Re: Non scoring 'Bank Deposit' spam
Posted by Jari Fredriksson <ja...@iki.fi>.
> I was somewhat surprised that this failed to score;
>
> http://pastebin.com/m4c75e3ac
>
> Log excerpt;
> Sat Sep 12 05:08:57 2009 [7319] info: spamd: result: . 0 -
> HTML_MESSAGE,UNPARSEABLE_RELAY
> scantime=0.3,size=5400,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=55111,mid=<00...@aim.com>,autolearn=disabled
>
> Did this miss - or just missfire?
Content analysis details: (17.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9996]
1.2 TO_MALFORMED To: has a malformed address
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
4.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=87.208.178.204,rdns=ip204-178-208-87.adsl2.static.versatel.nl,maildomain=aim.com,client,ipinhostname,clientwords]
0.6 SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral)
1.0 HTML_MESSAGE BODY: HTML included in message
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
1.0 DIGEST_MULTIPLE Message hits more than one network digest check
3.0 JM_SOUGHT_FRAUD_3 Body contains frequently-spammed text patterns
-4.1 AWL AWL: From: address is in the auto white-list