ate(1)
"--score-limit" option to adjust scores.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
ith
any spam indicators.
Sorry, I wrongly read your configuration.
Could you share a complete sample in private ?
Thanks
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
with these options enabled TxRep will add a minimum/maximum of
num points
to final score; another option is to remove all data containing an email
address from your TxRep database.
Cheers
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
ave pre and post scanning
>before using results in data collection
>
Actually I would use an md5 signature of the attachment, an email can have
multiple attachments and the same file can be sent more then once.
Giovanni
people send emails to 50+ people at a time
with a legitimate PDF, but it has to spawn zbarimg for each of them,
nevertheless, so it could eventually be a denial-of-service.
maybe it could be possible to add a cache layer to extracttext plugin, could
you open an enhancement request o
to make it work
without updating SpamAssassin to today's
version.
Cheers
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
do that?
>
>This was just a regular Word document with a .docx extension.
unfortunately, ExtractText currently (afaik) does not support
- conversion between formats (extracting images from doc,pdf etc)
On 22.03.25 21:15, Giovanni Bechis wrote:
if you have ghostscript installed extracting
that?
> >
> >This was just a regular Word document with a .docx extension.
>
> unfortunately, ExtractText currently (afaik) does not support
> - conversion between formats (extracting images from doc,pdf etc)
if you have ghostscript installed extracting barcodes from pdf files
eader all ExtractText-Uris _EXTRACTTEXTURIS_
However, now they're sending them in Word doc/docx format. Any tips on how to
do that?
I think you need a wrapper that uses docx2pdf or word2pdf to create a pdf file,
then zbarimg(1) on the {temporary} pdf file.
Giovanni
This
+ } or eval {
+ require IP::Geolocation::MMDB;
+ @MaxMind::DB::Reader::ISA = qw(IP::Geolocation::MMDB);
} or do {
my $err = $@;
I think it would be better to add proper support for IP:Geolocation::MMDB and
later deprecate MaxMind::DB::Reader instead.
Cheers
Giovanni
ot;.
Atm I am using IP::Country::DB_File and it has all the info I need.
Cheers
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
/spamassassin-Fuzzy.
Additionally, my company maintains a database of fuzzy signatures for spam
detection.
If you're interested, please feel free to reach out to me off-list for more
details.
Best regards
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
=
I've just committed a fix, sorry for the breakage.
Giovanni
the least, it should have been identified by clamav.
That email hits SEM_FRESH and GMD_PDF_ENCRYPTED (this needs
Mail::SpamAssassin::Plugin::PDFInfo), it seems a good start for a meta rule.
Giovanni
But SEM_FRESH is commented in the sources...
it has hit SEM_FRESH30 on the user's serve
needs
Mail::SpamAssassin::Plugin::PDFInfo), it seems a good start for a meta rule.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
efers to SpamAssassin 4.0.0, not 4.0.1.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
aypal rules are effective here, either.
can I have a copy of the email ?
I am working on improving some KAM Paypal rules.
Thanks
Giovanni
I can add the phone number and perhaps some body rules and the envelope sender,
but is there a more durable way to block these?
OpenPGP_signature.asc
Description: OpenPGP digital signature
ctober in EU but on first Sunday
of November in US, could it be related ?
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
add_header all ExtractText-Uris _EXTRACTTEXTURIS_
Cheers
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
IALLY true
when the name in the salutation is identical, byte for byte, including case, as the local
part of the email address.
do you intend to have a rule like this one ?
header __TO_NAME To:name =~ /(?.*)/
body DEAR_NAME /Dear %{TO_NAME}/
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
On 6/23/24 10:26 PM, Larry Nedry via users wrote:
On 7/21/23 9:10 AM, Giovanni Bechis wrote:
Hi,
phishstats[.]info domain has recently moved to a parking domain, if you are using
Mail::SpamAssassin::Plugin::Phishing plugin with data downloaded from PhishStats[.]info
it would be better to
sider retiring Pyzor as "no longer effectively
maintained"?
I think this is a valid option, Perl implementation is a reverse engineering
effort and absolutely not perfect.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
number, it is the number
of cases.
You may use $cnt for more simplicity.
Hi,
could you please open bug reports on https://bz.apache.org/SpamAssassin/ so
that we can track them ?
Thanks
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
for how to
capture a pattern in one rule and use it in another. I don't have a working rule for you,
but that's the mechanism I would use.
If you need same samples to start with, take a look at
https://github.com/apache/spamassassin/blob/094428cf11b0ad8d5658fd18d62d696
Hi,
if you are using rules that query Validity rbl (RCVD_IN_VALIDITY_* rules), make
sure you have updated rules (at least dated 2024-04-23),
otherwise you may encounter in FPs instead of hitting an overlimit response.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
honor
uridnsbl_skip_domain preference only in trunk code.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
SpamAssassin ruleset.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
re that I don't?
Does anyone have any rationale for this missing functionality?
I don't expect that it would be difficult to add. (Something I've believed
every time I've taken on a coding task...)
are you referring to spamassassin -W/-R options that are n
noticed. That includes a system that has
>administrative and alerting role accounts which handle email alerts from Azure
>and MS365.
>
Disposition-Notifications are sent by onmicrosoft.domain.tld domain afaik.
Giovanni
>> I have literally NEVER gotten anything from that domain which
sample, fixed in trunk in r1915645.
Regards
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
if you do?
does ExtractText only run one of configured programs for the same type of file?
Exactly, ExtractText only run the first configured program for the same type of
file.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
not use any other ExtractText config line for image file types,
zbarimg(1) can be configured on SpamAssassin 4.0 as well.
Regards
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
"ทุก" is not considered a word because it's part of the token
"ทุกวันพุธเล่นชนะรับเพิ่ม".
Words must be separated by spaces, otherwise we should skip the word "theme" just because
"the" is in english stopword list.
No idea if this makes sense for a
I do not speak Thai but I cannot see any word in the sample email that should
match that list.
Which word do you think should match the regexp ?
Giovanni
On 12/29/23 10:08, Jimmy wrote:
You can use this word list
https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords
To create the stopwords regexp I used the script I shared in a previous email
and a list of words one per line.
Could you share the list you are using ?
Giovanni
On 12/29/23 09:22, Jimmy wrote:
I use SpamAssassin 4.0.0 (2022-12-14)
$ spamassassin -D --lint 2>&1 | grep bayes:
Dec 2
xt and
it produces a working regexp.
Bayes stopwords languages must also be enabled using "bayes_stopword_languages"
config keyword, by default only english is enabled.
Giovanni
On 12/28/23 17:06, Jimmy wrote:
bayes_stopword_th https://pastebin.pl/view/0838138d
<https://pastebin.p
Could you share a config line and a sample you are using ?
Giovanni
On 12/28/23 16:26, Jimmy wrote:
Yes, I have done that, and I am also editing Plugin/Bayes.pm to investigate why
it is not being skipped. I suspect that if words are not separated by spaces,
longer words may not match those
"spamassassin -D bayes" will tell you, you should see a line like:
bayes: skipped token 'from' because it's in stopword list for language 'en'
Giovanni
On 12/28/23 15:45, Jimmy wrote:
The pattern has successfully passed the test script, but it needs to
;x' . sprintf("%x", ord($c));
} else {
print $char;
}
}
---
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
use spamd
natively.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
Ps, meaning ham >= 5 points.
you can work with sa-update(1) --score-multiplier and --score-limit to reduce
score of KAM rules.
This might improve the situation in your case.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
To block this type of spam I've increased the score of GB_HASHBL_BTC (Bitcoin
rbl) rule.
Giovanni
On 11/10/23 11:01, Mark London wrote:
Sendmail didn't introduce FEATURE(require_rdns) until 2007. I'm sure I've been
using it longer than that. And by default it's
f 5 or 6.
It seems to be a documentation bug, see
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6069 and
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=1201#c47
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
f bad intent.
rawbody BADHREF /\s+.\/href\=/
should be a start to write a rule to catch those spam messages.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
find a new home I am going to remove the relevant
code from the plugin.
Regards
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
ck_uridnsbl('URIBL_IVMURI')
describe URIBL_IVMURI listed on ivmURI found at invaluement.com
if can(Mail::SpamAssassin::Conf::has_tflags_nolog)
tflags URIBL_IVMURI net nolog
else
tflags URIBL_IVMURI net
endif
score URIBL_IVMURI 2.0
reuse URIBL_IVMURI
endif
Giovanni
OpenPGP_sig
addresses.
Giovanni
in my config.
OpenPGP_signature
Description: OpenPGP digital signature
On 3/2/23 12:49, Benny Pedersen wrote:
giova...@paclan.it skrev den 2023-03-02 10:04:
On 3/1/23 14:30, Benny Pedersen wrote:
Henrik K skrev den 2023-03-01 10:28:
On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote:
I have SA 4.0 installed and Mail::SpamAssassin::Plugin::Aut
On 3/2/23 11:50, Matus UHLAR - fantomas wrote:
On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote:
I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available.
However, I don't see AuthRes plugin mention in .pre files nor in SA rules.
Henrik K skrev den 2023-
s from arc signatures and integrate it
into DMARC policies checks.
Authres plugin is needed to parse Arc signatures and pass the results to DMARC
plugin.
Giovanni
I will try to load it to see if it works.
You also need rules for it to do anything. No plugin uses it's parsing at
this time.
its
to /etc/mail/spamassassin/.
Same for other plugins you might need.
Zimbra uses amavisd-new, so you need to reload amavisd-new as well when
you change SpamAssassin configurations.
Giovanni
signature.asc
Description: PGP signature
possibly the problem. I'll investigate.
(I'll also need to upgrade/patch MIMEDefang before I can use this. Thanks
Giovanni for pointig this out! I guess this will save me a lot of would be
wasted time).
I guess it's just because of this Received: header that wasn't seen wh
g 2.85 with this commit:
https://github.com/The-McGrail-Foundation/MIMEDefang/commit/34ffd6fa31c4d9e79494fae427ec3b9da6a1c8b1
The problem could have been spotted only recently because more domains started
to use DMARC.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
cymru.com _ASN_ _ASNCIDR_
add_header all ASN _ASN_ _ASNCIDR_
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
downloaded from
https://spamassassin.snb.it/Esp-rbl.cf
- if you are using SpamAssassin 4.0, the rbl can be used without loading
ESP plugin.
Happy new Year
Giovanni
signature.asc
Description: PGP signature
t; doesn't fail.
>
dnsbl_subtests.t tests runs even with run_net_tests=n (fixed few minutes
ago in trunk), the "unknown eval" error is unrelated to this bug anyway,
I think in this case the user fails to load init.pre correctly in his
setup.
Giovanni
signature.asc
Description: PGP signature
Could you try if patch in bz 8078
(https://bz.apache.org/SpamAssassin/attachment.cgi?id=5863&action=diff) fixes
the issue ?
Spample is no more available on Pastebin.
with the patch applied Shortcircuit works correctly.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
(https://bz.apache.org/SpamAssassin/attachment.cgi?id=5863&action=diff) fixes
the issue ?
Spample is no more available on Pastebin.
Thanks
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
ng
around which rules have been run.
As a temporary work-around, I think it would be wise to give any rule that gets
SHORTCIRCUITed an overwhelming score in whichever direction it operates.
Confirmed, r1904981 is the commit that is causing this behavior.
Giovanni
OpenPGP_signature
Descriptio
SGID_GUID && !__RCD_RDNS_SMTP
describe GB_PAYPAL_IMG_NOT_RCVD_PAYP Paypal hosted image but message not
from Paypal
score GB_PAYPAL_IMG_NOT_RCVD_PAYP 2.500# limit
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
tch at https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8035
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
illegal here in regex; marked
by <-- HERE in m/(? line 5.
on every message.
To avoid the warning you should update to a checkout newer then r1903359
(2022-08-11).
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
topped
>> working. DMARC still passes with SPF, but there are no longer any occurrences
>> of DKIM.
>
> I think Giovannis changes don't work when amavisd is passing $suppl_attrib:
>
> https://svn.apache.org/viewvc?view=revision&revision=1901719
>
> Sub _c
All the people that reported DKIM failures to me in SA 4.0 in the last month
are using amavisd-new, could it be related to how amavisd-new is calling SA ?
Giovanni
On 6/26/22 07:55, Henrik K wrote:
>
> Have you checked what debugging says?
>
> $sa_debug = 'info,dkim,DMARC
ing from r1900857, official ASF channels are loaded first, then all other
channels in alphabetical order.
I would like to better check the original email if possible.
Giovanni
> Regards,
> KAM
>
> --
> Kevin A. McGrail
> Member, Apache Software Foundation
> Chai
u, there should be no
problem if you do not use Bayes anyway.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
On Mon, Apr 25, 2022 at 12:50:49PM +0300, Henrik K wrote:
> On Mon, Apr 25, 2022 at 11:48:52AM +0200, Matus UHLAR - fantomas wrote:
> > > > >> >https://pastebin.com/s032ndrA
> > > > >> >
> > > > >> >It's not only hitting DMARC_REJ_NO_DKIM and DMARC_FAIL_REJECT, but
> > > > >>
> > > > >> where did y
ut all sorted now.
>
KAM.cf channel started on November 2020, before that date KAM ruleset was not
signed.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
Hi
Same here, ubuntu 20.04.
On 2022/02/18 11:51, Bert Van de Poel wrote:
Hi everyone,
I just noticed we had two email servers complain last night after
running sa-update about a regex problem:
/etc/cron.daily/spamassassin:
config: invalid regexp for __URI_TRY_3LD
'm,^https?://(?:try(?!r\.co
),
we can talk about it on the MIMEDefang ml
(https://lists.mimedefang.org/mailman/listinfo/mimedefang_lists.mimedefang.org)
or you can send me an email
about it.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
n.
If x-originating-spam-status has always the same value it's suspect
anyway.
Giovanni
signature.asc
Description: PGP signature
gt;
There is no way atm but I thought more than once to add such a feature for the
same reason.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
I have disabled his rule some time ago.
>>>> Many spammers use mailing list or their signatures.
>
>> On 2021-04-28 11:55, Giovanni Bechis wrote:
>>> Same here, is it worth to keep MAILING_LIST_MULTI to that hardcoded score ?
>
> On 28.04.21 12:18, Benny Peders
ere, is it worth to keep MAILING_LIST_MULTI to that hardcoded score ?
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
module? No. I have the utmost respect for and trust in Giovanni Bechis
> and use his code every day, but that module as it exists at Github is not
> structured to be used from a git checkout. The 4 significant files all
> properly belong in different places. The specific proper places wou
t you are looking
for.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
On Sun, Feb 28, 2021 at 10:33:15AM -0500, Michael Grant wrote:
> On Sun, Feb 28, 2021 at 03:53:33PM +0100, Giovanni Bechis wrote:
> > On Sun, Feb 28, 2021 at 07:38:22AM -0500, Michael Grant wrote:
> > > Ultimately I want the spamassassin report in the headers but I don't
>
On Sun, Feb 28, 2021 at 07:38:22AM -0500, Michael Grant wrote:
> Ultimately I want the spamassassin report in the headers but I don't
> want the license key in there.
>
you can set 'tflags net nolog' if you are using trunk.
Invaluement uri and license key will be printed as *redacted*.
Giovanni
On 2/19/21 1:09 AM, John Hardin wrote:
> On Thu, 18 Feb 2021, Giovanni Bechis wrote:
>
>> On 2/18/21 6:37 PM, Ricky Boone wrote:
>>> Just wanted to forward an example of an interesting URL obfuscation
>>> tactic observed yesterday.
>>>
>>> https:
t committed a new variation of GB_GOOGLE_OBFUR that should match this spam
as well.
If you can send me a spample I could tweak it a bit more.
Giovanni
OpenPGP_signature
Description: OpenPGP digital signature
useful but which
> are also undocumented. If you feel like being a pioneer, you
> could try creating rules to make use of that code.
>
and if you want to become an hero patches to document those evals are always
welcome ;-)
Giovanni
signature.asc
Description: PGP signature
les.
Local files can be generated by looking at the Return-path of the offending
email.
Return-Path:
In this case "1234" is the id you are interested in.
Giovanni
[¹] https://github.com/bigio/spamassassin-esp/releases/tag/esp-v1.2
ot sendgrid.net
>
> spamurls to the phishing is sendgrid redir to hide all detalts of spam
> domain
>
> why is so many uribl not blocking phish attemps better ?
>
> i can send sample on request to pmc members
Please send me spamples, I will take a look at them.
Giovanni
signature.asc
Description: PGP signature
#x27;d like to move over to a global redis system, but I don't see an
> easy way to convert from bayes SQL to redis bayes.
>
> Is this somewhere and I can't find it?
>
"sa-learn --backup" with old config and "sa-learn --restore" with new one
should do what you need.
Giovanni
be needed on some setups."
>
This is needed to let amavisd (from next released version afaik) or Mimedefang
(with a custom mimedefang-filter snippet) parse the headers
and correctly rewrite the subject.
Giovanni
ag by language, not
> based on rule hits. You may beable to modify the subject in the MTA/glue
> at the same point you do the extra delivery.
>
Starting from 3.4.3 you can add a prefix to the email subject like that:
header FROM_ME From:name =~ /Me/
subjprefix FROM_ME [From Me]
Giovanni
signature.asc
Description: PGP signature
nd executed by
/etc/cron.d/sa-update.
Stock sa-update doesn't know how to handle channels.d directories.
Giovanni
this plugin.
>
for the moment you should use your own data, Rob replied more extensively
to this question.
Giovanni
signature.asc
Description: PGP signature
On 11/26/20 5:22 PM, Kevin A. McGrail wrote:
[...]
> The KAM rule set is authored by Kevin A. McGrail with contributions from Joe
> Quinn, Karsten Bräckelmann, Bill Cole, and Giovanni Bechis. It is maintained
> by The McGrail Foundation.
>
> The KAM channel is made possible with
Il 26 ottobre 2020 20:09:52 CET, Benny Pedersen ha scritto:
>Giovanni Bechis skrev den 2020-10-26 09:05:
>
>>> amavisd have penpal, if that is possible to track with TxRep ?
>> maybe something is doable by reading _TXREPEMAILCOUNT_ tag.
>
>with 3.4.4 it does not work, s
t;
>> It is a clever idea! I might add something similar to my own setup. :-)
>
> amavisd have penpal, if that is possible to track with TxRep ?
>
maybe something is doable by reading _TXREPEMAILCOUNT_ tag.
Giovanni
ased on the reputation of the sender, if
this sender normally send ham email it is normal that a negative score will be
applied.
If spam from this sender keep coming score will change from a negative to a
positive value.
You can tweak txrep_learn_penalty and txrep_learn_bonus if you want to speedup
the process.
Regards
Giovanni
nt that? The score isn't a reputation, it's an
> adjustment that has no meaning outside of the score arithmetic. For any
> given reputation the TxRep score can be positive or negative, high or
> low.
>
> _TXREP_XXX_Y_MEAN_ represents the reputation.
>
note that this tag will work only on 3.4.5+ (where it has been renamed to
_TXREPXXXYMEAN_), see bz #7749.
Giovanni
implement it?
>
> maybe make clamav sigs ?
>
> is mimedefang working still ?, special plugins needed ?, i just use
> fuglu
Mimedefang is still alive on a new home:
https://github.com/The-McGrail-Foundation/MIMEDefang
I think it should not be complicated to implement it.
Giovanni
of this - that
> can be used NOW! (/well... might need a SpamAssassin rule or two! Your help
> appreciated!)/:
>
SpamAssassin plugin available at:
https://github.com/bigio/spamassassin-esp/archive/esp-v0.1.tar.gz
We will work on improving this new type of DNSBL with more data and more
On 4/22/20 5:43 PM, Henrik K wrote:
>
> I've updated replace_tags with these 4-byte UTF-8 characters, whatever they
> are, will look more indepth later..
>
you have been faster, I have the same diff on my tree and I was going to commit
it :-)
Giovanni
> For example rep
this message hits for you ?
Giovanni
signature.asc
Description: PGP signature
gt;>
>> Read the UPGRADE file. It includes steps required for anyone using
>> SQL-based AWL or TxRep.
>>
>Hmm. Need to somehow find that file. I upgraded using CPAN so I do not
>have the files. Maybe they are somewhere in /root/.cpan on some box...
>
>br. jarif
you can find it here:
https://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_4_3/UPGRADE
Giovanni
1 - 100 of 175 matches
Mail list logo
