On 20250509 02:46:14, Matija Nalis wrote:
On Thu, May 08, 2025 at 05:22:32PM -0400, John Levine wrote:
It appears that Marc said:
Yeah, at this point, if I get anything from Outlook, Yahoo, Google,
Mailchimp, Mailgun, OVH, or Sendgrid and it’s not a explicitly a
whitelisted entry, I bounce it.
On Thu, May 08, 2025 at 05:22:32PM -0400, John Levine wrote:
> It appears that Marc said:
> >> Yeah, at this point, if I get anything from Outlook, Yahoo, Google,
> >> Mailchimp, Mailgun, OVH, or Sendgrid and it’s not a explicitly a
> >> whitelisted entry, I bounce it.
> >
> >I used a greylist whe
It appears that Marc said:
>> Yeah, at this point, if I get anything from Outlook, Yahoo, Google,
>> Mailchimp, Mailgun, OVH, or Sendgrid and it’s not a explicitly a
>> whitelisted entry, I bounce it.
>
>I used a greylist where emails get a 4xx message with a link that allows the
>email through .
On 2025-05-07 at 11:19:47 UTC-0400 (Wed, 07 May 2025 11:19:47 -0400)
Greg Troxel
is rumored to have said:
Bill Cole writes:
1> On 2025-05-06 at 12:33:00 UTC-0400 (Tue, 06 May 2025 12:33:00
-0400)
Greg Troxel
is rumored to have said:
[...]
I think we have arrived at it being time to just d
On Thu, 8 May 2025, Michael Orlitzky wrote:
On 2025-05-08 08:11:18, Marc wrote:
I used a greylist where emails get a 4xx message with a link that
allows the email through so 'regular' users can get past it. Problem
is, these fucked up networks are not even notifying users about 5xx
and 4xx not
On 2025-05-08 08:11:18, Marc wrote:
>
> I used a greylist where emails get a 4xx message with a link that
> allows the email through so 'regular' users can get past it. Problem
> is, these fucked up networks are not even notifying users about 5xx
> and 4xx notifications.
With sendgrid, it depends
>
>
>
> > On Sep 29, 2022, at 11:26 AM, Greg Troxel wrote:
> >
> >
> > Kris Deugau writes:
> >
> >> The Bayes result is not great, but the USER_IN_DEF_*_WL hits between
> >> them account for most of that negative score anyway.
> >
> > With dkim-signed spam, I think the only two paths forward a
> On Sep 29, 2022, at 11:26 AM, Greg Troxel wrote:
>
>
> Kris Deugau writes:
>
>> The Bayes result is not great, but the USER_IN_DEF_*_WL hits between
>> them account for most of that negative score anyway.
>
> With dkim-signed spam, I think the only two paths forward are:
> - hope they f
On 07.05.25 16:44, Benny Pedersen via users wrote:
Subject: spamhaus fp
Yes, score=5.513 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FILL_THIS_FORM_SHORT=1, HTML_FONT_LOW_CONTRAST=0.001,
HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=
On Wed, May 07, 2025 at 06:02:38PM +0200, Benny Pedersen via users wrote:
> Received: from bid47go.5652833t.service.spamhaus.com
>
> in dns
>
> bid47go.5652833t.service.spamhaus.com TXT "v=spf1 a -all"
>
> solved if spamhaus listen here
So, your intention was to report SPF misconfiguration issu
Matija Nalis skrev den 2025-05-07 17:21:
On Wed, May 07, 2025 at 04:44:18PM +0200, Benny Pedersen via users
wrote:
Yes, score=5.513 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FILL_THIS_FORM_SHORT=1, HTML_FONT_LOW_CONTRAST=0.001,
On Tue, May 06, 2025 at 12:52:11PM -0400, Bill Cole wrote:
> In what way it is harmful for those rules to be left in place, given that SA
> disables 'blocked' DNSBL servers when it encounters them.
well, for one, it needlessly wastes postmaster's time analyzing and
trying to troubleshoot them for
On Wed, May 07, 2025 at 04:44:18PM +0200, Benny Pedersen via users wrote:
> Yes, score=5.513 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
> DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
> FILL_THIS_FORM_SHORT=1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
> HTTPS_HTTP_MISMA
Bill Cole writes:
1> On 2025-05-06 at 12:33:00 UTC-0400 (Tue, 06 May 2025 12:33:00 -0400)
> Greg Troxel
> is rumored to have said:
> [...]
>> I think we have arrived at it being time to just drop all VALIDITY
>> rules
>> from the default rulset. Even if people using them in meta rules have
>> t
On 2025-05-06 at 12:33:00 UTC-0400 (Tue, 06 May 2025 12:33:00 -0400)
Greg Troxel
is rumored to have said:
[...]
I think we have arrived at it being time to just drop all VALIDITY
rules
from the default rulset. Even if people using them in meta rules have
to adjust (or add them back as local co
On April 5, I wrote:
> I'd like to ask Andrew to adjust the Validity website to provide an
> easy to find, clear explanation of the semantics of the RBLs. I went
> to the URL in the config file and just got marketing text.
>
> I'd like Andrew to explain if there is (still) any point to SA
On 2025-05-02 at 08:39:19 UTC-0400 (Fri, 02 May 2025 08:39:19 -0400)
Bill Cole
is rumored to have said:
> If your resolver is blocked, it is blocked everyone.
Sorry: missing the word 'for' there before 'everyone'.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad
Benny Pedersen via users skrev den 2025-05-02 16:08:
Michael Grant via users skrev den 2025-05-02 13:41:
From "Bill Cole"
Did you do that in the "global" config at
/etc/mail/spamassassin/local.cf (or something like it with 'etc'
somewhere) or in root's user config in
/root/.spamassassin/{us
Michael Grant via users skrev den 2025-05-02 13:41:
From "Bill Cole"
Did you do that in the "global" config at
/etc/mail/spamassassin/local.cf (or something like it with 'etc'
somewhere) or in root's user config in
/root/.spamassassin/{userprefs,local.cf,whatever} ? If it was the
latter, yo
On 2025-05-02 at 07:41:46 UTC-0400 (Fri, 02 May 2025 11:41:46 +)
Michael Grant via users
is rumored to have said:
From "Bill Cole"
Did you do that in the "global" config at
/etc/mail/spamassassin/local.cf (or something like it with 'etc'
somewhere) or in root's user config in
/root/.sp
From "Bill Cole"
Did you do that in the "global" config at /etc/mail/spamassassin/local.cf (or
something like it with 'etc' somewhere) or in root's user config in
/root/.spamassassin/{userprefs,local.cf,whatever} ? If it was the latter, you need to
move it to the global config.
I put it i
On 2025-05-01 at 16:03:21 UTC-0400 (Thu, 01 May 2025 20:03:21 +)
Michael Grant via users
is rumored to have said:
I'm seeing this error over and over in my logs over the last few
weeks:
spamd: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit,
creating /root/.spamassassin/dnsblock_
an decrease the number of requests (divided by 2 at
least).
I will see at the end if we can respect the 10 requests by day.
-Message d'origine-
De : Bowie Bailey
Envoyé : vendredi 18 avril 2025 15:40
À : users@spamassassin.apache.org
Objet : Re: disable spamhaus request
rOn 20.04.25 15:44, Alex wrote:
I have spamassassin-4 with amavisd set up and have a message that hit
mailspike and a few others that pushed it over my 5 point threshold. Can
someone help me understand why this was not properly identified as a bounce
message?
https://pastebin.com/mc4zgp7S
Usual
On 2025-04-18 at 09:40:29 UTC-0400 (Fri, 18 Apr 2025 09:40:29 -0400)
Bowie Bailey
is rumored to have said:
[...]
> With that being said, he was not incorrect in this instance.
>
> The response received from Spamhaus indicates that you were blocked due to
> using a public DNS server.
>
> describe
On 17.04.25 15:47, DEMBLANS Mathieu wrote:
Thanks for the link, I will study that.
Our local nameserver DOESN’T USE shared/open nameservers, it transmit to the
good nameservers (for spamhaus, their NS).
do you mean that your nameservers do iterative resolution or you have
configured forwardin
On 2025-04-17 at 23:30:07 UTC-0400 (Fri, 18 Apr 2025 05:30:07 +0200)
Benny Pedersen via users
is rumored to have said:
> Andrew C Aitchison skrev den 2025-04-17 22:40:
>
>> I'll just repeat the words that Bill Cole sent last week
>> ( https://marc.info/?l=spamassassin-users&m=174413206312855&w=2
On 4/17/2025 4:40 PM, Andrew C Aitchison wrote:
On Thu, 17 Apr 2025, DEMBLANS Mathieu wrote:
Thanks for the link, I will study that.
Our local nameserver DOESN’T USE shared/open nameservers, it transmit
to the good nameservers (for spamhaus, their NS).
Why being so aggressive in your respons
Andrew C Aitchison skrev den 2025-04-17 22:40:
I'll just repeat the words that Bill Cole sent last week
( https://marc.info/?l=spamassassin-users&m=174413206312855&w=2 ):
Please note that "Reindl Harald " has a bad
habit
of writing pointlessly confrontational, intentionally rude, and very
oft
On Thu, 17 Apr 2025, DEMBLANS Mathieu wrote:
Thanks for the link, I will study that.
Our local nameserver DOESN’T USE shared/open nameservers, it transmit to the
good nameservers (for spamhaus, their NS).
Why being so aggressive in your response ?
You probably have a incredibly knowledge you h
.
Instead of that have constructive responses.
Clear informations are sometimes hard to find.
If you don’t wan to help, don’t respond.
De : Reindl Harald
Envoyé : jeudi 17 avril 2025 17:16
À : DEMBLANS Mathieu
Objet : Re: disable spamhaus request
and frankly: when you outright block based on
On 2025-04-16 at 05:00:37 UTC-0400 (Wed, 16 Apr 2025 11:00:37 +0200)
Axb
is rumored to have said:
On 16.04.2025 10:18, DEMBLANS Mathieu wrote:
Hello everyone,
I try to disable the dnsbl request done to spamhaus.org but the
solutions I found doesn't work.
I put
score RCVD_IN_ZEN_BLOCKED_OPEND
On 16.04.2025 10:18, DEMBLANS Mathieu wrote:
Hello everyone,
I try to disable the dnsbl request done to spamhaus.org but the solutions I
found doesn't work.
I put
score RCVD_IN_ZEN_BLOCKED_OPENDNS 0
score RCVD_IN_ZEN_BLOCKED 0
score __RCVD_IN_ZEN 0
in local.cf but spamassassin still do dns requ
On 4/7/25 12:02 PM, Laurent S. wrote:
Dear spamassassin users,
I have observed that sometimes spammers register a bunch of throwaways
domains (example.xyz), which are all CNAME towards one main domain
(example.org). I'd like, with spamassassin, to query those CNAME (for
instance that example.org
Please note that "Reindl Harald " has a bad
habit of writing pointlessly confrontational, intentionally rude, and
very often factually false replies to people posting here. That is why
you will not find his posts actually allowed on the list (and on some
other lists as well.)
On 2025-04-08 at
> On Apr 8, 2025, at 9:39 AM, Reindl Harald wrote:
>
>> It IS part of the business model, which is why in more than 20 years we have
>> never charged for queries or xfers, and we never will. Even though senders
>> pay us, we consider the receivers to be our customers, and our first
>> res
>
> On Apr 4, 2025, at 7:57 PM, Greg Troxel wrote:
>
> I have no recollection of signing up in any form, and have not gotten an
> email asking me to pay. I actually had no idea these were pay/limited
> until your mail, as I figured free access to SAFE/CERTIFIED for relying
> parties was part of
On Mon, Apr 07, 2025 at 12:39:58PM +0100, Nick Howitt wrote:
> > Maybe not a single-person host, but even a small company can cross this
> > limit easily. 10k e-mails in 30 days is 333 mails a day, which is quite
> > low number.
> Divide that by 3 as there are 3 queries per email and the limit is t
On 07/04/2025 12:27, Matus UHLAR - fantomas wrote:
"Simon Wilson" writes:
My results (about 1800 inbound emails across 6 days) show:
* combination of postscreen and other upstream tests are catching
true baddies enough that the VALIDITY_RPBL does not catch any for me
* VALIDITY_SAFE and
"Simon Wilson" writes:
My results (about 1800 inbound emails across 6 days) show:
* combination of postscreen and other upstream tests are catching true
baddies enough that the VALIDITY_RPBL does not catch any for me
* VALIDITY_SAFE and VALIDITY_CERTIFIED hit on about 5% of total emails (9
> On Mar 21, 2025, at 5:24 AM, Sidney Markowitz wrote:
>
> Please join me in welcoming Giovanni Bechis to the role of Chair of the
> Apache SpamAssassin Project Management Committee.
>
> I have retired from the role, and pass the baton to Giovanni, who has been
> voted in by PMC and approve
"Simon Wilson" writes:
> My results (about 1800 inbound emails across 6 days) show:
> * combination of postscreen and other upstream tests are catching true
> baddies enough that the VALIDITY_RPBL does not catch any for me
> * VALIDITY_SAFE and VALIDITY_CERTIFIED hit on about 5% of total ema
Interesting! Thanks Greg.
My results (about 1800 inbound emails across 6 days) show:
* combination of postscreen and other upstream tests are catching true baddies
enough that the VALIDITY_RPBL does not catch any for me * VALIDITY_SAFE and
VALIDITY_CERTIFIED hit on about 5% of total emails (96)
re.senderscore.com.')
describe RCVD_IN_VALIDITY_RPBL Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
tflags RCVD_IN_VALIDITY_RPBL net publish
reuse RCVD_IN_VALIDITY_RPBL
Re your comment: “10K is enough for a home business or small office, and if
it's not, they need to
On 05/04/2025 01:25, Andrew Fragias via users wrote:
Firstly, I wanted to point out that the free service will not be
changing and we will be allowing 10,000 Queries within a rolling 30 day
window, what will be changing is all those that are excessively
exceeding that volume will no longer be
"Simon Wilson via users" writes:
> OK, back to the purpose of this list - spamassassin! :)
> Validity are planning to enforce limits (although how they will
> enforce remains unknown - timeouts? false -ves? false +ves?). Given
> that these DNS BLs are in the standard config, and I'm apparently
>
OK, back to the purpose of this list - spamassassin! :)
Validity are planning to enforce limits (although how they will enforce remains
unknown - timeouts? false -ves? false +ves?). Given that these DNS BLs are in
the standard config, and I'm apparently exceeding the free threshold of 10,000
qu
Hi Andrew
Thank you, and Tom Bartel (on the mailop list), for replying.
* BTW I've never signed up for anything with Validity other than creating an
account at validity.com/zone to validate my IPs (horrible website trying to
find that again to check yesterday). * I'm a personal not corporate
wOn 13.03.25 09:34, Karl Denninger wrote:
I'm sure this has come up before but I don't see a way to do it in
the docs or Wiki.
I have a number of "role" accounts that, in some cases, get email
from more than one domain. All are considered "local" by my
postfix and dovecot config, thus all th
Hi,
Depending on how you deliver mail after SA has added headers, you might
be able to use postfix header checks to log your header,using action
INFO or WARN.
Something along the likes of:
main.cf:
header_checks = pcre:/etc/postfix/header_checks
header_checks:
/^X-Spam-ASN:/ WARN
See https
On 2025-03-24 at 10:19:40 UTC-0400 (Mon, 24 Mar 2025 15:19:40 +0100)
Andreas Haumer
is rumored to have said:
> Hi!
>
> Recently I noticed a (at least for me) very strange problem
> with a mailserver running sendmail + SpamAssassin: sometimes
> (not always!) the Received: header inserted by sendma
On 24.03.25 15:19, Andreas Haumer wrote:
Recently I noticed a (at least for me) very strange problem
with a mailserver running sendmail + SpamAssassin: sometimes
(not always!) the Received: header inserted by sendmail is completely wrong,
triggering SpamAssassin rules like "T_DATE_IN_FUTURE_96_Q"
Hi!
Am 24.03.25 um 15:54 schrieb Matus UHLAR - fantomas:
On 24.03.25 15:19, Andreas Haumer wrote:
Recently I noticed a (at least for me) very strange problem
with a mailserver running sendmail + SpamAssassin: sometimes
(not always!) the Received: header inserted by sendmail is completely wrong,
On 24.03.25 15:19, Andreas Haumer wrote:
Recently I noticed a (at least for me) very strange problem
with a mailserver running sendmail + SpamAssassin: sometimes
(not always!) the Received: header inserted by sendmail is completely wrong,
triggering SpamAssassin rules like "T_DATE_IN_FUTURE_96_Q"
On 24-3-2025 15:38, Matus UHLAR - fantomas wrote:
On 24.03.25 09:50, Dudi Goldenberg wrote:
Running SA v4.01 on Debian 12.10 with MariaDB backend.
The problem that I see is that the AWL table is properly updated with
new entries, totscore column is calculated, but msgcount always
remains 1 an
On 24.03.25 09:50, Dudi Goldenberg wrote:
Running SA v4.01 on Debian 12.10 with MariaDB backend.
The problem that I see is that the AWL table is properly updated with new
entries, totscore column is calculated, but msgcount always remains 1 and
never increments, as well as the lasthit column,
On 3/23/25 3:40 PM, Matus UHLAR - fantomas wrote:
On Sat, Mar 22, 2025 at 07:51:03PM +0100, Matus UHLAR - fantomas wrote:
On 20.03.25 13:52, Alex wrote:
>I'm using ExtractText to identify QR codes in PDFs.
>
># QR-code decoder
>extracttext_external zbar /usr/bin/zbarimg -q -D {}
>e
On Sat, Mar 22, 2025 at 07:51:03PM +0100, Matus UHLAR - fantomas wrote:
On 20.03.25 13:52, Alex wrote:
>I'm using ExtractText to identify QR codes in PDFs.
>
># QR-code decoder
>extracttext_externalzbar/usr/bin/zbarimg -q -D {}
>extracttext_use zbar.jpg .png .p
On Sat, Mar 22, 2025 at 07:51:03PM +0100, Matus UHLAR - fantomas wrote:
> On 20.03.25 13:52, Alex wrote:
> >I'm using ExtractText to identify QR codes in PDFs.
> >
> ># QR-code decoder
> >extracttext_externalzbar/usr/bin/zbarimg -q -D {}
> >extracttext_use zbar.j
On 20.03.25 13:52, Alex wrote:
I'm using ExtractText to identify QR codes in PDFs.
# QR-code decoder
extracttext_externalzbar/usr/bin/zbarimg -q -D {}
extracttext_use zbar.jpg .png .pdf .webp
image/(?:jpeg|png) application/pdf
add_header all
On 3/20/25 6:52 PM, Alex wrote:
Hi,
I'm using ExtractText to identify QR codes in PDFs.
# QR-code decoder
extracttext_external zbar /usr/bin/zbarimg -q -D {}
extracttext_use zbar .jpg .png .pdf .webp image/(?:jpeg|png)
application/pdf
add_header al
Great news, congratulations Giovanni!
On Fri, Mar 21, 2025 at 6:48 AM Kevin A. McGrail
wrote:
> Congrats Giovanni! Thank you for all your service to Sidney.
>
>
> On Fri, Mar 21, 2025, 07:25 Sidney Markowitz wrote:
>
>> Please join me in welcoming Giovanni Bechis to the role of Chair of the
>>
Congrats, Giovanni! Thanks to you and Sidney for all you do for the
community.
On 3/21/25 7:24 AM, Sidney Markowitz wrote:
Please join me in welcoming Giovanni Bechis to the role of Chair of
the Apache SpamAssassin Project Management Committee.
I have retired from the role, and pass the baton
On 3/21/25 6:24 AM, Sidney Markowitz wrote:
Please join me in welcoming Giovanni Bechis to the role of Chair of the
Apache SpamAssassin Project Management Committee.
I have retired from the role, and pass the baton to Giovanni, who has
been voted in by PMC and approved by the ASF Board of Dire
Congrats Giovanni! Thank you for all your service to Sidney.
On Fri, Mar 21, 2025, 07:25 Sidney Markowitz wrote:
> Please join me in welcoming Giovanni Bechis to the role of Chair of the
> Apache SpamAssassin Project Management Committee.
>
> I have retired from the role, and pass the baton to
On 3/15/2025 07:48, Matus UHLAR - fantomas wrote:
wOn 13.03.25 09:34, Karl Denninger wrote:
I'm sure this has come up before but I don't see a way to do it in
the docs or Wiki.
I have a number of "role" accounts that, in some cases, get email
from more than one domain. All are considered "lo
wOn 13.03.25 09:34, Karl Denninger wrote:
I'm sure this has come up before but I don't see a way to do it in the
docs or Wiki.
I have a number of "role" accounts that, in some cases, get email from
more than one domain. All are considered "local" by my postfix and
dovecot config, thus all th
On 3/14/2025 8:27 AM, Matija Nalis wrote:
IIRC, having "tflags MAILING_LIST_MULTI nice" adds default negative score
automatically.
Just like having the rule without "tflags nice" (and whithout explicitly specified
"score") adds positive +1 score automatically.
That's very "nice" :)
Thank you,
On 2025-03-14 at 02:46:06 UTC-0400 (Fri, 14 Mar 2025 02:46:06 -0400)
Jared Hall via users
is rumored to have said:
SA 3.4.6
I see this negative scoring rule in many spams:
MAILING_LIST_MULTI=-1
Spamples appreciated.
Seems counter-intuitive but I could not find a score for this rule
anywhe
On Fri, Mar 14, 2025 at 02:46:06AM -0400, Jared Hall via users wrote:
> MAILING_LIST_MULTI=-1
> Seems counter-intuitive but I could not find a score for this rule anywhere.
IIRC, having "tflags MAILING_LIST_MULTI nice" adds default negative score
automatically.
Just like having the rule without "
On 3/11/25 2:51 PM, Andreas Vögele wrote:
Philip Prindeville wrote:
What are other people doing now that MaxMind has deprecated Perl support for
their databases?
I'm the author of IP:Geolocation::MMDB, which is an API-compatible replacement
for MaxMind::DB::Reader. Packages are in Fedora, in
On Wed, 12 Mar 2025, Bill Cole wrote:
On 2025-03-12 at 07:47:34 UTC-0400 (Wed, 12 Mar 2025 12:47:34 +0100)
is rumored to have said:
I think it would be better to add proper support for IP:Geolocation::MMDB and
later deprecate MaxMind::DB::Reader instead.
+1
Screwing with the namespace to
On 2025-03-12 at 07:47:34 UTC-0400 (Wed, 12 Mar 2025 12:47:34 +0100)
is rumored to have said:
> On 3/11/25 2:51 PM, Andreas Vögele wrote:
>> Philip Prindeville wrote:
>>> What are other people doing now that MaxMind has deprecated Perl support
>>> for their databases?
>>
>> I'm the author of IP
Rainer,
Take a look at
https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Conf.html
body SYMBOLIC_TEST_NAME /pattern/modifiers
...
"All body paragraphs (double-newline-separated blocks text) are turned into
a linebreaks-removed, whitespace-normalized, single line. Any lines longer
On 2025-03-10 at 11:42:16 UTC-0400 (Mon, 10 Mar 2025 16:42:16 +0100)
Rainer Sokoll via users
is rumored to have said:
> Hi,
>
> SpamAssassin version 4.0.0
> running on Perl version 5.36.0
>
> Debian 12 (bookworm)
>
> I’m pulling my hair out.
> A simple mail containing
>
> --[snip]-
> te
On 3/10/25 8:10 PM, Philip Prindeville via users wrote:
What are other people doing now that MaxMind has deprecated Perl support for
their databases?
On 11.03.25 08:49, giova...@paclan.it wrote:
Currently supported Perl modules are "GeoIP2", "Geo::IP", "IP::Country::DB_File" and
"IP::Country
Mark London skrev den 2025-03-11 05:51:
Hi - I'm really getting tired of these fake warnings. See below. This
one luckily hit spamcop. Otherwise, it would have been delivered.
so close your email address so it never will be recived :=)
As an aside, see the last line of the email. I am not
Philip Prindeville wrote:
What are other people doing now that MaxMind has deprecated Perl support for
their databases?
I'm the author of IP:Geolocation::MMDB, which is an API-compatible
replacement for MaxMind::DB::Reader. Packages are in Fedora, in SUSE's
devel:languages:perl repository an
On 3/10/25 8:10 PM, Philip Prindeville via users wrote:
What are other people doing now that MaxMind has deprecated Perl support for
their databases?
Currently supported Perl modules are "GeoIP2", "Geo::IP", "IP::Country::DB_File" and
"IP::Country::Fast".
Atm I am using IP::Country::DB_File
> Just to verify: do email headers *properly* define that this part of email is
> "text/html" MIME type, and that it uses quoted-printable encoding?
Yes:
_NmP-f79e46939889b5eb-Part_1
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
(I attached the gzipped
On 2025-03-06 14:41:45 +0100, Michel Arboi wrote:
> I guess I'll have to blacklist some URI domains, but if anybody
> finds a btter idea, I'll take it.
>
> Note the GDPR pseudo legal text. This is utter BS of course, as
> this was not sent to a professional address.
>
> Ce message vous a été envo
On Fri, Mar 07, 2025 at 10:54:16AM +0100, Michel Arboi wrote:
> This piece of HTML triggers my rules, it shouldn't:
> Mar 7 02:37:14.474 [162580] dbg: uri: running uri_detail
> _HFD_URI_HOSTNAME_NOT_RFC_COMP:
> =3D"https://jbcorrie.co.uk/wp-content/uploads/2022/11/JB-Corrie-and-Co-Ltd-=
Just t
This piece of HTML triggers my rules, it shouldn't:
Mobile: 01250 873989 https://www.jbcorrie.co.uk";>https://jbcorrie.co.uk/wp-content/uploads/2022/11/JB-Corrie-and-Co-Ltd-=
Signal-Box-Road-Blaigowrie-Perthshire-PH10-6ER-01250-873989.jpg" width=3D"7=
Mar 7 02:37:14.474 [162580] dbg: uri: r
On Thu, 6 Mar 2025, Michel Arboi wrote:
I guess I'll have to blacklist some URI domains, but if anybody
finds a btter idea, I'll take it.
Bayes should handle that - especially if you don't actually speak
French...
Note the GDPR pseudo legal text. This is utter BS of course, as
this was not
On Wed, 5 Mar 2025 15:18:43 +0100
Tom Hendrikx wrote:
> Interesting to see all the variants and diacritics used. Maybe we can
> improve some rules based on the variants. I never received anything
> like this, so sharing for the people interested.
I received some spams like this, a couple of yea
On Wed, 5 Mar 2025, Tom Hendrikx wrote:
Hi,
Just received a, what seems to be, incorrectly used template for generating
mail bodies for bitcoin ripoffs.
Interesting to see all the variants and diacritics used. Maybe we can improve
some rules based on the variants.
There are already a bunc
On Tue, 25 Feb 2025, Bill Cole wrote:
On 2025-02-25 at 09:31:44 UTC-0500 (Tue, 25 Feb 2025 09:31:44 -0500)
[snip..]
The problem with googlegroups is that google seems to let people create
groups and add people to them. Really, that google seems to choose to
allow spamming with gmail in genera
On 2025-02-25 at 09:31:44 UTC-0500 (Tue, 25 Feb 2025 09:31:44 -0500)
Greg Troxel
is rumored to have said:
Bill Cole writes:
[...]
I will look at adding an extra condition in that meta-rule.
I am on multiple googlegroups. (Yes, it's a bug that anyone hosts
their
mailinglists there, but
Tuesday, February 25, 2025, 9:12:20 AM, you wrote:
MUf> Yeah, typical googlegroups.com spam.
MUf> This is abused for over a decade.
On 25.02.25 13:18, Niamh Holding wrote:
So maybe mail from googlegroups should no longer get a -1 score?
On 2025-02-25 at 08:27:58 UTC-0500 (Tue, 25 Feb 2025
Bill Cole writes:
> On 2025-02-25 at 08:27:58 UTC-0500 (Tue, 25 Feb 2025 14:27:58 +0100)
> Matus UHLAR - fantomas
> is rumored to have said:
>
>>> Tuesday, February 25, 2025, 9:12:20 AM, you wrote:
>>>
>>> MUf> Yeah, typical googlegroups.com spam.
>>> MUf> This is abused for over a decade.
>>
>>
On 2025-02-25 at 08:27:58 UTC-0500 (Tue, 25 Feb 2025 14:27:58 +0100)
Matus UHLAR - fantomas
is rumored to have said:
Tuesday, February 25, 2025, 9:12:20 AM, you wrote:
MUf> Yeah, typical googlegroups.com spam.
MUf> This is abused for over a decade.
On 25.02.25 13:18, Niamh Holding wrote:
So
Tuesday, February 25, 2025, 9:12:20 AM, you wrote:
MUf> Yeah, typical googlegroups.com spam.
MUf> This is abused for over a decade.
On 25.02.25 13:18, Niamh Holding wrote:
So maybe mail from googlegroups should no longer get a -1 score?
googlegroups get no score afaik.
The issue is that they
Hello Matus,
Tuesday, February 25, 2025, 9:12:20 AM, you wrote:
MUf> Yeah, typical googlegroups.com spam.
MUf> This is abused for over a decade.
So maybe mail from googlegroups should no longer get a -1 score?
--
Best regards,
Niamhmailto:ni...@fullbore.co.uk
On 25.02.25 09:02, Niamh Holding wrote:
Been getting a lot of spam hitting this rule recently, guess the spammers are
starting to use common list managers to send their rubbish.
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on iron.holtain.net
X-Spam-Level: *
X-Spam-Status: No, scor
Hi Michel, you can find more about the ruleset channel at
https://mcgrail.com/template/kam.cf_channel
Take a look at the rules with KAM_ZW at the beginning of them.
Regards,
KAM
On 2/22/2025 1:24 PM, Michel Arboi wrote:
Where is it? I found a couple of blog articles on zero width characters
On 2/22/2025 4:06 PM, Andrew C Aitchison wrote:
Would it be worth including codes that control text direction,
like "Trojan Source" - CVE-2021-42574 and CVE-2021-42694.
I generally only look at things being actively used or predictably used
in the wild. If you aren't seeing it in spamples, I
On Sat, 22 Feb 2025, Michel Arboi wrote:
On Sat, 22 Feb 2025 12:31:37 -0500
"Kevin A. McGrail" wrote:
You might want to look at the KAM ruleset
Interesting. KAM_REPLACE and KAM_OBFURL I suppose?
and look at the ZW rules as well. -KAM
Where is it? I found a couple of blog articles on ze
>
>
> > This also means there isn't much regularity to outgoing mail to subtract
> > points. It's usually just one-offs where users check on ordering or ask
> > general product questions.
> >
> > This also doesn't include the businesses using Workspace, which would
> most
> > likely share the same
On Sat, 22 Feb 2025 12:31:37 -0500
"Kevin A. McGrail" wrote:
> You might want to look at the KAM ruleset
Interesting. KAM_REPLACE and KAM_OBFURL I suppose?
> and look at the ZW rules as well. -KAM
Where is it? I found a couple of blog articles on zero width characters
used for obfuscation, b
You might want to look at the KAM ruleset and look at the ZW rules as
well. -KAM
On 2/21/2025 5:41 PM, Michel Arboi wrote:
I received this phishing spam yesterday. That was not the first of
this kind. (attached, w/o the image)
I thought about this and wrote this uri-bad-unicode.cf Insert it
i
1 - 100 of 1265 matches
Mail list logo
