Re: Anyone else just blocking the ".top" TLD?

On 03/28/2016 05:23 AM, Reindl Harald wrote: > > > Am 28.03.2016 um 05:24 schrieb Bill Cole: >> On 27 Mar 2016, at 21:58, Thomas Cameron wrote: >> >>> Has anyone actually gotten a single legit message from that domain? >> >> IMHO we're close to the point where it will make sense to make email >>

Re: Anyone else just blocking the ".top" TLD?

On 28 Mar 2016, at 15:06, Vincent Fox wrote: > Whoops, list truncated. Continuing > > From:work REJECT > From:cricketREJECT > From:xn--plai REJECT > From:review REJECT > From:countryREJECT > From:kimREJECT > From:scienceREJECT > From:party REJECT >

Re: spamd running much slower than spamassassin?

On 28 Mar 2016, at 14:42, Daniel J. Luke wrote: On Mar 24, 2016, at 12:10 PM, Daniel J. Luke wrote: /usr/bin/time spamassassin < spam.msg 7.92 real 1.85 user 0.13 sys /usr/bin/time spamc -U /var/run/spamd.sock < spam.msg 126.44 real 0.00

Re: SBLXBL and compromised desktops

On 28 Mar 2016, at 13:29, Alex wrote: Hi, We're seeing an increasing number of quarantined mail resulting from compromised desktops being listed in RCVD_IN_SBLXBL. A rule with that name is not part of the currently maintained SpamAssassin core ruleset and I'm fairly sure it has not been at

Re: Anyone else just blocking the ".top" TLD?

On 03/28/2016 12:35 PM, Reindl Harald wrote: nothing easier than that with postfix, just start with. I wish my EDU was cool with Postfix or Exim. However our routing pool is Sendmail, and the PHB here are determined to "upgrade" to Proofpoint which is Sendmail based.

Re: Anyone else just blocking the ".top" TLD?

On Mon, 28 Mar 2016, Vincent Fox wrote: On 03/27/2016 06:58 PM, Thomas Cameron wrote: Has anyone actually gotten a single legit message from that domain? Never. WTF was ICANN thinking? I occasionally go through the lists of abused gTLD here: http://www.surbl.org/tld/ Thanks for that

Re: Anyone else just blocking the ".top" TLD?

Am 28.03.2016 um 21:02 schrieb Vincent Fox: On 03/27/2016 06:58 PM, Thomas Cameron wrote: Has anyone actually gotten a single legit message from that domain? Never. WTF was ICANN thinking? I occasionally go through the lists of abused gTLD here: http://www.surbl.org/tld/ It certainly

Re: SBLXBL and compromised desktops

Am 28.03.2016 um 20:57 schrieb RW: On Mon, 28 Mar 2016 19:43:10 +0200 Reindl Harald wrote: Am 28.03.2016 um 19:29 schrieb Alex: We're seeing an increasing number of quarantined mail resulting from compromised desktops being listed in RCVD_IN_SBLXBL. This in turn leads to an increase in the

Re: Anyone else just blocking the ".top" TLD?

On 3/28/2016 3:02 PM, Vincent Fox wrote: From:whoswho REJECT This is the one that really annoys me. KAM.cf has a 5.0-scored rule named exactly that, and there's an entire Wikipedia article on the subject! https://en.wikipedia.org/wiki/Who's_Who_scam. It really makes ICANN look like they do no

Re: Anyone else just blocking the ".top" TLD?

Whoops, list truncated. Continuing From:work REJECT From:cricketREJECT From:xn--plai REJECT From:review REJECT From:countryREJECT From:kimREJECT From:scienceREJECT From:party REJECT From:gq REJECT From:topREJECT From:unoREJECT

Re: Anyone else just blocking the ".top" TLD?

On 03/27/2016 06:58 PM, Thomas Cameron wrote: Has anyone actually gotten a single legit message from that domain? Never. WTF was ICANN thinking? I occasionally go through the lists of abused gTLD here: http://www.surbl.org/tld/ It certainly saves a lot of hygiene processing time to just

Re: SBLXBL and compromised desktops

On Mon, 28 Mar 2016 19:43:10 +0200 Reindl Harald wrote: > Am 28.03.2016 um 19:29 schrieb Alex: > > We're seeing an increasing number of quarantined mail resulting from > > compromised desktops being listed in RCVD_IN_SBLXBL. This in turn > > leads to an increase in the number of calls to the

Re: spamd running much slower than spamassassin?

On Mar 24, 2016, at 12:10 PM, Daniel J. Luke wrote: > /usr/bin/time spamassassin < spam.msg >7.92 real 1.85 user 0.13 sys > > /usr/bin/time spamc -U /var/run/spamd.sock < spam.msg > 126.44 real 0.00 user 0.00 sys well, it looks

Re: SBLXBL and compromised desktops

Am 28.03.2016 um 19:29 schrieb Alex: We're seeing an increasing number of quarantined mail resulting from compromised desktops being listed in RCVD_IN_SBLXBL. This in turn leads to an increase in the number of calls to the helpdesk with "where's my mail". This is typically the first Received

SBLXBL and compromised desktops

Hi, We're seeing an increasing number of quarantined mail resulting from compromised desktops being listed in RCVD_IN_SBLXBL. This in turn leads to an increase in the number of calls to the helpdesk with "where's my mail". This is typically the first Received header in the email, so not

Re: Regex problem

On Mon, 28 Mar 2016 12:21:17 -0400 Joe Quinn wrote: > On 3/28/2016 11:59 AM, RW wrote: > > On Mon, 28 Mar 2016 09:58:23 -0400 > > Joe Quinn wrote: > > > >> On 3/28/2016 9:55 AM, RW wrote: > >>> Subject =~ /\$\b/ > >> There's no word boundary between the $ and the ' ' because they're >

Re: Regex problem

On 3/28/2016 11:59 AM, RW wrote: On Mon, 28 Mar 2016 09:58:23 -0400 Joe Quinn wrote: On 3/28/2016 9:55 AM, RW wrote: Subject =~ /\$\b/ There's no word boundary between the $ and the ' ' because they're both in \W. Thanks, I'd forgotten what the definition of a boundary was. I presume

Re: Regex problem

On Mon, 28 Mar 2016 09:58:23 -0400 Joe Quinn wrote: > On 3/28/2016 9:55 AM, RW wrote: > >Subject =~ /\$\b/ > There's no word boundary between the $ and the ' ' because they're > both in \W. Thanks, I'd forgotten what the definition of a boundary was. I presume that, until spamassassin

Re: Regex problem

On 3/28/2016 9:55 AM, RW wrote: Am I missing something? With the test message printf 'Subject: x 555$ x\n\n ' I get a match on "$ " and "$" with Subject =~ /\$ / Subject =~ /\$/ but no match with Subject =~ /\$\b/ There's no word boundary between the $ and the ' ' because

Regex problem

Am I missing something? With the test message printf 'Subject: x 555$ x\n\n ' I get a match on "$ " and "$" with Subject =~ /\$ / Subject =~ /\$/ but no match with Subject =~ /\$\b/

Re: Anyone else just blocking the ".top" TLD?

Am 28.03.2016 um 05:24 schrieb Bill Cole: On 27 Mar 2016, at 21:58, Thomas Cameron wrote: Has anyone actually gotten a single legit message from that domain? IMHO we're close to the point where it will make sense to make email default-deny and to build standard protocols for senders to be