Good day Guys
Something to see and keep an eye on (Read: Why build this tool)
https://www.kitploit.com/2022/01/espoofer-email-spoofing-testing-tool.html
HTH
Regards
Brent Clark
Is there a roll back or a cure?
Regards
Brent
On 2022/02/18 11:51, Bert Van de Poel wrote:
Hi everyone,
I just noticed we had two email servers complain last night after
running sa-update about a regex problem:
/etc/cron.daily/spamassassin:
config: invalid regexp for __URI_TRY_3LD
'm,^https
Hi there
Yip!!
Got the same.
Regards
Brent
On 2022/02/18 11:51, Bert Van de Poel wrote:
Hi everyone,
I just noticed we had two email servers complain last night after
running sa-update about a regex problem:
/etc/cron.daily/spamassassin:
config: invalid regexp for __URI_TRY_3LD
'm,^https?:
Good day Guys
Something I came across this morning.
Thought I would share.
https://www.bleepingcomputer.com/news/security/spammers-use-squirrelwaffle-malware-to-drop-cobalt-strike/
Regards
Brent
Good day Guy
I came across this (via slashdot).
https://www.wired.com/story/cloudflare-taking-a-shot-at-email-security/
Interesting times.
Regards
Brent
Good day Guys
Something I came across, and thought I would share / forward
https://gbhackers.com/hackers-using-new-obfuscation-mechanisms-to-evade-detection-of-phishing-campaign/
Hope this helps.
Regards
Brent
Are you able to submit your spam to PCC / KAM.
That way the community as a whole can be benefit.
Regards
Brent
On 2021/03/16 19:16, Steve Dondley wrote:
I have been accumulating spam/ham samples and sorting them out into
different directories on my server. As new spam/ham comes in, I throw
it
Good day Guys
I just want to check with the community, is there anybody using SA's bayes with
the Redis backend?
I work at a largish ISP, so we talking lots of mail.
There is no real question, but what I would like to find out is (and to ask),
does it scale and are any pitfalls?
Naturally, we
Good day Guys
A thread on the Clamav mailinglist that may be of interest to the community.
https://lists.clamav.net/pipermail/clamav-users/2020-September/009875.html
HTH
Regards
Brent
Good day Guys
Got this off Hackernews. Thought I would share the link.
https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/
Interesting comments too.
Regards
Brent
Sir, you are being awfully rude and personal.
Regards
Brent
On 2020/07/14 10:56, Marc Roos wrote:
It looks to me, like nobody is taking time to think. Just telling
someone to fork code is rediculous and shows contempt for users. If
something is opensource it does not mean you can act without a
On 2020/07/10 09:45, Marc Roos wrote:
Good day Guys
You are being a tad discriminative, by assuming there are no ladies
reading these messages. Which is highly inappropriate for the current
thread. ;)
LOL
Touche
But you right.
I need to remember to start with 'Good day All'.
Regards
Bre
On 2020/07/10 09:38, Olivier wrote:
And if SA is not upgraded, the user base will shrink and it may lead to
the death of SA.
Best regards,
Olivier
Well said.
There is a lot more in play that needs to be understood to all this.
Regards
Brent
n and will to drive this.
You have my support.
Thank you to all for your work and efforts.
Regards
Brent Clark
On 2020/07/10 09:22, Axb wrote:
On 7/10/20 9:13 AM, Gianluca Furnarotto wrote:
This is foolish, we are losing control. I have nothing else to think
about ... and the next one that
Thanks so much Rick
Much appreciated.
Regards
Brent Clark
On 2020/05/07 19:41, Rick Cooper wrote:
Brent Clark wrote:
Hi Rick
Will you be willing to share your Exim and SA rules / code?
So that the community can benefit from your finding and work.
Pretty standard exim acl
The
Hi Rick
Will you be willing to share your Exim and SA rules / code?
So that the community can benefit from your finding and work.
Regards
Brent Clark
On 2020/05/05 20:00, Rick Cooper wrote:
Henrik K wrote:
On Tue, May 05, 2020 at 12:51:36PM -0400, Rick Cooper wrote:
We received a couple
Good day Guys
Our good friends are at it again.
https://pastebin.com/raw/vjFcPzLE
I haven't written anything yet.
Thought I would share in the mean time.
Regards
Brent
On 2020/04/22 16:44, Brent Clark wrote:
I want to add, I tried this as well, and it *did* match. But it feels
c
I want to add, I tried this as well, and it *did* match. But it feels
clunky.
https://pastebin.com/raw/7FaqnByB
Regards
Brent
On 2020/04/22 16:14, Brent Clark wrote:
Sorry in that example I copied body.
I tried rawbody and body.
Regards
Brent
On 2020/04/22 16:11, Brent Clark wrote:
Good
Sorry in that example I copied body.
I tried rawbody and body.
Regards
Brent
On 2020/04/22 16:11, Brent Clark wrote:
Good day Guys
I would like to ask it someone could help write a rule for the following
base64 encoded sextorsion.
https://pastebin.com/raw/MWYmfkuh
I tried using rawbody
/8J2XrvCdmIHwnZiB8J2XsvCdl7vwnZiB8J2XtvCdl7zwnZe7/
describe BASESEX Base64 Sextorsion
scoreBASESEX 2.0
If anyone could assist, it would be appreciated.
King regards
Brent Clark
Quite an overhead you are suggesting / proposing there, dont you think?
All the OP needs to do is, first and foremost, sort out that
USER_IN_WHITELIST.
Then I recommend throwing in KAM rules and extremeshoks fromreplyto plugin.
And if the OP is really serious, enable Sane security signatures.
Spin up a vagrant instance and test.
I recommend using the scan size to 1024. For I found anything less was
getting missed.
# Increase scanning size of FuzzyOCR to 1024
sed -i 's/#focr_max_height 800/focr_max_height 1024/'
/etc/spamassassin/FuzzyOcr.cf
sed -i 's/#focr_max_width 800/focr_max
Out of interest, why do you want this?
What are you hoping to gain?
Regards
Brent
On 2019/10/24 14:56, KADAM, SIDDHESH wrote:
Hi Folks,
Can someone please help me in retrieving a list of present rules of
Spamassassin.
Spamassassin --lint or -D option I tried but not getting expected output.
signatures.
Regards
Brent Clark
Good day Guys
Here is an interesting read I thought I would share.
https://www.darkreading.com/threat-intelligence/mimecast-rejected-over-67-million-emails-heres-what-it-learned/d/d-id/1335443
HTH
Regards
Brent
what domains is not in
20_freemail_domains.cf
https://pastebin.com/raw/ihc6AvyF
Hope this helps.
Many thanks, regards
Brent Clark
, is I am testing Proxmox's
mailgateway solution (i.e.
https://www.proxmox.com/en/proxmox-mail-gateway). and one got my
attention is, SafeBrowsing is on.
Regards
Brent Clark
On 2019/04/24 09:54, Brent Clark wrote:
On 2019/04/23 17:07, Kevin A. McGrail wrote:
Anyway, I was going to tr
Good day Guys
A very interesting read I thought I would share with the community.
https://blog.talosintelligence.com/2019/01/return-of-emotet.html
HTH
Regards
Brent Clark
Just after I sent the T_SPF_PERMERROR the following came in my inbox.
TLDR; openspf.org is down
HTH
Regards
Brent
Forwarded Message
Subject: Re: [mailop] openspf.org down
Date: Wed, 15 May 2019 13:13:30 +0200
From: Lilium via mailop
Reply-To: Lilium
To: mai...@mailop.org
H
Good day Guys
Im seeing T_SPF_PERMERROR in my logs.
Does anyone know what or where this is coming from?
Regards
Brent Clark
Shot for sharing David !!!
Regards
Brent Clark
P.s. I wonder what other tricks you have up your sleeve that you would
be willing to share. :)
On 2019/05/10 16:48, David Jones wrote:
On 5/10/19 1:52 AM, Pedro David Marco wrote:
Hi Kurt,
On the contrary, most spam i see is valid DKIM signed
spoofing
Regards
Brent Clark
en I score UNWANTED_LANGUAGE_BODY say 0.5 for now as a start.
Can anyone share their experiences, tips.
Regards
Brent Clark
On 2019/04/23 17:07, Kevin A. McGrail wrote:
Anyway, I was going to try and run a second daemon or look at hits for
Safebrowsing. as a method for scoring, not blocking. The
listing and delisting policies are unclear to me and I think there is a
good potential for FPs.
Regards,
KAM
Good da
Good days Guys
Just want to pick the communities brain for a second.
Does anyone use Mail::SpamAssassin::Plugin::GoogleSafeBrowsing or better
enable 'SafeBrowsing Yes' to freshclams configuration file?
I see SafeBrowsing is a blacklist service provided by Google that
provides lists of URLs f
Good day David
Looking at what you got going, Im glad I asked this request.
Thanks very much for sharing.
Kind Regards
Brent Clark
On 2019/04/18 15:52, David Jones wrote:
On 4/18/19 1:55 AM, Brent Clark wrote:
Good day Guys
Would anyone be willing to share their shortcircuiting list
Good day Guys
Would anyone be willing to share their shortcircuiting list.
Currently I am just shortcircuiting CLAMAV, Im looking to improve SA.
Many thanks.
Regards
Brent
.
headerHTEST Subject =~
/[0-9]?\s?(Underliverable|Incoming)?\sMessages\s(for|failed)?\s?(for)?/i
score HTEST 0.01
describe HTEST Testing new rule
Many thanks
Brent Clark
-valid.csv
Reason for my concern / question is, I have never seen anything hit.
I tried a few spams from my google spam box, still nothing triggers.
Regards
Brent Clark
On 2018/12/10 13:57, ozgurerdogan wrote:
I simply need to write custom rules to block certain mails, domain names. Do
I have to learn programming language for this? Is not it easy like create a
conf file and let Sa update rules from that source remotely via http?
Nothing comes to mind, else
On 2018/12/10 13:18, ozgurerdogan wrote:
I have many servers using spamassassin. Time to time, I may need to add
custom rules to SA to block certain mails. It is time consuming doing it on
each server. Is it somehow possible to create a one source for all
Spamassassin using server and update r
On 2018/12/08 21:21, Dave Wreski wrote:
I'd also consider changing to mariadb if it's supported by your
distribution.
Regards,
Dave
^ This
Regards
Brent
Sorry if I can just add, maybe the documentation can be updated?
https://wiki.apache.org/spamassassin/RelayCountryPlugin
Regards
Brent
On 2018/11/28 12:32, Brent Clark wrote:
This was it.
You guys are the best. Thanks so much.
Regards
Brent
On 2018/11/28 08:26, Dominic Raferd wrote:
On
This was it.
You guys are the best. Thanks so much.
Regards
Brent
On 2018/11/28 08:26, Dominic Raferd wrote:
On Wed, 28 Nov 2018 at 06:15, Brent Clark <mailto:brentgclarkl...@gmail.com>> wrote:
Thanks for replying
I did as you asked, here is the pastebin
https://pas
pastebin below,
it does not display RELAYCOUNTRY
https://pastebin.com/sh8S10ph
I am at a complete loss on this one.
Thanks in advance for your help.
Regards
Brent
On 2018/11/27 16:02, RW wrote:
On Tue, 27 Nov 2018 12:51:40 +0200
Brent Clark wrote:
Good day Guys
I have the following sp
ry Edition: KR, Korea, Republic of
Would anyone please share a rule, I can use to catch the above spam.
Regards
Brent Clark
P.s.
Im running
spamassassin 3.4.2-1~deb9u1
Good day Guys
Just came across and share
https://news.ycombinator.com/item?id=18458212
thats leads too https://lwn.net/Articles/769917/
HTH
Brent
P.s. From my side, thanks to all involved and for your time. Much
appreciated.
On 2018/11/08 00:14, Kenneth Porter wrote:
On 11/7/2018 1:24 PM, Kris Deugau wrote:
I call ClamAV from MIMEDefang before invoking SA. I use the "unofficial
sigs" package (available as an RPM via yum for Red Hat systems) for much
better detection.
https://sourceforge.net/projects/unoffici
Olivier,
Thank you *ever* so much for replying.
Regards
Brent
On 2018/10/16 06:49, Olivier wrote:
Brent,
I have Fuzzy OCR installed and running, but the only rule that was
trigered 22 times during the past 40 days was FUZZY_OCR_WRONG_CTYPE,
meaning that the image type does not match the conten
/10/12 15:11, Brent Clark wrote:
Good day Guys
I am getting quite a bit of image spam, and googling put me in the
direction of a tool called FuzzyOCR.
What I did was configure vagrant to install spamassassin and fuzzyocr,
and fuzzyocr does not appear to be catching my spam (The example
provided
Apologies for the subject.
It was meant to read "Is fuzzyocr i.e. Image scanning, warranted in 2018"
Regards
Brent
On 2018/10/12 15:11, Brent Clark wrote:
Good day Guys
I am getting quite a bit of image spam, and googling put me in the
direction of a tool called FuzzyOCR.
What
Good day Guys
I am getting quite a bit of image spam, and googling put me in the
direction of a tool called FuzzyOCR.
What I did was configure vagrant to install spamassassin and fuzzyocr,
and fuzzyocr does not appear to be catching my spam (The example
provided work).
Before I go down the
Hiya
Do any of you guys use the following list.
http://malware.hiperlinks.com.br/cgi/submit?action=list_sa
If so, may I ask how do you find the results, and is it worth adding to
spamassassin.
Kind Regards
Brent Clark
e, exiting with code 4
Would you know how I could fix this?
Kind Regards
Brent Clark
at patching it.
Please paste your workings.
Regards
Brent Clark
Regards
Brent Clark
Hiya
I would like to know, what are the implications of using / enabling
shortcircuit.
Other than speeding up the scan processing, from my side, I cant see a
downgrade in spam detection.
Kind Regards
Brent Clark
y question is, how do I fix this or make this go away, or is this one
of the curses of spamassassin running on another machine with a
different Os.
Thank you in advance.
Kind Regards
Brent Clark
Michael Scheidell wrote:
Did you use the freebsd port?
Yes
Is your firewall open outbound to let razor packets out (and back in?)
Turned out to be this one, cant believe I made this mistake.
Live and learn
Thanks
root wheel 14110 Jun 10 11:20
/usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm
spamassasin#
If anyone could assist, I would really appreciate it.
Kind Regards
Brent Clark
/nonexistent/.spamassassin/auto-whitelist.lock.spamassasin.eccotours.local.63534
for
/nonexistent/.spamassassin/auto-whitelist.lock: No such file or directory
If anyone could assist, I would really appreciate it.
Kind Regards
Brent Clark
61 matches
Mail list logo
