Return-Path: 
 <users-return-99059-apmail-spamassassin-users-archive=spamassassin.apache.org@spamassassin.apache.org>
X-Original-To: apmail-spamassassin-users-archive@www.apache.org
Delivered-To: apmail-spamassassin-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 50722E1F6
	for <apmail-spamassassin-users-archive@www.apache.org>;
 Tue,  4 Dec 2012 23:41:30 +0000 (UTC)
Received: (qmail 19443 invoked by uid 500); 4 Dec 2012 23:41:28 -0000
Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org
Received: (qmail 19427 invoked by uid 500); 4 Dec 2012 23:41:28 -0000
Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:users-help@spamassassin.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@spamassassin.apache.org>
List-Post: <mailto:users@spamassassin.apache.org>
List-Id: <users.spamassassin.apache.org>
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 19418 invoked by uid 99); 4 Dec 2012 23:41:28 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Dec 2012 23:41:28 +0000
X-ASF-Spam-Status: No, hits=-5.0 required=10.0
	tests=RCVD_IN_DNSWL_HI,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of darxus@chaosreigns.com
 designates 64.71.152.40 as permitted sender)
Received: from [64.71.152.40] (HELO panic.chaosreigns.com) (64.71.152.40)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Dec 2012 23:41:22 +0000
Received: by panic.chaosreigns.com (Postfix, from userid 1000)
	id 9D04CB2C1D; Tue,  4 Dec 2012 18:41:00 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chaosreigns.com;
	s=mail; t=1354664460;
	bh=5qwR832D0NenJ3pvKoKsRGkClAaaf7Ii64ySUt3oO0U=;
	h=Date:From:To:Subject;
	b=dMSZGG7FnNIuQH3+EA1XUz9hvmmJFRua2WLqekJD5QRKKXXWu0MG4TGiKI5f4gQjh
	 fAk1rHdjKTbzFXLfBUEEcqkuQCutXYx1cS2hiAvsXixZw5epZOgyXDX0X8NLgv0AfF
	 6gwSRHkkNaOqxYr4KeQjdfNGvguTYYkrsCMZq/H0=
Date: Tue, 4 Dec 2012 18:41:00 -0500
From: darxus@chaosreigns.com
To: users@spamassassin.apache.org
Subject: Can somebody unsubscribe Meche@leigh.ssllock.com from this list?
Message-ID: <20121204234100.GK12261@chaosreigns.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Checked: Checked by ClamAV on apache.org

I'm guessing they're sending this garbage to everybody who posts.

----- Forwarded message from "MDaemon at leigh.ssllock.com" <MDaemon@leigh.ssllock.com> -----

Date: Tue, 04 Dec 2012 17:19:58 -0600
From: "MDaemon at leigh.ssllock.com" <MDaemon@leigh.ssllock.com>
Reply-To: noreply@leigh.ssllock.com
To: darxus@chaosreigns.com
Subject: Transient Delivery Failure
X-DNSWL: No

--------------------------------------------------------------------------
MDaemon Delivery Status Notification - http://www.altn.com/dsn
--------------------------------------------------------------------------

The attached message had TEMPORARY non-fatal delivery errors.

--------------------------------------------------------------------------
THIS IS A WARNING MESSAGE ONLY - YOU DO NOT NEED TO RESEND YOUR MESSAGE
--------------------------------------------------------------------------

MDaemon is configured to automatically retry delivery at configured
intervals.  Subsequent attempts to deliver this message are pending.

Failed address: ol2007@company.mail

--- Session Transcript ---
 Tue 2012-12-04 17:19:33: [54:1] Session 54; child 1
 Tue 2012-12-04 17:19:33: [54:1] Parsing message <xxxxxxxxxxxxxxxxxxxxxxxx\pd50000003000.msg>
 Tue 2012-12-04 17:19:33: [54:1] *  From: darxus@chaosreigns.com
 Tue 2012-12-04 17:19:33: [54:1] *  To: ol2007@company.mail
 Tue 2012-12-04 17:19:33: [54:1] *  Subject: Re: Report your webmail usage
 Tue 2012-12-04 17:19:33: [54:1] *  Size (bytes): 6325
 Tue 2012-12-04 17:19:33: [54:1] *  Message-ID: <20121204224257.GJ12261@chaosreigns.com>
 Tue 2012-12-04 17:19:33: [54:1] Attempting SMTP connection to [company.mail]
 Tue 2012-12-04 17:19:33: [54:1] Resolving MX records for [company.mail] (DNS Server: 10.20.20.105)...
 Tue 2012-12-04 17:19:33: [54:1] Match to MXCACHE.DAT file:
 Tue 2012-12-04 17:19:33: [54:1] *  P=010 D=company.mail TTL=(0) MX=[company.mail] {10.10.42.34}
 Tue 2012-12-04 17:19:33: [54:1] Attempting SMTP connection to [10.10.42.34:25]
 Tue 2012-12-04 17:19:33: [54:1] Waiting for socket connection...
 Tue 2012-12-04 17:19:54: [54:1] *  Winsock Error 10060
 Tue 2012-12-04 17:19:54: [54:1] *  10.10.42.34 added to connection failure cache for 5 minutes
 Tue 2012-12-04 17:19:54: [54:1] This message is 36 minutes old; it has 0 minutes left in this queue
 Tue 2012-12-04 17:19:54: [54:1] Remote queue lifetime exceeded; message placed in retry queue
--- End Transcript ---


--
This is a test server. Please do not submit support requests via this channel.

X-MDAV-Result: clean
X-MDAV-Processed: leigh.ssllock.com, Tue, 04 Dec 2012 16:43:26 -0600
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by leigh.ssllock.com (leigh.ssllock.com)
	(MDaemon PRO v13.0.3)
	with ESMTP id md50000008389.msg
	for <Meche@leigh.ssllock.com>; Tue, 04 Dec 2012 16:43:26 -0600
Authentication-Results: leigh.ssllock.com
	spf=pass smtp.mail=users-return-99057-Meche=leigh.ssllock.com@spamassassin.apache.org;
	x-ip-ptr=pass dns.ptr=hermes.apache.org (ip=140.211.11.3);
	x-ip-helo=pass smtp.helo=mail.apache.org (ip=140.211.11.3);
	x-ip-mail=hardfail smtp.mail=users-return-99057-Meche=leigh.ssllock.com@spamassassin.apache.org (does not match 140.211.11.3);
	dkim=pass header.d=chaosreigns.com (b=X4pc00xgJL; 1:0:good);
Received-SPF: pass (leigh.ssllock.com: domain of users-return-99057-Meche=leigh.ssllock.com@spamassassin.apache.org
	designates 140.211.11.3 as permitted sender)
	x-spf-client=MDaemon.PRO.v13.0.3
	receiver=leigh.ssllock.com
	client-ip=140.211.11.3
	envelope-from=<users-return-99057-Meche=leigh.ssllock.com@spamassassin.apache.org>
	helo=mail.apache.org
X-Spam-Processed: leigh.ssllock.com, Tue, 04 Dec 2012 16:43:26 -0600
	(not processed: message spf and/or cryptographically verified and approved)
X-MDPtrLookup-Result: pass dns.ptr=hermes.apache.org (ip=140.211.11.3) (leigh.ssllock.com)
X-MDHeloLookup-Result: pass smtp.helo=mail.apache.org (ip=140.211.11.3) (leigh.ssllock.com)
X-MDMailLookup-Result: hardfail smtp.mail=users-return-99057-Meche=leigh.ssllock.com@spamassassin.apache.org (does not match 140.211.11.3) (leigh.ssllock.com)
X-MDDKIM-Result: unapproved (leigh.ssllock.com)
X-MDSPF-Result: pass (leigh.ssllock.com)
X-Rcpt-To: Meche@leigh.ssllock.com
X-MDRcpt-To: Meche@leigh.ssllock.com
X-MDRemoteIP: 140.211.11.3
X-Envelope-From: users-return-99057-Meche=leigh.ssllock.com@spamassassin.apache.org
X-CAV-Result: clean
Received: (qmail 24505 invoked by uid 500); 4 Dec 2012 22:43:22 -0000
Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:users-help@spamassassin.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@spamassassin.apache.org>
List-Post: <mailto:users@spamassassin.apache.org>
List-Id: <users.spamassassin.apache.org>
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 24496 invoked by uid 99); 4 Dec 2012 22:43:22 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Dec 2012 22:43:22 +0000
X-ASF-Spam-Status: No, hits=-5.0 required=10.0
	tests=RCVD_IN_DNSWL_HI,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of darxus@chaosreigns.com designates 64.71.152.40 as permitted sender)
Received: from [64.71.152.40] (HELO panic.chaosreigns.com) (64.71.152.40)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Dec 2012 22:43:18 +0000
Received: by panic.chaosreigns.com (Postfix, from userid 1000)
	id 9FBB3B2C1D; Tue,  4 Dec 2012 17:42:57 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chaosreigns.com;
	s=mail; t=1354660977;
	bh=uPXsDoUvS0uslNK34EsiRf7nXDvcM42iZUy9hu4itas=;
	h=Date:From:To:Subject:References:In-Reply-To;
	b=X4pc00xgJLvLDVZDeflZgrg0p7qRQg5jFoWOHgmNaW5K9sKsggNPode0Aa19iLItn
	 FMvbykC+cGFmwZYAA9x2CsNLzFc0hyoAn+P1wsmM7btOPU4WqFayvV1hvNniJsLBs+
	 w1t86JFNaQhQ0YDMKsovbrB02E6JTsFjNXhI9KV8=
Date: Tue, 4 Dec 2012 17:42:57 -0500
From: darxus@chaosreigns.com
To: users@spamassassin.apache.org
Subject: Re: Report your webmail usage
Message-ID: <20121204224257.GJ12261@chaosreigns.com>
References: <50BE6D28.4050908@itomat.se>
 <20121204165622.355edbab@hydrogen.roaringpenguin.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20121204165622.355edbab@hydrogen.roaringpenguin.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Checked: Checked by ClamAV on apache.org
Reply-To: darxus@chaosreigns.com
X-MDRedirect: 1
X-MDRedirect_From: Meche@leigh.ssllock.com
X-Return-Path: <darxus@chaosreigns.com>
X-MDaemon-Deliver-To: <ol2007@company.mail>

On 12/04, David F. Skoll wrote:
> http://sourceforge.net/projects/aper/
> 
> Their phishing_links file did have the URL you reported in it:

But did it contain that url at the time he received the email?  That seems
to be a very important question with these things.

> So all some kind soul needs to do is write a SpamAssassin plugin that
> gets the link list from the project and looks for URLs in message bodies
> (or even just the Google formkey values which are pretty likely to be
> unique.)

Or a script, similar to their 
https://aper.svn.sourceforge.net/svnroot/aper/addresses2spamassassin.pl
which grabs https://aper.svn.sourceforge.net/svnroot/aper/phishing_links
and converts it to SA rules.  Since something (other than an SA plugin) is
going to need to download the file anyway, might as well convert it to
rules in the process.  Shouldn't be too hard, right?  Maybe use \Q\E to
avoid needing to escape everything?

> Oh, somewhat off-topic but in case anyone with clout at Google is
> reading this:  More than a year ago, I recommended to Google that all
> of their user-created forms should display this text:
> 
> "This is a user-created form hosted at Google.  Do not enter sensitive
>  information such as credit card numbers or passwords.  If you are asked
>  to enter such information, please report this form as abusive."
> 
> but Google never got back to me.  It seems to me they're complicit in
> helping phishers...

You think people who will enter sensitive information into a random web
form will even read that warning?  Or be prevented from entering that
information even if they do read it?

Also, it seems like it would be pretty obnoxious for people who constantly
use that stuff legitimately (which I don't).


On 12/04, Eric Krona wrote:
>  -0.5 BAYES_05               BODY: Bayes spam probability is 1 to 5%

Is your bayes data poisoned?  
( http://wiki.apache.org/spamassassin/ImproveAccuracy )

-- 
"I don't want to die... just yet... not while there's... women."
- J. Matthew Root, 8/23/02 (http://www.jmrart.com/)
http://www.ChaosReigns.com


----- End forwarded message -----

-- 
"I offer the modest proposal that our Universe is simply one of those
things which happen from time to time."
- Is the Universe a Vacuum Fluctuation?
http://www.ChaosReigns.com