Re: Strange findings debugging bayes results

I've updated 23_bayes_ignore_header.cf (last update was from 2016 :) https://svn.apache.org/repos/asf/spamassassin/trunk/rulesrc/sandbox/axb/23_bayes_ignore_header.cf Axb On 2/16/23 14:17, Dave Wreski wrote: Here's also another 50+ headers we've collected over the years that I believe started

Re: phishtank api usage from spamassassin ?

On 8/25/22 16:10, Benny Pedersen wrote: https://phishtank.com/phish_detail.php?phish_id=7691984 https://phishtank.com/phish_detail.php?phish_id=7680788 why is page.link have subdomain tjeking ?, is it marked at sa as a redirector ? tjeking? i consider block all page.link, whois says its

Re: Decoding Google URL redirections and check VS URI Blacklists

Benoit had already confirmed that the redirector_pattern worked as expected. On 11/2/21 6:07 PM, Bill Cole wrote: On 2021-11-02 at 04:52:17 UTC-0400 (Tue, 2 Nov 2021 09:52:17 +0100) Benoit Panizzon is rumored to have said: Hi SA Community In the last couple of weeks, I see a massive

Re: Decoding Google URL redirections and check VS URI Blacklists

you're looking to use a redirector_pattern rule - weird that this hasn't been yet been added in SA's default ruleset Please submit a bug with a sample message On 11/2/21 9:52 AM, Benoit Panizzon wrote: Hi SA Community In the last couple of weeks, I see a massive increase of spam mails which

Re: page.link spam

On 10/31/21 5:26 PM, Matus UHLAR - fantomas wrote: Hello, it looks like google has registered page.link domain and users are already using it for spamming: https://secretadultnightclub.page.link/... I have added it to my local domain-based blocklist. any idea/tip what to do with it next?

Re: Who operates: CTASD (CommTouch Anti Spam Daemon / Cyren Active Security Daemon)

On 10/25/21 10:20 AM, Benoît Panizzon wrote: Hi Gang I am chasing some issue with email being flagged as spam by the SpamAssassin CTASD Test run at other ISP, so I have no direct control over it. Google found, that his is a daemon used in F-Prot and Sophos Anti-Spam Products. Probably run by:

Re: Starting Clean with Bayes

On 10/19/21 8:06 PM, Jerry Malcolm wrote: Where do I find a starter toks file? You don't need a "starter" file. As soon as it needs them, SA automagically creates the necessary files if it can write into the defined path. Just feed it some spams and hams as per docs and you'll see the

Re: CHAOS: v1.2.1 Released

FTR: I'm on Centos 7 will test fixes On 7/21/21 4:44 AM, Jared Hall wrote: Axb wrote: what is this about? seems like a massive bug __ *  0.0 SYSTEM_INFO CHAOS: v1.2.1 SA: v3.4.6 PERL: v5.16.3 - This *  system rocks!CHAOS: v1.2.1 SA: v3.4.6 PERL: v5.16.3 - CHAOS

Re: CHAOS: v1.2.1 Released

what is this about? seems like a massive bug __ * 0.0 SYSTEM_INFO CHAOS: v1.2.1 SA: v3.4.6 PERL: v5.16.3 - This * system rocks!CHAOS: v1.2.1 SA: v3.4.6 PERL: v5.16.3 - CHAOS: * v1.2.1 SA: v3.4.6 PERL: v5.16.3 - This system rocks!CHAOS: *

Re: Getting "config: registryboundaries: no tlds defined, need to run sa-update" message when running mass-check

On 4/25/21 7:34 PM, Steve Dondley wrote: On Apr 25, 2021, at 1:31 PM, Axb wrote: What are you trying to do? run masscheck for your rules or for the SA project? I’m experimenting with writing my own rules. My machines are using SA 3.4.4 so I want to use the 3.4.4 rules. this may give

Re: Getting "config: registryboundaries: no tlds defined, need to run sa-update" message when running mass-check

What are you trying to do? run masscheck for your rules or for the SA project? On 4/25/21 7:28 PM, Steve Dondley wrote: mass-check -c parameter expects to find every config file in that single directory.  Now it's missing spamassassin updates and specifically 20_aux_tlds.cf from there.  You

Re: sa-learn using multiple CPUs?

take place and reduce the amount of memory. Greetings /Christian Am 16.04.2021 um 09:15 schrieb Axb: To avoid suprises, remember to watch your memory usage. Redis reads/writes the DB in memory and only dumps to disk for backup. "redis-cli info" is of help On 4/16/21 9:10 AM, Christian

Re: sa-learn using multiple CPUs?

To avoid suprises, remember to watch your memory usage. Redis reads/writes the DB in memory and only dumps to disk for backup. "redis-cli info" is of help On 4/16/21 9:10 AM, Christian Völker wrote: Sorry to annoy you. Another addition to my tests: When using redis it took me around

Re: sa-learn using multiple CPUs?

kend to do this stuff in parallel? Thanks /Christian Am 15.04.2021 um 14:38 schrieb Axb: Depending on your Bayes backend, your bottleneck will not be the CPUs but I/O. Normally there's no need for running multiple sa-learn instances. My sa-learn is learning +40 msgs/sec from a SSD into a Redis

Re: sa-learn using multiple CPUs?

Depending on your Bayes backend, your bottleneck will not be the CPUs but I/O. Normally there's no need for running multiple sa-learn instances. My sa-learn is learning +40 msgs/sec from a SSD into a Redis DB. On 4/15/21 2:33 PM, Christian Völker wrote: Hi all, I am going to add some large

Re: sa-update error 3 no mirrors.sought.rules.yerp.org

Sought rules have been deprecated at least 5 years ago. you can remove that part of the config. h2h Axb On 3/12/21 1:16 PM, a...@onet.eu wrote: Hi, I'm getting this from cron since two days: channel: no 'mirrors.sought.rules.yerp.org' record found, channel failed 11-Mar-2021 05:46:59

Re: SA's bayes with the Redis backend?

of the past. Pifalls? none so far. I wouldn't go back anymore. Obviously, it's global only, no per user. Axb

Re: HEADS UP: SPAMCOP MIA

On 1/31/21 8:04 PM, Bill Cole wrote: On 31 Jan 2021, at 6:58, Axb wrote: Happy Sunday !!! Cisco forgot to renew spamcop.net Registry Expiry Date: 2022-01-30T05:00:00Z Better disable till it's fixed score RCVD_IN_BL_SPAMCOP_NET 0 Stay safe! SpamAssassin was already "

FIXED!!!! Re: HEADS UP: SPAMCOP MIA

On 1/31/21 7:57 PM, Jared Hall wrote: On 1/31/2021 6:58 AM, Axb wrote: Happy Sunday !!! Cisco forgot to renew spamcop.net Registry Expiry Date: 2022-01-30T05:00:00Z Better disable till it's fixed score RCVD_IN_BL_SPAMCOP_NET 0 Stay safe! OK.  Thanks. Issue has been FIXED.. all looks

Re: HEADS UP: SPAMCOP MIA

On 1/31/21 3:35 PM, Matus UHLAR - fantomas wrote: On 31.01.21 12:02, Georg Faerber wrote: On 21-01-31 12:58:48, Axb wrote: Cisco forgot to renew spamcop.net Registry Expiry Date: 2022-01-30T05:00:00Z That's still one year to go, isn't it? seems that this has been overtaken by someone who

Re: HEADS UP: SPAMCOP MIA

On 1/31/21 1:02 PM, Georg Faerber wrote: On 21-01-31 12:58:48, Axb wrote: Cisco forgot to renew spamcop.net Registry Expiry Date: 2022-01-30T05:00:00Z That's still one year to go, isn't it? That is when the domain will be free for takers. see https://spamcop.net/

HEADS UP: SPAMCOP MIA

Happy Sunday !!! Cisco forgot to renew spamcop.net Registry Expiry Date: 2022-01-30T05:00:00Z Better disable till it's fixed score RCVD_IN_BL_SPAMCOP_NET 0 Stay safe!

Update for Composite Blocklist (CBL) Users

Posting this to avoid surprises: As of the first week of 2021, the Composite Blocklist (CBL) is being retired. See: https://www.spamhaus.org/news/article/803/ Please note that SA does NOT ship with any type of CBL lookup/rule. Stay safe Axb

Re: Do the Yahooniverse domains share email address space?

/@CAUCE On Tue, Dec 22, 2020 at 4:21 PM John Hardin wrote: On Mon, 21 Dec 2020, Axb wrote: On 12/21/20 7:19 PM, John Hardin wrote: Quick question for anyone who knows: Are the email addresses in the various domains in the yahoo family (e.g. yahoo.com, yahoo.com.hk, yahoo.com.my

Re: Bypass RBL checks for specific address

whitelist_to ? On 12/23/20 12:56 AM, Grant Taylor wrote: Is there a way to bypass RBL checks for a specific address? I've tried the all_spam_to option, but it looks like it artificially lowers the score and still runs normal tests. I'd like to disable RBL checks for one address.

Re: Do the Yahooniverse domains share email address space?

On 12/21/20 7:19 PM, John Hardin wrote: Quick question for anyone who knows: Are the email addresses in the various domains in the yahoo family (e.g. yahoo.com, yahoo.com.hk, yahoo.com.my, yahoo.com.sg, yahoo.com.vn, yahoo.co.jp, yahoo.co.nz, yahoo.co.th, yahoo.co.uk, yahoo.es, yahoo.fr,

Re: adding AV scanning to working Postfix/SA system

Fuglu supports Sophos AV See fuglu.org On 11/23/20 5:37 PM, Joe Acquisto-j4 wrote: So, beyond "experiences" any leads on generic "how to" guides that actually work in practice? I've found a few, rather than chase geese, I'm sure some here have done similar things, even if with other AV

Re: Am I being paranoid? Postcard?

so called Elena and Vladimir have been around for over a decade spamming with different requests. Vladimir's mother has died several times use it to feed Bayes. On 11/11/20 7:37 AM, Anders Gustafsson wrote: I know it is a bit off-topic, but has anyone seen something like this: "Greetings,

Re: Email coming in being identified as SPAM

perhaps we should reopen that bug and add the exception. AXB - any comments?? I'd lower the rule's score a bit. That way we don't have to track what t-online.de does/or not does. comments? AXB

Re: The most efficient SPAM implementation ever

These forum messages probably have a common URL in them. Use something like: blacklist_uri_host solidworks.com to score the common URL. h2h On 10/10/20 4:52 PM, Ramon F Herrera wrote: Hello all: I have been a very satisfied user of spamassassin for a long time. Now I am facing a challenge,

Re: Announcement of the passing of Jari Fredriksson

Sad news. My thoughts are with his family. On 9/21/20 4:31 PM, Kevin A. McGrail wrote: Some know that Jari's mirror broke a few weeks ago and we've been trying to reach him. I am sorry to announce that Jari Fredriksson was a great supporter of the project running an sa-update mirror, helping

Re: A new high score!

On 8/24/20 11:27 PM, micah anderson wrote: What is the highest score you've seen a spam get? I think I just broke my own high score, with a spam that managed to pile up 64 points. I'm sure you all have seen much higher! the score can depend on how creative you are. score USER_IN_BLACKLIST

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

On 8/22/20 4:37 AM, Philip Prindeville wrote: On Aug 21, 2020, at 1:28 PM, Rob McEwen wrote: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams! ...a collection of a new TYPE of DNSBL, with the FIRST of these having a focus on Sendgrid-sent spams.

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On 7/14/20 4:05 PM, Dave Goodrich wrote: I can't stop it from happening, so be it. Here's an idea.. if enough voices are loud enough... Make yourself heard, press, twitter, etc.. use the same channels which are being used to favour the change. Or are there too many ppl who fear being in the

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On 7/14/20 12:55 PM, jdow wrote: I gotta ask here, "Can't we all skip the ad hominem insults and stick to technical merits and goals involved in this change?" Please. from where I sit, it will be very hard or there are no such merits / goals.

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On 7/14/20 9:41 AM, jdow wrote: On 20200714 00:31:19, @lbutlr wrote: On 14 Jul 2020, at 01:22, jdow wrote: How does this move improve the technical quality of the product from the end users' perspective? You've been told repeatedly that the decision has been made, and you have ignored

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

It's Sunday, Moderators also have lives... Stay inside, Stay safe. On 7/12/20 8:10 PM, jason hirsh wrote: is there a moderator. or do i have to unsubscribe On Jul 12, 2020, at 2:07 PM, rtroy wrote:  On Sun, 12 Jul 2020, Eric Broch wrote: ...a bunch of stuff that doesn't belong on the

Re: Really simple setup guide

Fuglu docs are extensive. you shouldn't need help to get started off On 7/12/20 12:54 PM, Matthew Broadhead wrote: mailing is shut down https://gitlab.com/fumail/fuglu/-/issues/30 On 11/07/2020 20:35, Benny Pedersen wrote: Matthew Broadhead skrev den 2020-07-11 10:11: fuglu looks nice.  it

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

heir face. I don't wish them the best. They will be causing a huge amount of ppl a truckload of grief and unnecessary work. Axb

Re: Really simple setup guide

On 7/11/20 10:11 AM, Matthew Broadhead wrote: fuglu looks nice.  it even handles the vacation messages from database, whereas i have been struggling with sieve. can it train the bayes as well? nope - bayes learning is handled by SA's sa-learn (see docs) fuglu is just glue between your MTA

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

I voted aginst it, loudly. On 7/11/20 4:35 AM, Noel Butler wrote: Who is "we" Name the people who decided this pathetic communist dictatorship change and who want to enforce this upon members of 160 odd other countries just because theirs is fucked up? I want names I want to see the voting,

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On 7/10/20 8:31 PM, Bill Cole wrote: The SpamAssassin Project has a particular self-interest in attracting contributors from a diversity of cultures, because we are always at risk of mislabelling a pattern of letters or words as 'spammy' when in fact it is entirely normal in a cultural context

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

Not sure if this is sarcasm or not... but just in case: Whoever may be the Marxist/Socialists, the're definitely not in the US... Assuming you never lived under such a government you're just talking thru your hat. and now lets put this offtopic blah to rest. On 7/10/20 7:07 PM, Eric Broch

Re: spamhaus enabled by default

no problem unless they use third party DNS resolvers which are blocked. if you're local resolver is forwarding to some ISP's resolver then you also get blocked. Am 10.07.20 um 13:23 schrieb Axb: On 7/10/20 1:20 PM, Philipp Ewald wrote: Hey everyone, we got a nice mail from spamhaus. We have used

Re: Really simple setup guide

On 7/10/20 11:02 AM, Matthew Broadhead wrote: i tried to set up bayes training before but i feel that i was unsuccessful.  is there a definitive guide on setting this up on postfix with amavis?  if my user were the one that was training it for the other users that would be ideal unless you

Re: spamhaus enabled by default

On 7/10/20 1:20 PM, Philipp Ewald wrote: Hey everyone, we got a nice mail from spamhaus. We have used their DNS Query's. Important is that we thought we have disabled them by: score __RCVD_IN_ZEN 0 But tcpdump says we make dns querys to spamhaus, but the result got ignored. you forgot that

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On 7/10/20 10:57 AM, jdow wrote: On 20200710 01:53:30, Axb wrote: On 7/10/20 10:36 AM, Matus UHLAR - fantomas wrote: while I am not a fan of renaming, I think that "welcome list" and "block list" are more informational. SA doesn't block anything so a blocklist only m

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On 7/10/20 10:36 AM, Matus UHLAR - fantomas wrote: while I am not a fan of renaming, I think that "welcome list" and "block list" are more informational. SA doesn't block anything so a blocklist only makes stuff naturally confusing

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

so glad to read this... confirms my picture of you. now back my pet project: rewrite Tom Sawyer On 7/10/20 10:02 AM, jdow wrote: The problem is that at least one woman (me) reading this list doesn't give a tinker's damn. The intent is communicated and that's sufficient to satisfy my

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

Jul 10, 2020 at 2:50 AM Axb wrote: the US problems won't be fixed with renaming B lists. Seriously.. you have more important issues... On 7/10/20 8:42 AM, jdow wrote: Be sure to purge every instance of "fork" in the code because it sounds too close to the other F..K word. Get

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

the US problems won't be fixed with renaming B lists. Seriously.. you have more important issues... On 7/10/20 8:42 AM, jdow wrote: Be sure to purge every instance of "fork" in the code because it sounds too close to the other F..K word. Get the fork out of there. {O,o} i.e are you guys

Re: Best Possible Way To Block Phish/Malware URL

On 7/7/20 2:57 PM, Benny Pedersen wrote: Axb skrev den 2020-07-07 14:46: That isn't only Phishtank data... +1 and using that data in that particular way hardly scales to bigger setups data could be stored in DB_File just like GeoIP2, that saves ram imho rblnsd is the way to go: - you

Re: Best Possible Way To Block Phish/Malware URL

On 7/7/20 2:39 PM, Benny Pedersen wrote: Axb skrev den 2020-07-07 13:23: domains listed in Phishtank are picked up by SURBL and rbldnsd support a fix of this https://www.isc.org/blogs/qname-minimization-and-privacy/ i have disabled it in bind9 Phishtank signatures in SpamAssassin

Re: Best Possible Way To Block Phish/Malware URL

On 7/7/20 1:20 PM, Benny Pedersen wrote: KADAM, SIDDHESH skrev den 2020-07-07 13:13: Can anybody suggest me a best possible way to block phish/malware url from body of an email using spamassassin. report to https://phishtank.com/ 1 step :=) next is to use https://sanesecurity.com/ with

Re: Best Possible Way To Block Phish/Malware URL

On 7/7/20 1:13 PM, KADAM, SIDDHESH wrote: Guys, Can anybody suggest me a best possible way to block phish/malware url from body of an email using spamassassin. I Tried GoogleSafeBrowsing but not helping much as it has very low detection ratio. Regards, Siddhesh iirc "ramprasad at

Re: rule all_spam_to

On 5/22/20 12:18 PM, Maurizio Caloro wrote: Hello I have here spamassassin with Postfix and Dovevot on Debian 9 and 10 running. i need to go shure if all Email that declare as spam, are relay spam so defininig this rule. /etc/spamassassin# cat local.cf | grep all_spam_to all_spam_to

Re: New Spamhaus zone and updates to the plugin

Riccardo, Is it also available to Spamhaus Rsync Datafeed customers? On 2020-04-30 10:50, Riccardo Alfieri wrote: Hello, I'm happy to announce to the SpamAssassin community that Spamhaus has released an updated version of our plugin that solves minor issues and, more importantly, adds

Re: What is BODY: IMH_ED_SPAM rule?

So? That's their rule. Nothing the SA user list or dev team can help you with. On 2020-04-08 17:17, Toolworker wrote: IMH_ED_SPAM is peculiar to InMotion Hosting. It causes a lot of false positives for me too. Their support advised: "IMH_ED_SPAM is a InMotion Hosting rule that matches known

Re: How to block chimpmail emails?

On 2020-03-11 00:15, Daryl Rose wrote: I receive several marking emails from chimpmail. I've tried adding the from email address to the blackfrom_list, but that does not block chimpmail. How can a person block these? Thank you. Daryl header XMAILER_MAILCHIMP =~ /^MailChimp Mailer/ or an

Re: Bayes files LOCK

On 2020-02-13 04:11, John Hardin wrote: On Wed, 12 Feb 2020, Pedro David Marco wrote: Hi.. i am getting  errors from Byes because it is not able to lock Bayes files... Error log is:   bayes: cannot open bayes databases /etc/spamassassin/bayes/bayes_* R/W: lock failed: Interrupted system

Re: Rule to catch a certain email adress?

On 2019-11-28 13:43, Anders Gustafsson wrote: Assume I want to give extra points to e-p...@pedago.fi? This is our adress as given on our wesite so many spammers harvest that. I waht to bump it sligtly, but have been unable to write a regexp that catches it. Can anyone help? this could work:

Re: Finding bayes_toks in AWS Linux EC2

On 2019-11-22 07:53, Jerry Malcolm wrote: Where is the configuration parameter that governs where bayes_toks is stored for global use (not per user)?  I am on an AWS Linux EC2 environment.  I've seen comments on the net that say it's in /.spamassassin and other comments that say it's in

Re: MALFORMED_FREEMAIL

What is a "faked mail" ? On 11/1/19 3:15 PM, Joseph Brennan wrote: MALFORMED_FREEMAIL is a meta on: (MISSING_HEADERS||__HDRS_LCASE) && FREEMAIL_FROM So that and MISSING_HEADERS itself add up to 3.0 points. This seems high. We rejected a message from gmail that hit MALFORMED_FREEMAIL and

Re: List of available query templates?

as per AskDNS.pm (lottsa info in there) Currently recognized RR types in the rr_type parameter are: ANY, A, ,MX, TXT, PTR, NAPTR, NS, SOA, CERT, CNAME, DNAME, DHCID, HINFO, MINFO, RP, HIP, IPSECKEY, KX, LOC, SRV, SSHFP, SPF. On 10/4/19 3:54 PM, Tobi wrote: Yes I mean the _tags_ like

Re: Why I get DKIM_INVALID sometimes?

UN_educated guess - I don't use DKIM... does it stop happening when you restart your DNS recursor instead of rebooting? On 9/23/19 7:00 AM, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications

Re: new emotet campain

I doubt you'll see many hits on that rule as I'd expect most URIS being included in the infected attachments. Imo, the ClamAV sigs make more sense. On 9/17/19 12:36 PM, hg user wrote: It is a "dumb" rule but the quicker I could create. https://pastebin.com/bxRSds7a On Tue, Sep 17, 2019 at

Re: Spam child

On 9/14/19 9:30 PM, @lbutlr wrote: I am still getting spammed processes that last for hours or days. When I kill them, `kill -9` they come back after the load drops. The processes use 100% of the processor. nobody 72041 100.0 2.2 87264 76940 - R10:36 35:28.97 spamd child

Re: announcement about invaluement (or more like a tease?)

On 8/26/19 1:54 PM, Antony Stone wrote: On Monday 26 August 2019 at 13:29:45, Axb wrote: On 8/26/19 3:24 AM, Rob McEwen wrote: announcement about invaluement (or more like a tease?) https://www.linkedin.com/feed/update/urn:li:activity:6571558988201148416/ I don't do linkedin - what

Re: announcement about invaluement (or more like a tease?)

On 8/26/19 3:24 AM, Rob McEwen wrote: announcement about invaluement (or more like a tease?) https://www.linkedin.com/feed/update/urn:li:activity:6571558988201148416/ I don't do linkedin - what is it?

Re: Ten Minute emails domains

On 6/24/19 11:56 AM, Brent Clark wrote: Good day Guys This was project was posted on kitploit.com, i.e. Whatbreach https://www.kitploit.com/2019/06/whatbreach-osint-tool-to-find-breached.html On further investigation I thought this would be a cool project to have a SA plugin to query

Re: GSoC blog series

While blogs may be interesting to read and keep track of stuff... Is there any code to look at and start testing? The summer is short... Axb On 6/14/19 10:56 AM, Shreyansh Shrivastava. wrote: This is the second blog of the series. It covers data cleaning, feature extraction, model training

Re: SpamAssassin Scoring For MDAEMON_DNSBL

MDAEMON_DNSBL is not a stock SA rule. This is a custom rule added by Alt-N/MDAEMON which uses SA. You will need to contact them for further help On 5/14/19 11:44 AM, cyflhn wrote: It has happened many times that the emails from our server were identified as spam. I have checked the emails

Re: Bug or feature? ;-)

On 3/25/19 7:01 PM, Henrik K wrote: On Mon, Mar 25, 2019 at 06:49:49PM +0100, Tobi wrote: Am 25.03.19 um 15:18 schrieb Henrik K: On Mon, Mar 25, 2019 at 03:00:30PM +0100, Tobi wrote: You are matching "any uri" and expect it to be "reliable"? Perhaps consider first what you are trying to

Re: df.uribl.com

/article.aspx?p=19798 John, Your suggestions don't apply to this user's case. He's using the so called "Datafeed over DNS" and not a local rsync'd version. --Axb "Datafeed over DNS Allows end users to continue to utilize the public DNS system for URIBL resolution. This will allow

Re: df.uribl.com

On 3/2/19 3:45 PM, John Schmerold wrote: I subscribed to uribl's datafeed service and have read their usage documentation on http://uribl.com/usage.shtml I think I understand how it works, but I am confused by how things work with the default 25_uribl.cf file if I want to change the

Re: Bitcoin rules

On 10/21/18 4:38 PM, Henrik K wrote: On Sun, Oct 21, 2018 at 04:28:58PM +0200, Axb wrote: On 10/21/18 4:21 PM, Henrik K wrote: On Sun, Oct 21, 2018 at 04:07:40PM +0200, Axb wrote: On 10/21/18 1:25 PM, Jari Fredriksson wrote: ./btcabuse.pl >btcabuse.cf.tmp && mv -f btcabuse.cf.tmp

Re: Bitcoin rules

On 10/21/18 4:21 PM, Henrik K wrote: On Sun, Oct 21, 2018 at 04:07:40PM +0200, Axb wrote: On 10/21/18 1:25 PM, Jari Fredriksson wrote: ./btcabuse.pl >btcabuse.cf.tmp && mv -f btcabuse.cf.tmp btcabuse.cf would be nice to have it write \b to the cf as in body B

Re: Bitcoin rules

On 10/21/18 4:07 PM, Axb wrote: On 10/21/18 1:25 PM, Jari Fredriksson wrote: ./btcabuse.pl >btcabuse.cf.tmp && mv -f btcabuse.cf.tmp btcabuse.cf would be nice to have it write \b to the cf as in body BTC_16LU6SWU /16LU6SwUDdLsAy7XXHSMg7BRbA1kfDoBnZ/ body B

Re: Bitcoin rules

On 10/21/18 1:25 PM, Jari Fredriksson wrote: ./btcabuse.pl >btcabuse.cf.tmp && mv -f btcabuse.cf.tmp btcabuse.cf would be nice to have it write \b to the cf as in body BTC_16LU6SWU /16LU6SwUDdLsAy7XXHSMg7BRbA1kfDoBnZ/ body BTC_16LU6SWU /\b16LU6SwUDdLsAy7XXHSMg7BRbA1kfDoBnZ\b/

Re: DNS and RBL problems

On 9/15/18 3:44 AM, Alex wrote: On Fri, Sep 14, 2018 at 4:24 PM Daniel J. Luke wrote: On Sep 14, 2018, at 3:26 PM, Kevin A. McGrail wrote: On 9/14/2018 3:22 PM, Alex wrote: I wish it were that easy. /etc/resolv.conf is set up to use 127.0.0.1, which is bind configured as a my local caching

Re: Fwd: Spam Tagging Issue - V3.4.1 with Postfix 3.1.0

I'm not a spamass-milter but google helps you are using -m switch with spamass-milter which as per docs: "Disables modification of the 'Subject:' and 'Content-Type:' headers and message body." more details from spamass-milter man page On 09/09/2018 03:34 PM, thatvolvonut wrote:

Re: More XPS phish phun

On 08/19/2018 06:56 PM, Alex wrote: Hi, Can someone help me understand what file types these odttf files are, and how to read/process them from the command-line in Linux? They don't appear to be ODT/opendoc files... Google has all the info

Re: Phish with xps attachment

On 08/07/2018 08:09 PM, Alex wrote: Hi, Anyone have ideas for viewing inside of an XPS file or otherwise blocking phish attempts with xps attachments? https://pastebin.com/KtMnNPAg Still not detected by virus scanners and passing through Mimecast.

Re: SA MySQL DB maintenance

On 07/17/2018 08:29 PM, Kevin A. McGrail wrote: I'll defer that question to Alex Broens. He can do it more justice than I ever could. AXB? -- Kevin A. McGrail VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail

Re: Garbage string emails

On 05/31/2018 06:36 PM, Pedro David Marco wrote: >On Thursday, May 31, 2018, 6:24:06 PM GMT+2, Reindl Harald wrote: >>Am 31.05.2018 um 18:17 schrieb Pedro David Marco: No not discard they are botnet commands!!> and why yould you not want do discard / reject them then? WTF! :-DD  of

Re: Dynamic clients

On 05/30/2018 02:35 PM, Rupert Gallagher wrote: What happens when your coitus with Spamhaus is interrupted by a man in the middle? I mean someone that either cuts your link or plays the role of your partner while delivering poisoned answers? Good luck... doesn't happen. I only use lists which

Re: Dynamic clients

, 2018 at 06:06, Axb wrote: On 05/30/2018 12:50 AM, Rupert Gallagher wrote: > We spent months herding those free-range animals... Catching them is tedious, because there is no standard that binds ISPs to just prefix all such domains with "dyn-". which is why it's so efficient to

Re: Dynamic clients

On 05/30/2018 12:50 AM, Rupert Gallagher wrote: We spent months herding those free-range animals... Catching them is tedious, because there is no standard that binds ISPs to just prefix all such domains with "dyn-". which is why it's so efficient to use Spamhaus' PBL (included in Zen)

Re: Invalid argumenty warning when trying to use Bayes with Redis

On 05/27/2018 09:50 AM, Palvelin Postmaster wrote: Can anyone offer suggestions as to why I get these invalid argument warnings when I run spamassassin —lint —debug: warn: plugin: eval failed: bayes: Redis failed: Error: Invalid argument at

Re: anyone recognize these headers? From SA or are they from another spam product?

or relevant in any way. X-CTCH-* headers are added by Commtouch / Cyren Google will probably help you further.. Axb

OT: Congratulations Dianne

AppRiver Acquires Roaring Penguin https://globenewswire.com/news-release/2018/03/26/1453063/0/en/AppRiver-Acquires-Roaring-Penguin.html

Re: wetransfer phish

On 03/17/2018 06:34 PM, Alex wrote: Hi, On Sat, Mar 17, 2018 at 12:25 AM, Benny Pedersen wrote: Alex skrev den 2018-03-17 02:28: https://pastebin.com/CEuFfb7K is this pdf sendt to virustotal.com ? does it survice clamav testing ? It appears it's not widely recognized by

Re: Dealing with links to malicious documents

On 03/13/2018 07:13 PM, Olivier Coutu wrote: In the last few months, we have seen an increase of generic emails (e.g. regarding unpaid invoices) being sent with links to infected legitimate websites hosting malware. This malware often comes in the form of docs with macros e.g.

Re: Spammers, IPv6 addresses, and dnsbls

On 03/02/2018 12:54 PM, Daniele Duca wrote: Hello list, apologies if this is not directly SA related. "Lately" I've started to notice that some (not saying names) VPS providers, when offering v6 connectivity, sometimes tends to not follow the best practice of giving a /64 to their customer,

Re: Run expensive test last, and skip if meaningless

On 02/25/2018 05:13 PM, Peter Thomassen wrote: Reminder: My question was not "how to run DNS efficiently" or "how does SpamAssassin run DNS queries", my question was "how can I influence the order of tests". You will have to hack the priorities in the plugins & rules. This is definitely not

Re: Whitelist IP for SBL check

On 02/23/2018 03:26 PM, shridhar shetty wrote: Hello, In our infra we use spamassassin to scan our **outgoing** mails too. This is to prevent spammers using our infra to send mails and get our IP's blacklisted. We perform various DNSBL tests on the mail body. One of our IPs got listed in

Re: Whitelist IP for SBL check

On 02/23/2018 04:33 PM, David Jones wrote: On 02/23/2018 08:26 AM, shridhar shetty wrote: Hello, In our infra we use spamassassin to scan our **outgoing** mails too. This is to prevent spammers using our infra to send mails and get our IP's blacklisted. We perform various DNSBL tests on the

Re: catch today's PDF pillz spam

oooppps - missing a backslash mimeheader AXB_CTYPE_SPELLHERO Content-Type =~ /\bapplictaion\/pdf\b/ On 02/19/2018 05:24 PM, Axb wrote: catch today's PDF pillz spam mimeheader  AXB_CTYPE_SPELLHERO    Content-Type =~ /bapplictaion\/pdf\b/ the typo is the trait ;) enjoy while it lasts

catch today's PDF pillz spam

catch today's PDF pillz spam mimeheader AXB_CTYPE_SPELLHERO Content-Type =~ /bapplictaion\/pdf\b/ the typo is the trait ;) enjoy while it lasts

Re: New idea for stopping spam

Where I sit this is done by feeding spamtraps to Bayes. No need to name it something fancy. It's been working for over a decade and will keep on feeding my 30GB Bayes/Redis DB. On 01/26/2018 08:49 PM, Ted Mittelstaedt wrote: Hi All, OK I've been doing some sociological analysis of the spam

  1   2   3   4   5   6   7   8   9   10   >