Re: Anyone have a rule to detect "Dear xxx" in the body of the message where the "To:" address is xxx@domain?

On 7/19/24 5:34 AM, giova...@paclan.it wrote: do you intend to have a rule like this one ? header __TO_NAME To:name =~ /(?.*)/ body   DEAR_NAME /Dear %{TO_NAME}/ Once I'm dealing with versions of SpamAssassin that support such, yes. I'm currently caring for and feeding a small group o

Re: Anyone have a rule to detect "Dear xxx" in the body of the message where the "To:" address is xxx@domain?

On 7/18/24 15:58, Mark London wrote: I asked ChatGPT how to test for a "Dear 'username'".  After a bit of work, I got working code. Okay. ChatGPT knows perl. I question the value of "knows" as in knowledge of Perl. I already had a Perl file EvalTests.pm file with customized Perl eval func

Re: Anyone have a rule to detect "Dear xxx" in the body of the message where the "To:" address is xxx@domain?

On 7/17/24 18:04, Matija Nalis wrote: I.e. would you consider it to be significantly less likely to be spam if it contained "Dear Elizabeth," while being addressed to "mark@domain" instead of to "elizabeth@domain" ? I've seen quite a bit of spam that opens message bodies with: Where is

Re: ChatGPT > Spamassassin? :) -- move along, this is not the reply you are looking for.

On 6/25/24 12:21 PM, Adam Bowen wrote: I asked a well known chatbot: What would Bill Cole say if he was asked about integrating AI in to spamassassin? LOL I needed that laugh. Thank you Adam. -- Grant. . . . unix || die

Re: OT: Trigger words in email addresses?

On 4/8/24 5:44 AM, Antony Stone wrote: - make your systems transparent so that people feel they understand what's happening and when at different stages in the process - don't create a "corporate black box" which customers can't understand I'll add to this and say that URLs that include things

Re: OT: Trigger words in email addresses?

Below is my opinion, it's worth everything you paid for it. But I do suggest you read it and think about it for a few minutes. On 4/7/24 20:40, Jerry Malcolm wrote: I send the validation email from donotre...@xyz.com. I absolutely hate the do not reply type email addresses as you're trying

Re: Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

On 9/27/23 2:15 PM, Andy Smith wrote: Hi, Hi, The IP address of a supplier is currently listed by Spamhaus SBL-CSS. Oops. How would I go about allowlisting this IP address against DNSBL hits? Ideally for a specified range of from addresses and/or envelope senders, but for every sender if

Re: OT - Re: DNFTEC - was My apologies

On 8/6/23 12:04 AM, David B Funk wrote: For the most part they can be pretty much interchangeable but slight shading: EC -> alignment: neutral/chaotic T -> alignment: evil IE an EC can be unpredictable and occasionally positive but at a cost T is pretty predictability undesirable Ah ha! Tha

Re: OT - Re: DNFTEC - was My apologies

On 8/5/23 6:42 PM, Martin Gregorie wrote: Yes given that he is Sorry, I as asking for differences between Energy Creatures and Trolls. I agree with your advice about the particular EC / T. I'm still trying to understand the conceptual difference between an EC and a T or if they are synonyms

OT - Re: DNFTEC - was My apologies

On 8/5/23 1:51 PM, Kevin A. McGrail wrote: REDACTED is the definition of something I learned decades ago as an energy creature. Is there anything to differentiate an Energy Creature from a Troll? The tricky thing about this particular ${ENTITY} is that they are seemingly on topic and seem to

PSA: ${HE} is now using a new email address.

On 8/5/23 12:23 PM, Grant Taylor via users wrote: The catch is that he keeps tripping up people that have not had the ... experience of dealing with him and thus have not ... quieted him yet. For those of you that have started filtering someone -- who I'm not going to name -- ${HE

Re: My apologies

On 8/5/23 8:04 AM, Ralph Seichter wrote: Well, that is what local mail killfiles are for. The world is sadly full of morons, but one does not necessarily have to accept mail from them. Agreed. The catch is that he keeps tripping up people that have not had the ... experience of dealing with

Re: My apologies

Having myself been through what Thomas is appologizing for, I have some comments on what Reindl H. is doing. On 8/3/23 3:06 PM, Ken D'Ambrosio wrote: I ... think he should be blocked. He /is/ blocked from from sending messages to / through the mailing list. I've been online for over 40 years

Re: Ensuring SPF/DKIM for @gmail.com

On 7/27/23 6:25 AM, Matus UHLAR - fantomas wrote: I use spamass-milter on my system and amavisd-milter on other systems especially to be able to reject spam at SMTP time. Definitely a good thing. :-) You just should not use it for "outgoing" mail from your clients, so they don't complain abou

Re: Ensuring SPF/DKIM for @gmail.com

On 7/26/23 7:20 PM, Matija Nalis wrote: I'd appreciate more civil expressions of disagreement +1 I personally know several people who still use procmail today, sooo... +1 That at least I can attest is not always the case (I still see systems with custom sendmail.cf which nobody dares to t

Re: Ensuring SPF/DKIM for @gmail.com

On 7/26/23 2:09 PM, Matija Nalis wrote: Only way to make SPF never incorrectly fail/softwail is to use "+all", but that kind of kills its point :-) I question the veracity of that. Is SPF failing to perform it's intended function if an unauthorized server is blocked from sending email with an

Re: Ensuring SPF/DKIM for @gmail.com

On 7/26/23 1:44 PM, Marc wrote: so your ip does not generate a softfail or fail I assume that you mean so that your outbound SMTP server is actually authorized in some capacity and fall under "all". Is that correct? When you configure your spf your result is either pass, softfail or fail I

Re: Ensuring SPF/DKIM for @gmail.com

On 7/26/23 2:34 AM, Benny Pedersen wrote: milters should not be spam scanners, spamassassin is better {spamass-milter,milter-spamc} combined with SpamAssassin cause me to question the veracity of that statement. Milter implies doing the filtering during the SMTP transaction. I consider the

Re: Ensuring SPF/DKIM for @gmail.com

On 7/26/23 1:44 AM, Marc wrote: asking them to correctly setup spf is mostly enough. At the risk of starting a flame war... What does "correctly setup SPF" mean to you? What makes your opinion better than someone else's opinion that differs? (I take it for granted that someone will have a d

Re: Sudden surge in spam appearing to come from my email address

On 7/17/23 6:07 PM, Reindl Harald wrote: because we have 2023 and in the last decade everybod with a brain was using spf and sender-spoofing-rejection fro envelopes I wish that was the case. There was a recommendation on mailop less than a week ago that people only set up SPF records to appea

Re: Sudden surge in spam appearing to come from my email address

On 7/17/23 4:49 PM, Reindl Harald wrote: Alias expansion does this is not a mailing list What definition are you using for a mailing list? Do you consider Majordomo to be a mailing list? Because as far as I'm concerned, alias expansion in the MTA is where mailing lists originated. in the

Re: Sudden surge in spam appearing to come from my email address

On 7/17/23 4:29 PM, Reindl Harald wrote: no single mailing-list on this planet does this - period Can we agree to disagree? Maybe no /contemporary/ mailing list. But there have been -- and I contend still are -- LOTS of mailing lists that did / do this very thing. .forward does this. Alias

Re: Sudden surge in spam appearing to come from my email address

On 7/16/23 5:57 PM, Benny Pedersen wrote: why accept local envelope SENDER domains on port 25 ? Do you subscribe to any mailing lists that don't rewrite the sender? Thus your mail server would receive messages that you sent to the mailing list as your SENDING domain on port 25 inbound from th

Re: Sudden surge in spam appearing to come from my email address

On 7/16/23 12:41 AM, Matija Nalis wrote: So, it fails SPF, but DKIM passes. Meaning, your mail would pass normally modern servers which check both. That is predicated on the receiving server(s) not rejecting the message for SPF failure. You probably might want to use some nice frontend to vi

Re: Sudden surge in spam appearing to come from my email address

On 7/16/23 9:37 AM, Thomas Cameron wrote: It does clarify, ... :-) ... but unfortunately, it doesn't alleviate my concerns. :-/ I totally understand why SPF et al. are good ideas. :-) But I swear, I feel like they introduce darned near as many problems as they "solve." I question th

Re: Sudden surge in spam appearing to come from my email address

On 7/15/23 10:04 PM, Thomas Cameron wrote: I'd love to do this, but see below. I get TONS of warnings every time I send email to lists (even this list) that make me hesitant to do hard fails. I understand and appreciate what you're describing. I do, as well, but mailing lists outside of my sph

Re: Sudden surge in spam appearing to come from my email address

On 7/15/23 2:00 AM, Reindl Harald wrote: SPF don't care about the visible From-header I agree that SPF doesn't (SHOULDN'T) care about the RFC522.From header. However my experience has been that the vast majority of messages that are spoofing the RFC522.From header are also spoofing the RFC52

Re: Sudden surge in spam appearing to come from my email address

On 7/14/23 6:06 PM, Thomas Cameron wrote: I'm trying to figure out how to block this stuff. Something like "if it appears to come from me, but it's not actually coming from my email server," block it. SPF with hard fail in your own domain /and/ filtering that respects SPF hard fail will almos

Re: Espoofer - An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures

On 12/28/22 10:32 AM, Greg Troxel wrote: It would be great if someone(tm) went through the blackhat pdf and wrote rules for all the evasions, and fixed the MTAs etc. I have seen and heard discussion about the raft number of bugs fixed 30 - 90 days after the annual Blackhat / Pwn2Own conference

Re: Espoofer - An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures

On 12/28/22 6:17 AM, Kevin A. McGrail wrote: Sigh.  Yet another borderline ethical posting / tool like far too many pentesters who think transparency is the ultimate way to move the needle of security Many tools can be used for both good and evil. I have yet to find a kitchen knife that can te

Facepalm

I am terribly sorry. I accidentally forwarded one (or more) messages to the SpamAssassin mailing list which I meant to forward to SpamCop. High-latency remote control, address prefix collision, and lack of sleep are contributing factors. I will update address books to reduce likelihood of colli

Fwd: #1 Secret to PERFECT Blood Sugar

-- Grant. . . . unix || die --- Begin Message ---   If you’re never to get an email from me click  here:https://click.superiorbrainhealth.net/?t=u&schedule_campaign_id=NzA0Ng%3D%3D&subscriber_id=MTYwNjg3OTQ%3D&ids=MjYw__MjY1MTU1MzY3__NDY4  and say goodbye forever :-( -

Re: Gmail confidential mode

On 11/17/22 10:13 PM, Dave Warren wrote: This isn't e-mail, it's a hosted text document and a link sent by email. It is functionally the same as putting something on a (vaguely) private PasteBin and telling your recipient where to go look at it. Agreed. I have read about some email encryption

Re: spam subject marking

On 11/17/22 9:00 AM, Bill Cole wrote: Easier said than done. It's actually quite easy to do. But most people don't want to do what I think should be done. IMHO, the email list itself is a 1st class / proper entity that you are emailing or reading email from. -- I'm not emailing Bill or G

Re: spam subject marking

On 11/16/22 4:46 AM, Greg Troxel wrote: Can you expand on that? I'll try. My understanding is that few MUAs test DKIM signatures /client/ /side/. -- The only exception that I'm aware of is that there was a Thunderbird add-on that would test DKIM signatures /client/ /side/. Almost all DKIM

Re: spam subject marking

On 11/15/22 1:16 PM, Marc wrote: Hmmm, good point, not really thought about this even. Are email clients complaining about this? Few email clients are testing DKIM. Some servers are testing DKIM. Some systems are mis-treating DKIM failure as something more sever than the specification allows

Re: How to incorporate network blocks

On 11/11/22 10:10 AM, Bill Cole wrote: From my bashrc... # type cidrcon cidrcon is a function cidrcon () { for a in $*; do echo $a; done | perl -e "use Net::CIDR::Lite; \$cidr = Net::CIDR::Lite->new(<>) ; \$_ = join (\"\n\",\$cidr->list) ; print \"\$_\n\";" } Oh ...

Re: How to incorporate network blocks

On 11/11/22 9:09 AM, Bert Van de Poel wrote: - IP/CIDR lists like the one you mention, but also lists like Stop Forum Spam (https://www.stopforumspam.com/) I cron fetch then add to an ipset with a DROP (which is quite similar to what others are suggesting). Stop Forum Spam seems interesting.

Re: How to incorporate network blocks

On 11/10/22 9:54 AM, Joey J wrote: Hello All, Hi, I'm trying to see if there is a way to incorporate network ranges into SA to essentially flag messages. N.B. at least one of the lists below is individual IPs and not networks / ranges of IPs. -- I'm not sure how to square that peg with y

Re: Gmail confidential mode

On 10/16/22 8:14 AM, Alex wrote: Hi, Hi, What do you know about "Gmail confidential mode" emails? Not much. I'm starting to see a few of these come in to users now, and not sure how to treat them. I think the /notification/ emails that Gmail sends for confidential messages are /probabl

Re: Supposed bounces

On 7/18/22 5:30 PM, Noel Butler wrote: Which is a joke, because it does not, and qmails ezmlm has never included enough of the headers telling us _why_ we rejected it. Your opinion of the notification doesn't change the intention behind the notification. Most of the notifications that I see

Re: Supposed bounces

On 7/18/22 4:23 PM, @lbutlr wrote: Don't know why this didn't go through. chuckle The copy with your comment /did/. But I suppose the message that prompted you to make the comment didn't. That is what it is SUPPOSED to be. What it actually is is something else. Every version of what you

Re: Supposed bounces

On 7/13/22 12:19 PM, @lbutlr wrote: So, a supposed bounce from also three years ago. And that bounce did not come from my mail server as I have never run qmail. No IP addresses, no Received headers, nothing that could possibly be used to figure out what is going on here. I think this is a cou

Re: Attachment policy

On 6/27/22 2:50 PM, Alex wrote: Hi, Hi, I'm looking for input from people on how they handle attachments, and people using email as a file transfer service. My opinion is that you shouldn't rely on using email as a file transfer service until /after/ you've tested that it works. One of o

Re: Memory requirement for SpamAssassin/Postfix/Roundcube/Dovecot stack

On 5/27/22 12:59 AM, Sean Greenslade wrote: You can quite confortably fit SA and a full SMTP + IMAP stack in less than 1 GB. My (admittedly low volume) mail server is currently sitting at 340 MB of used memory and is running: Interesting. Thank you for the counter point Sean. -- Grant. . .

Re: Memory requirement for SpamAssassin/Postfix/Roundcube/Dovecot stack

On 5/26/22 8:32 AM, Ian Evans wrote: Is it safe to assume that a $5/mth 1gig memory account will laugh at the resources needed to run a SpamAssassin/Postfix/Roundcube/Dovecot/Nginx stack and not ever break a sweat? Sadly, I found that I needed to quit tilting at the 1GB memory windmill and up

Re: IPv6 issue

On 5/7/22 1:55 AM, Ted Mittelstaedt wrote: I used to greylist and it helped a lot. I used to use grey listing too. I've found no listing to be equally effective. 2FA killed that, however. When someone logs into a website, bank, etc quite often they use an email address as the second facto

Re: IPv6 issue

On 5/6/22 10:49 AM, Ted Mittelstaedt wrote: Arg. Well I think you hit the nail on the head. And I think I may have stumbled on to a spam defeating trick. Ya ... not running email server on IPv6 is a way of not receiving (some) spam. But I view it very similarly as not running an email serve

Re: using spamassassin to classify spam

On 3/24/22 5:00 PM, Michael Grant wrote: List-Unsubscribe: I want to extract the mumble.aidemxwzlwt.bwbibibi.edu and run it through AskDNS and if I get an NXDOMAIN, I want to score it. Remember, there are historic mechanisms for

Re: Add header, not beginning with X?

On 2/14/22 1:18 PM, joea- lists wrote: The reason has to do with "reply" and "reply to all" with the email client/system I am using and prefer to continue using for now. To each their own. Being subscribed to several lists, I find some variation between them regarding the headers they provide

Re: Avoid processing upsteam trusted mail with X-Spam-Flag: YES?

On 1/5/22 9:19 PM, Jered Floyd wrote: Some of this mail gets forwarded to another organization (also partially under my control) which has a mailhub also running spamassassin. I would like the downstream spamassassin to skip scanning on messages flagged as spam, rather than wrapping in another

Re: [Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback

On 12/15/21 1:00 PM, Riccardo Alfieri wrote: We’d like to say a big “thank you” to all of you who have been testing the beta version of the Spamhaus Domain Blocklist (DBL) with hostnames. :-) You're welcome. Thank you for making it available. How are you getting on with it? Have you encounte

Re: Do these domains merit blocking?

On 12/15/21 9:39 AM, Bill Cole wrote: There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at ht

Re: Message-ID with IPv6 domain-literal

On 9/24/21 10:17 AM, Rupert Gallagher wrote: The RFC 5322 as cited is concerned about domains and their internet address, where the sender's address needs to be resolvable through DNS by the recipient. "where the sender's address" seems to be discussing the email address, which is completely

Re: Message-ID with IPv6 domain-literal

On 9/23/21 2:38 AM, Rupert Gallagher wrote: A LAN address is not the "Internet address of the particular host", and therefore, by RFC 5322 line 969, the header in the OP is not RFC compliant. Sure it is. What you refer to as a "LAN address" is in fact an Internet (Protocol) address just like

Re: Message-ID with IPv6 domain-literal

On 9/21/21 2:00 PM, Greg Troxel wrote: You are missing that SA is not a standards conformance test suite. It is a tool to guess if a message is spam. Bill said that some forms of Message-ID are correlated with spamminess. So whether the form that is correlated is compliant to the spec or not

Re: Message-ID with IPv6 domain-literal

On 9/21/21 11:03 AM, Bill Cole wrote: Empirical evidence. The use of a non-public address in a Message-ID correlates to a message being spam. In my experience, so does using an IP literal of any sort in a Message-ID, but that may be an idiosyncrasy in my mail. Fair enough. To each their own.

Re: Message-ID with IPv6 domain-literal

On 9/21/21 7:09 AM, Rupert Gallagher wrote: An unknown MUA (user agent header removed by sender) writes its Message-IDs as . Ew. Is the header syntactically corrext? After looking at EBNF from RFC 5322 for 90 seconds, I /think/ that it is using obs-id-right syntax. -- I say think because

Re: Another evil number

On 6/25/21 1:12 PM, Bill Cole wrote: There was also an old nomenclature system that mapped the local exchange prefix to 2 letters and a digit, with the 2 letters being an abbreviation of some word. For example, as a kid I had a "Parkview 1" number: 721-. Businesses would often put their num

Re: Maybe it's time to revive EvilNumbers?

On 6/16/21 6:18 PM, Loren Wilton wrote: Here are a handful of rules that work for me. Feel free to try them. If you do, please let me know how they work for you. Thank you Loren. I'm marking your message for future use if these spam messages turn into a problem. (Apologies for my mail clie

Re: Maybe it's time to revive EvilNumbers?

On 6/15/21 10:11 AM, Mark London wrote: My site is getting a lot of spam that is getting past spamassassin. Because it has a hone number to call, and rather than a link to login using username and password.   Mostly fake amazon purchases.   They are getting past a lot of URL block lists because

Re: all_spam_to

On 6/3/21 6:36 AM, Benny Pedersen wrote: this change score with default -100 even for spammy msgs This is a very critical point to me. 1) it's not *all* spam. It's spam with a score of up to 100+whatever cut off you're using. 2) SpamAssassin still does it's spam processing. Meaning it's n

Re: "Please send us a quote..."?

On 4/6/21 6:38 PM, Charles Sprickman wrote: Not totally clear on the scam as it went no further than saying “yeah bud, we have the drives, how would you like to pay?”. I've seen a few where they are asking for samples prior to -- purportedly -- submitting an order. -- Grant. . . . unix ||

Re: OT: Re: Unsubscribe link at the bottom.

On 4/6/21 8:34 AM, John Hardin wrote: What ticks me off is an unsubscribe link that goes to a javascript-heavy page and that *won't work* without javascript. And an unsubscribe link with a huge identifying key on it, yet the unsubscribe page still asks you to enter your email address... Ya..

OT: Re: Unsubscribe link at the bottom.

On 4/5/21 8:41 PM, Peter West wrote: I’d agree it’s address verification, as with the Unsubscribe link at the bottom. I'm of the opinion that if I have any inclining of knowledge of the company sending the email, and SPF/DKIM/DMARC pass, I'll probably use the unsubscribe link. Recently I ra

Re: "Please send us a quote..."?

On 4/5/21 7:30 PM, John Hardin wrote: Can anybody explain to me the reason behind the blind "please send us a quote for your product X" emails? I mean, I know they are somehow a scam, but I can't figure it out how it's supposed to work when the target isn't a business... I chalk this

Re: URLs hidden in Morse code

On 2/10/21 9:17 AM, Kris Deugau wrote: I would personally class any email with active Javascript as malware - it should never have been supported at all IMO - but the marketing departments have taken charge and I see all too much (ie, more than absolutely none) legitimate mail using it. I'll

Re: Bypass RBL checks for specific address

On 12/22/20 4:56 PM, Grant Taylor wrote: Is there a way to bypass RBL checks for a specific address? Thank you all. I believe I have been able to get the result I desired and learn a few things in the process. TL;DR: Setting scores to 0 in the specific recipient's ~/.spamass

Re: Bypass RBL checks for specific address

On 12/23/20 9:55 PM, John Hardin wrote: Did you see my mention of this earlier? Yes, I did see it. That's a bit more invasive of a change than I was hoping to do for this task. I had been waiting to reply to your earlier message to test some things that you recommended. As you will see i

Re: Bypass RBL checks for specific address

On 12/23/20 2:15 PM, John Hardin wrote: spamass-milter has a -u flag for a username to pass to SA. If these are single-recipient messages that may be enough to reliably tie into per-user config to disable the RBL check. It seems as if spamass-milter is using the -u to specify a default user.

Re: Bypass RBL checks for specific address

On 12/23/20 2:21 PM, Bill Cole wrote: You definitely would know if it were. One would think. My head is in a different project at the moment, and I can't tell you exactly how things are configured without going back and looking. /If/ things are configured to load per user settings from file

Re: Bypass RBL checks for specific address

On 12/23/20 3:32 PM, Martin Gregorie wrote: - In my case I run every message through SA, diverting spam into a quarantine directory and passing the rest to Postfix for delivery. I don't quarantine anything on this system. Spam is tagged if the score is between 5 and 15. Spam is rejected /duri

Re: Bypass RBL checks for specific address

On 12/23/20 1:37 PM, Dave Funk wrote: If all you want is for a particular class of recipients (at the envelope RCPT level) not be passed to spamass-milter inside sendmail that can be done with a bit of hacking of your sendmail config and the milter. Please elaborate. I'm not opposed to reconf

Re: Bypass RBL checks for specific address

On 12/23/20 12:40 PM, Benny Pedersen wrote: if you want to disable RBL for one single ip, then add it to trusted_networks in local.cf As indicated in the message you replied to, "I'm wanting to disable filtering for a recipient email address, which may receive messages from IP addresses all o

Re: Bypass RBL checks for specific address

On 12/23/20 1:01 PM, Dave Funk wrote: That may not work for what the OP wanted. O.o? Because it's assumed that DNS related stuff may take some time those rules (if configured to run) are launched early in the processing of a message. So if the OP wants to completely avoid running RBL check

Re: Bypass RBL checks for specific address

On 12/22/20 11:56 PM, Axb wrote: whitelist_to ? My understanding is that whitelist_to, more_spam_to, and all_spam_to behave the same way and effectively just alter the scoring offset. It seems as if the tests are still run, and it's just the score is artificially offset based on which setti

Re: Bypass RBL checks for specific address

On 12/22/20 11:03 PM, Bill Cole wrote: Do you have a setup that supports per-user preferences? e.g.: real system accounts. Sort of. The recipient is a real Unix account. However I don't think my milter is configured to use per recipient filtering. If so, you can disable off individual rule

Re: Bypass RBL checks for specific address

Hi Rob, On 12/22/20 6:40 PM, Rob McEwen wrote: First, I'm NOT an expert on all of this - so somebody might be able to follow up with BETTER information, but this will hopefully point you in the right direction. Fair enough. Really big snip. First, I agree with and like your idea. For an IP

Bypass RBL checks for specific address

Is there a way to bypass RBL checks for a specific address? I've tried the all_spam_to option, but it looks like it artificially lowers the score and still runs normal tests. I'd like to disable RBL checks for one address. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptog

Re: Possible spam sign

On 12/8/20 11:18 AM, Loren Wilton wrote: I just received a spam with this interesting From address: From: "VA Rate Guide" Ew. I wonder if it is worth checking for mail from more than one sender at once? The BOFH in me would be tempted to add one point for each extra @. I think that the

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

On 11/20/20 5:02 PM, Jay Plesset wrote: You have a right to say what you want. s/You have/You (largely) have/ There are specific things that are forbidden by law. E.g. yelling fire in a movie theater when there isn't a fire. I have a right to ignore you. Hear! Hear! Also, it's my /pers

Re: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla

On 9/23/20 1:52 PM, Jerry Malcolm wrote: I don't doubt what you are saying.  But if AWS is so horrible and across the board everyone thinks anything coming from it is spam, SA isn't flagging it, and mail-tester.com isn't flagging it, and both have pretty extensive blacklist references (??).  I'

Re: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla

On 9/23/20 1:22 PM, Jerry Malcolm wrote: With all of the gyrations I had to go through to be able to use SES along the monitoring Amazon does with SES, I'm kinda surprised that it would be flagged as a spam source. I don't know about SES specific, but I know that a LOT of spam comes out of th

Re: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla

On 9/23/20 1:06 PM, John Hardin wrote: The rules are available in your local spamassasssin install, or in the public SVN under two places: Thank you for the links. The Message-ID rule itself is this:  header __MOZILLA_MSGID    MESSAGEID =~ /^<(?:[a-f\d]{8}-(?:[a-f\d]{4}-){3}[a-f\d]{12}|[A-

Re: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla

On 9/23/20 11:46 AM, John Hardin wrote: It doesn't believe the Message-ID was generated by Thunderbird. What's the message ID? This piques my interest because I tell Thunderbird to use a custom Message-ID domain. Where can I read more about what SpamAssassin thinks is and is not a Message-I

Re: Spamassassin not triggering on LMTP mail

On 8/5/20 3:19 AM, Guido Goluke, MajorLabel wrote: Sorry, already found out. I use spamass-milter (https://linux.die.net/man/1/spamass-milter) which, out of the box, doesn't offer mails from 127.0.0.1 to spamassassin at all. Can you re-configure spamass-milter to offer mail from 127.0.0.1 to

Re: Why the new changes need to be "depricated" forever

On 7/21/20 7:52 PM, Kevin A. McGrail wrote: One data point disproves that. The SA project made the choice months ago inspired by a decision in the United Kingdom: https://www.zdnet.com/article/uk-ncsc-to-stop-using-whitelist-and-blacklist-due-to-racial-stereotyping/ I'm okay if a group of peo

OT: "...value judgement"

On 7/21/20 11:56 AM, Bill Cole wrote: All answers: "NO!" In those cases, "black" and "white" all reference actual colors of physical things, not a metaphorical value judgment. Hum. Your "value judgement" statement is interesting. The original meaning of blacklist that I found seems to be exac

Re: Why the new changes need to be "depricated" forever

On 7/21/20 9:09 AM, Peter L. Berghold wrote: This is the first time this long time lurker has posted here and I'm probably going to offend a lot of people by what I have to say. I don't think your post is offensive. It is said as a statement of facts and does not seem to contain any malicious

Re: Freshdesk (again)

On 6/26/20 7:01 PM, Bill Cole wrote: I had a similar event 6/30 and poked them about it via both a public Tweet & a complaint to Sendgrid. Both entities responded *claiming* that they were looking into the problem. Assuming that yours also came via Sendgrid, it might help to add your complaint

Freshdesk (again)

I received an automated email from Freshdesk about five minutes after my post to the SpamAssassin mailing list earlier this afternoon. I found an old thread about Freshdesk in the SpamAssassin Users archive [1]. This supports (confirms to me) that this is what happens. I object to this type

Re: White listing messages processed by a previous milter

On 6/26/20 4:46 PM, Marc Roos wrote: What would be the best practice to whitelist / not process, messages that have already been processed by a previous milter. I'm confused. My knee jerk reaction is that's an MTA configuration issue. But I don't think it can be that simple. I can't think o

Re: spamc learning/reporting

On 5/16/20 8:16 AM, micah anderson wrote: 1. I cannot pass a full email address to -u, if I pass 'user' it works, but if I pass 'u...@example.com' it fails. How do people handle this with multiple domains? It's been about 15 years, but I'd swear that I had full email address working like that

Re: another extortion email check

On 5/4/20 3:59 PM, Martin Gregorie wrote: The list of such passwords might get rather long, so using a database both makes maintenance easier, as you spotted, and also keeps a lot of junk out of the rule sets. I absolutely agree. I like the idea of keeping data outside of configuration files.

Re: another extortion email check

On 5/4/20 3:09 PM, Jeff Mincy wrote: You will have to write a perl plugin for SpamAssassin that finds passwords in an email message and MD5 hashes those passwords and compares against a list of previously saved hashed passwords. The list of passwords could be stored in various ways. ACK Id

Re: another extortion email check

On 5/4/20 2:51 PM, John Hardin wrote: *if* they are being actively used for authentication, either by the security system (which is a glaring flaw in the design of the security system) or as a reference for accessing the secured resource (e.g. a plaintext passwords file on your desktop, which i

Re: another extortion email check

On 5/4/20 2:06 PM, Martin Gregorie wrote: Encrypt them and put them in a single column database table that's also the prime key for the table? Lookup by encrypting the item being checked before looking for an SQL hit count: select count(*) where log.key = key; 0=miss, 1=hit, 2+ = error. Sho

Re: another extortion email check

On 5/4/20 10:09 AM, Jeff Mincy wrote: The best practice is to not use common or continue to use exposed passwords. Scripts are probably trying to log into your ssh using those passwords. I completely agree on both accounts. I think you are worrying about the wrong thing. I obviously disagre

Re: another extortion email check

On 5/4/20 6:16 AM, John Wilcock wrote: In the context of a list of passwords known to be compromised, it is hopefully fair to assume that they are no longer in current use, and thus no longer of any importance. If it isn't fair to assume that, then the organisation has bigger issues in any case

Re: another extortion email check

On 5/2/20 1:47 PM, Loren Wilton wrote: The compromised password is already in plain text in the subject of the message; there isn't much point in hiding it other than embarassment. What if the email server with the list of plain text passwords is compromised and said list of plain text passwor

  1   2   3   >