Re: Absurd mail headers in new spam

On Thu, 1 Jun 2017, A. Schulze wrote: John Hardin: any header that begins with "X-" is permitted. permitted - yes but I'm aware may user assisiate X- header still as private header. This is no longer true since 2012: https://tools.ietf.org/html/rfc6648 just to mention that... Andreas

Re: Absurd mail headers in new spam

On Thu, 1 Jun 2017, Loren Wilton wrote: Hopeless-Forming-Philistinizes: jobs Lossy-Cabdriver: 2368db81dcf1 Alba-Leanness-Elections: 38376DB11A Merrimac-Grams-Participating: B354488539E Giving-Remarkably-Incriminate: drawl Dustin-Ransoming: 18 Person-Decathlon-Arnold: dfcfce7ba985

Re: Razor2 Check

>From: sebast...@debianfan.de >how do i test razor 2 if it's working? >Are there any testfiles? Make sure the Razor2 plugin is enabled in your .pre files: spamassassin -D --lint 2>&1 | grep -i razor You should see some RAZOR2 rule hits in your mail logs pretty quickly

Razor2 Check

Hi @all, how do i test razor 2 if it's working? Are there any testfiles? Tnx Sebastian

Best Anti-Spam note of the day...

I only hope I can ascend to this level of tact with all upcoming Apache SpamAssassin missives. Regards, KAM http://www.mayoradler.com/letter-wonder-woman/ Letter: Wonder Woman On May 26, 2017, the Mayor received this email: I hope every man will boycott Austin and do what he can to

Re: Absurd mail headers in new spam

Nice to see you're around Loren. Been a looong time since we did stuff like headerSARE_MSGID_RATWARE2 MESSAGEID =~ /\<\d{10,15}\.\d{18,40}\@[a-z]+\>/ # no /i! describe SARE_MSGID_RATWARE2 Message-Id is score SARE_MSGID_RATWARE2

Re: Absurd mail headers in new spam

On 1 Jun 2017, at 8:28, Loren Wilton wrote: If he is intending to hide tracking info in the headers, it seems pointless unless he is also writing an MTA of some sort that will see the headers. But maybe he didn't think that far, and it was his intent to hide tracking info. Still, it seems a

Re: Why both DNS lookup checks fire?

Problem solved :-) After changing the urirhssub lines to urirhssub XXX_RCVD_MY_URIBL_DOMAIN multi.mydomain.tld. A 127.0.0.16 urirhssub XXX_RCVD_MY_URIBL_HOSTmulti.mydomain.tld. A 127.0.0.24 only the XXX_RCVD_MY_URIBL_DOMAIN check fires Regards tobi Am

Why both DNS lookup checks fire?

Hello list I'm running Spamassassin 3.4.0 on a Centos 7 (64bit) with latest updates. My goal is to have an own dnsbl list for lookups in Spamassassin. The lookup zone is multi.mydomain.tld and I have the following to checks for SA: urirhssub XXX_RCVD_MY_URIBL_DOMAIN

Re: Absurd mail headers in new spam

If I were to guess, adding such headers is done to confuse tools that compute hashes based on headers or use bayes filtering on the entire mail, since it adds innocent words to the mail without showing them to most end-users. It doesn't confuse either Bayes or any hash I'm aware of. Just as a

Re: Absurd mail headers in new spam

On Thu, 1 Jun 2017 01:59:44 +0200 (CEST) Kim Roar Foldøy Hauge wrote: > If I were to guess, adding such headers is done to confuse tools that > compute hashes based on headers or use bayes filtering on the entire > mail, since it adds innocent words to the mail without showing them > to most

Re: Absurd mail headers in new spam

John Hardin: any header that begins with "X-" is permitted. permitted - yes but I'm aware may user assisiate X- header still as private header. This is no longer true since 2012: https://tools.ietf.org/html/rfc6648 just to mention that... Andreas

Re: Absurd mail headers in new spam

Hopeless-Forming-Philistinizes: jobs Lossy-Cabdriver: 2368db81dcf1 Alba-Leanness-Elections: 38376DB11A Merrimac-Grams-Participating: B354488539E Giving-Remarkably-Incriminate: drawl Dustin-Ransoming: 18 Person-Decathlon-Arnold: dfcfce7ba985 Majority-Gambles: 4f856 Buttock-Milky-Dogged: