RE: off topic, Request for Whitelisting or Spam Score Adjustment for our TDL Domain

> > Actually, if you look at ICANN's finances, they're retrenching because > the new TLDs have mostly been a failure. There's a huge one-time pot > of unexpected money from domain auctions, but they've promised to give > it away. Other than that, it's been at best meh, and over 100 of the > vanity

off topic - what about privacy compliance scanning?

I was wondering if it could be interesting for spamassassin to get also into the business of scanning for personal/sensitive data. Maybe as a separate project? I have the impression there is growing demand for "personal identifiable information" services. I have the impression that such scannin

RE: base64 html page in headers

> I just received this crap from ceneo.pl. Interesting is > that in the > header (or just below it?) > > > Just below it. The blank line delimits headers from body. > > > > > Thanks. If they knew this at microsoft/outlook, I woul

RE: base64 html page in headers

> > > I just received this crap from ceneo.pl. Interesting is that in the > > header (or just below it?) > > Just below it. The blank line delimits headers from body. > > Thanks. If they knew this at microsoft/outlook, I would not be wasting anyones time with this.

base64 html page in headers

I just received this crap from ceneo.pl. Interesting is that in the header (or just below it?) there is a large (2154 lines) base64 encoded block which if you decoded it, is a full html 1261 line html page starting with and ending with Boldly enough they even include a google tracking link wi

RE: Patterns for list broker spam?

> Every day I get a bunch of spam from fake list brokers, invariably from > throwaway Gmail or Outlook > accounts. What is helping me a lot is when the message has a softfail spf state and an envelope with @outlook.com / @gmail.com I override the ~all and treat is as -all Maybe check if your

RE: Tool for rule managing

> does anybody use any tool to manage rules? creations, expirations, rates, > backups, etc... > What about a milter that scans the mail header for what you want, and exposes that data in a prometheus endpoint?

RE: training bayes and newsletters

> I can imagine the newsletter template is somewhat common, but does bayes > have any ability to distinguish a junk newsletter from a legitimate > newsletter? How can bayes, if you also can't? My advice would be to mark eg everything from mailchimp and than whitelist what you indeed agreed to re

RE: blocking compute-1.amazonaws.com

> > Marc skrev den 2024-10-11 09:24: > > We can just block hostnames that resolve to compute-1.amazonaws.com > > not? Amazon has own smtp range, or am I wrong? > > urls have nothing to do with sending ips this a reverse hostname lookup

blocking compute-1.amazonaws.com

We can just block hostnames that resolve to compute-1.amazonaws.com not? Amazon has own smtp range, or am I wrong?

RE: Whitelist or BAYES?

> --- >If guns kill people, then... > -- pencils miss spel words. > -- cars make people drive drunk. > -- spoons make people fat. > --- :) I wa

RE: Whitelist or BAYES?

> > > So, on the one hand I can add them to whitelist and be done with it, or > > I can add them to missed HAM for re-learning. > > > > Which is the best approach? > > Do both. > You will be always having work. The one's SPAM is the other users delight. I have switched to having frontend serve

RE: non-free Services

> > im searching for all non-free comercial services in Spamassasin. > > > ATM i found: > dns_query_restriction deny sorbs.net > dns_query_restriction deny bl.mailspike.net > dns_query_restriction deny wl.mailspike.net > Spamcop (ZEN) > > Does i need to disable other services as well? > cant fi

RE: DATE_IN_FUTURE_24_48 more often?

> > >> > > I think I am starting to see this more often. Today I was checking > >> > > again every server to see if the ntp time is syncing properly. But > >> > > don't notice anything weird, can't really believe this sending had > a > >> > > bad clock. Can anyone suggest what/where to look for? >

RE: DATE_IN_FUTURE_24_48 more often?

> > > > > > I think I am starting to see this more often. Today I was checking > > > again every server to see if the ntp time is syncing properly. But > > > don't notice anything weird, can't really believe this sending had a > > > bad clock. Can anyone suggest what/where to look for? > > > > > >

RE: DATE_IN_FUTURE_24_48 more often?

> > > I think I am starting to see this more often. Today I was checking > > again every server to see if the ntp time is syncing properly. But > > don't notice anything weird, can't really believe this sending had a > > bad clock. Can anyone suggest what/where to look for? > > > > > > DATE_IN_FUT

DATE_IN_FUTURE_24_48 more often?

I think I am starting to see this more often. Today I was checking again every server to see if the ntp time is syncing properly. But don't notice anything weird, can't really believe this sending had a bad clock. Can anyone suggest what/where to look for? DATE_IN_FUTURE_24_48 Date: is 24 to

RE: Finance spam

this whole range of 185.3.229.x is on my dns blacklist and everything on that is either rejected or marked. I can only suggest doing something similar ;) 185.3.229.4 perfstat.hostex.lt. 185.3.229.5 post.alfa.lt. 185.3.229.6 185.3.229.7 185.3.229.8 185.3.229.9 185.3.22

RE: DKIM length 'l=' tag

> > > The DKIM RFC > https://datatracker.ietf.org/doc/html/rfc6376#section-8.2 > tells us that it is not safe to rely on the DKIM length (l=) tag > and > https://www.zone.eu/blog/2024/05/17/bimi-and-dmarc-cant-save-you/ > shows how it can be used to subvert BIMI*. > > I am looking at ex

RE: dkim fail %

> > I am only looking at signature verifications of dkim, nothing else. My > > software currently does not log selector and domain of failing > signatures, > > so I am just doing an mx lookup and 'guessing' that outgoing mail > > originate from something similar. It is just to much of a coinciden

RE: dkim fail %

> > I am having a large (20%) of messages fail dkim. If I do some random > > checks, it looks like most of the failing messages are from the > > outlook.com cloud. Does any one else have this? Or is my setup just not > > properly checking dkim of outlook.com? > > how should i guess ? > > i see o3

dkim fail %

I am having a large (20%) of messages fail dkim. If I do some random checks, it looks like most of the failing messages are from the outlook.com cloud. Does any one else have this? Or is my setup just not properly checking dkim of outlook.com?

RE: How to report SPAM?

> for months I have been waiting for the type of SPAM I receive to be > captured by the DNS block lists. But nothing is happening. I have long > since fed Spamassassin with these SPAMs. What else can I do? put your spam score lower? I don't think you will get many false positives when you put it

RE: Re[2]: spamassassin with gmail

> >Why not just forward messages? Register a domain put some mx servers in > front of gmails mx. I recently was testing with such relay/forward, works > perfectly, I am only changing the envelope nothing else. DKIM, spf > everyting perfectly working. > > > I'd be interested to know if anyone runs s

RE: spamassassin with gmail

> > Do any of you use spamassassin with a gmail account, and if so, how are > people doing it? The reason to do this is gmail's spam filtering isn't > perfect You can add to this, that gmail actually is also losing email and annoying is that you can't send zip files. I am constantly asking peo

RE: WARNING: Microsoft has earned removal from SA default welcomelist

All nice and well, but a bit decades to late. There should never have been such default whitelist. Companies should take care not be on blacklists, and should maintain some degree of standard implementation to send out email. After all spf -all exists already for a long time. So why are google/

RE: Dynamic blacklist ?

> do you know if there is a way to have a blacklist, either for user or > eventually for an entire server, that could be feeded via some scripts ? Yes create your own dns blacklist > A sort of auto_learn but only for addresses ( to or from ) ? No such thing as only for... You have to impleme

RE: disable URIBL_ and spamhaus.net

> I must chane or disable permanently spamhaus.net and all everything he > uses. > > They calculated the rate so much that I couldn't afford to use their toys > > Does anyone have an interesting solution to this problem? > Or maybe some other lists connected? > Do you really need url checking?

RE: OT: Microsoft Breech

I am using spamcop and spamhaus to block. There are indeed outlook.com ip addresses that bounce. > > Does anyone else just block all traffic from *.onmicrosoft.com? I have > literally NEVER gotten anything from that domain which is not obvious junk. > > I set up postfix to just flat out refuse

RE: Question about forwarding email (not specifically SA, pointers greatly appreciated)

> > Byung-Hee HWANG skrev den 2024-01-08 12:27: > > > > > Gmail is my last INBOX. That's enough for me. > > > > +1, so you are ready to setup google mx ? :) > > > > Hellow Benny, > > Actually i used Google MX for 10 years. Recently, i created dedicated > MXs and am continuing to operate them. Plu

RE: Anybody else getting bombarded with "I RECORDED YOU" spam?

Yes that is fucked up that experience and wisdom comes with getting older ;) https://faculty.cs.niu.edu/~rickert/cf/hack/require_rdns.m4 > > Marc - You are correct.  All the IP sources of this spam, don't a valid > reverse lookup of the IP address, to an IP name.   That will solv

RE: Anybody else getting bombarded with "I RECORDED YOU" spam?

> > Heck, maybe I should just block the whole country.  :) You have to be careful with this. I think there are 'organisations' that specifically abuse with the intend to provoke you to have blanket block a specific region/range.

RE: Anybody else getting bombarded with "I RECORDED YOU" spam?

> > The spam is coming from many different IP ranges, with little > repetition.   Most of them are from countries like Afghanistan, > Kyrgyzstan, Azerbaijan, Kazakhstan, and Uzbekistan.  Are these the > latest sources that spam software is using, because other countries have > tightened up their s

RE: rbl for smtp auth hosts

>> I have bad experiente with spam rats and thus wouldn't recommend using > >> them. > >> YMMV of course. > > On 15.09.23 21:57, Marc wrote: > >You could be right about this. When I compare the last 413 failed smtp > > auths, none are listed in auth.spamra

RE: rbl for smtp auth hosts

> >Marc skrev den 2023-09-15 17:01: > >>Anyone have any experience with a dns blacklist specific to known smtp > >>auth abuse? > > On 15.09.23 17:51, Benny Pedersen wrote: > >spamrats ? > > > >https://www.spamrats.com/ > > I have bad exper

RE: rbl for smtp auth hosts

> > Anyone have any experience with a dns blacklist specific to known smtp > > auth abuse? > > spamrats ? > > https://www.spamrats.com/ yes thanks! this RATS-Auth maybe

RE: rbl for smtp auth hosts

> > > > > On 15.09.23 15:31, Riccardo Alfieri wrote: > >> Yes, at previous $dayjob. Applied on the submission MSA, it proved to > >> be useful in mitigating the fallout when users got their credentials > >> compromised. > > > > can you describe it more? > > > Well, I checked the connecting IP of

rbl for smtp auth hosts

Anyone have any experience with a dns blacklist specific to known smtp auth abuse?

RE: allow general access after 1 auth

I am blind, thought I wrote to the apache list, thanks > > This has nothing to do with SpamAssassin. Maybe you'll find better > responses somewhere focused on web server stuff... > > > On 2023-08-12 at 11:13:29 UTC-0400 (Sat, 12 Aug 2023 15:13:29 +) > Marc

allow general access after 1 auth

I was wondering if it is possible to allow general access to an url after some account authenticated for this url. Without the necessity to adapt the web application for this Say we have closed https://www.example.com/webapp with something like Require valid-user Order deny,allow Deny from all

RE: kam channel excess spamscore gives false possitive on valid mail from microsoft store

> >> Yes, score=17.228 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, > >> DKIM_VALID=-0.1, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001, > >> KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_HUGEIMGSRC=0.2, > >> KAM_SHORT=0.001, MIME_HTML_MOSTLY=0.1, MPART_ALT_DIFF=0.724, > >> RCVD_IN_DNSW

RE: kam channel excess spamscore gives false possitive on valid mail from microsoft store

> > Yes, score=17.228 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, > DKIM_VALID=-0.1, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001, > KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_HUGEIMGSRC=0.2, > KAM_SHORT=0.001, MIME_HTML_MOSTLY=0.1, MPART_ALT_DIFF=0.724, > RCVD_IN_DNSWL_NONE=-0.00

RE: My apologies

> > > I've blocked him on my mail server, as well. > > Reindl now and then says something useful, but as you have noticed his > people skills are somewhere in the negative 200 score level. I don't > know > that I'd block him, but you do need to take anything he says witha few > horselicks of salt

RE: Really hard-to-filter spam

> > Hey, all. I've recently started getting spam that's really hard to deal > with, and I'm open to suggestions as to how to approach it. > Superficially, they all look much like this: > Post the complete message source including headers.

RE: Ensuring SPF/DKIM for @gmail.com

> > >> I assume that you mean so that your outbound SMTP server is actually > >> authorized in some capacity and fall under "all". Is that correct? > > ... and does NOT dall under "all". > > On 27.07.23 08:11, Marc wrote: > >ind

RE: Ensuring SPF/DKIM for @gmail.com

> > I assume that you mean so that your outbound SMTP server is actually > authorized in some capacity and fall under "all". Is that correct? indeed afaik -all is all authorized > > When you configure your spf your result is either pass, softfail or > fail > > I think we can agree that a correc

RE: Ensuring SPF/DKIM for @gmail.com

> > The oldest mail server log I can find is from mx-in-08 sadly even that > one is only from 2005 but confirms we were using it then, quite a bit > longer than 2014 :P > Why retire? To go fishing or so? I think GDPR even prohibits keeping very old log files, if there is no specific reason for

RE: Ensuring SPF/DKIM for @gmail.com

> > > > > > What does "correctly setup SPF" mean to you? > > > > so your ip does not generate a softfail or fail > > Only way to make SPF never incorrectly fail/softwail is to use "+all", > but that kind of kills its point :-) +all is in pass https://datatracker.ietf.org/doc/html/rfc4408#page-8

RE: Ensuring SPF/DKIM for @gmail.com

> At the risk of starting a flame war... > > What does "correctly setup SPF" mean to you? so your ip does not generate a softfail or fail > What makes your opinion better than someone else's opinion that differs? > (I take it for granted that someone will have a differing opinion.) When you c

RE: Ensuring SPF/DKIM for @gmail.com

> > blocklist_from *@gmail.com > welcomelist_auth *@gmail.com > > makes it perfect :) > > if both dkim and spf is pass, it will get neutral scores > I found this to be not sufficient (assuming the above pass is ~all). gmail has spf ~all. So I have made an exception for the google network in

RE: Welcome/unwelcome list not working correctly.

> > > :) If I have to convert my old blacklists, is the blacklist than now a > > welcome list or a unwelcome list? > > blacklist->blocklikst > whitelist->welcomelist > > unwelcomelist and unblocklist directives reverse the actions of > welcomelist and blocklist directives. > :) I think this is

RE: Welcome/unwelcome list not working correctly.

:) If I have to convert my old blacklists, is the blacklist than now a welcome list or a unwelcome list?

RE: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...

> > I should probably add that I personally don't do per-user config because > of the enlarged attack surface it presents and small marginal value, but > that's guided by local details. I work with systems owned by others > where other choices were made for very sound reasons and they have not > h

RE: Best practice for adding headers?

> > Since I need to patch spamass-milter anyway to resolve a different > issue (calling "sendmail -bv " does not work on postfix > systems), it should be easy to add such an option to spamass-milter. > Hi Robert, are going to work on this milter? :) :) Currently I have the milter seperate from

RE: comparing sender domain against recipient domain

> > On Fri, May 12, 2023 at 05:32:30PM +0200, Reindl Harald wrote: > > > On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote: > > > > On Fri, 12 May 2023, Matija Nalis wrote: > > > > > That is because those domains are not EQUAL? Od did you wanted a > > > > > rule that checks only on SIMILAR

RE: comparing sender domain against recipient domain

> > > I was wondering if spamassassin is applying some sort of algorithm to > > comparing sender domain against recipient domain to detect a phishing > > attempt? > > There is a suite of meta rules and subrules with names containing > TO_EQ_FROM in the default rule channel. Consult the rules file

RE: comparing sender domain against recipient domain

> > > what useful information would you be looking for from this kind of > comparison? sen...@a1exander.com recipi...@alexander.com * 3.9 PHISHING 1=l attempt I assume there are some character substitude algorithms available, maybe an adapted version of an algorithm that tries to detect typ

comparing sender domain against recipient domain

I was wondering if spamassassin is applying some sort of algorithm to comparing sender domain against recipient domain to detect a phishing attempt?

RE: Re[8]: rule based on domain age

> IP ranges and country connections are of no help. These criminals use > outlook, gmail, vps servers and everything under the sun. So they register new domains, link them to gmail (outlook) and send spam with envelope of the domain via the google network, and google does nothing and keeps givi

RE: Re[6]: rule based on domain age

> What I am targeting will not be on an abusive domains on any RBL > anywhere as they buy these domains for the sole purpose of targeting our > company and our clients. They only have to succeed once where I have to > succeed every time to keep them from stealing large sums. What about the ip r

RE: Re[4]: rule based on domain age

Yes some already block/timeout with the 2nd lookup. But there is a flip side. There are dns blacklists that have domainnames that are currently being abused. > > I hadn't considered being blocked by the TLD's from doing the lookups. > Good point. We probably do about 2K per day so not sure tha

RE: rule based on domain age

> > My apologies if that has been asked and or answered previously. > > I would love to have a rule to score up messages from domains registered > in the past X configurable days. > > We rarely receive legit email from domains newer than 1 year old, but we > get spoofs daily from domains that a

RE: Suggested Approach

> > For those that would like to investigate, the messages are in the > attached ZIP. It looks like simple Spamming but I can not assure > there are no other issues of concern. > Put full (redacted) plaint text source message. I can't believe that message headers do not contain ip addresses. W

RE: spamassassin milter auto ip address update

> > > I recently had an issue where mail was temporarily rejected because > > clamav-milter/spamass-milter could not connect to clamd/spamd. > > Clamd/Spamd are a tasks that can automatically change hosts and thus > > their ips. A simple restart of the milter fixes this (resolves the new > > ip)

spamassassin milter auto ip address update

I recently had an issue where mail was temporarily rejected because clamav-milter/spamass-milter could not connect to clamd/spamd. Clamd/Spamd are a tasks that can automatically change hosts and thus their ips. A simple restart of the milter fixes this (resolves the new ip). However, it would

RE: Messages from outer clients marked as spam

,KAM_LOTSOFHASH,KHOP_HELO_FCRDNS,LOT > >> > S_OF_MONEY,PDS_RDNS_DYNAMIC_FP,RCVD_IN_PBL,RCVD_IN_ZEN_LASTEXTERNAL,RDNS_DYNAM > >> IC,SPF_FAIL,TO_EQ_FM_DOM_SPF_FAIL > > On 23.01.23 16:05, Marc wrote: > >Don't you have more details? Looks to me you are on dns blacklists

RE: Messages from outer clients marked as spam

> I've got a long standing server, where I run FreeBSD (13.1) + sendmail > (8.17.1) + MIMEDefang (2.84) + SpamAssassin (3.4.6). > (I know there are more recent versions, but that's what ports currently > provide). > This has been working perfectly for years. yes time changes, currently gmail is so

RE: sorbs blocklist spamassassin.apache.org

> > https://multirbl.valli.org/lookup/95.216.194.37.html > > but who cares ? What is the problem? I am even surprised that there are so many green listings. I have even configured that hosts with a reverse xxx.your-server.de are not allowed to connect.

RE: *****SPAM***** Re: *****SPAM***** Re: *****SPAM***** Re: *****SPAM***** Re: *****SPAM***** Re: wordpress work

Lets see how many spamassassin is adding. RE: *SPAM* Re: *SPAM* Re: *SPAM* Re: *SPAM* Re: *SPAM* Re: wordpress work

RE: awl postgresql

> > https://github.com/apache/spamassassin/blob/trunk/sql/awl_pg.sql#L6 > > https://www.irccloud.com/pastebin/wRkT4AeI/awl.sql > > how to solve it ? https://notepad.ltd/asdf23423asdfasdf ;)

RE: welcomelist_auth and SPF

> > > Yes, GoDaddy is shit, but should that mean there's no expectation of > being able to add it to a trusted senders list for individual senders? of course whitelist_from *@christmasball.com or you add some header header TREE_WHITELISTX-Tree =~ /\bwhitelisted\b/ score TREE_WHIT

RE: welcomelist_auth and SPF

> The sender's SPF record includes the sending IP (40.107.96.128) in the > secureserver.net entry, and SPF_PASS is hit. > Without even checking anything I can already remember that this secureserver.net is shit. I have blocked whole ranges of them, they send spam, try

shameless plug for -=> mailfromd <=-

I am so happy about recent updates of mailfromd[1] that I wanted to share with you this info. I have been harassing the Sergey from mailfromd[1] for a while to implement statistics and currently this is working very nicely. Maybe you are still using a prehistoric project like rspamd, where the

RE: Facepalm

> I accidentally forwarded one (or more) messages to the SpamAssassin > mailing list which I meant to forward to SpamCop. High-latency remote > control, address prefix collision, and lack of sleep are contributing > factors. > > I will update address books to reduce likelihood of collisions in the

RE: spam subject marking

> You might want to point out to them that rewrite_header breaks any DKIM > signature on mail, Hmmm, good point, not really thought about this even. Are email clients complaining about this? > in addition to cluttering the Subject if > misclassified mail is part of a conversation. So the alte

RE: spam subject marking

> > When a *user* replies it's not at the beginning > it's "Re: **spam**" :) Indeed, and in other languages it is even different, but I think developers get the point ;)

RE: spam subject marking

> >> spamassassin add multiple times '**spam**' to the subject. > >> > >> your spamassassin only adds it one time > > > > Yes I know, and lazy users do not remove it in replies, that is how > you get multiple occurances > > than it's "Subject: **spam** Re: **spam**" and the only relevant > informa

RE: spam subject marking

> >> > >> multiple signs of spam leading to marking a message as spam > > > > This is not relevant for the discussion on whether or not to have > spamassassin add multiple times '**spam**' to the subject. > > your spamassassin only adds it one time Yes I know, and lazy users do not remove it in r

RE: spam subject marking

> > Am 15.11.22 um 11:48 schrieb Marc: > >> > >> and i told you that it's useful when a message already passed > multiple > >> hops which flagged it as spam to outright reject it > >> > >> /^Subject: .*\*\*\*\*\*spam\*\*\*\*\* \*\*\*\

RE: spam subject marking

> > and i told you that it's useful when a message already passed multiple > hops which flagged it as spam to outright reject it > > /^Subject: .*\*\*\*\*\*spam\*\*\*\*\* \*\*\*\*\*spam\*\*\*\*\*/ REJECT > Administrative Prohibition (Subject) A message is either spam or not, and is marked as spa

RE: spam subject marking

> > > > I am having repeated occurances of ***SPAM*** in the subject, maybe it > is good to stop adding ***SPAM*** if there are already 10 in the > subject? > > ask the sending admin why in the world he still continues to blow out > that crap instead trash it > > if there are already two in the s

spam subject marking

I am having repeated occurances of ***SPAM*** in the subject, maybe it is good to stop adding ***SPAM*** if there are already 10 in the subject?

RE: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

There is no such thing as a default whitelist. > >> > >> How do I stop this? paypal.com is in the > default > >> DKIM whitelist! > >> > > > > > > score USER_IN_DKIM_WHITELIST 0 > > would affect *every* mail in the default whitelist and so be a knee-jerk > reaction without

RE: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

> > How do I stop this? paypal.com is in the default > DKIM whitelist! > > score USER_IN_DKIM_WHITELIST 0 ?

RE: installing spamass-milter

> > spamass-milter isn't part of the Spamassassin project and is > unmaintained by its upstream [https://github.com/andybalholm/spamass- > milter], so you may have limited support opportunities here. > > What you're seeing here is that the Fedora/EPEL "spamass-milter" package > has a strong depen

installing spamass-milter

WTF is this??? I just need milter to send requests to an external container. That should be 1MB install not 315MB. Anyone else having this on a different distribution? Installing: spamass-milter x86_64 0.4.0-13.el9 CentOS9_64-epel 61 k Installing dependencies: a

RE: shit from serverion

Merci beaucoup! > > It looks like there is a quite confusing way to which company IP ranges > are allocated. Last year I had a case involving an ip from this range: > > % Abuse contact for '31.210.20.0 - 31.210.21.255' is > 'ab...@serverion.com' > > inetnum:31.210.20.0 - 31.210.21.255 >

RE: shit from serverion

Thanks, some of them I did not have yet! > > # Serverion / Des Capital B.V. (2021-08 / 2022-05) > 2.56.56.0/22 REJECT Blacklisted (SERVER-2-56-56-0 / Serverion BV, NL) > 2.58.148.0/22 REJECT Blacklisted (SERVER-2-58-148-0 / Serverion BV, NL) > 31.210.20.0/24 REJECT Blacklisted (SERVER-31-210-20-0

shit from serverion

Today I decided to spend some time getting all the ip's[1] (these are all /24 thus you have to add 164.215.103.1-164.215.103.255) of serverion, who is sending out constant stream of crap. I thought about posting it here so you do not need to do this work. If you do some random checks, you can s

RE: RBL via Spamassasin configuration

> > On 2022-06-29 10:25, Matus UHLAR - fantomas wrote: > > Since SpamAssassin does deep header scanning, it's more effective than > > just use incoming IP at MTA level. > > this is not good, its a sign of forwarding that forwards spam in the > first place, that make the forwarding ip grey, not wh

RE: RBL via Spamassasin configuration

> biggest nonsense at all when it comes to spammes given that i added some > hundrets addresses never existed to collect the bodies for trainign and > for the outisde world they are still rejects (milter) How is the guessing of existing email addresses relevant to the current discussion?

RE: RBL via Spamassasin configuration

> BTW: "spammers also strife to optimize the usage of their resources" > shows that you know little to nothing! > > they are using infected machines all over they world > > that bot's are running completly without any feedback because it would > make it possible to track the origin > > even

RE: RBL via Spamassasin configuration

> > > Am 28.06.22 um 20:56 schrieb Marc: > > I also believe there is an advantage in rejecting messages, compared > to just marking them. Rejecting messages will train spam systems not to > try more. > > If they know you allow messages through, they will only send yo

RE: RBL via Spamassasin configuration

> In trying to setup RBL's with SA, I wanted to make sure the proper way > to do it. > I have seen some samples like this > header RCVD_IN_BARRACUDACEN eval:check_rbl('bbarracuda-lastexternal', > 'b.barracudacentral.org.') > describe RCVD_IN_BARRACUDACEN Relay is listed in b.barracudacentral.org >

RE: Understanding FORGED_GMAIL_RCVD and other rules

> > There is one mailchimp user (an org sending mail news by leveraging only one ;) > mailchimp services), whose mails are flagged by our mail gateway servers > (postfix with amavis and spamassassin) with "FORGED_GMAIL_RCVD". > > I am trying to understand what is wrong with these mails an

RE: OT - Hotmail/Outlook.com marking most of our email as Junk

Complain to the European Union. It is not in Microsoft's and google's interest to fix this. By frustrating/sabotaging other providers services, they create an environment where users are forced to switch to the outlook.com/gmail.com cloud. Eg. what you have done is already more than gmail.com is

RE: Add header, not beginning with X?

> > > >While it seems feasible to do this in postfix, I wanted to explore doing > it with minimal fuss in SAm or if a FILTER or MILTER might be required. > > > >So far I've only found "Basic Message Tagging Options". > > this is not a job for SpamAssassin. > > Perhaps a milter application could d

RE: Emails from gmail.com bypassing Spamassassin scoring

> > All of the other emails that were sent before and after this particular > email have the X-Spam-Status and X-spam-Report scoring, > > So Spamassassin was running correctly. > So something went wrong with this one. It should have headers, maybe some communication problem. I have configured

RE: Emails from gmail.com bypassing Spamassassin scoring

> I have been getting numerous emails lately from various gmail.com > accounts. They are spam or phishing emails and today I got one that > had a subject of RECEIPT 5454 and only a JPG image of an invoice. > There was no content in the email. > > > > It bypassed Spamassassin scoring. D

best practice redundant/failover spamd

I am testing with containerizing the spamd and I was wondering what would be a good solution to configure multiple spamd. What is the general advice on this here? 1. multiple instances If I spawn multiple instances of the same container, I would get multiple ip addresses something like: [@]

  1   2   3   4   5   6   7   8   9   10   >