The following rules look for a From label which looks to have an email address
looks for this type of spoofed address
The following would be valid, for example:
From: "p...@domain.com"<mailto:p...@domain.com>
<mailto:p...@domain.com>
http://ruleqa.spamassassin.o
Yes, you can prefix a quoted string to the actual address. No, the quoted
string is not part of the address.
There are two approaches here: one is to defend the spammer's abuse of the
standard (intended to trick the average Joe into believing they have received
mail from someone else), and the
RFC 2822 and 5322 are in the "Standards Track".
RFC 822 is still the standard.
On Tue, Oct 18, 2016 at 2:52 AM, Dianne Skoll <'d...@roaringpenguin.com'> wrote:
On October 17, 2016 7:11:29 PM EDT, Ruga wrote:
>rfc 822 (the actual standard):
Are you serious? RFC 822 is decades obsolete, long sinc
<>
On Tue, Oct 18, 2016 at 1:25 AM, Paul Stead <'paul.st...@zeninternet.co.uk'>
wrote:
On 17/10/16 23:52, Ruga wrote:
https://tools.ietf.org/html/rfc5322#section-3.6.2
from = "From:" mailbox-list CRLF ...
https://tools.ietf.org/html/rfc5322#section-3.4 ... ---8<--- mailbox =
name-addr / a
glibc have default ipv6 before ipv4, so your error is just that spamd binds
to 127.0.0.1 and spamc use localhost with is ipv6 first, got it ?
to solve it is naerly a faq
On October 18, 2016 5:04:12 AM Chris wrote:
It goes on in my syslog to say
Oct 17 12:45:18 localhost spamc[5898]: connec
It goes on in my syslog to say
Oct 17 12:45:18 localhost spamc[5898]: connect to spamd on ::1 failed,
retrying (#1 of 3): Connection refused
Oct 17 12:45:18 localhost spamd[3255]: spamd: connection from localhost
[127.0.0.1]:36312 to port 783, fd 5
This just started this afternoon at 12:45. It wa
On Mon, 17 Oct 2016 19:11:29 -0400
Ruga wrote:
> rfc 822 (the actual standard):
Which as I mentioned is obsolete, but I'll play with you...
> authentic = "From" ":" mailbox ; Single author / ...
> mailbox = addr-spec ; simple address / phrase route-addr
> addr-spec = local-part "@" domain
And
On October 17, 2016 7:11:29 PM EDT, Ruga wrote:
>rfc 822 (the actual standard):
Are you serious? RFC 822 is decades obsolete, long since superseded by 2822
and then by 5322.
Regards,
Dianne.
On 17/10/16 23:52, Ruga wrote:
https://tools.ietf.org/html/rfc5322#section-3.6.2
from= "From:" mailbox-list CRLF
...
https://tools.ietf.org/html/rfc5322#section-3.4
...
---8<---
mailbox = name-addr / addr-spec
name-addr = [display-name] angle-addr
rfc 822 (the actual standard):
authentic = "From" ":" mailbox ; Single author / ...
mailbox = addr-spec ; simple address / phrase route-addr
addr-spec = local-part "@" domain
On Tue, Oct 18, 2016 at 12:52 AM, Ruga <'r...@protonmail.com'> wrote:
https://tools.ietf.org/html/rfc5322#section-3.6.
https://tools.ietf.org/html/rfc5322#section-3.6.2
On Mon, Oct 17, 2016 at 2:18 AM, Dianne Skoll <'d...@roaringpenguin.com'> wrote:
On Sun, 16 Oct 2016 18:08:20 -0400
Ruga wrote:
> In my servers, the above string is not RFC compliant,
> and therefore the whole mail is automatically
> rejected
On Mon, 17 Oct 2016, Sue Mey wrote:
Thank you for the help.
Please keep replies on-list so that others may benefit from the discussion
and solution in the future.
I have a 'Special Offers' section on my website and have been using those
words and links for years without a problem. I do not
On Mon, 17 Oct 2016, Sue Mey wrote:
I did not find this question in FAQ
I am doing a newsletter in GetResponse and receive the following in Spam
check
BODY: Uses a mis-spelled version of cialis.
I am a woodworker and designer and I have no idea which word I am using that
could possibly be a m
I did not find this question in FAQ
I am doing a newsletter in GetResponse and receive the following in Spam
check
BODY: Uses a mis-spelled version of cialis.
I am a woodworker and designer and I have no idea which word I am using that
could possibly be a miss spelt word for th
On Monday 17 October 2016 at 17:14:18, Bill Cole wrote:
> On 17 Oct 2016, at 9:04, Antony Stone wrote:
> > DNS runs over UDP, not TCP.
>
> True AND false.
Agreed; thanks for the detailed clarification, however I was answering a
question specifically about rbldnsd.
> A DNS server that does not
On 17 Oct 2016, at 9:04, Antony Stone wrote:
DNS runs over UDP, not TCP.
True AND false.
Most DNS queries can be answered in a single UDP packet and so most
queries are tried over UDP first. Traditionally, DNS answers over UDP
were limited to 512 bytes, although modern extensions typically
On Mon, 17 Oct 2016 16:30:43 +0200
Ralph Seichter wrote:
> On 17.10.16 15:45, RW wrote:
>
> > Most of what SpamAssassin targets is RFC compliant. It would be
> > perfectly legitimate to score bogus addresses in the display name
> > if it proved useful.
>
> With "useful" being open to interpret
On 17.10.16 15:45, RW wrote:
> Most of what SpamAssassin targets is RFC compliant. It would be
> perfectly legitimate to score bogus addresses in the display name
> if it proved useful.
With "useful" being open to interpretation. ;-) Some of my customers are
willing to accept a much higher degree
On Mon, 17 Oct 2016 14:45:11 +0100
RW wrote:
> On Mon, 17 Oct 2016 15:20:27 +0200
> Ralph Seichter wrote:
> > From: "John Doe "
> > is perfectly legitimate.
> but an unusual and rather silly thing to do.
As I mentioned, Yahoo Groups did something like this last time I checked.
They did it
On 10/15/2016 12:53 PM, Matus UHLAR - fantomas wrote:
and immediately after implementing, those people and organizations
would be
surprised they block mail they should not block (see above).
No, it wouldn't block mail. It would add a bit to the score. If there
are other spam signs, it mig
On Mon, 17 Oct 2016 15:20:27 +0200
Ralph Seichter wrote:
> On 17.10.16 02:38, Benny Pedersen wrote:
>
> > one could argue if From:Name and From:Addr have differing domains
> > its forged ?
>
> Which RFC defines "From:Name" and "From:Addr" (I don't see the terms
> in RFC5322), and where does it
On Mon, 17 Oct 2016 13:18:23 +
Nicola Piazzi wrote:
> THX Antony
> Service works, but at now how can i address query to this server ?
> And the service name test how must be inserted in the query ?
There are plenty of examples in the stock rules.
53 (and other ports)
Oh?
I start and it tell that bind :
[root@EFALIST rbldnsd]# ./start.sh
rbldnsd: listening on ::1/53
rbldnsd: listening on 127.0.0.1/53
So, it's listening on port 53, both IPv4 and IPv6.
rbldnsd: ip4tset:/rbldnsd/test.txt: 20161017 101633: cnt=2
rbldnsd: zones rel
On 17.10.16 02:38, Benny Pedersen wrote:
> one could argue if From:Name and From:Addr have differing domains its
> forged ?
Which RFC defines "From:Name" and "From:Addr" (I don't see the terms in
RFC5322), and where does it say that domain names must match if they are
present? The header line
x27;s listening on port 53, both IPv4 and IPv6.
> rbldnsd: ip4tset:/rbldnsd/test.txt: 20161017 101633: cnt=2
> rbldnsd: zones reloaded, time 0.0e/0.0u sec, mem arena=284 free=131
> mmap=0 Kb rbldnsd: rbldnsd version 0.998 (05 Dec 2015) started (2
> socket(s), 1
> zone(s))
Looks happ
rbldnsd: listening on 127.0.0.1/53
So, it's listening on port 53, both IPv4 and IPv6.
> rbldnsd: ip4tset:/rbldnsd/test.txt: 20161017 101633: cnt=2
> rbldnsd: zones reloaded, time 0.0e/0.0u sec, mem arena=284 free=131 mmap=0
> Kb rbldnsd: rbldnsd version 0.998 (05 Dec 2015) started (2 sock
Someone use dnsrbld to create personal rbl ?
I am unable to bind to port 53 (and other ports)
I start and it tell that bind :
[root@EFALIST rbldnsd]# ./start.sh
rbldnsd: listening on ::1/53
rbldnsd: listening on 127.0.0.1/53
rbldnsd: ip4tset:/rbldnsd/test.txt: 20161017 101633: cnt=2
rbldnsd
27 matches
Mail list logo
