On Fri, 27 Sept 2024 at 19:57, Alex wrote:
>
> FMBLA now also appears to be part of DNSWL.
>
Please note that dkimwl.org (and the associated fresh.fmb.la) are not
associated with dnswl.org, despite the similarity in name.
The dkimwl.org/fmb.la nameservers obey the free usage limits and standard
A while back I created a plugin for checking Levenshtein distance on From
and To domains, this might answer the problem?
An example configuration might look like this -
This would look just for From domains with a distance equal to 1 from
alexander.com
---8<---
ifplugin Mail::SpamAssassin::Plugi
Hi there,
Thanks for the notice - this looks to be a frontend website issue - the
backend looks to be functional - I'm investigating.
Paul
On Tue, 7 Mar 2023 at 17:54, Benny Pedersen wrote:
> Greg Troxel skrev den 2023-03-07 18:48:
>
> > I wonder if anyone knows if DKIMWL is still functioning
Hello,
This rule is indicating that the To/From headers look a bit weird, as well
as having a "double URL" - a URL within the email has a URL embedded within
it. From runon is a sub rule looking for correct spacing on the From header.
It is the combination of these that is causing the rule to fir
I was able to replicate this using an Unbound setup to not respond to UDP
messages larger that 1500.
In the first instance I'd suggest checking your DNS server setup that it's
able to respond to UDP packets larger than ~1552 - 4096 is default on
Unbound -
server:
max-udp-size: 4096
I can
> To be fair, we are very much lacking masscheckers to have a good view of
> global mail.
>
Agreed!
> If anyone has a decend mail flow, help is welcome. Even a few hundreds of
> varied messages per month would help:
>
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/NightlyMassCheck
>
> The score is derived from the combined corpus of our contributors to
> ensure minimal false positives of ham being detected as spam - that is,
> scoring 5.0 or more.
>
I don't feel I've done masscheck justice here. The routine is a lot more
complex than this! I should also note that masscheck tr
This particular rule was split out from the more generic SUSP_URI_NTLD rule
due to a conversation about this particular TLD recently.
The consensus was to create an individual rule so that mass check could
check the TLD on its own merit -
https://ruleqa.spamassassin.org/20210503-r1889443-n/PDS_PRO
2021 at 11:48, Paul Stead wrote:
> Replied to Yuri directly,
>
> This could result of not having internal_networks set.
>
> mail2.{redacted} considers mail1.{redacted} to be an external server -
> thus checking the SPF record for freebsd.org against the IP address of
> mail
Replied to Yuri directly,
This could result of not having internal_networks set.
mail2.{redacted} considers mail1.{redacted} to be an external server - thus
checking the SPF record for freebsd.org against the IP address of
mail1.{redacted}
Paul
On Sat, 24 Apr 2021 at 11:45, Antony Stone <
anton
Maybe a tflag on the AskDNS to mark it as an RBL lookup? This doesn't exist
currently
Adjusting to "dns_query_restriction deny fmb.la" will avoid just this
domain lookups
Paul
On Fri, 15 Jan 2021 at 13:09, RW wrote:
> On Fri, 15 Jan 2021 09:43:42 +0100
> Dan Malm wrote:
>
> > I've just noticed
Sorry for the garbage in the signature from my $work email..
é Paris 1 Panthéon-Sorbonne
Centre Pierre Mendès France
90 rue de Tolbiac - 75634 Paris cedex 13 - France
Tél. +33 1 44 07 89 68 - Bur. A402
Accueil: +33 1 44 07 89 65 - assistance-ds...@univ-paris1.fr
http://dsiun.univ-paris1.fr
--
Paul Stead
Senior Engineer
Zen Internet
Dir
The following plugin extracts the SendGrid ID to a Tag, now we can use it
with askdns..
https://github.com/fmbla/spamassassin-sendgrid
Paul
On Sun, 23 Aug 2020 at 20:42, Giovanni Bechis wrote:
> On 8/21/20 9:28 PM, Rob McEwen wrote:
> > ANNOUNCEMENT: The NEW invaluement "Service Provider DNSB
t's a keyword that gets changed in code and aliased back for
backwards compatibility - as long as it all works, that's ok with me.
Paul
On 10/07/2020, 09:31, "Dan Malm" wrote:
On 2020-07-10 10:19, Paul Stead wrote:
> How would you explain to a 5 year old why being
with allowlist_to replacing
>>>> whitelist_to
>>>> Committed revision 1879456.
>>>>
>>>> If you are using trunk, there may be disruption since routines,
>>>> plugins and rule changes will all interweave.
>>>>
>&
A bit of anchoring wouldn't go amiss either:
header __RULE_1 X-Mozilla-Keys:raw =~ /^[\s\d]{80,}$/
Paul
On Wed, 25 Sep 2019 at 13:04, Paul Stead wrote:
> You want:
>
> header __RULE_1 X-Mozilla-Keys:raw =~ /[\s\d]{80,}/
>
> note the :raw addi
You want:
header __RULE_1 X-Mozilla-Keys:raw =~ /[\s\d]{80,}/
note the :raw addition
Paul
On Tue, 24 Sep 2019 at 21:57, j.emerlik wrote:
> Example link:
>
> https://pastebin.com/index/yYBSNw5x
>
>
>
> wt., 24 wrz 2019 o 19:57 John Hardin napisał(a):
>
>> On Tue, 24 Sep 2019, j
I believe this is because AskDNS requests don't get ignored on masscheck
regardless of tflags - I've removed the rule from sandbox and will
investigate this tentacle of the masscheck
Paul
On Mon, 1 Jul 2019 at 16:17, RW wrote:
>
> On the site they have:
>
> Query ResponseNameMeaning
> domain 127.2.0.2 fresh Domain registered in last 7 days
> domain 127.2.0.14 fresh14 Domain registered in last 7-14 days
>
> there's no mention of the 127.2.0.28 result, b
On Mon, 1 Jul 2019 at 06:38, Sean Lynch wrote:
> It's pretty useful already. If you're able to get the name of the
> registrar from that service, I think it might make a useful spam signal
> since some registrars seem to be a lot more popular with spammers than
> others.
>
Not really, essentiall
On Sun, 30 Jun 2019 at 19:46, Sean Lynch wrote:
>
> On 6/30/19 11:40 AM, Grant Taylor wrote:
> > On 6/30/19 12:05 PM, John Hardin wrote:
> >> There's really no infrastructure for it. Somebody would have to hook
> >> into the registrar data feeds to collect it and publish it in a
> >> usable form,
Just going from
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/gbechis/20_html.cf?revision=1861560
On Tue, 18 Jun 2019 at 20:23, Paul Stead wrote:
> Also rename from T_ otherwise it will be skipped. If you drop the T_ and
> omit the publish it will let QA decide if performance is good enough :)
>
Although not looking so good today -
https://ruleqa.spamassassin.org/20190618-r
On Tue, 18 Jun 2019 at 19:14, John Hardin wrote:
> On Tue, 18 Jun 2019, Giovanni Bechis wrote:
>
> > On 6/17/19 9:14 PM, Amir Caspi wrote:
> >> There is a div here with display:none, as well as font-size:0px. The
> spample hits HTML_FONT_LOW_CONTRAST but does not appear to hit any rule
> relatin
Looks like it was hitting a fair amount of ham the last week or so.
https://ruleqa.spamassassin.org/20190607-r1860743-n/T_AC_FROM_MANY_DOTS/detail
The last few days have looked a bit better:
https://ruleqa.spamassassin.org/20190609-r1860879-n/T_AC_FROM_MANY_DOTS/detail
https://ruleqa.spamassassi
The rules looks to be performing better in masscheck after the updates to
the corpus checking:
https://ruleqa.spamassassin.org/20190604-r1860591-n/__BOGUS_MIME_VER_01/detail
https://ruleqa.spamassassin.org/20190604-r1860591-n/__BOGUS_MIME_VER_02/detail
Certainly worth letting QA do it's thing and
use to post ever email with this kind of garbage to a public website)
>
> On 15 May 2019, at 10:55, Paul Stead wrote:
> > This message is private and confidential. If you have received this
> message in error, please notify us and remove it from your system.
> >
> > Zen
the week from jarif are
influencing the scores during the week, when no one else is submitting net
scores
Paul
--
Paul Stead
Senior Engineer
Zen Internet
Direct: 01706 902018
Web: zen.co.uk
Winner of 'Services Company of the Year' at the UK IT Industry Awards
This message is private
days.
That's the reason for the --reuse flag on masscheck
Paul
--
Paul Stead
Senior Engineer
Zen Internet
Direct: 01706 902018
Web: zen.co.uk
Winner of 'Services Company of the Year' at the UK IT Industry Awards
This message is private and confidential. If you have received this m
wrote:
Also why do all the network rule statistics come from a single
contributor labelled 'jarif'? A corpus with only 484 ham in it.
If this is genuinely what is being contributed, how is it possible to
generate all four score sets?
--
Paul Stead
Senior Engineer
Ze
On 15/05/2019, 14:41, "Henrik K" wrote:
jarif has some flags wrong if doing it every day..
https://lists.apache.org/thread.html/ff734261cb1d8ec9dea9df42f314a60ec20c1919b8bd21c71b38553f@%3Cruleqa.spamassassin.apache.org%3E
--
Paul Stead
Senior Engineer
Zen Internet
Direct: 01
ebrand.net. This domain was less that 24 hours old at the time
of scanning and has no A record or SPF TXT record.
I don't think a domain can have any meaningful good reputation in such a
short period of time, and IMO a valid SPF record should be a basic
precondition for listing.
ed our IPs in their DNSBL. We
followed the address to de-list, but gremlin.ru does not exist.
So, if you are successful against Russian spam, you will be ... blacklisted by
an unknown gremlin.
Paul Stead
Senior Engineer
Zen Internet
. Amavis can create it's own files to
customize settings in /etc/mail/spamassassin so compare a vanilla SA
installation to what you have to find the best place to put your local
settings.
--
David Jones
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
etup is a risk
I'm willing to take.
This can be resolved by hashing the BTC address before lookup and looking up
the result hash in the DB
Paul
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
Great info - I think the other WP rules I co-wrote in the rules base conforms
to this convention - I'll double check
Paul
On 19/10/2018, 20:36, "Charles Sprickman" wrote:
> On Oct 19, 2018, at 10:15 AM, Paul Stead
wrote:
>
> Can't comment on the s
ption says possible phishing, but how would an end-user
be in a position to create a public link that involves their WP admin
directory in the first place?
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
On 10/05/2018, 15:54, "David Jones" wrote:
They do. I saw an example a few weeks ago.
>Paul Stead claims to have seen it, but it's important to positively
>identify it as spoofing and not hacking.
Not sure what the difference is from a mail filteri
is
Microsoft's ability to detect unusual activity.
Not only is it possible - I've had actual examples of this happening on our
platform, spoofed Envelope-From spam sent through O365 and the SPF passing...
Paul
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
Dir
ough for def_whitelist_auth.
trix.bounces.google.com - this seems to be email from Google forms
Paul
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
Direct: 01706 902018
Web: zen.co.uk
Winner of 'Services Company of the Year' at the UK IT Industry Awards
This message is private an
ira/browse/COMDEV-263
Regards,
KAM
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
Direct: 01706 902018
Web: zen.co.uk
Winner of 'Services Company of the Year' at the UK IT Industry Awards
This message is private and confidential. If you have received this
nders.
>>
> dkimwl.org looks promising, but tell them their https cert has expired.
> Giovanni
>
Also, they refer to the TOU for acceptable usage, but both /terms and
/license have a 404.
Kind regards,
Tom
--
Paul Stead
Senior Engineer (Tools &
__FNS_HIGHPROFILE _FNSFNAMEDOMAIN_.some.reputationlist.com A
/^127\.0\.0\.1$/
Paul
On 22/01/2018, 21:32, "Alex" wrote:
fns_add_addrlist (HP_EBAY) *@ebay.com
fns_add_addrlist (HP_PAYPAL) *@paypal.com
fns_add_addrlist (GMAIL) *@gmail.com *@googlemail.com
amazon, banks
Thanks for that Alex, I've added a version check into the code, hopefully it'll
catch everything.
Thanks for other feedback from other users (
Paul
On 22/01/2018, 19:18, "Alex" wrote:
On Mon, Jan 22, 2018 at 11:21 AM, Paul Stead
wrote:
> https://github
https://github.com/fmbla/spamassassin-fromnamespoof
Reduced quite a few of the FPs after thinking about this over the weekend -
feel free to check this out, let me know any feedback
Paul
On 19/01/2018, 18:16, "Paul Stead" wrote:
I too have a plugin written I've been us
at| Shane Williams
http://pgp.mit.edu/| System Admin - UT CompSci
=--+---
All syllogisms contain three lines | sha...@shanew.net
Therefore this is not a syllogism | www
documents.
Source code and more info on Github:
https://github.com/bigio/spamassassin-vba-macro
Cheers
Giovanni
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
On 15/09/2017, 20:59, "Paul Stead" wrote:
On 15/09/2017, 20:57, "sha...@shanew.net" wrote:
If you're only looking at uris, it probably is (though I wonder a
little about processing time between a long list of such entries and a
sing
tlds that look in headers as well (Received, From, Env_From being the
main ones), so these wouldn't help with that. If there's something
similar for those cases, I'd love to know about it.
The following patch works for me:
https://bz.apache.org/SpamAssassin/show_bug.cgi?
com|hop\.kz|urla\.ru|fw\.to)(\/|$|\b)/i
Seems a bit complicated.
It would be to make this rule check that suffixes are at the end of URI.
uri __TEST_URLS /\b(\.vn|\.pl|\.my|\.lu|\.vn|\.ar)\b/i
I believe this does it, correct?
uri __TEST_URLS /\b(\.vn$|\.pl$|\.my$|\.lu$|\.vn$|\.ar$)\b/i
Thanks
This. With no Content-Type the type gets set to “text/plain” by default –
should have maybe said this earlier, too
On 17/08/2017, 15:53, "RW" wrote:
Have you ruled-out the possibility that the mime-type for such parts is
set to the default mime type of text/plain?
--
ply-To: Pedro David Marco
Date: Wednesday, 16 August 2017 at 23:49
To: Paul Stead , "users@spamassassin.apache.org"
Subject: Re: Attachments with no Content-Type mime header
Thanks Paul,
but your plugin uses find_parts() that turns it pointless if there is no
Content-
n be helpful in determining the filetype:
https://en.wikipedia.org/wiki/List_of_file_signatures
I make use of this in the OLEMacro plugin:
https://github.com/fmbla/spamassassin-olemacro/
--
Paul Stead
Systems Engineer
Zen Internet
rt you patching your production SA) you can use:
enlist_addrlist (NEWSPAMMY) *@*.top
to create the NEWSPAMMY addrlist to then use the check_from_list_list and
associated evals
Paul
--
Paul Stead
Systems Engineer
Zen Internet
On 21/02/2017, 23:15, "Paul Stead" wrote:
I can’t see how this can be the same for the check_from_in_list calls,
however?
Apologies – it is not possible to add custom addrlists in SA -
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7354
--
Paul Stead
Systems Engineer
Zen Internet
On 21/02/2017, 18:41, "RW" wrote:
On Tue, 21 Feb 2017 17:57:13 +0000
Paul Stead wrote:
> I’ve posted this before, this is how I manage these nasty TLDs:
>
> Make sure WLBLEval is enabled:
>
> loadplugin Mail::SpamAssassin::Plugin::WLBLEval
win|moda|news|online)(?:/|\b);i
describe LOC_URI_RARE_TLD URI refers to rarely-nonspam TLD
score LOC_URI_RARE_TLD 0.400
How can this be corrected to specifically only catch top as a TLD?
--
Paul Stead
Systems Engineer
Zen Internet
On 25/01/2017, 21:34, "Paul Stead" wrote:
A similar method I use is to have the DKIM signing domains I like in a rbl
server and query them with askdns
askdns LOCAL_TRUSTED_DKIM _DKIMDOMAIN_.lookup.example.com A 127.0.0.2
tflags LOCAL_TRUSTED_DKIM nice net
ns
askdns LOCAL_TRUSTED_DKIM _DKIMDOMAIN_.lookup.example.com A 127.0.0.2
tflags LOCAL_TRUSTED_DKIM nice net
describeLOCAL_TRUSTED_DKIM DKIM trusted sender
score LOCAL_TRUSTED_DKIM -7.5
Paul
--
Paul Stead
Systems Engineer
Zen Internet
ng search terms, as the search results are about other
topics, not the one I want.
Can someone provide an example or point me toward documentation of how to
write such a rule?
Thanks,
Ken
--
Paul Stead
Systems Engineer
Zen Internet
ite such a rule?
Thanks,
Ken
--
Paul Stead
Systems Engineer
Zen Internet
ample, if a ‘spoofed’ To header isn’t matching the actual recipient of the
email within your system… *mumble* numbers and things
Paul
--
Paul Stead
Systems Engineer
Zen Internet
bad attachment - generally these don't
even get as far as SA in my setup
This all depends on the glue used and ordering within your MTA and how
it reacts to malware attachments
Paul
--
Paul Stead
Systems Engineer
Zen Internet
quite large
score TAGMATCH_TXREP_IP_HIGHSCORE 0.1
(...this sort of thing might be really useful as a general purpose
rule type in base SA too...)
Hmm doesn't look like this would be possible with minus (-) numbers
unless I'm reading the PMS src wrong
:/
Paul
--
Paul Stead
Systems Engineer
Zen Internet
quite large
score TAGMATCH_TXREP_IP_HIGHSCORE 0.1
(...this sort of thing might be really useful as a general purpose
rule type in base SA too...)
Thanks for the suggestion John - this looks like an elegant solution to
the problem, I'll look into this at some point soon.
Paul
--
Paul Stead
Systems Engineer
Zen Internet
On 21/10/16 18:40, Paul Stead wrote:
On 21/10/16 16:22, John Hardin wrote:
I was going to say: you can't write a rule based on the *current* AWL
adjustment because that's calculated after all the rules have hit. But
SA *could* potentially have a rule that checks the current historic
On 21/10/16 18:53, Paul Stead wrote:
tagmatch TAGMATCH_TXREP_IP_LOWSCORE _TXREP_IP_MEAN_
/^\-[0-9]{2,}(?:\.[0-9]+)?$/
describe TAGMATCH_TXREP_IP_LOWSCORE TxRep mean score quite low
scoreTAGMATCH_TXREP_IP_HIGHSCORE -0.1
Also - typo on score rulename!
--
Paul Stead
Systems Engineer
Zen
On 21/10/16 18:40, Paul Stead wrote:
A plugin I've developed could be handy here:
https://github.com/fmbla/spamassassin-tagmatch
tagmatch TAGMATCH_TXREP_IP_HIGHSCORE _TXREP_IP_MEAN_
/^[1-9][0-9]+(?:\.[0-9]+)?$/
describe TAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large
/full/3.4.x/doc/Mail_SpamAssassin_Plugin_TxRep.html#template_tags
Paul
--
Paul Stead
Systems Engineer
Zen Internet
a package
deal.
TL;DR, the header:
From: "Dianne Skoll <mailto:d...@roaringpenguin.com>"
<mailto:some...@spammer.org>
is absolutely compliant with RFC-822 and its successors, RFC-2822 and
RFC-5322.
Regards,
Dianne.
--
Paul Stead
Systems Engineer
Zen Internet
rnet addr-spec address is described in
section 3.4.1<https://tools.ietf.org/html/rfc5322#section-3.4.1>.
--
Paul Stead
Systems Engineer
Zen Internet
On 14/10/16 14:44, Axb wrote:
On 10/14/2016 03:40 PM, Paul Stead wrote:
On 14/10/16 14:11, Axb wrote:
How's the performance. I know you run hi traffic sites.
Have you felt a difference?
Thanx
Axb
From the week or so of testing, things seem to be efficient and quick -
not to say th
YPTED0.0.1
T OLEMACRO0.0.1
Paul
--
Paul Stead
Systems Engineer
Zen Internet
https://github.com/fmbla/spamassassin-olemacro
- Detects macros - both old and new style
- Basic 'malicious' macro detection
- Protected (encrypted) document detection
Paul
--
Paul Stead
Systems Engineer
Zen Internet
eature improvement which
might help towards this too, watch this space
Paul --
Paul Stead
Systems Engineer
Zen Internet
;e6dfa16bdb.zip"
This run of emails can be blocked using the Sanesecurity ClamAV ruleset
for Foxhole - http://sanesecurity.org/
Paul
--
Paul Stead
Systems Engineer
Zen Internet
f reasons).
You may find you're blocking legitimate email from an Exchange server (poorly?)
configured in this way.
Paul
--
Paul Stead
Systems Engineer
Zen Internet
Spammer Countries e.g. China,
Thaiwan, India, etc...
Hi Thomas,
The RelayCountry plugin would answer your needs:
https://wiki.apache.org/spamassassin/RelayCountryPlugin
Paul
--
Paul Stead
Systems Engineer
Zen Internet
On 15/09/16 20:54, RW wrote:
On Thu, 15 Sep 2016 15:37:42 +0100
Paul Stead wrote:
https://github.com/fmbla/spamassassin-levenshtein
An implementation I made for SA - feedback welcome
A couple of things
1. Instead of having a with/without tld option you could compute
the distance without
esting, Olivier! :)
https://github.com/fmbla/spamassassin-levenshtein
An implementation I made for SA - feedback welcome
--
Paul Stead
Systems Engineer
Zen Internet
On 06/07/16 16:16, John Hardin wrote:
Does that cache-min-ttl also affect NXDOMAIN? Is it possible to
configure different TTL for NXDOMAIN (relatively low) and positive
results (relatively high)?
For this cache-max-negative-ttl exists :)
Paul
--
Paul Stead
Systems Engineer
Zen Internet
On 08/06/16 21:39, Paul Stead wrote:
BlockAnyAndAllJS:*:*:\.[Jj][Ss]$:*:*:*:*:*:*
Should point out that this may be prone to false positives. The Sane sigs are
scored low, med, high FP risk and can be installed as such.
--
Paul Stead
Systems Engineer
Zen Internet
ack via their mailing list - might be worth popping along?
I recently added the MagicNumber for "old" style doc files, just for files
inside zips (when they appeared, as mentioned in my previous post).
This could be accomplished with yara rules within ClamAV too - docs on
signature cre
esponses
of the list, hence not carrying on the conversation further.
Paul
--
Paul Stead
Systems Engineer
Zen Internet
On 25/05/16 15:21, Dianne Skoll wrote:
On Wed, 25 May 2016 15:07:37 +0100
Paul Stead wrote:
Consider the following 2 basic emails:
Mail 1:
Viagra
Mail 2:
V1agra
Yes, except here's the problem. A drug company might legitimately
talk about Viagra, so that wouldn't be a spam toke
uld say. Maybe the concepts would be useful to
humans or rules written by humans.
Paul
--
Paul Stead
Systems Engineer
Zen Internet
--
Paul Stead
Systems Engineer
Zen Internet
private
variable) at /etc/mail/spamassassin/Concepts.pm line 84, near "$headl;"
...
With David's help I have tracked down the problem(s). Version 0.02 is
up. Would be interested to hear you thoughts - even if just theoretical
about the affect to the Bayes DB.
Paul
--
Paul Stead
Syste
om/fmbla/spamassassin-concepts
I'd be really interested to hear your feedback/thoughts on this system
and it's approach.
Paul
--
Paul Stead
Systems Engineer
Zen Internet
low risk signatures - do take some
time to read through the different rule types though.
Paul
--
Paul Stead
Systems Engineer
Zen Internet
it is not, look at the sanesecurity foxhole signatures
http://sanesecurity.com/usage/signatures/
--
Paul Stead
Systems Engineer
Zen Internet
/usage/signatures/
--
Paul Stead
Systems Engineer
Zen Internet
Come across the following which lists all *.sch.uk local authorities -
thought it might be useful to someone
http://www.nominet.uk/wp-content/uploads/2015/10/Schools_Domain_Name_Rules.pdf
Paul
--
Paul Stead
Systems Engineer
Zen Internet
report in bugzilla.
Mark
Patch looks to work.. Done - thanks!
--
Paul Stead
Systems Engineer
Zen Internet
etc
# spaspamassassin -D -t < p2 2>&1 | grep baddomain
p2 doesn't pick up on baddomain.com
Any thoughts or have I stumbled upon a problem?
Paul
--
Paul Stead
Systems Engineer
Zen Internet
On 10/12/15 18:23, Paul Stead wrote:
On 10/12/15 17:24, Bill Cole wrote:
On 10 Dec 2015, at 10:48, Paul Stead wrote:
0.004% hit rate on ham
Clarify this please: 4 out of 100k hits are ham (not so bad) OR 4 out
of 100k hams get hit (OUCH)
The former, 4 out of 100k hit are ham emails
Re
On 10/12/15 17:24, Bill Cole wrote:
On 10 Dec 2015, at 10:48, Paul Stead wrote:
0.004% hit rate on ham
Clarify this please: 4 out of 100k hits are ham (not so bad) OR 4 out
of 100k hams get hit (OUCH)
The former, 4 out of 100k hit are ham emails
--
Paul Stead
Systems Engineer
Zen Internet
o FPs in my email so far. I can't speak for all the email our server
processes though.
Regards,
Rick
--
Paul Stead
Systems Engineer
Zen Internet
On 26/10/15 17:46, sha...@shanew.net wrote:
Thanks to John Hardin for pointing out a way to determine (on a per
email basis even) what headers count as Received.
The following page might be of use to build a few rules too:
https://wiki.apache.org/spamassassin/TrustedRelays
--
Paul Stead
ant to check From address:
header PDS_OTHER_BAD_TLD eval:check_from_in_list('NEWSPAMMY')
--
Paul Stead
Systems Engineer
Zen Internet
1 - 100 of 151 matches
Mail list logo
