On 7/30/25 11:40 PM, Greg Troxel wrote:
"Alan via users" writes:
I got a FP on this rule, which isn't really that bad, save for the
default score of 5.75. That's enough to get a spam classification on
it's own.
I've adjusted the score locally but the default seems a tad heavy. I'm
giving it a
Greg Troxel skrev den 2025-07-30 23:40:
"Alan via users" writes:
I got a FP on this rule, which isn't really that bad, save for the
default score of 5.75. That's enough to get a spam classification on
it's own.
I've adjusted the score locally but the default seems a tad heavy. I'm
giving it a
"Alan via users" writes:
> I got a FP on this rule, which isn't really that bad, save for the
> default score of 5.75. That's enough to get a spam classification on
> it's own.
>
> I've adjusted the score locally but the default seems a tad heavy. I'm
> giving it a 3.25.
Many others have the sam
On 7/14/25 8:39 PM, Alex wrote:
Hi,
On Thu, Jul 3, 2025 at 11:27 AM mailto:giova...@paclan.it>> wrote:
On 7/2/25 3:45 PM, Alex wrote:
> Hi, I'm seeing an increase in the number of QR code spam that isn't
being caught. I'm not even sure it's being checked using zbarimg. Here's what I
Hi,
On Thu, Jul 3, 2025 at 11:27 AM wrote:
> On 7/2/25 3:45 PM, Alex wrote:
> > Hi, I'm seeing an increase in the number of QR code spam that isn't
> being caught. I'm not even sure it's being checked using zbarimg. Here's
> what I have in ExtractText.cf:
> >
> > extracttext_externalzbar
Il 3 luglio 2025 20:01:21 CEST, Benny Pedersen via users
ha scritto:
>giova...@paclan.it skrev den 2025-07-03 17:26:
>
>> maybe it could be possible to add a cache layer to extracttext plugin, could
>> you open an enhancement request on https://bz.apache.org/SpamAssassin/
>> please ?
>
>+1
>
>w
giova...@paclan.it skrev den 2025-07-03 17:26:
maybe it could be possible to add a cache layer to extracttext plugin,
could you open an enhancement request on
https://bz.apache.org/SpamAssassin/ please ?
+1
would the cache just use message-id as the value of key where value is
zbarimg resul
On 7/2/25 3:45 PM, Alex wrote:
Hi, I'm seeing an increase in the number of QR code spam that isn't being
caught. I'm not even sure it's being checked using zbarimg. Here's what I have
in ExtractText.cf:
extracttext_external zbar /usr/bin/zbarimg -D {}
extracttext_use zbar
Alex skrev den 2025-07-02 15:45:
Also, it's very slow because it has to spawn the binary with every
request. Is there a way to load it into memory or use a library
version to avoid having to do this every time? Sometimes salespeople
send emails to 50+ people at a time with a legitimate PDF, but
Hi Philip
> In the case of an ISP or ASP having a large number of CIDRs, you might want
> to block based on ASN (autonomous system number) instead, i.e.:
I am aware of this. But the goal was to penalize specific rdns TLD from
the sending ip.
Like .shop .click .top .xyz .za.com .sa.com which we
> On Jun 24, 2025, at 7:42 AM, Benoit Panizzon wrote:
>
> Hi Bill
>
>> Note that there are also subsets of Received headers with fields parsed
>> out that you can use, see `perldoc Mail::SpamAssassin::PerMsgStatus` for
>> a discussion of all of the available "pseudo-headers." There are
>>
On 2025-06-27 at 15:39:50 UTC-0400 (Fri, 27 Jun 2025 15:39:50 -0400)
Mark London
is rumored to have said:
I notice a new rule _SCC_HTML_ODDDIV8 that is hitting a lot of real
email.
Discussed here earlier this week. Fixed in r1926179.
See https://lists.apache.org/thread/yoy3n75p9jg9zmj54sz8plz
Hi Mark
Thank you, but my question was, how to match the rdns name of the
source IP.
Well i found out the header matcher can also match Received: header
lines.
header IMP_RECV_SHOP Received =~ /\.shop\ /
score IMP_RECV_SHOP 10
describeIMP_RECV_SHOP
On 2025-06-24 at 08:00:04 UTC-0400 (Tue, 24 Jun 2025 14:00:04 +0200)
Benoit Panizzon
is rumored to have said:
Hi Mark
Thank you, but my question was, how to match the rdns name of the
source IP.
Well i found out the header matcher can also match Received: header
lines.
header IMP_RE
Lichtinger, Bernhard skrev den 2025-06-24 13:38:
Some regular mails of our users contain a lot of " "
and every hit adds some spam points to the mail because of
tflags _SCC_HTML_ODDDIV8 multiple publish
As a workaround I set my own tflags with maxhits=20 for this check, but
per
On 2025-06-24 at 09:57:34 UTC-0400 (Tue, 24 Jun 2025 15:57:34 +0200)
Benoit Panizzon
is rumored to have said:
> Hi
>
>> X-Spam-Relays-Trusted:
>> X-Spam-Relays-Untrusted:
>>
>> which return a nice array of key=value rdns= being the one of interest
>> to me :-)
>
> While cheching some spam mails w
On 2025-06-24 at 07:38:57 UTC-0400 (Tue, 24 Jun 2025 11:38:57 +)
Lichtinger, Bernhard
is rumored to have said:
> Hello,
>
> I get some false positives with the rule _SCC_HTML_ODDDIV8 from 72_active.cf
> because there is no maxhits with this check.
That is partly intentional. There was a typ
> That is partly intentional. There was a typo in the rule name: it needs an
> extra underscore to prevent being scored on its own. I've fixed it in
> r1926688.
Thank you very much.
> I apologize for the FPs, they were entirely unintentional (but see below.)
No problem.
> The metarule requ
Hi
> X-Spam-Relays-Trusted:
> X-Spam-Relays-Untrusted:
>
> which return a nice array of key=value rdns= being the one of interest
> to me :-)
While cheching some spam mails with debug enabled to see how those
two pseudo header get populated I noticed that I did not include ::1 and
127. in the tr
Hi Bill
> Note that there are also subsets of Received headers with fields parsed
> out that you can use, see `perldoc Mail::SpamAssassin::PerMsgStatus` for
> a discussion of all of the available "pseudo-headers." There are
> examples in existing rules.
Oh, nice!
Having a Look at:
X-Spam-Rel
I and probably a lot of people here, block that domain and a bunch
others, even before they reach spamassassin
"Why Phishers Love New TLDs Like .shop, .top and .xyz"
https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/
"Spammers and scammers gravitate toward do
Please refrain from responding to Harald Reindl on this list. He has
been banned for his combative and trolling behavior, but we cannot
prevent him from reading the public archives of the list and mailing
obnoxious responses to unlucky participants.
On 2025-06-18 at 19:05:06 UTC-0400 (Thu, 1
On 2025-06-19 00:25:43 +0200, Reindl Harald wrote:
> the defaults are to work out-of-the-box good enough for nearly
> everyone but for public servers you have to know what you are doing
This does not matter. Even though SpamAssassin runs on a
"public server", I'm the only user.
--
Vincent Lefèvr
On 2025-06-11 23:33:23 +0200, Reindl Harald wrote:
> irrelevant - distribution defaults are not production settings
>
> when you don't figure out how to basically secure public services pay
> someone who does it for you - only 1 out of 100 people are capable to run
> sensitive services like a mail
On 2025-06-11 09:18:31 -0400, Newlon, Phil wrote:
> ps -ef |grep spamd
>
> root 2441987 1 32 13:07 ? 00:00:02 spamd
> postfix 2441992 2333764 0 13:07 ? 00:00:00 pipe -n spamassassin
> -t unix user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f
> ${sende
On 2025-06-11 at 09:18:31 UTC-0400 (Wed, 11 Jun 2025 09:18:31 -0400)
Newlon, Phil
is rumored to have said:
h, I wonder what this moron is doing wrong?
Please do not propagate Harald Reindl's bad behavior. His messages are
not allowed on the mailing list, but he persists in mailing rude a
h, I wonder what this moron is doing wrong?
/etc/systemd/system# ls -alt /root |grep spam
drwxr-xr-x 5 root root 4096 Mar 29 2024 spamassassin-dqs
/etc/systemd/system# cat spamd.service |grep Exec
ExecStart=/usr/local/bin/spamd -d -c -m5 -u spamd -A 127.0.0.1,::1
--pidf
Matus UHLAR - fantomas skrev den 2025-06-11 13:13:
On 11.06.25 09:47, Vincent Lefevre wrote:
Well, it appears that the scores of the _BLOCKED strings are set
in the file
/var/lib/spamassassin/4.01/updates_spamassassin_org/72_scores.cf
by
score RCVD_IN_VALIDITY_CERTIFIED_BLOCKED0.001 0.0
On 2025-06-11 11:09:39 +0200, Reindl Harald wrote:
>
>
> Am 11.06.25 um 09:47 schrieb Vincent Lefevre:
> > So I still don't understand why there is an issue specific to my
> > machine, i.e. the fact that RCVD_IN_VALIDITY_CERTIFIED, etc. (the
> > strings without _BLOCKED) with a score of 0[*] stil
I solved this same problem last week by setting up my own DNS server
that does not do forwarding - it hits the root servers. It was a bugger
to figure out, finally reached out to Validity and they sent me the
below note about query limit.
> check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED
On 11.06.25 09:47, Vincent Lefevre wrote:
Well, it appears that the scores of the _BLOCKED strings are set
in the file
/var/lib/spamassassin/4.01/updates_spamassassin_org/72_scores.cf
by
score RCVD_IN_VALIDITY_CERTIFIED_BLOCKED0.001 0.001 0.001 0.001
score RCVD_IN_VALIDITY_RPBL_BLOCKED
On 2025-06-11 12:37:23 +0200, Reindl Harald wrote:
>
> Am 11.06.25 um 12:30 schrieb Vincent Lefevre:
> > On 2025-06-11 11:48:54 +0200, Reindl Harald wrote:
> > > besides you must have dozens of folders from old versions in
> > > /var/lib/spamassassin/ which should be deleted
> >
> > Shouldn't sa-
On 2025-06-11 04:50:49 -0400, Newlon, Phil wrote:
> I solved this same problem last week by setting up my own DNS server that
> does not do forwarding - it hits the root servers. It was a bugger to figure
> out, finally reached out to Validity and they sent me the below note about
> query limit.
F
On 2025-06-11 11:48:54 +0200, Reindl Harald wrote:
> besides you must have dozens of folders from old versions in
> /var/lib/spamassassin/ which should be deleted
Shouldn't sa-update delete them? It is not up to the end user to
manually do the cleanup.
> you need to check if your local stuff is o
On 2025-06-11 11:12:42 +0200, Reindl Harald (privat) wrote:
> Am 11.06.25 um 10:50 schrieb Newlon, Phil:
> > creating /root/.spamassassin/dnsblock_sa-accredit.habeas.com (This means
> > DNSBL blocked you due to too many queries
>
> only if some moron has running spamassassin as root
This is the d
On 2025-06-10 19:21:11 -0700, jdow wrote:
> On 20250610 17:26:41, Vincent Lefevre wrote:
> > On 2025-06-10 18:16:08 -0400, Bill Cole wrote:
> > > On 2025-06-10 at 12:21:38 UTC-0400 (Tue, 10 Jun 2025 18:21:38 +0200)
> > > Vincent Lefevre
> > > is rumored to have said:
> > >
> > > > The file
> > > >
On 20250610 17:26:41, Vincent Lefevre wrote:
On 2025-06-10 18:16:08 -0400, Bill Cole wrote:
On 2025-06-10 at 12:21:38 UTC-0400 (Tue, 10 Jun 2025 18:21:38 +0200)
Vincent Lefevre
is rumored to have said:
The file
/var/lib/spamassassin/4.01/updates_spamassassin_org/50_scores.cf
is ignored on
On 2025-06-10 18:16:08 -0400, Bill Cole wrote:
> On 2025-06-10 at 12:21:38 UTC-0400 (Tue, 10 Jun 2025 18:21:38 +0200)
> Vincent Lefevre
> is rumored to have said:
>
> > The file
> > /var/lib/spamassassin/4.01/updates_spamassassin_org/50_scores.cf
> > is ignored on my Debian/stable server.
>
On 2025-06-10 at 12:21:38 UTC-0400 (Tue, 10 Jun 2025 18:21:38 +0200)
Vincent Lefevre
is rumored to have said:
The file
/var/lib/spamassassin/4.01/updates_spamassassin_org/50_scores.cf
is ignored on my Debian/stable server.
Are you 100% certain of that?
Running 'spamassassin --lint -D con
On 2025-06-05 at 18:54:09 UTC-0400 (Fri, 6 Jun 2025 00:54:09 +0200)
Tom Hendrikx
is rumored to have said:
[...]
Hi,
I see some patterns like the recurring pipe and dash characters in
From lines. But maybe you can share a few full messages with headers?
Maybe there are easier ways to whack th
On 05-06-2025 18:53, Kirk Ismay wrote:
I'm trying to find a way to reduce a certain kind of spam that uses
sensational finance / technology subject lines. Typically Elon, Trump,
Tesla etc. It often slips through my ruleset. I've tried to create
local email and domain blocklists, as well as
On 2025-06-04 at 16:44:37 UTC-0400 (Wed, 4 Jun 2025 22:44:37 +0200)
Matija Nalis
is rumored to have said:
On Wed, Jun 04, 2025 at 09:34:58AM -0400, Bill Cole wrote:
The current SPF record for klovia.htt-consult.com is "v=spf1 mx -all"
which
is an assertion that the domain never generates any
On Wed, Jun 04, 2025 at 09:34:58AM -0400, Bill Cole wrote:
> The current SPF record for klovia.htt-consult.com is "v=spf1 mx -all" which
> is an assertion that the domain never generates any email.
While the rest sounds reasonable, I'm not sure if this is correct?
AFAIK, "v=spf1 mx -all" is an
On 04.06.25 09:04, Robert Moskowitz wrote:
I have a few internal servers sending logwatch reports. These are
getting flagged as spam; MiaB is much better at recognizing spam than
my outdated efforts.
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
klovia.htt-consult.com
X-Spam-F
While not contradicting Bill's advice, welcomelist_from_rcvd will
probably help.
In addition, you need to have a plan for spf/dkim/dmarc for your domain,
and if you really want to have a dkim policy (which is fine) then you
can configure dkim on the internal servers. Or perhaps to put them in a
s
On 2025-06-04 at 09:04:58 UTC-0400 (Wed, 4 Jun 2025 09:04:58 -0400)
Robert Moskowitz
is rumored to have said:
It has been over 10 years since I last took the time to ask for help
here. Help! :)
I just replaced my over 10 year-old homegrown mail server with the
Mail-in-a-Box package and hav
On 2025-05-08 09:44:18 -0400, Bill Cole wrote:
> That is absolutely true but it is not *for me* a sufficient reason to remove
> a longstanding rule. I would need to be convinced that the marginal
> improvements in noise and privacy for most users greatly outweighs the risk
> that removing the rules
On 2025-05-27 at 09:54:38 UTC-0400 (Tue, 27 May 2025 15:54:38 +0200)
Vincent Lefevre
is rumored to have said:
On 2025-05-08 09:44:18 -0400, Bill Cole wrote:
That is absolutely true but it is not *for me* a sufficient reason to
remove
a longstanding rule. I would need to be convinced that the
Please keep replies on the list...
On 2025-05-21 at 14:16:09 UTC-0400 (Wed, 21 May 2025 18:16:09 +)
Rupert Gallagher
is rumored to have said:
>> rep.mailspike.net is not even supposed to be a nameserver. I don't see why
>> you think it should have an A record
>
> NXDOMAIN is the legitimate
On 2025-05-20 at 11:32:26 UTC-0400 (Tue, 20 May 2025 15:32:26 +)
Rupert Gallagher
is rumored to have said:
Hello,
Is rep.mailspike.net working for you?
If I query 78.153.140.99 at https://mailspike.io/ip_verify I get
127.0.0.11, however if I query using dig I get no answer at all, and
On 2025-05-20 at 14:38:40 UTC-0400 (Tue, 20 May 2025 18:38:40 +)
Rupert Gallagher
is rumored to have said:
I wonder how it works for real, since mailspike.net itself fails DNS
resolution.
Not so.
$ dig mailspike.net NS
; <<>> DiG 9.10.6 <<>> mailspike.net NS
;; g
Hi,
dig -t A 99.140.153.78.rep.mailspike.net
This results in NXDMAIN, indicating that there is no current listing for
the ip address. There is no requirement in DNS that says that
'rep.mailspike.net' should be resolvable.
The mailspike nameservers are at:
dig -t NS mailspike.net
As to why
On Tue, 20 May 2025, Rupert Gallagher wrote:
Is rep.mailspike.net working for you?
If I query 78.153.140.99 at https://mailspike.io/ip_verify I get 127.0.0.11,
however if I query using dig I get no answer at all, and the name server itself
does not exist.
dig +short -t A 99.140.153.78.rep.m
I wonder how it works for real, since mailspike.net itself fails DNS resolution.
On Tuesday, May 20th, 2025 at 6:57 PM, Reindl Harald (privat)
wrote:
>
>
> suree, but nobody is using "rep.mailspike.net" since MSPIKE is part of
> the default rules
>
> header __RCVD_IN_MSPIKE_B eval:check_rb
I assume some of you is using it.
https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklists#dnsbl-block
On Tuesday, May 20th, 2025 at 5:32 PM, Rupert Gallagher
wrote:
>
>
> Hello,
>
> Is rep.mailspike.net working for you?
>
> If I query 78.153.140.99 at https://mailspike.io
On 2025-05-12 at 14:20:02 UTC-0400 (Mon, 12 May 2025 19:20:02 +0100)
Nix
is rumored to have said:
> On 1 May 2025, Bill Cole told this:
>
>> On 2025-05-01 at 16:03:21 UTC-0400 (Thu, 01 May 2025 20:03:21 +)
>> Michael Grant via users
>> is rumored to have said:
>>
>>> I'm seeing this error ov
On 1 May 2025, Bill Cole told this:
> On 2025-05-01 at 16:03:21 UTC-0400 (Thu, 01 May 2025 20:03:21 +)
> Michael Grant via users
> is rumored to have said:
>
>> I'm seeing this error over and over in my logs over the last few weeks:
>>
>> spamd: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLO
On Fri, May 09, 2025 at 02:15:15PM -0700, jdow wrote:
> On 20250509 06:14:59, Matija Nalis wrote:
> > While I'm not familiar with RBBS specifically, other BBS software I
> > used (like PCBoard) did guarantee message delivery. Only way a
>
> Or the recipient could never get around to reading it.
O
On 2025-05-09 at 13:21:41 UTC-0400 (Fri, 9 May 2025 13:21:41 -0400)
Karl Denninger
is rumored to have said:
> Bayes seems to get them most of the time, if you train it well. As more and
> more of this is AI-generated the "catch" rate goes up incidentally, as AI is,
> well, certainly artificial
On 2025-05-09 at 13:10:21 UTC-0400 (Fri, 9 May 2025 13:10:21 -0400)
Mark London
is rumored to have said:
Hi - Our site has recently been getting lots of "cold emails".
You have my sympathy.
I've read according to a Google search, they aren't considered
"spam".
You can get a Google search
On 20250509 06:14:59, Matija Nalis wrote:
On Fri, May 09, 2025 at 03:32:58AM -0700, jdow wrote:
On 20250509 02:46:14, Matija Nalis wrote:
Not only did people fully expect that e-mail they sent would be
delivered, they would expected it would be delivered promptly.
If it even got delayed by fe
On 5/9/2025 13:10, Mark London wrote:
> Hi - Our site has recently been getting lots of "cold emails". I've read
> according to a Google search, they aren't considered "spam". And websites
> provide instructions and templates for people, on how to send cold emails.
> Or there are web sites
On 5/9/2025 13:10, Mark London wrote:
Hi - Our site has recently been getting lots of "cold emails". I've
read according to a Google search, they aren't considered "spam". And
websites provide instructions and templates for people, on how to send
cold emails. Or there are web sites that prove
>> Yeah, at this point, if I get anything from Outlook, Yahoo, Google,
>> Mailchimp, Mailgun, OVH, or Sendgrid and it’s not a explicitly a
>> whitelisted entry, I bounce it.
>
>I used a greylist where emails get a 4xx message with a link that
allows the email through ...
Why would a mail system t
On 2025-05-09 11:46:14 +0200, Matija Nalis wrote:
> Today, if the e-mail you're sending is important, you'll follow it up
> with IM or voice call to verify if it has reached the recipient.
No, at least for me, there is too much mail that is regarded as
important, and it would be a waste of time. F
On Fri, May 09, 2025 at 03:32:58AM -0700, jdow wrote:
> On 20250509 02:46:14, Matija Nalis wrote:
> > Not only did people fully expect that e-mail they sent would be
> > delivered, they would expected it would be delivered promptly.
> >
> > If it even got delayed by few hours, that was considered
> >> Yeah, at this point, if I get anything from Outlook, Yahoo, Google,
> >> Mailchimp, Mailgun, OVH, or Sendgrid and it’s not a explicitly a
> >> whitelisted entry, I bounce it.
> >
> >I used a greylist where emails get a 4xx message with a link that
> allows the email through ...
>
> Why would
On 20250509 02:46:14, Matija Nalis wrote:
On Thu, May 08, 2025 at 05:22:32PM -0400, John Levine wrote:
It appears that Marc said:
Yeah, at this point, if I get anything from Outlook, Yahoo, Google,
Mailchimp, Mailgun, OVH, or Sendgrid and it’s not a explicitly a
whitelisted entry, I bounce it.
On Thu, May 08, 2025 at 05:22:32PM -0400, John Levine wrote:
> It appears that Marc said:
> >> Yeah, at this point, if I get anything from Outlook, Yahoo, Google,
> >> Mailchimp, Mailgun, OVH, or Sendgrid and it’s not a explicitly a
> >> whitelisted entry, I bounce it.
> >
> >I used a greylist whe
It appears that Marc said:
>> Yeah, at this point, if I get anything from Outlook, Yahoo, Google,
>> Mailchimp, Mailgun, OVH, or Sendgrid and it’s not a explicitly a
>> whitelisted entry, I bounce it.
>
>I used a greylist where emails get a 4xx message with a link that allows the
>email through .
On 2025-05-07 at 11:19:47 UTC-0400 (Wed, 07 May 2025 11:19:47 -0400)
Greg Troxel
is rumored to have said:
Bill Cole writes:
1> On 2025-05-06 at 12:33:00 UTC-0400 (Tue, 06 May 2025 12:33:00
-0400)
Greg Troxel
is rumored to have said:
[...]
I think we have arrived at it being time to just d
On Thu, 8 May 2025, Michael Orlitzky wrote:
On 2025-05-08 08:11:18, Marc wrote:
I used a greylist where emails get a 4xx message with a link that
allows the email through so 'regular' users can get past it. Problem
is, these fucked up networks are not even notifying users about 5xx
and 4xx not
On 2025-05-08 08:11:18, Marc wrote:
>
> I used a greylist where emails get a 4xx message with a link that
> allows the email through so 'regular' users can get past it. Problem
> is, these fucked up networks are not even notifying users about 5xx
> and 4xx notifications.
With sendgrid, it depends
>
>
>
> > On Sep 29, 2022, at 11:26 AM, Greg Troxel wrote:
> >
> >
> > Kris Deugau writes:
> >
> >> The Bayes result is not great, but the USER_IN_DEF_*_WL hits between
> >> them account for most of that negative score anyway.
> >
> > With dkim-signed spam, I think the only two paths forward a
> On Sep 29, 2022, at 11:26 AM, Greg Troxel wrote:
>
>
> Kris Deugau writes:
>
>> The Bayes result is not great, but the USER_IN_DEF_*_WL hits between
>> them account for most of that negative score anyway.
>
> With dkim-signed spam, I think the only two paths forward are:
> - hope they f
On 07.05.25 16:44, Benny Pedersen via users wrote:
Subject: spamhaus fp
Yes, score=5.513 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FILL_THIS_FORM_SHORT=1, HTML_FONT_LOW_CONTRAST=0.001,
HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=
On Wed, May 07, 2025 at 06:02:38PM +0200, Benny Pedersen via users wrote:
> Received: from bid47go.5652833t.service.spamhaus.com
>
> in dns
>
> bid47go.5652833t.service.spamhaus.com TXT "v=spf1 a -all"
>
> solved if spamhaus listen here
So, your intention was to report SPF misconfiguration issu
Matija Nalis skrev den 2025-05-07 17:21:
On Wed, May 07, 2025 at 04:44:18PM +0200, Benny Pedersen via users
wrote:
Yes, score=5.513 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FILL_THIS_FORM_SHORT=1, HTML_FONT_LOW_CONTRAST=0.001,
On Tue, May 06, 2025 at 12:52:11PM -0400, Bill Cole wrote:
> In what way it is harmful for those rules to be left in place, given that SA
> disables 'blocked' DNSBL servers when it encounters them.
well, for one, it needlessly wastes postmaster's time analyzing and
trying to troubleshoot them for
On Wed, May 07, 2025 at 04:44:18PM +0200, Benny Pedersen via users wrote:
> Yes, score=5.513 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
> DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
> FILL_THIS_FORM_SHORT=1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
> HTTPS_HTTP_MISMA
Bill Cole writes:
1> On 2025-05-06 at 12:33:00 UTC-0400 (Tue, 06 May 2025 12:33:00 -0400)
> Greg Troxel
> is rumored to have said:
> [...]
>> I think we have arrived at it being time to just drop all VALIDITY
>> rules
>> from the default rulset. Even if people using them in meta rules have
>> t
On 2025-05-06 at 12:33:00 UTC-0400 (Tue, 06 May 2025 12:33:00 -0400)
Greg Troxel
is rumored to have said:
[...]
I think we have arrived at it being time to just drop all VALIDITY
rules
from the default rulset. Even if people using them in meta rules have
to adjust (or add them back as local co
On April 5, I wrote:
> I'd like to ask Andrew to adjust the Validity website to provide an
> easy to find, clear explanation of the semantics of the RBLs. I went
> to the URL in the config file and just got marketing text.
>
> I'd like Andrew to explain if there is (still) any point to SA
On 2025-05-02 at 08:39:19 UTC-0400 (Fri, 02 May 2025 08:39:19 -0400)
Bill Cole
is rumored to have said:
> If your resolver is blocked, it is blocked everyone.
Sorry: missing the word 'for' there before 'everyone'.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad
Benny Pedersen via users skrev den 2025-05-02 16:08:
Michael Grant via users skrev den 2025-05-02 13:41:
From "Bill Cole"
Did you do that in the "global" config at
/etc/mail/spamassassin/local.cf (or something like it with 'etc'
somewhere) or in root's user config in
/root/.spamassassin/{us
Michael Grant via users skrev den 2025-05-02 13:41:
From "Bill Cole"
Did you do that in the "global" config at
/etc/mail/spamassassin/local.cf (or something like it with 'etc'
somewhere) or in root's user config in
/root/.spamassassin/{userprefs,local.cf,whatever} ? If it was the
latter, yo
On 2025-05-02 at 07:41:46 UTC-0400 (Fri, 02 May 2025 11:41:46 +)
Michael Grant via users
is rumored to have said:
From "Bill Cole"
Did you do that in the "global" config at
/etc/mail/spamassassin/local.cf (or something like it with 'etc'
somewhere) or in root's user config in
/root/.sp
From "Bill Cole"
Did you do that in the "global" config at /etc/mail/spamassassin/local.cf (or
something like it with 'etc' somewhere) or in root's user config in
/root/.spamassassin/{userprefs,local.cf,whatever} ? If it was the latter, you need to
move it to the global config.
I put it i
On 2025-05-01 at 16:03:21 UTC-0400 (Thu, 01 May 2025 20:03:21 +)
Michael Grant via users
is rumored to have said:
I'm seeing this error over and over in my logs over the last few
weeks:
spamd: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit,
creating /root/.spamassassin/dnsblock_
an decrease the number of requests (divided by 2 at
least).
I will see at the end if we can respect the 10 requests by day.
-Message d'origine-
De : Bowie Bailey
Envoyé : vendredi 18 avril 2025 15:40
À : users@spamassassin.apache.org
Objet : Re: disable spamhaus request
rOn 20.04.25 15:44, Alex wrote:
I have spamassassin-4 with amavisd set up and have a message that hit
mailspike and a few others that pushed it over my 5 point threshold. Can
someone help me understand why this was not properly identified as a bounce
message?
https://pastebin.com/mc4zgp7S
Usual
On 2025-04-18 at 09:40:29 UTC-0400 (Fri, 18 Apr 2025 09:40:29 -0400)
Bowie Bailey
is rumored to have said:
[...]
> With that being said, he was not incorrect in this instance.
>
> The response received from Spamhaus indicates that you were blocked due to
> using a public DNS server.
>
> describe
On 17.04.25 15:47, DEMBLANS Mathieu wrote:
Thanks for the link, I will study that.
Our local nameserver DOESN’T USE shared/open nameservers, it transmit to the
good nameservers (for spamhaus, their NS).
do you mean that your nameservers do iterative resolution or you have
configured forwardin
On 2025-04-17 at 23:30:07 UTC-0400 (Fri, 18 Apr 2025 05:30:07 +0200)
Benny Pedersen via users
is rumored to have said:
> Andrew C Aitchison skrev den 2025-04-17 22:40:
>
>> I'll just repeat the words that Bill Cole sent last week
>> ( https://marc.info/?l=spamassassin-users&m=174413206312855&w=2
On 4/17/2025 4:40 PM, Andrew C Aitchison wrote:
On Thu, 17 Apr 2025, DEMBLANS Mathieu wrote:
Thanks for the link, I will study that.
Our local nameserver DOESN’T USE shared/open nameservers, it transmit
to the good nameservers (for spamhaus, their NS).
Why being so aggressive in your respons
Andrew C Aitchison skrev den 2025-04-17 22:40:
I'll just repeat the words that Bill Cole sent last week
( https://marc.info/?l=spamassassin-users&m=174413206312855&w=2 ):
Please note that "Reindl Harald " has a bad
habit
of writing pointlessly confrontational, intentionally rude, and very
oft
On Thu, 17 Apr 2025, DEMBLANS Mathieu wrote:
Thanks for the link, I will study that.
Our local nameserver DOESN’T USE shared/open nameservers, it transmit to the
good nameservers (for spamhaus, their NS).
Why being so aggressive in your response ?
You probably have a incredibly knowledge you h
.
Instead of that have constructive responses.
Clear informations are sometimes hard to find.
If you don’t wan to help, don’t respond.
De : Reindl Harald
Envoyé : jeudi 17 avril 2025 17:16
À : DEMBLANS Mathieu
Objet : Re: disable spamhaus request
and frankly: when you outright block based on
On 2025-04-16 at 05:00:37 UTC-0400 (Wed, 16 Apr 2025 11:00:37 +0200)
Axb
is rumored to have said:
On 16.04.2025 10:18, DEMBLANS Mathieu wrote:
Hello everyone,
I try to disable the dnsbl request done to spamhaus.org but the
solutions I found doesn't work.
I put
score RCVD_IN_ZEN_BLOCKED_OPEND
On 16.04.2025 10:18, DEMBLANS Mathieu wrote:
Hello everyone,
I try to disable the dnsbl request done to spamhaus.org but the solutions I
found doesn't work.
I put
score RCVD_IN_ZEN_BLOCKED_OPENDNS 0
score RCVD_IN_ZEN_BLOCKED 0
score __RCVD_IN_ZEN 0
in local.cf but spamassassin still do dns requ
1 - 100 of 1332 matches
Mail list logo
