Does anyone have a detailed definition as to what this rule might mean?
FR_3TAG_3TAG RAW
I'm using spam assassin to check an HTML creative I'm making for a client of
mine and that rule is popping up, I've searched all over the internet and
can't find a definition.
--
View this message in
Thought you would be interested, a facebook phishing email (yes, it is,
) with SPF_PASS
(reminding EVERYONE, SPF IS NOT A SPAM VS HAM INDICATOR AT ALL)
yes, I publish SPF, I used it in meta rules.
this one passed because sender used a envelope from in the ip range of
the spf rules.
rawbody FR_3TAG_3TAG
m'[abcefghijklmnoqstuvwxz]{3}/[abcefghijklmnoqstuvwxz]{3}'i
It looks for an html tag containing exactly three characters followed by
a closing tag which also contains exactly three characters.
--
Bowie
On 11/19/2010 2:51 PM, jmargi wrote:
Does anyone have a
On tir 16 nov 2010 14:08:21 CET, Francesco Acchiappati wrote
/var/lib/spamassassin/compiled ]; then
this dir does imho not exists, its /var/lib/spamassassin/version/compiled
unless debian have fixed it
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
On 11/19/2010 3:13 PM, Michael Scheidell wrote:
Thought you would be interested, a facebook phishing email (yes, it is,
) with SPF_PASS
(reminding EVERYONE, SPF IS NOT A SPAM VS HAM INDICATOR AT ALL)
Hi, SPF CAN BE YOUR FRIEND HERE:
header LOCAL_FROM_FBM from =~ /\...@facebookmail\.com/i
On 11/19/10 4:17 PM, Matt Garretson wrote:
whitelist_from_spf *...@facebookmail.com
ah, not if you have dns issues. if you have dns issues, spf and/or dkim
will fail and legit email will not pass!
tried this years ago and, yes, it blocked legit facebook email.
reason I mention it the
On 19/11/2010 4:43 PM, Michael Scheidell wrote:
Thought you would be interested, a facebook phishing email (yes, it
is, ) with SPF_PASS
(reminding EVERYONE, SPF IS NOT A SPAM VS HAM INDICATOR AT ALL)
yes, I publish SPF, I used it in meta rules.
this one passed because sender used a envelope
On 11/19/2010 4:22 PM, Michael Scheidell wrote:
On 11/19/10 4:17 PM, Matt Garretson wrote:
whitelist_from_spf *...@facebookmail.com
ah, not if you have dns issues. if you have dns issues, spf and/or dkim
will fail and legit email will not pass!
True, perhaps, but a *lot* of things will
On Fri, 19 Nov 2010 18:00:09 -0330
Lawrence @ Rogers lawrencewilli...@nl.rogers.com wrote:
n name, nor is using an IP authorized in Facebook's
SPF records. SPF is supposed to confirm that the sending server is
authorized to do so for the domain, but that clearly fails here.
The domain used
Il 16/11/2010 15:11, John Hardin ha scritto:
On Tue, 16 Nov 2010, Francesco Acchiappati wrote:
run-parts: /etc/cron.daily/spamassassin exited with return code 25
here it is
The only things that appear to be exposed and able to return a nonzero
return code (apart from the simple stuff
On 11/19/10 4:30 PM, Lawrence @ Rogers wrote:
\
I'm not sure how SPF could pass on this one. The sending server
doesn't have the same domain name, nor is using an IP authorized in
Facebook's SPF records. SPF is supposed to confirm that the sending
server is authorized to do so for the domain,
On 11/19/10 4:30 PM, Matt Garretson wrote:
ah, not if you have dns issues. if you have dns issues, spf and/or dkim
will fail and legit email will not pass!
True, perhaps, but a*lot* of things will stop working if you have DNS
issues.:)
with SPF, it could be the senders dns servers, or if
On 11/19/2010 5:03 PM, Michael Scheidell wrote:
with SPF, it could be the senders dns servers, or if they use includes,
the dns servers for that side, so, its dangerous to add +50 points, say,
and then use spf/dkim or auth to whitelist.
You do have a valid point, but I'm not too worried
happened again. 1 out of 100, EXACTLY THE SAME SYSTEMS, DOWN TO MD5
CHECKSUMS ON BINARIES, need to remove INET6 perl module.
On 11/5/10 4:44 PM, Michael Scheidell wrote:
On 11/5/10 4:08 PM, Michael Scheidell wrote:
On 11/5/10 4:00 PM, Mark Martinec wrote:
It certainly looks like a DNS
On 11/19/10 2:51 PM, Bowie Bailey bowie_bai...@buc.com wrote:
rawbody FR_3TAG_3TAG
m'[abcefghijklmnoqstuvwxz]{3}/[abcefghijklmnoqstuvwxz]{3}'i
It looks for an html tag containing exactly three characters followed by
a closing tag which also contains exactly three characters.
But no
On fre 19 nov 2010 21:13:26 CET, Michael Scheidell wrote
http://secnap.pastebin.com/zTmkSc6J
url is just a joe job from the spammers facebook login, report to
facebook and problem is gone
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
On fre 19 nov 2010 23:33:51 CET, Matt Garretson wrote
Would that work, or is it crazy?
the later, facebook is dkim signed
whitelist_auth *...@facebookapp.com
whitelist_auth *...@facebookmail.com
whitelist_auth *...@facebook.com
if From: says facebook then its forged if not dkim signed or spf
On Fri, 19 Nov 2010, Daniel McDonald wrote:
On 11/19/10 2:51 PM, Bowie Bailey bowie_bai...@buc.com wrote:
rawbody FR_3TAG_3TAG
m'[abcefghijklmnoqstuvwxz]{3}/[abcefghijklmnoqstuvwxz]{3}'i
It looks for an html tag containing exactly three characters followed by
a closing tag which also
18 matches
Mail list logo
