trusted? yes internal? yes msa? no
>
> but I'm not clear how it decides if it should short circuit or not.
> Can anyone clarify?
> X-Spam-Status: No, ... UNPARSEABLE_RELAY
It's because the other received header is not parseable,
UNPARSEABLE_RELAY prevents ALL_TRUSTED from be
internal? yes msa? no
>but I'm not clear how it decides if it should short circuit or not. Can
>anyone clarify?
>Here is an example:
>Return-Path:
>X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on towhee.riseup.net
>X-Spam-Level: *
>X-Spam-Pyzor:=20
>X-Spa
On Sat, 2011-03-05 at 11:03 -0800, John Hardin wrote:
> On Sat, 5 Mar 2011, Chris wrote:
>
> > cdneumann
> > , "cantrell, james" ,
> > "@pop.embarq.synacor.com>, \"ballard\", \"aajhp"
> >
> > The two look the same except for the last few entries where the one
> > marked spam has the last few add
On Sat, 5 Mar 2011, Chris wrote:
cdneumann
, "cantrell, james" ,
"@pop.embarq.synacor.com>, \"ballard\", \"aajhp"
The two look the same except for the last few entries where the one
marked spam has the last few addressees borked. Apparently something is
intermittently adding the @pop.embarq.s
On Sat, 2011-03-05 at 08:40 -0800, John Hardin wrote:
> On Sat, 5 Mar 2011, Chris wrote:
>
> > In the example I posted I also see this in the To: headers when saved as
> > a .txt file - "@pop.embarq.synacor.com>, \"ballard\", \"aajhp"
> >
>
> > I see the same thing -
> > "@pop.embarq.synacor.com
On Sat, 5 Mar 2011, Chris wrote:
In the example I posted I also see this in the To: headers when saved as
a .txt file - "@pop.embarq.synacor.com>, \"ballard\", \"aajhp"
I see the same thing -
"@pop.embarq.synacor.com>, \"cantrell, james\", \"billybeckner\"
, \"ballard\" , \"aajhp"
, I have n
On Sat, 2011-03-05 at 05:28 +0100, Karsten Bräckelmann wrote:
> On Fri, 2011-03-04 at 21:44 -0600, Chris Pollock wrote:
> > Two posts from the same person, one hits on the short circuit rule the
> > other doesn't. The line in my dkimwhitelist.cf is:
> >
>
On Fri, 2011-03-04 at 21:44 -0600, Chris Pollock wrote:
> Two posts from the same person, one hits on the short circuit rule the
> other doesn't. The line in my dkimwhitelist.cf is:
>
> whitelist_from_dkim ellisf...@embarqmail.com
>
> Headers from one that did hit and one
Two posts from the same person, one hits on the short circuit rule the
other doesn't. The line in my dkimwhitelist.cf is:
whitelist_from_dkim ellisf...@embarqmail.com
Headers from one that did hit and one that didn't are posted here:
http://pastebin.com/j0j4pFb1
Anyone see a reaso
On Tue, 08 Feb 2011 17:04:37 +
Steve Freegard wrote:
> Sure - credit where it is due; I've you to the 'Thanks' section.
Thanks. And also, my apologies for posting to the list... that was supposed
to be a private message. :(
/me mutters something about email amateurs not understanding how e
Hi David,
On 08/02/11 15:57, David F. Skoll wrote:
Hi, Steve,
http://www.fsl.com/index.php/resources/whitepapers/99
Interesting. I think you should credit me for this:
"Once that has been proven then that â is exempted from further
greylisting for 40 days since it was last seen."
Our CanI
On Tue, 08 Feb 2011 15:47:12 +
Steve Freegard wrote:
> See http://www.fsl.com/index.php/resources/whitepapers/99
"Once that has been proven then that 'hostid' is exempted from further
greylisting for 40 days since it was last seen."
:) Our CanIt system has been doing this since at least 20
Hi, Steve,
> http://www.fsl.com/index.php/resources/whitepapers/99
Interesting. I think you should credit me for this:
"Once that has been proven then that â is exempted from further
greylisting for 40 days since it was last seen."
Our CanIt system has been doing that since at least 2005, and
On 19/01/11 15:02, David F. Skoll wrote:
On Wed, 19 Jan 2011 09:56:47 -0500
Lee Dilkie wrote:
The second was that I've found that the other spam-catching filtering
is doing a much better job than it was years ago and turning off
greylisting didn't adversely affect the amount of spam that got
t
On 2011/01/18 9:49 AM, J4 wrote:
> This is pretty much what I would like to achieve, & the reason I
> decided not to use Dovecot Sieve (apart from me being incapable of
> setting it. ;) ).
>
> Parse the SPAM during the SMPT session and use only RAM: Perfect.
>
> I would still li
On 1/19/11 2:35 PM, "John Hardin" wrote:
> On Wed, 19 Jan 2011, Daniel McDonald wrote:
>
>> On 1/19/11 10:17 AM, "John Hardin" wrote:
>>
>>> On Wed, 19 Jan 2011, Lee Dilkie wrote:
>>>
Don't get me wrong, I liked GL but there are a number of big ISPs that
have quite long retry tim
On Wed, 19 Jan 2011, Daniel McDonald wrote:
On 1/19/11 10:17 AM, "John Hardin" wrote:
On Wed, 19 Jan 2011, Lee Dilkie wrote:
Don't get me wrong, I liked GL but there are a number of big ISPs that
have quite long retry timeouts (for some reason, sympatico comes to
mind) and it got to be too
On 1/19/2011 8:06 AM, Lee Dilkie wrote:
On 1/19/2011 10:02 AM, David F. Skoll wrote:
On Wed, 19 Jan 2011 09:56:47 -0500
Lee Dilkie wrote:
The second was that I've found that the other spam-catching filtering
is doing a much better job than it was years ago and turning off
greylisting didn't
The legitimate mail that passes through my mail server comes from
hosts / networks I might not hear from again for months, by which
time I have to potentially wait 24 hours for the greylisting / mail
server to try again.
>>
>> I run greylisting on an email server with several th
On 1/19/2011 9:25 AM, Matt wrote:
The legitimate mail that passes through my mail server comes from
hosts / networks I might not hear from again for months, by which
time I have to potentially wait 24 hours for the greylisting / mail
server to try again.
I run greylisting on an email server wit
On Wed, Jan 19, 2011 at 11:14:29AM -0600, Daniel McDonald wrote:
> On 1/19/11 10:17 AM, "John Hardin" wrote:
>
> > On Wed, 19 Jan 2011, Lee Dilkie wrote:
> >
> >> Don't get me wrong, I liked GL but there are a number of big ISPs that
> >> have quite long retry timeouts (for some reason, sympatic
>> The legitimate mail that passes through my mail server comes from
>> hosts / networks I might not hear from again for months, by which
>> time I have to potentially wait 24 hours for the greylisting / mail
>> server to try again.
I run greylisting on an email server with several thousand email
On 1/19/11 10:17 AM, "John Hardin" wrote:
> On Wed, 19 Jan 2011, Lee Dilkie wrote:
>
>> Don't get me wrong, I liked GL but there are a number of big ISPs that
>> have quite long retry timeouts (for some reason, sympatico comes to
>> mind) and it got to be too annoying.
>
> ...and when you encou
On Wed, 19 Jan 2011, Lee Dilkie wrote:
Don't get me wrong, I liked GL but there are a number of big ISPs that
have quite long retry timeouts (for some reason, sympatico comes to
mind) and it got to be too annoying.
...and when you encounter a big ISP that does this, do you notify their
postm
On 1/19/2011 10:02 AM, David F. Skoll wrote:
> On Wed, 19 Jan 2011 09:56:47 -0500
> Lee Dilkie wrote:
>
>> The second was that I've found that the other spam-catching filtering
>> is doing a much better job than it was years ago and turning off
>> greylisting didn't adversely affect the amount of
On Wed, 19 Jan 2011 09:56:47 -0500
Lee Dilkie wrote:
> The second was that I've found that the other spam-catching filtering
> is doing a much better job than it was years ago and turning off
> greylisting didn't adversely affect the amount of spam that got
> through.
That's possibly true, but l
I recently gave up on greylisting after using it for years as well.
Two reasons really, one was the complaints from users (and I found that
they often asked folks to "send mail to me twice" to try and get mail to
"work better" and that was just embarrassing).
The second was that I've found that t
Am 18.01.2011 20:41, schrieb J4:
> On 01/18/2011 07:54 PM, J4 wrote:
>>
>> On 01/18/2011 06:51 PM, Patrick Ben Koetter wrote:
>>> * J4 :
This is pretty much what I would like to achieve, & the reason I
decided not to use Dovecot Sieve (apart from me being incapable of
setting it.
On 1/19/11 2:10 AM, David F. Skoll wrote:
On Tue, 18 Jan 2011 23:37:07 +0100
"Rolf E. Sonneveld" wrote:
I agree with you, looking at my own personal situation. However, many
mail admins (and maybe you too) are responsible for the e-mail
handling of many (tens/hundreds/thousands) of users. Most
On Tue, 18 Jan 2011 23:37:07 +0100
"Rolf E. Sonneveld" wrote:
> I agree with you, looking at my own personal situation. However, many
> mail admins (and maybe you too) are responsible for the e-mail
> handling of many (tens/hundreds/thousands) of users. Most users have
> unrealistic expectations
On 01/18/2011 12:31 PM, David F. Skoll wrote:
On Tue, 18 Jan 2011 22:18:20 +
Gary Forrest wrote:
Interesting 2 of our 3 scanning heads use a grey list system that
uses /32 addresses as part of the process, these two servers have
100's of emails delayed for well over a day. Our 3rd scanning
On 1/18/11 11:02 PM, David F. Skoll wrote:
On Tue, 18 Jan 2011 22:18:33 +0100
"Rolf E. Sonneveld" wrote:
RFC821/RFC2821/RFC5321 points out that a client has to wait a minimum
of 30 minutes before a retry attempt should be made,
That's fine. I don't care if an email from someone I've never he
On Tue, 18 Jan 2011 22:18:20 +
Gary Forrest wrote:
> Interesting 2 of our 3 scanning heads use a grey list system that
> uses /32 addresses as part of the process, these two servers have
> 100's of emails delayed for well over a day. Our 3rd scanning head
> uses a grey list system that is les
Hi All
To answer David's post, extract from our scanning system for today.
*Jan 18 01:53:19 sendmail[8404]: p0I1rIDg008404:
from=, size=43048, class=0,
nrcpts=1, msgid=, proto=ESMTP,
daemon=MTA, relay=revd138.shopdebenhams.com [195.154.153.138]
Jan 18 01:53:19 sendmail[8404]: p0I1rIDg008404:
On Tue, 18 Jan 2011 22:18:33 +0100
"Rolf E. Sonneveld" wrote:
> RFC821/RFC2821/RFC5321 points out that a client has to wait a minimum
> of 30 minutes before a retry attempt should be made,
That's fine. I don't care if an email from someone I've never heard
from before is delayed 30 minutes or e
On 1/18/11 4:58 PM, David F. Skoll wrote:
On Tue, 18 Jan 2011 16:55:42 +0100
Giles Coochey wrote:
The legitimate mail that passes through my mail server comes from
hosts / networks I might not hear from again for months, by which
time I have to potentially wait 24 hours for the greylisting / m
On 01/18/2011 09:18 PM, Patrick Ben Koetter wrote:
> * J4 :
>> GTUBE test message from http://gtube.net/gtube.txt produced:-
>> Jan 18 21:06:45 logout postfix/cleanup[30304]: 7F8DE8232B:
>> milter-reject: END-OF-MESSAGE from smtp-auth.no-ip.com[204.16.252.94]:
>> 5.7.1 Blocked by SpamAssassin; from
* J4 :
> GTUBE test message from http://gtube.net/gtube.txt produced:-
> Jan 18 21:06:45 logout postfix/cleanup[30304]: 7F8DE8232B:
> milter-reject: END-OF-MESSAGE from smtp-auth.no-ip.com[204.16.252.94]:
> 5.7.1 Blocked by SpamAssassin; from=
> to= proto=ESMTP helo=
>
> What is interesting, is th
On 01/18/2011 08:41 PM, J4 wrote:
> On 01/18/2011 07:54 PM, J4 wrote:
>> On 01/18/2011 06:51 PM, Patrick Ben Koetter wrote:
>>> * J4 :
This is pretty much what I would like to achieve, & the reason I
decided not to use Dovecot Sieve (apart from me being incapable of
setting it.
* J4 :
> > I'm on Debian Squeeze.
> Right folks! I did all of this:
>
> # spamass-milter -m -u nobody -f -p /var/run/spamass.sock
> # chown postfix.postfix /var/run/spamass.sock
> # spamass-milter -m -u nobody -f -p /var/spool/postfix/var/run/spamass.sock
> # chown postfix.postfix /var/spool/
On 01/18/2011 08:33 PM, Patrick Ben Koetter wrote:
> * J4 :
>> On 01/18/2011 06:51 PM, Patrick Ben Koetter wrote:
>>> * J4 :
This is pretty much what I would like to achieve, & the reason I
decided not to use Dovecot Sieve (apart from me being incapable of
setting it. ;) ).
On 01/18/2011 07:54 PM, J4 wrote:
>
> On 01/18/2011 06:51 PM, Patrick Ben Koetter wrote:
>> * J4 :
>>> This is pretty much what I would like to achieve, & the reason I
>>> decided not to use Dovecot Sieve (apart from me being incapable of
>>> setting it. ;) ).
>>>
>>> Parse the SPAM
* J4 :
>
> On 01/18/2011 06:51 PM, Patrick Ben Koetter wrote:
> > * J4 :
> >> This is pretty much what I would like to achieve, & the reason I
> >> decided not to use Dovecot Sieve (apart from me being incapable of
> >> setting it. ;) ).
> >>
> >> Parse the SPAM during the SMPT ses
On 01/18/2011 06:51 PM, Patrick Ben Koetter wrote:
> * J4 :
>> This is pretty much what I would like to achieve, & the reason I
>> decided not to use Dovecot Sieve (apart from me being incapable of
>> setting it. ;) ).
>>
>> Parse the SPAM during the SMPT session and use only RAM:
* J4 :
> This is pretty much what I would like to achieve, & the reason I
> decided not to use Dovecot Sieve (apart from me being incapable of
> setting it. ;) ).
>
> Parse the SPAM during the SMPT session and use only RAM: Perfect.
>
> I would still like to notify the connecting
Disabled. Done :-O
"Martin Gregorie" wrote:
>On Tue, 2011-01-18 at 16:43 +, Martin Hepworth wrote:
>> I tend to find AWL is a pain in a user population of more than 10 and
>> disable it by default now.
>>
>>
>I found it was a pain with a user population of one and disable it
>automatically
On Tue, 2011-01-18 at 16:43 +, Martin Hepworth wrote:
> I tend to find AWL is a pain in a user population of more than 10 and
> disable it by default now.
>
>
I found it was a pain with a user population of one and disable it
automatically.
Martin
On 01/18/2011 05:39 PM, Patrick Ben Koetter wrote:
> * J4 :
I know this is off-topic but is there a way for a third party programme
to silently drop spam from delivery?
>>> There are several: MimeDefang, Spamassassin-Milter and amavisd-new come to
>>> mind.
>>>
>>> MimeDefang and Spamass
I tend to find AWL is a pain in a user population of more than 10 and
disable it by default now.
--
Martin Hepworth
Oxford, UK
On 18 January 2011 16:35, Bowie Bailey wrote:
> On 1/18/2011 11:12 AM, J4 wrote:
> >
> >
> > Right - I've moved the SA scanning to the front of postfix, and it
>
* J4 :
> >> I know this is off-topic but is there a way for a third party programme
> >> to silently drop spam from delivery?
> > There are several: MimeDefang, Spamassassin-Milter and amavisd-new come to
> > mind.
> >
> > MimeDefang and Spamassassin-Milter work as MILTERS (see: smtpd_milters or
>
On 1/18/2011 11:12 AM, J4 wrote:
>
>
> Right - I've moved the SA scanning to the front of postfix, and it
> scans accordingly and adds headers.
>
> What is odd, is that :-
> It seems that the AWL white-lists the email addresses that were
> black-listed. Additionally, the shortcircuit shoul
On 01/18/2011 04:20 PM, Martin Gregorie wrote:
> On Tue, 2011-01-18 at 09:00 -0500, Bowie Bailey wrote:
>> On 1/18/2011 4:13 AM, J4 wrote:
>>> I have Dovecot LDA so Sieve might well be a good idea, but I would
>>> like to inform the sender that the Email was dropped as spam, and
>>> avoid backscatt
On Tue, 18 Jan 2011 16:55:42 +0100
Giles Coochey wrote:
> The legitimate mail that passes through my mail server comes from
> hosts / networks I might not hear from again for months, by which
> time I have to potentially wait 24 hours for the greylisting / mail
> server to try again.
My point is
On 18/01/2011 16:46, David F. Skoll wrote:
On Tue, 18 Jan 2011 13:37:40 -0200
Rejaine Monteiro wrote:
I also gave up using greylist due to the same problems.
I find that very surprising. We've used greylisting for years and
have never noticed such problems. (We greylist after the DATA phase
On Tue, 18 Jan 2011 13:37:40 -0200
Rejaine Monteiro wrote:
> > I'm not prepared to wait 24 hours for mail servers to successfully
> > send me mails - it's the equivalent of sealing my letterbox on
> > Mondays, Wednesdays and Fridays for me, and I want near-real time
> > email communication.
> I
Em 18-01-2011 13:26, Giles Coochey escreveu:
>
> I enabled Greylisting for a while. Unfortunately - I found that the
> MTAs my MTA communicated with responded in unreliable ways. Some MTAs
> would not try any of my MX records (all using the same Greylisting db)
> for at least a day, while others w
On 18/01/2011 16:20, Martin Gregorie wrote:
On Tue, 2011-01-18 at 09:00 -0500, Bowie Bailey wrote:
If you're thinking of detecting spam at SMTP time you should consider
greylisting. When my ISP implemented it the spam I get dropped
immediately from 80% of my mail to 8%, where its remained ever si
On 01/18/2011 04:20 PM, Martin Gregorie wrote:
> On Tue, 2011-01-18 at 09:00 -0500, Bowie Bailey wrote:
>> On 1/18/2011 4:13 AM, J4 wrote:
>>> I have Dovecot LDA so Sieve might well be a good idea, but I would
>>> like to inform the sender that the Email was dropped as spam, and
>>> avoid backscatt
On Tue, 2011-01-18 at 09:00 -0500, Bowie Bailey wrote:
> On 1/18/2011 4:13 AM, J4 wrote:
> >
> > I have Dovecot LDA so Sieve might well be a good idea, but I would
> > like to inform the sender that the Email was dropped as spam, and
> > avoid backscatter. I don't think I can do this with Sieve/D
On 01/18/2011 03:59 PM, m...@junc.org wrote:
> On Tue, 18 Jan 2011 10:13:22 +0100, J4 wrote:
>
>> I have Dovecot LDA so Sieve might well be a good idea, but I would
>> like to inform the sender that the Email was dropped as spam, and
>> avoid backscatter. I don't think I can do this with Sieve/Dov
On 1/18/2011 4:13 AM, J4 wrote:
>
> I have Dovecot LDA so Sieve might well be a good idea, but I would
> like to inform the sender that the Email was dropped as spam, and
> avoid backscatter. I don't think I can do this with Sieve/Dovecot LDA.
You cannot do this from the delivery agent without
On Tue, 18 Jan 2011 10:13:22 +0100, J4 wrote:
I have Dovecot LDA so Sieve might well be a good idea, but I would
like to inform the sender that the Email was dropped as spam, and
avoid backscatter. I don't think I can do this with Sieve/Dovecot
LDA.
dont use sieve reject since if you are usi
Sender
>>>> address is blacklisted by the user? Did I misunderstand the
>>>> short-circuit effect?
>>>>
>>>> Best wishes.
>>>>
>>>>
>>> spamassassin doesn't do anything about delivery. it just marks the
>>> hea
On Mon, 17 Jan 2011 22:12:42 +0100, JKL wrote:
I know this is off-topic but is there a way for a third party
programme
to silently drop spam from delivery?
enable sieve on docecot-lda
and see this http://sieve.info/
* JKL :
>
> On 01/17/2011 09:29 PM, Michael Scheidell wrote:
> > On 1/17/11 3:27 PM, JKL wrote:
> >> Hi there,
> >>
> >> Why would this be delivered into the user mailbox when the Sender
> >> address is blacklisted by the user? D
On 1/17/2011 4:12 PM, JKL wrote:
> On 01/17/2011 09:29 PM, Michael Scheidell wrote:
>> On 1/17/11 3:27 PM, JKL wrote:
>>> Hi there,
>>>
>>> Why would this be delivered into the user mailbox when the Sender
>>> address is blacklisted by the use
On Mon, 17 Jan 2011 22:12:42 +0100
JKL wrote:
> I know this is off-topic but is there a way for a third party
> programme to silently drop spam from delivery?
You could use a milter such as MIMEDefang (www.mimedefang.org).
Although it's primarily used by Sendmail admins, it does work with
Postf
On 01/17/2011 09:29 PM, Michael Scheidell wrote:
> On 1/17/11 3:27 PM, JKL wrote:
>> Hi there,
>>
>> Why would this be delivered into the user mailbox when the Sender
>> address is blacklisted by the user? Did I misunderstand the
>> short-
On 1/17/11 3:27 PM, JKL wrote:
Hi there,
Why would this be delivered into the user mailbox when the Sender
address is blacklisted by the user? Did I misunderstand the
short-circuit effect?
Best wishes.
spamassassin doesn't do anything about delivery. it just marks the he
Hi there,
Why would this be delivered into the user mailbox when the Sender
address is blacklisted by the user? Did I misunderstand the
short-circuit effect?
Best wishes
On Thu, 2010-09-23 at 17:55 -0500, Chris wrote:
> http://pastebin.com/ypiHcyvK
>
> The above phish for my ISP came in this morning, it triggered the short
> circuit 'ham' rule. Is it because I have this in my local.cf and the
> message has a dkim signature?
>
On Sun, 2010-09-26 at 19:26 +0200, Benny Pedersen wrote:
> On søn 26 sep 2010 15:27:47 CEST, Chris wrote
>
> > On Sat, 2010-09-25 at 04:47 +0200, Benny Pedersen wrote:
> >> On lør 25 sep 2010 02:53:30 CEST, Chris wrote
> >> > meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> >> > U
On søn 26 sep 2010 15:27:47 CEST, Chris wrote
On Sat, 2010-09-25 at 04:47 +0200, Benny Pedersen wrote:
On lør 25 sep 2010 02:53:30 CEST, Chris wrote
> meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
> USER_IN_DEF_
On Sat, 2010-09-25 at 04:47 +0200, Benny Pedersen wrote:
> On lør 25 sep 2010 02:53:30 CEST, Chris wrote
> > meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> > USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
> > USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
>
> there is s
On Sat, 25 Sep 2010 04:47:31 +0200
Benny Pedersen wrote:
> On lør 25 sep 2010 02:53:30 CEST, Chris wrote
> > meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> > USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
> > USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
>
> there is
On lør 25 sep 2010 06:00:13 CEST, Karsten Bräckelmann wrote
user_in_whitelist includes whitelist_from with can be forged, my fav
to be removed if i just can convence more devs :)
Bug number? Sorry, getting late here, too lazy to search whether you
actually filed it. ;)
okay i will create a tic
On Sat, 25 Sep 2010 05:42:19 +0200
Karsten Bräckelmann wrote:
> The problem is, that your ISP accepts plain text authentication over
> plain text, un-encrypted channels. One of them must be encrypted, at
> the very least if you gonna sign it. Otherwise it's too easy to
> eavesdrop and get the cre
On Sat, 2010-09-25 at 04:47 +0200, Benny Pedersen wrote:
> > meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
> > USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
> > USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
>
> there is still user in def :=)
>
> user_in_whitelist incl
On Fri, 2010-09-24 at 22:16 -0500, Chris wrote:
> On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
> > Begs the question why the phish that started this thread has been DKIM
> > signed by your ISP, too. Seriously.
> >
> > Hmm, from your original pastebin:
> >
> > Authentication-Res
On Sat, 2010-09-25 at 04:55 +0200, Benny Pedersen wrote:
> On lør 25 sep 2010 03:46:09 CEST, Karsten Bräckelmann wrote
> > Anyone wonder how to steal those user passwords?
> > (BTW, you did not use TLS either. :/)
>
> dont blame chris on this one, he needs a isp that dont accept passwors
> in no
On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
> > On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
> > > Ham!? PBL, SORBS DUL. Are you trying to use whitelisting to protect
> > > outgoing messages? Shouldn't you be usin
On lør 25 sep 2010 03:46:09 CEST, Karsten Bräckelmann wrote
Anyone wonder how to steal those user passwords?
(BTW, you did not use TLS either. :/)
dont blame chris on this one, he needs a isp that dont accept passwors
in non tls tunnels, well spotted
/me back on my problem with kernel that
On lør 25 sep 2010 02:53:30 CEST, Chris wrote
meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||
USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||
USER_IN_DEF_SPF_WL||USER_IN_WHITELIST)
there is still user in def :=)
user_in_whitelist includes whitelist_from with can
On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
> > http://pastebin.com/LqVtvjgM
>
> OK, wait. That sample is really an example showing the DKIM headers,
> sent by *you*. Right? It's authenticated.
> Hmm, from your original pastebin
On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
> On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
> > Ham!? PBL, SORBS DUL. Are you trying to use whitelisting to protect
> > outgoing messages? Shouldn't you be using authenticated SMTP instead?
>
> No Karsten, this is incoming mail t
> you did see fp, change all above to def_whitelist_*
>
> and change shortcicuit to only match whitelist_* not def_whitelist
>
> or solve it with remove whitelist for this fp domain :)
>
> > Here's what rules hit in a short circuit ham:
> >
> > X-spam-status: No, s
On Sat, 2010-09-25 at 01:07 +0200, Karsten Bräckelmann wrote:
> On Fri, 2010-09-24 at 17:31 -0500, Chris wrote:
> > Here's what rules hit in a short circuit ham:
> >
> > X-spam-status: No, score=-124.2 required=5.0 tests=RCVD_IN_PBL=3.335,
> > RCVD_IN_SORBS_DUL=0
*...@embarqmail.com
why is spf more trusted then dkim here ?
you did see fp, change all above to def_whitelist_*
and change shortcicuit to only match whitelist_* not def_whitelist
or solve it with remove whitelist for this fp domain :)
Here's what rules hit in a short circuit ham:
X-spam-statu
On Fri, 2010-09-24 at 17:31 -0500, Chris wrote:
> Here's what rules hit in a short circuit ham:
>
> X-spam-status: No, score=-124.2 required=5.0 tests=RCVD_IN_PBL=3.335,
> RCVD_IN_SORBS_DUL=0.001,SC_NET_HAM=-20,SHORTCIRCUIT=-100,
> USER_IN_DEF_DKIM_WL=-7.5 RCVD_IN_PBL,RCVD_IN_
whitelist_from_SPF *...@embarqmail.com
def_whitelist_from_dkim *...@embarqmail.com
def_whitelist_from_spf *...@embarqmail.com
Here's what rules hit in a short circuit ham:
X-spam-status: No, score=-124.2 required=5.0 tests=RCVD_IN_PBL=3.335,
RCVD_IN_SORBS_DUL=0.001,SC_NET_HAM=-20,SHORTCIRCUIT=-100,
USER_IN_DE
On fre 24 sep 2010 04:33:33 CEST, Chris wrote
Or is it needed since I have the def_whitelist_from_spf line?
you trigger on def_ in shourtcicuit thats the error you made if any,
do change the shortcicuit rule to only doit it if its whilelist not
just def_whitelist
def_ rules is for grey do
On Fri, 2010-09-24 at 03:55 +0200, Benny Pedersen wrote:
> On fre 24 sep 2010 00:55:17 CEST, Chris wrote
>
> > Do I have def_whitelist_from_dkim configured incorrectly?
>
> no dkim is fine, just dont skip more spam tests based on def_*
>
These are the only two def_ lines I have:
def_whitelist_
On fre 24 sep 2010 00:55:17 CEST, Chris wrote
Do I have def_whitelist_from_dkim configured incorrectly?
no dkim is fine, just dont skip more spam tests based on def_*
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
http://pastebin.com/ypiHcyvK
The above phish for my ISP came in this morning, it triggered the short
circuit 'ham' rule. Is it because I have this in my local.cf and the
message has a dkim signature?
def_whitelist_from_dkim *...@embarqmail.com
DKIM-Signature: v=1; a=rsa-sha1; d=emba
On Fri, 2009-10-09 at 10:32 -0700, R-Elists wrote:
> > Probably because you are not short-circuiting on the whitelist. ;)
> >
> > Any whitelist rule is just that -- a plain, ordinary rule. With a score.
> > There is no magic, and other matching rules always can overrule any
> > other fraction of t
Chris wrote:
> It appears as though I don't understand how this is supposed to work. I
> have a file in /etc/mail/spamassassin called my-whitelist.cf. In it I
> have entries such as:
>
>
>
> whitelist_from_rcvd harley-requ...@the-hed.net the-hed.net
>
>
> however, a message from the 2nd add
It appears as though I don't understand how this is supposed to work. I
have a file in /etc/mail/spamassassin called my-whitelist.cf. In it I
have entries such as:
whitelist_from_rcvd serv...@freenet.de freenet.de
whitelist_from_rcvd harley-requ...@the-hed.net the-hed.net
In my local.cf I have:
Ok, I found it, the plugin was not loaded...
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert rudy.geva...@ugent.be tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur Direction ICT, Infrastructure dept.
Groep Systemen
Dear list,
I'm trying to get short circuit working:
body LOCAL_SPAM_DEMONSTRATION_RULE /testrudy/
priority LOCAL_SPAM_DEMONSTRATION_RULE -1
score LOCAL_SPAM_DEMONSTRATION_RULE 5.5
describe LOCAL_SPAM_DEMONSTRATION_RULE This is a simple test rule
shortci
ram wrote:
So would you suggest I remove all shortcircuit on DNS Rules.
Is there anyway I can get USER_IN_SPF_WHITELIST evaluated before All
other tests
No.. It's a DNS based test, so it would be counterproductive to try to
make one run before the others. For the cases where
USER_IN_SPF_W
1 - 100 of 125 matches
Mail list logo
