abled. Here is
one of the headers with my addresses redacted:
The odd headers change on each run. You should be able to catch them
with Bayes.
Regards,
-sm
custom_med
adsp_override yahoo.com.au custom_med
adsp_override yahoo.com.br custom_med
adsp_override yahoo.com.cn custom_med
adsp_override yahoo.com.hk custom_med
...
I did a quick verification. The above domains do not publish an ADSP record.
Regards,
-sm
t there is any violation of the specification.
Regards,
-sm
At 11:07 24-02-2013, Kevin A. McGrail wrote:
I'm referring to other RFCs such as 1651 which says:
That's an obsoleted RFC. It might be better to refer to RFC 5321
(Section 4.4) for information about the Received: header.
Regards,
-sm
ou have to add with
ESMTP to the received headers".
The following is about ESMTP:
"For instance, servers MUST support the EHLO command even if they do
not implement any specific extensions and clients SHOULD preferentially
utilize EHLO rather than HELO."
Regards,
-sm
At 16:44 20-11-2012, Matt wrote:
authenticated SMTP to relay not? Is there a way in apache .htaccess
to block access based on xbl.spamhaus.org? I want to block exploited
IP's from webmail etc as well.
http://www.lucaercoli.it/mod_spamhaus.html
Regards,
-sm
that rule.
Regards,
-sm
BL lookups.
Regards,
-sm
#x27;t have that header
field, you could base your rule on
http://wiki.apache.org/spamassassin/EnvelopeSenderInReceived
Regards,
-sm
"responsibility of free
services that hold user-created documents".
Regards,
-sm
recall correctly, it was
prone to false positives. You might be able to do some scoring
instead of blacklisting.
Regards,
-sm
** 192.168.0.69, 17549->>
173.45.100.146, 53 (from COM1 Outbound)
You can create the zones mentioned in
http://tools.ietf.org/html/draft-ietf-dnsop-default-local-zones-15
Regards,
-sm
ithin the country, you can put in a
score for such a rule. You may have to allow some exceptions (e.g.
by domain name).
Regards,
-sm
At 05:18 17-06-10, Matt Kettler wrote:
The best docs would be the RFC standards:
RFC 2822 "Internet Message Format"
RFC 822 (obsoleted by above, but sometimes useful for understanding the
history of the format, making intent clearer.)
RFC 2822 obsoleted by RFC 5322.
Regards,
-sm
At 10:18 20-04-10, LuKreme wrote:
I got a mail from Paypal, but it is not FROM paypal, but it appears
to have passed DKIM
If it passed DKIM and it is signed by info.paypal.com, it's from Paypal.
Regards,
-sm
ail addresses in the format *-l...@.* or other
common mailing list address formats. It wouldn't catch all of them, I'm
sure (m...@gnome.org, for example), but it might help.
There isn't a reliable way to identify mailing list addresses.
Regards,
-sm
n hitting the problem of false positive... I
can't let a user thinking we sent his mail when we "wrongly" dropped it.
I am not talking about dropping mail. False positives _will_ happen.
Regards,
-sm
is a problem on your
network is not a good idea.
Sign up for feedback loops. Rate limit mail submissions or set up
triggers to identify abnormalities. You may also wish to do traffic
flow analysis to see what's going through your network.
Regards,
-sm
en happened. I also saw a few links to
personal pages at space.net, but they're long gone.
There is experimental support for MTAMARK in a well-known MTA. The
proposal had less exposure than SPF.
Regards,
-sm
ce are. I don't particularly want
to add rules into sendmail, so SA is my avenue of choice.
Having a rule in sendmail is less work.
Regards,
-sm
marketing, then it may matter to you. :-)
Regards,
-sm
At 10:27 28-07-2009, Charles Gregory wrote:
:0fw
* ^(To|Cc):.*(use...@spamassassin|spamassassin.users)
| /usr/bin/formail -I"Reply-To: users@spamassassin.apache.org"
Match on the List-Id: header instead of the To: or Cc:.
Regards,
-sm
ot;context/keyword spam filter" called
filter.plx ( http://spamassassin.apache.org/prehistory/ ). I don't
know whether the patent about enhancing touch and feel on the
Internet is related to your questions.
Regards,
-sm
t for webpages. As the system
is compromised, you cannot rely on the scan.
Any ideas where to look for such a beast &/or a mailing list that
deals with this type of issue?
Search for tripwire.
Regards,
-sm
hose sites so that you can be spammed. :-) If you
are running mailing lists, don't whitelist those domains. That also
applies if you don't want to be spammed by those domains.
Regards,
-sm
ddresses rarely appear in the From: header. It's better to have a
rule for the multiple addresses in the Sender: header if you are
receiving a lot of spam with the above headers.
Regards,
-sm
here.
Regards,
-sm
00907.mbox/%3cac9ad70907041849m735b0b68mb0909b83216b0...@mail.gmail.com%3e
)
Regards,
-sm
NT3 && __RESENT4)
describe NO_RESENT_MAIL Meta: please dont resend mail to maillists
score NO_RESENT_MAIL 3.0
if i cant fix others problems but imho apache.org need the above :)
Nice. The above rules cannot be applied for all apache.org traffic
as it's not only for mailing lists.
Regards,
-sm
?
The message was sent by a mailing list subscriber to a list which
generally discusses about spam. It scored 4.0 on Apache.org.
Why is the message obvious spam? What rules would you recommend to catch it?
Regards,
-sm
7;if' in
/usr/local/etc/mail/spamassassin/jp.cf: if plugin
(Mail::SpamAssassin::Plugin::MIMEHeader)
Tar the jp.cf file and send it to me off-list.
Regards,
-sm
Plugin::MIMEHeader)
The "end if" should not be in the "describe" line. Add "endif" after
the describe line to close the "ifplugin" condition.
See
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200906.mbox/%3cpine.lnx.4.64.0906020849430.10...@mercury.impsec.org%3e
Regards,
-sm
At 17:26 19-06-2009, RW wrote:
The last hop into the internal network is rarely from Nigeria, but I
find it turns up in X-Spam-Relay-Countries in about 9% of my own spam.
Can you send me a sample of the email headers off-list?
Regards,
-sm
king Italy or Hong Kong won't help that much because
of the mode of operation of these senders.
One of the advantages of SpamAssassin is that it doesn't use one
specific rule to detect spam. If you rely on one specific rule only,
it will be subverted.
Regards,
-sm
At 22:59 18-06-2009, Chip M. wrote:
Here's a dump of the complete Countries routes of your samples
(frequency first, then square brackets around the IP immediately
outside your own network):
2 [France], Nigeria
Do you really get such emails from Nigeria? :-)
Regards,
-sm
gular rules, you would have to render
the content before passing the modified message to SpamAssassin.
Regards,
-sm
At 05:08 16-06-2009, McDonald, Dan wrote:
Altering message bodies might break gpg|pgp signatures, but not DKIM.
It generally invalidates the DKIM signature.
This mailing list does not use Mailman.
Regards,
-sm
nyway.
Regards,
-sm
Hi John,
At 06:50 08-05-2009, John Hardin wrote:
I suspect the sender is timing out waiting for the "250 OK" after
sending the message, hence my (humorous) "100 Please hold..."
suggestion. (Jeeze, SM, lighten up!)
There has already been such a proposal. Someone might
At 13:15 07-05-2009, John Hardin wrote:
Heh. Does the SMTP protocol need a "100 Please hold..." reply?
No. Fix the mail server instead of the protocol.
Regards,
-sm
about hostnames. An underscore is not a
valid character for a hostname. The example you gave is not a hostname.
Regards,
-sm
the mail traffic for that
information. BTW, there is a larger problem if there are "hacked"
accounts available on the sending network and on your network.
Regards,
-sm
.
The following rule may help. You'll need the ImageInfo plugin.
body PNG_200_400 eval:image_size_range('png', 200, 400, 250, 450)
describe PNG_200_400 Contains png 200-250 x 400-450
score PNG_200_400 0.1
Adjust the score to fit your needs.
Regards,
-sm
e a one-time fee? Or a yearly fee? Or,
does it have any kind of expiration date?
Who knows? It will be interesting to see whether the rules are
included in a SpamAssassin distribution.
Regards,
-sm
t because people are paying money to a site with a domain
owner hidden by the Whois privacy registration? :-) Some antispam
offers are big and easy money as there's always somebody ready to pay
or to jump on the bandwagon because it is free.
Regards,
-sm
doesn't really have any spam
You can use BATV. You must then submit all messages for the domain
through a mail server that supports BATV.
Regards,
-sm
ge.so]
2.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
Do a DNS test for a non-existent hostname. If you receive an answer,
switch to a name server (you can run one locally) that provides
genuine replies.
Regards,
-sm
t;,
we have to inform the customer. That is usually done by email.
Regards,
-sm
milter as there is less
overhead. The downside is that you will get more false positives.
Regards,
-sm
o look in the
header of any of my messages, you see, I am an legitimat authenticated
sender.
The headers of your message are correct. Using ZEN for all IP
addresses listed in the headers will result in incorrect hists. Post
the headers and the rules that message hit.
Regards,
-sm
At 17:20 02-03-2009, J.D. Falk wrote:
(BTW, a quick visit to your favorite search engine should alleviate
any fears that either Neil or I are marketers.)
I can confirm that J.D. is not in marketing.
He did not "top-post" or send his message in HTML format. :-)
Regards,
-sm
ging.
Regards,
-sm
t; comment.
Regards,
-sm
At 01:20 22-02-2009, Benny Pedersen wrote:
you dont know it either ?
The term "dynamic hostname" is used in intermediate system routing.
Regards,
-sm
At 23:16 21-02-2009, Benny Pedersen wrote:
why does a smtp server have dynamic hostname alike in the first place ?
What is a dynamic hostname?
Regards,
-sm
message, spamd is not listening on localhost.
Regards,
-sm
At 13:10 06-02-2009, Michael Scheidell wrote:
(ps, someone has a FP on whois_contactpriv)
Doesn't look like apache or espphotograpy.com or dslextreme.com
It's not a false positive. There was xxx.com in the message.
Regards,
-sm
dress and compare it with the domain?
There are three RCVD_IN_BSP_ rules for that.
Regards,
-sm
this mailing list will trigger their antispam
filters as the discussion is generally about spam.
Regards,
-sm
o use Bayes to deal with that type of email.
Regards,
-sm
have to patch the code to do that.
Regards,
-sm
positives, post some samples on a
web site together with the rules that were hit.
Regards,
-sm
sed for those who of you who only receive mail from the
US or Europe, I'll point out that it also causes false positive for
that kind of mail traffic. As you mentioned above, the problem is
not really with Botnet plugin if we understand that it does not detect botnets.
Regards,
-sm
lines?
Isn't that technology certified for illegal content only? :-)
Sanesecurity could have been better protected against DDOS
attacks. They are a ripe target.
Regards,
-sm
f you want to hide the headers only, you can use the
TabooHeaders setting.
Regards,
-sm
At 18:40 08-01-2009, Evan Platt wrote:
For the THIRD time, SpamAssassin is not marking the mail as Spam.
Mailscanner is. You need to ask on a mailscanner list.
The footer at the bottom of the original message is a hint as to why
your advice won't be understood. :-)
Regards,
-sm
reduce the score for autolearning
ham until you fix this problem.
As a quick fix, add a header rule to catch the
FreeCreditReports360.com in the From header.
Regards,
-sm
o the author of the
message instead of the sender.
Regards,
-sm
ancethree[dot]com.
Verify the registrant information available from Whois and see
whether such domains regularly appear in spam or ham.
Regards,
-sm
mes in. Simply checking the
signature is not enough.
Regards,
-sm
ted the
updates. Even if the host is compromised, you are "safe" as long as
the private key is secure and the signer still has your trust.
Regards,
-sm
ignore).
Because sa-update is designed to provide updates in a secure way. If
you want the simplest way, you can ignore these steps and face the
consequences when something goes wrong.
Regards,
-sm
ystem. SpamAssassin developers are sharing
their code for free.If we need a specific feature or find a bug,
we can always send a patch. If you read the URL I posted previously,
you will see that the developers have been working on IPv6 support.
Regards,
-sm
At 11:51 02-12-2008, Marc Perkel wrote:
Tell me if you think this is a good idea.
Everything that helps to promote your business is a good idea. :-)
Regards,
-sm
an IP address with
-A, spamd will disconnect you. You won't be able to specify IPv6
addresses after the -A without the patch. You can either wait for
3.3 to be released or adapt that patch for your version of SpamAssassin.
Regards,
-sm
etSet. See
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=4964
Additionally, even when I get this working, I am unable to specify
ipv6 addresses to -A, either with or without square brackets.
That part of the code is IPv4 specific.
Regards,
-sm
STEN
Use the -i parameter to specify the IPv6 address. The -A parameter
to specify the host which can connect to spamd and not the IP address
on which spamd should listen on.
Regards,
-sm
er-base you are
dealing with. Some educational institutions exchange a significant
amount of mail over IPv6. The amount of spam is still quite low or
non-existent for some.
Regards,
-sm
software interacting with
SpamAssassin will not get a negative or positive
response. The software might defer mail delivery
and retry later, hence causing a rescan.
Regards,
-sm
more than X messages or if your site has more than Y users"?
Regards,
-sm
verhead. spamc will pass the
message to the spamd daemon and get the result.
Regards,
-sm
filtered twice.
Is that a correct assumption?
Yes.
So I'm probably wasting resources if my Spamassassin host is
configured as such?
Yes.
See http://wiki.apache.org/spamassassin/UsedViaProcmail for more
information about calling SpamAssassin from procmail.
Regards,
-sm
correctly. See whether your issue is OS specific.
Regards,
-sm
g. Do you want to blacklist that host?
Regards,
-sm
outbound mail
where the customer is relaying through your mail server.
Regards,
-sm
ded by the SpamAssassin project (
http://wiki.apache.org/spamassassin/RuleUpdates ). The "sought"
rules ( http://wiki.apache.org/spamassassin/SoughtRules ) are quite
effective in catching "fresh" spam messages.
Regards,
-sm
to catch them.
Regards,
-sm
I suggest that we agree to disagree as we are not arguing about the same thing.
Regards,
-sm
ay where to deliver a message.
Regards,
-sm
ave an impact on DNS.
Regards,
-sm
, I'd think it was denying
part of the three-way TCP handshake, but the email is flowing, and
the mail queues are low.
The traffic is not unusual given that you are originating the
connection to the remote mail server. The above behavior may be
caused by a misbehaving firewall.
Regards,
-sm
lows the
sender to set a preference for where the reply should go to. It can
also be used to avoid being sent a Cc.
Items 2 to 5 are mainly due to the lack of functionality in the MUA
(mail client). The subjects of contention can also be attributed to
a lack of knowledge about email etiquette.
Regards,
-sm
pamassassin/CollaborativeManual
Regards,
-sm
oot
permissions drwx
These permissions are correct.
Regards,
-sm
At 14:22 07-10-2008, David B Funk wrote:
I recently noticed that DNS_FROM_SECURITYSAGE was hitting everything.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5672
Regards,
-sm
.
Regards,
-sm
was a mailing list for a well-known open source project
originating legitimate SMTP traffic for a few days from a host
without reverse DNS. The reason was not sysadmin or ISP incompetence.
Regards,
-sm
it is because the test is so far after
everything else though.
Even if your traffic patterns are different, the hit rates shouldn't
be that low. There would be a difference if your MTA uses a DNSBL to
reject or if you apply other pre-content filtering techniques.
Regards,
-sm
At 08:58 22-09-2008, Matt wrote:
Everyone should block/defer ALL email with no reverse DNS. Then maybe
those email admins would get a clue.
Assuming you have signed up for that service, would you whitelist the
sending host or wait for the postmaster to get a clue?
Regards,
-sm
hether that actually works.
Regards,
-sm
1 - 100 of 345 matches
Mail list logo
