I realize blocking all javascript is prone to error,
What legitimate email uses javascript?
And more important: which email clients do actually process Javascript
that comes within an email? Thunderbird doesn't since 10 or 20 years
ago. I don't know of any other as well. This phish is probab
John Hardin schrieb am 06.04.2021 um 16:34:
On Mon, 5 Apr 2021, Grant Taylor wrote:
On 4/5/21 8:41 PM, Peter West wrote:
I’d agree it’s address verification, as with the Unsubscribe link at
the bottom.
I'm of the opinion that if I have any inclining of knowledge of the
company sending the e
Peter West schrieb am 14.03.2021 um 14:30:
header CASINO From =~ /\bcasino\b/i
score 100.0
===
It’s hitting the CASINO rule, but no matter what valoue I assign to the casino
rules - 5, 20 , 100, these messages always come through with a value of 4.1.
It’s as though some toerh rule is res
Dan Malm schrieb am 19.02.2021 um 13:28:
I have a system that received mail from a webmail product that adds a
X-Originating-IP header with the IP of the webmail user.
Since Spamassassin for some reason considers that to be a
Received-header that results in all mails from the webmail hitting the
Kris Deugau schrieb am 10.02.2021 um 17:17:
Bill Cole wrote:
On 9 Feb 2021, at 18:37, Kenneth Porter wrote:
All minimally secure MUAs ignore any embedded JavaScript. Any MUA
written in this century that executes JavaScript should itself be
deemed malware.
Thunderbird and Seamonkey both hav
Philipp Ewald schrieb am 13.01.2021 um 18:40:
Subject: : Mailservice: Neue Mail
The rule actually matches, if you have usernames like "anton.b", which
produces a subject like this:
Subject: : Mailservice: Neue Mail
However, the rule scores a measly 0.749, which isn't marking a message
as sp
Philipp Ewald schrieb am 13.01.2021 um 16:57:
we try to deliver mails to GMX/WEB but we got frequency blocked
because "ro-reply@ Mails" hits following rules:
SUBJ_OBFU_PUNCT_FEW -> Possible punctuation-obfuscated Subject: header
SUBJ_OBFU_PUNCT_MANY -> Punctuation-obfuscated Subject: header
If you block something, you have to ask yourself: How many innocent,
unsuspecting legitimate senders
Who cares, these "unsuspecting legitimate senders" should take their
business somewhere else.
This is extremist. You are confusing offenders with victims. Fight
offenders, not victims. Every s
A regular source of spam is outlook.com; or at least that is the
domain that delivered the junk to my domain.
Outlook.com is a legitimate email provider and not known for ignoring
reports. If you block outlook.com, you have to block google.com for the
same reason. And everything sent through ama
Difficult to find an appropriate thread.
I fully support the naming changes, in current configurations and new
projects. Be it with SpamAssassin, be it with everything else.
The changes are necessary. They are overdue for years.
I woke up last year from being an "old white man". I was an old w
Marc Roos wrote:
4. auto reply with something like (maybe with a wait time of x hours):
Your message did not receive the final recipient. You are sending
from a known spam provider
network that is why we blocked your message. Please confirm that:
- you are not a spammer and
- you
Kevin A. McGrail schrieb am 29.01.2020 um 20:12:
- Fix for CRLF handling with SpamAssMilter & DKIM
Sorry that I didn't check and write about rc1, but I can confirm that
for me, valid DKIM signatures are again detected as valid with the
released 3.4.4.
Many thanks!
Alex
Henrik K schrieb am 18.01.2020 um 08:15:
On Sat, Jan 18, 2020 at 06:56:53AM +0200, Henrik K wrote:
On Tue, Jan 14, 2020 at 02:38:06PM +0100, Alex Woick wrote:
Link to complete message:
[2]https://pastebin.com/raw/1DLtnuRX
Spamassassin is running as spamc/spamd, and is embedded in Postfix with
Spamassassin (3.4.3, the same with previous) declares all or almost all
the incoming DKIM-signed messages as DKIM_INVALID, and I'm not
understanding why.
I'm running opendkim on the mail server as milter with Postfix, and the
opendkim headers say the same dkim signatures are all valid.
Example
& G-Suite) - is now fundamentally broken. Within days, invaluement is
going
to be releasing a game-changing service that is going to knock the whole
industry back into fearing the consequences of spamming - the way it
used to
be - and SHOULD be - except with FAR LESS collateral damage than
tra
@lbutlr schrieb am 16.06.2019 um 23:41:
Seems like the -I fall should be taking care of this for me, at present. But
how do I tell spamass-milter not to check for PBL and other similar tests on
mails from local users to local users?
With postfix, best practice for locally submitted mail is to
The description is strangely wrong. It seems the person who created the
description didn't understand what the rule does. He probably wasn't the
rule creator. Or the rule was changed to the opposite without updating
the description.
The rule itself is also somewhat strange, because (?!localhost)
Kevin A. McGrail schrieb am 16.02.2019 um 17:59:
Insider threat detection is a whole different ball of wax from backup
and disaster recovery. However, there are numerous protocols to help
for that threat. Specifically Principle of Least Privilege (POLP) and
Separation of Duties. I consider th
Well, I saw in my log analyzer there were about 10 times the connection
attempts than usually. That day only. They all bounced off from
postscreen, so there is nothing more to say about this.
Alex
Pedro David Marco schrieb am 22.01.2019 um 18:12:
Out of curiosity...
we are noticing a huge sp
In the last weeks I tried to create custom rules for several spam not
catched (mostly german), and it's always the same:
- identify catchy phrases that (hopefully) only appear in that kind of spam
- make indirect rules for the catchy phrases
- make meta rules for combining a certain amount of cat
Kevin A. McGrail schrieb am 19.09.2018 um 22:28:
Alex, sought isn't published, correct? We have to get sought2 relit now
that 3.4.2 is in the can.
Correct, sought isn't published with 3.4.2. It's only in the 3.4.1
Fedora/Redhat rpm distributions until now, from where it should be
removed by
I'd like to report some things I noticed while updating from SA 3.4.1 to
SA 3.4.2 on CentOS 7. No serious problems, but I'd like to mention if
someone also tries to update on CentOS 7.
I created the 3.4.2 rpm by downloading the latest Fedora Core 3.4.1 src
rpm. Then I did:
- remove all patches
You are not at the mercy of whatever spamass-milter decides to do. There
are 2 things spamass-milter can do with the mail:
1. accept the mail
2. reject the mail
Whether it rejects depends on the spam score passed by Spamassassin. See
the -r parameter in the spamass-milter man page that will d
Nick Bright schrieb am 24.07.2018 um 01:38:
So I ask: what is the best practice for learning submissions when
using site-wide bayes?
From what I learnt about best practice:
- before implementing spam-learning based on user-submissions, figure
out how educated your users are with identifyin
Palvelin Postmaster schrieb am 30.05.2018 um 14:49:
Why does this list apparently use the original From header of the poster’s
message and doesn't set a Reply-To header at all?
Hitting reply sends the response to poster directly and DMARC failures occur
when posting to list. Not very elegant.
David B Funk schrieb am 10.05.2018 um 20:23:
On Thu, 10 May 2018, John Hardin wrote:
On Thu, 10 May 2018, Matthew Broadhead wrote:
On 09/05/18 20:43, David Jones wrote:
On 05/09/2018 01:29 PM, Matthew Broadhead wrote:
On 09/05/18 16:37, Reindl Harald wrote:
quoting URIBL_BLOCKED is a joke
Chip schrieb am 19.01.2018 um 00:49:
The end point here is to examine the email headers that specifically
refer to dkim and spf signatures. Based on fail or pass, or some
combination in concert with the sender's email address, they get moved
into fail or pass folders.
The right thing to do this
Chip schrieb am 18.01.2018 um 23:43:
yes I'm starting to see that. I may need to build a box specifically
suited for this using procmail. I had hoped that I could stay with the VPS.
Nevertheless, I've heard two contradictory pieces of advise here and
would like to know which is correct or most
Kevin A. McGrail schrieb am 10.01.2018 um 15:09:
>
> Anyone having issues with Sha1 failures on their machines on sa-updates?
>
> Anyone familiar with sa-update.cron so we can try and get more data
on this bug below?
I'm using sa-update.cron from CentoOS 7. Here it failed once on
09-Jan-2018 0
Timothy Murphy schrieb am 18.06.2014 14:59:
I'm running Postfix with dovecot, spamass-milter and SpamAssassin
on a CentOS-6.5 server.
At the moment I am sending spam to my spam folder ~/Maildir/.Spam/
with procmail, by appending
mailbox_command = /usr/bin/procmail -f- -a "$USER"
to /etc/pos
It's actually quite easy to build a SA 3.4 rpm for Centos 6. I
downloaded the existing Fedora Core 21 spamassassin-3.4.0-2.fc21.src.rpm
from the FC 21 source repository and did a --rebuild on a Centos 6 machine.
The resulting rpm works almost as drop-in replacement for 3.3.0.
"Almost" means yo
Ron Smith schrieb am 17.07.2008 14:28:
I'm assuming that the spamc is probably failing, sending the .tmp file
back to the Submitted folder and CommuniGate is then reprocessing the
message and sending it back to scanspam.sh and so again to spamc.
Now to figure out why spamc is failing on these
Paolo De Marco schrieb am 11.07.2008 11:17:
I want to migrate to mysql form my bayes.
I have installed perl modules, mysql and modify local.cf.
When i run amavisd debug i see this lines:
Jul 11 11:16:36 mail.ial.fvg.it /usr/local/sbin/amavisd[17564]:
(!!)TROUBLE in pre_loop_hook: Undefined subr
BAYES_00 means that the bayes engine thinks the message is definitely
not spam. If this rule is hitting on spam messages, you have a problem.
Unless this is just a really hammy looking spam, you may want to
consider retraining your bayes database. And regardless, you should
always manually retra
Richard Johnson schrieb am 04.07.2008 06:35:
I then reinstall:
apt-get install spamassassin
[...]
Suggested packages:
razor libnet-ident-perl libio-socket-ssl-perl pyzor libmail-dkim-perl
Recommended packages:
spamc re2c libsys-syslog-perl
The following NEW packages will be installed
spam
Richard Johnson schrieb am 03.07.2008 10:58:
check: no loaded plugin implements 'check_main': cannot scan! at
/usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 164.
[9086] dbg: ignore: using a test message to lint rules
[9086] dbg: config: using "/etc/spamassassin" for site rules pre fi
the same for everyone, but I want to get the feel of general
statistics (If you don't mind to share)
1. How many Spam detection rate if I am using default 3.2
configuration you would expect?
> 2. If fine tuned according to the wiki, e.g. running sa-update, more
> rules set, how many % you would
Marc Ferguson schrieb am 20.06.2008 16:38:
I saw on the wiki a trick to use fake mx records in order to weed out
spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using
Evolution at home and on my laptop and I have the spamassassin plugin so
I'm constantly clicking the "junk" icon.
Linda Walsh schrieb am 12.06.2008 02:46:
1) This advice:
| Tue Jun 10 14:55:36 2008 [72096] dbg: conf: trusted_networks are not
| configured; it is recommended that you configure trusted_networks
manually
How does one decided on 'trust'?
For trusted_network in SpamAssassin, the definiti
Yes I did, and all the other backscatter is detected by vbounce fine:
whitelist_bounce_relays lxrouter.wombaz.localnet *.prima.de
But now I saw the Message-Id contained my local mail server name from
whitelist_bounce_relays:
Message-Id: <[EMAIL PROTECTED]>
The "lxrouter.wombaz.localnet" can o
Just recently backscatter starts to hit me very bad, and I found out
that bounces generated by qmail are not detected by the vbounce
plugin. Here is such a backscatter mail:
http://pastebin.com/m346c7979
Perhaps a phrase like "wasn't able to deliver your message" could be
added to the detecti
Just recently backscatter starts to hit me very bad, and I found out
that bounces generated by qmail are not detected by the vbounce plugin.
Here is such a backscatter mail:
http://pastebin.com/m346c7979
Perhaps a phrase like "wasn't able to deliver your message" could be
added to the detecti
Almost all (>95%) of my spam is tagged as BAYES_99 by SA (which is
great), but only approx. 60% of my spam is classified as spam by my
Thunderbird 2.0.0.12. Thunderbird also uses a a bayesian filtering
system. I always learn all of my spam and all of my ham in both systems
perhaps once a week,
Leveau Stanislas schrieb am 19.03.2008 19:39:
Can you show us your spamassassin configuration : local.cf
My configuration is working very well, and it is this:
(running under Fedora 7, with a remote Windows MySql 5.0.37 server).
whitelist_bounce_relays lxrouter.wombaz.localnet *.prima.de
tru
Mitchell Hudson schrieb am 19.03.2008 18:18:
I have a few questions though, you said I am not using
bayes_sql_override_username but I have "bayes_sql_override_username
spamassassin " in my config, does that not count?
I'm sorry, I overlooked that. Yes, in the configuration that you posted
Mitchell Hudson schrieb am 18.03.2008 23:59:
Simply it's not scoring, it leanrs, but doesn't put a score on any mail.
#spamassassin -D --lint
[23822] dbg: bayes: using username: spamassassin
[23822] dbg: bayes: database connection established
[23822] dbg: bayes: found bayes db version 3
[2382
The proper usage of the Bayes filter is very simple: feed spam as spam
and ham as ham. All of your mail. Don't care for content that might be
mis-learned in your eyes: it will not be mis-learned. Don't try be
smarter than the filter. The only exception is bounce-messages: don't
feed them at all
Theodore Heise schrieb am 09.03.2008 19:15:
Occasionally I get unsolicited bulk e-mail on a topic that is of
borderline interest to me. My tendency is to deleted it from my spam
folder before training the Bayes functions on my spam. I've considered
training Bayes on these messages as ham, bu
Perhaps this information is useful for someone who "suddenly"
experiences long running bayes expiration in combination with MySQL
bayes storage.
Management summmary: :-)
Run an "optimize table " on your Innodb Mysql SpamAssassin
tables, if you suddenly experience long bayes expiry times.
L
Rubin Bennett schrieb am 22.01.2008 17:12:
I'm running SpamAssassin 3.2.3 (from Mandriva 2008.0), MySQL 5.0.45,
perl-DBD-mysql-4.005, libdbi-drivers-dbd-mysql-0.8.2.
What about perl-DBI-*? The libdbi-* drivers are not for perl, they are
for C programming. For database access to MySQL from Per
Matt Kettler schrieb am 14.12.2007 03:46:
1) Plugins are somewhat new to SA (ie: 3.0.0 and higher)
2) While not really hard, the work involved in making a sa plugin is
non-trivial
3) You have to know perl.
The real challenge in writing a plugin is not the coding itself. It is
the algorithm that
Igor Chudov schrieb am 26.11.2007 18:01:
I get a lot of spams where I am being "offered" a lucrative occupation
that involves transferring finanscial assets from one place to
another. It is clearly a scam, however, I am now sure what.
This is the way phishers transfer stolen money from a "phis
Morvan Daniel Müller schrieb am 20.11.2007 13:49:
How I say to postfix to direct subject=[SPAM ] xx (mark by
spamassassin) to ~home\mail\SPAM (imap folder)
I'm using Mailbox no Maildir. Postfix deliver to /var/mail/$user and
Dovecot read from mail_location = mbox:~/mail:INBOX=/var/mail/%u
There seem to exist some address harvester that greps message-id's and
other non-address content as mail address, since I get spam to such
proven never-existed mail addresses. This list is harvested this way,
for example. There are already a few message-id's from my older list
postings that reg
Bob Proulx schrieb am 02.11.2007 18:24:
body FRT_OPPORTUN1 /(?!opportun)/I
body FRT_OPPORTUN2 /(?!opportun)/I
Huh? How are those rules matching? I am missing something. That
can't the right rule that is being hit here. Can someone educate me
as to what is happening here?
This rule is
Dan Mahoney, System Admin schrieb am 25.10.2007 09:13:
The problem with SpamCop is: the two step reporting process makes things
a bear to do. I understand the logic behind it, but once or twice I've
taken a couple hundred spam emails and spamassassin -r'd it...annoying
as hell.
I understand
Lars Ippich schrieb am 18.10.2007 09:32:
header RCVD_IN_DNSWL_LOWX-DNS-Whitelist =~ /^low/
scoreRCVD_IN_DNSWL_LOW-1
describe RCVD_IN_DNSWL_LOWSender listed at http://www.dnswl.org/, low trust
[...]
# web.de
trusted_networks217.72.192.
2) Postfix adds the X-DNS-Whit
Matthias Leisi schrieb am 17.10.2007 09:46:
Correct. But by setting (in your local.cf or equivalent)
| trusted_networks 204.9.177.18
you are telling SpamAssassin that this relay is not operated by a
spammer and that it should apply all black-/whitelist rules etc. to the
IP address one more hop
> I am also running an old version (3.1.7 on Ubuntu 7.04). Between SA and
> Thunderbird's own spam features, I am detecting something between 75%
> and 80% of spam. How much better is 3.2.x?
On my small system (5 users) spam detection is above 99% accuracy for my
own mail account. Less than 1
processing has ground down to really slow. I'm seeing
some incredibly long queries now in my slow-query log,
such as:
Try an "optimize table " for each of the sa
tables. You just filled the database from scratch, so
perhaps the counters/statistics do not reflect the actual
value distribution yet
processing has ground down to really slow. I'm seeing some incredibly
long queries now in my slow-query log, such as:
Try an "optimize table " for each of the sa tables. You just
filled the database from scratch, so perhaps the counters/statistics do not
reflect the actual value distribution y
Micah Anderson schrieb am 27.09.2007 02:20:
processing has ground down to really slow. I'm seeing some incredibly
long queries now in my slow-query log, such as:
Try an "optimize table " for each of the sa tables. You just
filled the database from scratch, so perhaps the counters/statistics d
> -rw-rw 1 mysql mysql 1010M Aug 28 08:25 ibdata1
> -rw-rw 1 mysql mysql 264M Aug 27 17:09 awl.ibd
> -rw-rw 1 mysql mysql 112K Aug 28 08:25 bayes_expire.ibd
> -rw-rw 1 mysql mysql 96K Aug 27 17:09 bayes_global_vars.ibd
> -rw-rw 1 mysql mysql 468M Aug 27 21:11 bayes_seen.ibd
>
Paul Lenz wrote on 12.08.2007 11:23:
Actually I write Perl programs since many years, but I am not
so familiar with the object oriented programming and I can not
discover the secrets of Spamassassin. Contretely: I was not able
to access the body of a mail.
You should consult "man perltoot" fir
Jordi wrote on 10.08.2007 11:01:
I try to use the 3308 because I have another mysql in 3306 and the SPAMD
don't take the information of the local.cf file
user_scores_dsn DBI:mysql:spamassassin:localhost:3308
Mysql is running on port 3308 and using "/tmp/mysql2.sock" and NOT
Igor Chudov schrieb am 18.07.2007 17:22:
I would like to disable Bayes analysis entirely if an email has a PDF
attachment.
Don't do it this way. Instead, learn them all to Bayes, especially the
ones that were falsely detected as non-spam. On my system, I am learning
everything to Bayes excep
Daniel J McDonald schrieb am 10.07.2007 12:05:
And how, precisely, do you set the trust on the GPG key?
I am running this command line once a day via cron as root:
/usr/bin/sa-update --channelfile
/var/lib/spamassassin/update-channels.txt --gpgkeyfile
/var/lib/spamassassin/update-channels-g
I have a site-wide Bayesian database that I trained some time ago with a few
hundred hams, and then since then I've trained spam into it anytime I
received a false negative.
[...]
I noticed something interesting - all the spam I've gotten in at least the
last few days has scored 0 on Bayes.
I
John Rudd wrote:
Botnet's score of 5 is meant to say "this message should be quarantined
or flagged for review". It's not saying "this message is _definitely_
spam".
In my opinion, this is not quite according to the concept of
SpamAssassin. SA has a bunch of rules that give qualified hints
I have two nameservers in my /etc/resolv.conf:
nameserver 10.10.10.11
nameserver 10.10.10.12
Now, the named daemon on 10.10.10.11 was stopped. The one on 10.10.10.12
was still up. SpamAssassin, which is also running on 10.10.10.11,
suddenly threw these errors upon every dns request:
Jun 26 1
I saw a number of posts on this list earlier indicating that Bayesian
filter learning and/or application of learned information wasn't working
properly if the Bayesian analysis data were stored in a MySQL database
What's the status of this bug, if it is one, or if it's a
misconfiguration issue,
For anyone who's not aware of it, I should mention that Michael Monnerie
has been maintaining a German spam ruleset for quite some time and has
been as of late updating it often.
# Home: http://sa.zmi.at/rulesets/70_zmi_german.cf
Interesting, it contains a collection of stock spam rules amazi
Well, perhaps that is a more generic spam indicator: german text but not a
single Umlaut. I must think about that.
You'd want a length qualifier on that test. An email of simply "Danke" would
contain a very small number of umlauts.
Perhaps, such a rule should look for frequently used german w
Apart from the imageshack stuff just seem to generally have a lot of spam in
the german langauge getting through the filters, has anyone else experienced
the same.
Certainly. It's getting through, because there are almost no german
language specific rules in the default rules of SpamAssassin, an
Is it possible to display the version and/or publishing date of the
ruleset in the mail headers, for example in the X-Spam-Checker-Version:
header? So we can see if the ruleset has been kept up-to-date with
sa-update.
Alex
Matt Kettler wrote:
That said, I think the AWL is a great idea, but not ready for production
use on servers with reasonable mail volume. I say that because it
completely lacks any kind of useful (ie: atime based) expiry mechanism.
The only way to prune the AWL database is by hitcount, using the
c
Hello,
I am using the VBounce.pm plugin to catch backscatter bounces, and there
is a small problem with locally auto-created mail. The mail is is
created by Cron on a Fedora Core 5 system and is attached below. It is
falsely declared as BOUNCE_MESSAGE because of the "Auto-Submitted:
auto-gene
Don't overrate Bayes. Don't focus solely on a bullet-proof highly
available clustered or replicated database. If the Bayes database is
gone, only one check is gone! All the others are still there.
For my mail content, the real filtering power today come from the
network checks such as url-bloc
78 matches
Mail list logo
