into welcomelist_auth
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
On 8/29/2022 1:10 PM, Matus UHLAR - fantomas wrote:
perhaps ExtractText module could do that.
It's available in SA4 (currently beta afaik) and on:
https://github.com/DavidGoodwin/ExtractText
On 30.08.22 01:00, Kevin A. McGrail wrote:
NOTE that I don't believe the version in SA4 is the same
it make sense to support berkeley DB here?
On Sun, Aug 28, 2022 at 3:02 PM Matus UHLAR - fantomas
wrote:
I'm trying to set up url_shortener_cache_dsn globally, but spamassassin is
run by multiple different users.
is it possible to specify url_shortener_cache_dsn relative according to
user_prefs
win/ExtractText
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!
or:
dbi:SQLite:dbname=$HOME/.spamassassin/DecodeShortURLs.sqlite
did not work, complained
using only:
dbi:SQLite:dbname=DecodeShortURLs.sqlite
created the file in current directory.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
commercial, you've been around a great many years Martin, so I'm glad
you resist the temptation of the fools.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek
variant.
with pregreet pause, it also drops big number of spambots.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
MAIL /\w@\S+\.\w/
.. there's atachment of type image/gif but the body does not
contain any URI containing :// nor any e-mail address.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.
022 04:40:21 +0200 (CEST)
^
unless your mailserver adds envelope recipient address to the headers
(common for domain mailboxes, uncommon for others)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to thi
__HDRS_MISSP ALL:raw =~
/^(?:Subject|From|To|Reply-To):\S/ism
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can
, MIME_HTML_ONLY=0.1, PYZOR_CHECK=1.985,
SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.652, T_SCC_BODY_TEXT_LINE=-0.01]
looks like you should implement bayes.
since these are generated by amavis, you could train amavis database.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk
-hood.tweakedtoperfection.com.
194.87.42.59rivas-martinez.tweakedtoperfection.com.
194.87.42.60colon.tweakedtoperfection.com.
194.87.42.61thompson.tweakedtoperfection.com.
194.87.42.62armstrong-brown.tweakedtoperfection.com.
194.87.42.63clark.tweakedtoperfection.com.
--
Matus UHLAR
On 2022-06-29 10:25, Matus UHLAR - fantomas wrote:
Since SpamAssassin does deep header scanning, it's more effective than
just use incoming IP at MTA level.
On 29.06.22 10:58, Benny Pedersen wrote:
this is not good, its a sign of forwarding that forwards spam in the
first place, that make
single DNSBL) and use them within SA too.
Since SpamAssassin does deep header scanning, it's more effective than just
use incoming IP at MTA level.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie
via RC5321
This is an invoice phish that isn't tagged. Ideas on how to block these
would be appreciated.
https://pastebin.com/FXX8cx5f
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
On 23.06.22 15:56, Eduardo Maia wrote:
I'm trying to block the emails with fake FROM like:
From: "Nick Blue "
I have installed spamassassin v3.4.6 and after I enabled the
FromNameSpoof plugin.
On 23.06.22 18:08, Matus UHLAR - fantomas wrote:
I have checked FromNameSpoof plug
.cf
header LOCAL_FROMNAME_SPOOF eval:check_fromname_spoof()
score LOCAL_FROMNAME_SPOOF 5.0
My question is about how to configure this plugin and also which score
i should give on the new rules ?
you have just described how you configured it.
the next question is how do you block them.
--
Matus UHLAR
executes checks under different users - I use spamass-milter for
that.
if you use amavis, you don't need spamd.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
_DMARC_POLICY_REJECT only says that the sender domain has DMARC policy
set to reject, it does not say that the mail is to be rejected
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tut
g for weeks.
doesn't amavisd by any chance use old SA installation/libraries?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost your
it through SA after it's received, it doesn't hit
KAM_DMARC_REJECT or DMARC_REJECT. In fact, it hits DMARC_PASS. It
also continues to hit DKIM_VALID_AU. I don't know how to explain that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
y email traffic is so low, couldn't I leave clamav running on
the more powerful/larger ram web server and have postfix access clamav
on that ip? Just did a quick search and some people are running it on
a separate server. Just a pre-coffee thought.
yes, should work perfectly.
--
Matus
ted to that, I
believe.
there are also many signatures for JS and other kinds of malicious content
in clamav...
however, with clamav, 2G of RAM is not enough. Especially when using
ConcurrentDatabaseReload (default on)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
War
g the PurePerl DMARC lib now as well.
let us know
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
r if you have Mail::SpamAssassin::Plugin::DMARC loaded or not.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in th
>On Tue, May 24, 2022 at 1:09 PM Matus UHLAR - fantomas wrote:
>> have there been rejects often before?
On 24.05.22 13:58, Alex wrote:
>I have hundreds of these over the last few days (week?), but they could go
>back even further than that. It appears to primarily hi
gt;> Since uninstalling it this morning, there have been no other occurrences
>> of KAM_DMARC_REJECT all day for any emails.
On Tue, May 24, 2022 at 1:09 PM Matus UHLAR - fantomas
wrote:
have there been rejects often before?
On 24.05.22 13:58, Alex wrote:
I have hundreds of these ove
TUS
On 24.05.22 13:02, Alex wrote:
What are the proper libraries that should be used to support DMARC with SA?
This one should be, but there seems to be either a bug in that library or in
SA code handling that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
DKIM_VALID_AU.
https://pastebin.com/9g9VrgVK
https://pastebin.com/DCu9cq4t
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets
On 22.05.22 12:25, Kevin A. McGrail wrote:
>#1 you can use the welcomelist entries but NOT the welcomelist_auth
>entries if DMARC is failing.
On Sun, May 22, 2022 at 1:51 PM Matus UHLAR - fantomas
wrote:
isn't welcomelist_auth okay with DKIM_VALID_AU ?
On 22.05.22 15:17, Alex
, sorry to say it's been rougher than I wanted too.
But we have it in production and we are working on edge cases from my end.
Alex (OP), do you have Mail::DMARC installed?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
On 2022-05-10 20:39, Matus UHLAR - fantomas wrote:
From: nore...@ess.firstdata.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=6g5c7kdjkv3qjrxjsdzn3325ejghli53; d=ess.firstdata.com;
t=1652117979;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME
ARC_REJECT DKIM has Failed or SPF has failed on the message
* and the domain has a DMARC reject policy
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolv
n policyd-spf.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
1; helo=smtp14-ph2-sp4.mta.salesforce.com; envelope-from=re...@support.meridianlink.com; receiver=
X-Greylist: whitelisted by SQLgrey-1.8.0
isn't it possible that it's sqlgrey that whitelisted your domain?
$ spamassassin --version
SpamAssassin version 4.0.0-r1889518
running on Perl version 5.32.1
--
Matus U
clude:_spf.salesforce.com -all"
SPF_PASS idicates that the SPF hit.
however, posting full headers could help us a bit.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
On Tue, Apr 26, 2022 at 02:35:25PM +0200, Matus UHLAR - fantomas wrote:
> is it possible to match message headers in rfc822 atttachments?
>
> from what I know, "header" rules only apply to mail headers and mimeheader
> only apply to mime headers.
>
> body and rawbody
e time ago but no success:
https://marc.info/?l=spamassassin-users=132282473328809=2
is this possible now or do we need out-of SA solution for this?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na t
urther?
not me, as I'm not involved in SA deployment more than by being active here.
perhaps you could fill a wishlist report...
Are these rules from the link above useful?
looks like they are. KAM.cf contains similar rules, but having them in stock
SA would be nice.
--
Matus UHLAR
> > and spf is unapplicable since the envelope from is null.
>
> Isn't that the case with all bounce messages?
Matus UHLAR - fantomas:
usually yes, it should be. But we of course can't guarantee that.
This also means that SPF can't be used, thus either those messages have DKI
yes, it should be. But we of course can't guarantee that.
This also means that SPF can't be used, thus either those messages have DKIM
signatures, or they CAN NOT pass DMARC.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-ma
ES_99 - do you train your bounce messages?
yes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
On 7/4/22 3:09 pm, Matus UHLAR - fantomas wrote:
your edge sends the original message as an attachment, so your
internal server can not process many of checks. SA option
"report_safe" does this.
You should either trust edge server on its decision, or not do
scanning there. If y
. SA option "report_safe" does this.
You should either trust edge server on its decision, or not do scanning
there. If you do scan there, set "report_safe 0".
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adver
is not "."
- or, A/ exist.
that would require plugin or a few meta rules.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 1
DOMAIN
I don't recall the current state of support for this, so don't rely on
it without testing it.
Is it possible to do this within a cf file?
I don't know. Someone else with more knowledge of SpamAssassin will
need to speak to this.
--
Matus UHLAR - fantomas, uh...@fantomas.sk
72_scores.cf:score DKIMWL_WL_MEDHI 0.001 -0.001 0.001
-0.001
and I have already disables using of this check for autolearning:
tflags DKIMWL_WL_HIGH noautolearn net nice
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish
with it?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)
On 04.03.22 19:01, Matus UHLAR - fantomas wrote:
I got reports for multiple spams in form:
From: " martin.redact...@example.com"
To: "ředácted xyz, Ing."
Subject: Fw: xyz.redact...@example.com
(I intentionally kept some chars with diacritics because that was
s
nor any of _FNSFNAME*_ tags did hit
Am I expecting too much from FromNameSpoof?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!
names?
many of newest TLDs are used for spamming, getting domain in more stable TLD
might help.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu
uires as much coding as with the solution above.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
not find working mirror, channel failed
should be no big problem. if you really need, find the cron job and run it
again (you may need to run it under user it runs from cron)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to
"1897787"
the "updates.spamassassin.org" itself has no data.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie i
recated, 2. only uses host.
I'm glad you have fixed that but next time please read the manual page
first.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolve
HELO_NO_DOMAIN __HELO_NO_DOMAIN && !HELO_LOCALHOST
only has exclusion for "localhost" name (which has its own rule)
the scores could be united too:
score FSL_HELO_NON_FQDN_1 2.361 0.001 1.783 0.001
score HELO_NO_DOMAIN 0.001 0.001 0.001 0.001
--
Matus UHLAR - fantomas,
Hello,
looks like there's mailer hitting XM_RANDOM
from multiple mails:
X-mailer: Qi Mail Connector 101.21
X-mailer: Qi Mail Connector 103.2
apparently generated by czech company information system:
https://www.qi.cz/system-qi/
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
ip6:2a01:7e01:e001:289::4 -all
perhaps Received: headers from the mail you have received.
If that mail was rejected within apache network, you should see which server
rejected from which one.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
much like spam.
I use SA for more than 10 years, but in a very basic manner.
Is there some doc on how to harden SA ? Some useful plugins ? Bayes is
clearly not sufficient in my case
using razor/pyzor/DCC helps much.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
OH it would be great to be able to re-process matched rules, possibly
with different (e.g. per-user) scores.
But this must to be implemented yet.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adr
)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
On 14.12.21 17:46, David Bürgin wrote:
Look into ‘normalize_charset 1’. For background maybe this:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7656
On 2021-12-14 at 13:18:09 UTC-0500 (Tue, 14 Dec 2021 19:18:09 +0100) Matus
UHLAR - fantomas is rumored to have said:
from what I
On 14.12.21 17:46, David Bürgin wrote:
Look into ‘normalize_charset 1’. For background maybe this:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7656
from what I remember, normalize_charset should not be used until SA 4.*
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
On 01.12.21 11:25, Matus UHLAR - fantomas wrote:
hoping that adding sending IP Address to X-Originating-IP: header will help
me fight against spam posted via webmail it seems I caused more problems
than it was supposed to solve.
mail sent from external IP 192.0.2.1 via webmail on 192.168.0.10
On 01.12.21 11:25, Matus UHLAR - fantomas wrote:
hoping that adding sending IP Address to X-Originating-IP: header will help
me fight against spam posted via webmail it seems I caused more problems
than it was supposed to solve.
mail sent from external IP 192.0.2.1 via webmail on 192.168.0.10
On 01.12.21 11:25, Matus UHLAR - fantomas wrote:
hoping that adding sending IP Address to X-Originating-IP: header will help
me fight against spam posted via webmail it seems I caused more problems
than it was supposed to solve.
mail sent from external IP 192.0.2.1 via webmail on 192.168.0.10
: [
ip=192.0.2.1 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl
that show messages being processed and
correctly identified as spam/ham.
what parameters is spamass-milter run with?
-M by any chance?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
be evil"
motto.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
gin to add score more then default score to freemail hits, with
imho is more desireble then class it not freemail
i guess this just disables detection of fake reply-to which is I believe
exactly opposite of what OP needs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
On 2021-11-02 12:20, Matus UHLAR - fantomas wrote:
I have tried again, but despite is being listed in
kam_sa-channels_mcgrail_com/nonKAMrules.cf, SA does not accept that
directive.
On 02.11.21 18:25, Benny Pedersen wrote:
problem is that util_rb_2tld is global while kam rules need pr rule
12:45:25.455 [9317] dbg: config: read file
/var/lib/spamassassin/3.004004/updates_spamassassin_org/20_aux_tlds.cf
Nov 2 12:45:25.456 [9317] dbg: config: cleared tld lists
On 02.11.21 12:24, Raymond Dijkxhoorn wrote:
Thats added with 4.0.0-rsv
ehm?
--
Matus UHLAR - fantomas, uh...@fantomas.sk
/nonKAMrules.cf,
SA does not accept that directive.
at least not SA 3.4.4 (debian 10 backports)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux
On 10/31/21 5:26 PM, Matus UHLAR - fantomas wrote:
it looks like google has registered page.link domain and users are already
using it for spamming:
https://secretadultnightclub.page.link/...
I have added it to my local domain-based blocklist.
any idea/tip what to do with it next
On 2021-10-31 17:26, Matus UHLAR - fantomas wrote:
it looks like google has registered page.link domain and users are
already
using it for spamming:
https://secretadultnightclub.page.link/...
I have added it to my local domain-based blocklist.
any idea/tip what to do with it next
Hello,
it looks like google has registered page.link domain and users are already
using it for spamming:
https://secretadultnightclub.page.link/...
I have added it to my local domain-based blocklist.
any idea/tip what to do with it next?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
by the SpamAssassin CTASD test?
On 25.10.21 11:05, Axb wrote:
CommTouch, as a product, has been EOL for a decade ago.. or longer.
looks like icewarp mail server does use such service too, but I don't know
much about that.
Why not contact the ISP, directly?
so far the fastest solution
--
Matus UHLAR
On 18/10/2021 11:20 am, Matus UHLAR - fantomas wrote:
spamd by default tries to find recipients' home directories and user
preferences in them. try passing following option to spamd:
-x, --nouser-config, --user-config
On 18.10.21 14:47, Linkcheck wrote:
Thanks. Where would I actually
n given host (default:
localhost). Several hosts can be specified if separated by commas.
obviously "localhost" resolves to ::1 where spamd does not listen.
make spamd listen on ::1 or instruct spamd to connect to 127.0.0.1
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; h
of such mail with headers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional adv
can be enough
for the DNSBLs to catch up with the latest spammer.
I can only recommend using postscreen for non-client mail
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
,SPF_HELO_PASS,URIBL_BLACK
autolearn=no autolearn_force=no version=3.4.2
For instance, rule RCVD_IN_DNSWL_NONE is run for the first mail but
not for the second.
Why is that?
perhaps the rule did not match, that's how spam score is evaluated.
did those mails come from the same host?
--
Matus UHLAR
it needs a short-message exclusion?
On Sat, 25 Sep 2021, Matus UHLAR - fantomas wrote:
short messages with attachments. if you have an idea how, I'll be
glad to try.
On 25.09.21 15:04, John Hardin wrote:
I've done some masscheck review and tuning of it, added avoidance of
hits on very short
it needs a short-message exclusion?
short messages with attachments.
if you have an idea how, I'll be glad to try.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
-mail with short or no text and
attachments. (Haven't done stats tho, I can look during workweek.)
Thus, FSL_BULK_SIG tends to hit on such e-mail because they don't have
unsubscribe header.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
and gets BAYES_99.
the main problem is lack of safe rules with negative scores.
of course, nothing defeats manual training.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
is or how would one go about writing one?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
for running sa-update from
cron script.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache
MIXED_AREA_CASE,
and MIXED_IMG_CASE. Despite obviously bad To: and CC: addresses, the only rule
that triggered was paltry:
TO_MALFORMED=0.1
0.1. Seriously? Could we at least get a 0.1 for the CC address also?
apparently they are more eligible for meta rules.
--
Matus UHLAR - fantomas, uh...@fa
g report should do that.
until then, put:
score USER_IN_DKIM_WELCOMELIST -100.000
into your local overrides.
https://pastebin.com/6u4uNnLQ
Ideas greatly appreciated.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to
On 8/20/2021 6:23 AM, Matus UHLAR - fantomas wrote:
it seems that some TLD rules catch strings that are not domains:
* 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
* [URI: ups.mfr.date (date)]
* 5.0 KAM_SOMETLD_ARE_BAD_TLD .stream, .trade, .pw, .top, .press,
* .guru
On 2021-08-21 17:50, Matus UHLAR - fantomas wrote:
https://alioth-lists.debian.net/pipermail/nut-upsuser/2021-August/012539.html
* 5.8 KAM_LIST3_1 Likely Mailing List Purveyor Spam
5.8 is way too much
On 22.08.21 11:33, Benny Pedersen wrote:
reduce it localy then
I know how to handle
Hello,
another KAM FP:
https://alioth-lists.debian.net/pipermail/nut-upsuser/2021-August/012539.html
* 5.8 KAM_LIST3_1 Likely Mailing List Purveyor Spam
5.8 is way too much
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
date
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
that I intensively train spams and FPs.
I maintain a few servers, default score is at 5 and reject over 8.
one server without proper training, score is left at amavis default and
reject on 10.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
&& !__DKIM_DEPENDABLE && !DKIM_VALID && !DKIM_VALID_AU
if message is not signed, then signature can't be valid or invalid. If any
of signatures is valid, the message is signed.
the !DKIM_SIGNED is useless here unless it's a performance optimization.
Is it?
--
Matus UHLAR - fanto
to look at then just focusing on one set
of rules.
to be more precise, I have case where these caused mail to be autolearned as
ham which is even worse than a FN
I tried to filter out other rules that could cause it.
Unfortunately no other rules hit that could avoid trainin.
Matus UHLAR - fantomas
201 - 300 of 2479 matches
Mail list logo