eipzig.de (lists.uni-leipzig.de [139.18.1.37])
Tnx
Sebastian
eipzig.de (lists.uni-leipzig.de [139.18.1.37])
Tnx
Sebastian
Hallo,
ich suche ein Modul für Spamassassin, mit welchem ich jede AbsenderIP welche
mehr als XX Punkte in der zugehörigen Mail hat, in eine Textdatei oder
Datenbank eintragen kann?
Gibt es sowas oder hat jemand sowas mal gebaut?
gruß
Sebastian
Igor Chudov schrieb:
http://igor.chudov.com/tmp/spam005.txt
I get a lot of these, all seemingly sent by the same software and the
same person, any way of filtering them out?
i
perhaps you can check it whith http://www.openrbl.org and then you can
modificate your config on your mail server
OK - this might be a basic question, but recently the detection rate on
my SA install has been really unreliable, so I decided that the first
step is to be sure it is using the public dns blocklists and razor. My
setup:
1. Spamassassin 3.4.1
2. I have Bind configured as recursive, non-forwardi
On 30/11/15 16:41, Reindl Harald wrote:
Am 30.11.2015 um 17:24 schrieb Sebastian Arcus:
OK - this might be a basic question, but recently the detection rate on
my SA install has been really unreliable, so I decided that the first
step is to be sure it is using the public dns blocklists and
On 30/11/15 18:01, Reindl Harald wrote:
Am 30.11.2015 um 18:30 schrieb Sebastian Arcus:
spamassassin -D < /path/to/spam-example.eml
Thank you Harald. I did - and it looks like SA does contact lots of
DNSBL's and it receives various messages in reply. Nothing that looks
like fai
On 01/12/15 18:59, RW wrote:
On Mon, 30 Nov 2015 20:45:25 +
Sebastian Arcus wrote:
After
setting up a site-wide bayes database as per the wiki instructions
and fixing file permissions etc., and feeding it about 300 spam
messages (I don't get a lot of spam in general) and 12,00
After properly configuring a bayes database and training it following
the great advice from this list, I am now having this problem where some
spam is not detected properly due to a shortcircuit rule. However, I'm
having some difficulty figuring out which one of them is causing the
problem. Her
On 02/12/15 09:49, Reindl Harald wrote:
Am 02.12.2015 um 10:30 schrieb Sebastian Arcus:
After properly configuring a bayes database and training it following
the great advice from this list, I am now having this problem where some
spam is not detected properly due to a shortcircuit rule
I hope I'm not exceeding the patience of the list by posting a third
question in two days :-)
I realise the above question is a "soft" question, probably without a
definite "yes" or "no" answer. I am hoping that people with experience
of using SA in various environments might be able to throw
On 02/12/15 12:56, Reindl Harald wrote:
Am 02.12.2015 um 12:29 schrieb Sebastian Arcus:
On 02/12/15 09:49, Reindl Harald wrote:
Am 02.12.2015 um 10:30 schrieb Sebastian Arcus:
After properly configuring a bayes database and training it following
the great advice from this list, I am now
On 02/12/15 12:55, Reindl Harald wrote:
Am 02.12.2015 um 12:51 schrieb Sebastian Arcus:
I hope I'm not exceeding the patience of the list by posting a third
question in two days :-)
I realise the above question is a "soft" question, probably without a
definite "yes&q
On 03/12/15 00:29, Charles Sprickman wrote:
Reindl Harald wrote:
Am 02.12.2015 um 21:50 schrieb Charles Sprickman:
Reindl Harald wrote:
Am 02.12.2015 um 12:51 schrieb Sebastian Arcus:
I hope I'm not exceeding the patience of the list by posting a third
question in two days :
On 03/12/15 01:40, Reindl Harald wrote:
Am 03.12.2015 um 01:14 schrieb Alex:
On Wed, Dec 2, 2015 at 6:34 PM, Dave Warren wrote:
On 2015-12-02 09:14, Sebastian Arcus wrote:
Perfect - that's exactly the sort of real-life based advice I was
looking
for. Many thanks!
I run a small s
One of my servers received a spam message which SA missed, with the
following report:
Content analysis details: (3.1 points, 5.0 required)
pts rule name description
--
--
0.0 FREEMAIL_FROM Sender
On 12/12/15 18:21, John Hardin wrote:
On Sat, 12 Dec 2015, Sebastian Arcus wrote:
One of my servers received a spam message which SA missed, with the
following report:
-0.4 AWLAWL: Adjusted score from AWL reputation
of From: address
After learning the messages as spam
On 12/12/15 13:06, Benny Pedersen wrote:
Sebastian Arcus skrev den 2015-12-12 12:51:
Why
would AWL now tilt things heavily towards ham, after the message has
just been learned as spam?
its how AWL works
It seems to be making things worse instead
of better. Unless I am misunderstanding
On 12/12/15 19:57, John Hardin wrote:
On Sat, 12 Dec 2015, Sebastian Arcus wrote:
On 12/12/15 18:21, John Hardin wrote:
On Sat, 12 Dec 2015, Sebastian Arcus wrote:
> One of my servers received a spam message which SA missed, with
the > following report:
> &g
On 12/12/15 23:43, Benny Pedersen wrote:
On December 12, 2015 8:33:28 PM Sebastian Arcus
wrote:
I guess I must be using the default settings - as I don't think I've
configured anything in particular for AWL
change default /16 cidr to new default /24 for ipv4, for ipv6 use /64,
i
On 22/12/15 08:04, Axb wrote:
On 12/21/2015 11:46 PM, Alex wrote:
Hi all,
For the past few days we've been hit with Word macro viruses/spam that
isn't being tagged by clamav or spamassassin, and I thought someone
might be able to take a look:
http://pastebin.com/cAWcAbm2
This one still isn't
On 22/12/15 10:07, Reindl Harald wrote:
Am 22.12.2015 um 10:26 schrieb Sebastian Arcus:
In terms of ClamAV, I've had next to zero hit rates for new viruses
arriving over email in the last few months (although it is being updated
regularly) - so I'm starting to wonder if there is an
QzZUA/VFDhDApEMEc7bBr5cB3mpxfSAUo69eZDtPyLsjCd27LMQ+FMGwi
xddezXrzEhGlMeVLsHw=;
(...)
Any thoughts on how to best deal with this?
Many thanks.
Kind regards
Sebastian
signature.asc
Description: Message signed with OpenPGP using GPGMail
arning: no description set for
FR_Spam2
Any other thoughts? Ideas?
Many thanks.
Best regards
Sebastian
> Am 01.01.2016 um 19:52 schrieb Kevin A. McGrail :
>
> On 1/1/2016 1:37 PM, Sebastian Wolfgarten wrote:
>> Dear all,
>>
>> I wish you and your families a happy, prospe
Hi,
many thanks for your feedback. This is to confirm the following rule seems to
work:
header French_Spam10 ALL =~ / e\d{1,2}\.\S+\.fr /i
score French_Spam10 3.5
Many thanks for all those that supported me in the troubleshooting process.
Best regards
Sebastian
> Am 02.01.2016 um 15
As per advice from this list, I have been re-using my bayes databases on
several different servers running SA. On one of the servers though, the
database is not accepted. I re-transferred them several times over ssh,
to make sure they were not corrupted. The database files are in the
correct lo
On 12/02/16 16:59, Reindl Harald wrote:
Am 12.02.2016 um 17:29 schrieb Sebastian Arcus:
As per advice from this list, I have been re-using my bayes databases on
several different servers running SA. On one of the servers though, the
database is not accepted. I re-transferred them several
On 12/02/16 16:59, Reindl Harald wrote:
Am 12.02.2016 um 17:29 schrieb Sebastian Arcus:
As per advice from this list, I have been re-using my bayes databases on
several different servers running SA. On one of the servers though, the
database is not accepted. I re-transferred them several
On 12/02/16 19:14, Reindl Harald wrote:
Am 12.02.2016 um 20:06 schrieb Marc Perkel:
Any chance that the parent directory structure doesn't have enough
permissions?
The error message says it can't access it so there's your clue. Since
the files themselves seem to have good permissions I would
On 12/02/16 20:31, Antony Stone wrote:
On Friday 12 February 2016 at 17:29:23, Sebastian Arcus wrote:
As per advice from this list, I have been re-using my bayes databases on
several different servers running SA. On one of the servers though, the
database is not accepted.
Are the servers all
On 12/02/16 20:49, Bowie Bailey wrote:
On 2/12/2016 3:45 PM, Sebastian Arcus wrote:
On 12/02/16 20:31, Antony Stone wrote:
On Friday 12 February 2016 at 17:29:23, Sebastian Arcus wrote:
As per advice from this list, I have been re-using my bayes
databases on
several different servers running
On 12/02/16 21:40, Kris Deugau wrote:
Sebastian Arcus wrote:
On 12/02/16 20:31, Antony Stone wrote:
On Friday 12 February 2016 at 17:29:23, Sebastian Arcus wrote:
As per advice from this list, I have been re-using my bayes databases on
several different servers running SA. On one of the
On 12/02/16 21:40, Kris Deugau wrote:
Sebastian Arcus wrote:
On 12/02/16 20:31, Antony Stone wrote:
On Friday 12 February 2016 at 17:29:23, Sebastian Arcus wrote:
As per advice from this list, I have been re-using my bayes databases on
several different servers running SA. On one of the
On 13/02/16 04:32, Bill Cole wrote:
On 12 Feb 2016, at 17:34, Sebastian Arcus wrote:
Thanks for that suggestion. I think we might be getting somewhere. On
original machine:
#file bayes_seen
bayes_seen: Berkeley DB (Hash, version 9, native byte-order)
# file bayes_toks
bayes_toks: Berkeley
On 13/02/16 18:58, Bill Cole wrote:
On 13 Feb 2016, at 3:49, Sebastian Arcus wrote:
Thank you. The donor machine has db42, db44 and db44 packages installed,
Based on the question below, I'll assume the second db44 above was a
typo for db48, i.e. a Berkeley DB v4.8.x package.
Yes -
On 13/02/16 18:58, Bill Cole wrote:
On 13 Feb 2016, at 3:49, Sebastian Arcus wrote:
Thank you. The donor machine has db42, db44 and db44 packages installed,
Based on the question below, I'll assume the second db44 above was a
typo for db48, i.e. a Berkeley DB v4.8.x package.
Tangent
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when it goes through exim/spamd.
I run everything (both the spamd daemon and the manual tests) as user
spamd. I checked the permissions on the bayes database. I use a global
bayes datab
On 17/06/16 03:46, Yu Qian wrote:
you can use spamd -D to check the log for exactly what bayes db path
your spamd was using.
Thank Yu. Based on the output below, it appears to find and use the
sitewide bayes files ok:
# spamd -D 2>&1 | grep -i bayes
Jun 17 13:32:51.719 [4380] dbg: plugin: l
On 17/06/16 00:03, Reindl Harald wrote:
Am 16.06.2016 um 19:46 schrieb Sebastian Arcus:
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when it goes through exim/spamd
then you need to run it as the correct user or train it as the
On 17/06/16 13:42, Reindl Harald wrote:
Am 17.06.2016 um 14:29 schrieb Sebastian Arcus:
On 17/06/16 00:03, Reindl Harald wrote:
Am 16.06.2016 um 19:46 schrieb Sebastian Arcus:
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when
On 17/06/16 04:46, Bill Cole wrote:
On 16 Jun 2016, at 13:46, Sebastian Arcus wrote:
I have a particular server running spamd
Which must run on a particular platform. Since SpamAssassin and Exim can
run on a decade's worth of versions of at least 9 different OSs and one
of those (Linux
On 16/06/16 18:46, Sebastian Arcus wrote:
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when it goes through exim/spamd.
I run everything (both the spamd daemon and the manual tests) as user
spamd. I checked the permissions on the
On 17/06/16 14:49, RW wrote:
On Fri, 17 Jun 2016 14:07:33 +0100
Sebastian Arcus wrote:
Site-wide bayes files are owned
by spamd. Regarding the daemon, it is started with
--socketowner=spamd and socketpath=spamd. Is this enough, or
should it be actually started with "su" as &q
I know this hot potato has been discussed before - but I'm afraid it's
back to haunt me and I can't fathom it out. I'm getting again different
bayes results if I test a message on the command line, compared to it
going through exim -> spamassassin.
The header of the message received in the Inb
On 23/12/16 10:12, Sebastian Arcus wrote:
I know this hot potato has been discussed before - but I'm afraid it's
back to haunt me and I can't fathom it out. I'm getting again different
bayes results if I test a message on the command line, compared to it
going through
On 23/12/16 17:18, Paul Stead wrote:
On 23/12/2016, 13:35, "Sebastian Arcus" wrote:
As soon as I manually delete the SA headers and report in the .eml file,
and pass the message again through spamc, I get identical Bayes scores
to the ones when the message passes initial
On 23/12/16 17:02, Andrzej A. Filip wrote:
Sebastian Arcus wrote:
On 23/12/16 10:12, Sebastian Arcus wrote:
I know this hot potato has been discussed before - but I'm afraid it's
back to haunt me and I can't fathom it out. I'm getting again different
bayes results if I t
I have a server with SA where I just can't seem to get DNS based block
lists / RBL working. I have tested the same email message against
another server, and it gets hits from DNS block lists. But on this
particular server they just don't seem to work - but the dns queries are
not blocked either
On 26/03/17 14:12, David Jones wrote:
From: Sebastian Arcus
Sent: Sunday, March 26, 2017 4:23 AM
To: users@spamassassin.apache.org
Subject: Dns Blocklists always returning 0 records
I have a server with SA where I just can't seem to get DNS based block
lists / RBL working. I have teste
On 27/03/17 11:10, Kevin A. McGrail wrote:
On 3/27/2017 5:28 AM, Sebastian Arcus wrote:
And yet, no dns block lists make it to the final scores
I have only filed the thread briefly but check your versions of Net::DNS.
The good server has Net::DNS 0.83 - so way out of date. The problem
I have 2 servers with SA 3.4.1 running on Slackware, with Bind in
caching/recursive mode. For months one of them has been unable to
correctly do dns blocklists (but the queries are not blocked). I have
pored over the logs, and the main difference is that, although both of
them pick up on the ba
On 17/05/17 14:21, Kevin A. McGrail wrote:
On 5/17/2017 8:22 AM, Sebastian Arcus wrote:
I have 2 servers with SA 3.4.1 running on Slackware, with Bind in
caching/recursive mode. For months one of them has been unable to
correctly do dns blocklists (but the queries are not blocked). I have
On 17/05/17 14:54, Sebastian Arcus wrote:
On 17/05/17 14:21, Kevin A. McGrail wrote:
On 5/17/2017 8:22 AM, Sebastian Arcus wrote:
I have 2 servers with SA 3.4.1 running on Slackware, with Bind in
caching/recursive mode. For months one of them has been unable to
correctly do dns blocklists
h the package supplied by Slackware at
slackbuilds.org - and I am chasing it up with them there. But thanks to
the advice on this list, I've managed to narrow things down - so I am
grateful for the hints.
On 5/17/17, Sebastian Arcus wrote:
On 17/05/17 14:54, Sebastian Arcus wrote:
On 17/05/17 18:11, Sebastian Arcus wrote:
On 17/05/17 16:53, David Mehler wrote:
Hi,
I don't see your SA issue here, but since your running 3.41 can I get
a look at your SA configuration to compare against mine?
Thanks.
Dave.
Yes - you are correct. As I pointed out in my last emai
fying program installed for
hashcash to be enabled? (Can't SpamAssassin verify hashcash's itself?)
Best regards, Sebastian Nielsen
smime.p7s
Description: S/MIME Cryptographic Signature
Is there any way to tell SA to skip pyzor checks on emails with an empty
body (even if there are attachments). I've noticed for a while now that
emails which don't contain any text in their bodies seem to
automatically trigger PYZOR_CHECK (even if they have an attachment) -
although they are pr
On 11/09/17 20:20, RW wrote:
On Mon, 11 Sep 2017 17:39:16 +0100
Sebastian Arcus wrote:
Is there any way to tell SA to skip pyzor checks on emails with an
empty body (even if there are attachments). I've noticed for a while
now that emails which don't contain any text in their bodi
On 12/09/17 00:56, RW wrote:
On Tue, 12 Sep 2017 00:37:40 +0100
Sebastian Arcus wrote:
On 11/09/17 20:20, RW wrote:
This is why pyzor has the local_whitelist command. At very least
it's a good idea to pipe an empty string through
"pyzor local_whitelist" (probably as t
On 12/09/17 12:33, RW wrote:
On Tue, 12 Sep 2017 08:41:01 +0100
Sebastian Arcus wrote:
The confusing part is that left to its devices, Pyzor creates
a .pyzor dir in the home dir of the user it is run as. But if
--homedir is specified, it dumps stuff directly there, instead of
creating a
On 14/09/17 19:59, Loren Wilton wrote:
Should be easy to block. Just block the cron-job.org domain.
As someone else mentioned that address is an obvious joe-job. And
scoring it high doesn't help that much. It worked for the first few
weeks, then they went to contact@ to presumably get
arou
I am having problems with false positives for FORGED_MUA_MOZILLA for
Yahoo emails. I see this has been already dealt with here and pushed to
the 3.4 and trunk branches:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7411
However, even after running sa-update, the file 20_meta_tests.cf stil
I see this has come up again and again. Since FORGED_YAHOO_RCVD seems to
work by checking the address of the Yahoo smtp server in the headers
against a predefined list of Yahoo servers in SA, and Yahoo seems to add
new servers all the time - which causes false positives, is there much
point to
On 15/09/17 11:41, Kevin A. McGrail wrote:
On 9/15/2017 6:11 AM, Sebastian Arcus wrote:
I am having problems with false positives for FORGED_MUA_MOZILLA for
Yahoo emails. I see this has been already dealt with here and pushed
to the 3.4 and trunk branches:
https://bz.apache.org/SpamAssassin
On 15/09/17 12:21, Kevin A. McGrail wrote:
On 9/15/2017 6:54 AM, Sebastian Arcus wrote:
Thank you for the reply. Does that mean that no new rules have been
pushed to SA installations in the past 5 months - or only some rules
get pushed through?
The system has been "down" since M
On 15/09/17 14:34, Kevin A. McGrail wrote:
On 9/15/2017 8:26 AM, RW wrote:
The rule was created and scored when spoofing Yahoo was very common,
but it isn't any more. I don't think it's worth keeping as it is - high
maintenance and error prone.
Agreed. Score FORGED_YAHOO_RCVD to zero locally
This is a bit off topic as it is not directly related to SA, but I'm
hoping that with the email and spam expertise on this group, someone
might throw in a useful idea - which would be much appreciated.
I have this problem on one site where most emails we send to
Hotmail/Outlook.com/Live.com em
I've had a number of emails with no subject not triggering the
MISSING_SUBJECT rule - only to discover that the spammers have added a
white space after 'Subject:' - which appears to fool the code into
thinking that there is an actual subject. Would it be possible to
'smarten up' the code a bit
e all dead. Has this form been removed?
On Tue, Sep 19, 2017 at 7:25 AM, Sebastian Arcus <mailto:s.ar...@open-t.co.uk>> wrote:
This is a bit off topic as it is not directly related to SA, but I'm
hoping that with the email and spam expertise on this group, someone
spicious. Theres not much yo can do about it.
More info here: https://mail.live.com/mail/troubleshooting.aspx
On 19/09/2017 07:25, Sebastian Arcus wrote:
This is a bit off topic as it is not directly related to SA, but I'm
hoping that with the email and spam expertise on this group, someo
it is blacklisted or greylisted, but they don't
want to unblock it.
On Thu, Sep 21, 2017 at 8:40 AM, Sebastian Arcus <mailto:s.ar...@open-t.co.uk>> wrote:
On 19/09/17 10:29, Zulma Pape wrote:
There are tons of ways to get your IP a good reputation with
Hotm
On 19/09/17 15:05, Kevin A. McGrail wrote:
On 9/19/2017 9:11 AM, David Jones wrote:
I have had these in place for years. Maybe Kevin can consolidate and
integrate this into his KAM.cf so I could remove them or we could
eventually get them into the default SA ruleset after some testing.
Hi
On 21/09/17 11:13, Zulma Pape wrote:
It means that your ip is greylisted in their end. There are many
solutions to fix this issue, but the easiest and cheapest one is the get
a new ip, and refill the form and see their feedback about it. If it
qualifies for mitigation then you'll start friendly
I have noticed in the last half a year or so the rise in much more
focused email campaigns. I have some solicitor and accountant clients
who receive these scam emails which are a notch above the rest. The
English is good and correctly spelled. The footers look professional and
just like the one
On 15/11/17 09:55, Martin Gregorie wrote:
On Wed, 2017-11-15 at 08:41 +, Sebastian Arcus wrote:
The emails often contain links to various popular cloud platforms -
such as SharePoint, DropBox etc. Most of the emails come from clean
domains, or from large webmail providers.
I'd say
On 15/11/17 09:56, Reindl Harald wrote:
Am 15.11.2017 um 09:41 schrieb Sebastian Arcus:
I can't really train the bayesian filter on these emails, as it would
start to affect ham emails classification
this is a unproven claim!
we have here phishings in bayes which are classified
On 15/11/17 15:16, Reindl Harald wrote:
Am 15.11.2017 um 15:47 schrieb Sebastian Arcus:
On 15/11/17 09:56, Reindl Harald wrote:
Am 15.11.2017 um 09:41 schrieb Sebastian Arcus:
I can't really train the bayesian filter on these emails, as it
would start to affect ham emails classific
On 15/11/17 18:11, Martin Gregorie wrote:
On Wed, 2017-11-15 at 14:44 +, Sebastian Arcus wrote:
I initially decided that an archive was A Good Thing to have, simply
because retrieving mail from it should be a lot faster than searching
through huge mail folders. This turned out to be
On 16/11/17 12:16, Martin Gregorie wrote:
On Thu, 2017-11-16 at 09:15 +, Sebastian Arcus wrote:
On 15/11/17 18:11, Martin Gregorie wrote:
On Wed, 2017-11-15 at 14:44 +, Sebastian Arcus wrote:
I initially decided that an archive was A Good Thing to have,
simply because retrieving
I'm having more and more problems with the HTML_IMAGE_ONLY_* set of
rules recently generating false positives.
Plenty of business emails will include a logo at the bottom - and not
everybody is a graphics expert to make their logo a tiny optimised gif
or png - so some of these are slightly big
,__MOZILLA_MSGID,__MSGID_OK_HOST,__MUA_TBIRD,__NAKED_TO,__NONEMPTY_BODY,__NOT_SPOOFED,__RCVD_IN_BRBL,__RCVD_IN_DNSWL,__RCVD_IN_SORBS,__RCVD_IN_ZEN,__RFC_IGNORANT_ENVFROM,__SANE_MSGID,__TOCC_EXISTS,__TO_NO_ARROWS_R
M
How can I solve the problem?
Thnx
Sebastian
t; Is the update with sa-update still supported?
Michael,
could you answer that?
Regards,
Sebastian
--
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T
On 30/11/17 12:45, Matus UHLAR - fantomas wrote:
On 28.11.17 19:39, Sebastian Arcus wrote:
I'm having more and more problems with the HTML_IMAGE_ONLY_* set of
rules recently generating false positives.
Plenty of business emails will include a logo at the bottom - and not
everybody
On 01/12/17 10:54, Axb wrote:
On 12/01/2017 11:17 AM, Sebastian Arcus wrote:
On 30/11/17 12:45, Matus UHLAR - fantomas wrote:
On 28.11.17 19:39, Sebastian Arcus wrote:
I'm having more and more problems with the HTML_IMAGE_ONLY_* set of
rules recently generating false positives.
Plen
On 02/12/17 13:06, Matus UHLAR - fantomas wrote:
On 12/01/2017 11:17 AM, Sebastian Arcus wrote:
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[212.227.126.131 listed in
wl.mailspike.net]
0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text
On 02/12/17 18:45, David Jones wrote:
On 12/02/2017 11:22 AM, Sebastian Arcus wrote:
On 02/12/17 13:06, Matus UHLAR - fantomas wrote:
On 12/01/2017 11:17 AM, Sebastian Arcus wrote:
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[212.227.126.131 listed
What is the process of including whitelists in SA default configs? It is
not the first time I see pretty obvious mailing list spam which has
quite high minus scores from 2-3 whitelists included in SA:
-1.5 RCVD_IN_IADB_OPTIN RBL: IADB: All mailing list mail is opt-in
idea why are there 6 different rules
associated with this particular whitelist?
Regards,
KAM
On December 23, 2017 3:03:26 AM EST, Sebastian Arcus
wrote:
What is the process of including whitelists in SA default configs? It is
not the first time I see pretty obvious mailing list spam
On 25/12/17 10:45, Reindl Harald wrote:
Am 25.12.2017 um 09:28 schrieb Sebastian Arcus:
On 23/12/17 10:01, Kevin A. McGrail wrote:
The 1st step is that a representaive of the rbl asks us to consider
for inclusion.
Thank you. If enough people receive spam sanctioned by a particular
On 25/12/17 23:57, Bill Cole wrote:
On 25 Dec 2017, at 3:28 (-0500), Sebastian Arcus wrote:
Also, any idea why are there 6 different rules associated with this
particular whitelist?
IADB has many independent return codes that each have distinct meaning.
See
http://www.isipp.com/email
5/17 18:11, Sebastian Arcus wrote:
Just a follow-up and clarification on this issue - after more testing,
it seems that it was the Spamassassin version which was the problem. I
have had to upgrade SA on 7 servers running 3.4.1 on Slackware - as the
dns rbl's weren't working on any of the
I know I have brought up this issue on this list before, and sorry for
the persistence, but having 7 different rules adding scores for the IADB
whitelist still seems either ridiculous, or outright suspect:
-0.2 RCVD_IN_IADB_RDNS RBL: IADB: Sender has reverse DNS record
On 01/03/18 19:04, John Hardin wrote:
On Thu, 1 Mar 2018, Sebastian Arcus wrote:
I know I have brought up this issue on this list before, and sorry for
the persistence, but having 7 different rules adding scores for the
IADB whitelist still seems either ridiculous, or outright suspect
On 01/03/18 19:50, David Jones wrote:
On 03/01/2018 12:29 PM, Sebastian Arcus wrote:
I know I have brought up this issue on this list before, and sorry for
the persistence, but having 7 different rules adding scores for the
IADB whitelist still seems either ridiculous, or outright suspect
I have this one email account receiving, for more than a year, a very
specific type of spam which I find very difficult to block:
1. The messages are all kept very short, generally below 20 words - I
assume so that Bayes is less efficient at classifying them?
2. Although they are all invitati
On 07/03/18 09:08, Daniele Duca wrote:
On 07/03/2018 09:52, Sebastian Arcus wrote:
I have this one email account receiving, for more than a year, a very
specific type of spam which I find very difficult to block:
1. The messages are all kept very short, generally below 20 words - I
assume
On 07/03/18 11:25, Leandro wrote:
2018-03-07 5:52 GMT-03:00 Sebastian Arcus <mailto:s.ar...@open-t.co.uk>>:
6. The links they include in the body of the email are almost never
flagged up either by Clam or Spamassassin - and they point to a
different domain in every singl
I've been seeing a number of false positives recently from
T_DKIM_INVALID with Gmail emails. Are some Gmail servers misconfigured,
or could something be going on at my end? The DKIM record which is
flagged as invalid is below:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.
On 19/03/18 15:53, Bill Cole wrote:
On 19 Mar 2018, at 11:29, Sebastian Arcus wrote:
I've been seeing a number of false positives recently from
T_DKIM_INVALID with Gmail emails. Are some Gmail servers
misconfigured, or could something be going on at my end? The DKIM
record which is fl
I have a really simple rule looking for custom text string contained in
spam urls in the body of the email, like so:
body SHORT_BITCOIN_DATING/specific_string_here/i
score SHORT_BITCOIN_DATING3.0
describe SHORT_BITCOIN_DATINGBody URL signature of spam
I just realised that
1 - 100 of 173 matches
Mail list logo
