Re: Constructive solution to the blacklist thread

On 25 Jul 2020, at 13:25, Thom van der Boon wrote: > Dear everybody, > > Could we please "cut the crap" and stop with all the polictics. Yes, but starting a new thread that is attracting the same BS again is not going to help. I already have a half-dozen threads muted and a few persistent pos

Re: Blacklisting a stubborn sender

On 02 Aug 2020, at 07:54, Kevin A. McGrail wrote: > If they aren't spending spam, why care about their MID or Helo format > unless there is a delivery issue. If they are sending mail with an invalid helo then it is perfectly valid to drop the connections. This may be a problem when you want to u

Re: Freshdesk (again)

On 17 Aug 2020, at 11:25, Philip Prindeville wrote: > I’ve been calling out phishing from the same (IP) address for 10 days without > any apparent (observable) action from Sendgrid. Not a shock; they simply do not care. > At this point I’m wondering if they have compromised relays. It seems t

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

On 21 Aug 2020, at 14:15, Benny Pedersen wrote: > blacklist_from *+14927644-* I think adding 5.0 to all sendgrid mail is the best idea I've heard. Sendgrid makes me long for the days of the SPEWS RBL. -- These are the thoughts that kept me out of the really good schools. -- George Car

Re: Catching Phishing messages

On 20 Sep 2020, at 08:35, Daryl Rose wrote: > I can blacklist the email address, but I know that won't help. Is there a > rule that I can set up to catch more phishing attempts? SPF and DMARC seem to be the only ways to deal with spams from large senders that are faked, but what is considered

Re: Catching Phishing messages

On 21 Sep 2020, at 08:21, Daryl Rose wrote: > I don't have the email server, it's hosted by a provider. This provider does > a crappy job at filtering spam and phishing, so I am running ISBG and > Spamassassin to block the spam and phishing. This isn't really a workable solution as there are m

Re: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla

On 23 Sep 2020, at 13:22, Jerry Malcolm wrote: > the MTAs that had the courtesy of bouncing with a reason said the IP address > was blacklisted but didn't say where This may indicate that the IP address was added to permanently block lists before you got it, or based on your provider, or your c

Tagging outbound messages

I seem to recall, but cannot find, a recent message where someone had their outbound messages being tagged as spam. I sent an email to a friend today and it arrived with SA tagging because SA tagged my home IP address, but the message was sent through my mail server, and so my home IP address s

Re: check doman against uri bl of spamassassin

On 21 Oct 2020, at 13:35, Marc Roos wrote: > What is the best way to check an url against the default active > spamassassin uribl, on a linux server that does not have spamassassin > installed? This is clearly in the "how do I do a thing while imposing conditions that make impossible to do"

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

On 19 Nov 2020, at 14:25, Kevin A. McGrail wrote: > So over the years, I have gotten a lot of complaints from spammers about how > I'm breaking their 1st amendment rights by blocking their spam as free > speech. I've had to explain that I'm not the government and hence there are > no 1st amend

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

On 20 Nov 2020, at 07:59, AJ Weber wrote: > On 11/20/2020 9:28 AM, @lbutlr wrote: >> A whole lot of people have decided their right to free speech means an >> obligation from others to listen to them. It's not just spammers, it's also >> racists, fascists, repu

Re: Happy Thanksgiving and Announcing the Apache SpamAssassin Channel for the KAM Rule Set

On 26 Nov 2020, at 09:22, Kevin A. McGrail wrote: > Announcing the Apache SpamAssassin Channel for the KAM Rule Set Excellent and most welcome news! -- They looked at the drinks. They drank the drinks.

Re: Are these valid email headers?

On 05 Dec 2020, at 13:03, John Capo wrote: > On Sat, December 5, 2020 14:30, Loren Wilton wrote: >> I don't have a Faceboox account and don't know anyone on Facebook that would >> send me mail (and don't want to!), so I have absolutely no idea if these >> headers from recent spams >> are complete

KAM info messages

When I run my cron task to update SA. I am getting a LOT of lines in the crpn output along the lines of info: rules: meta test KAM_REALLY_FAKE_DELIVER has dependency 'KAM_RPTR_PASSED' with a zero score And a lot of compile lines like: cc -c-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DUSE_THREAD

Re: per-user bayes

On 07 Dec 2020, at 13:56, micah anderson wrote: > A per-user setup would let each user do their own thing, but I don't see > how I can do that because our system doesn't have individual system > users and I don't see that there are options in the bayes sql > configuration or per-user tables possib

Re: per-user bayes

On 08 Dec 2020, at 08:36, Benoit Panizzon wrote: > Adding the list back to CC as I believe this is an interesting topic > many have pondered over. Forgot to fix the reply to on this list for some reason. Fixed now. > Yes, I see that is states 'per user' but I still don't see, how that > 'bayes u

Re: per-user bayes

On 08 Dec 2020, at 13:54, micah anderson wrote: > Kris Deugau writes: >> There will only be one database and set of tables, but one of the fields >> in each table is the user identifier. Fair warning - if you go full >> per-user on a large system, this will MASSIVELY balloon the size of your

Re: More undetected hidden test spam signs

On 16 Dec 2020, at 23:21, Loren Wilton wrote: > I just got a batch of spams containing > > Interesting. I remember in the early days of html spam there were various rules to tag messages as spam when they had content that did not display. (Possibly pre-SpamAssasin or at least pre my use of Sp

Re: More undetected hidden test spam signs

On 17 Dec 2020, at 09:58, John Hardin wrote: > Such rules are there. Unfortunately, for whatever reason, lots of ham uses > "invisible" text so it's not useful as a spam sign by itself and it's hard to > come up with any useful combination rules. In the "Archive" folder on my work email there a

Re: Scoring Based on IP Address

On 17 Dec 2020, at 16:19, Dave Wreski wrote: > On 12/17/20 6:05 PM, Matt wrote: >> Is there a way with spamassassin local.conf to add a higher score >> based on source ip address or subnet? Basically the last IP in >> "Received:" header. >> bad_subnet_add_20_points: 192.168.240.0/24 >> Raising th

Re: Trouble with XM_RANDOM rule

grammatical, if you care.) script execution error (#1): /Users/lbutlr/mysisg: No such file or directory ##

Re: No rule for fake payPal messages?

On 19 Mar 2021, at 17:11, Loren Wilton wrote: > I just got this little wonder, and was surprised that it got thru as ham. > > From: "PayPal Billing" > > I've fixed that locally, but I'd think SA ought to have a rule for "PayPal" > that doesn't come from paypal. It does, but it looks at the

Re: google.com spam

On 04 Apr 2021, at 05:21, Matus UHLAR - fantomas wrote: > On 04.04.21 13:09, Benny Pedersen wrote: >> change score to 7.5 >> change score to -3.5 > > I prefer to solve problems instead of playing with scores. The way that SA solves problems is by changing score values. The entire foundation of

Re: Spoofed amazon order email

On 16 Apr 2021, at 16:03, John Hardin wrote: > header __FROM_NAME_AMAZONCOM From:name =~ /\bamazon\.com\b/i > meta POSSIBLE_AMAZON_PHISH_01 (__FROM_NAME_AMAZONCOM && NAME_EMAIL_DIFF) > meta POSSIBLE_AMAZON_PHISH_02 (__FROM_NAME_AMAZONCOM && > !__HDR_RCVD_AMAZON) It seems somethin

Re: Spoofed amazon order email

On 16 Apr 2021, at 16:16, RW wrote: > On Fri, 16 Apr 2021 11:25:19 -0400 Greg Troxel wrote: > >> Probably not for normals, score up MPART_ALT_DIFF because nobody >> should be sending mail with a text/plain part that is not >> semantically equivalent to the html. > > Unfortunately it's quite c

Re: How do you set nomail for the List?

On 20 Apr 2021, at 18:29, Bob Proulx wrote: > Hmm... No. I disagree. It's not if-one-then-the-other. All that is > needed to disprove it is one example. And as it happens I can list > two immediately. Which does nothing to disprove "most mailing list require subscription" which is absolutel

Re: More fake order spam

On 27 Apr 2021, at 11:57, Steve Dondley wrote: > On 2021-04-27 01:19 PM, Dave Wreski wrote: >> Invalid List-ID. You can then use that with other weirdness in a meta. >> header__LIST_ID_DOMAIN_IN_BRACKETS List-id =~ /<([\w-]+)(\.[\w-]+)+>/ >> meta LIST_ID_IMPROPER_FORMAT __HAS_LIST_ID && !__L

Re: Scan Attachment Content Using Spamassassin

> On 03 Jun 2021, at 01:32, Matus UHLAR - fantomas wrote: > >> On Thu, Jun 03, 2021 at 01:15:03AM -0500, Dave Funk wrote: >>> Even more limiting, spamassassin is designed for small to medium size >>> messages, scanning anything over 500KB or so is going to be a resource hog. > > 500KB is defa

Re: Another evil number

On 25 Jun 2021, at 12:24, RW wrote: > On Fri, 25 Jun 2021 05:51:24 -0700 > Loren Wilton wrote: > >> From a fake "subscription" spam: >> >> You can reach out >> to our Customer Support Team+1 (800) 781 - 2511. > > > Is it common in the US to put 800 in brackets like that? Yes. > In my > exp

Re: Process of domain submission for inclusion in 60_whitelist_auth.cf

On 29 Jun 2021, at 04:50, Martin Gregorie wrote: > On Tue, 2021-06-29 at 00:52 -0400, Bill Cole wrote: >> On 2021-06-28 at 17:04:05 UTC-0400 (Mon, 28 Jun 2021 23:04:05 +0200) >> Robert Harnischmacher >> is rumored to have said: >>> In which form can one submit the subdomain of a mail sender for

Re: Process of domain submission for inclusion in 60_whitelist_auth.cf

On 01 Jul 2021, at 16:43, Reindl Harald wrote: > Am 02.07.21 um 00:32 schrieb @lbutlr: >>> I also manually maintain a private blacklist, which contains the 'From' >>> addresses of advertising e-mails from companies that I've dealt with in >>> the pa

Getting right GPG key for KAM

When running sa-update on an old system (not updated in at least a year) I am getting: # sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com gpg: process '/usr/local/bin/gpg' finished: exit 2 error: GPG validation failed! The update downloaded successfully, but it was not signed wit

Re: Getting right GPG key for KAM

On 2022 Mar 21, at 03:54, Henrik K wrote: > On Mon, Mar 21, 2022 at 03:48:51AM -0600, @lbutlr wrote: >> When running sa-update on an old system (not updated in at least a year) I >> am getting: >> >> # sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com

Re: Getting right GPG key for KAM

On 2022 Mar 21, at 04:37, Henrik K wrote: > Right, it does seem you haven't imported the key.. Thanks! That's what was missing. Odd, considering there were KAM files present, just not recent ones. Anyway, not my system, but all sorted now. -- (on emojis) Remember when they added Groucho and no

Re: Another evil number

On 2022 May 02, at 22:40, Kevin A. McGrail wrote: > Fascinating thread I just stumbled on. Yes, in early parts of the phone > system, the letters were geographic and referenced the street for where the > central office was located switching those calls. For example, in Arlington > VA, my grand

Supposed bounces

On 2022 Jul 12, at 13:08, users-h...@spamassassin.apache.org wrote: > Hi! This is the ezmlm program. I'm managing the > users@spamassassin.apache.org mailing list. > > > Messages to you from the users mailing list seem to > have been bouncing. I've attached a copy of the first bounce > message I

Re: Rules Updates

On Jan 27, 2016, at 9:18 AM, Björn Keil wrote: > I am using SpamAssassin 3.3.1, installed via the Ubuntu 10.04 An ancient version of SA on a 6 year-old OS? -- A sadder and a wiser man he rose the morrow morn.

Removing markup

When a user moves a message from the spam box to the not spam box i have a script that learns that message as ham, however, the user would like it if the tagging of the message was removed in the process. spamassassin -d doesn’t seem the right tool since I think I need to write the unmarked-up

Re: Removing markup

On 02 Feb 2016, at 09:19, Jari Fredriksson wrote: > @lbutlr kirjoitti 2.2.2016 18:10: >> When a user moves a message from the spam box to the not spam box i >> have a script that learns that message as ham, however, the user would >> like it if the tagging of the messa

Re: Removing markup

On Tue Feb 02 2016 09:36:12 Martin Gregorie said: > > On Tue, 2016-02-02 at 09:10 -0700, @lbutlr wrote: >> When a user moves a message from the spam box to the not spam box i >> have a script that learns that message as ham, however, the user >> would like it if th

Re: Removing markup

So it seems that no one uses spamassassin -d to remove markup for spam messages reclassified as ham? OK, I can work with that. The trouble with using formail/procmail is that the "mailbox timestamp" for the message will change, but i’ll cobble together a procmailrc to feed to formail and see h

Re: Missed spam, suggestions?

On Mar 8, 2016, at 7:31 AM, Matus UHLAR - fantomas wrote: > how can these two stats be different? Because one is for SPAM and one is for HAM. -- No man is free who is not master of himself

Re: Missed spam, suggestions?

> On Mar 8, 2016, at 10:41 AM, Matus UHLAR - fantomas wrote: > >> On Mar 8, 2016, at 7:31 AM, Matus UHLAR - fantomas wrote: >>> how can these two stats be different? > > On 08.03.16 10:19, @lbutlr wrote: >> Because one is for SPAM and one is for HAM. > >

HEADER_HOST_IN_BLACKLIST

Where is the blacklist for HEADER_HOST_IN_BLACKLIST? I am hitting that on a non-spam mail from email.amctheatres.com -- A bad day using a Mac is better than a good day using Windows

HEADER_HOST_IN_BLACKLIST

Where is the blacklist for HEADER_HOST_IN_BLACKLIST? I am hitting that on a non-spam mail from email.amctheatres.com -- The universe doesn't much care if you tread on a butterfly. There are plenty more butterflies. Gods might note the fall of a sparrow but they don't make any effort to catch th

Re: HEADER_HOST_IN_BLACKLIST

On Sat Mar 12 2016 11:04:45 RW said: > > On Sat, 12 Mar 2016 18:18:10 +0100 > Reindl Harald wrote: > >> BTW - what is the purpose of a more then queistionable poison pill >> based on URIBL_BLACK for headers but only score URIBL_BLACK in case >> of clickable links with 1.7? > > because HEADER_H

Re: HEADER_HOST_IN_BLACKLIST

On Mar 12, 2016, at 2:27 PM, Reindl Harald wrote: > since it#s about headers there is no evidence that "amctheatres.com" is the > reason in any way Good point. -- E is for ERNEST who choked on a peach F is for FANNY sucked dry by a leech

Re: HEADER_HOST_IN_BLACKLIST

> On Mar 14, 2016, at 6:42 AM, RW wrote: > > On Sat, 12 Mar 2016 14:23:27 -0700 > @lbutlr wrote: > >> On Sat Mar 12 2016 11:04:45 RW >> said: >>> >>> On Sat, 12 Mar 2016 18:18:10 +0100 >>> Reindl Harald wrote: >>> >>

Re: HEADER_HOST_IN_BLACKLIST

> On Mar 14, 2016, at 9:27 AM, Reindl Harald wrote: > > > > Am 14.03.2016 um 16:23 schrieb @lbutlr: >>> On Mar 14, 2016, at 6:42 AM, RW wrote: >>> Unless you actually saw email.amctheatres.com in X-Spam-Report, or in >>> debug, it's probably n

Re: HEADER_HOST_IN_BLACKLIST

> On Mar 14, 2016, at 11:16 AM, Reindl Harald wrote: > > > Am 14.03.2016 um 17:38 schrieb @lbutlr: >>> On Mar 14, 2016, at 9:27 AM, Reindl Harald wrote: >>> Am 14.03.2016 um 16:23 schrieb @lbutlr: >>>>> On Mar 14, 2016, at 6:42

Re: Rule to score word documents

On Wed Mar 30 2016 13:34:23 Alex said: > > /^(Content-(Type|Disposition)\:|[[:space:]]+).*(file)?name="?.*\.doc"?;?$/ > REJECT /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta|inf|ins|isp|js|jse|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|nws

Re: Rule to score word documents

On Mar 31, 2016, at 5:24 AM, Rodney Green wrote: > I'm just looking at quarantining file attachments that could possibly have > ransomware. So… ALL file attachments? -- Experience is something you don't get until just after you need it.

Re: Anyone else just blocking the ".top" TLD?

On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote: > Recently seeing increase in spam from these gTLD: > > pro > bid > trade I haven’t seen .pro myself, and all the .trade and .bid attempts have hit zen and been rejected in post screen before the DATA connection is even established. -- Everythin

Re: Anyone else just blocking the ".top" TLD?

On Apr 27, 2016, at 2:06 PM, Olivier Coutu wrote: > I have affected a hefty penalty in SA to any mail that comes from one of > these TLDs: > > (party|science|click|link|faith|racing|win|zip|review|country|kim|cricket|work|gq|date|lol|top|download|space|site|online) Are you doing this with the c

DCC doesn't seem to be doing anything

I have DCC setup and enabled in SpamAssasin, but the only thing I see logged in maillog each day is: 00:00:00 mail dccifd[7397]: 1.3.158 detected 0 spam, ignored for 0, rejected for 0, and discarded for 0 targets among 0 total messages for targets which appears every day at midnight. It it ma

Re: DCC doesn't seem to be doing anything

> On Apr 28, 2016, at 2:34 AM, Matus UHLAR - fantomas wrote: > > On 27.04.16 18:38, @lbutlr wrote: >> I have DCC setup and enabled in SpamAssasin, but the only thing I see logged >> in maillog each day is: >> >> 00:00:00 mail dccifd[7397]: 1.3.158 detecte

Re: DCC doesn't seem to be doing anything

On Apr 28, 2016, at 2:30 PM, RW wrote: > On Thu, 28 Apr 2016 11:58:47 -0600 > @lbutlr wrote: > > >>> do you see any DCC_CHECK in spam headers? >> >> A few, but they always seem to be “1.1” > > What were you expecting? Like almost all SA rules it h

Re: DCC doesn't seem to be doing anything

On Apr 29, 2016, at 1:12 PM, RW wrote: > I got the same, it only records the number scanned. I'm not sure what > the reason for the zeros is, possibly it's because dccifd isn't > working as a proxy. Thanks. I’ll just ignore the log line. -- "Alas, earwax."

Re: Way to set user-prefs without a database?

On May 18, 2016, at 9:06 PM, Dan Mahoney, System Admin wrote: > We have a couple of user accounts (really, role aliases) that need a > different required_score from our global defaults. Since they're role > accounts, they don't have a homedir. We're using a milter that passes the > whole use

Re: SA cannot block messages with attached zip

On May 20, 2016, at 2:46 AM, Reindl Harald wrote: > postscreen_dnsbl_action = enforce > postscreen_greet_action = enforce [long list] What do you set postscreen_dnsbl_threshold to? -- "Give a man a fire and he's warm for a day, but set fire to him an he's warm for the rest of his life."

Re: SA cannot block messages with attached zip

On May 20, 2016, at 6:11 AM, Reindl Harald wrote: > no it is not, look at the sanesecurity foxhole signatures > http://sanesecurity.com/usage/signatures/ I have looked at those, but there are so many it’s kind of overwhelming on where to start. -- NO. I CANNOT BE BIDDEN. I CANNOT BE FORCED. I

Re: SA cannot block messages with attached zip

On May 21, 2016, at 1:18 PM, Reindl Harald wrote: > Am 21.05.2016 um 21:16 schrieb @lbutlr: >> On May 20, 2016, at 6:11 AM, Reindl Harald wrote: >>> no it is not, look at the sanesecurity foxhole signatures >>> http://sanesecurity.com/usage/signatures/ >> >

Re: Spamassassin not capturing obvious Spam

On May 30, 2016, at 11:06 PM, Shivram Krishnan wrote: > 2) I have set a threshold of -10 to see how spamassassin assigns a score for > every mail. No. Do not do this. -- When the routine bites hard / and ambitions are low And the resentment rides high / but emotions won't grow And we're chang

Re: Using Postfix and Postgrey - not scanning after hold

On 29 Jul 2016, at 09:20, sha...@shanew.net wrote: > I would generalize that even more to say that greylisting should come > before any other content-based filtering (virus scanners, defanging, > etc.). Greylisting is a great idea, in theory. In practice there are so many large emailers who can’t

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

On 31 Jul 2016, at 01:06, Robert Schetterer wrote: > But thats historic, bots are recoded, better antibot tecs were invented. > The only problem now is people still believe in historic stuff. Yeah, that about sums it up. Greylisting never worked well, always caused problems with lost email, and

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

On 31 Jul 2016, at 22:12, Benny Pedersen wrote: > On 2016-08-01 05:55, @lbutlr wrote: >> On 31 Jul 2016, at 01:06, Robert Schetterer wrote: >>> But thats historic, bots are recoded, better antibot tecs were invented. >>> The only problem now is people still believe

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

On 01 Aug 2016, at 11:02, Matus UHLAR - fantomas wrote: >> On 31 Jul 2016, at 22:12, Benny Pedersen wrote: >>> i bet greylist is cough invalid mailservers at the doorstep, it could be >>> that postscreen is bad aswell ? > > On 01.08.16 07:46, @lbutlr wrote: >

Re: I have some bad news

On 15 Aug 2016, at 23:22, Marc Perkel wrote: > Well, this is kind of hard to say so just going to say it. I have stage 4 > lung cancer and the probably spectrum is not good. I've been fighting spam > for the last 15 years and I'd like to keep fighting spam from the grave. So > I'm willing to sh

Re: What are the T_ rules ?

On 05 Sep 2016, at 13:36, li...@rhsoft.net wrote: > but -1.653 is just a bad joke because it means every homeuser which manages > to get some DNS records fine (as well as every spammer which registers a ton > of domains and cheap hosts) get a large benefit compared to any professional > mainatai

Re: I have some bad news

On Sep 1, 2016, at 7:41 PM, David Niklas wrote:Would you like to go out to lunch?Other than your message, that phrase does not appear in 7 years of my mail.

Re: Anyone else just blocking the ".top" TLD?

On 09 Jul 2016, at 08:32, jaso...@mail-central.com wrote: > > Fwiw, atm I block all of the following TLDs > [big list] > That list is auto-generated. Any & all TLDs that have sent > 100 messages > within the last year *AND* have a spam/reject rate >= 99% get blocked by TLD, > never get past b

Re: Anyone else just blocking the ".top" TLD?

On 03 Nov 2016, at 10:27, Vincent Fox wrote: > XYZ insights anyone? They have been on my reject list > for a long time, but claim to be cleaning it up. Thinking to > drop my shields on this one. I am still blocking most any TLDs via postfix: /.*\.(com|net|org|edu|gov|ca|mx|de|dk|fi|uk|us|tv|in

Re: Anyone else just blocking the ".top" TLD?

On 05 Nov 2016, at 11:54, @lbutlr wrote: > > tad’s will be quite efferent tld’s will be quite different dunno what happened there.

Re: Best place to filter spam (x-original-to, no_address_mappings)

On Nov 18, 2016, at 10:18 PM, MRob wrote: > I am looking at a system where SpamAssassin is called out from the delivery > agent. I know there will be a difference here in terms of the envelope > information but I'm not familiar enough to know the pitfalls of this versus > calling SA from the po

Re: sa-update failing

On Nov 22, 2016, at 10:22 AM, Larry Starr wrote: > For the past few days my daily "sa-update" job has been failing: Please do not post tiny styled HTML messages. While 9pt text may look great on your system, forcing that horrendous choice on others should be avoided. On *my* screen with my eyes

Re: Why is RP_MATCHES_RCVD so "heavy"?

On Nov 22, 2016, at 3:54 PM, Eric Abrahamsen wrote: > I get a lot of spam that passes the RP_MATCHES_RCVD test; it wouldn't > make it into my inbox otherwise. I see the scoring recently got bumped > to -3.0, which makes false negatives even more likely. I do see this in spam, but I see it so much

Re: Does spamc unwrap spam reports?

On Dec 28, 2016, at 3:01 AM, Lukas Erlacher wrote: > I'm calling "spamc --learntype=spam/ham" from a script, passing in emails > fetched from imap (I'm using ISBG with --learnspambox / --learnhambox and > --spamc actually). Why are you calling spamc instead of sa-learn? -- Apple broke AppleSc

Re: New type of monstrosity

On Feb 7, 2017, at 12:57 AM, Ruga wrote: > The spample would never make it to our SA. It would be rejected upstream for > at least two reasons: > > > To: undisclosed recipients: ; > The To header is not RFC compliant. Where do you get that idea? “Undisclosed recipient: ;” is a group address.

Re: Filtering outbound mail

On 2017-02-16 (07:21 MST), David Jones wrote: > >> From: Christian Grunfeld >> Sent: Thursday, February 16, 2017 7:50 AM >> To: Spamassassin List >> Subject: Re: Filtering outbound mail > >> Are you using postfix as MTA? I use cluebringer suite which >> has a lot of functionality (spf checks, h

Re: Filtering outbound mail

On 2017-02-17 (14:51 MST), David Jones wrote: > >> From: @lbutlr > .Sent: Friday, February 17, 2017 3:41 PM >> To: users@spamassassin.apache.org >> Subject: Re: Filtering outbound mail > >> On 2017-02-16 (07:21 MST), David Jones wrote: >>>

Re: New whitelisting trick using from and spf

On 2017-03-05 (18:59 MST), David Jones wrote: > > whitelist_auth does this against SPF_PASS and DKIM_VALID_AU I tired to do something along these lines at some point in the past by adding some lines to my local.cf like these: blacklist_from *@amazon.com whitelist_auth *@amazon.com blacklist_fr

Re: Yahoo - Can't figure out a server is down?

On 2017-03-04 (23:32 MST), Rob Gunther wrote: > > In the last few weeks we are finding that SOME (but not all) of Yahoo's > outbound servers are not dealing with this correctly. This may not work for you, but I solved all my yahoo problems by simply blocking their servers with a nice message a

Re: New whitelisting trick using from and spf

On 2017-03-06 (04:45 MST), David Jones wrote: > >> From: @lbutlr >> Sent: Monday, March 6, 2017 5:24 AM >> To: users@spamassassin.apache.org >> Subject: Re: New whitelisting trick using from and spf > >> On 2017-03-05 (18:59 MST), David Jones wrot

Re: Yahoo - Can't figure out a server is down?

On 2017-03-06 (04:38 MST), Reindl Harald wrote: > > Am 06.03.2017 um 12:35 schrieb @lbutlr: >> On 2017-03-04 (23:32 MST), Rob Gunther wrote: >>> >>> In the last few weeks we are finding that SOME (but not all) of Yahoo's >>> outbound servers are

Re: List of legit mass mailers

On 2017-03-08 (07:23 MST), Ruga wrote: > > This is spamassassin... > We are against mass mailers. That’s absurd. No one with any sense at all is against mass mailers. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: Update Release & ApacheCon: May 16 to 18 in Miami

On 21 Apr 2017, at 14:58, Kevin A. McGrail wrote: > My hopes is to have them ready to announce at ApacheCon Excellent! -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: "bout u" campaign

On Jul 12, 2017, at 8:18 PM, David Jones wrote: > -2.2 RCVD_IN_SENDERSCORE_90_100 Senderscore.org score of 90 to 100 I haven’t seen that before (or not that I’ve noticed). Is it part fo the base SA package or something that was added? -- Apple broke AppleScripting signatures in Mail.app, so n

blacklist_from with whitelist

Would this work to blacklist mail with a "From: " claiming to be PayPal, but sent from fakedomain.tld? blacklist_from *@paypal.com whitelist_from_rcvd *@paypal.com paypal.com -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: 7.ly?

On 20 Oct 2017, at 15:32, Shane Williams wrote: > Has anyone seen the 7.ly URL shortening service or had any interaction > with them? I don't see any clear way to report abuse, but before a > create a URI blacklist, I thought I'd see if maybe they're legitimate. If they don’t have a way to repor

Re: Your header "To: undisclosed-recipients:;" is RFC 822 compliant

On 25 Oct 2017, at 08:29, Rupert Gallagher wrote: > Reading RFC 822 again, I spotted the endorsement for the case at hand. > The named header is compliant to the standard, as quoted below. RFC 822 is obsolete, replaced by RFC 2822. -- Apple broke AppleScripting signatures in Mail.app, so no r

Re: SA-Update not updating DB

On 17 Nov 2017, at 05:32, David Jones wrote: > If I don't hear any objections or negative feedback in the next 36 hours, I > will enable DNS updates tomorrow so sa-update will start automatically > updating rulesets on Sunday morning. Excellent! -- Apple broke AppleScripting signature

Re: Training new spamass-milter setup

On 17 Feb 2015, at 15:46 , Reindl Harald wrote: > because in a default milter-setup the one and only user is the user which SA > and the miler service are running as, hence my script which needs maybe small > adjustments for your environment (--no-sync and so on depend on the config, > director

Re: Training new spamass-milter setup

> On 18 Feb 2015, at 02:06 , Reindl Harald wrote: > > > Am 18.02.2015 um 05:50 schrieb @lbutlr: >> On 17 Feb 2015, at 15:46 , Reindl Harald wrote: >>> because in a default milter-setup the one and only user is the user which >>> SA and the miler service a

Re: Training new spamass-milter setup

On 18 Feb 2015, at 03:50 , Reindl Harald wrote: > i would find it pervert using /var/spool for the userhome and bayes-database I did not set the home for the spamd user, it was done in the install process. And yes, I found the user or /var/spool/spamd odd as well. --

Re: Uptick in spam (bayes stats script)

On 21 Feb 2015, at 08:34 , LuKreme wrote: > On Feb 18, 2015, at 6:20 AM, Reindl Harald wrote: >> >> > > That is a lot cleaner and more obvious, thank you for sharing I ran this just after log rotation and got div by zero errors, so here is a (nearly) completely pointless ‘fix’: BAYES_TOTAL=

babes eval error

plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create lockfile /home/kreme/.spamassassin/bayes.mutex: Permission denied (And yes, that is correct, the spamassassin files in user’s home are not world read/writ). -- Train Station: where the train stops. Work Station: ...

Re: bayes eval error

On 22 Feb 2015, at 07:56 , Reindl Harald wrote: > Am 22.02.2015 um 15:49 schrieb @lbutlr: >> plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create >> lockfile /home/kreme/.spamassassin/bayes.mutex: Permission denied >> >> (And yes, that is correct

Re: babes eval error

> On Feb 24, 2015, at 6:44 AM, RW wrote: > > On Sun, 22 Feb 2015 07:49:49 -0700 > @lbutlr wrote: > >> plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot >> create lockfile /home/kreme/.spamassassin/bayes.mutex: Permission >> denied >

Re: Lots of Polish spam

On Feb 24, 2015, at 3:49 PM, Axb wrote: > On 02/24/2015 11:39 PM, LuKreme wrote: >> On Feb 24, 2015, at 15:24, Axb wrote: >>> *.pdf.zip is a dangerous one to block on sight - FP risk is huge >> >> Really? I've never seen a .pdf.zip that was legitimate. >> > > KDE: right click on a blah.pdf "co

whitelist_from_spf

I was preparing to ask about an error message I was getting when I started up spamd: spamd[18145]: config: failed to parse line, skipping, in "/usr/local/etc/mail/spamassassin/whitelist.cf": whitelist_from_spf *@covisp.net *@kreme.com But I fixed the problem. It turns out that the SPF plugin

  1   2   3   4   >