> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas
> wrote:
>
>>> On 27.03.24 20:56, Philip Prindeville via users wrote:
>>>> I have something that looks like:
>>>>
>>>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org
>>&g
> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas
> wrote:
>
>>> On 27.03.24 20:56, Philip Prindeville via users wrote:
>>>> I have something that looks like:
>>>>
>>>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org
>>&g
> On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote:
>
> On 27.03.24 20:56, Philip Prindeville via users wrote:
>> I have something that looks like:
>>
>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org
>>
>> blacklist_from *@yandex.ru
>
Hi.
I have something that looks like:
whitelist_from_rcvd v...@yandex.ru vger.kernel.org
blacklist_from *@yandex.ru
And I only ever seem to see the 2nd rule being hit, but not the first.
What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I
We're being blacklisted by att.net with the following message:
(reason: 550 5.7.1 Connections not accepted from servers without a valid
sender domain.flph840 Fix reverse DNS for 24.116.100.90)
I don't know what the hell is up with these pinheads:
philipp@ubuntu22:~$ dig -tmx
> On May 2, 2023, at 9:37 AM, Thomas Johnson wrote:
>
>
>> On May 2, 2023, at 8:27 AM, Philip Prindeville
>> wrote:
>>
>> Is there a way to add scoring that says, "If the sending domain has DKIM
>> records, but there's no DKIM signature o
Is there a way to add scoring that says, "If the sending domain has DKIM
records, but there's no DKIM signature on this message, then attach a high
score to it?"
We seem to attach negative scores when DKIM is present and valid, but what
about the opposite direction?
If it's absent, but it
> On May 1, 2023, at 3:48 AM, Reindl Harald wrote:
>
>
>
> Am 30.04.23 um 20:54 schrieb Philip Prindeville:
>>> On Apr 28, 2023, at 12:17 PM, Philip Prindeville
>>> wrote:
>>>
>>>
>>>
>>>> On Apr 28, 2023, at 10:
> On Apr 28, 2023, at 12:17 PM, Philip Prindeville
> wrote:
>
>
>
>> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote:
>>
>>
>>
>> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>>> On Apr 25, 2023, at 6:28 AM, Bill Cole
&
> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote:
>
>
>
> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>> On Apr 25, 2023, at 6:28 AM, Bill Cole
>>> wrote:
>>>
>>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0
> On Apr 25, 2023, at 6:28 AM, Bill Cole
> wrote:
>
> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600)
> Philip Prindeville
> is rumored to have said:
>
>> I thought the matching included subdomains, and seem to remember that
>> wor
Oh, and this is on Fedora, so I'm running 3.4.6...
> On Apr 24, 2023, at 2:32 PM, Philip Prindeville
> wrote:
>
> Hi,
>
> I have the following line:
>
> whitelist_from_rcvd *@ceipalmm.com mailgun.net
>
> And tried it on a message that had:
>
>
Hi,
I have the following line:
whitelist_from_rcvd *@ceipalmm.com mailgun.net
And tried it on a message that had:
Return-Path:
But it didn't get whitelisted. If I change the pattern above to
"*@mg2.ceipalmm.com" it works. I thought the matching included subdomains, and
seem to
> On May 11, 2022, at 1:53 AM, Henrik K wrote:
>
> On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
>> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
>>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>>>> See my
> On May 11, 2022, at 9:24 AM, John Hardin wrote:
>
> On Tue, 10 May 2022, Philip Prindeville wrote:
>
>> Anyone have a rule to detect the following nonsense headers seen in this
>> message I got?
>>
>> Return-Path:
>> Received: from cp24
> On May 11, 2022, at 1:53 AM, Henrik K wrote:
>
> On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
>> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
>>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>>>> See my
> On May 11, 2022, at 1:44 AM, Henrik K wrote:
>
> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>> See my original message.
>>
>> I can't think of a single way to match each header, and then test for any of
>> them not matching the
> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote:
>
> On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
>>
>> You're correct that they're different in every message received.
>>
> So write a rule that fires on any header name that *doesn't
> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote:
>
> On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
>>
>> You're correct that they're different in every message received.
>>
> So write a rule that fires on any header name that *doesn't
> On May 10, 2022, at 4:58 PM, Kevin A. McGrail wrote:
>
> On 5/10/2022 6:10 PM, Philip Prindeville wrote:
>> Anyone have a rule to detect the following nonsense headers seen in this
>> message I got?
>
> Interesting. Those look more like something that Bayesia
Anyone have a rule to detect the following nonsense headers seen in this
message I got?
Return-Path:
Received: from cp24.deluxehosting.com (cp24.deluxehosting.com [207.55.244.13])
by mail (envelope-sender ) (MIMEDefang) with ESMTP
id 23C2ch8H717309
for ; Mon, 11 Apr 2022
> On Nov 16, 2021, at 8:03 PM, Henrik K wrote:
>
> On Tue, Nov 16, 2021 at 01:08:16PM -0700, Philip Prindeville wrote:
>>
>> Or http.sh points to an NS that's offline...
>
> Your resolver shoukd time out _way_ sooner than some minutes.
>
>>
> On Nov 30, 2021, at 1:10 PM, Matija Nalis wrote:
>
> On Tue, Nov 30, 2021 at 12:03:15PM -0700, Philip Prindeville wrote:
>>> On Nov 17, 2021, at 9:50 AM, Bill Cole
>>> wrote:
>>> SpamAssassin rules are not laws in any sense. They do not prescribe o
> On Nov 17, 2021, at 9:50 AM, Bill Cole
> wrote:
>
> SpamAssassin rules are not laws in any sense. They do not prescribe or
> proscribe any action. They do not reflect any sort of moral or ethical
> judgment. They do not express or define technical correctness.
Isn't that exactly what
Hi,
I'm looking at the 0.001 scoring for SPF_NONE and scratching my head. This was
discussed a bit in early 2015, but maybe it needs revisiting with new
perspective.
Surely no one who cares about maintaining their reputation by protecting
themselves against spoofing would fail to provide SPF
> On Nov 16, 2021, at 3:30 AM, Martin Gregorie wrote:
>
> On Mon, 2021-11-15 at 17:12 -0700, Philip Prindeville wrote:
>>
>>
>>> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote:
>>>
>>>
>>> Philip Prindeville writes:
>&g
> On Nov 15, 2021, at 11:12 PM, Henrik K wrote:
>
> On Mon, Nov 15, 2021 at 04:25:55PM -0700, Philip Prindeville wrote:
>>
>>
>>> On Nov 12, 2021, at 10:35 PM, Henrik K wrote:
>>>
>>> On Fri, Nov 12, 2021 at 07:49:00PM -0800, John Hardin wr
Replies... some duplication of conversation on "mimedefang".
> On Nov 15, 2021, at 10:34 PM, Bill Cole
> wrote:
>
> On 2021-11-15 at 18:08:20 UTC-0500 (Mon, 15 Nov 2021 16:08:20 -0700)
> Philip Prindeville
> is rumored to have said:
>
>>> On Nov
> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote:
>
>
> Philip Prindeville writes:
>
>> Ah, the rule _eval_tests_type11_pri0_set1() took 4:20.
>>
>> Why can't I even find the rule?
>
> That looks very familiar. I was having timeouts, and saw that
> On Nov 12, 2021, at 10:35 PM, Henrik K wrote:
>
> On Fri, Nov 12, 2021 at 07:49:00PM -0800, John Hardin wrote:
>>
>> What would be helpful here would be logging of when a rule *starts*
>> evaluation. Normally that would be painful, but for tracking a runaway it
>> would be useful. Perhaps
> On Nov 12, 2021, at 8:49 PM, John Hardin wrote:
>
> On Fri, 12 Nov 2021, Philip Prindeville wrote:
>
>> I got the message, saved it to a flat file, and ran "spamassassin -t -D
>> rules < netdev.eml" and saw:
>>
>> ...
>>
> On Nov 9, 2021, at 6:49 AM, Jared Hall wrote:
>
> On 11/8/2021 11:36 PM, Peter wrote:
>> It seems that people aren't taking google as seriously any more.
> First came Freemail. Then came SpamAssassin. I DO think that people take
> Google seriously. There are just so many ways to deal
Hi,
I got an email from net...@vger.kernel.org that was a lengthy (422K) regression
test report from a patch someone had submitted.
I got the message, saved it to a flat file, and ran "spamassassin -t -D rules <
netdev.eml" and saw:
...
Nov 12 11:45:38.048 [36367] dbg: rules: ran eval rule
Asked and answered:
http://forum.centos-webpanel.com/index.php?topic=5505.0
Need to open outgoing port 2703 (TCP) for the mail server.
> On Aug 14, 2021, at 12:37 PM, Philip Prindeville
> wrote:
>
> Hi all,
>
> A few days ago, I started seeing this in my /var/log/maillog:
Hi all,
A few days ago, I started seeing this in my /var/log/maillog:
Aug 14 12:15:07 mail mimedefang-multiplexor[141367]: 17EIF11E226383: Worker 4
stderr: razor2: razor2 check failed: Connection refused razor2: razor2 had
unknown error during get_server_info at
Actually, the notion is much older than that… 12th or 13th century I believe.
Students of universities (like Oxford or Sorbonne or Geneve) would get
together, interview professors, and pay them directly.
There was no “administration”. The professors marketed their knowledge and
insight
Free Speech doesn’t require anyone to pay for your soap box or megaphone.
But Spam is exactly that: having other people subsidize your speech through the
theft of services.
> On Nov 19, 2020, at 2:25 PM, Kevin A. McGrail wrote:
>
> Afternoon Everyone,
>
> So over the years, I have gotten a
> On Nov 15, 2020, at 11:48 AM, Dominic Raferd wrote:
>
>
>
> On Sun, 15 Nov 2020, 18:27 Philip Prindeville,
> wrote:
> Is anyone else using this database?
>
> I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to
> block countries
Is anyone else using this database?
I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to block
countries since Maxmind retired support for GeoIP on RHEL.
But I keep running into cases where parts of the database are very obviously
wrong. It’s showing about 50% of
> On Aug 21, 2020, at 1:28 PM, Rob McEwen wrote:
>
> ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for
> Sendgrid-spams!
>
> ...a collection of a new TYPE of DNSBL, with the FIRST of these having a
> focus on Sendgrid-sent spams. AND - there is a FREE version of
I just add an extra 5.0 points for coming from Sendgrid now so it goes straight
to the Junk folder.
Users can pull it out of there if they really want it.
Sendgrid is becoming to ASP’s what OVH and Softlayer are to ISP's.
> On Jun 27, 2020, at 3:56 AM, Niels Kobschätzki wrote:
>
> Sendgrid
> On Jul 7, 2020, at 3:16 AM, Raymond Dijkxhoorn
> wrote:
>
> Hai!
>
it might help to add your complaint via ab...@sendgrid.com.
>
>>> I very much doubt it. Sendgrid's business is sending mail and they do not
>>> care if that mail is spam or not. If enough servers block them they
Hi,
I’ve recently gotten emails (a lot of them, as it happened) with the following
subject line:
Subject: H¡gh level of r¡sk. Your account has been hacked. Change yøur passwørd.
and I’ve seen other similar emails in the past using simple mechanical
substitutions (Greek alpha for ‘a’, Cyrillic
> On Jan 4, 2020, at 11:57 AM, Bill Cole
> wrote:
>
> On 3 Jan 2020, at 17:45, Philip Prindeville wrote:
> [...]
>
>> One other question that occurs to me: why would we even need > http-equiv=“Content-Type” …> if we already have a Content-Type: header
> On Jan 3, 2020, at 3:45 PM, Philip Prindeville
> wrote:
>
>
>
>> On Jan 2, 2020, at 4:08 PM, Philip Prindeville
>> wrote:
>>
>> I’m getting the following Spam.
>>
>> http://www.redfish-solutions.com/misc/bluechew.eml
>>
> On Jan 2, 2020, at 4:08 PM, Philip Prindeville
> wrote:
>
> I’m getting the following Spam.
>
> http://www.redfish-solutions.com/misc/bluechew.eml
>
> And this is notable for having:
>
>
>
> GUID1
> GUID2
> GUID3
> GUID4
> …
>
One
> On Jan 3, 2020, at 11:34 AM, RW wrote:
>
> On Fri, 3 Jan 2020 10:09:21 -0800 (PST)
> John Hardin wrote:
>
>> On Fri, 3 Jan 2020, Pedro David Marco wrote:
>>
>>> header __L_RECEIVED_SPFexists:Received-SPF
>>> tflags __L_RECEIVED_SPFmultiple maxhits=20
>>>
>>> meta
I’m getting the following Spam.
http://www.redfish-solutions.com/misc/bluechew.eml
And this is notable for having:
GUID1
GUID2
GUID3
GUID4
…
so it should be easy enough to detect.
A GUID looks like:
[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{3}-[0-9a-f]{3}-[0-9a-f]{12}
The 2nd type of Spam I’m
Sigh… “downside”.
> On Nov 3, 2019, at 2:32 PM, Philip Prindeville
> wrote:
>
> What would be the downsize of having:
>
> my @hdrs = grep($uniq{$_}++, $pms->{msg}->get_header ($hdr));
>
> instead and counting ALL instances of $hdr, not just the unique RHS
What would be the downsize of having:
my @hdrs = grep($uniq{$_}++, $pms->{msg}->get_header ($hdr));
instead and counting ALL instances of $hdr, not just the unique RHS’s?
> On Nov 3, 2019, at 1:51 PM, Philip Prindeville
> wrote:
>
> Hi.
>
> I’m lookin
Hi.
I’m looking at:
# Return true if the count of $hdr headers are within the given range
sub check_header_count_range {
my ($self, $pms, $hdr, $min, $max) = @_;
my %uniq = ();
my @hdrs = grep(!$uniq{$_}++, $pms->{msg}->get_header ($hdr));
return (scalar @hdrs >= $min && scalar @hdrs <=
Has anyone else started seeing something similar in the last 2-3 weeks?
Running /var/spool/mqueue/x22LrU1S006228 (sequence 1 of 2)
... Connecting to mx.hughes.net. via esmtp...
220 mx.hughes.net ESMTP
>>> EHLO mail.redfish-solutions.com
250-mx01.hughes.cmh.synacor.com says EHLO to
Hi.
I’d like to be able to detect duplicated header types in MIME sections.
I think you all have been seeing them too. Is there an easy way to see if a
message contains any MIME sections where particular headers occur more than
once?
Thanks,
-Philip
. Or, conversely, they could simply not put any full name field in at all
and just use the raw email address…
It’s like someone made the conscious decision to choose the worst of both
worlds…
> On Jul 13, 2017, at 11:49 AM, Philip Prindeville
> <philipp_s...@redfish-solutions.com> wro
I’m getting more and more email as:
To: “joeb...@example.com”
anyone know why there’s an increase in this? Did Exchange recently get broken
so that it’s not populating the Addressbook properly?
I noticed that even legitimate promotional mailers (like 1800petmeds.com) are
> On Feb 12, 2017, at 4:53 PM, Philip Prindeville
> <philipp_s...@redfish-solutions.com> wrote:
>
> What an incredible waste of time:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19
>
> I actually think I might be dialoging with a highly arg
What an incredible waste of time:
https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19
I actually think I might be dialoging with a highly argumentative variant of
Eliza.
In which case, it’s passed the Turing Test.
Having been through the process of authoring 2 RFC’s, perhaps I can shed some
light on the process for you.
All proposed standards started life as draft RFC’s (this was before the days of
IDEA’s but after the days of IEN’s).
If it were validated by the working group and passed up to the IAB
> On Feb 3, 2017, at 6:04 PM, Kevin A. McGrail wrote:
>
> Re: 3.4.2 SA release
>
> Imminent. I'd like to start a push for a release, prioritizing bugs, etc.
>
> I've stepped up to be the Release Manager and I'm coordinating things at work
> so I can dedicated time to the
> On Feb 2, 2017, at 5:06 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
>
> Am 02.02.2017 um 23:41 schrieb Martin Gregorie:
>> On Thu, 2017-02-02 at 15:23 -0700, Philip Prindeville wrote:
>>> Anyone else seeing this?
>>>
>> Yes - in
Anyone else seeing this?
Feb 2 08:10:23 mail mimedefang.pl[13017]: helo: mailman2.scl3.mozilla.com
(63.245.214.181:3844) said "helo mail.mozilla.org"
Feb 2 08:10:23 mail sendmail[14852]: v12FAHm7014852:
from=,
size=4727,
On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
> On 12/29/2015 3:46 PM, Philip Prindeville wrote:
>> On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
>>
>>> On 12/29/2015 3:38 PM, Philip Prindeville wrote:
On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
> On 12/29/2015 3:38 PM, Philip Prindeville wrote:
>> Is there a reason that headers are left with leading spaces?
>>
>> I’ve noticed that I have to write rules as:
>>
>> Su
On Dec 29, 2015, at 2:39 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
> On 12/29/2015 4:29 PM, Philip Prindeville wrote:
>> On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
>>
>>> On 12/29/2015 3:46 PM, Philip Prindeville wrote:
>
On Dec 29, 2015, at 3:15 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
> On 12/29/2015 5:12 PM, Philip Prindeville wrote:
>> I did recall that I used the patch here:
>>
>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6360#c4
>>
>> to be able to
Is there a reason that headers are left with leading spaces?
I’ve noticed that I have to write rules as:
Subject =~ /^ Great [Jj]ob [Oo]pportunity/
because of the leading space… Given the text of RFC-2822:
NO-WS-CTL = %d1-8 / ; US-ASCII control characters
Is there a reason that headers are left with leading spaces?
I’ve noticed that I have to write rules as:
Subject =~ /^ Great [Jj]ob [Oo]pportunity/
because of the leading space… Given the text of RFC-2822:
NO-WS-CTL = %d1-8 / ; US-ASCII control characters
On Oct 5, 2015, at 10:57 PM, Noel Butler wrote:
> On 06/10/2015 12:39, Jo Rhett wrote:
>
>> Sorry, let me restate: I know consequences of blocking large
>> providers. I’m asking if others have found the same to be true, or if
>> there is any reason to give SoftLayer
On Sep 29, 2015, at 10:09 AM, Philip Prindeville
<philipp_s...@redfish-solutions.com> wrote:
> Can you use something like:
>
> header __L_X_NO_RELAY exists:X-No-Relay
> tflags __L_X_NO_RELAY multiple
Actually, that should probably be bounded to somet
Can you use something like:
header __L_X_NO_RELAY exists:X-No-Relay
tflags __L_X_NO_RELAY multiple
meta MULTIPLE_X_NO_RELAY__L_X_NO_RELAY >= 8
describe MULTIPLE_X_NO_RELAYSaw an inordinate number of X-No-Relay: headers
score MULTIPLE_X_NO_RELAY 10.0
I
On Sep 29, 2015, at 10:44 AM, John Hardin <jhar...@impsec.org> wrote:
> On Tue, 29 Sep 2015, Philip Prindeville wrote:
>
>> Can you use something like:
>>
>> header __L_X_NO_RELAYexists:X-No-Relay
>
> Are you seeing empty X-No-Rela
I’m getting a lot of messages from head-hunters, my wife’s auto dealership,
etc. that look like they’re being generated by legitimate [sic] email
campaigns, but they don’t have a message-id.
Since the message-id needs to be universally unique, the general guidelines are
that it be generated by
On Sep 24, 2015, at 4:12 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 23.09.2015 um 19:24 schrieb Philip Prindeville:
>> Stating facts here, not giving an opinion. Not sure what’s up for debate.
>>>
>>> if it is empty it's <&g
On Sep 22, 2015, at 12:58 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 22.09.2015 um 19:43 schrieb Philip Prindeville:
>> I’m using SA with MdF on Linux (Fedora 22).
>>
>> MdF generates the header “Return-Path: ” for me, so that should
&
On Sep 23, 2015, at 6:35 AM, RW <rwmailli...@googlemail.com> wrote:
> On Tue, 22 Sep 2015 11:43:18 -0600
> Philip Prindeville wrote:
>
>> Hi.
>>
>> I?m using SA with MdF on Linux (Fedora 22).
>>
>> MdF generates the header ?Return-Path: ?
Hi.
I’m using SA with MdF on Linux (Fedora 22).
MdF generates the header “Return-Path: ” for me, so that should be
available to me in the rules.
To test this, I wrote a couple of rules:
header __L_EMPTY_SENDER EnvelopeFrom:addr !~ /./
header __L_MATCH_SENDER EnvelopeFrom:addr
On 06/19/2015 01:07 PM, Dianne Skoll wrote:
On Fri, 19 Jun 2015 12:51:28 -0600
Philip Prindeville philipp_s...@redfish-solutions.com wrote:
[stuff]
With this, we avoid ever accepting about 98% of the SPAM that we’d
otherwise receive.
Really? 98%? I find that surprising. We get quite
On Jun 19, 2015, at 2:35 PM, David Jones djo...@ena.com wrote:
But I’m on a LOT of high volume mailing lists (like mozilla-general and
netdev) that get heavily spammed.
Filtering mailing lists is a slightly different ballgame than filtering
regular email. Some of the items listed
On 06/10/2015 04:34 AM, Amir Caspi wrote:
On Jun 10, 2015, at 12:32 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote:
FEATURE(`block_bad_helo')
define(`confALLOW_BOGUS_HELO', `False')
Argh, unfortunately, that feature is only on sendmail 8.14 and higher, which
means RHEL/CentOS 6 or
On Jun 19, 2015, at 3:28 PM, David Jones djo...@ena.com wrote:
From: Philip Prindeville philipp_s...@redfish-solutions.com
Sent: Friday, June 19, 2015 3:53 PM
To: David Jones
Cc: users@spamassassin.apache.org
Subject: Re: Must-Have Plugins?
On Jun 19, 2015, at 2:35 PM, David Jones djo
No offense to lepers, but is .science to be avoided? I’ve had email this week
from about 17 different .science domain names, and 13 were blocked because of
ZenBL and the rest turned out to be SPAM anyway.
I’m thinking that I should just refuse connections from any host whose rDNS is
.science…
On Jun 19, 2015, at 1:01 PM, David Jones djo...@ena.com wrote:
From: Philip Prindeville philipp_s...@redfish-solutions.com
On Jun 9, 2015, at 12:29 PM, John Hardin jhar...@impsec.org wrote:
On Tue, 9 Jun 2015, David Jones wrote:
Some of the best and easiest things you can enable
On Jun 9, 2015, at 12:29 PM, John Hardin jhar...@impsec.org wrote:
On Tue, 9 Jun 2015, David Jones wrote:
Some of the best and easiest things you can enable to block spam are
outside of SpamAssassin at your MTA (sendmail, postfix, etc.).
- Enable greylisting. This is just about the only
On Apr 15, 2015, at 7:07 PM, @lbutlr krem...@kreme.com wrote:
On Apr 13, 2015, at 09:03, John Hardin jhar...@impsec.org wrote:
The proper place for that sort of thing would be the tool that does final
delivery to the user's mailbox.
There is no proper place for that.
No, it’s not. But
Anyone know of a site that you can send an email to in order to test your SPF
and/or DKIM configuration?
I’ve set it up but every once in a while I get back weird messages about being
blocked from certain sites and I’m wondering if something is wrong at my end or
are they just misconfigured at
On Dec 4, 2014, at 2:41 PM, Axb axb.li...@gmail.com wrote:
On 12/04/2014 10:30 PM, Bob Proulx wrote:
Axb wrote:
It's been more than a month since my first SOUGHT 2.0 msg.
A few have shown interest but as there hasn't been the flood of enthusiasm
and stuff getting done which I hoped for so
On 11/21/2014 09:49 AM, David F. Skoll wrote:
On Fri, 21 Nov 2014 08:43:22 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
On a public mailng list isn't a great place to discuss such tactics...
I suspect spammers are dumb and will just vacuum up any address
they can find. Also, the
On 12/04/2014 05:32 AM, Reindl Harald wrote:
Am 03.12.2014 um 23:56 schrieb Philip Prindeville:
On 11/21/2014 09:49 AM, David F. Skoll wrote:
On Fri, 21 Nov 2014 08:43:22 -0800 (PST)
John Hardin jhar...@impsec.org wrote:
On a public mailng list isn't a great place to discuss such tactics
On Dec 4, 2014, at 2:30 PM, Dave Pooser dave...@pooserville.com wrote:
On 12/4/14, 3:10 PM, Philip Prindeville
philipp_s...@redfish-solutions.com wrote:
Not necessarily. If I post to a list with this address, and wait 60
days, I can assume that 99.999% of email that comes back after
On Oct 17, 2014, at 9:53 AM, Michael Opdenacker
michael.opdenac...@free-electrons.com wrote:
On 09/01/2014 01:39 AM, LuKreme wrote:
On 31 Aug 2014, at 14:38 , Ian Zimmerman i...@buug.org wrote:
Doesn't ok_languages and ok_locales do the job? It does for me.
Not with UTF-8 encoding, that
Every connection I’ve gotten from a hostname resolving to *.link or saying helo
*.link has been spam (I block the connections with MIMEDefang).
Has anyone actually seen a legitimate email from a host in the .link TLD?
I’ve seen (last week alone):
bgo.blc-onlineconsumer140.link
BTW, I finally picked up the phone and spoke to support at Blacklotus (the ARIN
PoC for abuse there gives bogus info) and discussed this with them.
They refused to believe that a site offering:
* weight loss meds
* miracle cures for diabetes
* tax-deductible window upgrades
* Victoria’s Secret
The issue we’ve been having with Blacklotus (self-appointed champions of
everyone’s right to be on the internet, no matter how shady, is the impression
I got from speaking to their sales department a while ago) has one commonality.
All of the domains that resolve to 192.3.186.4 are registered
On Oct 2, 2014, at 12:56 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 02.10.2014 um 20:50 schrieb Philip Prindeville:
The issue we’ve been having with Blacklotus (self-appointed champions of
everyone’s right to be on the internet, no matter how shady, is the
impression I got from
On Oct 2, 2014, at 1:42 PM, Axb axb.li...@gmail.com wrote:
On 10/02/2014 08:50 PM, Philip Prindeville wrote:
The issue we’ve been having with Blacklotus (self-appointed champions
of everyone’s right to be on the internet, no matter how shady, is
the impression I got from speaking
On Oct 2, 2014, at 1:57 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 02.10.2014 um 21:39 schrieb Robert Schetterer:
not exact what you want , but may help too
http://www.postfix.org/postconf.5.html
check_recipient_ns_access type:table
Search the specified access(5) database for
I’m seeing spams like:
http://pastebin.com/XXQrNURW
Notice:
* the message is almost always text/plain single part;
* the only Received: line is the local one, even though it was received on port
25;
* the message id contains the string be2aaf2163fd72c9975ec76b00288831, which
seems to be a
On Sep 30, 2014, at 11:41 AM, David Jones djo...@ena.com wrote:
From: Philip Prindeville philipp_s...@redfish-solutions.com
Sent: Tuesday, September 30, 2014 12:30 PM
To: SpamAssassin
Subject: Googlasi, blacklotus, etc.
I’m seeing spams like
Is there a good discussion on how rule priority works, and short-circuited
evaluation, etc?
I must be looking in the wrong places because I can’t find much. I found
register_method_priority() in ::Plugin but I wasn’t sure if that’s all there
is… It only seems to be called in
On Sep 3, 2014, at 7:36 PM, Karsten Bräckelmann guent...@rudersport.de wrote:
header __KAM_PHIL1To =~ /phil\@example\.com/i
header __KAM_PHIL2Subject =~ /(?:CV|Curriculum)/i
Bonus points for using non-matching grouping. But major deduction of
points for that entirely un-anchored
1 - 100 of 339 matches
Mail list logo