IK, bind does not accept NS records with CNAMEs, only A or
records. It looks like spamhaus updated their nameserver config and
added cloudflare by way of CNAME.
Brgds
Per
--
Per Jessen, Zürich (1.1°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
gt;
> "Announcement: We will be publishing a #Femism blacklist to help
> responsible network administrators block undesirable content. A
> blacklist of Feminist websites promoting the feminist, anti male
> agenda."
>
> Caveat Emptor. And it's Feminism, not Femism.
are false positives. Probably a hiccup
on my installation, I was just wondering if anyone else is seeing this?
--
Per Jessen, Zürich (6.3°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
Axb wrote:
On 03/16/2015 11:05 AM, Axb wrote:
On 03/16/2015 10:54 AM, Per Jessen wrote:
I've recently upgraded to SA 3.4.0 - I'm seeing
URI_DOTDOT_LOW_CNTRST scoring on many legitimate mails. E.g. from
linkedin and distrelec.
For instance:
http://files.jessen.ch/Tektronix-4-Kanal
Axb wrote:
On 03/16/2015 11:28 AM, Per Jessen wrote:
Axb wrote:
On 03/16/2015 11:05 AM, Axb wrote:
On 03/16/2015 10:54 AM, Per Jessen wrote:
I've recently upgraded to SA 3.4.0 - I'm seeing
URI_DOTDOT_LOW_CNTRST scoring on many legitimate mails. E.g. from
linkedin and distrelec
, dating/mating service.
--
Per Jessen, Zürich (10.9°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
a reason to test for port 25 open, maybe to block
open relays and/or SMTP redirect on misconfigured routers...
This is what e.g. rfci-ignorant or many other rhsbl blacklists are
for.
thay are dead
they are alive on rfc-ignorant.de :-)
Resurrected perhaps, but not quite alive.
--
Per Jessen
Matthias Leisi wrote:
On Tue, Feb 5, 2013 at 8:27 AM, Per Jessen p...@computer.org wrote:
This is what e.g. rfci-ignorant or many other rhsbl blacklists are
for.
rfc-ignorant has gone off-line.
http://www.rfc-ignorant.de/
-- Matthias
Thanks, I didn't know someone had decided
Benny Pedersen wrote:
Per Jessen skrev den 2013-02-05 08:27:
rfc-ignorant has gone off-line.
thats why i choiced to use reject_unverified_sender in postfix, and
yes i know it can be abused, but it solves more problems then it
creates for me
For me that creates too much traffic
abality to send email, but when trying send
to this mx postmaster or abuse does not exists or mx host does not
accept recipient domain, seen here relay denied, and connection
refused
This is what e.g. rfci-ignorant or many other rhsbl blacklists are
for.
rfc-ignorant has gone off-line.
--
Per
Bob Proulx wrote:
Per Jessen wrote:
dar...@chaosreigns.com wrote:
Much like the 3.2.5 release which that page still unfortunately
implies is reasonable to use.
I'd love an explanation of a situation where somebody is running
spamassassin but can't run sa-update, even once. I hear
FYI, see $SUBJ.
--
Per Jessen, Zürich (-0.7°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
dar...@chaosreigns.com wrote:
On 12/08, Per Jessen wrote:
FYI, see $SUBJ.
Much like the 3.2.5 release which that page still unfortunately
implies is reasonable to use.
I'd love an explanation of a situation where somebody is running
spamassassin but can't run sa-update, even once. I
? It's part of the deal
with SLES. There is also a mailing list:
http://listx.novell.com/mailman/listinfo/suse-sles-e
--
Per Jessen, Zürich (13.8°C)
a distro that doesn't?)
SLES does provide all of that, but not necessarily an upgraded
spamassassin, I don't know.
--
Per Jessen, Zürich (15.7°C)
Joseph Acquisto wrote:
On 10/9/2012 at 3:02 PM, Per Jessen p...@computer.org wrote:
Joseph Acquisto wrote:
Won't make, anyway. Module Net-addr::IP missing. Finding this for
SuSe seems to be an adventure in itself.
Just install from source.
--
Per Jessen, Zürich (14.6°C)
You
Joseph Acquisto wrote:
Won't make, anyway. Module Net-addr::IP missing. Finding this for
SuSe seems to be an adventure in itself.
Just install from source.
--
Per Jessen, Zürich (14.6°C)
?
Yes, it works very well without amavisd:
http://jessen.ch/articles/spamassassin-and-postfix/
(a bit old, but still valid).
--
Per Jessen, Zürich (20.5°C)
I noticed one of these in an email from a domain I had tried to
whitelist with whitelist_from_dkim. Does anyone know the background
on this?
--
Per Jessen, Zürich (16.5°C)
forged by spammers and phish
senders. The recommended solution is to instead use whitelist_auth or
other authenticated whitelisting methods, or whitelist_from_rcvd.
--
Per Jessen, Zürich (21.1°C)
they are extremely obscure.
whitelist_from_rcvd is very reliable.
Not if someone sends an email through a different mail system,
I think that is what whitelist_allows_relays is intended to take care
of.
--
Per Jessen, Zürich (23.2°C)
address, the
chances of a spammer ever sending me a spam spoofing that address is
very small.
Happened to me twice only yesterday - somebody sent me mails appearing
to come from one of my email addresses. I don't think it's as rare an
event as you suggest.
--
Per Jessen, Zürich (23.2°C)
powersupply, RAID controllers etc etc. :-) (e.g. an HP ML580
or -585).
--
Per Jessen, Zürich (15.9°C)
Robert Schetterer wrote:
Am 22.03.2012 10:19, schrieb Per Jessen:
It's also the rate of change that is
interesting - I very rarely see two emails with the same link.
one more indicate for a bright planned campaign
what are they try to push...?
It varies - one link I've just clicked
Robert Schetterer wrote:
Am 21.03.2012 09:09, schrieb Per Jessen:
Has anyone else noticed this stream of new spamvertized domains :
http://files.jessen.ch/list-of-new-domains
Typically accompanied by messages/subject lines such as:
You should check your status update and see
Robert Schetterer wrote:
Am 22.03.2012 08:23, schrieb Per Jessen:
Robert Schetterer wrote:
Am 21.03.2012 09:09, schrieb Per Jessen:
Has anyone else noticed this stream of new spamvertized domains :
http://files.jessen.ch/list-of-new-domains
Typically accompanied by messages/subject
Axb wrote:
On 03/22/2012 10:19 AM, Per Jessen wrote:
Robert Schetterer wrote:
Am 22.03.2012 08:23, schrieb Per Jessen:
Robert Schetterer wrote:
Am 21.03.2012 09:09, schrieb Per Jessen:
Has anyone else noticed this stream of new spamvertized domains :
http://files.jessen.ch/list-of-new
that this update is accurate.
Teach yourself a new foreign language in 10 days
Just being curious. Yesterday I got another 10 different domains.
--
Per Jessen, Zürich (5.4°C)
information.
I use public DNS services as forwarders in my LAN dns (bind9). I
remember that once disabled forwarders for some URIBL but the setting
is gone, and I can't find a recipe.
Hi Jari
you set up a zone file for the rbl in question:
zone rbl {
forward first;
forwarders;
}
--
Per
to get new URIs ito the zone...
I need my own independant working URIBL server where I can add my
own captured URIs.
That is what is being suggested - follow the guide, but use it for your
own data.
--
Per Jessen, Zürich (1.7°C)
, etc.
In my experience, selective greylisting is way more effective than any
RBL.
/Per Jessen, Zürich
=~ /^.{0,100}$/
For MIME-encoded, does this work on the raw data or the decoded? (raw I
suspect).
/Per Jessen, Zürich
Simon Loewenthal wrote:
On 08/23/2011 04:37 PM, Per Jessen wrote:
Matus UHLAR - fantomas wrote:
* Marc Perkel supp...@junkemailfilter.com:
Just sharing some ideas on blocking outbound spam.
On 20.08.11 21:55, Patrick Ben Koetter wrote:
- We require humans to use submission instead of smtp
a trackable connection.
I thought that the EU requires providers to log the sender and
recipient...
http://en.wikipedia.org/wiki/Telecommunications_data_retention#European_Union
/Per Jessen, Zürich
have any tips or
tricks that are not mentioned here?
Hi Warren,
I'd suggest adding something about using rbldnsd to serve lists
locally. That's usually even faster than having your own
resolver, and for many different reasons it's how medium to large
systems should do things.
+1
/Per Jessen
Per Jessen wrote:
Max Dunlap wrote:
Haha, I'm sorry I accidently sent a message. But while I'm at it, I
was going to ask a question.
I just set up a healthy postfix server on ubuntu, I've been looking
at the wiki and I'm not sure which way is the best to get myself
setup with SA. My old
Benny Pedersen wrote:
On Fri, 01 Jul 2011 08:17:59 +0200, Per Jessen wrote:
http://jessen.ch/articles/spamassassin-and-postfix/
And now it's also _actually_ available, thanks Benny.
the above page still have 403 errors
http://timian.jessen.ch/reports/spamassassin/report.html
Yeah - like
anymore, the wiki says it causes
backscatter and is no longer supported. I was looking into using
spampd.
http://wiki.apache.org/spamassassin/IntegratePostfixViaSpampd
I wrote this a long time ago, but I think it's still applicable:
http://jessen.ch/articles/spamassassin-and-postfix/
/Per
and recipients from message. Then resend:
sendmail emailfile -oi -f sender recipients
If all intended recipients are listed as to: or cc:,
sendmail emailfile -oi -f sender -t
/Per Jessen, Zürich
rules with 'and' and 'or'. See man
Mail::Spamassassin::Conf.
/Per Jessen, Zürich
. If you want
to get the same result, use (VAR)CHAR instead of date.
... again, does this affect BAYES?
Probably not, but David was asked to explain why he was wary of using
mysql, and he did just that.
/Per Jessen, Zürich
country, but
generateing country lists now does not include xx so let that asside,
is IP::Country hardest to update then Geo::IP ?
last one is not completly free as i remember ?
There is always http://countries.nerd.dk - I've been using that in
rbldnsd format for a couple of years.
/Per Jessen
Henrik K wrote:
On Sun, Jun 19, 2011 at 09:33:19AM +0200, Per Jessen wrote:
Benny Pedersen wrote:
2011/5/25 Henrik K h...@hege.li:
If you are using RelayCountry plugin, you are most likely using
almost two years old IP::Country::Fast database, or possibly even
older.
You might
that don't do retries - usually unpatched Exchange 2003
servers.
Apart from those, I hardly ever touch any of the greylisting setup. I
don't greylist everything though, maybe that is the difference.
/Per Jessen, Zürich
. Sending to 100 recipients is like a DoS.
That's a bad design. Our system can accept mail to multiple
recipients with individual filtering and without running many
SpamAssassin processes in parallel. It can be done.
Sure, it's only a question of queueing.
/Per Jessen, Zürich
David F. Skoll wrote:
On Tue, 17 May 2011 09:46:09 +0200
Per Jessen p...@computer.org wrote:
The main/only problem I have with greylisting are otherwise legit
servers that don't do retries - usually unpatched Exchange 2003
servers.
I've never seen any Exchange server of any version fail
Mark Martinec wrote:
David F. Skoll wrote:
That's a bad design. Our system can accept mail to multiple
recipients with individual filtering and without running many
SpamAssassin processes in parallel. It can be done.
Indeed.
Per Jessen wrote:
Sure, it's only a question of queueing
recipients
require different final touches. It practically makes not difference
in timing if a message has one or a thousand recipients.
Interesting, thanks for enlightening me. I guess amavisd is just being
opportunistic about it and hoping not many recipients will have
individual settings?
/Per
Is there a way to write a header test on the mime-decoded contents of
Subject: ?
AFAICT, a test such as :
header __BLURP Subject =~ /[^\s]{60}/
works on the mime-encoded Subject, not the decoded version?
/Per Jessen, Zürich
|| __FROM_INFO || __SENDER_BOT). Sofar I have
not seen a single hit.
/Per Jessen, Zürich
Marcin Mirosław wrote:
W dniu 30.03.2011 14:06, Per Jessen pisze:
Have you looked at what spamd is doing when it so busy?
Did You mean spamd child? At this moment bayes engine do very hard
work with email.
Yes, I meant the child - obviously, it sounds as if it's a problem in
the bayes
Marcin Mirosław wrote:
W dniu 30.03.2011 15:47, Per Jessen pisze:
Yes, I meant the child - obviously, it sounds as if it's a problem in
the bayes processing. I don't use SA bayes, but that problem ought
to be investigated first before we look at work-arounds. IMHO.
I'm expecting
Marcin Mirosław wrote:
W dniu 30.03.2011 16:21, Per Jessen pisze:
Well, isn't the behaviour you're seeing working-as-expected then? If
it was an indefinite loop, setting up a time-out would be a possible
work-around. If the bayes code is doing what it is supposed to do,
but just taking
to be
limited to 35 or so letters.
From:
http://german.about.com/library/blwort_long.htm
Rindfleischetikettierungsüberwachungsaufgabenübertragungsgesetz
Donaudampfschiffahrtselektrizitätenhauptbetriebswerkbauunterbeamtengesellschaft
/Per Jessen, Zürich
a pretty good job then it just tells me
Microsoft and Yahoo don't care.
Google does happen to own Postini.
/Per Jessen, Zürich
originality
depends on the contents?
/Per Jessen, Zürich
in e.g. Germany and Switzerland is quite different. I
doubt if anyone here would be able to claim Urheberrecht for an email.
/Per Jessen, Zürich
- much better, imho.
/Per Jessen, Zürich
. There are lots of lists where both
are a lot less obvious.
/Per Jessen, Zürich
to violate the criteria, but this would require rfc-ignorant
to apply judgement, something I would rather be without.
/Per Jessen, Zürich
.
/Per Jessen, Zürich
for 'defaults'.
/Per Jessen, Zürich
is now fixed:
0.0.0.0/8
10.0.0.0/8
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.168.0.0/16
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/3
See
https://datatracker.ietf.org/doc/draft-vegoda-no-more-unallocated-slash8s/
/Per Jessen, Zürich
/shorttagstest.html
/Per Jessen, Zürich
Lawrence @ Rogers wrote:
On 27/01/2011 4:15 AM, Per Jessen wrote:
I've just been looking at a mail that got a hit on
HTML_TAG_BALANCE_HEAD due to this:
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd; html
xmlns=http
that the behavior of HTML_TAG_BALANCE_HEAD is valid in this
case, as head/ is invalid HTML (despite what the validator says) and
should not be used by anyone.
True, but html_eval_tag() will fire on _any_ short tag.
/Per Jessen, Zürich
Lawrence @ Rogers wrote:
On 27/01/2011 5:36 PM, Per Jessen wrote:
I believe that the behavior of HTML_TAG_BALANCE_HEAD is valid in
this case, ashead/ is invalid HTML (despite what the validator
says) and should not be used by anyone.
True, but html_eval_tag() will fire on _any_ short tag
figure out whether the short tag syntax is allowed - the HTML
above was generated by XSLT based on this input:
head/head
Other popular short tags: br/ div/ p/ - I don't think we should
be judging those to be unbalanced HTML tags.
/Per Jessen, Zürich
to specify the
interface as well. In a browser, you could do that like this:
http://[fe80::20c:29ff:fe28:8af%eth0]
You could try the same syntax with spamc - the %device is a glibc
extension, it might work.
/Per Jessen, Zürich
Per Jessen wrote:
The fe80: address is link-local, to use it you have to specify the
interface as well. In a browser, you could do that like this:
http://[fe80::20c:29ff:fe28:8af%eth0]
You could try the same syntax with spamc - the %device is a glibc
extension, it might work.
However
and address them
to people the way they are used to, i.e. using their local alphabet.
They get confused when they can't, but that is of course something you
can get used to.
/Per Jessen, Zürich
Mark Martinec wrote:
On Wednesday December 29 2010 20:05:20 Per Jessen wrote:
How about the case of rejecting/scoring obviously forged senders?
I.e. from-address = facebook.com and dkim verification completed,
but failed. That is a pretty good reason for a high score or a
reject, whereas
. from-address = facebook.com and dkim verification completed,
but failed. That is a pretty good reason for a high score or a
reject, whereas from-address = facebook.com and dkim verification
failed (temp DNS issue) isn't.
/Per Jessen, Zürich
I think I must have asked this before, so I must have forgotten the
answer - is there any way of distinguising between DKIM verification
negative and DKIM could not verify?
/Per Jessen, Zürich
annoyed by UCE agencies who either don't have an
'un-subscribe' capability or, much worse, who include the line You're
receiving this because you subscribed you can un-subscribe by
visiting URL and whose URL goes through the motions but doesn't
actually unsubscribe you.
+1.
/Per
an linkedin invitation, if we
need to verify DKIM at all ;)
mouss wrote:
the sample posted by Michelle came to her via a debian list. debian
lists are open (no subscription required) and thus attract a lot of
spam.
On 13.12.10 08:17, Per Jessen wrote:
And whilst invitations
Matus UHLAR - fantomas wrote:
Michelle Konzack wrote:
300-500 INVITE spams per day from more than 400 socialnetworks
worldwide is realy annoying or better, I would call it terrorism.
On 12.12.10 22:03, Per Jessen wrote:
Just reject them all?
Do those invitations contain headers
Matus UHLAR - fantomas wrote:
Michelle Konzack wrote:
300-500 INVITE spams per day from more than 400 socialnetworks
worldwide is realy annoying or better, I would call it
terrorism.
On 12.12.10 22:03, Per Jessen wrote:
Just reject them all?
Matus UHLAR - fantomas wrote:
Do
Michelle Konzack wrote:
Hello Per Jessen,
Am 2010-12-12 22:03:34, hacktest Du folgendes herunter:
Michelle Konzack wrote:
300-500 INVITE spams per day from more than 400 socialnetworks
worldwide is realy annoying or better, I would call it terrorism.
Just reject them all
Michelle Konzack wrote:
300-500 INVITE spams per day from more than 400 socialnetworks
worldwide is realy annoying or better, I would call it terrorism.
Just reject them all?
/Per Jessen, Zürich
. debian
lists are open (no subscription required) and thus attract a lot of
spam.
And whilst invitations such as those broadcasted are annoying, they're
not _really_ spam, are they?
/Per Jessen, Zürich
Per Jessen wrote:
I got the following reject this morning:
book...@example.com: host mail.example.com[1.2.3.4] said: 550
Dynamic
Style reverse DNS IP=[212.25.14.40].Rejected by MagicSpam
1.0.4-9.1 (http://www.magicspam.com/).
Do a reverse look up of 212.25.14.40
Matus UHLAR - fantomas wrote:
On 10.11.10 08:23, Per Jessen wrote:
I got the following reject this morning:
book...@example.com: host mail.example.com[1.2.3.4] said: 550
Dynamic
Style reverse DNS IP=[212.25.14.40].Rejected by MagicSpam
1.0.4-9.1 (http://www.magicspam.com
Lee Dilkie wrote:
On 11/10/2010 6:32 AM, Michael Scheidell wrote:
On 11/10/10 2:45 AM, Matus UHLAR - fantomas wrote:
On 10.11.10 08:23, Per Jessen wrote:
I got the following reject this morning:
book...@example.com: host mail.example.com[1.2.3.4] said: 550
Dynamic
Style reverse DNS
alright.
/Per Jessen, Zürich
Martin Toombs wrote:
I have a Postfix/Dovcot/SpamAssassin setup with TSL required for all
SMTP users in the domain.
Is there a way I can globally whitelist any mail received from a
secured connection?
Why not simply bypass spamassassin for those? That is easily set up in
postfix.
/Per
.
The system is a basic Linode running Ubuntu Linux 8.04 with 512M of
memory.
How many CPUs/cores?
I would like to adjust appropriately
Number of Max Children
5 is probably not unreasonable.
Number of Spare Children
Not of any great importance - 1-2.
/Per Jessen, Zürich
is a basic Linode running Ubuntu Linux 8.04 with 512M of
memory.
As already proposed, I'd definitely try to raise the system memory.
We have no data on the memory utilization on the OPs system, but two
spamd instances in 512M leaves plenty of room.
/Per Jessen, Zürich
-reporting-01.txt
/Per Jessen, Zürich
corpus.defero wrote:
On Fri, 2010-10-08 at 20:13 +0200, Per Jessen wrote:
corpus.defero wrote:
On Thu, 2010-10-07 at 08:56 -1000, Alexandre Chapellon wrote:
Indeed no IP should be blacklisted undefinitely... at least
without checking regularily.
I don't agree. An IP that hops
corpus.defero wrote:
This is all OT for a Spamassassin. If you want to bitch about
blocklists why not do it on SPAM-L or at NANAE?
I'm not bitching about anything.
/Per Jessen, Zürich
a case of actions have consequences. Not careful in your
output, don't expect any sympathy.
Well, in this case, SORBS screwed up royally, so consequence = don't use
them?
/Per Jessen, Zürich
127.0.0.10
127.0.0.10 - dynamic address
Something's clearly not quite right at SORBS.
/Per Jessen, Zürich
wants to do this as an exercise - selven, you could
always rsync the uceprotect lists, if those are useful to you.
/Per Jessen
Giles Coochey wrote:
On Thu, September 16, 2010 15:57, Martin Gregorie wrote:
On Thu, 2010-09-16 at 13:36 +0200, Giles Coochey wrote:
On Thu, September 16, 2010 13:28, Martin Gregorie wrote:
On Thu, 2010-09-16 at 07:28 +0200, Per Jessen wrote:
http://public.jessen.ch/files/mazeweb
franc wrote:
You may setup a regexp rule in the /etc/local.cf file of your SA
installation
Could you give me an example, or where to find one? In the local.cf i
don't find RegExp-sections.
body FRANCS_RULE /regexp/
/Per Jessen, Zürich
and
http://enc.com.au/itools/person.php to do that.
whois will also tell you.
/Per Jessen, Zürich
changing it to $1, but that didn't produce
the expected result. What would be the correct way to write this?
/Per Jessen, Zürich
did try
using $1 on the right side of the s///, but it didn't work.
/Per Jessen, Zürich
Karsten Bräckelmann wrote:
On Thu, 2010-06-10 at 12:08 +0200, Per Jessen wrote:
I have a bit of SA code where I strip leading and trailing
whitespace
foreach (@addrs) { s/^\s*([^\s]+)\s*$/\1/; }
Whenever I run this I get the warning \1 better written as $1
which I
1 - 100 of 462 matches
Mail list logo
