The new rule "From:name domain mismatches From:addr domain" catches the given
spample.
Sent from ProtonMail Mobile
On Wed, Oct 25, 2017 at 6:00 PM, Alex wrote:
> On Tue, Oct 24, 2017 at 2:49 PM, David Jones wrote: > On 10/24/2017 01:32 PM,
> Alex wrote: >> >> Hi all, I'm wondering if someone
> The DMARC standard says that EITHER (only takes one) SPF must pass and
align with the envelope-from domain OR DKIM must pass and align with the
the From: header domain.
The relevant DNS R allows requiring both SPF and DKIM must pass, which is what
we do in our own setup. When checking for SPAM
Empty Message
On 25 Oct 2017, at 12:00, Alex wrote:
Is the only way to submit to spamcop to use their custom email address
assigned to the account, or is there some command-line way to do it?
For all the details of various ways to send mail from the command line,
see the man pages for mail, mailx, and/or s
Implemented it on one of my tier 2 mx hosts. No hits so far, but I’m not sure
if it’s working or not. Running spamassasin –lint returns a warning:
root@mx2:/etc/spamassassin# spamassassin --lint
Oct 25 09:39:35.403 [15095] warn: Use of uninitialized value in regexp
compilation at /etc/spama
On Wed, Oct 25, 2017 at 11:52:17AM -0500, David Jones wrote:
> I have a script (see below) watching a "SpamCop" folder that sends it to my
> custom SpamCop address as an attachment using mutt. All I have to do is
> drag-n-drop into that folder and the submission is automated. I wait a
> couple of
On 10/25/2017 11:00 AM, Alex wrote:
On Tue, Oct 24, 2017 at 2:49 PM, David Jones wrote:
On 10/24/2017 01:32 PM, Alex wrote:
Hi all, I'm wondering if someone has some ideas to handle bank fraud
phishing emails, and in particular this one:
https://pastebin.com/wxFtKK16
It doesn't hit bayes99
On Tue, Oct 24, 2017 at 2:49 PM, David Jones wrote:
> On 10/24/2017 01:32 PM, Alex wrote:
>>
>> Hi all, I'm wondering if someone has some ideas to handle bank fraud
>> phishing emails, and in particular this one:
>>
>> https://pastebin.com/wxFtKK16
>>
>> It doesn't hit bayes99 because we haven't s
>
> This may not be representative but I found that the rest of of the FPs
> could have been avoided with
>
> && (FREEMAIL_FROM || !DKIM_VALID_AU)
>
> the spam rarely hits DKIM_VALID_AU unless it's freemail.
Actually a decent portion of spam is sent with DKIM_VALID_AU, either from
spammer owned
On Wed, 25 Oct 2017 10:39:54 -0400
Rupert Gallagher wrote:
> > Original Message
> > Subject: Re: Bank fraud phish
> > Local Time: 25 October 2017 4:18 PM
> > UTC Time: 25 October 2017 14:18
> > From: rwmailli...@googlemail.com
> > To: users@spamassassin.apache.org
> >
> > On Wed,
On Wed, 25 Oct 2017 09:26:37 -0400
Rupert Gallagher wrote:
> This is my rule for a case that has also been discussed in this list.
> I wrote it two weeks ago, and it works so far.
>
> This part goes into your local.cf:
>
> header __F_DM1 eval:from_domains_mismatch()
I wrote something similar
On 10/25/2017 09:39 AM, Rupert Gallagher wrote:
Original Message
Subject: Re: Bank fraud phish
Local Time: 25 October 2017 4:18 PM
UTC Time: 25 October 2017 14:18
From: rwmailli...@googlemail.com
To: users@spamassassin.apache.org
On Wed, 25 Oct 2017 09:16:50 -0400
Rupert Gall
On 25. okt. 2017 16.18.53 RW wrote:
If it did have a record it would pass DMARC because it doesn't have an
aligned DKIM pass, but does have an aligned SPF pass.
Spf does not align om mailinglists, since DMARC Will fail om Missing dkim
> Original Message
> Subject: Re: Bank fraud phish
> Local Time: 25 October 2017 4:18 PM
> UTC Time: 25 October 2017 14:18
> From: rwmailli...@googlemail.com
> To: users@spamassassin.apache.org
>
> On Wed, 25 Oct 2017 09:16:50 -0400
> Rupert Gallagher wrote:
>
>> The e-mail is sti
Reading RFC 822 again, I spotted the endorsement for the case at hand.
The named header is compliant to the standard, as quoted below.
However, the same standard does not compel a server to accept e-mail
sent to undisclosed recipients: we are free to reject it by local policy.
6.2.6. MULTIP
On Wed, 25 Oct 2017 09:16:50 -0400
Rupert Gallagher wrote:
> The e-mail is still flagged as SPAM here.
> - DMARC fails, because it passes DKIM, but fails SPF.
This is wrong in every detail.
It can't fail or pass DMARC because the domain welchtitles.com doesn't
have a DMARC record.
If it did
> Original Message
> Subject: Re: Bank fraud phish
> Local Time: 25 October 2017 3:25 PM
> UTC Time: 25 October 2017 13:25
> From: h.rei...@thelounge.net
> To: users@spamassassin.apache.org, r...@protonmail.com
>
> Am 25.10.2017 um 15:20 schrieb Reindl Harald:
>
>> Am 25.10.2017 u
Original Message Subject: Re: Bank fraud phishLocal Time: 25
October 2017 3:20 PMUTC Time: 25 October 2017 13:20From:
h.reindl@thelounge.netTo: users@spamassassin.apache.org, r...@protonmail.com
> Am 25.10.2017 um 15:16 schrieb Rupert Gallagher:
>
>> MID domain does not match th
This is my rule for a case that has also been discussed in this list.
I wrote it two weeks ago, and it works so far.
This part goes into your local.cf:
header __F_DM1 eval:from_domains_mismatch()
header __F_DM2 From:addr =~ /\@(exception1|exception2)(\.[^\.]+)?\.it/
meta F_DM ( __F_DM1
I checked from the w.s. instead of the phone, and this is the response.
The MID I observed from the iPhone is actually part-of a different header of
the same e-mail. The true MID is well-formed and RFC compliant:
> Message-ID:
>
The e-mail is still flagged as SPAM here.
- DMARC fails, because
On 10/24/2017 07:41 PM, Alex wrote:
On Tue, Oct 24, 2017 at 2:49 PM, David Jones wrote:
On 10/24/2017 01:32 PM, Alex wrote:
Hi all, I'm wondering if someone has some ideas to handle bank fraud
phishing emails, and in particular this one:
https://pastebin.com/wxFtKK16
It doesn't hit bayes99
On Wed, 25 Oct 2017 11:50:19 +0100
Markus Clardy wrote:
> That isn't the Message-Id, that is
> the X-MS-Exchange-CrossTenant-Network-Message-Id... The Message-Id is
> compliant.
>
As is X-MS-Exchange-CrossTenant-Network-Message-Id in the original
> On Wed, Oct 25, 2017 at 11:43 AM, Rupert Gall
That isn't the Message-Id, that is
the X-MS-Exchange-CrossTenant-Network-Message-Id... The Message-Id is
compliant.
On Wed, Oct 25, 2017 at 11:43 AM, Rupert Gallagher
wrote:
> The raw e-mail in pastebin returns a non-well-formed Message-ID. I attach
> a photo of what I see.
>
> Sent from ProtonM
The raw e-mail in pastebin returns a non-well-formed Message-ID. I attach a
photo of what I see.
Sent from ProtonMail Mobile
On Tue, Oct 24, 2017 at 10:05 PM, John Hardin wrote:
> On Tue, 24 Oct 2017, Rupert Gallagher wrote: > Easy one. The Message-ID is
> not well formed / RFC compliant. We
We reject all e-mails with non-compliant Message-ID.
Sent from ProtonMail Mobile
On Tue, Oct 24, 2017 at 9:59 PM, David Jones wrote:
> On 10/24/2017 02:54 PM, Rupert Gallagher wrote: > Easy one. The Message-ID is
> not well formed / RFC compliant. We reject > such junk upfront. > > Sent from
Probably it would be a good idea to have a list of potential "phishing-able"
important companies... just as there is one for freemailers..
very greedy, i know... :-)
---Pedro
> Hi all, I'm wondering if someone has some ideas to handle bank fraud
> phishing emails, and in particular this one:
>
> https://pastebin.com/wxFtKK16
>
> It doesn't hit bayes99 because we haven't seen one before, and txrep
> subtracts points. It also doesn't hit any blacklists.
>
> Ideas for bloc
27 matches
Mail list logo
