>/etc/resolv.conf has just got:
>nameserver 173.203.4.9
>nameserver 173.203.4.8
>Unless something is borked in Rackspace's networking config (certainly
>not impossible), I don't know why that would ever end up pointing to
>localhost.
Setup BIND, unbound, or PowerDNS recursor on localhost and
>From: li...@rhsoft.net
>Sent: Monday, September 12, 2016 12:13 PM
>To: users@spamassassin.apache.org
>Subject: Re: RCVD_IN_SORBS_SPAM and google IPs
>that's exactly what i *don't* have a contentfilter for to need customers
>report their spam and i have to talk with abuse
>From: li...@rhsoft.net <li...@rhsoft.net>
>Sent: Monday, September 12, 2016 8:47 AM
>To: users@spamassassin.apache.org
>Subject: Re: RCVD_IN_SORBS_SPAM and google IPs
>Am 12.09.2016 um 15:37 schrieb David Jones:
>>>Has RCVD_IN_SORBS_WEB been considered for adjus
>From: Alex
>Sent: Sunday, September 11, 2016 4:10 PM
>To: SA Mailing list
>Subject: Re: RCVD_IN_SORBS_SPAM and google IPs
>Hi,
>> COMMIT/trunk/rules/50_scores.cf
>>
>> Committed revision 1760066.
>>
>> score RCVD_IN_SORBS_SPAM 0 0.5 0 0.5
>>
>> should show up after
>From: Jason Voorhees
>Hello guys:
>I'm an old spamassassin user but not an experienced one indeed. I have
>a Zimbra server and a dedicated antispam with MailScanner like this:
>Zimbra: 192.168.1.25
>Antispam: 192.168.1.5
>All incoming and outgoing mail traffic goes
>From: Shivram Krishnan
>Sent: Wednesday, June 29, 2016 10:50 AM
>To: Antony Stone
>Cc: users@spamassassin.apache.org
>Subject: Re: Corpus of Spam/Ham headers(Source IP) for research
>Hello Antony,
>We will be getting headers from our University. The only reason why we
domain and possibly help users notice the wrong address. It's only going
to get worse.
Many years ago when I had to use Outlook, I had to put my email address
in my signature because Outlook would only put "David Jones" in the
reply text. If and email was forwarded later, that recipient w
>Am I missing something here:
Respectfully, you are.
>An email comes in from the CEO of the business - seemingly from the company,
>and has a Spam score of 7.5
I am talking about legit emails from trusted senders that won't
hit FREEMAIL_FORGED, RBLs, DBLs or any high scoring rules so
they are
>From: RW <rwmailli...@googlemail.com>
>Sent: Tuesday, June 28, 2016 8:50 AM
>To: users@spamassassin.apache.org
>Subject: Re: Catching well directed spear phishing messages
>On Wed, 29 Jun 2016 01:30:55 +1200
>Sidney Markowitz wrote:
>> David Jo
>From: Sidney Markowitz
>Sent: Tuesday, June 28, 2016 3:15 AM
>To: Ram; users@spamassassin.apache.org
>Subject: Re: Catching well directed spear phishing messages
>Ram wrote on 28/06/16 7:19 PM:
>>
>>
>> On Tuesday 28 June 2016 12:03 PM, Raymond Dijkxhoorn wrote:
>>>
>> On Jun 17, 2016, at 7:25 AM, Vincent Fox wrote:
>>
>> Greylisting imo helps a lot with RBL lag.
Greylisting is a must and it definitely helps with RBL lag.
>It can, but it's definitely a double edge sword. Depending on the way the
>remote MTA works, I've experienced
>> For example, 212.227.126.135, scores 4 out of a 100 on senderscore. It
>> also currently hits just sorbs. The individual score for each would
>> have to be so low, even with such a poor reputation, that it hardly
>> makes it worthwhile. I can't reject just on the almost worst
>> reputation as
>We were also using the senderscore RBL based on Reindel and others
>recommendations, but disabled it after it just rejected too much ham.
The senderscore.org RBL scores for low reputation are a pain sometimes
but those senders need to know how to filter outbound email properly
and detect
This is a little off topic to SA but a good RBL setup is crucial
to making SA successful. For those using Postfix, check
the list archives for postscreen settings to use weighted
RBLs which allows using of somewhat unreliable RBLs
in combination with reliable ones which works very well
to block
>https://wiki.apache.org/spamassassin/ImproveAccuracy
>I have gone through this wiki (and ones like it) at least a dozen times.
>My server is blocking about 50% of the spam, thanks to some of the
>other layers of spam protection. It's just bayes that I can't seem to get
>right
Are you getting
>From: Reindl Harald
>Sent: Tuesday, May 31, 2016 6:27 PM
>To: users@spamassassin.apache.org
>Subject: Re: Bayes filter marking everything as ham
>Am 31.05.2016 um 23:58 schrieb Peter Carlson:
>> May 30 09:04:53 www amavis[16577]: (16577-03) Passed CLEAN
>>
>From: RW
>Sent: Tuesday, May 31, 2016 5:20 PM
>To: users@spamassassin.apache.org
>Subject: Re: SA Concepts - plugin for email semantics
>On Tue, 31 May 2016 15:20:56 -0400
>Bill Cole wrote:
>> On 29 May 2016, at 11:07, RW wrote:
>>
>> > Statistical filters are
>I used the "Authoritative, validating, recursive caching DNS (example
>2)" section of this guide: https://calomel.org/unbound_dns.html but
>omitted the forward-zone, local-zone and local-data sections and did a
>couple of other parameters differently.
PowerDNS Recursor is very easy to install
>From: Bill Cole <sausers-20150...@billmail.scconsult.com>
>Sent: Wednesday, May 25, 2016 10:09 AM
>To: SA-Users
>Subject: Re: Odd results when using whitelisting
>On 24 May 2016, at 15:58, David Jones wrote:
>> Dnsmasq is a very powerful DNS server
I meant that it
*never* use a forwarind/ISP nameserver for a inbound MX
> If I understand you, I don't. I have my own domain and my mx record points to
> my dyndns FQDN
What you mentioned above is hosting your own domain's DNS to the Internet and
has nothing to do with how your ClearOS server is resolving it's
>From: Paul Stead
>Sent: Tuesday, May 24, 2016 9:55 AM
>To: users@spamassassin.apache.org
>Subject: SA Concepts - plugin for email semantics
>Hi guys,
>Based upon some information from others on the list I have put together
>a plugin for SA which canonicalises an
>From: Dianne Skoll
>Sent: Friday, May 20, 2016 6:07 AM
>To: users@spamassassin.apache.org
>Subject: Re: SA cannot block messages with attached zip
>On Fri, 20 May 2016 09:31:48 +0300
>Emin Akbulut wrote:
>> What do you suggest to fight these
>From: Daniel J. Luke <dl...@geeklair.net>
>Sent: Friday, May 13, 2016 3:42 PM
>To: David Jones
>Cc: Vincent Fox; users@spamassassin.apache.org
>Subject: Re: understanding HELO_DYNAMIC_IPADDR
>On May 13, 2016, at 4:24 PM, David Jones <djo...@ena.com> wrote:
&g
>
>From: Vincent Fox
>Sent: Friday, May 13, 2016 2:57 PM
>To: users@spamassassin.apache.org
>Subject: Re: understanding HELO_DYNAMIC_IPADDR
>On 05/13/2016 12:29 PM, Daniel J. Luke wrote:
>>
>> While you are at it, make sure your forward
>From: Alex
>Sent: Thursday, May 12, 2016 9:37 AM
>To: SA Mailing list
>Subject: Received header and matching
>Hi,
>I'm trying to match some Apple/iTunes fraud and would like to use the
>lack of the email having been passed through anything relating to
>Apple (contains
>On 4/25/2016 7:07 PM, David Jones wrote:
>> score LOCAL__H_from_sample -10.0
>>> header LOCAL__H_from_sample ALL =~ /mail\.sample\.com/i
>> Add it's IP to your trusted_networks and subtract a few points for
>> ALL_TRUSTED. I wouldn't recommend subtracting
>One of my mail filters is a smart host for a trusted mail server
>(mail.sample.com), how do we assign a -10 score to mail coming from
>mail.sample.com
>I thought this would work, but it doesn't:
>scoreLOCAL__H_from_sample -10.0
>header LOCAL__H_from_sample ALL =~ /mail\.sample\.com/i
Add
>> The mere presence of an unsubscribe link does not indicate legitimacy. And
>> the sender's definition of "opt-in" may not align with how most people would
>> define it.
>>
>> The company is probably real, ISTR using Acton back when I was monking at
>> $DAYJOB--, but that doesn't mean the
On Mon, 18 Apr 2016, Alex wrote:
> I'm curious as to whether you think this email is spam?
>
> http://pastebin.com/bFVSgwnR
>
> It looks like your typical unsolicited "Buyers Guide" junk, but I've
> heard of actonsoftware before, and this email appears to have a
> legitimate unsubscribe link. It
>> DNS is very effective to block at the MTA level. I setup my own private
>> RBL on the DNS servers my SA boxes point to. Dump your IPs into a
>> rbldnsd formatted zone file and setup your private RBL zone (doesn't
>> have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd
>>
>
>From: Alex
>For some time now I've been cycling URLs and IPs through a mariadb
>database gathered from incoming mail on a honeypot I've created.
>Surprising how many are received ahead of spamhaus/barracuda.
Major RBLs like
>>SPF strict outright breaks mail forwarding, unless the forwarder rewrites the
>>envelope sender.
>SPF does NOT break mail forwarding (and is not obsolete, as you claim in
>later mail)
Until most MTAs support SRS easily and possibly by default, SPF is going
to be broken by forwarding. You are
Are you using DKIM / SPF for your domain? I mean, why do you accept
email apparently from your own domain when it does not come from one of
your authorised servers?
>>>
>>> because the From header has nothing to do with the envelope sender and
>>> so not with SPF and spoofing
>* you did not provide a hint to the list-problem
>* to "solve" the OP's problem DMARC is not needed
Mail admins need to get familiar with DMARC because major ISPs have begun
to take this seriously in the past year and are starting to reject or put into
spam
folders when this is setup
>> DMARC is a combination of SPF and DKIM plus From: header spoofing check.
>> You must get SPF and DKIM setup before adding the '_dmarc' DNS record for
>> the sending domain
>tell me something new
This email was not just for you. If you already knew this, then ignore it.
>wait i tell you
>> Google is telling all of their mail customers to add DMARC DNS records to
>> block
>> spoofing of their own domains
>before Google ist telling somebody something they should better learn
>the difference between "~" and "-" in a SPF record to make gmail.com at
>least on envelope-level spoofing
>Spamassassin is just going to record a generic SPF_FAIL, regardless of
>whether it's my SPF record or an email from some other domain.
>If I wanted to use SPF in spamassassin to block spoofing attempts
>against my domain, how would I do that?
Simply put all approved mail servers that you allow
>From: Bill Cole <sausers-20150...@billmail.scconsult.com>
>Sent: Tuesday, November 24, 2015 1:41 PM
>To: users@spamassassin.apache.org
>Subject: Re: question re/ RDNS_NONE
>On 24 Nov 2015, at 13:47, David Jones wrote:
>> Could this be dependent on the MTA used? I am
>From: RW <rwmailli...@googlemail.com>
>Sent: Sunday, November 22, 2015 3:23 PM
>To: users@spamassassin.apache.org
>Subject: Re: question re/ RDNS_NONE
>On Sun, 22 Nov 2015 13:39:49 +
>David Jones wrote:
>> https://wiki.apache.org/spamassassin/Rules/RDNS_NONE
&g
>From: Reindl Harald <h.rei...@thelounge.net>
>Sent: Tuesday, November 24, 2015 1:01 PM
>To: users@spamassassin.apache.org
>Subject: Re: question re/ RDNS_NONE
>Am 24.11.2015 um 19:47 schrieb David Jones:
>> Could this be dependent on the MTA used? I am using Postfi
>From: Reindl Harald <h.rei...@thelounge.net>
>Sent: Tuesday, November 24, 2015 1:20 PM
>To: users@spamassassin.apache.org
>Subject: Re: question re/ RDNS_NONE
>Am 24.11.2015 um 20:16 schrieb David Jones:
>>> From: Reindl Harald <h.rei...@thelounge.net>
&
>From: Bill Cole <sausers-20150...@billmail.scconsult.com>
>Sent: Tuesday, November 24, 2015 3:31 PM
>To: users@spamassassin.apache.org
>Subject: Re: question re/ RDNS_NONE
>On 24 Nov 2015, at 14:54, David Jones wrote:
>>> From: Bill Cole <sausers-20150...
>From: RW <rwmailli...@googlemail.com>
>Sent: Saturday, November 21, 2015 1:43 PM
>To: users@spamassassin.apache.org
>Subject: Re: question re/ RDNS_NONE
>On Sat, 21 Nov 2015 15:35:54 +
>David Jones wrote:
>> Read the Received headers from the bottom up.
>&
>From: Matthias Apitz
>Sent: Saturday, November 21, 2015 9:15 AM
>To: spamassassin-users
>Subject: question re/ RDNS_NONE
>Hello,
>I've sent myself an email which gets marked with RDNS_NONE. Can someone
>please be so kind and explain to me which IP addr exactly triggers this
>From: David Mehler
>Sent: Thursday, November 5, 2015 5:52 AM
>To: users@spamassassin.apache.org
>Subject: New SA install, configuring for retraining on false positives
>Hello,
>I've got a Postfix email server going with a Mysql database backend on
>FreeBSD 10.2. I'm now
>> Also - add a highest numbers MX record tarbaby.junkemailfilter.com
>>
>> This will help tune our list to your spam and also get rid of a lot od it.
>>
Is this safe to use with greylisting on the lower MX records? I see you
temp fail (4xx) all email so it should be safe. Didn't see anything
>
>From: Joe Acquisto-j4
>Sent: Thursday, October 22, 2015 9:34 AM
>To: users@spamassassin.apache.org
>Subject: SOT - Fowarding mail to new service, keeping same MX, pitfalls
>This may not be the right place to discuss this, as it is
>From: Reindl Harald
>Sent: Monday, September 28, 2015 3:11 PM
>To: users@spamassassin.apache.org
>Subject: Re: Add "may be forged" minor rule?
>Am 28.09.2015 um 22:04 schrieb Amir Caspi:
>> On Sep 28, 2015, at 1:53 PM, John Hardin
>From: Reindl Harald
>Sent: Thursday, September 24, 2015 5:12 AM
>To: Philip Prindeville
>Cc: users@spamassassin.apache.org
>Subject: Re: Test for empty EnvelopeFrom
>Am 23.09.2015 um 19:24 schrieb Philip Prindeville:
>> Stating
>
>From: Dianne Skoll <d...@roaringpenguin.com>
>Sent: Thursday, September 24, 2015 9:02 AM
>To: users@spamassassin.apache.org
>Subject: Re: Test for empty EnvelopeFrom
>On Thu, 24 Sep 2015 12:21:33 +
>David Jones <djo.
>> I never said it was.
>>
>> What I said was that when it’s coming from a server that doesn’t
>> except inbound messages (and hence can’t generate bounces) THEN it’s
>> a sign of Spam.
>Since when does a server handling outbound traffic have to accept
>inbound mail?
>Any setup with more than a
From: MailBlacklist.com Management managem...@mailblacklist.com
Sent: Monday, August 17, 2015 7:38 AM
To: users@spamassassin.apache.org
Subject: MailBlacklist.com Integration Testing Phase
Spam Assassin MailBlacklist.com Integration Testing Phase 1
We would like to welcome users of
From: Kevin Golding k...@caomhin.org
Sent: Friday, August 14, 2015 3:16 AM
To: michael reimer
Cc: users@spamassassin.apache.org
Subject: Re: spam with url redirects
- Original Message -
From: michael reimer michael.rei...@falke.com
To:
From: Bowie Bailey bowie_bai...@buc.com
On 7/15/2015 4:04 PM, Kevin A. McGrail wrote:
Why is it looking for an SPF record for rrdesp.com? That is the
sending server, shouldn't it be using the domain from the From or
Envelope-From instead? This SPF check looks backwards to me. Am I
missing
On 2015-07-09 16:58 +, David Jones wrote:
Did the email have a valid unsubscribe link/process?
It is in Dutch, and I can't read Dutch.
(Yes, I do use the language plugin.)
I shortcircuit as ham for these two rule hits and never have had a
report of spam that couldn't be reliably/safely
From: Ian Zimmerman i...@buug.org
Sent: Thursday, July 9, 2015 11:02 AM
To: users@spamassassin.apache.org
Subject: Return Path (TM) whitelists
I just got in my inbox what I consider spam from the Belgian domain
selling Japanese copiers printers (you probably know which one). What
made it pass
On Jun 29, 2015, at 12:35 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 29.06.2015 um 18:29 schrieb Ted Mittelstaedt:
What other free MTA is there that’s in common use? qmail is dead and
buried. Sendmail and Exim are pretty much niche. What exactly is wrong
with Postfix?
Nothing.
From: Benny Pedersen m...@junc.eu
Sent: Friday, June 26, 2015 11:45 AM
To: users@spamassassin.apache.org
Subject: Re: Rules needed...
Alex Regan skrev den 2015-06-26 18:33:
http://pastebin.com/FzUkEvRp
blacklist_from *@*.allisonarctictrips.com
spf-pass take responselily
That IP is on a ton
From: Marc Perkel supp...@junkemailfilter.com
Sent: Friday, June 19, 2015 3:41 PM
To: users@spamassassin.apache.org
Subject: Help me waste spammers resources
I found a great trick for wasting spammer's resources and getting them
blacklisted that I'd like to share will all of you.
On my main spam
From: Philip Prindeville philipp_s...@redfish-solutions.com
On Jun 9, 2015, at 12:29 PM, John Hardin jhar...@impsec.org wrote:
On Tue, 9 Jun 2015, David Jones wrote:
Some of the best and easiest things you can enable to block spam are
outside of SpamAssassin at your MTA (sendmail, postfix
From: Philip Prindeville philipp_s...@redfish-solutions.com
Sent: Friday, June 19, 2015 3:53 PM
To: David Jones
Cc: users@spamassassin.apache.org
Subject: Re: Must-Have Plugins?
On Jun 19, 2015, at 2:35 PM, David Jones djo...@ena.com wrote:
But I’m on a LOT of high volume mailing lists (like
/local.cf
internal_networks 127.0.0.0/8 10.2.2.0/24 10.1.1.0/24 X.X.X.X/29
trusted_networks 10.2.2.0/24 10.1.1.0/24 X.X.X.X/29
etc, the msg's received-from headers are _not_ all on my internal networks,
What are the X.X.X.X/29 above? It can't
From: Philip Prindeville philipp_s...@redfish-solutions.com
On Jun 9, 2015, at 12:29 PM, John Hardin jhar...@impsec.org wrote:
On Tue, 9 Jun 2015, David Jones wrote:
Some of the best and easiest things you can enable to block spam are
outside of SpamAssassin at your MTA (sendmail, postfix
It will if you enable SHORTCIRCUIT'ing of whitelist_from
no it will not, it skips many rules which would not have any effect
because the large negative score but it *will not* bypass
Technically it doesn't bypass SA but it effectively does
the same thing. Depends on what you mean by bypass.
Second, I understand now that whitelist_from just represent a large
score, and does not bypass the email itself.
It will if you enable SHORTCIRCUIT'ing of whitelist_from. However,
it is not recommended to use whitelist_from. Use whitelist_from_rcvd,
or whitelist_auth instead to prevent spoofed
On Wed, 10 Jun 2015, Shane Williams wrote:
Two examples that I know are legitimate senders, but get caught by DCC
(and pyzor in some cases) and other rules that push them over the
threshold are the SourceForge.net Project of the Month list and
various Netflix emails to customers (New
given that install unbound as local resolver takes 2 minutes it's even not
worth to argue on that topic and a spamfilter without RBL's and URIBL's is
just nonsense
I have installed a caching DNS server before (albeit probably about 15
years ago). But it just shouldn't be necessary.
It can be
Some of the best and easiest things you can enable to block spam are
outside of SpamAssassin at your MTA (sendmail, postfix, etc.).
- Enable RBLs and DBLs. zen.spamhaus.org is the best way to block the
majority of junk before it reaches SA. Just make sure you are below their
free
- Enable RBLs and DBLs. zen.spamhaus.org is the best way to block the
majority of junk before it reaches SA. Just make sure you are below their
free threshold limit. One important way to do this is
One important way to do this in terms of the Spamhaus threshold limit
is to not be such
given that install unbound as local resolver takes 2 minutes it's even not
worth to argue on that topic and a spamfilter without RBL's and URIBL's is
just nonsense
I have installed a caching DNS server before (albeit probably about 15
years ago). But it just shouldn't be necessary.
It can be
[One should run a caching DNS server on a mail server.]
We are giving you solid advice based on real experiences where we
ran into problems and worked around them. Just try to enable RBLs
and see how it works for you.
I'm not disputing that running a caching DNS server is a good idea, but
On 08.06.15 23:03, Michael B Allen wrote:
So I have had SA running for about 2 days on a very small site with a
handful of users. I've been running the default config just to see how
well it would do by itself. Unfortunately quite a lot of spam is
getting through. So far 40 of 142 spams have
From: Reindl Harald h.rei...@thelounge.net
Sent: Monday, May 25, 2015 7:23 AM
To: users@spamassassin.apache.org
Subject: Re: Block mailing lists
Am 25.05.2015 um 14:17 schrieb Lorenzo Milesi:
There are inherit dangers of what you want to do, but if you're
From: Lorenzo Milesi max...@ufficyo.com
Sent: Monday, May 25, 2015 11:16 AM
To: users@spamassassin.apache.org
Subject: Re: Block mailing lists
I have built an extensive list of safe senders in the whitelist_from_* that
will
use the SHORTCIRCUIT (DKIM, SPF, RCVD) enabled above.
I didn't
From: Chris cpoll...@embarqmail.com
Sent: Wednesday, May 13, 2015 8:50 AM
To: Jeremy McSpadden
Cc: users@spamassassin.apache.org
Subject: Re: Turning off queries to SORBS
On Wed, 2015-05-13 at 02:05 +, Jeremy McSpadden wrote:
dig +trace and see if your ISP is intercepting queries.
--
From: Reindl Harald h.rei...@thelounge.net
Sent: Wednesday, May 13, 2015 12:35 PM
To: users@spamassassin.apache.org
Subject: Re: Turning off queries to SORBS
Am 13.05.2015 um 19:26 schrieb David Jones:
Connection refused errors are specific UDP responses from upstream DNS
servers that are being
From: Reindl Harald h.rei...@thelounge.net
Sent: Wednesday, May 13, 2015 11:53 AM
To: users@spamassassin.apache.org
Subject: Re: Turning off queries to SORBS
Am 13.05.2015 um 18:17 schrieb Chris:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT
On the server (via SSH or console) use the +trace argument to dig, and
then look for lines starting with ';;':
postmstr@smtp:~$ dig +trace example.com.multi.uribl.com | grep ';;'
;; global options: +cmd
;; Received 913 bytes from 127.0.0.1#53(127.0.0.1) in 8 ms
;; Received 760 bytes from
From: Joe Quinn jqu...@pccc.com
Sent: Tuesday, March 31, 2015 11:44 AM
To: users@spamassassin.apache.org
Subject: Re: RBL/SPF if header exists
On 3/31/2015 12:23 PM, Mike Cardwell wrote:
* on the Tue, Mar 31, 2015 at 12:15:31PM -0400, Joe Quinn wrote:
Here's an example from when Yahoo's
From: Benny Pedersen m...@junc.eu
Sent: Friday, March 27, 2015 10:48 PM
To: users@spamassassin.apache.org
Subject: Re: Uptick in spam
David Jones skrev den 2015-03-28 03:13:
I have Spamhaus in
front of invaluement in
my postfix configuration but I may try flipping the order just to see
From: Reindl Harald h.rei...@thelounge.net
Sent: Saturday, March 28, 2015 6:13 AM
To: users@spamassassin.apache.org
Subject: Re: Uptick in spam
Am 28.03.2015 um 12:04 schrieb David Jones:
I know that but I choose to use the traditional method in the Postfix
smtpd_recipient_restrictions so I can
From: Rob McEwen r...@invaluement.com
Sent: Saturday, March 28, 2015 12:47 AM
To: users@spamassassin.apache.org
Subject: Re: Uptick in spam
On 3/27/2015 10:13 PM, David Jones wrote:
The invaluement RBL is not expensive either and it is awesome. We pay
thousands per year for
a Spamhaus feed
From: Amir Caspi ceph...@3phase.com
Sent: Friday, March 27, 2015 7:30 PM
To: RW
Cc: users@spamassassin.apache.org
Subject: Re: Uptick in spam
On Mar 27, 2015, at 6:19 PM, RW rwmailli...@googlemail.com wrote:
There are deep checks for SBL (via zen) and SPAMCOP. XBL/PBL are
last-external only
From: Reindl Harald h.rei...@thelounge.net
Sent: Thursday, March 26, 2015 5:20 AM
To: users@spamassassin.apache.org
Subject: Re: Spamassassin not catching spam (Follow-up)
Am 26.03.2015 um 11:17 schrieb Kevin A. McGrail:
On 3/26/2015 2:53 AM, Reindl
From: Reindl Harald h.rei...@thelounge.net
been there short ago by receive 600 backscatters about messages i never sent
Hmmm. Maybe someone on this list was trying to send you a strong hint.
For the record, that wasn't me but it did sound like a good idea to prove
a point about backscatter.
From: Axb axb.li...@gmail.com
Sent: Wednesday, February 25, 2015 4:32 AM
To: users@spamassassin.apache.org
Subject: Re: Lots of Polish spam
On 02/25/2015 01:42 AM, Alex Regan wrote:
Hi,
On 02/24/2015 07:06 PM, Reindl Harald wrote:
Am 25.02.2015 um
From: Yves Goergen nospam.l...@unclassified.de
Sent: Wednesday, February 25, 2015 4:15 PM
To: users@spamassassin.apache.org
Subject: Re: Lots of Polish spam
Am 25.02.2015 um 20:42 schrieb Bill Cole:
On 24 Feb 2015, at 17:06, Yves Goergen wrote:
I can't
From: ttgh tony.to...@goldenhour.com
Sent: Monday, February 16, 2015 11:44 AM
To: users@spamassassin.apache.org
Subject: train filter based on spam to ex-employees?
We get 'waves' of spam which are addressed to both long-time employees
(usually executives) as well as long-gone employees. It's
From: Reindl Harald h.rei...@thelounge.net
Sent: Monday, November 3, 2014 4:01 PM
To: users@spamassassin.apache.org
Subject: Re: Hacked sites: dropbox/googlebox/banking
Am 03.11.2014 um 22:55 schrieb John Hardin:
On Mon, 3 Nov 2014, Quanah Gibson-Mount
From: Jude DaShiell jdash...@panix.com
Sent: Wednesday, October 29, 2014 3:54 PM
To: users@spamassassin.apache.org
Subject: what can be done about deep sea nutrition spam?
The garbage they send is 6MB in length. Their unsubscribe link also
doesn't work.
Use RBLs that have this server
On Fri, 10 Oct 2014 12:46:50 +0100
Martin Gregorie mar...@gregorie.org wrote:
I've recently noticed what may be a new spamming technique: sending
mail to Yahoo Groups with an invalid group name - since Yahoo!
doesnt! seem! to! use! SPF, this intentional backscatter gets
delivered to the
Hi,
I sent an email to priv...@spamassassin.apache.org regarding access to
mass-check back on the first of September. Is anybody out there? :)
--
staticsafe
https://staticsafe.ca
I did too and never heard anything. I would like to help out this project
in anyway that I can.
On 10/07/2014 01:12 PM, Axb wrote:
On 10/07/2014 01:01 PM, Reindl Harald wrote:
Am 07.10.2014 um 12:53 schrieb Axb:
On 10/07/2014 12:40 PM, Reindl Harald wrote:
Am 06.10.2014 um 19:06 schrieb Axb:
On 10/06/2014 07:01 PM, David Jones wrote:
Anyone else seeing an unusually high hit
Anyone else seeing an unusually high hit count today for URIBL_RHS_DOB?
Looks like every query is returning 127.0.0.2.?
On 10/06/2014 01:55 PM, David Jones wrote:
Anyone else seeing an unusually high hit count today for URIBL_RHS_DOB?
Looks like every query is returning 127.0.0.2.?
According to my last check, Rick has fixed the issue.
host yahoo.com.dob.sibl.support-intelligence.net
Host
From: Axb axb.li...@gmail.com
On 10/06/2014 07:01 PM, David Jones wrote:
Anyone else seeing an unusually high hit count today for URIBL_RHS_DOB?
host google.com.dob.sibl.support-intelligence.net
Host google.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN)
web tools sigh
On Mon, 6 Oct 2014, LuKreme wrote:
On 03 Oct 2014, at 11:42 , Reindl Harald h.rei...@thelounge.net wrote:
Am 03.10.2014 um 19:34 schrieb LuKreme:
[SPAM] is not a spam marker I’ve ever seen so it seems perfectly OK to me
You are assuming, I think wrongly, that the [SPAM] tag is being
On October 4, 2014 6:50:44 PM jdebert jdeb...@garlic.com wrote:
X-DKIM: Sendmail DKIM Filter v2.8.2 mailsea.docusign.net JQ9N42F3MTC8
^^
Never seen this before from sendmail. Bogus DKIM header?
Iis it also possible to test for conflicting X- headers?
Possible extend
From: Philip Prindeville philipp_s...@redfish-solutions.com
Sent: Tuesday, September 30, 2014 12:30 PM
To: SpamAssassin
Subject: Googlasi, blacklotus, etc.
I’m seeing spams like:
http://pastebin.com/XXQrNURW
Notice:
* the message is almost
From: Marcus Schopen li...@localguru.de
Sent: Friday, September 12, 2014 3:33 AM
To: Axb
Cc: users@spamassassin.apache.org
Subject: Re: sa-learn from a remote imap folder
Hi,
Am Freitag, den 12.09.2014, 10:13 +0200 schrieb Axb:
On 09/12/2014 10:05 AM,
501 - 600 of 608 matches
Mail list logo