On Sat, 22 Jun 2024, Paul Schmehl wrote:
On Jun 22, 2024, at 12:28 AM, Kenneth Porter
wrote:
On 6/21/2024 8:56 PM, Paul Schmehl wrote:
I scratched my head, then looked up the man page for sa-update on the
web. Sure enough, that’s where the rules
go. Is that where my local.c
On Thu, 28 Mar 2024, Philip Prindeville via users wrote:
On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote:
On 27.03.24 20:56, Philip Prindeville via users wrote:
I have something that looks like:
whitelist_from_rcvd v...@yandex.ru vger.kernel.org
blacklist_from *@yandex.ru
And
Denny,
If you read the fine manual for the spamassassin configuration file, in section
for 'score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ]'
You'll see:
If only one valid score is listed, then that score is always used for a test.
If four valid scores are listed, then the score that i
On Sat, 5 Aug 2023, Grant Taylor via users wrote:
On 8/5/23 6:42 PM, Martin Gregorie wrote:
Yes given that he is
Sorry, I as asking for differences between Energy Creatures and Trolls.
I agree with your advice about the particular EC / T.
I'm still trying to understand the conceptual differ
On Wed, 2 Aug 2023, Thomas Cameron via users wrote:
Thank you very much. The message that slipped through today was NOT one of
the ones being discussed in this thread, it was a different format and
totally different message. I only included it to demonstrate that my server
was not being reject
On Fri, 28 Jul 2023, Jared Hall wrote:
On 7/27/2023 12:08 PM, Ken D'Ambrosio wrote:
Hey, all. I've recently started getting spam that's really hard to deal
with, and I'm open to suggestions as to how to approach it. Superficially,
[snip..]
The damn body's been encoded! And there's so little
If you do that you will guarantee yourself to get bunches of spam that might
otherwise be tagged by SA.
the "welcomelist" mechanism says:
Anybody who matches this criteria we consider strongly not to be spam
(regardless of how spammy all the other metrics may say it is).
You should "welco
Assuming you own/manage your infrastructure it should be straight-forward.
Create SFP records for your domain & SMTP server, set them to either soft or
hard fail mode.
If you can, also set up DKIM signing of your outgoing mail.
Then create rules that looks for your from address in a message
On Wed, 12 Jul 2023, Wingfully Team via users wrote:
Hi,
I’m using SpamAssassin 3.4.0 on a VPS hosted by Hostinger with CentOS 7.
CyberPanel was installed by Hostinger.
I am constantly (every 90 seconds) seeing spamassassin fail to start, seemingly
because it can’t find the PID file. I’m sen
what useful information would you be looking for from this kind of comparison?
All the time I receive mail from people with non-local domains and regularly
receive e-mail from co-workers using the same domain as me.
The kind of things that might be useful are:
1) detecting local-domain forger
On Sat, 14 Jan 2023, Benny Pedersen wrote:
Benny Pedersen skrev den 2023-01-14 03:59:
header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email addresses
score TO_SPECIFIC_DOMAIN -0.5
tested works if i mail myself :=
On Mon, 3 Oct 2022, Loren Wilton wrote:
I'm getting a bunch of spams from fake gmail accounts that consist of one
short line of text and a 2 MB jpg file.
The subject and body text are pretty much random beyond that.
How do I check for the following?
--e345f305ea2680cd
Content-Type
On Thu, 29 Sep 2022, Maurizio Caloro wrote:
First let me thanks for your quick help, yes now are running:-)
mistake:
named.conf.options
-listen-on { A.B.C.D, localhost; };
+listen-on { any; };
After this, the error in Spamd.log disapper, greate!
Your mistake is that 'local
On Thu, 29 Sep 2022, Matus UHLAR - fantomas wrote:
[snip..]
/usr/local/share/perl/5.28.1/Mail/SpamAssassin/DnsResolver.pm line 742,
line 189.
Wed Sep 28 21:46:55 2022 [9418] info: dns: bad dns reply: bgread: recv()
failed: Connection refused at
/usr/local/share/perl/5.28.1/Mail/SpamAssassin/D
How big was the message? (attached images can be pretty big).
Depending on the "glue" you use to connect your mail MTA to SA, it may have some
kind of size restriction.
For example, the 'spamc' client has a 'max-size' parameter (which defaults to
500KB). Any message larger than that size will
On Tue, 19 Oct 2021, Linkcheck wrote:
Ok, thanks, Dave.
'--helper-home-dir' option needs an '='
Also, --max-children?
I have been playing with options based on suggestions here. I now have the
spamassassin options as:
OPTIONS="--nouser-config -4 -i 127.0.0.1 --max-children=5
--helper-ho
On Mon, 11 Oct 2021, David B Funk wrote:
On Mon, 11 Oct 2021, Jerry Malcolm wrote:
I am getting tons of emails that are very obviously spam (elongation,
russian beauties, etc) that are getting a -5 score added on the white list
tes
t:
CVD_IN_DNSWL_HIRBL: Sender listed at https
On Mon, 11 Oct 2021, Jerry Malcolm wrote:
I am getting tons of emails that are very obviously spam (elongation, russian
beauties, etc) that are getting a -5 score added on the white list tes
t:
CVD_IN_DNSWL_HIRBL: Sender listed at https://www.dnswl.org/, high trust
I'm curious about the usef
On Fri, 30 Jul 2021, David Bürgin wrote:
David Bürgin:
Resolved. Perhaps the documentation should be updated.
There are notes for options ‘remove_header’ and ‘clear_headers’ that
‘X-Spam-Checker-Version is not removable’, so a straightforward fix to
the documentation would be replacing senten
On Wed, 28 Jul 2021, Antony Stone wrote:
On Wednesday 28 July 2021 at 19:51:49, Pedro David Marco wrote:
Hi!
i have spam with this header:
Received: from a48-115.smtp-out.amazonses.com (HELO
a48-115.smtp-out.amazonses.com) (54.240.48.115)
Is there any way, based on its fqdn, to know whether
On Fri, 25 Jun 2021, Greg Troxel wrote:
RW writes:
You can reach out
to our Customer Support Team+1 (800) 781 - 2511.
Is it common in the US to put 800 in brackets like that? In my
experience brackets normally go around either country codes or area
codes, digits that may be optional.
On Fri, 23 Apr 2021, Steve Dondley wrote:
I'm looking at KAM.cf. There is this rule:
body__KAM_WEB2 /INDIA based
IT|indian.based.website|certified.it.company/i
I'm wondering if there is a good reason why a singe period is used instead of
something like \s+ which would catch multiple sp
On Thu, 22 Apr 2021, Matus UHLAR - fantomas wrote:
On 22.04.21 14:21, Steve Dondley wrote:
pts rule name description
--
--
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
On Fri, 9 Apr 2021, spamassas...@mach2.franken.de wrote:
Am 07.04.2021 um 12:27 schrieb Antony Stone:
I am running said packet install from an internet tutorial.
Who wrote that tutorial and where does it point you to get the packages
from?
Antony.
Hmm, it says execute the following comm
On Thu, 3 Sep 2020, bobby wrote:
I am following this tutorial:
https://www.linuxbabe.com/redhat/spamassassin-centos-rhel-block-email-spam.I
followed the steps in "Move Spam
into the Junk Folder". When I send an email from a blacklisted e-mail address,
I get a bounce e-mail from my e-mail ser
On Wed, 26 Feb 2020, Benny Pedersen wrote:
Robert A. Ober skrev den 2020-02-26 02:28:
I have a user that is getting many emails with obscene subjects.
Someone is spoofing the From to include the users domain so the email
is hitting "USER_IN_WHITELIST". I have installed the plugins from
extrem
On Fri, 4 Oct 2019, Philip wrote:
Morning List,
Lately I'm getting a bunch of emails that are showing up with two email
addresses in the From: field.
From: "Persons Name "
When you look in your mail client (Outlook, Thunderbird) it's showing only
"Persons Name "
Is there a way I can mar
service or did you stop & restart the spamd daemon?
The spamd daemon is the thing that you need to restart to get it to process the
config files.
On Fri, 27 Sep 2019, David B Funk wrote:
Jerry,
That looks like a functional implementation of the "spamc" client.
So that implies
seem
to like splattering all over the hard drive... :-). Where should I be
looking to find the SA log files?
Thanks again.
Jerry
On 9/27/2019 6:46 PM, David B Funk wrote:
Jerry,
That looks like a functional implementation of the "spamc" client.
So that implies your system is using &
Jerry,
That looks like a functional implementation of the "spamc" client.
So that implies your system is using "spamd" daemon for actual processing of the
spam. (as opposed to something like "amavis" which directly incorporates the SA
scanning engine)
Did you restart the spamd daemon after yo
This afternoon I found a spam in one of my spam-traps that was sent via
constantcontact.com and got a whopping -3.8 from IADB rules.
Why does this spam source get such a boost?
-0.0 RCVD_IN_IADB_LISTEDRBL: Participates in the IADB system
-0.1 RCVD_IN_IADB_SPF RBL: IADB: Sender
On Tue, 25 Jun 2019, Martin Gregorie wrote:
On Tue, 2019-06-25 at 16:11 +0200, hg user wrote:
I'd like to create my own RBL that answers queries about IP, domain or
address reputation.
Data should be stored in a database (mysql, postgres, redis, etc) so
that information can be added/modified/re
On Mon, 17 Jun 2019, David B Funk wrote:
Are you feeding spamass-milter the necessary information (via milter-macros
in your MTA config) so that -it- knows that particular session is
authenticated? It needs that info if it's going to synthesize the correct
header so that SpamAssassin
On Mon, 17 Jun 2019, @lbutlr wrote:
On 17 Jun 2019, at 11:06, Reindl Harald wrote:
Am 17.06.19 um 16:30 schrieb @lbutlr:
Received: from darth.lan (c-73-14.161.160.hsd1.co.comcast.net [73.14.161.160])
by mail.covisp.net(Postfix 3.4.5/8.13.0) with SMTP id unknown;
Sun, 16 Jun 2019
On Mon, 1 Apr 2019, @lbutlr wrote:
I have whitelisted amazon in /usr/local/etc/mail/spamassassin/local.cf
whitelist_auth *@*.amazon.com
whitelist_auth *@amazon.com
whitelist_from *@bounces.amazon.com
whitelist_from order-upd...@amazon.com
whitelist_from_rcvd @amazon.com amazon.com
whitelist_fro
On Mon, 25 Mar 2019, Axb wrote:
On 3/25/19 7:01 PM, Henrik K wrote:
On Mon, Mar 25, 2019 at 06:49:49PM +0100, Tobi wrote:
Am 25.03.19 um 15:18 schrieb Henrik K:
On Mon, Mar 25, 2019 at 03:00:30PM +0100, Tobi wrote:
[snip..]
uri __HAS_URI /./
tflags __HAS_URI multiple
meta __REALLY_HAS_U
On Sat, 23 Feb 2019, RW wrote:
On Fri, 22 Feb 2019 16:37:30 -0600 (CST)
David B Funk wrote:
Is there a rule "score" syntax that allows you to use the score
assigned to an existing rule to calculate the value assigned to
another rule?
...
What I want to do is to create a local r
Is there a rule "score" syntax that allows you to use the score assigned to an
existing rule to calculate the value assigned to another rule?
Specifically what I'm trying to do is to negate the "damage" a particular rule
does for messages that meet particular local criteria.
For example: "HTM
On Thu, 31 Jan 2019, Noel wrote:
On 1/31/2019 3:03 PM, Don Saklad wrote:
$ perldoc Mail::SpamAssassin::Conf
No documentation found for "Mail::SpamAssassin::Conf".
"Bill Cole"
writes:
This is not really possible.
Run 'perldoc Mail::SpamAssassi
On Tue, 15 Jan 2019, Bill Cole wrote:
On 15 Jan 2019, at 15:05, Grant Taylor wrote:
I will investigate to see if spamass-milter can fabricate a satisfactory
Received: header.
A quick look at the issue tracker for it implies that it does so. A milter that
actually works with SA really needs
On Mon, 17 Dec 2018, RW wrote:
On Mon, 17 Dec 2018 13:18:12 -0600
Rick Gutierrez wrote:
Hi list , happy holidays to all, I am trying to make this rule work
that a friend wrote in github, to be able to give a high score to
documents sent from different countries, like pakistan, china or india
,
On Mon, 10 Dec 2018, ozgurerdogan wrote:
I simply need to write custom rules to block certain mails, domain names. Do
I have to learn programming language for this? Is not it easy like create a
conf file and let Sa update rules from that source remotely via http?
If your primary need is to blo
On Mon, 3 Dec 2018, Grant Taylor wrote:
On 12/03/2018 11:53 AM, Alan Hodgson wrote:
I've been watching these for a while, and unfortunately there are a lot of
customer-service type systems that send From: addresses with quoted @domain
addresses in them. Many of them do "user@address via"
, bu
On Mon, 29 Oct 2018, Martin Gregorie wrote:
On Mon, 2018-10-29 at 15:55 +0200, Anders Gustafsson wrote:
Is there such a rule already in 3.3.x? I would ideally want a version
of that that adds to the spam score if it sees a x.x.x.x/unsubscribe
link, possibly translated.
[snip..]
describe MG_
On Wed, 17 Oct 2018, Rupert Gallagher wrote:
IC is an effort to dig a hole in the water, because the problem of image spam
with obfuscated text cannot be solved by ocr.
My approach is a "better safe than sorry" best practice that anyone can
implement with existing software:
1. do not displ
On Sat, 1 Sep 2018, David B Funk wrote:
On Sat, 1 Sep 2018, Rupert Gallagher wrote:
This is a subject line:
Re: Habemus APP LG 😉
Do you understand that is not an image (EG jpg, png, or tiff) but a UTF-8
code point ("emoji" character) glyph.
We cannot tell because y
On Sat, 1 Sep 2018, Rupert Gallagher wrote:
This is a subject line:
Re: Habemus APP LG 😉
Do you understand that is not an image (EG jpg, png, or tiff) but a UTF-8 code
point ("emoji" character) glyph.
We cannot tell because you haven't provided us with an actual message but I'm
going t
On Mon, 23 Jul 2018, Nick Bright wrote:
On 7/23/2018 7:55 PM, Reindl Harald wrote:
and even if - whats the point to store the surrounding messages in the
corpus which you should keep forever if you need rebuild from scratch
later?
what is the problem you try to solveand why can't you just stor
On Mon, 23 Jul 2018, Pedro David Marco wrote:
Not exactly a SA question but...
i am planning to run my own RBL with a nameserver, that when queried for an IP
that is not in its database, does some calculations with that IP and replies
accordingly (caching the results)...
Please, does anyone k
On Fri, 13 Jul 2018, Rupert Gallagher wrote:
A little survey on your local policies...
What do you do when a subject line is longer than 78 characters?
A. Reject
B. Accept as spam
C. Accept
That clause for 78 chars is a "SHOULD", the "MUST" is for 998 chars.
It then also says:
Again
On Fri, 1 Jun 2018, Martin Gregorie wrote:
On Fri, 2018-06-01 at 15:37 -0400, Alex wrote:
Hi,
I have an email with an address as follows that I'd like to
whitelist:
X-Envelope-From:
Using whitelist_auth doesn't appear to work:
whitelist_auth FredSavage*@cmail19.com
Try
whitelist_auth Fr
On Tue, 15 May 2018, Alex wrote:
Hi,
[snip..]
Train bayes, look for custom URIBL lists that might hit that powned website.
The IP (216.32.180.23) is listed on sorbs, but that's it, and the
domain (peabodyenergy.com) is not listed anywhere.
I wasn't referring to the site that was the sour
On Tue, 15 May 2018, Alex wrote:
Hi,
We received another of those phishes as a result of a compromised O365 account.
https://pastebin.com/raw/Fv5NKRAP
Anyone able to take a look and provide ideas on how to block them? It
passes with DKIM_VALID_AU, RCVD_IN_SENDERSCORE_90_100 and SPF_PASS.
It'
On Thu, 10 May 2018, John Hardin wrote:
On Thu, 10 May 2018, Matthew Broadhead wrote:
On 09/05/18 20:43, David Jones wrote:
On 05/09/2018 01:29 PM, Matthew Broadhead wrote:
On 09/05/18 16:37, Reindl Harald wrote:
quoting URIBL_BLOCKED is a joke - setup a *recursion* *non-forwarding*
namese
On Wed, 9 May 2018, Vincent Fox wrote:
I see an interesting dichotomy.
Students are on Google, fac/staff on O365 now.
Guess which group is phished most often?
If you said students, bzzzt.
It’s the O365 users, by a large margin. Faculty and staff should be best
trained. Also protected by
On Wed, 2 May 2018, John Hardin wrote:
On Wed, 2 May 2018, David Jones wrote:
On 05/02/2018 01:21 PM, Joe Acquisto-j4 wrote:
One slipped through, with this subtle sig line (thought it might brighten
someones day . . . )
"Note: Failure to Verify will lead to final termination of your email
On Wed, 2 May 2018, Joe Acquisto-j4 wrote:
On 5/2/2018 at 2:57 PM, in message
<0e5889ab-b61a-36ba-6b28-549f2c365...@ena.com>, David Jones
wrote:
On 05/02/2018 01:21 PM, Joe Acquisto-j4 wrote:
One slipped through, with this subtle sig line (thought it might brighten
someones day . . . )
"N
On Fri, 27 Apr 2018, Dianne Skoll wrote:
On Fri, 27 Apr 2018 14:39:43 -0500 (CDT)
David B Funk wrote:
[snip]
Define two classes of recipients:
class A == all users who want everything
class B == all users who want "standard" filtering
This works if you have a limited
On Fri, 27 Apr 2018, Joëlle Pfeffer wrote:
I have progressed.
If my rule is
header REGLE_HF002 From:name =~ /@A/i
e-mails containing
From: @A
or
From: "@AB"
or
From: "@Ab"
are not blocked
but if my rule is
header REGLE_HF002 From:name =~ /@.b/i
e-mails containing
From: "@Ab"
or
From: "@A
On Fri, 27 Apr 2018, Dianne Skoll wrote:
Hi,
I have reluctantly come to the conclusion that in some cases, it is
necessary to silently drop spam rather than reject it. This is the
situation:
An email comes in for two recipients in one SMTP trasaction (ie,
a MAIL, two RCPTs and then DATA).
On
On Fri, 27 Apr 2018, Matus UHLAR - fantomas wrote:
On 26.04.18 13:41, L A Walsh wrote:
To my way of thinking, dropping someone else's email,
telling the sender the email is being rejected for having
spam-like characteristics and telling the recipient nothing
seems like it might have legal liabi
On Tue, 24 Apr 2018, L A Walsh wrote:
These headers (not these values) are in most or all of my emails.
In one email on the net they were adjacent to SA's headers (but they
aren't in my emails). I was wondering if anyone knew what
product might be inserting these headers:
X-CSC: 0
X-CHA: v=1.
On Thu, 1 Mar 2018, John Hardin wrote:
A bunch of Javascript to display a *single image*? And it doesn't display
*any content at all* if javascript is disabled for that site?
That's what I hate about the web these days, there's too much crap
surrounding the useful content.
"too much -vulne
On Sun, 25 Feb 2018, LeandroCarlosRodrigues wrote:
Amir Caspi wrote
On that note -- regardless of what OTHER HW/SW solutions might do, since
this is a SpamAssassin mailing list ... is there any facility to implement
this in SA? That is, when calling the URIBL plugin, could it check both
the sh
On Fri, 23 Feb 2018, Amir Caspi wrote:
Hi all,
So, I've been trying to tweak my setup and noticed that VERY few of my
emails are being autolearned as spam, even when their spam threshold is far above
the autolearn threshold. The threshold is set to 12; I just saw a spam with score
>
On Thu, 22 Feb 2018, RW wrote:
On Thu, 22 Feb 2018 15:54:45 +0100
saqariden wrote:
Hello guys,
I have the following SA rule which is supposed to block base64
encoded mails:
This may be dangerous. If someone doesn't wish to use 8bit text then
base64 encoding of UTF-8 is a sensible choice; Q
On Mon, 19 Feb 2018, Axb wrote:
oooppps - missing a backslash
mimeheader AXB_CTYPE_SPELLHERO Content-Type =~ /\bapplictaion\/pdf\b/
On 02/19/2018 05:24 PM, Axb wrote:
catch today's PDF pillz spam
mimeheader AXB_CTYPE_SPELLHERO Content-Type =~ /bapplictaion\/pdf\b/
the typo is the tra
If you read that informational spamassassin wiki page referenced in that message
you'd know that it has nothing to do with querying a Russian RBL.
That Russian URI is what the query to URIBL was asking.
So your use of URIBL (via spamassassin) hit a threshold and was blocked.
Read that spamassass
On Tue, 6 Feb 2018, Kris Deugau wrote:
Alex wrote:
These phishes we've received were all from otherwise trusted sources
like salesforce, amazonses and sendgrid. These are examples that I
believe were previously whitelisted because of having received a phish
through these systems but have no bee
On Fri, 26 Jan 2018, John Hardin wrote:
On Fri, 26 Jan 2018, b...@inter-control.com wrote:
Oh, here is the X-SPAM status from the command line:
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
M1-2.dettenwanger.inter-control.com
X-Spam-Flag: YES
X-Spam-Level: ***
On Wed, 13 Dec 2017, AJ Weber wrote:
Is there an easy way to check if the Subject or From is UTF-8 -- or non-ASCII
-- char set?
I see in some of my recent spam, either the Subject or the From (sometimes
both) starts with "=?UTF-8?" (in these cases the rest is Base64 encoded, but
I don't want
On Fri, 8 Dec 2017, John Hardin wrote:
On Fri, 8 Dec 2017, AJ Weber wrote:
I'm trying to decide the best way to detect something like this.
https://pastebin.com/hCX9MWNg
That appears to be corrupt. I downloaded it and ran it through my testbed and
it wouldn't decode the body.
Don't know
On Wed, 6 Dec 2017, Alex wrote:
Hi,
sprintpcs.com has no domain security and for some reason I can't
whitelist them using whitelist_from_rcvd, or even whitelist_from just
to make it even more simple.
Can someone help me figure out what I'm doing wrong? Ideally I'd like
to avoid whitelisting th
On Fri, 27 Oct 2017, A. Schulze wrote:
Am 27.10.2017 um 07:15 schrieb @lbutlr:
RFC 822 is obsolete, replaced by RFC 2822.
... which is obsoleted by RFC 5322 and updated some other RFCs
see https://tools.ietf.org/html/rfc5322
And it still explicitly says that construct is legal:
rfc5322:3.4
On Tue, 24 Oct 2017, Pedro David Marco wrote:
Out of curiosity...
"account is deactivated due to inactive,"
is this correct in english? shouldn't it be "inactivity"?
It isn't good English, but I've seen worse from official notices.
Now the fact that it claims to be a US financial company
On Tue, 24 Oct 2017, Rupert Gallagher wrote:
Easy one. The Message-ID is not well formed / RFC compliant. We reject such
junk upfront.
Sent from ProtonMail Mobile
On Tue, Oct 24, 2017 at 8:32 PM, Alex wrote:
Hi all, I'm wondering if someone has some ideas to handle bank fraud
phishi
On Wed, 20 Sep 2017, Rupert Gallagher wrote:
> 10. The emails we send are operational and notices emails to customers -
who need them. They call on the phone and complain they haven't received
them - just to discover they were sent, but ended up in the junk.
Tell them to send you a copy of t
On Tue, 19 Sep 2017, Chris wrote:
On Wed, 2017-09-20 at 00:40 +0100, Martin Gregorie wrote:
On Tue, 2017-09-19 at 16:44 -0500, Chris wrote:
Thanks Martin, here's what I get, it appears to not be running.
sudo systemctl stop dnsmasq
[sudo] password for chris:
Failed to stop dnsmasq.service:
On Thu, 14 Sep 2017, Dianne Skoll wrote:
On Thu, 14 Sep 2017 11:27:27 -0700
"Loren Wilton" wrote:
Other than being obvious spam, they seem to be set up as though they
were legitimate commercial mailing list stuff, often containing
things like contact-id and the like in the links.
Is anyone
On Tue, 15 Aug 2017, Christopher Engelhard wrote:
On 08/14/2017 05:24 PM, Kevin A. McGrail wrote:
does mysql -u -p localhost spamdb work?
Yes, that works. The user has INSERT, DELETE, UPDATE, SELECT privileges.
Does it need CREATE? The table 'txrep' exists with columns username,
email, ip, c
On Mon, 7 Aug 2017, Jacek Osuchowski wrote:
This is an email I sent to IsNotSpam.com. They list the whole thing when
testing for spam. I am getting a lot of complains from our customers that our
emails are not received. Our domain is not blacklisted anywhere so I suspect it
is the spam filter
On Mon, 7 Aug 2017, David Jones wrote:
[snip..]
This IP is listed on SORBS and Spamhaus ZEN which are going to cause problems
with delivery to many receiving mail filters, not just SpamAssassin.
http://multirbl.valli.org/lookup/68.192.71.191.html
That's his PC which is the MSA. As it's the
On Mon, 7 Aug 2017, Alex wrote:
Hi,
On Mon, Aug 7, 2017 at 6:56 PM, Jacek Osuchowski wrote:
We use emails to allow users to reset their passwords to our website. We
send very brief emails containing the reset password. Example between :
Your password to access your account is:
S]U3bC
On Mon, 7 Aug 2017, Jerry Malcolm wrote:
I'm invoking spamd using:
CHECK SPAMC/1.2\r\n
I'm getting the expected response such as:
Spam: False ; -1.8 / 4.0
I am trying to figure out how to get the TESTS= results of the individual
tests returned as well.
(e.g.tests=[AWL=-1.103, BAYES_00=-2
On Thu, 3 Aug 2017, Kris Deugau wrote:
Ian Zimmerman wrote:
On 2017-08-03 10:38, sha...@shanew.net wrote:
The most common ones that I make use of are "multiple" and "maxhits"
in order to allow a rule to be scored for each time it hits, but to
stop counting after some threshold. I also use th
On Thu, 20 Jul 2017, Andrzej A. Filip wrote:
By default messages bigger than 500KB are not sent to spamd for
processing/scanning => the tactics you describe frequently "turns off"
spam filtering.
IMHO SA should design procedures to deal with big messages.
I personally use "sacan headers only" a
On Sat, 15 Jul 2017, Antony Stone wrote:
On Saturday 15 July 2017 at 11:19:54, mastered wrote:
Hi Nicola,
I'm not good at SHELL script language, but this might be fine:
1 - Save file into lista.txt
2 - trasform lista.txt in spamassassin rules:
cat lista.txt | sed s'/http:\/\///' | sed s'/\
On Sat, 15 Jul 2017, Antony Stone wrote:
On Saturday 15 July 2017 at 11:19:54, mastered wrote:
Hi Nicola,
I'm not good at SHELL script language, but this might be fine:
1 - Save file into lista.txt
2 - trasform lista.txt in spamassassin rules:
cat lista.txt | sed s'/http:\/\///' | sed s'/\
On Fri, 19 May 2017, David Jones wrote:
From: David B Funk
On Fri, 19 May 2017, RW wrote:
On Fri, 19 May 2017 14:13:22 -0500 (CDT)
David B Funk wrote:
ne.
My read on this is that "@ena.com" is living dangerously. They
publish SPF records and DMARC records (with p=reject)
On Fri, 19 May 2017, RW wrote:
On Fri, 19 May 2017 14:13:22 -0500 (CDT)
David B Funk wrote:
ne.
My read on this is that "@ena.com" is living dangerously. They
publish SPF records and DMARC records (with p=reject) but do NOT DKIM
sign their mail.
Most of them pass DKIM, a minor
On Fri, 19 May 2017, Dianne Skoll wrote:
Hi,
Tons of list traffic keeps getting quarantined because of DMARC. For
example, a recent message from David Jones :
DMARC policy for domain ena.com suggests Rejection as
DMARC_POLICY_REJECT, but quarantined due to rule settings
$ host -t txt _dmarc.
On Fri, 19 May 2017, John Hardin wrote:
On Thu, 18 May 2017, Rob McEwen wrote:
In many cases, they explain to me that their settings got auto-overwritten
by their hoster - who just HAD to switch their resolv.conf file back to
8.8.8.8
cron. job.
Wouldn't the SA config parameter "dns_server
On Thu, 11 May 2017, Benny Pedersen wrote:
Anthony Hoppe skrev den 2017-05-11 00:55:
I'm trying to implement a very simple rule that looks at the
"Received" header(s) and if a string is found apply a negative score.
The rule is as follows:
headerAH_KNOWBE4 Received=~ /phishtest\.knowbe4\.
On Wed, 10 May 2017, John Hardin wrote:
On Wed, 10 May 2017, David B Funk wrote:
Is there any way to use Bayes autolearn in general but prevent it from
learning specific messages?
I have a specific source of messages (Office-365) which I would like to
prevent from being autolearn (with out
Is there any way to use Bayes autolearn in general but prevent it from learning
specific messages?
I have a specific source of messages (Office-365) which I would like to prevent
from being autolearn (with out scoring them as spam).
I still want those messages to be SA scored using the normal
On Mon, 8 May 2017, Chris wrote:
whitelist_auth *@*.us-cert.gov us-cert.gov
This should be:
whitelist_auth *@*.us-cert.gov
I don't know why I keep putting the second entry in my 'my-
whitelist.cf' file. I must have read it or something a long, long time
ago in order to be doing this.
Poss
On Mon, 8 May 2017, John Hardin wrote:
On Mon, 8 May 2017, Chris wrote:
I get various posts from US-CERT none so far have been tagged as spam
until today. The raw message with the SA tags is here - https://pastebi
n.com/f71A2FfW What it hit on was:
pts rule name description
On Wed, 3 May 2017, Alex wrote:
Hi,
If you haven't heard, there was a huge Google Docs phishing attack
today. Several hundred bypassed our filters in the hour or so before
we were able to identify them. The To address is always
"h...@mailinator.com" and the subject is always " has s
On Mon, 1 May 2017, Alex wrote:
Hi,
On Mon, May 1, 2017 at 8:44 AM, David Jones wrote:
From: Alex
I've taken a more conservative, but also more time-consuming approach
by creating rules that subtract a few points with the right
combination.
I was also hoping there was a more general appro
On Thu, 23 Mar 2017, fitz wrote:
I am attempting to tighten up my whitelists, replacing whitelist_from with
whitelist_auth, whitelist_spf, and/or whitelist_dkim. And having trouble.
The simplistic example of
whitelist_auth b...@example.com example.net
does not really cut it.
For example, I h
1 - 100 of 565 matches
Mail list logo
