Re: gmail hotmail picture and a lot of spam-rubish

[Matus UHLAR - fantomas]

On 09.04.21 15:40, mau...@gmx.ch wrote:

Spam will send from Gmx to  domain.ch and so I  recieve every spam mail.


you should filter spam before forwarding then.


Please what I need read, or any help to minimize the rush, thanks for any
possible help!


unfortunately, you missed all Received: headers - you seem to use Outlook,
it may do that when forwarding.

...however it's very good to put unnecessary blank lines to mail.
(and often removing those important, which is another reason to avoid it).

Can you publish the whole e-mail somewhere? Preferrably not fetched with
outlook as it often does more than just wiping Received: headers.



Return-Path: m...@gmx.ch 

Delivered-To: m...@domain.ch 

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip= x.x.x.x;
helo=mout-xforward.gmx.net; envelope-from=mau...@gmx.ch
 ; receiver=

[...]
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Eagles may soar, but weasels don't get sucked into jet engines.

Re: AW: gmail hotmail picture and a lot of spam-rubish

[mauric]

Sorry Benny,

 

>> Please broter make shorter way, I don’t have plenty of time 

 

>do you know what sieve autoreader is ?

historical questions?

 

>long version: i don need time to read reply's anymore

… m please let me think, it’s a other mailinglist?, yes, ok I understood !

 

If you are so open, I appreciate here any possible answer,  or any here with 
possible other maillist links?

 

I give now meny answers with, email addresses, headers, ip addresses, anything, 
and the answer are not so happy.

 

I don’t thin so for regards

Mauri

Re: AW: gmail hotmail picture and a lot of spam-rubish

[Benny Pedersen]

On 2021-04-09 16:59, mau...@gmx.ch wrote:


Please broter make shorter way, I don’t have plenty of time 


do you know what sieve autoreader is ?

long version: i don need time to read reply's anymore

Re: OT: is sorbs.net sleeping ?

[Dominic Raferd]

  
  
On 09/04/2021 15:57, Rob McEwen wrote:


  
  On 4/9/2021 10:34 AM, Benny Pedersen wrote:

  above ip is not
  listed yet, with inho is sign of no maintain at all anymore
  
  So I noticed that this IP you mentioned is a heavily-listed IP
  that is currently listed on many DNSBLs, including many of the
  best and most reliable and accurate ones. (I think that was
  part of your point.) So you're complaining that SORBS isn't
  listed this one. Maybe you were providing this as a
  representative example, correct? So I guess you're saying that
  there are more like this?

  But for the
  sake of clarity, let me just say that no DNSBLs should ever be
  judged too harshly for "false negatives" - no DNSBL has the
  exact same view of the worldwide email data - and each DNSBL's
  false positive prevention filters will always make SOME
  mistakes that cause "false negatives" - that's a very acceptable
price to pay considering that no system can ever be perfect.
  Low false
positives AND overall catch-rates AND overall UNIQUE
catch-rates (blocking stuff everyone else is still missing)
- are all far more important metrics.
  (you might be
disappointed with SORBS in those areas too? - that's fine -
I'm just trying to clarify that overly judging a DNSBL based
on particular false negatives can be overly
harsh and might miss the good things that a DNSBL has to
offer)

That
sounds reasonable. But my experience is that spamhaus RBLs (zen,
zrd, dbl) have a zero false positive rate (or so low that I have
never found one). IMHO if an email is matched by spamhaus it is
the sender's big problem, not the recipient's. (And I have no
connection to spamhaus...)
  

Re: AW: gmail hotmail picture and a lot of spam-rubish

[mauric]

 

>https://sanesecurity.com/

> there is a maillist for this aswell, ask on maillist with clamav signature 
> catch it

> 

> or build localy own signature to catch it, spammers is very genious in 2021

> and others is not :=)

 

But this are a joke? I need contact any other mailinglist, and you don’t know 
the answer?

and to build this absolut - magic signature from clamav know only this new 
mailigroup?

 

Please broter make shorter way, I don’t have plenty of time 

 

--

Picture: 
https://creatingopenspace.files.wordpress.com/2017/08/1-format43.jpg?w=667 

 =818

Re: OT: is sorbs.net sleeping ?

[Rob McEwen]

On 4/9/2021 10:34 AM, Benny Pedersen wrote:
above ip is not listed yet, with inho is sign of no maintain at all 
anymore



So I noticed that this IP you mentioned is a heavily-listed IP that is 
currently listed on many DNSBLs, including many of the best and most 
reliable and accurate ones. (I think that was part of your point.) So 
you're complaining that SORBS isn't listed this one. Maybe you were 
providing this as a representative example, correct? So I guess you're 
saying that there are more like this?


But for the sake of clarity, let me just say that no DNSBLs should ever 
be judged too harshly for "false negatives" - no DNSBL has the exact 
same view of the worldwide email data - and each DNSBL's false positive 
prevention filters will always make SOME mistakes that cause "false 
negatives" - that's a very acceptable price to pay considering that no 
system can ever be perfect.


Low false positives AND overall catch-rates AND overall UNIQUE 
catch-rates (blocking stuff everyone else is still missing) - are all 
far more important metrics.


(you might be disappointed with SORBS in those areas too? - that's fine 
- I'm just trying to clarify that overly judging a DNSBL based on 
/*particular*/ false negatives can be overly harsh and might miss the 
good things that a DNSBL has to offer)


-- Rob McEwen, invaluement +1 (478) 475-9032

OT: is sorbs.net sleeping ?

[Benny Pedersen]

http://multirbl.valli.org/lookup/5.188.206.246.html

currently i am not using sorbs anymore in spamassassin, to much outdated 
listnings, and clear the above ip is not listed yet, with inho is sign 
of no maintain at all anymore


and lastly i like to know how to contact sorbs.net owners, my own ip is 
listed by state of former linode.com user, not from any spam runs on my 
server :/


hope thay wake up

Re: AW: gmail hotmail picture and a lot of spam-rubish

[Benny Pedersen]

On 2021-04-09 15:40, mau...@gmx.ch wrote:

Spam will send from Gmx to  domain.ch and so I  recieve every spam
mail.

Please what I need read, or any help to minimize the rush, thanks for
any possible help!


https://sanesecurity.com/

there is a maillist for this aswell, ask on maillist with clamav 
signature catch it


or build localy own signature to catch it, spammers is very genious in 
2021


and others is not :=)

AW: gmail hotmail picture and a lot of spam-rubish

[mauric]

Spam will send from Gmx to  domain.ch and so I  recieve every spam mail.

Please what I need read, or any help to minimize the rush, thanks for any
possible help!



Thanks

---



Return-Path: m...@gmx.ch 

Delivered-To: m...@domain.ch 

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip= x.x.x.x;
helo=mout-xforward.gmx.net; envelope-from=mau...@gmx.ch
 ; receiver=

DMARC-Filter: OpenDMARC Filter v1.3.2 nmail.domain.ch CA3D940180

Authentication-Results: nmail.domain.ch mail.domain.ch domain.ch; dmarc=none
(p=none dis=none) header.from=cv-megatec.com

Authentication-Results: nmail.domain.ch mail.domain.ch domain.ch; spf=pass
smtp.mailfrom=mau...@gmx.ch 

DKIM-Filter: OpenDKIM Filter v2.11.0 nmail.domain.ch CA3D940180

Authentication-Results: nmail.domain.ch;

dkim=pass (2048-bit key; unprotected)
header.d=cv-megatec.com header.i=@cv-megatec.com
  header.b="hhUQ+QzF";

dkim-atps=neutral



X-Spam-Status: No, score=2.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,

DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,


HEADER_FROM_DIFFERENT_DOMAINS,PHP_SCRIPT,SPF_PASS,UNPARSEABLE_RELAY

autolearn=no autolearn_force=no version=3.4.5



X-jogjacamp-MailScanner-EFA-Watermark:
1618578558.40183@GI+aO+rGLF+7R6OtU0xkOA


X-jogjacamp-MailScanner-EFA-From: ad...@cv-megatec.com


X-jogjacamp-MailScanner-EFA-SpamScore: sss

X-jogjacamp-MailScanner-EFA: Found to be clean

X-jogjacamp-MailScanner-EFA-ID: A562A450CE.AFC18

X-jogjacamp-MailScanner-EFA-Information: Please contact
host...@jogjacamp.co.id   for more
information

DMARC-Filter: OpenDMARC Filter v1.3.2 mx8-dti.idweb.host A562A450CE

DKIM-Filter: OpenDKIM Filter v2.11.0 mx8-dti.idweb.host A562A450CE

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=cv-megatec.com; s=default;
h=Content-Transfer-Encoding:Content-Type:


MIME-Version:Message-ID:Reply-To:From:Date:Subject:To:Sender:Cc:Content-ID:


Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-C
c


:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe
:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=lcoVdWgf8MV+ISqbw5wT7PGLxlDv6W2+sXs2sVA35Lc=;
b=hhUQ+QzFzaVdjRyjw4UiHkNBNp


ArsTfOKRFTFtsSPfM7YLe0APtp4aVW5Ne3U5xUEVGnQ7kadk6sI0q3uOrRQV1lwf/s+z452WYGRI
2


PViQnJgphenHammmvAiJ7rC9IAEnOFAwrBVoLblfLdYzMW3NIUZcXiy7okYdNFRSuw5TEN1z1pZu
R


p/6Pz3xoPdhwbo1y13R/DRAhPID4CzBTsGdC4+204bLsX4FB8RxCKIH2vE2CscU8IDCh9D1W6FPt
v


pHRbiudRKyPKHCeUkD90PUbH9BhlL/XumztdgnpaOSroOXDAj0T/1tEzmASKI2p5HpfQjM+xN0/s
U

zkQVD9Jw==;

To:   mau...@gmx.ch

Subject: Copy of: Ich glaube, ich mag dich sehr.

X-PHP-Script: cv-megatec.com/index.php for 175.101.241.38

X-PHP-Originating-Script: 1301:class.phpmailer.php

Date: Fri, 9 Apr 2021 13:09:13 +

From: CV MEGATEC ad...@cv-megatec.com 

Reply-To: mau...@gmx.ch 

Message-ID: 684126612d000a4a63e4bf572dc29...@cv-megatec.com


X-Priority: 3

MIME-Version: 1.0

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: 8bit

X-AntiAbuse: This header was added to track abuse, please include it with
any abuse report

X-AntiAbuse: Primary Hostname - bangunkerto.idweb.host

X-AntiAbuse: Original Domain - gmx.ch

X-AntiAbuse: Originator/Caller UID/GID - [1301 993] / [47 12]

X-AntiAbuse: Sender Address Domain - cv-megatec.com

X-Get-Message-Sender-Via: bangunkerto.idweb.host: none

X-Authenticated-Sender: bangunkerto.idweb.host:

X-Source:

X-Source-Args:

X-Source-Dir: cv-megatec.com:/public_html

Envelope-To: mau...@gmx.ch 

X-GMX-Antispam: 6 (nemesis text pattern profiler); Detail=V3;

X-UI-Filterresults: junk:10;V03:K0:zb2Lq9jis3I=:ZJCkd9rnw/AWEoyI1Hk/FRVokf63

X-UI-Loop:V01:b45uBQMNFLo=:ZzxzB5ZJASLhm3BQ49swt4RNAPUHBwD0Duqjgkr0Xeg=

X-Spam-Flag: YES

X-UI-Out-Filterresults: junk:10;V03:K0:455IVB/0FCI=:fp3ZmfrWb651vpz+1/87wEBx



X-Spam-Level: **

X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on nmail.domain.ch

X-Virus-Scanned: clamav-milter 0.102.4 at nmail.domain.ch

X-Virus-Status: Clean







Von: Loren Wilton mailto:lwil...@earthlink.net> >
Gesendet: Freitag, 9. April 2021 10:11
An: users@spamassassin.apache.org 
Betreff: Re: gmail hotmail picture and a lot of spam-rubish



We would need to see the original headers from the spam, or ideally the
whole spam before we could say anything. It would also be helpful to see the
rules it hit on your system.



   Loren

Re: Using spamassassin modules from a git repo

[Jared Hall]

I do kind of like Tom Hendrikx idea of putting cloning the folder into
somewhere in /usr/local/etc and putting a modified pre file in
/etc/spamassassin/.  But it's true it's not perfect.

Yes.  Tom's idea is correctish; perhaps a more "true" solution for some.

ZERO-TRUST.  SpamAssassin is equally insecure no matter where
you run it; like 3.4.5 is the end of it?


The next step in this I suppose could be to build a deb or rpm file
around these contributed modules.  But I doubt people are going to
want to build and maintain packages for each of the different
unix/linux/other OSs out there.

Not to be a bubble-buster or anything, but perhaps you're seeking
a solution for a problem that doesn't exist?

Seriously, nobody is breaking down doors to get a plugin.

Maybe just recommending module developers to put in a simple Makefile
with an install and uninstall target?  I don't know if that's the
right answer.  It does feel like this should be a bit more admin
friendly, by that I mean it should be more than lore to know the right
way to install spamassassin modules in a maintainable way with a
system.

What is maintainable about third-party plugins?  Hell, what is the
average life-span of a third-party plugin?  Not long.

Thanks all for the answers here.

No problem.  This is one list's 537 opinions!

Re: gmail hotmail picture and a lot of spam-rubish

[Loren Wilton]

We would need to see the original headers from the spam, or ideally the whole 
spam before we could say anything. It would also be helpful to see the rules it 
hit on your system.

Loren

gmail hotmail picture and a lot of spam-rubish

[mauric]

After implementing spamassassin and spamssassin, the situation are better
then bevor.

also lot of women picture from Hotmail or gmail, but sencerly how I can
eliminate this?



Please how it's possible for block, this kind of mail?

Thanks