Amazon is changing reverse lookups, time to update your configs.
Time to update your amazon abuse filters! I was surprised to see I got spam again from amazon. They have changed their reverse lookups. I guess there were quite a few 'blacklists' using amazonses.com. Good to see blacklisting bigger organizations still works. smtp-out.eu-west-1.amazonses.156 smtp-out.eu-west-1.amazonses.157 smtp-out.eu-west-1.amazonses.158 smtp-out.eu-west-1.amazonses.159 smtp-out.eu-west-1.amazonses.160 smtp-out.eu-west-1.amazonses.161 smtp-out.eu-west-1.amazonses.162 smtp-out.eu-west-1.amazonses.163 smtp-out.eu-west-1.amazonses.164 smtp-out.eu-west-1.amazonses.165 smtp-out.eu-west-1.amazonses.166 smtp-out.eu-west-1.amazonses.167 smtp-out.eu-west-1.amazonses.168 smtp-out.eu-west-1.amazonses.169 smtp-out.eu-west-1.amazonses.170 smtp-out.eu-west-1.amazonses.171 smtp-out.eu-west-1.amazonses.172 smtp-out.eu-west-1.amazonses.173 smtp-out.eu-west-1.amazonses.174 smtp-out.eu-west-1.amazonses.175 smtp-out.eu-west-1.amazonses.176 smtp-out.eu-west-1.amazonses.177 smtp-out.eu-west-1.amazonses.178 smtp-out.eu-west-1.amazonses.179 smtp-out.eu-west-1.amazonses.180 smtp-out.eu-west-1.amazonses.181 smtp-out.eu-west-1.amazonses.182 smtp-out.eu-west-1.amazonses.183 smtp-out.eu-west-1.amazonses.184 smtp-out.eu-west-1.amazonses.185 smtp-out.eu-west-1.amazonses.186 smtp-out.eu-west-1.amazonses.187 smtp-out.eu-west-1.amazonses.188 smtp-out.eu-west-1.amazonses.189 smtp-out.eu-west-1.amazonses.190 smtp-out.eu-west-1.amazonses.191 smtp-out.eu-west-1.amazonses.192 smtp-out.eu-west-1.amazonses.193 smtp-out.eu-west-1.amazonses.194 smtp-out.eu-west-1.amazonses.195
Flow chart processing messages available?
I was wondering if there is a flow chart available of how spamassassin is processing messages by default?
RE: Are these valid email headers?
>> with HTTPS (ZuckMail) WTF this guy is mental https://www.zerohedge.com/news/2018-03-25/dumb-f-ks-julian-assange-reminds-us-what-mark-zuckerberg-thinks-facebook-users -Original Message- From: @lbutlr [mailto:krem...@kreme.com] Sent: zondag 6 december 2020 7:42 To: users@spamassassin.apache.org Subject: Re: Are these valid email headers? On 05 Dec 2020, at 13:03, John Capo wrote: > On Sat, December 5, 2020 14:30, Loren Wilton wrote: >> I don't have a Faceboox account and don't know anyone on Facebook >> that would send me mail (and don't want to!), so I have absolutely no >> idea if these headers from recent spams are completely made up out of the air (and thus spam signs) or are valid headers. >> >> Can anyone tell me if this stuff is valid or obviously fake? >> >> >> X-Facebook: from 2401:db00:1050:208b:face:0:4f:0 ([MTI3LjAuMC4x]) by >> www.facebook.com with HTTPS (ZuckMail); X-Priority: 3 >> X-Mailer: ZuckMail [version 1.00] >> X-Facebook-Notify: skipped_password_change; >> mailid=5ac39662d1c08G5af32c89e396G5ac39afc31edaG569 Feedback-ID: >> 509:skipped_password_change:Facebook >> X-FACEBOOK-PRIORITY: 0 >> X-Auto-Response-Suppress: All >> Require-Recipient-Valid-Since: gouldi...@earthlink.net; Sunday, 29 >> Nov 2009 >> 00:17:08 + > > Except for mailid: I see those headers in mail from Facebook. Yeah, I use X-Facebook to auto-junk mail to me. For me it is 100% spam sign, but then again I refuse to use Facebook. -- You have severe reading comprehension problems that I can not be held responsible for.
RE: Legitimate message being flagged as spam
I see secureserver.net and sendgrid.net, of course it gets flagged. I am constantly harassed by these networks. I would not recommend using secureserver.net, I think those servers are easy to hack, otherwise I would not even know this network. -Original Message- From: Daryl Rose [mailto:rosed...@gmail.com] Sent: zondag 29 november 2020 16:41 To: users@spamassassin.apache.org Subject: Legitimate message being flagged as spam I get an email/receipt from a vendor on a payment made. This message continuously gets flagged as spam even though I've added it to the whitelist_from.cf list. Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17 - Received: from unknown (HELO p3plibsmtp02-04.prod.phx3.secureserver.net) ([68.178.213.4]) (envelope-sender @sendgrid.net>) by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail-1.03) with SMTP for ; 27 Nov 2020 20:52:17 - Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) (Client did not present a certificate) by CMGW with ESMTP id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700 X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1 cx=a_idp_nop a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17 a=kj9zAlcOel0A:10 a=zPYWiABU:8 a=5-f5ixlAKy49-4MjWEkA:9 a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10 a=5LfDJFqq-uUA:10 a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=UDnyf2zBuKT2w-IlGP_r:22 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.net; h=from:subject:mime-version:to:content-type:content-transfer-encodi ng; s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=; b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVb LuH 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6 gSi i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI= Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD 2020-11-27 20:52:16.878084415 + UTC m=+951689.287978429 Received: from spiderdoor.com (unknown) by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP id ceyKf2F5QpyH7v63ZKS3nA Fri, 27 Nov 2020 20:52:16.783 + (UTC) Date: Fri, 27 Nov 2020 20:52:16 + (UTC) From: no-re...@spiderdoor.com Message-ID: <5fc1670079f34_26fd3171828...@api1.mail> Subject: Payment Receipt for Unit G030 - paid from SpiderApp Mime-Version: 1.0 X-SG-EID: =?us-ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCVi DqyYQ?= =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?= =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?= =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?= =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?= =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?= To: i...@myspace.rent, X-Entity-ID: eEuAPys4acQ9ere1FZlp6A== Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX311xK b9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxsms0GP 03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5 X6m7dicNVVVO+LUx/qLWyQ== X-Nonspam: None Any idea why it gets flagged and what rule I need to put in place to prevent it from happening? Thank you. Daryl
RE: contact from blacklist
Url blacklists? Maybe paste some headers here? -Original Message- To: users@spamassassin.apache.org Subject: contact from blacklist Hi everyone, lately I get more and more spam from so called contact forms. Does anyone know a blacklist for this? Kind regards Philipp -- Philipp Ewald Administrator DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln Fax: +49 221 6500-690, E-Mail: philipp.ew...@digionline.de AG Köln HRB 27711, St.-Nr. 5215 5811 0640 Geschäftsführer: Werner Grafenhain Informationen zum Datenschutz: www.digionline.de/ds
RE: What can one do abut outlook.com?
Thanks for the update! Although I am not really an advocate for blocking people. -Original Message- To: users@spamassassin.apache.org Subject: Re: What can one do abut outlook.com? On 26/10/20 5:17 am, Marc Roos wrote: >> make a reality check outside your small bubble! > typical low iq response. I was already discussing the validity of > these soccerplayer contracts before they had to change the system. > Afternoon Marc. Just thought I'd let you know this same person was blocked from CentOS mailing list a while back due to trolling. I'm not sure the chemicals deep in his noggin work as they are supposed to. On the CentOS mailing list, we stopped feeding the troll and I, specifically, made sure that I'd never again see an email from his likes. I wonder if the SpamAssassin admins could just as well stop feeding the troll here as well. By stop I mean block it at the entrance. Not knowing how many sunrises and sunsets the troll has seen, I'd want to hope that it's seen enough to warrant an expedient expiry - but I can only wish. In the meantime, enjoy the comedy that it is.
RE: different Return-Path: and From:
> so you want your own messages blocked everywhere? I do not know yet. I can assume this different on something like a mailing list. It is irritating that the From has a credible name, in this case from a bank.
different Return-Path: and From:
I had a phishing mail skip my spf check. The spf check was done on the Return-Path and not the From:. Is a default convention? How does spamassassin treat a different Return-Path and From in a message?
RE: What can one do abut outlook.com?
>> That is why it is important to read and use the brain, otherwise you >> wander of the subject. >waht do *you* know about brain when you don't realize that it's simply >not doable to fight against spam by fight against large providers as >outlook.com? Because I understand eg there is a difference between theoretical, practical and maybe even legal point of view. >overall there amount of bad clients is *low* compared to the total >number of clients How is that % relevant. I only care that I receive spam, and I have to put effort/work/time into resolving it. >if all the customers of outlook.com would be served by clueless idiots >like yours which means spread over thousands of clueless providers the >outcome would be much worse I am not so sure about this. Email services are more easier to set up, thus come quite equal to bigger providers. Smaller providers have better/more contact with their clients. Can instruct eg clients not to use the network for newsletters. Smaller provider have more system administrators per 1000 clients than bigger companies, thus more hours to spend on support/abuse etc. Smaller providers are easier to blanket block, so they are forced to maintain higher quality of service. Failing to see this, has the same origin as you fail to detect intelligence. > you can block what you want on yur home-pet-server but you really don't > understand how legit business works You do not get the bigger picture, you basically are doing the work the bigger providers should do or pay you to do. In this regards, the Net neutrality discussion is very similar. >proven by your bullshit of "are you guys paid by them" while the truth >is that my and other customers of whatever mailservice want their >fucking *legit mail* received and not trhown out with the bathwater The use of dnsbl to reject mail is ages old. I did not invent this. The process is very simple. You receive spam from an ip, you eventually block the ip from delivering mail. How can it be your fault, if that provider is trying to send legitimate mail via that blocked ip? It is this providers fault. They have countless options to mitigate this situation, but they are just to lazy to do this. One for instance would be to put free new accounts on a different outgoing ip range than long time high paying customers. Seperate newsletters from regular outgoing mail, etc. > not everybody who is in the business for decades is a supporter of big > ISP's, the opposite is true, otherwise we just would use them at our own If you are long in business, you have experience, and one is likely to have such a point of view. > the point is: everybody but you has to deal with the real world > if it's just me microsoft, amazon and guess what can die tomorrow and i > couldn't care less, but as long as they exist and as long they are used >by millions of legit customers it is what it is Indeed and that is why this is a problem.
RE: What can one do abut outlook.com?
That is why it is important to read and use the brain, otherwise you wander of the subject. -Original Message- Sent: Monday, October 26, 2020 4:48 PM To: John Wilcock Cc: users Subject: Re: What can one do abut outlook.com? Lets remember youre arguing with someone who clearly doesnt run any sort of commercial email system because no sane person selling boxes can simply block outlook... On Oct 26, 2020, at 5:44 AM, John Wilcock wrote: The problem with your analogy is that you are not just interacting with one unwelcome neighbour with a defective washing machine, but with dozens of neighbours whose washing machines work perfectly but who happen to share the same plumber as the unwelcome one. And in many cases these people aren't just your neighbours but potential clients of yours. If you refuse to deal with them on the basis that they use that plumber, you're the one who will lose business. I'm not sure the analogy works all that well, but hopefully you get my point. Outlook.com, Google and Amazon all have millions of legitimate customers from whom you might receive genuine email, and if you block them because of their (relatively few) unwelcome customers, you're throwing the baby out with the bathwater. -- John On 2020-10-25 18:48, Marc Roos wrote: Are you guys working for Google or Amazon or so? Maybe I should give something simple analogy so you understand. If your neighbours washing machine breaks down, and causes you water damage. They have to pay for cleaning up de mess they created in your apartment. If the neighbour spills oil on your parkway, they have to clean it up. Your reasoning resembles: - the neighbour does have to use their washing machine every time, so I will just clean up their mess every time. - it is only once of every 3 times the neighbour uses his washing machine, he floods my apartment, so that is ok. - the neighbour has kids, they cannot be held responsible for dad to flood my apartment every week. So I will not ask the landlord to evict them. I will just clean up their mess every week year after year. - the neighbour floods my apartment every week, I think I will teach him this week how to use the washing machine. - the neighbour floods my apartment every week, I think I will replace my wooden floor for some plastic foil.
RE: What can one do abut outlook.com?
> The problem with your analogy is that you are not just interacting with one unwelcome neighbour with a defective washing machine, > but with dozens of neighbours whose washing machines work perfectly but who happen to share the same plumber as the unwelcome one. I think you prove yourself to be wrong, because later you just write Google, Outlook and Amazon and not company A, company B, company XX. Everyone is in the same appartment. > And in many cases these people aren't just your neighbours but potential clients of yours. If you refuse to deal > with them on the basis that they use that plumber, you're the one who will lose business. That is beside the point. But I agree, it does complicate executing this point of view. That is why I think that big companies are not good in general. >I'm not sure the analogy works all that well, but hopefully you get my point. > Outlook.com, Google and Amazon all have millions > of legitimate customers from whom you might receive genuine email, and if you block them because of their (relatively few) > unwelcome customers, you're throwing the baby out with the bathwater. To me it is very simple. An ip address gets blocked when it sends out spam/phising/abuse etc. I assume you have also been using dns blacklists to reject email. This has been a very old practice. If google sends messages from a legitimate client via the same ip, as that of a spammer. That is googles responsibility, so this legitimate clients should complain to google. If google supplies me with software, that will block spam from such an ip and let through legitimate email from the same ip (or pays someone to sit in my office to do it for them). I will be the first to use it.
RE: What can one do abut outlook.com?
> make a reality check outside your small bubble! typical low iq response. I was already discussing the validity of these soccerplayer contracts before they had to change the system. > when you have millions of customers you can do whatever you want all day long and you are > simply not able to remove every spammer or suspend every hacked account in realtime No not at all. No free accounts, and every mail account costs 10 us$ per month. I will bet you that the outgoing spam is being reduced by more than 50%. I do not care if Googles profits drop by XX%. Why do you? > and no you can't do that fully automated because filtering of authenticated mail submission is way harder > becasue there are no received-headers and you can't apply any useful DNSBL because your customers are on > dial-up networks by definition Make spamming exensive, not free. > i love it how poor idiots with their "me-and-my-family" setup belive the world is that simple - if it would be that simple > spam won't exist at all for years I assume your education did not include logics.
RE: Blocking by country/ASN/IP/domain
I have been looking into exactly the same, don't know how I am going to implement it still. What I know for now. This is how you can get info on a netblock owner. [@]$ dig +short -t txt 80.53.103.176.origin.asn.cymru.com '48031 | 176.103.48.0/20 | UA | ripencc | 2011-12-09' You can then either decide to mark everything as spam with spamassassin or block reject it via a milter or so. Combined with this you can then whitelist only this networks official outgoing smtp servers. -Original Message- From: Alex [mailto:mysqlstud...@gmail.com] Sent: Sunday, October 25, 2020 6:50 PM To: SA Mailing list Subject: Blocking by country/ASN/IP/domain Hi, I have a spamassassin-3.4.4 install with amavisd-2.12 and postfix on fedora32 and would like to be able to block email from an entire country on a per-user or per-domain basis. What is the best way to do this? I'm currently using the RelayCountry plugin and Amavis::Custom to add an X-Relay-Countries header to each email, and have a series of rules of the form: header RELAYCOUNTRY_JP X-Relay-Countries =~ /JP/ describeRELAYCOUNTRY_JP Relayed through Japan score RELAYCOUNTRY_JP 0.1 I've also been considering blocking by ASN or IP, but I believe it would be the same problem just presented in a different way. How do I tie this into amavisd so that I can allow individual users to control their own email? Perhaps this is done in a policy_bank? Perhaps I would analyze the X-Relay-Countries header directly instead of processing the resulting RELAYCOUNTRY_JP rule, for example?
RE: What can one do abut outlook.com?
Are you guys working for Google or Amazon or so? Maybe I should give something simple analogy so you understand. If your neighbours washing machine breaks down, and causes you water damage. They have to pay for cleaning up de mess they created in your apartment. If the neighbour spills oil on your parkway, they have to clean it up. Your reasoning resembles: - the neighbour does have to use their washing machine every time, so I will just clean up their mess every time. - it is only once of every 3 times the neighbour uses his washing machine, he floods my apartment, so that is ok. - the neighbour has kids, they cannot be held responsible for dad to flood my apartment every week. So I will not ask the landlord to evict them. I will just clean up their mess every week year after year. - the neighbour floods my apartment every week, I think I will teach him this week how to use the washing machine. - the neighbour floods my apartment every week, I think I will replace my wooden floor for some plastic foil.
RE: What can one do abut outlook.com?
> all huge mail providers with thousands/millions of customers, so there > is no wonder there is spam included. Google, Amazon and Microsoft have billions of cash. It is indeed a wonder how they are not spending it on outgoing mail detection. > mail services to a mono-culture of single huge providers, but you cannot > block them just for being huge providers. Nobody was saying so. Best is to block just the ip addresses that your receive spam from. Their network will reroute emails. But if their ip addresses a randomly blocked by many other providers. All their queues will start using more resources bouncing around mails, having to explain to their clients why sometimes a mail is send and sometimes rejected, costs increase, thus more incentive to kick out spammers or spend more on prevention. > If you block something, you have to ask yourself: How many innocent, > unsuspecting legitimate senders Who cares, these "unsuspecting legitimate senders" should take their business somewhere else. > I'm blocking as well as the spammers? If > you block even one innocent sender as collateral damage, you should not > block that email provider, regardless how annoying it is. What a non-sense. This is how spammers currently work, mix legitimate mail with spam. Just block ip's, it is not your fault they are sending you spam. Nobody can blame you, if you do not want to do the work that Amazon, Google and Microsoft should be doing.
RE: check doman against uri bl of spamassassin
> > > >> :D I thought I could query the blacklists from the command line with >> dig >> or so > >You can, at least in principle, but it would not be a single command or >a well-defined small set of commands if you don't have SA installed and >want to know the SA penalty of an URI in a particular domain. > >The rules files in the default rules channel have 23 active urirhssub >rules defined. They reference 4 URIBL zones, 3 of which are multiplexed: > >dbl.spamhaus.org. >dob.sibl.support-intelligence.net >multi.surbl.org. >multi.uribl.com. > >So you COULD just check a domain such as example.com like this: > > dig example.com.dbl.spamhaus.org. >example.com.dob.sibl.support-intelligence.net. >example.com.multi.surbl.org. example.com.multi.uribl.com. Oh ok, that sounds indeed simple. I thought there was more to it. This means with such implementation, that if you have such a blog collection site like wordpress.com. If one wordpress.com/xxx site gets listed, all are listed. >Figuring out what the results of such a search means would require you >to look up the return codes and what they mean for each of those URIBLs. >Figuring out what the cumulative SA score would be of a particular >domain would require you to check the current score files in the rules >distribution. No, that is not necessary, just need to know if it is possible to query these blacklists on existence.
RE: check doman against uri bl of spamassassin
> and why just don't you? I have no idea what the default ones are. Also don't know exactly the syntax, especially when slashes are included and if hashes are used or so.
RE: check doman against uri bl of spamassassin
:D I thought I could query the blacklists from the command line with dig or so -Original Message- From: @lbutlr [mailto:krem...@kreme.com] Sent: Wednesday, October 21, 2020 10:20 PM To: users@spamassassin.apache.org Subject: Re: check doman against uri bl of spamassassin On 21 Oct 2020, at 13:35, Marc Roos wrote: > What is the best way to check an url against the default active > spamassassin uribl, on a linux server that does not have spamassassin > installed? This is clearly in the "how do I do a thing while imposing conditions that make impossible to do" class of question. "How do I dive 300 meters under water without an oxygen supply or pressure suit?" "How can I get from New York City to Los Angels in less than 10 hours without flying?" If you want to test something against spamasassin you need one thing for sure, access to spamassassin. -- 'I really should talk to him, sir. He's had a near-death experience!' 'We all do. It's called living.'
check doman against uri bl of spamassassin
What is the best way to check an url against the default active spamassassin uribl, on a linux server that does not have spamassassin installed?
RE: The most efficient SPAM implementation ever
> I am the one who is a client of sendgrid. Before subscribing to their service (with low volume it is free) > many of my messages were rejected. They provide legitimacy. So the problem here is actually that a spammer whines about being spammed? :D But this does confirm my idea that one should just blanket blacklist these networks, because they mostly harbour clients that were blocked and have no where else to go any more. I do not recommend using sendgrid. Going there with your legitimate services is like having your products manufactured by forced child labour which is maybe legal in that part of the world, but it is still something you do not want to be associated with.
RE: The most efficient SPAM implementation ever
> > >I guess you are confused by my message and I am confused by yours. Allow me to clarify. Oops, did not notice jpg attachment. Better to post just text. >I have 3 lines of defense and the 2 main ones have failed. The SPAM messages are > undetected. You tell me that the best way is to treat spam is to reject it but > all my attempts to detect this particular instance, let alone reject it have > been unsuccessful. Yes these are not correct (anymore? I guess their infrastructure changed?) [@ files]$ dig +short jiveon.jivesoftware.com sendgrid.net. 167.89.123.54 167.89.115.56 [@ files]$ dig +short -x 167.89.123.54 o16789123x54.outbound-mail.sendgrid.net. The specific range of sendgrid looks like this[1]. So now you know they use sendgrid and probably have access to a 'limited' dynamic ip range. Now you can decide to reject email coming from (the whole of) sendgrid. I have created an email address and ip white list. So if someone legitimate complains. I can allow that specific email address or ip to go through. If sendgrid is getting smarter in the future you will have problems blocking just on sendgrid.net. Mailgun already switched to something like this[2]. Some spammers even change their reverse lookup just before sending. Then you have to fall back on eg. ip blacklisting. I am currently thinking about doing an asn lookup. As you can see these return the same id for different reverse configured ips of mailgun. [@ ~]# dig +short -t txt 40.151.61.209.origin.asn.cymru.com "33070 | 209.61.128.0/19 | US | arin | 2000-06-05" [@ ~]# dig +short -t txt 41.151.61.209.origin.asn.cymru.com "33070 | 209.61.128.0/19 | US | arin | 2000-06-05" [@ ~]# dig +short -t txt 42.151.61.209.origin.asn.cymru.com "33070 | 209.61.128.0/19 | US | arin | 2000-06-05" [@ ~]# dig +short -t txt 43.151.61.209.origin.asn.cymru.com Maybe also forget about the access map and switch to something like mailfromd. I think you can even reject the message with it after you analyzed the whole message body. >Line of Defense No. 1: >The sendmail 'access' file seen below. For over a year only one statement was > sufficient, as you can see now I have 11 and they all fail. Things change (fast) > >Line of Defense No. 2: >Spamassassin. It have submitted over a thousand messages as follows: > >% sa-learn --spam --mbox Mail/Junk > >Unfortunately, that command has never been able to increase the score > of the messages. > [1] 67.89.123.6o16789123x6.outbound-mail.sendgrid.net. 167.89.123.7o16789123x7.outbound-mail.sendgrid.net. 167.89.123.8o16789123x8.outbound-mail.sendgrid.net. 167.89.123.9o16789123x9.outbound-mail.sendgrid.net. 167.89.123.10 o16789123x10.outbound-mail.sendgrid.net. 167.89.123.11 o16789123x11.outbound-mail.sendgrid.net. 167.89.123.12 o16789123x12.outbound-mail.sendgrid.net. 167.89.123.13 o16789123x13.outbound-mail.sendgrid.net. 167.89.123.14 o16789123x14.outbound-mail.sendgrid.net. 167.89.123.15 o16789123x15.outbound-mail.sendgrid.net. 167.89.123.16 o16789123x16.outbound-mail.sendgrid.net. 167.89.123.17 o16789123x17.outbound-mail.sendgrid.net. 167.89.123.18 o16789123x18.outbound-mail.sendgrid.net. 167.89.123.19 o16789123x19.outbound-mail.sendgrid.net. 167.89.123.20 o16789123x20.outbound-mail.sendgrid.net. 167.89.123.21 o16789123x21.outbound-mail.sendgrid.net. 167.89.123.22 o16789123x22.outbound-mail.sendgrid.net. 167.89.123.23 o16789123x23.outbound-mail.sendgrid.net. 167.89.123.24 o16789123x24.outbound-mail.sendgrid.net. 167.89.123.25 o16789123x25.outbound-mail.sendgrid.net. 167.89.123.26 o16789123x26.outbound-mail.sendgrid.net. 167.89.123.27 o16789123x27.outbound-mail.sendgrid.net. 167.89.123.28 o16789123x28.outbound-mail.sendgrid.net. 167.89.123.29 o16789123x29.outbound-mail.sendgrid.net. 167.89.123.30 o16789123x30.outbound-mail.sendgrid.net. 167.89.123.31 o16789123x31.outbound-mail.sendgrid.net. 167.89.123.32 o16789123x32.outbound-mail.sendgrid.net. 167.89.123.33 o16789123x33.outbound-mail.sendgrid.net. 167.89.123.34 o16789123x34.outbound-mail.sendgrid.net. 167.89.123.35 o16789123x35.outbound-mail.sendgrid.net. 167.89.123.36 o16789123x36.outbound-mail.sendgrid.net. 167.89.123.37 o16789123x37.outbound-mail.sendgrid.net. ... 167.89.123.245 o16789123x245.outbound-mail.sendgrid.net. 167.89.123.246 o16789123x246.outbound-mail.sendgrid.net. 167.89.123.247 o16789123x247.outbound-mail.sendgrid.net. 167.89.123.248 o16789123x248.outbound-mail.sendgrid.net. 167.89.123.249 o16789123x249.outbound-mail.sendgrid.net. 167.89.123.250 o16789123x250.outbound-mail.sendgrid.net. 167.89.123.251 o16789123x251.outbound-mail.sendgrid.net. 167.89.123.252 o16789123x252.outbound-mail.sendgrid.net. 167.89.123.253 o16789123x253.outbound-mail.sendgrid.net. 167.89.123.254 o16789123x254.outbound-mail.sendgrid.net. 167.89.123.255 o16789123x255.outbound-mail.sendgrid.net. [2] 209.61.151.28 rs28.mailgun.us. 209.61.151.29 rs29.mailgun.us.
RE: The most efficient SPAM implementation ever
Very unclear problem description. First of al if you mark spam the sender knows it is being received (and does not even know the message has been marked). Thus the best way to treat spam, is rejecting it. So without any other info. Start rejecting messages instead of accepting them. Start posting those (relevant) message headers ;) -Original Message- To: users@spamassassin.apache.org Subject: The most efficient SPAM implementation ever Hello all: I have been a very satisfied user of spamassassin for a long time. Now I am facing a challenge, a problem that I cannot resolve. Years ago I was an active participant in the SolidWorks forum: https://forum.solidworks.com Unfortunately, there is a group there who when don't approve of a thread their response is to send you a barrage of e-mails, some sort of DOS attack. I have received thousands of those, during several years. I dutifully have those messages processed by sa-learn, but it is clear that they are immune to spamassassin. Instead of going up, their score goes down. I tried another approach (suggested by some of you folks): block the sender by sendmail, as seen below. Such defensive strategy was helpful for a couple years but now the spam has come back with a vengeance. Currently, my last line of defense is the only one that recognizes that stealth spam: the Thunderbird mail client. Please help. TIA, -Ramon F. Herrera ps: I do not have samples right now but will collect some and post them.
RE: mark emails as being spam originating from an ip range owner
Thanks for the asn tip! There is even a dns service that offers the asn lookup. This is what I found, maybe there are more. [@]$ dig +short -t txt 80.53.103.176.origin.asn.cymru.com "48031 | 176.103.48.0/20 | UA | ripencc | 2011-12-09" -Original Message- To: users@spamassassin.apache.org Subject: Re: mark emails as being spam originating from an ip range owner Hello, On Tue, Sep 29, 2020 at 10:49:36AM +0200 > How can I mark emails as being spam originating from an ip range owned > by xserver.ua? > > % Abuse contact for '176.103.48.0 - 176.103.63.255' is I' not sure if blacklist_from accepts IP addresses or CIDR ranges, but if it does: blacklist_from 176.103.48.0/20 Or consider using ASN plugin: https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Plugin_ASN.html and then adding a rule that penalises everything from ASN 48031: header LOCAL_SPAMMY_ASN_XSERVERX-ASN =~ /\b48031\b/ score LOCAL_SPAMMY_ASN_XSERVER5.0 describeLOCAL_SPAMMY_ASN_XSERVERToo much spam from xserver.ua (AS48031) Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
mark emails as being spam originating from an ip range owner
(sorry now with subject) How can I mark emails as being spam originating from an ip range owned by xserver.ua? % Abuse contact for '176.103.48.0 - 176.103.63.255' is 'ab...@xserver.ua' inetnum:176.103.48.0 - 176.103.63.255 netname:XServer-IP-Network-6 country:UA org:ORG-IV2-RIPE admin-c:IV25-RIPE tech-c: IV25-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: MNT-IV25 mnt-routes: MNT-IV25 mnt-routes: ITL-MNT mnt-domains:MNT-IV25 created:2011-12-09T13:10:04Z last-modified: 2017-05-24T13:24:15Z source: RIPE # Filtered sponsoring-org: ORG-ML410-RIPE organisation: ORG-IV2-RIPE org-name: PE Ivanov Vitaliy Sergeevich org-type: OTHER address:42-A Tobolskaya street, office 230, Kharkov, Ukraine phone: +380 57 728 12 67 abuse-c:AR19840-RIPE mnt-ref:MNT-IV25 mnt-by: MNT-IV25 created:2009-06-16T15:24:59Z last-modified: 2017-05-12T08:36:23Z source: RIPE # Filtered person: Ivanov Vitaliy address:42-A Tobolskaya street, office 230, Kharkov, Ukraine phone: +380 57 728 12 67 nic-hdl:IV25-RIPE mnt-by: MNT-IV25 created:2009-06-16T15:19:31Z last-modified: 2017-05-12T08:37:26Z source: RIPE # Filtered % Information related to '176.103.48.0/20AS48031' route: 176.103.48.0/20 descr: XSERVER origin: AS48031 mnt-by: MNT-IV25 created:2012-03-02T11:27:45Z last-modified: 2012-03-02T11:27:45Z source: RIPE
[no subject]
How can I mark emails as being spam originating from an ip range owned by xserver.ua? % Abuse contact for '176.103.48.0 - 176.103.63.255' is 'ab...@xserver.ua' inetnum:176.103.48.0 - 176.103.63.255 netname:XServer-IP-Network-6 country:UA org:ORG-IV2-RIPE admin-c:IV25-RIPE tech-c: IV25-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: MNT-IV25 mnt-routes: MNT-IV25 mnt-routes: ITL-MNT mnt-domains:MNT-IV25 created:2011-12-09T13:10:04Z last-modified: 2017-05-24T13:24:15Z source: RIPE # Filtered sponsoring-org: ORG-ML410-RIPE organisation: ORG-IV2-RIPE org-name: PE Ivanov Vitaliy Sergeevich org-type: OTHER address:42-A Tobolskaya street, office 230, Kharkov, Ukraine phone: +380 57 728 12 67 abuse-c:AR19840-RIPE mnt-ref:MNT-IV25 mnt-by: MNT-IV25 created:2009-06-16T15:24:59Z last-modified: 2017-05-12T08:36:23Z source: RIPE # Filtered person: Ivanov Vitaliy address:42-A Tobolskaya street, office 230, Kharkov, Ukraine phone: +380 57 728 12 67 nic-hdl:IV25-RIPE mnt-by: MNT-IV25 created:2009-06-16T15:19:31Z last-modified: 2017-05-12T08:37:26Z source: RIPE # Filtered % Information related to '176.103.48.0/20AS48031' route: 176.103.48.0/20 descr: XSERVER origin: AS48031 mnt-by: MNT-IV25 created:2012-03-02T11:27:45Z last-modified: 2012-03-02T11:27:45Z source: RIPE
RE: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla
> My client is massively invested in AWS with many servers, databases, and services unrelated to mail. > Moving to another platform is not an option. Ever heard of a smart host? (Or at least that is what it is called with sendmail). First think and then do, you do not have to move anything.
RE: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla
> I don't doubt what you are saying. But if AWS is so horrible and across the board everyone thinks > anything coming from it is spam, SA isn't flagging it, and mail-tester.com isn't flagging it, > and both have pretty extensive blacklist references (??). I'm still confused. Because they are paying to be whitelisted. Amazon used to be in the top 10 of abuse networks[1]. The only way to get of such a list fast, is either blocking all outgoing traffic on ports 25,465,587 or pay someone. I have had to reconfigure spamassassin not to use the whitelists. Sooner or later more will do this, because what use is a whitelist, if it holds ip addresses that send out spam? Furthermore tools can't be trusted that much. I am blocking dns request from some of those tools. I am even blocking amazon cloud on the web servers, saves lots of cpu power! This year I am going to advise all clients (not so many any more, g ;) that if they do not have robots.txt on their website we are going to put a default one. That one allows the most common search engines (I certainly do not want to give google an advantage here). From a security perspective this is also advisable because hackers are scanning for old versions, and without such a robot text, I really do not have good reason to report abuse. [1] https://www.spamhaus.org/statistics/networks/
RE: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla
> I'm hosting on AWS. So the recommendation was to proxy my outbound mail through AWS's SES server so it :? > appeared that the mail came from 'trusted' Amazon. Ehhh, amazon cloud messages are flagged by us as spam, and some ranges are even blocked. I would try get a dedicated ip address if you value your mail.
RE: blacklisting the likes of sendgrid, mailgun, mailchimp etc.
But now it is Sendgrid tomorrow it is some other company, fact is were stuck with this trend of spammers outsourcing their spam trying to mix it with legitimate email. Legitimate clients are not aware of this and use these companies because of whatever ill advised reason. I am thinking about documenting this behaviour on 'my' hosting pages so people can read and be aware of this. I think if everyone does this, legitimate clients will stay away from these businesses. And if they stay away from these businesses, it is for 'smaller' providers easier to manage (eg. blanket block the whole owned range) -Original Message- To: users@spamassassin.apache.org Subject: Re: blacklisting the likes of sendgrid, mailgun, mailchimp etc. > https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-a > ccounts/ > also sheds light on the issue too. . SendGrid knows (or should konw) that it has compromised accounts. It could find out what some of them are for free by downloading Rob's list of 25 or so compromised accounts. It could find out what some of the other 400 are for $15 each, and could find out what some of the major offenders are for $400 each. Let's see, 400 compromised accounts times $400 is $16,000 dollars. SendGrid or Twillio can't afford a $16,000 cash outlay to find the account names of the major compromised accounts? Their head of security probably gets that much a month in salary and bonuses. It would be a trivial expense. So what could they do once they knew which acocunts are compromised? Are they helpless, and can only wring their hands and issue press releases saying They Have A Plan? No. They can SHUT THE DAMN ACCOUNTS DOWN. Issue refunds to the owners if they feel generous. Tell the owners to open new accounts with 2FA. But they won't do this, because they get their money from sending spam. Loren
blacklisting the likes of sendgrid, mailgun, mailchimp etc.
For what it is worth. I was always under the impression that most of those companies that are using these networks known for 'harassing' where just ignorant. I used to do business with the 'idiots' of Tucows/opensrs, trying to explain to them that it is not really wise to send password reset emails via the same mail servers that their 'cheap clients' are using for spamming. However I just got email of a company medialab.co using this mailgun network. Turns out they had problems with getting blacklisted and that is why they moved there. So I tend to change my position, that it is quite legitimate to rate these networks as being bad by default. Maybe most clients just move there because they are sending shit. And now they can use the excuse that someone else caused the bad reputation.
RE: Why is SENDGRID_REDIR score so high?
So ask spiceworks to use a different supplier or use their own range that is not being abused by others. Complain to spiceworks, they should solve this problem for you. Don't do their work, unless they pay you to. -Original Message- To: users@spamassassin.apache.org Subject: Why is SENDGRID_REDIR score so high? Hi - I receive email from spiceworks.com help desk, which are sent via sendgrid. Why do these URLs trigger the SENDGRID_REDIR rule score, which is 3.4 ? Thanks. - Mark Terms and Conditions: https://u2752257.ct.sendgrid.net/ls/click?upn=cXUsNXpk4aguQpIafAEOmIejjD9ZkCNTPoNNmoa1ebrAUotywMJTp7DEBn7GytalLkTf_8lxoDjRwBLjcEcMtF8M5ApYR1AJKfKZukCa01OUZ6PgghULd-2FNN7L6qPk5t3kRl0b1zrUCfn5j7veAMSuKobLbvM1i2BY9-2FM8B1BpQSRnSs54y0iV7P8FnmuQXGD4eQkIqKfPELx6aNdbuFCgIQecDPo5\ EFoQxdE7JySPVPuU9N49Iip-2FAXbBQj-2BLN0cly9tAICcjMYqlAxin7RkTG4oRA Privacy Policy: https://u2752257.ct.sendgrid.net/ls/click?upn=cXUsNXpk4aguQpIafAEOmIejjD9ZkCNTPoNNmoa1ebqRhFzshCDTA7-2BL-2FYYwBE3VGk_y_8lxoDjRwBLjcEcMtF8M5ApYR1AJKfKZukCa01OUZ6PgghULd-2FNN7L6qPk5t3kRl0YIWr1WEURsRppHsiq7oYUNdAmf1x7n6J-2BNofwjd7xwa8e-2FvvCVFrqBYuLGxS3Z7NV0qlW-2FJoasrFm8xaQ0-2BrfN04MfX-2Bo-2BobNtFOsUHtI-2BERUMY5rBGmZTY7WFV7eoMJ8Kal5pHd-2FjR5xXpKzlEzjQ
RE: Amazon, dhl, fedex, etc. phishing
You should use spf for this. Except for the fact that at dhl they are to dumb to know what servers they are using. -Original Message- From: Martin Gregorie [mailto:mar...@gregorie.org] Sent: maandag 24 augustus 2020 20:25 To: micah anderson; users@spamassassin.apache.org Subject: Re: Amazon, dhl, fedex, etc. phishing On Mon, 2020-08-24 at 12:00 -0400, micah anderson wrote: > We are regularly getting phishes from dhl, fedex, usps, amazon, > netflix, spotify that fakes the from (eg. amazon < > p...@biggung1892301.com> wants to send me a amadon-legit.pdf). > > I'm wondering if anyone has made a rule that looks to see if the From > contains amazon, but it is not amazon.com/.ca/.jp (all their TLDs), > Try it yourself: something like this: header SUBRULE13a From:name =~ /Amazon/ header SUBRULE13b From:addr =~ /amazon/ meta SUBRULE13 (SUBRULE13a != SUBRULE13b) score SUBRULE13 10 should work though the text in the regex will probably need tweaking to match actual spam. You'll need to collect examples of spam from all these sources to test your rules against. Also: - the regexes may need alternates if, say, you see variations in the name text or if you want the addr regex to include more than just the bare domain name - of course you'll need a separate rule for each spam source - another spam warning is emaile where the domain name in the Message-id doesn't match the one in the From address. I'm not seeing anything that looks like the spam you're getting, but if I did, that's the type of rule I'd be writing to trap the garbage. Martin
RE: SendGrid (Was: Re: Freshdesk (again))
> Very disappointed with sendgrid's fall from grace. I saw once some video about angel investment, where some guy says something like "get the money as fast as possible from your clients pocket into yours". I would say there is little grace to be found. > Their phishing/spam/malware and legit user mix is a nightmare. This is the just common business model, others applying this to.
RE: Constructive solution to the blacklist thread
>> you will be able to change 1 byte in the code and get the previous rule names. This sounds to me like putting somewhere the character 0 or 1, which means that blacklist and whitelist words are still defined somewhere in the code. Is that not what started the discussion? But none the less, a one byte change sounds quite good. (Not that I had a technical argument anyway)
RE: Why the new changes need to be "depricated" forever
>> I do wish that the handful of loud, non-contributors who have so >> much to say about someone else’s project would shut up and fork it, TBH. Is that not a lot like, this is my toilet it is only for white people, please build your own somewhere else, you are free to do so?
RE: Why the new changes need to be "depricated" forever
> This is not a tiny change. I had hoped it would be, which is why I supported it > in the initial PMC vote, but it's becoming clear to me I was overly optimistic. Wait until you have to vote on the use of the word welcomelist. Preferring English to other languages could be seen as discriminative. If one should replace words, than at least use Esperanto ones. ;)
RE: Why the new changes need to be "depricated" forever
> I’m going to follow that other dude’s lead and start donating to > Portland bail funds in your names each time you post. :) Do know that is identity theft and a crime. Please post proof of your action on this list.
RE: Why the new changes need to be "depricated" forever
> I really don't get why anyone would be offended by blacklistd and whitelist > given neither have any sort of connection to race or skin color. That is because you have a proper logically functioning brain. Which makes you even part of a minority group. Hence you can look forward to people looking after you that are the likes of 'are offended by blacklist'
RE: Why the new changes need to be "depricated" forever
>> Oh my god, you snowflakes, please just get over yourselves. The term "snowflake generation" was one of Collins English Dictionary's 2016 words of the year. Collins defines the term as "the young adults of the 2010s, viewed as being less resilient and more prone to taking offence than previous generations". Do you get that it is the other way around? You are using this term incorrectly?
RE: Why the new changes need to be "depricated" forever
> There’s only like 4 of you, you can do this with a cc: list. 4? If you don't get your facts straight, there is little to no value to other things you write.
RE: Why the new changes need to be "depricated" forever
> I hear that the old RMA resistor color code is under attack as it is exceptionally discriminatory. > As you may or may not know black is the lowest value 0, brown is only 1, Red is 2. This :D
RE: IMPORTANT NOTICE: Rules referencing WHITELIST or BLACKLIST in process of being Renamed
>> You go shut your piehole Ehhh, who exactly? Having a nice evening with a vodka bottle? ;)
RE: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
> I'm a bit suspicious about some of the speedup figures quoted, and whether rspamd was tested > against an optimized and similarly parameterized SA. It's very easy to make SA look bad. I agree. I have even asked on the mailing list how many test rspamd does and how I can configure it to do just one test. Both questions were left unanswered. Have a look at this mailfromd it is really nice.
RE: IMPORTANT NOTICE: Rules referencing WHITELIST or BLACKLIST in process of being Renamed
What is being used for mail that is not welcome, but still needs to be allowed thru? -Original Message- To: users@spamassassin.apache.org Subject: Re: IMPORTANT NOTICE: Rules referencing WHITELIST or BLACKLIST in process of being Renamed can we use something like that or is there any special edit necessary? sed -i 's/whitelist/welcomelist/g' $CONFIG my setting "whitelist_from" to "welcomelist_from" || "welcome_from"? Thanks Am 19.07.20 um 18:09 schrieb Kevin A. McGrail: > All: > > As of today, the configuration option WHITELIST_TO has been renamed > WELCOMELIST_TO with an alias for backwards compatibility. > > Additionally, the rule USER_IN_WHITELIST_TO has been renamed to > USER_IN_WELCOMELIST_TO to assist those running older versions of > SpamAssassin get stock rulesets. > > If you have custom scoring or any custom rules building on > USER_IN_WHITELIST_TO, please accept our apologies and change the > references to USER_IN_WELCOMELIST_TO. > > In order to remove racially charged configuration options, whitelist > will become welcomelist and blacklist will become blocklist. More > changes will be coming for this with these small changes in the stock > ruleset. > Apologies for the disruption and thanks to those who are reporting > issues as we work through the changes. > > Regards, > KAM >
RE: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
What about mailfromd? I have this. I am really surprised it is not in default repo's. I also looked at rspamd, but I have a bit of a problem with these thousands of lines of config. Also their approach towards stats/graphics is 'old fashioned', who is programming that when you have tools like grafana. I have proposed to the mailfromd to make something for prometheus metrics, also where you can add your own metrics in the config file, so you can tune and graph your config on specific areas. -Original Message- From: Noel Butler [mailto:noel.but...@ausics.net] Sent: maandag 20 juli 2020 4:13 To: users@spamassassin.apache.org Subject: Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change On 16/07/2020 14:47, jdow wrote: You can probably fork the project and go on running what exists now going forward. That is something I am mulling doing for myself. I just have to ask myself, which is more painful? Actually, might not have to reinvent the wheel, last time I looked at rspamd was several years ago. Since the politically motivated change in spamassassin was made public last week, I reinstalled it in a dev lab. Running over the weekend, tests showed rspamd has remarkably improved, 603% speed increase over spamassassin (well it does run in C), and 18% more hit rates, when it came to known false positives, it equalled spamassassin though. Obviously before moving production over to it, I need to run it again over a much longer period of time, but it looks promising, I'll see it how goes over the next 4 weeks. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
RE: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
>> It's amazing how SOME Americans are quick to jump on bandwagons If you get older you will realize that this typical behaviour of an average person, and you will only notice this if your thinking is above average. Sad thing, having a system where the average person rules, one can only conclude that this human race is going to fail inevitably. The only people who really understood that the only way the persevere on the long run, is to live in harmony in this world (keep ecological balance). And those were the ones that got enslaved. https://www.zerohedge.com/news/2014-08-25/dumb-dumber-scientific-proof-people-are-getting-stupider
RE: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
Have you looked at this rspamd? That has configuration file of 3000 lines and is sort all-inclusive solution. I think it performs quite well. -Original Message- To: users@spamassassin.apache.org Subject: Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change On 16/07/2020 09:24, Kevin A. McGrail wrote: All: We're getting some positive attention from the verbiage change. See https://www.linkedin.com/posts/kmcgrail_apache-spamassassin-leads-a -growing-list-activity-6689260331719520256-gMy7 for a link to a Guardian Digital post about it. Anyway, I hope those not excited by the change will come around. We are working hard to make it as painless as possible and we have gotten word that several tools and projects that integrate with SpamAssassin will follow suit. Regards, KAM December 27 (our quietest time of year generally) this year has been slated for our changeover to remove spamassassin from our network. Our policies have long excluded using politically motivated companies, organisations, equipment and software. you made this political, you do not care for the opinions of others unless they agree with yours, so adios amigos.
RE: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
You are a racist when you are not treating people equal on the basis of the skin colour (or check definition in dictionary). Therefore anyone associating people of darker colour with blacklist and lighter colour with whitelist and associate this with in-equal treatment, is a racist. No one can complain about people trying to change things for the better. But lets be real, nothing you do here will make a difference. And I only fear that you feel so good about yourself, and then ignorantly continue upholding the very system that perpetuates race inequality. Yes yes that will happen, you will not think about slavery or inequality when you buy your next pair of shoes or apply for a loan at a bank. I do hope the people that are advocating this blacklist/whitelist removal so strongly, that they: Don't buy shoes manufactured under slave like conditions. Don't buy phones manufactured under slave like conditions. Don't do business with companies that have executive teams that do not resemble the diversity of the local population. Don't buy products from companies with billionaires (look at your US billionaires list, does not really resemble the diversity in your country) Don't watch any movies produced in hollywood Don't put your kids in all white schools PS. It is my opinion really pathetic to reference a news article where you are mentioned. This type of change should come from the heart, regardless what others are doing and saying. Now you look like some youtuber begging for acknowledgement asking for likes. To me you are more behaving like someone that follows the crowd without thinking, and history has shown that tends to be very dangerous. -Original Message- To: users@spamassassin.apache.org Subject: Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change So, This is the heading of the article: Apache SpamAssassin Leads A Growing List of Open-Source Projects Taking Steps to Correct Instances of Racism and White Privilege Using the word "blacklist" is racism. Does everyone get this! By definition you ARE a "RACIST" and ARE "White Privilege[d]." This is a political movement to blacklist (oohhh, I said it) anyone who does not comply. We're no longer angry, we're "not excited," how generous. The spamassassin leadership team are political hacks. Eric On 7/15/2020 5:24 PM, Kevin A. McGrail wrote: All: We're getting some positive attention from the verbiage change. See https://www.linkedin.com/posts/kmcgrail_apache-spamassassin-leads-a -growing-list-activity-6689260331719520256-gMy7 for a link to a Guardian Digital post about it. Anyway, I hope those not excited by the change will come around. We are working hard to make it as painless as possible and we have gotten word that several tools and projects that integrate with SpamAssassin will follow suit. Regards, KAM
RE: Detecting SendGrid shared IPs
Blacklist all and just whitelist email addresses you want to receive from. -Original Message- From: Pedro David Marco [mailto:pedrod_ma...@yahoo.com] Sent: donderdag 16 juli 2020 9:18 To: Users Subject: Detecting SendGrid shared IPs Is there any way to know whether a Sendgrid IP is shared or dedicated? Thanks in advance! Pedro
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
> We do you the courtesy of speaking English, so please do us the courtesy of not bullying us about > what you consider permissible or racially charged. That is our own fault also. I have been trying to get funding for a project to counter some US monopoly, but we have here just cheap/greedy investors that do not allow for such ideas to sprout. Since you brought up the language aspect, you might be pleased to read that my favorite saying is German, "gegen Dummheit kämpfen Götter selbst vergebens"
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
I really do not get the point of refering to some period, are you a historian? I am not doing any research on this subject but, the white/black good/bad dualism[1] goes as far back as 1000BC, who are we (current generation) to stamp this as being racist and alter the meaning of it's use in the 1000's of years before. If you are using a few hundred years as an argument. I have a few thousand years as counter argument. And lets be honest, US culture is nothing compared to eg Chinese. If it where not for their gun powder invention, there would not have been a genocide killing around 50? million native Americans. Your arguments do not make sense, because you are not able to judge this with your limited knowledge of the situation, (as I am not qualified). Do you get that this is beyond your capabilities? You are deciding something that a team of 100 experts al with higher IQ than yours, specilized in the various aspects that come into play, probably have difficulties giving a general advice. [1] https://en.wikipedia.org/wiki/Yin_and_yang -Original Message- From: Kevin A. McGrail [mailto:kmcgr...@apache.org] Sent: dinsdag 14 juli 2020 21:16 To: mar...@gregorie.org Cc: Rupert Gallagher; Marc Roos; Dave Goodrich; SA Mailing list Subject: Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave I would posit that the 1962 date is rooted as much in the US Civil Rights movement in the 1960's as anything else. Before then white and black definitely had negative connotations such as whites-only restrooms, areas on busses, restaurants, water fountains, neighborhoods, and whatever other atrocities people thought of to inflict on people by race. SA is going to stop legitimizing and perpetuating the use of racially charged language. For those who insist, you have backwards compatibility and I hope the change is embraced. -- Kevin A. McGrail Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Tue, Jul 14, 2020 at 3:08 PM Martin Gregorie wrote: On Tue, 2020-07-14 at 12:24 -0400, Kevin A. McGrail wrote: > We'll have to agree to disagree. To me it is clearly racially charged > language and you are cherry picking your sources. Here's a well > researched > and documented article from a medical journal on the topic with expert > citations: https://jmla.pitt.edu/ojs/jmla/article/view/490 The > abstract > The first *recorded* use of the term 'blacklist' or 'black list' was in 1660 when Charles II of England used it to refer to a list of those who had killed his father, Charles I. From the context it is far more likely that 'black list' was referring to the sin of regicide than to anybody's skin colour. I notice that the abstract you quoted has no references earlier than 1962, so I find it hard to take it seriously, especially as the earlier religious links between 'black' and 'sin' appear to be ignored by it. This is odd considering how much influence religion had on society in the 17th century and that there was no slavery in North America before about 1640. Out of pure curiosity, when was the current racist use of 'black' first coined and where did that happen? Me? I grew up in NZ where the social norms were against any attempt to denigrate Maoris: anybody who would not let a Maori meter-reader in to read his electricity meter would not be sent a pakeha meter reader and so was more or less guaranteed to get a heavy fine for late payment and failing to get his meter read. Similarly, I don't remember the All Blacks, national rugby team, ever not having Maoris in it. Martin
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
> Yeah, allow/deny is more logical but using them requires all acronyms to change. > After some trial and error, we dialed in the changes to welcome and block which > also keeps other terminology like RBL, DNSBL, WLBL, etc. consistent > so there is less upheaval. I associate BL with blacklist. If that is how the general perception is, and most of what is written on the internet is relating to, I don't see how you can maintain those acronyms. Allow/deny is also commonly used in linux so one could argue, it is adapting to standards.
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
> I like the change from whitelist/blacklist to allowlist/blocklist because it is more descriptive. Allow/deny list sounds more logical.
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
> Please Marc, stick to technical merit for your argument. There is no technical discussion here afaik. > Getting nasty does not solve technical problems, which we have here. Attacks are not > going to solve anything. Rational arguments may not. But, they should be made just the same. There is no attack. As I am not discriminating on the level of race origin (not native english), I am also not discriminating on the level of intelligence. Everyone is born as they are. Kevin should be told that jumping to such conclusions as "being on the wrong side of history" shows a lack of thinking. It is obvious that nobody will be able to predict the future. Logics just dictates that one could expect more of this type of reasoning, which makes me doubt PMC decision making. This is not being nasty, this applying logics. I am not judging this (I do not see myself qualified), that is why I mentioned that research from universities by people with proper expertise in this area should be left to do this. This is to me the only sound solution in this matter. The irony in this, is that this type of behaviour (not listening to others, advising to fork, not taking time to really think about what you are doing) looks to me very similar to how some of these police officers are misbehaving. Thus Kevin, PMC start thinking, and least of all, do not enforce your 'limited' view upon others. Maybe the apache software foundation can start a project with Stanford or Columbia to really research how this affects ethnic minorities. I doubt anyone will challenge that outcome.
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
> To you and others spouting off, be reminded that this is a publicly archived mailing list and you > will be on the wrong side of history. Consider that when you post. You must be feeling like a king in your little PMC? Who are you to judge whom is on the wrong side of history. No wonder people raise questions here, with someone like you deciding things. I think the PMC should disqualify your vote.
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
It looks to me, like nobody is taking time to think. Just telling someone to fork code is rediculous and shows contempt for users. If something is opensource it does not mean you can act without any obligations, that is naïve perspective. If you decide to bring a kids soccer team for free to a match in the weekend. You also do not cancel last minute with the excuse, I offered to drive for free so I do not have any obligation. Start using your brains there, and take time to think things thru. -Original Message- From: Kevin A. McGrail [mailto:kmcgr...@apache.org] Sent: dinsdag 14 juli 2020 10:40 To: Axb Cc: SA Mailing list Subject: Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave It is open source software, Axb. If you think it will take.you hundreds of hours unbilled for you to make the change on your system, you can easily add the code for the stubs and aliases back whenever 4.1 comes out. That is one of the great things about oss is you control your destiny. With aslv2 you are free to change the code, fork the code or even distribute the patch if you feel that strongly about it. Regards, KAM On Tue, Jul 14, 2020, 03:51 Axb wrote: In my case it will be a few hundred hours which will not be accounted for. Thanks for that.
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
> I never said it was being done for engineering reasons. The change is > being done to remove racially-charged language from Apache > SpamAssassin. As an open source project, we are part of a movement > built on a foundation of inclusion that has changed how computing is > done. The engineering concerns are outweighed by the social benefits > and your huffing is not going to stop it. > If you are referencing opensource and community. Why is this group not voting on this? Why is only a small group deciding what is being done? Such a vote, hardly can classify as open source, community nor democratic. Why is it you, who decides what is "racially-charged language", why don't you wait for some university researches being done, to see what "racially charged words" are, and what the implications are of using "racially charged words." Why not keep dual support, so people do not need to change their configs? If the argument is not to use these terms, than a fresh install would comply with this. You are part of the Apache software foundation what is even their stance on this subject? I can't imagine all projects are going to start modifying code, whatabout standards? The haste with making this decision only shows incompetence. The problem with people in IT nowadays is that they decide on things they should not decide on. It is like a dentist, starting to do brain surgery. As I said your team is not qualified to make a decision on this subject, because you lack information and education on this subject. Stick to what you have been doing nothing more, nothing less.
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
> I could not resist to take a quick peek. ;-) I think I saw a message I did not receive myself. > But at least one message is still missing. I will look into it. Maybe you blacklisted some guy? ;)
RE: spamhaus enabled by default
> > Am 11.07.20 um 01:56 schrieb RW: > > > I thought most ISPs had outsourced or given-up on email. > > > > why should someone with a brain outsource anything? > > I don't know, why do you outsource? > > > > ISP email has IMO always been a way of locking-in gullible > > > customers. The US is always behind with consumer rights, in the EU consumer data portability is arranged enforced legislation. Then again, is there not some saying like 'people deserve the government they are having' > > > > bullshit - how is there a lockin for customers with their own domains? > > It locks in those that use the address directly - try and keep up. > I think it will be more popular not to host with google or so. Because google is mixing your messages with spam, and your messages are more likely to be marked as spam. Furthermore doctors and anything serious will not use US based providers because of the lack of privacy. Recently someone contacted me in regards a CEO fraud issue. Google and Outlook.com were not even able to deliver evidence an email was delivered.
RE: Linux, Twitter, Mysql, Github, etc, all plan to remove blacklist and whitelist, master and slave.
> I don't see a problem since blacklist/whitelist are terms the computer industry > just grabbed from hotel reservation desks or some place like that. It's not > going to stop their use by the general public of course. I think you can go a bit further, like 1000 BC in chinese culture yin yang ;)
RE: Linux, Twitter, Mysql, Github, etc, all plan to remove blacklist and whitelist, master and slave.
- The following addresses had permanent fatal errors - (reason: 553 5.1.8 ... Domain of sender address x...@f1-outsourcing.eu does not exist) I think netfence.it is not really doing a good job ;)
RE: Linux, Twitter, Mysql, Github, etc, all plan to remove blacklist and whitelist, master and slave.
>On 2020-07-11 00:32, Mark London wrote: >> Spamassassin is not alone. > >Quote: >"If a lot of people believe in something stupid, it just doesn't stop being stupid". But in a democracy you will have a problem with this.
RE: Linux, Twitter, Mysql, Github, etc, all plan to remove blacklist and whitelist, master and slave.
Pf, twitter, microsoft, oracle all billion dollar companies only removing some words The news is full of black minorities having higher risk of death in coronavirus. Unemployment is highest amongst ethnic minorities. And these companies are only concerned filling their pockets, storing their money in tax havens. You have in the states famous people bribe good schools so their kids can attend (at the expense of others). It is just a fucking insult to ethnic minorities having such companies talking only about changing words! Wtf this Amazon guy 150 billion, the most greediest man on the planet!!! Let me guess, his employees get paid lowest on the market I would think twice mentioning such companies as examples. Don't forget Zuckerberg called facebook users 'dumb fucks', that is the standard at such companies. [1] https://www.zerohedge.com/news/2018-03-25/dumb-f-ks-julian-assange-reminds-us-what-mark-zuckerberg-thinks-facebook-users -Original Message- To: users@spamassassin.apache.org Subject: Linux, Twitter, Mysql, Github, etc, all plan to remove blacklist and whitelist, master and slave. Spamassassin is not alone. https://www.google.com/search?q=whitelist+blacklist=1C1CHBD_enUS893US893=ALeKk02i5oEeNFMyRbCSyvz1P74SAG8W8A:1594419806351=lnms=nws=X=2ahUKEwiwobjR3MPqAhVUknIEHbzFCdwQ_AUoAXoECA0QAw=1008=5900
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
Yes, as of now we don't write apache but ehcapa. If we write every word in reverse nobody has anything to complain any more. So everyone continuing this thread. Please pay you respect to past generations, and write ehcapa, tsiletihw, tsilkcalb etc!!! -Original Message- Subject: Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave So! What's next, changing the "Apache" name? Wake up!
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
Hey Pedro, I don't know for sure, I do not want to create a new problem, but this yahoo, was this word not used during the railroad building to encourage and push slaves to work harder? Would you mind using different email address? -Original Message- Subject: Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave Blacklist means "protection", so it is something positive... Whielist is for something wrong you cannot solve... so where is the problem? this is like the change from SystemV to SystemDplesae stop creating new problems! - Pedro
RE: Really simple setup guide
You can add rspamd they have all inclusive soluation and they do not even like if you want to customize the 3000 line counting configuration file to do just one check. -Original Message- From: Matthew Broadhead [mailto:matthew.broadh...@nbmlaw.co.uk] Sent: vrijdag 10 juli 2020 9:58 To: users Subject: Really simple setup guide Hi, I am running postfix, dovecot, amavis, spamassassin and clamav on centos 7. Everything is working great, and if I send an email with the spam signature on it it gets blocked by spamassassin. But still a lot of spam comes spamassassin and I wondered if there was a really great guide out there which might tell me how to tune the spam filter. On Thunderbird if I train the spam filter for a short time I get really great results with it catching most of what I would consider spam. Also I wondered if there is a way to ask spamassassin to put the spam in the user's spam folder rather than deleting it. Thanks in advance, Matthew
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
>> Good day Guys You are being a tad discriminative, by assuming there are no ladies reading these messages. Which is highly inappropriate for the current thread. ;)
RE: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
There was someone from akamai asking something similar on the openssl
mailing list. I told him to have a look at the composition of the akamai
executive team. I would recommend not redoing the converstation and
leaving this discussion for others to finish. FWIW this type of change
was rejected at openssl, and that seems to be the general attitude
towards such requests.
-Original Message-
From: Gianluca Furnarotto [mailto:keyst...@libero.it]
Sent: vrijdag 10 juli 2020 9:13
To: Kevin A. McGrail; Axb
Cc: SA Mailing list
Subject: Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826]
Improve language around whitelist/blacklist and master/slave
This is foolish, we are losing control. I have nothing else to think
about ... and the next one that needs to change its name is the TV
series "The Blacklist"?
And the next would be to delete the word "black"?
This is my opinion.
On 10 luglio 2020 a 09:05:26, Kevin A. McGrail (kmcgr...@apache.org)
scritto:
Gents, while this may appear to be a response to racial tensions in
the US of late, you might be surprised to learn that the project has
been working on this type of change for quite some time.
- We start using Blocklist at least as early as 2012 when I drafted
this:
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/DnsBlocklistsInclusionPolicy
- And the vote on and discussion on this change was based on a UK
article
https://www.zdnet.com/article/uk-ncsc-to-stop-using-whitelist-and-blacklist-due-to-racial-stereotyping/
which I brought to the PMC on 4/5. We brought it for a vote on 5/3.
So this isn't about US politics, it isn't rash and no it's not a
joke. This is about doing the right thing and getting rid of racially
charged language. I'd appreciate support in this change or at least if
you can't say something nice or helpful, just keep it to yourselves.
Regards,
KAM
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Fri, Jul 10, 2020 at 2:50 AM Axb wrote:
the US problems won't be fixed with renaming B lists.
Seriously.. you have more important issues...
On 7/10/20 8:42 AM, jdow wrote:
> Be sure to purge every instance of "fork" in the code
because it sounds
> too close to the other F..K word. Get the fork out of there.
>
> {O,o}
> i.e are you guys being just a little stupid here?
>
> On 20200709 21:00:37, Kevin A. McGrail wrote:
>> IMPORTANT NOTICE
>>
>> If you are running trunk, we are working on changing terms
like
>> whitelist to welcomelist and blacklist to blocklist.
>>
>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7826
>>
>> The first test of this work is done with allowlist_to
replacing
>> whitelist_to
>> Committed revision 1879456.
>>
>> If you are using trunk, there may be disruption since
routines,
>> plugins and rule changes will all interweave.
>>
>> *IF YOU ARE RUNNING TRUNK: I recommend you subscribe to the
>> d...@spamassassin.apache.org
>> mailing list to stay abreast of the changes.*
>> *
>> *
>> Please let me know if you have any questions!
>>
>> Regards,
>> KAM
>> --
>> Kevin A. McGrail
>> Member, Apache Software Foundation
>> Chair Emeritus Apache SpamAssassin Project
>> https://www.linkedin.com/in/kmcgrail - 703.798.0171
RE: Freshdesk (again)
>> They definately do. I report to them and they do take them down pretty quickly. Make sure you get paid for doing this every time. Because you are doing the work that they should be doing.
RE: Detection rate of msbl.org
Not much yet, I got this one[1]. But I am having this check as one of the last. Most connections are already failing with 'Possibly forged hostname' [1] Jul 1 01:08:45 spam1 sendmail[19193]: 05UN8fHL019193: Milter: from=, reject=550 5.7.1 Rejected feedb...@service.alibaba.com SPAM (ebl.msbl.org) -Original Message- From: James Brown [mailto:jlbr...@bordo.com.au] Sent: maandag 22 juni 2020 16:07 To: users@spamassassin.apache.org Subject: Detection rate of msbl.org I’m thinking about using the EBL from msbl.org with SA. Can anyone tell me what detection rate they are getting with it? Is it worth using, or would the spam be trapped by other methods (RBL, etc) anyway? Pretty hard to find much information about how useful it is. Thanks, James.
RE: SendGrid (Was: Re: Freshdesk (again))
I am going to make for companies like maildrop and sendgrid a hard block with reference to a page where someone can ask to be whitelisted with only an email address. In this procedure clearly stating the reason of the net block of these companies. If lots of sendgrid users are confronted with this, they will move to a better service. I can remember this fresh desk mail. I did not know where it came from. But now I know, I will complain a few million times. -Original Message- To: users@spamassassin.apache.org Subject: SendGrid (Was: Re: Freshdesk (again)) Hello, On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote: > I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of > complaints about Sendgrid. Also mailop. Have personally received phishing mails through SendGrid in the last 2 weeks in the name of citrix.com, microsoft.com and netflix.com. The Citrix one was to a hostmaster@ address. It's hard to comprehend how SendGrid could be doing a worse job of this, for so many months now. Yet their list of legit clients is large, so they remain unblockable for me. I just wish those clients knew how little SendGrid would do to prevent their other customers sending out phishing emails in their name. Cheers, Andy
White listing messages processed by a previous milter
What would be the best practice to whitelist / not process, messages that have already been processed by a previous milter. Maybe set a message header and whitelist on this message header?
sendmail m4 macro for ebl
I am also thinking about using it, and maybe creating my own ebl whitelist. Asked on the old fashioned sendmail newsgroup (cannot even search it), but they expect me learn this m4 language. I assume in this era I am not the first trying to use this, anyone like to share these few lines? -Original Message- To: users@spamassassin.apache.org Subject: Detection rate of msbl.org I’m thinking about using the EBL from msbl.org with SA. Can anyone tell me what detection rate they are getting with it? Is it worth using, or would the spam be trapped by other methods (RBL, etc) anyway? Pretty hard to find much information about how useful it is. Thanks, James.
RE: handling spam from gmail.
> > bullshit - your crap idea is sending active messages and that's not a > NDR and always wrong in case of fighting spam When my mta generates an 554 5.7.1, my server does not even have the senders email address at that time. So it is impossible to send 'active messages' (what ever those might be). The message/url is in the error description. > what about do your homewortk and just stop score spam with BAYES_00? are > you really that dumb? >
RE: handling spam from gmail.
Hi Jesse, what do you think of my point of view? > > > - you are placing the burden of reducing the spam in your system on all > the non-spam-sending users who wish to communicate with your users. If people want to have their free email, why not let them know about that their provider is harassing other providers and they have to take this action because of this. That is the price you have to pay for using free email or are at a provider that sends out large amounts of spam. Hopefully this will force people to move to a provider that does not send out spam? > - by raising the "cost" of sending legitimate mail to your users, you > will of course receive less legitimate mail along with less spam. Only from the spam network. And the spam network clients are informed about that the service they get there, is maybe not as it should be. Lots of people do not know about such things. > - for business transactions this costs business/money; eg. if faced > with such a system upon initial contact, I myself would choose to not > "click the link" and merely go to a competitor if there are other > reasonably equivalent businesses. not an absolute deal breaker, but > definitely a strong turn-off. If you get notified that you are hosting your business with a provider that mixes your emails with spam emails. Are you not thinking about to move your business to a different service provider? I would definitely ask myself wtf is. By staying at such a provider you indirectly support their behaviour.
RE: handling spam from gmail.
Hi Alex thanks for the on topic response. Bare with my thoughts. > > - arbitrary valid email addresses are used as sender address by spammers > to avoid being blocking as unknown sender. Whenever one of your users > gets a spam mail, some innocent unknown user gets the "click on the > link" message by your mail system. It's not spammers are using always > their own usernames. Many spammers also use their spammer address > database as sender addresses as well. I think this argument cannot be used. Because when blocking a connection via rbl or so. The connection hosts gets the error code and message response and is and that host is generating the NDR not me. In my procedure the error code could have the message with the url. > - by sending the "click on the link" message you acknowledge to a > spammer some email he spammed is valid and not unknown. This is a kind > of information that should not be disclosed to spammers. No it does not. It also depends on when you invoke this check. Same again with an rbl check. The block is done even before headers are received. > - two persons who are both behind such a system are not able to > communicate to each other, because they never receive the "click on the > link" message. It is blocked by the other mail system and replied > automatically by another "click on the link" message. Both mail systems > are sending these messages endlessly to each other. It's the "chicken or > egg" problem. This is not true. Because mail servers should deliver these NDR's especially when it is one's own environment. > - "click on the link" messages are considered bad practice, because > users must not be educated to click on links in unexpected emails. >
RE: handling spam from gmail.
I know I need to update, moving to containerized or centos8 when ready. However I do not think it will solve much, that is why I am asking for this procedure. -Original Message- From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] Sent: donderdag 11 juni 2020 11:24 To: users@spamassassin.apache.org Subject: Re: handling spam from gmail. On 11.06.20 11:04, Marc Roos wrote: >I have got lots of shit coming from *.google.com like these: >Received: from spam1.x.xxx ([212.26.193.45]) by .xx.xx with >Microsoft SMTPSVC(6.0.3790.4675); >Thu, 30 Apr 2020 02:35:01 +0200 I guess this is your mail relay >Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com >[209.85.128.66]) > by spam1.x.xxx (8.14.4/8.14.4) with ESMTP id 03TKVM5H027351 > (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=OK) > for ; Wed, 29 Apr 2020 22:31:25 +0200 yes, it comes from google. >Reply-To: makebajulie...@gmail.com >From: JULIET MAKEBA >Subject: Reply >X-Spam-Status: No, score=2.1 required=3.0 tests=BAYES_00, > FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO,LOTS_OF_M >ONEY, > MILLION_HUNDRED,MONEY_FRAUD_3,RCVD_IN_DNSWL_NONE,T_MONEY_PERCENT >autolearn=no > version=3.3.1 BAYES_00 indicates bad training. version=3.3.1 is too old SA version, you should upgrade - this version of SA does not have current rule updates (3.4.2 needed). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside...
RE: handling spam from gmail.
I have got lots of shit coming from *.google.com like these: Microsoft Mail Internet Headers Version 2.0 Received: from spam1.x.xxx ([212.26.193.45]) by .xx.xx with Microsoft SMTPSVC(6.0.3790.4675); Thu, 30 Apr 2020 02:35:01 +0200 Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by spam1.x.xxx (8.14.4/8.14.4) with ESMTP id 03TKVM5H027351 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=OK) for ; Wed, 29 Apr 2020 22:31:25 +0200 Received: by mail-wm1-f66.google.com with SMTP id x4so3514419wmj.1 for ; Wed, 29 Apr 2020 13:31:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=2NdLKf5rHcCL3IbMH3GuhPFJibYnFLn3P1EiVRDs7vY=; b=bFr2PRTThfF7Rc6VbfwKNIib8HtpUZY6ETyZxq3yfn2+wpBC2iOt4KV99BS+8bN3qU eqVXcceSgi/RbKFeDsgLA1ZMDxpzDiaqAQoJNJTwHM/1qme5TpGIOVE7KAjSnB/f540C dZSOwBVloMm2icCVZrBmhm5dOzslRR9sm6ZqlPCqzcV6aSTZbzfGwGXxSWySIbd4EXBL XyDQ/8qaPYt7JT6yR9Ds5bbfzMurhvCQdyUImjBQzhzNbqHPUO6RaS0BoEq1kjU68Tvb Ot0GHfDURBAGHQafA3lqGlko6ERW6TXB7YHkZVDh6TiGYoyvNDbAkZyw3+gnHE5/KhbA KMCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=2NdLKf5rHcCL3IbMH3GuhPFJibYnFLn3P1EiVRDs7vY=; b=icJ/PlxxtnwmdowH5ii9SM/8EHHh86jsGLE6OTECSCFANj5JZQPbsbYYLCWphiwDGU OcI0bv4O9RclGpAoscodnI4t/HKWmkuHWw9hwt7qit0g+hn8zdVNUFPJiogdsFoSh7eu K9SA41XmqagjAL1/jljqv58l3t7QQogCtfASW3zw64si7X0tHfL9Bf+PsdvP8kX5Os71 UZDRxKHrCyIt4bQAzd4fr29CM5Sz9vhWO4FgpA2/6o2LAgTFZ/HEwJ9hAol+2HWuLNnf hvHm3AkdPWT6x7lvMXzW0m4oXnwI16Cz092yzZKEJ9sSLhNAYt2rcMMxmTz7ts/KrdZz dkiw== X-Gm-Message-State: AGi0PuYGZyhIWZVcSGYP5XXSKtoOT4PoqKwH9NhaanpW8fL/vkeeI3kB m9mqeW7pPNmzRp5X/MEOgSlgJyxfj3S4B5WnFH0= X-Google-Smtp-Source: APiQypJL/6q6R4LD6d5CsdvsnhXqXOsIRt5mlsYYqBaC2JGYtMzbERXl3F/rqaotdGYvx3X+ lbM/crorMi+6QthoFNU= X-Received: by 2002:a1c:2dc7:: with SMTP id t190mr4898627wmt.129.1588192282560; Wed, 29 Apr 2020 13:31:22 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:adf:ec81:0:0:0:0:0 with HTTP; Wed, 29 Apr 2020 13:31:22 -0700 (PDT) Reply-To: makebajulie...@gmail.com From: JULIET MAKEBA Date: Thu, 30 Apr 2020 04:31:22 +0800 Message-ID: Subject: Reply To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=2.1 required=3.0 tests=BAYES_00, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO,LOTS_OF_M ONEY, MILLION_HUNDRED,MONEY_FRAUD_3,RCVD_IN_DNSWL_NONE,T_MONEY_PERCENT autolearn=no version=3.3.1 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on spam1.x.xxx Return-Path: richardshoffmann1...@gmail.com X-OriginalArrivalTime: 30 Apr 2020 00:35:01.0888 (UTC) FILETIME=[2F69A800:01D61E87] Return-Path: Delivered-To: xx Received: from mail03.xxx.eu (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by mail03 with LMTP id kKoHMcov2149JAAAI7dPvA for ; Sat, 06 Jun 2020 07:55:22 +0200 Return-Path: Received: from spam1.xxx.eu (spam1.xxx.eu [xxx.xx.xxx.45]) by mail03.xxx.eu (8.14.7/8.14.7) with ESMTP id 0565tMac009275 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sat, 6 Jun 2020 07:55:22 +0200 Received: from mail-pj1-f66.google.com (mail-pj1-f66.google.com [209.85.216.66]) by spam1.xxx.eu (8.14.4/8.14.4) with ESMTP id 0565tIdi058802 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=OK) for ; Sat, 6 Jun 2020 07:55:21 +0200 Received: by mail-pj1-f66.google.com with SMTP id a45so3807702pje.1 for ; Fri, 05 Jun 2020 22:55:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=webrework-in.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:mime-version:thread-index :content-language; bh=7qGcZf45bVmQTosUOEZzOlhqXsW80r8JYANlWV6lMcU=; b=nRq4BwRoIoCimYmoABa565TtsoINAu77KS84HZ8y5JU0nj/fqO+oWmljluP4/KlFRr P38IwasOHw6K4zPYNUORPLj+akF5dcn/OvbpBJolZLJF7bSLty8sm6i4pJVbS7Cxaphk qkm3HG2kKjkKV13xA9hoqRBqHYeqyY1BJqwLwwVAxXhvP3fRyObY5ZcKt5Z7DHI68+7R LSQ1zZbyJ98RDPXYyEgaUvvNxfbqpAnR8loBIxedAEuQqZefgIkRrW6th0oYF5acLnfh olY9/cj1B5L0IzREZ3iqo2blQEQA+RRe/SncEoFEQLmJJwmA6D5Xns/AwG2I4wwbhgQf OHng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :thread-index:content-language; bh=7qGcZf45bVmQTosUOEZzOlhqXsW80r8JYANlWV6lMcU=; b=Jz5FzHzFsGgLza4kth56USl8ZVmFNZBLm5nkXEUROkkA3nIz8dvVpW52YMYHBioUSj
handling spam from gmail.
I am sick of this gmail spam. Does anyone know a solution where I can do something like this: 1. received email from adcpni...@gmail.com 2. system recognizes this email address has been 'whitelisted', continue with 7. 3. system recognizes as this email never been seen before 4. auto reply with something like (maybe with a wait time of x hours): Your message did not receive the final recipient. You are sending from a known spam provider network that is why we blocked your message. Please confirm that: - you are not a spammer and - you have permission to use the mail adress you send your message to - you and your provider agree to uphold GDPR legislation - you and your provider are liable for damages when breaching any of the above. Click link to confirm and you agree with the above https://www.domainwithoutletsencryptcertificate.com/asdfasdfadsfaf 5. sender clicks confirm url 6. email address is added to some white list. 7. email is delivered to recipient.
RE: google as biggest botnet, no kidding
Nothing new, started with the amazon abuse cloud. Just put something in your mta like this for sendmail connect:compute-1.amazonaws.com ERROR: "Use your providers outgoing (smtp) server" Only recently I have noticed that they are changing reverse dns lookups to their clients, with the obvious intent to bypass such blocking. In order not to waste to much time on this, I have fail2ban that reports abuse 6 million times on their website port the abuse. -Original Message- From: Benny Pedersen [mailto:m...@junc.eu] Sent: 12 May 2020 01:42 To: users@spamassassin.apache.org Subject: Re: google as biggest botnet, no kidding On 2020-05-12 01:30, Kevin A. McGrail wrote: > The use of googleapis in spam is something we are seeing as well. We > unskipped it a bit ago in KAM.cf good to know i am not alone on this i begin to think of make my own rule scores for own rules, but i have never learned how to make it work, still no stable corpus to build from, and have no infrastructure yet to make it happend what could be a dream is url repution based on valid dmarc senders, something like how its done in rspamd hope clamav dont let it pass to spamassassin anymore
RE: How to block chimpmail emails?
What you can do is put in your sendmail access connect:mailchimp.com ERROR "SPAM" This refuses any connection of ip addresses with a reverse lookup having *.mailchimp.com -Original Message- Sent: 11 March 2020 00:15 To: users@spamassassin.apache.org Subject: How to block chimpmail emails? I receive several marking emails from chimpmail. I've tried adding the from email address to the blackfrom_list, but that does not block chimpmail. How can a person block these? Thank you. Daryl
RE: How to block chimpmail emails?
Can you post the message header? -Original Message- From: Daryl Rose [mailto:rosed...@gmail.com] Sent: 11 March 2020 00:15 To: users@spamassassin.apache.org Subject: How to block chimpmail emails? I receive several marking emails from chimpmail. I've tried adding the from email address to the blackfrom_list, but that does not block chimpmail. How can a person block these? Thank you. Daryl
RE: Question on early detection for relay spam
Use ipset, hardly causing any latency using 50k entries. -Original Message- From: Benny Pedersen [mailto:m...@junc.eu] Sent: 03 March 2020 15:39 To: users@spamassassin.apache.org Subject: Re: Question on early detection for relay spam Riccardo Alfieri skrev den 2020-03-03 14:53: # abuse port 21 begin 51.178.0.0/16 as16276 #OVH, FR 80.82.77.0/24 as202425 #INT-NETWORK, SC 104.206.128.0/22 as62904 #EONIX-COMMUNICATIONS-ASBLOCK-62904, US # abuse port 21 end # all ips begin 51.178.78.154 80.82.77.240 104.206.128.54 # all ips end # abuse port 465 begin 51.178.0.0/16 as16276 #OVH, FR 111.118.212.0/22 as394695 #PUBLIC-DOMAIN-REGISTRY, US 164.132.0.0/16 as16276 #OVH, FR 180.96.0.0/11 as4134 #CHINANET-BACKBONE No.31,Jin-rong Street, CN 192.241.224.0/20 as14061 #DIGITALOCEAN-ASN, US # abuse port 465 end # all ips begin 51.178.78.152 111.118.215.98 164.132.183.196 180.114.159.48 192.241.226.237 # all ips end # abuse port 587 begin 45.133.99.0/24 as202984 #TEAM-HOST AS, RU 51.91.0.0/16 as16276 #OVH, FR 78.128.113.0/24 as209160 #MITI2000, BG 82.102.160.0/19 as12400 #PARTNER-AS, IL 192.241.192.0/19 as14061 #DIGITALOCEAN-ASN, US # abuse port 587 end # all ips begin 45.133.99.2 51.91.212.80 78.128.113.92 82.102.173.78 192.241.213.144 # all ips end # abuse port 993 begin 45.136.109.0/24 as49505 #SELECTEL, RU 109.252.0.0/16 as25513 #ASN-MGTS-USPD, RU 109.86.81.0/24 as13188 #TRIOLAN, UA 185.30.176.0/22 as60476 #MYCOM-AS, NL # abuse port 993 end # all ips begin 45.136.109.251 109.252.91.113 109.86.81.177 185.30.177.80 # all ips end i have no custommers there, but its need to try anyway logs is from yesterday only
RE: Question on early detection for relay spam
>I know this is probably off topic but I'm getting desperate enough to ask. No problem I would say, it is good exchange thoughts and idea's >I run a commercial mailserver that regularly seems to have spammers >relay mail through it that have obtained stolen credentials for a user. > Many years ago I stopped allowing users to change passwords on it and >I setup passwords for all users added to it, and the passwords are >random strings of 8 characters or more. > >The problem is of course that since the passwords are difficult to >remember, once the users do remember them they merrily proceed to use >this "highly secure password that I can now remember" on every stupid >website out on the Internet that they care to login to. The problem >isn't really the people using Thunderbird or Outlook or their cell >phones or whatever, because they save the password in the email client >and then immediately forget it, which is what I want. It is the people >who use the webmail interface on multiple different systems, kiosk >computers and the like, who are the problem. When hosts out on the >Internet get busted into, the spammers get their passwords and >email addresses and start relaying. I've confirmed this with several >users I've called and it's always the same story. Strange your webmail should be on https then it is difficult to catch passwords. I do not have this at al, that peoples passwords get stolen. Hardly ever. So maybe somewhere something is wrong in your setup. Maybe spammers get access via a remote exploit? I do not think this is a common problem. >By the time I see what's going on the server is blacklisted everywhere >and I have to waste time delisting it, and asskissing all of the >little tiny blacklists run by little pricks who want me to pay money >or wait a month to be delisted, etc. (no I'm NOT talking about >spamcop, or barracuda or anyone professional - THEY know what they are >doing and don't look at this as a chance for a shakedown) Please remember, that you are causing work for these companies. Someone is complaining. And someone is adding your ip to the blacklist. They get harassed why the shit is getting through their spam filters. I would also ask amazon to pay me a few thousands for wasting my time constantly. >I estimate that last year this happened around 5 times and I just >lost an afternoon today answering the passle of help requests from >users because it happened again. > >What I am wondering is how to tighten up my monitoring on my servers to >more rapidly identify when this starts happening. What I'm doing now is >a kludge but I run mailq (this is a sendmail system) and when I see the >number of pending mail mesages in there exceed a threshold I send an >alert to my cell. It is a kludge and the problem is that >the mailq doesn't start filling up until my server gets blacklisted. Sendmail has a nice filter that rate limits a user. I was always thinking of implementing this, when I run into a situation as yours. >I've considered several ideas like running a script out of cron that >checks the number of authid's per hour but all of these seem like even >worse kludges. The only idea that I have come up with that I really >like is taking an AK-47 to the spammers but unfortunately spammers >know that they are unloved and cowardly hide away in Russia and scummier >places and I can't reach 'em. (maybe I could offer a bounty? A nickle >a head? That would pay for the bullet at least. I don't think those >people are worth even that, though) > >I do run a daily sendmail statistics report but by the time I read that >and see the bump in traffic it's too late. > >What do other people do for this problem? > Things you should consider: - investigate what clients mostly have these problems. Give them a sperate outgoing server. This way when it happens again not everyone's email is blocked. ps. When I get spam I put the whole /24 range on the blacklist. So maybe get ip's in different ranges. - filter your logs of the last year that have outgoing spam. You wil see same ip ranges. Put all of them on your outgoing mailservers dns blacklist so they cannot connect. - google for outgoing milters. You get blacklisted on the bigger rbl's after sending a lot of spam. A user is not sending 100 emails a day. Good luck, fighting these spammers!!!
RE: From Spoofed
You should maintain also your own rbl with soft and hard blocking of ip ranges. Problem with only marking emails is, is that the spam network is not 'learning' that their emails are being blocked. -Original Message- To: users@spamassassin.apache.org Subject: From Spoofed Hey Folks, I have a user that is getting many emails with obscene subjects. Someone is spoofing the From to include the users domain so the email is hitting "USER_IN_WHITELIST". I have installed the plugins from extremeshok and it has not stopped the problem. Emails have header info such as: X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail X-Spam-Level: X-Spam-Status: No, score=-60.8 required=5.0 tests=ALL_CODING,ALL_OZ,BAYES_99, BAYES_999,FROM_EXCESS_BASE64,HTML_IMAGE_ONLY_12,HTML_MESSAGE, HTML_SHORT_LINK_IMG_2,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL, RCVD_IN_PSBL,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,RCVD_IN_SORBS_WEB,RCVD_IN_X BL, RDNS_NONE,SERGIO_SUBJECT_PORN014,SUBJECT_FUCKBUDDY,URIBL_ABUSE_SURBL, URIBL_BLACK,URIBL_DBL_SPAM,URIBL_SBL,USER_IN_WHITELIST autolearn=no version=3.3.2 The SUBJECT_FUCKBUDDY rule has a score of 3.0 . Subject line has "Hungry for a Fuckbuddy" . Sorry I can't paste, it did not come through formatted properly when the user forwarded from Outlook and it's gone from her Inbox on the server. If I send a test email with Fuckbuddy in the subject from my GMail account spamassassin catches it and it and sends it to the spam folder. Ideas? Thanks, Robert Robert A. Ober IT Consultant, Vidcaster, & Freelancer www.infohou.com Houston, TX
How to block reverse hostname
How to mark all messages from *hostwindsdns.com server? 192.236.198.0 192.236.198.1 192.236.198.2 client-192-236-198-2.hostwindsdns.com. 192.236.198.3 client-192-236-198-3.hostwindsdns.com. 192.236.198.4 client-192-236-198-4.hostwindsdns.com. 192.236.198.5 client-192-236-198-5.hostwindsdns.com. 192.236.198.6 client-192-236-198-6.hostwindsdns.com. 192.236.198.7 2t1.ntdservices.icu. 192.236.198.8 client-192-236-198-8.hostwindsdns.com. 192.236.198.9 client-192-236-198-9.hostwindsdns.com. 192.236.198.10 client-192-236-198-10.hostwindsdns.com. 192.236.198.11 client-192-236-198-11.hostwindsdns.com. 192.236.198.12 client-192-236-198-12.hostwindsdns.com. 192.236.198.13 client-192-236-198-13.hostwindsdns.com. 192.236.198.14 client-192-236-198-14.hostwindsdns.com. 192.236.198.15 client-192-236-198-15.hostwindsdns.com. 192.236.198.16 exchange.xforce.ibmcloud.com. 192.236.198.17 bbg3.ntdservices.icu. 192.236.198.18 client-192-236-198-18.hostwindsdns.com. 192.236.198.19 t3ulb.ntdservices.icu. 192.236.198.20 client-192-236-198-20.hostwindsdns.com. 192.236.198.21 client-192-236-198-21.hostwindsdns.com. 192.236.198.22 client-192-236-198-22.hostwindsdns.com. 192.236.198.23 client-192-236-198-23.hostwindsdns.com. 192.236.198.24 client-192-236-198-24.hostwindsdns.com. 192.236.198.25 exchange.xforce.ibmcloud.com. 192.236.198.26 exchange.xforce.ibmcloud.com. 192.236.198.27 client-192-236-198-27.hostwindsdns.com. 192.236.198.28 exchange.xforce.ibmcloud.com. 192.236.198.29 client-192-236-198-29.hostwindsdns.com. 192.236.198.30 client-192-236-198-30.hostwindsdns.com. 192.236.198.31 client-192-236-198-31.hostwindsdns.com. 192.236.198.32 client-192-236-198-32.hostwindsdns.com.
unmark message sieve script
What options are available to 'unmark' a spam message. I have some frontend servers that are marking mail from eg. mailchimp as spam. But some users want to unmark a newsletter email or so. Maybe some solution that works with roundcube and managesieve?
