Re: txrep duplicated key with postgresql

The primary key for the public.txrep table must be unique, and evidently you already had a row with the same primary key. It seems likely that the combination [username, email, signedby and ip] will very often be duplicated, like every time you get another email from that person. Try this: -

Re: Custom rule help

On Wed, 2019-12-04 at 14:22 -0800, Chris Mulcahy wrote: > Actually, I want it to score if there ISN’T a match. If I get an email > addressed to slashdot@example.com from an address that isn’t from > slashdot, it’s likely spam. > > Currently, I am doing like you mentioned with a bunch of

Re: Custom rule help

On Wed, 2019-12-04 at 12:40 -0800, Chris Mulcahy wrote: > I want a rule that scores if “sitename” is not in the From: line. If > they send from i...@sitename.com, I’ll assume it’s legit. If sitename > does not exist, I’ll tick up the score a bit. I have done this for > some specific domains but

Re: Yet another simple question - how to reprocess an email

On Thu, 2019-11-28 at 22:12 -0500, Joe Acquisto-j4 wrote: > I use fetchmail on a different box to pull mail from several > accounts at an ISP and send those messages to the SA/postfix box. > OK, more similar to my setup, then, than I'd guessed. FWIW I used to use fetchmail, but found bugs, such

Re: Yet another simple question - how to reprocess an email

On Thu, 2019-11-28 at 18:38 -0500, Joe Acquisto-j4 wrote: > > > Is there any tangent down this path were I can get the dropped > > > "test" message to actually flow through, in "normal" fashion? > > > From logs I can see that spamd does seem to give the message a > > taste, as I can follow

Re: Yet another simple question - how to reprocess an email

On Thu, 2019-11-28 at 22:34 +, RW wrote: > A lot of us rely on SA stipping X-Spam-* headers, so header-based > filtering into a spam folder works correctly. This includes numerous > mail hosting and freemail providers. > Interesting: I've just rechecked this using your last message in this

Re: Yet another simple question - how to reprocess an email

On Thu, 2019-11-28 at 21:00 +, RW wrote: > There shouldn't be any need for this as SA strips such headers itself. > Yes, I've seem that said several times, BUT every time I capture some spam from Evolution by using "File:Save as mbox" to capture it as a .txt file and then feed it into SA as I

Re: Yet another simple question - how to reprocess an email

On Thu, 2019-11-28 at 11:56 -0500, Joe Acquisto-j4 wrote: > I want to be able to reprocess a particular email, marked as SPAM, > after making some SA tweaks. > I do something similar with with collection of test messages, mostly received spam, that I use to test my local SA rule set.

Re: bayes_toks location when running as a service

On Sat, 2019-11-23 at 13:07 -0600, Jerry Malcolm wrote: > Bob & John Thanks so much for the info. But as if I wasn't dazed > & confused enough already, I have discovered a new variable to the > whole thing. I have set up a couple of sandbox EC2 instances just to > play. I didn't realize it

Re: Custom rule to please the Mayor

On Fri, 2019-11-22 at 13:01 +, RW wrote: > On Fri, 22 Nov 2019 00:00:53 + > Martin Gregorie wrote: > > > > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor > > header __SM1 From:name =~ /^John M Mayor$/ > > header __SM2 From

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 14:22 -0700, Grant Taylor wrote: > I like the logic. > > Unfortunately, you need to be very careful as you start to run into > all the text permutations / homograph attacks. > Fair comment. What you saw was hacked together to show the principle, but not tested. Here's a

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 14:22 -0700, Grant Taylor wrote: > On 11/21/19 12:14 PM, Martin Gregorie wrote: > > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor > > header __SM1 From:name /display name/ > > header __SM2 From:addr /em

Re: What Rules Am I Missing

On Thu, 2019-11-21 at 13:56 -0600, Jerry Malcolm wrote: > I just want to know if everyone who installs SA is expected to go in > and modify all of the rule scores in order to get more that 1-2% > effectiveness of SA? I can't believe that is the case. Is there > really not a single rule that

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 13:24 -0500, Dave Goodrich wrote: > > Any thoughts on that or has anyone done something similar? > I have a similar rule that spotsfires on From: headers with @ in the name and a space in the address. I wrote it to spot rather obvious false senders, but something like the

Re: a simplified, home-made txRep?

On Tue, 2019-11-19 at 20:32 +0200, Henrik K wrote: > If you want to strictly test for both remote_email@remotedomain and > mail@mydomain, I'm afraid you need a custom plugin for it. > Sounds like a job for a relational database and a custom SAplugin to interface to it: by using a single table to

Re: List Of Available Spamassassin Rule

On Fri, 2019-10-25 at 05:10 -0600, @lbutlr wrote: > On 24 Oct 2019, at 07:24, Savvas Karagiannidis > wrote: > > you use a perl script like this: > > That’s useful enough it should be part of the SA install. > Agreed. Savvas Karagiannidis did a good job. I've found his script useful enough to

Re: Where to find the highest version to be installed by "yum"?

On Thu, 2019-09-26 at 16:48 -0500, Ramon F Herrera wrote: > Question: Are you folks aware of any 'yum' repository that carries a > version higher than 3.3.1? > Version 3.4.2 here, but running on Fedora 31, so using dnf rather than yum as my package manager. I think dnf is a considerable

Re: Spanish language i.c.w. DRUGS_ERECTILE et al.

On Thu, 2019-08-29 at 11:10 -0700, John Hardin wrote: > On Thu, 29 Aug 2019, Matus UHLAR - fantomas wrote: > > > > On Wed, 28 Aug 2019, Samy Ascha wrote: > > > > Today, I encountered, for the first time, an issue with scanning > > > > an email > > > > that is composed in Spanish. > > > > > > >

Re: Scoring by registrar?

On Sun, 2019-06-30 at 09:08 -0700, Sean Lynch wrote: > A very large number (nearly all, in fact) of the spams I receive > these days involve domains registered with Namecheap. I've received > hundreds of spams involving .icu domains from what appear to be the > same spammer. > Write a local rule

Re: How to create my personal RBL

On Wed, 2019-06-26 at 10:43 +0200, hg user wrote: > Unfortunately a personal RBL may not cover all the use cases I'm > thinking about and looking at the source code of a plugin that queries > a sql or redis server can be interesting. > If you can't find source for an SQL plugin, contact me off

Re: How to create my personal RBL

On Tue, 2019-06-25 at 11:09 -0500, David B Funk wrote: > that's way overthinking it. > David & David, I agree, now that there's a configurable OSS dnsbl server available, that using it is the obvious choice for dealing with a standalone list, but the OP did ask specifically about using database

Re: How to create my personal RBL

On Tue, 2019-06-25 at 16:11 +0200, hg user wrote: > I'd like to create my own RBL that answers queries about IP, domain or > address reputation. > Data should be stored in a database (mysql, postgres, redis, etc) so > that information can be added/modified/removed without the need to > restart

Re: spamd logging

On Wed, May 15, 2019 at 4:29 PM Lucio wrote: > Is there any configuration to have spamd log a particular message > header long with the other informations it usually logs? > I've not seen that mentioned by anybody, but, you can always write a filter that sits immediately downstream of spamc and

Re: Whitespace in urls

On Wed, 2019-04-17 at 08:44 -0400, buy wrote: > The spam email contains urls that look like this: > - > https://www. miwilurt. > com/mKC7AeJAmPT5duDOp6rh_aOmQfdpzd_Ewgbm87h8By6313NSjVfHM10dT8MhiBk0X > UB4g9vTUZrRs2U1fJUYCA~~/">click > here > >

Re: track messages

On Mon, 2019-03-25 at 13:49 -0600, Rick Gutierrez wrote: > > https://pastebin.com/nsJ4PUBM > I'd use awk to extract information from logs like that rather than messing around with an assemblage of grep and sed held together with bash glue: its exactly the sort of job that awk was written to

Re: No longer just embedded =9D characters in blackmail emails.

On Thu, 2019-03-21 at 12:20 -0700, John Hardin wrote: > > ...wrong thread? :) > Unfortunately so. For some reason my mail reader's editor (I use Evolution) locked up on my first attempt to reply and when I got it to respond it again it sent the stupid message containing one blank line. Then I

Re: No longer just embedded =9D characters in blackmail emails.

On Thu, 2019-03-21 at 09:23 -0700, John Hardin wrote: > On Thu, 21 Mar 2019, Savvas Karagiannidis wrote: > > > What should be considered is the message's language. All messages > > that were > > false positives had the following mime encoding (messages were > > actually in > > greek): > > > >

Re: White text + white background

Re: White text + white background

On Thu, 2019-03-21 at 09:32 +, Pedro David Marco wrote: > Hi... > > Any idea about how to detect white text over white background in > HTML? > When I've seen white text used, its been set via a tag, i.e, .. text .. or .. text .. Its easy enough to match either in a

Re: What's available to interpret spamassassin headers?

On Wed, 2019-01-30 at 15:24 -0500, Don Saklad wrote: > What's available to interpret spamassassin headers? > Why do you want to interpret them? Once we know that we may be able to provide more sensible answers, but in its absence all I can say is awk, C, and Perl. Here's what I use each for: -

Re: Howto - Full Report in Mail Header

On Thu, 2018-12-20 at 10:26 -0600, Rick Gutierrez wrote: > Hi , what would be the correct way to see the spamassassin report? > I've added report_safe 1 to my SA configuration. This has no effect on ham, but spam is treated the same way bounced e- mails: a wrapper message is created

Re: Spamassassin using remote rules definition source?

On Mon, 2018-12-10 at 04:57 -0700, ozgurerdogan wrote: > I simply need to write custom rules to block certain mails, domain > names. Do I have to learn programming language for this? Is not it > easy like create a conf file and let Sa update rules from that source > remotely via http? > Thats all

Re: Is $THIS possible?

On Mon, 2018-11-26 at 12:38 -0700, Grant Taylor wrote: > I agree with your logic. But I don't know if I want to organically > grow the list based on outgoing email recipients. I think I'd rather > use the contents of address books. (Obviously something needs to get > said address book data from

Re: Is $THIS possible?

On Sun, 2018-11-25 at 20:54 -0700, Grant Taylor wrote: > Ultimately I'd like to have a (hashed) list addresses that I > recognize and add (0.1?) to the spam score for each unknown address. > Write yourself a plugin which looks up a database table of known addresses. Thats not hard if you know a

Re: semi-OT - reporting an organization that ignores unsubscribe requests

On 18 Nov 2018, at 22:19, Joe Acquisto-j4 wrote: > > > Gents, > > > > I somehow became subscribed to a list, political in nature, in > > whose mail I have no interest. This is a legitimate AFAIK, US > > organization. > > I just auto-bin this stuff if their 'unsubscribe' link doesn't work.

Re: URI_HEX fp

On Mon, 2018-11-12 at 20:20 -0500, Alex wrote: > Hi, this doesn't look like it should be considered a hex URI. > > Nov 12 20:14:16.376 [15295] dbg: rules: ran uri rule URI_HEX ==> > got hit: "https://api-89c8e17d; > I didn't get any joy from playing with this one. By assuming that it

Re: Rule for a link with an numeric IP in body?

On Tue, 2018-10-30 at 13:56 +, RW wrote: > > I was using 3.4.2 > > > simply appending /alphastring to the > > bare IP caused it to be recognised by a URI rule. I was a little > > surprised as I'd been expecting the httpd:// or https:// prefix > > would > > be required. > A thought: I wonder

Re: Rule for a link with an numeric IP in body?

On Mon, 2018-10-29 at 18:18 +, RW wrote: > On Mon, 29 Oct 2018 17:26:29 + > Martin Gregorie wrote: > > > > describe MG_BARE_IP Bare IP in a URI > > body __MG_BAI0 /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/ > > uri __MG_BAI1 /\d{1,3}\.\d{1,3}\.\

Re: Rule for a link with an numeric IP in body?

On Mon, 2018-10-29 at 15:55 +0200, Anders Gustafsson wrote: > Is there such a rule already in 3.3.x? I would ideally want a version > of that that adds to the spam score if it sees a x.x.x.x/unsubscribe > link, possibly translated. > > Asking here as regexps are not really my strong side. >

Re: Phishing email or no?

On Thu, 2018-10-11 at 20:41 -0400, Alex wrote: > Is it spam because of your own rules, or something I'm missing? Could > it be failing DKIM because of my santizing? > Spotted in one - its was spam because a local rule triggered on your munging of some body URIs to contain 'example.com'. This

Re: Phishing email or no?

On Thu, 2018-10-11 at 16:30 -0400, Alex wrote: > Hi, > > I'm curious what people think of this: > > https://pastebin.com/1XjwaCY1 > My SA setup thinks its spam. I notice its DKIM is invalid and that the envelope from doesn't match the message-ID, which makes me suspicious. Doesn't a $100 draw

Re: Unexpected error spotted by --lint check

On Tue, 2018-10-02 at 12:20 +0300, Henrik K wrote: > Are you talking about the .cf file and line that contains rule being > warned about? I don't see how it could be done, looking at how the > cf and stuff are processed. > Yes I was, but if it can';t be done, fair enough. > I already patched

Re: Unexpected error spotted by --lint check

On Tue, 2018-10-02 at 07:57 +0300, Henrik K wrote: > This is also nothing else than a warn, the rule works regardless. > That makes warnings like this somewhat useless because this makes locating them rather difficult. Is there any possibility of showing the filename and line number in the --lint

Re: Unexpected error spotted by --lint check

On Mon, 2018-10-01 at 22:45 +0100, RW wrote: > It seems to be related to the use decimal numeric literals > > meta __YYY 1/2 > meta __XXX 0.2 * __YYY + 0.1 > > $ spamassassin --lint > ... > ... warn: config: Strange rule __XXX token: 0.2 > ... warn: config: Strange

Re: Unexpected error spotted by --lint check

On Sun, 2018-09-30 at 21:13 +0300, Henrik K wrote: > On Sun, Sep 30, 2018 at 06:44:07PM +0100, Martin Gregorie wrote: > > > > Sep 30 18:06:54.602 [18545] warn: config: Strange rule token: 1.5 > > According to code this can only be seen with meta rules. So check if > y

Unexpected error spotted by --lint check

I was just now link checking a modified local rule (SA 3.4.2 on Fedora 28, fully patched as on last Friday night (28Sep2018) when I got the error: Sep 30 18:06:54.602 [18545] warn: config: Strange rule token: 1.5 Sep 30 18:06:55.316 [18545] warn: lint: 1 issues detected, please rerun with debug

Re: Phish with xps attachment

On Tue, 2018-08-07 at 17:28 -0400, Bill Cole wrote: > Maybe check how you did that. Using the mimeexplode tool from the > Perl MIME-Tools package: > > # mimeexplode /tmp/xpsspam > Message: msg0 (/tmp/xpsspam) > Part: msg0/msg-53100-1.txt (text/plain) > Part: msg0/msg-53100-2.html

Re: Phish with xps attachment

On Tue, 2018-08-07 at 14:09 -0400, Alex wrote: > Anyone have ideas for viewing inside of an XPS file or otherwise > blocking phish attempts with xps attachments? > > https://pastebin.com/KtMnNPAg > I don't think this is validly base64 encoded. I chopped it down to just the supposed base64 text

Re: def_whitelist_auth

On Mon, 2018-07-16 at 09:39 -0500, John Schmerold wrote: > My local.cf has dozens of def_whitelist_auth entries > (def_whitelist_auth > *@ibm.com, def_whitelist_auth *@citi.com, def_whitelist_auth > *@chase.com, etc) > > A couple questions for the SA geniuses: > > 1) Is there a mechanism to

Re: Remove SA tagging when learning as ham

On Mon, 2018-06-18 at 14:26 +0100, RW wrote: > On Mon, 18 Jun 2018 14:11:16 +0100 > Martin Gregorie wrote: > > > > I normally use an awk script for this sort of job because they are > > short, easy to write and run fast. > > There's no point in the OP doin

Re: Remove SA tagging when learning as ham

On Mon, 2018-06-18 at 06:13 -0600, @lbutlr wrote: > I have a script that runs when a mail is moved out of the Junk folder > to pass the mail through sa-learn --ham, but it doesn’t removed the > subject tagging (Spam: 05.5) nor does it remove the X-Spam-Flag > header. > > What would I need to do

Re: Whitelisting envelope-from

On Fri, 2018-06-01 at 15:37 -0400, Alex wrote: > Hi, > I have an email with an address as follows that I'd like to > whitelist: > > X-Envelope-From: > > Using whitelist_auth doesn't appear to work: > > whitelist_auth FredSavage*@cmail19.com > Try whitelist_auth FredSavage.*@cmail19.com

Re: Problems with SORBS?

On Sat, 2018-04-07 at 02:07 -0400, Bill Cole wrote: > On 6 Apr 2018, at 8:08, Martin Gregorie wrote: > > > I'm getting a lot of SORBS lookups rejected due to an "unexpected > > RCODE". Is anybody else seeing these? > > I'm sure someone is... >

Problems with SORBS?

I'm getting a lot of SORBS lookups rejected due to an "unexpected RCODE". Is anybody else seeing these? I'm running BIND 9.11.3-RedHat-9.11.3-2.fc27 Martin

Re: how to grep multiline add-header X-Spam lines

On Wed, 2018-02-28 at 21:01 +0100, Benny Pedersen wrote: > how do one make multiline grep of add-header line, this is imho > triggy since it on long lines continue on next line with a first char > space, if one could help me solve it i be thankfull > I don't know an direct fix, but you could using

Re: Email filtering theory and the definition of spam

On Thu, 2018-02-08 at 09:23 -0600, David Jones wrote: > On 02/07/2018 06:28 PM, Dave Warren wrote: > > On Wed, Feb 7, 2018, at 15:52, Martin Gregorie wrote: > > > > Technically, you asked for the email and they have a valid opt- > > > > out > > > > p

Re: Email filtering theory and the definition of spam

> Technically, you asked for the email and they have a valid opt-out > process that will stop sending you email. Yes, the site has scummy > practices but that is not spam by my definition. > Yes, under EU/UK that counts as spam because the regulations say that the signer-upper must explicitly

Re: Body rules hit on Subject

On Fri, 2018-02-02 at 16:59 -0500, Kevin A. McGrail wrote: > There is no solution at the moment. The subject is appended to the > body of the text for rule parsing. I've added a task I plan to > submit for GSOC consideration to add a tflag to disable this > behavior. > Would it sensible leave

Re: Penalty for no/bad SPF

On Wed, 2018-01-24 at 14:24 -0800, John Hardin wrote: > I think he was referring to MTA-side forwarding, not forwarding an > email you received (which forward comes *from you*). > I was wondering if this could be related to Joseph's comment that "DMARC is destroying forwarding and mailing lists"

Re: Penalty for no/bad SPF

On Wed, 2018-01-24 at 16:45 -0500, Joseph Brennan wrote: > DMARC is not a standard according to RFC 7489, "Status of This Memo". > It's just informational, for those who want to play the game. DMARC > is destroying forwarding and mailing lists, > Could this be why recent releases of the Evolution

Re: Penalty for no/bad SPF

On Wed, 2018-01-24 at 19:01 +, Vincent Fox wrote: > SPF is a zombie legacy that someone should shoot in > the head. > SPF is still good for what I've always thought was its main use: detecting spam delivered by backscatter. Given that its dirt cheap to implement, and easy too verify now that

Re: Using Cloud AutoML as an AI for an Anti-spam filter ?

On Tue, 2018-01-23 at 10:55 +, Zulma Pape wrote: > Hi, > > I have just read about the Cloud AutoML and how Google made it > possible for users to train their own custom machine learning > algorithms from scratch. > That's very unlikely. What Google have released is a tool for training their

Re: skipping nameserver '0.ns.spamhaus.org' because it is a CNAME

On Sun, 2018-01-14 at 09:07 -0600, Chris wrote: > I started seeing this yesterday evening > - https://pastebin.com/Q01t63uf > I saw the same thing in last night's logwatch report and its being reported in today's 'message' log. According to my logs it started here at Jan 13 22:41:03 and is still

Re: [Bug 7331] channel: SHA1 verification failed, channel failed

On Thu, 2018-01-11 at 22:15 +, RW wrote: > On Thu, 11 Jan 2018 09:46:24 -0600 > David Jones wrote: > > > > I bet most mirrors have a cron entry like "*/10" ... If we still > > see > > problems I can extend the delay some more. > > But the point of a longer delay is that it gives rsync a

Re: [Bug 7331] channel: SHA1 verification failed, channel failed

On Wed, 2018-01-10 at 15:23 +, RW wrote: > On Wed, 10 Jan 2018 15:10:52 + > Martin Gregorie wrote: > > > > The update defaults to being run from /etc/cron.weekly/sa-update, > > which runs /usr/bin/sa-update without any other parameters and does > > no

Re: Fwd: [Bug 7331] channel: SHA1 verification failed, channel failed

On Wed, 2018-01-10 at 09:09 -0500, Kevin A. McGrail wrote: > Anyone having issues with Sha1 failures on their machines on sa- > updates? > No problems are being reported. The log just shows a single 'Update completed' line for each weekly update. > Anyone familiar with sa-update.cron so we can

Re: error: unable to refresh mirrors file for channel updates.spamassassin.org

On Tue, 2017-12-12 at 17:56 -0700, patf wrote: > PS. Looks like I'm going to have to take a different approach to > automating establishment of firewall rules blocking script kiddies > trying to brute-force my system. > Something like this may work for you too: - I have NO externally visible or

Re: Scoring Philosophy?

On Sat, 2017-11-25 at 14:37 -0600, David Jones wrote: > With that rule as it stands, an easily spoofed "Amazon > " would not hit FAKE_AMAZON_FROM. Even if the > rule specified "@amazon.com," then native DMARC support would be > needed to block spoofed From: headers for the

Re: Scoring Philosophy?

On Sat, 2017-11-25 at 11:41 -0600, Jerry Malcolm wrote: > Thanks so much for all the info. I have installed KAM rules, and > I've > started becoming a ninja writing my own (simple) rules. MUCH > improved > results (amazing when you finally learn what your doing) > > I figure before this

Re: Scoring Philosophy?

On Wed, 2017-11-22 at 00:39 -0500, Bill Cole wrote: > A related and increasingly common (dunno why) source of never > hitting DNSBL rules is a form of firewall/router NAT sometimes called > "Secure NAT" where inbound connections have their source IP's > replaced with the IP of the device handling

Re: The rise of highly targeted spam emails

> Thank you for the info. I haven't considered it before, but it makes  > sense to store large mail archives in SQL databases. I suppose it is > one of the few ways to efficiently search such a large volume of data > - much faster than searching Maildir or MBOX archives. > ... and it lets you

Re: The rise of highly targeted spam emails

On Thu, 2017-11-16 at 09:15 +, Sebastian Arcus wrote: > On 15/11/17 18:11, Martin Gregorie wrote: > > On Wed, 2017-11-15 at 14:44 +, Sebastian Arcus wrote: > > > > > > I initially decided that an archive was A Good Thing to have, > > simply becau

Re: The rise of highly targeted spam emails

On Wed, 2017-11-15 at 14:44 +, Sebastian Arcus wrote: > Thank you - that is an interesting idea. Do you use a software to  > extract the emails from the Sent archives, or do you add them to the  > database on-the-fly, when the sent emails go out through your MTA? > If you have any links or

Re: The rise of highly targeted spam emails

On Wed, 2017-11-15 at 08:41 +, Sebastian Arcus wrote: > The emails often contain links to various popular cloud platforms - > such as SharePoint, DropBox etc. Most of the emails come from clean > domains, or from large webmail providers. > I'd say there is not a lot you can do if the legit

Re: blacklist_from not working with SA version 3.4.0

On Sat, 2017-10-14 at 14:45 +0100, RW wrote: > spamkiller looks to have been been written for use with fetchmail; > Indeed it was, and ran that way until I got pissed off with the bugs in fetchmail - especially the one that caused it to leave delivered mail on the remote server, never to be

Re: blacklist_from not working with SA version 3.4.0

On Mon, 2017-10-09 at 17:24 -0700, Imam Toufique wrote: > > So, I followed the example and created my command below: >  > su fetchmail -s /bin/sh -c "/usr/bin/spamc | > /usr/local/bin/spamkiller > -c=/usr/bin/fetchmail -a -v -f /opt/RT/4.4.2/etc/fetchmailrc" >  > when I run the above, nothing

Re: blacklist_from not working with SA version 3.4.0

y environ library to compile. Source for that is in environ_srce-1.10.tgz and its documentation is in environ_docs-1.10.tgz or online, linked from the same page. Martin > thanks. > > On Mon, Oct 9, 2017 at 11:52 AM, Martin Gregorie <mar...@gregorie.org > > > wrote: >

Re: blacklist_from not working with SA version 3.4.0

On Mon, 2017-10-09 at 10:25 -0700, Imam Toufique wrote: > But it is not deleting/discarding those mails.  I am > not sure how to do that.  Can you please tell me how to do that?  I > want all e-mails (in this example... ) from gmail.com to be > deleted/discarded as > soon as SA scans them. > SA

Re: FROM header with two email addresses

On Mon, 2017-10-02 at 23:18 +0200, Benny Pedersen wrote: > John Hardin skrev den 2017-10-02 23:13: > > > Where?  \w is not case-sensitive. > > perfect then, i had not know that, learning still so > Do you have a copy of the 'Camel Book'? AKA "Programming Perl" by Larry Wall, Tom Christiansen &

Re: Would anyone be interested in a SA enhancing service?

On Fri, 2017-09-22 at 08:40 -0700, Marc Perkel wrote: > This is something I'm thinking about doing - providing a service > that integrates into SA as a plug in and communicates with my servers > to return a useful score enhancer. > > If there is interest my initial demo test will be just stuffing

Re: ISIPP - Re: bb.barracudacentral.org

On Wed, 2017-09-20 at 19:39 -0500, Chris wrote: > It was installed by default when upgrading from 14.04LTS to 16.04LTS > Then it may be best to just leave it there. > I have stopped Network Manager. I've not disabled or removed it yet > as I'm watching to see how named does the queries now. > I

Re: ISIPP - Re: bb.barracudacentral.org

On Wed, 2017-09-20 at 08:01 -0700, Ian Zimmerman wrote: > Finally (and getting really OT), it helps to keep relevant /etc files > under version control, so you know when the system helpfully shifts > the ground under you. > Really good advice. I keep a copy of all the configuration files I've

Re: ISIPP - Re: bb.barracudacentral.org

On Wed, 2017-09-20 at 08:48 -0500, Chris wrote: > On Wed, 2017-09-20 at 11:15 +0100, Martin Gregorie wrote: > > On Tue, 2017-09-19 at 19:32 -0500, Chris wrote: > > > > > > Hi Martin, here's what I see: > > > > > > sudo systemctl s

Re: ISIPP - Re: bb.barracudacentral.org

On Tue, 2017-09-19 at 19:32 -0500, Chris wrote: > Hi Martin, here's what I see: > > sudo systemctl status dnsmasq > [sudo] password for chris:  > ● dnsmasq.service >    Loaded: not-found (Reason: No such file or directory) >    Active: inactive (dead) > chris@localhost:~$ sudo systemctl enable

Re: ISIPP - Re: bb.barracudacentral.org

On Tue, 2017-09-19 at 16:44 -0500, Chris wrote: > > Thanks Martin, here's what I get, it appears to not be running. > > sudo systemctl stop dnsmasq > [sudo] password for chris:  > Failed to stop dnsmasq.service: Unit dnsmasq.service not loaded. > OK, that makes sense > sudo systemctl disable

Re: ISIPP - Re: bb.barracudacentral.org

On Tue, 2017-09-19 at 15:40 -0500, Chris wrote: > > > > > > I've disable dnsmasq in my > > > > > > /etc/NetworkManager/NetworkManager.conf > via > #dns=dnsmasq > > However, when restarting the network I see: > dnsmasq[2323]: reading /etc/resolv.conf > dnsmasq[2323]: using nameserver 127.0.0.1#53

Re: phising spam

On Sat, 2017-09-16 at 22:20 +0530, Rajesh M wrote: > hello > > how do we mark such email as spam where our customer is sent an email > asking user to verify account to prevent the account being disabled. > Impossible to say without seeing the headers of that email. > i have provided below the

Re: [poppler] Encrypted malicious PDFs fails

On Wed, 2017-09-13 at 20:36 -0400, Alex wrote: > I understood that without the password the document would not be > visible, not just that it couldn't be changed. > Thats my understanding too. I've always been unable to see a password protected PDF until I supply the password: all you see when

Re: ramsonware URI list

On Sat, 2017-07-15 at 09:59 -0700, Ian Zimmerman wrote: > On 2017-07-15 11:59, Antony Stone wrote: > > > Maybe other people have further optimisations. > > With awk already part of the pipeline, all those seds are screaming > for > a vacation. > Indeed. I think the whole job can be done fairly

Re: "bout u" campaign

On Thu, 2017-07-13 at 13:26 -0400, Alex wrote: > Would you be willing to share a few examples? > You can download the script processor and documentation from here: http://www.libelle-systems.com/free/ Its called 'portmanteau' and is a .tgz compressed tar archive Contact me offlist if you want

Re: "bout u" campaign

On Thu, 2017-07-13 at 12:59 +, Charles Amstutz wrote: > I find it challenging to constantly keep up with campaign's.  My > guess with the phone number is to try to make it seem more > legitimate.  > More recent, I try to look for general characteristics and go for > that, in order to

Re: Feature idea: Expiring rules

On Tue, 2017-06-13 at 14:38 -0500, Noel wrote: > On 6/13/2017 12:10 PM, Dianne Skoll wrote: > > On Tue, 13 Jun 2017 08:59:27 -0700 (PDT) > > John Hardin wrote: > > > > > Dependencies. > > > > Yes, that would mess things up.  Probably shouldn't be able to > > expire > > rules

Re: Quarantine processing...

On Mon, 2017-06-05 at 21:27 -0400, Alex wrote: > Hi, > > Does anyone have a script or something that goes through the > quarantine (amavis in my case, gzipped) and produces some kind of > report about the messages that have been tagged? > This rather depends on exactly what you want to see and

Re: Spamassassin fails after 410+ days?

On Sat, 2017-05-20 at 02:17 -0400, piercedfreak wrote: > I am running Freebsd 10.0, with Postfix, Dovecot, MySql, and > Spamassassin 3.4.0(Perl 5.16.3). This is the second time this has > happened to me. All ran fine for roughly 410 days, then Spamassassin > stop flagging emails, and has all kinds

Re: URIBL_BLOCKED on 2 Fedora 25 servers with working dnsmasq, w/ NetworkManager service

On Thu, 2017-05-18 at 21:46 +, David Jones wrote: > > From: John Hardin > > I think this part of the wiki page may not be stressed stongly > > enough: > > Non-forwarding > > If you have a large ISP or are using large public DNS provider(s) > > it is  > > recommended you

Re: txrep and spam lists

On Sun, 2017-05-07 at 13:27 +0100, RW wrote: > On Sun, 07 May 2017 10:33:56 +0100 > Martin Gregorie wrote: > The only other thing you need is a way remove SA headers from your > > spam collection. A bash script using awk to do the heavy lifting &

Re: txrep and spam lists

On Sun, 2017-05-07 at 00:37 +0200, Benny Pedersen wrote: > why not back that spam up to gmail ? :=) > Even easier: save them to a directory as text files and make sure that's included in your daily/weekly backups. The only other thing you need is a way remove SA headers from your spam

Re: ANY_BOUNCE_MESSAGE questions

On Mon, 2017-05-01 at 17:13 +0200, Matus UHLAR - fantomas wrote: > > > Is there something on vbounce that does notappl for you? > loading it and settings proper whitelist_bounce_relays should hit all > bounces that did not come as response to mail from your systems... > Obvious spam was being

Re: ANY_BOUNCE_MESSAGE questions

On Sun, 2017-04-30 at 17:10 -0400, Alex wrote: > I'm talking about legitimate, non-spam mail sent by users on our > systems with valid accounts having their bounces being tagged as > spam. > And of course, any valid bounce must be delivered. > > In any case, regardless of whether I get bounced

Re: ANY_BOUNCE_MESSAGE questions

On Sun, 2017-04-30 at 14:42 -0400, Alex wrote: > It sounds like you're saying you're adding points to bounce emails > that don't originate from email sent by your system? > Correct, or more specifically this is intended to catch spam spoofing my domain as sender and rejected by its destination.

<    1   2   3   4   5   6   7   8   9   10   >