etwork? I cannot
be the only one with this problem!
==John ffitch
please?
TIA
John
from using the KAM rules.
Clearly I can reduce the score but I am struggling to see what was
wrong with the message, attached.
==John ffitch>From paul.linf...@historicengland.org.uk Fri Oct 26 17:53:17 2018
Return-path:
Envelope-to: j...@codemist.co.uk
Delivery-date: Fri, 26 Oct 2018 17:53:17 +0
(Wstat: 256 Tests: 9 Failed: 1)
Failed test: 9
Non-zero exit status: 1
Files=174, Tests=2390, 800 wallclock secs ( 0.83 usr 0.26 sys + 88.42 cusr
12.14 csys = 101.65 CPU)
Result: FAIL
Failed 2/174 test programs. 2/2390 subtests failed.
make: *** [test_dynamic] Error 255
What have I got wrong/ misunderstood/ whatever.
==John ffitch
Sorry; third machine is openSuSE but old 11.4; second machine was
opensSuSE 13.1
Peraps the perl is too old...
On Thu, 30 Jan 2020, Henrik K wrote:
On Thu, Jan 30, 2020 at 04:49:37PM +, John wrote:
i have built 3.4.4 from sources on three different computers. The
first two worked OK
IN TXT "v=spf1 ip4:152.163.225.0/24
ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23
ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com
?all"
What is that I am not understanding?
TIA,
John
From [EMAIL PROTECTED] Wed Sep 1 17:05:30 2004
R
at I used to
test. I ran the tests with no remote tests and no bayes to as these new
scores were generated for set 0.
So if someone could comment on what I am misunderstanding of the results
or what I did wrong in generating the scores and/or testing I would be
grateful.
Thanks,
John
On Thu, 23 Dec 2004, Matt Kettler wrote:
> At 10:56 AM 12/23/2004, John wrote:
> >This is surely better performance but I would
> >have thought that the new false negative total would be close to zero
> >since these rules were generated on the same spam corpus that I used
On Thu, 23 Dec 2004, Matt Kettler wrote:
> At 12:06 PM 12/23/2004, John wrote:
> >Matt,
> >I appreciate this info! Is there a place where I can go to find more about
> >how this all works?
>
> Not that I'm aware of. There's some bits of information in th
On Thu, 23 Dec 2004, John wrote:
>
>
> On Thu, 23 Dec 2004, Matt Kettler wrote:
>
> > At 12:06 PM 12/23/2004, John wrote:
> > >Matt,
> > >I appreciate this info! Is there a place where I can go to find more about
> > >how this all works?
> &
just pot
luck if someone happened to do a mass-check on particular set?
Any help is appreciated,
John
Bob,
On Tue, 17 May 2005, Robert Menschel wrote:
> Hello John,
>
> Tuesday, May 17, 2005, 2:02:16 PM, you wrote:
>
> J> Hi,
> J> I have been searching around with no luck. I have been playing with
> J> mass-checks on my corpus using some the SARE rules sets and wa
We're seeing the same here, however they'll probably be back shortly
with double the volume ;-)
On Sat, Feb 03, 2007 at 09:50:11PM +0100, Michael Beckmann wrote:
> Date: Sat, 03 Feb 2007 21:50:11 +0100
> From: Michael Beckmann <[EMAIL PROTECTED]>
> To: Andy Figueroa <[EMAIL PROTECTED]>,
> us
Quoting Theo Van Dinter <[EMAIL PROTECTED]>:
On Wed, May 23, 2007 at 05:50:41PM +0200, John Wilcock wrote:
I don't see what harm could be done by adding a note in the
documentation to point out that this default can be (and has been)
updated using sa-update.
So, hypothetically, nex
reverse
lookup of the sender's IP and whitelist/blacklist for domain names from
that so you block the sender at SMTP time.
Don't get tunnel vision about SpamAssassin being the only tool available
for this sort of thing... :)
--
John Hardin KA7OHZhttp://www.
stead informational score 0.0001, ALL_TRUSTED is used in
metas.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873
On Thu, 26 Sep 2024, joe a wrote:
So, on the one hand I can add them to whitelist and be done with it, or
I can add them to missed HAM for re-learning.
Which is the best approach?
Do both.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
o image
itself?
If not, what is to prevent a spammer from obtaining all the needed
certificates, and then changing the logo image they are hosting to match
the entity they are spoofing?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholi
n further.
If this project was being written from scratch, "red", "amber" and "green"
*would* be appropriate terminology to use for the concepts.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
On 2020-08-01 21:23, bugzilla-dae...@spamassassin.apache.org wrote:
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7826
>
> --- Comment #58 from Kevin A. McGrail ---
> (In reply to John Hardin from comment #57) (In reply to Kevin A. McGrail from
> comment #55)
>
> T
On Mon, 3 Aug 2020, John Wilcock wrote:
On 2020-08-01 21:23, bugzilla-dae...@spamassassin.apache.org wrote:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7826
--- Comment #58 from Kevin A. McGrail ---
(In reply to John Hardin from comment #57) (In reply to Kevin A. McGrail from
On Wed, 5 Aug 2020, Guido Goluke, MajorLabel wrote:
Sorry, I have no idea what you mean by 'backscatter' or 'making the problem
bigger for the world'.
https://duckduckgo.com/?q=email+backscatter
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
to check for errors like that.
Are you sure the plugin is really disabled?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507
On Mon, 10 Aug 2020, Matthias Rieber wrote:
Hello John,
On Fri, 7 Aug 2020, John Hardin wrote:
On Fri, 7 Aug 2020, Matthias Rieber wrote:
I'm wondering if the linter is supposed to respect the ifplugin statement.
I've disabled the Mail::SpamAssassin::Plugin::WLBLEval module and
oes NOT stop sa-update or a lint check.
What the heck, then? I wonder why I'm not getting that error...
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C
amassassin
--lint" in a loop, oncxe for each plugin.
On Tue, Aug 11, 2020, 00:09 John Hardin wrote:
On Mon, 10 Aug 2020, Kevin A. McGrail wrote:
Yeah, I saw that. It's *possible* that I don't see the problem because
I'm running my sandbox lint tests against trunk, where
king on it... Thanks.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6
On Thu, 20 Aug 2020, John Hardin wrote:
On Thu, 20 Aug 2020, Loren Wilton wrote:
I've started receiving a bunch of spam or more likely phish mails that
contain the following sort of trash in large quantities between almost
every word of the visible text. The invisible font rules don&#
t is rendered before being scanned.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76
e user to avoid arousing
suspicion.
The other approach (as reported here) is to break up the body text like
so:
spammy words
Scanning for "spammy words" in the raw HTML is defeated, but rendering the
text as the user would see it before doing the scanning yields:
spammy text
...whi
rules don't seem to
catch this.
lzdtec
On Fri, 21 Aug 2020, Matus UHLAR - fantomas wrote:
I have noticed those some time ago.
I wonder what's the point of sending such mail.
On 21.08.20 09:21, John Hardin wrote:
It's an attempt to obstruct spam detection via naïve text matching
On Fri, 21 Aug 2020, Kenneth Porter wrote:
--On Thursday, August 20, 2020 5:30 PM -0700 John Hardin
wrote:
Fix committed.
Where will this show up?
It will probably be published tonight.
I just got one with this tag:
Another:
OK, it doesn't catch those. One more fix c
On Fri, 21 Aug 2020, John Hardin wrote:
On Fri, 21 Aug 2020, Kenneth Porter wrote:
--On Thursday, August 20, 2020 5:30 PM -0700 John Hardin
wrote:
Fix committed.
Where will this show up?
It will probably be published tonight.
I just got one with this tag:
Another:
OK, it
On Fri, 21 Aug 2020, John Hardin wrote:
On Fri, 21 Aug 2020, John Hardin wrote:
On Fri, 21 Aug 2020, Kenneth Porter wrote:
--On Thursday, August 20, 2020 5:30 PM -0700 John Hardin
wrote:
Fix committed.
Where will this show up?
It will probably be published tonight.
I just got one
lways has
"amazon" in the sender name. Perhaps:
meta SUBRULE13 SUBRULE13a && !SUBRULE13b
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 3
On Mon, 24 Aug 2020, Marc Roos wrote:
You should use spf for this.
Duh.
+1
whitelist_auth *@amazon.com
blacklist_from *@amazon.com
whitelist_auth *@*.amazon.com
blacklist_from *@*.amazon.com
--
John Hardin KA7OHZhttp
On Mon, 24 Aug 2020, Martin Gregorie wrote:
On Mon, 2020-08-24 at 11:51 -0700, John Hardin wrote:
Might want some \b in there, just to be safe. The from check would
also
hit domains like "amazon-river.org". Perhaps:
header SUBRULE13a From:name =~ /\bAmazon\b/
header SUBRULE13b
On Mon, 24 Aug 2020, micah anderson wrote:
John Hardin writes:
On Mon, 24 Aug 2020, Marc Roos wrote:
You should use spf for this.
Duh.
+1
whitelist_auth *@amazon.com
blacklist_from *@amazon.com
whitelist_auth *@*.amazon.com
blacklist_from
your Postfix directory
postfix reload
John Capo
Tuffmail.com
On Tue, 25 Aug 2020, John Capo wrote:
Create a file like this from the ids in
https://www.invaluement.com/spdata/sendgrid-id-dnsbl.txt
/^bounces\+2191708-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid
account
/^bounces\+4227563-[0-9a-f]{4}-/ REJECT Phish from compromised Sendgrid
On Tue, August 25, 2020 23:07, Rob McEwen wrote:
> Thanks, John Capo, for the suggestions! Honestly, I'm at the end of my rope -
> completely burned
> out from creating this - desperately needing to catch up in other areas of my
> business so that I
> can pay my bills. And I
On Tue, 25 Aug 2020, Rob McEwen wrote:
On 8/25/2020 11:04 PM, John Hardin wrote:
I just wrote something similar to generate a rule, in case for some reason
you don't want to use a plugin. Let me know if there's any interest in it.
yes - please share!
http://www.impsec.or
27;ll tell us what MTA you're using, perhaps the list can provide
suggestions for that approach.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4
On Mon, 14 Sep 2020, Philipp Ewald wrote:
Does anyone else checks the HELO/ELHO?
I don't check for FCrDNS explicitly, but I do reject non-FQDN HELO strings
(e.g. no dots present) from the Internet. That catches a surprising
percentage of garbage up front.
--
John Hardin K
On Mon, 14 Sep 2020, Bill Cole wrote:
On 14 Sep 2020, at 11:22, John Hardin wrote:
On Mon, 14 Sep 2020, Philipp Ewald wrote:
Does anyone else checks the HELO/ELHO?
I don't check for FCrDNS explicitly, but I do reject non-FQDN HELO strings
(e.g. no dots present) from the Internet.
sages privately (zipped,
with all message headers intact) then I might be able to do a better job
of that.
As a workaround, you could whitelist the spiceworks.com help desk email
address.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jha
L for compromised sendgrid user IDs. See the thread
starting at:
https://marc.info/?l=spamassassin-users&m=159803815425176&w=2
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79
d text verbatim? Explicit
hex values shouldn't be needed. See the report lines of this for example:
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TranslateFrench
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
oming from Mozilla. But it is not
forged mail pretending to be from Mozilla.
What is triggering this?
meta FORGED_MUA_MOZILLA (__MOZILLA_MUA && !__UNUSABLE_MSGID &&
!__MOZILLA_MSGID)
It doesn't believe the Message-ID was generated by Thunderbird. What's the
On Wed, 23 Sep 2020, Grant Taylor wrote:
On 9/23/20 11:46 AM, John Hardin wrote:
It doesn't believe the Message-ID was generated by Thunderbird. What's the
message ID?
This piques my interest because I tell Thunderbird to use a custom Message-ID
domain.
Where can I read more
On Wed, 23 Sep 2020, Jerry Malcolm wrote:
On 9/23/2020 12:46 PM, John Hardin wrote:
On Wed, 23 Sep 2020, Jerry Malcolm wrote:
I am sending test emails from one of my hosting environments to another of
my hosting environments. I get this line in the SA report:
1.6 FORGED_MUA_MOZILLA
discard them?
If the latter, then the most efficient approach is to tell your MTA to
reject SMTP sessions from that IP block with an appropriate message. Avoid
the SA scanning overhead entirely.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
block
connections from hostile ASNs.
Hostile email sources should be TCP tarpitted. :)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
gi?id=6896
That was converted from a warning to an info, so it looks like your SA
version may be a bit stale.
I don't think we ever pulled the trigger on normalizing ".." ⇒ "." for
URIBL lookups as a URL with a malformed FQDN like that doesn't work in a
browser.
On Tue, 6 Oct 2020, Chris wrote:
On Tue, 2020-10-06 at 18:54 -0700, John Hardin wrote:
On Tue, 6 Oct 2020, Chris wrote:
The complete error looks like this:
spamd[435769]: dns: new_dns_packet
(domain=o279.send.iheartdogs.com..xx/dbl.dq
.spamhaus.net. type=A class=IN
that is indeed the cause, then it might be worthwhile to open a bug to
strip leading dot(s) from urirhssub config lines to avoid this, or at
least generate a lint warning if they are present.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
/spamassassin Riccardo and see no extra
'.' anywhere.
Do you find a urirhssub line for {anything}dbl.dq.spamhaus.net there?
Did you check *all* of the local .cf files?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
client.
Please help.
Without actual samples of the spam, there's nothing anyone else can do to
help figure out why SA isn't catching it and how it might get caught.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org p
urrently have.
Thanks
Tim Wetterek Andersson
Digitaliseringsavdelningen, Norrköpings kommun
Telefon/SMS: +46725935115
-Ursprungligt meddelande-
Från: John Hardin
Skickat: den 22 september 2020 19:51
Till: users@spamassassin.apache.org
Ämne: Re: Character encoding in Report Templates
On Tue,
ou can upload some spamples to pastebin and post their URIs
here so that we can see what they look like, that would be very helpful.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 --
On Sat, 24 Oct 2020, Benny Pedersen wrote:
John skrev den 2020-10-24 21:30:
A regular source of spam is outlook.com;
is spamassassin say is not spam ?
in that case:
blacklist_from *@outlook.com
...and then whitelist specific desireable-correspondent outlook.com
addresses.
--
John
On Sat, October 24, 2020 16:33, Benny Pedersen wrote:
> John skrev den 2020-10-24 21:30:
>
>> A regular source of spam is outlook.com;
>>
>
> is spamassassin say is not spam ?
>
> in that case:
>
> blacklist_from *@outlook.com
>
> if it contains urls, is t
no way for them to reel in victims via that contact address.
The fact that after five months of reporting that contact address they are
still using it to lure victims strongly suggests to me that google is
ignoring such reports.
--
John Hardin KA7OHZhttp://www.impsec.or
Amazon all have millions of legitimate
customers from whom you might receive genuine email, and if you block
them because of their (relatively few) unwelcome customers, you're
throwing the baby out with the bathwater.
--
John
On 2020-10-25 18:48, Marc Roos wrote:
Are you guys working for Go
away backtracking and scan timeouts.
rawbody LONG_HIDDEN
m']{0,99}style\s*=\s*"font-size:0px"[^>]{0,99}>[^<]{500}'si
(Caveat: not tested, just off-the-cuff. There's room for improvement in
the style spec as well.)
--
John Hardin KA7OHZ
acher to always provide a meaningful message subject, that's
longer than a word or two.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key:
On Thu, 5 Nov 2020, RW wrote:
On Wed, 04 Nov 2020 18:48:48 -0500
Bill Cole wrote:
On 4 Nov 2020, at 13:31, Thomas Anderson wrote:
* 1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but
no X-MimeOLE
In addition to what John noted, that one looks like a candidate for
constructing
s not forward DNS requests to ISP's nameservers" part...
For small environments like this, the DNS resolver that you use for SA
needs to do all the queries itself rather than passing them off to be
aggregated by the ISP's nameservers, and hit the DNSBL free use limits due
to that agg
On Thu, 5 Nov 2020, Axb wrote:
On 11/5/20 4:31 AM, John Hardin wrote:
On Thu, 5 Nov 2020, RW wrote:
On Wed, 04 Nov 2020 18:48:48 -0500
Bill Cole wrote:
On 4 Nov 2020, at 13:31, Thomas Anderson wrote:
* 1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but
no X-MimeOLE
In addition
d probably be a
good idea. By default, for all domains, not so much.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6
;-)
But that's another story
Have a good weekend
i followed this thread, it was mentioned it was firefox that try to help
usefull domain name ?
but i lost how this went over to a bug in spamassassin ?
The bug was to implement the same (mis)behavior in SA URI parsing.
--
John Hardin K
On Sat, 7 Nov 2020, RW wrote:
On Fri, 6 Nov 2020 16:10:18 +
RW wrote:
However, I can't get an up-to-date Firefox to add .com, so the feature
may already be obsolete.
It take that back, it does.
What does it do for the example at hand, http://www.ch ?
--
John Hardin K
On Sat, 7 Nov 2020, RW wrote:
On Sat, 7 Nov 2020 10:05:21 -0800 (PST)
John Hardin wrote:
On Sat, 7 Nov 2020, RW wrote:
On Fri, 6 Nov 2020 16:10:18 +
RW wrote:
However, I can't get an up-to-date Firefox to add .com, so the
feature may already be obsolete.
I take that back, it
*@bankofamerica.com
whitelist_auth *@*.bankofamerica.com
blacklist_from *@*.bankofamerica.com
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507
SPF_HELO_NONE,SPF_PASS,TXREP,T_GB_FREEM_FROM_NOT_REPLY,USER_IN_SPF_WHITELIST
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E
On Thu, 12 Nov 2020, Darrell Budic wrote:
On Nov 12, 2020, at 11:54 AM, John Hardin wrote:
On Thu, 12 Nov 2020, Darrell Budic wrote:
Got a few of these 411 google form spams recently and was wondering why they
weren’t getting caught by SA. Looks like the Return-Path: is triggering a
On Thu, 12 Nov 2020, Darrell Budic wrote:
On Nov 12, 2020, at 12:31 PM, John Hardin wrote:
I'd have to see a spample to tell whether that would hit your particular case,
though. Can you upload an example to pastebin for us?
Sure, it’s at https://paste.centos.org/view/045312a7
The
On Fri, 20 Nov 2020, AJ Weber wrote:
I think you should keep politics out of this.
+1
*PLEASE*
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76
ack forms would be handy, but data
collection and maintenance seems problematic. I don't think one currently
exists.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4
that.
Based on the sample that was posted, it looks to me like abuse of a
web-based feedback form - post a spammy feedback using the email address
of your victim and you spam the victim via the confirmation (and the
domain hosting the feedback form at the same time).
--
John Hardin K
29 Nov 2009
> 00:17:08 +
Except for mailid: I see those headers in mail from Facebook.
Anyone can add Facebook headers to a message.
John Capo
:
https://ruleqa.spamassassin.org/?rule=%2FFROM_2_
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6
On Tue, 8 Dec 2020, Loren Wilton wrote:
That probably should have hit at least one scored base rule:
https://ruleqa.spamassassin.org/?rule=%2FFROM_2_
Nope. I think my rules are up to date, but maybe not.
Feel free to pastebin it and I'll take a look.
--
John Hardin K
) are
ham-only combos in the masscheck corpus.
I've added some new rules for masscheck eval based on it.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C
ains :
header __PDS_FROM_2_EMAILS From =~
/(?:\W|^)([\w+.-]+\@[\w.-]+\.\w\w++)(?:[^\n\w<]{0,80})?<(?!\1)[^\n\s]*\@/i
The "(?!\1)" is intended to prevent that.
...okay, I found the problem. None of my tests had a username with a
period. Fixing.
--
John Hardin
On Fri, 11 Dec 2020, Benoit Branciard wrote:
Le 10/12/2020 à 17:08, John Hardin a écrit :
...okay, I found the problem. None of my tests had a username with a
period. Fixing.
Good !
I cherry-picked your regex fix from
https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin
he IPs all seem to be Google's (within
CIDR 209.85.128.0/17). I'm going to add a couple of points scoring to
anything from trix.bounces.google.com.
I'll add a rule for that to my sandbox and we'll see what happens.
--
John Hardin KA7OHZhttp://www.
o see
that specific form of "invisible text".
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 64
.1 Seven 419 spams in one hour - go away.
213.171.44.75 550 5.7.1 Open relay - email worms - go away.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec
detect *random* in a simple RE. A long string of characters
from a given set, easy. Characteristics about that string? complicated. A
rule like that might potentially hit on legitimate (for values of
"legitimate") tracking analysis URIs or caching URIs, unless there is some
kind of
an start a subscription for an alternate address,
for example "john@host.domain", just add a hyphen and your
address (with '=' instead of '@') after the command word:
Many thanks for your help.
On 2020-12-20 15:26, John Hardin wrote:
On Sat, 19 Dec 2020, Alan wrote:
The
doesn't matter)?
Or is a mailbox/account separate and distinct from
?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873
On Mon, 21 Dec 2020, Axb wrote:
On 12/21/20 7:19 PM, John Hardin wrote:
Quick question for anyone who knows:
Are the email addresses in the various domains in the yahoo family (e.g.
yahoo.com, yahoo.com.hk, yahoo.com.my, yahoo.com.sg, yahoo.com.vn,
yahoo.co.jp, yahoo.co.nz, yahoo.co.th
On Thu, 17 Dec 2020, John Hardin wrote:
On Thu, 17 Dec 2020, @lbutlr wrote:
On 16 Dec 2020, at 23:21, Loren Wilton wrote:
I just got a batch of spams containing
Interesting. I remember in the early days of html spam there were various
rules to tag messages as spam when they had content
t also had poor S/O. It wasn't as
simple as yours, though - perhaps I'm allowing for too many
syntactically-valid cases to try to avoid trivial avoidance by spam?
Of course that is a pretty heavy rule
It would be lighter if you didn't look for the tag closing. Is ther
On Wed, 23 Dec 2020, Axb wrote:
I misunderstood.. domain wise they are distinct users.
Server_wise, they share servers except yahoo.co.jp which runs their own
Ok. Thanks!
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
liarity with it, though. It is fairly current, last
released in September 2019.
That last option sounds to me like the first one you should explore.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key:
On Wed, 23 Dec 2020, Richard Ozer wrote:
In the headers of every message from the mailing list:
list-unsubscribe: <mailto:users-unsubscr...@spamassassin.apache.org>
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@imps
On Wed, 23 Dec 2020, Grant Taylor wrote:
That's all considerably more complicated than I'm comfortable with at the
moment.
Did you see my mention of this earlier?
https://milter-manager.osdn.jp/reference/introduction.html
--
John Hardin KA7OHZhttp://www.
On Wed, 23 Dec 2020, Grant Taylor wrote:
On 12/23/20 2:15 PM, John Hardin wrote:
spamass-milter has a -u flag for a username to pass to SA. If these are
single-recipient messages that may be enough to reliably tie into per-user
config to disable the RBL check.
It seems as if spamass-milter
1 - 100 of 4761 matches
Mail list logo
