Re: DKIM ... KAPUT
On 13/06/2024 08:59, Rupert Gallagher wrote: Yesterday I disabled DKIM as a spam indicator, because I got tired of adding exceptions. Non-compliant relays should fail hard, but they do not. This is a tragedy. I have NFI why you wasted your time telling us this DKIM only proves it was sent from domain X, it has ZERO to do with "is or is not" spam. So again, venting your annoyance at your misunderstanding of DKIM with us, is pointless. -- Regards, Noel Butler
Re: kam fails if askdns is disabled
On 26/05/2024 01:20, Antony Stone wrote: On Saturday 25 May 2024 at 16:57:21, Benny Pedersen wrote: Antony Stone skrev den 2024-05-25 16:52: Is this a reply to something? something ?, try disable askdns plugin, then do spamassassin --lint succes ? hopefully kam know why there should not be lint errors if just check plugin is enabled, where all other plugins is disabled I apologise for not having worked that out from "+1". Antony. Shame on you for not turning on ESP ;) When Benny is off his meds, he's like the newbies who lodge support tickets saying "mail doesnt work" not I cant get my mail because of error fooXXX or cant send mail because im an idiot and cant read that we dont relay out on port 25, or im trying to relay using my old isps mail server... *sigh* but you get used to ignoring Benny's unintelligible shit. -- Regards, Noel Butler
Re: Multiple REFUSED logs with sorbs.net ?
On 18/05/2024 08:14, J Doe wrote: Hello, I make use of SpamAssassin 4.0.0 on a low volume e-mail server. I also run my own validating resolver with Bind 9.18.27 on the e-mail server. The only piece of software I have in my e-mail stack that uses SORBS is SpamAssassin. I have noticed in my resolver logs multiple entries where a query of SORBS results in REFUSED results. Here is an example entry: 10-May-2024 05:34:39.024 lame-servers: info: REFUSED unexpected RCODE resolving 'rbldns10.sorbs.net/A/IN': 108.59.172.201#53 While some queries succeed and SpamAssassin appears to be able to use SORBS, there are always *multiple* REFUSED results only for sorbs.net. Am I exceeding the number of free queries that SORBS allows ? If so, do I need to register with SORBS (similar to how SpamHaus requires registration to use their DQS service) ? If so, how do I update my SA configuration ? Thanks, - J SORBS has been ultra sensitive like that for a few years now, it allows lookups, then it doesn't, seconds later it does, I suspect an ill configured DoS protection mechanism that's overly paranoid, but good luck getting anyone their to listen. -- Regards, Noel Butler
SA treats percentage spaces wording as uri
This morning one of our ent_domains DMARC weekly report from a third party was listed as spam by SA which took the wording Not_percent-twenty_Resolved and passed it off to URI checks adding dot.com to it when there is no dot com after it, and a raw message search of that message in less in console confirms it. Problem with the code that scans the content for things like URI's? It shouldn't be assuming there's a TLD after it. -- Regards, Noel Butler
Re: Whitelist rules should never pass on SPF fail
On 11/05/2024 03:40, Bill Cole wrote: So what? domain owners state hard fail it SHOULD be hard failed, irrespective of if YOU think you know better than THEM or not, if we hardfail we accept the risks that come with it. In practice, there is a prioritizing of whose wishes I prioritize on the receiving systems I work with. If my customer wants to receive the mail and the individual generating the mail is not generating that desire fraudulently, I don't care much about what the domain owner says. I hope you have an indemnity clause in your contracts (or written statement from them) to legally protect you, and your professional indemnity insurance (or your countries version of it) is current... I do not work for the domain owners of the world and I am not obligated to enforce their usage rules on their users. Obligated no, its your network, your rules, but honouring them is the correct "good netizen" thing to do. I'm sure the crime gangs and spammers reading this list greatly appreciate you telling them they got better chances with you then most :P Obviously I take their input seriously when trying to detect fraud but I've seen too many cases of "-all" being used with incomplete or obsolete lists of "permitted" hosts to accept that they know all of the places their mail gets generated. The idea of using -all is not just configuring it and forgetting it, it's part of the accepted risk that if you change something, you change your SPF statements too, if they forget, the complaints of blocked mail should prompt them to fix it, or if they are just flat out too damn lazy, then they get what they deserve. Adherence has improved out of sight in past 5 to 10 years, and I've seen no problems caused by SPF, I can't remember the last time we had one. I've also given up all hope of getting the few places that are still doing transparent forwarding to adopt SRS or any other mechanisms to avoid SPF breakage to ever change. I guess the traffic with them is low, if it was high, blocking would likely get them off their buts. -- Regards, Noel Butler
Re: Whitelist rules should never pass on SPF fail
On 09/05/2024 22:47, Bill Cole wrote: On 2024-05-09 at 08:37:06 UTC-0400 (Thu, 09 May 2024 14:37:06 +0200) Benny Pedersen is rumored to have said: Bill Cole skrev den 2024-05-09 14:22: In fact, I can't think of any whitelist test that should pass if SPF fails. If you operate on the theory that a SPF failure is always a sign of spam, you can make your SpamAssassin always trust SPF failures absolutely. I would not recommend that. Some people screw up their SPF records. Other people forward mail transparently, which reliably breaks SPF. SPF is broken *by design* as a spam control tool AND as a mail authentication tool. We knew this 20 years ago, but it remains a useful tool if you work with its limits rather than assuming that they do not exist. spf domain owner asked for hardfails, so why not score spf_fail as 100 ? :) I believe that has been covered in extreme detail and redundancy here and in other email-related fora MANY times over the past 20 years. Domain owners do not KNOW all the paths their mail follows, even when they think that they do. Users frequently find ways to break SPF without doing anything wrong. It's not often I agree with what Benny says, but this is one of them. So what? domain owners state hard fail it SHOULD be hard failed, irrespective of if YOU think you know better than THEM or not, if we hardfail we accept the risks that come with it. This is why SPF should always be handled separately by a milter, so a hard fail wont make it to spamassassin or others who think they can ignore a domain owners wishes. -- Regards, Noel Butler
Re: Whitelist rules should never pass on SPF fail
On 09/05/2024 05:57, Jarland Donnell wrote: That's easy though at least. Set the DNSWL rule to 0. I appreciate their effort but it's simply not an accurate way to determine the value of an email in 2024. It's never been the deciding factor between whether or not an email was spam, in any email I've audited in the last decade. This! Trust must be earned, not assumed (or bought) -- Regards, Noel Butler
Re: spamassassin with gmail
On 16/04/2024 08:24, Michael Grant via users wrote: I am not at all advocating people use gmail. Something like 68% of the planet already uses it and few people like I really wonder about that, or did they pull a trump... I ran this June last year, the results are somewhat surprising, of course YMMV depending upon you're countries politics or what your ISP is like I guess. https://blog.ausics.net/archives/147-How-do-you-use-Email.html Michael Grant -- Regards, Noel Butler
Re: WARNING: Microsoft has earned removal from SA default welcomelist
On 13/04/2024 19:27, Marc wrote: All nice and well, but a bit decades to late. There should never have been such default whitelist. Companies should take care not be on blacklists, and should maintain some Absolutely, no arguments there! After all spf -all exists already for a long time. So why are google/microsoft/yahoo etc still not using it? Why don't Mostly because all the google spam would pass spf/dkim/dmarc anyway, at least tehy tend to learn you more as ham than spam if you send to them with spf. they separate free/spam clients on different infrastructure. Google do IIRC, Microsoft don't, it's why you wont find many of our sites in bing, because they use their own search bots in IP ranges shared with f'wit script kiddies, and I issued a directive no whitelisting for MS search bots - not until they stick em all in one subnet that does not, never has and never will have customers in it. Now these companies are big enough to abuse the market and force everyone to customize just for them. If you would sadly, thats true, they think they are too big to block, but they have all at some time found I don't work that way, nobody, is too big to block, and its a shame that likes of spamhaus and spamcop operate that way too, essentially shrugging their shoulders and going "oh well" It is just crazy that on the internet you are expected to clean up someone else's mess. Ahmen to that. -- Regards, Noel Butler
Re: WARNING: Microsoft has earned removal from SA default welcomelist
On 13/04/2024 03:20, Bill Cole wrote: In my opinion, this is an indication that the default welcomelist entries in the official I'm good with that, so long as likes of google are not in any whitelist either. I haven't been following all the anti spam stuff as much as I used to (I have people to do that for me so I can enjoy more of life) in past few years, but I've never believed the big providers should ever have been whitelisted. I've used clear uridnsbl skip domain for donkies years (I think that's the option that removes the dnsbl whitelistings going off memory) but perhaps there should also be a similar command (if not already exist?) that clears and disables /all/ whitelisting in rules as well, yes I know in the past the recommended method was writing a gazillion entries in local.cf zeroing out there scores, but isn't that kind of stupid in 2024. Trust must be earned, not implied (or bought), as Joanne points out, "my spam is your ham and vice versa" -- Regards, Noel Butler
Re: OT: Trigger words in email addresses?
On 08/04/2024 11:40, Jerry Malcolm wrote: Now here's my question (at least one of them)... I send the validation email from DoNotReply So... recommendations, please... should I change donotre...@.com to something else, and if so, what is Typically, noreply@... is used Have you tried using that sender from a non AWS host, even for just a test? My bet is, it's scoring higher because of AWS, who are abused often by spammers and scammers. server and using AWS's SES SMTP server for outbound. The and therein probably lies the answer. -- Regards, Noel Butler
Re: [EXTERNAL] Re: Catch a rejected message ?
On 02/12/2023 05:16, Benny Pedersen wrote: White, Daniel E. (GSFC-770.0)[AEGIS] via users skrev den 2023-12-01 16:35: why do you reply to a member that can't answer on maillist ? From: Reindl "Toxic Troll" Harald Because that moderated troll has a long known habit on most of the lists he's moderated on (which is pretty much everyone) of setting reply-to-list, and those who don't know better, don't bother to check where they're replying to. Which is kinda worrysome since the same people are supposed to be mail administrators. -- Regards, Noel Butler
Re: ATT RBL f---wits
On 29/11/2023 00:51, Tracy Greggs via users wrote: Cableone is SOA on this zone, so they are the issue. You can ask them to create a PTR for your static IP and hope for the best. Most I have dealt with will do it as long as it's a commercial account. As I pointed out - but failed to copy/paste a couple extra lines - cableone have issues, earlier they were reporting SERVFAIL then it was unreachables. The fact OP showed google knowing his PTR. says he should not have to have them add it manually, they need to fix what they already have - or they need to pay their bill :) It's also why we dont accept reports here that " oh google says its there" because google have a history of not honouring TTL's, and it always pays to use a DNS server that you don't think would have your zone cached, to get a fresh perspective. -- Regards, Noel Butler
Re: ATT RBL f---wits
On 28/11/2023 08:59, Noel Butler wrote: ~$ host 24.116.100.90 ;; connection timed out; no servers could be reached Seems like AT *ARE* doing the correct thing and it is *YOU* with the problem. before you start calling others f'wits do better investigation, a dig trace indicates root servers dont know you. Seems your IP provider is the onle with problems, now I get an answer of sorts ~$ dig +trace -x 24.116.100.90 < snip > 116.24.in-addr.arpa. 86400 IN NS ns2.cableone.net. 116.24.in-addr.arpa. 86400 IN NS ns1.cableone.net. 116.24.in-addr.arpa. 10800 IN NSEC 117.24.in-addr.arpa. NS RRSIG NSEC 116.24.in-addr.arpa. 10800 IN RRSIG NSEC 8 4 10800 20231211213247 20231127203247 6558 24.in-addr.arpa. ChfIccQU9mphSoPwTZf6Og2pumL3BRTQBGm7ZyFb5R8ycVL/jyXD94O8 XOLL48wgXFQPuW4bfoSlmB/nNJ4tfb1Vyeb3x5MmVQTL74tdotoGfFYS 2+gjyFWYkWAtkzOAmC7Eeva7hotpQ9Qa3LbkFtfznKBFdPAHHQ1vXs0K Shg= ;; Received 366 bytes from 199.180.180.63#53(r.arin.net) in 194 ms ;; connection timed out; no servers could be reached On 28/11/2023 07:31, Philip Prindeville wrote: We're being blacklisted by att.net with the following message: (reason: 550 5.7.1 Connections not accepted from servers without a valid sender domain.flph840 Fix reverse DNS for 24.116.100.90) I don't know what the hell is up with these pinheads: -- Regards, Noel Butler
Re: ATT RBL f---wits
~$ host 24.116.100.90 ;; connection timed out; no servers could be reached Seems like AT *ARE* doing the correct thing and it is *YOU* with the problem. before you start calling others f'wits do better investigation, a dig trace indicates root servers dont know you. On 28/11/2023 07:31, Philip Prindeville wrote: We're being blacklisted by att.net with the following message: (reason: 550 5.7.1 Connections not accepted from servers without a valid sender domain.flph840 Fix reverse DNS for 24.116.100.90) I don't know what the hell is up with these pinheads: philipp@ubuntu22:~$ dig -tmx redfish-solutions.com. @8.8.8.8 ; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> -tmx redfish-solutions.com. @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58379 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;;~$ host 24.116.100.90 ;; connection timed out; no servers could be reached QUESTION SECTION: ;redfish-solutions.com. IN MX ;; ANSWER SECTION: redfish-solutions.com. 21600 IN MX 10 mail.redfish-solutions.com. ;; Query time: 48 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP) ;; WHEN: Sun Nov 19 15:08:29 MST 2023 ;; MSG SIZE rcvd: 71 philipp@ubuntu22:~$ dig -ta mail.redfish-solutions.com. @8.8.8.8 ; <~$ host 24.116.100.90 ;; connection timed out; no servers could be reached <>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> -ta mail.redfish-solutions.com. @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19570 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;mail.redfish-solutions.com. IN A ;; ANSWER SECTION: mail.redfish-solutions.com. 21600 IN A 24.116.100.90 ;; Qu~$ host 24.116.100.90 ;; connection timed out; no servers could be reached ery time: 72 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP) ;; WHEN: Sun Nov 19 15:08:39 MST 2023 ;; MSG SIZE rcvd: 71 philipp@ubuntu22:~$ dig -x 24.116.100.90 @8.8.8.8 ; <<>> DiG 9.18.12-0ubuntu0.22.04.3-Ubuntu <<>> -x 24.116.100.90 @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2371 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;90.100.116.24.in-addr.arpa. IN PTR ;; ANSWER SECTION: 90.100.116.24.in-addr.arpa. 21600 IN PTR mail.redfish-solutions.com. ;; Query time: 68 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP) ;; WHEN: Sun Nov 19 15:08:55 MST 2023 ;; MSG SIZE rcvd: 95 philipp@ubuntu22:~$ So that's not the problem. You're supposed to be able to get the blacklisting fixed if you email abuse_...@abuse-att.net <mailto:abuse_...@abuse-att.net> but I've emailed them from 3 different addresses and have yet to get a response much less a resolution. Has anyone else had to deal with this bullocks and gotten it resolved? Thanks -- Regards, Noel Butler
Re: Anybody else getting bombarded with "I RECORDED YOU" spam?
On 11/11/2023 22:37, Mike Bostock via users wrote: There is a way to whitelist domains with no RDNS but so far I haven't found a way to do this in the .mc file. Thanks again /etc/mail/access Connect:foo OK -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
STY_INVIS_DIRECT
72_active.cf/STY_INVIS_DIRECT Anyone else seeing this go haywire? It's triggering on legit emails everywhere, even from paypal, for past few days by looks of helpdesk, and my own paypal email this morning, 2.5 score is pushing a lot of Email into "Junk folders", for now I'ma change that score to 0.25 -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: DMARC and SA4
On 27/09/2023 12:31, Bill Cole wrote: Quarantine is a silly concept. Users hate it in practice. Citation please? My experiences over the many years differ SpamAssassin does not implement any form of quarantine. This is not because it's a bad idea, but because SA doesn't implement ANY handling of delivery and storage. Nor should it :) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Ensuring SPF/DKIM for @gmail.com
On 27/07/2023 18:11, Marc wrote: I am always using -all. I honestly can't think of a good argument to use anything else. I agree. It's my belief that ~all is only useful for a "production entry test phase", once your happy, move to -all Like DMARC's p=none it's a "getting it going" method that's for you to get shit right, then move to p=quarantine, although from memory some European countries (Germany?) require or use to require you to either accept the message and deliver it, or outright block it with a reject message, I'd like to think they've changed that though. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Ensuring SPF/DKIM for @gmail.com
On 27/07/2023 17:48, Marc wrote: The oldest mail server log I can find is from mx-in-08 sadly even that one is only from 2005 but confirms we were using it then, quite a bit longer than 2014 :P Why retire? To go fishing or so? I think GDPR even prohibits keeping very old log files, if there is no specific reason for that. Nah, I could never catch anything more than a cold, but I do like camping though, peaceful bliss, no server fans droning, no phones ringing, no sitting in traffic... even better that most remote spots are RF noise free for amateur radio activities whilst other half sleeps her head off ;) As for GDPR, it doesn't affect us, we don't provide services outside our own country, also our government, like other "five eyes" nations, are perverted control freaks and tend to view all citizens as criminals and enemies of the state, so they would be pleased at that duration, we have a meta-data retention law that says we must keep CDR's and mail and web server logs for "minimum" of 2 years, funny though, they dont want us to keep usenet logs, because the vile scum of the earth and warez pups have never heard of usenet have they LOL -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Ensuring SPF/DKIM for @gmail.com
On 27/07/2023 13:43, Bill Cole wrote: No, SPF pre dates that, 1998 or there abouts if my ageing memory serves me It's failing... :) SPF originated with an idea of Gordon Fecyk, first written up AFTER he left MAPS in 2001. First ID calling it SPF would have been 2003 or so. A brief refresher from https://dmarcian.com/history-of-spf/ I'm remembering tiny bits here and there, pfft I'm nearing retirement, so maybe that should be sooner rather than latter :) But 20 years is a long time either way, and the base of my comments stand, if you're using an OS or daemon that's that old (or even 10 years ago), you STILL have much bigger problems than someone rejecting you on SPF :) The oldest mail server log I can find is from mx-in-08 sadly even that one is only from 2005 but confirms we were using it then, quite a bit longer than 2014 :P -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Ensuring SPF/DKIM for @gmail.com
On 27/07/2023 10:20, Matija Nalis wrote: mailing lists have been smart enough for over 20 years to rewrite sender and not appear as a basic forwarder - which are you are correct, however there are forwarding abilities to rewrite sender which avoids this, its been 15 years or more since I've used procmail which by default did not. I personally know several people who still use procmail today, sooo... Your assumption seems to be that EVERYBODY upgrades on regular (yearly-or-so?) cycles, and updates their configs to latest recommended practices at the same time. This is ideal but reality is far different, that said, most would not be using anything from 1990's, if they are, they are have far bigger issues than SPF. That at least I can attest is not always the case (I still see systems with custom sendmail.cf which nobody dares to touch, and with a good reason!) As above. But I won't agree that "it does not exist", nor would I agree that it doesn't matter (if it didn't matter to them, people wouldn't be asking me to troubleshoot it, and yet they do) It "does, not matter", you can't help those who wont help themselves, I'm sure we all remember this back in days when banks and governments wouldt run compliant DNS, they all expected us to whitelist them, when they realised that was not going to happen en masse, they got their act together and fixed their stuff, now, at least in this country, they woke up and realised the benefits so much so, the govt here is a strong proponent of DMARC and mandates all federal govt depts to use it (though I've discovered some that dont) Good for you. But that is anecdotal - you are certainly not participating in every mailing list in existence, I'm on 117 mailing lists - not that I have time these days to read much of it, family life is more important, in past couple weeks I just found a few hours to peruse some :) So, still in 2023, I have to deal with SPF (and DKIM) failing due to such forwarders/ML (as well as misconfigurations, of course) DKIM is a total failure with mailing lists, but DKIM - unlike SPF in a typical setup, is not an out-right reject at MTA level. Also, 1990s? Weren't first SPF-alike ideas drafted first time in early-mid 2000s, and SPF itself not published as *proposed* IETF standard until 2014? That was less than a decade ago, barely yesterday :) No, SPF pre dates that, 1998 or there abouts if my ageing memory serves me correct, 2014 might have been the SPF RR type, which certain cretins from the debian world fought long hard against as their dist versions of bind didnt understand it it was that old (heaven forbid debian users ran modern software - I hope thats changed since but somehow I suspect not...) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Ensuring SPF/DKIM for @gmail.com
On 27/07/2023 05:09, Matija Nalis wrote: Any SPF, no matter how correctly configured, will lead to false positives in some cases (e.g. encoutering mailing list B.S. mailing lists have been smart enough for over 20 years to rewrite sender and not appear as a basic forwarder - which are you are correct, however there are forwarding abilities to rewrite sender which avoids this, its been 15 years or more since I've used procmail which by default did not. If you are going to dry-reach to support an argument, please use modern facts and not 1990's. I was a *very* early adopter of SPF back in late 90's and have had zero issues in 20 years in using SPF (as expected as an early adopter, teething issues as with all software needed fine tuning in very early days) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Ensuring SPF/DKIM for @gmail.com
On 26/07/2023 17:34, Benny Pedersen wrote: milters should not be spam scanners, spamassassin is better SA is perl, perl is faster and better resource nice than python garbage, but perl is still slow compared to C, that is why milters will win out everytime. milter-regex is also light and super speedy, it stops a lot of trash before postfix even accepts the message to give to SA Frankly google is just trash anyway, so anything that blocks gmail/google spam is a great idea. (have they stopped google groups from backscatter yet, probably not, they are too busy fscking over youtube) -- Regards, Noel Butler - Ensuring my "long sig" is even longer, just for Benny This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. This I care not about mailing lists, although this is only a list/newsletter account its not my personal account Its one of my older formal but not personal addresses nbot really used in that lght now. thinking of other stuff to put in to annoy Benny but damn running outof time, time to go home its 5.50 pm
Re: Sudden surge in spam appearing to come from my email address
On 17/07/2023 20:00, Benny Pedersen wrote: Noel Butler skrev den 2023-07-16 02:05: it's why anyone who whitelists gmail is a fool (much like those who use gmail in the first place), we in fact add a positive score for all google/gmail connections you still have bigger signature then google/gmail on public maillists and I'm supposed to care because why, did you forget to take your meds again Benny... -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Sudden surge in spam appearing to come from my email address
On 16/07/2023 04:44, Cathryn Mataga wrote: Someone has figured a way to use gmail to spam from their servers, looks like to me. huh? They have been doing this for YEARS, google don't care because they get to scan (inspect) all the mail, even in transit, that's not "tinfoil hat" rubbish either since they long admit it. it's why anyone who whitelists gmail is a fool (much like those who use gmail in the first place), we in fact add a positive score for all google/gmail connections -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: authres do not parse sender-id
On 05/06/2023 03:38, Matus UHLAR - fantomas wrote: is sender-id still not depricated ? it's status: historic. It's also patended and since it's broken by design, there's no reason to support or use it. Supporting it used to tip you over the "your-not-spam" line with MS's cleanfeed, no idea if it still works that way as I lost my MS contact when she left for greener pastures. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: 0 score not voiding rule
On 28/05/2023 12:02, Thomas Cameron wrote: On 5/27/23 17:21, Noel Butler wrote: apparently does not disable the rule (like 0 disables all the others), is that a way of forcing your world view upon the rest of the world Kevin? I thought this welcome crap wasnt being applied until next release... I guess Kevin that changed quickly, I might have missed the change as I admit to having little time for most lists these days, family life too hectic :) Pretty bold to be a jerk to a guy you're asking for help from. Be nice, Noel. It's not that hard. I don't know why you've got a burr under your saddle, but it's definitely not making a good impression to be shitty on a public mailing list while you're asking for help. *yaaawn* I'm an early usenetter, I never wrapped idiocy up in cotton wool back then, I'm not about to start now. plonk? oh no what will I do... roflmfao -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: 0 score not voiding rule
AS usual I still dont get whatever you're going on about benny, but v4 was where these changes were to be, yes, BUT none of our servers are on v4 ls /var/lib/spamassassin/ 3.004006/ compiled/ On 28/05/2023 00:06, an unmedicated Benny Pedersen trolled: -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: 0 score not voiding rule
On 28/05/2023 02:53, John Hardin wrote: On Sat, 27 May 2023, Noel Butler wrote: USER_IN_WELCOMELIST 0 apparently does not disable the rule (like 0 disables all the others), it is still scoring negative values on messages despite being set some time ago, and surviving "new kernel" server restarts Did you also add: USER_IN_WHITELIST 0 They are synonyms, might need to kill both explicitly. Thanks John, will check that out this morning. I thought this welcome crap wasnt being applied until next release... I guess Kevin that changed quickly, I might have missed the change as I admit to having little time for most lists these days, family life too hectic :) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
0 score not voiding rule
USER_IN_WELCOMELIST 0 apparently does not disable the rule (like 0 disables all the others), is that a way of forcing your world view upon the rest of the world Kevin? it is still scoring negative values on messages despite being set some time ago, and surviving "new kernel" server restarts -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: new zip tld
On 19/05/2023 20:54, Benny Pedersen wrote: https://news.netcraft.com/archives/2023/05/17/phishing-attacks-already-using-the-zip-tld.html good or bad, i really dont know https://twitter.com/hnasr/status/1658853944037351424 -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Mailing list is being Spam Filtered by O-365
Oh, same IP again in this message, you are forwarding your mail via verizon business aren't you, no, there is nothing wrong with SA, FR lists nor Harrys setup when you forward, you risk breakage, only you can deal with this. On 20/04/2023 22:08, White, Daniel E. (GSFC-770.0)[AEGIS] via users wrote: Sorrry. Mixing up lists Received: from BL0GCC02FT027.eop-gcc02.prod.protection.outlook.com (2a01:111:f400:7d05::201) by CY4PR09CA0046.outlook.office365.com (2603:10b6:903:c0::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.25 via Frontend Transport; Thu, 20 Apr 2023 11:50:41 + Authentication-Results: spf=fail (sender IP is 63.88.93.251) ß smtp.mailfrom=thelounge.net; dkim=none (message not signed) ß header.d=none;dmarc=none action=none header.from=thelounge.net;compauth=fail reason=001 Received-SPF: Fail (protection.outlook.com: domain of thelounge.net does not designate 63.88.93.251 as permitted sender) receiver=protection.outlook.com; client-ip=63.88.93.251; helo=vsmtpx-e100-03.localdomain; __ Daniel E. White daniel.e.wh...@nasa.gov NASCOM Linux Engineer NASA Goddard Space Flight Center Office: (301) 286-6919 Mobile: (240) 513-5290 From: Reindl Harald Organization: the lounge interactive design Date: Thursday, April 20, 2023 at 07:50 To: Daniel White , "users@spamassassin.apache.org" Subject: Re: [EXTERNAL] Re: Mailing list is being Spam Filtered by O-365 CAUTION: This email originated from outside of NASA. Please take care when clicking links or opening attachments. Use the "Report Message" button to report suspicious messages to the NASA SOC. Am 20.04.23 um 13:47 schrieb White, Daniel E. (GSFC-770.0)[AEGIS] via users: How about this: how about realize that "@lists.freeradius.org" has nothing to do with "@spamassassin.apache.org"? Received: from BL0GCC02FT019.eop-gcc02.prod.protection.outlook.com (2a01:111:f400:7d05::201) by CYXPR09CA0020.outlook.office365.com (2603:10b6:930:d4::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.25 via Frontend Transport; Thu, 20 Apr 2023 11:27:54 + Authentication-Results: spf=fail (sender IP is 63.88.93.251) <- smtp.mailfrom=lists.freeradius.org; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=lists.freeradius.org;compauth=none reason=452 Received-SPF: Fail (protection.outlook.com: domain of lists.freeradius.org <- does not designate 63.88.93.251 as permitted sender) receiver=protection.outlook.com; client-ip=63.88.93.251; helo=vsmtpx-e100-01.localdomain; From: Reindl Harald Organization: the lounge interactive design Date: Thursday, April 20, 2023 at 07:36 Subject: [EXTERNAL] Re: Mailing list is being Spam Filtered by O-365 Am 20.04.23 um 13:20 schrieb White, Daniel E. (GSFC-770.0)[AEGIS] via users: Is there any chance that SPF and DKIM records could be added to appear in the headers ? what makes you believe that SPF is part of mail-headers? dig +short TXT spamassassin.apache.org; "spf2.0/pra ?all" "v=spf1 include:_spf.apache.org -all" Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=3.227.148.255; helo=mxout1-ec2-va.apache.org -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: [EXTERNAL] Re: Mailing list is being Spam Filtered by O-365
That is not a freeradius.org server that I can see, completely different network even... /var/mail/corp/n/o/e/noel.butler/Maildir/.Lists.FreeRadius/cur# grep "63.88.93.251" * | wc -l 0 Messages in folder 28047 CC'd F/R ML since you also posting this issue over there On 20/04/2023 21:47, White, Daniel E. (GSFC-770.0)[AEGIS] via users wrote: How about this: Received: from BL0GCC02FT019.eop-gcc02.prod.protection.outlook.com (2a01:111:f400:7d05::201) by CYXPR09CA0020.outlook.office365.com (2603:10b6:930:d4::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.25 via Frontend Transport; Thu, 20 Apr 2023 11:27:54 + Authentication-Results: spf=fail (sender IP is 63.88.93.251) <- smtp.mailfrom=lists.freeradius.org; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=lists.freeradius.org;compauth=none reason=452 Received-SPF: Fail (protection.outlook.com: domain of lists.freeradius.org <- does not designate 63.88.93.251 as permitted sender) receiver=protection.outlook.com; client-ip=63.88.93.251; helo=vsmtpx-e100-01.localdomain; -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: KAM FP
Pains me to agree with Benny, but the rules should be split out... On 20/01/2023 09:07, Benny Pedersen wrote: * 5.0 KAM_SOMETLD_ARE_BAD_TLD .buzz, .cam, .club, .link, .live, minor annoyances, score closer to 1 .shop, .stream, .top, abused, score closer to 2 more appropriate xyz .online massively abused, 5 is too low, but most ISP's and enterprises MTA block those two anyway. YMMV (but unlikely on the last two me thinks)... this is based on Australasia, can't speak for what is seen in the EU or US -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: welcomelist_auth and SPF
On 17/12/2022 08:35, Marc wrote: The sender's SPF record includes the sending IP (40.107.96.128) in the secureserver.net <http://secureserver.net> entry, and SPF_PASS is hit. Without even checking anything I can already remember that this secureserver.net is shit. I have blocked whole ranges of them, they send spam, try passwords etc. I have the impression that there is nothing secure about secureserver and everything seems to be hacked there. s/secureserver/google/ s/secureserver/amazon/ s /secureserver/microsoft/ s /secureserver/ ... / I often have gmail accounts hit our honeypots, to the point that I now deliberately take a week or more to clear the google smtp of the day off the list, each time, I take longer and longer to remove - just like other providers and I currently have a large chunk of google/amazon/MS/linode/D.O/... cloud ranges blocked. My point is, they are all the same and if someone wishes to whitelist them, that's the risk they take, they are answerable to their users, not to you, me or anyone else. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: KAM channel disabling lookups?
On 12/10/2022 03:35, Henrik K wrote: On Tue, Oct 11, 2022 at 09:29:18AM +0300, Henrik K wrote: KAM channel (https://mcgrail.com/template/kam.cf_channel) users might want to check their rules.. KAM_deadweight2_sub.cf contains this: meta __RCVD_IN_SORBS 0 meta __RCVD_IN_ZEN 0 meta __RCVD_IN_MSPIKE_B 0 meta __RCVD_IN_MSPIKE_L 0 meta __RCVD_IN_DNSWL 0 Seems it's been disabling many active and useful DNSBL/WL lookups for a long time? Ah yeah, now I remember this bug: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7991 Apparently this isn't a "problem" in 3.4, as the channel can't even override anything from official rules.. so only affects recent 4.0.0/trunk users. or save SA doing extra work, and use the RBL's at MTA level - where they should be used and have been used for 25 years in the ISP world -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: subscribe to blacklist for domains
On 16/08/2022 01:33, Greg Troxel wrote: If you accept mail and then send it to /dev/null, then the recipient is unaware that it was sent, and the sender is unaware that it wasn't received, Exactly what happens to high scored spam, if its high is very obvious trash and the recipient wont want to know, and well who cares what those senders want to know :) So I'm a firm believer that at SMTP time, you need to pick one of 550 and you're done accept and then sort into ham mailboxes and spam mailboxes, with the idea that the user should be checking all of them or use both, 1 block the very obvious and non compliant; 95% 2 spam folder the "just triggering spam rules" - a problem with pop3 users (yes, speaking from an ISP world in Oceana they heavily outweigh number of imap users) so the labelled as spam stuff is mixed in their normal inbox ;0.1% 3 /dev/null the other obvious ; 0.0001% (ultra low becasue step 1 catches most) 4 inbox the rest As for spam folder checking not even I bother with mine except for once or twice a year -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: subscribe to blacklist for domains
On 14/08/2022 23:15, David Bürgin wrote: To clarify: Backscatter is caused by 'rejecting' mail with a bounce message, after first accepting it. This is what was being suggested by some, I think everyone here knows what backscatter means, and what it is. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: subscribe to blacklist for domains
On 14/08/2022 22:37, Martin Gregorie wrote: On Sun, 2022-08-14 at 11:39 +1000, Noel Butler wrote: On 14/08/2022 02:38, Martin Gregorie wrote: 3) It would be rather trivial to return spam to sender with a suitable WTF, that has been a terrible idea since the 90s, given most spam is spoofed, the end result of this will be your mail server getting the poor reputation as source of backscatter and going into blacklists :) greed - I don't do that, but almost as long as I've been on this list there have been advocates of it. As I said, I thought about it, but the effort of writing a filter to determine what, if anything should be bounced or rejected, has never seemed worth the effort for such a low volume mail used as myself. Martin When people advocate for it, it goes to show the only thing they have ever been responsible for is their own home mail server with accounts for them and maybe a friend or two on it, never for anything commercial, you've been around a great many years Martin, so I'm glad you resist the temptation of the fools. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: subscribe to blacklist for domains
On 14/08/2022 04:23, Bill Cole wrote: Not sure what you mean by that... There are a handful of rules that sidestep specific false positive cases because the hit being evaded isn't meaningful in specific cases. None of those are intended to 'whitelist' any domain, they exist to avoid incorrect hits. RCVD_IN_DNSWL* and some trusted rules, as two examples, in years gone by we've had obvious spam not binned because they were in those headers taking away the sticks harshness, so we disable them and all like them. I get it, small offices with no experienced IT on hand might find this annoying, but enterprises and ISP world are able to fine tune this, but we use a number of blacklists and complex milter-regex rules that stops 95% of the crud outright before hitting SA. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: subscribe to blacklist for domains
On 14/08/2022 02:38, Martin Gregorie wrote: 3) It would be rather trivial to return spam to sender with a suitable WTF, that has been a terrible idea since the 90s, given most spam is spoofed, the end result of this will be your mail server getting the poor reputation as source of backscatter and going into blacklists :) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: subscribe to blacklist for domains
Why are you not blocking with blacklists at the border, ie: MTA. Given its 0 resources for your MTA, with anti spam checking on SA often using significant resources (depending on traffic/number of tests/rules etc), its best to stop it getting to SA in the first place. SA also has this by-default list of domains that it never checks, for along time I have disagreed with this, we are the ones to decide who gets whitelisted not SA, not some paid third party, the option clear_uridnsbl_skip_domain however prevents this, but then you have to locate and 0 all the general rulesets scores that are whitelists as well. On 13/08/2022 09:55, joe a wrote: I need to refresh my brain on using blacklists with SA, before looking more deeply into why this got through. Today a email slipped through with a very low score that was clearly phishy. A url in question, posing as another, hits no less that 6 blacklists. I was going to look at clamav that is in use here, as I had just been tuning that a bit and realized that that may be using a hammer to drive a screw. so to speak. Or are they passe these days? -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Supposed bounces
On 19/07/2022 09:49, Grant Taylor via users wrote: At the very least they let you know that a message was rejected. I can then go look at my MTAs logs and deduce why message(s) were rejected with more authority than anything the MLM could tell me. Is that what you tell your customers? I'm damn sure it's not. But seriously folks, why the noise, its 3 years old (well mine was), get over it :) The age of what prompted the discussion doesn't negate the discussion. The discussion is OT, you've been around long enough, so has the other guy, to know how to query issues about the mlm, and none of it is bringing noise onto the list, which I too am now guilty of and shall be my last. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Supposed bounces
On 19/07/2022 09:12, Grant Taylor via users wrote: Every version of what you describe that I've looked at has been the courtesy message. Which is a joke, because it does not, and qmails ezmlm has never included enough of the headers telling us _why_ we rejected it. But seriously folks, why the noise, its 3 years old (well mine was), get over it :) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Supposed bounces
On 14/07/2022 17:27, Benny Pedersen wrote: Noel Butler skrev den 2022-07-14 00:38: ezmlm has been long brain dead, I particularly like its messages saying its reject message but never tells you the actual 5xx code. I aint about to go through 2019's logs to find out why either :) Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8 please stop doing this shit to maillists f@ck off -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Supposed bounces
On 14/07/2022 04:24, Grant Taylor via users wrote: On 7/13/22 12:19 PM, @lbutlr wrote: So, a supposed bounce from also three years ago. And that bounce did not come from my mail server as I have never run qmail. No IP addresses, no Received headers, nothing that could possibly be used to figure out what is going on here. I think this is a courtesy message from the mailing list saying that a message that it tried to send to you was bounced. It provides a copy of (part of) the message for your convenience. Nothing about that implies that you sent the message that bounced. Instead it is extremely likely that you did not originate the message that bounced. ezmlm has been long brain dead, I particularly like its messages saying its reject message but never tells you the actual 5xx code. I aint about to go through 2019's logs to find out why either :) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Untrustworthy TLDs and KAM
I've dropped both the scores substantially so if it triggers as spam there must be other noticeable nastiness. (There's a reason we've never submitted fp's for review, Australia has very strong privacy laws, not quite as strong as Germany, but close to it, we have to have users submit them directly, and history shows they don't, so I just drop the scores for obvious over-reach and move on, I made the comment just to advise the OP is not the only one seeing it) Cheers On 02/05/2022 12:14, Kevin A. McGrail wrote: Feel free to submit fps for review. On Sun, May 1, 2022, 21:56 Noel Butler wrote: .online will be a problem for us, a quick grep of 2 mail servers shows a good few FPs, also doubling up seems counter productive, but add those with pother rules and it easily triggers limits On 02/05/2022 11:47, Kevin A. McGrail wrote: Did it cause a fp with a score of 5.0 or higher? On Sun, May 1, 2022, 21:46 Alex wrote: Hi, Four points for a .online TLD with KAM rules * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs * [URI: www.lci-mtc.online (online)] * 2.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .buzz, .cam, .casa, .cfd, .club, * .date, .guru, .live, .online, .press, .pw, .quest, .rest, .sbs, * .shop, .stream, .top, .trade, .work, .xyz TLD abuse $ spamassassin --version SpamAssassin version 4.0.0-r1898781 running on Perl version 5.34.1 -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Untrustworthy TLDs and KAM
.online will be a problem for us, a quick grep of 2 mail servers shows a good few FPs, also doubling up seems counter productive, but add those with pother rules and it easily triggers limits On 02/05/2022 11:47, Kevin A. McGrail wrote: Did it cause a fp with a score of 5.0 or higher? On Sun, May 1, 2022, 21:46 Alex wrote: Hi, Four points for a .online TLD with KAM rules * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs * [URI: www.lci-mtc.online (online)] * 2.0 KAM_SOMETLD_ARE_BAD_TLD .bar, .buzz, .cam, .casa, .cfd, .club, * .date, .guru, .live, .online, .press, .pw, .quest, .rest, .sbs, * .shop, .stream, .top, .trade, .work, .xyz TLD abuse $ spamassassin --version SpamAssassin version 4.0.0-r1898781 running on Perl version 5.34.1 -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Regex error in most recent update
On 19/02/2022 01:21, The Doctor wrote: On Fri, Feb 18, 2022 at 10:51:16AM +0100, Bert Van de Poel wrote: Hi everyone, I just noticed we had two email servers complain last night after running sa-update about a regex problem: /etc/cron.daily/spamassassin: config: invalid regexp for __URI_TRY_3LD 'm,^https?://(?:try(?!r\.codeschool)|start|get(?!\.adobe)|save|check(?!out)|act|compare|join|learn(?!ing)|request|visit(?!or|\.vermont)|my(?!sub|turbotax|news\.apple|a\.godaddy|account|support|build|blob)\w)[^.]*\.[^/]+\.(?Variable length lookbehind is experimental in regex; marked by <-- HERE in m/(?i)^https?://(?:try(?!r\.codeschool)|start|get(?!\.adobe)|save|check(?!out)|act|compare|join|learn(?!ing)|request|visit(?!or|\.vermont)|my(?!sub|turbotax|news\.apple|a\.godaddy|account|support|build|blob)\w)[^.]*\.[^/]+\.(?channel 'updates.spamassassin.org': lint check of update failed, channel failed sa-update failed for unknown reasons Did anyone else notice the same thing or is it just on our end? Thank you, I am seeing that as well. Kind regards, Bert Confirmed, it's erred here for 48 hours -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Fw: spam from gmail.com
This is _exactly_ why I zero out whitelists. A decent portion of spam being rejected here is from gmail, far more than from outlook and co. Trust can only be earned, not bought and not assumed, whitelists should have no place in SA, and why always use clear_uridnsbl_skip_domain On 11/11/2021 21:19, Philipp Ewald wrote: You can report it. Gmail is on DNSWL -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: More Norton Evil Numbers....
On 03/09/2021 07:25, Benny Pedersen wrote: On 2021-09-02 23:14, Jared Hall wrote: More EvilNumbers from Maria Louise, one of Norton's GMail accounts. Lucky for me my record was credited and not my actual account :) is this now your newspaper to post all kind of evil numbers ?, if all rule set updates would be aswell we all loose, do your good homework, but dont make ads out it here if its just me, sorry For once Benny, no, you're right. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Lint failing
On 04/08/2021 04:44, asparks wrote: Yes. As I said I'm working to get rid of that. Hopefully I can really soon, but when you're the only op... and pandemics and all such fun. I got the impression others were having issues as well. -Alan On 2021-08-03 12:18 PM, Thom van der Boon wrote: I've had no alerts, so no issues here -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: CHAOS: v1.2.2: Of Documentation
On 23/07/2021 18:01, Simon Wilson wrote: - Message from Jared Hall - Date: Fri, 23 Jul 2021 00:07:52 -0400 From: Jared Hall Subject: CHAOS: v1.2.2: Of Documentation To: users@spamassassin.apache.org Simon Wilson wrote: could you, please, finally, describe what does this module do, here to the list and/or to the wiki? the description there is too hard to understand, epecially at the beginning, and I couldn't force myself to understand it (multiple times). Maybe you should start with the easy parts and follow with those more compliated functionality, because I feel the description starts with thelatter. I'm guessing from the silence in response that this will remain a mystery. Simon. ___ Simon Wilson M: 0400 12 11 16 Reads perfectly well to me. I guess to be compatible with any other plugin, I must delete all documentation entirely :) No - but perhaps a start would be to *really* listen when people ask questions demonstrating you are not as good as you think you are at writing things which make sense to people other than yourself. Seriously, every single rule that this module can generate is listed. That's a good start, comparatively. I answer, and have answered, all questions regarding this module. Again no. Perhaps not all mailing list emails make it through the module... I've still yet to see a list post explaining what this thing does so no he has not answered all questions about it, the most common sense thing of all time is if you advertise your wares, you at least tell people WTF it does, you don't send them to some web site to find out (which as some posters have indicated apparently does not even tell you). I wont comment on the rest of his trash talk, based on his useless smart arse replies, I don't care what this thing does we wont be touching it due to his childish pathetic attitude, for all we know it's malware. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: heads up for false uribl black hits
On 20/05/2021 11:58, Bill Cole wrote: On 2021-05-19 at 21:13:41 UTC-0400 (Thu, 20 May 2021 11:13:41 +1000) Noel Butler is rumored to have said: By now most of you are aware of the hostile takeover of freenode and the mass exodus that's currently underway (if not see kline.sh for more) [1] Interestingly it seems uribl.com has the replacement, Im going to obfuscate it else you wont likely see this :) just replace digits with their alpha lib3ra dott ch4t in their listings, interesting because they dont seem to list new domains that way and that one is new, heh maybe andrew lee controls that too, who knows... The new domain was NOT listed in any RHSBL at 13:55 UTC. OTOH, they didn't like something about my usual single-venue address pattern so I had to register with an alternative tagging pattern. still listed in URI Domain Status Manage libe.cxxx Listed on URIBL black at 02:46 UTC someone has made a delist request about 8 hours ago though strange that a service that has a policy of not saying why they list is included in default SA (btw - I have no affiliation with either party - I'm just mentioning it here since its where I found my confirm request) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: countries.nerd.dk
On 13/05/2021 01:47, Paul Fowler wrote: Did you ever get a reply for this? I was wondering the same thing. DNSRBL is still available, but I don't know how often this is updated. Regards, Paul - From: Noel Butler Sent: Monday 1 February 2021 01:36 To: users@spamassassin.apache.org Subject: countries.nerd.dk Anyone got an goss on where they went? Been down since late last year, haven't seen any messages about closing up shop. Hey, Nope, I think its abandonware -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: My 10 years old domain have a bad TLD
On 03/05/2021 18:15, Denis Chenu wrote: Le 03/05/2021 à 09:28, Dominic Raferd a écrit : On 03/05/2021 08:15, Denis Chenu wrote: Hi, I own and manage sondages.pro domain since more than 10 years now. Since some week now, my spamassassin score is lower than before. Seems some version give a -2 score. Maybe since a debian update. I never send any spam email. When looking at spam received : i receive a lot more spam from .com TLD than .pro TLD. Is there a way other than change my domain to fix score and get again a perfect score . Thansk a lot, Denis I see that .pro is included in KAM_FUN (via _KAM_FUN1) which gives +7.75 to SA score. I am not sure if this is a recent change. Those of us who use the KAM rules will be affected by this unless of course we code an exception for your domain. I have another personal rule which adds +6 for 'unusual' domains - including .pro - so your chance of getting an email through to my users is zero (sorry), unless indirectly (e.g. via mailing list). But pro is not a new domain, exist since June 2004. And clearly : i never receive any spam fro .pro domain myself. Currently .co seems a lot more used for spam. And this domain (.co) are not in https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/pds/20_ntld.cf?view=markup .pro have a -1 with SUSP_URI_NTLD_PRO. on spamhaus : pro = 1.7% bad (score 0.09) Then what minimal score is required to be allowed ? Else : if i am a spammer : i look of update of SpamAssassin NTLD and avoid this tld. Clearly : .biz or .online are used some year ago, but i don't see a lot now for example. Denis We seem to see different depending where we are, here in Australia, I do not see .pro as a problem at all, .online and .xyz certainly are a problem however -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: SA DKIM check
On 01/04/2021 23:10, Simon Wilson wrote: Does SA always do its "own" DKIM check, or can it be told to use an already written trusted AuthservId-written Authentication-Results header, e.g. from OpenDKIM? Thanks That would be dangerous on a few levels, completely open to fake written headers, you could end up "trusting" a spammer -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: FIXED!!!! Re: HEADS UP: SPAMCOP MIA
On 01/02/2021 04:59, Axb wrote: On 1/31/21 7:57 PM, Jared Hall wrote: On 1/31/2021 6:58 AM, Axb wrote: Happy Sunday !!! Cisco forgot to renew spamcop.net Registry Expiry Date: 2022-01-30T05:00:00Z Better disable till it's fixed score RCVD_IN_BL_SPAMCOP_NET 0 Stay safe! OK. Thanks. Issue has been FIXED.. all looks good yep, perl scripts we use to monitor our mail servers in key DNSBL's sent upalerts at 02:55 local -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
countries.nerd.dk
Anyone got an goss on where they went? Been down since late last year, haven't seen any messages about closing up shop. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: HEADS UP: SPAMCOP MIA
On 31/01/2021 22:06, Matus UHLAR - fantomas wrote: On 21-01-31 12:58:48, Axb wrote: Cisco forgot to renew spamcop.net Registry Expiry Date: 2022-01-30T05:00:00Z On 31.01.21 12:02, Georg Faerber wrote: That's still one year to go, isn't it? Updated Date: 2021-01-31T09:40:42Z they fixed it in the meantime. nope try lookup your host, or, any host, it goes to "has address 91.195.240.87" -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Apache SpamAssassin and Spammers 1st Amendment Rights
On 2020-11-21 04:59, Jakob Curdes wrote: To all: please also rememember that this list is international and not every corner of the world is interested in the way the current conflicts in the U.S. are handled. well said! Or, in other words, the Nth amendment is part of the U.S. constitution, for me as a german my own constitution is the guide-rail. And yes, it allows me to block spam. And yes, please let us keep politics out of this list. and as an Australian, the right to block spammers was supported by the courts a very long time ago (those of us old enough i'm sure remember t3 direct who insisted he had the right to spam and not be blocked - but the courts ruled otherwise) That said, our own Spam Act also excludes charities, pollies and religions - however we still have a right to filter/trash/block/not-deliver their trash to inboxes, its just those orgs cant be prosecuted.
Re: SPF_FAIL
On 05/11/2020 21:54, Victor Sudakov wrote: > An SPF fail is by no means a sure sign of spam. It can be some indicator > of spamicity (as I thought), but not a decisive sign thereof. SPF was never designed to be anti-spam, although on face value it does have that ability given that spammers impersonate domains, it is one of many tools required required in that battle. I was an early adopter of SPF, in its very very early stages, There are some rare instances in early days where SPF may break in some forwarding cases, but for well over a decade most forwarders re-write sender so its not a problem, it's never been a problem with mailing lists for me either, unlike DKIM, I've never experienced any deliverability problems due to SPF, but YMMV. Microsofts SRS however gave a lot of headaches with mailing lists and was such a flop even Microsoft advises against its use. > doubt the wizdom of rejecting hard SPF fails in the MTA Why? Because a handful of people are too clueless to keep their records up to date? They set those records in first place to prevent spoofing, they know the risks they know if they change AS's or suppliers they have to modify those records, I mean FFS, they change all other records to new IP's don't they, so frankly they get what they deserve if they can't be bothered. >> i just think default score is made for spamass milter users with do rejects >> of spam mails, but why not honner spf fail rejections, hmm If they set a softfail, they dont really care if that domains is spoofed, or it just isn't an important domain, I adjust my SA rules to force softfails as spam , I hard reject hardfails on MTA, and I also null out any and all whitelisting in SA, trust must be earned, not assumed. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: the pending whitelist* -> welcomelist* change
On 17/10/2020 00:22, Matus UHLAR - fantomas wrote: > On 10/16/2020 5:48 AM, Victor Sudakov wrote: My SpamAssassin reports that > > -0.0 USER_IN_WELCOMELISTuser is listed in 'welcomelist_from' > -100 USER_IN_WHITELIST DEPRECATED: See USER_IN_WELCOMELIST > > However when I change "whitelist_from" to "welcomelist_from", SpamAssassin > complains: > > $ spamassassin --lint > Oct 16 02:46:11.739 [11288] warn: config: failed to parse line, skipping, in > "/etc/spamassassin/local.cf": welcomelist_from *@ > Oct 16 02:46:12.979 [11288] warn: lint: 1 issues detected, please rerun with > debug enabled for more information > > Am I not supposed to replace whitelist with welcomelist in my configs? On 16.10.20 09:20, Kevin A. McGrail wrote: > No, not until 4.0 is released. Good question! perhaps, the rules above should be defined only for version >=4 and versions <4 should have the original rules. I agree, but since Kevin is the one forcing this political crap down our throats, he wont care and will deny all requests, just run a perl regex over the rules to remove/replace them ;) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Constructive solution to the blacklist thread
On 25/07/2020 04:03, Kevin A. McGrail wrote: > I'd say too many people without merit and knowledge of the project > spouting off building on misinformation and rants more fitting for a > racist channel on 4chan would be my analysis of what started the discussion. here we go again, attacking people calling them racists and radical extremists because we wont roll over and bow to your american political dictatorship, you act as has been shown here with no thought to others or consequences to others, you act without even understanding of what the colour based terms are and where they came from, if you actually did any research into this (which you admit you did not) youd realise that. There are 192 _other_ countries in the world, the USA is united states of america, not united states of world - get used to pushbacks from those who are sick of the USA pushing their views and values on to others because of their own failings, especially when you cant even protect your own kids from mass murder at hands of gun nuts, when you can, THEN you can come here and beat your chest about how great a nation you are.
Re: Why the new changes need to be "depricated" forever
On 24/07/2020 23:26, Benny Pedersen wrote: > Noel Butler skrev den 2020-07-24 14:57: > >> because it shits trolls like you off > > https://imgur.com/pHlUeZY?fbclid=IwAR2l8HBDnXST5-adnmyIbBAsq16sZeGNhfqHwBNM8IkQZsir2aUw-H919hk dunno what you referenced benny I only click on links that are from friends/family/trusted sources - which you are none of but your so stupid you forget most people on this list are seasoned network/system admins and take the same approach. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Why the new changes need to be "depricated" forever
On 24/07/2020 22:01, Benny Pedersen wrote: > Noel Butler skrev den 2020-07-24 03:24: > >> The fact the OP never included you means they knew you were being >> sarcastic, kevin cant see that because he is in total defensive mode, >> he thought people would suck up his dictatorship and roll over and >> move on, but he was so so so wrong. > > is PMC members ROFL right now ? :=) ask him, thats if he can hear you over those dark voices telling him to be a dictator > why big SIGNATURES on publib maillist ? because it shits trolls like you off -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Why the new changes need to be "depricated" forever
On 24/07/2020 04:29, Ted Mittelstaedt wrote: > Was it really that unclear that I was speaking tongue-in-cheek? > > Man o Man I missed my calling in life. I should have gone into scamming > people if I was able to get you guys to think that load of BS about > forking was serious > > Ted > > On 7/23/2020 7:06 AM, Kevin A. McGrail wrote: > >> Note: If you fork a project, you cannot use the name, just the code. there is currently a large CC discussion at present with about 18 odd people from this list (no I didnt start it, but was in CC list) who have been discussing forking, your post might have been sarcasm, but it actually reflects reality. The fact the OP never included you means they knew you were being sarcastic, kevin cant see that because he is in total defensive mode, he thought people would suck up his dictatorship and roll over and move on, but he was so so so wrong. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Why the new changes need to be "depricated" forever
RESENT - list didnt obviously like my original so here is a slightly more sanatised version On 22/07/2020 12:48, Charles Sprickman wrote: > Oh my god, you snowflakes, please just get over yourselves. > > You are a loud, pedantic, solipsistic minority that is just unwilling to > either a) accept this change and move on b) switch to software that doesn't > upend your tiny little worldview c) fork it and take this discussion to your > fork's technical list. > > Please, there must be somewhere else you can discuss this issue. There's only > like 4 of you, you can do this with a cc: list. The only snowflakes around here are Kevin and his couple of merry doogooders, if you dont like democracy at work (ppl having their say) , then thats your problem
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
On 21/07/2020 01:05, Marc Roos wrote: >> I'm a bit suspicious about some of the speedup figures quoted, and > whether rspamd was tested > >> against an optimized and similarly parameterized SA. It's very easy to > make SA look bad. > > I agree. I have even asked on the mailing list how many test rspamd does > and how I can configure it to do just one test. Both questions were left > unanswered. Have a look at this mailfromd it is really nice. you did? I did'nt see it, the batch i put through it was hundreds of thousands of messages. my month long test should yield about 30 million msgs, be glad to let you know at the end of that. I did nothing fancy since i'm not an rspamd expert. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
On 20/07/2020 13:57, Benny Pedersen wrote: > rspamd is hmm let me say it a joke of we want something better then > spamassassin, we could just nok dokument what we want as a programmer point > of view, so we make our own problem reinventing the I have proved over 60 hours that it is insanely better, but, it would be remiss of me not to conduct a larger, lengthy test before committing staff resources to wiping spamassassin from our networks > are you saying just becourcs rspamd is in c its much better then spamassassin > ? I love perl, I can code it in my sleep, and likely may have on many a time, but everyone knows that C is many magnitudes faster. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: IMPORTANT NOTICE: Rules referencing WHITELIST or BLACKLIST in process of being Renamed
On 20/07/2020 13:23, Olivier wrote: > "Kevin A. McGrail" writes: > >> All: >> >> As of today, the configuration option WHITELIST_TO has been renamed >> WELCOMELIST_TO with an alias for backwards compatibility. > > Kevin, > > Please consider adding an easy way to turn the backward compatibility on > and off. > > So we, person in charge of mail systems, can find all the obscure places > where the renaming will break something; because I am strongly beleiving > that issues will arise from the less unsuspected places. > > The compatibility enable option will allow us to run without > compatibility, notice where the thing break and enable the compatibility > while solving the issues. That will be the less damaging way for our > users. Just think of those 10's thousands of running spamassassin who are not on these lists, all in for a shock when custom scripts start breaking. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
On 16/07/2020 14:47, jdow wrote: > You can probably fork the project and go on running what exists now going > forward. That is something I am mulling doing for myself. I just have to ask > myself, which is more painful? Actually, might not have to reinvent the wheel, last time I looked at rspamd was several years ago. Since the politically motivated change in spamassassin was made public last week, I reinstalled it in a dev lab. Running over the weekend, tests showed rspamd has remarkably improved, 603% speed increase over spamassassin (well it does run in C), and 18% more hit rates, when it came to known false positives, it equalled spamassassin though. Obviously before moving production over to it, I need to run it again over a much longer period of time, but it looks promising, I'll see it how goes over the next 4 weeks. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: spf fail !
On 19/07/2020 10:45, Benny Pedersen wrote: > Received: from mailroute1-lw-us.apache.org (mailroute1-lw-us.apache.org > [207.244.88.153]) > by mx.junc.eu (Postfix) with ESMTPS > for ; Sun, 19 Jul 2020 00:41:16 + (UTC) > > gives spf fails now, be carefull you'll find other mail rejected as well, since someone changed from hermes to this mailroute machine... infra didnt mention anything about the change -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
but your OK with your supporters making their sarcastic comments, lol you're a joke, if you disagree with my posts by all means email the list owner address and cry away if it makes you feel big, I wont lose any sleep over it, especially now i've seen the political motives that direct spamassassins direction. On 17/07/2020 21:02, Antony Stone wrote: > On Friday 17 July 2020 at 12:50:57, Noel Butler wrote: > >> ahhh ye ol "your opinion differs from mine, so I want you gone" > > No, I don't mind you having a different opinion, or even expressing it > reasonably, but the language and attitude towards other individuals which you > displayed in the comment below is not in my opinion acceptable on a mailing > list.
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
ahhh ye ol "your opinion differs from mine, so I want you gone" yes, sums your type up rather nicely, desperate for approval and pathetic... On 17/07/2020 18:44, Antony Stone wrote: > On Friday 17 July 2020 at 00:58:05, Noel Butler wrote: > >> I did 24 hours back wanker, but just for you, I'll continue it > > I request that anyone with this attitude to the list, and to people on it, be > removed. > > Antony.
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
On 17/07/2020 05:35, @lbutlr wrote: > On 15 Jul 2020, at 20:34, Noel Butler wrote: > >> December 27 (our quietest time of year generally) this year has been slated >> for our changeover to remove spamassassin from our network. > > Nose. Spite. Face. > > Can you stop posting about this topic now? I did 24 hours back wanker, but just for you, I'll continue it -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
I guess they're going to go back to the yellowish tinged incandescent bulbs too, since LEDs available today produce " white " light. They'll have to change their story books as well, cant call it after "dark" or "dark" night|skies|... It's amazing how SOME Americans are quick to jump on bandwagons about innocent terms are called, yet FAIL to do ANYTHING about their population - even KIDS, getting slaughtered and gunned down nearly every second day in mass shootings. but you only have to look at how they are acting with COVID19 to know they have NFI about civil priorities. No wonder the USA is the joke of the world - and its not all Trumps fault <--- (jesus christ, I never thought I'd hear myself say that) On 16/07/2020 13:37, Eric Broch wrote: > You're the ones who've moved, I've gone nowhere. You'll never run out of > words to censor. Soon you'll be offended by everything. Where will you hide > then. I don't know how you'll escape the planet when everyone and everything > offends you. > > More importantly calling those racists who are not racists is > slander--bearing false witness against you neighbor--a violation of the 9th > commandment. Instead of fearing God alone you adore the praise of wicked men. > > On 7/15/2020 8:21 PM, Thomas Cameron wrote: > On 7/15/20 9:12 PM, Eric Broch wrote: > Using the word "blacklist" is racism. Does everyone get this! By definition > you ARE a "RACIST" and ARE "White Privilege[d]." > > This is a political movement to blacklist (oohhh, I said it) anyone > who does not comply. We're no longer angry, we're "not excited," how > generous. > > The spamassassin leadership team are political hacks. > Don't let the door hit you on the way out, then. > > Thomas -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
On 16/07/2020 13:15, Benny Pedersen wrote: > Noel Butler skrev den 2020-07-16 04:34: > >> December 27 (our quietest time of year generally) this year has been >> slated for our changeover to remove spamassassin from our network. > > +1 > >> Our policies have long excluded using politically motivated companies, >> organisations, equipment and software. you made this political, you do >> not care for the opinions of others unless they agree with yours, so >> adios amigos. > > whats problem drinking coconut milk now ?, or even take another brik of white > chokolate from Ritter Sport ?, does it need to be orange to be good ?, or > black ?, maybe brown ?, is it political ? > > where will you go if not using spamassassin ? are you really so naive to think that SA is the only product around, or even the only free product around if your skimp? PS when i was a kid, a long, VERY long time ago I tried coconut milk - it was disgusting I dont eat chocolate. I dont eat sugar filled lollies, or any of that crap junk trash. -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
On 16/07/2020 09:24, Kevin A. McGrail wrote: > All: > > We're getting some positive attention from the verbiage change. See > https://www.linkedin.com/posts/kmcgrail_apache-spamassassin-leads-a-growing-list-activity-6689260331719520256-gMy7 > for a link to a Guardian Digital post about it. > > Anyway, I hope those not excited by the change will come around. We are > working hard to make it as painless as possible and we have gotten word > that several tools and projects that integrate with SpamAssassin will > follow suit. > > Regards, > > KAM December 27 (our quietest time of year generally) this year has been slated for our changeover to remove spamassassin from our network. Our policies have long excluded using politically motivated companies, organisations, equipment and software. you made this political, you do not care for the opinions of others unless they agree with yours, so adios amigos.
Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
On 14/07/2020 19:03, Kevin A. McGrail wrote: > Marc and others about voting, > > The ASF is a meritocracy not a democracy. Voting privileges are earned by > demonstrating merit on a project. That is the project management committee > aka the PMC. Discussion with the PMC on this change started in early April > with a vote in early May by the PMC. > > To Marc, your Ad hominem attacks are not needed and I will ignore messages > that use them. > > To you and others spouting off, be reminded that this is a publicly archived > mailing list and you will be on the wrong side of history. Consider that > when you post. Ah now the true dictatorship comes out "how dare you disagree with me" "dont like you hating on my decisions" wahh wah wahh You are the only one being inconsiderate Kevin, if you actually were serious you would have brought this this out on this list for discussion, with you know, T H E U S E R S of the software to have their say, without us YOU are irrelevant. it shows you treating every single one of us with utter contempt. YOU made this decision, YOU have to live with ALL the consequences both good AND bad so suck it up princess. your attack on people disagreeing with you shows YOU have NO thought to anyone on this but for jumping on some bandwagon" As for side of history? pfft I like probably over 50% of this list are NOT Americans, but the world is used to Americans trying to force their views down down everyone elses throat. Feel free to ignore me, I, like most here have made their point very clear we are disgusted with your dictatorship, we know you don't care what any of us think, SO let HISTORY also reflect that too! Since SA does have alternatives, and i get more reasonable debate out of talking to my rottweilers than you, this ends my waste of time.
Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
Firstly, not directred at you lbutlr, but to Harry since I dont care to read his vile trash, BUT, Let the history note that at 0917 on Wednesday, 15 July 2020, I agreed with something he allegedly posted. On 12/07/2020 09:23, @lbutlr wrote: > On 11 Jul 2020, at 16:38, Reindl Harald wrote: > >> nobody right in his mind thins about black people in chanis when read >> something like this in a technical context: slave, master, blacklist, >> whitelist, blackhat, whitehat Now, back to OP @lbutlr > Do you notice how your words are nothing more than an attack on anyone whose > opinion differs from yours? Thats been Harry's trait for years its why he is moderated here, its why he is moderated or banned from so many lists I lost count over the years. He's a sociopath as he sees nothing wrong with what he does. -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
On 13/07/2020 06:48, Kevin A. McGrail wrote: > This isn't a political forum, though. I'd suggest if you want to debate > politics, go somewhere else. If you want to stop bastard spammers, this is > the place. Bullshit it isnt a political forum - YOU Kevin made it one ! One which clearly 99% of people you know them, the users? the users that make SA relative, disagree with. -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
On 11/07/2020 21:39, Axb wrote: > On 7/11/20 1:32 PM, Antony Stone wrote: On Saturday 11 July 2020 at 12:42:43, > hospice admin wrote: > > Concentrating on the technical issues below ... > > I think there's a fairly wide consensus among those posting on this thread, > myself included, that this does not 'make the technology better'. > > That's the point I was attempting to make about Mercedes ... painting their > cars a different colour does nothing to make it better or worse ... just > different [in a way that has nothing to do with practical support for > diversity of any kind]. > > For me, the risks of messing up Spam Assassin [or anything else] for months > to come completely outweighs the benefits of a token 'tip of the hat' > towards diversity. > Unfortunately you speak with the voice of reason, and that is never welcome > when people are bent on enforcing "political correctness" on the world. > > Any dissenting opinion is regarded as "missing the point" or being > "insensitive to the oppressed", whether the situation in which the correctness > police are enforcing their views has anything to do with the oppressed or not. > > I wish you luck in asking people to debate the real question of whether there > is in fact any problem to be solved, and if there is, what is the sensible way > to solve it. > > For my part, until anyone can show that the use of words such as blacklist or > master/slave in technology has anything to do with racial references and are > therefore being used in an offensive way, rather than as standard terms for > the > industry with no reference at all to human social groups, they're just > demonstrating themselves as stirring up trouble and heated debate where there > is no real problem. Amen to that! And the ppl pushing these changes now obviously won't step back because they'd loose their face. I don't wish them the best. They will be causing a huge amount of ppl a truckload of grief and unnecessary work. Axb 100% ! Looks like i'll have to break my lifetime stance and take pity on bankers and accountants as well huh I mean no more you're "in the black" and bugger me, after some news trash out of - you guess it, the USA about redskins offending indians and some football, I guess they''' have to stop saying your'e " in the red" too only in fucking america. SA is open source enough to fork yeah? I can see that happening -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
huh? I dont see that subject in the thread, I guess thats what you mean, I dunno, you're not talking to an american On 11/07/2020 12:38, Charles Sprickman wrote: > Read Red Scare hours on the timeline tonight... > > On Jul 10, 2020, at 10:35 PM, Noel Butler wrote: > > Who is "we" > > Name the people who decided this pathetic communist dictatorship change and > who want to enforce this upon members of 160 odd other countries just because > theirs is fucked up? > > I want names > > I want to see the voting, come on lets be transparent, who are they, and who > are hte ones who declared this an absolute joke voted against it. > > I want to see the names of the people who dont care what their users and > contributors to the project think > > I await your silence > > On 11/07/2020 06:27, Kevin A. McGrail wrote: > Hello all, > > A common question we are receiving is what about using this terminology > instead, for example allow/deny. > > The use of welcomelist and blocklist has evolved from discussions since > April and work done creating patches. We found that using these names > of welcomelist and blocklist are non offensive, reasonably descriptive > and since they still start with W and B, we avoid renaming things like > RBLs, WLBL, DNSBL, etc. This should help minimize the disruption when > 4.0 is released with the new configuration options. > > Regards, > > KAM > > -- > Kind Regards, > > Noel Butler > > This Email, including attachments, may contain legally privileged > information, therefore remains confidential and subject to copyright > protected under international law. You may not disseminate any part of this > message without the authors express written authority to do so. If you are > not the intended recipient, please notify the sender then delete all copies > of this message including attachments immediately. Confidentiality, > copyright, and legal privilege are not waived or lost by reason of the > mistaken delivery of this message. -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
Who is "we" Name the people who decided this pathetic communist dictatorship change and who want to enforce this upon members of 160 odd other countries just because theirs is fucked up? I want names I want to see the voting, come on lets be transparent, who are they, and who are hte ones who declared this an absolute joke voted against it. I want to see the names of the people who dont care what their users and contributors to the project think I await your silence On 11/07/2020 06:27, Kevin A. McGrail wrote: > Hello all, > > A common question we are receiving is what about using this terminology > instead, for example allow/deny. > > The use of welcomelist and blocklist has evolved from discussions since > April and work done creating patches. We found that using these names > of welcomelist and blocklist are non offensive, reasonably descriptive > and since they still start with W and B, we avoid renaming things like > RBLs, WLBL, DNSBL, etc. This should help minimize the disruption when > 4.0 is released with the new configuration options. > > Regards, > > KAM -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave
On 10/07/2020 16:42, jdow wrote:
> Be sure to purge every instance of "fork" in the code because it sounds too
> close to the other F..K word. Get the fork out of there.
>
> {O,o}
> i.e are you guys being just a little stupid here?
I agree, this is just insanity... where will it end.
--
Kind Regards,
Noel Butler
This Email, including attachments, may contain legally
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate any part of
this message without the authors express written authority to do so. If
you are not the intended recipient, please notify the sender then delete
all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message.
Re: pyzor
On 01/06/2020 17:02, Matus UHLAR - fantomas wrote: > On 01/06/2020 10:38, RW wrote: bit of bulk mail gets listed. On 01.06.20 12:13, Noel Butler wrote: > That what started all the complaints, lot of users seem to be subscribed > to a few news letters, the most common factor for them was ServetheHome > now getting listed by pyzor, checking my own junk folder, I found a few > general emails listed, some other news letters, from different > senders/networks, only over in past 2 weeks, ones that usually dont > trigger anything, a quick look at shows no change in formatting either. > > I'd rather not nuke pyzor just yet so will adjust to a very low score > and monitor it. did it hit too many of other rules? I understand about DCC, and can understand abot PYZOR (especially because there are users who sign up for something and then report it as spam). No common denominator for other hits, usually a couple URI's that always hit on list manage and some others for the news letters, but some random mails a couple of rules, nothing major, but the pyzor hit was putting them over the limit, I've dropped pyzor down to 0.8 now so should be ok giving a good buffer still before hitting. -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: pyzor
On 01/06/2020 10:38, RW wrote: > bit of bulk mail gets listed. That what started all the complaints, lot of users seem to be subscribed to a few news letters, the most common factor for them was ServetheHome now getting listed by pyzor, checking my own junk folder, I found a few general emails listed, some other news letters, from different senders/networks, only over in past 2 weeks, ones that usually dont trigger anything, a quick look at shows no change in formatting either. I'd rather not nuke pyzor just yet so will adjust to a very low score and monitor it. Thanks all. -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
pyzor
Anyone else noticed it seems to scoring much much higher FP's in past few weeks? Ima disable the damn thing I think. -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: Spamhaus Technology contributions to SpamAssassin
Thanks :) sorted.. installed and running, will see how it goes On 03/07/2019 21:26, Riccardo Alfieri wrote: > Thanks for pointing that out. > > I warned the webmaster, in the meantime a temporary fix is to go back with > the browser "back" arrow and submit the registration again > > On 03/07/19 13:23, Noel Butler wrote: > >> We would sign up if we could, but after clicking continue of name/email page >> it goes to a blank WP page. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: Spamhaus Technology contributions to SpamAssassin
We would sign up if we could, but after clicking continue of name/email page it goes to a blank WP page. On 03/07/2019 19:43, Riccardo Alfieri wrote: > Hello everyone, > > I'm sure that many of you are aware that our datasets are already in use with > SpamAssassin's default config, but I wanted to reach out and let you know > that we have developed a SpamAssassin plugin that helps you get more out of > our DNSBLs. > > The plugin works with our Data Query Service (DQS). The DQS provides you with > additional feeds: Zero Reputation Domain & AuthBL, and it also receives > updates in 'realtime.' This last point is key, because, as you can see in the > latest Virus Bulletin report > (https://www.virusbulletin.com/testing/results/latest/vbspam-email-security), > DQS catches 42% more spam than our RSYNC service or public mirrors. > > Last but not least, the usage terms for the DQS are the same as for our > public mirrors, meaning that if you already use our public mirrors, you can > register for a personal DQS key free of charge. > > You can find all the needed files here: > https://github.com/spamhaus/spamassassin-dqs > > Have fun with our data, and if there are difficulties in installing the > plugin, or if you have suggestions, you can drop us a line at > datafeed-supp...@spamteq.com or post here. I'll try to keep the list > monitored to deliver as much help as I can. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: Filtering at border routers: Is it possible?
On 23/03/2019 05:54, Benny Pedersen wrote: > dont relay mail from port 25, mails there is final recipient only, not > forwared you ave not been taking your medication again Benny -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: Proposed rule for too many dots in From
On 21/12/2018 09:52, Grant Taylor wrote: > On 12/20/2018 03:11 PM, Amir Caspi wrote: > >> Two or more dots in the From username seems to be rather spammy (and we've >> talked about it before on the list). > > I feel obligated to comment that my wife's email address (Gmail) has two dots > in it. (Gmail is it's own can of worms for dots as they strip them, and > other issues with Gmail.) As do a number of other people that I exchange > email with. I have to agree with Grant, two dots is crazy low, you might as well score at one dot. A lot of emails are firstname.initial.surname even many government departments in this part of the world use two dot format. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: spamcannibal DNSBL issue
On 30/05/2018 17:37, Matus UHLAR - fantomas wrote: > Hello, > > it seems that spamcannibal blacklist is dead, or at least its DNS has > expired: > > Domain Name: SPAMCANNIBAL.ORG > Updated Date: 2018-05-30T03:16:26Z > Name Server: NS1.RENEWYOURNAME.NET > Name Server: NS2.RENEWYOURNAME.NET > > and, of course: > > 114.95.168.62.bl.spamcannibal.org. 86385 IN A 91.195.240.117 > > not mentioning where does its web page redirect... Hi, This dnsbl is gone, and its maintainer said it wont be coming back, anyone using it should remove it from all configs. (the seoparking is a tucows landing page) -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: its not monday
On 30/04/2018 08:55, RW wrote: > On Sun, 29 Apr 2018 05:53:56 +0200 > Benny Pedersen wrote: > >> so ignore :) > > Only 5 minute to go till Monday. was Monday 9hrs and 56 mins ago -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: its not monday
On 29/04/2018 13:53, Benny Pedersen wrote: > so ignore :) you've neglected to take your medication again Ben -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: Anti Phish Rules
On 27/04/2018 17:53, Matus UHLAR - fantomas wrote: > On 27.04.18 06:51, Noel Butler wrote: > >> I suspect Nick is still using and referring to mailscanner (which is/was >> written in perl), it has/had this ability, I (like a good few of the >> names around here) used it back in the day as well, until it became >> clear it was abandonware, and did not like certain newer versions of >> perl causing exits after each scan, mind you, I did dump it for amavisd >> back around 2008/9/10, that said I liked that function, and rarely >> noticed any FP's, my memorys hazy, but IIRC, it disarmed the links, >> rather than take any scoring action... I might be wrong though, like I >> said, its been along time. > > I believe that the same arguments (need for hugt whitelist) could apply for > mailscanner too. I certainly never needed to whitelist anyone and we processed millions of messages a day at that ISP but as I said, it disarmed it, stopping you from clicking on it, not marking it as spam or such, which might require more thought > I have noticed discussion about this request/issue many times in this > mailing list, still the same conclusions, so I wanted to point out to > problems rather than telling the OP "go search list archives". > > Note that I don't like this kind of mismatches too and I would invite having > such plugin in SA > > I would maybe even avoid initial whitelist to force organizations stop using > such mismatched URLs (should be safe with not too high scores). Thats the whole problem, idiotic companies who send links like that deserve to get blocked/spam-binned, but everybody runs around creating whitelists, so why woulld they fix their shit, they have no incentive to when people whitelist them. I've never cared who you are, a ma 'n pa op shop, a govt dept, or huge corporate, like BP, or whoever, you dont get whitelisted by me, and my users know that, they know not to bitch to us about it, but to the senders, been my way for a very long time, works for me ;) -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: Anti Phish Rules
On 27/04/2018 07:27, David Jones wrote: > MailScanner became very mature and didn't need any major updates for years > then Jules turned it over to Jerry Benton who had a commercial product based > on it. It's still being updated and runs fine now on systemd-based OSes and > newer versions of Perl. One of our customers, Shawn Iversion, is helping > Jerry maintain MailScanner now as part of his EFA project. > https://efa-project.org/ > > - > > FROM: Kevin Miller <kevin.mil...@juneau.org> > SENT: Thursday, April 26, 2018 4:16 PM > TO: users@spamassassin.apache.org > SUBJECT: RE: Anti Phish Rules > > It's not abandonware - Jules handed it off to some other folks that are > actively putting out new versions. As a matter of fact one came out not too > long ago. MailWatch for MailScanner is also being actively developed still. > > Latest/greatest is available at www.mailscanner.info [1] for anyone wanting > to check it out. > > ...Kevin > > -- > > Kevin Miller > > Network/email Administrator, CBJ MIS Dept. > > 155 South Seward Street > > Juneau, Alaska 99801 > > Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 > > FROM: Noel Butler [mailto:noel.but...@ausics.net] > SENT: Thursday, April 26, 2018 12:51 PM > TO: users@spamassassin.apache.org > SUBJECT: Re: Anti Phish Rules > > On 26/04/2018 18:12, Matus UHLAR - fantomas wrote: > >> On 26.04.18 18:00, Nick Edwards wrote: >> >> We've been using a separate product to do this, but it struck me, maybe >> spamassassin can do this easier (or without having to call yet another >> binary to run as can over mails) >> >> Rules that look at URLs in a html message href and src tags, check the "A" >> tag to see if there is a URL there, and if they do not match, consider it >> a phis so apply said phis score to the message. >> >> Has anyone done this? module even? >> >> the main problem: may non-spam senders do that, see: >> >> https://wiki.apache.org/spamassassin/AntiPhishFakeUrlRule >> >> and further the discussion in linked bug: >> >> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=4255 > > I suspect Nick is still using and referring to mailscanner (which is/was > written in perl), it has/had this ability, I (like a good few of the names > around here) used it back in the day as well, until it became clear it was > abandonware, and did not like certain newer versions of perl causing exits > after each scan, mind you, I did dump it for amavisd back around 2008/9/10, > that said I liked that function, and rarely noticed any FP's, my memorys > hazy, but IIRC, it disarmed the links, rather than take any scoring action... > I might be wrong though, like I said, its been along time. > > -- > > Kind Regards, > > Noel Butler > > This Email, including any attachments, may contain legally privileged > information, therefore remains confidential and subject to copyright > protected under international law. You may not disseminate, discuss, or > reveal, any part, to anyone, without the authors express written authority to > do so. If you are not the intended recipient, please notify the sender then > delete all copies of this message including attachments, immediately. > Confidentiality, copyright, and legal privilege are not waived or lost by > reason of the mistaken delivery of this message. Only PDF [2] and ODF [3] > documents accepted, please do not send proprietary formatted documents It was very mature until it broke with later perls, each child would exit after a scan, as I said this was back some 8/9 years ago, so if its maintained again by 2018 one would hope those bugs are eliminated, but, it caused a few grief, and Jules was MIA (yeah I recall him having health issues) which didnt help those affected by the nasty child exit bugs, amavisd suits us fine, though I do miss the phishing disarming, i'm sure one can coddle up some decent SA rules if one wanted to. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [2] and ODF [3] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.mailscanner.info [2] http://www.adobe.com/ [3] http://en.wikipedia.org/wiki/OpenDocument
Re: Anti Phish Rules
On 26/04/2018 18:12, Matus UHLAR - fantomas wrote: > On 26.04.18 18:00, Nick Edwards wrote: > >> We've been using a separate product to do this, but it struck me, maybe >> spamassassin can do this easier (or without having to call yet another >> binary to run as can over mails) >> >> Rules that look at URLs in a html message href and src tags, check the "A" >> tag to see if there is a URL there, and if they do not match, consider it >> a phis so apply said phis score to the message. >> >> Has anyone done this? module even? > > the main problem: may non-spam senders do that, see: > > https://wiki.apache.org/spamassassin/AntiPhishFakeUrlRule > > and further the discussion in linked bug: > > https://bz.apache.org/SpamAssassin/show_bug.cgi?id=4255 I suspect Nick is still using and referring to mailscanner (which is/was written in perl), it has/had this ability, I (like a good few of the names around here) used it back in the day as well, until it became clear it was abandonware, and did not like certain newer versions of perl causing exits after each scan, mind you, I did dump it for amavisd back around 2008/9/10, that said I liked that function, and rarely noticed any FP's, my memorys hazy, but IIRC, it disarmed the links, rather than take any scoring action... I might be wrong though, like I said, its been along time. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
