Re: Another form of obfuscation email.

PLEASE UNSUBSCRIBE ME TO THESE EMAILS! I NEVER SIGNED UP FOR THIS AND I DONT UNDERSTAND ANY OF THIS! PLEASE! > On Jan 26, 2019, at 9:55 PM, Rupert Gallagher wrote: > > I would focus on the headers: they have plenty for a spam flag. On the body, > SA should already mark the text/code ratio, and

Re: Another form of obfuscation email.

I would focus on the headers: they have plenty for a spam flag. On the body, SA should already mark the text/code ratio, and the number of links. On Sun, Jan 27, 2019 at 05:43, Mark London wrote: > Does anyone have any rules that can catch this type of obfuscated spam? > > https://pastebin.com/

Re: Another form of obfuscation email.

On Sat, 26 Jan 2019, Mark London wrote: Does anyone have any rules that can catch this type of obfuscated spam? https://pastebin.com/qi8dsREW There's some "invisible font" subrules in my sandbox that this hits (__STY_INVIS_MANY, __FONT_INVIS_MANY) but scored versions aren't currently expose

Another form of obfuscation email.

Does anyone have any rules that can catch this type of obfuscated spam? https://pastebin.com/qi8dsREW Thanks. - Mark

Re: Is it weird to worry I'm getting too little spam? (success of RBLs)

In my experience, the right combination of DNSBLs are extremely effective, typically well into the 90% of delivery attempts can be rejected before the DATA command (and therefore before SpamAssassin) with a combination of DNSBLs, RFC validations (greet pause of 11 seconds, early talkers rejected),

Re: Is it weird to worry I'm getting too little spam? (success of RBLs)

On 26 Jan 2019, at 17:02, Ian Evans wrote: Recently checked my logs and noticed that the rbl checks in postfix or SA were sometimes getting blocked. So I finally installed a caching DNS server. Suddenly the spam that gets to my spam folder is down to five or so a day. Seems postfix is droppi

Is it weird to worry I'm getting too little spam? (success of RBLs)

Background: I run a small postfix/dovecot server on my site server. Just a handful of careful users. My spam folder would only have about 10-30 messages a day marked as spam by spamassassin. Server's running denyhosts to help block bad actors. Recently checked my logs and noticed that the rbl chec

Re: Proposed rule for too many dots in From

On Thu, 24 Jan 2019, Amir Caspi wrote: On Jan 15, 2019, at 8:46 AM, John Hardin wrote: On Dec 20, 2018, at 6:16 PM, Amir Caspi wrote: header AC_FROM_MANY_DOTS From =~ /<(?:\w{2,}\.){2,}\w+@/ Argh. I lost track of that over the holidays. Thanks for the reminder, adding it now.