Hi,
> This part goes into the general HeaderEval.pm:
>
> $self->register_eval_rule("from_domains_mismatch");
> [...]
I'd like to try this, but this is not in the current 3.4.2 svn.
On Mon, 22 Jan 2018 10:05:14 -0500
Rupert Gallagher wrote:
> This is my current solution for a problem that has been discussed
> many times in this list.
> sub from_domains_mismatch {
> my ($self, $pms) = @_;
> my $temp;
> $temp = $pms->get('From:addr');
> $temp =~ /@(.+)/; my $fromAddrDo
On Mon, 22 Jan 2018 17:16:49 -0600 (CST)
sha...@shanew.net wrote:
> Since there's no "@" in From:name, there's clearly not an email
> address there, so there's nothing to compare to the domain part of
> From:addr.
FWIW it doesn't actually check that the @ is part of something that
looks like an
Thanks to those for being patient with me. I see the issue was I didn't
understand that the spammer is "cramming" or somehow the different
domains get "crammed" into the From:
I mistakenly thought these where two different distinct fields.
On 01/22/2018 06:32 PM, John Hardin wrote:
> On Mon, 22
Finally! Thank you!
On 01/22/2018 06:32 PM, John Hardin wrote:
> On Mon, 22 Jan 2018, Chip wrote:
>
>> Understood, so then what would a From:name that contains a domain look
>> like since it seems the filter needs to compare the domain found in
>> From:addr to From:name in order to pass it as ham
On Mon, 22 Jan 2018, Chip wrote:
Understood, so then what would a From:name that contains a domain look
like since it seems the filter needs to compare the domain found in
From:addr to From:name in order to pass it as ham.
From: "Joe User (Your Bank) "
Or am I on another planet altogethe
On Mon, 22 Jan 2018, Chip wrote:
In the attached image "header" is highlighted. Which one applies in
this case as there is header=gmail *and* header=secure.net
What you have highlighted has nothing to do with the "From" header in SA
header rules. That content is in the "ARC-Authentication-Re
Understood, so then what would a From:name that contains a domain look
like since it seems the filter needs to compare the domain found in
From:addr to From:name in order to pass it as ham.
Or am I on another planet altogether here, just say so and I'll shut up.
On 01/22/2018 06:21 PM, Chip wrote
Ah, okay. Thanks for the clarification.
So this filter, what would it make of that message? Spam or ham?
On 01/22/2018 06:16 PM, sha...@shanew.net wrote:
> I think what's tripping you up is what parts of the mail "From:addr"
> and "From:name" refer to. In the example you give:
>
> From: blabla
I think what's tripping you up is what parts of the mail "From:addr"
and "From:name" refer to. In the example you give:
From: blablabla
From:name will be "blablabla"
and
From:addr will be "blabla...@gmail.com"
Since there's no "@" in From:name, there's clearly not an email
address there, so t
On Mon, 22 Jan 2018, Chip wrote:
I might be wrong here understand I'm still learning, but the purpose of
the filter, from what I've been able to grasp, is that it checks the
From:addr and From:name values in SA to find
their domain and triggering a rule hit if there is a domain in the
From:name
I might be wrong here understand I'm still learning, but the purpose of
the filter, from what I've been able to grasp, is that it checks the
From:addr and From:name values in SA to find
their domain and triggering a rule hit if there is a domain in the
From:name that doesn't match the domain in th
On Mon, 22 Jan 2018 17:44:00 -0500
Chip wrote:
> Following is the full header with identifiable information
> anonymized.
I don't see what you are getting at, in:
From: blablabla
blablabla doesn't contain an "@".
Following is the full header with identifiable information anonymized.
I have other examples of commercial bulk senders suggesting - even
promoting - the idea that it's okay to input your external email address
in the From: of the message editor.
I actually did notice the dmarc=fail as well as dk
This particular effort is looking at the From header, not the EnvFrom
header (though there is a check From==EnvFrom as well). What we're
looking for here are things like:
From: "b...@usaa.com"
Or look at the pastebin example at the start of the thread.
Also, without seeing the full email, I c
So it's my understanding that SA does the following with this rule,
which is it is checking the From:addr and From:name values in SA to find
their domain and triggering a rule hit if there is a domain in the
From:name that doesn't match the domain in the From:addr.
However, when I examine the head
NOTE: as always, this is testing software - use at your own risk!
I've a bug report open for this particular feature - if added then it would
allow for all sorts of addrlists to be built -
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7354
For now, by all means you can either
* create "hi
On Mon, Jan 22, 2018 at 4:06 PM, Paul Stead
wrote:
> Thanks for that Alex, I've added a version check into the code, hopefully
> it'll catch everything.
>
> Thanks for other feedback from other users (
Looking good so far. I'll follow up with examples as they hit. Is
there anything further that
Thanks for that Alex, I've added a version check into the code, hopefully it'll
catch everything.
Thanks for other feedback from other users (
Paul
On 22/01/2018, 19:18, "Alex" wrote:
On Mon, Jan 22, 2018 at 11:21 AM, Paul Stead
wrote:
> https://github.com/fmbla/spamassassin-fro
On Mon, Jan 22, 2018 at 11:21 AM, Paul Stead
wrote:
> https://github.com/fmbla/spamassassin-fromnamespoof
>
> Reduced quite a few of the FPs after thinking about this over the weekend -
> feel free to check this out, let me know any feedback
I'm using the current 3.4.2 svn - looks like Util was
https://github.com/fmbla/spamassassin-fromnamespoof
Reduced quite a few of the FPs after thinking about this over the weekend -
feel free to check this out, let me know any feedback
Paul
On 19/01/2018, 18:16, "Paul Stead" wrote:
I too have a plugin written I've been using for a short whi
On 01/22/2018 09:05 AM, Rupert Gallagher wrote:
This is my current solution for a problem that has been discussed many
times in this list.
I wrote it last year, and it serves me well. Feel free to use it, if you
find it useful.
This part goes into your local.cf:
header __F_DM1 eval:from_dom
Hi Robert. I'm new here. But intrigued by what looks like a good solution.
Without too much detail can you explain the solution a bit? Just want to
get a basic understanding of the workflow. Thank you.
__
"Perhaps sleep did not evolve. Perhaps it was the thing from which
wakefu
Note the clause "__F_DM2". Its purpose is to whitelist legit e-mail from known
incompetent admins. You can remove the clause if you wish, and use the global
whitelist.cf instead.
Sent with [ProtonMail](https://protonmail.com) Secure Email.
Original Message
On 22 January 2018 4
This is my current solution for a problem that has been discussed many times in
this list.
I wrote it last year, and it serves me well. Feel free to use it, if you find
it useful.
This part goes into your local.cf:
header __F_DM1 eval:from_domains_mismatch()
header __F_DM2 From:addr =~ /\@(
25 matches
Mail list logo
