On Mon, 20 Apr 2015 17:02:09 -0700 (PDT)
John Hardin wrote:
> I suggest that this rule should treat 0/8 as equivalent to 127/8.
> That's essentially what it's reserved for, just "local to the LAN"
> vs. "local to the host".
Does 0/8 really mean that? On at least one OS (Linux), the TCP stack
tr
John Hardin wrote:
I suggest that this rule should treat 0/8 as equivalent to 127/8.
That's essentially what it's reserved for, just "local to the LAN" vs.
"local to the host".
I fully agree.
Mark
On Mon, 20 Apr 2015, sha...@shanew.net wrote:
I'm also happy to know there's some discussion going on with MS.
When I mentioned it to an MS friend of mine last week he didn't seem
particularly shocked that the "internal" headers wouldn't comply with
expectations, but he also seemed surprised tha
On Mon, 20 Apr 2015, Axb wrote:
On 04/20/2015 08:04 PM, Dianne Skoll wrote:
Hi,
Not sure if this is still an issue in 3.4, but I'm seeing tons of
FPs on RCVD_ILLEGAL_IP. Why? Because Microsoft (damn it to hell)
has started using RESERVED IP ranges internally! Have a look:
Received: fr
Benny Pedersen skrev den 2015-04-20 21:34:
John Hardin skrev den 2015-04-20 21:24:
On Mon, 20 Apr 2015, Reindl Harald wrote:
well, received headers in the middle of a message are not that good
for classification at all
It is if they are sloppily forged.
good plan here https://dmarcian.com/
On Mon, 20 Apr 2015 20:50:08 +0200
Axb wrote:
> On 04/20/2015 08:04 PM, Dianne Skoll wrote:
> > Is anyone else seeing a sudden uptick in RCVD_ILLEGAL_IP FPs?
>
> There is an ongoing discussion about this with MS, thru backchannels.
>
> They're intentionally using the 0/8 to mask internal IPs.
Am 20.04.2015 um 22:48 schrieb Axb:
On 04/20/2015 09:03 PM, Reindl Harald wrote:
well, received headers in the middle of a message are not that good for
classification at all
sez the expert..
well, i was victim of a appliance starting from one day to another deep
header inspection for RBL'
On 04/20/2015 09:03 PM, Reindl Harald wrote:
well, received headers in the middle of a message are not that good for
classification at all
sez the expert..
look at 20_dnsbl_tests.cf and you'll see that not all lookups are
lastexternal
or put the internet cafes on 41.203.69.0/24 in a local B
Am 20.04.2015 um 21:34 schrieb Benny Pedersen:
John Hardin skrev den 2015-04-20 21:24:
On Mon, 20 Apr 2015, Reindl Harald wrote:
well, received headers in the middle of a message are not that good
for classification at all
It is if they are sloppily forged.
good plan here https://dmarcian
John Hardin skrev den 2015-04-20 21:24:
On Mon, 20 Apr 2015, Reindl Harald wrote:
well, received headers in the middle of a message are not that good
for classification at all
It is if they are sloppily forged.
good plan here https://dmarcian.com/spf-survey/outlock.com ipv6 only spf
On Mon, 20 Apr 2015, Reindl Harald wrote:
well, received headers in the middle of a message are not that good for
classification at all
It is if they are sloppily forged.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk
Am 20.04.2015 um 20:59 schrieb Axb:
On 04/20/2015 08:54 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:51 schrieb Axb:
On 04/20/2015 08:45 PM, Reindl Harald wrote:
looks like RCVD_ILLEGAL_IP does much more harm than good
the rule is good - send your complaint to Microsoft.
0/8 is not assign
On Mon, 20 Apr 2015 14:59:19 -0400
"Kevin A. McGrail" wrote:
> I don't show it hitting on ham on my system though I trust DFS and
> AXB's experience in this matter. You might want to score it to 0
> because I'm not going to raise a panic flag on a 1.3 score rule when
> Microsoft could come to th
On 04/20/2015 08:54 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:51 schrieb Axb:
On 04/20/2015 08:45 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:42 schrieb Kevin A. McGrail:
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
"Kevin A. McGrail" wrote:
Are you se
On 4/20/2015 2:54 PM, Reindl Harald wrote:
no a rule with 1.3 points hitting to 99.999% ham messages is not good
and it does not matter who is responsible - sening a complaint to
microsoft does not solve a *real problem now*
I don't show it hitting on ham on my system though I trust DFS and A
Am 20.04.2015 um 20:52 schrieb richard lucassen:
On Sun, 19 Apr 2015 22:42:21 +0200
Mikael Syska wrote:
I've been using SA for a log time now an it has always been working
perfectly well. It runs on a bunch of Postfix servers that handle
hundreds of thousands mails per day. I'm certainly not
Am 20.04.2015 um 20:51 schrieb Axb:
On 04/20/2015 08:45 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:42 schrieb Kevin A. McGrail:
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
"Kevin A. McGrail" wrote:
Are you seeing it on a lot of emails?
Over 25000 today;
On Mon, 20 Apr 2015 14:42:35 -0400
"Kevin A. McGrail" wrote:
> Weird. Any chance you know one of the senders and can ask them to
> email kmcgr...@pccc.com and raptorrevie...@pccc.com with a test? then
> you and I can compare tests hit, etc.
Hmm... that'd be awkward because it's not my mail; it'
I'm not finding the rule hitting very much here.
And it doesn't appear to be very high volume looking at
http://ruleqa.spamassassin.org/20150419-r1674595-n/RCVD_ILLEGAL_IP/detail but
the S/O is high.
On Sun, 19 Apr 2015 22:42:21 +0200
Mikael Syska wrote:
> > I've been using SA for a log time now an it has always been working
> > perfectly well. It runs on a bunch of Postfix servers that handle
> > hundreds of thousands mails per day. I'm certainly not an SA guru
> > BTW.
> >
> > But since a f
On 04/20/2015 08:04 PM, Dianne Skoll wrote:
Hi,
Not sure if this is still an issue in 3.4, but I'm seeing tons of
FPs on RCVD_ILLEGAL_IP. Why? Because Microsoft (damn it to hell)
has started using RESERVED IP ranges internally! Have a look:
Received: from BLUPR10MB0835.namprd10.prod.outlook.
On 04/20/2015 08:45 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:42 schrieb Kevin A. McGrail:
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
"Kevin A. McGrail" wrote:
Are you seeing it on a lot of emails?
Over 25000 today; every single one of them from an "...
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
"Kevin A. McGrail" wrote:
Are you seeing it on a lot of emails?
Over 25000 today; every single one of them from an "...outlook.com" server. :(
Regards,
Dianne.
Weird. Any chance you know one of the senders and can
Am 20.04.2015 um 20:42 schrieb Kevin A. McGrail:
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
"Kevin A. McGrail" wrote:
Are you seeing it on a lot of emails?
Over 25000 today; every single one of them from an "...outlook.com"
server. :(
Regards,
Dianne.
We
On Mon, 20 Apr 2015 14:20:35 -0400
"Kevin A. McGrail" wrote:
> Are you seeing it on a lot of emails?
Over 25000 today; every single one of them from an "...outlook.com" server. :(
Regards,
Dianne.
On 4/20/2015 2:04 PM, Dianne Skoll wrote:
Not sure if this is still an issue in 3.4, but I'm seeing tons of
FPs on RCVD_ILLEGAL_IP. Why? Because Microsoft (damn it to hell)
has started using RESERVED IP ranges internally! Have a look:
Received: from BLUPR10MB0835.namprd10.prod.outlook.com (0.
Hi,
Not sure if this is still an issue in 3.4, but I'm seeing tons of
FPs on RCVD_ILLEGAL_IP. Why? Because Microsoft (damn it to hell)
has started using RESERVED IP ranges internally! Have a look:
Received: from BLUPR10MB0835.namprd10.prod.outlook.com (0.163.216.13)
by BLUPR10MB0835.
Bronto.com is a remailer service for various companies (like Fractureme.com and
others) and I’ve been noting that it hits some odd triggers in spamass-milter:
Apr 19 15:00:40 mail spamd[87225]: spamd: result: Y 5 -
BAYES_50,DKIM_SIGNED,DKIM_VALID,FSL_HELO_NON_FQDN_1,HEADER_FROM_DIFFERENT_DOMAINS
On 19.04.15 22:38, richard lucassen wrote:
I've been using SA for a log time now an it has always been working
perfectly well. It runs on a bunch of Postfix servers that handle
hundreds of thousands mails per day. I'm certainly not an SA guru BTW.
But since a few weeks SA has got picky on just a
29 matches
Mail list logo
