Am 11.07.20 um 23:55 schrieb Benny Pedersen:
> Marcus Schopen skrev den 2020-07-11 23:43:
>> config: warning: description exists for non-existent rule
>> USER_IN_ALLOWLIST_TO
>
> meta USER_IN_ALLOWLIST_TO (USER_IN_WHITELIST_TO)
Hello,
My SA hit the same update issue. It was unable to update
Am 04.10.19 um 16:40 schrieb Grant Taylor:
> On 10/4/19 6:43 AM, A. Schulze wrote:
>> that happen from time to time but currently I suspect the sender like to
>> trigger a Bug in OpenDMARC to generate dmarc=pass for messages that
>> otherwise would be classified as dma
Am 04.10.19 um 01:12 schrieb Philip:
> Lately I'm getting a bunch of emails that are showing up with two email
> addresses in the From: field.
that happen from time to time but currently I suspect the sender like to
trigger a Bug in OpenDMARC
to generate dmarc=pass for messages that
Hello,
we've a number of SA instances that need rule updates. For now we configured
them to use a proxy. Works...
But there are also instances that can't us a proxy at all.
My idea was to setup a private SA-Mirror (apache+rsync) but, I've to manage
DNS-Data for
Giovanni Bechis:
Just spotted by others,
this diff fixes the problem:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7540
yea! but that's a patch for the rules, right?
may we expect a fixed ruleset will be published shortly?
Andreas
Btw:
what's the state of 3.4.2+? Beta? Release?
Hello all,
shortly (since around 09:30 UTC) I get such notifications on sa-update:
rules: failed to run FORGED_GMAIL_RCVD test, skipping:
(Can't locate object method "check_for_forged_gmail_received_headers"
via package "Mail::SpamAssassin::PerMsgStatus" at (eval 1277) line 253.
)
channel:
Kevin A. McGrail:
If you are checking the SpamAssassin updates more than 2x a day,
expect to be blocked in the very near future. We have people
checking literally every minute and we only release rules currently
1x per day. There is no need to check this often!
I use sa-update to update
Am 27.10.2017 um 07:15 schrieb @lbutlr:
> RFC 822 is obsolete, replaced by RFC 2822.
... which is obsoleted by RFC 5322 and updated some other RFCs
see https://tools.ietf.org/html/rfc5322
John Hardin:
any header that begins with "X-" is permitted.
permitted - yes
but I'm aware may user assisiate X- header still as private header.
This is no longer true since 2012: https://tools.ietf.org/html/rfc6648
just to mention that...
Andreas
Am 02.05.2017 um 17:09 schrieb Marc Perkel:
>
>
> On 05/02/17 03:54, RW wrote:
>> On Mon, 1 May 2017 19:30:01 -0700
>> Marc Perkel wrote:
>>
>>> Might be slightly off topic but I've been running into more delivery
>>> problems with outgoing email because I don't use DMARC.
>> How do you know
Am 21.04.2017 um 22:58 schrieb Kevin A. McGrail:
> Things are moving along on a SpamAssassin 3.4.2 release and a 4.0 release as
> well. It's my expectation that 3.4.2 will be the last 3.4.x release.
> My hopes is to have them ready to announce at ApacheCon
will/are there be release candidates
Chip M.:
*** Does anyone have a contact at LinkedIn ops? ***
I informed LinkedIn and was asked to send the following response on
behalf of Franck Martin:
This email was not sent by Linkedin.
Linkedin uses several lists to ensure the redirection does not end up to a
known bad site.
Alan Hodgson:
I really believe that's incorrect. Relaxed alignment specifically
means you can
sign with a subdomain's key or use a subdomain for SPF.
Read sections 3.1.2 and 10.4 of that same document, for instance.
Alan,
you're write! DMARC folks told me so, too.
DMARC Relax alignment
Alan Hodgson:
I really believe that's incorrect. Relaxed alignment specifically
means you can
sign with a subdomain's key or use a subdomain for SPF.
Read sections 3.1.2 and 10.4 of that same document, for instance.
Hm. https://tools.ietf.org/html/rfc7489#section-10.4 reads like you're
Alan Hodgson:
DMARC allows a subdomain to sign the mail with a
relaxed alignment policy.
really?
I know DMARC as
"example.com may dkim sign with example.com. relax alignment will
match even for RFC5322.From sub.example.com"
but you claim
"sub.example.com may dkim sign with
Alex:
So ultimately who's at fault here for causing this to fail? AOL? What
should have been done to prevent it?
it depends who generate the DSN.
- AOL?
-> then they should DKIM sign their own message.
- an AOL customer sending on behalf of his own AOL address via AOL
infrastructure?
A. Schulze:
So SPF *never* could be aligned to RFC5322.From for such messages.
even if spf=pass...
The only way to generate a DMARC=pass is DKIM. A domainowner has to
DKIM-sign DeliveryStatusNotification or Autoresonder in alignement
to the RFC5322.From.
This is even more important
RW:
On Mon, 4 Apr 2016 13:00:11 -0400
Alex wrote:
Hi,
Can someone help me understand why this auto-away message failed the
DMARC tests?
http://pastebin.com/wXhxex92
It looks like it passed through an AOL MX, yet SPF still failed.
It didn't fail SPF, it failed to pass because there's no
Am 20.09.2015 um 05:10 schrieb Reindl Harald:
Am 19.09.2015 um 20:12 schrieb A. Schulze:
So I ask the list: (how) do you whitelist this list?
whitelist_auth *@spamassassin.apache.org
works. it trigger USER_IN_SPF_WHITELIST=-100
thanks!
Andreas
Hello,
today I was notified by ezmlm that my MTA rejected messages to me. Messages to
this list where classified as spam by .. spamassassin.
OK, no surprise some messages look spammy.
As usual: there is one solution that is smart, fast and obvious. But sometimes
this one is also wrong.
So I
Hello,
I wrote a little patch for the SPF plugin to detect domains
authenticating any IP by SPF.
Usage:
local.cf
header SPF_PASS_PLUSALL eval:check_for_spf_pass_plusall()
header SPF_HELO_PASS_PLUSALL
eval:check_for_spf_helo_pass_plusall()
describe
Kevin A. McGrail:
https://wordtothewise.com/2012/11/how-long-is-your-dkim-key/
It's a recommendation not a requirement so the pass even when lower
than 1024 is accurate.
I disagree.
Lauras article is more then two years old. But since more then 4 years
( Sep 2011 )
RFC 6376 say very
Benny Pedersen:
Upgrade to sa 3.4 where this work, else wait for next rule update,
this is a work in progress thats only gives error when not using sa
3.4
At least here I *have* 3.4 but got the same warnings.
The file 72_active.cf from update_spamassasin_org contain some
lines if
Kevin A. McGrail:
We are working on solutions expected for the 3.4.1 release on ~9/30.
are the any updates on the release plan?
Karsten Bräckelmann:
The directory name and accompanying cf file are generated by
sa-update based on the channel name. There is no way for the channel to
enforce order.
Besides picking a channel name that lexicographically comes after the
to-be-overridden target channel, you're limited to
Hello,
I had the idea to run my own updateserver for two purposes:
1. distribute own rules
2. override existing rules
But somehow I fail on #2.
SA rules normally reside in /var/.../spamassassin/$SA-VERSION/channelname/*.cf
Also the are files /var/.../spamassassin/$SA-VERSION/channelname.cf
Matus UHLAR - fantomas:
Do you trust smtp.cesky-hosting.cz?
Even if it's open socks and http proxy server?
No, I don't.
But I initially wonder why sa looked up the external submission host
while docu say last untrusted relay which it isn't.
Andreas
Hello,
today I was pointed to a message with these headers:
X-Spam-Score: 6.789
X-Spam-Status: Yes, score=6.789 tag=-999 tag2=5 kill=6
tests=[HTML_MESSAGE=0.001, MISSING_MIMEOLE=1.843,
RCVD_IN_SORBS_HTTP=2.499, RCVD_IN_SORBS_SOCKS=2.443]
Received: from smtp.cesky-hosting.cz
Benny Pedersen:
Trusted network and internal network in local.cf for all your own
ipv6, ipv4 :)
ups, I had no settings at all for trusted/internal/msa networks :-/
Thanks for the pointer
Andreas
Hello,
today we came up with the idea to look at the domain age.
It may be a criteria for otherwise perfect messages.
Is there something I could ask with a domainname and receive the age
as answer?
Andreas
Tom Hendrikx:
but postfix has a feature that can check the MX and NS
records of the envelope sender or hostname of the connecting ip.
I know and use that.
If these are all the same, you could block connections based on those.
that's intersting, no idea how to
Karsten Bräckelmann:
Since SA 3.4, there are template tags which already might be all you
need. The template tags _URIHOSTS_ and _URIDOMAINS_ list all extracted
(and to be looked up) URIs, including full hostname and domain only
respectively. No path information.
add_header all UriHosts
Andreas Schulze:
Kasten,
sorry - Karsten
works wonderful. I now have a list of hostnames SA find in the messagebody
as new header! Thanks. Much simpler then I thought...
Andreas
Hello,
I have to get an overview on http links in a specific mail stream.
My plan is to use spamassassin as it could parse message body much better then
I do :-)
There is a plugin URIDNSBL that could fire dns queries for every url found.
That's fine for me, as the url is then in my dnsserver
Zitat von Mark Martinec mark.martinec...@ijs.si:
Curl uses environment variable http_proxy (lowercase),
same as wget and LWP (libwww-perl) and similar tools.
Don't know where you got the uppercase variant.
Good point. The uppercase version simply did it's job.
I just tried the lowercase
Hello,
thanks for that great software. The only problem I found is an issue
with sa-update:
My network require to use a http proxy incl. authentication. To load updates
I currently (sa-3.3.2) set HTTP_PROXY=... for sa-update.
That does not work anymore in 3.4
As I use curl I now have to
Am 11.10.2013 17:05 schrieb Kevin A. McGrail:
On behalf of the PMC, the ASF SpamAssassin Project is pleased to
announce the availability of our third release candidate for 3.4.0.
Hi all!
thanks for that great software first!
I found two minor issues in perl documentation and attach a patch.
Zitat von Florian Lindner mailingli...@xgm.de:
Since we move our server (and upgrade from oldstabe to stable) I want to
reconsider how I organize mails serverside.
Debian, MTA is postfix, MDA maildrop (like procmail), IMAP was
courier, will be dovecot.
if you use dovecot, maildrop is
Hello,
today I found messages with strage headers: they had an empty value.
example:
From: ...
To: ...
X-MS-TNEF-Correlator:spacenewline
Date: ...
Is this against any rfc and could/should [not?] be rejected or used to
identify spam?
Thanks
Andreas
Hello,
Every mail MUST have exact one From header (RFC5322, 3.6).
Same RFC, Section 3.6.2 allow a from header contain a list of senders
(Why ???)
In this case exact one sender header MUST be present and it MUST NOT a list.
Are there SA Rules to score a missing or multiple from header?
Does
Am 29.03.2013 02:36 schrieb Karsten Bräckelmann:
On Fri, 2013-03-29 at 00:56 +, John Levine wrote:
Is there any way to tell spamassassin to look at the A-R header rather
than trying to rerun the SPF and DKIM checks itself?
in sa-3.3.2/Plugin/SPF.pm is still code like this:
if ($hdr =~
Am So, 18.11.2012, 18:48 schrieb dar...@chaosreigns.com:
are you sure? I will report it to my ISP
No, I'm not sure, which is why I said I believe and But I haven't
actually looked into those details lately. We need better documentation
of this. But I am very confident something along
Am Do, 6.09.2012, 13:08 schrieb Andreas Schulze:
Is it possible to use the result of the milter in the same way SA would do
with its own SPF implementation?
Than the SPF information could have an influance to the spamcore.
I run smf-spf milter (sf.net/projects/smfs) and applied a number
Hello,
for technical reasons I have no Mail::SPF::Query. So my SA has no view to the
spf settings of an incomming mail.
But I run an SPF-Milter in front of SA without Mail::SPF::Query. That Filter
adds an Received-SPF header to the mails but do not reject.
Is it possible to use the result of
Am 06.09.2012 17:08 schrieb Ned Slider:
If your milter adds the Received-SPF header before the mail is
passed to SA then maybe you could simply write a rule to check the
Received-SPF header and score as you see appropriate.
Yes, the Milter add a Received-SPF header.
Could you point me to some
Hello,
I like to ask you how knows/uses MTX (http://www.chaosreigns.com/mtx)
Thanks for a shot response offlist.
Andreas
#Name_servers
other resolvers installable by users are
- unbound ( http://unbound.net )
- dnscache ( http://cr.yp.to/dnscache.html )
- bind (off course)
- http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software
--
Andreas Schulze
Andreas Schulze
/SpamAssassin/Util/DependencyInfo.pm
- lib/Mail/SpamAssassin/Util/RegistrarBoundaries.pm
Attached my patch.
Andreas
--
#
# Andreas Schulze
# https://andreasschulze.de
#
# GnuPG Key-ID: A7DBA67F, https://andreasschulze.de/sca.asc
Am 15.05.2011 22:29 schrieb Andreas Schulze:
But sometimes the perldoc produces mangages with errors:
and some other manpages changes ...
Attached my other patch.
Andreas
--
#
# Andreas Schulze
# https://andreasschulze.de
://andreasschulze.de/tmp/quarantined
What could I change,
that my mails no longer matches the mentioned rules ?
Thanks
--
Viele Grüße
Andreas Schulze
Hi,
-forget Forget a message
I do
sa-learn --forget message; sa-learn --spam message
right ?
--
Viele Grüße
Andreas Schulze
Hello,
http://www.spamhaus.org/faq/answers.lasso?section=DROP FAQ
mention as very last point to use the Spamhaus Drop list with SA.
is anybody doing this and can explain it in detail ?
Thanks
Andreas
--
#
# Andreas Schulze
# https://andreasschulze.de
#
# GnuPG Key-ID: A7DBA67F, https://andreasschulze.de/sca.asc
# GnuPG Fingerprint: 14C1 39A8 CE6D 6BE0 28C6 5652 03B5 6793 A7DB A67F
#
# $Id: .signature,v 1.3 2007-12-27 21:13:36 sca Exp $
Hello,
I call SA from amavisd-new and found this warning in my logfile.
Aug 23 11:36:27 taro amavis[32405]: (32405) _WARN: auto-whitelist: open of
auto-whitelist file failed: Can't locate auto/NetAddr/IP/full6.al in @INC
(@INC
contains: /etc/perl /usr/local/lib/perl/5.10.0
--
#
# Andreas Schulze
# https://andreasschulze.de
#
# GnuPG Key-ID: A7DBA67F, https://andreasschulze.de/sca.asc
# GnuPG Fingerprint: 14C1 39A8 CE6D 6BE0 28C6 5652 03B5 6793 A7DB A67F
#
# $Id: .signature,v 1.3 2007-12-27 21:13:36 sca Exp $
On Sun, Aug 08, 2010 at 02:57:29PM -0500, Dave Funk wrote:
For some reason when you set that options inet6 your system is not
willing to fall back to IPv4 mode (or a bug is preventing it).
That's what you need to look into (until such time as
spamassassin.apache.org gets v6 connected ;).
Hi
Thanks!
I was thinking just in an optimization
Oliver
Theo Van Dinter wrote:
second, current released versions of SA run all rules, so the ordering doesn't
really matter for that one.)
--
Oliver Schulze L. | Get my e-mail after a captcha in:
Asuncion - Paraguay | http://tinymailto.com
Hi,
I wonder if it is posible to change the order in which the tests run.
Specially, I want the test RCVD_IN_BL_SPAMCOP_NET to be tested
firsts and then the others.
Thanks
Oliver
--
Oliver Schulze L. | Get my e-mail after a captcha in:
Asuncion - Paraguay | http://tinymailto.com/oliver
R Lists06 wrote:
I have disabled botnet for now
You can still use BotNet 0.6, it works fine
HTH
Oliver
--
Oliver Schulze L. | Get my e-mail after a captcha in:
Asuncion - Paraguay | http://tinymailto.com/oliver
32.13 45.260.00
9BOTNET_CLIENTWORDS60829.61 40.004.19
10URIBL_SC_SURBL52424.47 34.470.00
--
Oliver Schulze L. | Get my e-mail after a captcha in:
Asuncion - Paraguay | http://tinymailto.com/oliver
Hi,
I'm using SA from mimedefang.org,
Is there is a way to tell SA Perl module to write to log files
in the same way/format as spamd does?
That will help using tools like sa-stats.pl
Thanks
Oliver
--
Oliver Schulze L. | Get my e-mail after a captcha in:
Asuncion - Paraguay | http
In this case its my local IP range, is the range where I put RELAY in
sendmail's access.
Thanks
Oliver
Benny Pedersen wrote:
newer list non routelble ip as internal networks, exept if internal network is
localhost or your own ip range
--
Oliver Schulze L.
Get my e-mail after a captcha
A quick note,
also these 2 options need to be configured:
local_tests_only 0
skip_rbl_checks 0
Mimedefang for example uses local_tests_only 1 by default.
HTH
Oliver
Oliver Schulze L. wrote:
Hi Chris,
thanks for that tip!
I will use your rule and also I have done this:
Incremented the score
--
Oliver Schulze L.
Get my e-mail after a captcha test in: http://tinymailto.com/oliver
DNS_FROM_RFC_POST 2.0
Incremented the timout since I have high pings:
rbl_timeout 25
And used this option too:
internal_networks 192.168.1.0/24
Regards,
Oliver
--
Oliver Schulze L.
Get my e-mail after a captcha test in: http://tinymailto.com/oliver
Chris Santerre wrote:
-Original
Oops, thanks.
Will uncomment it until I read more info about it.
Oliver
Daryl C. W. O'Shea wrote:
Unless the machine running SpamAssassin only knows your MXes by their
private IPs you don't want to use this exact config.
Daryl
--
Oliver Schulze L.
Get my e-mail after a captcha test
The way I see it, there is no need to speak bad things about a country
based on bad customer support from one ISP.
Brazil is a big country(just look at google earth), and UOL is just one
big ISP in that country.
So, peace out and let SA do his job.
Oliver
Dan Hollis wrote:
On Mon, 21 Nov
? Or the Bayesian filter just keep learning
and learning.
Many thanks
Oliver
--
Oliver Schulze L.
[EMAIL PROTECTED]
69 matches
Mail list logo