Re: DNS resolution issue

>/etc/resolv.conf has just got: >nameserver 173.203.4.9 >nameserver 173.203.4.8 >Unless something is borked in Rackspace's networking config (certainly >not impossible), I don't know why that would ever end up pointing to >localhost. Setup BIND, unbound, or PowerDNS recursor on localhost and

Re: RCVD_IN_SORBS_SPAM and google IPs

>From: li...@rhsoft.net >Sent: Monday, September 12, 2016 12:13 PM >To: users@spamassassin.apache.org >Subject: Re: RCVD_IN_SORBS_SPAM and google IPs >that's exactly what i *don't* have a contentfilter for to need customers >report their spam and i have to talk with abuse

Re: RCVD_IN_SORBS_SPAM and google IPs

>From: li...@rhsoft.net <li...@rhsoft.net> >Sent: Monday, September 12, 2016 8:47 AM >To: users@spamassassin.apache.org >Subject: Re: RCVD_IN_SORBS_SPAM and google IPs >Am 12.09.2016 um 15:37 schrieb David Jones: >>>Has RCVD_IN_SORBS_WEB been considered for adjus

Re: RCVD_IN_SORBS_SPAM and google IPs

>From: Alex >Sent: Sunday, September 11, 2016 4:10 PM >To: SA Mailing list >Subject: Re: RCVD_IN_SORBS_SPAM and google IPs >Hi, >> COMMIT/trunk/rules/50_scores.cf >> >> Committed revision 1760066. >> >> score RCVD_IN_SORBS_SPAM 0 0.5 0 0.5 >> >> should show up after

Re: How to exclude internal networks from DNS based checks?

>From: Jason Voorhees >Hello guys: >I'm an old spamassassin user but not an experienced one indeed. I have >a Zimbra server and a dedicated antispam with MailScanner like this: >Zimbra: 192.168.1.25 >Antispam: 192.168.1.5 >All incoming and outgoing mail traffic goes

Re: Corpus of Spam/Ham headers(Source IP) for research

>From: Shivram Krishnan >Sent: Wednesday, June 29, 2016 10:50 AM >To: Antony Stone >Cc: users@spamassassin.apache.org >Subject: Re: Corpus of Spam/Ham headers(Source IP) for research   >Hello Antony, >We will be getting headers from our University. The only reason why we

Re: Catching well directed spear phishing messages

domain and possibly help users notice the wrong address. It's only going to get worse. Many years ago when I had to use Outlook, I had to put my email address in my signature because Outlook would only put "David Jones" in the reply text. If and email was forwarded later, that recipient w

Re: Catching well directed spear phishing messages

>Am I missing something here: Respectfully, you are. >An email comes in from the CEO of the business - seemingly from the company, >and has a Spam score of 7.5 I am talking about legit emails from trusted senders that won't hit FREEMAIL_FORGED, RBLs, DBLs or any high scoring rules so they are

Re: Catching well directed spear phishing messages

>From: RW <rwmailli...@googlemail.com> >Sent: Tuesday, June 28, 2016 8:50 AM >To: users@spamassassin.apache.org >Subject: Re: Catching well directed spear phishing messages   >On Wed, 29 Jun 2016 01:30:55 +1200 >Sidney Markowitz wrote: >> David Jo

Re: Catching well directed spear phishing messages

>From: Sidney Markowitz >Sent: Tuesday, June 28, 2016 3:15 AM >To: Ram; users@spamassassin.apache.org >Subject: Re: Catching well directed spear phishing messages   >Ram wrote on 28/06/16 7:19 PM: >> >> >> On Tuesday 28 June 2016 12:03 PM, Raymond Dijkxhoorn wrote: >>>

Re: Which DNSBLs do you use?

>> On Jun 17, 2016, at 7:25 AM, Vincent Fox wrote: >> >> Greylisting imo helps a lot with RBL lag. Greylisting is a must and it definitely helps with RBL lag. >It can, but it's definitely a double edge sword. Depending on the way the >remote MTA works, I've experienced

Re: Which DNSBLs do you use?

>> For example, 212.227.126.135, scores 4 out of a 100 on senderscore. It >> also currently hits just sorbs. The individual score for each would >> have to be so low, even with such a poor reputation, that it hardly >> makes it worthwhile. I can't reject just on the almost worst >> reputation as

Re: Which DNSBLs do you use?

>We were also using the senderscore RBL based on Reindel and others >recommendations, but disabled it after it just rejected too much ham. The senderscore.org RBL scores for low reputation are a pain sometimes but those senders need to know how to filter outbound email properly and detect

OT - RBLs and postwhite

This is a little off topic to SA but a good RBL setup is crucial to making SA successful. For those using Postfix, check the list archives for postscreen settings to use weighted RBLs which allows using of somewhat unreliable RBLs in combination with reliable ones which works very well to block

Re: Bayes filter marking everything as ham

>https://wiki.apache.org/spamassassin/ImproveAccuracy >I have gone through this wiki (and ones like it) at least a dozen times. >My server is blocking about 50% of the spam, thanks to some of the >other layers of spam protection. It's just bayes that I can't seem to get >right Are you getting

Re: Bayes filter marking everything as ham

>From: Reindl Harald >Sent: Tuesday, May 31, 2016 6:27 PM >To: users@spamassassin.apache.org >Subject: Re: Bayes filter marking everything as ham >Am 31.05.2016 um 23:58 schrieb Peter Carlson: >> May 30 09:04:53 www amavis[16577]: (16577-03) Passed CLEAN >>

Re: SA Concepts - plugin for email semantics

>From: RW >Sent: Tuesday, May 31, 2016 5:20 PM >To: users@spamassassin.apache.org >Subject: Re: SA Concepts - plugin for email semantics >On Tue, 31 May 2016 15:20:56 -0400 >Bill Cole wrote: >> On 29 May 2016, at 11:07, RW wrote: >> >> > Statistical filters are

Re: Odd results when using whitelisting

>I used the "Authoritative, validating, recursive caching DNS (example >2)" section of this guide: https://calomel.org/unbound_dns.html but >omitted the forward-zone, local-zone and local-data sections and did a >couple of other parameters differently. PowerDNS Recursor is very easy to install

Re: Odd results when using whitelisting

>From: Bill Cole <sausers-20150...@billmail.scconsult.com> >Sent: Wednesday, May 25, 2016 10:09 AM >To: SA-Users >Subject: Re: Odd results when using whitelisting >On 24 May 2016, at 15:58, David Jones wrote: >> Dnsmasq is a very powerful DNS server I meant that it

Re: Odd results when using whitelisting

*never* use a forwarind/ISP nameserver for a inbound MX > If I understand you, I don't. I have my own domain and my mx record points to > my dyndns FQDN What you mentioned above is hosting your own domain's DNS to the Internet and has nothing to do with how your ClearOS server is resolving it's

Re: SA Concepts - plugin for email semantics

>From: Paul Stead >Sent: Tuesday, May 24, 2016 9:55 AM >To: users@spamassassin.apache.org >Subject: SA Concepts - plugin for email semantics >Hi guys, >Based upon some information from others on the list I have put together >a plugin for SA which canonicalises an

Re: SA cannot block messages with attached zip

>From: Dianne Skoll >Sent: Friday, May 20, 2016 6:07 AM >To: users@spamassassin.apache.org >Subject: Re: SA cannot block messages with attached zip >On Fri, 20 May 2016 09:31:48 +0300 >Emin Akbulut wrote: >> What do you suggest to fight these

Re: understanding HELO_DYNAMIC_IPADDR

>From: Daniel J. Luke <dl...@geeklair.net> >Sent: Friday, May 13, 2016 3:42 PM >To: David Jones >Cc: Vincent Fox; users@spamassassin.apache.org >Subject: Re: understanding HELO_DYNAMIC_IPADDR >On May 13, 2016, at 4:24 PM, David Jones <djo...@ena.com> wrote: &g

Re: understanding HELO_DYNAMIC_IPADDR

> >From: Vincent Fox >Sent: Friday, May 13, 2016 2:57 PM >To: users@spamassassin.apache.org >Subject: Re: understanding HELO_DYNAMIC_IPADDR >On 05/13/2016 12:29 PM, Daniel J. Luke wrote: >> >> While you are at it, make sure your forward

Re: Received header and matching

>From: Alex >Sent: Thursday, May 12, 2016 9:37 AM >To: SA Mailing list >Subject: Received header and matching >Hi, >I'm trying to match some Apple/iTunes fraud and would like to use the >lack of the email having been passed through anything relating to >Apple (contains

Re: Trust but verify

>On 4/25/2016 7:07 PM, David Jones wrote: >> score LOCAL__H_from_sample -10.0 >>> header LOCAL__H_from_sample ALL =~ /mail\.sample\.com/i >> Add it's IP to your trusted_networks and subtract a few points for >> ALL_TRUSTED. I wouldn't recommend subtracting

Re: Trust but verify

>One of my mail filters is a smart host for a trusted mail server >(mail.sample.com), how do we assign a -10 score to mail coming from >mail.sample.com >I thought this would work, but it doesn't: >scoreLOCAL__H_from_sample -10.0 >header LOCAL__H_from_sample ALL =~ /mail\.sample\.com/i Add

Re: Is this spam?

>> The mere presence of an unsubscribe link does not indicate legitimacy. And >> the sender's definition of "opt-in" may not align with how most people would >> define it. >> >> The company is probably real, ISTR using Acton back when I was monking at >> $DAYJOB--, but that doesn't mean the

Re: Is this spam?

On Mon, 18 Apr 2016, Alex wrote: > I'm curious as to whether you think this email is spam? > > http://pastebin.com/bFVSgwnR > > It looks like your typical unsolicited "Buyers Guide" junk, but I've > heard of actonsoftware before, and this email appears to have a > legitimate unsubscribe link. It

Re: URIBL/DNSBL from a database

>> DNS is very effective to block at the MTA level. I setup my own private >> RBL on the DNS servers my SA boxes point to. Dump your IPs into a >> rbldnsd formatted zone file and setup your private RBL zone (doesn't >> have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd >>

Re: URIBL/DNSBL from a database

> >From: Alex >For some time now I've been cycling URLs and IPs through a mariadb >database gathered from incoming mail on a honeypot I've created. >Surprising how many are received ahead of spamhaus/barracuda. Major RBLs like

Re: how to fix this issue-spam

>>SPF strict outright breaks mail forwarding, unless the forwarder rewrites the >>envelope sender. >SPF does NOT break mail forwarding (and is not obsolete, as you claim in >later mail) Until most MTAs support SRS easily and possibly by default, SPF is going to be broken by forwarding. You are

Re: how to fix this issue-spam

Are you using DKIM / SPF for your domain? I mean, why do you accept email apparently from your own domain when it does not come from one of your authorised servers? >>> >>> because the From header has nothing to do with the envelope sender and >>> so not with SPF and spoofing

Re: how to fix this issue-spam

>* you did not provide a hint to the list-problem >* to "solve" the OP's problem DMARC is not needed Mail admins need to get familiar with DMARC because major ISPs have begun to take this seriously in the past year and are starting to reject or put into spam folders when this is setup

Re: how to fix this issue-spam

>> DMARC is a combination of SPF and DKIM plus From: header spoofing check. >> You must get SPF and DKIM setup before adding the '_dmarc' DNS record for >> the sending domain >tell me something new This email was not just for you. If you already knew this, then ignore it. >wait i tell you

Re: how to fix this issue-spam

>> Google is telling all of their mail customers to add DMARC DNS records to >> block >> spoofing of their own domains >before Google ist telling somebody something they should better learn >the difference between "~" and "-" in a SPF record to make gmail.com at >least on envelope-level spoofing

Re: SPF rules and my domain

>Spamassassin is just going to record a generic SPF_FAIL, regardless of >whether it's my SPF record or an email from some other domain. >If I wanted to use SPF in spamassassin to block spoofing attempts >against my domain, how would I do that? Simply put all approved mail servers that you allow

Re: question re/ RDNS_NONE

>From: Bill Cole <sausers-20150...@billmail.scconsult.com> >Sent: Tuesday, November 24, 2015 1:41 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >On 24 Nov 2015, at 13:47, David Jones wrote: >> Could this be dependent on the MTA used? I am

Re: question re/ RDNS_NONE

>From: RW <rwmailli...@googlemail.com> >Sent: Sunday, November 22, 2015 3:23 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >On Sun, 22 Nov 2015 13:39:49 + >David Jones wrote: >> https://wiki.apache.org/spamassassin/Rules/RDNS_NONE &g

Re: question re/ RDNS_NONE

>From: Reindl Harald <h.rei...@thelounge.net> >Sent: Tuesday, November 24, 2015 1:01 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >Am 24.11.2015 um 19:47 schrieb David Jones: >> Could this be dependent on the MTA used? I am using Postfi

Re: question re/ RDNS_NONE

>From: Reindl Harald <h.rei...@thelounge.net> >Sent: Tuesday, November 24, 2015 1:20 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >Am 24.11.2015 um 20:16 schrieb David Jones: >>> From: Reindl Harald <h.rei...@thelounge.net> &

Re: question re/ RDNS_NONE

>From: Bill Cole <sausers-20150...@billmail.scconsult.com> >Sent: Tuesday, November 24, 2015 3:31 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >On 24 Nov 2015, at 14:54, David Jones wrote: >>> From: Bill Cole <sausers-20150...

Re: question re/ RDNS_NONE

>From: RW <rwmailli...@googlemail.com> >Sent: Saturday, November 21, 2015 1:43 PM >To: users@spamassassin.apache.org >Subject: Re: question re/ RDNS_NONE >On Sat, 21 Nov 2015 15:35:54 + >David Jones wrote: >> Read the Received headers from the bottom up. >&

Re: question re/ RDNS_NONE

>From: Matthias Apitz >Sent: Saturday, November 21, 2015 9:15 AM >To: spamassassin-users >Subject: question re/ RDNS_NONE >Hello, >I've sent myself an email which gets marked with RDNS_NONE. Can someone >please be so kind and explain to me which IP addr exactly triggers this

Re: New SA install, configuring for retraining on false positives

>From: David Mehler >Sent: Thursday, November 5, 2015 5:52 AM >To: users@spamassassin.apache.org >Subject: New SA install, configuring for retraining on false positives >Hello, >I've got a Postfix email server going with a Mysql database backend on >FreeBSD 10.2. I'm now

Re: How to get rid of this spam? Spam assassin does not catch it

>> Also - add a highest numbers MX record tarbaby.junkemailfilter.com >> >> This will help tune our list to your spam and also get rid of a lot od it. >> Is this safe to use with greylisting on the lower MX records? I see you temp fail (4xx) all email so it should be safe. Didn't see anything

Re: SOT - Fowarding mail to new service, keeping same MX, pitfalls

> >From: Joe Acquisto-j4 >Sent: Thursday, October 22, 2015 9:34 AM >To: users@spamassassin.apache.org >Subject: SOT - Fowarding mail to new service, keeping same MX, pitfalls >This may not be the right place to discuss this, as it is

Re: Add "may be forged" minor rule?

>From: Reindl Harald >Sent: Monday, September 28, 2015 3:11 PM >To: users@spamassassin.apache.org >Subject: Re: Add "may be forged" minor rule? >Am 28.09.2015 um 22:04 schrieb Amir Caspi: >> On Sep 28, 2015, at 1:53 PM, John Hardin

Re: Test for empty EnvelopeFrom

>From: Reindl Harald >Sent: Thursday, September 24, 2015 5:12 AM >To: Philip Prindeville >Cc: users@spamassassin.apache.org >Subject: Re: Test for empty EnvelopeFrom >Am 23.09.2015 um 19:24 schrieb Philip Prindeville: >> Stating

Re: Test for empty EnvelopeFrom

> >From: Dianne Skoll <d...@roaringpenguin.com> >Sent: Thursday, September 24, 2015 9:02 AM >To: users@spamassassin.apache.org >Subject: Re: Test for empty EnvelopeFrom >On Thu, 24 Sep 2015 12:21:33 + >David Jones <djo.

Re: Test for empty EnvelopeFrom

>> I never said it was. >> >> What I said was that when it’s coming from a server that doesn’t >> except inbound messages (and hence can’t generate bounces) THEN it’s >> a sign of Spam. >Since when does a server handling outbound traffic have to accept >inbound mail? >Any setup with more than a

Re: MailBlacklist.com Integration Testing Phase

From: MailBlacklist.com Management managem...@mailblacklist.com Sent: Monday, August 17, 2015 7:38 AM To: users@spamassassin.apache.org Subject: MailBlacklist.com Integration Testing Phase Spam Assassin MailBlacklist.com Integration Testing Phase 1 We would like to welcome users of

Re: spam with url redirects

From: Kevin Golding k...@caomhin.org Sent: Friday, August 14, 2015 3:16 AM To: michael reimer Cc: users@spamassassin.apache.org Subject: Re: spam with url redirects - Original Message - From: michael reimer michael.rei...@falke.com To:

Re: SPF confusion

From: Bowie Bailey bowie_bai...@buc.com On 7/15/2015 4:04 PM, Kevin A. McGrail wrote: Why is it looking for an SPF record for rrdesp.com? That is the sending server, shouldn't it be using the domain from the From or Envelope-From instead? This SPF check looks backwards to me. Am I missing

Re: Return Path (TM) whitelists

On 2015-07-09 16:58 +, David Jones wrote: Did the email have a valid unsubscribe link/process? It is in Dutch, and I can't read Dutch. (Yes, I do use the language plugin.) I shortcircuit as ham for these two rule hits and never have had a report of spam that couldn't be reliably/safely

Re: Return Path (TM) whitelists

From: Ian Zimmerman i...@buug.org Sent: Thursday, July 9, 2015 11:02 AM To: users@spamassassin.apache.org Subject: Return Path (TM) whitelists I just got in my inbox what I consider spam from the Belgian domain selling Japanese copiers printers (you probably know which one). What made it pass

Re: Rules needed...

On Jun 29, 2015, at 12:35 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 29.06.2015 um 18:29 schrieb Ted Mittelstaedt: What other free MTA is there that’s in common use? qmail is dead and buried. Sendmail and Exim are pretty much niche. What exactly is wrong with Postfix? Nothing.

Re: Rules needed...

From: Benny Pedersen m...@junc.eu Sent: Friday, June 26, 2015 11:45 AM To: users@spamassassin.apache.org Subject: Re: Rules needed... Alex Regan skrev den 2015-06-26 18:33: http://pastebin.com/FzUkEvRp blacklist_from *@*.allisonarctictrips.com spf-pass take responselily That IP is on a ton

Re: Help me waste spammers resources

From: Marc Perkel supp...@junkemailfilter.com Sent: Friday, June 19, 2015 3:41 PM To: users@spamassassin.apache.org Subject: Help me waste spammers resources I found a great trick for wasting spammer's resources and getting them blacklisted that I'd like to share will all of you. On my main spam

Re: Must-Have Plugins?

From: Philip Prindeville philipp_s...@redfish-solutions.com On Jun 9, 2015, at 12:29 PM, John Hardin jhar...@impsec.org wrote: On Tue, 9 Jun 2015, David Jones wrote: Some of the best and easiest things you can enable to block spam are outside of SpamAssassin at your MTA (sendmail, postfix

Re: Must-Have Plugins?

From: Philip Prindeville philipp_s...@redfish-solutions.com Sent: Friday, June 19, 2015 3:53 PM To: David Jones Cc: users@spamassassin.apache.org Subject: Re: Must-Have Plugins? On Jun 19, 2015, at 2:35 PM, David Jones djo...@ena.com wrote: But I’m on a LOT of high volume mailing lists (like

Re: ALL_TRUSTED triggering _intermittently_ on external mails?

/local.cf internal_networks 127.0.0.0/8 10.2.2.0/24 10.1.1.0/24 X.X.X.X/29 trusted_networks 10.2.2.0/24 10.1.1.0/24 X.X.X.X/29 etc, the msg's received-from headers are _not_ all on my internal networks, What are the X.X.X.X/29 above? It can't

Re: Must-Have Plugins?

From: Philip Prindeville philipp_s...@redfish-solutions.com On Jun 9, 2015, at 12:29 PM, John Hardin jhar...@impsec.org wrote: On Tue, 9 Jun 2015, David Jones wrote: Some of the best and easiest things you can enable to block spam are outside of SpamAssassin at your MTA (sendmail, postfix

Re: [RESOLVED] Re: Usage of whitelist_from

It will if you enable SHORTCIRCUIT'ing of whitelist_from no it will not, it skips many rules which would not have any effect because the large negative score but it *will not* bypass Technically it doesn't bypass SA but it effectively does the same thing. Depends on what you mean by bypass.

Re: [RESOLVED] Re: Usage of whitelist_from

Second, I understand now that whitelist_from just represent a large score, and does not bypass the email itself. It will if you enable SHORTCIRCUIT'ing of whitelist_from. However, it is not recommended to use whitelist_from. Use whitelist_from_rcvd, or whitelist_auth instead to prevent spoofed

Re: DCC whitelisting

On Wed, 10 Jun 2015, Shane Williams wrote: Two examples that I know are legitimate senders, but get caught by DCC (and pyzor in some cases) and other rules that push them over the threshold are the SourceForge.net Project of the Month list and various Netflix emails to customers (New

Re: Must-Have Plugins?

given that install unbound as local resolver takes 2 minutes it's even not worth to argue on that topic and a spamfilter without RBL's and URIBL's is just nonsense I have installed a caching DNS server before (albeit probably about 15 years ago). But it just shouldn't be necessary. It can be

Re: Must-Have Plugins?

Some of the best and easiest things you can enable to block spam are outside of SpamAssassin at your MTA (sendmail, postfix, etc.). - Enable RBLs and DBLs. zen.spamhaus.org is the best way to block the majority of junk before it reaches SA. Just make sure you are below their free

Re: Must-Have Plugins?

- Enable RBLs and DBLs. zen.spamhaus.org is the best way to block the majority of junk before it reaches SA. Just make sure you are below their free threshold limit. One important way to do this is One important way to do this in terms of the Spamhaus threshold limit is to not be such

Re: Must-Have Plugins?

given that install unbound as local resolver takes 2 minutes it's even not worth to argue on that topic and a spamfilter without RBL's and URIBL's is just nonsense I have installed a caching DNS server before (albeit probably about 15 years ago). But it just shouldn't be necessary. It can be

Re: DNSBLs and cache hit rate (was Re: Must-Have Plugins?)

[One should run a caching DNS server on a mail server.] We are giving you solid advice based on real experiences where we ran into problems and worked around them. Just try to enable RBLs and see how it works for you. I'm not disputing that running a caching DNS server is a good idea, but

Re: Must-Have Plugins?

On 08.06.15 23:03, Michael B Allen wrote: So I have had SA running for about 2 days on a very small site with a handful of users. I've been running the default config just to see how well it would do by itself. Unfortunately quite a lot of spam is getting through. So far 40 of 142 spams have

Re: Block mailing lists

From: Reindl Harald h.rei...@thelounge.net Sent: Monday, May 25, 2015 7:23 AM To: users@spamassassin.apache.org Subject: Re: Block mailing lists Am 25.05.2015 um 14:17 schrieb Lorenzo Milesi: There are inherit dangers of what you want to do, but if you're

Re: Block mailing lists

From: Lorenzo Milesi max...@ufficyo.com Sent: Monday, May 25, 2015 11:16 AM To: users@spamassassin.apache.org Subject: Re: Block mailing lists I have built an extensive list of safe senders in the whitelist_from_* that will use the SHORTCIRCUIT (DKIM, SPF, RCVD) enabled above. I didn't

Re: Turning off queries to SORBS

From: Chris cpoll...@embarqmail.com Sent: Wednesday, May 13, 2015 8:50 AM To: Jeremy McSpadden Cc: users@spamassassin.apache.org Subject: Re: Turning off queries to SORBS On Wed, 2015-05-13 at 02:05 +, Jeremy McSpadden wrote: dig +trace and see if your ISP is intercepting queries. --

Re: Turning off queries to SORBS

From: Reindl Harald h.rei...@thelounge.net Sent: Wednesday, May 13, 2015 12:35 PM To: users@spamassassin.apache.org Subject: Re: Turning off queries to SORBS Am 13.05.2015 um 19:26 schrieb David Jones: Connection refused errors are specific UDP responses from upstream DNS servers that are being

Re: Turning off queries to SORBS

From: Reindl Harald h.rei...@thelounge.net Sent: Wednesday, May 13, 2015 11:53 AM To: users@spamassassin.apache.org Subject: Re: Turning off queries to SORBS Am 13.05.2015 um 18:17 schrieb Chris: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT

Re: AWL defeating my SPAM classification

On the server (via SSH or console) use the +trace argument to dig, and then look for lines starting with ';;': postmstr@smtp:~$ dig +trace example.com.multi.uribl.com | grep ';;' ;; global options: +cmd ;; Received 913 bytes from 127.0.0.1#53(127.0.0.1) in 8 ms ;; Received 760 bytes from

Re: RBL/SPF if header exists

From: Joe Quinn jqu...@pccc.com Sent: Tuesday, March 31, 2015 11:44 AM To: users@spamassassin.apache.org Subject: Re: RBL/SPF if header exists On 3/31/2015 12:23 PM, Mike Cardwell wrote: * on the Tue, Mar 31, 2015 at 12:15:31PM -0400, Joe Quinn wrote: Here's an example from when Yahoo's

Re: Uptick in spam

From: Benny Pedersen m...@junc.eu Sent: Friday, March 27, 2015 10:48 PM To: users@spamassassin.apache.org Subject: Re: Uptick in spam David Jones skrev den 2015-03-28 03:13: I have Spamhaus in front of invaluement in my postfix configuration but I may try flipping the order just to see

Re: Uptick in spam

From: Reindl Harald h.rei...@thelounge.net Sent: Saturday, March 28, 2015 6:13 AM To: users@spamassassin.apache.org Subject: Re: Uptick in spam Am 28.03.2015 um 12:04 schrieb David Jones: I know that but I choose to use the traditional method in the Postfix smtpd_recipient_restrictions so I can

Re: Uptick in spam

From: Rob McEwen r...@invaluement.com Sent: Saturday, March 28, 2015 12:47 AM To: users@spamassassin.apache.org Subject: Re: Uptick in spam On 3/27/2015 10:13 PM, David Jones wrote: The invaluement RBL is not expensive either and it is awesome. We pay thousands per year for a Spamhaus feed

Re: Uptick in spam

From: Amir Caspi ceph...@3phase.com Sent: Friday, March 27, 2015 7:30 PM To: RW Cc: users@spamassassin.apache.org Subject: Re: Uptick in spam On Mar 27, 2015, at 6:19 PM, RW rwmailli...@googlemail.com wrote: There are deep checks for SBL (via zen) and SPAMCOP. XBL/PBL are last-external only

Re: Spamassassin not catching spam (Follow-up)

From: Reindl Harald h.rei...@thelounge.net Sent: Thursday, March 26, 2015 5:20 AM To: users@spamassassin.apache.org Subject: Re: Spamassassin not catching spam (Follow-up) Am 26.03.2015 um 11:17 schrieb Kevin A. McGrail: On 3/26/2015 2:53 AM, Reindl

Re: Spamassassin not catching spam (Follow-up)

From: Reindl Harald h.rei...@thelounge.net been there short ago by receive 600 backscatters about messages i never sent Hmmm. Maybe someone on this list was trying to send you a strong hint. For the record, that wasn't me but it did sound like a good idea to prove a point about backscatter.

Re: Lots of Polish spam

From: Axb axb.li...@gmail.com Sent: Wednesday, February 25, 2015 4:32 AM To: users@spamassassin.apache.org Subject: Re: Lots of Polish spam On 02/25/2015 01:42 AM, Alex Regan wrote: Hi, On 02/24/2015 07:06 PM, Reindl Harald wrote: Am 25.02.2015 um

Re: Lots of Polish spam

From: Yves Goergen nospam.l...@unclassified.de Sent: Wednesday, February 25, 2015 4:15 PM To: users@spamassassin.apache.org Subject: Re: Lots of Polish spam Am 25.02.2015 um 20:42 schrieb Bill Cole: On 24 Feb 2015, at 17:06, Yves Goergen wrote: I can't

Re: train filter based on spam to ex-employees?

From: ttgh tony.to...@goldenhour.com Sent: Monday, February 16, 2015 11:44 AM To: users@spamassassin.apache.org Subject: train filter based on spam to ex-employees? We get 'waves' of spam which are addressed to both long-time employees (usually executives) as well as long-gone employees. It's

Re: Hacked sites: dropbox/googlebox/banking

From: Reindl Harald h.rei...@thelounge.net Sent: Monday, November 3, 2014 4:01 PM To: users@spamassassin.apache.org Subject: Re: Hacked sites: dropbox/googlebox/banking Am 03.11.2014 um 22:55 schrieb John Hardin: On Mon, 3 Nov 2014, Quanah Gibson-Mount

Re: what can be done about deep sea nutrition spam?

From: Jude DaShiell jdash...@panix.com Sent: Wednesday, October 29, 2014 3:54 PM To: users@spamassassin.apache.org Subject: what can be done about deep sea nutrition spam? The garbage they send is 6MB in length. Their unsubscribe link also doesn't work. Use RBLs that have this server

Re: New spamming trick?

On Fri, 10 Oct 2014 12:46:50 +0100 Martin Gregorie mar...@gregorie.org wrote: I've recently noticed what may be a new spamming technique: sending mail to Yahoo Groups with an invalid group name - since Yahoo! doesnt! seem! to! use! SPF, this intentional backscatter gets delivered to the

Re: Regarding mass-check access

Hi, I sent an email to priv...@spamassassin.apache.org regarding access to mass-check back on the first of September. Is anybody out there? :) -- staticsafe https://staticsafe.ca I did too and never heard anything. I would like to help out this project in anyway that I can.

Re: URIBL_RHS_DOB high hits

On 10/07/2014 01:12 PM, Axb wrote: On 10/07/2014 01:01 PM, Reindl Harald wrote: Am 07.10.2014 um 12:53 schrieb Axb: On 10/07/2014 12:40 PM, Reindl Harald wrote: Am 06.10.2014 um 19:06 schrieb Axb: On 10/06/2014 07:01 PM, David Jones wrote: Anyone else seeing an unusually high hit

URIBL_RHS_DOB high hits

Anyone else seeing an unusually high hit count today for URIBL_RHS_DOB? Looks like every query is returning 127.0.0.2.?

Re: URIBL_RHS_DOB high hits

On 10/06/2014 01:55 PM, David Jones wrote: Anyone else seeing an unusually high hit count today for URIBL_RHS_DOB? Looks like every query is returning 127.0.0.2.? According to my last check, Rick has fixed the issue. host yahoo.com.dob.sibl.support-intelligence.net Host

Re: URIBL_RHS_DOB high hits

From: Axb axb.li...@gmail.com On 10/06/2014 07:01 PM, David Jones wrote: Anyone else seeing an unusually high hit count today for URIBL_RHS_DOB? host google.com.dob.sibl.support-intelligence.net Host google.com.dob.sibl.support-intelligence.net not found: 3(NXDOMAIN) web tools sigh

Re: half-OT: please remove [spam]-markers from subjects

On Mon, 6 Oct 2014, LuKreme wrote: On 03 Oct 2014, at 11:42 , Reindl Harald h.rei...@thelounge.net wrote: Am 03.10.2014 um 19:34 schrieb LuKreme: [SPAM] is not a spam marker I’ve ever seen so it seems perfectly OK to me You are assuming, I think wrongly, that the [SPAM] tag is being

Re: Many X- headers - possible spam sign?

On October 4, 2014 6:50:44 PM jdebert jdeb...@garlic.com wrote: X-DKIM: Sendmail DKIM Filter v2.8.2 mailsea.docusign.net JQ9N42F3MTC8 ^^ Never seen this before from sendmail. Bogus DKIM header? Iis it also possible to test for conflicting X- headers? Possible extend

Re: Googlasi, blacklotus, etc.

From: Philip Prindeville philipp_s...@redfish-solutions.com Sent: Tuesday, September 30, 2014 12:30 PM To: SpamAssassin Subject: Googlasi, blacklotus, etc. I’m seeing spams like: http://pastebin.com/XXQrNURW Notice: * the message is almost

RE: sa-learn from a remote imap folder

From: Marcus Schopen li...@localguru.de Sent: Friday, September 12, 2014 3:33 AM To: Axb Cc: users@spamassassin.apache.org Subject: Re: sa-learn from a remote imap folder Hi, Am Freitag, den 12.09.2014, 10:13 +0200 schrieb Axb: On 09/12/2014 10:05 AM,

<    1   2   3   4   5   6   7   >