On Fri, May 09, 2025 at 02:15:15PM -0700, jdow wrote:
> On 20250509 06:14:59, Matija Nalis wrote:
> > While I'm not familiar with RBBS specifically, other BBS software I
> > used (like PCBoard) did guarantee message delivery. Only way a
>
> Or the recipient could neve
On Fri, May 09, 2025 at 03:32:58AM -0700, jdow wrote:
> On 20250509 02:46:14, Matija Nalis wrote:
> > Not only did people fully expect that e-mail they sent would be
> > delivered, they would expected it would be delivered promptly.
> >
> > If it even got delayed by few
On Thu, May 08, 2025 at 05:22:32PM -0400, John Levine wrote:
> It appears that Marc said:
> >> Yeah, at this point, if I get anything from Outlook, Yahoo, Google,
> >> Mailchimp, Mailgun, OVH, or Sendgrid and it’s not a explicitly a
> >> whitelisted entry, I bounce it.
> >
> >I used a greylist whe
On Wed, May 07, 2025 at 06:02:38PM +0200, Benny Pedersen via users wrote:
> Received: from bid47go.5652833t.service.spamhaus.com
>
> in dns
>
> bid47go.5652833t.service.spamhaus.com TXT "v=spf1 a -all"
>
> solved if spamhaus listen here
So, your intention was to report SPF misconfiguration issu
On Tue, May 06, 2025 at 12:52:11PM -0400, Bill Cole wrote:
> In what way it is harmful for those rules to be left in place, given that SA
> disables 'blocked' DNSBL servers when it encounters them.
well, for one, it needlessly wastes postmaster's time analyzing and
trying to troubleshoot them for
On Wed, May 07, 2025 at 04:44:18PM +0200, Benny Pedersen via users wrote:
> Yes, score=5.513 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
> DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
> FILL_THIS_FORM_SHORT=1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
> HTTPS_HTTP_MISMA
On Mon, Apr 07, 2025 at 12:39:58PM +0100, Nick Howitt wrote:
> > Maybe not a single-person host, but even a small company can cross this
> > limit easily. 10k e-mails in 30 days is 333 mails a day, which is quite
> > low number.
> Divide that by 3 as there are 3 queries per email and the limit is t
On Fri, Mar 14, 2025 at 02:46:06AM -0400, Jared Hall via users wrote:
> MAILING_LIST_MULTI=-1
> Seems counter-intuitive but I could not find a score for this rule anywhere.
IIRC, having "tflags MAILING_LIST_MULTI nice" adds default negative score
automatically.
Just like having the rule without "
On Fri, Mar 07, 2025 at 10:54:16AM +0100, Michel Arboi wrote:
> This piece of HTML triggers my rules, it shouldn't:
> Mar 7 02:37:14.474 [162580] dbg: uri: running uri_detail
> _HFD_URI_HOSTNAME_NOT_RFC_COMP:
> =3D"https://jbcorrie.co.uk/wp-content/uploads/2022/11/JB-Corrie-and-Co-Ltd-=
Just t
On Fri, Feb 14, 2025 at 10:47:43AM +0100, natan wrote:
> 1)Spamassassin3.x:
> spamassassin -D -t w6.elm
>
> -- ---
> 1.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
> blocked. See
On Thu, Feb 13, 2025 at 05:13:43PM +0100, natan wrote:
> IP ban may make sense - but there was a similar problem with another machine
> also with spamassin4.x - after returning to 3x there was no problem
Are you SURE there was NO problem? Or is it possible that the problem
*just isn't reported* in
On Thu, Feb 13, 2025 at 04:11:52PM +0100, natan wrote:
> I have a couple of servers on all of them with spamassassin3x and I have no
> problem
> and on one where there is spamassassin4 I have problems as above
>
> To put it even simpler 90% of traffic is handled by servers with
> spamassassin3x
On Thu, Nov 21, 2024 at 12:42:58PM -0500, pgnd wrote:
> , sneaking past my SA protections. Whether to call it snowshoe, I dunno :-/
> But my usually well fed Bayes isn't getting noticeably better with 'em.
> https://gist.github.com/pgnd/5ab934d921939f4c62a4c978a30b9e6f
Are you even runnin
On Mon, Nov 18, 2024 at 05:21:12PM +, Nix wrote:
> I'm not a high-volume site, a few thousand mails a day. If I'm blocked,
> probably more or less everyone is being blocked. (Are the DNSBLs above
Yes, pretty much every non-paying customer is blocked...
>From
>https://knowledge.validity.com/s
They probably tightened up their AUP / enforcement...
I'm not using VALIDITY for SA, but I do periodic checks with Icinga
check_rbl if my mailservers did get on any blacklist, and about 2
days ago I've got alerts that ALL of mailservers were suddenly on
Validity Senderscore blacklist:
CHECK_RBL C
On Thu, Nov 07, 2024 at 09:49:52PM +0100, Benny Pedersen wrote:
> MX skrev den 2024-11-07 05:44:
> > Isn’t this just a forwarded email from Office 365 using SRS? It
>
> SRS does not solve rfc in dkim, h= tag misssing minimal required headers
Are we talking about them not signing Message-ID? It i
On Sun, Nov 10, 2024 at 10:06:48AM -0500, Alex wrote:
> I now have a subscription, but they never respond to support requests, even
> to numerous emails, including ad...@dnswl.org.
>
> There also appears to be a reference to an automated script using a
> key/token, but no information on how to do
On Tue, Sep 24, 2024 at 08:10:38AM +, Grega via users wrote:
> Also this:
>
> RuleDescriptionScoreTotalHamCol6SpamCol8
> BAYES_40Bayes spam probability is 20 to 40%0.002,784
> 2,72197.7632.3
> BAYES_50Bayes spam probability is 40 to 6
On Mon, Sep 23, 2024 at 01:14:25PM +, Grega via users wrote:
> Why one has "BAYES_60" and other 2 not?
>
> 4. Race condition (IDK I`m not coder)
What backend are you using for storing bayer data?
I'm not yet on 4.x (Debian Stable FTW), but in SA 3.x default was a
local file storage (BDB?
On Wed, Jul 17, 2024 at 04:45:16PM -0400, Mark London wrote:
> Does anyone have a rule to detect "Dear xxx," in the body of the message,
> where the "To:" address is xxx@domain?
>
> We've been getting phishing email sent to us with variations of that. Hi,
> Dear, etc, followed by the username of t
On Mon, Jul 08, 2024 at 05:13:29PM -0400, Alex wrote:
> Are there RBLs available that can be used to determine registrar or date of
> registration? I understand the limits of querying a registrar but thought
> there might be an RBL out there with this info?
https://spameatingmonkey.com/services l
On Tue, Jun 25, 2024 at 05:38:28PM -0400, Mark London wrote:
> Bill - Thanks for the response. As an aside, it would be nice (though
> impossible?) for a spam filter to be more suspicious of emails coming from a
> new email address, that is not in my Sent folder or my Inbox. FWIW. - Mark
Someth
On Fri, May 03, 2024 at 08:22:09PM +0200, tba...@txbweb.de wrote:
> when a send a test spam message to my server it recognizes it as spam and
> puts it into /var/lib/amavis/virusmails as a gz file. In this file I can
> find the complete X-Spam-Header, etc:
>
> But this header is missing in the pas
On Mon, Apr 15, 2024 at 01:48:53PM +, Michael Grant via users wrote:
> > I don't like any daemon connecting to my mail storage. Can you imagine if
> > your solution gets hacked, how much data would be compromised? I prefer
> > messages being scanned/marked before stored. I wonder if this is e
On Sun, Apr 07, 2024 at 08:40:40PM -0500, Jerry Malcolm wrote:
> The problem is that gmail, in particular continues to insist on
> putting these in spam folders and (theoretically) discarding some
> of them completely. Some of users swear they never get them and
And did you check that claim? When
On Fri, Feb 23, 2024 at 06:43:53PM -0500, J Doe wrote:
> 23-Feb-2024 18:33:02.422 queries: info: (localhost.ca): query:
> localhost.ca IN +E(0) (127.0.0.1)
>
> 23-Feb-2024 18:33:02.422 queries: info: (localhost): query: localhost IN
> +E(0) (127.0.0.1)
> What's interesting is that this
On Mon, Feb 19, 2024 at 02:38:03PM -0500, Bill Cole wrote:
> On 2024-02-18 at 18:40:45 UTC-0500 (Mon, 19 Feb 2024 00:40:45 +0100)
> Matija Nalis is rumored to have said:
> > - Firsty: yes, I'm fully aware of all issues associated with
> > https://en.wikipedia.org/wi
Preface:
- Firsty: yes, I'm fully aware of all issues associated with
https://en.wikipedia.org/wiki/Callout_verification
(and there is a LOT of them!)
- I'm not looking for debate about general usefulness of Callout
verification (and the system for which it is being investigated is
not
On Fri, Jan 19, 2024 at 10:37:13AM -0600, Thomas Cameron wrote:
> The forwarded email is being *accepted* by GMail. My issue now is that GMail
> drops it into the recipient's spam folder. I suspect it's a reputation
> thing. Once the server is up and running for a while, I'm hoping that GMail
> wil
bodyGIFT_CARD /gift card/i
score GIFT_CARD 1.5
metaFREEMAIL_GIFTCARDSGIFT_CARD && (FREEMAIL_FROM || !DKIM_VALID)
score FREEMAIL_GIFTCARDS6.0
If you're not big on gift cards.
Also, you might want to enable and train Bayes...
On Thu, Jan 04, 2024 at 01:19:28PM -0800, Ki
On Thu, Oct 05, 2023 at 03:15:31PM -0400, Bill Cole wrote:
> On 2023-10-05 at 03:41:59 UTC-0400 (Thu, 05 Oct 2023 14:41:59 +0700)
> Olivier is rumored to have said:
>
> > Recently I have received a wave of mails in the form
> > From: word-olivier@somewhere.random
> > To: oliv...@mydomain.com
> >
On Thu, Jul 27, 2023 at 07:11:59AM +1000, Noel Butler wrote:
> On 27/07/2023 05:09, Matija Nalis wrote:
>
> > Any SPF, no matter how correctly configured, will lead to false
> > positives in some cases (e.g. encoutering mailing list
>
> B.S.
I'd appreci
On Wed, Jul 26, 2023 at 06:44:32PM +, Marc wrote:
> > At the risk of starting a flame war...
> >
> > What does "correctly setup SPF" mean to you?
>
> so your ip does not generate a softfail or fail
Only way to make SPF never incorrectly fail/softwail is to use "+all",
but that kind of kill
On Sun, Jul 16, 2023 at 01:37:39PM +0100, Martin Gregorie wrote:
> Another way to do this is to build either a mail archive or a database
> of addresses you've sent mail to and simply add a positive score to mail
> from anybody who you've sent mail to: this needs the following bits of
> code:
So,
On Sat, Jul 15, 2023 at 10:04:18PM -0500, Thomas Cameron wrote:
> pass
> fail
>
So, it fails SPF, but DKIM passes. Meaning, your mail would pass
normally modern servers which check both.
If you do not want to receive such status messages, you should update
your DMARC records (currently _dmarc.c
On Sun, Jul 09, 2023 at 07:06:10PM +0200, Robert Senger wrote:
> I've set up a testing environment that also uses master-master
> replication of the mysql bayes database, with priority in dns set to
> equal for both mx to get incoming mail distributed evenly to both
> systems. So far, this seems to
On Thu, Dec 15, 2022 at 09:17:54AM -0500, Bill Cole wrote:
> On 2022-12-15 at 07:03:25 UTC-0500 (Thu, 15 Dec 2022 12:03:25 + (UTC))
> Pedro David Marco via users is rumored to have said:
>
> > HI,
> > Situation:i have 2 twin servers running exactly the same OS, and SA.
> > (3.4.4)
Are there
On Wed, Jun 21, 2023 at 12:00:41PM +0200, natan wrote:
> I tested via configurations
>
> 1)dovecot10 + spamassasin-3.x - problem not exists
> 2)dovecot11 + spamassasin-3.x - problem not exists
> 3)dovecot10 + spamassasin-4.x - problem exists
> 4)dovecot11 + spamassasin-4.x - problem exists
>
> al
On Fri, May 12, 2023 at 05:32:30PM +0200, Reindl Harald wrote:
> > On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote:
> > > On Fri, 12 May 2023, Matija Nalis wrote:
> > > > That is because those domains are not EQUAL? Od did you wanted a
> > > >
On Fri, May 12, 2023 at 11:57:57AM -0400, Alex wrote:
> I'm curious what people think of URL rewriting or otherwise having some
Such rewriting would break digital signatures, and would not work at
all e.g. on encrypted e-mails.
> kind of idea of whether a URL could or should be scanned at some la
On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote:
> On Fri, 12 May 2023, Matija Nalis wrote:
> > That is because those domains are not EQUAL? Od did you wanted a
> > rule that checks only on SIMILAR domain names (e.g. with lowercase
> > letter "L" repl
On Thu, May 11, 2023 at 09:41:34PM +, Marc wrote:
> > > I was wondering if spamassassin is applying some sort of algorithm to
> > > comparing sender domain against recipient domain to detect a phishing
> > > attempt?
> >
> > There is a suite of meta rules and subrules with names containing
> >
On Wed, Apr 26, 2023 at 03:21:50PM -0400, Kris Deugau wrote:
> http://deepnet.cx/~kdeugau/spamtools/cornell-birds.eml
Thanks. Adding some dbg() in HTML.pm of my SA 3.4.6, it seems it is
triggered this part of the email:
"background" is deprecated (but still supported) HTML attribute:
https://
On Thu, Feb 16, 2023 at 05:34:37PM -0500, joe a wrote:
> Oh, of course. I installed as root initially, being foolish perhaps, but
> did create a specific user "later" and adjusted permissions as needed. Or,
> so I thought.
well, installing as root (especially with restrictive umask) manually
(
On Thu, Feb 16, 2023 at 01:02:25PM +0200, Henrik K wrote:
> On Thu, Feb 16, 2023 at 10:18:50AM +0100, hg user wrote:
> > Every score is based on headers, very generic headers. and some
> > related to my setup.
> >
> > Not a single token from the message body
>
> The Bayes implementation has b
On Wed, Oct 12, 2022 at 10:45:06AM +0200, Matus UHLAR - fantomas wrote:
> On 12.10.22 10:41, Noel Butler wrote:
> > or save SA doing extra work, and use the RBL's at MTA level - where they
> > should be used and have been used for 25 years in the ISP world
>
> you compare uncomparable.
>
> SA doe
Some of legitimate mails here are being hit with rather high KAM_OCTET_PHISH=3
it seems to trigger when I have both text/html and application/octet-stream
MIME parts.
reduced/sanitized example at: https://pastebin.com/D4vqKnLC
It seems to be multi-rule meta, but all those sub-rules seem to che
On Thu, Jun 02, 2022 at 02:47:28PM +0200, Bert Van de Poel wrote:
> For the errors about nonexistent uses you will want to have a look at
> /etc/default/spamassassin I'm guessing.
> For the info messages: this has just got to do with your logging level. You
> will want to decrease it in local.cf or
On Sat, May 07, 2022 at 09:35:31AM -0700, Paul Pace wrote:
> On 2022-05-07 07:53, Benny Pedersen wrote:
> > On 2022-05-07 16:42, Paul Pace wrote:
> > > * 10 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL
> > > * blocklist
> > > * [URIs: wikileaksdotorg]
>
> The prob
You should probably check that none of your ham (i.e. non-spam)
messages contains SPAM_99 or SPAM_999. It can happen when spammers
poison your bayes database, and increased score in that case might
lead to legitimate mail being misclassified as a spam.
On Thu, May 05, 2022 at 10:37:40AM -0500, Th
On Mon, Apr 04, 2022 at 07:45:02AM +0100, Niamh Holding wrote:
> Hello Matija,
> Sunday, April 3, 2022, 11:13:13 PM, you wrote:
>
> MN> For closer example to yours requirements then, perhaps look into
> 72_active.cf
> MN> regex for RCVD_IN_IADB_LISTED
>
> So you suggest [26] instead of (2|6)
On Mon, Apr 04, 2022 at 12:19:23AM +0100, Martin Gregorie wrote:
> For instance, I whitelist any email sender who I've previously sent mail
> to. To do this I maintain am email archive held in a PostgreSQL
> database and wrote an SA plugin that searches the archive for any
> message(s) I've previo
On Sun, Apr 03, 2022 at 10:06:51AM +0100, Niamh Holding wrote:
> Hello Matija,
> Saturday, April 2, 2022, 7:12:42 PM, you wrote:
>
> MN> grep -r check_rbl_sub /var/lib/spamassassin
> MN> for examples of what's possible and how (e.g. 25_dnswl.cf)
>
> Looking there I see nothing equivalent to alter
On Sat, Apr 02, 2022 at 06:09:20PM +0100, Niamh Holding wrote:
> Will this work to check 2 ip address responses, or do I have to write
> separate ruled for 127.0.0.2 & 127.0.0.6
>
> header __NH_HOLTRBL_X1
> eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.(2|6)')
You can do
On Mon, Mar 21, 2022 at 06:31:07AM -0600, @lbutlr wrote:
> On 2022 Mar 21, at 04:37, Henrik K wrote:
> > Right, it does seem you haven't imported the key..
>
> Thanks! That's what was missing. Odd, considering there were KAM files
> present, just not recent ones. Anyway, not my system, but all s
On Sun, Dec 19, 2021 at 12:18:15AM +1030, Peter wrote:
> Today I got my life back.
>
> Decided to ditch TXrep and go back to AWL. It might not be as clever,
> but at least it works!
>
> The inability to do working manual changes to scores meant wasting a lot of
> time having to add addresses
On Wed, Dec 01, 2021 at 01:52:16PM +0100, Matus UHLAR - fantomas wrote:
> >
> > > results
> > > - ALL_TRUSTED doesn't fire because 192.0.2.1 in X-Originating-IP
> > >
> > > - HELO_NO_DOMAIN fires
> > > - RDNS_NONE fires
> > > - both because X-Originating-IP contains no helo/DNS data.
> > >
> > >
On Tue, Nov 30, 2021 at 12:03:15PM -0700, Philip Prindeville wrote:
> > On Nov 17, 2021, at 9:50 AM, Bill Cole
> > wrote:
> > SpamAssassin rules are not laws in any sense. They do not prescribe or
> > proscribe any action. They do not reflect any sort of moral or ethical
> > judgment. They do n
On Tue, Nov 30, 2021 at 11:47:36AM -0700, Philip Prindeville wrote:
> I'm looking at the 0.001 scoring for SPF_NONE and scratching my head. This
> was discussed a bit in early 2015, but maybe it needs revisiting with new
> perspective.
SPF is double edged sword. Sure, when it great to authentic
On Thu, Nov 11, 2021 at 02:21:06PM -0500, Greg Troxel wrote:
> yes, what I really want is something like
>
> exclude_from_dnswlgmail
I guess you could disable default DNSWL_MED score with:
score DNSWL_MED 0
and then create your own score:
metaMY_DNSWL_MEDDNSWL_MED && !FREEMAIL_FROM
I use DNSWLh spamassassin plugin from
http://www.chaosreigns.com/dnswl/sa_plugin/
which allows that "spamassassin --report" also reports to DNSWL, thus improving
DNSWL database for everybody.
Also, I reduce effect of RCVD_IN_DNSWL_MED to -0.5 as default seems
somewhat unreasonable.
On Thu, 11
Firstly, the instructions for reading this e-mail: please read it whole,
and understand that (although it may sound harsh at places) I am actually
trying to help you. Only then reply (if needed). It is also somewhat long,
but it does contain some technical info (and not only my rants :) Thanks.
On
62 matches
Mail list logo
