Hi all,
I am getting the follow error peppering my maillogs:
Jun 13 01:26:42 kismet spamd[24575]: spf: lookup failed: Can't locate
object method "new_from_string" via package "Mail::SPF::v1::Record"
at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SPF/Server.pm line 524.
This occurs very oft
Martin wrote:
> Do you have a MIRRORED.BY file in you spamassassin update directory? It
> looks like it doesn't have the file with the mirrors in and instead is using
> the file name.
>
> If so you could copy it over from your other box that's working.
>
Thanks; your suggestion worked.
The wa
On Wed, 2013-06-12 at 21:30 +0200, Juerg Reimann wrote:
> Is there a filter to block PayPal phishing mails, i.e. everything that
> claims to come from PayPal but is not?
>
I was going to suggest that you could treat anything whose Message-ID
doesn't end with 'paypal.com' as spam, but its a bit mo
David B Funk skrev den 2013-06-12 22:26:
You could create rules to try to spot all those varients but it's
a "catchup" game.
its more easy in clamav, but i have seen paypal emails orginate from
paypal ip, but contains there so called analyzin urls, only test that
works is if there is https a
On Wed, 12 Jun 2013, Daniel McDonald wrote:
On 6/12/13 2:30 PM, "Juerg Reimann" wrote:
Hi there,
Is there a filter to block PayPal phishing mails, i.e. everything that claims
to come from PayPal but is not?
I believe Paypal is DKIM signed, so it shouldn't be hard to modify these
rules for
Juerg Reimann skrev den 2013-06-12 21:30:
Is there a filter to block PayPal phishing mails, i.e. everything
that claims to come from PayPal but is not?
meta SPF_DID_NOT_PASS (!SPF_PASS)
simple ? :=)
if paypal do use dkim then it could be checked with
meta DKIM_DID_NOT_PASS (!DKIM_VALID_AU)
On 6/12/13 2:30 PM, "Juerg Reimann" wrote:
> Hi there,
>
> Is there a filter to block PayPal phishing mails, i.e. everything that claims
> to come from PayPal but is not?
I believe Paypal is DKIM signed, so it shouldn't be hard to modify these
rules for PayPal:
header __L_ML1 Precedence
Alex skrev den 2013-06-12 20:25:
John Hardin wrote:
As was suggested earlier: greylisting?
I really don't think my users would tolerate the delay, so I've never
implemented it. They would have vendors calling them on the phone
complaining, not to mention users. From what I understand the dela
Hi there,
Is there a filter to block PayPal phishing mails, i.e. everything that claims
to come from PayPal but is not?
Thanks,
Juerg
Ben Johnson skrev den 2013-06-12 18:26:
Isn't this the function that Bayes is intended to serve, rather
precisely?
sa-grey plugin might help, spammers change sender address and ips, so
lets track it, works well here, rbl is not a content, but url is, in
other words, if one check rbl in mta s
On 6/12/13 1:25 PM, "Alex" wrote:
>
> John Hardin wrote:
>> As was suggested earlier: greylisting?
>
> I really don't think my users would tolerate the delay, so I've never
> implemented it. They would have vendors calling them on the phone
> complaining, not to mention users. From what I un
Hi,
# 2013 cars local dealership
http://pastebin.com/3bEMiV3B
>>>
>>> URI in that sample
>>>
>>> pohformed.com listed on black.uribl.com
>>> pohformed.com listed on jp.surbl.org
>>> pohformed.com listed on sc.surbl.org
>>> pohformed.com listed on dbl.spamhaus.org
>>
>> I know I should ha
On Wed, 12 Jun 2013, Alex wrote:
I know I should have mentioned that. Yes, I'm using the above RBLs,
and they're all correctly tagged here now.
I was hoping for something more preemptive to trigger on these more
generally because the IPs are only used for a short while, but long
enough to get 2
On 6/12/2013 12:22 PM, Alex wrote:
> Hi,
>
>>> # 2013 cars local dealership
>>> http://pastebin.com/3bEMiV3B
>>
>> URI in that sample
>>
>> pohformed.com listed on black.uribl.com
>> pohformed.com listed on jp.surbl.org
>> pohformed.com listed on sc.surbl.org
>> pohformed.com listed on dbl.spamh
Hi,
>> # 2013 cars local dealership
>> http://pastebin.com/3bEMiV3B
>
> URI in that sample
>
> pohformed.com listed on black.uribl.com
> pohformed.com listed on jp.surbl.org
> pohformed.com listed on sc.surbl.org
> pohformed.com listed on dbl.spamhaus.org
I know I should have mentioned that. Yes,
Alex wrote:
> It turned out to be a bit of local config,
Care to share the specifics? I can't think of any SA configuration that
might trigger this, TBH.
> but mostly not expecting it
> to take so long to check() a single message. I'm sorry for the
> trouble; perhaps I was impatient due to not u
On 06/12/2013 05:09 PM, Alex wrote:
# 2013 cars local dealership
http://pastebin.com/3bEMiV3B
URI in that sample
pohformed.com listed on black.uribl.com
pohformed.com listed on jp.surbl.org
pohformed.com listed on sc.surbl.org
pohformed.com listed on dbl.spamhaus.org
using SA 3.4 it adds:
Hi,
On Wed, Jun 12, 2013 at 9:03 AM, Neil Schwartzman wrote:
> Uhm. perhaps some snippets from the maillogs, or examples?
I thought I would take the opportunity to post a few I'm seeing and
can't figure out. I've created a bunch of local subject rules, and
continually train them with bayes, but
Uhm. perhaps some snippets from the maillogs, or examples?
On Jun 12, 2013, at 5:59 AM, polloxx wrote:
> Dear list,
>
> We see massive spamruns since begin june. Are other people also similar runs?
> They fill our maillog. Fortunately most is blocked.
smime.p7s
Description: S/MIME cryptogra
Dear list,
We see massive spamruns since begin june. Are other people also similar
runs? They fill our maillog. Fortunately most is blocked.
20 matches
Mail list logo
