others that are
spam, are being delivered and how do I reconfigure the system so that
these are properly routed to the spam mailbox?
Many thanks,
Mark
How come surbl.org has a "Bad" status at rating.cloudmark.com? (see
below). This is not good.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
a
> -Original Message-
> From: Chris Santerre [mailto:[EMAIL PROTECTED]
> Sent: donderdag 2 december 2004 21:56
> To: 'Mark'; SURBL Discussion list (E-mail)
> Subject: RE: What is up with surbl.org?
>
> > How come surbl.org has a "Bad" status at ra
rk.com data; surbl.org should *never* have been in there.
> >> The folks at cloudmark really need to manually inspect their entries;
> >> next thing this list has a bad rep too.
>
> > Hi Mark,
> > I've not familiar with Cloudmark. Would you mind contacting
How do I purge my bayes_* files? Especially, my bayes_journal is over 250
MB! I like it to re-init with a fresh start. But when I "echo -n >" the
files, and restart SA, I get dbase errors. So, how can I easily go about
this?
Thanks,
- Mark
> -Original Message-
> From: David Guntner [mailto:[EMAIL PROTECTED]
> Sent: donderdag 24 februari 2005 3:02
> To: users@spamassassin.apache.org
> Subject: Re: How to purge bayes?
>
>
> Mark grabbed a keyboard and wrote:
> >
> > How do I pu
> -Original Message-
> From: Robert Menschel [mailto:[EMAIL PROTECTED]
> Sent: donderdag 24 februari 2005 3:28
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: How to purge bayes?
>
> Don't purge/reinit the files, delete them. SA will recreate
it is safe
to keep using DCC. I, for one, would like to keep making queries. It would
be nice if someone from rhyolite.com would chime in.
- Mark
; to MX RRs. I'm aware the rfc's speak of priority, but a higher
> priority MX, has a lower number, and vice verse, hence distance
> makes more sense :)
And, in UNIX, a higher priority process has a lower number, too.
I am quite comfortable with that terminology.
- Mark
Today I got your typical Nigerian spam. This one was
different, though; it read:
"I am Mrs Melissa Pointer the wife of Mr Harry Pointer, my husband"
"Mr Harry Pointer" ?? LOL It seems spammers have a sense
of humor, after all. :)
- Mark
must be in order of confidence. I have found that the
first group (score>=20) contains more than half of my spam. The last
group (score<10) contains about 1/10 of the spam.
Would others agree that I can safely get procmail to trash the scores
higher than 10?
Thanks,
Mark
3.1.6; but I found no reputation services
in the new SA, either.
Thanks,
- Mark
ke exactly what I'm looking for.
And keep up the good work with SPF!
- Mark
From: Meng Weng Wong [mailto:[EMAIL PROTECTED]
Sent: donderdag 13 december 2007 19:20
To: Mark
Cc: Spamassassin Mailing List
Subject: Re: Reptutation Services
On Dec 12, 2007, at 11:09
on to spamc
back. :) So, any way to call spamc for separate users with a "fixed" UID?
Thanks,
- Mark
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: vrijdag 6 oktober 2006 4:33
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: Upgrading from SpamAssassin 2.55
Wow; that was a very comprehensive and useful answer. :) Part of th
[11585] dbg: prefork: periodic ping from spamd
parent
Fri Oct 6 09:04:28 2006 [11585] dbg: prefork: sysread(7) not ready, wait
max 300 secs
That does not look good. What does it mean, and how can I solve it?
Thanks,
- Mark
of "mail.crit" (facility + severity; 2.55 did). But using a
single word facility like "debug" or some such works fine.
- Mark
of permantly preforked
children. It's just a ceiling to protect the system from overload (4G
memory). I have 4 preforked children now, and 20 similarly-sized Apache
processes; none of which is really out of the ordinary.
- Mark
ld use SRS to sign outgoing envelope-from addresses (like I do).
And then run SRS checks on the return. Guaranteed to stop ALL fake DSN
messages. No false positives, ever. If you're running sendmail, have a
look at:
http://www.srs-socketmap.info/
Signing envelope-from addresses, however you wind up doing it, is really
the best protection.
- Mark
7;s the way milters work:
they are hooks into the SMTP dialogue. When that communication ends, and
the milter has not deciced to reject or discard the message, only then
will sendmail actually prepend it's own Received: header.
- Mark
roving SA
with the required post-SMTP view of things. Instead of patching SA, or
trying to "fix" it even, any milter using SA should simply DTRT (Do The
Right Thing): which is: add a pseudo Received: header before handing it
over to SA.
- Mark
rsonally I couldn't give hoot whether you're out of office.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-Original Message-
From: jma...@gmail.com [mailto:jma...@gmail.com] On Behalf Of Justin Mason
Sent: dinsdag 31 maart 2009 13:27
To: Mark
Cc: users@spamassassin.apache.org
Subject: Re: Using 'get_pristine_header' in HeaderEval.pm
Thanks, Jason.
> can you paste the exact code
Hello,
In SA 3.2.5, in the module HeaderEval, I wanted to do something like this:
sub my_test {
my ($self) = @_;
my $header = $self->{msg}->get_pristine_header ();
But the log shows an error:
Mar 31 07:02:01 asarian-host spamd[4647]: (Can't locate object method
"get_pris
-Original Message-
From: Mark [mailto:ad...@asarian-host.net]
Sent: dinsdag 31 maart 2009 13:46
To: 'users@spamassassin.apache.org'
Subject: RE: Using 'get_pristine_header' in HeaderEval.pm
> can you paste the exact code to a pastebin?
It helps if I actually
-Original Message-
From: jma...@gmail.com [mailto:jma...@gmail.com] On Behalf Of Justin Mason
Sent: dinsdag 31 maart 2009 14:44
To: Mark
Cc: users@spamassassin.apache.org
Subject: Re: Using 'get_pristine_header' in HeaderEval.pm
> $self->{msg}->get_pristine_header()
action is not: "Oh, coolie, more to block!" More like: "Another
one of those overly aggressive blocklists that in its rampant 'Off with
their heads' policy just renders itself pretty much useless." So, indeed,
thanks, but not no thanks.
- Mark
nyone found a way around this, by any chance?
Thanks
- Mark
arly convenient.
Duh on me. :) I guess I got confused with dcc (for which a separate binary
needs to be compiled). It's been a while since I looked at Razor2. Good
thing I did, though, as I was apparently still on '2.82' (instead of the
fixed '2.84' version).
Thanks,
- Mark
as been closed
*** Error code 1
Stop in /usr/ports/devel/re2c/work/re2c-0.13.5.
*** Error code 1
Stop in /usr/ports/devel/re2c/work/re2c-0.13.5.
*** Error code 1
Stop in /usr/ports/devel/re2c.
Thanks,
- Mark
rom within a Perl
daemon (like I do now).
So, other than than Mail::SpamAssassin::Client possibly being subject to
change, is there any particular other reason not to use it?
Thanks,
- Mark
-Original Message-
From: jma...@gmail.com [mailto:jma...@gmail.com] On Behalf Of Justin Mason
Sent: donderdag 2 april 2009 16:03
To: Mark
Cc: users@spamassassin.apache.org
Subject: Re: Using Mail::SpamAssassin::Client
> we should probably remove that warning. it's been stable (
From: Mark [mailto:ad...@asarian-host.net]
Sent: donderdag 2 april 2009 21:14
To: users@spamassassin.apache.org
Subject: Annoying -w errors in syslog
To answer my own question, in log_message, in Logger.pm, I added this,
prior to when the message is being written:
return if
-Original Message-
From: Nix [mailto:n...@esperi.org.uk]
Sent: vrijdag 3 april 2009 15:42
To: Mark
Cc: users@spamassassin.apache.org
Subject: Re: Compiling re2c with gcc 2.95
On 2 Apr 2009, Mark uttered the following:
> > Has anyone been able to compile re2c with a gcc 2.95 compi
Consider using SRS. I wrote a (now somewhat older) doc about it, at:
http://srs-socketmap.info/sendmailsrs.htm
But it gives you an idea. There's good C implementations for it, these
days, and it will definitely stop ALL fake bounce, with no FPs.
- Mark
-Original Message-
From: J
-Original Message-
From: LuKreme [mailto:krem...@kreme.com]
Sent: zaterdag 4 april 2009 19:47
To: users@spamassassin.apache.org
Subject: Re: Ways to block bouncebacks?
On 4-Apr-2009, at 04:07, Mark wrote:
> > Consider using SRS. I wrote a (now somewhat older) doc about
use
you know, for certain, you never sent out with an unsigned envelope-from
address: hence, it cannot possibly return unsigned as RCPT TO recipient in
a bounce! Hence, it's fake.
- Mark
S can also be used, very
effectively, to detect and eliminate fake bounces. So, yes, you could
certainly have a look at BATV, too.
But honestly, if you're not quite sure what they mean by 'return adress,'
and you get it confused with a mail 'From:' header, then you probably best
bone up a bit on your RFC knowledge; especially the contextual differences
between RFC 821 and RFC 2821. Otherwise we'll keep going around in
circles.
- Mark
at: RCPT TO: , you would
have rejected it (for being unsigned).
- Mark
Just noticed this on spam:
2.1 SUBJ_ALL_CAPS Subject is all capitals
I know I can change scores at will, of course,
but a default of 2.1, that seems a mite excessive, no?
- Mark
-Original Message-
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk]
Sent: maandag 6 april 2009 16:59
To: users@spamassassin.apache.org
Subject: Re: Near capitable punishment for all capitals?
On 05.04.09 22:48, Mark wrote:
> > Just noticed this on spam:
> >
> >
Barracuda et al, like:
http://www.email-ethics.com/2009/01/emailregorg-project.html
http://zacharyozer.blogspot.com/2008/10/worst-engineers-ever.html
http://www.debian-administration.org/users/simonw/weblog/295
And now I'm even more convinced that I will not be using Barracuda. Sorry.
- Mark
"revert to Net::DNS" fallback ability if it fails?
Just don't run CPAN in its auto-install mode, if you fear it might screw
things up. Again, just grab:
http://search.cpan.org/~olaf/Net-DNS-0.65/
Untar, run:
perl ./Makefile.PL
make
make test
make install
And you're done. Easy-peasy.
- Mark
27;a0.fantomas.cust.gts.sk'
to send mail on behalf of 'fantomas.sk', but that will not prevent Spam
Rats from identifying 'a0.fantomas.cust.gts.sk' as appearing to be part
of your upstream provider; so they'd probably reject the connection
anyway.
- Mark
supposed to segfault, period. Probably a bad XS module. Since the
segfault occurs at "[9632] dbg: rules: compiled rawbody tests,"
Rule2XSBody might be a good place to start looking (if you're using that).
You could just temporarily disable that, for instance.
Btw, message runs through SA fine, here.
- Mark
x27;ll try to pick and silence the rule regexp causing this.
That doesn't seem like a good solution. On my SA 3.2.5, as stated, there's
no segfault of any kind with that message. Honestly, just fix your Perl
already .:) Perl just doesn't segfault normally, even when a regex is
(too) complex.
- Mark
tly detected as spam and no sign of
UNPARSEABLE_RELAY.
I have created case 6103 - but this may be a milter-issue, although the
same version of the milter worked very well on centos-4 i386 and SA 3.1
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6103
thanks in advance
mark
ugh
the same version of the milter worked very well on centos-4 i386 and
SA 3.1
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6103
thanks in advance
mark
This is a spamass-milter bug. They generate a malformed fake sendmail
header and it's unparseable.
There's a fix for s
n the sa-compile docs wouldn't have hurt. :) So, can
someone give me an example of a working command-line for sa-compile?
Thanks,
- Mark
Never mind, it works. J Just calling it without any parameters
has it default do The Right ThingT.
- Mark
From: Mark [mailto:ad...@asarian-host.net]
Sent: dinsdag 28 april 2009 23:24
To: users@spamassassin.apache.org
Subject: sa-compile command-line?
Ok, finally got re2c
ay than to assess...
I'm sure some meaningful statistical correlation between the two could be
established over time (meaningful enough to predict fakes and all). But
somehow I feel that's still like adding a bad element to otherwise clean
waters, and then adding lots of extra water to dilute the end result
again; in other words: let's just not poison the well to begin with.
- Mark
I have created case 6103 - but this may be a milter-issue, although
the same version of the milter worked very well on centos-4 i386 and
SA 3.1
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6103
thanks in advance
mark
This is a spamass-milter bug. They generate a malformed
about 'terrible' or anything, but your idea simply fails a
variation of the Occam's razor test: it's unnecessarily complicated, hard
to implement, harder to maintain, and non-centralized, whereas much
simpler, more elegant, centralized solutions are at hand. Solutions you
didn't even know about. That's where your quest should have started, and
where this thread ought to end.
- Mark
tation. Julian Mehnle's
Mail::SPF (at version v2.006, now) is its official replacement.
- Mark
our setup is that, in such a scenario, apparently your LDA
already delivers (part of an) aborted mail. That seems too strange for
words; so, likely, you're not sending out proper reply codes to connecting
mail servers.
So, the solution is simple: fix your mail server; or have someone do it
for you.
- Mark
-Original Message-
From: John Hardin [mailto:jhar...@impsec.org]
Sent: vrijdag 8 mei 2009 15:52
To: Mark
Cc: users@spamassassin.apache.org
Subject: RE: Odd behaviour under load.
> On Fri, 8 May 2009, Mark wrote:
>
> > From: Charles Gregory [mailto:cgreg...@hwcn.org]
> >
ify the valid range of IPs
> for the SPF records?
>
> Wait a minute, are they saying that their ENTIRE CLASS C is allowed
> to send mail 'from' orange.es?
The /24 CIDR covers the 213.143.52.0-213.143.52.255 range. Why does
that strike you as so strange? :)
- Mark
x-type OS you're on, but maybe sudo is the wrong way. On
FreeBSD, I would say:
su -l postfix -c "spamassassin -p prefs.conf -t < MESSAGE.MAI > text.txt"
The "-l" switch causes the ENV of the postfix user to be used as well
(as if you did a full login).
- Mark
directory. Do you really want that to be world-writeable?? But I digress.
P.S. Not saying giving users like 'postfix', 'mysql', etc., a shell
account is a good idea, per se; but you're the admin, so you'll have to
decide whether that poses some sort of security risk. Jusy sayin' that if
you want to 'su' the postfix user, it'll need a valid shell.
- Mark
-Original Message-
From: LuKreme [mailto:krem...@kreme.com]
Sent: vrijdag 15 mei 2009 8:05
To: users@spamassassin.apache.org
Subject: Re: whitelist_from_spf
On 14-May-2009, at 21:57, Mark wrote:
>> "v=spf1 mx a:spf.orange.es ip4:213.143.52.0/24 -all"
>>
>>
then just retrieve the array of info for the
current message, and apply scores accordingly. Of course, I'm not doing
the same things you want, but the implementation idea is fairly simple,
really.
- Mark
-Original Message-
From: jma...@gmail.com [mailto:jma...@gmail.com] On Behalf Of Justin Mason
Sent: zaterdag 16 mei 2009 10:21
To: Mark
Cc: Spamassassin Mailing List
Subject: Re: An SMTP transaction, SpamAssassin interface
On Sat, May 16, 2009 at 01:36, Mark wrote:
> -Origi
have to resolve to "mail.apache.org" (and it doesn't; it resolves to
"hermes.apache.org").
- Mark
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: donderdag 19 oktober 2006 6:40
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: Scoring PTR's
>
>
> > Yes, a very bad idea. And a mite on the side of RFC ignoran
> -Original Message-
> From: Jo Rhett [mailto:[EMAIL PROTECTED]
> Sent: donderdag 19 oktober 2006 9:56
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: ALL_TRUSTED creating a problem
>
>
> Perhaps SA being focused on "post-SMTP" is the
d Kingdom" [.uk HELO] !=
"Germany" [.de PTR]"
In the strictest sense, I'm not allowed to do that, either. But my
rationale is, that the connecting host's HELO is perpetrating a lie here
that under any reasonable circumstance is just irreconcilable with the
PTR (the MTA simply cannot be in both countries at the same time).
- Mark
> -Original Message-
> From: Jo Rhett [mailto:[EMAIL PROTECTED]
> Sent: donderdag 19 oktober 2006 20:36
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: ALL_TRUSTED creating a problem
>
>
> > I reckon the focus of SA on "post-SMTP"
> -Original Message-
> From: Coffey, Neal [mailto:[EMAIL PROTECTED]
> Sent: donderdag 19 oktober 2006 21:03
> To: users@spamassassin.apache.org
> Subject: RE: ALL_TRUSTED creating a problem
>
>
> That said, Mark seems to be missing that milters don't
> -Original Message-
> From: John Rudd [mailto:[EMAIL PROTECTED]
> Sent: donderdag 19 oktober 2006 22:49
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: Scoring PTR's
>
>
> >>> I setup mail servers all the time and I always make
; a relay because it's HELO name
was not identical to the PTR. And that's just plain silly, and not
supported by any RFC I know.
- Mark
> -Original Message-
> From: John Rudd [mailto:[EMAIL PROTECTED]
> Sent: vrijdag 20 oktober 2006 0:18
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: R: Scoring PTR's
>
>
> > I now see the cause of your confusion. "Make sure you
ved it for me, though.
On average, every 1 out of 8 calls to Pyzor fails that way for me. I've
learnt to live with it, pending the arrival of a permanent fix.
- Mark
probably be more inclined to
look into a BerkeleyDB issue than a Vmware one.
- Mark
> -Original Message-
> From: Chris Purves [mailto:[EMAIL PROTECTED]
> Sent: vrijdag 27 oktober 2006 23:20
> To: users@spamassassin.apache.org
> Subject: Re: domainkeys unverified - solved
>
>
> In the end, with the help of Mark Martinec, I was able to
> det
18rDCT
> pDT1pbK0xwkdZIZkaP8NB75qa/S57xccZlIwbI22Ooy/IY+8WxQtvE2z4W"
>
> Authoritative answers can be found from:
>
> [EMAIL PROTECTED]:~$
>
> I'm missing the second part of the "Answer" and "Authority" is empty.
Thanks. :) I was getting worried. I'm not quite ready to go to BIND 9 yet
(don't all y'all shoot me now), so I'm happy to hear it's working.
- Mark
fe-span. You'd essentially be making WHOIS
queries all the time.
I'm quite open to the possibility that I'm missing a vital concept of this
idea that would allow me to see things in a different light; but for now,
I think I'll pass. :)
- Mark
]*"?cid:/i
And if we're really nitpicky, we want to match "src" on a boundary:
rawbody IMG_SRC_CID /\bsrc[ \t]*=[ \t]*"?cid:/i
- Mark
les the vast majority of spam at
the gate.
92% (!) of all incoming spam uses an invalid HELO.
9% pretends to be me in their HELO.
83% of all spam here comes from dynamic IP space.
8% of the incoming spam uses a country-level TLD which does not match the
HELO country TLD ("EHLO foo.de" vs. "bar.uk" PTR, for instance).
SA gets the rest. :)
- Mark
domain, or the domains I host, or address literals
pretending to be me). The 8% that fails the PTR != HELO country TLD is
also included in the 92%.
The rest of the invalid HELOs are just non-FQDNSs (like "HELO friend"), or
IP addresses (not inside braces, like an address literal).
The
and such).
Based on Tony's logic, SA should not list those who are clearly not
spammers. And that is always sound advice. Sometimes this means SA has to
intercede to do extra whitelisting or some such -- which may well be
perceived as ugly, but is, IMHO, still the right thing to do, from SA's
perspective.
- Mark
es it needs itself.
Or re-install Net::DNS, and make sure you run "make test".
- Mark
y. Usual causes are inadvertent linkage
against an older library during compilation time (when you install the
software); or at run-time level.
I would definitely give CPAN a try first. Should give you something shiny
and new under site_perl.
- Mark
lds[1] = int(fields[1])\nIndexError: list index out of
range
- Mark
to
> spamd.
Slightly OT, I guess; but is there actually a documented way of
calling the appropriate Perl module, without using spamc?
Thanks,
- Mark
ault '0',
PRIMARY KEY (id, token),
INDEX bayes_token_idx1 (token),
INDEX bayes_token_idx2 (id, atime)
) TYPE=MyISAM;
PRIMARY for `id` and `token` should not have INDEX for `id` and `token`
added, too.
- Mark
> -Original Message-
> From: Federico Giannici [mailto:[EMAIL PROTECTED]
> Sent: woensdag 15 november 2006 17:42
> To: Mark
> Cc: users@spamassassin.apache.org
> Subject: Re: Bayes column 'token'
>
>
> > Well, bayes_mysql.sql does not speci
> -Original Message-
> From: Mark [mailto:[EMAIL PROTECTED]
> Sent: woensdag 15 november 2006 18:15
> To: 'users@spamassassin.apache.org'
> Subject: RE: Bayes column 'token'
>
> > > Well, bayes_mysql.sql does not specify collation; so,
(id, token),
> > INDEX bayes_token_idx1 (atime)
> > ) TYPE=MyISAM;
>
> Those are multi-column indexes not duplicates.
>
> INDEX bayes_token_idx1 (id, atime)
>
> is NOT the same as:
>
> INDEX bayes_token_idx1 (id)
> INDEX bayes_token_idx2 (atime)
The multi-column INDEX actually *does* appear to be used.
My bad. Though it still doesn't justify the existence of:
INDEX bayes_token_idx1 (token)
- Mark
pass (mail.domain.tld: 1.2.3.4
is authenticated by a trusted mechanism
In your current setup, it seems, you basically use "softfail" so as not
have to deal with rejects from (authenticated) dynamic relays; but
"softfail" was not really meant for that purpose, of course.
- Mark
I used for ages, and the new 3.0.17, has never ever
crashed; and I mean it. The only real reason I think the parent process
could potentially crash (not on signal 11) is because the main "accept"
loop might not have an eval around it or some such. But I'm pretty sure
they took care of that.
- Mark
Matus - Oops! I had installed a new email server last year, running
Ubuntu, and I didn't realize by default, updating is off.
After updating, I see that we are getting blocked by RCVD_IN_VALIDITY.
My bad. Thanks very much! - Mark
On 11/14/2024 8:44 PM, uh...@fantomas.sk wrote:
FWIW, Today I discovered that RCVD_IN_VALIDITY_CERTIFIED,
RCVD_IN_VALIDITY_RPBL, and RCVD_IN_VALIDITY_SAFE, were being triggered
for every email that our server received. I do not use a public DNS
server. I disabled all of them. Strange. - Mark
https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/
<https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/>
- Mark
Hi - I receive email from spiceworks.com help desk, which are sent via
sendgrid. Why do these URLs trigger the SENDGRID_REDIR rule score,
which is 3.4 ? Thanks. - Mark
Terms and Conditions:
https://u2752257.ct.sendgrid.net/ls/click?upn
My site is getting a lot of spam that is getting past spamassassin.
Because it has a hone number to call, and rather than a link to login
using username and password. Mostly fake amazon purchases. They are
getting past a lot of URL block lists because of that. FWIW. - Mark
t the
bottom. And they left the postal address of amazon, without the word
amazon.
I hate bogus spam that is so obviously bogus that it avoids filter
rules. :) - Mark
On 6/17/2021 10:52 AM, users-digest-h...@spamassassin.apache.org wrote:
Subject:
Re: Maybe it's time to revive EvilNum
Loren - Unfortunately, LW_BOGUS_ORDER doesn't get triggered for my
email, because there is no List-Id. The email actually came from a
microsoft account. - Mark
header __LW_SUB_INVOICE Subject =~ /\b(?:invoice|order)\b/
header __LW_FROM_INVOICE From =~ /\b(?:invoice|order)\b/
h
Can someone tell me why this paypal phishing email, managed to trigger
USER_IN_DEF_SPF_WL?
Or put it another way. Why wasn't it detected as a phishing email? Thanks.
Received: from a39-208.smtp-out.amazonses.com
(a39-208.smtp-out.amazonses.com [54.240.39.208])
by PSFCMAIL.MIT.EDU (8.14.7/
It seems like it too high a negative score.
On 3/20/2023 1:24 PM, Reindl Harald wrote:
Am 20.03.23 um 18:17 schrieb Mark London:
Can someone tell me why this paypal phishing email, managed to
trigger USER_IN_DEF_SPF_WL?
Or put it another way. Why wasn't it detected as a phishing
I’ve never seen a false positive with USER_IN_DEF_SPF_WL.
> On Mar 20, 2023, at 1:48 PM, Reindl Harald wrote:
>
>
>
>> Am 20.03.23 um 18:44 schrieb Mark London:
>> It seems like it too high a negative score.
>
> then adjust it in local.cf
>
> the poin
1 - 100 of 1114 matches
Mail list logo
