On Mon, 20 Apr 2015 20:50:08 +0200
Axb wrote:
On 04/20/2015 08:04 PM, Dianne Skoll wrote:
Is anyone else seeing a sudden uptick in RCVD_ILLEGAL_IP FPs?
There is an ongoing discussion about this with MS, thru backchannels.
They're intentionally using the 0/8 to mask internal IPs.
A
John Hardin wrote:
I suggest that this rule should treat 0/8 as equivalent to 127/8.
That's essentially what it's reserved for, just local to the LAN vs.
local to the host.
I fully agree.
Mark
Benny Pedersen skrev den 2015-04-20 21:34:
John Hardin skrev den 2015-04-20 21:24:
On Mon, 20 Apr 2015, Reindl Harald wrote:
well, received headers in the middle of a message are not that good
for classification at all
It is if they are sloppily forged.
good plan here
On Mon, 20 Apr 2015, sha...@shanew.net wrote:
I'm also happy to know there's some discussion going on with MS.
When I mentioned it to an MS friend of mine last week he didn't seem
particularly shocked that the internal headers wouldn't comply with
expectations, but he also seemed surprised that
Am 20.04.2015 um 22:48 schrieb Axb:
On 04/20/2015 09:03 PM, Reindl Harald wrote:
well, received headers in the middle of a message are not that good for
classification at all
sez the expert..
well, i was victim of a appliance starting from one day to another deep
header inspection for
On Mon, 20 Apr 2015 17:02:09 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
I suggest that this rule should treat 0/8 as equivalent to 127/8.
That's essentially what it's reserved for, just local to the LAN
vs. local to the host.
Does 0/8 really mean that? On at least one OS (Linux), the
On 04/20/2015 09:03 PM, Reindl Harald wrote:
well, received headers in the middle of a message are not that good for
classification at all
sez the expert..
look at 20_dnsbl_tests.cf and you'll see that not all lookups are
lastexternal
or put the internet cafes on 41.203.69.0/24 in a local
On Mon, 20 Apr 2015, Axb wrote:
On 04/20/2015 08:04 PM, Dianne Skoll wrote:
Hi,
Not sure if this is still an issue in 3.4, but I'm seeing tons of
FPs on RCVD_ILLEGAL_IP. Why? Because Microsoft (damn it to hell)
has started using RESERVED IP ranges internally! Have a look:
Received:
On 19.04.15 22:38, richard lucassen wrote:
I've been using SA for a log time now an it has always been working
perfectly well. It runs on a bunch of Postfix servers that handle
hundreds of thousands mails per day. I'm certainly not an SA guru BTW.
But since a few weeks SA has got picky on just
Bronto.com is a remailer service for various companies (like Fractureme.com and
others) and I’ve been noting that it hits some odd triggers in spamass-milter:
Apr 19 15:00:40 mail spamd[87225]: spamd: result: Y 5 -
Hi,
Not sure if this is still an issue in 3.4, but I'm seeing tons of
FPs on RCVD_ILLEGAL_IP. Why? Because Microsoft (damn it to hell)
has started using RESERVED IP ranges internally! Have a look:
Received: from BLUPR10MB0835.namprd10.prod.outlook.com (0.163.216.13)
by
On 4/20/2015 2:04 PM, Dianne Skoll wrote:
Not sure if this is still an issue in 3.4, but I'm seeing tons of
FPs on RCVD_ILLEGAL_IP. Why? Because Microsoft (damn it to hell)
has started using RESERVED IP ranges internally! Have a look:
Received: from BLUPR10MB0835.namprd10.prod.outlook.com
On Sun, 19 Apr 2015 22:42:21 +0200
Mikael Syska mik...@syska.dk wrote:
I've been using SA for a log time now an it has always been working
perfectly well. It runs on a bunch of Postfix servers that handle
hundreds of thousands mails per day. I'm certainly not an SA guru
BTW.
But since
On Mon, 20 Apr 2015 14:59:19 -0400
Kevin A. McGrail kmcgr...@pccc.com wrote:
I don't show it hitting on ham on my system though I trust DFS and
AXB's experience in this matter. You might want to score it to 0
because I'm not going to raise a panic flag on a 1.3 score rule when
Microsoft
On Mon, 20 Apr 2015 14:20:35 -0400
Kevin A. McGrail kmcgr...@pccc.com wrote:
Are you seeing it on a lot of emails?
Over 25000 today; every single one of them from an ...outlook.com server. :(
Regards,
Dianne.
Am 20.04.2015 um 20:42 schrieb Kevin A. McGrail:
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
Kevin A. McGrail kmcgr...@pccc.com wrote:
Are you seeing it on a lot of emails?
Over 25000 today; every single one of them from an ...outlook.com
server. :(
On 04/20/2015 08:54 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:51 schrieb Axb:
On 04/20/2015 08:45 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:42 schrieb Kevin A. McGrail:
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
Kevin A. McGrail kmcgr...@pccc.com
On 4/20/2015 2:54 PM, Reindl Harald wrote:
no a rule with 1.3 points hitting to 99.999% ham messages is not good
and it does not matter who is responsible - sening a complaint to
microsoft does not solve a *real problem now*
I don't show it hitting on ham on my system though I trust DFS and
Am 20.04.2015 um 20:59 schrieb Axb:
On 04/20/2015 08:54 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:51 schrieb Axb:
On 04/20/2015 08:45 PM, Reindl Harald wrote:
looks like RCVD_ILLEGAL_IP does much more harm than good
the rule is good - send your complaint to Microsoft.
0/8 is not
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
Kevin A. McGrail kmcgr...@pccc.com wrote:
Are you seeing it on a lot of emails?
Over 25000 today; every single one of them from an ...outlook.com server. :(
Regards,
Dianne.
Weird. Any chance you know one of the
On 04/20/2015 08:45 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:42 schrieb Kevin A. McGrail:
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
Kevin A. McGrail kmcgr...@pccc.com wrote:
Are you seeing it on a lot of emails?
Over 25000 today; every single one of
On 04/20/2015 08:04 PM, Dianne Skoll wrote:
Hi,
Not sure if this is still an issue in 3.4, but I'm seeing tons of
FPs on RCVD_ILLEGAL_IP. Why? Because Microsoft (damn it to hell)
has started using RESERVED IP ranges internally! Have a look:
Received: from
I'm not finding the rule hitting very much here.
And it doesn't appear to be very high volume looking at
http://ruleqa.spamassassin.org/20150419-r1674595-n/RCVD_ILLEGAL_IP/detail but
the S/O is high.
On Mon, 20 Apr 2015 14:42:35 -0400
Kevin A. McGrail kmcgr...@pccc.com wrote:
Weird. Any chance you know one of the senders and can ask them to
email kmcgr...@pccc.com and raptorrevie...@pccc.com with a test? then
you and I can compare tests hit, etc.
Hmm... that'd be awkward because it's not
Am 20.04.2015 um 20:52 schrieb richard lucassen:
On Sun, 19 Apr 2015 22:42:21 +0200
Mikael Syska mik...@syska.dk wrote:
I've been using SA for a log time now an it has always been working
perfectly well. It runs on a bunch of Postfix servers that handle
hundreds of thousands mails per day.
Am 20.04.2015 um 20:51 schrieb Axb:
On 04/20/2015 08:45 PM, Reindl Harald wrote:
Am 20.04.2015 um 20:42 schrieb Kevin A. McGrail:
On 4/20/2015 2:23 PM, Dianne Skoll wrote:
On Mon, 20 Apr 2015 14:20:35 -0400
Kevin A. McGrail kmcgr...@pccc.com wrote:
Are you seeing it on a lot of emails?
On Mon, 20 Apr 2015, Reindl Harald wrote:
well, received headers in the middle of a message are not that good for
classification at all
It is if they are sloppily forged.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174
John Hardin skrev den 2015-04-20 21:24:
On Mon, 20 Apr 2015, Reindl Harald wrote:
well, received headers in the middle of a message are not that good
for classification at all
It is if they are sloppily forged.
good plan here https://dmarcian.com/spf-survey/outlock.com ipv6 only spf
Am 20.04.2015 um 21:34 schrieb Benny Pedersen:
John Hardin skrev den 2015-04-20 21:24:
On Mon, 20 Apr 2015, Reindl Harald wrote:
well, received headers in the middle of a message are not that good
for classification at all
It is if they are sloppily forged.
good plan here
29 matches
Mail list logo