On 2020-11-09 at 11:42 +0100, Benny Pedersen wrote:
> i mean if the tld is free, can the domain name be non free then ?
Yes. Even though the TLD offers domains for free (not tlds for free
:P) there is a paying layer where you can pay money for having them.
I have seen a spammer use such kind of p
Dan Malm skrev den 2020-11-09 10:31:
I just consider free tlds spam (at least some of them):
thanks, will try to add it to rule set i have here, ly tld is the one i
like to add, you have it outside of freemail so this is what i will
maybe change it to, so it just being freemail rule hits
On 2020-11-09 09:10, Benny Pedersen wrote:
> maybe if it could be done in freemail ?
>
> is it inccorect bark to bark on ?
>
> i write it to get some debate on it, not to begin implementing anything yet
I just consider free tlds spam (at least some o
maybe if it could be done in freemail ?
is it inccorect bark to bark on ?
i write it to get some debate on it, not to begin implementing anything
yet
On Wed, 18 Sep 2019, RW wrote:
On Wed, 18 Sep 2019 15:30:46 +0200
Dan Malm wrote:
Ok, I'm pretty sure this is mostly on my end, but I think there are
also some issues with the __NOT_SPOOFED meta rule.
1: I was able to reproduce getting the SPOOFED_FREEMAIL locally on my
machine when running s
On Wed, 18 Sep 2019 15:30:46 +0200
Dan Malm wrote:
> Ok, I'm pretty sure this is mostly on my end, but I think there are
> also some issues with the __NOT_SPOOFED meta rule.
>
> 1: I was able to reproduce getting the SPOOFED_FREEMAIL locally on my
> machine when running spammassassin with the -L
Ok, I'm pretty sure this is mostly on my end, but I think there are also
some issues with the __NOT_SPOOFED meta rule.
1: I was able to reproduce getting the SPOOFED_FREEMAIL locally on my
machine when running spammassassin with the -L parameter.
2: The reason (I assume) that I get the rule hit o
Hi,
I've gotten some reports about mails from hotmail being incorrectly
filtered as spam on my systems. I'm seeing a lot of perfectly valid,
non-spoofed mails from them hitting the SPOOFED_FREEMAIL rule. Is anyone
else seeing the same, or is it some issue in my configuration?
RuleQA seems to indi
Hello Spamassassin
Please i need to add the function MailSpike and Freemail, i see that
here Running Local.cf file and i need
to add any settings for this two services that i need to add.
But i dont know how to do this, i have try to read man Spamassassins but
i dont found nothing.
So
send evidence to protonmail admin:
they will close the account
Sent from ProtonMail Mobile
On Tue, Sep 27, 2016 at 6:11 PM, Axb <'axb.li...@gmail.com'> wrote:
On 09/27/2016 06:05 PM, Benny Pedersen wrote:
>
> got spam from it
>
> protonmail.com
> protonmail.ch
>
> is missing in spamassassin
>
>
On 09/27/2016 06:05 PM, Benny Pedersen wrote:
got spam from it
protonmail.com
protonmail.ch
is missing in spamassassin
i can provide sample to rule maintainers on request
20_freemail_domains.cf
Committed revision 1762511.
got spam from it
protonmail.com
protonmail.ch
is missing in spamassassin
i can provide sample to rule maintainers on request
ults run and included in the headers and in this case the
> FREEMAIL rule would still have been apparent). Could you explain please?
Yep.
https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#scoring_options
score SYMBOLIC_TEST_NAME n.nn [
Noel
On Sat, Jun 25, 2016, at 06:31 PM, Noel Butler wrote:
> ignoring the usual trolls Benny and Harry (Reindl)
got it
> " loadplugin Mail::SpamAssassin::Plugin::FreeMail " is actually loaded?
yep
> /var/lib/spamassassin/3.004001/updates_spamassassin_org/20_freemail.cf
talking about SPF_SOFTAIL is you
there is multiple problems in the above, so just try to help with them
aswell
https://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Conf.html
is envelope_sender_header setup currect on spamassassin instalation, it
helps freemail aswell if it is
who say
Am 26.06.2016 um 02:02 schrieb Benny Pedersen:
On 2016-06-26 01:47, Reindl Harald wrote:
Authentication-Results: spf.mail.example.com; spf=softfail (domain
owner discourages use of this host) smtp.mailfrom=gmail.com
(client-ip=212.82.96.171; helo=nm12-vm1.bullet.mail.ir2.yahoo.com;
envelo
Huh?
> and its asked why do i get spam with spf softfails
No, I'm not asking about the 'softfail'. At all.
> recipient have wanted that spam
Um, no.
> possible spam that is not spam but relaying fails
Again, huh?
I'm asking a simple question -- what SA test
On 2016-06-26 01:47, Reindl Harald wrote:
Authentication-Results: spf.mail.example.com; spf=softfail
(domain
owner discourages use of this host) smtp.mailfrom=gmail.com
(client-ip=212.82.96.171; helo=nm12-vm1.bullet.mail.ir2.yahoo.com;
envelope-from=mrs.djoe...@gmail.com; receiver=u...@exam
better don't comment at all
oh yahoo client use gmail, hmm :=)
yes that's the topic
that user should use smtp auth on gmail, not use yahoo smtp servers for
relaying
yes that's the topic
there seems no be rule for
From 'freemail' @GMAIL
Re
Sorry, I really don't understand any of that.
and this is my problem
What relevance are the links to dane.sys4.de, and the rest of the
comments?
same as mangled example.org ?
Like I said, I'm asking about 'freemail' detection in SA, why they're
not used here, an
> and note DNSSEC is not needed to make it worse
Sorry, I really don't understand any of that.
What relevance are the links to dane.sys4.de, and the rest of the comments?
Like I said, I'm asking about 'freemail' detection in SA, why they're not used
here, and how to config correctly so I do.
Jason
On 2016-06-26 00:29, jaso...@mail-central.com wrote:
Authentication-Results: dmarc.mail.example.com/876fg6sdf6876498f;
dmarc=none header.from=gmail.com
https://dane.sys4.de/smtp/gmail.com
Authentication-Results: dkim.mail.example.com/876fg6sdf6876498f;
dkim=pass (2048
...@example.com)
(TBH, I'm not exactly clear on how/why a msg this fake gets by all 3; need to
take a closer look at that !)
But, not being caught is NOT my current question.
Instead, I'd like to know which specific test I can use to hit/score the
'freemail' whack-a-mole.
For exam
On Fri, 25 Mar 2016 09:47:00 +
Cedric Knight wrote:
> On 25/03/16 00:55, Alex wrote:
> > Hi,
> >
> > First, I'm wondering why parking.ru isn't among the freemail
> > domains?
>
> Probably because the FreeMail plugin is designed to detect t
On 25/03/16 00:55, Alex wrote:
> Hi,
>
> First, I'm wondering why parking.ru isn't among the freemail domains?
Probably because the FreeMail plugin is designed to detect the
right-hand side of email addresses for providers like Gmail and AOL, and
parking.ru looks like a gener
Hi,
First, I'm wondering why parking.ru isn't among the freemail domains?
Perhaps it should be added?
Received: from mail05.parking.ru (mail05.parking.ru [195.128.120.25])
by mail02.example.com (Postfix) with ESMTP id 6ED82347D26
for ; Wed, 23 Mar 2016 17:42:50 -0400
2015-02-17 11:49 GMT-06:00 Kevin A. McGrail :
> That sounds like an RPM. Missing RPMs and CPAN may lead to issues. What did
> you update from CPAN? What distribution, etc. are you using?
CentOS release 6.6 (Final)
add a list cpan modules.
--
rickygm
http://gnuforever.homelinux.com
r
CPAN:
On Tue, 17 Feb 2015, Kevin A. McGrail wrote:
On 2/17/2015 12:21 PM, ricky gutierrez wrote:
2015-02-17 10:52 GMT-06:00 Kevin A. McGrail :
> That variable comes from
> $Mail::SpamAssassin::Util::RegistrarBoundaries::VALID_TLDS_RE;
Hi Kevin, good to hear around here,
> Sounds like you might
On 2/17/2015 12:21 PM, ricky gutierrez wrote:
2015-02-17 10:52 GMT-06:00 Kevin A. McGrail :
That variable comes from
$Mail::SpamAssassin::Util::RegistrarBoundaries::VALID_TLDS_RE;
Hi Kevin, good to hear around here,
Sounds like you might have some mish-mash of SpamAssassin versions and
plugin
2015-02-17 10:52 GMT-06:00 Kevin A. McGrail :
> That variable comes from
> $Mail::SpamAssassin::Util::RegistrarBoundaries::VALID_TLDS_RE;
Hi Kevin, good to hear around here,
>
> Sounds like you might have some mish-mash of SpamAssassin versions and
> plugins.
well , update to version spamassas
On 2/17/2015 11:42 AM, ricky gutierrez wrote:
Hi, I have been updating some dependencies CPAN, but spamassassin
shows that warn:
spamassassin --lint
[18198] warn: Use of uninitialized value $tlds in regexp compilation
at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/FreeMail.pm
line 121
Hi, I have been updating some dependencies CPAN, but spamassassin
shows that warn:
spamassassin --lint
[18198] warn: Use of uninitialized value $tlds in regexp compilation
at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/FreeMail.pm
line 121.
someone on the list could explain this warn?
On 26/08/13 20:16, Benny Pedersen wrote:
> Jason Haar skrev den :
>
>> Anyone see anything fundamentally wrong with that? It seems so obvious,
>> I'm thinking I've overlooked something :-)
>
> using domain names in iptables ?
>
> dnswl is based on ips, freem
Jason Haar skrev den :
Anyone see anything fundamentally wrong with that? It seems so
obvious,
I'm thinking I've overlooked something :-)
using domain names in iptables ?
dnswl is based on ips, freemail is based on domain names, if you see
stable results then it works :-)
best
was
> the -2 points it got from RCVD_IN_DNSWL_MED - a surprise because the
> domain was yahoo.co.uk!
>
> I have no idea why DNSWL would ever give a negative score to any
> FREEMAIL (I use the SA rulename there) server - all free mail services
> will be prone to misuse
>
Hi there
I just received some spam - got a score below 0. The real surprise was
the -2 points it got from RCVD_IN_DNSWL_MED - a surprise because the
domain was yahoo.co.uk!
I have no idea why DNSWL would ever give a negative score to any
FREEMAIL (I use the SA rulename there) server - all free
ve been made and then removed (some may even still
exist in svn sandboxes) for their poor performance. While none of them
(including your own) have specifically hunted freemail recipients, I can
tell you from experience that this won't help reduce false positives.
signature.asc
Description: OpenPGP digital signature
On 10/17, Tom wrote:
> Anyone have any ideas on how to identify when the other recipients are
> freemail users, so that this can be scored even higher?
My guess is you'd need to write a plugin based on the FreeMail plugin:
http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/S
ts
meta RCPTS_10_PLUS (__COUNT_RCPTS >= 10)
score RCPTS_10_PLUS 1.0
describe RCPTS_10_PLUS Message has 10 or more recipients
I'm seeing a bunch of spams that are being sent to some of my users
where there are multiple other recipients, and most, if not all of the
other recipients are various f
Mark,
On Fri, 2011-02-18 at 15:20 +0100, Mark Martinec wrote:
> Jeremy, Noel,
> It's a bug in the FreeMail.pm plugin. It forgets to reset the rule description
> text with every message, to the addresses listed in a rule description
> just accumulate from one message to the next. I think this on
Henrik,
> Hmm yes I was wondering about this... so $pms->{conf} isn't actually "per
> message" then? Too busy to dive into that right now..
No, the $pms->{conf} is just another ref or shortcut to $main->{conf}.
Changes there affect the global configuration.
The calls to $pms->clear_test_state
other words, should I expect the FREEMAIL_FROM entry to
> > list any freemail address which is used as the envelope sender, as well as
> > any freemail address used in the From header of the message? I had assumed
> > the FREEMAIL_FROM rule only looked at the From header but
t; twice within the FREEMAIL_FROM entry inside the X-Spam-Report header? Is it
> there twice because this address was used for both the Return-Path and the
> From headers? In other words, should I expect the FREEMAIL_FROM entry to
> list any freemail address which is used as the envelope
"Noel Butler" wrote in message
news:1297993593.5473.74.camel@tardis...
/Very Ancient/
On Thu, 2010-06-10 at 18:40 +0200, Jeremy Fairbrass wrote:
Hi, I've noticed what seems to be unexpected behaviour with the Freemail
plugin, which I'm hoping someone can shed some
/Very Ancient/
On Thu, 2010-06-10 at 18:40 +0200, Jeremy Fairbrass wrote:
> Hi, I've noticed what seems to be unexpected behaviour with the Freemail
> plugin, which I'm hoping someone can shed some light on.
>
> I'm using SpamAssassin 3.2.5, and the "FreeMai
If I understand that thread correctly, that is for e-mail addresses in body
text?
I'm suggesting looking only at authenticated UID's in headers from specific
providers like Yahoo who are notorious for spam, but their MTA's also send a
significant amount of ham so we cannot DNSBL block them. Given
On 2011-01-02 13:59, Warren Togami Jr. wrote:
I've been thinking, perhaps we should consider making a "Freemail Realtime
BL" that lists not IP addresses, but rather ID's at the Freemail provider.
Search the list archives for emailbl
1) I am assuming that ID's you se
On søn 02 jan 2011 13:59:22 CET, "Warren Togami Jr." wrote
I've been thinking, perhaps we should consider making a "Freemail Realtime
BL" that lists not IP addresses, but rather ID's at the Freemail provider.
emailbl was better coded for this purpose imho
freem
I've been thinking, perhaps we should consider making a "Freemail Realtime
BL" that lists not IP addresses, but rather ID's at the Freemail provider.
1) I am assuming that ID's you see in headers of mail from Yahoo is always
from an authenticated user?
2) Traps and user r
On 30/12/10 19:15, Lawrence @ Rogers wrote:
> Lately, I notice we are getting a fair amount (10-12 per day per client)
> of spam coming from freemail users (FREEMAIL_FROM triggers). Usually the
> Subject is non-existent or empty, and the message is always just an URL
I see a fair amount
Hi,
Lately, I notice we are getting a fair amount (10-12 per day per client)
of spam coming from freemail users (FREEMAIL_FROM triggers). Usually the
Subject is non-existent or empty, and the message is always just an URL
Is there a good rule for flagging these as possible spam? I understand
On Thursday September 2 2010 01:52:28 Runbox wrote:
> Would you please remove Runbox.com from that list as we have not been a
> free email provider since 2001.
> Kim
Thanks, removed!
Should propagate with the next sa-update.
Mark
Hello,
Would you please remove Runbox.com from that list as we have not been a free
email provider since 2001.
Kim
--
View this message in context:
http://old.nabble.com/FreeMail-plugin-updated-tp23468766p29599495.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
from me.com has
> been spam here lately, so I've added it to my local list of freemail
> domains. Anyone seen anything similar?
I *get* a lot of spam at me.com, I don't get much FROM me.com, and what I do
get seems to be of the "put 20 addresses in the Cc: header" variety.
I notice that me.com (Apple's "mobile me") is now offering a "free 60
day trial" for their mail solution. About half the mail from me.com has
been spam here lately, so I've added it to my local list of freemail
domains. Anyone seen anything similar?
--
Daniel
Hi, I've noticed what seems to be unexpected behaviour with the Freemail
plugin, which I'm hoping someone can shed some light on.
I'm using SpamAssassin 3.2.5, and the "FreeMail.pm" plugin v2.001 from
http://sa.hege.li, along with the rules from the 20_freemail.cf f
> Generally speaking, anything deemed worthwhile is added to SA proper
> (unless there's a licensing question). The exceptions come from
> automated rules (like Sought, MBL, SARE 2tld, and Khop-sc-neighbors),
90_2tld.cf has been replaced by the official rule file 20_aux_tlds.cf. From
the commen
On 2010-04-17 23:51, Alex wrote:
Somebody on this list wrote a parser to actually parse shorteners to
their obscured URLs.
That would sure be great. I hadn't seen that, but would like to know
more about it. Sounds like a better solution...
That'd be me. It's a plugin called URLRedirect and
On 2010-04-17 21:04, Alex wrote:
Maybe someone knows of a list of all the URL shorteners to be used in
a combo uri/meta rule?
I very much doubt that you'll find a list of *all* the URL shorteners.
New ones crops up all the time, and old ones disappears.
Marc Perkel posted about a DNS based
On 04/18/2010 11:15 PM, Alex wrote:
> Incidentally, are there other "CustomRulesets" that you think should
> or shouldn't be used?
>
> http://wiki.apache.org/spamassassin/CustomRulesets
>
> At the least, the Chickpox and backhair, by the same author, should
> noted on this page that they're no
Hi,
>> Yes, big help. That did it, using the default scores. This was
>> written a number of years ago. Do you think it's still safe to use
>> the default scores?
>
> NO!
>
> I put some of the (previously) better-performing chickenpox rules into
> my sandbox a while ago to investigate this. It's
Hi,
>> Yes, big help. That did it, using the default scores. This was
>> written a number of years ago. Do you think it's still safe to use
>> the default scores?
>
> NO!
>
> I put some of the (previously) better-performing chickenpox rules into
> my sandbox a while ago to investigate this. It's
>> You might want to look into the old Chickenpox rule.
On 04/17/2010 03:04 PM, Alex wrote:
> Yes, big help. That did it, using the default scores. This was
> written a number of years ago. Do you think it's still safe to use
> the default scores?
NO!
I put some of the (previously) better-perfor
On Sat, 17 Apr 2010, Alex wrote:
http://pastebin.com/SkrKykYj
You might want to look into the old Chickenpox rule.
Yes, big help. That did it, using the default scores. This was written
a number of years ago. Do you think it's still safe to use the default
scores?
I think the problems that
Hi,
>> http://pastebin.com/SkrKykYj
>
> You might want to look into the old Chickenpox rule.
Yes, big help. That did it, using the default scores. This was written
a number of years ago. Do you think it's still safe to use the default
scores?
I still wish I had a better grasp on regex so I could
On Sat, 17 Apr 2010, Alex wrote:
I'm hoping someone can help me with a rule to catch URI spam variation
from freemail domains:
http://pastebin.com/SkrKykYj
You might want to look into the old Chickenpox rule.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
Hi,
I'm hoping someone can help me with a rule to catch URI spam variation
from freemail domains:
http://pastebin.com/SkrKykYj
This one is another urlshortener. How is this class of redirection
spam being stopped by everyone these days?
I've tried to adapt the ones I have, but th
John Hardin wrote:
On Tue, 6 Apr 2010, Ned Slider wrote:
John Hardin wrote:
On Tue, 6 Apr 2010, Ned Slider wrote:
> uriLOCAL_URI_BITLY m{https?://bit\.ly/\w{6}}
> describe LOCAL_URI_BITLY contains bit.ly link
bit.ly is a legitimate URL-shortening service. Are you sure
On Tue, 6 Apr 2010, Alex wrote:
uriLOCAL_URI_BITLYm{https?://bit\.ly/\w{6}}
For the time-being, I have Ned's suggestion in place over mine because
mine has problems,. along with additional qualifiers (such as
FREEMAIL_FROM) to further reduce the FPs.
Other suggestions welcome...
Hi,
>> uri LOCAL_URI_BITLY m{https?://bit\.ly/\w{6}}
>> describe LOCAL_URI_BITLY contains bit.ly link
>
> bit.ly is a legitimate URL-shortening service. Are you sure you want to
> penalize them?
Yes, I don't at all like to do this, but it doesn't take too many o
On Tue, 6 Apr 2010, Ned Slider wrote:
John Hardin wrote:
On Tue, 6 Apr 2010, Ned Slider wrote:
> uriLOCAL_URI_BITLY m{https?://bit\.ly/\w{6}}
> describe LOCAL_URI_BITLY contains bit.ly link
bit.ly is a legitimate URL-shortening service. Are you sure you want
to penali
John Hardin wrote:
On Tue, 6 Apr 2010, Ned Slider wrote:
uriLOCAL_URI_BITLYm{https?://bit\.ly/\w{6}}
describeLOCAL_URI_BITLYcontains bit.ly link
bit.ly is a legitimate URL-shortening service. Are you sure you want to
penalize them?
As I said, I use that rule i
On Tue, 6 Apr 2010, Ned Slider wrote:
uri LOCAL_URI_BITLY m{https?://bit\.ly/\w{6}}
describeLOCAL_URI_BITLY contains bit.ly link
bit.ly is a legitimate URL-shortening service. Are you sure you want to
penalize them?
--
John Hardin KA7OHZ
Alex wrote:
Hi,
I'm having a problem with emails that are from a freemail domain with
simply a shorturl in them, like this:
http://bit.ly/aqI4o1>http://bit.ly/aqI4o1/Benjaminlovee
ya
rawbodyLOC_BITLY
/href\=http:\/\/bit\.ly\/.+\w{1,8}>http:\/\/bit\.ly\/.+\w{1,15}\/.+\w{1,15
Hi,
I'm having a problem with emails that are from a freemail domain with
simply a shorturl in them, like this:
http://bit.ly/aqI4o1>http://bit.ly/aqI4o1/Benjaminlovee
ya
rawbodyLOC_BITLY
/href\=http:\/\/bit\.ly\/.+\w{1,8}>http:\/\/bit\.ly\/.+\w{1,15}\/.+\w{1,15}<\/a>/
On Mon, 8 Mar 2010, Ned Slider wrote:
John Hardin wrote:
On Mon, 8 Mar 2010, Ned Slider wrote:
>
> So I've refined the rule to specifically exclude hitting on the sequence
> ../. which stops the rule triggering on multiple relative paths.
>
> uriLOCAL_URI_HIDDEN_DIR/(?!.{6}\.
John Hardin wrote:
On Mon, 8 Mar 2010, Ned Slider wrote:
So I've refined the rule to specifically exclude hitting on the
sequence ../. which stops the rule triggering on multiple relative paths.
uriLOCAL_URI_HIDDEN_DIR/(?!.{6}\.\.\/\..).{8}\/\../
How about:
uri LOC
On Mon, 8 Mar 2010, Ned Slider wrote:
Adam Katz wrote:
> > On 15-May-2009, at 12:46, Adam Katz wrote:
> > > uri URI_HIDDEN /.{7}\/\../
LuKreme wrote:
> > That won't catch
> > http://www.spammer.example.com/.../hidden-malware.asf, it will only
> > catch the relative url form "../path/to/c
Adam Katz wrote:
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
LuKreme wrote:
That won't catch
http://www.spammer.example.com/.../hidden-malware.asf, it will only
catch the relative url form "../path/to/content" which SA improperly
prefaces with "http://";
uri URI_HID
>R-Elists wrote:
>
> > perkel wrote:
> > I have yet to find ANY use for SPF. And SPF causes nothing but
> problems.
>
> Marc,
>
> why nothing but problems?
>
> is a lot of your system "mail forward" orientated?
>
> care to elaborate w/o going into the
On 07/12/2009 19:13, Marc Perkel wrote:
> I have yet to find ANY use for SPF. And SPF causes nothing but problems.
You can't have been looking very hard then. I whitelist mail from this
list and spam-l with these simple SPF rules in my user_prefs:
whitelist_from_spf *...@*.apache.org
whitelist_f
R-Elists wrote:
> perkel wrote:
> I have yet to find ANY use for SPF. And
SPF causes nothing but problems.
Marc,
why nothing but problems?
is a lot of your system "mail
forward" orientated?
care to elaborate w/o going into
the same old SPF diatribe?
> perkel wrote:
> I have yet to find ANY use for SPF. And SPF causes nothing but problems.
Marc,
why nothing but problems?
is a lot of your system "mail forward" orientated?
care to elaborate w/o going into the same old SPF diatribe?
maybe there is something useful you havent had the
Matus UHLAR - fantomas wrote:
On Sun, 6 Dec 2009, Benny Pedersen wrote:
i think it could be added to freemail.pm to test if sender domain have
spf or dkim and if no spf and or no dkim consider it as a freemail
domain ?
On 07.12.09 12:23, Charles
> On Sun, 6 Dec 2009, Benny Pedersen wrote:
>> i think it could be added to freemail.pm to test if sender domain have
>> spf or dkim and if no spf and or no dkim consider it as a freemail
>> domain ?
On 07.12.09 12:23, Charles Gregory wrote:
> Nope. I run an ISP and
On Sun, 6 Dec 2009, Benny Pedersen wrote:
i think it could be added to freemail.pm to test if sender domain have
spf or dkim and if no spf and or no dkim consider it as a freemail
domain ?
Nope. I run an ISP and basically my SPF amounts to 'neutral' because my
users can send mai
On Dec 6, 2009, at 12:56 PM, "Marc Perkel" wrote:
Benny Pedersen wrote:
i think it could be added to freemail.pm to test if sender domain
have spf or dkim and if no spf and or no dkim consider it as a
freemail domain ?
I don't see the relationship that SPF has to f
Benny Pedersen wrote:
i think it could be added to freemail.pm to test if sender domain have
spf or dkim and if no spf and or no dkim consider it as a freemail
domain ?
i dont know if it require code changes to do this, but it make sense
for me atleast to make it, no ?
objection
On Sun, Dec 06, 2009 at 07:14:31AM -0600, McDonald, Dan wrote:
> On Dec 6, 2009, at 12:02 AM, "Benny Pedersen" wrote:
>
>>
>> i think it could be added to freemail.pm to test if sender domain have
>> spf or dkim and if no spf and or no dkim consider it as a free
On Dec 6, 2009, at 12:02 AM, "Benny Pedersen" wrote:
i think it could be added to freemail.pm to test if sender domain
have spf or dkim and if no spf and or no dkim consider it as a
freemail domain ?
Sorry, but SPF and DKIM simply don't have the saturation required fo
Benny Pedersen wrote:
i think it could be added to freemail.pm to test if sender domain have
spf or dkim and if no spf and or no dkim consider it as a freemail
domain ?
i dont know if it require code changes to do this, but it make sense
for me atleast to make it, no ?
objection, flames
i think it could be added to freemail.pm to test if sender domain have
spf or dkim and if no spf and or no dkim consider it as a freemail
domain ?
i dont know if it require code changes to do this, but it make sense
for me atleast to make it, no ?
objection, flames as i like to know
On 23-Jun-2009, at 06:31, McDonald, Dan wrote:
Guess I'd best make a list...
Share?
--
We all need help with our feelings. Otherwise, we bottle them up,
and before you know it powerful laxatives are involved.
Ahh gotta love AOL!!
Look forward to seeing that list(Or part there of)
-Original Message-
From: McDonald, Dan [mailto:dan.mcdon...@austinenergy.com]
Sent: Tuesday, 23 June 2009 10:02 PM
To: users@spamassassin.apache.org
Subject: more freemail domains: tunome.com
AOL is making it easier
AOL is making it easier for spammers to come up with unique names to
avoid the freemail.pm plugin. They have a service called tunome.com
with about 150 domains that are freemail. I just received a lottery
spam that used two of the tunome.com aliases.
Guess I'd best make a list...
--
Dan
>> On 15-May-2009, at 12:46, Adam Katz wrote:
>>> uri URI_HIDDEN /.{7}\/\../
LuKreme wrote:
>> That won't catch
>> http://www.spammer.example.com/.../hidden-malware.asf, it will only
>> catch the relative url form "../path/to/content" which SA improperly
>> prefaces with "http://";
>>
>> uri URI_H
On Fri, 15 May 2009, LuKreme wrote:
Of course, if SA didn't preface URIs with http:// on its own, this
wouldn't be an issue. However, I am not willing to call that a bug as I
suspect there is a very good reason for it.
It's a bug in the specific case of a URI like "../whatever", as it doesn't
On 15-May-2009, at 14:35, LuKreme wrote:
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
That won't catch http://www.spammer.example.com/.../hidden-
malware.asf, it will only catch the relative url form "../path/to/
content" which SA improperly prefaces with "http://";
On Fri, 15 May 2009, LuKreme wrote:
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
That won't catch http://www.spammer.example.com/.../hidden-malware.asf,
How so? That rule matches "ple.com/.." in that URI.
--
John Hardin KA7OHZhttp://www.impsec.
On 15-May-2009, at 12:46, Adam Katz wrote:
uri URI_HIDDEN /.{7}\/\../
That won't catch http://www.spammer.example.com/.../hidden-
malware.asf, it will only catch the relative url form "../path/to/
content" which SA improperly prefaces with "http://";
uri URI_HIDDEN /.{8}\/\../
Will catch
1 - 100 of 187 matches
Mail list logo
