Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On October 27, 2014 10:00:11 PM "Kevin A. McGrail" wrote: header__KAM_SA_BLOCK_UNSUB1Subject =~ /unsubscribe/i Unancored subject will keep list trafic low

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On October 27, 2014 9:45:17 PM "David F. Skoll" wrote: Do we have the technology? :) Or make rule score on unsubscribe with a score of 5, is it not what qpsmpd scanner check for ? :) But only hits if its sent to maillist, then owners have more time to keep asf stable :)

Re: How is it that my X-Spam-Status is no, but my header gets marked with

On Mon, 2014-10-27 at 20:19 -0700, jdebert wrote: > On Mon, 27 Oct 2014 15:45:03 -0700 (PDT) > John Hardin wrote: > > The apparent culprit is a procmail rule that explicitly passes a > > message through the mail system again. The message is being scanned > > twice. If she can either deliver to a

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On Mon, 2014-10-27 at 19:44 -0700, jdebert wrote: > On Mon, 27 Oct 2014 17:00:11 -0400 > "Kevin A. McGrail" wrote: > > I've emailed infra with the following request: > > > > ...we have been getting consistent unsubscribe messages posted to > > the entire users list which begs the questio

Re: How is it that my X-Spam-Status is no, but my header gets marked with

On Mon, 27 Oct 2014 15:45:03 -0700 (PDT) John Hardin wrote: > On Mon, 27 Oct 2014, jdebert wrote: > > > It does appear that sa is the culprit but why it's doing it is not > > evident. There's still not enough data. Perhaps turning up debugging > > would be helpful? > > The apparent culprit is a

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On Mon, 27 Oct 2014 17:00:11 -0400 "Kevin A. McGrail" wrote: > On 10/27/2014 4:48 PM, Kevin A. McGrail wrote: > > On 10/27/2014 4:45 PM, David F. Skoll wrote: > >> So... > >> > >> How hard would it be to have the mailing list quarantine a message > >> whose subject consists solely of the word "un

Re: unsubscribe

On Mon, 27 Oct 2014, jdow wrote: Is ezmlm == majordomo? And I didn't catch that, either. :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822

Re: Spam messages bypassing SA

In the first email: # The lock file ensures that only 1 spamassassin invocation happens # at 1 time, to keep the load down. # :0fw: spamassassin.lock * < 40 | spamc -x Kevin A. McGrail wrote: > geoff.spamassassin140903 wrote: > > Kevin A. McGrail wrote: > > > Using procmail withou

Re: How is it that my X-Spam-Status is no, but my header gets marked with

On Mon, 27 Oct 2014, John Hardin wrote: On Mon, 27 Oct 2014, jdebert wrote: On Sun, 26 Oct 2014 13:28:12 -0700 (PDT) John Hardin wrote: > > That's an SA directive. It says "if the message scores spammy, > prepend '[SPAM][JUNGLEVISION SPAM CHECK]' to the Subject header." Ah. Missing s

Re: unsubscribe

Is ezmlm == majordomo? As I am saying he ought to take some time out, think, and gather in some clues. If he is wise he'll treat it as a learning experience. Only a few people manage to miss this misadventure with mailing lists at least once in their lives. But when they sign it with "system adm

Re: unsubscribe

Chris, read that CAREFULLY. You send messages to this at users@spamassassin.apache.org. The mailer is not Majordomo; but, the address for sending email to various lists with majordomo is pretty much the same. Do, please, note that @ is quite different from "majordomo@". You are busily shatter

Re: How is it that my X-Spam-Status is no, but my header gets marked with

On Mon, 27 Oct 2014, jdebert wrote: On Sun, 26 Oct 2014 13:28:12 -0700 (PDT) John Hardin wrote: That's an SA directive. It says "if the message scores spammy, prepend '[SPAM][JUNGLEVISION SPAM CHECK]' to the Subject header." Ah. Missing some messages here. It does appear that sa is the cu

Re: How is it that my X-Spam-Status is no, but my header gets marked with

On Sun, 26 Oct 2014 13:28:12 -0700 (PDT) John Hardin wrote: > > That's an SA directive. It says "if the message scores spammy, > prepend '[SPAM][JUNGLEVISION SPAM CHECK]' to the Subject header." Ah. Missing some messages here. It does appear that sa is the culprit but why it's doing it is not

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On Mon, 2014-10-27 at 17:00 -0400, Kevin A. McGrail wrote: > On 10/27/2014 4:48 PM, Kevin A. McGrail wrote: > > On 10/27/2014 4:45 PM, David F. Skoll wrote: > > > How hard would it be to have the mailing list quarantine a message > > > whose subject consists solely of the word "unsubscribe" ? >

Re: unsubscribe

Am 27.10.2014 um 22:27 schrieb Chris Brandstetter: From Bugzilla (https://lists.bugzilla.org/cgi-bin/mj_wwwusr?user=&passw=&list=GLOBAL&func=help&extra=unsubscribe) : "The simplest way to remove your address from a mailing list is to send the following command in the body of an e-mail message

Re: unsubscribe

On Mon, 27 Oct 2014, Chris Brandstetter wrote: From Bugzilla (https://lists.bugzilla.org/cgi-bin/mj_wwwusr?user=&passw=&list=GLOBAL&func=help&extra=unsubscribe) : "The simplest way to remove your address from a mailing list is to send the following command in the body of an e-mail message to m

Re: unsubscribe

From Bugzilla (https://lists.bugzilla.org/cgi-bin/mj_wwwusr?user=&passw=&list=GLOBAL&func=help&extra=unsubscribe) : "The simplest way to remove your address from a mailing list is to send the following command in the body of an e-mail message to majord...@bugzilla.org: unsubscribe LISTNAME Rep

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On Mon, 27 Oct 2014 13:52:31 -0700 jdow wrote: > Do the pertinent "we" have more important things to do? I suspect > yes. I'd expect that the proper denizens for this list are not all > that naive. I dunno. This happens a couple of times a month and spawns threads 5-10 messages long each time.

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On 10/27/2014 4:48 PM, Kevin A. McGrail wrote: On 10/27/2014 4:45 PM, David F. Skoll wrote: So... How hard would it be to have the mailing list quarantine a message whose subject consists solely of the word "unsubscribe" ? Do we have the technology? :) Heh... Apparently more needed than I hope

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

Do the pertinent "we" have more important things to do? I suspect yes. I'd expect that the proper denizens for this list are not all that naive. {^_^} On 2014-10-27 13:45, David F. Skoll wrote: So... How hard would it be to have the mailing list quarantine a message whose subject consists sol

Re: Is this really the SpamAssassin list? (was Re: unsubscribe)

On 10/27/2014 4:45 PM, David F. Skoll wrote: So... How hard would it be to have the mailing list quarantine a message whose subject consists solely of the word "unsubscribe" ? Do we have the technology? :) Heh... Apparently more needed than I hoped. I'll have to ask the foundation if they can

Re: unsubscribe

Surely a system administrator, especially one for Linux/UNIX, would know to look in the message headers for things hints if there are none lurking at the bottom of the messages. That is where said system administrator would find things like this: list-unsubscribe:

Is this really the SpamAssassin list? (was Re: unsubscribe)

So... How hard would it be to have the mailing list quarantine a message whose subject consists solely of the word "unsubscribe" ? Do we have the technology? :) Regards, David. signature.asc Description: PGP signature

Re: unsubscribe

and frankly *every* list has a welcome message while the list-software only can send it, read is the job of the subscriber leow a quote of the SA weclome messaage which even explicitly states *do not* send unsubscribe to the list - besides that: what sense does it make to send every of the 100

Re: unsubscribe

Am 27.10.2014 um 21:19 schrieb Chris Brandstetter: I had assumed it was like most lists where a simple unsubscribe on the subject or in the body would remove me (default settings for Majordomo list manager). most lists? which one? any list on this earth has a unsubscribe header list-unsubsc

Re: unsubscribe

I had assumed it was like most lists where a simple unsubscribe on the subject or in the body would remove me (default settings for Majordomo list manager). A Chris Brandstetter Linux/UNIX System Administrator Nebraska Wesleyan University ⌘ On Oct 27, 2014, at 2:54 PM, Joe Quinn wrote: > On 10

Re: procmail (was Re: Spam messages bypassing SA)

Am 27.10.2014 um 21:04 schrieb Daniel Staal: > --As of October 27, 2014 8:29:52 PM +0100, Robert Schetterer is alleged > to have said: > >> by the way >> >> http://www.exploit-db.com/exploits/34896/ >> >> always have a shellshock patched system these days with postfix/procmail > > --As for the re

Re: procmail (was Re: Spam messages bypassing SA)

--As of October 27, 2014 8:29:52 PM +0100, Robert Schetterer is alleged to have said: by the way http://www.exploit-db.com/exploits/34896/ always have a shellshock patched system these days with postfix/procmail --As for the rest, it is mine. Interesting. I dug a bit further out of curios

Re: spamassassin rule to combat phishing

On Mon, 27 Oct 2014, francis picabia wrote: uri URI_EXAMPLE_EXTRA m;^https?://(?:www\.)?example\.com[^/?];i However another spoofed message was received today and the rule did not capture it. If I want to detect something in the form of: random_server.example.com.junk I need to wildcard t

Re: unsubscribe

Am 27.10.2014 um 20:52 schrieb Chris Brandstetter: here we go again https://www.google.at/#q=spamassassin%20list%20unsubscribe signature.asc Description: OpenPGP digital signature

Re: unsubscribe

On 10/27/2014 3:52 PM, Chris Brandstetter wrote: A Chris Brandstetter Linux/UNIX System Administrator Nebraska Wesleyan University ⌘ You should email users-unsubscr...@spamassassin.apache.org to unsubscribe. Before you do though, where did you read that this was how to unsubscribe from the l

unsubscribe

A Chris Brandstetter Linux/UNIX System Administrator Nebraska Wesleyan University ⌘ signature.asc Description: Message signed with OpenPGP using GPGMail

Re: __CBJ_GiveMeABreak2

On 10/27/2014 3:20 PM, Kevin Miller wrote: You’re more than welcome to co-opt any rules I share if they’re of some value – it’s pretty even odds that I either gleaned them from elsewhere and “seasoned to suit” or had some help writing them from this group. Thanks. It seems the meta rules

Re: procmail (was Re: Spam messages bypassing SA)

Am 27.10.2014 um 19:55 schrieb Bob Proulx: > David F. Skoll wrote: >> "Kevin A. McGrail" wrote: >>> Procmail has some weird syntax >> >> Procmail is also unmaintained abandonware, as far as I can tell. > > That isn't really a fair assessment of procmail. It is like saying > that 'cp' is unmaintai

RE: __CBJ_GiveMeABreak2

You’re more than welcome to co-opt any rules I share if they’re of some value – it’s pretty even odds that I either gleaned them from elsewhere and “seasoned to suit” or had some help writing them from this group. I’m curious however how they are being used in KAM.cf. Grepping the same, I have

Re: spf: lookup failed: addr is not a string

Am 27.10.2014 um 20:00 schrieb Mark Martinec: Thomas Preißler wrote: Already tried that. When using unbound as a local caching nameserver and 156.154.70.1 as the resolver, spamassassin produces the same error message. The same happens when unbound accesses the root nameservers directly and acts

Re: spf: lookup failed: addr is not a string

Thomas Preißler wrote: Already tried that. When using unbound as a local caching nameserver and 156.154.70.1 as the resolver, spamassassin produces the same error message. The same happens when unbound accesses the root nameservers directly and acts as a local resolver. But when unbound caches 8.

Re: procmail (was Re: Spam messages bypassing SA)

David F. Skoll wrote: > "Kevin A. McGrail" wrote: > > Procmail has some weird syntax > > Procmail is also unmaintained abandonware, as far as I can tell. That isn't really a fair assessment of procmail. It is like saying that 'cp' is unmaintained abandonware. The original authors no longer main

Re: spamassassin rule to combat phishing

On Fri, Sep 19, 2014 at 2:59 PM, John Hardin wrote: > On Fri, 19 Sep 2014, francis picabia wrote: > > On Tue, Sep 16, 2014 at 5:27 PM, John Hardin wrote: >> >> On Tue, 16 Sep 2014, francis picabia wrote: >>> >>> Hello, >>> We just received the most authentic looking phishing I've se

Re: __CBJ_GiveMeABreak2

We got this from Kevin Miller who posted it to users@ on 15 May 2014. We've made some tweaks since then and because it's not ours we are hesitant to post it in KAM.cf, but here is what we are currently using: # HTML rawbody __CBJ_GiveMeABreak1 /(?:<\/?br ?\/?>[\s\r\n]{0,4}){8}/mi #

Re: spf: lookup failed: addr is not a string

On 10/27/2014 12:58 PM, Thomas Preißler wrote: Hey KAM, On Oct 27, 2014, at 5:34 PM, Kevin A. McGrail wrote: Using SA really requires a local caching naming server. This fixes more than a handful of problems. Switch to that and see if your issue is resolved. Already tried that. When using u

__CBJ_GiveMeABreak2

Noticed this in the latest KAM updates - does anyone have a copy of this sub rule? Paul -- Paul Stead Systems Engineer Zen Internet

Re: spf: lookup failed: addr is not a string

Hey KAM, > On Oct 27, 2014, at 5:34 PM, Kevin A. McGrail wrote:> > > Using SA really requires a local caching naming server. This fixes more  > > than a handful of problems. Switch to that and see if your issue is  > resolved. > Already tried that. When using unbound as a local cachin

Re: spf: lookup failed: addr is not a string

On 10/27/2014 12:22 PM, Thomas Preißler wrote: I've attached two files which contain the output of spamassassin -D. - ok.log shows the output when using 8.8.8.8 - failed.log shows the output when using 156.154.70.1 I tried unbound as a local DNS resolver, but it produces the spf lookup failur

Re: spf: lookup failed: addr is not a string

On 10/26/2014 6:04 PM, Thomas Preißler wrote: I use SpamAssassin version 3.4.0 from wheezy-backports. Unfortunately, I get the following line sometimes in mail.log: warn: spf: lookup failed: addr is not a string at /usr/share/perl5/IO/Socket/IP.pm line 646. Attached you'll find a mail.eml an

Re: Localpart To: Present In From, Subject, etc...

Am 27.10.2014 um 12:49 schrieb John Traweek CCNA, Sec+: I am sure this is doable and did some searching but couldn't find it referenced. How would one create a rule to detect the presence of the To: local part in the subject, ie spammer sends email To: localp...@domain.com and the rule trig

Re: Localpart To: Present In From, Subject, etc...

On 10/27/2014 12:49 PM, John Traweek CCNA, Sec+ wrote: I am sure this is doable and did some searching but couldn't find it referenced. How would one create a rule to detect the presence of the To: local part in the subject, ie spammer sends email To: localp...@domain.com and the rule triggers

Localpart To: Present In From, Subject, etc...

I am sure this is doable and did some searching but couldn't find it referenced. How would one create a rule to detect the presence of the To: local part in the subject, ie spammer sends email To: localp...@domain.com and the rule triggers on the localpart being present in other headers such a