On Wed, 2008-12-17 at 15:49 -0500, Greg Skouby wrote:
> http://pastebin.com/m791c34be
Here's just the SA headers:
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
zoogz.gregorie.org
X-Spam-Level: *
X-Spam-Status: No, score=5.5 required=6.0
tests=FORGED_MUA_EUDORA,MG_SEX1,
U
Hi!
"steadyrelationships DOT com" is currently blacklisted on ivmURI
It was added to ivmURI at 12/16/2008, 6:31:03 PM EST
(I think that time is before that spam arrived at your server, but
double-check me on that)
steadyrelationships .com is on SURBL lists: JP
Bye,
Raymond.
Greg Skouby wrote:
> Can you please do me a favor and run this through your setup and let me know
> what it scores:
> http://pastebin.com/m791c34be
> As of now the URL at the bottom is not in URIBL or SURBL and the sending IP
> is not on any major blacklist. I am curious if others have rules that
Hrm, I get exactly the same score:
Content analysis details: (2.5 points, 5.0 required)
pts rule name description
--
--
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
lines
0.0 BAYE
On 11-Dec-2008, at 10:48, Kelson wrote:
LuKreme wrote:
On 10-Dec-2008, at 16:01, mouss wrote:
so 5 is a little too high.
Ah, gotcha. I am scoring whitelist at -5 though, so a 5 still puts
them at 0. Without other spam tags, they should still pass, no?
whitelist_from_dkim and related rules
LuKreme wrote:
On 10-Dec-2008, at 16:01, mouss wrote:
so 5 is a little too high.
Ah, gotcha. I am scoring whitelist at -5 though, so a 5 still puts them
at 0. Without other spam tags, they should still pass, no?
whitelist_from_dkim and related rules (whitelist_from_spf,
whitelist_from_au
On 10-Dec-2008, at 16:01, mouss wrote:
while the whitelisting part is ok, the "blacklisting" part is risky:
- they could mess up with their dns config during an update or
they
could add a new MTA, or reconfigure their MTA and "forget" to pass
throgh the dkim signing application...
- they
On Wed, December 10, 2008 23:16, LuKreme wrote:
> Which would, I think, score them a full 5 points up for failing
> DKIM, but give them a negative score from USER_IN_DKIM_WHITELIST?
try:
def_whitelist_auth [EMAIL PROTECTED]
whitelist_auth [EMAIL PROTECTED]
why have the extra step with add scor
LuKreme a écrit :
> On 10-Dec-2008, at 12:10, Kelson wrote:
>> Successful sender verification ALONE doesn't tell you much, because it
>> doesn't distinguish between a legit sender who uses DKIM and a spammer
>> who uses DKIM (or a spammer abusing a large sender). This is why the
>> default scores
On 10-Dec-2008, at 12:10, Kelson wrote:
Successful sender verification ALONE doesn't tell you much, because
it doesn't distinguish between a legit sender who uses DKIM and a
spammer who uses DKIM (or a spammer abusing a large sender). This
is why the default scores on DKIM_VERIFIED and DKIM
LuKreme a écrit :
> On 8-Dec-2008, at 00:44, mouss wrote:
>>> DKIM is not a blacklister, but a whitelist based on if sender really
>>> use monster.com mta mail server or not :)
>>>
>> indeed.
>
>
> Checking my SPAM folder it seems that a LOT of spam gets DKIM_VERIFIED
>
> I have tons that look,
LuKreme wrote:
So it looks like the only usefulness of DKIM for spam checking is really
for the big mailers like gmail, paypal, ebay, etc?
A pass on DKIM (or any other sender verification system ) is useful for
any mailer that you *recognize*, regardless of size.
Trivial example: If you regu
On Tue, 2008-12-09 at 12:40 -0700, LuKreme wrote:
> Checking my SPAM folder it seems that a LOT of spam gets DKIM_VERIFIED
>
> So it looks like the only usefulness of DKIM for spam checking is
> really for the big mailers like gmail, paypal, ebay, etc?
The usefulness of SPF, DKIM and related t
On 8-Dec-2008, at 00:44, mouss wrote:
DKIM is not a blacklister, but a whitelist based on if sender really
use monster.com mta mail server or not :)
indeed.
Checking my SPAM folder it seems that a LOT of spam gets DKIM_VERIFIED
I have tons that look, essentially, like this:
DomainKey-Signa
Benny Pedersen a écrit :
> On Mon, December 8, 2008 05:25, [EMAIL PROTECTED] wrote:
>> mouss said:
>
> bug:
> Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
> '$To");
>
> fixed line:
> Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
> '$To'");
>
Thanks!
>> we
Benny Pedersen wrote:
>>
>>
>> On Mon, December 8, 2008 05:25, [EMAIL PROTECTED] wrote:
>> > mouss said:
>>
>> bug:
>> Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
>> '$To");
>>
>> fixed line:
>> Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
>> '$To'");
>>
On Mon, December 8, 2008 05:25, [EMAIL PROTECTED] wrote:
> mouss said:
bug:
Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
'$To");
fixed line:
Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
'$To'");
> well, I send mail to myself sometimes. The only way that t
mouss said:
>>
>> >
>> > The implementation of it is not my concern. It's a pretty basic rule to
>> > require that addresses a commonly exploited spam attack vector.
>>
>> having the same address in the From and To is also seen in legitimate mail:
>> - I send mail to myself
>> - some people use
support a écrit :
> On Sat, 2008-12-06 at 23:45 -0500, Theo Van Dinter wrote:
>> On Sat, Dec 06, 2008 at 08:00:10PM -0800, John Hardin wrote:
>>> mechanism for. Devs: there've been wishes for this before; how hard
>>> would it be to add the ability to match on the substring match captured
>>> by an
On Sat, 2008-12-06 at 23:45 -0500, Theo Van Dinter wrote:
> On Sat, Dec 06, 2008 at 08:00:10PM -0800, John Hardin wrote:
> > mechanism for. Devs: there've been wishes for this before; how hard
> > would it be to add the ability to match on the substring match captured
> > by another rule? Add a fl
On Sat, Dec 06, 2008 at 08:00:10PM -0800, John Hardin wrote:
> mechanism for. Devs: there've been wishes for this before; how hard
> would it be to add the ability to match on the substring match captured
> by another rule? Add a flag to say "capture the match for this rule" and
> a syntax for subs
On Sat, 2008-12-06 at 20:13 +, support wrote:
> Surely, by now, someone has come up with a simple regex rule or
> something that matches if the to & from are the same? Is this too
> obvious?
Unfortunately it's actually not that easy. It involves remembering a
matched substring across *two* ru
On Sat, 2008-12-06 at 11:48 -0800, John Hardin wrote:
> On Sat, 6 Dec 2008, Mike Cisar wrote:
>
> > - the "from" always matches the "to" (so it always looks like its coming
> > from yourself)
>
> Silly, basic question: have you whitelist_from'd yourself? Baaad idea.
>
> SPF checks would catch
On Sat, 6 Dec 2008, Mike Cisar wrote:
- the "from" always matches the "to" (so it always looks like its coming
from yourself)
Silly, basic question: have you whitelist_from'd yourself? Baaad idea.
SPF checks would catch that if you published SPF records for your domain.
If you know that ma
Mike Cisar a écrit :
> Have recently been having 1000's of spam slipping past Spamassassin... they
> all seem to be pretty much identical in format but Spamassassin isn't
> scoring them even high enough to be tagged.
>
> - they are all flagged as important
> - a single line having so far have one
On Sat, 2008-12-06 at 10:17 -0700, Mike Cisar wrote:
> Have recently been having 1000's of spam slipping past Spamassassin... they
> all seem to be pretty much identical in format but Spamassassin isn't
> scoring them even high enough to be tagged.
>
> - they are all flagged as important
> - a si
26 matches
Mail list logo
