Re: Dealing with links to malicious documents

I had created a plugin to read the headers (just make a HEAD request) of all URIs in an email, and then you can make tests based off them. An example of this would be to look for specific mimetypes at the end of the link, so for example, see if the mimetype is Application/msword. You can find it

Re: Whitelist IP for SBL check

Considering the issue, couldn't you in theory just add "uridnsbl_skip_domain ip.on.blk.lst"? I mean, according to URIBL_SBL, it would be if the IP itself is on the blacklist, so wouldn't skipping the "domain" of a specific IP skip detection? On Fri, Feb 23, 2018 at 4:55 PM, David Jones

Re: TO_NO_BRKTS_DYNIP

Amazon AWS machines sending out to the Internet should have a PTR record, or else they will be on a lot of blacklists as well. Amazon works with a number of blacklist providers and automatically has IPs without a static PTR record blacklisted. When you request a PTR record from Amazon, they then

Re: MSBL Email Blocklist (EBL) SA usage query

On Ubuntu 16.04, I have no issues with the plugin, it works fine for me. On Wed, Nov 22, 2017 at 8:34 PM, Kevin Miller wrote: > Debian Jessie, Perl version 5.020002 (5.20.2) > > Not bleeding edge, but not from the Dark Ages either. How about > yourself? What

Re: Why doesn't HK_RANDOM_FROM trigger on this email address?

Why not just have it be a meta test that doesn't trigger if it contains "sch"? I realize that cuts out things like tjmkln...@fakeemail.com, but it would catch tsjmhw...@fakeemail.com, so maybe a bit better in both catch rate and false positives? On Mon, Nov 20, 2017 at 8:03 AM, Jens Schleusener <

Re: Bank fraud phish

That isn't the Message-Id, that is the X-MS-Exchange-CrossTenant-Network-Message-Id... The Message-Id is compliant. On Wed, Oct 25, 2017 at 11:43 AM, Rupert Gallagher wrote: > The raw e-mail in pastebin returns a non-well-formed Message-ID. I attach > a photo of what I see.

Re: URIBL_BLOCKED - which one?

URIBL_BLOCKED is in reference to multi.uribl.com. On Fri, Oct 13, 2017 at 1:40 PM, AJ Weber wrote: > I guess this qualifies as a newbie question...I've been running SA for a > while, but haven't really dug into some of the workings... > > I occasionally see the URIBL_BLOCKED

check_rbl lastexternal doesn't seem to be working?

Hi list, I am having an issue with creating some check_rbl() SpamAssassin rules. We run a reputation server that have 8 different zones: White, W3, W2, W1:B1, B2, B3, Black There is no way for one IP to be listed in multiple zones, and yet I am sometimes seeing B2 and B3 or B2, B3, and Black

Re: Score maths

A score of -0.0 is actually not 0, it is something like -0.01 (or smaller). If it had a score of actual 0, it wouldn't trigger. As such, due to rounding, it ends up becoming 2.9, instead of 3. On 04/25/2017 09:27 AM, Geoff Soper wrote: X-Spam-Status: No, Score=2.9 X-Spam-Report: * -0.0

Re: Bayes refuses to work despite best efforts

Hi Antony, If you look at his Bayes Configuration, he made it so that he only requires 100 Ham messages. So that isn't the issue here. - Markus On 03/31/2017 12:56 PM, Antony Stone wrote: On Friday 31 March 2017 at 00:07:56, David wrote: I'm getting no bayes score on any email and there

Re: Matching To and Received addresses

On 03/28/2017 08:09 PM, Dianne Skoll wrote: > The "for..." clause is optional and a lot of MTAs don't add it. > Almost all MTAs will refuse to add it if it's for more than > one local recipient. True, but that is what OP is asking about comparing to, which is why I had mentioned it.