Damm mortage and software spam
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Tue Sep 21 14:32:04 IST 2004
<x-flowed>
Rob
you should be seeing the rules in the headers (if you report like that),
or using MailWatch you should see the rules being hit as well.
There's some basic tests you can run on the surbl.org site in the FAQ,
so you could generate a test email with the test hits in it and then run
SA on the email..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Rob wrote:
> yes I did install it, and I have restarted it since....
>
> :)
>
> is there anything I can do to check and make sure it is working correctly?
>
> Rob....
>
>
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Tuesday, September 21, 2004 8:55 AM
> Subject: Re: Damm mortage and software spam
>
>
>> Rob
>>
>> when you loaded the surbl.org stuff you would have needed to install the
>> spamcop_uri plugin (unless you are running one of the SA 3.0 RC or beta
>> versions).
>>
>> Also MS won't see any SA config changes till the children restart or you
>> restart MS.
>>
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>
>> Rob wrote:
>>
>>> I do, do www.surbl.org but not the other one I will check that one
>>> out....
>>> thanks....
>>>
>>> However I have not received one in the last 24 hours...
>>>
>>> :)
>>>
>>>
>>>
>>> Rob....
>>>
>>>
>>>
>>> ----- Original Message -----
>>> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>> Sent: Tuesday, September 21, 2004 4:18 AM
>>> Subject: Re: Damm mortage and software spam
>>>
>>>
>>>> Rob
>>>> www.surbl.org (and a associated spamcop_uri plugin for SpamAssassin
>>>> 2.6x) are not included in the rulesemporium stuff.
>>>>
>>>> It's a RBL style check, but it looks at URI's within the message body,
>>>> rather than the traditions RBL's which only look at the ip-addresses
>>>> the
>>>> email is coming from( ie the message header).
>>>>
>>>> This is a really good technique of trapping the single graphic and
>>>> link.
>>>>
>>>>
>>>>
>>>> --
>>>> Martin Hepworth
>>>> Snr Systems Administrator
>>>> Solid State Logic
>>>> Tel: +44 (0)1865 842300
>>>>
>>>>
>>>> Rob wrote:
>>>>
>>>>> I add a whole bunch last week..... see way below email for the ones I
>>>>> installed
>>>>>
>>>>> Rob....
>>>>>
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>> Sent: Monday, September 20, 2004 8:50 AM
>>>>> Subject: Re: Damm mortage and software spam
>>>>>
>>>>>
>>>>>> Rob
>>>>>>
>>>>>> OK, looks like the www.surb.org URI rbls and spamcop_uri plugin are
>>>>>> the
>>>>>> guys you need...
>>>>>>
>>>>>> see their web page for installation instructions...
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Martin Hepworth
>>>>>> Snr Systems Administrator
>>>>>> Solid State Logic
>>>>>> Tel: +44 (0)1865 842300
>>>>>>
>>>>>>
>>>>>> Rob wrote:
>>>>>>
>>>>>>> I still get those darn emails...
>>>>>>>
>>>>>>> are these spammers good, or is it just by fluke their getting by
>>>>>>> mailscanner??
>>>>>>>
>>>>>>> Does anyone else have this issue...
>>>>>>>
>>>>>>> There are usually email for medical stuff and its only a graphic
>>>>>>> with a
>>>>>>> remove link on the bottom of the page
>>>>>>> Also the subject always has "meeting friday at 7-00"
>>>>>>>
>>>>>>> Any help appreciated
>>>>>>>
>>>>>>> Rob....
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "Rob" <rob at THEHOSTMASTERS.COM>
>>>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>>>> Sent: Friday, September 17, 2004 1:16 PM
>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>
>>>>>>>
>>>>>>>> Ok I added all those rules....
>>>>>>>>
>>>>>>>> Let see what happens now....
>>>>>>>>
>>>>>>>> :)
>>>>>>>>
>>>>>>>> Rob....
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>> From: "Robin, Rob" <rrobin at GREENAPPLE.COM>
>>>>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>>>>> Sent: Friday, September 17, 2004 10:42 AM
>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>
>>>>>>>>
>>>>>>>>> Rob,
>>>>>>>>>
>>>>>>>>> It's there: http://www.rulesemporium.com/rules.htm
>>>>>>>>> There should be rules for OEM software over there. Read the
>>>>>>>>> description.
>>>>>>>>>
>>>>>>>>> I first tested it by downloading all the rules (except the
>>>>>>>>> bigevil). Some of them are overly aggresive. Sending an attachment
>>>>>>>>> using
>>>>>>>>> a
>>>>>>>>> IncrediMail will make it spam. (some of our customers like using
>>>>>>>>> IncrediMail, their html and stuff can't be flagged as spam in my
>>>>>>>>> scenario).
>>>>>>>>>
>>>>>>>>> I have narrowed it down to using:
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_html.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_header.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_specific.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_ratware.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_adult.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_spoof.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_random.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sc_top200.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_oem.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_genlsubj.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_highrisk.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/70_sare_unsub.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_body.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_subject.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_headers.cf"
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/88_FVGT_uri.cf";
>>>>>>>>> GetRules
>>>>>>>>> "http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/99_FVGT_meta.cf";
>>>>>>>>> GetRules "http://mywebpages.comcast.net/mkettler/sa/antidrug.cf";
>>>>>>>>> GetRules "http://www.emtinc.net/includes/backhair.cf";
>>>>>>>>> GetRules "http://www.emtinc.net/includes/chickenpox.cf";
>>>>>>>>> GetRules "http://www.rulesemporium.com/rules/evilnumbers.cf";
>>>>>>>>> GetRules "http://www.stearns.org/sa-blacklist/random.current.cf";
>>>>>>>>> GetRules "http://www.emtinc.net/includes/weeds.cf";
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> ------------------------
>>>>>>>>> Rob Robin
>>>>>>>>> Network Analyst
>>>>>>>>> Green Apple, Inc.
>>>>>>>>> 740-653-9890
>>>>>>>>> rrobin at greenapple.com
>>>>>>>>> www.greenapple.com
>>>>>>>>> Internet access, hosting and development solutions since 1995.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Rob [mailto:rob at THEHOSTMASTERS.COM]
>>>>>>>>> Sent: Wednesday, September 15, 2004 10:43 AM
>>>>>>>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I do not see these rules on www.rulesemporium.com where are
>>>>>>>>> they?
>>>>>>>>>
>>>>>>>>> And after I added rules from www.rulesemporium.com I still get
>>>>>>>>> these
>>>>>>>>> irritating emails with subject "your meeting on"
>>>>>>>>>
>>>>>>>>> and it has just a graphic and a remove link
>>>>>>>>>
>>>>>>>>> URGH!
>>>>>>>>>
>>>>>>>>> Rob....
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "Steve Mason" <smlists at SHAW.CA>
>>>>>>>>> To: <MAILSCANNER at JISCMAIL.AC.UK>
>>>>>>>>> Sent: Wednesday, September 15, 2004 9:49 AM
>>>>>>>>> Subject: Re: Damm mortage and software spam
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> I'm finding that OB_URI_RBL and WS_URI_RBL are catching all of
>>>>>>>>>> the
>>>>>>>>>> software messages.
>>>>>>>>>> I haven't seen any mortgage messages yet...
>>>>>>>>>>
>>>>>>>>>> Steve
>>>>>>>>>>
>>>>>>>>>>> I keep getting spam from mortgage and software sales.....
>>>>>>>>>>> Anyone have a tip for not letting these guys through?
>>>>>>>>>>> I can send headers, but last 2 times I did my email never got
>>>>>>>>>>> through to
>>>>>>>>>>> the list, I >guess cuz the mail server thought it was spam..
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Rob....
>>>>
>>>>
>>>>
>>>> **********************************************************************
>>>>
>>>> This email and any files transmitted with it are confidential and
>>>> intended solely for the use of the individual or entity to whom they
>>>> are addressed. If you have received this email in error please notify
>>>> the system manager.
>>>>
>>>> This footnote confirms that this email message has been swept
>>>> for the presence of computer viruses and is believed to be clean.
>>>>
>>>> **********************************************************************
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>
>> **********************************************************************
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify
>> the system manager.
>>
>> This footnote confirms that this email message has been swept
>> for the presence of computer viruses and is believed to be clean.
>>
>> **********************************************************************
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>
More information about the MailScanner
mailing list