On Tue, 23 Aug 2022, Vincent Lefevre wrote:
On 2022-08-18 12:11:04 -0400, Kris Deugau wrote:
Mmm. So how would you, as sender or sender's mail provider, troubleshoot a
message rejected with "550 Too spammy"? I have seen several rejections that
were equally clear and to the point, without divu
On 2022-08-23 14:31:55 +0100, Martin Gregorie wrote:
> Fair enough: I did say that some of this was off the top pf my head at
> the end of a longish day.
>
> Would doing the lookup trick on the URL in the Message-ID header be any
> more reliable?
DNS Lookup checking is valid only for IP -> FQDN -
On Tue, 2022-08-23 at 12:11 +0200, Vincent Lefevre wrote:
> On 2022-08-18 19:40:33 +0100, Martin Gregorie wrote:
> > - if the reverse lookup fails, or the domain it retrieved does not
> > match the one in the From address, send a bare 550 REJECT because
> > the failed
> > reverse lookup implies the
On 2022-08-18 19:40:33 +0100, Martin Gregorie wrote:
> - extract the domain name from the incoming mail's From header and use
> it to find the domain IP. Use that IP to do a reverse domain lookup.
>
> - if the reverse lookup fails, or the domain it retrieved does not match
> the one in the Fr
On 2022-08-18 12:11:04 -0400, Kris Deugau wrote:
> Mmm. So how would you, as sender or sender's mail provider, troubleshoot a
> message rejected with "550 Too spammy"? I have seen several rejections that
> were equally clear and to the point, without divulging any particular detail
> about what,
On Thu, 2022-08-18 at 12:11 -0400, Kris Deugau wrote:
> Mmm. So how would you, as sender or sender's mail provider,
> troubleshoot a message rejected with "550 Too spammy"? I have seen
> several rejections that were equally clear and to the point, without
> divulging any particular detail abou
Vincent Lefevre wrote:
On 2022-08-16 12:05:43 -0400, Kris Deugau wrote:
And, quite reasonably, most rejections for spam include very little or no
detail, so aside from DNSBL-based rejections the sending platform has
essentially zero information beyond "the receiving system doesn't like us".
Whic
On 2022-08-16 12:05:43 -0400, Kris Deugau wrote:
> Vincent Lefevre wrote:
> > On 2022-08-15 10:39:05 -0400, Kris Deugau wrote:
> > > Vincent Lefevre wrote:
> > > > Rejecting mail (instead of accepting it and dropping it) is useful
> > > > in case of false positives.
> > >
> > > I'm a bit torn on t
Vincent Lefevre wrote:
On 2022-08-15 10:39:05 -0400, Kris Deugau wrote:
Vincent Lefevre wrote:
Rejecting mail (instead of accepting it and dropping it) is useful
in case of false positives.
I'm a bit torn on this.
On the one hand, yes, the sender now knows for sure their message didn't get
t
On 2022-08-15 11:33:53 -0400, Greg Troxel wrote:
> Vincent Lefevre writes:
> > On 2022-08-13 14:05:43 -0400, joe a wrote:
> >> On 8/13/2022 12:38 PM, Martin Gregorie wrote:
> >> . . .
> >> > 2) There's no mandatory need to REJECT spam. It has always been up to
> >> > the recipient to decide wh
On 2022-08-15 10:39:05 -0400, Kris Deugau wrote:
> Vincent Lefevre wrote:
> > Rejecting mail (instead of accepting it and dropping it) is useful
> > in case of false positives.
>
> I'm a bit torn on this.
>
> On the one hand, yes, the sender now knows for sure their message didn't get
> through*.
On 16/08/2022 01:33, Greg Troxel wrote:
If you accept mail and then send it to /dev/null, then the recipient is
unaware that it was sent, and the sender is unaware that it wasn't
received,
Exactly what happens to high scored spam, if its high is very obvious
trash and the recipient wont want
Vincent Lefevre writes:
> On 2022-08-13 14:05:43 -0400, joe a wrote:
>> On 8/13/2022 12:38 PM, Martin Gregorie wrote:
>> . . .
>> > 2) There's no mandatory need to REJECT spam. It has always been up to
>> > the recipient to decide whether to return it to the sender or not.
>>
>> Agreed in p
Vincent Lefevre wrote:
On 2022-08-13 14:05:43 -0400, joe a wrote:
On 8/13/2022 12:38 PM, Martin Gregorie wrote:
. . .
2) There's no mandatory need to REJECT spam. It has always been up to
the recipient to decide whether to return it to the sender or not.
Agreed in part. I see returning
Bill Cole wrote:
Not exactly. There are 2 distinct domain lists internal to SA that exist
to reduce false positives.
1. The URIDNSBL 'skip' list of domains which are ignored in body URIs.
These are known to not *per se* have any correlation to the ham/spam
classification decision.
IIRC the
On Sun, 2022-08-14 at 11:39 +1000, Noel Butler wrote: On 14/08/2022
3) It would be rather trivial to return spam to sender with a
suitable
On 14/08/2022 22:37, Martin Gregorie wrote:
WTF, that has been a terrible idea since the 90s, given most spam is
spoofed, the end result of this will be y
On 14/08/2022 23:15, David Bürgin wrote:
To clarify: Backscatter is caused by 'rejecting' mail with a bounce
message, after first accepting it.
This is what was being suggested by some, I think everyone here knows
what backscatter means, and what it is.
--
Regards,
Noel Butler
This Email,
On 14/08/2022 22:37, Martin Gregorie wrote:
On Sun, 2022-08-14 at 11:39 +1000, Noel Butler wrote: On 14/08/2022
02:38, Martin Gregorie wrote:
3) It would be rather trivial to return spam to sender with a
suitable
WTF, that has been a terrible idea since the 90s, given most spam is
spoofed, the
On 8/14/2022 2:55 PM, John Hardin wrote:
On Sat, 13 Aug 2022, joe a wrote:
Why waste your own system resources to help a scoundrel? Drop them
and be done.
I personally perfer to TCP tarpit repeat offenders.
+1
-- Jared Hall
On Sat, 13 Aug 2022, joe a wrote:
Why waste your own system resources to help a scoundrel? Drop them and be
done.
I personally perfer to TCP tarpit repeat offenders.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a
> WTF, that has been a terrible idea since the 90s, given most spam is
> spoofed, the end result of this will be your mail server getting the
> poor reputation as source of backscatter and going into blacklists :)
If you reject, you should reject on their SMTP connection. If you
return a DSN la
Martin Gregorie:
> On Sun, 2022-08-14 at 11:39 +1000, Noel Butler wrote:
> > On 14/08/2022 02:38, Martin Gregorie wrote:
> >
> > > 3) It would be rather trivial to return spam to sender with a
> > > suitable
> >
> > WTF, that has been a terrible idea since the 90s, given most spam is
> > spoofed
On Sun, 2022-08-14 at 11:39 +1000, Noel Butler wrote:
> On 14/08/2022 02:38, Martin Gregorie wrote:
>
> > 3) It would be rather trivial to return spam to sender with a
> > suitable
>
> WTF, that has been a terrible idea since the 90s, given most spam is
> spoofed, the end result of this will be
On 2022-08-13 19:09:26 -0400, joe a wrote:
> On 8/13/2022 4:52 PM, Vincent Lefevre wrote:
> > Well, if you don't reject the mail with the reason that the address
> > is invalid, the spammer could deduce that the address is valid
> > (at least potentially valid). By not rejecting spam, the spammer
>
On 14/08/2022 04:23, Bill Cole wrote:
Not sure what you mean by that... There are a handful of rules that
sidestep specific false positive cases because the hit being evaded
isn't meaningful in specific cases. None of those are intended to
'whitelist' any domain, they exist to avoid incorrect
On 14/08/2022 02:38, Martin Gregorie wrote:
3) It would be rather trivial to return spam to sender with a suitable
WTF, that has been a terrible idea since the 90s, given most spam is
spoofed, the end result of this will be your mail server getting the
poor reputation as source of backscatte
I am far from an anti SPAM expert, but:
On 8/13/2022 4:52 PM, Vincent Lefevre wrote:
On 2022-08-13 14:05:43 -0400, joe a wrote:
On 8/13/2022 12:38 PM, Martin Gregorie wrote:
. . .
2) There's no mandatory need to REJECT spam. It has always been up to
the recipient to decide whether to retu
On 2022-08-13 14:05:43 -0400, joe a wrote:
> On 8/13/2022 12:38 PM, Martin Gregorie wrote:
> . . .
> > 2) There's no mandatory need to REJECT spam. It has always been up to
> > the recipient to decide whether to return it to the sender or not.
>
> Agreed in part. I see returning SPAM to sende
On Sat, 2022-08-13 at 14:05 -0400, joe a wrote:
> To add my comment, returning SPAM, assuming it even reaches the
> original sender, may serve only to assure them of the effectiveness of
> their campaign to reach valid addresses. In effect "helping" them.
>
Agreed - I've occasionally thought about
On 2022-08-12 at 23:43:48 UTC-0400 (Sat, 13 Aug 2022 13:43:48 +1000)
Noel Butler
is rumored to have said:
Why are you not blocking with blacklists at the border, ie: MTA.
Given its 0 resources for your MTA, with anti spam checking on SA
often using significant resources (depending on traffic/
I'll be sure to look this over well to see what I can use or adapt, thanks.
On 8/13/2022 11:04 AM, Reindl Harald wrote:
Am 13.08.22 um 16:21 schrieb joe a:
Ah, thanks for describing that. I am somewhat more brain fogged than
usual this morning, so am uncertain any of those would work in thi
On 8/13/2022 12:38 PM, Martin Gregorie wrote:
. . .
2) There's no mandatory need to REJECT spam. It has always been up to
the recipient to decide whether to return it to the sender or not.
Agreed in part. I see returning SPAM to sender as an exercise in
futility or perhaps further ena
On Sat, 2022-08-13 at 17:46 +0200, Reindl Harald wrote:
> and the main downside is that you can't REJECT clear spam and if "This
> puts spam into a holding area, where A cron job deletes it after a
> week" nobody knows in case of false positives
>
1) OF COURSE I have a daily cron job that reports a
On Sat, 2022-08-13 at 10:21 -0400, joe a wrote:
> This is a low volume system consisting of postfix, SA, clamav and
> fetchmail.
>
> The mailserver (postfix) is not exposed to the internet, mail traffic
> is sent to it by "fetchmail", which itself goes out to several
> providers where mail accoun
And, of course, I must edit my last reply:
On 8/13/2022 10:21 AM, joe a wrote:
My first thought was, the postfix stuff would work, because . . .
My first thought was, the postfix stuff would NOT work, because . . .
Ah, thanks for describing that. I am somewhat more brain fogged than
usual this morning, so am uncertain any of those would work in this
configuration. But I certainly need to look deeper. At least into my
coffee mug.
This is a low volume system consisting of postfix, SA, clamav and
fetchma
On 13.08.22 15:52, Bert Van de Poel wrote:
I think what Noel is referring to is Postfix configuration like this
for example:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client
d
On 13.08.22 13:43, Noel Butler wrote:
Why are you not blocking with blacklists at the border, ie: MTA.
one can block at MTA level, but blocklists are usable on multiple headers,
not just on the incoing IP address.
On 13/08/2022 09:55, joe a wrote:
I need to refresh my brain on using blackli
I think what Noel is referring to is Postfix configuration like this for
example:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamh
On 8/12/2022 11:43 PM, Noel Butler wrote:
Why are you not blocking with blacklists at the border, ie: MTA.
I'm not familiar with how to do that or if it can be done. Since SA
offers this functionality, so did not even consider that. I'll look into it.
Given its 0 resources for your MTA, wit
Why are you not blocking with blacklists at the border, ie: MTA.
Given its 0 resources for your MTA, with anti spam checking on SA often
using significant resources (depending on traffic/number of tests/rules
etc), its best to stop it getting to SA in the first place.
SA also has this by-defa
I need to refresh my brain on using blacklists with SA, before looking
more deeply into why this got through.
Today a email slipped through with a very low score that was clearly
phishy. A url in question, posing as another, hits no less that 6
blacklists. I was going to look at clamav that
asy way to mailbomb is to use a bot that will subscribe the user
> to thousands of mailing lists within minutes. Most won't do captcha and
> even the ones doing COI (Confirmed Opt-In) will each still send at least
> one first e-mail. The sample you provided is exactly that: it'
will probably not check each of those mails (delete everything) and
realize that the actual threat is.
A very easy way to mailbomb is to use a bot that will subscribe the user
to thousands of mailing lists within minutes. Most won't do captcha and
even the ones doing COI (Confirmed Opt-In)
Alex wrote:
Hi,
I have a user who is receiving hundreds of subscribe confirmation
requests and password reset requests from legitimate sources like
teabox.com, coupon sites, online magazines, travel sites, etc. They're
in all different languages and types of sites.
They're not bounc
Hi,
I have a user who is receiving hundreds of subscribe confirmation
requests and password reset requests from legitimate sources like
teabox.com, coupon sites, online magazines, travel sites, etc. They're
in all different languages and types of sites.
They're not bounce messages, b
Hi all,
I wonder if anyone has encountered spam like this recently?
http://pastebin.com/raw.php?i=3ByuaFva
It's a base64-encoded subscribe request for a yahoo group with
japanese characters. It has a significant negative score (-17) with
bayes00, so I was kind of concerned and hoped someon
the moderators and the delay it causes,
please do subscribe to a mailing list *before* posting.
http://wiki.apache.org/spamassassin/MailingLists
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;
Makoev Alan wrote on Mon, 16 Feb 2009 09:53:38 +0300:
> subscribe
wow, that's new!
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
On Mon, April 21, 2008 21:52, mouss wrote:
> Chris wrote:
> http://wiki.apache.org/spamassassin/MailingLists
> is this list open?
or Chris wanted to be, or is, or was, only owner and Chris now knows :-)
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Chris wrote:
http://wiki.apache.org/spamassassin/MailingLists
is this list open?
Joshua Sindy
Unix / Windows Systems Administrator
Empower Information Systems
www.empoweris.com
Gtalk: joshuasindy
757-273-9399 (office)
757-715-3534 (cell)
866-477-1544 (toll free)
[EMAIL PROTECTED] (email)
nstead send a message to
> <[EMAIL PROTECTED]> and put the
> entire address listed above into the "Subject:" line.
>
>
> --- Administrative commands for the users list ---
>
> I can handle administrative requests automatically. Please
> do not send them to the
users-subscribe -at- spamassassin.apache.org
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other
56 matches
Mail list logo
