Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

On Fri, 07 Jun 2019 15:17:56 -0400 Bill Cole wrote: > On 7 Jun 2019, at 12:52, Niamh Holding wrote: > > > Hello RW, > > > > Friday, June 7, 2019, 5:21:01 PM, you wrote: > > > > R> This is the reason: > > R> > >>> X-Originating-IP: 162.208.32.167 > > > > > > R> Perhaps the rule should be

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

On Fri, 7 Jun 2019 11:48:57 -0700 (PDT) John Hardin wrote: > On Fri, 7 Jun 2019, Niamh Holding wrote: > > > > > Hello John, > > > > Friday, June 7, 2019, 3:56:03 PM, you wrote: > > > > JH> If you're getting FPs on this, I suggest you review your > > JH> internal hosts. It looks for reserved IP

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

On 7 Jun 2019, at 12:52, Niamh Holding wrote: Hello RW, Friday, June 7, 2019, 5:21:01 PM, you wrote: R> This is the reason: R> X-Originating-IP: 162.208.32.167 R> Perhaps the rule should be modified to test for by=\S It's certainly not a Received: header so should not be checked. You

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

On Fri, 7 Jun 2019, Niamh Holding wrote: Hello John, Friday, June 7, 2019, 3:56:03 PM, you wrote: JH> If you're getting FPs on this, I suggest you review your internal hosts. JH> It looks for reserved IP ranges in external Received headers. This? * 3.3 FORGED_RELAY_MUA_TO_MX No

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

Hello RW, Friday, June 7, 2019, 5:21:01 PM, you wrote: R> This is the reason: R> >> X-Originating-IP: 162.208.32.167 R> Perhaps the rule should be modified to test for by=\S It's certainly not a Received: header so should not be checked. -- Best regards, Niamh

Re: New URL shortener

I knew that URL looked familiar. I added it and a few others last year, and was going to add the one mentioned earlier in the week but got distracted by how to get my fork in sync with Steve's. That said, I think it's tough for even a handful of people to keep up with all the new shorteners.

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

On Fri, 7 Jun 2019 17:00:00 +0100 Niamh Holding wrote: > Hello RW, > > Friday, June 7, 2019, 4:43:13 PM, you wrote: > > R> This provides the first section of X-Spam-Relays-Untrusted. > > And there is no other received header with that IP address, so where > is the second entry coming from?

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

Hello RW, Friday, June 7, 2019, 4:43:13 PM, you wrote: R> This provides the first section of X-Spam-Relays-Untrusted. And there is no other received header with that IP address, so where is the second entry coming from? Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07)

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

On Fri, 7 Jun 2019 16:30:58 +0100 Niamh Holding wrote: > Hello John, > > Friday, June 7, 2019, 3:56:03 PM, you wrote: > > JH> If you're getting FPs on this, I suggest you review your internal > JH> hosts. It looks for reserved IP ranges in external Received > JH> headers. > > This? > > *

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

Hello John, Friday, June 7, 2019, 3:56:03 PM, you wrote: JH> If you're getting FPs on this, I suggest you review your internal hosts. JH> It looks for reserved IP ranges in external Received headers. This? * 3.3 FORGED_RELAY_MUA_TO_MX No description available. . . . X-Spam-Relays-Untrusted:

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

On Fri, 7 Jun 2019 07:56:03 -0700 (PDT) John Hardin wrote: > On Fri, 7 Jun 2019, Niamh Holding wrote: > > > > > Hello > > > > Since 27/05/19 I've been getting loads of FPs caused by this rule > > scoring over 3, earlier in May and before it was scoring 0.0 > > > > Anyone know why the score has

Re: Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

On Fri, 7 Jun 2019, Niamh Holding wrote: Hello Since 27/05/19 I've been getting loads of FPs caused by this rule scoring over 3, earlier in May and before it was scoring 0.0 Anyone know why the score has suddenly rocketed for A rule that doesn't even have a description? The standard

Re: New URL shortener

On Thu, 6 Jun 2019, Kenneth Porter wrote: I'm seeing a lot of fake DHL delivery notices using the shortener smarturl.it. I suggest adding it to __URL_SHORTENER. cc.uz and smarturl.it have been added. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/

Re: New URL shortener

Hai Kevin, FWIW there is a long list of url shorteners as part of the DecodeShortURLs plugin (sadly, no longer maintained), here: It includes the one you just mentioned as well as a whole bunch of others. Kevin, perhaps DecodeShortURLs should become part of the default SA distribution?  

Re: New URL shortener

On 6/7/2019 1:35 AM, Amir Caspi wrote: > On Jun 6, 2019, at 9:03 PM, Kenneth Porter > wrote: >> I'm seeing a lot of fake DHL delivery notices using the shortener >> smarturl.it. I suggest adding it to __URL_SHORTENER. > > FWIW there is a long list of url shorteners

Loads of FPs caused by FORGED_RELAY_MUA_TO_MX

Hello Since 27/05/19 I've been getting loads of FPs caused by this rule scoring over 3, earlier in May and before it was scoring 0.0 Anyone know why the score has suddenly rocketed for A rule that doesn't even have a description? -- Best regards, Niamh

Re: perl core dumping

On Jun 6, 2019, at 1:17 PM, @lbutlr wrote: > I’ve rebuilt Spamassasin from ports several times, including rebuilding all > dependancies. Rebuilt again, this time with postmaster -fr to rebuild everything that spamassassin depends on as well as its dependencies. Seems to have done the trick 爛