Re: Why single periods in regex in spamassassin rules?

On 4/23/21 2:52 PM, David B Funk wrote: On Fri, 23 Apr 2021, Steve Dondley wrote: I'm looking at KAM.cf. There is this rule: body    __KAM_WEB2  /INDIA based IT|indian.based.website|certified.it.company/i I'm wondering if there is a good reason why a singe period is used instead of somethi

Re: EX_IOERR

On 5/28/2017 10:59 AM, Cecil Westerhof wrote: On Sunday 28 May 2017 14:50 CEST, Joe Quinn wrote: On 5/28/2017 2:11 AM, Cecil Westerhof wrote: When executing: spamc -L spam It looks like EX_IOERR simply refers to the fact that some process exited with status 74. Restart spamd with the -D

Re: EX_IOERR

On 5/28/2017 2:11 AM, Cecil Westerhof wrote: When executing: spamc -L spam It looks like EX_IOERR simply refers to the fact that some process exited with status 74. Restart spamd with the -D option so you get debugging output, and it should be easier to narrow it down to a specific cause.

Re: Strange audio spam

On 5/5/2017 8:53 PM, do...@mail.com wrote: I received this very unusual email a few days ago. It (or another email), timed out my spamassassin check (which is a first). I'm including the full text of the spam below along with all of the headers. I'm interested if this mail is legit, or if it's

Re: SpamAssassin score

On 3/20/2017 6:37 AM, Bernard wrote: Thanks for that information. After ~1750 messages having been digested, still no improvement: 0.000 0 3 0 non-token data: bayes db version 0.000 0 23 0 non-token data: nspam 0.000 0 1729

Re: List of legit mass mailers

On 3/8/2017 9:39 AM, @lbutlr wrote: On 2017-03-08 (07:23 MST), Ruga wrote: This is spamassassin... We are against mass mailers. That’s absurd. No one with any sense at all is against mass mailers. If you measure "mass mailer" by volume of distribution, apache.org easily qualifies.

Re: Custom rule not applied when running Postfix + SA

On 2/20/2017 6:54 AM, aquilinux wrote: Hi all, i noticed that a custom rule i created (in /etc/spamassassin/local.cf ) is not applied in the regular postfix + spamassassin flow but it is when i pipe the mail to spamc or spamassassin. 1) normal flow with postfix spamassassin

Re: Uninitialized values in URIDNSBL

On 2/8/2017 2:58 PM, Kevin A. McGrail wrote: On February 8, 2017 2:27:56 PM EST, Alex wrote: Hi, On Wed, Feb 8, 2017 at 2:08 PM, Kevin A. McGrail wrote: On 2/8/2017 1:22 PM, Philip Prindeville wrote: While we’re waiting for that, can I just grab Util.pm

Re: RFC compliance pedantry (was Re: New type of monstrosity)

On 2/8/2017 1:36 PM, Philip Prindeville wrote: Having been through the process of authoring 2 RFC’s, perhaps I can shed some light on the process for you. All proposed standards started life as draft RFC’s (this was before the days of IDEA’s but after the days of IEN’s). If it were validated

Re: Custom rule problem

On 1/31/2017 3:22 PM, Zinski, Steve wrote: Sorry for the trouble, everyone… I had been forwarding the spam through my personal IMAP account (to test my rule) which was apparently blocking it. I forwarded it using my gmail account and my new rule fired. I feel like an idiot. Steve I suggest yo

Re: List of trusted senders

On 1/25/2017 11:03 AM, Benny Pedersen wrote: Kevin A. McGrail skrev den 2017-01-25 16:46: On 1/25/2017 9:10 AM, David Jones wrote: Could we build a tool like masscheck to help extend these entries for trusted senders that are known to maintain proper SPF, DKIM, DMARC with valid opt-out processi

Re: Ignore third-party SA headers

On 1/25/2017 10:48 AM, Ruga wrote: SA runs as follows. master.cf, last line of section smtp: > -o content_filter=spamcheck spamcheck unix - n n - 10 pipe flags=Rq user=spamd argv=/usr/sbin/spamc --dest=127.0.0.1 --port=783 --filter-ret

Re: Ignore third-party SA headers

On 1/23/2017 5:43 PM, Ruga wrote: spam that already includes SA headers is getting through without local SA filtering. Is it posible to tell the local SA to always add its own headers, possibly taking note of the existence of former SA headers while rewriting them out of the way? SA never sho

Re: Asynchronous plugin skeleton needed

On 1/19/2017 1:48 AM, Pedro David Marco wrote: >You should be able to use the other asynchronous plugins as a reference > >as well. Thanks... but i cannot find documentation about thinks like "register_async_rule_start()" for example... can anyone point to me where is it documented, please?

Re: Asynchronous plugin skeleton needed

On 1/18/2017 7:08 AM, Kiwi User wrote: On Wed, 2017-01-18 at 11:36 +, Pedro David Marco wrote: I would like to write a simple plugin to check some local Databases (cannot use rbldnsd) that takes long so making it asynchronous seems the best idea.. If possible, can anyone provide any skeleton

Re: how to enable autolearn?

On 1/9/2017 6:01 PM, Linda Walsh wrote: John Hardin wrote: On Mon, 9 Jan 2017, L A Walsh wrote: I have: bayes_auto_learn_threshold_nonspam -5.0 bayes_auto_learn_threshold_spam 10.0 in my user_prefs. When I get a message though, I see autolearn being set to 'no': X-Spam-Status: Yes, sco

Re: Bayes scoring and role accounts

On 11/21/2016 11:27 AM, Karl Denninger wrote: On 11/21/2016 10:12, Karl Denninger wrote: I'm using SpamAssassin on a system that uses Postfix for MTA and Dovecot for handling final delivery. Spamassassin is being called via Postfix through spamd with: # # Spam Assassin bayesian filter updat

Re: uceprotect issue

On 11/4/2016 11:03 AM, Dianne Skoll wrote: On Fri, 4 Nov 2016 12:23:16 +0100 Holger Schramm wrote: If you don't like them, don't use their services. It is really that easy. It's not that easy. If you provide email services to a large number of people and someone they are trying to correspond

Re: uceprotect issue

On 11/2/2016 2:46 PM, Marc Stürmer wrote: Zitat von Marco : Sorry, I know this is not uceprotect list, but I don't know how to contact uceprotect, their contact form is unavailable. It seems the problem starts on 30 october. Did you have noticed too something about? UCE Protect has a very

Re: How to create a URIBL

On 10/18/2016 6:21 PM, Alex wrote: Hi, I've collected a bunch of URIs that I'd like to incorporate into my rulebase. I know how to create a DNSBL, but I don't specifically know how to create a URIBL. Can I use rbldnsd for this? Or would I have to extract the IP or hostname from the URL, then als

Re: Persistent phishing attacks with word/pdf macros

On 10/4/2016 12:37 PM, Alex wrote: Hi Joe, do you recall more specifically the subject or location of this conversation regarding using perl and mimedefang to deal with word macros? I recall something from Feb 2015, but I don't know how to parlay that into something usable with amavis and perl..

Re: Persistent phishing attacks with word/pdf macros

On 10/3/2016 4:30 PM, John Hardin wrote: On Mon, 3 Oct 2016, Axb wrote: On 10/03/2016 09:03 PM, John Hardin wrote: On Mon, 3 Oct 2016, Axb wrote: > On 10/03/2016 07:46 PM, Alex wrote: > > Hi, > > > > These are a real concern. If you receive any kind of real mail > > volume, > > you

Re: Greymail and marketing junk

On 9/30/2016 5:35 AM, Robert Schetterer wrote: Am 30.09.2016 um 02:28 schrieb Alex: Hi all, Has anyone given any thought to special rules or methods designed to catch greymail? That is, mail that perhaps may be opt-in, but abusive, like marketing mailing lists or newsletters? This might includ

Re: HTTPS_HTTP_MISMATCH and explanation

On 9/26/2016 8:54 AM, RW wrote: Informational rules do that, but IIRC __RULES are simply a special case. Hmm, you're probably right on that point. I can't find anything in the source that behaves that way, but the documentation claims that's how it works and I also don't see anything to suppor

Re: HTTPS_HTTP_MISMATCH and explanation

On 9/25/2016 9:25 PM, Sean Greenslade wrote: On Sun, Sep 25, 2016 at 07:57:37PM -0400, Alex wrote: I think the rule still has a use, perhaps in a meta or something. I believe (though don't quote me on this) that a zero-weight rule will still be checked if it's used as part of a metarule. --Sea

Re: How to reject mails with special message-id (Debian, Amavis, Spamassassin)

On 9/20/2016 9:46 AM, Thomas Barth wrote: Am 20.09.2016 um 15:27 schrieb Bowie Bailey: X-Spam-Status: Yes, score=14.009 tag=2 tag2=6.31 kill=6.31 tests=[HTML_MESSAGE=0.001, MESSAGEID_LOCAL=8, MIME_HTML_ONLY=1.105, PYZOR_CHECK=1.985, RCVD_IN_BRBL_LASTEXT=1.644, RDNS_NONE=1.274]

Re: X-Spam Tagging - Spam Status YESNO Flags - Sometimes not appended...

On 9/16/2016 12:59 PM, li...@rhsoft.net wrote: ... in case you have postscreen or something else which does proper rbl-scoring in front of the content-scanners it's no problem because only a small part of spam attempts are mahing it to SA may depend on the amount of ham which can be also mit

Re: Tuning recommendations?

On 9/13/2016 1:55 AM, John Hardin wrote: On Mon, 12 Sep 2016, thomas cameron wrote: Keep the tips coming, I appreciate learning from you! Here's another: there's some anecdotal evidence that publishing your own SPF record reduces the likelihood you'll be joe-jobbed. I'm not sure whether tha

Re: Matching infinite sets

On 8/22/2016 8:54 AM, Michael Orlitzky wrote: On 08/21/2016 03:22 PM, Damian wrote: There is no such set B, as it would contain itself. The empty set contains itself. That's an easy mistake to make. The empty set is {}, the set that contains only the empty set is {{}}. Sets are discrete elemen

Re: Matching infinite sets

On 8/21/2016 5:55 PM, Sidney Markowitz wrote: Dianne Skoll wrote on 22/08/16 8:56 AM: And... why can't a set contain itself? It can't in standard modern set theory (ZFC), through the foundation axioms, also known as the axiom of regularity https://en.wikipedia.org/wiki/Axiom_of_regularity w

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 2:27 PM, Jerry Malcolm wrote: I haven't figured out a way to get Thunderbird to allow me to copy/paste the headers. But I did look at all of the headers. There are no headers in the email with names like you mentioned. There is only the X-Spam-Status header and X-Spam-Flag header

Re: Unsubscribe

On 8/18/2016 10:57 AM, Benjamin E. Nichols wrote: Benjamin E. Nichols http://www.squidblacklist.org 1-405-397-1360 Documentation on how to unsubscribe from the list can be found on apache.org or in the notification you received when you first subscribed.

Re: Fwd: Re: New domain blacklist options available.

message-- *From: *Joe Quinn *Date: *Thu, Aug 18, 2016 9:15 AM *To: *users@spamassassin.apache.org <mailto:users@spamassassin.apache.org>; *Cc: * *Subject:*Re: Fwd: Re: New domain blacklist options available. On 8/18/2016 10:03 AM, Benny Pedersen wrote:> no point in spamm

Re: Fwd: Re: New domain blacklist options available.

On 8/18/2016 10:03 AM, Benny Pedersen wrote: no point in spamming freee maillists so ? Original Message Subject: Re: New domain blacklist options available. Date: 2016-08-18 15:46 From: "Benjamin E. Nichols" To: Benny Pedersen Because we dont work for free bonehead. To pu

Re: google spamming ?

On 8/15/2016 9:21 AM, Benny Pedersen wrote: On 2016-08-15 15:16, Joe Quinn wrote: Have you tried asking on either the rspamd or dnswl mailing lists? why should i waste my time with it ? i have reported spam to dnswl If you reported it already, why are you still asking how? how to report

Re: google spamming ?

On 8/15/2016 8:37 AM, Benny Pedersen wrote: On 2016-08-15 14:21, Joe Quinn wrote: This is not the mailing list for rspamd or dnswl. How is SA involved in this issue? :( i give up ! Have you tried asking on either the rspamd or dnswl mailing lists?

Re: google spamming ?

On 8/15/2016 8:01 AM, Benny Pedersen wrote: X-Spamd-Result: default: False [-10.25 / 15.00] WHITELIST_DMARC(-7.00)[google.com] WHITELIST_SPF_DKIM(-3.00)[google.com] SUSPICIOUS_RECIPS(1.50)[] CLAMAV_VIRUS_CLEAN(-2.00)[] DMARC_POLICY_ALLOW(-0.25)[google.com] MIME_GOOD(-0.10)[multipart/alterna

Re: Spoofed Domain

on ( I don't care if these are Macro enabled or not, there is no legitimate reason to rename them ). On Wednesday, August 10, 2016 09:31:21 Joe Quinn wrote: That's a very good warning indeed! Perhaps blocking .doc files with a zip-like file structure is in order? I can'

Re: Spoofed Domain

That's a very good warning indeed! Perhaps blocking .doc files with a zip-like file structure is in order? I can't think of a legitimate reason to use the old extension on the new file format. On 8/10/2016 9:28 AM, Larry Starr wrote: On Tuesday, August 09, 2016 18:01:57 Rob McEwen wrote: > O

Re: USER_IN_WHITELIST

On 7/6/2016 11:42 PM, Bill Cole wrote: On 6 Jul 2016, at 23:10, lorenzo wrote: [...] The output from spamassassin -t -D < In-whitelist.txt gives the answer, I believe: address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or blacklist regexp: ^.*microsoft\.com$ Very sneaky. I think I

Re: Corpus of Spam/Ham headers(Source IP) for research

On 6/29/2016 11:50 AM, Shivram Krishnan wrote: Hello Antony, We will be getting headers from our University. The only reason why we want other list is that we are tailoring Blacklists for specific networks, to see how these blacklists perform. The idea being , your network may not be seeing t

Re: Catching well directed spear phishing messages

On 6/29/2016 11:12 AM, Dianne Skoll wrote: On Wed, 29 Jun 2016 15:04:04 + David Jones wrote: If everyone (really Microsoft) had some sense, they will start showing the full display name with the email address to help users see the incorrect domain and possibly help users notice the wrong ad

Re: How SA reactes to a bunch of garbage characters

On 6/14/2016 8:33 AM, Matus UHLAR - fantomas wrote: that is just what I would like to know: If OCR produces results good enough for BAYES and other rules. I don't think there's difference between bayes and other rules. It's also possible that BAYES would have better results with misread charact

Re: SPF should always hit?

On 6/9/2016 11:23 AM, Robert Fitzpatrick wrote: Excuse me if this is too lame a question, but I have the SPF plugin enabled and it hits a lot. Should SPF_ something hit on every message if the domain has an SPF record in DNS? Furthermore, a message found as Google phishing did not get a hit on

Re: Where to find DETAIL for spamassassin default RULES

On 6/9/2016 7:55 AM, jimimaseye wrote: Once upon a time the include rules for spamassassin was published in its wiki (example here: http://spamassassin.apache.org/tests_3_3_x.html) which in turn gave a link to an 'explanation' detail of the individual rules. However, as you know, these wiki ages

Re: Email with attachment caused 100% CPU usage.

On 6/8/2016 1:20 PM, John Hardin wrote: On Wed, 8 Jun 2016, Mark London wrote: Hi - We received an email with several large postscript attachments, and the content type was "text/plain". This caused our spamassassin server to use up 100% CPU, parsing the attachments as text. I temporaril

Re: SA 3.4.1 on FC22/sendmail with a .procmailrc not triiggering spamc

On 6/8/2016 12:39 PM, Kris Deugau wrote: kud...@netzero.com wrote: We're running SA 3.4.1 with sendmail on Fedora Core 22. Every users has a .procmailrc upon creation of the user but we have some legacy users being inundated. If I just create a /etc/procmailrc will SA look at that first? Usua

Re: SPF_TEMPERROR now firing

On 6/5/2016 3:38 AM, Chalmers wrote: SPF_TEMPERROR now firing now scoring 1. Good. As I am still learning I now know something I didn't previously. Interesting responses here. It's worth noting that the rule may have a good S/O for you but it's still not a good idea to score it. Those rules only

Re: Bayes filter marking everything as ham

On 6/1/2016 3:06 AM, Reindl Harald wrote: Am 01.06.2016 um 02:38 schrieb David Jones: From: Reindl Harald Sent: Tuesday, May 31, 2016 6:27 PM To: users@spamassassin.apache.org Subject: Re: Bayes filter marking everything as ham Am 31.05.2016 um 23:58 schrieb Peter Carlson: May 30 09:0

Re: Accidental Spam Forward

On 5/31/2016 12:06 PM, Anthony Hoppe wrote: All, I accidentally forwarded some spam to this list. Autocomplete got the best of me and I chose "spamassassin" instead of "spamcop" in the "TO" field of the message. I haven't received the message myself (not sure if I will), but wanted to apolo

Re: Reporting gmail spam to Google

On 5/18/2016 11:10 AM, Alarig Le Lay wrote: On Thu May 19 00:00:31 2016, Byung-Hee HWANG (황병희) wrote: As far as i know, they are doing those best to reduce spam by DMARC. DMARC is used to prevent incomming spam, not outgoing. Well to be more specific, DMARC allows forgeries to be aggressively

Re: understanding HELO_DYNAMIC_IPADDR

SA uses IP-in-name as a machine-decidable definition of a dynamic IP, since you can't really automate it otherwise. This heuristic holds in the vast majority of cases, and is effective against a huge class of spam that comes from public ISPs who don't block port 25. An ISP's customers are gene

Re: Is this spam?

On 4/18/2016 10:52 PM, Alex wrote: Hi, I'm curious as to whether you think this email is spam? http://pastebin.com/bFVSgwnR It looks like your typical unsolicited "Buyers Guide" junk, but I've heard of actonsoftware before, and this email appears to have a legitimate unsubscribe link. It also

Re: Is this spam?

On 4/18/2016 1:23 PM, Alex wrote: Hi all, I'm curious as to whether you think this email is spam? http://pastebin.com/bFVSgwnR It looks like your typical unsolicited "Buyers Guide" junk, but I've heard of actonsoftware before, and this email appears to have a legitimate unsubscribe link. It al

Re: How does SpamAssassin processing languages other than English

On 4/12/2016 1:16 PM, Reindl Harald wrote: Am 12.04.2016 um 18:44 schrieb Yu Qian: SpamAssassin used Bayes as classier, this is typical and efficient for English. But how does it processing languages like Asian language? Can anyone introduce that or anyone can show the code where SpamAssassin

Re: Anyone else just blocking the ".top" TLD?

On 3/28/2016 3:02 PM, Vincent Fox wrote: From:whoswho REJECT This is the one that really annoys me. KAM.cf has a 5.0-scored rule named exactly that, and there's an entire Wikipedia article on the subject! https://en.wikipedia.org/wiki/Who's_Who_scam. It really makes ICANN look like they do no

Re: Regex problem

On 3/28/2016 11:59 AM, RW wrote: On Mon, 28 Mar 2016 09:58:23 -0400 Joe Quinn wrote: On 3/28/2016 9:55 AM, RW wrote: Subject =~ /\$\b/ There's no word boundary between the $ and the ' ' because they're both in \W. Thanks, I'd forgotten what the definition of a

Re: Regex problem

On 3/28/2016 9:55 AM, RW wrote: Am I missing something? With the test message printf 'Subject: x 555$ x\n\n ' I get a match on "$ " and "$" with Subject =~ /\$ / Subject =~ /\$/ but no match with Subject =~ /\$\b/ There's no word boundary between the $ and the ' ' because th

Re: Continuing - Re: How do I actually add these descriptions then...

On 3/7/2016 1:05 PM, RW wrote: On Mon, 7 Mar 2016 15:12:25 + Robert Chalmers wrote: I?ve added descriptions, grabbing the actual RULE name with awk, and creating the list that way. { a=$12; print "describe " a " Spam check applied."; } The result is like this. describe L

Re: My new method for blocking spam - REVEALED!

On 1/20/2016 3:20 PM, Dianne Skoll wrote: On Wed, 20 Jan 2016 12:11:02 -0800 Marc Perkel wrote: Again - it's not about matching as Bayes does. It's about not matching. It's not about not matching. It's about a preprocessing step that discards tokens that don't have extreme probabilities. I

Re: DNS lookups - bug with recursive lookups, or shoddy bind config?

On 1/4/2016 3:39 PM, Quanah Gibson-Mount wrote: --On Monday, January 04, 2016 8:28 PM + Chris J wrote: Before I raise this on Bugzilla, I just want to run this past people as I'm quite happy that I've failed to configure something, but can't see what. In short, RBL blacklists haven't bee

Re: AWL ?

On 12/23/2015 10:53 AM, Olivier CALVANO wrote: Hi i have installed a new server on Centos with Postfix/Amavisd and SpamAssassin my problems, 90% of mail are tagged spam: X-Spam-Flag: YES X-Spam-Score: 22.876 X-Spam-Level: ** X-Spam-Status: Yes, score=22.876 required=5.0 t

Re: Google redirects

On 12/18/2015 11:32 AM, John Hardin wrote: On Fri, 18 Dec 2015, Mark Martinec wrote: On 2015-12-18 16:29, Axb wrote: On 12/18/2015 04:17 PM, Mark Martinec wrote: > On 2015-12-17 22:41, Axb wrote: > > could you make a version using redirector_pattern so the redirected > > target can be lo

Re: Google redirects

On 12/17/2015 1:34 PM, Alex wrote: Hi, Can someone explain why spamassassin is allowing apparent google redirects? Cryptolocker :-( This one's blocked now. https://www.google.com/url?q=http://www.mediafire.com/download/izdqjzml6dz68t3/1Z4566W50325036.ups.doc_.wsf08137322366IlRiZxJtpLvPq78WySF33

Re: More on T_SPF_PERMERROR

On 12/15/2015 7:19 AM, Martin Gregorie wrote: On Mon, 2015-12-14 at 21:42 -0500, Alex wrote: Many times the domain actually has something wrong with SPF, but other times openspf.org/why and kittermans say there's nothing wrong with the domain. Other domains that fail, such as gmail.com and well

Re: More on T_SPF_PERMERROR

On 12/14/2015 1:47 PM, Alex wrote: Hi, I'm seeing quite a few T_SPF_PERMERROR entries in my logs and not sure if it's a problem, or a misunderstanding, or perhaps I've just started to notice it more often since I started looking for it... I'm seeing T_SPF_PERMERROR entries in my logs for sites

Re: Trying to understand how bayes works.

On 12/11/2015 1:24 PM, Reindl Harald wrote: Am 11.12.2015 um 19:12 schrieb Axb: On 12/11/2015 06:51 PM, Reindl Harald wrote: well, how many of you trained chistmas spam this year while my bayes did know it from last year? I like my Bayes fresh like bread out of the oven, new guitar strings

Re: Very strange SA result!

On 12/3/2015 9:23 AM, Jari Fredriksson wrote: On 3.12.2015 16.11, Kevin A. McGrail wrote: You are using KAM.cf which isn't a project ruleset. Please report the issue and a spample at https://raptor.pccc.com/raptor.cgim?template=report_problem We can likely look at it quickly and adjust. Howev

Re: question re/ RDNS_NONE

On 11/25/2015 6:07 AM, Edda wrote: Ouch, sorry, i tested it on 3.3.1 and "re-typed" that line in 3.4.1 Does the patch work for you? Since we're currently developing in both 3.4.2 and 4.0 and now you have bumped into the same problem, I might as well share this: repatch() { (cd $1 && svn

Re: Malware URI rule

On 11/9/2015 12:15 PM, Amir Caspi wrote: On Nov 9, 2015, at 10:09 AM, John Hardin wrote: score URI_MALWARE_CWALL6.000 Is your threshold higher than 5? Otherwise this is a poison pill for a "potential" hit. --- Amir thumbed via iPhone There's a lot of things that can bring

Re: New SA install, configuring for retraining on false positives

On 11/5/2015 1:44 PM, Reindl Harald wrote: Am 05.11.2015 um 19:24 schrieb Bill Cole: On 5 Nov 2015, at 6:52, David Mehler wrote: or SA as a milter called directly from my MTA. There is no such thing: SA is not a milter tell that our spamass-milter setup running for more than a year now r

Re: New rules..

On 11/2/2015 12:00 PM, Richard Mealing wrote: Hi there, Would this be the best list to talk about new rules for spamassassin? I'm new here.. Thanks, Rich This would be an excellent place, yes. The more technical discussion for things like bugs in eval rules will generally happen in dev@ bu

Re: How to get rid of this spam? Spam assassin does not catch it

On 11/2/2015 11:25 AM, Reindl Harald wrote: Am 02.11.2015 um 17:02 schrieb Benny Pedersen: and why did he change spamd login permisson when using sa-learn :( because *as he explained* the service user has /sbin/nologin as shell and so "su - username" won't work until you change that or as i

Re: SPF code change?

On 10/16/2015 10:18 AM, Benny Pedersen wrote: Reindl Harald skrev den 2015-10-16 15:57: and why the hell should a SPF test for mails coming with envelopes from yahoo, google, hotmail care about *that* entry for *your* domain? eh what ? Slow your roll, guys. Nick, can you give us a sample me

Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains

On 10/14/2015 12:00 PM, Bill Cole wrote: Describe, in detail, the new SA technology which fights abuse of new TLDs. Prior to v3.4.1, the mechanism for detecting and parsing hostnames to identify body URIs used an embedded array of hardcoded domains in Mail/SpamAssassin/Util/RegistrarBoundarie

Re: Investigating facebook spam

On 10/6/2015 1:38 PM, Alex wrote: Hi, I've received a handful of messages that appear to be facebook notifications, but fail SPF. They otherwise look completely legit - links to profiles, only URLs to facebook.com and CDN caching sites, and even appears to have been routed through facebook's out

Re: The word on messages w/ no Message-Id

On 9/28/2015 2:22 PM, Philip Prindeville wrote: Though listed as optional in the table in section 3.6, every message SHOULD have a "Message-ID:" field. Furthermore, reply messages SHOULD have "In-Reply-To:" and "References:" fields as appropriate and as described below. This is m

Re: Rule Help

On 9/25/2015 10:28 AM, Dianne Skoll wrote: On Fri, 25 Sep 2015 14:21:50 + Dave wrote: I am trying to create a rule that scores TLD's in received headers if they are not certain TLD's. What I have so far: Your logic is wrong. And you can do it all with one regex: header GC_TLD_COM Receiv

Re: Recommendations for mail with only an image

On 9/17/2015 2:31 PM, Alex wrote: Hi, There are a few rules that seem to overlap in these instances: * 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no * Subject: text * 1.0 FSL_EMPTY_BODY Message has completely empty body Those two should probably be evaluated for ov

Re: Repository of rules

include this rule? I am interested in your view, especially the phishing rules will hit lot of mail which are coming through at present and causing mayhem. Regards Sujit *From:*Joe Quinn [mailto:jqu...@pccc.com] *Sent:* 08 September 2015 16:27 *To:* users@spamassassin.apache.org *Subject:* Re

Re: Repository of rules

On 9/8/2015 11:13 AM, Anthony Hoppe wrote: Hey All, This is likely a n00b question, so I apologize. I've been a member of this list for a while. Periodically, I see rules develop based on submissions of samples from other members. Is there, by chance, a repository of rules like that somewhe

Re: phishing rules

On 8/25/2015 7:51 AM, RW wrote: On Tue, 25 Aug 2015 09:55:57 +0200 Tom Hendrikx wrote: Basically every MUA I know will label the message as a possible scam when you use the BAD version, which why you actually never see it in non-spam mail, unless the editor was a real noob. That applies to sp

Re: Hitting an address in the From:name

On 8/20/2015 2:56 PM, John Hardin wrote: On Thu, 20 Aug 2015, Olivier Coutu wrote: I believe that SA may be removing the part from the From:name, am I correct? Define this rule: header __ALL_FROMNAME From:name =~ /.*/ ...and run spamassassin on a test message using: --debug area=a

Re: Hitting an address in the From:name

On 8/20/2015 2:42 PM, Olivier Coutu wrote: I got a spearphishing e-mail the other day that had a From with the following form: From: "Mister President " I attempted to craft a SA rule to catch the "@" in the From:name but I was unable to catch anything after the "<" ex: From:name =~

Re: Return Path (TM) whitelists

On 7/9/2015 6:07 PM, Dianne Skoll wrote: On Fri, 10 Jul 2015 07:58:39 +1000 Noel Butler wrote: +1 I'll throw my +1 in on this also. Almost by definition, the kinds of organizations who buy into these certifications to get their mail delivered are unlikely to be the kinds of organizations I w

Re: PerMsgStatus & Util warnings

On 5/15/2015 10:00 AM, Joe Quinn wrote: On 5/15/2015 9:49 AM, Kevin A. McGrail wrote: On 5/15/2015 9:43 AM, Axb wrote: Kartsten's GUDO plugin also uses uri_to_domain What do we have to replace that function with? The uri_to_domain is now in Mail::SpamAssassin::RegistryBound

Re: PerMsgStatus & Util warnings

On 5/15/2015 9:49 AM, Kevin A. McGrail wrote: On 5/15/2015 9:43 AM, Axb wrote: Kartsten's GUDO plugin also uses uri_to_domain What do we have to replace that function with? The uri_to_domain is now in Mail::SpamAssassin::RegistryBoundaries::uri_to_domain. Reiterating the announcement: Not

Re: DNSWL fp and other problems

On 5/11/2015 9:42 AM, Alex Regan wrote: Hi, I have a fp that was passed through thomsonreuters, hitting RCVD_IN_DNSWL_HI, receiving -5 points, from an obvious hacked account. http://pastebin.com/5LYS7s2v This is with v3.4.1, but an older bayes database, so perhaps it needs to be rebuilt. Ev

Re: Particularly annoying spam

On 5/1/2015 10:55 AM, Larry Rosenman wrote: http://pastebin.com/4gck7uLD This one and one's like it seem to get through multiple times/day. Any help here? Today's is WITH 3.4.1.. That's a variant on a pretty old campaign that I haven't seen get through in a long while. I've updated KAM

Re: TxRep $msgscore warning

On 4/30/2015 9:22 AM, Joe Quinn wrote: On 4/30/2015 9:10 AM, Birta Levente wrote: On 30/04/2015 15:55, Joe Quinn wrote: On 4/30/2015 7:09 AM, Birta Levente wrote: Hi I saw the bug report about TxRep warning: _WARN: Use of uninitialized value $msgscore in addition (+) at /usr/share/perl5

Re: TxRep $msgscore warning

On 4/30/2015 9:10 AM, Birta Levente wrote: On 30/04/2015 15:55, Joe Quinn wrote: On 4/30/2015 7:09 AM, Birta Levente wrote: Hi I saw the bug report about TxRep warning: _WARN: Use of uninitialized value $msgscore in addition (+) at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin

Re: TxRep $msgscore warning

On 4/30/2015 7:09 AM, Birta Levente wrote: Hi I saw the bug report about TxRep warning: _WARN: Use of uninitialized value $msgscore in addition (+) at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/TxRep.pm line 1415. _WARN: Use of uninitialized value $msgscore in subtraction (-) I ju

Re: v=spf1 +all

On 4/24/2015 11:23 AM, Dianne Skoll wrote: On Fri, 24 Apr 2015 16:20:41 +0100 Paul Stead wrote: I've had thoughts of an extension which calculates the number of IP addresses specified in an SPF record, then calculating the % of world-wide addresses this SPF declares... I don't seem to be able

Re: v=spf1 +all

On 4/24/2015 9:38 AM, Reindl Harald wrote: Am 24.04.2015 um 15:22 schrieb Dianne Skoll: On Fri, 24 Apr 2015 15:17:45 +0200 Reindl Harald wrote: v=spf1 exists:gmail.com -all makes no sense - the spammer don't own the domain in most cases and if they do then they just don't add a SPF policy

Re: v=spf1 +all

On 4/23/2015 1:24 PM, A. Schulze wrote: Hello, I wrote a little patch for the SPF plugin to detect domains authenticating any IP by SPF. Usage: local.cf header SPF_PASS_PLUSALL eval:check_for_spf_pass_plusall() header SPF_HELO_PASS_PLUSALL eval:check_for_spf_helo_pass_plusall() describe

Re: Awl on Redis

On 4/17/2015 7:58 AM, Kevin A. McGrail wrote: On 4/17/2015 6:46 AM, ma...@nucleus.it wrote: Hi to all, a saw that from spamassassin 3.4 Bayes can be stored on a Redis database. Is it possible also for Awl (auto_whitelist) ? Or maybe in the future ? We are currently looking at TxRep as a replace

Re: blacklist_uri_host

On 4/2/2015 4:23 PM, Axb wrote: Gals (3?) & Guys If you're being plagued by the new TLD spams AND using SA 3.4.x don't forget "blacklist_uri_host" per default it's scored score URI_HOST_IN_BLACKLIST 100 but you may want to be less radical and just use a score butnot treat as a poison pill rul

Re: RBL/SPF if header exists

On 3/31/2015 12:23 PM, Mike Cardwell wrote: * on the Tue, Mar 31, 2015 at 12:15:31PM -0400, Joe Quinn wrote: Here's an example from when Yahoo's internal Received headers were hitting RCVD_ILLEGAL_IP, taken from here: http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.

Re: RBL/SPF if header exists

On 3/31/2015 12:12 PM, Mike Cardwell wrote: * on the Tue, Mar 31, 2015 at 11:59:39AM -0400, Joe Quinn wrote: Is it possible to enable or disable RBL and/or SPF checks according to the existence or lack of a header? Without going into too many details, I need a way of transmitting to

Re: RBL/SPF if header exists

On 3/31/2015 11:45 AM, Mike Cardwell wrote: Is it possible to enable or disable RBL and/or SPF checks according to the existence or lack of a header? Without going into too many details, I need a way of transmitting to SpamAssassin at scan-time that it should not run SPF or RBL checks on a parti

  1   2   >