On Mon, 19 Feb 2018, Alex wrote:
Hi,
On Mon, Feb 19, 2018 at 3:20 PM, John Hardin wrote:
On Mon, 19 Feb 2018, Rupert Gallagher wrote:
Whatever you do, just do not ask others to blacklist Alibaba
Are those getting hits on SPOOFED_FREEM_REPTO_CHN?
Perhaps just bump the score for that loca
Hi,
On Mon, Feb 19, 2018 at 3:20 PM, John Hardin wrote:
> On Mon, 19 Feb 2018, Rupert Gallagher wrote:
>
>> Whatever you do, just do not ask others to blacklist Alibaba
>
>
> Are those getting hits on SPOOFED_FREEM_REPTO_CHN?
>
> Perhaps just bump the score for that locally?
KAM's rules are stil
On 2018-02-19 (09:57 MST), Paul Stead wrote:
>
> This message is private and confidential. If you have received this message
> in error, please notify us and remove it from your system.
>
> Zen Internet Limited may monitor email traffic data to manage billing, to
> handle customer enquiries an
David Jones skrev den 2018-02-19 22:35:
https://bz.apache.org/SpamAssassin
I have added a few domains over the past few months but my mail flow
isn't going to see many of the problem domains outside of the US like
those listed above.
https://www.google.dk/search?q=github+freemail
seems all i
On 02/19/2018 03:19 PM, John Hardin wrote:
On Mon, 19 Feb 2018, Kenneth Porter wrote:
On 2/19/2018 12:20 PM, John Hardin wrote:
Are those getting hits on SPOOFED_FREEM_REPTO_CHN?
No, not seeing that one. After enough training I eventually see it
land in Bayes. The RBLs are starting to flag
On Mon, 19 Feb 2018, Kenneth Porter wrote:
On 2/19/2018 12:20 PM, John Hardin wrote:
Are those getting hits on SPOOFED_FREEM_REPTO_CHN?
No, not seeing that one. After enough training I eventually see it land in
Bayes. The RBLs are starting to flag it.
X-Spam-Status: Yes, score=5.7 required
On 2/19/2018 12:20 PM, John Hardin wrote:
Are those getting hits on SPOOFED_FREEM_REPTO_CHN?
No, not seeing that one. After enough training I eventually see it land
in Bayes. The RBLs are starting to flag it.
X-Spam-Status: Yes, score=5.7 required=5.0 tests=BAYES_99,BAYES_999,
FREEMAIL_F
On Mon, 19 Feb 2018, Rupert Gallagher wrote:
Whatever you do, just do not ask others to blacklist Alibaba
Are those getting hits on SPOOFED_FREEM_REPTO_CHN?
Perhaps just bump the score for that locally?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec
I wanted you to see your proposed solution from a different point of view, and
I thought the quiz was spot on. As a number of you fell into the trap head
first, I am now horrified. Whatever you do, just do not ask others to blacklist
Alibaba, and do not blacklist yourself.
Sent from ProtonMail
On Mon, 19 Feb 2018, Axb wrote:
oooppps - missing a backslash
mimeheader AXB_CTYPE_SPELLHERO Content-Type =~ /\bapplictaion\/pdf\b/
On 02/19/2018 05:24 PM, Axb wrote:
catch today's PDF pillz spam
mimeheader AXB_CTYPE_SPELLHERO Content-Type =~ /bapplictaion\/pdf\b/
the typo is the tra
I have a BZ raised for reply-to blacklist checking:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7354
On 19/02/2018, 15:05, "Kevin A. McGrail" wrote:
On 2/18/2018 3:06 PM, Kenneth Porter wrote:
> Is there a blacklist for domains in the reply-to header?
>
> I've noticed a
oooppps - missing a backslash
mimeheader AXB_CTYPE_SPELLHERO Content-Type =~ /\bapplictaion\/pdf\b/
On 02/19/2018 05:24 PM, Axb wrote:
catch today's PDF pillz spam
mimeheader AXB_CTYPE_SPELLHERO Content-Type =~ /bapplictaion\/pdf\b/
the typo is the trait ;)
enjoy while it lasts
catch today's PDF pillz spam
mimeheader AXB_CTYPE_SPELLHERO Content-Type =~ /bapplictaion\/pdf\b/
the typo is the trait ;)
enjoy while it lasts
Benny,
Maybe I don't see your point clearly ;-) But I don't want to whitelist
URIHOSTS.
Have this two rules now
urirhssub URIBL_DOMAIN my.rbl.tld. A 127.0.0.16
bodyURIBL_DOMAIN eval:check_uridnsbl('MY_URIBL_DOMAIN')
askdns URIBL_HOST _URIHOSTS_.my.rbl.tld. A 12
Tobi skrev den 2018-02-19 14:43:
no need for this as that case is covered by sa urirhssub queries.
I needed a way to perform www.sub.domain.tld AND domain.tld queries of
the uri www.sub.domain.tld
would you like to test?
blacklist _URIDOMAINS_
whitelist _URIHOSTS_
:=)
if you score whitelist
On 2/18/2018 3:06 PM, Kenneth Porter wrote:
Is there a blacklist for domains in the reply-to header?
I've noticed a lot of spam with no URL and mutating From but the
reply-to domain is always aliyun dot com. I want to add a site-wide
blacklist for that.
To my knowledge it doesn't exist. I d
Am 19.02.2018 um 14:25 schrieb Benny Pedersen:
> Tobi skrev den 2018-02-19 11:45:
> add one more askdns to compensate on _URIDOMAINS_
>
no need for this as that case is covered by sa urirhssub queries.
I needed a way to perform www.sub.domain.tld AND domain.tld queries of
the uri www.sub.domain
Am 19.02.2018 um 15:04 schrieb Benny Pedersen:
>
> yep got it, so if you only use URIHOSTS how do you know it does not miss
> in URIDOMAINS ?
I do not only use URIHOSTS but also a rhs lookup for just the domain.
So I have both bases covered :-)
Tobi skrev den 2018-02-19 14:45:
no need for this as that case is covered by sa urirhssub queries.
I needed a way to perform www.sub.domain.tld AND domain.tld queries of
the uri www.sub.domain.tld against by own rbl.
yep got it, so if you only use URIHOSTS how do you know it does not miss
in
Am 19.02.2018 um 14:25 schrieb Benny Pedersen:
> Tobi skrev den 2018-02-19 11:45:
> add one more askdns to compensate on _URIDOMAINS_
>
no need for this as that case is covered by sa urirhssub queries.
I needed a way to perform www.sub.domain.tld AND domain.tld queries of
the uri www.sub.domain.
Tobi skrev den 2018-02-19 11:45:
askdns MY_FULL_TEST_URIHOSTS_.my.rbl.tld A 127.0.0.4
which fires fullhost lookups according to spamassassin -D
its just that spammers would like you to do this :=)
i wont tell why its helping spammers
add one more askdns to compensate on _URIDOMA
Hi list
just as follow up: at least spamassassin 3.4.1 has the necessary stuff
in URIDNSBL.pm.
There _URIDOMAINS_ and _URIHOSTS_ are set so a fullhost lookup becomes a
simple one-liner
askdns MY_FULL_TEST_URIHOSTS_.my.rbl.tld A 127.0.0.4
which fires fullhost lookups according to spa
On 19/02/2018 10:00, Kenneth Porter wrote:
I have no clue what Rupert is on about. I just want something like
blacklist_from that uses the reply-to header. I thought it was a
simple technical question about how the config file directives map
onto the actual headers. I'm not asking for site pol
On 2/18/2018 5:09 PM, Antony Stone wrote:
On Monday 19 February 2018 at 01:55:45, Rupert Gallagher wrote:
Question time! You receive spam with a reply-to your own address. What do
you do?
I take it that this is now a rather different question that the one you
originally asked in this thread, w
24 matches
Mail list logo