See my post of 25/20/2017 to this list.
Sent from ProtonMail Mobile
On Wed, Jan 17, 2018 at 20:31, David Jones wrote:
> Would a plugin need to be created (or an existing one enhanced) to be able to
> detect this type of spoofed From header? From: "h...@hulumail.com !"
> https://pastebin.com/
>!~ matches are dangerous because they match by default if you
>don't anticipate all the legitimate formats. The above will FP on a
>simple email address. It could be rewritten as a __FROM_DOMAINS_MATCH
>and used in a meta rule.
fool me, your are right, RW, thanks...
>It's also not a complete
Exactly!
That is why I want to stick with SA because it does know how to do spf
and dkim checks whereas other systems don't unless we install software
to do that.
On 01/18/2018 07:31 PM, Alan Hodgson wrote:
> On Thu, 2018-01-18 at 18:49 -0500, Chip wrote:
>> Very well stated. Bravo!
>>
>> The e
On Thu, 2018-01-18 at 18:49 -0500, Chip wrote:
> Very well stated. Bravo!
>
> The end point here is to examine the email headers that specifically
> refer to dkim and spf signatures. Based on fail or pass, or some
> combination in concert with the sender's email address, they get moved
> into fa
Very well stated. Bravo!
The end point here is to examine the email headers that specifically
refer to dkim and spf signatures. Based on fail or pass, or some
combination in concert with the sender's email address, they get moved
into fail or pass folders.
That's it!
I know there are other met
Chip schrieb am 18.01.2018 um 23:43:
yes I'm starting to see that. I may need to build a box specifically
suited for this using procmail. I had hoped that I could stay with the VPS.
Nevertheless, I've heard two contradictory pieces of advise here and
would like to know which is correct or most
Thanks for pointing out Sieve. I'll look into that.
It's nice in that it acts on the last procedure - or right before
delivery to the mail folder after all the other dirty work has been done.
thanks.
On 01/18/2018 05:55 PM, Larry Rosenman wrote:
> On Thu, Jan 18, 2018 at 05:43:04PM -0500, Chip
On Thu, Jan 18, 2018 at 05:43:04PM -0500, Chip wrote:
> yes I'm starting to see that. I may need to build a box specifically
> suited for this using procmail. I had hoped that I could stay with the VPS.
>
I'd look at using sieve instead. Procmail has had some issues and not well
maintained.
(
yes I'm starting to see that. I may need to build a box specifically
suited for this using procmail. I had hoped that I could stay with the VPS.
Nevertheless, I've heard two contradictory pieces of advise here and
would like to know which is correct or most-near correct.
I'm sure there are inst
On 1/18/2018 2:09 PM, Chip wrote:
> Newbie excited to use the features of SpamAssassin for a new project
> that needs to flag inbound email for sorting into folders (this can be
> done via cpanel-level filtering) based on keywords in headers (header
> search by SA).
>
> This is a Centos 6.9 machin
Yes I read the basic configuration.
Did you read my initial request in which I said I was a newbie?
Reading the "basic configuration" has no bearing on the other parts of
my inquiry. Perhaps you didn't read that as well?
Where I said this was a VPS with several domains? And that there where
ma
Thank you, Sir.
So in my local.cf there is a commented-out rule as follows:
# Set the threshold at which a message is considered spam (default: 5.0)
#
# required_score 5.0
setting that required to 999 will over ride the standard rules system wide?
On 01/18/2018 05:11 PM, David Jones wrote:
>
How better to figure other than asking here?
Ummm. Isn't that what this mailing list is about?
People helping others?
I guess I'm at the wrong place.
I'm not asking someone to do my work for me.
I'm asking for some advise from people who know more than me without
them getting sarcastic or ins
On 01/18/2018 04:00 PM, Chip wrote:
Find this tidbit of information how to find the rules that are loaded
with spam assassin:
spamassassin --lint -D 2>&1 | grep 'config: read file'
I see many, many lines of files.
I don't see myself going into all those files and replacing a score of
whatever
Find this tidbit of information how to find the rules that are loaded
with spam assassin:
spamassassin --lint -D 2>&1 | grep 'config: read file'
I see many, many lines of files.
I don't see myself going into all those files and replacing a score of
whatever with a 999 or 0.
There must be a simp
Looking in my setup I see local.cf attached to many virtfs as in:
/home/virtfs/domain-name/etc/mail/spamassassin/local.cf
as well as in:
/etc/mail/spamassassin/local.cf
When I open these files there are very little rules so can't really see
what I must change here?
This is a VPS with about 10
Shanew,
Checked my logs and modifcation time on the local.cf. I had restarted
it. I initially had a single 7 in there, but that was not working so I
added all 4.
Thanks,
Andy
On 01/18/2018 02:24 PM, sha...@shanew.net wrote:
> Most likely you've forgotten to restart spamd or maybe whatever glue
On 01/18/2018 03:01 PM, Chip wrote:
Thank you Shanew for the suggestion.
I'm tied to a Cpanel/WHM VPS which can't be changed. Give that there
are some restrictions such as the use of Exim. Exim apparently does not
play nice with mimedefang and only partially nice with procmail - at
least as I'
Thank you Shanew for the suggestion.
I'm tied to a Cpanel/WHM VPS which can't be changed. Give that there
are some restrictions such as the use of Exim. Exim apparently does not
play nice with mimedefang and only partially nice with procmail - at
least as I've tested it. I would actually prefer
I can't help but think that you'd be better of using something like
procmail, maildrop (part of Courier), or sieve if want you want is
sorting without all the overhead of checking for spam.
But maybe I'm not understanding what you want to accomplish...
On Thu, 18 Jan 2018, Chip wrote:
Newbie e
On 01/18/2018 02:33 PM, Chip wrote:
That sounds doable. If I score everything 0 or 999 will things be
overwritten in local.cf on update or elsewhere?
The local.cf is yours to update and does not get touched by upgrades or
ruleset updates.
What you are suggesting sounds like a reasonable c
That sounds doable. If I score everything 0 or 999 will things be
overwritten in local.cf on update or elsewhere?
What you are suggesting sounds like a reasonable course of action.
On 01/18/2018 03:29 PM, David Jones wrote:
> On 01/18/2018 02:09 PM, Chip wrote:
>> Newbie excited to use the featu
On 01/18/2018 02:09 PM, Chip wrote:
Newbie excited to use the features of SpamAssassin for a new project
that needs to flag inbound email for sorting into folders (this can be
done via cpanel-level filtering) based on keywords in headers (header
search by SA).
This is a Centos 6.9 machine runni
Most likely you've forgotten to restart spamd or maybe whatever glue
calls SpamAssassin (amavisd, for example).
As a side note, if you want it to score 7 regardless of network/bayes
tests (which is what your score line indicates), you can just use
"score SHARK_TANK 7"
On Thu, 18 Jan 2018, Andy
Newbie excited to use the features of SpamAssassin for a new project
that needs to flag inbound email for sorting into folders (this can be
done via cpanel-level filtering) based on keywords in headers (header
search by SA).
This is a Centos 6.9 machine running cpanel/WHM 11.68.0.23 and
SpamAssas
I've been getting annoying spams for "Shark Tank". I added a simple rule in
local.cf to check the subject line:
header SHARK_TANK Subject =~ /\bshark tank\b/i
score SHARK_TANK 7 7 7 7
The mail still get through. In my inbox:
X-Spam-Flag: NO
X-Spam-Score: 4.148
X-Spam-Level:
X-Spam-St
On Thu, 18 Jan 2018, RW wrote:
I think the hard part is handling IDNs, e.g.
"=?UTF-8?B?Zm9vQGLDvGNoZXIuY29t?="
the display name should decode to the UTF-8 byte sequence for
foo@bücher.com, but I presume the address would be left as the ASCII
IDN.
In the short term it's probably best to avoid
On Thu, 18 Jan 2018 11:52:36 + (UTC)
Pedro David Marco wrote:
> David,
> This rule can do the full job... i have tested it with good
> results.. (Can be tested here: https://regex101.com/r/Vpmhjz/3 ) It
> checks if the level domain next to the TLD in the From:name matches
> the domain next
David,
This rule can do the full job... i have tested it with good results.. (Can be
tested here: https://regex101.com/r/Vpmhjz/3 )
It checks if the level domain next to the TLD in the From:name matches the
domain next to the TLD in From:email
header FROM_DOMAINS_MISMATCH From !~
/(?:[^
29 matches
Mail list logo
