On Sun, 22 Aug 2021 20:52:30 -0400
Kevin A. McGrail wrote:
> I'll contact you off-list to get a spample submitted for review.
He already gave one.
__KAM_LIST3_1 ==> got hit: "user"
__KAM_LIST3_4 ==> got hit: "contact information"
__KAM_LIST3_3 ==> got hit: "direct email"
On Fri, 20 Aug 2021 14:16:14 -0700
Kenneth Porter wrote:
> On 8/20/2021 1:53 PM, Greg Troxel wrote:
> > I just had it falsely hit, in that it triggered on mail that was
> > ham. There was a .club URL, but it was to a club website mentioned
> > in mail that I actually agreed to get and that was on
On Thu, 29 Jul 2021 16:41:56 +0200
Benny Pedersen wrote:
> On 2021-07-29 03:16, Kevin A. McGrail wrote:
> > Are you running the KAM ruleset? There are some seo rules in
> > there.
>
> is KAMOnly.pm plugin needed ?, atleast its should be documented, i
> have that plugin installed now, it makes
On Mon, 26 Jul 2021 18:05:35 +0100
RW wrote:
> "&& !DKIM_SIGNED " means the rule can only be true if there's no
> signature, so none of the terms with __DKIM_DEPENDABLE, DKIM_VALID,
> and DKIM_VALID_AU make any difference.
Actually it's worse than that __DKI
On Mon, 26 Jul 2021 08:08:10 -0400
Greg Troxel wrote:
> So -0.2 means that there are two dkim signatures, one for each, and
> they are both valid.
It could do, but usually it just means that the sender and author
domains are the same.
>
> > BTW, looking at metas in 72_active.cf:
> >
> >
On Thu, 22 Jul 2021 20:09:19 +0300
Henrik K wrote:
> On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote:
> > On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote:
> > >
> > > Is there a limitation to SpamAssassin so it doesn't accept
> > > looking for the two X-Spam-headers,
On Tue, 6 Jul 2021 07:58:15 + (UTC)
Pedro David Marco wrote:
>
>
>
> On Monday, July 5, 2021, 11:45:42 PM GMT+2, RW
> wrote:
> >I'm not sure what you are referring to there. If you copy and paste a
> >web page into an HTML email, are you not just copying the
On Tue, 06 Jul 2021 00:16:00 +0200
Benny Pedersen wrote:
> On 2021-07-05 23:45, RW wrote:
>
> >> > What legitimate email uses javascript?
> >> Pretty common! many people copy and paste from webs.. and of course
> >> these are important mails! :-(
> >
On Mon, 5 Jul 2021 08:01:25 + (UTC)
Pedro David Marco wrote:
>
>
>>On Thursday, July 1, 2021, 05:03:50 PM GMT+2, RW
>> wrote:
>
> > What legitimate email uses javascript?
> Pretty common! many people copy and paste from webs.. and of cour
On Thu, 01 Jul 2021 18:40:04 +0100
Martin Gregorie wrote:
> On Thu, 2021-07-01 at 18:59 +0200, Benny Pedersen wrote:
> > On 2021-07-01 17:03, RW wrote:
> >
> > > > I realize blocking all javascript is prone to error,
> > > What legitimate email uses
On Thu, 1 Jul 2021 08:42:01 -0400
Alex wrote:
> I realize blocking all javascript is prone to error,
What legitimate email uses javascript?
On Tue, 29 Jun 2021 11:50:46 +0100
Martin Gregorie wrote:
> > On 2021-06-28 at 17:04:05 UTC-0400 (Mon, 28 Jun 2021 23:04:05 +0200)
> > Robert Harnischmacher
> > is rumored to have said:
> >
> > > In which form can one submit the subdomain of a mail sender for
> > > the integration in
On Fri, 25 Jun 2021 05:51:24 -0700
Loren Wilton wrote:
> From a fake "subscription" spam:
>
> You can reach out
>to our Customer Support Team+1 (800) 781 - 2511.
Is it common in the US to put 800 in brackets like that? In my
experience brackets normally go around either country codes or
On Wed, 16 Jun 2021 11:52:24 -0400
Alan wrote:
> I'm already getting FPs when someone does a copy/paste of an Amazon product
> page
> and sends it as mail.
>...
>The sender's signature typically has a phone number as well, so
>EvilNumbers would make things worse.
Probably not. The original
On Thu, 27 May 2021 20:40:28 -0400
Greg Troxel wrote:
> The other problem on a small number of messages was RCVD_DOTEDU_SHORT.
> I realize this must have passed masscheck, but getting a message of
> 1-1.5 kB from an address in .edu is to me not at all suspicious, and
> 2.5 points is a lot for
On Wed, 26 May 2021 04:11:28 -0700
Loren Wilton wrote:
> You could try
>
> headerX_SWITCHALL=~ /^X-\$switch\b/sm
Minor point, but since it's supposed to match a specific header name, it should
be
headerX_SWITCHALL=~ /^X-\$switch:/m
On Fri, 21 May 2021 15:41:22 -0400
Clive Jacques wrote:
> I have a mail folder that I put false negatives in (i.e., spam which
> ends up in my inbox) and another for false negatives (ham that ends
> up in my spam folder). Each night I run sa-learn on each folder
> (sa-learn will munch on entire
On Thu, 20 May 2021 19:39:06 +0100
RW wrote:
>
> /\xF0\x9F(?:\x98[\x80-\xBF]|\x99[\x80-\x8F])|xF0\x9F(?:[\xA4-\xA6][\x80-\xBF]|\xA7[\x80-\xBF])|\xE2\x98[\xB9-\xBB]/
This includes the block mentioned by Bill Cole and and is simplified a
bit
/\xF0\x9F[\x98-\x99\xA4-\xA7\x8C-\x97][\x8
On Thu, 20 May 2021 15:35:21 -0400
Jared Hall wrote:
> Clive Jacques wrote:
> > # Local Rule for Emoticons in subject
> > subject EMOTICON_IN_SUBJECT Subject =~ /\p{Emoticons}/
>
> The following regex will detect a good amount of Emojis:
>
>
On Thu, 20 May 2021 19:26:30 +0100
RW wrote:
> On Thu, 20 May 2021 18:44:43 +0100
> RW wrote:
>
> > On Thu, 20 May 2021 18:30:03 +0100
> > RW wrote:
> >
> >
> > > Try this:
> > >
> > >
> > > header EMOTICON_I
On Thu, 20 May 2021 18:44:43 +0100
RW wrote:
> On Thu, 20 May 2021 18:30:03 +0100
> RW wrote:
>
>
> > Try this:
> >
> >
> > header EMOTICON_IN_SUBJECT Subject =~
> > /\xF0\x9F(?:\x98[\x80-\xFF]|\x99[\x00-x8F])/
> >
>
> Actually that
On Thu, 20 May 2021 18:30:03 +0100
RW wrote:
> Try this:
>
>
> header EMOTICON_IN_SUBJECT Subject =~
> /\xF0\x9F(?:\x98[\x80-\xFF]|\x99[\x00-x8F])/
>
Actually that's only the original block, but it probably works most of
the time
On Thu, 20 May 2021 18:34:54 +0200
Bert Van de Poel wrote:
> We've started getting lots of spam with emoji in the subject too the
> past few weeks, so I've looked into this as well. As mentioned by RW,
> you would need to create some kind of UTF8 regex header Subject rule.
> As
On Thu, 20 May 2021 11:42:59 -0400
Clive Jacques wrote:
> Hi,
>
> I've been using SA a long time. Lately, I'm getting more and more
> spam with emoticons in the subject line. I'd say about 90% of my
> emails with emoticons in the subject are spam. I'd like to create a
> local rule which
On Mon, 17 May 2021 15:32:48 +
Lucas Rolff wrote:
> Even for only inbound, do you suggest disabling txrep_spf there as
> well, or only particularly important for outbound?
For anything
TxRep treats the header "From" address as having been authenticated by
an SPF pass even if the pass came
On Sun, 16 May 2021 16:50:57 -0400
Greg Troxel wrote:
> Lucas Rolff writes:
>
> > Thanks for the notes about sa-learn, txrep outgoing and the
> > autolearn itself. In my particular case, I'll only use it as an
> > inbound filter, since I handle outbound very differently (I let
> > other people
On Sun, 16 May 2021 13:36:34 -0400
Greg Troxel wrote:
>
> * txrep outgoing is really useful
Did you find a reason why that's right?
As I said before, my understanding is that it updates a reputation that
only gets used on incoming mail that passes neither spf nor dkim.
In other words it adds
On Sun, 16 May 2021 15:28:43 +
Lucas Rolff wrote:
> Hi guys,
>
> I’m currently configuring a new setup for passing through all emails,
> and I opted for SA as my filtering – one thing I also configured are
> txrep (
> https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TxRep )
>
> One
On Thu, 13 May 2021 09:41:25 -0400
Daniel J. Luke wrote:
> On May 13, 2021, at 12:14 AM, Michael B Allen
> wrote:
> > It is not completely trivial setup a caching name server. I
> > literally have two accounts so it's at least a serious nuisance.
>
> It's pretty simple to install unbound and
On Thu, 13 May 2021 00:11:52 +0200
Matthias Leisi wrote:
> We do follow RFCs, and have a number of methods (not returning an
> answer, returning REFUSED etc). But you’d be surprised how long some
> admins do not act… In these cases (ie consistent query volumes way
> above the limits, and
On Tue, 11 May 2021 17:48:39 -0400
Greg Troxel wrote:
>
> So in closing, I wonder if anyone else is seeing occasional failures
> in doing rDNS lookups at SMTP receive time.
This is the reason I continued using the Botnet plugin which does its
own lookup. My last-external received header isn't
On Mon, 10 May 2021 20:39:31 +0200
Bert Van de Poel wrote:
> Based on what I've read, I agree that this is indeed a bug (or
> actually several). I've filed the following bug reports:
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7904 (missing body
> types, as mentioned by
On Sun, 9 May 2021 20:03:27 +0200
Matus UHLAR - fantomas wrote:
> so you don't have points from body rules.
>
> your mentioned URI_DEOBFU_INSTR is a meta rule:
>
> meta URI_DEOBFU_INSTR __URI_DEOBFU_INSTR && !__MSGID_OK_HOST
>
> so maybe it's not considered.
They are treated as header, or
On Sun, 9 May 2021 04:17:26 +0200
Bert Van de Poel wrote:
> Within the same realm, I'm also wondering whether these expected
> numbers for body and header can be tweaked and if so, how.
You can create a meta-rule for definite spam and set:
tflags autolearn_force
a hit on any rule with
On Sat, 8 May 2021 17:04:00 -0400
Alex wrote:
> Hi,
> I'm trying to understand the FROMNAME rules and a potential conflict
> with PDS_FROM_2_EMAILS.
>
> I understand FROMNAME_SPOOF is designed to catch differences like:
>
> From: "no-re...@amazon.com"
>
> but what other spoofs is the
>
> >> Example pseudo code:
> >>
> >> my ($first_part) = $email_file =~ /^Deliver-To: (.*)/;
> >>
> >> body __LOCAL_AWKWARD_INTRO /hi $first_part/i
>
> On 08.05.21 15:02, RW wrote:
> >From: RW
> >
> >Why would you
On Fri, 07 May 2021 10:19:49 -0400
Steve Dondley wrote:
> I want to extract the first part of an email address from the
> "Delivered-To" header and use it witin a custom rule.
>
> Example pseudo code:
>
> my ($first_part) = $email_file =~ /^Deliver-To: (.*)/;
>
> body __LOCAL_AWKWARD_INTRO
On Mon, 03 May 2021 13:17:59 -0400
Bill Cole wrote:
> On 3 May 2021, at 11:18, Dave Funk wrote:
> >
> > I first crafted a rule:
> > header L_MY_HEADER X-My-Header !~ /^UNSET$/ [if-unset: UNSET]
>
>
> > But that would always fire 10 times if there were any instances of
> > 'X-My-Header'
On Mon, 3 May 2021 10:18:51 -0500 (CDT)
Dave Funk wrote:
> I'm trying to create a rule to count the number of instances of a
> particular header.
...
> What am I doing wrong? How should I craft a rule to count the number
> of instances of that header?
It's important to understand that when
On Mon, 3 May 2021 03:43:03 -0700
Loren Wilton wrote:
> > .pro have a -1 with SUSP_URI_NTLD_PRO.
>
> Is that really minus 1? Negative scores are good, they counteract
> spammy scores, which are positive.
mail-tester.com will run spamassassin on test emails. For some reason
they switch the
On Tue, 27 Apr 2021 19:42:22 -0700 (PDT)
John Hardin wrote:
> IIRC the Hostkarma list is fed by people pointing a backup MX DNS
> host record at *their* MTAs so that they can analyze the traffic and
> harvest the spammers doing "use backup MX to avoid filtering on the
> primary MX". I clearly
On Wed, 28 Apr 2021 18:20:08 +0200
Benny Pedersen wrote:
> On 2021-04-28 16:57, Matus UHLAR - fantomas wrote:
>
> > i was curious too, and found this:
> >
> > tflags SYMBOLIC_TEST_NAME flags
> > nice
> > The test is intended to compensate for common false
> >
On Sun, 25 Apr 2021 13:34:16 -0400
Steve Dondley wrote:
> I’m experimenting with writing my own rules. My machines are using SA
> 3.4.4 so I want to use the 3.4.4 rules.
There is only one set of rules, "if" statements handle any differences.
On Sun, 25 Apr 2021 11:48:06 -0400
Greg Troxel wrote:
> I recently went thrugh my setup and read a bunch of web pages, and
> decided to try TXREP.My summary comments after a few weeks:
>
> It seems to be working quite well.
>
> Outbound processing is really useful; people I mail to get
I noticed that there is a languages file in
/usr/local/share/spamassassin/ (DEF_RULES_DIR) installed by the SA
package as well as a newer and larger version installed by sa-update.
When I look at the debug it looks like the wrong one is being used:
textcat: loading languages file
On Sun, 25 Apr 2021 00:40:59 -0400
Steve Dondley wrote:
>
> On both machines, /usr/share/spasmassassin/72_active.cf has this rule
> which is commented out:
>
This is the legacy rule directory from before sa-update existed.
Have you not got another directory populated by sa-update?
On Sat, 24 Apr 2021 13:32:09 +0200
Matus UHLAR - fantomas wrote:
addresses.
>
> I still think that DMARC check should be done on edge of internal
> network, not anywhere behind it.
It's not about that, it's about whether or not you apply it to
-> ->
"&& !ALL_INTERNAL" does allow the
On Thu, 22 Apr 2021 14:21:05 -0400
Steve Dondley wrote:
> I'm still getting like 3 to half
> dozen a day. Here's one example: https://paste.debian.net/1194735/
Apparently it already expired.
On Fri, 23 Apr 2021 13:52:40 -0500 (CDT)
David B Funk wrote:
> On Fri, 23 Apr 2021, Steve Dondley wrote:
>
> > I'm looking at KAM.cf. There is this rule:
> >
> > body__KAM_WEB2 /INDIA based
> > IT|indian.based.website|certified.it.company/i
> >
> > I'm wondering if there is a good reason
On Thu, 22 Apr 2021 14:15:07 +0200
Matus UHLAR - fantomas wrote:
> >> On 21.04.21 00:11, RW wrote:
> >> >Anything that enters through through the remote trusted network
> >> >and hits ALL_TRUSTED will almost certainly pass whatever
> >> >authe
> On 21.04.21 00:11, RW wrote:
> >Anything that enters through through the remote trusted network and
> >hits ALL_TRUSTED will almost certainly pass whatever authentication
> >mechanism are set-up for the domain.
> >
> >The difference between ALL_TRUSTED and ALL
On Mon, 19 Apr 2021 20:40:58 -0400
Bill Cole wrote:
> On 19 Apr 2021, at 18:25, RW wrote:
> I suggested exempting messages hitting ALL_TRUSTED from
> KAM_DMARC_REJECT.
> Matus noted correctly that doing so with external machines in
> trusted_networks could result in "pro
On Tue, 20 Apr 2021 01:12:18 +0200
mau...@gmx.ch wrote:
> Hello
>
> Asking for litle help.. Doevecot and sieve are running fine.. One
> thing now, if receiving mail from Users-spamassassin
>
> This mail will by forwarding from sieve to folder spam. I didn't see
> why this will transfer there.
On Tue, 20 Apr 2021 10:21:57 -0600
Bob Proulx wrote:
> Don Saklad wrote:
> > How do you set nomail for the List?
>
> To unsubscribe send an email message to this address. Followed by a
> pre-mangled address for the web archive readers that hide email
> addresses.
>
>
On Mon, 19 Apr 2021 15:54:00 -0400
Bill Cole wrote:
>
> It's clear to me that excluding the original message (given as an
> example by the OP in a side-branch of this thread) from DMARC
> verification could be done with a ALL_INTERNAL
I've been a bit distracted today and I've already
On Mon, 19 Apr 2021 13:46:57 -0400
Bill Cole wrote:
> On 19 Apr 2021, at 13:26, RW wrote:
> > I'm not 100% sure, but I think localhost, unlike private addresses,
> > is always internal/trusted.
>
> I don't think that is relevant to the original message at hand or
On Mon, 19 Apr 2021 13:20:37 -0400
Bill Cole wrote:
> On 19 Apr 2021, at 13:03, Matus UHLAR - fantomas wrote:
>
> >> On 19 Apr 2021, at 11:30, Matus UHLAR - fantomas wrote:
> >>> I understand this as:
> >>>
> >>> if mail was received by internal relay unauthenticated, it's
> >>> external,
>
On Mon, 19 Apr 2021 19:03:55 +0200
Matus UHLAR - fantomas wrote:
> >On 19 Apr 2021, at 11:30, Matus UHLAR - fantomas wrote:
> >> I understand this as:
> >>
> >> if mail was received by internal relay unauthenticated, it's
> >> external,
>
> On 19.04.21 12:49, Bill Cole wrote:
> >I cannot
On Mon, 19 Apr 2021 09:46:48 -0400
Bill Cole wrote:
> On 19 Apr 2021, at 9:26, Matus UHLAR - fantomas wrote:
>
> >> On 19 Apr 2021, at 8:42, Simon Wilson wrote:
> >>> Yes, my trusted_networks, internal_networks and msa_networks are
> >>> all set correctly... I had a long discussion with this
On Mon, 19 Apr 2021 16:36:58 +1000
Simon Wilson wrote:
> Hi list,
>
> - I'm running KAM rules in Spamassassin
> - Postfix port 587-submitted email is sent to Amavisd (as a
> content_filter) on port 10026 (tagged as ORIGINATING/MYNETS) and is
> spam-checked and DKIM-signed on its way out the
On Fri, 16 Apr 2021 23:49:04 -0400
Bill Cole wrote:
> On 16 Apr 2021, at 11:25, Greg Troxel wrote:
>
> > Probably not for normals, score up MPART_ALT_DIFF because nobody
> > should be sending mail with a text/plain part that is not
> > semantically equivalent to the html.
>
> It seem like
On Fri, 16 Apr 2021 11:25:19 -0400
Greg Troxel wrote:
> Probably not for normals, score up MPART_ALT_DIFF because nobody
> should be sending mail with a text/plain part that is not
> semantically equivalent to the html.
Unfortunately it's quite common.
On Tue, 13 Apr 2021 14:10:02 +0200
Matus UHLAR - fantomas wrote:
> pyzor was originally razor rewritten in python, but now uses own
> servers, with the same intention AFAIK.
It's not just a matter of servers they do very different things. Pyzor
hashes selected lines from a preprocessed version
On Mon, 12 Apr 2021 09:40:47 -0400
Greg Troxel wrote:
> 3) sa-learn does not document that it is no longer for BAYES, but a
> general interface to mechanisms that learn.
It always was in theory.
> 4) There is a bonus of txrep_learn_penalty for learning spam,
> default 20. If the
On Sun, 11 Apr 2021 16:57:54 -0400
Steve Dondley wrote:
> >> Second, I'm not sure if my tests will work on my spam samples which
> >> have the spam encapsulated with the "report_safe" setting set to a
> >> value of "1".
> >
> > I wouldn't expect it to work at all. "report_safe" encapsulation
>
On Sun, 11 Apr 2021 10:04:03 -0400
Steve Dondley wrote:
> On 2021-04-11 09:34 AM, Benny Pedersen wrote:
> > On 2021-04-11 15:13, Steve Dondley wrote:
> >
> >> What do you think?
> >
> > pyzor is usefull if running pyzord localy, design of pyzor was imho
> > ment to be local pyzord and have
On Sun, 11 Apr 2021 09:13:26 -0400
Steve Dondley wrote:
> Second, I'm not sure if my tests will work on my spam samples which
> have the spam encapsulated with the "report_safe" setting set to a
> value of "1".
I wouldn't expect it to work at all. "report_safe" encapsulation
creates a new
On Sat, 10 Apr 2021 13:23:01 +0200
Matus UHLAR - fantomas wrote:
> On 10.04.21 08:58, mau...@gmx.ch wrote:
> >my spamassassin book are coming from 2004, and possible this arnt
> >relay up2date.
>
> should be 90% fine.
I didn't know there was a book but I looked it up
"Configure SpamAssassin
On Sat, 10 Apr 2021 15:44:54 +0200
Benny Pedersen wrote:
> dont use public dns servers ever, free or not
>
It's not about using public caches. They are going to block look-ups
from generic rDNS as well. I think they are already blocking some VPS
address blocks.
On Sat, 10 Apr 2021 08:56:19 -0400
Rob McEwen wrote:
> On 4/10/2021 6:55 AM, Jared Hall wrote:
> > Rob, I gotta say that I am impressed with the whole Spamhaus-dqs
> > program and their use of customer keyed DNS zone queries. Seems to
> > be the way around the client DNS forwarder issues. How
On Tue, 06 Apr 2021 12:03:52 -0400
Greg Troxel wrote:
> You can and probably should report spam to dnswl. In theory HI should
> have essentially no spam.
I thought that because I've never received a single spam with it, but in
mass checks it's at 0.23% of spam.
On Mon, 5 Apr 2021 18:30:31 -0700 (PDT)
John Hardin wrote:
> Can anybody explain to me the reason behind the blind "please send us
> a quote for your product X" emails? I mean, I know they are
> somehow a scam, but I can't figure it out how it's supposed to work
> when the target isn't a
On Tue, 6 Apr 2021 03:29:12 +0200
Christian Tasler wrote:
> Ok, maybe I'll need more than just a hint as I understood mostly
> nothing. I am running said packet install from an internet tutorial.
> I cannot do anything between issuing that command and the printout of
> the error. So how am I
On Mon, 5 Apr 2021 02:27:46 +0200
spamassas...@mach2.franken.de wrote:
> Hi there,
>
> when running a 'sudo apt-get install spamassassin' on my raspian pi
> 3b+ i keep running into a problem with sa-compile:
> ...
> Can anyone give me a hint what to do?
Using compiled rules is not essential,
;> I prefer to solve problems instead of playing with scores.
> >>
> >> It seems that abusers have worked around SA by using google domains
> >> and addresses for sending spam from.
>
> On 04.04.21 14:19, RW wrote:
> >If google have been foolish enough t
On Sun, 4 Apr 2021 13:21:08 +0200
Matus UHLAR - fantomas wrote:
> On 04.04.21 13:09, Benny Pedersen wrote:
> >change score to 7.5
> >change score to -3.5
>
> I prefer to solve problems instead of playing with scores.
>
> It seems that abusers have worked around SA by using google domains
>
On Fri, 02 Apr 2021 12:12:22 -0400
Adam Katz wrote:
> Hey, John et al. It's been a while. I hope things are going well.
>
> I've found an FP on URI_TRY_3LD from
> https://mynews.apple.com/subscriptions?… that you could solve by
> adding a new alternation to the relevant negative lookahead in
On Fri, 2 Apr 2021 13:22:47 +0200
Giovanni Bechis wrote:
> On 4/1/21 3:10 PM, Simon Wilson wrote:
> > Does SA always do its "own" DKIM check, or can it be told to use an
> > already written trusted AuthservId-written Authentication-Results
> > header, e.g. from OpenDKIM?
> I think
On Tue, 30 Mar 2021 14:16:16 +0100
RW wrote:
> by having multiple spamd processes per cpu
That should have been "per cpu core".
> Most DNS look-ups run in parallel with the regex rules. In 4.0/trunk
> that also applies to Pyzor, Razor, and DCC.
>
> If you have
On Tue, 30 Mar 2021 11:45:57 +1000
Simon Wilson wrote:
> Hi list,
>
> I've extracted below the top lines of timing for my SA checks on
> emails, and am wondering if these are along the lines of general
> expectations and performance with some of the DNS-based checks?
You can work around the
On Mon, 29 Mar 2021 17:50:00 +0200
Benny Pedersen wrote:
> ifplugin Mail::SpamAssassin::Plugin::DKIM
>
> dkim_minimum_key_bits 2048
>
> metaDKIM_SUPER_KEYSIZE (DKIM_SIGNED && DKIM_VALID_AU &&
> DKIM_VALID_EF)
> describeDKIM_SUPER_KEYSIZE Meta: DKIM_SIGNED &&
>
On Sun, 21 Mar 2021 11:34:09 -0400
Greg Troxel wrote:
> Steve Dondley writes:
>
> > I'm learning a bit about spamassassin rules and taking a peek at how
> > my inbound mail is scored. I noticed that PF_NONE scores zero points
> > by default. I'm wondering if there is a good reason for not
On Sat, 20 Mar 2021 11:11:03 -0400
Kevin A. McGrail wrote:
> Would be worth looking at how it got through. Perhaps badly trained
> Bayesian learning, for example?
If it's done well it can look like a hybrid of a real paypal email and
a routine gmail email and Bayes isn't capable of spotting
On Sun, 21 Mar 2021 00:36:05 +1000
Simon Wilson wrote:
> I've just migrated and updated to SA 3.4, and have moved the Bayes db
> to Redis. I used to use AWL but don't think the module is loaded in
> 3.4, am I correct?
It's just a matter of uncommenting the line in v310.pre
I don't think it
fine. It
> >> also reduces the incidence of tokens from somewhat rarer mail
> >> automatically expiring out of Bayes, leading to FPs and FNs.
>
> On 17.03.21 22:01, RW wrote:
> >It wont do that by default. You would need to have something removing
> >
On Wed, 17 Mar 2021 10:42:14 -0400
Kris Deugau wrote:
> My own experience has been that accumulating blobs of ham/spam and
> just repeatedly running sa-learn over those works just fine. It also
> reduces the incidence of tokens from somewhat rarer mail
> automatically expiring out of Bayes,
On Tue, 16 Mar 2021 15:33:58 -0400
Steve Dondley wrote:
> You covered a lot of ground here. Thanks.. If you have some spare
> cycles, I have follow up questions to get an understanding of how you
> process your email:
>
I presume this is a reply to Harold, in which case I would take it
with a
On Tue, 16 Mar 2021 13:16:49 -0400
Steve Dondley wrote:
> I have been accumulating spam/ham samples and sorting them out into
> different directories on my server. As new spam/ham comes in, I throw
> it into the existing pile and then run "sa-learn --spam|--ham" on the
> whole pile.
>
> It
On Sat, 13 Mar 2021 09:22:53 -0800 (PST)
John Hardin wrote:
> I'm not sure offhand if BAYES_50 hits when bayes is enabled but
> insufficiently trained...
It doesn't.
On Tue, 09 Mar 2021 08:52:28 -0500
Steve Dondley wrote:
> On 2021-03-09 08:42 AM, RW wrote:
> >
> > If you keep a full archive of what's been trained. I think it makes
> > sense to trim out old mail occasionally and recreate the database -
> > particularly
On Tue, 09 Mar 2021 07:49:38 -0500
Steve Dondley wrote:
> I've read through
> https://spamassassin.apache.org/full/3.1.x/doc/sa-learn.html which
> states that "anything over about 5000 messages does not improve
> accuracy significantly in our tests."
>
> So once I hit 5,000, what do? Do I run
On Sun, 28 Feb 2021 14:17:08 -0500
Alex wrote:
> Hi,
>
> I have a number of rules that checks for the existence of legitimate
> docusign links and general weirdness (like the lack of a legitimate To
> address or to undisc-recips), but it doesn't work for this legitimate
> docusign email:
>
>
On Sun, 28 Feb 2021 10:33:15 -0500
Michael Grant wrote:
> On Sun, Feb 28, 2021 at 03:53:33PM +0100, Giovanni Bechis wrote:
> > On Sun, Feb 28, 2021 at 07:38:22AM -0500, Michael Grant wrote:
> > > Ultimately I want the spamassassin report in the headers but I
> > > don't want the license key in
On Sun, 28 Feb 2021 07:42:42 -0800 (PST)
John Hardin wrote:
> On Sun, 28 Feb 2021, Michael Grant wrote:
>
> > I've traced through the AskDNS plugin and it's definitely only
> > looking at the first response that gets returned in this case. I
> > also tried a regex submatch like:
> >
> > askdns
On Thu, 25 Feb 2021 12:13:59 -0500
Alan wrote:
> Bitcoin addresses start with either 1 or 3.
Most do, but around 13% of those reported to the bitcoin abuse database
are in the format starting with "bc".
> It's less general specifically to avoid FPs. Personally I'm weighting
> this pretty high
On Wed, 24 Feb 2021 18:37:42 -0800 (PST)
John Hardin wrote:
> On Wed, 24 Feb 2021, Alan wrote:
>
> > After a little more research, a better regex for an obfuscated BTC
> > address is
> >
> > /[13][ \-]([a-km-zA-HJ-NP-Z0-9][ \-]){25,32}[a-km-zA-HJ-NP-Z0-9]/
> >
> > It might be worth adding = and
On Wed, 24 Feb 2021 08:10:48 -0700
lbutlr wrote:
> On 24 Feb 2021, at 7:10, Alessio Cecchi wrote:
>
> > that match "X-Mailer =~ /q(?!q?mail|\d|[-\w]*=+;)[^u]/i"
> >
> > Is "Qboxmail" the problem?
>
> Yes.
> > Since this is the name of our company are there any chances to keep
> > it without
On Tue, 23 Feb 2021 13:41:58 -0800 (PST)
John Hardin wrote:
> On Tue, 23 Feb 2021, Dan Malm wrote:
>
> > On 2021-02-23 16:29, John Hardin wrote:
> >> On Tue, 23 Feb 2021, Dan Malm wrote:
> >>> Received: from onecom-webmail1 (service.pub.appspod1-cph3.one.com
> >>> [ ])
> >>> by mailrelay3
On Sun, 21 Feb 2021 16:32:01 -0800 (PST)
John Hardin wrote:
> On Sun, 21 Feb 2021, John Hardin wrote:
>
> > On Sun, 21 Feb 2021, Dominic Raferd wrote:
> >> Michael's suggestion is interesting. There is a github project
> >> allowing Levenshtein numbers to be calculated and used in SA, I
> >>
On Sun, 21 Feb 2021 17:00:32 +
Dominic Raferd wrote:
> On 21/02/2021 16:20, Benny Pedersen wrote:
> > On 2021-02-21 17:00, RW wrote:
> >> On Sun, 21 Feb 2021 14:04:20 +
> >> Dominic Raferd wrote:
> >>
> >>> On 21/02/2021 13:56,
1 - 100 of 2151 matches
Mail list logo
