On 2021-05-20 at 18:24:51 UTC-0400 (Thu, 20 May 2021 18:24:51 -0400)
Alex
is rumored to have said:
I'm noticing what I think are a lot of false positives for this
rule.
In what way is this a false positive? Looks like a correct positive
to
me.
Because it was a legitimate email with an
- Message from Alan Hodgson -
Date: Thu, 20 May 2021 13:48:48 -0700
From: Alan Hodgson
Subject: Re: KAM_SENDGRID and SPF_HELO_NONE
To: users@spamassassin.apache.org
And yes, SPF falls back to testing the HELO host if the envelope sender is
empty (which should only occur
Benny Pedersen wrote on 21/05/21 4:59 am:
only place i find it https://spameatingmonkey.com/lookup/libehat
Spameatingmonkey lists it as "This domain was first registered within
the last 30 days Listings automatically expire in less than 30 days"
It was registered on April 23. Maybe
John Hardin wrote on 21/05/21 2:28 am:
Odd, the URIBL website lookup tool says libera (.chat) is not listed,
and didn't yesterday when you first posted this.
https://admin.uribl.com/
Lookup Results (obfuscated just in case)
Domain Status
libera_chat NOT Listed on URIBL
On 2021-05-20 22:33, Clive Jacques wrote:
Here is a good example of such an email (attached, stripped of
identifying info).
This attachment is suspicious because its type doesn't match the type
declared in the message. If you do not trust the sender, you shouldn't
open it in the browser
On 2021-05-20 22:12, Alex wrote:
Is it even possible for a sendgrid client to control their SPF record,
let alone SPF HELO?
no, all next hop will change envelope sender
and sendgrid breaks dkim
Perhaps it's because Return-Path is null?
Return-Path: <>
return path <> would not give spf
Hi,
> > I have an email that matched KAM_SENDGRID because it also matched
> > SPF_HELO_NONE, despite it apparently being a legitimate sendgrid
> > email. This is from SA trunk.
I only meant it as a reference for the version of SA (and SPF.pm)
that's being used, in case it was necessary.
> >
On 2021-05-20 at 16:12:40 UTC-0400 (Thu, 20 May 2021 16:12:40 -0400)
Alex
is rumored to have said:
Hi,
I have an email that matched KAM_SENDGRID because it also matched
SPF_HELO_NONE, despite it apparently being a legitimate sendgrid
email. This is from SA trunk.
KAM_SENDGRID is NOT from
And that rule is probably designed to hit legitimate sendgrid emails.
They have become a hacker and spammer haven over the last year and a half
approximately.
On Thu, May 20, 2021, 16:49 Alan Hodgson wrote:
> On Thu, 2021-05-20 at 16:12 -0400, Alex wrote:
>
>
> X-Envelope-From:
> >
>
On Thu, 2021-05-20 at 16:12 -0400, Alex wrote:
>
> X-Envelope-From:
>
>
>
> Perhaps it's because Return-Path is null?
> Return-Path: <>
Return-Path is supposed to be where your MTA stores the envelope sender. That
it doesn't match is probably a problem.
And yes, SPF falls back to
Hi,
I have an email that matched KAM_SENDGRID because it also matched
SPF_HELO_NONE, despite it apparently being a legitimate sendgrid
email. This is from SA trunk.
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 SPF_PASS SPF: sender matches SPF record
On Thu, 20 May 2021 15:35:21 -0400
Jared Hall wrote:
> Clive Jacques wrote:
> > # Local Rule for Emoticons in subject
> > subject EMOTICON_IN_SUBJECT Subject =~ /\p{Emoticons}/
>
> The following regex will detect a good amount of Emojis:
>
>
On Thu, 20 May 2021, Riccardo Alfieri wrote:
On 20/05/21 18:59, Benny Pedersen wrote:
Is that not working correctly?
only place i find it https://spameatingmonkey.com/lookup/libera.chat
Hi,
by checking: http://multirbl.valli.org/lookup/libera.chat.html
it looks like that is indeed
Clive Jacques wrote:
Hi,
I've been using SA a long time. Lately, I'm getting more and more
spam with emoticons in the subject line. I'd say about 90% of my
emails with emoticons in the subject are spam. I'd like to create a
local rule which scores email with emoticons in the subject. I
That's fine - I'm not saying all email containing emojis in the subject (or
elsewhere) *is *spam - just that it's uncommon and right now, about 90% of
the time it is *for me*. I just want to score it as part of the greater
constellation of factors (just like DKIM, SPF etc.).
On Thu, May 20, 2021
On 2021-05-20 at 13:44:43 UTC-0400 (Thu, 20 May 2021 18:44:43 +0100)
RW
is rumored to have said:
On Thu, 20 May 2021 18:30:03 +0100
RW wrote:
Try this:
header EMOTICON_IN_SUBJECT Subject =~
/\xF0\x9F(?:\x98[\x80-\xFF]|\x99[\x00-x8F])/
Actually that's only the original block, but it
On Thu, 20 May 2021 19:26:30 +0100
RW wrote:
> On Thu, 20 May 2021 18:44:43 +0100
> RW wrote:
>
> > On Thu, 20 May 2021 18:30:03 +0100
> > RW wrote:
> >
> >
> > > Try this:
> > >
> > >
> > > header EMOTICON_IN_SUBJECT Subject =~
> > > /\xF0\x9F(?:\x98[\x80-\xFF]|\x99[\x00-x8F])/
> > >
On Thu, 20 May 2021 18:44:43 +0100
RW wrote:
> On Thu, 20 May 2021 18:30:03 +0100
> RW wrote:
>
>
> > Try this:
> >
> >
> > header EMOTICON_IN_SUBJECT Subject =~
> > /\xF0\x9F(?:\x98[\x80-\xFF]|\x99[\x00-x8F])/
> >
>
> Actually that's only the original block, but it probably works most
On Thu, 20 May 2021 18:30:03 +0100
RW wrote:
> Try this:
>
>
> header EMOTICON_IN_SUBJECT Subject =~
> /\xF0\x9F(?:\x98[\x80-\xFF]|\x99[\x00-x8F])/
>
Actually that's only the original block, but it probably works most of
the time
On Thu, 20 May 2021 18:34:54 +0200
Bert Van de Poel wrote:
> We've started getting lots of spam with emoji in the subject too the
> past few weeks, so I've looked into this as well. As mentioned by RW,
> you would need to create some kind of UTF8 regex header Subject rule.
> As I'm not too
On Thu, 2021-05-20 at 18:34 +0200, Bert Van de Poel wrote:
> We've started getting lots of spam with emoji in the subject too the
> past few weeks, so I've looked into this as well. As mentioned by RW,
> you would need to create some kind of UTF8 regex header Subject rule. As
> I'm not too
On 20/05/21 18:59, Benny Pedersen wrote:
Is that not working correctly?
only place i find it https://spameatingmonkey.com/lookup/libera.chat
Hi,
by checking: http://multirbl.valli.org/lookup/libera.chat.html
it looks like that is indeed listed on URIBL too:
On 2021-05-20 16:28, John Hardin wrote:
On Thu, 20 May 2021, Noel Butler wrote:
Odd, the URIBL website lookup tool says libera (.chat) is not listed,
and didn't yesterday when you first posted this.
Is that not working correctly?
only place i find it
We've started getting lots of spam with emoji in the subject too the
past few weeks, so I've looked into this as well. As mentioned by RW,
you would need to create some kind of UTF8 regex header Subject rule. As
I'm not too excited about writing such a regex, it's way at the bottom
of my todo
On Thu, 20 May 2021 11:42:59 -0400
Clive Jacques wrote:
> Hi,
>
> I've been using SA a long time. Lately, I'm getting more and more
> spam with emoticons in the subject line. I'd say about 90% of my
> emails with emoticons in the subject are spam. I'd like to create a
> local rule which
Hi,
I've been using SA a long time. Lately, I'm getting more and more spam
with emoticons in the subject line. I'd say about 90% of my emails with
emoticons in the subject are spam. I'd like to create a local rule which
scores email with emoticons in the subject. I saw a previous discussion
On Thu, 20 May 2021, Noel Butler wrote:
On 20/05/2021 11:58, Bill Cole wrote:
On 2021-05-19 at 21:13:41 UTC-0400 (Thu, 20 May 2021 11:13:41 +1000)
Noel Butler
is rumored to have said:
By now most of you are aware of the hostile takeover of freenode and the
mass exodus that's currently
27 matches
Mail list logo
