Hello,
today a mail has been banned (false positive). It says message contains
x.com
X-Quarantine-ID:
X-Amavis-Alert: BANNED, message contains x.com
I couldnt find x.com in the mail body itself, but the mail had a zipfile
as an attachment. The zip file probably contains invoices.
Are the
Am 2024-06-14 21:20, schrieb Matus UHLAR - fantomas:
grep -ri "FONT_INVIS_NORDNS" /var/lib/spamassassin/ | grep describe
/var/lib/spamassassin/4.00/updates_spamassassin_org/72_active.cf:
describe FONT_INVIS_NORDNS Invisible text + no rDNS
In my case, I can say with certainty that the mail
Am 2024-06-14 18:24, schrieb Matus UHLAR - fantomas:
1. as I said it's hard to find out without the body
2. hiding data indicates a spammer.
Yes, I've now realized that I can simply grep for the descriptions.
grep -ri "FONT_INVIS_NORDNS" /var/lib/spamassassin/ | grep describe
/var/lib/spamassa
Am 2024-06-14 17:11, schrieb Matus UHLAR - fantomas:
FONT_INVIS_NORDNS=1.544
HTML_FONT_TINY_NORDNS=1.514
RDNS_NONE=0.793
working fcrdns would fix much for them.
However, not doing stupid shit with fonts would help even more:
FONT_INVIS_MSGID=2.497
FONT_INVIS_NORDNS=1.544
HTML_FONT_TINY_NORDNS=1
Am 2024-06-14 16:44, schrieb Reindl Harald (privat):
with RDNS_NONE nobody on this planet should accept mails from that
machine and the admin has to be fired, the message should be jejected
at SMTP level long before spamassassin
And you would have been dismissed because of your pathological fa
Hello,
I would like to explain a sender what he can do to create an email that
is not classified as spam.
X-Spam-Status: Yes, score=6.248 tagged_above=1 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FONT_INVIS_
5 :)
On 20240512 06:56:59, Thomas Barth wrote:
Am 2024-05-12 12:39, schrieb Greg Troxel:
I would suggest that if Debian is modifying the default config
from 5 to
6.31, then probably they should not be doing that.
This is a status of dmarc-report from microsoft today
X-Spam-Status: Yes, s
Am 2024-05-12 12:39, schrieb Greg Troxel:
I would suggest that if Debian is modifying the default config from 5
to
6.31, then probably they should not be doing that.
This is a status of dmarc-report from microsoft today
X-Spam-Status: Yes, score=5.938 tagged_above=2 required=6.31
tests=[A
Am 2024-05-12 01:08, schrieb jdow:
Methinks this is a perfect example of "one man's spam is another man's
ham." Or in my case, "A woman's spam is often a man's ham."
I like spam when it's well designed. That's why I no longer reject it on
my newly set up mail server. I just want them all to be
Am 2024-05-11 23:49, schrieb Vincent Lefevre:
The value 6.31 does not even appear in the spamassassin source
package.
Sorry, the values are overwritten via the Amavis defaults.
cat /etc/debian_version
10.13
egrep -nri "sa_tag_level_deflt|sa_kill_level_deflt" /etc
/etc/amavis/conf.d/20-debian_d
Am 2024-05-11 21:54, schrieb Bill Cole:
I have no idea who the Debian "spam analysts" are but I am certain that
they are not doing any sort of data-driven dynamic adjustments of
scores based on a threshold of 6.3 nor are they (obviously) adjusting
that threshold daily based on current scores.
Hello
Am 2024-05-11 19:24, schrieb Loren Wilton:
Can I just take the names of the rules?
e.g. at least two checks should fire:
meta MULTIPLE_TESTS (( RAZOR2_CF_RANGE_51_100 + RAZOR2_CHECK +
URIBL_ABUSE_SURBL) > 1)
score MULTIPLE_TESTS 1
found in
X-Spam-Status: No, score=5.908 tagged_above=
Hi guys,
thank you all for your advice!
Am 2024-05-10 22:39, schrieb Bowie Bailey:
The rules with the low scores are not intended to contribute to the
spam score for the email. They only have a defined score at all
because if the score is 0, SA will not run the rule.
It works like this:
Ru
Am 2024-05-10 06:19, schrieb Reindl Harald (privat):
Am 10.05.24 um 00:05 schrieb Thomas Barth:
Am 2024-05-09 21:41, schrieb Loren Wilton:
Low-score tests are neither spam nor ham signs by themselves. They
can be used in metas in conjunction with other indicators to help
determine ham or spam
Am 2024-05-09 21:41, schrieb Loren Wilton:
Low-score tests are neither spam nor ham signs by themselves. They can
be used in metas in conjunction with other indicators to help determine
ham or spam. A zero value indicates that a rule didn't hit and the sign
is not present. A small score indicat
Hello,
I don't understand why there are so many checks where the meaningless
value of 0.001 is assigned. The total score could be much higher. Do I
have to define all the checks myself with a desired value?
X-Spam-Status: No, score=3.999 tagged_above=2 required=6.31
tests=[DMARC_MISSING=0
Hello,
I got a false positive because the test AM.WBL results in score 7. It
was a mail by email.apple.com (a bill). What is AM.WBL? I cant find it
in the test list: https://spamassassin.apache.org/tests_3_3_x.html
Do I have to set "score AM.WBL 0"?
Sep 2016 10:51:51 +0200 (CEST)
To: Thomas Barth
From: Thomas Barth
Subject: eigentest
Message-ID: <1e6cf571-8cd1-5081-2e5b-2159b91fd...@txbweb.de>
Date: Tue, 27 Sep 2016 10:51:43 +0200
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101
Thunderbird/45.3.0
MIME-Version: 1
Hello,
I ve installed RelayCountryPlugin as described on this page:
https://wiki.apache.org/spamassassin/RelayCountryPlugin
The package libgeo-ip-perl (Debian 8.5) is installed. (Note at the end
of the page)
I added the following rule to /etc/mail/spamassassin/local.cf
header RELAY
Hello
Am 23.09.2016 um 22:10 schrieb Lindsay Haisley:
On Fri, 2016-09-23 at 15:28 -0400, Bill Cole wrote:
As much as I love BIND (no, seriously, I do) it's very hard to recommend
it as the first choice for a simple recursive resolver.
Setting up bind as a "simple recursive resolver" is simpli
Am 23.09.2016 um 10:47 schrieb li...@rhsoft.net:
that was one single line containing:
* don't use dns forwarding
* don't use dnsmasq (because it can only do forarding)
DNS-Resolver with Bind9 is configured now and nameserver is 127.0.0.1.
No URIBL_BLOCKED=0.001 in Spam-Status anymore.
Am 23.09.2016 um 10:25 schrieb li...@rhsoft.net:
Am 22.09.2016 um 21:58 schrieb Bowie Bailey:
On 9/22/2016 3:40 PM, Thomas Barth wrote:
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
fix that - use a local caching resolver with *no forwarding* and if you
are using dnsmasq just don'
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
Am 21.09.2016 um 15:48 schrieb Thomas Barth:
X-Spam-Status: No, score=3.004 tagged_above=2 required=6.31
tests=[MESSAGEID_LOCAL=3, RELAYCOUNTRY_BAD=3.1,
RP_MATCHES_RCVD=-3.096, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=no
Am 22.09.2016 um 12:41 schrieb li...@rhsoft.net:
I ve installed clamav-unofficial-sigs by debian package. If this is not
working good enough I will try the installation I found here:
https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/INSTALL
dunno - and it's off-topic here - we
Am 22.09.2016 um 12:41 schrieb li...@rhsoft.net:
I ve installed clamav-unofficial-sigs by debian package. If this is not
working good enough I will try the installation I found here:
https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/INSTALL
dunno - and it's off-topic here - we
Am 22.09.2016 um 11:50 schrieb li...@rhsoft.net:
Am 22.09.2016 um 11:36 schrieb Benny Pedersen:
On 2016-09-22 10:16, Thomas Barth wrote:
The content of the mail is:
--boundary_af9c8db46eb73fca8b315aafef01
Content-Type: application/x-zip-compressed; name="e6dfa16bdb.zip&quo
Am 21.09.2016 um 18:47 schrieb Bowie Bailey:
That is ridiculous. The more training bayes gets the better it works.
And manual training is better than autolearning because autolearning can
automatically learn false positives and false negatives and cause
problems for the database.
And what a
Am 21.09.2016 um 18:00 schrieb li...@rhsoft.net:
the problem of the OP is that he starts things the other side round and
first reject without good evidence and don't have anything to make the
system bullet profe because it's rejected
I remembered that I read a book about Postfix with the to
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
so your setup either don't use that config (amavais or something like
that part of the game then you don't have just spamassassin)
or you have not trained enough spam *and* ham - or you tr
Am 20.09.2016 um 13:12 schrieb Paul Stead:
.
Hi Thomas,
The RelayCountry plugin would answer your needs:
https://wiki.apache.org/spamassassin/RelayCountryPlugin
Hello Paul,
I ve activated that Plugin and installed the geoip modul (aptitude
install libgeo-ip-perl), seems to work. I ve te
Am 20.09.2016 um 15:27 schrieb Bowie Bailey:
X-Spam-Status: Yes, score=14.009 tag=2 tag2=6.31 kill=6.31
tests=[HTML_MESSAGE=0.001, MESSAGEID_LOCAL=8,
MIME_HTML_ONLY=1.105,
PYZOR_CHECK=1.985, RCVD_IN_BRBL_LASTEXT=1.644, RDNS_NONE=1.274]
autolearn=no autolearn_force=no
Am 20.09.2016 um 12:23 schrieb Matus UHLAR - fantomas:
Message-Id: <20160920154140.f5a976c...@static.vnpt.vn.local>
you can put this in /etc/spamassassin/local.cf
header MESSAGEID_LOCAL Message-Id =~ /\.local>$/
scoreMESSAGEID_LOCAL 1
describe MESSAGEID_LOCAL Message-Id contains ".
Hello,
is it possible to use geoiplookup with Spamassassin? I want to reject
all mails as spam not send in my country or another second country, but
accept whitelisted mailing list addresses. Any chance to use geoiplookup
for this? I want to exclude Spammer Countries e.g. China, Thaiwan,
Indi
Thanks for your help Matus
Am 20.09.2016 um 12:23 schrieb Matus UHLAR - fantomas:
there are many ways to make SA better - configure BAYES database, enable
network tests (razor, pyzor, DCC), and not use DNS server for resolution
that is shared with other companies...
I have already enabled raz
Hello,
I get mails not recognized as spam and I would like to extend
spamassassin to reject these mails. The mails look very normal, but the
message-id is conspicuous. I want to reject the mail if it contains
.local at the end of message-id.
Subject: Tracking data
From: "Paula Booker"
MIME-
ndl Harald:
maybe you learn about SPF then..
Am 01.02.2016 um 16:23 schrieb Thomas Barth:
The Mails with docs attached are getting rejected successfully. I m
getting a lot of these mails from a botnet now, each mail with a
different generated mail suffix, but always with our top level domain. I
ho
their spam :-/
Thomas B
Am 01.02.2016 um 15:09 schrieb Reindl Harald:
Am 01.02.2016 um 15:05 schrieb Thomas Barth:
No viruses were found.
Banned name: .exe,.exe-ms,23676883772984656662(1).doc.exe
Content type: Banned
Not quarantined.
The message WAS NOT relayed to:
xxx
554 5.7.0 Reject, id
', # banned file(1) types
/etc/amavis/conf.d/20-debian_defaults:142:#
qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
Thomas B
Am 01.02.2016 um 15:09 schrieb Reindl Harald:
Am 01.02.2016 um 15:05 schrieb Thomas Barth:
No viruses were found.
Ba
ssage is a test result of ClamAV? I would like to add .doc as
banned name
Thomas B
Am 01.02.2016 um 13:50 schrieb Reindl Harald:
Am 01.02.2016 um 13:48 schrieb Thomas Barth:
for a week or so I get a lot of mails with bills as doc-documents and
Spamassassin is actually not able to mark it as
Hi,
for a week or so I get a lot of mails with bills as doc-documents and
Spamassassin is actually not able to mark it as spam. The documents
contain a macro. AMaVis is configured to reject all spam-mails directly
(no store&forward). How can I configure Spamassassin to mark all mails
with doc-
40 matches
Mail list logo
