Good DNSBLs not in standard spamassassin (Was Re: non-free Services)

2024-09-18 Thread Andy Smith
Hi, On Wed, Sep 18, 2024 at 10:18:18AM +, Laurent S. wrote: > Some good RBL are not in standard spamassassin. Out of interest, which DNSBLs do you use/recommend that are not in standard spamassassin? Thanks, Andy

Re: All RCVD_IN_VALIDITY rules being applied to every email.

2024-11-20 Thread Andy Smith
Hi, On Wed, Nov 20, 2024 at 05:07:09PM +, Nix wrote: > > From > > https://knowledge.validity.com/s/articles/Accessing-Validity-reputation-data-through-DNS > > : > > Tried registering here. I can register a v4 address, but every format of > v6 CIDR I've tried reports "Invalid V6_CIDR" with (

Re: mark emails as being spam originating from an ip range owner

2020-09-29 Thread Andy Smith
Hello, On Tue, Sep 29, 2020 at 10:49:36AM +0200, Marc Roos wrote: > How can I mark emails as being spam originating from an ip range owned > by xserver.ua? > > % Abuse contact for '176.103.48.0 - 176.103.63.255' is I' not sure if blacklist_from accepts IP addresses or CIDR ranges, but if it do

Re: The most efficient SPAM implementation ever

2020-10-11 Thread Andy Smith
Hello, On Sun, Oct 11, 2020 at 10:20:32AM -0500, Ramon F Herrera wrote: > On 10/11/2020 10:07 AM, Marc Roos wrote: > >Now you can decide to reject email coming from (the whole of) sendgrid. > > I am the one who is a client of sendgrid. Are you aware that you've posted this to a list where it is

Re: ip2location.com

2021-01-28 Thread Andy Smith
Hi Benny, On Thu, Jan 28, 2021 at 03:06:12PM +0100, Benny Pedersen wrote: > https://lite.ip2location.com/database/ip-asn > > is it possible to use it in spamassassin ? SpamAssassin already has an IP to ASN plugin: https://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_ASN.

Re: new rule for kam :)

2023-08-23 Thread Andy Smith
Hello, On Wed, Aug 23, 2023 at 03:24:22PM +0200, Benny Pedersen wrote: > # test for empty src="" or empty href="" > rawbody __HREF_EMPTY /href=\"\"/ > rawbody __SRC_EMPTY /src=\"\"/ I checked this against about 80k of my recent personal emails and it matched quite a lot of previously not found sp

Re: new rule for kam :)

2023-08-24 Thread Andy Smith
Hi, On Wed, Aug 23, 2023 at 06:14:45PM -0700, John Hardin wrote: > On Wed, 23 Aug 2023, Andy Smith wrote: > > On Wed, Aug 23, 2023 at 03:24:22PM +0200, Benny Pedersen wrote: > > > # test for empty src="" or empty href="" > > > rawbody __HREF_E

Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

2023-09-27 Thread Andy Smith
Hi, The IP address of a supplier is currently listed by Spamhaus SBL-CSS. This is not directly causing me to reject their emails, because they are actually sending out through Mimecast. However, SpamAssassin is finding that IP in the headers as the Received line *before* Mimecast's, i.e. their li

Re: Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

2023-09-28 Thread Andy Smith
Hello, On Thu, Sep 28, 2023 at 06:48:54AM -0400, Jared Hall wrote: > Do you mind if I redirect the below back onto the spamassassin list > and respond to it there? Well I was going to do that, but fair enough! > On Thu, Sep 28, 2023 at 12:02:47AM -0400, Jared Hall wrote: > > SpamAssassin doesn't

Re: Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

2023-09-29 Thread Andy Smith
Hello, On Thu, Sep 28, 2023 at 09:08:30PM -0400, Jared Hall wrote: > 1) Are you using native SA or the spamhaus-dqs plugin? Just native SA in spamd mode. > 2) What version of SpamAssassin? 3.4.2. I know, it's ancient. An upgrade is planned but I'd still like to know what the behaviour is. I und

Re: Correct way to allowlist an IP from DNSBL checks when it's not the final Received?

2023-09-30 Thread Andy Smith
Hello, On Sat, Sep 30, 2023 at 11:52:13AM -0400, Jared Hall wrote: > On 9/29/2023 10:59 AM, Andy Smith wrote: > > 3.4.2. I know, it's ancient. An upgrade is planned but I'd still > > like to know what the behaviour is. I understand if no one wants to > > help a

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

2024-01-02 Thread Andy Smith
Hi Thomas, On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote: > I built email servers for a non-profit I volunteer for. If email comes into > the server for presid...@myassociation.org, I would normally just create an > alias in /etc/aliases so that emails to president@ get

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

2024-01-04 Thread Andy Smith
Hello, On Wed, Jan 03, 2024 at 01:24:02PM -0600, Thomas Cameron via users wrote: > On 1/2/24 17:51, Andy Smith wrote: > > - Have your users collect their your-org email by some means other > >than SMTP, such as running an IMAP server and having them view > >both th

Re: Dinged for .Date

2024-01-16 Thread Andy Smith
Hi, On Mon, Jan 15, 2024 at 05:06:11PM -0800, Cabel Sasser wrote: > If you believe every new gTLD is garbage (and I get that!), why isn’t > SpamAssassin automatically dinging, say, 1,200+ of them? I have to second the advice to send email from a different domain. It's just going to be the case t

ASN plugin and IPv6 addresses

2017-02-25 Thread Andy Smith
Hi, I'm using version 3.4.0 on Debian stable. I noticed that when presented with some IPv6 addresses, the ASN plugin is actually querying them as an IPv4 address e.g. turning 2600:… into 2.0.0.0 and coming back with the wrong ASN. This appears to already be documented in the bugzilla: http

what is triggering NO_DNS_FOR_FROM

2017-03-13 Thread Andy Smith
Hi all, I have a some genuine emails getting marked with NO_DNS_FOR_FROM from one particular domain and I'd like to know exactly why. I've had a dig in the Spamassasin Dns.pm but I can't work out exactly what process_dnsbl_result is doing. What exactly does it check WRT MX and A records? I ca

Re: what is triggering NO_DNS_FOR_FROM

2017-03-16 Thread Andy Smith
Thanks all who replied to my question, sorry for the late reply. It seems this was a temporary error on the senders DNS servers (I assume as I've only seen this issue on their email). Rerunning spamassassin on the same message now doesn't trigger NO_DNS_FOR_FROM. Thanks Matus, yes I know the MX

Scans and Invoice spam containg HREF to something bad

2018-06-19 Thread Andy Smith
Hi all, the last week or so we are having a lot of problems with emails either with subjects like "New Approach Contractors Ltd wants to share Scan" or "Invoice INV-03056 from Encompass Environmental Ltd" which contian an HREF to see your "scan" or "invoice" at a URL ending /share or /director

Re: Scans and Invoice spam containg HREF to something bad

2018-06-19 Thread Andy Smith
Hi Kevin, No I wasn't. I just added it, I get a lot of errors like "meta test KAM_WARRANTY3 has dependency 'CBJ_GiveMeABreak' with a zero score", is this normal? Testing despite these errors the only rule I'm getting a hit on from KAM is JMQ_SPF_NEUTRAL_ALL thanks, Andy. On 19-06-2018 16:

Re: Scans and Invoice spam containg HREF to something bad

2018-06-19 Thread Andy Smith
Hi Kevin, I'm not really getting any joy with the RBLs. I have, for example, a sample from the 14th and, taking away my custom rule, Bayes and KAM scores, the default score would be "0" :( Content here: https://pastebin.com/dthDn8yb thanks, Andy. On 19-06-2018 17:12, Kevin A. McGrail wro

Re: Scans and Invoice spam containg HREF to something bad

2018-06-19 Thread Andy Smith
This has literally just come through to me, zero BAYES and got passed my custom rule as the HREF URL has changed: https://pastebin.com/pBfhXd6B thanks, Andy. On 19-06-2018 17:33, Kevin A. McGrail wrote: > Well you are welcome to send me new Spamples to look at. As I noted, I've > never seen

ASN plugin matches IPv6 addresses against IPv4 DNS lists

2018-11-26 Thread Andy Smith
Hi, I'm subscribed to this long-standing bug and saw it had an update today basically saying that it's still broken in 3.4.2: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7211 And I agree, it is still broken in 3.4.2. An IPv6 address will be looked up in a DNS list that contains IPv4 a

SendGrid (Was: Re: Freshdesk (again))

2020-06-26 Thread Andy Smith
Hello, On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote: > I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of > complaints about Sendgrid. Also mailop. Have personally received phishing mails through SendGrid in the last 2 weeks in the name of citrix.com, microsoft

Individual timings of spamassassin rules?

2005-10-13 Thread Andy Smith
Hi, On one of my machines I'm running v3.0.3 under spamd with a fairly default config for debian sarge. This is a reasonable spec machine, a 3GHz P4 that is not swapping, but I'm seeing that each message seems to take quite a while to check, between 3.5 and 15 seconds each (I'd say averaging at a

Re: Individual timings of spamassassin rules?

2005-10-13 Thread Andy Smith
On Thu, Oct 13, 2005 at 05:17:49AM -0700, Loren Wilton wrote: > > On one of my machines I'm running v3.0.3 under spamd with a > > fairly default config for debian sarge. This is a reasonable > > spec machine, a 3GHz P4 that is not swapping, but I'm seeing > > that each message seems to take quite

Re: Stopping Rules

2005-10-22 Thread Andy Smith
On Sat, Oct 22, 2005 at 11:05:07AM -0400, Chris L. Franklin wrote: > For starters AWL, white lists and black lists in my option ar ethe worst > things ever. I disable them from the start. If your going to whitelist > some one, why would you want them to even go though SA. (I don't) Because a sou

Re: rejectlog

2005-11-11 Thread Andy Smith
On Thu, Nov 10, 2005 at 04:08:56PM +0100, nick wrote: > Rejecting the mail after DATA? > > Spamassassin runs behind my MTA, if the sender passes blacklist checks > and any other obvious no-nos, it's then passed to spamassassin which > NEVER discards email, but places them in a spam folder. > >

collecting mail for sa-learn, how to?

2008-07-17 Thread Andy Smith
Hi, for a mail server running email for multiple domains what is the typical/recommended way to collect emails which arent detected as spam to be processed by sa-learn? Users are downloading mail via POP3, so once a users sees a mail and decides that it is in fact spam its already been removed

Re: collecting mail for sa-learn, how to?

2008-07-17 Thread Andy Smith
From: "Karsten Bräckelmann" <[EMAIL PROTECTED]> To: "Andy Smith" <[EMAIL PROTECTED]> Cc: Sent: Thursday, July 17, 2008 2:23 PM Subject: Re: collecting mail for sa-learn, how to? Are you actually READING this list? Sent Jul 11, Jul 14, and now again Jul 17. Identic

Re: collecting mail for sa-learn, how to?

2008-07-17 Thread Andy Smith
Hi All, thanks very much for all the replies and discussion around my original post, and appologies for not replying more promptly, Ive only just managed to successfully subscribe to the list and managed to confuse myself looking at the forum archives (I think there had been some delays to whe

problems using haproxy for spamd

2007-04-29 Thread Andy Smith
Hi, I'm trying to use haproxy (http://haproxy.1wt.eu/) to load balance 3 spamd servers on the same network. Here's my haproxy config: global log 127.0.0.1 local0 debug maxconn 100 ulimit-n 512 uid 999 gid 999 daemon pidfile /var/run/haproxy

Re: problems using haproxy for spamd

2007-05-05 Thread Andy Smith
On Mon, Apr 30, 2007 at 01:23:23AM +, Andy Smith wrote: > Hi, > > I'm trying to use haproxy (http://haproxy.1wt.eu/) to load balance 3 > spamd servers on the same network. [...] > Unfortunately I seem to be intermittently getting connection > failures. The hapr