On Fri, May 03, 2024 at 08:22:09PM +0200, tba...@txbweb.de wrote:
> when a send a test spam message to my server it recognizes it as spam and
> puts it into /var/lib/amavis/virusmails as a gz file. In this file I can
> find the complete X-Spam-Header, etc:
>
> But this header is missing in the
On Mon, Apr 15, 2024 at 01:48:53PM +, Michael Grant via users wrote:
> > I don't like any daemon connecting to my mail storage. Can you imagine if
> > your solution gets hacked, how much data would be compromised? I prefer
> > messages being scanned/marked before stored. I wonder if this is
On Sun, Apr 07, 2024 at 08:40:40PM -0500, Jerry Malcolm wrote:
> The problem is that gmail, in particular continues to insist on
> putting these in spam folders and (theoretically) discarding some
> of them completely. Some of users swear they never get them and
And did you check that claim?
On Fri, Feb 23, 2024 at 06:43:53PM -0500, J Doe wrote:
> 23-Feb-2024 18:33:02.422 queries: info: (localhost.ca): query:
> localhost.ca IN +E(0) (127.0.0.1)
>
> 23-Feb-2024 18:33:02.422 queries: info: (localhost): query: localhost IN
> +E(0) (127.0.0.1)
> What's interesting is that this
On Mon, Feb 19, 2024 at 02:38:03PM -0500, Bill Cole wrote:
> On 2024-02-18 at 18:40:45 UTC-0500 (Mon, 19 Feb 2024 00:40:45 +0100)
> Matija Nalis is rumored to have said:
> > - Firsty: yes, I'm fully aware of all issues associated with
> > https://en.wikipedia.org/wiki/Ca
Preface:
- Firsty: yes, I'm fully aware of all issues associated with
https://en.wikipedia.org/wiki/Callout_verification
(and there is a LOT of them!)
- I'm not looking for debate about general usefulness of Callout
verification (and the system for which it is being investigated is
not
On Fri, Jan 19, 2024 at 10:37:13AM -0600, Thomas Cameron wrote:
> The forwarded email is being *accepted* by GMail. My issue now is that GMail
> drops it into the recipient's spam folder. I suspect it's a reputation
> thing. Once the server is up and running for a while, I'm hoping that GMail
>
bodyGIFT_CARD /gift card/i
score GIFT_CARD 1.5
metaFREEMAIL_GIFTCARDSGIFT_CARD && (FREEMAIL_FROM || !DKIM_VALID)
score FREEMAIL_GIFTCARDS6.0
If you're not big on gift cards.
Also, you might want to enable and train Bayes...
On Thu, Jan 04, 2024 at 01:19:28PM -0800,
On Thu, Oct 05, 2023 at 03:15:31PM -0400, Bill Cole wrote:
> On 2023-10-05 at 03:41:59 UTC-0400 (Thu, 05 Oct 2023 14:41:59 +0700)
> Olivier is rumored to have said:
>
> > Recently I have received a wave of mails in the form
> > From: word-olivier@somewhere.random
> > To: oliv...@mydomain.com
> >
On Thu, Jul 27, 2023 at 07:11:59AM +1000, Noel Butler wrote:
> On 27/07/2023 05:09, Matija Nalis wrote:
>
> > Any SPF, no matter how correctly configured, will lead to false
> > positives in some cases (e.g. encoutering mailing list
>
> B.S.
I'd appreciat
On Wed, Jul 26, 2023 at 06:44:32PM +, Marc wrote:
> > At the risk of starting a flame war...
> >
> > What does "correctly setup SPF" mean to you?
>
> so your ip does not generate a softfail or fail
Only way to make SPF never incorrectly fail/softwail is to use "+all",
but that kind of
On Sun, Jul 16, 2023 at 01:37:39PM +0100, Martin Gregorie wrote:
> Another way to do this is to build either a mail archive or a database
> of addresses you've sent mail to and simply add a positive score to mail
> from anybody who you've sent mail to: this needs the following bits of
> code:
So,
On Sat, Jul 15, 2023 at 10:04:18PM -0500, Thomas Cameron wrote:
> pass
> fail
>
So, it fails SPF, but DKIM passes. Meaning, your mail would pass
normally modern servers which check both.
If you do not want to receive such status messages, you should update
your DMARC records (currently
On Sun, Jul 09, 2023 at 07:06:10PM +0200, Robert Senger wrote:
> I've set up a testing environment that also uses master-master
> replication of the mysql bayes database, with priority in dns set to
> equal for both mx to get incoming mail distributed evenly to both
> systems. So far, this seems
On Thu, Dec 15, 2022 at 09:17:54AM -0500, Bill Cole wrote:
> On 2022-12-15 at 07:03:25 UTC-0500 (Thu, 15 Dec 2022 12:03:25 + (UTC))
> Pedro David Marco via users is rumored to have said:
>
> > HI,
> > Situation:i have 2 twin servers running exactly the same OS, and SA.
> > (3.4.4)
Are there
On Wed, Jun 21, 2023 at 12:00:41PM +0200, natan wrote:
> I tested via configurations
>
> 1)dovecot10 + spamassasin-3.x - problem not exists
> 2)dovecot11 + spamassasin-3.x - problem not exists
> 3)dovecot10 + spamassasin-4.x - problem exists
> 4)dovecot11 + spamassasin-4.x - problem exists
>
>
On Fri, May 12, 2023 at 05:32:30PM +0200, Reindl Harald wrote:
> > On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote:
> > > On Fri, 12 May 2023, Matija Nalis wrote:
> > > > That is because those domains are not EQUAL? Od did you wanted a
> > > >
On Fri, May 12, 2023 at 11:57:57AM -0400, Alex wrote:
> I'm curious what people think of URL rewriting or otherwise having some
Such rewriting would break digital signatures, and would not work at
all e.g. on encrypted e-mails.
> kind of idea of whether a URL could or should be scanned at some
On Fri, May 12, 2023 at 09:49:40AM -0500, Dave Funk wrote:
> On Fri, 12 May 2023, Matija Nalis wrote:
> > That is because those domains are not EQUAL? Od did you wanted a
> > rule that checks only on SIMILAR domain names (e.g. with lowercase
> > letter "L" repl
On Thu, May 11, 2023 at 09:41:34PM +, Marc wrote:
> > > I was wondering if spamassassin is applying some sort of algorithm to
> > > comparing sender domain against recipient domain to detect a phishing
> > > attempt?
> >
> > There is a suite of meta rules and subrules with names containing
>
On Wed, Apr 26, 2023 at 03:21:50PM -0400, Kris Deugau wrote:
> http://deepnet.cx/~kdeugau/spamtools/cornell-birds.eml
Thanks. Adding some dbg() in HTML.pm of my SA 3.4.6, it seems it is
triggered this part of the email:
"background" is deprecated (but still supported) HTML attribute:
On Thu, Feb 16, 2023 at 05:34:37PM -0500, joe a wrote:
> Oh, of course. I installed as root initially, being foolish perhaps, but
> did create a specific user "later" and adjusted permissions as needed. Or,
> so I thought.
well, installing as root (especially with restrictive umask) manually
On Thu, Feb 16, 2023 at 01:02:25PM +0200, Henrik K wrote:
> On Thu, Feb 16, 2023 at 10:18:50AM +0100, hg user wrote:
> > Every score is based on headers, very generic headers. and some
> > related to my setup.
> >
> > Not a single token from the message body
>
> The Bayes implementation has
On Wed, Oct 12, 2022 at 10:45:06AM +0200, Matus UHLAR - fantomas wrote:
> On 12.10.22 10:41, Noel Butler wrote:
> > or save SA doing extra work, and use the RBL's at MTA level - where they
> > should be used and have been used for 25 years in the ISP world
>
> you compare uncomparable.
>
> SA
Some of legitimate mails here are being hit with rather high KAM_OCTET_PHISH=3
it seems to trigger when I have both text/html and application/octet-stream
MIME parts.
reduced/sanitized example at: https://pastebin.com/D4vqKnLC
It seems to be multi-rule meta, but all those sub-rules seem to
On Thu, Jun 02, 2022 at 02:47:28PM +0200, Bert Van de Poel wrote:
> For the errors about nonexistent uses you will want to have a look at
> /etc/default/spamassassin I'm guessing.
> For the info messages: this has just got to do with your logging level. You
> will want to decrease it in local.cf
On Sat, May 07, 2022 at 09:35:31AM -0700, Paul Pace wrote:
> On 2022-05-07 07:53, Benny Pedersen wrote:
> > On 2022-05-07 16:42, Paul Pace wrote:
> > > * 10 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL
> > > * blocklist
> > > * [URIs: wikileaksdotorg]
>
> The
You should probably check that none of your ham (i.e. non-spam)
messages contains SPAM_99 or SPAM_999. It can happen when spammers
poison your bayes database, and increased score in that case might
lead to legitimate mail being misclassified as a spam.
On Thu, May 05, 2022 at 10:37:40AM -0500,
On Mon, Apr 04, 2022 at 07:45:02AM +0100, Niamh Holding wrote:
> Hello Matija,
> Sunday, April 3, 2022, 11:13:13 PM, you wrote:
>
> MN> For closer example to yours requirements then, perhaps look into
> 72_active.cf
> MN> regex for RCVD_IN_IADB_LISTED
>
> So you suggest [26] instead of (2|6)
On Mon, Apr 04, 2022 at 12:19:23AM +0100, Martin Gregorie wrote:
> For instance, I whitelist any email sender who I've previously sent mail
> to. To do this I maintain am email archive held in a PostgreSQL
> database and wrote an SA plugin that searches the archive for any
> message(s) I've
On Sun, Apr 03, 2022 at 10:06:51AM +0100, Niamh Holding wrote:
> Hello Matija,
> Saturday, April 2, 2022, 7:12:42 PM, you wrote:
>
> MN> grep -r check_rbl_sub /var/lib/spamassassin
> MN> for examples of what's possible and how (e.g. 25_dnswl.cf)
>
> Looking there I see nothing equivalent to
On Sat, Apr 02, 2022 at 06:09:20PM +0100, Niamh Holding wrote:
> Will this work to check 2 ip address responses, or do I have to write
> separate ruled for 127.0.0.2 & 127.0.0.6
>
> header __NH_HOLTRBL_X1
> eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.(2|6)')
You can
On Mon, Mar 21, 2022 at 06:31:07AM -0600, @lbutlr wrote:
> On 2022 Mar 21, at 04:37, Henrik K wrote:
> > Right, it does seem you haven't imported the key..
>
> Thanks! That's what was missing. Odd, considering there were KAM files
> present, just not recent ones. Anyway, not my system, but all
On Sun, Dec 19, 2021 at 12:18:15AM +1030, Peter wrote:
> Today I got my life back.
>
> Decided to ditch TXrep and go back to AWL. It might not be as clever,
> but at least it works!
>
> The inability to do working manual changes to scores meant wasting a lot of
> time having to add addresses
On Wed, Dec 01, 2021 at 01:52:16PM +0100, Matus UHLAR - fantomas wrote:
> >
> > > results
> > > - ALL_TRUSTED doesn't fire because 192.0.2.1 in X-Originating-IP
> > >
> > > - HELO_NO_DOMAIN fires
> > > - RDNS_NONE fires
> > > - both because X-Originating-IP contains no helo/DNS data.
> > >
> >
On Tue, Nov 30, 2021 at 12:03:15PM -0700, Philip Prindeville wrote:
> > On Nov 17, 2021, at 9:50 AM, Bill Cole
> > wrote:
> > SpamAssassin rules are not laws in any sense. They do not prescribe or
> > proscribe any action. They do not reflect any sort of moral or ethical
> > judgment. They do
On Tue, Nov 30, 2021 at 11:47:36AM -0700, Philip Prindeville wrote:
> I'm looking at the 0.001 scoring for SPF_NONE and scratching my head. This
> was discussed a bit in early 2015, but maybe it needs revisiting with new
> perspective.
SPF is double edged sword. Sure, when it great to
On Thu, Nov 11, 2021 at 02:21:06PM -0500, Greg Troxel wrote:
> yes, what I really want is something like
>
> exclude_from_dnswlgmail
I guess you could disable default DNSWL_MED score with:
score DNSWL_MED 0
and then create your own score:
metaMY_DNSWL_MEDDNSWL_MED &&
I use DNSWLh spamassassin plugin from
http://www.chaosreigns.com/dnswl/sa_plugin/
which allows that "spamassassin --report" also reports to DNSWL, thus improving
DNSWL database for everybody.
Also, I reduce effect of RCVD_IN_DNSWL_MED to -0.5 as default seems
somewhat unreasonable.
On Thu, 11
Firstly, the instructions for reading this e-mail: please read it whole,
and understand that (although it may sound harsh at places) I am actually
trying to help you. Only then reply (if needed). It is also somewhat long,
but it does contain some technical info (and not only my rants :) Thanks.
40 matches
Mail list logo
