On 2024-06-05 04:44, Rob McEwen via users wrote:
From "Frido Otten" mailto:fr...@0tten.nl>>
So is there anything that needs to be done to prevent false positives
happening right after the shutdown?
They said they were emptying the zone files, not actually "listing the
world" - so this
Thanks a lot Kris.
I just got the latest rules.
I'm okay with poor performance for some of the rules as there isn't much
load on the related system.
And yes, you're right, on Ubuntu 20.04.06 the rules are installed in
/usr/share/spamassassin.
sa-update has placed the updated rules in
hostmas...@audiogen.ch wrote:
I found the related
configuration in 20_dnsbl_tests.cf:
/#
---/
/# Return Path Certified:/
/# https://www.returnpath.net/internetserviceprovider/certification//
/# (replaces
Thanks for your answer Harald.
Regarding "there is no such configuration option in SpamAssassin": The conf
snipplet I posted below comes from the repository, however it's an older
version, which still is supported by Ubuntu 20.04.06 LTS and can be installed
from their related archive (at
Hi all
Setup
Postfix with amavis, spamassassin and pyzor
Problem
Every email postfix receives gets a RCVD_IN_RP_CERTIFIED=-3 score. This
leads to SPAM passing the filter.
My findings so far
>From what I think I understood, RCVD_IN_RP_CERTIFIED checks against a list
of "trusted"
On 6/5/24 13:14, Matus UHLAR - fantomas wrote:
On 2024-06-03 at 08:35:32 UTC-0400 (Mon, 3 Jun 2024 14:35:32 +0200)
postgarage Graz IT
is rumored to have said:
I think that the active.list file should be updated, when there
are new rules, shouldn't it?
On 03.06.24 08:52, Bill Cole wrote:
On 2024-06-03 at 08:35:32 UTC-0400 (Mon, 3 Jun 2024 14:35:32 +0200)
postgarage Graz IT
is rumored to have said:
I think that the active.list file should be updated, when
there are new rules, shouldn't it?
On 03.06.24 08:52, Bill Cole wrote:
It is updated where it is actually used, on the ASF
On 6/5/24 11:14, postgarage Graz IT wrote:
On 6/5/24 09:17, Matus UHLAR - fantomas wrote:
On 2024-06-03 at 08:35:32 UTC-0400 (Mon, 3 Jun 2024 14:35:32 +0200)
postgarage Graz IT
is rumored to have said:
I think that the active.list file should be updated, when there are
new rules,
On 6/5/24 09:17, Matus UHLAR - fantomas wrote:
On 2024-06-03 at 08:35:32 UTC-0400 (Mon, 3 Jun 2024 14:35:32 +0200)
postgarage Graz IT
is rumored to have said:
I think that the active.list file should be updated, when there are
new rules, shouldn't it?
On 03.06.24 08:52, Bill Cole wrote:
From "Frido Otten"
So is there anything that needs to be done to prevent false positives
happening right after the shutdown?
They said they were emptying the zone files, not actually "listing the
world" - so this shouldn't cause false any positives - but might cause
some false negatives,
Nothing will *need* to be done.SORBS *should* be removed from all configurations at the earliest opportunity.SORBS will be shut down properly with the DNS servers and zones returning delagation and empty zones for multiple years (should be 10+.. but that depends on whether Proofpoint exists in 10
A little heads-up from the MailOp mailinglist.
So is there anything that needs to be done to prevent false positives
happening right after the shutdown?
Doorgestuurd bericht
Onderwerp: [mailop] SORBS Closing.
Datum: Wed, 05 Jun 2024 10:36:58 +1000
Van:Michelle
On 2024-06-03 at 08:35:32 UTC-0400 (Mon, 3 Jun 2024 14:35:32 +0200)
postgarage Graz IT
is rumored to have said:
I think that the active.list file should be updated, when there are
new rules, shouldn't it?
On 03.06.24 08:52, Bill Cole wrote:
It is updated where it is actually used, on the ASF
On 03.06.24 11:16, Marc wrote:
Hi Andrew, this is a bit of topic, I posted this a while ago on the mailing
list. But did you notice by any chance that eg. hotmail.com is failing
every dkim verification (except their sender rewritten messages)?
I have checked yesterdays logs on one machine:
Thanks for your help. I tried to reproduce the problem by reverting my
changes to investigate it further with my newly learned knowledge, but
now it works as intended, even when I get an "Excessive Queries" response.
IDK, perhaps the problem was something else and I "fixed" it by coincidence…
It appears that Bill Cole said:
>Never has been safe. Terrible idea from the start. Never should have
>been included in the specification.
Agreed.
>I was thinking of the same thing in a half-assed way, just catching
>anything using the length tag. I'd bet that correlates to spam but we'd
On 2024-06-03 at 07:05:29 UTC-0400 (Mon, 3 Jun 2024 12:05:29 +0100
(BST))
Andrew C Aitchison
is rumored to have said:
The DKIM RFC
https://datatracker.ietf.org/doc/html/rfc6376#section-8.2
tells us that it is not safe to rely on the DKIM length (l=) tag
Never has been safe. Terrible idea
On 2024-06-03 at 08:35:32 UTC-0400 (Mon, 3 Jun 2024 14:35:32 +0200)
postgarage Graz IT
is rumored to have said:
I think that the active.list file should be updated, when there are
new rules, shouldn't it?
It is updated where it is actually used, on the ASF rule maintenance
system. It is
On 2024-06-03 at 01:26:31 UTC-0400 (Mon, 3 Jun 2024 07:26:31 +0200)
postgarage Graz IT
is rumored to have said:
Now for my questions:
*) as is stated in active.list it should not be edited. What's the
correct place to add the new rules to activate them? local.cf?
Yes. In your local version
On 6/3/24 12:02, Matus UHLAR - fantomas wrote:
> On 03.06.24 07:26, postgarage Graz IT wrote:
>> A few days ago a lot of false negatives landed in our inboxes. As it
>> turned out the reason was that the for nearly all mails the
>> RCVD_IN_VALIDITY_CERTIFIED and RCVD_IN_VALIDITY_SAFE rules
>
>
> The DKIM RFC
> https://datatracker.ietf.org/doc/html/rfc6376#section-8.2
> tells us that it is not safe to rely on the DKIM length (l=) tag
> and
> https://www.zone.eu/blog/2024/05/17/bimi-and-dmarc-cant-save-you/
> shows how it can be used to subvert BIMI*.
>
> I am looking at
The DKIM RFC
https://datatracker.ietf.org/doc/html/rfc6376#section-8.2
tells us that it is not safe to rely on the DKIM length (l=) tag
and
https://www.zone.eu/blog/2024/05/17/bimi-and-dmarc-cant-save-you/
shows how it can be used to subvert BIMI*.
I am looking at extending
On 03.06.24 12:02, Matus UHLAR - fantomas wrote:
On 03.06.24 07:26, postgarage Graz IT wrote:
A few days ago a lot of false negatives landed in our inboxes. As it
turned out the reason was that the for nearly all mails the
RCVD_IN_VALIDITY_CERTIFIED and RCVD_IN_VALIDITY_SAFE rules matched.
I
On 03.06.24 07:26, postgarage Graz IT wrote:
A few days ago a lot of false negatives landed in our inboxes. As it
turned out the reason was that the for nearly all mails the
RCVD_IN_VALIDITY_CERTIFIED and RCVD_IN_VALIDITY_SAFE rules matched.
I now know that validity introduced a query limit
On 6/3/24 1:10 AM, Tomohiro Hosaka wrote:
Slight correction.
2024-06-03 07:55 に Tomohiro Hosaka さんは書きました:
Here $rc is dualvar.
https://metacpan.org/pod/DBI#execute
This is not dualvar, exactly.
However, the patch is unchanged.
Evaluated as a bool, it is "0E0" true; evaluated as a number, it
Hello!
Debian 12.5
SpamAssassin version 4.0.0
running on Perl version 5.36.0
Server setup with iRedMail
A few days ago a lot of false negatives landed in our inboxes. As it
turned out the reason was that the for nearly all mails the
RCVD_IN_VALIDITY_CERTIFIED and RCVD_IN_VALIDITY_SAFE
Slight correction.
2024-06-03 07:55 に Tomohiro Hosaka さんは書きました:
Here $rc is dualvar.
https://metacpan.org/pod/DBI#execute
This is not dualvar, exactly.
However, the patch is unchanged.
Evaluated as a bool, it is "0E0" true; evaluated as a number, it is the
number of cases.
You may use $cnt
Hello.
EMAIL_IP is not evaluated with SQLBasedAddrList.
In conclusion, the following patches are needed.
---
../Mail-SpamAssassin-4.0.1.orig/lib/Mail/SpamAssassin/SQLBasedAddrList.pm 2024-03-26
13:52:11.0 +0900
+++
../Mail-SpamAssassin-4.0.1/lib/Mail/SpamAssassin/SQLBasedAddrList.pm
Hello.
I am using TxRep with DBBasedAddrList.
If we learn the following email
ham is email address user@host with signed
spam is email address without user@host without signed
The following reputation is used
ham is [EMAILIP: user@host, rep:xx, count: xx]
spam is [EMAIL: user@host, rep: xx,
Hello.
In conclusion, the following patch is needed.
---
../Mail-SpamAssassin-4.0.1.orig/lib/Mail/SpamAssassin/Plugin/TxRep.pm
2024-03-26 13:52:09.0 +0900
+++ ../Mail-SpamAssassin-4.0.1/lib/Mail/SpamAssassin/Plugin/TxRep.pm
2024-06-01 05:09:01.496565000 +0900
@@ -1967,10
Hello.
Thanks for the reply.
Added txrep_dilution_factor 0.98 to
/usr/local/etc/mail/spamassassassin/local.cf
340 push (@cmds, {
341 setting => 'txrep_dilution_factor',
342 default => 0.98,
343 type=> $Mail::SpamAssassin::Conf::CONF_TYPE_NUMERIC,
344
On 2024-05-30 at 03:58:18 UTC-0400 (Thu, 30 May 2024 16:58:18 +0900)
Tomohiro Hosaka
is rumored to have said:
> Hello.
>
> The code seems to be wrong.
I do not believe that to be so. See lines 340-347 in TxRep.pm.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA
Hello.
The code seems to be wrong.
Thanks.
Mail-SpamAssassin-4.0.1
--- lib/Mail/SpamAssassin/Plugin/TxRep.pm.orig 2024-03-26
13:52:09.0 +0900
+++ lib/Mail/SpamAssassin/Plugin/TxRep.pm 2024-05-30
16:50:22.708673000 +0900
@@ -1668,11 +1668,11 @@
$self->{entry}->{msgcount}
They do if you're offering mail service to a large number of users. They
login to a phished mailbox, send new phishingmails to that mailbox and
check the headers if they can see which rules are hit. Then they adapt
the phishingmail to get a lower score until they are below the spam
threshold.
Hello list
ifplugin Mail::SpamAssassin::Plugin::ExtractText
extracttext_external pdfgrep /usr/bin/pdfgrep .+ {}
extracttext_use pdfgrep .pdf application/pdf
endif
which leads to the fact that body rules then can also hit on pdf
content. Is there a possibility for a rule to
> > I am only looking at signature verifications of dkim, nothing else. My
> > software currently does not log selector and domain of failing
> signatures,
> > so I am just doing an mx lookup and 'guessing' that outgoing mail
> > originate from something similar. It is just to much of a
> I am having a large (20%) of messages fail dkim. If I do some random
> checks, it looks like most of the failing messages are from the
> outlook.com cloud. Does any one else have this? Or is my setup just not
> properly checking dkim of outlook.com?
how should i guess ?
i see o365 not dkim
> > I am having a large (20%) of messages fail dkim. If I do some random
> > checks, it looks like most of the failing messages are from the
> > outlook.com cloud. Does any one else have this? Or is my setup just not
> > properly checking dkim of outlook.com?
>
> how should i guess ?
>
> i see
Marc skrev den 2024-05-28 14:15:
I am having a large (20%) of messages fail dkim. If I do some random
checks, it looks like most of the failing messages are from the
outlook.com cloud. Does any one else have this? Or is my setup just not
properly checking dkim of outlook.com?
how should i
I am having a large (20%) of messages fail dkim. If I do some random checks, it
looks like most of the failing messages are from the outlook.com cloud. Does
any one else have this? Or is my setup just not properly checking dkim of
outlook.com?
On 27.05.24 23:10, Thomas Barth via users wrote:
for months I have been waiting for the type of SPAM I receive to be
captured by the DNS block lists. But nothing is happening. I have long
since fed Spamassassin with these SPAMs. What else can I do? I have
even activated HOSTKARMA-black/brown.
On 2024-05-27 at 17:43:43 UTC-0400 (Mon, 27 May 2024 17:43:43 -0400)
J Doe
is rumored to have said:
> Hi list,
>
> Sometimes when I am checking my e-mail server logs, SA will note
> "deadline shrunk":
>
> May 27 12:56:07 server spamd[29305]: async: aborting after 4.253 s,
> deadline
Hi list,
Sometimes when I am checking my e-mail server logs, SA will note
"deadline shrunk":
May 27 12:56:07 server spamd[29305]: async: aborting after 4.253 s,
deadline shrunk: DNSBL, A/106.55.47.104.dnsbl.sorbs.net, rules:
RCVD_IN_SORBS_DUL, __RCVD_IN_SORBS
What does the
> for months I have been waiting for the type of SPAM I receive to be
> captured by the DNS block lists. But nothing is happening. I have long
> since fed Spamassassin with these SPAMs. What else can I do?
put your spam score lower? I don't think you will get many false positives when
you put
Noel Butler skrev den 2024-05-26 01:53:
Shame on you for not turning on ESP ;)
whois Kevin ? :)
When Benny is off his meds, he's like the newbies who lodge support
tickets saying "mail doesnt work" not I cant get my mail because of
error fooXXX or cant send mail because im an idiot and
On 26/05/2024 01:20, Antony Stone wrote:
On Saturday 25 May 2024 at 16:57:21, Benny Pedersen wrote:
Antony Stone skrev den 2024-05-25 16:52: Is this a reply to something?
something ?, try disable askdns plugin, then do spamassassin --lint
succes ?
hopefully kam know why
there should not be
On Saturday 25 May 2024 at 16:57:21, Benny Pedersen wrote:
> Antony Stone skrev den 2024-05-25 16:52:
> > Is this a reply to something?
>
> something ?, try disable askdns plugin, then do spamassassin --lint
>
> succes ?
>
> hopefully kam know why
>
> there should not be lint errors if just
Antony Stone skrev den 2024-05-25 16:52:
Is this a reply to something?
something ?, try disable askdns plugin, then do spamassassin --lint
succes ?
hopefully kam know why
there should not be lint errors if just check plugin is enabled, where
all other plugins is disabled
On Saturday 25 May 2024 at 16:51:07, Benny Pedersen wrote:
> +1
Is this a reply to something?
Antony.
--
"Linux is going to be part of the future. It's going to be like Unix was."
- Peter Moore, Asia-Pacific general manager, Microsoft
+1
Tomohiro Hosaka skrev den 2024-05-25 13:43:
Perhaps SpamAssassin is designed for single-process use?
this is a limit on DB_File only
(If so, this would conflict with the preforked spamd, which does not
seem to have any special locking to prevent this on the spamd side.)
spamd only write
Hello.
I have a question about Mail::SpamAssassin::BayesStore::DBM (DB_File).
I am using it with Mail::SpamAssassin::Locker::Flock.
I think this module is implemented as follows
For reading, tie_db_readonly tie (no lock)
For writing, tie_db_writable flock LOCK_EX & tie
multi-process $sa->check
On 5/23/24 5:39 PM, Bill Cole wrote:
On 2024-05-23 at 03:40:48 UTC-0400 (Thu, 23 May 2024 09:40:48 +0200)
Carsten
is rumored to have said:
Hi @all,
I want to create a SpamAssassin rule that checks if the subject line of an email contains the local
part of the recipient's email address (the
Hi,
Try this
if (version >= 4.00)
if can(Mail::SpamAssassin::Conf::feature_capture_rules)
header __TZ_CAP_TO_USR To:addr =~ /(?[^@]+)/
header __TZ_SUBJ_HAS_USR Subject =~ /\b%{TZ_TO_USR}\b/i
endif
endif
I'm curious if CAPTURING TAGS can handle multiple
On 2024-05-23 at 03:40:48 UTC-0400 (Thu, 23 May 2024 09:40:48 +0200)
Carsten
is rumored to have said:
Hi @all,
I want to create a SpamAssassin rule that checks if the subject line
of an email contains the local part of the recipient's email address
(the part before the @ symbol). For
Hi @all,
I want to create a SpamAssassin rule that checks if the subject line of
an email contains the local part of the recipient's email address (the
part before the @ symbol). For example, if the recipient's email address
is |i...@example.com|, I want to check if the subject contains the
On 2024-05-21 13:42:23 -0400, Bill Cole wrote:
> On 2024-05-21 at 11:00:57 UTC-0400 (Tue, 21 May 2024 17:00:57 +0200)
> Vincent Lefevre
> is rumored to have said:
>
> > While testing a rule with SpamAssassin 4.0.0 under Debian/stable
> > (I wasn't aware of allow_user_rules yet, but this is not
On 2024-05-21 at 11:00:57 UTC-0400 (Tue, 21 May 2024 17:00:57 +0200)
Vincent Lefevre
is rumored to have said:
While testing a rule with SpamAssassin 4.0.0 under Debian/stable
(I wasn't aware of allow_user_rules yet, but this is not the issue
I'm reported):
2024-05-21T16:42:42.792136+02:00
While testing a rule with SpamAssassin 4.0.0 under Debian/stable
(I wasn't aware of allow_user_rules yet, but this is not the issue
I'm reported):
2024-05-21T16:42:42.792136+02:00 joooj spamd[219339]: config: not parsing,
'allow_user_rules' is 0: header LOCAL_TO_LORIA ToCc =~ /loria\\.fr/i
On 2024-05-18 at 10:26:54 UTC-0400 (Sat, 18 May 2024 16:26:54 +0200)
Francis Augusto Medeiros-Logeay
is rumored to have said:
Is there any difference between using spamc -L and sa-learn ?
On 18.05.24 11:41, Bill Cole wrote:
Yes. The compiled-C spamc binary loads no Perl, it just talks over a
Hi,
if you are using rules that query Validity rbl (RCVD_IN_VALIDITY_* rules), make
sure you have updated rules (at least dated 2024-04-23),
otherwise you may encounter in FPs instead of hitting an overlimit response.
Giovanni
OpenPGP_signature.asc
Description: OpenPGP digital signature
J Doe skrev den 2024-05-19 23:57:
On 2024-05-17 23:13, Noel Butler wrote:
On 18/05/2024 08:14, J Doe wrote:
Here is an example entry:
10-May-2024 05:34:39.024 lame-servers: info: REFUSED unexpected
RCODE resolving 'rbldns10.sorbs.net/A/IN': 108.59.172.201#53
SORBS has been
On 2024-05-17 23:13, Noel Butler wrote:
On 18/05/2024 08:14, J Doe wrote:
Hello,
I make use of SpamAssassin 4.0.0 on a low volume e-mail server. I also
run my own validating resolver with Bind 9.18.27 on the e-mail server.
The only piece of software I have in my e-mail stack that uses
On 5/17/24 3:17 PM, Matus UHLAR - fantomas wrote:
Hi guys,
I have configured exclusion for some common domains e.g. gov.sk in SA:
uridnsbl_skip_domain [...] gov.sk slovensko.sk
However it seems that that domain is still queried:
9826 68.951573 127.0.0.1 → 127.0.0.1 DNS 104 Standard
On 2024-05-18 at 10:26:54 UTC-0400 (Sat, 18 May 2024 16:26:54 +0200)
Francis Augusto Medeiros-Logeay
is rumored to have said:
Hi,
Is there any difference between using spamc -L and sa-learn ?
Yes. The compiled-C spamc binary loads no Perl, it just talks over a
socket to spamd, which is
> On 18 May 2024, at 17:10, Bill Cole
> wrote:
>
> On 2024-05-18 at 10:25:28 UTC-0400 (Sat, 18 May 2024 16:25:28 +0200)
> Francis Augusto Medeiros-Logeay
> is rumored to have said:
>
>> Hi,
>>
>> I use Spamassassin 4 on Ubuntu 24.04.
>>
>> I have configured SQL for storing user
On 2024-05-18 at 10:25:28 UTC-0400 (Sat, 18 May 2024 16:25:28 +0200)
Francis Augusto Medeiros-Logeay
is rumored to have said:
Hi,
I use Spamassassin 4 on Ubuntu 24.04.
I have configured SQL for storing user preferences. Things work fine,
but I am getting these errors on my logs:
Sat May
Hi,
Is there any difference between using spamc -L and sa-learn ? I noticed that
the later is way slower. I don’t use a journal for local updating, so both
write directly to the database.
Best,
Francis
Hi,
I use Spamassassin 4 on Ubuntu 24.04.
I have configured SQL for storing user preferences. Things work fine, but I am
getting these errors on my logs:
Sat May 18 16:22:21 2024 [75733] info: config: not parsing, administrator
setting: use_pyzor\t1
Sat May 18 16:22:21 2024 [75733] info:
On 18/05/2024 08:14, J Doe wrote:
Hello,
I make use of SpamAssassin 4.0.0 on a low volume e-mail server. I also
run my own validating resolver with Bind 9.18.27 on the e-mail server.
The only piece of software I have in my e-mail stack that uses SORBS is
SpamAssassin. I have noticed in my
Hello,
I make use of SpamAssassin 4.0.0 on a low volume e-mail server. I also
run my own validating resolver with Bind 9.18.27 on the e-mail server.
The only piece of software I have in my e-mail stack that uses SORBS is
SpamAssassin. I have noticed in my resolver logs multiple entries where
Hi guys,
I have configured exclusion for some common domains e.g. gov.sk in SA:
uridnsbl_skip_domain [...] gov.sk slovensko.sk
However it seems that that domain is still queried:
9826 68.951573127.0.0.1 → 127.0.0.1DNS 104 Standard query 0xbffe A
mail.gov.sk.multi.uribl.com OPT
in
On 2024-05-13 at 20:09:33 UTC-0400 (Tue, 14 May 2024 10:09:33 +1000)
Noel Butler
is rumored to have said:
This morning one of our ent_domains DMARC weekly report from a third
party was listed as spam by SA which took the wording
Not_percent-twenty_Resolved and passed it off to URI checks
On Mon, May 13, 2024 at 8:10 PM Noel Butler wrote:
> This morning one of our ent_domains DMARC weekly report from a third party
> was listed as spam by SA which took the wording
> Not_percent-twenty_Resolved and passed it off to URI checks adding
> dot.com to it when there is no dot com after
On 14.05.24 10:09, Noel Butler wrote:
This morning one of our ent_domains DMARC weekly report from a third
party was listed as spam by SA which took the wording
Not_percent-twenty_Resolved and passed it off to URI checks adding
dot.com to it when there is no dot com after it, and a raw
This morning one of our ent_domains DMARC weekly report from a third
party was listed as spam by SA which took the wording
Not_percent-twenty_Resolved and passed it off to URI checks adding
dot.com to it when there is no dot com after it, and a raw message
search of that message in less in
On 2024-05-13 at 08:09:04 UTC-0400 (Mon, 13 May 2024 14:09:04 +0200)
Benny Pedersen
is rumored to have said:
i write here so in hope to start a debate on it, is there a code
change any where to handle this ?
That's not a SA issue. Nothing SA does can fix it
The change (in Debian) that fixed
i write here so in hope to start a debate on it, is there a code change
any where to handle this ?
Am 2024-05-13 04:33, schrieb jdow:
Um, "FORGED_SPF_HELO"? Are you sure this message is from MS?
{^_^}
The mail/report is authentic. They already corrected this "error" or
changed the sending server. In today's report FORGED_SPF_HELO is 0.001
and the score is below 5 :)
On 20240512
Um, "FORGED_SPF_HELO"? Are you sure this message is from MS?
{^_^}
On 20240512 06:56:59, Thomas Barth wrote:
Am 2024-05-12 12:39, schrieb Greg Troxel:
I would suggest that if Debian is modifying the default config from 5 to
6.31, then probably they should not be doing that.
This is a status
Thomas Barth skrev den 2024-05-12 15:56:
Am 2024-05-12 12:39, schrieb Greg Troxel:
I would suggest that if Debian is modifying the default config from 5
to
6.31, then probably they should not be doing that.
This is a status of dmarc-report from microsoft today
X-Spam-Status: Yes,
Am 2024-05-12 12:39, schrieb Greg Troxel:
I would suggest that if Debian is modifying the default config from 5
to
6.31, then probably they should not be doing that.
This is a status of dmarc-report from microsoft today
X-Spam-Status: Yes, score=5.938 tagged_above=2 required=6.31
On 12.05.24 06:39, Greg Troxel wrote:
I would suggest that if Debian is modifying the default config from 5 to
6.31, then
as it was already said, it's not Debian, it's default score in amavis.
Even the original header is in the amavis format:
X-Spam-Status: No, score=3.999 tagged_above=2
I would suggest that if Debian is modifying the default config from 5 to
6.31, then
probably they should not be doing that. as a packager, I fix bugs
(and file upstream bug reports), but it's usually linuxy
nonportability things that are clearly bugs (test ==, hardcoded lists
of accepted
Am 2024-05-12 01:08, schrieb jdow:
Methinks this is a perfect example of "one man's spam is another man's
ham." Or in my case, "A woman's spam is often a man's ham."
I like spam when it's well designed. That's why I no longer reject it on
my newly set up mail server. I just want them all to
On 11/05/2024 03:40, Bill Cole wrote:
So what? domain owners state hard fail it SHOULD be hard failed,
irrespective of if YOU think you know better than THEM or not, if we
hardfail we accept the risks that come with it.
In practice, there is a prioritizing of whose wishes I prioritize on
On 20240511 14:56:51, Greg Troxel wrote:
Thomas Barth writes:
Am 2024-05-11 21:54, schrieb Bill Cole:
I have no idea who the Debian "spam analysts" are but I am certain
that they are not doing any sort of data-driven dynamic adjustments
of scores based on a threshold of 6.3 nor are they
Am 2024-05-11 23:49, schrieb Vincent Lefevre:
The value 6.31 does not even appear in the spamassassin source
package.
Sorry, the values are overwritten via the Amavis defaults.
cat /etc/debian_version
10.13
egrep -nri "sa_tag_level_deflt|sa_kill_level_deflt" /etc
Thomas Barth writes:
> Am 2024-05-11 21:54, schrieb Bill Cole:
>> I have no idea who the Debian "spam analysts" are but I am certain
>> that they are not doing any sort of data-driven dynamic adjustments
>> of scores based on a threshold of 6.3 nor are they (obviously)
>> adjusting that
On 2024-05-11 20:26:59 +0200, Thomas Barth wrote:
> Am 2024-05-11 19:24, schrieb Loren Wilton:
[...]
> > > found in
> > >
> > > X-Spam-Status: No, score=5.908 tagged_above=2 required=6.31
> > > tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
> > > DKIM_VALID_EF=-0.1,
Am 2024-05-11 21:54, schrieb Bill Cole:
I have no idea who the Debian "spam analysts" are but I am certain that
they are not doing any sort of data-driven dynamic adjustments of
scores based on a threshold of 6.3 nor are they (obviously) adjusting
that threshold daily based on current scores.
On 2024-05-11 at 14:26:59 UTC-0400 (Sat, 11 May 2024 20:26:59 +0200)
Thomas Barth
is rumored to have said:
Hello
Am 2024-05-11 19:24, schrieb Loren Wilton:
Can I just take the names of the rules?
e.g. at least two checks should fire:
meta MULTIPLE_TESTS (( RAZOR2_CF_RANGE_51_100 +
Hello
Am 2024-05-11 19:24, schrieb Loren Wilton:
Can I just take the names of the rules?
e.g. at least two checks should fire:
meta MULTIPLE_TESTS (( RAZOR2_CF_RANGE_51_100 + RAZOR2_CHECK +
URIBL_ABUSE_SURBL) > 1)
score MULTIPLE_TESTS 1
found in
X-Spam-Status: No, score=5.908
Can I just take the names of the rules?
e.g. at least two checks should fire:
meta MULTIPLE_TESTS (( RAZOR2_CF_RANGE_51_100 + RAZOR2_CHECK +
URIBL_ABUSE_SURBL) > 1)
score MULTIPLE_TESTS 1
found in
X-Spam-Status: No, score=5.908 tagged_above=2 required=6.31
tests=[DKIM_SIGNED=0.1,
Hi guys,
thank you all for your advice!
Am 2024-05-10 22:39, schrieb Bowie Bailey:
The rules with the low scores are not intended to contribute to the
spam score for the email. They only have a defined score at all
because if the score is 0, SA will not run the rule.
It works like this:
On 5/10/2024 2:57 AM, Thomas Barth wrote:
Am 2024-05-10 06:19, schrieb Reindl Harald (privat):
Am 10.05.24 um 00:05 schrieb Thomas Barth:
Am 2024-05-09 21:41, schrieb Loren Wilton:
Low-score tests are neither spam nor ham signs by themselves. They
can be used in metas in conjunction with
On 2024-05-10 at 14:15:56 UTC-0400 (Fri, 10 May 2024 14:15:56 -0400)
Bill Cole
is rumored to have said:
> On 2024-05-09 at 18:19:14 UTC-0400 (Thu, 9 May 2024 15:19:14 -0700)
> jdow
> is rumored to have said:
>
>> On 20240509 15:05:46, Thomas Barth wrote:
>>> Am 2024-05-09 21:41, schrieb Loren
oh dear, when do he stop ?
Original besked
Emne: Re: Rule: "1.0 R_DCD 90% of .com. is spam"
Dato: 2024-05-10 20:17
Afsender: "Reindl Harald (gmail)"
Modtager: Benny Pedersen
Am 10.05.24 um 20:14 schrieb Benny Pedersen:
Matus UHLAR - fantomas skrev den 2024-05-10 18:46:
On
On 2024-05-10 at 11:00:45 UTC-0400 (Fri, 10 May 2024 08:00:45 -0700 (PDT))
John Hardin
is rumored to have said:
> Note that poorly-performing rules may get a score that looks informational,
> but that may change over time based on the corpora.
IOW: rules that in themselves are not good enough
1 - 100 of 105361 matches
Mail list logo