reports, have proper opt-out, etc.
--
David Jones
On 01/25/2018 09:34 AM, RW wrote:
On Wed, 24 Jan 2018 16:26:58 -0600
David Jones wrote:
On 01/24/2018 04:00 PM, Vincent Fox wrote:
However, look at all the major providers with messed up records and
neutral or soft fail. They should have the most resources to
accomplish this and the most
this.
This email response is completely automated. I am using swatch to watch
for SPF_FAIL in my mail logs then it launches a script that generates
that form email filling some details. Swatch is limited to replying
only once per every 24 hours per sender address.
--
David Jones
want to move
these email standards forward over the next two years.
This would help in the fight against spoofing and improve our options to
whitelist good senders to better target the spammers.
--
David Jones
, and since
the Times's frequent mailings of news updates evidently are not
affected enough by SPF fail for the Times to go fix it.
On 24.01.18 16:04, David Jones wrote:
The key point here is the bulk nytimes.com email that is system
generated, i.e. not humans with real mailboxes that could
like SA or Google, we could do this in a couple of
years slowly and easily then start doing the same for DKIM.
Frankly I'd rather these manhours be used on having correct A & PTR
records, which seems to be beyond the pale for some bulkmail vendors.
We could do the same thing for RDN
On 01/24/2018 03:45 PM, Joseph Brennan wrote:
David Jones <djo...@ena.com> wrote:
SA could be the large force that helps improve the mail standards like
DMARC -- SPF + DKIM with a little extra on top.
DMARC is not a standard according to RFC 7489, "Status of This Memo&q
people who are
otherwise useless.
--
David Jones
On 01/24/2018 01:33 PM, Bill Cole wrote:
On 24 Jan 2018, at 9:12, David Jones wrote:
What does everyone think about slowly increasing the score for
SPF_NONE and SPF_FAIL over time in the SA rulesets to force the
awareness and importance of proper SPF?
-1
In every real mailstream I've
fed. It doesn't say anything about spam or ham in the
content. If you whitelist trusted senders then you segment them out of
the way which allows fine tuning on the rest of the mail flow.
----
*From:* David Jones <dj
SPF record like it was 10 years ago. The real problem with SMTP in
general is there is no reliable way to get feedback to mail admins
without sending confusing technical emails to regular users.
--
David Jones
On 01/23/2018 07:11 PM, Alex wrote:
Hi,
On Tue, Jan 23, 2018 at 4:52 PM, David Jones <djo...@ena.com> wrote:
Here is a good example of a spoof that might get user clicks. It didn't
have good SPF or DKIM but it could have pretty easily making it look pretty
clean in a default SA instal
for
SPF_FAIL from aexp.com but it wouldn't help with that spoofed one at the
top with the "m" in the domain.
--
David Jones
On 01/23/2018 12:36 PM, Alex wrote:
Hi,
On Tue, Jan 23, 2018 at 10:17 AM, David Jones <djo...@ena.com> wrote:
First, if anyone from Microsoft is on this list, please setup proper
outbound spam filtering, rate limiting, and compromised account detection
with locking to prevent jun
to SpamCop who reports it to
Microsoft.
https://pastebin.com/c2c2ETYi
Any ideas other than maintaining a complex regex on body matches? I
have tried this with good success but it's creating a few FPs. I could
limit it to O365 servers but that is a lot these days.
--
David Jones
verify them. But this is only part of the equation that is subtracting
points for authentic senders. The other side is safely adding points
for those spoofing emails. Again, this may not work in the public SA
rulesets since it's documentation for the spammers.
--
David Jones
tps://bz.apache.org/SpamAssassin/ in the Plugins section?
We could put this in for everyone with a low score and give it a trial
run before increasing the score. I will run it locally as well and see
how it goes.
Sent with ProtonMail <https://protonmail.com> Secure Email.
Original M
d to. You could be absolutely sure that any emails from that
sender would be from my company and if there are any problems, report
them to our abuse mailbox and I would handle it.
On 01/19/2018 03:59 PM, David Jones wrote:
On 01/19/2018 02:21 PM, Jeffs Chips wrote:
I would be very interested
the standard Office 365 SPF record.
--
David Jones
On 01/19/2018 09:31 AM, Robert Boyl wrote:
Hi, masters!
I know
[1-9]{1,5} spreadsheets
catches somnething like
23244 spreadsheets
What about 23.244 spreadhseets? How to make the rule consider a dot in
the number?
Thank you!
Rob
https://regex101.com/
\d{1,2}\.?\d{1,5}
--
David Jones
On 01/19/2018 08:56 AM, Heiler Bemerguy wrote:
Em 19/01/2018 11:27, David Jones escreveu:
On 01/19/2018 08:12 AM, Heiler Bemerguy wrote:
Hi guys,
I'm new to the list so pardon any stupidity I may say.. lol
I'm using SpamAssassin 3.4.1 with Postfix 3.1.6 on Debian 9.
ii spamassassin
folder.
Also, compromised accounts from normally good domains will have passing
SPF and DKIM and end up in your pass folder but could be a dangerous
phishing email.
--
David Jones
shortcircuit TEST on
On 01/19/2018 08:38 AM, David Jones wrote:
On 01/18/2018 05:49 PM, Chip wrote:
Very well stated. Bravo!
The end point here is to examine the email headers that specifically
refer to dkim and spf signatures. Based on fail or pass, or some
combination in concert with the sender's
is case so maybe this is the
postfix user. I have never used spamd so I don't know for sure.
# ps -elf | grep spamd
--
David Jones
a catchall mailbox setup, it will definitely
get spam. Even regular/single mailboxes will get spam if the VPS is
open on port 25 to the Internet.
--
David Jones
could just set the 2 scores and not enable the
shortcircuit plugin. The 2 score lines in the local.cf should do what
you want to do.
--
David Jones
to block anything and just want to collect as much
spam and ham as possible, then set the "required_score 999" in your
local.cf.
--
David Jones
Assassin's examination of headers and subsequent
Subject modification based on keywords in headers (such as keywords in
DKIM or SPF, etc)
1) Can this be done, and;
2) What tweaks need to be made to SA in its configuration files to make
it happen, and;
3) what else is recommended here.
Thank you.
MailScanner. If you set that required score to 999
then nothing will be blocked by the glue to let everything in for sorting.
On 01/18/2018 03:29 PM, David Jones wrote:
On 01/18/2018 02:09 PM, Chip wrote:
Newbie excited to use the features of SpamAssassin for a new project
that needs to flag inbound
similar for my spamassassin masscheck box where I
intentionally let down my defenses at the MTA not using any RBLs and
then sort messages into a Ham or Spam folder based on score and rule hits.
--
David Jones
e or all of them.
--
David Jones
B
Definitely need to get a bug entered and patch HeaderEval.pm soon for
version 3.4.2.
--
David Jones
ate failed, exiting with code 4
Do you know the time this happened? Logs show any timestamps?
--
David Jones
On 01/15/2018 11:37 AM, Matthew Broadhead wrote:
thanks for your quick reply. i expected the spam to be filtered into
the Junk mailbox on the server I guess.
i just sent a test email with GTUBE subject line and i got this
Jan 15 17:28:40 ns1 amavis[23493]: (23493-20) Blocked SPAM
something like this would work: header
FUZZY_FEDEX From =~ /(?!f.?e.?d.{0,3}e.?x) .? .? .{0,3} .? /i
--
David Jones
On 01/11/2018 04:15 PM, RW wrote:
On Thu, 11 Jan 2018 09:46:24 -0600
David Jones wrote:
I bet most mirrors have a cron entry like "*/10" ... If we still see
problems I can extend the delay some more.
But the point of a longer delay is that it gives rsync a guaranteed
minimum
On 01/11/2018 11:24 AM, Kevin A. McGrail wrote:
On 1/11/2018 10:46 AM, David Jones wrote:
There will be a 30 second to a few minutes delay for the DNS updates
to propagate even for DNS caches that don't have the TXT record in
their cache.
I bet most mirrors have a cron entry like "*/1
On 01/11/2018 09:02 AM, RW wrote:
On Wed, 10 Jan 2018 14:06:52 -0600
David Jones wrote:
On 01/10/2018 12:40 PM, Alex wrote:
Hi,
On Wed, Jan 10, 2018 at 12:21 PM, Kevin A. McGrail
<kevin.mcgr...@mcgrail.com> wrote:
On 1/10/2018 11:23 AM, David Jones wrote:
I need to see the debug v
On 01/10/2018 12:40 PM, Alex wrote:
Hi,
On Wed, Jan 10, 2018 at 12:21 PM, Kevin A. McGrail
<kevin.mcgr...@mcgrail.com> wrote:
On 1/10/2018 11:23 AM, David Jones wrote:
I need to see the debug verbose output of one that fails to troubleshoot
further.
Agreed. We need someone to run w
On 01/10/2018 10:08 AM, David Jones wrote:
On 01/10/2018 09:23 AM, RW wrote:
On Wed, 10 Jan 2018 15:10:52 +
Martin Gregorie wrote:
The update defaults to being run from /etc/cron.weekly/sa-update,
which runs /usr/bin/sa-update without any other parameters and does
nothing else except
few months.
It's possible there could be a local routing problem to one of them
which would make this problem happen only occasionally for your specific
ISP and not the rest of the Internet.
--
David Jones
ght and then rerun the update during the day when I
notice it, it usually works the second time.
--
David Jones
com%3Dfisher006%40mail3.zenbox.pl;ip=209.85.220.178;r=mail3.zenbox.pl
<http://www.openspf.net/Why?s=mfrom;id=srs0%3D2eq9%3Def%3Dgmail.com%3Dfisher006%40mail3.zenbox.pl;ip=209.85.220.178;r=mail3.zenbox.pl>,
text: Mechanism '-all' matched
--
David Jones
my particular mail flow.
--
David Jones
out of the Invaluement RBL. Combine it with Spamhaus
ZEN and that will block the majority of junk.
--
David Jones
On 01/04/2018 11:20 AM, RW wrote:
On Thu, 4 Jan 2018 10:40:49 -0600
David Jones wrote:
On 01/04/2018 10:04 AM, RW wrote:
Are you sure that's right? It's a radically different frequency from
0.5% and 0.8%. IIWY I'd look at the 4 and check they are what you
think they are and not something
estamp|grep BAYES_999|grep
-v BAYES_99=|wc
Please let me know if there's anything further I can do to help.
--
David Jones
On 01/04/2018 10:04 AM, RW wrote:
On Thu, 4 Jan 2018 08:02:48 -0600
David Jones wrote:
On 01/04/2018 04:46 AM, Matus UHLAR - fantomas wrote:
On 2 Jan 2018, at 07:17, David Jones djo...@ena.com> wrote:
I haven't redefined these rules from what I can tell by searching
my local rules. I wo
On 01/04/2018 04:46 AM, Matus UHLAR - fantomas wrote:
On 2 Jan 2018, at 07:17, David Jones djo...@ena.com> wrote:
I haven't redefined these rules from what I can tell by searching my
local rules. I would think that if I had done this, then there would be
consistent non-hits of BAYES
On 01/02/2018 07:57 AM, RW wrote:
On Mon, 1 Jan 2018 18:52:45 -0600
David Jones wrote:
On 01/01/2018 06:47 PM, Reindl Harald wrote:
Am 02.01.2018 um 01:18 schrieb David Jones:
I just had a spam message hit BAYES_999 but not BAYES_99. Based
on BAYES_999 default score of 0.2, I thought
On 01/01/2018 07:08 PM, Reindl Harald wrote:
Am 02.01.2018 um 01:59 schrieb David Jones:
On 01/01/2018 06:52 PM, David Jones wrote:
On 01/01/2018 06:47 PM, Reindl Harald wrote:
Am 02.01.2018 um 01:18 schrieb David Jones:
I just had a spam message hit BAYES_999 but not BAYES_99. Based
On 01/01/2018 06:52 PM, David Jones wrote:
On 01/01/2018 06:47 PM, Reindl Harald wrote:
Am 02.01.2018 um 01:18 schrieb David Jones:
I just had a spam message hit BAYES_999 but not BAYES_99. Based on
BAYES_999 default score of 0.2, I thought that it was always supposed
to complement
On 01/01/2018 06:47 PM, Reindl Harald wrote:
Am 02.01.2018 um 01:18 schrieb David Jones:
I just had a spam message hit BAYES_999 but not BAYES_99. Based on
BAYES_999 default score of 0.2, I thought that it was always supposed
to complement the BAYES_99 rule and both would trigger when
logical to bump up the
default score higher than BAYES_99.
--
David Jones
On 01/01/2018 01:30 PM, Alan Hodgson wrote:
On Mon, 2018-01-01 at 10:29 -0500, Bill Cole wrote:
On 1 Jan 2018, at 9:59 (-0500), David Jones wrote:
I think some mail systems will keep the same message-ID per email
thread so your system must reject some replies.
I have not seen
On 01/01/2018 09:33 AM, David Jones wrote:
On 01/01/2018 09:29 AM, Bill Cole wrote:
On 1 Jan 2018, at 9:59 (-0500), David Jones wrote:
I think some mail systems will keep the same message-ID per email
thread so your system must reject some replies.
I have not seen such behavior in the past
On 01/01/2018 09:29 AM, Bill Cole wrote:
On 1 Jan 2018, at 9:59 (-0500), David Jones wrote:
I think some mail systems will keep the same message-ID per email
thread so your system must reject some replies.
I have not seen such behavior in the past 20 years...
Ok. I stand corrected
much
email -- ham or spam. :) I think some mail systems will keep the same
message-ID per email thread so your system must reject some replies.
There is no way that most of us on this mailing list can be as strict or
our customers would complain constantly about missing email.
--
David Jones
f the Received headers. If it did come through
Sendgrid, then this should be reported to their abuse to help all of us.
https://sendgrid.com/report-spam/
--
David Jones
elow 5% sometimes falls into not a spam email.
--
David Jones
a Received header for their own mail server so that
"hop" doesn't have to be skipped over by SA. I guess I was thinking
about the forwarding in my mind that would add that "hop" in the
Received headers. Thanks for the clarification.
- Originale Nachricht -----
V
5% sometimes falls into not a spam email.
--
David Jones
left to SA content-based rules like DCC, Bayes, and a few others above.
--
David Jones
/postwhite
You will want to setup the special Yahoo exclusions and add any other
major/trusted senders (ex. authsmtp.com) based on their SPF record.
--
David Jones
meta
rules that amplify some good and bad rules.
--
David Jones
d grep out the scores from KAM.cf, diff
them from the last run and send him an email when something changes.
Cron it for once every morning and viola!
--
David Jones
*
platforms. There is no consistency across the RBLs for any of the large
mail hosting providers except for the Spamhaus and Invaluement BLs that
seem to do a pretty good job of excluding the major hosting providers.
--
David Jones
On 12/06/2017 08:02 AM, Benny Pedersen wrote:
David Jones skrev den 2017-12-06 14:54:
Interesting new From: header tactic:
https://pastebin.com/9BhD8m9C
I have reported this to SpamcCop and Google's abuse.
if thay ever listing
untested:
header __FROM_ILLEGAL_CHARS From:name
Interesting new From: header tactic:
https://pastebin.com/9BhD8m9C
I have reported this to SpamcCop and Google's abuse.
--
David Jones
fter
AUTH from unknown[110.83.135.178]
--
David Jones
150...@billmail.scconsult.com>
wrote:
On 2 Dec 2017, at 13:33 (-0500), David Jones wrote:
Then you can start experimenting with RBLs at http://multirbl.valli.org/lookup/
Be VERY careful with that list of DNSBLs. For years they listed and tested my local,
private, never-public DNSBL (which has alwa
. Start postfix
8. Watch your maillog
9. Start tuning Postfix by enabling postscreen in the master.cf then the
postscreen_dnsbl_sites in the main.cf. Don't forget to estart postfix.
10. Watch your maillog for spam being rejected and smile
On Dec 2, 2017, at 12:33 PM, David Jones <djo...@ena.
.
--
David Jones
below
5% sometimes falls into not a spam email.
--
David Jones
know of any
possible reason for this?
Chris
What version of SA are you running? Maybe post the output of "sa-update
-D" to give us a little more detail.
--
David Jones
On 11/25/2017 04:40 PM, RW wrote:
On Sat, 25 Nov 2017 14:37:12 -0600
David Jones wrote:
The default SA rules handle Paypal spoofing pretty well with
def_whitelist_from_spf in 60_whitelist_spf.cf.
There are def_whitelist entries for amazon domains too. But these
entries don't handle spoofing
t SA rules handle Paypal spoofing pretty well with
def_whitelist_from_spf in 60_whitelist_spf.cf. Adding "Paypal" and
various misspellings to a from:name rule handles spoofing very well. I
am only proposing that we extend this to other high-profile domains like
Amazon.com. Rspamd is doing this.
--
David Jones
es.
Dave
On 11/25/2017 12:02 PM, David Jones wrote:
On 11/25/2017 11:41 AM, Jerry Malcolm wrote:
Thanks so much for all the info. I have installed KAM rules, and
I've started becoming a ninja writing my own (simple) rules. MUCH
improved results (amazing when you finally learn what your doi
th the BAD_FROM_NAME header check above. We would add
safe subdomain entries from Apple and Bank of America as well. This
should safely catch a lot of spoofed display names trying to trick
recipients.
Thoughts?
--
David Jones
, and location (country). SA can't be accurate out of the box
for everyone and does require some manual tuning to get the last bit of
accuracy for that specific mail flow.
--
David Jones
configuration does redirect, but this can be disabled if
appropriate.
sa-update only uses plain HTTP.
https://wiki.apache.org/spamassassin/SaUpdateMirrorSetup
--
David Jones
and SA marked
another 20 as spam while delivering 95 clean messages. I think there
might have been one spam that made it to my inbox. I have the
threshold set at 4.0 for my mailbox.
--
David Jones
pops up, that could be the end of updates for those
ancient versions.
--
David Jones
you in the background so just do some
Googling based on your "glue." It shouldn't be run more frequently than
about 4 hours since there are only 2 updates a day currently around 3 AM
UTC and 9 AM UTC.
https://wiki.apache.org/spamassassin/RuleUpdates
On 11/19/17, David Jones <
On 11/18/2017 09:37 PM, John Hardin wrote:
On Sun, 19 Nov 2017, Benny Pedersen wrote:
David Jones skrev den 2017-11-18 16:26:
Heads up. DNS updates for sa-update have been enabled again. The next
rules promotion will happen in about 11 hours around 2:30 AM UTC.
heads up :=)
<host
On 11/18/2017 09:46 AM, Benny Pedersen wrote:
David Jones skrev den 2017-11-18 16:26:
Heads up. DNS updates for sa-update have been enabled again. The next
rules promotion will happen in about 11 hours around 2:30 AM UTC.
may i ask why you tld block me ?
sorry for asking here, private mails
Heads up. DNS updates for sa-update have been enabled again. The next
rules promotion will happen in about 11 hours around 2:30 AM UTC.
--
David Jones
On 11/17/2017 06:32 AM, David Jones wrote:
On 11/16/2017 05:09 PM, Richard Doyle wrote:
Update applied, no issues.
I saw 18 testers in my web logs for yesterday's $REV. Thanks to
everyone that are helping by testing.
On 11/16/2017 05:22 AM, David Jones wrote:
Great news! Last night's
On 11/16/2017 05:09 PM, Richard Doyle wrote:
Update applied, no issues.
I saw 18 testers in my web logs for yesterday's $REV. Thanks to
everyone that are helping by testing.
On 11/16/2017 05:22 AM, David Jones wrote:
Great news! Last night's run finally produced a full 72_scores.cf
On 11/16/2017 08:57 AM, Chris wrote:
On Thu, 2017-11-16 at 07:22 -0600, David Jones wrote:
Great news! Last night's run finally produced a full 72_scores.cf.
Big
thanks to Merijn van den Kroonenberg for helping track down the
remaining issues! There were about 3 rules difference which could
than trying to design our guns to be child-proof
---
229 days since the first commercial re-flight of an orbital
booster (SpaceX)
--
David Jones
should endeavour to teach our children to be gun-proof
rather than trying to design our guns to be child-proof
---
229 days since the first commercial re-flight of an orbital
booster (SpaceX)
--
David Jones
On 11/13/2017 02:33 PM, Tom Hendrikx wrote:
On 28-10-17 15:20, David Jones wrote:
On 10/27/2017 03:02 AM, Merijn van den Kroonenberg wrote:
Please provide feedback in the next 48 hours -- positive or negative so
I know we are good to enable DNS updates again on Sunday.
After installing
On 11/12/2017 11:07 AM, micah wrote:
Axb <axb.li...@gmail.com> writes:
On 11/12/2017 05:35 PM, micah wrote:
David Jones <djo...@ena.com> writes:
I am interested in seeing the bayes info in the database, because it was
created years ago
Spam changes all of the time so I trai
). This will cause SA to look one hop back and should fix
a number of network-based checks like RBL checks in addition to the SPF
check.
https://wiki.apache.org/spamassassin/TrustPath
--
David Jones
.
A large list of whitelist_auth entries with well-trained Bayes and you
can bump up the BAYES_* scores with nice results.
I would recommend dumping your bayes DB to a backup file and starting
over with training of fresh ham and spam specific to your mail flow.
Regards,
Emanuel.
--
David Jones
tfix,
Dovecot, Roundcube webmail, etc.) is http://iredmail.org.
--
David Jones
Defang instead of amavisd so the ACL for mine
looks like this:
bigsky:~ bill$ ls -led Maildir/
drwx--+ 239 bill bill 8670 Oct 31 09:31 Maildir/
0: user:defang allow list,search,readattr,file_inherit,directory_inherit
--
David Jones
-spam/
--
David Jones
of the bad domains that commonly spams
score HS_BAD_DOMAIN 0.1 0.1 0.1 0.1
You are close but your regex is a little off. Use https://regex101.com/
to test your regex.
/\.(top|study|click|party|link|stream|info|trade|bid|xxx)$/
--
David Jones
201 - 300 of 608 matches
Mail list logo
