Damm mortage and software spam
Rob
rob at THEHOSTMASTERS.COM
Tue Sep 21 14:21:49 IST 2004
<x-flowed>
yes I did install it, and I have restarted it since....
:)
is there anything I can do to check and make sure it is working correctly?
Rob....
----- Original Message -----
From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Tuesday, September 21, 2004 8:55 AM
Subject: Re: Damm mortage and software spam
> Rob
>
> when you loaded the surbl.org stuff you would have needed to install the
> spamcop_uri plugin (unless you are running one of the SA 3.0 RC or beta
> versions).
>
> Also MS won't see any SA config changes till the children restart or you
> restart MS.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Rob wrote:
>> I do, do www.surbl.org but not the other one I will check that one
>> out....
>> thanks....
>>
>> However I have not received one in the last 24 hours...
>>
>> :)
>>
>>
>>
>> Rob....
>>
>>
>>
>> ----- Original Message -----
>> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>> Sent: Tuesday, September 21, 2004 4:18 AM
>> Subject: Re: Damm mortage and software spam
>>
>>
>>> Rob
>>> www.surbl.org (and a associated spamcop_uri plugin for SpamAssassin
>>> 2.6x) are not included in the rulesemporium stuff.
>>>
>>> It's a RBL style check, but it looks at URI's within the message body,
>>> rather than the traditions RBL's which only look at the ip-addresses the
>>> email is coming from( ie the message header).
>>>
>>> This is a really good technique of trapping the single graphic and link.
>>>
>>>
>>>
>>> --
>>> Martin Hepworth
>>> Snr Systems Administrator
>>> Solid State Logic
>>> Tel: +44 (0)1865 842300
>>>
>>>
>>> Rob wrote:
>>>
>>>> I add a whole bunch last week..... see way below email for the ones I
>>>> installed
>>>>
>>>> Rob....
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>> Sent: Monday, September 20, 2004 8:50 AM
>>>> Subject: Re: Damm mortage and software spam
>>>>
>>>>
>>>>> Rob
>>>>>
>>>>> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are
>>>>> the
>>>>> guys you need...
>>>>>
>>>>> see their web page for installation instructions...
>>>>>
>>>>>
>>>>> --
>>>>> Martin Hepworth
>>>>> Snr Systems Administrator
>>>>> Solid State Logic
>>>>> Tel: +44 (0)1865 842300
>>>>>
>>>>>
>>>>> Rob wrote:
>>>>>
>>>>>> I still get those darn emails...
>>>>>>
>>>>>> are these spammers good, or is it just by fluke their getting by
>>>>>> mailscanner??
>>>>>>
>>>>>> Does anyone else have this issue...
>>>>>>
>>>>>> There are usually email for medical stuff and its only a graphic
>>>>>> with a
>>>>>> remove link on the bottom of the page
>>>>>> Also the subject always has "meeting friday at 7-00"
>>>>>>
>>>>>> Any help appreciated
>>>>>>
>>>>>> Rob....
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Rob" <rob at THEHOSTMASTERS.COM>
>>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>>> Sent: Friday, September 17, 2004 1:16 PM
>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>
>>>>>>
>>>>>>> Ok I added all those rules....
>>>>>>>
>>>>>>> Let see what happens now....
>>>>>>>
>>>>>>> :)
>>>>>>>
>>>>>>> Rob....
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "Robin, Rob" <rrobin at GREENAPPLE.COM>
>>>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>>>> Sent: Friday, September 17, 2004 10:42 AM
>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>
>>>>>>>
>>>>>>>> Rob,
>>>>>>>>
>>>>>>>> It's there: http://www.rulesemporium.com/rules.htm
>>>>>>>> There should be rules for OEM software over there. Read the
>>>>>>>> description.
>>>>>>>>
>>>>>>>> I first tested it by downloading all the rules (except the
>>>>>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>>>>>> using
>>>>>>>> a
>>>>>>>> IncrediMail will make it spam. (some of our customers like using
>>>>>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>>>>>> scenario).
>>>>>>>>
>>>>>>>> I have narrowed it down to using:
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>>>>>> GetRules
>>>>>>>> "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>>>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>>>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>>>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>>>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> ------------------------
>>>>>>>> Rob Robin
>>>>>>>> Network Analyst
>>>>>>>> Green Apple, Inc.
>>>>>>>> 740-653-9890
>>>>>>>> rrobin at greenapple.com
>>>>>>>> www.greenapple.com
>>>>>>>> Internet access, hosting and development solutions since 1995.
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Rob [mailto:rob at THEHOSTMASTERS.COM]
>>>>>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>>>>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>
>>>>>>>>
>>>>>>>> I do not see these rules on www.rulesemporium.com where are they?
>>>>>>>>
>>>>>>>> And after I added rules from www.rulesemporium.com I still get
>>>>>>>> these
>>>>>>>> irritating emails with subject "your meeting on"
>>>>>>>>
>>>>>>>> and it has just a graphic and a remove link
>>>>>>>>
>>>>>>>> URGH!
>>>>>>>>
>>>>>>>> Rob....
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>> From: "Steve Mason" <smlists at SHAW.CA>
>>>>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>
>>>>>>>>
>>>>>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of the
>>>>>>>>> software messages.
>>>>>>>>> I haven't seen any mortgage messages yet...
>>>>>>>>>
>>>>>>>>> Steve
>>>>>>>>>
>>>>>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>>>>>> Anyone have a tip for not letting these guys through?
>>>>>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>>>>>> through to
>>>>>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Rob....
>>>
>>>
>>> **********************************************************************
>>>
>>> This email and any files transmitted with it are confidential and
>>> intended solely for the use of the individual or entity to whom they
>>> are addressed. If you have received this email in error please notify
>>> the system manager.
>>>
>>> This footnote confirms that this email message has been swept
>>> for the presence of computer viruses and is believed to be clean.
>>>
>>> **********************************************************************
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>
More information about the MailScanner
mailing list