On 4/17/19 4:16 PM, jandev wrote:
> Hi all
>
> Yesterday our mail server received unwanted email from simpliv.com. It was
> valid DKIM signed for mail.simpliv.com
> Despite the sender ip was listed at Sorbs the email even passed the bayesian
> filter:
>
>
> Surprisingly the ip/domain is part o
I would like to use the AskDNS plugin to query a private DBL that I can
populate/manage. The idea is to subtract a few points for inbound O365 domains
that have been seen before in an effort to help block compromised O365 accounts
from domains that have never been seen before.
Ideally a new ta
On 17 Apr 2019, at 15:16, jandev wrote:
> Surprisingly the ip/domain is part of a SA shipped white list: Rule
> USER_IN_DEF_SPF_WL gave it -7.5!
Is there a reason you didn't disclose the IP address? That domain is NOT listed
in the current 60_whitelist_spf.cf
It IS listed in 60_whitelist_auth.c
On Wed, 17 Apr 2019 14:16:30 -0700 (MST)
jandev wrote:
> Hi all
>
> Yesterday our mail server received unwanted email from simpliv.com.
> ...
> Surprisingly the ip/domain is part of a SA shipped white list: Rule
> USER_IN_DEF_SPF_WL gave it -7.5!
I was going to suggest you unwhitelist it yoursel
Hi all
Yesterday our mail server received unwanted email from simpliv.com. It was
valid DKIM signed for mail.simpliv.com
Despite the sender ip was listed at Sorbs the email even passed the bayesian
filter:
Surprisingly the ip/domain is part of a SA shipped white list: Rule
USER_IN_DEF_SPF_WL ga
On Wed, 2019-04-17 at 08:44 -0400, buy wrote:
> The spam email contains urls that look like this:
> -
> https://www. miwilurt.
> com/mKC7AeJAmPT5duDOp6rh_aOmQfdpzd_Ewgbm87h8By6313NSjVfHM10dT8MhiBk0X
> UB4g9vTUZrRs2U1fJUYCA~~/">click
> here
>
> Spam
On Wed, 17 Apr 2019, RW wrote:
On Wed, 17 Apr 2019 08:44:32 -0400
buy wrote:
Hi,
I've been encountering spammers putting whitespace in the
domain area of a url. My rule is not catching them.
...
Spamassassin rule looks like this (NO MATCH):
uri
Let's talk about those works of art that elude our best filters. Written and
posted like a legit message, their only threat is a big red button with a label
that says "do not push me". In truth, they are just a "click here for your
overdue bill" and similar hooks for the gullible few.
There are
On Wed, Apr 17, 2019 at 02:00:26PM +0100, RW wrote:
> On Wed, 17 Apr 2019 08:44:32 -0400
> buy wrote:
>
> > Hi,
> >
> > I've been encountering spammers putting whitespace in the
> > domain area of a url. My rule is not catching them.
> > ...
> > Spamassassin rule looks like this (NO MATCH):
> >
On Wed, 17 Apr 2019 14:00:26 +0100
RW wrote:
> On Wed, 17 Apr 2019 08:44:32 -0400
> buy wrote:
>
> > Hi,
> >
> > I've been encountering spammers putting whitespace in the
> > domain area of a url. My rule is not catching them.
> > ...
> > Spamassassin rule looks like this (NO MATCH):
> > --
On Wed, 17 Apr 2019 08:44:32 -0400
buy wrote:
> Hi,
>
> I've been encountering spammers putting whitespace in the
> domain area of a url. My rule is not catching them.
> ...
> Spamassassin rule looks like this (NO MATCH):
>
> uri NC_SPAM292 /ht
Hi,
I've been encountering spammers putting whitespace in the
domain area of a url. My rule is not catching them. An
equivalent pattern match in perl does catch them.
The spam email contains urls that look like this:
-
https://www. miwilurt.
com
Depending on your level of interest you might join the sysadmins list but
here is a high level overview.
Rules are checked into trunk and then go through distributed volunteer
masschecks for promotion, demotion and rule qa for a genetic algorithm for
scoring.
When the system deems they are ok, DN
Hello,
I am wondering how fixed and new rules go from the developer branch to the
official updates. The website is a bit vague in this respect.
Matthias
14 matches
Mail list logo
