the KAM.cf
files so they will get used?
--
Rick Cooper
I.T. Manager - Bob Thomas Dealerships
Cell 260-414-8566
Fax 260-434-4400
Email rcoo...@dwford.com
It lints fine now
Rick
_
From: Kevin A. McGrail [mailto:kmcgr...@apache.org]
Sent: Wednesday, September 01, 2021 5:43 PM
To: SA Mailing list
Subject: Re: Lint problem with KAM.cf
I published a fix for the KAM SHORT A few hours ago. Please let me know how
it's working for you.
On Tue
Cooper
Cc: SA Mailing list
Subject: Re: Lint problem with KAM.cf
We will take a look. We check with lint for every publication but maybe
there's a condition we missed or a spelling issue. Thanks for bringing it
up. KAM
On Mon, Aug 30, 2021, 15:31 Rick Cooper wrote:
This have been going
's being merged directly into SA. If I change short_url to
short_url_tests the error goes away but I haven't run it down in the code. I
am running SA 3.4.6 and am wondering if there is a new modual for
DecodeShortURLs that I am missing somewhere?
Rick Cooper
Bill Cole wrote:
> On 25 Feb 2021, at 13:37, Rick Cooper wrote:
>
>> I was just working on some rules to catch the current crop of mal
>> formed urls used to escape detection by solutions that extract urls
>> from emails and compare them to known bad urls and I am wonder
I was just working on some rules to catch the current crop of mal formed
urls used to escape detection by solutions that extract urls from emails and
compare them to known bad urls and I am wondering if spamassassin's patterns
for extraction take this into account?
For instance:
https:www.google.
Kevin A. McGrail wrote:
> On 7/21/2020 9:25 PM, Loren Wilton wrote:
>> I do strongly wonder whether this is "society" or only "people in the
>> USA".
> One data point disproves that. The SA project made the choice months
> ago inspired by a decision in the United Kingdom:
>
https://www.zdnet.com/a
That's odd. The fraud emails we have gotten do not use an actual PayPal
address as the sender (they have been using @.pp.com) and that is a
legitimate address used to notify users when their accounts have been
limited, which does happen and they have an FAQ regarding that. One of ours
got limited o
@lbutlr wrote:
> How do people deal with lists that a user subscribed to that require
> logging in to an account to unsubscribe? I seem to be seeing a lot
> more complaints from users who cannot get off lists (probably because
> they didn't realize they were creating an account for getting
> multip
Phil Reynolds wrote:
> On Tue, 19 May 2020 07:43:14 -0400
> "Rick Cooper" wrote:
>
>> I occasionally get emails warning me of bounced mail, this one
>> doesn't go through we will send a probe, yada, yada.
>>
>> They say they include the
I occasionally get emails warning me of bounced mail, this one doesn't go
through we will send a probe, yada, yada.
They say they include the bounce message but they always look like this:
--- Enclosed is a copy of the bounce message I received.
Return-Path: <>
Received: (qmail 21198 invoked for
cl_c_SuspectMsg =
${sg{$acl_c_SuspectMsg}{\NNONE(\s{0,}:)?\N}{}}:UTF-7 BODY HIDING SOMETHING
> Regards
> Brent Clark
>
> On 2020/05/05 20:00, Rick Cooper wrote:
>> Henrik K wrote:
>>> On Tue, May 05, 2020 at 12:51:36PM -0400, Rick Cooper wrote:
>>>> We rec
Henrik K wrote:
> On Tue, May 05, 2020 at 12:51:36PM -0400, Rick Cooper wrote:
>> We received a couple emails yesterday that barely got caught and
>> when I looked at them they should have hit big time. As I looked it
>> would appear the body parts are encoded q
ode("UTF-7", $self->{'decoded'});
just before the decoded body is returned in Node.pm and the body rules hit
again including some quick tests I put together.
Is ignoring utf-7 intentional or is this a new spammer tactic? The actual
email messages are rendered perfectly through ou
On April 11, 2020 3:08:15 PM EDT, RW wrote:
>On Sat, 11 Apr 2020 19:58:02 +0100
>RW wrote:
>
>
>>
>> The first one was cited as a format used in forwarded ham. The other
>> two are common in spam.
>>
>> The point of this spamming technique is that many clients show only
>> the display name i
Grant Taylor wrote:
> On 4/11/20 9:49 AM, RW wrote:
>> I see that the plugin rules don't distinguish between the
>> irresponsible format of:
>>
>>From: "Mr Bill (mb...@legitemail.com)"
>>
>>
>> and more seriously deceptive formats like:
>>
>>From: "mb...@legitemail.com"
>>From: "
that do this.
I could of course add a whitelist of sorts but I prefer to bump the score a
bit, enough to tag as low scoring spam.
For detecting possible fraud addresses involving our own people I wrote a
backend look up for exim that looks at any name like "Rick Cooper" and
compares th
I've been meaning to ask the maintainers, according to the requirements
listed in the INSTALL file
Required Perl Interpreter
-
Perl 5.8.1 or a later version is required.
Preferred versions are 5.8.8, or 5.10.1 or later.
Yet it actually requires 5.10+ because of FromNameSp
Philip wrote:
> Morning List,
>
> Lately I'm getting a bunch of emails that are showing up with two
> email addresses in the From: field.
>
> From: "Persons Name "
>
> When you look in your mail client (Outlook, Thunderbird) it's showing
> only "Persons Name "
>
> Is there a way I can mark Fro
gt;> try Mail::SpamAssassin::Plugin::Phishing
>>
>> Cheers
>> Giovanni
>
> man Mail::SpamAssassin::Plugin::Phishing
> to be precise.
>Giovanni
Something that isn't answered in the docs is the default score and I am
wondering if SA has to be restarted after each update of the data or does it
reread each time the plugin is called
Rick Cooper
Karol Augustin wrote:
> On 07/10/16 03:51, Rick Cooper wrote:
>> So how do I dump the ~/ disk file for the DB . The txrep.cf file :
>>
>> user_awl_dsn DBI:mysql:SpamAssassin:127.0.0.1
>> user_awl_sql_username CorrectUser
>> user_awl_sql_password CorrectPas
RW wrote:
> On Fri, 30 Sep 2016 08:43:18 +
> Nicola Piazzi wrote:
>
>> After a new box instalation I found that txrep doesnt work
>>
>> The table is empty
>> mysql> select * from txrep;
>> Empty set (0.00 sec)
>>
>> Obviously I disabled AWL and Load TxRep il v341.pre
>
> Did you set
>
> us
Benny Pedersen wrote:
> Celene skrev den 2013-07-06 21:24:
>
Example: http://pastebin.com/UZtzfyEs
>
>> To be honest, I have never gotten any emails from people with only a
>> URL, unless they are spam, so this shouldn't be a problem. I just
>> want to match all emails that have a single lin
Andrew Talbot wrote:
> This is what I was wondering. We don't want to have to run a
> computationally-expensive body rule unless we need to. No choice
> though, I guess. Thanks for your help!
>
>
>> -Original Message-
>> From: John Hardin [mailto:jhar...@impsec.org]
>> Sent: Monday, June
Dave Funk wrote:
> On Fri, 15 Mar 2013, Kevin A. McGrail wrote:
>
>> On 3/15/2013 9:17 AM, Tom Kinghorn wrote:
>> On 15/03/2013 15:11, Christopher Nido wrote:
>>
>>
>> http://www.naturalstonesinc-munged.com/aah/pabfjd/pgrezs
>>
>>
>> Now this is a guy with "cahona's grande' " for spammin
Original Message
From: Marc Perkel [mailto:m...@perkel.com]
Sent: Thursday, February 25, 2010 6:11 PM
To: Rick Cooper
Cc: 'ram'; users@spamassassin.apache.org
Subject: Re: Off Topic - SPF - What a Disaster
> Rick Cooper wrote:
>>
>> >>> The anti-S
>>> From: Marc Perkel [mailto:m...@perkel.com] Sent: Thursday, February
>>> 25, 2010 12:30 PM To: ram Cc: users@spamassassin.apache.org Subject:
>>> Re: Off Topic - SPF - What a Disaster
>>> ram wrote:
>>> On Tue, 2010-02-23 at 18:33 -0800, Marc Perkel wrote:
>> Jeff Koch wro
Original Message
From: schmo_j [mailto:schm...@yahoo.com]
Sent: Thursday, February 25, 2010 1:40 PM
To: users@spamassassin.apache.org
Subject: Block Spammers Spoofing My Domain
> Greetings!
>
> I'm running SpamAssassin 3.2.5 on Gentoo Linux, and I'm looking to block
> messages from @mydom
My bad, I had 127.0.0.1 in the blacklist on that host instead of 127.0.0.2
Sorry
> -Original Message-
> From: Rick Cooper [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 13, 2007 9:03 AM
> To: 'Marc Perkel'; 'SpamAssassin Users List'
&
I have noted one FP so far, lists.sophos.com and it was sending the latest
new viruses, I get this list a couple times per day on average
Rick
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 10, 2007 1:26 PM
> To: SpamAssassin Users List
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 27, 2007 5:29 PM
> To: Meng Weng Wong
> Cc: Kelson; users@spamassassin.apache.org
> Subject: Re: SPF-Compliant Spam
>
>
>
> Meng Weng Wong wrote:
> > On Aug 27, 2007, at 11:39 AM, Kel
sent from the sender. I am
relaying the message and it's not up to me to mangle the from address. The
people who I farward to want the from address to be original.
[Rick Cooper]
Then your server(s) should be listed in their SPF records, problem solved.
We list every host that could possibly e
ay be helpful for
some people, for instance to avoid greylisting or so, but as it is not
much in use I don't find it very useful.
Kai
I agree. And SPF breaks email forwarding and spammers can set SPF records as
well. SPF is useless.
[Rick Cooper]
Not true, proper implementatio
> -Original Message-
> From: Ed Kasky [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 26, 2007 12:22 AM
> To: users@spamassassin.apache.org
> Subject: Two errors with 3.2.2
>
> I upgraded today from 3.2.1 to 3.2.2 on a RH7.2 server using perl
> 5.8.1 and am having 2 issues.
> -Original Message-
> From: John Rudd [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 27, 2007 1:27 PM
> To: Bret Miller
> Cc: users@spamassassin.apache.org
> Subject: Re: SaneSecurity
>
> Bret Miller wrote:
> >> Perhaps more a clamav question, but does anyone use the addit
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 10:00 AM
> To: Rick Cooper
> Cc: users@spamassassin.apache.org
> Subject: Re: My Newly Expanded DNS Blacklist - Who wants to try it?
>
>
>
> R
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 18, 2007 9:31 AM
> To: Shane Williams
> Cc: Daryl C. W. O'Shea; users@spamassassin.apache.org
> Subject: Re: My Newly Expanded DNS Blacklist - Who wants to try it?
>
>
>
> Shane Williams
> -Original Message-
> From: WLamotte [mailto:[EMAIL PROTECTED]
> Sent: Friday, June 15, 2007 10:13 AM
> To: users@spamassassin.apache.org
> Subject: Why doesn't Spamassassin bounce spam?
>
>
> Sorry if this is an obvious question but why isn't there an
> option for
> Spama
> -Original Message-
> From: Matthias Haegele [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 14, 2007 8:30 AM
> To: SpamAssassin
> Subject: Re: Does anyone catch this
>
> Dennis Davis schrieb:
> > On Mon, 14 May 2007, Duncan Hill wrote:
> >
> >> From: Duncan Hill <[EMAIL PROTECTED]
> -Original Message-
> From: Marc Perkel [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 30, 2007 11:42 AM
> To: users@spamassassin.apache.org
> Subject: Re: Sender Address Verification is NOT abouse and
> very effective
>
>
>
> John D. Hardin wrote:
> > Is there a non-abusive way t
Sorry to mess up the thread, I lost the original
> -Original Message-
> From: Dhawal Doshy [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 06, 2007 9:39 AM
> To: users@spamassassin.apache.org
> Subject: Re: Annoying stocks scams
>
> [EMAIL PROTECTED] wrote:
> > Hi List!
> >
[ ... ]
>
> -Original Message-
> From: John Andersen [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 25, 2006 4:20 PM
> To: users@spamassassin.apache.org
> Subject: Re: Discourage broken content
>
>
> On Friday 25 August 2006 12:10, Rick Cooper wrote:
> > That is pat
> -Original Message-
> From: decoder [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 25, 2006 4:23 PM
> To: Rick Cooper
> Cc: users@spamassassin.apache.org
> Subject: Re: Discourage broken content
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Ha
> -Original Message-
> From: decoder [mailto:[EMAIL PROTECTED]
> Sent: Friday, August 25, 2006 2:24 PM
> To: users@spamassassin.apache.org
> Subject: Re: Discourage broken content
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Kenneth Porter wrote:
> > --On Friday, August 25, 2
> -Original Message-
> From: decoder [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 09, 2006 5:31 PM
> To: Spamassassin List; users@spamassassin.apache.org
> Subject: Re: Improved OCR Plugin with approximate matching
>
>
[snip]
>
> According to google, libungif seems correct for yum.
> -Original Message-
> From: John Hardin [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 21, 2005 11:17 AM
> To: SpamAssassin list
> Subject: Re: Clever Spammers, Anything to catch this?
>
>
> On Sun, 2005-11-20 at 06:50, Rick Cooper wrote:
> > I have
My apologies to all for accidentally replying to the wrong thread in my
previous post on this thread
Rick
> -Original Message-
> From: saurabh.bhasin [mailto:[EMAIL PROTECTED]
> Sent: Sunday, November 20, 2005 12:40 PM
> To: Andreas Kotowicz
> Cc: users@spamassassin.apache.org
> Subject:
I get a similar score now, when they first came in they didn't hit any of
the SURBL or RAZOR rules so it scored very low. I was looking for a way to
hit the scheme they are using before they make it into the various block
lists. I had quite a few on several servers in just a few min.
I wrote a seq
I get a similar score now, when they first came in they didn't hit any of
the SURBL or RAZOR rules so it scored very low. I was looking for a way to
hit the scheme they are using before they make it into the various block
lists. I had quite a few on several servers in just a few min.
I wrote a seq
> -Original Message-
> From: Michael Monnerie [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 02, 2005 12:07 PM
> To: users@spamassassin.apache.org
> Subject: Re: Bayes mysql db error
>
>
> On Mittwoch, 2. November 2005 15:25 Mike Loiterman wrote:
> > 8:24:50 [EMAIL PROTECTED]: /hom
> -Original Message-
> From: Jeff Chan [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, May 18, 2005 6:17 AM
> To: users@spamassassin.apache.org
> Subject: Re: Bombarded by German political spam
>
>
> On Tuesday, May 17, 2005, 3:42:09 PM, David Funk wrote:
> > So the intensity of the spam bom
51 matches
Mail list logo
