Mark London skrev den 2018-11-17 01:23:
Is there a way to define BODY rules, so that they will be triggered?
Thanks.
manuel train bayes, is the only help i can give, sorry
spammers want to be detected, so let them :=)
Yeah, there is a SCC SHORT WORDS rule and a KAM_ZWNJ in KAM.cf. Please let
me know if those help.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Fri, Nov 16, 2018 at 7:37 PM John Har
On Fri, 16 Nov 2018, Mark London wrote:
I just received a spam email with the 9D character placed inside of words,
that prevented my custom BODY rules from being hit. I.e.:
Obvi=9Do=9Dusly yo=9Du=9D ca=9Dn can cha=9Dnge=9D i=9Dt, o=9Dr a=9Dlready
change=9Dd it.
Is there a way to define BOD
On Fri, 16 Nov 2018, Bill Cole wrote:
On 15 Nov 2018, at 14:27, MarkCS wrote:
So I've been tasked with researching an issue with the mail server at work.
We use Spamassassin and at present, it's not blocking some pretty obvious
spam, largely from the domain qq.com. Basically email is slipping
I just received a spam email with the 9D character placed inside of
words, that prevented my custom BODY rules from being hit. I.e.:
Obvi=9Do=9Dusly yo=9Du=9D ca=9Dn can cha=9Dnge=9D i=9Dt, o=9Dr
a=9Dlready change=9Dd it.
Is there a way to define BODY rules, so that they will be triggered?
On 15 Nov 2018, at 14:27, MarkCS wrote:
So I've been tasked with researching an issue with the mail server at
work.
We use Spamassassin and at present, it's not blocking some pretty
obvious
spam, largely from the domain qq.com. Basically email is slipping
through,
being bounced back at the end
On Fri, 16 Nov 2018 08:48:56 -0800
Ian Zimmerman wrote:
> 1. Am I correct in assuming that SA decodes base64 MIME parts so it
> does act on these links? Reading the -D output surely indicates so.
I think you've already answered that.
> 2. I remember some discussion here about following shorte
Hi,
It seems spammers are now using XML Word documents instead of ones
containing macro viruses. Virtually no antivirus scanners are catching
this now.
These are hacked Outlook accounts sending virus/phish attachments.
https://pastebin.com/8QxujfAt
On 2018-11-16 09:52, Matus UHLAR - fantomas wrote:
> such spam should be filtered at mailing list level before this happens.
And it almost always is. Not in this case.
> what can help you
> - BAYES
understood, I am trying to do without Bayes for now, because I want to
avoid the maintenance (t
On Fri, 16 Nov 2018 10:39:47 -0500
Kris Deugau wrote:
> From: John D. Smith
> ...
> Looking at a couple of other examples, there are also some in the
> form:
>
> From: =?UTF-8?B?[encoded stuff]=
>
> where [encoded stuff] decodes to:
>
> Some User
I think this is worth a try:
header FROM
Dominic Raferd wrote on 11/16/2018 8:50 AM>
Please clarify what you mean by 'even though SPF and DKIM is setup
with DMARC to reject'? I presume that 'company.com' does not have a
DMARC p=reject policy, or else your DMARC program (e.g. opendmarc)
should block forged emails from them.
Oh yes, so
On Fri, 16 Nov 2018 at 15:54, Robert Fitzpatrick wrote:
>
> Dominic Raferd wrote on 11/16/2018 8:50 AM>
> > Please clarify what you mean by 'even though SPF and DKIM is setup
> > with DMARC to reject'? I presume that 'company.com' does not have a
> > DMARC p=reject policy, or else your DMARC progr
RW wrote:
On Fri, 16 Nov 2018 08:44:52 -0500
Robert Fitzpatrick wrote:
We're having an issue with spam coming from the same company even
though SPF and DKIM is setup with DMARC to reject. Take this
forwarded email for instances
[ fake invoice email ]
SPF and DKIM rarely return "fail" on
On Fri, 16 Nov 2018 08:44:52 -0500
Robert Fitzpatrick wrote:
> We're having an issue with spam coming from the same company even
> though SPF and DKIM is setup with DMARC to reject. Take this
> forwarded email for instances
This is a pretty confusing question because it has nothing to do with
On Fri, 16 Nov 2018 09:52:05 +0100
Matus UHLAR - fantomas wrote:
> On 15.11.18 09:42, Ian Zimmerman wrote:
> > # This one disables Bayes. ...
> > tiny detail. use_learner 0
>
> 1. this description is invalid. use_bayes disables bayes.
use_learner 0, in theory, disables all machine learning
On Fri, 16 Nov 2018 at 13:45, Robert Fitzpatrick wrote:
>
> We're having an issue with spam coming from the same company even though
> SPF and DKIM is setup with DMARC to reject. Take this forwarded email
> for instances
>
> > Original message
> > From: User
> > Date: 11/15/
We're having an issue with spam coming from the same company even though
SPF and DKIM is setup with DMARC to reject. Take this forwarded email
for instances
Original message
From: User
Date: 11/15/18 10:42 AM (GMT-07:00)
To: Other User
Subject: OVERDUE INVOICE
Sorr
On 15.11.18 09:42, Ian Zimmerman wrote:
This little pearl got through upstream filter on a mailing list.
such spam is very hard to detect, because mailing lists tend to clear
negative-scoring rules and add some positive-scoring.
such spam should be filtered at mailing list level before this ha
18 matches
Mail list logo
