Re: More Sendgrid trouble?

> On Sep 29, 2022, at 11:26 AM, Greg Troxel wrote: > > > Kris Deugau writes: > >> The Bayes result is not great, but the USER_IN_DEF_*_WL hits between >> them account for most of that negative score anyway. > > With dkim-signed spam, I think the only two paths forward are: > - hope they f

Deprecated Perl support from Maxmind

What are other people doing now that MaxMind has deprecated Perl support for their databases?

Re: Order of handling whitelist/blacklist

> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas > wrote: > >>> On 27.03.24 20:56, Philip Prindeville via users wrote: >>>> I have something that looks like: >>>> >>>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org >>&g

Re: Order of handling whitelist/blacklist

> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas > wrote: > >>> On 27.03.24 20:56, Philip Prindeville via users wrote: >>>> I have something that looks like: >>>> >>>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org >>&g

Re: Order of handling whitelist/blacklist

> On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote: > > On 27.03.24 20:56, Philip Prindeville via users wrote: >> I have something that looks like: >> >> whitelist_from_rcvd v...@yandex.ru vger.kernel.org >> >> blacklist_from *@yandex.ru >

Order of handling whitelist/blacklist

Hi. I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I

ATT RBL f---wits

We're being blacklisted by att.net with the following message: (reason: 550 5.7.1 Connections not accepted from servers without a valid sender domain.flph840 Fix reverse DNS for 24.116.100.90) I don't know what the hell is up with these pinheads: philipp@ubuntu22:~$ dig -tmx redfish-solution

Re: DKIM absence

> On May 2, 2023, at 9:37 AM, Thomas Johnson wrote: > > >> On May 2, 2023, at 8:27 AM, Philip Prindeville >> wrote: >> >> Is there a way to add scoring that says, "If the sending domain has DKIM >> records, but there's no DKIM signature

DKIM absence

Is there a way to add scoring that says, "If the sending domain has DKIM records, but there's no DKIM signature on this message, then attach a high score to it?" We seem to attach negative scores when DKIM is present and valid, but what about the opposite direction? If it's absent, but it shou

Re: Did the whitelist_from_rcvd semantics change?

> On May 1, 2023, at 3:48 AM, Reindl Harald wrote: > > > > Am 30.04.23 um 20:54 schrieb Philip Prindeville: >>> On Apr 28, 2023, at 12:17 PM, Philip Prindeville >>> wrote: >>> >>> >>> >>>> On Apr 28, 2023, at 10:

Re: Did the whitelist_from_rcvd semantics change?

> On Apr 28, 2023, at 12:17 PM, Philip Prindeville > wrote: > > > >> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote: >> >> >> >> Am 28.04.23 um 18:11 schrieb Philip Prindeville: >>>> On Apr 25, 2023, at 6:28 AM, Bill Cole &

Re: Did the whitelist_from_rcvd semantics change?

> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote: > > > > Am 28.04.23 um 18:11 schrieb Philip Prindeville: >>> On Apr 25, 2023, at 6:28 AM, Bill Cole >>> wrote: >>> >>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0

Re: Did the whitelist_from_rcvd semantics change?

> On Apr 25, 2023, at 6:28 AM, Bill Cole > wrote: > > On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600) > Philip Prindeville > is rumored to have said: > >> I thought the matching included subdomains, and seem to remember that >> working

Re: Did the whitelist_from_rcvd semantics change?

Oh, and this is on Fedora, so I'm running 3.4.6... > On Apr 24, 2023, at 2:32 PM, Philip Prindeville > wrote: > > Hi, > > I have the following line: > > whitelist_from_rcvd *@ceipalmm.com mailgun.net > > And tried it on a message that had: >

Did the whitelist_from_rcvd semantics change?

otherwise. Insights? Thanks, -Philip

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 11, 2022, at 1:53 AM, Henrik K wrote: > > On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote: >> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote: >>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote: >>>> See my

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 11, 2022, at 9:24 AM, John Hardin wrote: > > On Tue, 10 May 2022, Philip Prindeville wrote: > >> Anyone have a rule to detect the following nonsense headers seen in this >> message I got? >> >> Return-Path: >> Received: from cp24

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 11, 2022, at 1:53 AM, Henrik K wrote: > > On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote: >> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote: >>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote: >>>> See my

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 11, 2022, at 1:44 AM, Henrik K wrote: > > On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote: >> See my original message. >> >> I can't think of a single way to match each header, and then test for any of >> them not matchin

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote: > > On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote: >> >> You're correct that they're different in every message received. >> > So write a rule that fires on any header name that *

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote: > > On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote: >> >> You're correct that they're different in every message received. >> > So write a rule that fires on any header name that *

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 10, 2022, at 4:58 PM, Kevin A. McGrail wrote: > > On 5/10/2022 6:10 PM, Philip Prindeville wrote: >> Anyone have a rule to detect the following nonsense headers seen in this >> message I got? > > Interesting. Those look more like something that Bayesian l

Rule to detect non-standard headers that aren't X- prefixed

*none* of the headers are standard ones, so that won't work... I really need to examine the headers one-by-one. Thanks, -Philip

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 16, 2021, at 8:03 PM, Henrik K wrote: > > On Tue, Nov 16, 2021 at 01:08:16PM -0700, Philip Prindeville wrote: >> >> Or http.sh points to an NS that's offline... > > Your resolver shoukd time out _way_ sooner than some minutes. > >> Can the

Re: MIME_BASE64_TEXT only on us-ascii

> On Nov 30, 2021, at 1:10 PM, Matija Nalis wrote: > > On Tue, Nov 30, 2021 at 12:03:15PM -0700, Philip Prindeville wrote: >>> On Nov 17, 2021, at 9:50 AM, Bill Cole >>> wrote: >>> SpamAssassin rules are not laws in any sense. They do not prescribe or &

Re: MIME_BASE64_TEXT only on us-ascii

HTML-Entity naming, which is also ASCII-friendly, i.e. é instead of Latin1 é etc. or raw 8bit characters. -Philip

SPF_NONE scoring

e SPF records... So how is this score arrived at? And of Ham, how much of it has a valid SPF? And of Spam, how much of it lacks a valid SPF? Has anyone run some numbers? Thanks, -Philip

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 16, 2021, at 3:30 AM, Martin Gregorie wrote: > > On Mon, 2021-11-15 at 17:12 -0700, Philip Prindeville wrote: >> >> >>> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote: >>> >>> >>> Philip Prindeville writes: >&g

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 15, 2021, at 11:12 PM, Henrik K wrote: > > On Mon, Nov 15, 2021 at 04:25:55PM -0700, Philip Prindeville wrote: >> >> >>> On Nov 12, 2021, at 10:35 PM, Henrik K wrote: >>> >>> On Fri, Nov 12, 2021 at 07:49:00PM -0800, John Hardin wr

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

Replies... some duplication of conversation on "mimedefang". > On Nov 15, 2021, at 10:34 PM, Bill Cole > wrote: > > On 2021-11-15 at 18:08:20 UTC-0500 (Mon, 15 Nov 2021 16:08:20 -0700) > Philip Prindeville > is rumored to have said: > >>> On Nov

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote: > > > Philip Prindeville writes: > >> Ah, the rule _eval_tests_type11_pri0_set1() took 4:20. >> >> Why can't I even find the rule? > > That looks very familiar. I was having timeouts, and saw

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

Nov 15 16:16:00.876 [54834] dbg: async: timing: 385.726 X NS:http.sh ... Why would resolving http.sh take this long? And can we bring down the timeout? Hard to imagine DNS requests taking more than a couple of seconds. -Philip

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 12, 2021, at 8:49 PM, John Hardin wrote: > > On Fri, 12 Nov 2021, Philip Prindeville wrote: > >> I got the message, saved it to a flat file, and ran "spamassassin -t -D >> rules < netdev.eml" and saw: >> >> ... >>

Re: spam from gmail.com

ech conveyed to me decades ago: "Problem's leaving > here fine!" > > Google should practice what they preach: SANITIZE USER INPUT. Instead, their > careless attitude presents a security threat to us all. > > -- Jared Hall > What... you mean "do no evil" is just lip-service? I'm so... so... disillusioned! -Philip

Seeing "check: exceeded time limit in ..." and need to resolve it

_LOWER_E ==> got hit: "e" Should this be capped to a maximum number of matches the way __HIGHBITS is? And I'm not sure I want messages that haven't been fully scanned being delivered. Should I crank TIME_LIMIT_EXCEEDED to 20.0? Thanks, -Philip

Re: Seeing "razor2 had unknown error during get_server_info"

Asked and answered: http://forum.centos-webpanel.com/index.php?topic=5505.0 Need to open outgoing port 2703 (TCP) for the mail server. > On Aug 14, 2021, at 12:37 PM, Philip Prindeville > wrote: > > Hi all, > > A few days ago, I started seeing this in my /var/log/maillog:

Seeing "razor2 had unknown error during get_server_info"

azor/razor-agent.conf Which contains one line: logfile none Anyone else seeing a similar issue or know a fix? Thanks, -Philip

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

Actually, the notion is much older than that… 12th or 13th century I believe. Students of universities (like Oxford or Sorbonne or Geneve) would get together, interview professors, and pay them directly. There was no “administration”. The professors marketed their knowledge and insight directl

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

Free Speech doesn’t require anyone to pay for your soap box or megaphone. But Spam is exactly that: having other people subsidize your speech through the theft of services. > On Nov 19, 2020, at 2:25 PM, Kevin A. McGrail wrote: > > Afternoon Everyone, > > So over the years, I have gotten a

Re: dbip-country-lite database

> On Nov 15, 2020, at 11:48 AM, Dominic Raferd wrote: > > > > On Sun, 15 Nov 2020, 18:27 Philip Prindeville, > wrote: > Is anyone else using this database? > > I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to > block countries sin

dbip-country-lite database

Is anyone else using this database? I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to block countries since Maxmind retired support for GeoIP on RHEL. But I keep running into cases where parts of the database are very obviously wrong. It’s showing about 50% of 183.128.0

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

> On Aug 21, 2020, at 1:28 PM, Rob McEwen wrote: > > ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for > Sendgrid-spams! > > ...a collection of a new TYPE of DNSBL, with the FIRST of these having a > focus on Sendgrid-sent spams. AND - there is a FREE version of this

Re: SendGrid (Was: Re: Freshdesk (again))

I just add an extra 5.0 points for coming from Sendgrid now so it goes straight to the Junk folder. Users can pull it out of there if they really want it. Sendgrid is becoming to ASP’s what OVH and Softlayer are to ISP's. > On Jun 27, 2020, at 3:56 AM, Niels Kobschätzki wrote: > > Sendgrid i

Re: Freshdesk (again)

ldct.sendgrid.net > > Inside your loca.cf > > And while you are at it also add: > > util_rb_2tldpage.link > > Bye, Raymond Hmmm… not my experience. I’ve been calling out phishing from the same (IP) address for 10 days without any apparent (observable) action from Sendgrid. At this point I’m wondering if they have compromised relays. -Philip

Adding approximate matching (see also: another extortion email check)

“approximates” wouldn’t be sufficient because of the shuffling in the ASCII space as well. Has anyone else considered approximate string matching? Thanks, -Philip

Re: Two types of new spam

> On Jan 4, 2020, at 11:57 AM, Bill Cole > wrote: > > On 3 Jan 2020, at 17:45, Philip Prindeville wrote: > [...] > >> One other question that occurs to me: why would we even need > http-equiv=“Content-Type” …> if we already have a Content-Type: header

Re: Two types of new spam

> On Jan 3, 2020, at 3:45 PM, Philip Prindeville > wrote: > > > >> On Jan 2, 2020, at 4:08 PM, Philip Prindeville >> wrote: >> >> I’m getting the following Spam. >> >> http://www.redfish-solutions.com/misc/bluechew.eml >>

Re: Two types of new spam

> On Jan 2, 2020, at 4:08 PM, Philip Prindeville > wrote: > > I’m getting the following Spam. > > http://www.redfish-solutions.com/misc/bluechew.eml > > And this is notable for having: > > > > GUID1 > GUID2 > GUID3 > GUID4 > … > One

Re: Two types of new spam

gt;> >> "exists" is a boolean, it's reasonable that it only returns one hit >> regardless of the number of instances present. >> >> Try this instead, to actually match the header(s): >> >> header __L_RECEIVED_SPF Received-SPF =~ /^./ > > That should be: > > header __L_RECEIVED_SPF Received-SPF =~ /^./m Seems to work either way! Thanks, everyone. -Philip

Two types of new spam

ers? (Is there an easy way to see what exists:Received-SPF is evaluating as?) If that’s the case, it would seem to be a shortcoming. Can anyone confirm that’s indeed what’s happening? Thanks, -Philip

White listing this mailing list.

How do I white list this mailing list for some reason all the messages are now going to spam.

Re: HeaderEval::check_header_count_range() not working correctly?

Sigh… “downside”. > On Nov 3, 2019, at 2:32 PM, Philip Prindeville > wrote: > > What would be the downsize of having: > > my @hdrs = grep($uniq{$_}++, $pms->{msg}->get_header ($hdr)); > > instead and counting ALL instances of $hdr, not just the unique RHS’s?

Re: HeaderEval::check_header_count_range() not working correctly?

What would be the downsize of having: my @hdrs = grep($uniq{$_}++, $pms->{msg}->get_header ($hdr)); instead and counting ALL instances of $hdr, not just the unique RHS’s? > On Nov 3, 2019, at 1:51 PM, Philip Prindeville > wrote: > > Hi. > > I’m looking at: &

HeaderEval::check_header_count_range() not working correctly?

e absolute number of headers of type ‘X-yzzy:’ regardless of their RHS? I’ve been seeing a lot of Spam recently with duplicative Received-SPF: lines, but since they are all identical, it’s not nudging the number of @hdrs past one. Thanks, -Philip

Rule for detecting two email addresses in From: field.

Morning List, Lately I'm getting a bunch of emails that are showing up with two email addresses in the From: field. From: "Persons Name " When you look in your mail client (Outlook, Thunderbird) it's showing only "Persons Name " Is there a way I can mark From: that has 2 email addresses i

OT: Issues w/ hughes.net not accepting messages?

tp.hughes.net used to receive email (i.e. be their MXer), then it got switched to mx.hughes.net and this started happening. If anyone is a hughes.net user and wants to call out this issue, I’d appreciate it. Thanks, -Philip

check_header_count_range() for MIME sections?

Hi. I’d like to be able to detect duplicated header types in MIME sections. I think you all have been seeing them too. Is there an easy way to see if a message contains any MIME sections where particular headers occur more than once? Thanks, -Philip

How to text that TxRep is working?

I've added TxRep to spamassassin and set in my local.cf. Following the instructions: http://truxoft.com/resources/txrep.htm # TXTREP use_txrep 1 Is there a way to test that it's actually working? Phil

Re: Spammers, IPv6 addresses, and dnsbls

Hi there, Providers like Linode assign a single IPv6 address from a /64. I had to request my own block of /64 to use on my server as my IP neighbors were always getting the /64 blocked... since I've had my own I've been all good.  Before this my IPv6 IP was getting blocked daily because of so

Loading custom rules.

How do you load custom rules... is it as simple as dropping the .cf file in the spamassassin directory and restart? I'm looking at these: https://wiki.apache.org/spamassassin/CustomRulesets Phil

Tone of emails with subject: 'hey'

So lately I'm getting LOTS of emails coming directly though the filters so most likely time to investigate how to create one. The subject is always 'hey' Subject: hey Date: Mon, 29 Jan 2018 09:07:40 +0300 From: Darya Message-ID: <8f35b00fb4e07d18ce82448ec9747...@112it4u.ro> X-Mailer: PHPMailer

Re: Email address as fullname in To: field

, conversely, they could simply not put any full name field in at all and just use the raw email address… It’s like someone made the conscious decision to choose the worst of both worlds… > On Jul 13, 2017, at 11:49 AM, Philip Prindeville > wrote: > > I’m getting more and m

Email address as fullname in To: field

themselves—and sometimes not even those correctly, since I’ll see Spam addresses to Message-Id: values, References: values, etc. Thanks, -Philip

Re: Relitigating TB's behavior because of "villainous" SpamAssassin... hiss!

> On Feb 12, 2017, at 4:53 PM, Philip Prindeville > wrote: > > What an incredible waste of time: > > https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19 > > I actually think I might be dialoging with a highly argumentative variant of > Eliza. > > In w

Relitigating TB's behavior because of "villainous" SpamAssassin... hiss!

What an incredible waste of time: https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19 I actually think I might be dialoging with a highly argumentative variant of Eliza. In which case, it’s passed the Turing Test.

Re: RFC compliance pedantry (was Re: New type of monstrosity)

Having been through the process of authoring 2 RFC’s, perhaps I can shed some light on the process for you. All proposed standards started life as draft RFC’s (this was before the days of IDEA’s but after the days of IEN’s). If it were validated by the working group and passed up to the IAB and

Re: Uninitialized values in URIDNSBL

so I can dedicated time to the process. > > Regards, > KAM Good to hear. While we’re waiting for that, can I just grab Util.pm and Plugin/URIDNSBL.pm out of trunk, or are there more dependencies than that to splice the fix back into 3.4.1? Thanks, -Philip

Re: Uninitialized values in URIDNSBL

> On Feb 2, 2017, at 5:06 PM, Reindl Harald wrote: > > > > Am 02.02.2017 um 23:41 schrieb Martin Gregorie: >> On Thu, 2017-02-02 at 15:23 -0700, Philip Prindeville wrote: >>> Anyone else seeing this? >>> >> Yes - in Fedora 25 > >

Uninitialized values in URIDNSBL

stderr: Use of uninitialized value $2 in concatenation (.) or string at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIDNSBL.pm line 1042. I’m seeing these right after upgrading from Fedora 23 (EOL) to Fedora 24 so evidently a bunch of files got updated… -Philip

How to know if TxRep is white listing out going email.

I've enabled outgoing white listing using the TxRep plugin is there a way to find out if outbound emails are actually being white listed? A log somewhere... a file being updated? -- Phil

Help understanding TxRep errors.

After turning on TxRep I get these lines in my /var/log/spamd.log file. Wed Mar 16 08:21:55 2016 [16629] warn: Use of uninitialized value $msgscore in addition (+) at /etc/spamassassin/TxRep.pm line 1414. Wed Mar 16 08:21:55 2016 [16629] warn: Use of uninitialized value $msgscore in subtraction

Re: Omitting leading whitespace on headers?

On Dec 29, 2015, at 3:15 PM, Kevin A. McGrail wrote: > On 12/29/2015 5:12 PM, Philip Prindeville wrote: >> I did recall that I used the patch here: >> >> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6360#c4 >> >> to be able to debug my rules, using a ru

Re: Omitting leading whitespace on headers?

On Dec 29, 2015, at 2:39 PM, Kevin A. McGrail wrote: > On 12/29/2015 4:29 PM, Philip Prindeville wrote: >> On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail wrote: >> >>> On 12/29/2015 3:46 PM, Philip Prindeville wrote: >>>> On Dec 29, 2015, at 1:42 PM, Kevin

Re: Omitting leading whitespace on headers?

On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail wrote: > On 12/29/2015 3:46 PM, Philip Prindeville wrote: >> On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail wrote: >> >>> On 12/29/2015 3:38 PM, Philip Prindeville wrote: >>>> Is there a reason that

Re: Omitting leading whitespace on headers?

On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail wrote: > On 12/29/2015 3:38 PM, Philip Prindeville wrote: >> Is there a reason that headers are left with leading spaces? >> >> I’ve noticed that I have to write rules as: >> >> Subject =~ /^ Great [Jj]ob [Oo]

Omitting leading whitespace on headers?

ceding the first instance of “utext” in “unstructured”? -Philip

Omitting leading whitespace on headers?

ce of “FWS” preceding the first instance of “utext” in “unstructured”? -Philip signature.asc Description: Message signed with OpenPGP using GPGMail

Re: any reason not to block every Softlayer allocation?

which was easy to block with check_url_local_bl() — or else contained a message-id which had an email address in it followed by: [a-z0-9\-\.]{1,6}>$ for instance. -Philip

Re: tflags multiple and header exists:

On Sep 29, 2015, at 10:44 AM, John Hardin wrote: > On Tue, 29 Sep 2015, Philip Prindeville wrote: > >> Can you use something like: >> >> header __L_X_NO_RELAYexists:X-No-Relay > > Are you seeing empty X-No-Relay headers? How about: No, not emp

Re: tflags multiple and header exists:

On Sep 29, 2015, at 10:09 AM, Philip Prindeville wrote: > Can you use something like: > > header __L_X_NO_RELAY exists:X-No-Relay > tflags __L_X_NO_RELAY multiple Actually, that should probably be bounded to something like: tflags __L_X_NO_RELAY multipl

tflags multiple and header exists:

I couldn’t get the first 2 lines to work together. I had to resort to: header __L_X_NO_RELAY ALL =~ /^x-no-relay:/msi instead for the first line. Is this a known constraint? -Philip

The word on messages w/ no Message-Id

Semantically, the angle bracket characters are not part of the msg-id; the msg-id is what is contained between the two angle bracket characters. Extracting the operative text: "The "Message-ID:" field provides a unique message identifier that refers to a particular version of a particular message. The uniqueness of the message identifier is guaranteed by the host that generates it […]. The message identifier (msg-id) itself MUST be a globally unique identifier for a message.” Obviously a missing Message-ID is hardly unique, and hence this requirement is not being fulfilled. Does this warrant scoring the message severely? I say “yes”. Anyone else? -Philip

Re: Test for empty EnvelopeFrom

On Sep 24, 2015, at 4:12 AM, Reindl Harald wrote: > > > Am 23.09.2015 um 19:24 schrieb Philip Prindeville: >> Stating facts here, not giving an opinion. Not sure what’s up for debate. >>> >>> if it is empty it's <> aka Null-Sender and you really

Re: Test for empty EnvelopeFrom

On Sep 23, 2015, at 6:35 AM, RW wrote: > On Tue, 22 Sep 2015 11:43:18 -0600 > Philip Prindeville wrote: > >> Hi. >> >> I?m using SA with MdF on Linux (Fedora 22). >> >> MdF generates the header ?Return-Path: ? for me, so that >> should be availab

Re: Test for empty EnvelopeFrom

On Sep 22, 2015, at 12:58 PM, Reindl Harald wrote: > > > Am 22.09.2015 um 19:43 schrieb Philip Prindeville: >> I’m using SA with MdF on Linux (Fedora 22). >> >> MdF generates the header “Return-Path: ” for me, so that should >> be available to me in the rule

Test for empty EnvelopeFrom

ded a comment Sending lib/Mail/SpamAssassin/Plugin/Check.pm Committed revision 1338300. but the bug is marked “RESOLVED FIXED” so I’m confused. Should it be “WONTFIX” instead? Thanks, -Philip

Re: Must-Have Plugins?

On 06/19/2015 01:07 PM, Dianne Skoll wrote: On Fri, 19 Jun 2015 12:51:28 -0600 Philip Prindeville wrote: [stuff] With this, we avoid ever accepting about 98% of the SPAM that we’d otherwise receive. Really? 98%? I find that surprising. We get quite a lot of spam from gmail, hotmail

Re: Must-Have Plugins?

On 06/10/2015 04:34 AM, Amir Caspi wrote: On Jun 10, 2015, at 12:32 AM, Matus UHLAR - fantomas wrote: FEATURE(`block_bad_helo') define(`confALLOW_BOGUS_HELO', `False') Argh, unfortunately, that feature is only on sendmail 8.14 and higher, which means RHEL/CentOS 6 or higher. For those of

Re: Must-Have Plugins?

On Jun 19, 2015, at 3:28 PM, David Jones wrote: >> From: Philip Prindeville >> Sent: Friday, June 19, 2015 3:53 PM >> To: David Jones >> Cc: users@spamassassin.apache.org >> Subject: Re: Must-Have Plugins? > >> On Jun 19, 2015, at 2:35 PM, David Jones

Re: Must-Have Plugins?

On Jun 19, 2015, at 2:35 PM, David Jones wrote: > >> But I’m on a LOT of high volume mailing lists (like mozilla-general and >> netdev) that get heavily spammed. > > Filtering mailing lists is a slightly different ballgame than filtering > regular email. Some of the items listed above > don

Re: Must-Have Plugins?

On Jun 19, 2015, at 1:01 PM, David Jones wrote: >> From: Philip Prindeville > >> On Jun 9, 2015, at 12:29 PM, John Hardin wrote: > >>> On Tue, 9 Jun 2015, David Jones wrote: >>> >>>> Some of the best and easiest things you can enable to blo

Re: Must-Have Plugins?

ms to get spoofed a LOT, or “mail.com” or “mail.ru”. We block hostnames that don’t have a domain (no dots). Lastly, we TEMPFAIL hosts that don’t have valid rDNS mappings (including the A and PTR records not agreeing). With this, we avoid ever accepting about 98% of the SPAM that we’d otherwise receive. -Philip

.science the new leper of TLD's?

No offense to lepers, but is .science to be avoided? I’ve had email this week from about 17 different .science domain names, and 13 were blocked because of ZenBL and the rest turned out to be SPAM anyway. I’m thinking that I should just refuse connections from any host whose rDNS is .science…

Re: Can SpamAssasin convert UTF8 into ISO-8859-1?

On Apr 15, 2015, at 7:07 PM, @lbutlr wrote: > On Apr 13, 2015, at 09:03, John Hardin wrote: >> The proper place for that sort of thing would be the tool that does final >> delivery to the user's mailbox. > > There is no proper place for that. > No, it’s not. But Mimedefang is. -Philip

Testing SPF & DKIM configurations

the receiving side… Thanks, -Philip signature.asc Description: Message signed with OpenPGP using GPGMail

Re: SOUGHT 2.0

On Dec 4, 2014, at 2:41 PM, Axb wrote: > On 12/04/2014 10:30 PM, Bob Proulx wrote: >> Axb wrote: >>> It's been more than a month since my first "SOUGHT 2.0" msg. >>> >>> A few have shown interest but as there hasn't been the flood of enthusiasm >>> and stuff getting done which I hoped for so I'

Re: Honeypot email addresses

On Dec 4, 2014, at 2:30 PM, Dave Pooser wrote: > On 12/4/14, 3:10 PM, "Philip Prindeville" > wrote: > >> Not necessarily. If I post to a list with this address, and wait 60 >> days, I can assume that 99.999% of email that comes back after that date >> i

Re: Honeypot email addresses

On 12/04/2014 05:32 AM, Reindl Harald wrote: Am 03.12.2014 um 23:56 schrieb Philip Prindeville: On 11/21/2014 09:49 AM, David F. Skoll wrote: On Fri, 21 Nov 2014 08:43:22 -0800 (PST) John Hardin wrote: On a public mailng list isn't a great place to discuss such tactics... I su

Re: Honeypot email addresses

On 11/21/2014 09:49 AM, David F. Skoll wrote: On Fri, 21 Nov 2014 08:43:22 -0800 (PST) John Hardin wrote: On a public mailng list isn't a great place to discuss such tactics... I suspect spammers are dumb and will just vacuum up any address they can find. Also, the scammers who sell CDs wit

Re: Give a penalty to messages with non latin UTF-8 characters?

ndré). I don’t understand why Apple’s Mail.app, for instance, defaults to Win-1252 here in the US. That’s braindead. Apple won’t bundle Flash with MacOS because it’s not an Open Standard, but they’ll embrace a vendor-specific character code when a superior Open Standard encoding exists. Go figure. -Philip

  1   2   3   4   >