Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-21 (09:27 MST), Alex wrote: > > This is what DecodeShortURLs is for > https://github.com/smfreegard/DecodeShortURLs Aha! I knew something like that must exist! -- EIR OWN DESTINY. THEY TOUCH THE EARTH LIGHTLY.

Re: Custom Rulesets

Thank you Kevin and @lbutlr for the response. Checking out KAM ruleset now. We are not using Postfix for mail server, but I will check out how to achieve postscreen's functionality using JAMES(which we use). We had setup both Pyzor and Razor previously and disabled them due to the high latency and

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 21, 2018, at 12:45 PM, Dianne Skoll wrote: > > Someone earlier posted a link to https://github.com/smfreegard/DecodeShortURLs Oops, I missed that... must have thought it was just about decoding and not about SA. Thanks for clarifying! --- Amir

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 2:41 PM, Amir Caspi wrote: On Feb 21, 2018, at 9:57 AM, Dianne Skoll wrote: That's why you only want to do it for URLs that are absolutely known to be shortened URLs. You have to keep a list of known URL-shorteners. On that note -- regardless of what OTHER HW/SW solutions might d

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> On Feb 21, 2018, at 9:57 AM, Dianne Skoll wrote: > > That's why you only want to do it for URLs that are > absolutely known to be shortened URLs. You have to keep a list of > known URL-shorteners. On that note -- regardless of what OTHER HW/SW solutions might do, since this is a SpamAssassin

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 12:41:05 -0700 Amir Caspi wrote: > On that note -- regardless of what OTHER HW/SW solutions might do, > since this is a SpamAssassin mailing list ... is there any facility > to implement this in SA? Someone earlier posted a link to https://github.com/smfreegard/DecodeShortURL

FINAL REMINDER: CFP for Apache EU Roadshow Closes 25th February

Hello Apache Supporters and Enthusiasts This is your FINAL reminder that the Call for Papers (CFP) for the Apache EU Roadshow is closing soon. Our Apache EU Roadshow will focus on Cloud, IoT, Apache Tomcat, Apache Http and will run from 13-14 June 2018 in Berlin. Note that the CFP deadline has

Re: pyzor internal error on some messages

Hi, On Wed, Feb 21, 2018 at 11:45 AM, Ian Zimmerman wrote: > On 2018-02-20 22:20, Alex wrote: > >> Hi, >> >> Does anyone know what could be causing this? This is on fedora with >> pyzor-1.1.0-1.20170904gitd14e980 >> >> Feb 20 22:08:07.475 [28639] dbg: pyzor: network tests on, attempting Pyzor >>

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 11:48 AM, Anthony Cartmell wrote: Meanwhile - adding URI lookups (for URIs in the body of the domains) and/or the option to add 3rd party URI list lookups - is STILL is missing from MANY widely used anti-spam systems. If you mean following URLs in messages, you do need to be aware t

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 16:48:40 + Anthony Cartmell wrote: > If you mean following URLs in messages, you do need to be aware that > this can break one-time login links. Big time. That's why you only want to do it for URLs that are absolutely known to be shortened URLs. You have to keep a list

Re: Junk mixed in with ham on whitelists

David Jones skrev den 2018-02-21 17:41: I have that same code in my DKIM.pm and I am running 3.4.1. Maybe the size acceptable for whitelisting is different from the DKIM_VALID check? minimal key bits could be a plugin test yes, but imho it never made to do this Does the check_dkim_valid f

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2/21/2018 11:44 AM, Dianne Skoll wrote: On Wed, 21 Feb 2018 16:35:27 + Karol Augustin wrote: I think the point here might be that if Google acted promptly on abuse spammers would stop using shorteners. True, that might happen. OTOH, I see about as many spams with bit.ly shorteners as g

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

> Meanwhile - adding URI lookups (for URIs in the body of the domains) > and/or the option to add 3rd party URI list lookups - is STILL is > missing from MANY widely used anti-spam systems. If you mean following URLs in messages, you do need to be aware that this can break one-time login links. I

Re: pyzor internal error on some messages

On 2018-02-20 22:20, Alex wrote: > Hi, > > Does anyone know what could be causing this? This is on fedora with > pyzor-1.1.0-1.20170904gitd14e980 > > Feb 20 22:08:07.475 [28639] dbg: pyzor: network tests on, attempting Pyzor > Feb 20 22:08:13.098 [28639] dbg: pyzor: pyzor is available: /usr/bin/

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Wed, 21 Feb 2018 16:35:27 + Karol Augustin wrote: > I think the point here might be that if Google acted promptly on abuse > spammers would stop using shorteners. True, that might happen. OTOH, I see about as many spams with bit.ly shorteners as goo.gl shorteners which is not what one mi

oxy/diabetes/cbd/big pharma spam

Hi all, Over the past few weeks I've noticed a few different campaigns that are using the same overall template, but continue to not hit bayes99 or really any other significant rules. I'm assuming this is some sort of botnet? https://pastebin.com/Q9w1p2ht https://pastebin.com/rKvKYmhY https://pas

Re: Junk mixed in with ham on whitelists

On 02/21/2018 10:22 AM, Benny Pedersen wrote: David Jones skrev den 2018-02-21 15:46: Bug 7559 opened.  I don't want to delay 3.4.2 either.  I don't think this is major enough to have to go into 3.4.2 unless someone can provide a quick patch for Kevin. in dkim.pm plugin i find   # minimal s

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 11:12 AM, Dianne Skoll wrote: Really? This isn't rocket science. If I thought of it, I'm sure dozens if not hundreds of others have thought of it and implemented it. Meanwhile - adding URI lookups (for URIs in the body of the domains) and/or the option to add 3rd party URI list

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2018-02-21 16:31, Dianne Skoll wrote: > On Wed, 21 Feb 2018 11:29:00 -0500 > Rob McEwen wrote: > >> Nevertheless, it is a shame to have to shift more of the burden onto >> spam filters to do more work (some of which requires MORE latency) - >> in order to partly mitigate Google's failure to pr

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Wed, 21 Feb 2018 11:29:00 -0500 Rob McEwen wrote: > Nevertheless, it is a shame to have to shift more of the burden onto > spam filters to do more work (some of which requires MORE latency) - > in order to partly mitigate Google's failure to prevent/correct the > abuse. Yes, I agree. On the

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2/21/2018 11:11 AM, Dianne Skoll wrote: I guess I misinterpreted: "...such automated lookups could also put a huge extra burden on Google's servers..." from Message-Id Oh yeah, I'd forgotten about that part. it was a more minor point. But as I think back on my thought processes at the time

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, Feb 21, 2018 at 1:38 AM, @lbutlr wrote: > On 2018-02-20 (22:10 MST), Reindl Harald wrote: >> >> you may hit confirmation-urls (both ham and spam), trigger actions, trigger >> *one-time* urls which are invalid for the user after a dumb bot used them >> not talking about that it would be

Re: Junk mixed in with ham on whitelists

David Jones skrev den 2018-02-21 15:46: Bug 7559 opened. I don't want to delay 3.4.2 either. I don't think this is major enough to have to go into 3.4.2 unless someone can provide a quick patch for Kevin. in dkim.pm plugin i find # minimal signing key size in bits that is acceptable for w

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 11:00:48 -0500 Rob McEwen wrote: > > [Expanding shorteners] been part of our practice for about a year now. > Excellent! I wish others would be as innovative and on top of things > as you are! Unfortunately, your statement doesn't alter my point you > were replying to, even o

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Wed, 21 Feb 2018 10:58:17 -0500 Rob McEwen wrote: > On 2/21/2018 10:37 AM, Dianne Skoll wrote: > > The concern voiced in another email about overloading Google's > > infrastructure is quite charming and quaint. > My concern was NEVER about overloading google. I guess I misinterpreted: "...

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/21/2018 10:39 AM, Dianne Skoll wrote: We use HEAD requests to expand known URL-shorteners on a cluster that peaks around 60 msgs/s Thanks for that information. That is good to know! (b) and this isn't going to suddenly become a feature inside of many types of spam filtering hardware and

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On 2/21/2018 10:37 AM, Dianne Skoll wrote: The concern voiced in another email about overloading Google's infrastructure is quite charming and quaint. My concern was NEVER about overloading google. My concern was about Google auto-blocking or throwing a captcha at very high volume and automa

Re: action_drop_with_warning called outside of filter context

Hi, > mimedefang.pl[10245]: w1K87JOB027594: action_drop_with_warning called > outside of filter context > then the attachment was not dropped. > here is my filter: Please read mimedefang-filter man page very carefully. Regards, Dianne.

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

Dianne Skoll skrev den 2018-02-21 16:37: We do a HEAD request and it works on most URL shorteners. The concern voiced in another email about overloading Google's infrastructure is quite charming and quaint. +1 some with icla could add this to spamasssassin with https://github.com/smfreegard

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Wed, 21 Feb 2018 02:30:40 -0500 Rob McEwen wrote: > (a) it might not "scale" for high volume mail flows and DNSBLs who, > like invaluement, process dozens (or more) spams per second. We use HEAD requests to expand known URL-shorteners on a cluster that peaks around 60 msgs/s > (b) and this i

Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

On Tue, 20 Feb 2018 23:38:53 -0700 "@lbutlr" wrote: > As I suspected, it is possible to get the goo.gl target URL without > loading the site, though using curl is probably not realistic in this > specific case. We do a HEAD request and it works on most URL shorteners. The concern voiced in anot

Re: Junk mixed in with ham on whitelists

On 02/21/18 00:24, Benny Pedersen wrote: > David Jones skrev den 2018-02-21 00:14: > >> https://pastebin.com/mjvB0MKg  (scored 10.96) >> -0.10    DKIM_VALID    Message has at least one valid DKIM or DK signature > > Authentication-Results: smtp3i.ena.net; > dkim=policy reason="signing key too

action_drop_with_warning called outside of filter context

Hello, We are running mimedefang with Spamassassin and Clamav to secure our mailling server. but actually, i have a probleme with mimedefang-filter. the following error appear when a virus is detected: mimedefang.pl[10245]: w1K87JOB027594: Detected virus PUA.Win.Trojan.EmbeddedPDF-1 mimedefang.

Re: Custom Rulesets

On 2018-02-21 (07:21 MST), Rajkiran Rajkumar wrote: > > Hi Spamassassin community, > My first message here, so kindly excuse any missing etiquette. I am exploring > custom rulesets and I have gone through the wiki article on it. However, it > doesn't contain any information about the up-to-date

Re: Junk mixed in with ham on whitelists

On 02/21/2018 08:30 AM, Benny Pedersen wrote: Kevin A. McGrail skrev den 2018-02-21 14:44: On 2/21/2018 8:42 AM, David Jones wrote: Do we need to open a bug to get SA's DKIM code to check for a minimum key size? When in doubt, open a bug. more bugs will delay 3.4.2 :=) Bug 7559 opened. I

Re: Custom Rulesets

On 2/21/2018 9:21 AM, Rajkiran Rajkumar wrote: My first message here, so kindly excuse any missing etiquette. I am exploring custom rulesets and I have gone through the wiki article on it. However, it doesn't contain any information about th

Re: Junk mixed in with ham on whitelists

Kevin A. McGrail skrev den 2018-02-21 14:44: On 2/21/2018 8:42 AM, David Jones wrote: Do we need to open a bug to get SA's DKIM code to check for a minimum key size? When in doubt, open a bug. more bugs will delay 3.4.2 :=)

FSL_BULK_SIG hits on bugzilla mails

with score default 1

Re: Junk mixed in with ham on whitelists

David Jones skrev den 2018-02-21 14:42: My guess is SA's DKIM check doesn't care about the size of the key. OpenDKIM has a setting of "MinimumKeyBits 1024" since anything smaller can be trivially cracked. Do we need to open a bug to get SA's DKIM code to check for a minimum key size? yes pl

Custom Rulesets

Hi Spamassassin community, My first message here, so kindly excuse any missing etiquette. I am exploring custom rulesets and I have gone through the wiki article on it. However, it doesn't contain any information about the up-to-date-ness of the

Re: Report AmazonSES spam?

On 2018-02-21 (06:50 MST), David Jones wrote: > > I think it's best if we all report to Spamcop first to concentrate all of > that information into a single database which increases our effectiveness. > Then if you want to report directly to the platform/sender's abuse contact, > that is good

Re: Junk mixed in with ham on whitelists

On 21-02-18 14:54, David Jones wrote: > On 02/21/2018 07:44 AM, Kevin A. McGrail wrote: >> On 2/21/2018 8:42 AM, David Jones wrote: >>> Do we need to open a bug to get SA's DKIM code to check for a minimum >>> key size? >> >> When in doubt, open a bug. >> > > Well. Ummm.  I found this when star

Re: Junk mixed in with ham on whitelists

On 02/21/2018 07:44 AM, Kevin A. McGrail wrote: On 2/21/2018 8:42 AM, David Jones wrote: Do we need to open a bug to get SA's DKIM code to check for a minimum key size? When in doubt, open a bug. Well. Ummm. I found this when starting to create the bug: https://bz.apache.org/SpamAssassin

Re: Report AmazonSES spam?

On 02/21/2018 07:35 AM, Karol Augustin wrote: On 2018-02-21 12:38, @lbutlr wrote: On 2018-02-21 (05:37 MST), Tom Hendrikx wrote: How about: https://aws.amazon.com/forms/report-abuse Isn't amazon SES separate from amazon AWS? It's not. SES is just a service within Amazon AWS. k. If yo

Re: Junk mixed in with ham on whitelists

On 2/21/2018 8:42 AM, David Jones wrote: Do we need to open a bug to get SA's DKIM code to check for a minimum key size? When in doubt, open a bug.

Re: Junk mixed in with ham on whitelists

On 02/20/2018 05:24 PM, Benny Pedersen wrote: David Jones skrev den 2018-02-21 00:14: https://pastebin.com/mjvB0MKg  (scored 10.96) -0.10    DKIM_VALID    Message has at least one valid DKIM or DK signature Authentication-Results: smtp3i.ena.net; dkim=policy reason="signing key too smal

Re: Report AmazonSES spam?

On 2018-02-21 12:38, @lbutlr wrote: > On 2018-02-21 (05:37 MST), Tom Hendrikx wrote: >> >> How about: https://aws.amazon.com/forms/report-abuse > > > Isn't amazon SES separate from amazon AWS? It's not. SES is just a service within Amazon AWS. k. -- Karol Augustin ka...@augustin.pl http://ka

Re: Report AmazonSES spam?

On 2018-02-21 (05:37 MST), Tom Hendrikx wrote: > > How about: https://aws.amazon.com/forms/report-abuse Isn't amazon SES separate from amazon AWS? -- Nothing gold can stay -- Robert Frost Stay gold -- Johnny Cade

Re: Report AmazonSES spam?

On 21-02-18 13:34, @lbutlr wrote: > I've been trying to find a way to report a spammer to Amazon SES (Simple > Email Service), but I haven't found anywhere to report this spam. > > (SA is tagging the messages, but I'm tired of Amazon allowing this company to > continue doing this). > > X-Spam-S

Report AmazonSES spam?

I've been trying to find a way to report a spammer to Amazon SES (Simple Email Service), but I haven't found anywhere to report this spam. (SA is tagging the messages, but I'm tired of Amazon allowing this company to continue doing this). X-Spam-Status: Yes, score=7.3 required=5.0 tests=BAYES_9

Re: Blacklist for reply-to?

On 2018-02-21 (00:20 MST), Rupert Gallagher wrote: > > Beware that companies use a legal note in their signature as advised by their > lawyers, and many individuals do the same, to inform the reader about laws > that apply regardless of where or when you are reading their note. Mostly they lie

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-21 (00:52 MST), Charles Sprickman wrote: > > You can also see all the analytics by appending “.info” to the URL, eg: > http://goo.gl/ylUAd.info True, but that is a web browser solution, not something that could, for example, be scripted (well, not easily or realistically for this so