On Sat, 2010-09-25 at 04:47 +0200, Benny Pedersen wrote:
> > meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> > USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
> > USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
>
> there is still user in def :=)
>
> user_in_whitelist incl
On Fri, 2010-09-24 at 22:16 -0500, Chris wrote:
> On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
> > Begs the question why the phish that started this thread has been DKIM
> > signed by your ISP, too. Seriously.
> >
> > Hmm, from your original pastebin:
> >
> > Authentication-Res
On Sat, 2010-09-25 at 04:55 +0200, Benny Pedersen wrote:
> On lør 25 sep 2010 03:46:09 CEST, Karsten Bräckelmann wrote
> > Anyone wonder how to steal those user passwords?
> > (BTW, you did not use TLS either. :/)
>
> dont blame chris on this one, he needs a isp that dont accept passwors
> in no
On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
> > On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
> > > Ham!? PBL, SORBS DUL. Are you trying to use whitelisting to protect
> > > outgoing messages? Shouldn't you be usin
On lør 25 sep 2010 03:46:09 CEST, Karsten Bräckelmann wrote
Anyone wonder how to steal those user passwords?
(BTW, you did not use TLS either. :/)
dont blame chris on this one, he needs a isp that dont accept passwors
in non tls tunnels, well spotted
/me back on my problem with kernel that
On lør 25 sep 2010 02:53:30 CEST, Chris wrote
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
there is still user in def :=)
user_in_whitelist includes whitelist_from with can
On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
> > http://pastebin.com/LqVtvjgM
>
> OK, wait. That sample is really an example showing the DKIM headers,
> sent by *you*. Right? It's authenticated.
> Hmm, from your original pastebin
On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
> On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
> > Ham!? PBL, SORBS DUL. Are you trying to use whitelisting to protect
> > outgoing messages? Shouldn't you be using authenticated SMTP instead?
>
> No Karsten, this is incoming mail t
On Sat, 2010-09-25 at 02:04 +0200, Benny Pedersen wrote:
> On lør 25 sep 2010 00:31:18 CEST, Chris wrote
> > # slower, network-based whitelisting
> > meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> > USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
> > USER_IN_DEF_S
On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-09-24 at 17:31 -0500, Chris wrote:
> > Here's what rules hit in a short circuit ham:
> >
> > X-spam-status: No, score=-124.2 required=5.0 tests=RCVD_IN_PBL=3.335,
> > RCVD_IN_SORBS_DUL=0.001,SC_NET_HAM=-20,SHORTCIRCUIT=-1
On lør 25 sep 2010 00:31:18 CEST, Chris wrote
# slower, network-based whitelisting
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
USER_IN_DEF_SPF_WL||USER_IN_WHITELIST||USER_IN_DEF_WHITELIST)
change this meta to NO
On Fri, 2010-09-24 at 17:31 -0500, Chris wrote:
> Here's what rules hit in a short circuit ham:
>
> X-spam-status: No, score=-124.2 required=5.0 tests=RCVD_IN_PBL=3.335,
> RCVD_IN_SORBS_DUL=0.001,SC_NET_HAM=-20,SHORTCIRCUIT=-100,
> USER_IN_DEF_DKIM_WL=-7.5 RCVD_IN_PBL,RCVD_IN_SORBS_DUL,SC_NET_HAM,
On Fri, 2010-09-24 at 13:13 +0200, Benny Pedersen wrote:
> On fre 24 sep 2010 04:33:33 CEST, Chris wrote
> > Or is it needed since I have the def_whitelist_from_spf line?
>
> you trigger on def_ in shourtcicuit thats the error you made if any,
> do change the shortcicuit rule to only doit it if
On Fri, 2010-09-24 at 17:14 -0500, Chuck Campbell wrote:
> Where is the user's user_prefs file supposed to live?
What does your question have to do with this Subject?
You just hi-jacked a thread. Well, granted, you actually just hi-jacked
the Subject, abandoning your own thread -- the threading y
Where is the user's user_prefs file supposed to live?
Mine is in ~/.spamassassin/user_prefs, but it is ignored (presently
full of whitelist_rcvd entries that never fire). This is where it has been
since spamassassin 2.6.xxx
If I put all of those into /etc/mail/spamassassin/local.cf they actually
On Fri, 2010-09-24 at 22:43 +0200, Karsten Bräckelmann wrote:
> > > > Hello sorry for the newbie question, one of our users is getting
> > > > slammed
> > > > by these. I'm wondering which rules should be stopping these.
>
> Your sample is missing the rules actually triggered, which usually woul
On Fri, 2010-09-24 at 13:03 -0700, njjrdell wrote:
> we have setup on our mailservers.
> sbl-xbl.spamhaus.org
> dnsbl.njable.org
> bl.spamcop.net
> b.barracudacentral.org
Hmm, that seems to hint checking at SMTP time and outright rejecting
based on the sender's IP. While that certainly is a good
On fre 24 sep 2010 21:28:53 CEST, njjrdell wrote
http://pastebin.com/zAvghCQJ
Content analysis details: (15.0 points, 5.0 required)
pts rule name description
-- --
2.5 RCVD_IN_PSBL RBL: Receive
I actually take that back in our local.cf we have
urirhssub URIBL_BLACK multi.uribl.com.A 2
bodyURIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describeURIBL_BLACK Contains an URL listed in the URIBL blacklist
tflags URIBL_BLACK net
score
we have setup on our mailservers.
sbl-xbl.spamhaus.org
dnsbl.njable.org
bl.spamcop.net
b.barracudacentral.org
We are not doing any other network tests. I will look into it. can you
please recommend specifics
Regards
John Hardin wrote:
>
> On Fri, 24 Sep 2010, njjrdell wrote:
>
>> http://pa
On Fri, 24 Sep 2010, njjrdell wrote:
http://pastebin.com/zAvghCQJ
Hello sorry for the newbie question, one of our users is getting slammed
by these. I'm wondering which rules should be stopping these.
That hits URIBL. Do you have network tests and URIBL lookups enabled?
--
John Hardin KA7O
http://pastebin.com/zAvghCQJ
Hello sorry for the newbie question, one of our users is getting slammed by
these. I'm wondering which rules should be stopping these.
thanks
--
View this message in context:
http://old.nabble.com/What-rules-should-be-stopping-these-tp29801831p29801831.html
Sent f
gone ?
No, not gone. I just moved across the country and started a new job
(using SA at IronPort). In this process, my name server died. I expect
to have its replacement up in the next few weeks.
Also of note, I'm /dev/nulling SA list mail for now as that was my mail
server as well, so p
Hello *,
my server has arround 680 Mailinglists and over 100.000 Users and usualy
I get between 2-3 mio legitim messages plus arround 14 mio spams where
80% are rejected on SMTP level.
But since some days, my servers are hit by more then 90 mio spams per
day... OK, most of them are rejected
On fre 24 sep 2010 04:33:33 CEST, Chris wrote
Or is it needed since I have the def_whitelist_from_spf line?
you trigger on def_ in shourtcicuit thats the error you made if any,
do change the shortcicuit rule to only doit it if its whilelist not
just def_whitelist
def_ rules is for grey do
25 matches
Mail list logo
