RCVD_IN_RP_CERTIFIED always -3

Hi all Setup Postfix with amavis, spamassassin and pyzor Problem Every email postfix receives gets a RCVD_IN_RP_CERTIFIED=-3 score. This leads to SPAM passing the filter. My findings so far >From what I think I understood, RCVD_IN_RP_CERTIFIED checks against a list of "trusted" serve

AW: RCVD_IN_RP_CERTIFIED always -3

Thanks for your answer Harald. Regarding "there is no such configuration option in SpamAssassin": The conf snipplet I posted below comes from the repository, however it's an older version, which still is supported by Ubuntu 20.04.06 LTS and can be installed from their related archive (at leas

AW: RCVD_IN_RP_CERTIFIED always -3

Thanks a lot Kris. I just got the latest rules. I'm okay with poor performance for some of the rules as there isn't much load on the related system. And yes, you're right, on Ubuntu 20.04.06 the rules are installed in /usr/share/spamassassin. sa-update has placed the updated rules in /var/lib/s

AW: RCVD_IN_RP_CERTIFIED always -3

Thanks Bill. No worries, i did not use GitHub. The only reason I posted that link was to proof that Harald guy wrong who claimed there was no RCVD_IN_RP_CERTIFIED rule. The reason to stick with 3.4.4 is simple: Ubuntu 20.04.06 LTS has not upgraded to 4.0.0. Since I'd like to stick with the distr

AW: AW: RCVD_IN_RP_CERTIFIED always -3

Thanks a lot fantomas :-) The cron I will activate. I have a local dns server running which postfix and SA are using. -Ursprüngliche Nachricht- Von: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] Gesendet: Freitag, 7. Juni 2024 12:38 An: users@spamassassin.apache.org Betreff: Re:

Version mismatch

I checked SA from within MailScanner and got this: -- Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database config: configuration file "/usr/share/spamassassin/20_advance_fee.cf" requires version 3.001008 of SpamAssassin, but

SA marks messages from root as SPAM

Hi, SA marked message from root as SPAM :) nice, he's the biggest SPAMmer in my box, as one guy said. Anyway, all I have is message ID, not the message itself, since SPAM action is to delete. How could I: 1) make SA forget this message(s) and re-learn them as ham, 2) make SA skip messages from

40comcast.net detected as URI

The UUism Networks MailScanner believes that the attachment to this message sent to you From: [EMAIL PROTECTED] Subject: 40comcast.net detected as URI may be Unsolicited Commercial Email (spam). Unless you are sure that this message is incorrectly thought to be spam, please delete this

40 comcast. net detected as URI

> Why is my Spamassassin is reporting as > URI 40 comcast. com? (without the spaces) > > Thanks. > > Jim > - > Jim Hermann <[EMAIL PROTECTED]> > UUism Networks > Ministering to the Needs of Online UUs > Web Hosting, Email Services, Mailing Lists > - >

SPF SOFTFAIL definition

If the SPF module can't obtain the DNS TXT record due to timeouts, does this get reported as a SOFTFAIL? Jim

RE: SPF SOFTFAIL definition

What happens if the DNS records are not available? We don't know if there is a TXT record or not. Jim -Original Message- From: JamesDR [mailto:[EMAIL PROTECTED] Sent: Sunday, June 18, 2006 11:03 AM To: users@spamassassin.apache.org Subject: Re: SPF SOFTFAIL definition Benny Pedersen wr

RE: SPF SOFTFAIL definition

Is Mail::SpamAssassin::Plugin::SPF adding the Received-SPF: Header? I don't see it in email that received by my server, except for email from [EMAIL PROTECTED] Jim -Original Message- From: Benny Pedersen [mailto:[EMAIL PROTECTED] Sent: Sunday, June 18, 2006 10:56 AM To: users@spamassass

Trancated longreport

Why does the longreport get truncated sometimes? It appears to have something to do with the percent sign in the rule description. In the example below, the percent sign at the end of the BAYES_50 description has been replaced with the word uppercase, which is the last part AFTER the percent si

RE: SPF SOFTFAIL definition

Does it mean anything with there is no test after the SPF failed: part of the report? I checked the from domain and it did not have a TXT or SPF record. It is possible that it refused my DNS connection. I don't recall. I saved the message to a file and ran spamassassin on it and it passes now.

RE: SPF SOFTFAIL definition

Here is another example that I was able to isolate to a test file. The debug looks like this: [28763] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x98a6e80)) [28763] dbg: plugin: registering glue method for check_for_spf_helo_pas

RE: SPF SOFTFAIL not working properly

I talked to the programmers for Mail::SPF:Query and they say this must be a problem with Spamassassin. Is anyone else seeing incorrect SPF_SOFTMAIL false positives? Jim -Original Message- From: Jim Hermann - UUN Hostmaster [mailto:[EMAIL PROTECTED] Sent: Monday, June 19, 2006 12:55 AM

RE: SPF SOFTFAIL not working properly

Hermann - UUN Hostmaster; users@spamassassin.apache.org Subject: RE: SPF SOFTFAIL not working properly Isn't that because of the forged helo? [28763] dbg: eval: forged-HELO: from= helo=baby by=uuserver.net My sendmail would drop this mail even before it reaches spamassassin. Also, I find it a l

SPF_SOFTFAIL not working properly

How do I debug the SPF Module during SA Operations? I have had another email marked as SPF_SOFTFAIL during the first receipt and the From domain does not have a TXT SPF record. When I isolated the message and ran it again, it was processed without any errors. I suspect that there is a problem wi

RE: SPF_SOFTFAIL not working properly

> On 6/24/2006 11:14 AM, Jim Hermann - UUN Hostmaster wrote: > > How do I debug the SPF Module during SA Operations? > > > > I have had another email marked as SPF_SOFTFAIL during the > first receipt and > > the From domain does not have a TXT SPF record. When I

Bounced messages for email from forged email addresses for a hosted domain - need opinions

Does it do any good to complain to the ISP that accepted the original email with a forged email address that uses a domain name that I administer? I administer a number of domain names that are being used in the forged email addresses for spam that is sent to recipients on other servers. Some peo

RE: SPF_SOFTFAIL not working properly

> > On 6/24/2006 11:14 AM, Jim Hermann - UUN Hostmaster wrote: > > > How do I debug the SPF Module during SA Operations? > > > > > > I have had another email marked as SPF_SOFTFAIL during the > > first receipt and > > > the From domain does not

RE: Bounced messages for email from forged email addresses for a hosted domain - need opinions

> >> Personally, nowadays I believe bouncing messages back to > the alleged > >> sender > > > > That's not what he's asking. He wants to know whether asking ISPs to > > implement SPF checks (where they don't yet check SPF) will work. > > I'm not convinced that is what he meant but he wasn't clear

Examples of Received Headers

Here are examples of the Received Headers for the type of spam that are being sent with forged email addresses for a domain that I host. These at the last 10 bounced messages that I received, so it is fairly representative. Granted, 3 out of 10 messages originated in Romania. However, 3 out of 1

RE: [SPAM] Examples of Received Headers

> On Sun, 25 Jun 2006, Jim Hermann - UUN Hostmaster wrote: > > > Here are examples of the Received Headers for the type of spam > > that are being sent with forged email addresses for a domain that > > I host. > > The Received headers in spams cannot be trusted, exc

Why do Spambot HELO Signatures appear to be random characters?

In some other work that I was doing, I ran across this information: BTW, Notice that the HELO signatures have an identifying characteristic: randomness Could we use the HELO randomness to identify the source as a Spambot? Here are the kind of HELO Signatures my favorite Spambot produces: (always

RE: Razor2 Error

I found my problem. I had some custom definitions that used eval:check_razor2_range. I deleted the custom definitions and the error went away. Jim -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Jim Hermann Sent: Sunday, May 28, 2006 02:17 PM To: users@spamassassin

RE: Razor2 Error

_RANGE_00_01 0.01 score RAZOR2_CF_RANGE_02_10 0.10 score RAZOR2_CF_RANGE_11_50 0.50 score RAZOR2_CF_RANGE_51_100 0.00 score RAZOR2_CF_RANGE_51_90 3.70 score RAZOR2_CF_RANGE_91_100 7.50 -Original Message- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Monday, May 29, 2

RE: Razor2 Error

90% fullRAZOR2_CF_RANGE_91_100 eval:check_razor2_range('','91','100') tflags RAZOR2_CF_RANGE_91_100 net describe RAZOR2_CF_RANGE_91_100 Razor2 gives confidence level above 90% Jim -Original Message- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Tu