When one of our customers emails someone, we whitelist the recipient
address so that the return email won't be blocked [1].
Some users foolishly whitelist ad...@paypal.com, so that phishing
emails go right through.
Where can I find a list of "frequently spoofed addresses" (or domains)?
We can th
I want to run a message through ONE SpamAssassin test w/o the overhead
of running all the tests.
I realize many SA tests are just regexs (so I could use procmail or
something), but this test is a meta test and it may change from time
to time.
Does SA have a "--run-just-this-test=FOO" option?
--
SA doesn't use EvalTests.pm's check_for_from_to_same test, but part of
the code looks like this:
return 0 if (!length($hdr_from) || !length($hdr_to) ||
$hdr_from eq $hdr_to);
Is that right? Shouldn't the 'eq' be 'ne'?
--
We're just a Bunch Of Regular Guys, a collective group th
Can SpamAssassin negative score emails that are sent using TLS?
I realize anyone (even spammers) can use TLS, but I tend to trust
encrypting mail servers more than I do non-encrypting ones.
However, I'm guessing all evidence of TLS usage has disappeared by the
time SpamAssassin gets the message?
How do I disable a rule in /usr/local/share/spamassassin/*.cf?
I'm tempted to comment it out, but the headers say to not do that.
If I put something in /etc/mail/spamassassin/local.cfg, I can override
the definition of an existing rule (right?), but that doesn't let me
delete a rule.
If I wanted
I have about 20 domains, and any email to any of these domains
([EMAIL PROTECTED]) forwards to a single mailbox.
I handle email for all these domains myself, but it's becoming a hassle:
% dictionary attacks mean I often get the same spam repeatedly
% I'm too scared to change my SMTP config (to
To fight spam, I want to validate the address (not necessarily in
real-time) of the a given email sender. Is there a Unix tool that does
this?
The basics are simple: to validate "[EMAIL PROTECTED]", I connect to
the MX record of wnonline.net and go as far as "RCPT TO" as follows:
host -t mx wno
I recently (~26 Feb 2007) submitted two RBL blocks to SORBS
(85.93.37.128-85.93.37.191 and 86.212.217.0-86.212.217.255). My emails
created 2 tickets on rt.sorbs.net, but the tickets remain "new", even
though the autoreply said they should be handled in 24-48 hours. The
tickets did get moved from t
I'd like to find out when the (meta) rule RATWARE_OUTLOOK_NONAME was
added to SpamAssassin (which version first included it as part of the
standard distribution?).
This rule isn't listed at "http://spamassassin.apache.org/tests_3_1_x.html";
(possibly because that page doesn't include meta rules?)
Blacklisting with SpamAssassin is easy: just add a rule with a high score.
However, this seems inefficient, since SpamAssassin will still go
through its entire ruleset to calculate a score.
Is it possible to setup "first and final" rules in SpamAssassin. That
is, rules that are: 1) checked befor
If I want to block subjects matching "foo" or "bar", is it more
efficient to write two regexps or a single "foo|bar" regexp?
I'd think a single regexp is more efficient, but SpamAssassin ships w/
rule-sets that have multiple rules. Given how many spams people get,
even a small improvement in effi
Spammers are starting to put "speckles" in their images to defeat
OCR-scanning plugins such as FuzzyOCR.
I thought ImageMagick's -despeckle option would help, but it doesn't
seem to, not even when applied multiple times, not even in conjunction
with -monochrome.
I want a filter that does this fo
Many people write test rules w/ small negative scores like this:
header SUBJ_FOO_BAR_TEST Subject =~ /foo.*bar/
describe SUBJ_FOO_BAR_TEST Subject contains both "foo" and "bar" in that order
score SUBJ_FOO_BAR_TEST -0.001
The logs will then show when SUBJ_FOO_BAR_TEST is hit.
I want to go one s
How do I write a rule that negative scores emails "from"
blackberry.com. In other words, where the reverse DNS of the IP
address connecting to my mailserver matches the regex /.*blackberry\.com$/
The obvious:
Received =~ /.*blackberry\.com$/
doesn't work, because someone could "HELO blackberry.
We turned on FuzzyOCR's experimental "hashdb" function, but had to
turn it off again after it tagged the following images (hashes) as
spam:
8:1:1:1::1:1:1:1:1
14:1:1:1::0:0:0:0:1
These appear to be "spacer.gif"-like images: small images commonly
used in HTML messages for formatting purposes.
Ha
Spamassassin has lots of tests for fake HELOs. If someone says "HELO
hotmail.com", but aren't connecting from a Hotmail IP address, they
get dinged (spam score is increased).
Recently, someone connected our server, call it mx.xyz.com, and said
"HELO mx.xyz.com". Spamassassin didn't ding it for do
Thanks to everyone who is replying here. Additional replies/comments
always appreciated.
What started me thinking about this is this non-intuitive but
mathematically valid "paradox" that Bookworm and others have noticed:
If 95% of all email is spam, and I correctly tell users that I block
95% of
I know that most (90%+) email sent now is spam, but what are the
numbers for people who use spam filtering?
I realize it varies by user, sensitivity to false positives, tools
used, etc, but do people who use spam filtering find that only 10% of
the messages they receive are spam? 25%? 50%? higher
Spammers often spoof fake email addresses when sending email, eg
"[EMAIL PROTECTED]". It's easy to tell this address is fake:
host -t mx lycos.com
lycos.com mail is handled by 10 rmail-alt2.lycosmail.lycos.com.
lycos.com mail is handled by 5 rmail.lycosmail.lycos.com.
lycos.com mail is handled
19 matches
Mail list logo
