On 2/6/2025 10:38:01, Bill Cole wrote:
On 2025-02-06 at 09:59:14 UTC-0500 (Thu, 6 Feb 2025 14:59:14 +)
Niamh Holding
is rumored to have said:
Hello Giovanni,
Thursday, January 30, 2025, 2:28:18 PM, you wrote:
gpi> Paypal[.]com has been removed from default WL in November
(https://github
On 1/29/2025 07:28:13, Greg Troxel wrote:
Niamh Holding writes:
Given the From: address can be so easily faked is a rule testing its validity a
great idea?
This seems tricky to figure out.
The message's routing is obviously very sketchy.
But, it also appears that spamassassin has validated
On 10/30/2024 12:52:39, Bill Cole wrote:
On 2024-10-30 at 11:11:48 UTC-0400 (Wed, 30 Oct 2024 11:11:48 -0400)
joe a
is rumored to have said:
SpamAssassin 3.4.5 (2021-03-20)
Found that lint did not catch a "typo" I made in a "wildcard" email address in the
directive "
SpamAssassin 3.4.5 (2021-03-20)
Found that lint did not catch a "typo" I made in a "wildcard" email address in the
directive "whitelist_auth"
Intended to enter an email address in the form"*@some.mail" but
entered"^@some.mail" instead. Lint did not complain.
Perhaps the caret character is va
On 9/30/2024 16:22:49, joe a wrote:
On 9/27/2024 04:05:51, Matus UHLAR - fantomas wrote:
On 26.09.24 10:27, joe a wrote:
Maybe I should not ask this, but . . .
A relatively innocuous member informational email from a local town
Library (monthly) gets marked as spam as shown below.
The
On 9/27/2024 04:05:51, Matus UHLAR - fantomas wrote:
On 26.09.24 10:27, joe a wrote:
Maybe I should not ask this, but . . .
A relatively innocuous member informational email from a local town
Library (monthly) gets marked as spam as shown below.
The BAYES_99 and BAYES_999 values are something
Maybe I should not ask this, but . . .
A relatively innocuous member informational email from a local town Library
(monthly) gets marked as spam as shown below.
The BAYES_99 and BAYES_999 values are something I am toying with for other
reasons. Seems odd these should hit either one of those te
On 9/21/2024 14:06:28, Reindl Harald (privat) wrote:
Am 21.09.24 um 18:51 schrieb joe a:
Noticed some obvious spam slipping in due in great part to this:
* -1.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [209.85.166.199 listed in wl.mailspike.net]
Not a big deal for my
Noticed some obvious spam slipping in due in great part to this:
* -1.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
* [209.85.166.199 listed in wl.mailspike.net]
Not a big deal for my low volume SOHO, but it's annoying.
Has that check become unreliable? Sure, I can skip
On 1/30/2024 10:58:52, Matus UHLAR - fantomas wrote:
On 30.01.24 09:59, joe a wrote:
Advisable to "prune" Bayes data based on age?
While cleaning up recent Ham/Spam, found my "saved SPAM" goes back to
2013.
Why that's over . . . wait, I need to take off my socks .
Advisable to "prune" Bayes data based on age?
While cleaning up recent Ham/Spam, found my "saved SPAM" goes back to
2013.
Why that's over . . . wait, I need to take off my socks . . .
So, how old is "too old". For saved SPAM?
On 11/14/2023 13:46:11, Matus UHLAR - fantomas wrote:
On 14.11.23 13:05, joe a wrote:
Low volume home office user and system.
Occasionally when first dealing with a new entity, their
correspondence gets flagged as SPAM.
When I whitelist these, what should be done with those messages that
On 11/14/2023 20:48:27, John Hardin wrote:
On Tue, 14 Nov 2023, joe a wrote:
Low volume home office user and system.
Occasionally when first dealing with a new entity, their
correspondence gets flagged as SPAM.
When I whitelist these, what should be done with those messages that
might
Low volume home office user and system.
Occasionally when first dealing with a new entity, their correspondence
gets flagged as SPAM.
When I whitelist these, what should be done with those messages that
might remain in "flagged SPAM" or "Missed SPAM"?, thinking along lines
of keeping BAYES "
On 2/28/2023 12:05 PM, Jeff Mincy wrote:
> From: joe a
> Date: Tue, 28 Feb 2023 11:37:34 -0500
>
> Curious as to why these scores, apparently "stock" are what they are.
> I'd expect BAYES_999 BODY to count more than BAYES_99 BODY.
>
> Noted in a
Curious as to why these scores, apparently "stock" are what they are.
I'd expect BAYES_999 BODY to count more than BAYES_99 BODY.
Noted in a header this morning:
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.]
* 0.2 BAYES_999 BODY: Bayes spam probability is 99
On 2/17/2023 10:41 PM, Loren Wilton wrote:
They receive wildly different BAYES scores.
* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0002]
* 2.2 BAYES_20 BODY: Bayes spam probability is 5 to 20%
* [score: 0.0881]
This looks like you have per-user Bayes databases
On 2/17/2023 3:25 PM, joe a wrote:
Did a simple test today sending an email from a gmail account to two
email accounts on my system. The only difference was the email
address, both were on the same "To:" line in the composed messages.
They receive wildly different BA
On 2/17/2023 11:44 AM, Martin Gregorie wrote:
On Fri, 2023-02-17 at 10:54 -0500, joe a wrote:
Could it have been that simple?
If, like myself, you find reference books useful, you may want to get a
copy of "Linux in a Nutshell" - an O'Reilly book.
It tends to assume you kn
On 2/17/2023 4:42 AM, Matus UHLAR - fantomas wrote:
On 16.02.23 15:57, joe a wrote:
Re-energized having recently heroically wrestled an elusive issue (to
me) into surrender . . . we now turn to another issue.
Probably I need to retrain BAYES "From scratch". I have a mess
(years?)
On 2/17/2023 7:37 AM, Reindl Harald wrote:
Am 16.02.23 um 23:34 schrieb joe a:
I have no idea what you refer to when you state "don't user proper
packages". "Proper" in what sense? A rhetorical question.
i have no idea how you installed SA but rpm packages or d
On 2/16/2023 8:28 PM, Matija Nalis wrote:
On Thu, Feb 16, 2023 at 05:34:37PM -0500, joe a wrote:
Oh, of course. I installed as root initially, being foolish perhaps, but
did create a specific user "later" and adjusted permissions as needed. Or,
so I thought.
well, installi
. . .
it also runs with another environment, so it may miss PATHes or @INC
directories.
That throws me a curve. What is an @INC directory? SA specific?
I do not find any with the locate command, but if the are an actual
directory may need to escape the @ sign somehow. \ does not seem to do
On 2/16/2023 5:32 PM, hg user wrote:
On Thu, Feb 16, 2023 at 9:57 PM joe a <mailto:joea-li...@j4computers.com>> wrote:
plugin: failed to parse plugin (from @INC): Can't locate
Mail/SpamAssassin/Plugin/SpamCop.pm:
lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permis
. . .
I have no idea what you refer to when you state "don't user proper
packages". "Proper" in what sense? A rhetorical question.
i have no idea how you installed SA but rpm packages or debs usually
have correct permissions
Oh, of course. I installed as root initially, being foolish per
On 2/16/2023 4:30 PM, Reindl Harald wrote:
Am 16.02.23 um 21:57 schrieb joe a:
I understand that sa-learn should be run as the same user as spamd,
however I find it has always been run as root and when running as the
spamassassin user results in errors, such as:
~su -c "sa-learn -
On 2/14/2023 6:09 PM, joe a wrote:
Please let this sit for a while, I've discovered a fundamental issue
with my scheme of feeding messages to BAYES. Unfortunately I was
remiss, apparently, it setting up logging for some bits, so have no idea
how long this has been failing.
Sorry fo
Please let this sit for a while, I've discovered a fundamental issue
with my scheme of feeding messages to BAYES. Unfortunately I was
remiss, apparently, it setting up logging for some bits, so have no idea
how long this has been failing.
Sorry for the clutter.
joe a.
On 2/14/2023 5:
On 2/14/2023 2:56 AM, Matus UHLAR - fantomas wrote:
On 13.02.23 17:42, joe a wrote:
Have some annoying SPAM that consistently shows a negative score on
BAYES. Is the default scoring or influenced by BAYES in some way?
*-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score
On 2/13/2023 5:51 PM, Benny Pedersen wrote:
joe a skrev den 2023-02-13 23:42:
Have some annoying SPAM that consistently shows a negative score on
. . .
time to upgrade imho :=)
. . .
And, yes, I should upgrade.
On 2/13/2023 5:51 PM, Benny Pedersen wrote:
joe a skrev den 2023-02-13 23:42:
Have some annoying SPAM that consistently shows a negative score on
BAYES. Is the default scoring or influenced by BAYES in some way?
*-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.
Have some annoying SPAM that consistently shows a negative score on
BAYES. Is the default scoring or influenced by BAYES in some way?
*-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.]
SpamAssassin 3.4.5
Thanks for any pointers.
- rules with score 0 are not run.
However, joe a aka the OP should be more interested in finding out why
are his DNS queries going through an open resolver and fixing the real
issue.
Right you are. It now appears resolved (cough, cough . . .).
Spamhaus site provided this quick test: "d
:
dns_query_restriction deny spamhaus.org
Ah Hah! Seems to work for me. See? I CAN be taught!
joe a.
On 1/8/2023 4:38 PM, Benny Pedersen wrote:
joe a skrev den 2023-01-08 21:50:
SA version 3.4.5
Gears are clashing, clutch is slipping, among other things.
Trying to exclude certain checks, via spamhouse services "by the book"
what book ?
The good one? Several places. Most looke
On 1/8/2023 4:23 PM, Charles Sprickman wrote:
What did you end up with?
score RCVD_IN_ZEN_BLOCKED_OPENDNS 0
I am not certain if that stops the test or simply reporting of the
message. Looks like I will need to do some packet capture after all.
I have a bunch of zero rules for these yet st
On 1/8/2023 4:00 PM, joe a wrote:
On 1/8/2023 3:50 PM, joe a wrote:
SA version 3.4.5
Gears are clashing, clutch is slipping, among other things.
Trying to exclude certain checks, via spamhouse services "by the book"
When placing these values in local.cf:
RCVD_IN_ZEN 0
RCV
On 1/8/2023 3:50 PM, joe a wrote:
SA version 3.4.5
Gears are clashing, clutch is slipping, among other things.
Trying to exclude certain checks, via spamhouse services "by the book"
When placing these values in local.cf:
RCVD_IN_ZEN 0
RCVD_IN_XBL 0
RCVD_IN_PBL 0
"spam
SA version 3.4.5
Gears are clashing, clutch is slipping, among other things.
Trying to exclude certain checks, via spamhouse services "by the book"
When placing these values in local.cf:
RCVD_IN_ZEN 0
RCVD_IN_XBL 0
RCVD_IN_PBL 0
"spamassassin --lint" complains. Yet SA starts without complaint
On 1/8/2023 2:08 PM, Martin Gregorie wrote:
On 07.01.23 14:06, joe a wrote:
Pretty sure. Or, I was. Ran various tests with unbound running
and
not running confirmed it was working, at least providing a
response.
Thats pretty simple to check, provided you've got Wireshark installed:
Fi
On 1/8/2023 12:36 PM, Matus UHLAR - fantomas wrote:
On 07.01.23 12:03, joe a wrote:
Thanks. I think I actually got unbound working but still was
getting URIBL rejects from spamhaus.
On 1/7/2023 1:25 PM, Matus UHLAR - fantomas wrote:
- do you actually use that unbound server? is 127.0.0.1 in
On 1/7/2023 12:16 PM, Benny Pedersen wrote:
joe a skrev den 2023-01-07 18:03:
That will give me some time to review how to disable specific checks,
such as dnswl.org which caused a score of -5.0 for some obviously
spammy stuff.
please report spam https://www.dnswl.org/?page_id=17
especily
your own
non-forwarding caching nameserver
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver
On 07.01.23 12:03, joe a wrote:
Thanks. I think I actually got unbound working but still was getting
URIBL rejects from spamhaus.
- do you actually use that unbound server
On 1/7/2023 9:06 AM, Matus UHLAR - fantomas wrote:
On Fri, 6 Jan 2023, joe a wrote:
Attempting to utilize the various block lists and find rejection
messages in mail headers "blocked due to usage of an open resolver".
On 06.01.23 09:49, John Hardin wrote:
Are you forwarding your Sp
On 1/6/2023 12:49 PM, John Hardin wrote:
On Fri, 6 Jan 2023, joe a wrote:
. ..
I think you're getting distracted by the word "resolve" there... This
sounds like a DNS issue.
Agree it is likely a DNS issue. Apparently one I do not yet grasp.
Is there an online tool to whi
On 1/6/2023 12:15 PM, Kevin A. McGrail wrote:
My interpretation is thus:
You have a firewall with a public IP and an private IP
You have a box with email behind that firewall.
When it talks to the world, it should do helo that maps back to
your Firewall's public IP not to a private RFC1918 a
Attempting to utilize the various block lists and find rejection
messages in mail headers "blocked due to usage of an open resolver".
One of many things puzzling me at the moment is something found in the
related Wiki that states "A: Third, if your email gateway is behind a
firewall make sure
On 1/5/2023 3:24 AM, Loren Wilton wrote:
You can simplify your rule code a little if you want:
header __LOCAL_FROM_BE From =~ /.\.beauty/i
meta LOCAL_BE (__LOCAL_FROM_BE)
score LOCAL_BE 2
describe LOCAL_BE from beauty domain
to
header LOCAL_BE From =~ /.\.beauty/i
score LOCAL_BE 2
de
As an increasing amount of SPAM from "boutique" domains began slipping
through, I resorted assuring they are marked as SPAM by adding custom
rules when sufficiently annoyed.
The local rules take this form (thanks to whoever provided the
"template" for this):
header __LOCAL_FROM_BE From =~ /
On 1/2/2023 4:27 PM, Bill Cole wrote:
On 2023-01-02 at 16:18:53 UTC-0500 (Mon, 2 Jan 2023 16:18:53 -0500)
joe a
is rumored to have said:
On 1/2/2023 4:01 PM, joe a wrote:
On 1/2/2023 2:49 PM, joe a wrote:
Noticed this line in /var/log/mail:
spamd[31188]: config: failed to parse line
On 1/2/2023 4:01 PM, joe a wrote:
On 1/2/2023 2:49 PM, joe a wrote:
Noticed this line in /var/log/mail:
spamd[31188]: config: failed to parse line, skipping, in
"/etc/mail/spamassassin/local.cf": Mail::SpamAssassin::Plugin::URIDNSBL
It seems to have started a few weeks ago an
On 1/2/2023 2:49 PM, joe a wrote:
Noticed this line in /var/log/mail:
spamd[31188]: config: failed to parse line, skipping, in
"/etc/mail/spamassassin/local.cf": Mail::SpamAssassin::Plugin::URIDNSBL
It seems to have started a few weeks ago and does not appear to be
related to t
Noticed this line in /var/log/mail:
spamd[31188]: config: failed to parse line, skipping, in
"/etc/mail/spamassassin/local.cf": Mail::SpamAssassin::Plugin::URIDNSBL
It seems to have started a few weeks ago and does not appear to be
related to the date of any deliberate changes on my part.
S
I am far from an anti SPAM expert, but:
On 8/13/2022 4:52 PM, Vincent Lefevre wrote:
On 2022-08-13 14:05:43 -0400, joe a wrote:
On 8/13/2022 12:38 PM, Martin Gregorie wrote:
. . .
2) There's no mandatory need to REJECT spam. It has always been up to
the recipient to decide wheth
I'll be sure to look this over well to see what I can use or adapt, thanks.
On 8/13/2022 11:04 AM, Reindl Harald wrote:
Am 13.08.22 um 16:21 schrieb joe a:
Ah, thanks for describing that. I am somewhat more brain fogged than
usual this morning, so am uncertain any of those would wo
On 8/13/2022 12:38 PM, Martin Gregorie wrote:
. . .
2) There's no mandatory need to REJECT spam. It has always been up to
the recipient to decide whether to return it to the sender or not.
Agreed in part. I see returning SPAM to sender as an exercise in
futility or perhaps further ena
And, of course, I must edit my last reply:
On 8/13/2022 10:21 AM, joe a wrote:
My first thought was, the postfix stuff would work, because . . .
My first thought was, the postfix stuff would NOT work, because . . .
those solutions for some time, if ever. So,
I should stop here and look them over.
However, any real world "we did that" exists, please let me know.
joe a.
On 8/13/2022 9:52 AM, Bert Van de Poel wrote:
I think what Noel is referring to is Postfix configurati
On 8/12/2022 11:43 PM, Noel Butler wrote:
Why are you not blocking with blacklists at the border, ie: MTA.
I'm not familiar with how to do that or if it can be done. Since SA
offers this functionality, so did not even consider that. I'll look into it.
Given its 0 resources for your MTA, wit
I need to refresh my brain on using blacklists with SA, before looking
more deeply into why this got through.
Today a email slipped through with a very low score that was clearly
phishy. A url in question, posing as another, hits no less that 6
blacklists. I was going to look at clamav that
This is OT, but perhaps someone here knows.
In the context of the logrotate conf file, what does the + sign indicate
when used as a prefix size directive?
Example: "size +4096k"
Some conf files have it, some don't. Man pages do not mention it AFAICT
and the internet is rather seems to ignor
61 matches
Mail list logo
