Hi Bill,hope that helps
headers from order confirmation mail
Wolfgang
Received: from gateway1h.dhl.com ([165.72.200.98]) by
mailin73.mgt.mul.t-online.de
with (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384 encrypted)
esmtp id 1o1Q0k-4aA7Un0; Wed, 15 Jun 2022 12:12:30 +0200
DKIM-Sig
>> I'm seeing a lot of spam with base64 encoded subjects:
>>
>> Subject:
>> =?UTF-8?B?RnVsbCBkZW50YWwgY292ZXJhZ2UgZm9yIGZhbWlsaWVzIGFuZCBzZW5pb3JzLCBjb3ZlcnMgYWxsIHByb2NlZHVyZXM=?=
>>
>> Subject: =?UTF-8?B?V2VhciB5b3VyIE11bHRpLVRvb2wgYXJvdW5kIHlvdXIgd3Jpc3Qu?=
>>
>>
Hi,
I live in a part of th
>> Hi,
>>
>> On Wed, Dec 13, 2017 at 9:08 PM, David B Funk
>> wrote:
>> > On Wed, 13 Dec 2017, AJ Weber wrote:
>> >
>> >> Is there an easy way to check if the Subject or From is UTF-8 -- or
>> >> non-ASCII -- char set?
>> >>
>> >> I see in some of my recent spam, either the Subject or the From (s
>>
>> Dear All,
>>
>> Analyzing some e-mails which are not caught by SA I see sometime the
>> following scenario:
>> Such an e-mail is sent to a lot of people ( not only to the own domain ) and
>> all e-mail addresses start with the same first character.
>> If I see this I know immediately thi
Hi,
is there already a rule that detects from lines with a mail address or a mail
name AND a <>, e.g.
From: "crappy something vendor" <>
Regards
Wolfgang Hamann
>>
>> Hi Wolfgang,
>>
>> On 28/09/15 16:24, haman...@t-online.de wrote:
>> > I have installed dkim on qmail (not sure about details, it is working
>> > since a few years)
>> > Your original post said there was SPF fail on the incoming message, so you
>> > could already
>> > score on that.
>>
>>
>> Hi Benny,
>>
>> thanks for your email.
>>
>> On 28/09/15 13:29, Benny Pedersen wrote:
>> > Tom Robinson skrev den 2015-09-28 05:02:
>> >
>> >> From tena...@qka.com Thu Sep 24 13:29:50 2015
>> >
>> > is this the envelope sender domain ?
>>
>> I believe so. How can I be sure?
>>
>> >
>
>> 2014-10-29 16:26, Joe Acquisto-j4 wrote:
>> > Comments on the ZD net article that claims shellshock exploit via
>> > crafty SMTP headers? Just asking, that's all . . .
>> >
>> > I attached a link to it below, please excuse if that is improper
>> > behavior.
>> > http://www.zdnet.com/shells
>>
>> All of this doesn't translate to the end-user, though. There's no way I
>> could ever set up a set of rules, in the form of an end-user doc, that
>> could be used to describe when to unsubscribe and when not to, and under
>> what conditions an email can be trusted and when it shouldn't (beyo
>> >> I got the following MIME body part below, and I�m wondering if it would
>> >> make sense to filter on this as well.
>> >> Given that it�s text/plain with an implicit charset=�us-ascii� and an
>> >> implicit content-transfer-encoding of 7bit, the sequence &#x[0-9A-F]{4}
>> >> doesn�t really
>> Michael Monnerie wrote:
>> > Dear list, since this week there are tons of very good forged bills
>> > that look like real, from big companies like telekom, vodafone, etc.
>> > They look like the original, and just the link in the middle, where it
>> > says "download your bill here", goes to a si
Hello Kevin,
what would be the minimum version of perl required to upgrade?
Regards
Wolfgang
Kevin A McGrail wrote:
>> On 10/18/2013 10:04 AM, Lutz Petersen wrote:
>> >
>> > I'm searching a way to give some extra Score depending on the Number
>> > of Recipients in the To: Headerline. In the last days there are
>> > massive Spamruns that are not marked as Spam - but all of them have
>> > a
>> Hi Guys,
>>
>> This may sound a basic questions but would like to know under what
>> circumstances one should use IMAP/POP3 Anti Spam services? I do have AS for
>> SMTP and is blokcing well but would like to know what consequences it would
>> cause if I enable or disable the Pop3/imap Anti Sp
>>
>>
>> On 5/7/2013 11:02 PM, Steve Prior wrote:
>> > On 5/7/2013 1:44 AM, Benny Pedersen wrote:
>> >> Chris Santerre skrev den 2013-05-06 17:27:
>> >>> 10 days and still being abused badly. Recommending for everyone to
>> >>> just refuse any .pw
>> >>
>> >> time for spamhaus ? :=)
>> >>
>> >>>
>>
>> Scenario is like this:
>>
>> Third party user with a DSL connection (dynamic IP, listed on DUL, PBL,
>> etc): USER
>> Third party mail server of USER with an OK IP (REV DNS, no DUL, no PBL, no
>> listing): REMOTE MAIL SERVER
>> My mail server: MY MAIL SERVER.
>>
>> USER sends mail via RE
Hi Anthony,
I did that for my mail (not as spam filter, though, but more a header rewrite
... could
be procmail), so every such much gtes in the inbox but is flagged very clearly
I really like it...
but, to be honest, it took me at least 3 months to create my personal whitelist:
there are a coup
Michael Monnerie wrote:
>> > normally it makes no sense to report botnets
>>
>> And this is what makes me worry. Botnets are todays biggest source of
>> spam, and nobody has ever started to fight it really? There are tons of
>> tools for every small issue, but nothing to cope with the biggest shi
Michael Scheidell wrote:
HS_INDEX_PARAM: tell them not to use web bugs in their marketing emails
Hi Michael,
since we are sending out newsletters (to people who really subscribed :) and I
got
the role to be my own "email marketing company", I want to comment on that.
We are using a setup simil
Dave Warren wrote:
> b) some users of image resizers would see the warning sign reduced
> (I recently had someone complain about an error on our google maps "our
> office is here"
> page, and it turned out the visitor was using a smartphone via an image
> resize service)
Were you tripping on a
>> OT but related
>>
>> I just got a bunch of phishing attacks against a bank come through.
>> Following the link leads me to some owned website with the fake bank
>> frontend - and it had a feature that I've seen time and time again:
>> images and links from the real banksite
>>
>> Why don't ban
Dave Funk wrote:
>>
>> As an admin on a site that regularly gets hit with phish attacks, I can
>> answer that. The forms are most often a web-page, which are:
>>
>> 1) forms hosted on Google-Docs or legit servey sites.[0]
>> 2) sites hidden behind URL-shorteners
would you want to submit detai
Hi,
the replica seems to be down
Things that could be promising:
a) the form target seems to be similar to your site name
b) it is probably possible to detect similarity between your image and the
replica
I guess that the presence of upgrade or webmail and a form url with bway inside
migh
>>
>>
>> Hello,
>>
>> We are getting a fair amount of very targetted phish attempts to our
>> userbase. Since we are relatively small, I don't think any of the URIBLs
>> really help (or phishtank or other lists) since we're not a large bank or
>> paypal or anything like that.
>>
>> I did see s
>>
>> I've noticed a trend recently where I'm getting emails sent to me from
>> either an aol or yahoo or hotmail account. But the email has a "to"
>> address to some other account that is not mine.
>>
>> First off I'm p...@topguncomputers.com. I also run the postfix servers.
>>
>> Usually
>>
>> We would like to start monitoring our two smtp servers. They are fairly bu=
>> sy boxes, maybe 100,000 messages a day, give or take several thousand. The=
>> y of course run Spamassassin, Postfix is also used. We use MRTG to monitor=
>> internal servers and switches, and would really l
>>
>> I have a friend that puts out a 'barter' list. He acts as a
>> clearinghouse for some equipment wholesalers.
>>
>> He has been fighting getting tagged as spamming for some time and
>> finally came to me for help. I had helped some, but finally told him to
>> add me to his distributio
>>
>> On 3/1/2011 11:55 AM, John Levine wrote:
>> >> From a legal perspective I will point out that any e-mail you
>> >> receive is (at least in the US, but most other countries too)
>> >> considered copyrighted by the sender. Under copyright law the
>> >> sender has the right to control expirat
>>
>> Hello Greg Troxel,
>>
>> Am 2010-12-12 10:51:50, hacktest Du folgendes herunter:
>> > Trying to block this is a bit tricky, because when a user of one of
>> > these sites invites a specific person by entering an email address, it
>> > isn't really spam. The problem appears to be that the s
Karsten Bräckelmann schrieb:
> Personally, I have *never* received a legit C/R. Every single one that
> ended up on my machines have been in response to spam sent with a forged
> sender address.
I see some C/R when machines are stuck talking to each other :(
Someone signs up for a newsletter, or o
Bernd Petrovitsch wrote:
It's the only purpose of the Reply-To header to be different from To: -
otherwise it can be omitted anyways.
What did I miss?
Hi Bernd, although I have seen scenarios using the feature, they never involved
both addresses as free mail accounts.
So a meta combined with freem
Michelle Konzack wrote:
>>
>> I mean exactly, IF "Reply-To:" is set, verify, that it match the sender,
>> otherwise reject if it does not match "From:".
>>
>> Thanks, Greetings and nice Day/Evening
>> Michelle Konzack
>> Systemadministrator
>> 24V Electronic Engineer
>> Tamay Doga
>>
>> Hi All,
>>
>> I'm wondering if some know is this is possible to stop using SA. Look.
>>
>> [r...@cyrus postfix]# telnet localhost 25
>> Trying 127.0.0.1...
>> Connected to cyrus.sat.gob.mx (127.0.0.1).
>> Escape character is '^]'.
>> 220 mx2.sat.gob.m
>>
>> Caveats such as week passwords, open ports and advertising insecure services
>> are the domain of poor administration and understanding - they are not
>> Operating
>> System dependent.
>>
>> Exempting organised spam gangs and their infrastructure, it's probably fair
>> to say that
>> most
Hi,
a lot of mails end up with this code. Checking through one of them (sent from
outlook
express), probably the Content-type following the MIME version is the only one
that
could be responsible.
Could someone confirm that this is the trouble spot - and how should the header
really read?
Wol
>> Warren Togami wrote:
>> # 2005/07/29, http://www.apnic.net/db/ranges.html
>> header RCVD_VIA_APNIC Received =~
>> /[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
>>
>> )/
>> describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific Network
>>
>> Hi,
>>
>> > Do you just want to re-scan the whole mbox and see what rules hit now
>> > for research reasons?
>>
>> That's a good start, but I'd like to see if I can break out the ham to
>> train bayes.
>>
>
>> Yeah, that's kind of what I thought. Maybe a program that can split
>> each me
Mike Cardwell wrote:
>>
>> How would I create a rule to match when a subject line begins /^Re: /i
>> but the message contains no References or In-Reply-To headers?
>>
>>
Hi Mike,
I am doing that once in a while
I read list mails at the office, but I have to reply through my home address,
>>
>> SA is working for the most part beyond expectations, the only problem I=B9m
>> having is filtering spoofed email address (i.e. valid_u...@ourdomain.com). =
>> I
>> am able to filter out non-valid user addresses (i.e. spam...@ourdomain.com)=
>> .
>> I run SA-Update daily, have piped well over
John Hardin wrote:
>
> exactly. they'll just change the html in the next wave. this spam isnt
> new, yet the SA list is once again full of threads about exactly that
> recent wave, becouse old rules dont match.
If 3.2.x does indeed implement multiline rawbody matches, then we'll be
able to ha
Ned SLider said:
>> >
>>
>> Indeed, but why does flash need the ability to bind ports, open remote
>> connections, download executable files and run them? It's primary
>> function is to be a web-based multimedia player, or so I thought.
>> SELinux provides solutions to many of these issues by
>>
>> Michael Scheidell wrote:
>> > just saw this one in email. terra.com/ spamcop.com./br are hosting
>> > trojans.
>> > but this email uses flash to load this:
>> >
>> > http://www.terra.com.br/cartoes/datas/amor.swf";>
>> > (which redirects to http://cartoes.terra.com.br/datas/amor.swf )
>>
>>
>> Howdy,
>>
>> Lately I've been getting a lot of spam like this:
>>
>> http://pastebin.com/m58b01a0b
>> http://pastebin.com/me13959a
>>
>> The domain changes, but it's virtually always in the .de TLD
>> ("somedomain.de"). RelayCountries has this to say about that message
>> (I'm in the US,
Hi Roberta,
I think the problem lies in just this snippet:
>> X-SMTP-Auth-NETI-Businesmail: no
>> Received: from ...mada30 (xx.175.190.90.dyn.estpak.ee [xx.190.175.78])
>> by Relayhost2.neti.ee (Postfix) with SMTP id CE2621F9E65
>> for <.@online.ee>; Tue, 20 Jan 2009 23:29:07 +0200
Benny Pedersen wrote:
>>
>>
>> On Mon, December 8, 2008 05:25, [EMAIL PROTECTED] wrote:
>> > mouss said:
>>
>> bug:
>> Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
>> '$To");
>>
>> fixed line:
>> Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
>> '$To'");
>>
mouss said:
>>
>> >
>> > The implementation of it is not my concern. It's a pretty basic rule to
>> > require that addresses a commonly exploited spam attack vector.
>>
>> having the same address in the From and To is also seen in legitimate mail:
>> - I send mail to myself
>> - some people use
Kai Schaetzl wrote
>>
>> > We're blocking IPs from dialups from countries no one receives mail here
>> > anyway.
>>
>> Why just block dialups then?
>>
Hi Kai,
I am frequently trying to report unwanted behaviour to ISPs, using their
published
abuse or tech contacts. And, unfortunately, quit
>>
>> On Sat, 29 Nov 2008, Lars Ebeling wrote:
>>
>> > Dear all
>> >
>> > Could someone advice me.
>> > I am listed on dun.dnsrbl.net and spam.dnsrbl.net
>> >
>> > How to get off the lists?
John Hardin wrote:
>>
>> Both those lists are dead (since mid-2005?) and appear to be returning
>> 127.
>>
>> I'm noticing we're getting a lot of spam coming through with a from
>> address of our own domain. This gives spamassassin an automatic -100 on
>> the score pretty much guaranteeing that it'll not get flagged as spam.
>> Since we have a limited number of people using that domain, is there a
>
>>
>>
>> Is there a way to just block email coming from .de domains?
>> I have been individually adding those to my blacklist but I was wondering if
>> there was a catchall for just anything coming from .de
>>
Hi,
as someone who sends abuse reports from .de, I often get rejections based on
>>
>> Hi,
>> =20
>> I am not sure that I am writing to correct list, but maybe you will help =
>> me.
>> =20
>> On one of my server qmail has been installed, SpamAssassin and =
>> qmail-scanner.=20
>> There is a several virtual domains, and Spam filter is working quite OK.
>> =20
>> But I have som
>> >
>> > HI,
>> > unfortunatly lots of our legitime mails are filtered by mass hosters like
>> > web.de and aol.
>> > Does anyone have any clue how to find out why?
>> > I'm not talking about mass mailing here, just regular mails like this one
>> > from
>> > exactly the server i am sending from
SARE_PROLOSTOCK_SYM3 traps on ISMN (international standard Music number,
similar to ISBN)
I just got an order confirmation from a music book store with a pretty high
score
Wolfgang Hamann
Karsten Bräckelmann wrote:
>>
>>
>> On Sat, 2008-02-16 at 18:44 -0800, Philip Prindeville wrote:
>> > Anyway, I have no idea why I'm seeing some of these scores. URL matches
>> > when there aren't even URL's in my message?
>>
..
>> >
>> > What should I do? Just block their domain? I do
>>
>> http://www.openspf.org/caller-id/csri.pdf Chapter 11, pages 37 to 45
>> inclusive
>>
interesting reading :)
I believe that, in a time where zombie armies powered by quad-core cpus pour
spam over the
internet, compute-bound puzzles would not really be a hurdle for the spammers
Wolfgang
>>
>>
>> I have asked before but have been unable to get a usable solution. I am
>> running qmail, spamassassin, clamav, etc from the qmr package on one of
>> our FBSD 6.2 servers. If you email via squirrelmail, your outbound email
>> does not get labeled spam. If you send out via a client wit
>>
>> > However, labrea may be great software ... but it is certainly not
>> > the software one wants to compete with a live machine for incoming
>> > connections.
>>
>> The way I run it, the IP addresses being tarpitted are IP addresses
>> that would be rejected anyway by zen et. al. DNSBL check
>>
>> On Tue, 1 Jan 2008, mouss wrote:
>>
>> > John D. Hardin wrote:
>> > > On Mon, 31 Dec 2007, Mike Cisar wrote:
>> > >
>> > >
>> > >> Even tried yanking the IP address off of the server over the
>> > >> holidays in the hope that whatever it was would just give up. No
>> > >> such luck, wit
I got a couple of them, and the common thing about them (other than proclaiming
another gold rush) was tha fact that they were NOT sent from the null sender.
Would that be a potential filter criterion?
Wolfgang Hamann
Hi,
adding to the list, I recently came across domain contacts like
[EMAIL PROTECTED]
(not sure about the exact domain name)
This "service" also refuses some mails, particularly those that are sent via
one of the mail servers of german telecom and it is operated by verisign
Wolfgang Hamann
>>
>> On Tue, 9 Oct 2007, Loren Wilton wrote:
>>
>> > Base-64 encoding of HTML strikes me as a little odd. I wonder if
>> > it would make a good spam sign.
>>
>> Very likely. The only reason to do that is to shield the HTML from
>> pattern matching filters that don't decode text body parts firs
they did not even learn the calendar at school
Wolfgang
>From a stock spam:
+++
5-day price: ~$0.50
Check it at 31.09.2007
>>
>> * mizzio <[EMAIL PROTECTED]>:
>> > hello everybody,
>> >
>> > I apologize to ask an off-topic question, and feel free to point me to
>> > any other resources on the net.
>> >
>> > I'm setting up an SMTP server (centos + qmail) on a dell quad core
>> > machine for sending out a periodic new
Hi,
while setting proper trust relatios can solve the problem for mails internal to
the system,
without that auth'd bit in the received header everybody outside the system
will still see
the message as coming from a dialup and passing through a potential open relay
Wolfgang Hamann
>>
>> Rajku
Hi raj,
your server should not say SMTP in that case but ESMTPA, so that SA knows it
was auth'd message.
Out of the many qmail patch packages I have seen, only one seems to do that
Wolfgang
Rajkumar S wrote:
Hi,
I manage 2 smtp servers, one for outgoing and uses smtp
authentication. Other inco
Hi,
while I do not keep these paypal things, I am quite sure that at most one mail
in 20 has my
address in the To field (or, maybe, has ANY address in the To field)
Wolfgang Hamann
Kai Schätzl wrote:
>>
>> You don't understand at all. What gets put in the comment is up to the
>> sender.
>> They can put *everything* there and it's legit. You do not control it at all
>> and you do not send them a reply "please change my name in your addressbook
>> to
>> xyz". It can be t
>> I have a few blacklists that I trust but one thing I do is that I have
>> a big white list of good hosts that let me route more than half og my
>> good email around SA which reduces load and increases accuracy.
Hi Mark,
would a good host be one that uses egress spam filtering?
Even companies w
>>
>> Hi,=20
>>
>> I=C2=B4m pretty new to SpamAssassin and maybe what I am saying is nonsense =
>> or
>> somebody else has suggested this, or the test already exists but I don=C2=
>> =B4t
>> know how to configure it, anyway here is my question.
>>
>> I=C2=B4ve noticed that some spam messages not
Marc Perkel wrote:
> As opposed to preprocessing before using SA to reduce the load. (ie.
> using blacklist and whitelist before SA)
>
One thing I noticed when experimenting with pre-filters: bayes no longer knows
about
certain kinds of spam. If, for some reason, the prefilter does not catch (
Hi,
if the same IP address is used every time, bayes will probably learn it.
If someone is using a random number generator for the IPs, a rule that detects
impossible ones
might be nice. I have seen received headers with the same problem as well
Wolfgang Hamann
>>
>> [EMAIL PROTECTED] wrote:
looking at a piece of spam that was scored low, I noticed
X-Originating-IP: [383.552.476.5]
Wouldn't that be a nice thing to score on?
Wolfgang Hamann
>>
>> Diego Pomatta wrote:
>> > But is not qmail's job to detect spam
>>
>> True.
>>
>> > or tell the sender what the
>> > problem was;
>>
>> True only for your local site policy; most people who reject spam would
>> like to let the sender know so legitimate senders can rearrange their
>> m
Rocco wrote:
It is possible to block the spam sent by GreetingCards.com which invites
the receiver to access an URL and browse the ecard?
I mean that spam which has subject similar to:
You've received a greeting ecard from a Colleague!
Hi Rocco,
those I looked at all had a numeric ip in the ur
I just found this in my inboy -is someone trying a new look of bounces?
I have replaced actual recipient with [EMAIL PROTECTED]
Wolfang Hamann
Received: from fc.williston.com (HELO williston.com) (68.112.246.229)
by mydomain.com with SMTP; 31 Jul 2007 04:53:13 -
Message-id: <[EMAIL PROTECT
Hi,
if you implement some whitelisting too, you could slightly change qmail to
require
authentication if the sender pretends to be from your domain.
This will only affect the envelope from, however spammers that believe it is
easier to bypass filters
with the local domain usually put it into the
Mark Perkel wrote:
If I have a string, what's that fastest way to count the number of
periods in the string?
in perl, I would probably split the string at the periods
@parts = split /\./, $string;
and then just use the number of splits
$#parts
Wolfgang Hamann
Steven Stern wrote:
>> >
>>
>> My company's website has a "click here and we'll send you your password"
>> (or something similar). You'd be amazed how many calls we get claiming
>> it doesn't work. When I track through the logs, I find most come from
>> people with CR systems. You can't use a C
The problem with that idea: it relies on ISP's distinguishing end users and
mail servers. Some ISPs are known to make a distinction on price (i.e. they
would charge much more for full access than not) or - as previous discussions
have shown -
do not even distinguish static ip and dynamic ip custo
>>
>>
>> On 7/13/2007 11:04 AM, arni wrote:
>> > From large providers i sometimes recieve messages through encrypted
>> > smtp, the header looks smth like this (qmail):
>> >
>> > ... with (AES256-SHA encrypted) SMTP; ...
>> >
>> >
>> > Would it be a good idea to give a minimal negative scor
just out of curiosity: would the codes WKN or ISIN (in the same mail)
make any sense, other than in the context of stocks?
Wolfgang
Hi,
if your spam filtering happens via qmail scanner, you might want to get
latest version of that
Otherwise, if your final delivery is via .qmail files, you might find the
qtools package (from superscript.com or superscript.org) useful
Wolfgang Hamann
tarak ranjan wrote:
hi all,
i am f
I receive quite a few legitimate pdf attachments - half of them are pdf type,
the
other half is octet-string
(but they are usually A4 paper size)
Wolfgang Hamann
>> >Here's a new style of PDF spam (recipient email address is munged):
>>
>> [snip]
>>
>> > - uses "application/octet-stream" in
I occasionally get mails bounced due to a "syntax error".
They dont look suspicious to me, however.
Is there a tool to"validate" mails?
Wolfgang
sample message
From: [EMAIL PROTECTED]
Subject: BETROFFEN
To: "scanner" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Date: Wed, 27 Jun 2007 13:38
>> >>
>> >>
>> >> I'm trying out a new idea for blacklisting hosts. I have
>> >> several email
>> >> servers for processing spam. These servers service my lowered
>> >> numbered
>> >>
>> >
>> > As others said, not a good idea.
>> >
>> > Don't bother BL isting them, if they hit your dummy m
>>
>> On a related topic, netzero.com has been refusing connections from our SMTP
>> servers. When I queried them the response I got was:
>>
>> have been blocked because we detected probe attempts. Activities like
>> sending mail to non-existent accounts or empty connections would qualify as
>> a
>> =20
>> Very interesting question !=20
>>
>> I don't have any idea about how to do this but I'm interested in answers =
>> too
>> ! :-)
>>
>> -Message d'origine-
>> De : mbano [mailto:[EMAIL PROTECTED]
>> Envoy=E9 : mardi 12 juin 2007 19:03
>> =C0 : users@spamassassin.apache.org
>> Obje
Hi arni,
once you are reading the .qmail file, the mail message has been accepted and
queued.
You can use qmail-scanner (which runs before queuing the message) to reject
Wolfgang Hamann
>>
>> Hi,
>>
>> for a while i've been watching my spamassassin perform great on almost
>> all spam - i've
Hi,
I found this message in my inbox - no image, attachment, etc. besides that:
>> Outlook send cool enhanced emails. Inserted body place images specific
>> location, want.
>> Selection it inserted body place images specific location want!
Would that mean someone is trying to get auto-whiteli
Hi Alex,
thank you for this nice collection ... I had started to add a few of them.
I agree with you that this spammer probably is not german, but I would guess
that the
person uses a dictionary / translator and is composing the message on a keyboard
without umlauts.
As for the imageshack: soo
AbbaComm.Net wrote:
>> Never mind, looking into this further there's no problem with the change
>> made in r447014. The issue is qmail should be adding "with ESMTPA" and
>> not "with ESMPTA".
>>
>> Daryl
>
> What do you mean?
>
> Is there a prob between qmail or qmail accessories and SA that you
Hi Daryl,
you are speaking in riddles???
Wolfgang
Daryl C. W. O'Shea wrote:
>>
>> Never mind, looking into this further there's no problem with the change
>> made in r447014. The issue is qmail should be adding "with ESMTPA" and
>> not "with ESMPTA".
>>
>> Daryl
>>
Hi,
here is header lines from a mail that a qmail server received from
autehnticated user:
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on SuSE-101-64-minimal
X-Spam-Level:
X-Spam-Status: No, score=4.3 required=5.0 tests=NO_REAL_NAME,RCVD_IN_NJABL_DUL,
RCVD_IN_SORBS_DUL au
>>
>> Hello!
>> Perhaps i overlooked some test i could use for giving extra scores to
>> mail sent from addresses like this:
>>
>> > X-Envelope-From: <[EMAIL PROTECTED]>
>>
>> e.g. i would think it useful if i could add a
>> check for:
>> address contains 4 or more digits,
>> give it some extra
>>
>> is there any way check mx record as from ip adress and compare it sender ip
>> address ? so spamassassin can decide its spam ??
>>
Hi,
some domains, unfortunately only few, use spf (or domainkeys) to declare the
machines allowed to
send mail for the domain. Now, If such information exis
>>
>> WiNK / Bor wrote:
>> > Hi Guys,
>> >
>> > Not sure if this is the right list to ask it, but lots of people with
>> > knowledge about it,
>> >
>> > how serious is the PNG file treat, i noticed it is default denied by
>> > mailscanner. However i got some designers behind my mailscanner, whic
>> Sietse van Zanen wrote:
>> > Ralf Hildebrandt wrote:
>> > > Kelly Jones wrote:
>> > > > To fight spam, I want to validate the address (not necessarily in
>> > > > real-time) of the a given email sender. Is there a Unix tool that
>> > > > does this?
>> > >
>> > > Postfix has exactly this built in
>>
>> > BAD Idea.
>> >
>> > I just looked at about 3 dozen pieces of e-mail. Only about 4 of them had
>> > my real name. So would you also add extra points for that?
>>
>> Personally I'd say "bad idea" rather than "BAD idea".
>>
>> I in fact have such a rule that scores at around 2 points, and
SA Team,
I have a fully functional SA installation that is serving me very
well. I use Mailscanner and a few custom rules, and am generally very
pleased with the results.
There?s one more rule that I?d like to run, but haven?t figured out how
to implement it. I want to use a header rule that wi
>> Not quite. Those show how many times *others* have seen it, not how
>> many times *I* have seen it. Also, these have hysteresis so if you are
>> unfortunately to be at the start of the spam run and receive multiple
>> mails all with the same body then Razor, DCC and Pyzor might not
>> help. Th
1 - 100 of 272 matches
Mail list logo
