Take your email in example:
envelope from:
users-return-120376-duca=staff.spin...@spamassassin.apache.org
body from: maj...@gmail.com
SPF for gmail.com: v=spf1 redirect=_spf.google.com
You see that in case of mailing lists (and ESPs and possibly every other
VERP case) a check on the body
On 23/04/19 17:07, Kevin A. McGrail wrote:
On 4/23/2019 6:18 AM, Brent Clark wrote:
Just want to pick the communities brain for a second.
Does anyone use Mail::SpamAssassin::Plugin::GoogleSafeBrowsing or
better enable 'SafeBrowsing Yes' to freshclams configuration file?
I see SafeBrowsing is
On 21/11/18 07:56, @lbutlr wrote:
While updating spamassassin, several emails were destructive lost because of
the absence of spamc. To be fair, the date did get stuck unexpectedly asking
for a confirmation, but still I’d like to avoid this happening again.
Nov 20 10:20:34 mail
please PM me offlist
Thanks
Daniele Duca
On 22/10/2018 12:37, Paul Stead wrote:
This can be resolved by hashing the BTC address before lookup and looking up
the result hash in the DB
Paul
Yes, thanks for the suggestions, I would have done that in the next
version coming up in the following days, where I'd also populate the
list
On 21/10/2018 09:15, Henrik K wrote:
I wonder who's going to be the first to offer public bitcoin DNS blacklist,
I could make plugin for it. :-)
In the meantime, here's something to try..
Hi,
I mantain a local rbldnsd zone with abused BTC addresses (btw, thanks
for bitcoinabuse.com, I
On 13/10/2018 19:51, Rupert Gallagher wrote:
"The message was marked as spam by the content filter."
Nice... so they know they are sending spam!
Who doesn't :)
I mean, for a setup big enough like theirs, having abused accounts or
outright spammers is somewhat endemic. What I think they are
On 12/10/2018 23:12, Pedro David Marco wrote:
>On Friday, October 12, 2018, 10:48:21 PM GMT+2, Rupert Gallagher
wrote:
>I love outlook.com ...
i have seen recently an Office365 Phishing campaign coming from
Office365 severs... as good as it gets...
It may be already known, but O365
thinking it's referencing the wrong hash for self and
missing conf:
my $mask_len = $self->{conf}->{ipv4_mask_len};
Does that work for you?
regards,
KAM
On 10/4/2018 3:38 AM, Daniele Duca wrote:
Hi,
I'm experimenting an odd behaviour while using TxRep. I have set in my
lo
18.04.1 - SA 3.4.2 (CPAN) - Perl v5.26.1
Any thoughts? My perl-fu is not good enough to debug this :/
Thanks
Daniele Duca
mething obvious that doesn't require code mangling to use
"old" update channels.
Thanks
Daniele Duca
Hi,
it may be worth to run a memtest on your system.
Daniele
On 28/09/2018 12:25, Ronny Wagner wrote:
Hello Community,
since few days i have a problem with spamassassin.
I can't start the service, i found out, when i delete some channels in directory
"/var/lib/spamassassin/3.004001" the
On 19/09/2018 19:42, Kevin A. McGrail wrote:
auto-whitelist: sql-based get_addr_entry
ign...@compiling.spamassassin.taint.org|none: SQL error: Unknown
column 'last_hit' in 'order clause'
I got the same error when drop-upgraded 3.4.1 to 3.4.2. In my case it
was a conflict between txrep and
On 08/08/2018 15:04, Matus UHLAR - fantomas wrote:
...of last 40 mail in my spambox, 14 matches MAILING_LIST_MULTI
...of last 100 mail in spambox, 27 matches MAILING_LIST_MULTI
I practically zeroed MAILING_LIST_MULTI the day it came in the ruleset.
I mean, since there's tflag
On 29/07/2018 09:53, Yves Goergen wrote:
No I can't because it's a locked system. I'd need an account for that.
And I'm not going to register just for saving another admin's system.
So either stackexchange admins repair their entry themselves, or the
blacklist operator needs a review.
-Yves
Hi,
I'm evaluating incorporating CRM114 in my current setup and I was
reading the FAQs about training the filter here:
http://crm114.sourceforge.net/src/FAQ.txt
What made me rethink my actual strategy were the following lines:
...
If you train in only on an error, that's close to the
On 18/07/2018 17:08, Rupert Gallagher wrote:
OK at a second glance I would say rejected upfront again, because
its From domain is NXDOMAIN.
I interpreted the From: in the .txt as being a body header, because, as
you pointed out, if it was an envelope header then the email should have
never
On 18/07/2018 14:22, Rupert Gallagher wrote:
At first glance I would say rejected upfront, because the client
180.252.178.204 does not have RDNS. No need for SA.
I wish I could 5xx last untrusted relays without rdns without having the
company's phones melt :)
Daniele
On 28/06/2018 04:17, J Doe wrote:
I went back to “man Mail::SpamAssassin::Conf” and can see mention of the
shortcircuit plugin . . . is there more documentation (perhaps in another man
or perldoc), where the shortcircuit keyword is mentioned ?
I'd say a good starting point would be
On 27/06/2018 02:15, J Doe wrote:
Hi John,
Ok, good to know.
Is it possible with the SA grammar to have variables ? I was thinking
I’d have something like the following in my: /etc/spamassassin/local.cf
POISON_PILL = 100
Hi,
I'd say that a better solution would be to use
This is my actual spam stream (orange) for the last month. I don't see
increases worthy to be noted.
Maybe you can share your numbers? Do you do prequeue rejects and maybe
noted a spike there?
Daniele
On 01/06/2018 11:47, Pedro David Marco wrote:
>Do you have any examples? I have had a
and the database where AWL and Bayes resided,
that resulted in random packet loss.
This is only to suggest to start from layer 1 before everything else :)
Good luck
Daniele Duca
ted emails..
Daniele Duca
On 09/04/2018 16:24, David Jones wrote:
Been playing around with rspamd over the weekend to see how it
compares and so far not that impressed. It has a few features that
are interesting like the MX check but other than that it's not as
impressive as the author makes it out to be on the
On 07/03/2018 17:32, Jakob Curdes wrote:
Since I get the majority of these emails in italian, I've written a
meta rule that takes in account:
Hello Duca, would you share this rule with us? I would be interested
in looking at the resulst, as we also have lots of these messages here.
JC
Hi,
On 07/03/2018 09:52, Sebastian Arcus wrote:
I have this one email account receiving, for more than a year, a very
specific type of spam which I find very difficult to block:
1. The messages are all kept very short, generally below 20 words - I
assume so that Bayes is less efficient at
back to v4 only connectivity for my inbound mtas.
If you are in a similar situation I would like very much to discuss what
would be the best approach to balance spam detection while avoiding fps
Regards
Daniele Duca
ot; spam is almost all caught by the MSBL
(https://msbl.org/) , take a look at that bl and their plugin for more
inspiration
Daniele Duca
On 19/02/2018 10:00, Kenneth Porter wrote:
I have no clue what Rupert is on about. I just want something like
blacklist_from that uses the reply-to header. I thought it was a
simple technical question about how the config file directives map
onto the actual headers. I'm not asking for site
? If every
MTA would generate a MID when not found in inbound emails rules like
SA's MISSING_MID would be useless.
Daniele Duca
ookups, I find it
easier to mantain a rbldnsd zone with hacked websites/landing pages of
marketers than to write uri rules in the .cf each time
Hope it helps
Daniele Duca
On 16/02/2018 22:08, jahlives wrote:
Hi list
I'm looking for a way in spamassassin to run a full-uri-host r
It looks like apparmor is preventing clamav to create it's temporary files.
Two solutions, disable apparmor or fix the config file in
/etc/apparmor.d/usr.sbin.clamd
Daniele
On 30/01/2018 17:50, Chris wrote:
I'm seeing this - https://pastebin.com/86s7cVBj and I'm not sure if
it's an SA
On 27/01/2018 19:29, Ralph Seichter wrote:
I trust you are aware that you actually penalise senders which pass the
SPF check if you use a greater-than-zero score? Minus signs matter. ;-)
Sure it's a "penalization", but of an order of magnitude so little that
a minus, albeit more logically
On 27/01/2018 14:01, David Jones wrote:
If you set those to 0, then you could be disabling many other helpful
meta rules that use them. It is recommended to set them to a very
small non-zero number as others have said:
score SPF_PASS -0.001
score SPF_HELO_PASS -0.001
I know, I meant to
On 26/01/2018 23:54, David B Funk wrote:
Regardless, giving -1 score for SPF_PASS and another -1 for
SPF_HELO_PASS is nontrivial DainBRamage.
It's trivial for a spammer to set up SPF on a throw-away domain and
thus waltz thru that kind of filtering.
You are spot on, spammers are much
35 matches
Mail list logo