Each minute it learn messages of the last minute so it read and learn one time
only for each message
Messages are that it sends from internal, so il learn that words are not spam
Internal messages are not spam
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna
ot -p -D mailscanner ) )
# Scan array and learn ham
for i in ${m[@]}; do
echo $i
ii=$(find $Q -type f -name $i)
check=${#ii}
if [ $check -gt 1 ] ; then
echo $ii
$L $ii
fi
done
~
~
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.607
Please take a look at this plugin :
http://saplugin.16mb.com/
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna – Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio originale-
Da: Christoffer G. Thomsen [mailto:li
Hi
There is a rule that catch PASSWORD PROTECTED ARCHIVE attached ?
I don't want to block in Mailscanner but catch in a RULE to mix with others
rules
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web
Ok seems that rbl are disabled but it seems that uribl check, is correct ?
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio originale-
Da: Benny Pedersen [mailto:m
I use spamassassin in incoming and outgoing emails
Outgoing emails come from an internal ip
Is there a way to avoid rbl checks when it come from an ip class ?
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web
Listed in db.wpbl.info
tflagsC_RBL_WPBLnet
score C_RBL_WPBL2.50
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it<http://www.gruppocomet.it/>
[Descrizione: gc]
I use the same box for internal mail delivery
I shortcircuit internal messages that come from internal ip
I noticed that bayes never learn from internal messages if I take one and make
sa-learn -ham of these messages it answer that have learned
Is possible to learn automatically ?
Nicola
This script can be used if you have mailscanner in mysql database that record
results of spamassassin activity and postfix as mta
# postban.sh
# Temporary Ban SpamOnly Ip
# -
#
# This script create a table for postfix that ban IPs that made high spam
results only
#
Why not try my powerful plugin to reduce score of known users ?
Is based on people that answer to us and in my case, after 3 week of learning,
it HIT 70% of incoming messages that are absolutely ham
http://saplugin.16mb.com/
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127
THX Antony
Service works, but at now how can i address query to this server ?
And the service name test how must be inserted in the query ?
usr/sbin/rbldnsd -n -b localhost/53 test:ip4tset:/rbldnsd/test.txt
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna – Italia
Tel
Someone use dnsrbld to create personal rbl ?
I am unable to bind to port 53 (and other ports)
I start and it tell that bind :
[root@EFALIST rbldnsd]# ./start.sh
rbldnsd: listening on ::1/53
rbldnsd: listening on 127.0.0.1/53
rbldnsd: ip4tset:/rbldnsd/test.txt: 20161017 101633: cnt=2
rbldnsd:
Bot not all RW_URLBL.txt are contained in RW_DOMBL.txt and viceversa
For example 25z5g623wpqpdwis.onion.to doesn’t have match in RW_URLBL.txt
And if I extract from http://01ad681.netsolhost.com/7j0jlq3 the domain
01ad681.netsolhost.com is not in RW_DOMBL.txt
?!
Nicola Piazzi
CED - Sistemi
to 2 entries, and we have 4000 entries here
.
Any suggestion ?
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it<http://www.gruppocomet.it/>
[Descrizione: gc]
http://saplugin.16mb.com/
And tell me how it works
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it<http://www.gruppocomet.it/>
[Descrizione: gc]
adsp_override dhl.com penalize when someone spoof address, for example sent
email with @dhl.com without dkim
but it doesn't catch when someone use dhl description in From as this example :
From: DHL Service d...@infectedpc.com<mailto:d...@infectedpc.com>
Nicola Piazzi
CED - Sistemi
COMET
ed by spf or dkim or mxpf AND domain is dhl.com
AF_ABUSED_DHL
True if some dhl references in from field (__AF_DHL_FROM) and not verified
dhl.com
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web
After a new box instalation I found that txrep doesnt work
The table is empty
mysql> select * from txrep;
Empty set (0.00 sec)
Obviously I disabled AWL and Load TxRep il v341.pre
Any suggestion ? Any log possible ?
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bolo
' from regexp
MySQL regular expressions don't have lookarounds
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it<http://www.gruppocomet.it/>
[Descrizione: gc]
Da: Bowie
Obviously i intended to write a plugin that search the db
But I need the regex syntax to search at least 3 words that match of 4 words
given
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
: mercoledì 28 settembre 2016 15:26
A: users@spamassassin.apache.org
Oggetto: Re: regular expression needed
On 9/28/2016 9:02 AM, Nicola Piazzi wrote:
Usually we receive spam having subjects like these examples in order of time :
Subject
FedEx Shipment
734563383644 Notification and match if it found at least 3 of 4 words
Someone can help ?
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it<http://www.gruppocomet
I am off topici f you think that postfix is not spamassassin
I think that this is not a Microsoft problem because exchange answer correctly
to unknown recipients
I suppose that there is something in the return string that postix doesn’t like
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino
ipientNotFound; Recipient not found by SMTP address lookup"
from Exchange 2016 it doesn't consider unexistant that recipient
Someone can write me the answer of Exchange 2010 to a non existant recipient ?
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Ital
TO of
doesntex...@gruppocomet.it<mailto:doesntex...@gruppocomet.it> and need some
time to answer, so I suppose that it make the call to Exchange
RCPT TO is immediate if I remove reject_unverified_recipient
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel
header RELAYCOUNTRY_ITX-Relay-Countries =~ /IT/
header RELAYCOUNTRY_BAD X-Relay-Countries =~
/^(US|CN|RU|UA|JP|HK|UK|DE|BR|IN)/
in some cases I have both results in the spam report, I suppose that is because
plugin evals all ip address end not lastexterlal, is it
Here 2 plugins selfmade
http://saplugin.16mb.com/
If someone send me a feedback it will be appreciate
: Shortcircuit work partially
On Tue, 30 Aug 2016 14:48:03 +
Nicola Piazzi wrote:
> em is that dns check are made asincronously if it will be made
> sincronously it will happen like you said it is not important slowind
> down all messages because I save a lot of query and cpu
calculations before sending the DNS requests to check
blacklists.
Bowie
On 8/30/2016 10:37 AM, Axb wrote:
> shot in te dark:
> what happens if you do
>
> priority BAYES_ZERO -2000
> shortcircuit BAYES_ZERO ham
>
> On 08/30/2016 04:30 PM
And there is not a solution ?
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio originale-
Da: li...@rhsoft.net [mailto:li...@rhsoft.net]
Inviato: martedì 30 agosto
When i shortcircuit a rule not all other are bypassed
Here an example ...
Local.cf :
priority BAYES_ZERO -980
shortcircuit BAYES_ZERO ham
Spam report :
-0.03 ABUSIX_PRESENCE Contatto Anti-Abuse presente in abuse-contacts.abusix.org
-1.00 BAYES_ZERO Bayes
Is there a way to have multiple line in a single rule ?
For example :
metaOW_SENT_EMAIL ( OW_T_SENT_EMAIL && ! OW_T_REF_EMAIL &&
! OW_T_REF_FULL && ! OW_REF_THIS && OW_PASS)
Will be better :
metaOW_SENT_EMAIL ( OW_T_SENT_EMAIL
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio originale-
Da: Benny Pedersen [mailto:m...@junc.eu]
Inviato: giovedì 18 agosto 2016 14:13
A: users@spamassassin.apache.org
On 08/18/2016 10:20 AM, Nicola Piazzi wrote:
> 1)
>>> Another thing, the date of files is # Updated 2014-09-17-axb
>> What is the problem with that?
> Problem that now we are in 2016
so? I committed the last update in 2014.
Ok bit is very probably that from 2014 a lot of
from any kind of
freemail provider ?
If is so description must be changed to “Sender email is enduser mail provider”
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna – Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio
also in 20_freemail_mailcom_domains.cf
Another thing, the date of files is # Updated 2014-09-17-axb
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna – Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it<http://www.gruppocomet.it/>
[Descrizio
It can be very useful a dns service URIBL that tell if a domain is public or
private
If is private I can whitelist entire domain instead address by address when I
receive an ham from one
For example :
I cannot WL gmail.com if I receive a ham from j...@gmail.com
But I can WL cocacola.com if I
It is difficoult to write a doc of what this plugin that I wrote do
But here is the ow.cf file, so you can see what this plugin do
It can be used ONLY when box is the same for send and receive emails
What do you think about it ?someone want to have to try ?
# oUTwHITELIST (ow)
# Is a
-project.org/viewtopic.php?f=14=1769
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio originale-
Da: li...@rhsoft.net [mailto:li...@rhsoft.net]
Inviato: mercoledì 10
) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf
Download here :
https://forum.efa-project.org/viewtopic.php?f=14=1777
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web
cant write a line like this, I don't know
mailserver domain
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio originale-
Da: RW [mailto:rwmailli...@googlemail.com
combine SPF_PASS with a list of email address, for example, but not
all put SPF in dns, so with MX I have another chance
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio
.
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio originale-
Da: Kevin Golding [mailto:k...@caomhin.org]
Inviato: martedì 9 agosto 2016 10:28
A: users
199.56.23.9 can be
legitimate because both come from 199.56.23
Have someone something like this ?
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it<http://www.gruppocomet.it/>
[Descrizione: gc]
44 matches
Mail list logo
