Re: Spam with broken URI (Zero-Width-Space Unicode characters)

> Just to verify: do email headers *properly* define that this part of email is > "text/html" MIME type, and that it uses quoted-printable encoding? Yes: _NmP-f79e46939889b5eb-Part_1 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable (I attached the gzipped

Re: Spam with broken URI (Zero-Width-Space Unicode characters)

On Fri, Mar 07, 2025 at 10:54:16AM +0100, Michel Arboi wrote: > This piece of HTML triggers my rules, it shouldn't: > Mar 7 02:37:14.474 [162580] dbg: uri: running uri_detail > _HFD_URI_HOSTNAME_NOT_RFC_COMP: > =3D"https://jbcorrie.co.uk/wp-content/uploads/2022/11/JB-Corrie-and-Co-Ltd-= Just t

Re: Spam with broken URI (Zero-Width-Space Unicode characters)

This piece of HTML triggers my rules, it shouldn't: Mobile: 01250 873989 https://www.jbcorrie.co.uk";>https://jbcorrie.co.uk/wp-content/uploads/2022/11/JB-Corrie-and-Co-Ltd-= Signal-Box-Road-Blaigowrie-Perthshire-PH10-6ER-01250-873989.jpg" width=3D"7= Mar 7 02:37:14.474 [162580] dbg: uri: r

Re: Spam body template with diacritics and variants

On Wed, 5 Mar 2025 15:18:43 +0100 Tom Hendrikx wrote: > Interesting to see all the variants and diacritics used. Maybe we can > improve some rules based on the variants. I never received anything > like this, so sharing for the people interested. I received some spams like this, a couple of yea

Re: Spam body template with diacritics and variants

On Wed, 5 Mar 2025, Tom Hendrikx wrote: Hi, Just received a, what seems to be, incorrectly used template for generating mail bodies for bitcoin ripoffs. Interesting to see all the variants and diacritics used. Maybe we can improve some rules based on the variants. There are already a bunc

Re: SPAM-DETECTOR Re: Tips on training bayes?

W dniu 18.09.2024 o 16:29, Matus UHLAR - fantomas pisze: On 18.09.24 16:19, natan wrote: I was very disappointed with spamassassin 4.x because it started to grow /var/lib/amavis/tmp/ amavis should clean this itself. which amavis version do you have installed? did you tune it anyhow? amavisd-

RE: *****SPAM***** Re: *****SPAM***** Re: *****SPAM***** Re: *****SPAM***** Re: *****SPAM***** Re: wordpress work

Lets see how many spamassassin is adding. RE: *SPAM* Re: *SPAM* Re: *SPAM* Re: *SPAM* Re: *SPAM* Re: wordpress work

Re: spam subject marking

On 11/17/22 9:00 AM, Bill Cole wrote: Easier said than done. It's actually quite easy to do. But most people don't want to do what I think should be done. IMHO, the email list itself is a 1st class / proper entity that you are emailing or reading email from. -- I'm not emailing Bill or G

Re: spam subject marking

On 2022-11-16 at 06:46:57 UTC-0500 (Wed, 16 Nov 2022 06:46:57 -0500) Greg Troxel is rumored to have said: > Not really this topic, but I think mailing lists really need to be set > up to not break DKIM. Easier said than done. I'm on an absurd number of mailing lists, and MOST are not entirely D

Re: spam subject marking

On 2022-11-15 at 15:16:49 UTC-0500 (Tue, 15 Nov 2022 20:16:49 +) Marc is rumored to have said: >> You might want to point out to them that rewrite_header breaks any DKIM >> signature on mail, > > Hmmm, good point, not really thought about this even. Are email clients > complaining about this

Re: spam subject marking

On 2022-11-15 at 21:45:52 UTC-0500 (Tue, 15 Nov 2022 18:45:52 -0800) Loren Wilton is rumored to have said: >> So the alternative is adding a header and move it to the spam folder >> automatically on the basis of the header? >> >> Currently I just want to 'warn' users that the message is possible

Re: spam subject marking

On 2022-11-16 at 08:01:12 UTC-0500 (Wed, 16 Nov 2022 06:01:12 -0700) Grant Taylor via users is rumored to have said: > Or said another way, DKIM is only supposed to be a /positive/ /assertion/ if > / when a DKIM signature validation passes. DKIM is supposed to not be > negative. That's ABSOLUT

Re: spam subject marking

On 11/16/22 4:46 AM, Greg Troxel wrote: Can you expand on that? I'll try. My understanding is that few MUAs test DKIM signatures /client/ /side/. -- The only exception that I'm aware of is that there was a Thunderbird add-on that would test DKIM signatures /client/ /side/. Almost all DKIM

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Shawn Iverson skrev den 2022-11-14 21:14: How do I stop this? paypal.com is in the default DKIM whitelist! DKIM-Signature: v=1; a=rsa-sha256; d=paypal.com; s=pp-dkim1; c=relaxed/relaxed; q=dns/txt; i=@paypal.com; t=1668452569; h=From:From:Subject:Date:To:MIME-Version:Content-Type; bh=o8/9XRPN

Re: spam subject marking

Greg Troxel writes: > I did just get a bounce message in reply to a message I sent here, > complaining that my message failed DKIM (maybe the list munged it) and > SPF (ok; the list is not in general authorized to send mail from my > domain) and therefore was being rejected (but I do not current

Re: spam subject marking

"Grant Taylor via users" writes: > On 11/15/22 1:16 PM, Marc wrote: >> Hmmm, good point, not really thought about this even. Are email >> clients complaining about this? > > Few email clients are testing DKIM. Some servers are testing > DKIM. Some systems are mis-treating DKIM failure as someth

Re: spam subject marking

On Tue, Nov 15, 2022 at 9:46 PM Loren Wilton wrote: > > If SA sees the message and classifies it as spam, it normally adds (from > an > example) > X-Spam-Flag: YES > X-Spam-Level: > X-Spam-Status: Yes, score=8.2 required=5.0 > tests=BAYES_50=0.8,DKIM_SIGNED=0.1, > > It should be trivial

Re: spam subject marking

So the alternative is adding a header and move it to the spam folder automatically on the basis of the header? Currently I just want to 'warn' users that the message is possible spam, they can decide to move such emails automatically to a spam folder by enabling a sieve rule. What would be an

Re: spam subject marking

On 11/15/22 1:16 PM, Marc wrote: Hmmm, good point, not really thought about this even. Are email clients complaining about this? Few email clients are testing DKIM. Some servers are testing DKIM. Some systems are mis-treating DKIM failure as something more sever than the specification allows

RE: spam subject marking

> You might want to point out to them that rewrite_header breaks any DKIM > signature on mail, Hmmm, good point, not really thought about this even. Are email clients complaining about this? > in addition to cluttering the Subject if > misclassified mail is part of a conversation. So the alte

Re: spam subject marking

On 2022-11-15 at 05:04:08 UTC-0500 (Tue, 15 Nov 2022 10:04:08 +) Marc is rumored to have said: > I am having repeated occurances of ***SPAM*** in the subject, maybe it is > good to stop adding ***SPAM*** if there are already 10 in the subject? That's an entirely local choice, controlled by

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On 2022-11-14 at 16:11:10 UTC-0500 (Mon, 14 Nov 2022 16:11:10 -0500) Kevin A. McGrail is rumored to have said: > I have also seen the PayPal ecosystem being abused by bad actors sending > things like fake invoices. I am also +1 to remove the domain from the dkim > wl. Same. Paypal could fix th

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Thank you Giovanni, I'll give this rule a try. I think the bigger issue was that the default welcomelist was shortcircuiting any further rule evaluation. Now I'm able to score these emails with rules like this one :) On Tue, Nov 15, 2022 at 2:44 AM wrote: > On 11/14/22 21:14, Shawn Iverson wrote

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Thank you Matus. I was not aware of an unwelcomelist_from_dkim option. This helps immensely. On Tue, Nov 15, 2022 at 4:35 AM Matus UHLAR - fantomas wrote: > On 14.11.22 16:39, Shawn Iverson wrote: > >Corrected... > > > >Default Whitelist Exceptions handling -- SJI 11/14/22 > >shortcircuit USER_

Re: spam subject marking

dings removed from spams though why email is getting multiple would be a question, patches are welcome for consideration. Regards, KAM On Tue, Nov 15, 2022, 07:01 Marc wrote: > > > > When a *user* replies it's not at the beginning > > it's "Re: **spam**" >

RE: spam subject marking

> > When a *user* replies it's not at the beginning > it's "Re: **spam**" :) Indeed, and in other languages it is even different, but I think developers get the point ;)

RE: spam subject marking

> >> spamassassin add multiple times '**spam**' to the subject. > >> > >> your spamassassin only adds it one time > > > > Yes I know, and lazy users do not remove it in replies, that is how > you get multiple occurances > > than i

RE: spam subject marking

> >> > >> multiple signs of spam leading to marking a message as spam > > > > This is not relevant for the discussion on whether or not to have > spamassassin add multiple times '**spam**' to the subject. > > your spamassassin only adds it one time Yes I know, and lazy users do not remove it in r

RE: spam subject marking

> > Am 15.11.22 um 11:48 schrieb Marc: > >> > >> and i told you that it's useful when a message already passed > multiple > >> hops which flagged it as spam to outright reject it > >> > >> /^Subject: .*\*\*\*\*\*spam\*\*\*\*\* \*\*\*\*\*spam\*\*\*\*\*/ > REJECT > >> Administrative Prohibition (Sub

RE: spam subject marking

> > and i told you that it's useful when a message already passed multiple > hops which flagged it as spam to outright reject it > > /^Subject: .*\*\*\*\*\*spam\*\*\*\*\* \*\*\*\*\*spam\*\*\*\*\*/ REJECT > Administrative Prohibition (Subject) A message is either spam or not, and is marked as spa

RE: spam subject marking

> > > > I am having repeated occurances of ***SPAM*** in the subject, maybe it > is good to stop adding ***SPAM*** if there are already 10 in the > subject? > > ask the sending admin why in the world he still continues to blow out > that crap instead trash it > > if there are already two in the s

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On 14.11.22 16:39, Shawn Iverson wrote: Corrected... Default Whitelist Exceptions handling -- SJI 11/14/22 shortcircuit USER_IN_DKIM_WHITELIST off score USER_IN_DKIM_WHITELIST 0 score USER_IN_DEF_DKIM_WL 0 header CUSTOM_FROM_PAYPAL From:addr =~ /paypal\.com/ metaCUSTOM_DKIM_WL_EXCE

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On 11/14/22 21:14, Shawn Iverson wrote: How do I stop this? paypal.com is in the default DKIM whitelist! Does this work on your sample ? The body you posted is only partial. uri__URI_IMG_PAYPAL /^https:\/\/www\.paypalobjects\.com\/(?:digitalassets|en_

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: > How do I stop this?  paypal.com is in the default DKIM whitelist! > I'd treat it as spam because the domain name in the From header doesn't match the domain name in the Message-ID header.  That works for me, with virtually no false mail re

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Corrected... Default Whitelist Exceptions handling -- SJI 11/14/22 shortcircuit USER_IN_DKIM_WHITELIST off score USER_IN_DKIM_WHITELIST 0 score USER_IN_DEF_DKIM_WL 0 header CUSTOM_FROM_PAYPAL From:addr =~ /paypal\.com/ metaCUSTOM_DKIM_WL_EXCEPTIONS USER_IN_DKIM_WHITELIST && CUSTOM_F

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

For those fighting the same battles... # Default Whitelist Exceptions handling -- SJI 11/14/22 shortcircuit USER_IN_DKIM_WHITELIST off score USER_IN_DKIM_WHITELIST 0 score USER_IN_DEF_DKIM_WL 0 header CUSTOM_FROM_PAYPAL From:addr =~ /paypal\.com/ metaCUSTOM_DKIM_WL_EXCEPTIONS USER_I

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Oh yeah? [@x~]$ grep DEF_WHITELIST /var/lib/spamassassin/3.004006/updates_spamassassin_org/* /var/lib/spamassassin/3.004004/updates_spamassassin_org/30_text_de.cf:lang de describe USER_IN_DEF_WHITELIST Absenderadresse steht in der allgemeinen weien Liste /var/lib/spamassassin/3.004004/upda

RE: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

There is no such thing as a default whitelist. > >> > >> How do I stop this? paypal.com is in the > default > >> DKIM whitelist! > >> > > > > > > score USER_IN_DKIM_WHITELIST 0 > > would affect *every* mail in the default whitelist and so be a knee-jerk > reaction without

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

I have also seen the PayPal ecosystem being abused by bad actors sending things like fake invoices. I am also +1 to remove the domain from the dkim wl. Regards, KAM On Mon, Nov 14, 2022, 16:01 Shawn Iverson wrote: > Bottom line is I don't think paypal deserves to be default whitelisted in > re

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Bottom line is I don't think paypal deserves to be default whitelisted in recent history. I've received a lot of spam actually from paypal and judiciously report it to phish...@paypal.com with no apparent action or response. On Mon, Nov 14, 2022 at 3:56 PM Shawn Iverson wrote: > So what I'm goi

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

So what I'm going to do is turn shortcircuit off for USER_IN_DKIM_WHITELIST Create a meta to catch papal.com as the from address and score appropriately Create a counter meta to score other deserving DKIM-signers appropriately On Mon, Nov 14, 2022 at 3:43 PM Alan Hodgson wrote: > On Mon, 2022-1

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

The DKIM signature looks valid. On Mon, Nov 14, 2022 at 3:43 PM Alan Hodgson wrote: > On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: > > How do I stop this? paypal.com is in the default DKIM whitelist! > > > > That message really looks like it came from Paypal and then was > forwarded

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

Are you asking me to rescore these back to 0? That will take some effort to do, but if that's what it takes... On Mon, Nov 14, 2022 at 3:42 PM Marc wrote: > > > > How do I stop this? paypal.com is in the default > > DKIM whitelist! > > > > > > > score USER_IN_DKIM_WHITELI

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: > How do I stop this?  paypal.com is in the default DKIM whitelist! > That message really looks like it came from Paypal and then was forwarded by Microsoft to your server. Was it really a fake? That's a lot of headers to fake if so. If it

RE: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

> > How do I stop this? paypal.com is in the default > DKIM whitelist! > > score USER_IN_DKIM_WHITELIST 0 ?

Re: Spam with Pyzor and DCC scores

On 2022-07-12 00:09, Bert Van de Poel wrote: We have Bayes running on the main server, but my own local server doesn't have it so hence why it's missing. I did however take all spam I received myself in 2022 that wasn't caught and fed it to sa-learn (for the amavis user), thx for that suggestion

Re: Spam with Pyzor and DCC scores

On 11/07/2022 15:44, Matus UHLAR - fantomas wrote: On 11.07.22 12:57, Bert Van de Poel wrote: A few times a month we have spam messages getting through, often in German, that have some spam score but not enough to be marked/discarded. Always these messages are marked by DCC, since they're of c

Re: Spam with Pyzor and DCC scores

On 11.07.22 12:57, Bert Van de Poel wrote: A few times a month we have spam messages getting through, often in German, that have some spam score but not enough to be marked/discarded. Always these messages are marked by DCC, since they're of course bulk spam, but it's also not uncommon to see P

Re: [SPAM?] Re: Memory requirement for SpamAssassin/Postfix/Roundcube/Dovecot stack

Am 26.05.22 um 16:32 schrieb Ian Evans: > File under "questions I think I already know the answer to." > > Looking at moving my site to a new host and I'm pondering splitting > my web/email servers which have always shared the same server. > > Our email server is five accoun

Re: [SPAM?] Re: Memory requirement for SpamAssassin/Postfix/Roundcube/Dovecot stack

If you want to save on memory usage, just having amavis filter out exe files or exe-like files (screensavers, exes in archives, etc.) is much more efficient than using clamav. Of course this doesn't filter out Office macros/OLE, but there's a plugin in SA related to that, I believe. On 26/05/

Re: spam declared mail - contentless - lost?

On Sat, 2022-04-02 at 16:42 +0200, mau...@gmx.ch wrote: > Hello > > i have mails that are signed as [SPAM] from Spamassassin 3.4.6, please > it's possible to catch the input from this mail, or it's this lost? > SpamAssassin [SA] only adds headers to the message. One of these is always the X-Spam-

Re: spam from gmail.com

On 12/11/2021 at 3:33 PM Philip Prindeville wrote: What... you mean "do no evil" is just lip-service? I'm so... so... disillusioned! On 26.11.21 11:07, Peter wrote: They abandaoned the motto in 2018. I often think they only skipped the "Don't" part of their "Don't be evil" motto. -- Matus

Re: spam from gmail.com

They abandaoned the motto in 2018. *** REPLY SEPARATOR *** On 12/11/2021 at 3:33 PM Philip Prindeville wrote: > >What... you mean "do no evil" is just lip-service? I'm so... so... >disillusioned! > >-Philip

Re: spam from gmail.com

> On Nov 9, 2021, at 6:49 AM, Jared Hall wrote: > > On 11/8/2021 11:36 PM, Peter wrote: >> It seems that people aren't taking google as seriously any more. > First came Freemail. Then came SpamAssassin. I DO think that people take > Google seriously. There are just so many ways to deal wit

Re: spam from gmail.com

Bill Cole writes: >> I've ended up giving a point each to FREEMAIL_FROM and TO_GMAIL, which >> sort of nulls that out. > > Also: the DNSWL rules in the default ruleset are mis-scored, based > apparently on a Perceptron run early in the history of SA and DNSWL. I > don't know exactly how to fix t

Re: spam from gmail.com

On 2021-11-11 at 07:56:59 UTC-0500 (Thu, 11 Nov 2021 07:56:59 -0500) Greg Troxel is rumored to have said: > Philipp Ewald writes: > >> You can report it. Gmail is on DNSWL >> >> @gmail.com> >> RCVD_IN_DNSWL_MED=-2.3 >> >> https://www.dnswl.org/?page_id=17 >> >> As far as i know DNSWL is used by

Re: spam from gmail.com

The same with Microsoft365... A couple of weeks ago tons of M365 IP ranges got into their own RBLs...  good job!!!  Pedreter. >On Tuesday, November 9, 2021, 01:09:39 PM GMT+1, Peter wrote: > >This has been going on for a long time, Google is now one of my top spam >scources - I black

Re: Spam email by-pass because dkim adsp timeout

On 2021-10-20 at 11:31:48 UTC-0400 (Wed, 20 Oct 2021 17:31:48 +0200) Alessio Cecchi is rumored to have said: > Il 20/10/21 16:46, Benny Pedersen ha scritto: >> On 2021-10-20 16:35, Alessio Cecchi wrote: >> >>> How can I configure this timeout to 5 seconds or similar? >> >> perldoc Mail::SpamAssas

Re: Spam email by-pass because dkim adsp timeout

Il 20/10/21 16:46, Benny Pedersen ha scritto: On 2021-10-20 16:35, Alessio Cecchi wrote: How can I configure this timeout to 5 seconds or similar? perldoc Mail::SpamAssassin::Plugin::DKIM see section override Thanks, I have solved with: adsp_override   *    unknown There still a 10 secon

Re: Spam email by-pass because dkim adsp timeout

On 2021-10-20 16:35, Alessio Cecchi wrote: How can I configure this timeout to 5 seconds or similar? perldoc Mail::SpamAssassin::Plugin::DKIM see section override have in mind that ADSP is depricated, as in opendkim its removed, but in perl its still supported as usefull feature :=)

Re: SPAM? Re: Difference is score when mail is received by Postfix and when tested from the command line

On 2021-10-09 19:52, Thomas Seilund wrote: I will look into upgrading and the suggestions you put forward. also amavisd does not need spamd, if that part of diffent test Authentication-Results: spamproc1-he-de.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=netmaster.dk he

Re: SPAM? Re: Difference is score when mail is received by Postfix and when tested from the command line

On 10/9/21 7:01 PM, Matus UHLAR - fantomas wrote: On 2021-10-09 at 11:39:48 UTC-0400 (Sat, 9 Oct 2021 17:39:48 +0200) Thomas Seilund is rumored to have said: Mail server is Debian Buster running Postfix and SA 3.4.2. On 09.10.21 12:54, Bill Cole wrote: You should upgrade SA. The current rel

Re: SPAM? Re: Difference is score when mail is received by Postfix and when tested from the command line

On 10/9/21 6:54 PM, Bill Cole wrote: On 2021-10-09 at 11:39:48 UTC-0400 (Sat, 9 Oct 2021 17:39:48 +0200) Thomas Seilund is rumored to have said: Dear All I see incomming mail that I would imagine that SA should classify as spam but mail only gets a score of 2 When I run the same mail thr

Re: SPAM? Re: Difference is score when mail is received by Postfix and when tested from the command line

On 2021-10-09 at 11:39:48 UTC-0400 (Sat, 9 Oct 2021 17:39:48 +0200) Thomas Seilund is rumored to have said: Mail server is Debian Buster running Postfix and SA 3.4.2. On 09.10.21 12:54, Bill Cole wrote: You should upgrade SA. The current release is 3.4.6 and it includes significant performanc

Re: SPAM scanned twice

I just forgot how email works, it seems. It just now struck me it is not be rescanned at all, but merely has the information posted again, so it appears as part of the "new message"? I thought it odd the SPAM scores were identical. That should have been the first clue x four. But, no . . .

Re: SPAM scanned twice

On Monday 12 July 2021 at 20:07:16, Joe Acquisto-j4 wrote: > SpamAssassin 3.4.5 (2021-03-20) on Suse Leap 15.2 (their distro IIRC) > > Noticed that mail marked as SPAM was scanned again by SA after it had been > "disposed" as an attachment. > > I uncommented "report_safe 0" and did a restart of

Re: Spam from Turkey?

Hi, Some networks are known to be more accommodating spam here. I wouldn't actually call these "ISPs" These are usually one-man-show hosting companies with either no care or knowledge. I don't think it would hurt anyone if you are to block their complete IP ranges. But going back my logs by a

Re: Spam from Turkey?

On 30 Aug 2020, at 3:02, Anders Gustafsson wrote: Hi! Over the last months the real egregious spammers have all been from Turkish ISPs. Had 15+ of them during this morning from Meric Internet Teknolojileri A.S. anyone seen this as well? On some systems but not others, so apparently it's som

Re: Spam Mail

On 2020-03-24 07:31, KADAM, SIDDHESH wrote: Anyway of blocking attached spam mail of Corona. its not a problem if you dont have a bitcoin address, stay safe, only change email password to be more safe, if the content is right all he clams is he knows your leaked password even strong passwo

Re: Spam Mail

On Tue, Mar 24, 2020 at 12:01:46PM +0530, KADAM, SIDDHESH wrote: > Team, > > Anyway of blocking attached spam mail of Corona. > it's hitting more than 9 points for me with updated rules. Most relevant hits are: 1.0 FORGED_SPF_HELONo description available. 0.5 KAM_NUMSUBJECT Subj

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

Notice: same mail on Debian 10 Server Rule dont hit spamassassin -V SpamAssassin version 3.4.2 running on Perl version 5.28.1 On 05.02.20 17:38, Philipp Ewald wrote: on this server i have installed updates apparently not enough... Debian 9.11 Server which rule was hit: # damn this soun

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

Thanks for help! Notice: same mail on Debian 10 Server Rule dont hit spamassassin -V SpamAssassin version 3.4.2 running on Perl version 5.28.1 on this server i have installed updates Debian 9.11 Server which rule was hit: # damn this sounds so wrong spamassassin -V SpamAssassin version

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

On 05.02.20 17:18, Henrik K wrote: >The error can only happen if there was unquoted $ in regex. > >header __ZMIfish_ForgedBill01 Message-ID =~ /$Blat.v3/ > >Newer 3.4.4 don't care about such things, you should upgrade asap since >there are vulnerabilities. On Wed, Feb 05, 2020 at 04:55:33PM +

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

On Wed, Feb 05, 2020 at 04:55:33PM +0100, Matus UHLAR - fantomas wrote: > On 05.02.20 17:18, Henrik K wrote: > >The error can only happen if there was unquoted $ in regex. > > > >header __ZMIfish_ForgedBill01 Message-ID =~ /$Blat.v3/ > > > >Newer 3.4.4 don't care about such things, you should upg

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

On 05.02.20 17:18, Henrik K wrote: The error can only happen if there was unquoted $ in regex. header __ZMIfish_ForgedBill01 Message-ID =~ /$Blat.v3/ Newer 3.4.4 don't care about such things, you should upgrade asap since there are vulnerabilities. the OP reported using debian, which has th

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

So this must have been an old version of the file, the current regex is quoted. Also Stretch has backported 3.4.4 fixes, but maybe Philipp did not include debian-security sources? > The error can only happen if there was unquoted $ in regex. > > header __ZMIfish_ForgedBill01 Message-ID =~ /$Blat.

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

The error can only happen if there was unquoted $ in regex. header __ZMIfish_ForgedBill01 Message-ID =~ /$Blat.v3/ Newer 3.4.4 don't care about such things, you should upgrade asap since there are vulnerabilities. On Wed, Feb 05, 2020 at 04:08:43PM +0100, Philipp Ewald wrote: > >That is str

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

That is strange. Do you have a copy of that file? Is it identical to [1] no really... i have remove all lines with starting "#" sed -i '/^#.*/d' /etc/spamassassin/70_zmi_german.cf File comes from: http://sa.zmi.at/sa-update-german/402.tar.gz linux-distribution package, CPAN, other? Debian 9.1

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

That is strange. Do you have a copy of that file? Is it identical to [1]? What exact SA codebase is this; linux-distribution package, CPAN, other? > Feb  5 14:19:46.438 [6998] warn:  (Global symbol "$Blat" requires > explicit package name (did you forget to declare "my $Blat"?) at > /etc/spamassas

Re: [SPAM] Re: REPLYTO_WITHOUT_TO_CC

just saw this error: Feb 5 14:19:46.438 [6998] warn: rules: failed to compile Mail::SpamAssassin::Plugin::Check::_head_tests_0_4, skipping: Feb 5 14:19:46.438 [6998] warn: (Global symbol "$Blat" requires explicit package name (did you forget to declare "my $Blat"?) at /etc/spamassassin/70_zmi

Re: SPAM message format, or not ?

On Thu, 2019-12-19 at 16:56 +, Chip M. wrote: > On Wed, 18 Dec 2019, John Hardin wrote: > > Can you post a spample > > This is a very interesting pattern that I've seen in a few (9) spams > this week. > Here's a spample (with only the To header MUNGED): > > http://puffin.net/software/

Re: SPAM message format, or not ?

On Wed, 18 Dec 2019, Lindsay Haisley wrote: I've been getting a lot of spams here with a format similar to: [snip] d171f2b7-af04-5a8-5a8-cee259c46b8f 9fc2adda-9160-c56-c56-feadd16b0acc cec5f152-fd8b-9a9-9a9-c5e5c0e676cb 3aaf4ded-e0ec-31d-31d-efec2dbb3f8a b4804f85-ac57-2d2-2d2-f1c275fd8a0f 4a8

Re: Spam mail not showing up

I have not seen that tutorial but you don't have mail flowing spam or otherwise: temporary failure. Command output: sendmail: fatal: open /etc/postfix/ main.cf: Permission denied Fix that and try again. Happy Friday the 13th, KAM On Fri, Dec 13, 2019, 08:54 bobby wrote: > I am following this

Re: Spam rule for HTTP/HTTPS request to sender's root domain

On 2019-03-01 07:21, Mike Marynowski wrote: For anyone who wants to play around with this, the DNS service has been posted. You can test the existence of a website on a domain or any of its parent domains by making DNS queries as follows: subdomain.domain.com.httpcheck.singulink.com Hello. I

Re: Spam child

On Sep 15, 2019, at 3:03 PM, RW wrote: > On Sun, 15 Sep 2019 13:36:13 -0600 > @lbutlr wrote: >> On Sep 15, 2019, at 6:53 AM, RW wrote: >>> When child processes are running as root they switch to the unix >>> user running spamc (or specified with spamc -u) for processing the >>> scan. If that wo

Re: Spam child

On Sun, 15 Sep 2019 13:36:13 -0600 @lbutlr wrote: > On Sep 15, 2019, at 6:53 AM, RW wrote: > > When child processes are running as root they switch to the unix > > user running spamc (or specified with spamc -u) for processing the > > scan. If that would still result in root being used the chil

Re: Spam child

On Sep 15, 2019, at 6:53 AM, RW wrote: > When child processes are running as root they switch to the unix user > running spamc (or specified with spamc -u) for processing the scan. If > that would still result in root being used the child process switches > to nobody instead. OK, should I set r

Re: Spam child

On Sat, 14 Sep 2019 13:30:48 -0600 @lbutlr wrote: > What is starting spamd as nobody instead of root like the other > processes? Most likely it's caused by something running spamc as root or trying to scan an email for the root user. When child processes are running as root they switch to the

Re: Spam child

On Sep 15, 2019, at 1:09 AM, Axb wrote: > On 9/14/19 9:30 PM, @lbutlr wrote: >> I am still getting spammed processes that last for hours or days. When I >> kill them, `kill -9` they come back after the load drops. The processes use >> 100% of the processor. >> nobody 72041 100.0 2.2 87264 7

Re: Spam child

On 9/14/19 9:30 PM, @lbutlr wrote: I am still getting spammed processes that last for hours or days. When I kill them, `kill -9` they come back after the load drops. The processes use 100% of the processor. nobody 72041 100.0 2.2 87264 76940 - R10:36 35:28.97 spamd child (perl

Re: Spam child

On Sat, 14 Sep 2019 13:30:48 -0600 @lbutlr wrote: > Running SA 3.4.2 on FreeBSD 11.3 with no updates pending. I tried > updating perl, but that did not work at all, it appears SA can’t use > perl 5.30. I'm using perl 5.30 with SA 3.4.2 on FreeBSD 12.0.

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Continuing to fine-tune this service - thank you to everyone testing it. Some updates were pushed out yesterday:  * Initial new domain "grace period" reduced to 8 minutes (down from 15 mins) - 4 attempts are made within this time to get a valid HTTP response  * Mozilla browser spoofing is imple

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Thank you! I have no idea how I missed that... On 3/13/2019 7:11 PM, RW wrote: On Wed, 13 Mar 2019 17:40:57 -0400 Mike Marynowski wrote: Can someone help me form the correct SOA record in my DNS responses to ensure the NXDOMAIN responses get cached properly? Based on the logs I don't think dow

Re: Spam rule for HTTP/HTTPS request to sender's root domain

On Wed, 13 Mar 2019 17:40:57 -0400 Mike Marynowski wrote: > Can someone help me form the correct SOA record in my DNS responses > to ensure the NXDOMAIN responses get cached properly? Based on the > logs I don't think downstream DNS servers are caching it as requests > for the same valid HTTP doma

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Can someone help me form the correct SOA record in my DNS responses to ensure the NXDOMAIN responses get cached properly? Based on the logs I don't think downstream DNS servers are caching it as requests for the same valid HTTP domains keep hitting the service instead of being cached for 4 days

Re: Spam rule for HTTP/HTTPS request to sender's root domain

Any HTTP status code 400 or higher is treated as no valid website on the domain. I see a considerable amount of spam that returns 5xx codes so at this point I don't plan on changing that behavior. 503 is supposed to indicate a temporary condition so this seems like an abuse of the error code.

Re: Spam rule for HTTP/HTTPS request to sender's root domain

> Antony Stone kirjoitti 13.3.2019 > kello 20.36: > > On Wednesday 13 March 2019 at 19:21:47, Jari Fredriksson wrote: > >> What would it result for this: >> >> I have a couple domains that do not have any services for the root domain >> name. How ever, the server the A points do have a web s

Re: Spam rule for HTTP/HTTPS request to sender's root domain

On Wednesday 13 March 2019 at 19:21:47, Jari Fredriksson wrote: > What would it result for this: > > I have a couple domains that do not have any services for the root domain > name. How ever, the server the A points do have a web server that acts as > a reverse proxy for many subdomains that wil

Re: Spam rule for HTTP/HTTPS request to sender's root domain

What would it result for this: I have a couple domains that do not have any services for the root domain name. How ever, the server the A points do have a web server that acts as a reverse proxy for many subdomains that will be served a web page. A http 503 is returned by the pound reverse for

Re: Spam rule for HTTP/HTTPS request to sender's root domain

On Wed, 13 Mar 2019 at 13:04, RW wrote: > > On Wed, 13 Mar 2019 10:53:06 + > Dominic Raferd wrote: > > > On Wed, 13 Mar 2019 at 10:33, Mike Marynowski > > wrote: > > > > > > > For those of us who are not SA experts can you give an example of how > > to use your helpful new lookup facility (i.

  1   2   3   4   5   6   7   8   9   10   >