RE: Dynamic blacklist ?

> do you know if there is a way to have a blacklist, either for user or > eventually for an entire server, that could be feeded via some scripts ? Yes create your own dns blacklist > A sort of auto_learn but only for addresses ( to or from ) ? No such thing as only for... You have to

Dynamic blacklist ?

Hello all, do you know if there is a way to have a blacklist, either for user or eventually for an entire server, that could be feeded via some scripts ? A sort of auto_learn but only for addresses ( to or from ) ? I'll trying to explain: I maintain a couple of mail servers that have a very very

Re: problems with Plugin::ASN and spam

On Apr 11, 2024, at 3:30 PM, Bill Cole wrote: > > On 2024-04-10 at 21:19:48 UTC-0400 (Wed, 10 Apr 2024 20:19:48 -0500) > Darrell Budic mailto:bu...@onholyground.com>> > is rumored to have said: > >>> On Apr 10, 2024, at 2:52 PM, Benny Pedersen wrote: >>> >>> Darrell Budic skrev den

Re: problems with Plugin::ASN and spam

On 2024-04-10 at 21:19:48 UTC-0400 (Wed, 10 Apr 2024 20:19:48 -0500) Darrell Budic is rumored to have said: >> On Apr 10, 2024, at 2:52 PM, Benny Pedersen wrote: >> >> Darrell Budic skrev den 2024-04-10 19:48: >> >>> Anything I’m missing? >> >> using amavisd ? >> >> then try this in

Captured tags

Hi, I'm aiming to extract the domain part from the To: address field, specifically targeting email addresses like i...@domain.com to capture just domain.com. However, the current rule consistently captures the string starting with @, such as @domain.com. header __TO_DOMAIN

Re: dcc on empty email

Perhaps just check your old notes? :-P https://lists.apache.org/thread/6fspd1my9xjdjbz16zp7dk66vn44xccz On Wed, Apr 10, 2024 at 10:42:35PM -0400, Alex wrote: > Hi, > > I'm noticing DCC is triggering on emails with an empty body. I'd like to > create a hash that matches messages with

Re: dcc on empty email

Hi, > I'm noticing DCC is triggering on emails with an empty body. I'd like to > create a hash that matches messages with an empty body and other simple > messages. > > What am I doing wrong? I've tried it with a zero-length file as well as > one with just a few characters. It looks like I don't

Re: problems with Plugin::ASN and spam

> On Apr 10, 2024, at 2:52 PM, Benny Pedersen wrote: > > Darrell Budic skrev den 2024-04-10 19:48: > >> Anything I’m missing? > > using amavisd ? > > then try this in amavisd.conf: > > > @spam_scanners = ( ># ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'], >['SpamdClient',

dcc on empty email

Hi, I'm noticing DCC is triggering on emails with an empty body. I'd like to create a hash that matches messages with an empty body and other simple messages. What am I doing wrong? I've tried it with a zero-length file as well as one with just a few characters. It looks like I don't understand

Re: problems with Plugin::ASN and spam

Darrell Budic skrev den 2024-04-10 19:48: Anything I’m missing? using amavisd ? then try this in amavisd.conf: @spam_scanners = ( # ['SpamAssassin', 'Amavis::SpamControl::SpamAssassin'], ['SpamdClient', 'Amavis::SpamControl::SpamdClient'] ); 1; # insure a defined return value if

Re: problems with Plugin::ASN and spam

> On Apr 10, 2024, at 1:30 PM, Bill Cole > wrote: > > On 2024-04-10 at 13:48:47 UTC-0400 (Wed, 10 Apr 2024 12:48:47 -0500) > Darrell Budic mailto:bu...@onholyground.com>> > is rumored to have said: > >> Just checking in here that I’m not doing something wrong with the ASN plugin >> before I

Re: problems with Plugin::ASN and spam

On 2024-04-10 at 13:48:47 UTC-0400 (Wed, 10 Apr 2024 12:48:47 -0500) Darrell Budic is rumored to have said: > Just checking in here that I’m not doing something wrong with the ASN plugin > before I file a bug on this. SpamAssassin 4.0.1 installed from cpan on Alma 9. > > I’ve got it configured

problems with Plugin::ASN and spam

Just checking in here that I’m not doing something wrong with the ASN plugin before I file a bug on this. SpamAssassin 4.0.1 installed from cpan on Alma 9. I’ve got it configured to use the local maxmind db files, and those show up in logs. Testing in spamassassin itself show that it finds the

Re: Multiple test failures

Hi, Yes, as ec2-user running the make and then make test ends up failing. There are no issues with the port as a previous tcpdump has shown, it transfers data back and forth. It gets through some of the tests and then it sends a RST. Amazon only goes as far as spamassassin-3.4.3 in Amazon Linux 2

Re: Multiple test failures

Scott Ellentuch wrote on 10/04/24 5:15 am: Apologies, but I don't understand. I am running "make test" as the AWS user "ec2-user" when getting these errors. Are you saying that its an acceptable error right now, and I can just do the "sudo make install"? If you ran "make test" as user

Re: Multiple test failures

Apologies, but I don't understand. I am running "make test" as the AWS user "ec2-user" when getting these errors. Are you saying that its an acceptable error right now, and I can just do the "sudo make install"? Thanks, Tuc On Fri, Apr 5, 2024 at 9:58 PM Sidney Markowitz wrote: > Scott

Re: OT: Trigger words in email addresses?

On 2024-04-07 at 21:40:40 UTC-0400 (Sun, 7 Apr 2024 20:40:40 -0500) Jerry Malcolm is rumored to have said: But I have a co-worker that is convinced that "donotre...@xyz.com" is a trigger for gmail's spam filters and all spam filters will score the email higher as spam due simply to that word

https://metacpan.org/pod/Mail::SpamAssassin::Plugin::FromNameSpoof

no rules set in default sa-update its unclear from perldoc Mail::SpamAssassin::Plugin::FromNameSpoof how to make a local config to use it could it be added one example config ? i like to catch when ReplyTo is same as From:addr users should stop add ReplyTo when not needed

Re: OT: Trigger words in email addresses?

On 08/04/2024 11:40, Jerry Malcolm wrote: Now here's my question (at least one of them)... I send the validation email from DoNotReply So... recommendations, please... should I change donotre...@.com to something else, and if so, what is Typically, noreply@... is used Have you tried

Re: OT: Trigger words in email addresses?

GMail just... sucks. I have an email server in EC2 that also passes all tests, but they insist on dumping our emails into users' spam folders. Good luck trying to get anyone at GMail to actually do their jobs and change whatever is causing them to mark your emails as spam. In my case, they are

Re: OT: Trigger words in email addresses?

On 4/8/24 5:44 AM, Antony Stone wrote: - make your systems transparent so that people feel they understand what's happening and when at different stages in the process - don't create a "corporate black box" which customers can't understand I'll add to this and say that URLs that include

Re: Weird whitelist

Hi Jimmy in SA like: There might be some Spam/Phishing emails with null sender so spamassassin will help you block it if you configured them correctly.. header    SPAM_FROM_NO_DOMAIN    Return-Path =~ /<>/ describe  SPAM_FROM_NO_DOMAIN    spamik score SPAM_FROM_NO_DOMAIN             

Re: Weird whitelist

Hi Problem solved: user in wbl sql add in amavis_recipients his domain W dniu 8.04.2024 o 12:50, Jimmy pisze: According to RFC 2298, the envelope sender address (SMTP MAIL FROM) of the Message Disposition Notification (MDN) must be null (<>). This specification indicates that no Delivery

Re: Weird whitelist

According to RFC 2298, the envelope sender address (SMTP MAIL FROM) of the Message Disposition Notification (MDN) must be null (<>). This specification indicates that no Delivery Status Notification (DSN) messages or other notifications about successful or unsuccessful delivery should be sent in

Re: OT: Trigger words in email addresses?

On Monday 08 April 2024 at 05:15:58, Grant Taylor via users wrote: > Below is my opinion, it's worth everything you paid for it. But I do > suggest you read it and think about it for a few minutes. For what it's worth, I thoroughly agree with these opinions. - don't alienate people by sending

Re: Weird whitelist

W dniu 8.04.2024 o 12:38, Benny Pedersen pisze: natan skrev den 2024-04-08 12:31: Apr  6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <> -> , Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id: 6LRhEwtUmP7u, Hits: -, size: 10888,

Re: Weird whitelist

natan skrev den 2024-04-08 12:31: Apr 6 01:15:09 amavis3 amavis[3887068]: (3887068-17) Passed BAD-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <> -> , Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id: 6LRhEwtUmP7u, Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1, 358 ms I check and I not

Re: Weird whitelist

W dniu 8.04.2024 o 12:26, Matus UHLAR - fantomas pisze: On 08.04.24 12:09, natan wrote: I use amavis+SA and In log I get "whitlisted" ... Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) wbl: whitelisted sender <>, ... Log: Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17)

Re: Weird whitelist

On 08.04.24 12:09, natan wrote: I use amavis+SA and In log I get "whitlisted" ... Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) wbl: whitelisted sender <>, ... Log: Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) Checking: 6LRhEwtUmP7u [34.23.17.0] <> -> Apr  6 01:15:08

Weird whitelist

Hi I use amavis+SA and In log I get "whitlisted" ... Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) wbl: whitelisted sender <>, ... Log: Apr  6 01:15:08 amavis3 amavis[3887068]: (3887068-17) Checking: 6LRhEwtUmP7u [34.23.17.0] <> -> Apr  6 01:15:08 amavis3 amavis[3887068]:

Re: OT: Trigger words in email addresses?

Below is my opinion, it's worth everything you paid for it. But I do suggest you read it and think about it for a few minutes. On 4/7/24 20:40, Jerry Malcolm wrote: I send the validation email from donotre...@xyz.com. I absolutely hate the do not reply type email addresses as you're trying

Re: OT: Trigger words in email addresses?

On Sun, Apr 07, 2024 at 08:40:40PM -0500, Jerry Malcolm wrote: > The problem is that gmail, in particular continues to insist on > putting these in spam folders and (theoretically) discarding some > of them completely.  Some of users swear they never get them and And did you check that claim?

OT: Trigger words in email addresses?

Slightly off-topic from SpamAssassin specifically.  But I have a question about certain email addresses triggering spam filter scores.  I know anybody can create any rule they want to.  I just want to understand best practices and recommendations. I work for a medium size but growing company

Re: Multiple test failures

Scott Ellentuch wrote on 4/04/24 9:43 am: File attached. However, I don't see any smoking gun. I've verified the problem. I ran sudo make test in a directory tree in /tmp with world r-x access, and got the error in t/spamd_client.t as well as in t/spamc_optL.t. I don't know why you didn't

Upcoming KAM.cf Ruleset 20th Anniversary

Hi, very soon we will celebrate KAM.cf Ruleset 20th Anniversary, are there any stories about how you use the ruleset, any products that include the rules you are aware of, or other info about how it has helped with spam and email security ? Glad to receive any info or story about KAM.cf

Spamassassin 4.0.x Corpus - 25-dmarc.cf

Hello, 25-dmarc.cf from corpus reads ># Requires the Mail::SpamAssassin::Plugin::DMARC plugin be loaded. > ># Backwards compatible name (was renamed to DMARC in trunk before 4.0.0) >ifplugin Mail::SpamAssassin::Plugin::Dmarc The above statement evaluates to false which won't load the header

Re: Syslog local3

* Bill Cole [03/04/2024 10:54] : > > If you are using something else to > call Spamassassin, e.g. Amavis, MIMEDefang, etc., that other software > controls the logging. Ah, that must be it. I'm using spamass-milter to allow postfix to call spamassassin

Re: Multiple test failures

Loren Wilton wrote on 4/04/24 9:26 pm: Would it be worth adding some sort of test for this kind of thing I started to look at where in SATest.pm it ought to go, and I found https://bz.apache.org/SpamAssassin/show_bug.cgi?id=5529 I think from the comments I left there 17 years ago that is is

Re: Multiple test failures

I haven't had a chance yet to read this thread carefully, but spamd when run as root in tests will, at least in some cases, set itself to run as user "nobody". If you do that in a subdirectory of your non-nobody user's HOME, the usual permission configuration will not provide read access to

Re: Multiple test failures

I haven't had a chance yet to read this thread carefully, but spamd when run as root in tests will, at least in some cases, set itself to run as user "nobody". If you do that in a subdirectory of your non-nobody user's HOME, the usual permission configuration will not provide read access to

Re: Multiple test failures

File attached. However, I don't see any smoking gun. Nothing in t/log [ec2-user@ip-172-31-131-251 Mail-SpamAssassin-4.0.1]$ ls -lR t/log t/log: total 0 Nothing big in iptables [ec2-user@ip-172-31-131-251 Mail-SpamAssassin-4.0.1]$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt

Re: Multiple test failures

On 2024-04-03 at 14:01:44 UTC-0400 (Wed, 3 Apr 2024 14:01:44 -0400) Scott Ellentuch is rumored to have said: Hi, Ok, deleted the directory and started again. Test Summary Report --- t/spamd_client.t(Wstat: 26624 Tests: 4 Failed: 0) Non-zero exit status: 104

Re: Multiple test failures

Hi, Ok, deleted the directory and started again. Test Summary Report --- t/spamd_client.t(Wstat: 26624 Tests: 4 Failed: 0) Non-zero exit status: 104 Parse errors: Bad plan. You planned 52 tests but ran 4. Files=217, Tests=3765, 890 wallclock secs ( 1.21 usr

Re: Syslog local3

On 2024-04-03 at 05:49:20 UTC-0400 (Wed, 3 Apr 2024 11:49:20 +0200) Emmanuel Seyman is rumored to have said: Hello, all. It's taken me nearly a year to realize this but spamassassin sends to syslog with the local3 facility, not 'mail' as I had assumed. The spamd daemon logs as mail as

Re: Multiple test failures

On 2024-04-02 at 18:18:09 UTC-0400 (Tue, 2 Apr 2024 18:18:09 -0400) Scott Ellentuch is rumored to have said: Hi, Trying to install SA 4.0.1 from scratch. Tried via CPAN, that didn't go well, so trying from tarball. (Enabled SSL when doing Makefile.PL) NEVER run 'make' as root except when

Re: disable URIBL_ and spamhaus.net

W dniu 3.04.2024 o 15:25, Matus UHLAR - fantomas pisze: On 03.04.24 11:18, natan wrote: Where in  pdns-recursor? I use pdns-recursor /etc/powerdns/recursor.conf W dniu 3.04.2024 o 13:17, Matus UHLAR - fantomas pisze: This is not about pdns-recursor itself. It's about using own recursing

Participate in the ASF 25th Anniversary Campaign

Hi everyone, As part of The ASF’s 25th anniversary campaign[1], we will be celebrating projects and communities in multiple ways. We invite all projects and contributors to participate in the following ways: * Individuals - submit your first contribution:

Re: disable URIBL_ and spamhaus.net

On 03.04.24 11:18, natan wrote: Where in  pdns-recursor? I use pdns-recursor /etc/powerdns/recursor.conf W dniu 3.04.2024 o 13:17, Matus UHLAR - fantomas pisze: This is not about pdns-recursor itself. It's about using own recursing DNS server - you you don't use DNS server of your ISP,

Re: disable URIBL_ and spamhaus.net

W dniu 3.04.2024 o 13:17, Matus UHLAR - fantomas pisze: On 03.04.24 11:18, natan wrote: Where in  pdns-recursor? I use pdns-recursor /etc/powerdns/recursor.conf This is not about pdns-recursor itself. It's about using own recursing DNS server - you you don't use DNS server of your ISP,

Re: disable URIBL_ and spamhaus.net

Hi In this machine I use cat /etc/resolv.conf nameserver 127.0.0.1 W dniu 3.04.2024 o 14:18, Benny Pedersen pisze: natan skrev den 2024-04-03 11:06: I must chane or disable permanently spamhaus.net and all everything he uses. +1 They calculated the rate so much that I couldn't afford to

Re: disable URIBL_ and spamhaus.net

natan skrev den 2024-04-03 11:06: I must chane or disable permanently spamhaus.net and all everything he uses. +1 They calculated the rate so much that I couldn't afford to use their toys +1 Does anyone have an interesting solution to this problem? Or maybe some other lists connected?

Re: disable URIBL_ and spamhaus.net

On 03.04.24 11:18, natan wrote: Where in  pdns-recursor? I use pdns-recursor /etc/powerdns/recursor.conf This is not about pdns-recursor itself. It's about using own recursing DNS server - you you don't use DNS server of your ISP, google(8.8.8.8/8.8.4.4), cloudflare(1.1.1.1) or

Re: disable URIBL_ and spamhaus.net

W dniu 3.04.2024 o 11:20, Marc pisze: I must chane or disable permanently spamhaus.net and all everything he uses. They calculated the rate so much that I couldn't afford to use their toys Does anyone have an interesting solution to this problem? Or maybe some other lists connected? Do you

Re: disable URIBL_ and spamhaus.net

Hi IRTFM beacuse I use pdns-recursor where max-cache-ttl default is 86400 ecs-minimum-ttl-override=60 minimum-ttl-override=60 W dniu 3.04.2024 o 11:23, Reindl Harald (privat) pisze: Am 03.04.24 um 11:18 schrieb natan: Hi Where in  pdns-recursor? I use pdns-recursor

Syslog local3

Hello, all. It's taken me nearly a year to realize this but spamassassin sends to syslog with the local3 facility, not 'mail' as I had assumed. Is this something that can be configured? Regards, Emmanuel

RE: disable URIBL_ and spamhaus.net

> I must chane or disable permanently spamhaus.net and all everything he > uses. > > They calculated the rate so much that I couldn't afford to use their toys > > Does anyone have an interesting solution to this problem? > Or maybe some other lists connected? > Do you really need url

Re: disable URIBL_ and spamhaus.net

Hi Where in  pdns-recursor? I use pdns-recursor /etc/powerdns/recursor.conf W dniu 3.04.2024 o 11:10, Reindl Harald (privat) pisze: use unbound as caching resolver and configure TTL properly cache-min-ttl: 60 cache-max-negative-ttl: 60 Am 03.04.24 um 11:06 schrieb natan: Hi I must chane or

disable URIBL_ and spamhaus.net

Hi I must chane or disable permanently spamhaus.net and all everything he uses. They calculated the rate so much that I couldn't afford to use their toys Does anyone have an interesting solution to this problem? Or maybe some other lists connected? --

Multiple test failures

Hi, Trying to install SA 4.0.1 from scratch. Tried via CPAN, that didn't go well, so trying from tarball. (Enabled SSL when doing Makefile.PL) I'm on Amazon Linux 2 , 4.0.1 SA, and not sure what other info I can give. I installed every perl module it wanted. The final summary is - Test Summary

[ANNOUNCE] Apache SpamAssassin 4.0.1 available

On behalf of the Apache SpamAssassin Project, I am pleased to announce version 4.0.1 is available. Release Notes -- Apache SpamAssassin -- Version 4.0.1 Introduction Apache SpamAssassin 4.0.1 is a patch release that fixes issues that have surfaced since the release of 4.0.0. It

Re: Order of handling whitelist/blacklist

Philip Prindeville via users skrev den 2024-03-28 18:55: My config also has: trusted_networks 192.168.6.0/24 trusted_networks 192.168.8.0/24 trusted_networks 127.0.0.1/32 So I don't think that's the problem. rfc 1918 is imho hardcoded into spamassassin if its this, make a bugzilla about

Re: Order of handling whitelist/blacklist

> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas > wrote: > >>> On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever

Re: Order of handling whitelist/blacklist

> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas > wrote: > >>> On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever

Re: Order of handling whitelist/blacklist

On Thu, 28 Mar 2024, Philip Prindeville via users wrote: On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote: On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And

Re: Order of handling whitelist/blacklist

On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. What is the order of evaluation?

Re: Order of handling whitelist/blacklist

> On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote: > > On 27.03.24 20:56, Philip Prindeville via users wrote: >> I have something that looks like: >> >> whitelist_from_rcvd v...@yandex.ru vger.kernel.org >> >> blacklist_from *@yandex.ru >> >> And I only ever seem to see the 2nd

Broken rule: FORGED_HOTMAIL_RCVD2

When hotmail user sends from outbound.protection.outlook.com, the SA rule must not intervene.

Re: Order of handling whitelist/blacklist

On 27.03.24 20:56, Philip Prindeville via users wrote: I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. What is the order of

Order of handling whitelist/blacklist

Hi. I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I

Community Over Code NA 2024 Travel Assistance Applications now open!

Hello to all users, contributors and Committers! [ You are receiving this email as a subscriber to one or more ASF project dev or user mailing lists and is not being sent to you directly. It is important that we reach all of our users and contributors/committers so that they may get a chance

Re: Doesn't spamc/spamd need block/welcomeliist support???

Bill Cole wrote on 22/03/24 8:36 am: It seems to me that it would require extension of the spamc/spamd protocol and cargo-culting some code from spamassassin to spamd. Doesn't look like much cargo-culting to do. The spamassassin script just calls a function in Mail::SpamAssassin.pm for each

Re: Doesn't spamc/spamd need block/welcomeliist support???

Bill Cole wrote: On 2024-03-21 at 11:57:43 UTC-0400 (Thu, 21 Mar 2024 11:57:43 -0400) Kris Deugau is rumored to have said: Bill Cole wrote: I'm not sure how I've not noticed before, but unless I'm missing something, there is no way to replicate the [block,welcome]list functionalities of the

Re: Doesn't spamc/spamd need block/welcomeliist support???

On 2024-03-21 at 13:21:54 UTC-0400 (Thu, 21 Mar 2024 18:21:54 +0100) is rumored to have said: > On 3/20/24 21:58, Bill Cole wrote: >> I'm not sure how I've not noticed before, but unless I'm missing something, >> there is no way to replicate the [block,welcome]list functionalities of the >>

Re: Doesn't spamc/spamd need block/welcomeliist support???

On 2024-03-21 at 12:08:48 UTC-0400 (Thu, 21 Mar 2024 17:08:48 +0100) Matus UHLAR - fantomas is rumored to have said: On 20.03.24 16:58, Bill Cole wrote: I'm not sure how I've not noticed before, but unless I'm missing something, there is no way to replicate the [block,welcome]list

Re: Doesn't spamc/spamd need block/welcomeliist support???

On 2024-03-21 at 11:57:43 UTC-0400 (Thu, 21 Mar 2024 11:57:43 -0400) Kris Deugau is rumored to have said: Bill Cole wrote: I'm not sure how I've not noticed before, but unless I'm missing something, there is no way to replicate the [block,welcome]list functionalities of the spamassassin

Re: Doesn't spamc/spamd need block/welcomeliist support???

On 3/20/24 21:58, Bill Cole wrote: I'm not sure how I've not noticed before, but unless I'm missing something, there is no way to replicate the [block,welcome]list functionalities of the spamassassin script when using the spamc/spamd interface. Does anyone see it hiding somewhere that I

Re: Doesn't spamc/spamd need block/welcomeliist support???

On 20.03.24 16:58, Bill Cole wrote: I'm not sure how I've not noticed before, but unless I'm missing something, there is no way to replicate the [block,welcome]list functionalities of the spamassassin script when using the spamc/spamd interface. Does anyone see it hiding somewhere that I

Re: Doesn't spamc/spamd need block/welcomeliist support???

Bill Cole wrote: I'm not sure how I've not noticed before, but unless I'm missing something, there is no way to replicate the [block,welcome]list functionalities of the spamassassin script when using the spamc/spamd interface. Does anyone see it hiding somewhere that I don't? Does anyone

Doesn't spamc/spamd need block/welcomeliist support???

I'm not sure how I've not noticed before, but unless I'm missing something, there is no way to replicate the [block,welcome]list functionalities of the spamassassin script when using the spamc/spamd interface. Does anyone see it hiding somewhere that I don't? Does anyone have any rationale

RE: [WARNING] RE: Help with rule matching when it shouldn't

I figured out why my RETURNPATH rule was matching. My example was too sanitized and I was actually trying to find multiple domains in my regex. So it would always match due to the fact that it would always not equal the other domain I was looking for. From: Erickarlo Porro Sent: Wednesday,

RE: Help with rule matching when it shouldn't

I want to catch “yahoo” anywhere in the header so that it matches if its in the name or in the address. So I would want to match ya...@gmail.com Regarding "__RETURNPATH_IS", I have the rule set to “!~” so shouldn’t that rule only match if that header has anything but

Re: Help with rule matching when it shouldn't

On 20.03.24 06:44, Jimmy wrote: Regarding the example provided, the "__RETURNPATH_IS" rule should indeed be triggered since it matches "yahoo.com" in the return-path. If you're uncertain about the intended behavior of the rules, please clarify the requirements so we can adjust the rules

Re: Help with rule matching when it shouldn't

The correct syntax for the header rule should be: header __FROM_ADDRESS From:addr =~ /\@yahoo\.com/i This rule will specifically match email addresses containing "@yahoo.com" while excluding addresses like "ya...@gmail.com". Regarding the example provided, the "__RETURNPATH_IS" rule should

Help with rule matching when it shouldn't

Could someone help me figure out why my custom rule is matching when it should not be matching? This is my current setup: header __FROM_ADDRESS From =~ /yahoo/i header __RETURNPATH_IS Return-Path !~ /yahoo.com$/i meta NOT_IT (__FROM_ADDRESS && __RETURNPATH_IS) describe NOT_IT

Re: OT: Microsoft Breech

Il 19 marzo 2024 15:33:10 CET, Bill Cole ha scritto: >On 2024-03-19 at 09:51:04 UTC-0400 (Tue, 19 Mar 2024 08:51:04 -0500) >Thomas Cameron >is rumored to have said: > >> Does anyone else just block all traffic from *.onmicrosoft.com? > >Yes. No collateral damage noticed. That includes a

Re: OT: Microsoft Breech

On 3/19/24 09:52, Michael Storz wrote: Am 2024-03-19 14:51, schrieb Thomas Cameron: Does anyone else just block all traffic from *.onmicrosoft.com? I have literally NEVER gotten anything from that domain which is not obvious junk. We block and have a whitelist with 49 entries at the moment.

Re: OT: Microsoft Breech

Am 2024-03-19 14:51, schrieb Thomas Cameron: Does anyone else just block all traffic from *.onmicrosoft.com? I have literally NEVER gotten anything from that domain which is not obvious junk. We block and have a whitelist with 49 entries at the moment. Michael

Re: OT: Microsoft Breech

On 2024-03-19 at 09:51:04 UTC-0400 (Tue, 19 Mar 2024 08:51:04 -0500) Thomas Cameron is rumored to have said: > Does anyone else just block all traffic from *.onmicrosoft.com? Yes. No collateral damage noticed. That includes a system that has administrative and alerting role accounts which

Re: OT: Microsoft Breech

I am using this setup in my postfix main.cf. [obfuscated] is my actual key for spamhaus. smtpd_recipient_restrictions = check_sender_access regexp:/etc/postfix/sender_access permit_mynetworks permit_auth_destination permit_sasl_authenticated reject_rbl_client

RE: OT: Microsoft Breech

I am using spamcop and spamhaus to block. There are indeed outlook.com ip addresses that bounce. > > Does anyone else just block all traffic from *.onmicrosoft.com? I have > literally NEVER gotten anything from that domain which is not obvious junk. > > I set up postfix to just flat out

Re: OT: Microsoft Breech

Does anyone else just block all traffic from *.onmicrosoft.com? I have literally NEVER gotten anything from that domain which is not obvious junk. I set up postfix to just flat out refuse anything from that domain.[1] If I get any complaints, I may ease it up, but I was getting TONS of spam

Re: OT: Microsoft Breech

On 3/18/2024 10:13 PM, Jimmy wrote: It's possible that certain email accounts utilizing email services with easily guessable passwords were compromised, leading to abuse of the ".onmicrosoft.com " subdomain for sending spam via email. Well, there's (1) standard BEC,

Re: OT: Microsoft Breech

It's possible that certain email accounts utilizing email services with easily guessable passwords were compromised, leading to abuse of the ". onmicrosoft.com" subdomain for sending spam via email. I've observed an increase in the blocking of IPs belonging to Microsoft Corporation by the SpamCop

OT: Microsoft Breech

I've several customers whose accounts were used to send spam as a result of Microsoft's infrastructure breech. Curiously, NOBODY has received any breach notifications from Microsoft, despite personal information being compromised. What has anyone else experienced? Thanks, -- Jared Hall

Re: URIBL_SBL and spamhouse problem

natan skrev den 2024-03-15 09:30: Yes but this disable all URIBL_* where I use *.spamhouse.net i never asked you to add * now you know your own mistake, good weekend

Re: URIBL_SBL and spamhouse problem

Hi Yes but this disable all URIBL_* where I use *.spamhouse.net I have spamassassin-3.4.6 and URIBL_* works fine but payment is not so cool W dniu 14.03.2024 o 22:21, Benny Pedersen pisze: natan skrev den 2024-03-14 16:04: in 00_init_dns.cf: # dns_query_restriction (allow|deny) domain1

Re: URIBL_SBL and spamhouse problem

natan skrev den 2024-03-14 16:04: in 00_init_dns.cf: # dns_query_restriction (allow|deny) domain1 domain2 . dns_query_restriction allow dq.spamhaus.net dns_query_restriction deny zen.spamhaus.net ... In: /var/lib/spamassassin/3.004006/updates_spamassassin_org/ do not edit or add any new

Re: URIBL_SBL and spamhouse problem

W dniu 14.03.2024 o 13:13, Benny Pedersen pisze: natan skrev den 2024-03-14 12:20: I have disable only spamahause rules URIBL_SBL URIBL_CSS URIBL_SBL_A URIBL_CSS_A URIBL_ZEN_BLOCKED_OPENDNS URIBL_ZEN_BLOCKED URIBL_DBL_SPAM URIBL_DBL_PHISH  URIBL_DBL_MALWARE URIBL_DBL_BOTNETCC

Re: URIBL_SBL and spamhouse problem

natan skrev den 2024-03-14 12:20: I have disable only spamahause rules URIBL_SBL URIBL_CSS URIBL_SBL_A URIBL_CSS_A URIBL_ZEN_BLOCKED_OPENDNS URIBL_ZEN_BLOCKED URIBL_DBL_SPAM URIBL_DBL_PHISH URIBL_DBL_MALWARE URIBL_DBL_BOTNETCC URIBL_DBL_ABUSE_SPAM URIBL_DBL_ABUSE_REDIR URIBL_DBL_ABUSE_PHISH

URIBL_SBL and spamhouse problem

Hi Today I get e-mail from spamhouse "Hello Support, I recently sent over a email regarding IP addresses querying the Spamhaus threat feeds.  The mentioned IP addresses are actively querying our public mirrors, and exceeding our usage limits.  Checking our database, I’m unable to locate an

<    1   2   3   4   5   6   7   8   9   10   >