Re: Question about sa-updates

Paul Schmehl skrev den 2024-06-22 07:44: It’s not clear to me from your answer. Does SA read rules in both places? it eveal first sa-update rules, then later host rules Or only in /etc/mail/spamassassin/? this is host rules, you define all global configs here, and it will never be overrid

Re: Question about sa-updates

On Sat, 22 Jun 2024, Paul Schmehl wrote: On Jun 22, 2024, at 12:28 AM, Kenneth Porter wrote: On 6/21/2024 8:56 PM, Paul Schmehl wrote: I scratched my head, then looked up the man page for sa-update on the web. Sure enough, that’s where the rules go. Is that where my local.c

Re: Question about sa-updates

> On Jun 22, 2024, at 12:28 AM, Kenneth Porter wrote: > > On 6/21/2024 8:56 PM, Paul Schmehl wrote: >> I scratched my head, then looked up the man page for sa-update on the web. >> Sure enough, that’s where the rules go. Is that where my local.cf file >> should be located? Right now it’s in /et

Re: Question about sa-updates

On 6/21/2024 8:56 PM, Paul Schmehl wrote: I scratched my head, then looked up the man page for sa-update on the web. Sure enough, that’s where the rules go. Is that where my local.cf file should be located? Right now it’s in /etc/mail/spamassassin. There’s a default local.cf file in /var/lib/….

Re: Sv: Re: Question about a rule

I'd also strongly recommend adding boundaries: /\b(blah1|blah2|blah3)\b/i Otherwise, you might have a whole *pano*ply of words that will make legit mails marked a spam. You need to be super sure about poison pills rules, or in french - *pillu*le empoisonnée. Good luck. On 18.06.24 13:35, Axb w

Re: Sv: Re: Question about a rule

You need to enclose in brackets body LOCAL_BLAH /(blah1|blah2|blah3)/i On 6/18/24 13:05, Anders Gustafsson wrote: Sure: body LOCAL_PORN_RULE /kiimainen|naida|sexikäs|nussikas|nussia|pillu|pano|kinky|bdsm|pillua|x69-JOOGA/i score LOCAL_PORN_RULE 8 describe LOCAL_PORN_RULE This catches

Re: Sv: Re: Question about a rule

On 18.06.24 14:05, Anders Gustafsson wrote: body LOCAL_PORN_RULE /kiimainen|naida|sexikäs|nussikas|nussia|pillu|pano|kinky|bdsm|pillua|x69-JOOGA/i score LOCAL_PORN_RULE 8 describe LOCAL_PORN_RULE This catches peter's porn spam Sorry again for mailing directly. No idea why it suggests th

Sv: Re: Question about a rule

Sure: body LOCAL_PORN_RULE /kiimainen|naida|sexikäs|nussikas|nussia|pillu|pano|kinky|bdsm|pillua|x69-JOOGA/i score LOCAL_PORN_RULE 8 describe LOCAL_PORN_RULE This catches peter's porn spam Sorry again for mailing directly. No idea why it suggests the user and not users@ -- Med vänlig

Re: Question about a rule

On 18.06.24 13:50, Anders Gustafsson wrote: body LOCAL_PORN_RULE /word1|word2.|x69-JOOGA/i score LOCAL_PORN_RULE 8 describe LOCAL_PORN_RULE This catches peter's porn spam Funny thing is that it seems to trigger on messages that contain none of those words. I have removed the actual

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, 2024-01-19 at 15:15 +0100, Benny Pedersen wrote: > Byung-Hee HWANG skrev den 2024-01-19 11:12: > > > I rely on DNSWL for the reputable MX. > > if repution is 100% needed we all have to make local rescore on all > local mails, since repution is to be local, not external just > > i consid

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, 19 Jan 2024, Thomas Cameron wrote: On 1/19/24 16:32, Byung-Hee HWANG wrote: There is a filtering rule in Gmail: *Never send it to Spam* I apply that rule to extremely important emails such as debian-bugs- dist and debian-devel-announce. You know that. I know that. But trying to

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/19/24 16:32, Byung-Hee HWANG wrote: There is a filtering rule in Gmail: *Never send it to Spam* I apply that rule to extremely important emails such as debian-bugs- dist and debian-devel-announce. You know that. I know that. But trying to explain to the board members I'm helping out is.

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hellow Thomas, > But it drops it into the spam folder every time. So when I'm sending > emails to someone's alias, they have to check their spam folder. Even > when they mark it as "not spam," GMail still drops it into the spam > folder. It's very frustrating. > There is a filtering rule in Gm

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/19/24 14:33, Matija Nalis wrote: You would need to encourage at least several of the recepients (the more the better) to click on "Not spam" button on GMail on such mails. Then it will (eventually) start accepting them normally. Yup, that's basically what I've been doing. see e.g. https

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, Jan 19, 2024 at 10:37:13AM -0600, Thomas Cameron wrote: > The forwarded email is being *accepted* by GMail. My issue now is that GMail > drops it into the recipient's spam folder. I suspect it's a reputation > thing. Once the server is up and running for a while, I'm hoping that GMail > wil

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/7/24 05:40, Matus UHLAR - fantomas wrote: I built email servers for a non-profit I volunteer for.  If email comes into the server for presid...@myassociation.org, I would normally just create an alias in /etc/aliases so that emails to president@ get forwarded to the president's "real" emai

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/7/24 04:07, Byung-Hee HWANG wrote: Hellow Thomas, See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043539#88 Sincerely, Byung-Hee The issue is not so much that GMail doesn't accept the email. It does, since I have DKIM, DMARC, and SPF set up. But it drops it into the spam folde

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Byung-Hee HWANG skrev den 2024-01-19 11:12: I rely on DNSWL for the reputable MX. if repution is 100% needed we all have to make local rescore on all local mails, since repution is to be local, not external just i consider dnswl level 0 to be possitive scored, and let the other levels be n

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Marc skrev den 2024-01-19 09:34: Hi Byung and Benny, are you having a nice MX party? :) not needed yet, hehe

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Byung-Hee HWANG skrev den 2024-01-19 06:16: Actually i used Google MX for 10 years. Recently, i created dedicated MXs and am continuing to operate them. Plus, the dedicated MXs run on Google Cloud and RimuHosting. it was to vierd for me to figure out how to get it working, and posible in the

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, 2024-01-19 at 08:34 +, Marc wrote: > > > Byung-Hee HWANG skrev den 2024-01-08 12:27: > > > > > > > Gmail is my last INBOX. That's enough for me. > > > > > > +1, so you are ready to setup google mx ? :) > > > > > > > Hellow Benny, > > > > Actually i used Google MX for 10 years. Rece

RE: Question about forwarding email (not specifically SA, pointers greatly appreciated)

> > Byung-Hee HWANG skrev den 2024-01-08 12:27: > > > > > Gmail is my last INBOX. That's enough for me. > > > > +1, so you are ready to setup google mx ? :) > > > > Hellow Benny, > > Actually i used Google MX for 10 years. Recently, i created dedicated > MXs and am continuing to operate them. Plu

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Mon, 2024-01-08 at 17:17 +0100, Benny Pedersen wrote: > Byung-Hee HWANG skrev den 2024-01-08 12:27: > > > Gmail is my last INBOX. That's enough for me. > > +1, so you are ready to setup google mx ? :) > Hellow Benny, Actually i used Google MX for 10 years. Recently, i created dedicated MXs

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Byung-Hee HWANG skrev den 2024-01-08 12:27: Gmail is my last INBOX. That's enough for me. +1, so you are ready to setup google mx ? :) https://support.google.com/a/answer/140034?hl=en i don't like it yet, missing dnssec and dane, tlsa, google is not friendly there if google wants my money

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

This is not a good advice. Whoever filters SPF at SMTP time will reject that message. Gmail is not the only mail service available. On 08.01.24 20:27, Byung-Hee HWANG wrote: Gmail is my last INBOX. That's enough for me. that's what I wanted to say - enough for someone, but not generally enoug

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

> > This is not a good advice. Whoever filters SPF at SMTP time will > reject that > message. Gmail is not the only mail service available. Hellow Matus, Gmail is my last INBOX. That's enough for me. Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

I built email servers for a non-profit I volunteer for. If email comes into the server for presid...@myassociation.org, I would normally just create an alias in /etc/aliases so that emails to president@ get forwarded to the president's "real" email address, say presidents_real_em...@gmail.com.

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

> > I built email servers for a non-profit I volunteer for. If email > comes > into the server for presid...@myassociation.org, I would normally > just > create an alias in /etc/aliases so that emails to president@ get > forwarded to the president's "real" email address, say > presidents_real_

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hello, On Wed, Jan 03, 2024 at 01:24:02PM -0600, Thomas Cameron via users wrote: > On 1/2/24 17:51, Andy Smith wrote: > > - Have your users collect their your-org email by some means other > >than SMTP, such as running an IMAP server and having them view > >both their gmail mailbox and the

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/4/24 06:35, Matus UHLAR - fantomas wrote: On 03.01.24 20:36, Thomas Cameron wrote: Fair point. But I'm guessing that because it has two DKIM signatures, it's not passing the DKIM check. only one of those DKIM dignatures needs to pass, with the domain in From: Yup, and it seems to be wor

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/4/24 06:31, Matus UHLAR - fantomas wrote: On 03.01.24 19:30, Thomas Cameron wrote: Thanks for the advice on SRS - I have set it up and it's mostly working. At least GMail accepts the emails, although it seems to be failing DKIM and DMARC tests. I'm digging into what, if anything, can be d

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Thomas Cameron writes: Yeah, the weird thing is, when I check the forwarded email on GMail, I see in the headers that both the original sending email server (call it mail.somedomain.com) and the relay server (call it mail.myassociation.org) put DKIM signatures in the message. On 1/3/24 19:45,

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 15:44, Bill Cole wrote: Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it has multiple implementations. If you forward mail, you will break SPF unless you fix the envelope sender so that it uses a domain  that permits the example.org server to send for it. OR,

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 19:45, Greg Troxel wrote: Thomas Cameron writes: Yeah, the weird thing is, when I check the forwarded email on GMail, I see in the headers that both the original sending email server (call it mail.somedomain.com) and the relay server (call it mail.myassociation.org) put DKIM signa

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Thomas Cameron writes: > Yeah, the weird thing is, when I check the forwarded email on GMail, I > see in the headers that both the original sending email server (call > it mail.somedomain.com) and the relay server (call it > mail.myassociation.org) put DKIM signatures in the message. That's more

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 17:41, Greg Troxel wrote: You are overlooking that DKIM from the original From: is the responsibility of that domain and that if you do not modify the message then it should still pass. Domains sending without DKIM are going to be a mess. Yeah, the weird thing is, when I check the fo

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 15:44, Bill Cole wrote: Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it has multiple implementations. If you forward mail, you will break SPF unless you fix the envelope sender so that it uses a domain  that permits the example.org server to send for it. O

[SOLVED] Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 18:16, Michael Grant wrote: Here's what I have done in the past from my server to get around this situation you are having: 1. In my .procmailrc file :0c: !exam...@gmail.com This sends a copy (the c flag in first line) of the message to the gmail account and leaves a copy in your inb

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Here's what I have done in the past from my server to get around this situation you are having: 1. In my .procmailrc file :0c: !exam...@gmail.com This sends a copy (the c flag in first line) of the message to the gmail account and leaves a copy in your inbox. 2. From your exam...@gmail.com acct

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

"Thomas Cameron via users" writes: > I actually set up SPF, DMARC, and DKIM on the non-profit's email > server. It works fine if I send email from the server. > > The rub is, I want all emails to presid...@example.org to be forwarded > to presidents_real_addr...@gmail.com. Since the forward happe

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hello Thomas, This might help too: These failures are often due to SPFs that have a hard fail (meaning they end with ‘-all’). When I dealt with this in the past, the original sending domain was one where we could modify the SPF. So we had the email sender change “-all” to “~all” and since that

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 2024-01-03 at 14:17:11 UTC-0500 (Wed, 3 Jan 2024 13:17:11 -0600) Thomas Cameron via users is rumored to have said: The rub is, I want all emails to presid...@example.org to be forwarded to presidents_real_addr...@gmail.com. Since the forward happens at mail.example.org, the "from" is from s

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/2/24 17:51, Andy Smith wrote: Hi Thomas, On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote: I built email servers for a non-profit I volunteer for. If email comes into the server for presid...@myassociation.org, I would normally just create an alias in /etc/aliases s

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 01:21, Jared Hall wrote: On 1/2/2024 5:24 PM, Thomas Cameron via users wrote: The problem is, when I send email to presid...@myassociation.org, gmail rejects the forwarded email because it appears to come from my personal domain, not the mythical myassociation.org domain. DKIM, DMA

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/2/2024 5:24 PM, Thomas Cameron via users wrote: The problem is, when I send email to presid...@myassociation.org, gmail rejects the forwarded email because it appears to come from my personal domain, not the mythical myassociation.org domain. DKIM, DMARC, and SPF all fail, which I totall

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

"Thomas Cameron via users" writes: > I built email servers for a non-profit I volunteer for. If email comes > into the server for presid...@myassociation.org, I would normally just > create an alias in /etc/aliases so that emails to president@ get > forwarded to the president's "real" email addre

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hi Thomas, On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote: > I built email servers for a non-profit I volunteer for. If email comes into > the server for presid...@myassociation.org, I would normally just create an > alias in /etc/aliases so that emails to president@ get

Re: Question about user specific bayes

On 2022-01-18 22:34, Bill Cole wrote: Well, maybe? I don't currently have a system using per-user Bayes and it's been a bit since I set one up so hopefully someone who has a working rig will speak up... fuglu have pr user bayes pr default, and it recently fixed that local part before could be

RE: Question about user specific bayes

tly good per-user DB isn't properly seeded. It doesn't seem to be creating an empty database at all. Not sure why > -Original Message- > From: Bill Cole > Sent: Tuesday, January 18, 2022 12:23 PM > To: users@spamassassin.apache.org > Subject: Re: Question about user

Re: Question about user specific bayes

ill not fall back to a global Bayes DB just because an otherwise perfectly good per-user DB isn't properly seeded. -Original Message- From: Bill Cole Sent: Tuesday, January 18, 2022 12:23 PM To: users@spamassassin.apache.org Subject: Re: Question about user specific bayes On 2

RE: Question about user specific bayes

will use it provided it's properly seeded. If not, it will fall back to the global bayes. Is that correct? Thanks -Original Message- From: Bill Cole Sent: Tuesday, January 18, 2022 12:23 PM To: users@spamassassin.apache.org Subject: Re: Question about user specific bayes On 2022-

Re: Question about user specific bayes

On 2022-01-18 at 11:12:01 UTC-0500 (Tue, 18 Jan 2022 16:12:01 +) Dino Edwards is rumored to have said: Hi, Trying to implement user specific bayes. My current setup is setup as follows in regards to global bayes. I'm also using amavis: bayes_path /opt/sa-bayes/bayes bayes_file_mode 0777

RE: Question about whitelisting of naadac.org

Thursday, August 12, 2021 5:43 AM To: users@spamassassin.apache.org Subject: Re: Question about whitelisting of naadac.org On Wed, 11 Aug 2021, Lukasz Maik wrote: Hi All, The company naadac.org is experiencing problems with their e-mails being marked as SPAM, when they are putting link to their domain https://

Re: Question about whitelisting of naadac.org

On 2021-08-12 at 16:16:21 UTC-0400 (Thu, 12 Aug 2021 20:16:21 +) Lukasz Maik is rumored to have said: Dear John, Sure, please find full tests results here: https://www.mail-tester.com/test-bw02eaxrt That website is not in any way authoritative, misrerpresents SpamAssassin scores, is ru

Re: Question about whitelisting of naadac.org

work e-mails, recipients are finding those messages in the Junk Email folder. Even people with who he was previously working before. Kind Regards Lukas -Original Message- From: John Hardin Sent: Thursday, August 12, 2021 5:43 AM To: users@spamassassin.apache.org Subject: Re: Q

Re: Question about whitelisting of naadac.org

Lukasz Maik writes: [not sure what the relationship of ricoh-europe is to a US .org is] > Sure, please find full tests results here: > https://www.mail-tester.com/test-bw02eaxrt > > We've lost a point for not having DKIM/DMARC authentication, which is > unfortunately not supported by our host

RE: Question about whitelisting of naadac.org

st 12, 2021 5:43 AM To: users@spamassassin.apache.org Subject: Re: Question about whitelisting of naadac.org This message was sent from an external source. Please be careful opening attachments/links or replying to sources you don't know. On Wed, 11 Aug 2021, Lukasz Maik wrote: > Hi

Re: Question about whitelisting of naadac.org

On Wed, 2021-08-11 at 20:43 -0700, John Hardin wrote: > As Kenneth said, contact Spamhaus regarding why that domain is listed. > > I took a look at it with a text-mode web browser, Lynx, thats too simple to try to process nastys and with all cookies disabled. It looked more than slightly suspect

Re: Question about whitelisting of naadac.org

On Wed, 11 Aug 2021, Lukasz Maik wrote: Hi All, The company naadac.org is experiencing problems with their e-mails being marked as SPAM, when they are putting link to their domain www.naadac.org in the signature of their mails. Is it possible to whitelist this domain/link in your SPAM filte

Re: Question about whitelisting of naadac.org

--On Wednesday, August 11, 2021 8:57 PM + Lukasz Maik wrote: The company naadac.org is experiencing problems with their e-mails being marked as SPAM, when they are putting link to their domain www.naadac.org in the signature of their mails. Is it possible to whitelis

Re: Question about the 'URIBL_BLOCKED' rule

On 5/3/20 1:16 AM, Bill Cole wrote: > On 30 Apr 2020, at 14:59, Tom Williams wrote: > >> Hi!  I'm new to this mailing list, but not new to SpamAssassin. I've >> used it on and off for a number years.  :)   Recently, (within the >> past 6 months or so) I enabled it for email in a shared web hosting

Re: Question about the 'URIBL_BLOCKED' rule

On 30 Apr 2020, at 14:59, Tom Williams wrote: Hi!  I'm new to this mailing list, but not new to SpamAssassin. I've used it on and off for a number years.  :)   Recently, (within the past 6 months or so) I enabled it for email in a shared web hosting environment (we host with InMotionHosting).

Re: Question about the 'URIBL_BLOCKED' rule

Man thanks to those who responded.  I was mainly wondering how the inability to do blacklist checks would impact the overall ability of SpamAssassin to detect spam.  Given the responses, I'll go in a different direction.  I'll move the site to a VPS, where I can have more control over SpamAssassin

Re: Question about the 'URIBL_BLOCKED' rule

On Sat, 2 May 2020 15:59:27 +0300 Jari Fredriksson wrote: > On 2.5.2020 13.30, Reindl Harald wrote: > > and why don't you just replace /etc/resolv.conf and fire up "chattr > > +i /etc/resolv.conf" like everyone else does for years to keep it > > untouched (that's even a ducomentaed way to prevent

Re: Question about the 'URIBL_BLOCKED' rule

On 2.5.2020 13.30, Reindl Harald wrote: and why don't you just replace /etc/resolv.conf and fire up "chattr +i /etc/resolv.conf" like everyone else does for years to keep it untouched (that's even a ducomentaed way to prevent it overwritten by dhcp clients) there is no point using a shared dns

Re: Question about the 'URIBL_BLOCKED' rule

Still! Syncing weekly_mass_check check: dns_block_rule URIBL_BLOCKED hit, creating/home/jarif/.spamassassin/dnsblock_multi.uribl.com (This means dnsbl blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny multi.uribl.com" to disable queries)

Re: Question about the 'URIBL_BLOCKED' rule

I have too had a problem of this in my masscheck box. It is a cloud VM in Google Cloud and they do like to provide a /etc/resolv.conf for their own DNS which has been next to impossible to overcome. I do replace it in the beginning of my masscheck process with my own but to no avail. I now fig

Re: Question about the 'URIBL_BLOCKED' rule

First result on Google: http://cweiske.de/tagebuch/uribl_blocked.htm Short version: URIBL will block you if you use any of the big DNS providers, such as 8.8.8.8. On 4/30/20 11:59 AM, Tom Williams wrote: > Hi!  I'm new to this mailing list, but not new to SpamAssassin. I've > used it on and off

Re: Question on early detection for relay spam

Rupert Gallagher skrev den 2020-03-05 00:27: Fails with travelling clients. my custommers want vacation without stress :=)

Re: Question on early detection for relay spam

On 04 Mar 2020, at 16:27, Rupert Gallagher wrote: > Fails with travelling clients. Depends. I block several countries from accessing my mail server. If someone travels to one of those countries, they can use webmail to access their mail. There are always options. However, most people simply us

Re: Question on early detection for relay spam

Fails with travelling clients. Original Message On Mar 3, 2020, 16:49, Benny Pedersen wrote: > Marc Roos skrev den 2020-03-03 16:15: >> Use ipset, hardly causing any latency using 50k entries. > > i dont need to block 50k entries, but only whitelist few accepted client > ips, wh

Re: Question on early detection for relay spam

On 4 Mar 2020, at 14:43, RW wrote: On Tue, 03 Mar 2020 16:05:31 -0800 Ted Mittelstaedt wrote: 2FA isn't going to help unless 2FA could be applied to the SMTP Auth port. Sometime 2FA on webmail is combined with separate autogenerated passwords for pop/imap/submission. A.k.a. "application p

Re: Question on early detection for relay spam

On Tue, 03 Mar 2020 16:05:31 -0800 Ted Mittelstaedt wrote: > 2FA isn't going to help unless 2FA could be applied to the SMTP Auth > port. Sometime 2FA on webmail is combined with separate autogenerated passwords for pop/imap/submission.

Re: Question on early detection for relay spam

If password rotating is out of the question, you might want to check your IPs against blacklists multiple times at a day, it wouldn't stop it but it may notify you earlier to stop an outbreak. Other thing that comes to mind is, you may try rate limiting your users and setup a cron to monitor th

Re: Question on early detection for relay spam

On 3/3/2020 5:53 AM, Riccardo Alfieri wrote: On 03/03/20 08:54, Benny Pedersen wrote: Ted Mittelstaedt skrev den 2020-03-03 08:26: What do other people do for this problem? Hi Ted, What I can suggest you is to look at our DQS product (https://www.spamhaustech.com/dqs/), that even in it

RE: Question on early detection for relay spam

Well for example of the trouble RBLS cause see this one for your own number: -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [212.26.193.44 listed in list.dnswl.org] >and then immediately forget it, wh

Re: Question on early detection for relay spam

On 3/3/20 3:40 AM, Marc Roos wrote: No problem I would say, it is good exchange thoughts and idea's Agreed. Strange your webmail should be on https then it is difficult to catch passwords. I do not have this at al, that peoples passwords get stolen. Hardly ever. So maybe somewhere something

Re: Question on early detection for relay spam

On 3 Mar 2020, at 2:26, Ted Mittelstaedt wrote: I know this is probably off topic but I'm getting desperate enough to ask. I run a commercial mailserver that regularly seems to have spammers relay mail through it that have obtained stolen credentials for a user. Many years ago I stopped all

Re: Question on early detection for relay spam

Marc Roos skrev den 2020-03-03 16:15: Use ipset, hardly causing any latency using 50k entries. i dont need to block 50k entries, but only whitelist few accepted client ips, where i resolve asn and open this specifik asn to have access, if there is abuse it will be removed so its again is bloc

RE: Question on early detection for relay spam

Use ipset, hardly causing any latency using 50k entries. -Original Message- From: Benny Pedersen [mailto:m...@junc.eu] Sent: 03 March 2020 15:39 To: users@spamassassin.apache.org Subject: Re: Question on early detection for relay spam Riccardo Alfieri skrev den 2020-03-03 14:53

Re: Question on early detection for relay spam

Riccardo Alfieri skrev den 2020-03-03 14:53: # abuse port 21 begin 51.178.0.0/16 as16276 #OVH, FR 80.82.77.0/24 as202425 #INT-NETWORK, SC 104.206.128.0/22 as62904 #EONIX-COMMUNICATIONS-ASBLOCK-62904, US # abuse port 21 end # all ips begin 51.178.78.154 80.82.77.240 104.206.128.54 # all ips end #

Re: Question on early detection for relay spam

Riccardo Alfieri skrev den 2020-03-03 14:53: sasl_username - number of different ips observed in the latest 24h. i have limited so that i only allow sasl auth from trusted custommers ips, all else is firewalled witd default policy of drop, and clients ips is so just still logged if ports is

Re: Question on early detection for relay spam

On 03/03/20 08:54, Benny Pedersen wrote: Ted Mittelstaedt skrev den 2020-03-03 08:26: What do other people do for this problem? Hi Ted, What I can suggest you is to look at our DQS product (https://www.spamhaustech.com/dqs/), that even in it's free subscription model includes AuthBL, a l

RE: Question on early detection for relay spam

>I know this is probably off topic but I'm getting desperate enough to ask. No problem I would say, it is good exchange thoughts and idea's >I run a commercial mailserver that regularly seems to have spammers >relay mail through it that have obtained stolen credentials for a user. > Many

Re: Question on early detection for relay spam

Ted Mittelstaedt skrev den 2020-03-03 08:26: What do other people do for this problem? https://www.abusix.com/abusix-mail-intelligence what more do you want to do ? my own servers reject all clients not in danish ip space unless its sasl authed strong leaked passwords does not help much

RE: Question on Rule

On Mon, 27 Jan 2020, Charles Amstutz wrote: Can someone explain what this actually means and maybe provide an example? Rule Name: FROM_MISSP_DYNIP Rule Definition: misspaced + dynamic rDNS Getting a high score on this and having trouble finding an actual real definition and example. I get the

Re: Question on Rule

On 27 Jan 2020, at 12:32, jdow wrote: Are you sure it is not the extra space between the routing headers and the "Subject:" line? 100% certain. In the standard rule channel, the file 72_active.cf has these lines: meta FROM_MISSP_DYNIP __FROM_RUNON && RDNS_DYNAMIC header

Re: Question on Rule

On 20200127 09:01:10, Charles Amstutz wrote: Hello, Can someone explain what this actually means and maybe provide an example? Rule Name: FROM_MISSP_DYNIP Rule Definition: misspaced + dynamic rDNS Getting a high score on this and having trouble finding an actual real definition and example.

Re: Question on Rule

> Can someone explain what this actually means and maybe provide an > example? > > Rule Name: FROM_MISSP_DYNIP > Rule Definition: misspaced + dynamic rDNS > > Getting a high score on this and having trouble finding an actual real > definition and example. I get the dynamic rDNS I believe, but not

RE: Question on Rule

> > > Hello, > > > > Can someone explain what this actually means and maybe provide an > > example? > > > > Rule Name: FROM_MISSP_DYNIP > > Rule Definition: misspaced + dynamic rDNS > > > > Getting a high score on this and having trouble finding an actual real > > definition and example. I get the

Re: Question on Rule

On Mon, 27 Jan 2020 16:22:39 + Charles Amstutz wrote: > Hello, > > Can someone explain what this actually means and maybe provide an > example? > > Rule Name: FROM_MISSP_DYNIP > Rule Definition: misspaced + dynamic rDNS > > Getting a high score on this and having trouble finding an actual >

RE: Question on Rule

> Am 27.01.20 um 17:22 schrieb Charles Amstutz: > > Can someone explain what this actually means and maybe provide an > example? > > > > Rule Name: FROM_MISSP_DYNIP > > > > Rule Definition: misspaced + dynamic rDNS > > > > Getting a high score on this and having trouble finding an actual real > > d

Re: Question about Bayes implementation

On Tue, 22 Oct 2019 12:21:45 +0200 Philipp Ewald wrote: > Hi folks, > > at this point i split all my SPAM mail to get the attachment to > create a hash table. (but this is not my point) > > Its also possible to split my SPAM into html/text, plain/text and > headers to. > Debian package: ripmime

Re: Question about scoring and autolearning

On 4/18/19 9:05 PM, @lbutlr wrote: > On 18 Apr 2019, at 12:32, Sam wrote: >> I guess I’ll have to raise some scores to make it learn. > Reconsider. The message was clearly marked as spam with a score more than 6 > times the threshold. There is nothing here to train, SA did its job. You have a g

Re: Question about scoring and autolearning

On 18 Apr 2019, at 12:32, Sam wrote: > I guess I’ll have to raise some scores to make it learn. Reconsider. The message was clearly marked as spam with a score more than 6 times the threshold. There is nothing here to train, SA did its job. -- Light thinks it travels faster than anything but

Re: Question about scoring and autolearning

On Thu, 18 Apr 2019 19:56:25 +0200 Sam wrote: > Dear fellow SpamAssassin users, > > I’ve read everything I could find on scoring and autolearning before > posting here, and yet cannot figure why autolearn triggers properly in > the presence of ham but never triggers when SpamAssassin is fed spam.

Re: Question about scoring and autolearning

On 4/18/19 8:19 PM, @lbutlr wrote: > On 18 Apr 2019, at 11:56, Sam wrote: >> However, even with heavy spam, autolearn does not seem to engage in spam >> mode. > Why do you think it should? > > Did you check the message with spamassassin -D? > > You might want to read this: > >

Re: Question about scoring and autolearning

On 18 Apr 2019, at 11:56, Sam wrote: > However, even with heavy spam, autolearn does not seem to engage in spam > mode. Why do you think it should? Did you check the message with spamassassin -D? You might want to read this: --

Re: Question regarding auto-learning

On 03.07.18 12:17, J Doe wrote: From reading the documentation, it appears that to train the Bayesian filter I require a minimum of 1,000 pieces of ham and 1,000 pieces of spam. no. You need at least 200 hams and spams for bayes to start firing but you can tune it bu setting bayes_min_ham_num a

Re: Question regarding trusted_networks

Matus UHLAR - fantomas skrev den 2018-06-16 16:37: not external networks. only external mail servers you trust not to forge e-mail headers. They may send spam but are not the spam sources. On 16.06.18 19:06, Benny Pedersen wrote: not correct spamassassin need to know all wan ips your own ser

  1   2   3   4   5   6   7   >