th
these domains, but they remain mostly trusted?
afaik the masschecks run over spam/ham corpora. So it would make sense to
include this kind of spam in that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this
high scores with the intention of
having these scores to offset his heavy handed approach.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
amavis[1174755]: (1174755-04) bounce
unverifiable, <> ->
Probably amavis whitelisted "<>"
What seems obvious is that '<>' mainly represents bounces or
non-delivery reports (NDRs)."
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantom
Root Cause Analysis (in order):
1) DNSWL does not provide blocked codes. That deviates from
most DNS-query based systems.
On 24.09.24 20:43, Matthias Leisi wrote:
This is wrong.
On 26/09/24 01:20, Matus UHLAR - fantomas wrote:
I have checked with 1.1.1.1, where queries only return
ctor.
Is there any possibility to detect clients using open DNS, perhaps other
than RCVD_IN_ZEN_BLOCKED_OPENDNS ?
Then, block all dnsbl/rhsbl rules?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovan
.
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
* author's domain
you can safely welcomelist_from_dkim their mail address.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
may be kinda filing it up.
With SA 3.4.X - on average 100MB and it deletes on the fly
With SA 4.X - on average 2-6GB and I had to do a quick fix:
59 23 * * * root find /var/lib/amavis/tmp/ -mtime +0 -delete;
W dniu 18.09.2024 o 16:09, Matus UHLAR - fantomas pisze:
On 18.09.24 13:42, Grega via
15:28:48 CEST 2024
How do you call spamassassin, directly, via spamass-milter, amavis or other
way?
Did you tune any bayes settings?
Do you have your trusted_networks and internal_networks set up properly?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish
DNSWL would return 127.0.0.255
in addition to 127.0.10.3
- there is already rule to suspend
header RCVD_IN_DNSWL_BLOCKED eval:check_rbl_sub('dnswl-firsttrusted',
'^127\.0\.\d+\.255$')
dns_block_rule RCVD_IN_DNSWL_BLOCKED list.dnswl.org
--
Matus UHLAR - fantoma
nsider this
should be reported as a bug
missing DKIM_VALID_EF, so not dmarc aligned strict
DMARC does not require this.
Even mail from this mailing list does not have DKIM_VALID_EF.
Because this list forwards e-mail, changes envelope from, but does not
change headers so original DKIM app
.
Spamassassin version is 4.0.0-8ubuntu5.
Once again, do you use Debian or Ubuntu?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two
ery much at all (and certainly at least order of magnitude less than your
stated traffic).
No amount of local DNS caching is going to fix limits *that low*.
yeah, this looks like blocking every non-paying user.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I w
e they hit
- unless you want stop using that at all.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
hrough them?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
when de-listing is rejected.
I don't think there's point in blacklisting hoat that sends fake helo, when
you can block the helo itself.
yes, I think that such helo should be blocked and I block it wherever I can.
Original Message
On 2 Aug 2020, 12:30, Matus UHLAR
that 99% of hits are ham?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear sa
ve noticed those some time ago.
I wonder what's the point of sending such mail.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day with
On 21/08/20 11:52, Matus UHLAR - fantomas wrote:
I have noticed those some time ago.
I wonder what's the point of sending such mail.
On 21.08.20 10:27, Riccardo Alfieri wrote:
Perhaps trying to fool the bayesians? I remember some spam emails that
cyclically appear (mostly dating spam)
ri, 21 Aug 2020, Matus UHLAR - fantomas wrote:
I have noticed those some time ago.
I wonder what's the point of sending such mail.
On 21.08.20 09:21, John Hardin wrote:
It's an attempt to obstruct spam detection via naïve text matching in
the raw HTML. It has no effect (beyond bein
ri, 21 Aug 2020, Matus UHLAR - fantomas wrote:
I have noticed those some time ago.
I wonder what's the point of sending such mail.
On 21.08.20 09:21, John Hardin wrote:
It's an attempt to obstruct spam detection via naïve text matching
in the raw HTML. It has no effect (beyond bein
hopefully be able to make use of this, who
don't have Pyzor (for whatever reasons)
well, do we have anything available now to block at SMTP level?
- postfix policy server?
- milter?
so far I have noticed only SA plugins. Which is not bad, but that HUGE
advantage is not usable now.
--
Matus
.
What exactly do you want?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send
On 02.09.20 16:05, KADAM, SIDDHESH wrote:
I want to send a mail to local admin If any mail body matches a
content of a specific words.
it it's only about simple regex, postfix has body_checks directive that
could be used for this.
On 9/2/2020 4:01 PM, Matus UHLAR - fantomas wrote
ck to the IP.
2. the name in HELO/EHLO should be resolvable and should have A/ record
I don't really like that but we think about to check the HELO too.
Does anyone else checks the HELO/ELHO?
very few.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I w
rbage up front.
On 14.09.20 17:43, Niels Kobschätzki wrote:
I greylist (what I usually do not do) when a HELO-string does not
resolve with a PTR-record.
PTR? the helo string should be an A or .
Do you check PTR of those addresses?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
On Mon, 14 Sep 2020 15:08:57 +0200
Matus UHLAR - fantomas wrote:
last time I
checked, google, aol, yahoo SMTP servers used HELO strings that did
not resolve back to those IPs.
On 14.09.20 23:03, RW wrote:
I just looked at few and they all have HELO matching the recorded rDNS.
Are you basing
ourse better to have mail signed by matching domain.
And even if you don't want to publish DMARC records now it's probably best
practice to sign with the organizational domain of the From: header. A DKIM
signature from an unrelated domain doesn't really say anything except t
Am I not supposed to replace whitelist with welcomelist in my configs?
On 16.10.20 09:20, Kevin A. McGrail wrote:
No, not until 4.0 is released. Good question!
perhaps, the rules above should be defined only for version >=4
and versions <4 should have the original rules.
--
Ma
e to a web page if I need more help; said page assumes the
reader is inside outlook and getting mail from outside.
What do people do about them? Do I lie and say I trust them? or
should I just continue to block parts of their spam-network? I cannot
be the only one with this problem!
==John ffitc
X && !__HDRS_LCASE_KNOWN &&
!__FSL_RELAY_GOOGLE
meta __SPOOFED_FREEMAIL !__NOT_SPOOFED && FREEMAIL_FROM
if !(!plugin(Mail::SpamAssassin::Plugin::DKIM))
ifplugin Mail::SpamAssassin::Plugin::SPF
meta __NOT_SPOOFED SPF_PASS || DKIM_VALID || !__LAST_EXTERNAL_RELAY_NO_AUTH
|| A
rules to push score back to ham range.
Moreover, after reading other replies in the thread, I am even begining to
doubt the wizdom of rejecting hard SPF fails in the MTA (which I do in
some installations).
you can still do that as policy decision.
--
Matus UHLAR - fantomas, uh...@fanto
say
i have now added rhsoft to rpz localy
dmarc can pass even if SPF does not.
dmarc requires either DKIM or SPF pass, with the domain same as From:.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Var
ed.
I received another one that was meant to be an Amazon Prime Membership
failure. How can I block these? The last time I inquired about phishing,
it was suggested to install KAM, which I did, but this crap is still
getting through. Any other suggestions?
--
Matus UHLAR - fantomas,
his is to be able to block mail from a
specific TLD or domain or country on a per-user or per-domain basis.
Perhaps there's another way to do this? In amavis directly?
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/UsingSQL
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://ww
KIM reputations are identified by a combination of header from address
and signing domain. SPF pass reputations are just identified by header
address, without incorporating the envelope domain or requiring
alignment.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wis
Matus UHLAR - fantomas skrev den 2020-11-11 17:01:
Martin Gregorie skrev den 2020-11-11 11:02:
On Wed, 2020-11-11 at 09:52 +0100, Tobi wrote:
On 11.11.20 15:41, RW wrote:
Note that without a DKIM pass, SPF is easily spoofed in TxRep.
is it? how does that work then?
On 11.11.20 17:20
ward. $signedby gets set to the tag DKIMDOMAIN or falls
back to the fixed string 'spf' for an SPF pass.
sorry, I'm not into txrep much for now.
Does it mean, that txrep correctly compares Return-Path (or any header that
is filled by envelope from), but incorrectly adds bonus to addre
äckelmann
who worked hard on setting up the infrastructure for this.
great to know!
is there any estimate on how often should we expect any updates to it?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varo
ort external update
channels.
Also, you often neet to reload spamd or amavisd, which apparently should not
be done independently by multiple cron jobs...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addre
e verification
failed.
channel 'kam.sa-channels.mcgrail.com <http://kam.sa-channels.mcgrail.com>':
GPG
validation failed, channel
failed
Update failed, exiting with code 4
This is Ubuntu 20.04.1 LTS Spamassassin
spamassassin -V
SpamAssassin version 3.4.4
0"
I read various publications for this error but i don't know how resolve it.
Any ideas, recommendations?
bayes_learn_to_journal 1
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie:
On Sat, Nov 28, 2020 at 1:29 PM Matus UHLAR - fantomas
wrote:
is there any estimate on how often should we expect any updates to it?
On 31.12.20 15:22, Kevin A. McGrail wrote:
I typically make multiple changes on every business day. Some of those
changes are to an RBL that we will likely
Jan 20 07:25:27 eternia6 spamd[22843]: bayes: cannot open bayes databases
/var/spamassassin/bayesdb/bayes_* R/W: lock failed: File exists
Any ideas? i don't know how resolve this error.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
don't recommend more spamd processes than e.g.
2x number of CPUs. maybe even less.
It does not make sense to run too many processes in parallel.
If you process too much mail, you could store bayes database in SQL or
redis. However, first lower amount of processes.
--
Matus UHLAR - fantoma
oo many processes in parallel.
If you process too much mail, you could store bayes database in SQL or
redis. However, first lower amount of processes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie:
rough package manager too.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
before, citing from message you quoted:
If you process too much mail, you could store bayes database in SQL or
redis. However, first lower amount of processes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
:c010:567c:0:0:0:1
SPFBL?
while we're here, was anyone able to get their page in english language?
https://spfbl.net/en/project/
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
score BOUNCE_MESSAGE 1
score CRBOUNCE_MESSAGE 1
score VBOUNCE_MESSAGE1
score OOOBOUNCE_MESSAGE 1
score ANY_BOUNCE_MESSAGE 1
...
Should I bother letting SA scan the messages and consign them to my SA
folder where they get auto-learned?
it is possible but I would not recommend it.
--
Matus
On 21-01-31 12:58:48, Axb wrote:
Cisco forgot to renew spamcop.net
Registry Expiry Date: 2022-01-30T05:00:00Z
On 31.01.21 12:02, Georg Faerber wrote:
That's still one year to go, isn't it?
Updated Date: 2021-01-31T09:40:42Z
they fixed it in the meantime.
--
Matus UHLAR - fa
;; ANSWER SECTION:
1.0.0.127.bl.spamcop.net. 1800 IN A 91.195.240.87
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent
On 31.01.21 15:43, Axb wrote:
On 1/31/21 3:35 PM, Matus UHLAR - fantomas wrote:
On 31.01.21 12:02, Georg Faerber wrote:
On 21-01-31 12:58:48, Axb wrote:
Cisco forgot to renew spamcop.net
Registry Expiry Date: 2022-01-30T05:00:00Z
That's still one year to go, isn't it?
seems tha
On 21-01-31 12:58:48, Axb wrote:
Cisco forgot to renew spamcop.net
Registry Expiry Date: 2022-01-30T05:00:00Z
On 31.01.21 12:02, Georg Faerber wrote:
That's still one year to go, isn't it?
Den 31-01-2021 kl. 15:35 skrev Matus UHLAR - fantomas:
seems that this has been ov
at: https://github.com/telecom2k3/CHAOS
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for
Hello,
it seems that BIGNUM_EMAILS on signatures containing e-mail address after
telephone number like:
Mobil: +421 904 000 111
e-mail: addr...@example.com
Feb 26 14:25:49.116 [7638] dbg: rules: ran body rule __BIGNUM_EMAILS ==> got hit:
"000 111 e-mail"
--
Matus UHLAR -
up
L_URIBL_FANTOMAS DNSBL:google.com:rhsbl.fantomas.sk
How can I make SA to rbl-check for subdomain, not just google.com domain?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVA
On 2021-02-28 12:26, Matus UHLAR - fantomas wrote:
How can I make SA to rbl-check for subdomain, not just google.com
domain?
On 28.02.21 15:58, Benny Pedersen wrote:
2nd tld cf file or
do you want to say, only delegated domains are searched, not subdomains?
https://github.com/spamhaus
On 2021-02-28 12:26, Matus UHLAR - fantomas wrote:
How can I make SA to rbl-check for subdomain, not just google.com
domain?
On 28.02.21 15:58, Benny Pedersen wrote:
2nd tld cf file or
On 01.03.21 11:19, Matus UHLAR - fantomas wrote:
do you want to say, only delegated domains are searched
On 2021-03-01 11:19, Matus UHLAR - fantomas wrote:
do you want to say, only delegated domains are searched, not
subdomains?
On 01.03.21 15:25, Benny Pedersen wrote:
yes spamassasin works this way
I apparently missed docs about this.
And, frankly, it'a apparently not ideal, at least f
It is not a timeout problem: both tcpdump and dns-cache log show immediate
answers to 100% of queries in less than 1 second.
May this be solved in the new AskDns John Hardin mentioned some days ago?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to
answer and die on timeout.This not only affects final SA result, but
performance.
Correct Kernel UD tunning solves the problem!
On Tuesday, March 2, 2021, 04:46:08 PM GMT+1, Matus UHLAR - fantomas
wrote:
do you run local resolving (non-forwarding) DNS server?
On Monday, March 1, 2021
problem.
https://bobcares.com/blog/bind-edns/ default edns0 is now 4096, but
sometimes its can only be 512, check logs and read this link
logs of DNS server, like BIND. It can force maximum UDP size to e.g. 1500
i am not a dns expert, sorry
--
Matus UHLAR - fantomas, uh...@fantomas.sk
under root without the '-x' flag (which
disables this behavior).
spamc connects to spamd passing the username to it, so you can override
current user by passing the "-u username" flag to it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT t
e places one false negative is enough to multiple
similar mail from BAYES_50 to BAYES_999
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- H
that multiple people reported long delivery time when expiration has
occured, and it's often recommended to turn this off and do expiration e.g.
from cron job.
BAYES database stored in redis does not have this issue.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warni
FPs and FNs.
On 17.03.21 22:01, RW wrote:
It wont do that by default. You would need to have something removing
the signature hashes from the database.
Matus UHLAR - fantomas wrote:
oh, yes, it does:
bayes_auto_expire (default: 1)
If enabled, the Bayes system will
cally expiring out of Bayes, leading to FPs and FNs.
On 17.03.21 22:01, RW wrote:
>It wont do that by default. You would need to have something removing
>the signature hashes from the database.
On Thu, 18 Mar 2021 14:01:28 +0100 Matus UHLAR - fantomas wrote:
oh, yes, i
5rIHlvdSwNClhmaW5pdHkgTWFuYWdlbWVudA==
105
106 --3k4f1c2=_dmQLapWUlhFkRkERazqcs8FmA0
107 Content-Type: application/octet-stream;
108 name="Mar-28 Voicemail.eml"
109 Content-Transfer-Encoding: base64
110 Content-Disposition: attachment;
111 filename="Mar-28 Voicemail.e
TLD From Google Drive and Reply-To is
* from a suspicious TLD
I even have following in my local.cf to be able to carch google
docs/drive/whatever spam via URIBL:
clear_uridnsbl_skip_domain goo.gl google.com
util_rb_2tld google.com
--
Matus UHLAR - fantomas,
On 2021-04-04 12:54, Matus UHLAR - fantomas wrote:
I have received spam from:
From: "Linda marry (via Google Drive)"
it wasn't catches because of:
60_whitelist_auth.cf:def_welcomelist_auth *@google.com
Now that users can abuse google.com domain, isn't it time to remo
On 04.04.21 13:09, Benny Pedersen wrote:
>change score to 7.5
>change score to -3.5
On Sun, 4 Apr 2021 13:21:08 +0200 Matus UHLAR - fantomas wrote:
I prefer to solve problems instead of playing with scores.
It seems that abusers have worked around SA by using google domains
and address
An update to this:
On 04.04.21 12:54, Matus UHLAR - fantomas wrote:
I have received spam from:
From: "Linda marry (via Google Drive)"
it wasn't catches because of:
60_whitelist_auth.cf:def_welcomelist_auth *@google.com
Now that users can abuse google.com domain, isn'
understandable mess.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I feel like I'm diagonally parked in a parallel universe.
On 04 Apr 2021, at 05:21, Matus UHLAR - fantomas wrote:
I prefer to solve problems instead of playing with scores.
On 04.04.21 06:35, @lbutlr wrote:
The way that SA solves problems is by changing score values.
The entire foundation of SA is "playing with scores".
I disagree. The
>On Sun, 4 Apr 2021 13:21:08 +0200 Matus UHLAR - fantomas wrote:
>> I prefer to solve problems instead of playing with scores.
>>
>> It seems that abusers have worked around SA by using google domains
>> and addresses for sending spam from.
On 04.04.21 14:19, RW
Am 2021-04-08 17:46, schrieb Bill Cole:
On 8 Apr 2021, at 6:25, Matus UHLAR - fantomas wrote:
and there is no undef_whitelist_auth, and the unwhitelist_auth
does NOT work.
It does work in 3.4.5, although if you're not there yet I'd advise
waiting for 3.4.6.
See https://bz.
mailto:envelope-from=mau...@gmx.ch> ; receiver=
[...]
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels do
ilter granularity.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...
st I don't have something
misconfigured before I report 300+ emails. From what I've read in the
emails last week, this would be highly unusual.
2) If I do have that many false positives, I need to figure out how to
bulk report that many of them.
--
Matus UHLAR - fantomas, uh...@fantomas.s
rules built into SA are good enough or if pyzor improves the accuracy
of SA enough to be worth the extra cycles to install it and keep it
functional.
What do you think?
enable and install RAZOR and DCC. all of them help.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantoma
On 12.04.21 11:41, Anders Gustafsson wrote:
A LOT of the SPAM that is not blocked directly by RBLs seem to originate from
LANSET Corporation. Are they a
known spamsource?
do you have examples?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to
BS_SPAM 0 0.5 0 0.5
score RCVD_IN_SORBS_WEB 0 1.5 0 1.5
score RCVD_IN_SORBS_ZOMBIE 0 # n=0 n=1 n=2 n=3
have you set up own caching, non-forwarding DNS server?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
04.21 09:12, Steve Dondley wrote:
Yes. And my SA scores have improved about 100% since I did this.
great.
Now, do you have razor, pyzor and dcc installed and their equivalent SA modules
enabled?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rece
On 12.04.21 16:48, Anders Gustafsson wrote:
I tried to send you exemples earlier, but your spam filter blocked my email.
apparently my spam filter works better ;-)
...publishing them on own web, via pastebin or similar service should be better.
Matus UHLAR - fantomas 12.04.2021 12:13
.
UCEPROTECTL2 and UCEPROTECTL3 list that IP range.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without
indicators of server reputation.
using all of them as indication of spamminess is fine, but not enough.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu
advice would be appreciated.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
;t
hit, because it means DMARC pass.
I am not sure how exactly does SPF match:
header SPF_PASS eval:check_for_spf_pass()
I'm not sure SPF should hit for locally submitted e-mail.
however, putting exemption of local mail to KAM_DMARC_REJECT could help us
to accept locally submitted
most direct tactic would be to modify KAM_DMARC_REJECT to not
hit if ALL_TRUSTED is hit.
that would cause problems if you set up trusted_servers to any foreign server
you trust not to fake headers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to
the most direct tactic would be to modify KAM_DMARC_REJECT to
not hit if ALL_TRUSTED is hit.
On 19 Apr 2021, at 9:26, Matus UHLAR - fantomas wrote:
that would cause problems if you set up trusted_servers to any
foreign server
you trust not to fake headers.
On 19.04.21 09:46, Bill Cole wrote
the most direct tactic would be to modify
KAM_DMARC_REJECT to not hit if ALL_TRUSTED is hit.
On 19 Apr 2021, at 9:26, Matus UHLAR - fantomas wrote:
that would cause problems if you set up trusted_servers to any
foreign server
you trust not to fake headers.
On 19.04.21 09:46, Bill Cole wrote
On 19 Apr 2021, at 11:30, Matus UHLAR - fantomas wrote:
I understand this as:
if mail was received by internal relay unauthenticated, it's external,
On 19.04.21 12:49, Bill Cole wrote:
I cannot make SA behave that way.
why not?
meta KAM_DMARC_REJECT __LAST_EXTERNAL_RELAY_NO
>On 19 Apr 2021, at 11:30, Matus UHLAR - fantomas wrote:
>> I understand this as:
>>
>> if mail was received by internal relay unauthenticated, it's
>> external,
On 19.04.21 12:49, Bill Cole wrote:
>I cannot make SA behave that way.
On Mon, 19 Apr 2021 19
On 19 Apr 2021, at 11:30, Matus UHLAR - fantomas wrote:
I understand this as:
if mail was received by internal relay unauthenticated, it's
external,
On 19.04.21 12:49, Bill Cole wrote:
I cannot make SA behave that way.
On 19 Apr 2021, at 13:03, Matus UHLAR - fantomas wrote:
wh
means, so you need
at least one relay, otherwise it won't hit.
Are you sure you need it this way?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rekla
better the NO_RELAYS as Benny pointed out should only
hit on mail generated in internal network.
The !__LAST_EXTERNAL_RELAY_NO_AUTH I proposed should hit on mail entered
internal network authenticated, which imho means it's an outgoing e-mail.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://
rowse them.
On the Spamassassin list, I know the person has to be subscribed so I
don't have to CC them. I doubt most mailing lists are smart enough to
CC such non-subscribers on replies.
I don't think it's issue of mailing lists, it should be issue of posters.
--
Matus UHLAR - fan
M-signed, you have to dkim-sign it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]
services."
there's nothing like that inside. The only requirement is to use public DCC
server infrastructure (e.g. share checksums).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: n
spam and
ham.
now, train as needed - this one as spam.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998
1 - 100 of 2569 matches
Mail list logo
