I am not automated!
Obviously, the spammer used a script to convert the word "email" to
"m...@psfc.mit.edu". But they forget about the last line. - Mark
report it to phishtank if its one of them
may i have a sample in private ?
Hi - I'm really getting tired of these fake warnings. See below. This
one luckily hit spamcop. Otherwise, it would have been delivered.
As an aside, see the last line of the email. I am not automated!
Obviously, the spammer used a script to convert the word "email" to
&qu
So this is a bug in amavis and not spamassassin? Or is it in the DMARC.pm
plugin? https://metacpan.org/pod/Mail::DMARC?
Hm, there might be different opinions on this. I would ask Mail::DMARC developers if they could apply their invalid-to-permerror
mapping for all codepaths in Mail::DMARC
I am somewhat certain those two lines are related and that the "invalid DKIM
result" is `invalid` verbatim.
Mail::DKIM::Verifier creates a signature with a result `invalid` for ed25519, Amavis passes all signatures to SpamAssassin,
Mail::SpamAssassin::Plugin::DMARC->_check_dmarc
On 17/11/2024 11:39, Damian wrote:
I am somewhat certain those two lines are related and that the
"invalid DKIM result" is `invalid` verbatim.
Mail::DKIM::Verifier creates a signature with a result `invalid` for
ed25519, Amavis passes all signatures to SpamAssassin,
Mail::Sp
:46, Nick Howitt wrote:
Thanks for the reply.
Spamassassin version is 4.0.0-8ubuntu5.
Once again, do you use Debian or Ubuntu?
Debian 12. It looks like I got the previous answer from a system in
Australia I had open in another window. My bad.. Now I get:
root@mail-www:~# cat /etc
2024-11-17T09:12:32.176335+00:00 mail-www amavis[2068017]: (2068017-11) dkim: FAILED
Author+Sender+MailFrom signature by d=community.ipfire.org, From:
, a=ed25519-sha256, c=relaxed/relaxed,
s=202003ed25519, i=@community.ipfire.org,
m.list(ml:static/dynamic
On 2024-11-16 at 16:48:49 UTC-0500 (Sat, 16 Nov 2024 21:48:49 +)
Nick Howitt
is rumored to have said:
My set up is Debian 12 with their packaged amavis, postfix,
spamassassin, clamav and postfix-policyd-spf-python.
On 17.11.24 09:46, Nick Howitt wrote:
Thanks for the reply.
Spamassa
On 16/11/2024 23:12, Bill Cole wrote:
On 2024-11-16 at 16:48:49 UTC-0500 (Sat, 16 Nov 2024 21:48:49 +)
Nick Howitt
is rumored to have said:
Hi,
I am just going through my mail logs and I am seeing a lot of:
_WARN: plugin: eval failed: invalid DKIM result at
/usr/share
On 2024-11-16 at 16:48:49 UTC-0500 (Sat, 16 Nov 2024 21:48:49 +)
Nick Howitt
is rumored to have said:
Hi,
I am just going through my mail logs and I am seeing a lot of:
_WARN: plugin: eval failed: invalid DKIM result at
/usr/share/perl5/Mail/DMARC.pm line 107.
Context would help
Hi,
I am just going through my mail logs and I am seeing a lot of:
_WARN: plugin: eval failed: invalid DKIM result at
/usr/share/perl5/Mail/DMARC.pm line 107.
My set up is Debian 12 with their packaged amavis, postfix,
spamassassin, clamav and postfix-policyd-spf-python.
Should I be
On 7/19/24 5:34 AM, giova...@paclan.it wrote:
do you intend to have a rule like this one ?
header __TO_NAME To:name =~ /(?.*)/
body DEAR_NAME /Dear %{TO_NAME}/
Once I'm dealing with versions of SpamAssassin that support such, yes.
I'm currently caring for and feeding a s
On 7/18/24 5:10 AM, Grant Taylor via users wrote:
On 7/17/24 18:04, Matija Nalis wrote:
I.e. would you consider it to be significantly less likely to be spam if it contained "Dear
Elizabeth," while being addressed to "mark@domain" instead of to "elizabeth@domain"
On 7/18/24 15:58, Mark London wrote:
I asked ChatGPT how to test for a "Dear 'username'". After a bit of
work, I got working code.
Okay.
ChatGPT knows perl.
I question the value of "knows" as in knowledge of Perl.
I already had a Perl file EvalTests.pm
I asked ChatGPT how to test for a "Dear 'username'". After a bit of
work, I got working code. ChatGPT knows perl.
I already had a Perl file EvalTests.pm file with customized Perl eval
functions, so I threw it in there. Otherwise, you'll need to create
your own fil
On 7/17/24 18:04, Matija Nalis wrote:
I.e. would you consider it to be significantly less likely to be
spam if it contained "Dear Elizabeth," while being addressed to
"mark@domain" instead of to "elizabeth@domain" ?
I've seen quite a bit of spam that open
On Wed, Jul 17, 2024 at 04:45:16PM -0400, Mark London wrote:
> Does anyone have a rule to detect "Dear xxx," in the body of the message,
> where the "To:" address is xxx@domain?
>
> We've been getting phishing email sent to us with variations of that. Hi,
>
Does anyone have a rule to detect "Dear xxx," in the body of the
message, where the "To:" address is xxx@domain?
We've been getting phishing email sent to us with variations of that.
Hi, Dear, etc, followed by the username of the address.
Thanks. - Mark
I'd also strongly recommend adding boundaries: /\b(blah1|blah2|blah3)\b/i
Otherwise, you might have a whole *pano*ply of words that will make
legit mails marked a spam. You need to be super sure about poison pills
rules, or in french - *pillu*le empoisonnée.
Good luck.
On 18.06.24 13:35
You need to enclose in brackets
body LOCAL_BLAH /(blah1|blah2|blah3)/i
On 6/18/24 13:05, Anders Gustafsson wrote:
Sure:
body LOCAL_PORN_RULE
/kiimainen|naida|sexikäs|nussikas|nussia|pillu|pano|kinky|bdsm|pillua|x69-JOOGA/i
score LOCAL_PORN_RULE 8
describe LOCAL_PORN_RULE This catches
On 18.06.24 14:05, Anders Gustafsson wrote:
body LOCAL_PORN_RULE
/kiimainen|naida|sexikäs|nussikas|nussia|pillu|pano|kinky|bdsm|pillua|x69-JOOGA/i
score LOCAL_PORN_RULE 8
describe LOCAL_PORN_RULE This catches peter's porn spam
Sorry again for mailing directly. No idea why it suggests th
Sure:
body LOCAL_PORN_RULE
/kiimainen|naida|sexikäs|nussikas|nussia|pillu|pano|kinky|bdsm|pillua|x69-JOOGA/i
score LOCAL_PORN_RULE 8
describe LOCAL_PORN_RULE This catches peter's porn spam
Sorry again for mailing directly. No idea why it suggests the user and not
users@
--
Med vänlig
On 18.06.24 13:50, Anders Gustafsson wrote:
body LOCAL_PORN_RULE /word1|word2.|x69-JOOGA/i
score LOCAL_PORN_RULE 8
describe LOCAL_PORN_RULE This catches peter's porn spam
Funny thing is that it seems to trigger on messages that contain none of those
words. I have removed the
actual
We have a rule that is supposed to catch various porn-related stuff:
body LOCAL_PORN_RULE /word1|word2.|x69-JOOGA/i
score LOCAL_PORN_RULE 8
describe LOCAL_PORN_RULE This catches peter's porn spam
Funny thing is that it seems to trigger on messages that contain none of those
wor
Pierluigi Frullani skrev den 2024-04-18 20:23:
It was simscan, that is compiled with enable-drop.
with is fine
The problem was a bad expression in blacklist_from section in local.cf
[1]
this is spam, not virus
Sorry for the noise.
if you like to reject all / drop all, why not pants
Pierluigi Frullani skrev den 2024-04-18 19:52:
So could it be simscan ?
super you wake up :)
configure it to pass spam, and reject virus
simscan is very old, btw
Pierluigi Frullani skrev den 2024-04-18 19:44:
I'm really fighting with spamassasin as one ( legit ) mail get spam
dropped with a 99.90 value, also if I have put, in local.cf [1] a
required hit of 100.
why is 100 required score ?
spamassassin does only tag, it does not drop
The ma
It was simscan, that is compiled with enable-drop.
The problem was a bad expression in blacklist_from section in local.cf
Sorry for the noise.
Pierluigi
Il giorno gio 18 apr 2024 alle ore 19:56 Reindl Harald (privat) <
ha...@rhsoft.net> ha scritto:
>
>
> Am 18.04.24 um 19:52 sc
> I'm really fighting with spamassasin as one ( legit ) mail get spam
> > dropped with a 99.90 value, also if I have put, in local.cf
> > <http://local.cf> a required hit of 100.
> > The mail is sent from a legit gmail account ( my daughter ) to me and
> > contains
Hello all,
I'm really fighting with spamassasin as one ( legit ) mail get spam
dropped with a 99.90 value, also if I have put, in local.cf a required hit
of 100.
The mail is sent from a legit gmail account ( my daughter ) to me and
contains some amazon links for stuff to buy.
I have dis
is no way for
spamassassin to install, I never recall having this problem ever
before on
all 3.x versions, but 4.0.0 is a useless bitch, i'm about to install
rspamd
I'm sorry to hear that you're having such problems. I don't know of any
major changes to the install proces
On 30.01.24 13:36, Nick Edwards wrote:
Set up a new server today, took no time in postfix dovecot and amavisd,
apache roundcube, and everything, then came spamassassin
thankfully I chose to install this whilst we left for lunch, but 45mins
later to my horror it was still trying to install
4.0.0 is a useless bitch, i'm about to install
rspamd
On Tue, Jan 30, 2024 at 1:36 PM Nick Edwards
wrote:
> Venting
>
> Set up a new server today, took no time in postfix dovecot and amavisd,
> apache roundcube, and everything, then came spamassassin
>
> thankfully
Venting
Set up a new server today, took no time in postfix dovecot and amavisd,
apache roundcube, and everything, then came spamassassin
thankfully I chose to install this whilst we left for lunch, but 45mins
later to my horror it was still trying to install, why? because its tests
failed for
On 02/12/2023 05:16, Benny Pedersen wrote:
White, Daniel E. (GSFC-770.0)[AEGIS] via users skrev den 2023-12-01
16:35:
why do you reply to a member that can't answer on maillist ?
From: Reindl "Toxic Troll" Harald
Because that moderated troll has a long known habit on mo
Is there a way to capture the offending messages to figure out the
problem ?
if you reject, its rejected
Amavis rejects after DATA and is able to quarantine such mails.
White, Daniel E. (GSFC-770.0)[AEGIS] via users skrev den 2023-12-01
16:35:
Many thanks. I will try this and report back
why do you reply to a member that can't answer on maillist ?
From: Reindl Harald
White, Daniel E. (GSFC-770.0)[AEGIS] via users skrev den 2023-12-01
16:29:
We are using SpamAssassin 3.4.6-1 with Postfix 3.5.8-4 on RHEL 8
We are seeing occasional blocked messages that say “milter-reject”
with a spam score of 8
good or bad ?
Is there a way to capture the offending
On 2023-12-01 at 10:29:24 UTC-0500 (Fri, 1 Dec 2023 15:29:24 +)
White, Daniel E. (GSFC-770.0)[AEGIS] via users
is rumored to have said:
We are using SpamAssassin 3.4.6-1 with Postfix 3.5.8-4 on RHEL 8
We are seeing occasional blocked messages that say “milter-reject”
with a spam score of
That depends on the milter you're using to "glue" SA to postfix.
IE if you're using a milter (the thing that's triggering that "milter-reject"
response) this means that Postifx is passing the messages to the milter, the
milter is passing them to SA-spamd, ge
Many thanks. I will try this and report back
From: Reindl Harald
Organization: the lounge interactive design
Date: Friday, December 1, 2023 at 10:32
To: Daniel White , "users@spamassassin.apache.org"
Subject: [EXTERNAL] Re: Catch a rejected message ?
Am 01.12.23 um 16:29 sch
We are using SpamAssassin 3.4.6-1 with Postfix 3.5.8-4 on RHEL 8
We are seeing occasional blocked messages that say “milter-reject” with a spam
score of 8
Is there a way to capture the offending messages to figure out the problem ?
Thanks
} has started using a Gmail address that is his
first name dot his last name at gmail dot com.
Grant. . . .
reasons and they have not
> had security problems with it, in many years of operations. What you
> choose to do should be based on what YOU want.
>
I have a setup where I globally mark spam and users have the option to 'unmark'
messages from senders. So every user has a little
On 2023-07-07 at 12:08:22 UTC-0400 (Fri, 7 Jul 2023 09:08:22 -0700
(PDT))
Richard Troy
is rumored to have said:
Hi All,
I changed the subject line to hopefully get some insight from a wider
audience regarding this situation that Reindl uncovered:
It should be noted that Harald Reindl is
Check the systemd unit file. It should set the user the service runs as.
end my day doing this; I have a customer visit planned that's coming up
soon! I just don't have much time!
sorry - i can't translate our configs and setup dating 9 years back and
nothing in common with anything from the distribution - "sa-learn" needs to
write where the
rite
into? ... Again, pointers would be nice - it's not like I was planning to
spend my day doing this; I have a customer visit planned that's coming up
soon! I just don't have much time!
Richard
Hi All,
I changed the subject line to hopefully get some insight from a wider
audience regarding this situation that Reindl uncovered:
It started here:
It appears that it IS running as root?! OR maybe as "sa-milt" ... As
root I got this:
# ps auxwww | grep spamd
root
sys-syslog
# grep spam /etc/passwd
sa-milt:x:976:975:SpamAssassin
Milter:/var/lib/spamass-milter:/sbin/nologin
So... run it as sa-milt (my guess), or as root?
Note that this is on a Fedora Server v 38 - the OS is a couple of months
old
so your whole setup is more then questionable
give comm
(I was running it as root - which the docs don't mention but I figure is
what I'm supposed to do!)
why do you suppose that?
...Uh... Because otherwise why the -u flag and comments about running it for
virtual users?
you NEVER run anything as root which isn't a
On Fri, 7 Jul 2023, Jared Hall wrote:
I believe the default format is Maildir. You mention a single file w/
multiple emails which suggests you might be running MBox format? If so, try
the --mbox command line switch.
-- Jared Hall
GREAT CATCH, Jared; you are correct, mine are in mbox
Am 07.07.23 um 17:04 schrieb Richard:
I've FINALLY built up a "corpus" of ham vs spam and also FINALLY had some
time to spend on this and just ran sa-learn on, oh, IDK, some 10k email
messages or so, I'd guess. And along the way, I NEVER ONCE got the kind of
output r
On 7/7/2023 11:04 AM, Richard wrote:
For example, here I run it against a file containing just over 2100 spam:
In the end, I ran it on about four dozen files of ham and about 6 or
so files of spam emails, carefully curated. In all these files, I
NEVER saw it say it examined more than 1
Hi SA users,
I've FINALLY built up a "corpus" of ham vs spam and also FINALLY had some
time to spend on this and just ran sa-learn on, oh, IDK, some 10k email
messages or so, I'd guess. And along the way, I NEVER ONCE got the kind of
output response back from sa-learn th
Loren Wilton skrev den 2023-04-15 18:45:
I get a lot of spams, and a major characterisitc is they only have
text/plain that is base-64 encoded.
Since I live in an area where base-64 encoding is basically never
necessary, almost all base-64 encoded text parts are major spam signs.
Content-Type
I get a lot of spams, and a major characterisitc is they only have
text/plain that is base-64 encoded.
Since I live in an area where base-64 encoding is basically never necessary,
almost all base-64 encoded text parts are major spam signs.
Content-Type: text/plain; charset=utf-8
Content
On Mon, 3 Oct 2022, Loren Wilton wrote:
I'm getting a bunch of spams from fake gmail accounts that consist of one
short line of text and a 2 MB jpg file.
The subject and body text are pretty much random beyond that.
How do I check for the following?
--e345f305ea2680cd
Co
I'm getting a bunch of spams from fake gmail accounts that consist of one
short line of text and a 2 MB jpg file.
The subject and body text are pretty much random beyond that.
How do I check for the following?
--e345f305ea2680cd
Content-Type: image/jpeg; name="MMM.jp
On 2022-03-25 05:29, Don Saklad wrote:
Looking for a quick reference key about
understanding spamassassin headers on messages
a) for the most important spamassassin headers
b) and for all the spamassassin headers
c) spamassassin untrust all internal headers not local, eq all headers
added by
Looking for a quick reference key about
understanding spamassassin headers on messages
a) for the most important spamassassin headers
b) and for all the spamassassin headers
Just off the top of my head:
rawbodyONEDRIVE_DOWNLOADm'https://onedrive\.live\.com/download[?]cid='
score ONEDRIVE_DOWNLOAD0.5
describeONEDRIVE_DOWNLOADDownload link to a file on Onedrive
Personally I'd be inclined to put an i on the end
rules for a sneaky SPEAR-VIRUS spam that gets past bayes because legit
content from hijacked emails are copied into the spam, making it look
like a follow-up msg of an existing legit conversation. Catch using
these rules below. (Perhaps also add more to this to prevent rare FPs?
But this is a
=0.001, MAILING_LIST_MULTI=-1,
MIME_QP_LONG_LINE=0.001, SPF_FAIL=0.001, SPF_HELO_NONE=0.001]
autolearn=ham autolearn_force=no
It looks like your bayes db is poisoned/not trained correctly.
Best course of action, IMO, is to delete it and restart training from
scratch, with a decent
On 19.01.22 16:35, Xavier Humbert wrote:
My Thunderbird's Junk mailbox is full (75%) of spams, recognized by
TB's bayes engine, but not by SA's. They are quite often even scored
as negatives
Despite the monthly use of sa_learn from Junk mailbox, spams keep
being not flagg
Hi,
My Thunderbird's Junk mailbox is full (75%) of spams, recognized by TB's
bayes engine, but not by SA's. They are quite often even scored as negatives
Despite the monthly use of sa_learn from Junk mailbox, spams keep being
not flagged.
Example a false negative :
X-
On 9/27/2021 4:37 PM, Lucas Rolff wrote:
So is FISA702.
True that. But that is a harder sell (to my clients).
-- Jared Hall
It’s gonna be interesting to see how well they’re gonna do indeed. Because it
can go both ways, sometimes too much data can also be a negative thing.
I’m curious how they’re gonna catch false positives in reality, if they expect
people to report them, or will allow some kind of feedback
On 9/27/2021 12:24 PM, Brent Clark wrote:
Good day Guy
I came across this (via slashdot).
https://www.wired.com/story/cloudflare-taking-a-shot-at-email-security/
Interesting times.
Regards
Brent
What I did like the most was the statement:
“We think of customer data as a toxic asset. We
Good day Guy
I came across this (via slashdot).
https://www.wired.com/story/cloudflare-taking-a-shot-at-email-security/
Interesting times.
Regards
Brent
On Sun, Sep 12, 2021 at 08:34:28PM -0500, Dave Funk wrote:
> On Sun, 12 Sep 2021, Loren Wilton wrote:
>
> > I found this little wonder in a bunch of spams I've been getting for the
> > last few days:
> >
> > http://"; http://"; http://&q
On Sun, 12 Sep 2021, Loren Wilton wrote:
I found this little wonder in a bunch of spams I've been getting for the last
few days:
http://"; http://"; http://"; http://"; http://"; http://";
href="http:/mi.wey.vandalized655bccemetries -dot- cleaning/i
I found this little wonder in a bunch of spams I've been getting for the
last few days:
http://"; http://"; http://"; http://"; http://"; http://";
href="http:/mi.wey.vandalized655bccemetries.cleaning/id>">unsubscribe here
I have no idea if
Le 02/09/2021 à 20:49, Bill Cole a écrit :
so what is the real problem with sa-update not working under
spamassassin's own user when on a cron job on debian 11 ?
You need to run the sa-update cron job as the same user that
INSTALLED SpamAssassin, the user who OWNS the local state dire
On 2021-09-02 at 18:55:21 UTC-0400 (Fri, 3 Sep 2021 00:55:21 +0200)
Jean-François Bachelet
is rumored to have said:
of course it was installed by root, btw, what is the point to have a
user 'spamd' or debian-spamd' created if it is of no use ?
The definitive answer for your
/lib/spamassassin/sa-update-keys is owned by debian-spamd
/var/lib/amavis is 750 owned by amavis
Home directory for amavis is: /var/lib/amavis
Home directory for spamassassin is: /var/lib/spamassassin
NOTE: I use Amavis. EUID is a user called amavis. That's fine, it only
read access t
Le 03/09/2021 à 14:13, Reindl Harald a écrit :
On 03.09.21 11:23, Jean-François Bachelet wrote:
Le 03/09/2021 à 09:11, Bob Proulx a écrit :
Jean-François Bachelet wrote:
Le 02/09/2021 à 13:07, Antony Stone a écrit :
How did you install it?
'apt install' spamassassin spamc (
On Friday 03 September 2021 at 11:23:19, Jean-François Bachelet wrote:
> Le 03/09/2021 à 09:11, Bob Proulx a écrit :
> > Jean-François Bachelet wrote:
> >
> >> user create
> >> 'useradd -u 5001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin
> >>
Hello bob ^^)
Le 03/09/2021 à 09:11, Bob Proulx a écrit :
Jean-François Bachelet wrote:
Le 02/09/2021 à 13:07, Antony Stone a écrit :
How did you install it?
'apt install' spamassassin spamc(as all the other stuff that works on that
server.)
At that moment permissions were c
Jean-François Bachelet wrote:
> Le 02/09/2021 à 13:07, Antony Stone a écrit :
> > How did you install it?
>
> 'apt install' spamassassin spamc(as all the other stuff that works on
> that server.)
At that moment permissions were correct and everything was se
Hello ^^)
Le 02/09/2021 à 20:49, Bill Cole a écrit :
On 2021-09-02 at 06:03:22 UTC-0400 (Thu, 2 Sep 2021 12:03:22 +0200)
Jean-François Bachelet
is rumored to have said:
Hello folks ^^)
I've installed the latest spamassassin version on a new Debian 11
server and configured it to work
Re Hello ^^)
Le 02/09/2021 à 20:49, Bill Cole a écrit :
On 2021-09-02 at 06:03:22 UTC-0400 (Thu, 2 Sep 2021 12:03:22 +0200)
Jean-François Bachelet
is rumored to have said:
Hello folks ^^)
I've installed the latest spamassassin version on a new Debian 11
server and configured it to
Hello ^^)
Le 02/09/2021 à 13:07, Antony Stone a écrit :
On Thursday 02 September 2021 at 12:03:22, Jean-François Bachelet wrote:
Hello folks ^^)
I've installed the latest spamassassin version on a new Debian 11 server
How did you install it?
'apt install' spamassassin s
Hello ^^)
Le 02/09/2021 à 13:04, David Bürgin a écrit :
Hello Jeff,
spamassassin got a user named 'spamd' and is run under it.
Are you sure? Note the user and group:
$ ls -ald /var/lib/spamassassin
drwxr-xr-x 6 debian-spamd debian-spamd 81 Apr 3 06:15 /var/lib/spamassassin
Hello ^^)
Le 02/09/2021 à 20:49, Bill Cole a écrit :
On 2021-09-02 at 06:03:22 UTC-0400 (Thu, 2 Sep 2021 12:03:22 +0200)
Jean-François Bachelet
is rumored to have said:
Hello folks ^^)
I've installed the latest spamassassin version on a new Debian 11
server and configured it to work
On 2021-09-02 at 06:03:22 UTC-0400 (Thu, 2 Sep 2021 12:03:22 +0200)
Jean-François Bachelet
is rumored to have said:
Hello folks ^^)
I've installed the latest spamassassin version on a new Debian 11
server and configured it to work with Postfix, amavis-new, and clamav.
spamassassin
On Thursday 02 September 2021 at 12:03:22, Jean-François Bachelet wrote:
> Hello folks ^^)
>
>
> I've installed the latest spamassassin version on a new Debian 11 server
How did you install it?
Antony.
--
Schrödinger's rule of data integrity: the condition of any back
Hello Jeff,
> spamassassin got a user named 'spamd' and is run under it.
Are you sure? Note the user and group:
$ ls -ald /var/lib/spamassassin
drwxr-xr-x 6 debian-spamd debian-spamd 81 Apr 3 06:15 /var/lib/spamassassin
Ciao,
David
Hello folks ^^)
I've installed the latest spamassassin version on a new Debian 11 server
and configured it to work with Postfix, amavis-new, and clamav.
spamassassin got a user named 'spamd' and is run under it.
sa-update is set on a cron job to automate the update but that
Yea, it was more meant as a "we don't use postfix specifically". My
fallback idea was also to do the filtering on the MTA we do use, instead
of in SpamAssassin.
That was just bad phrasing on my part. Sorry about that :)
On 23/07/2021 16.51, jahli...@gmx.ch wrote:
Martin,
regex = ^X-Spam-Status:: YES
accept
But I would expect that check going over the whole message (same a the
full check in SA) and not so targeted as a postfix header rule
Cheers
tobi
On 7/23/21 11:23 AM, Martin Flygenring wrote:
> We don't run Postfix here, but we can probably look for
with a header_check before
giving it to spamassassin
/^X-Spam-Flag: Yes/ REJECT Outscatter
/^X-(Spam|AES)-Category: (SPAM|PHISHING)/ REJECT Outscatter
But as a forewarning, the rare FPs can get quite frustrating if you use
this method.
Cheers,
Laurent
On 22.07.21 21:31, RW wrote:
On Thu, 2
Hi,
I know we are on the spamassassin mailing list, but another more radical
way to block those is directly in postfix with a header_check before
giving it to spamassassin
/^X-Spam-Flag: Yes/ REJECT Outscatter
/^X-(Spam|AES)-Category: (SPAM|PHISHING)/ REJECT Outscatter
But as a forewarning
On Thu, 22 Jul 2021 20:09:19 +0300
Henrik K wrote:
> On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote:
> > On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote:
> > >
> > > Is there a limitation to SpamAssassin so it doesn't accept
> >
On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote:
> On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote:
> >
> > Is there a limitation to SpamAssassin so it doesn't accept looking for the
> > two X-Spam-headers, or can you spot why this rule isn&#
On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote:
>
> Is there a limitation to SpamAssassin so it doesn't accept looking for the
> two X-Spam-headers, or can you spot why this rule isn't matching?
SA removes all X-Spam-* headers from the message, it's
Martin Flygenring wrote:
Hi.
I'm trying to write a rule that matches on a mail that has the
following headers:
X-Spam-Reasons: {'verdict': 'ph
Hi.
I'm trying to write a rule that matches on a mail that has the following
headers:
X-Spam-Reasons: {'verdict': 'ph
--On Sunday, July 11, 2021 4:55 PM -0400 "Kevin A. McGrail"
wrote:
We use the olevbmacro detection added to SA. I would guess that's
blocking the payload.I would guess that's blocking the payload.
On 11.07.21 13:35, Kenneth Porter wrote:
I see the plugin in the distrib
E types be a
scorable indicator?
On Sun, 11 Jul 2021, Kevin A. McGrail wrote:
If you can get me a spample, I'm sure I can tell you but in
general we block macros so that's all that's needed. Likely the
OLEVBMacro plugin and KAM ruleset is blocking all of these already
if yo
1 - 100 of 5766 matches
Mail list logo
