Re: spamd: dns: new_dns_packet: a domain name contains a null label

Am 27.07.2016 um 15:08 schrieb Reindl Harald: Am 27.07.2016 um 12:00 schrieb Reindl Harald: Am 11.07.2016 um 13:47 schrieb Axb: Bug 7156 Bug 7104 Bug 6896 on Fedora 24 when that happens at the same time error like below appear in the maillog (perl-5.22.2-361.fc24.x86_64) maybe better

Re: Childish actions of Harald Reindl

Am 05.08.2016 um 16:27 schrieb Ian Zimmerman: On 2016-08-05 09:46 +0100, Martin wrote: The biggest reason is the way this mailing list is set up, when you click reply it replies to the poster not the list, this has always been a bug bare of mine and something that probably should be

Re: Technical solution (was Re: Childish actions of Harald Reindl)

Am 05.08.2016 um 15:10 schrieb Dianne Skoll: On Thu, 4 Aug 2016 16:53:18 -0500 Ryan Coleman wrote: Can we please have him removed from the mailing list so that every time I send a reply to the list they are not immediately bounced back to me by his server? I also

Re: Childish actions of Harald Reindl

Am 05.08.2016 um 10:46 schrieb Martin: -Original Message- From: Benny Pedersen [mailto:m...@junc.eu] Sent: Friday, August 05, 2016 12:55 AM To: users@spamassassin.apache.org Subject: Re: Childish actions of Harald Reindl On 2016-08-04 23:53, Ryan Coleman wrote: Can we please have

Re: Childish actions of Harald Reindl

Am 05.08.2016 um 01:54 schrieb Benny Pedersen: On 2016-08-04 23:53, Ryan Coleman wrote: Can we please have him removed from the mailing list so that every time I send a reply to the list they are not immediately bounced back to me by his server? if that only would be true.. yes that

Re: Childish actions of Harald Reindl

Am 04.08.2016 um 23:53 schrieb Ryan Coleman: Sigh. Some people are always going to be children Can we please have him removed from the mailing list so that every time I send a reply to the list they are not immediately bounced back to me by his server? THE RULE BELOW IS ABOUT ENVELOPE

Re: detect if html attachment without plugin

Am 04.08.2016 um 18:41 schrieb Reindl Harald: Am 04.08.2016 um 18:38 schrieb Ryan Coleman: On Aug 4, 2016, at 9:04 AM, Reindl Harald <h.rei...@thelounge.net> wrote: may is suggest that you sue your drug dealer and leave us in peace until you found a bett

Re: why is this maillist here marked as

Am 04.08.2016 um 22:37 schrieb Benny Pedersen: precedence bulk ? it should imho really be precedence list because it don't matter and the main point of that header is to supress autoresponders answering to list mail which works fine with both signature.asc Description: OpenPGP digital

Re: detect if html attachment without plugin

Am 04.08.2016 um 18:38 schrieb Ryan Coleman: On Aug 4, 2016, at 9:04 AM, Reindl Harald <h.rei...@thelounge.net> wrote: may is suggest that you sue your drug dealer and leave us in peace until you found a better one - and no - that is not an attack, i just try to find a logical

Re: detect if html attachment without plugin

Am 04.08.2016 um 15:24 schrieb Benny Pedersen: On 2016-08-04 15:08, Axb wrote: Benny, If you can't give immediate REAL help, PLEASE go for a swim or a shower but spare us the rspamd blabber and suggestions which are not even in real english... okay, real help ? where is envelope sender

Re: Paragraph Length Limit (new rule)

Am 03.08.2016 um 21:22 schrieb Ruga: I cannot post the original spam message. Protonmail checks the outgoing messages: if they are spammy, then the sender is banned that is why you where asked *as first response* to put it on pastebin signature.asc Description: OpenPGP digital signature

Re: Paragraph Length Limit (new rule)

, 2016 at 12:51 PM, Reindl Harald <'h.rei...@thelounge.net'> wrote: Am 03.08.2016 um 12:49 schrieb Ruga: > echo "$( cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold > -w 999 | head -n 1 )" >example.txt > > spamassassin -t -D B_LLL.rule On Wed, Aug 3,

Re: Paragraph Length Limit (new rule)

Am 03.08.2016 um 12:49 schrieb Ruga: echo "$( cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 999 | head -n 1 )" >example.txt spamassassin -t -D B_LLL.rule you where asked for a real *mail* example instead some generic stuff On Wed, Aug 3, 2016 at 12:15 PM, Axb

Re: eval:check_uridnsbl to check subdomains

Am 03.08.2016 um 01:43 schrieb Benny Pedersen: On 2016-08-02 17:03, Matus UHLAR - fantomas wrote: you can not, but you could check util_rb_2tld and util_rb_3tld directives to see if it fits your needs use them will disable spam test on this tld aswell just look at

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 02.08.2016 um 23:02 schrieb Benny Pedersen: On 2016-08-02 20:00, John Hardin wrote: Is there any way to use postscreen as a frontend filter for a sendmail MTA? content-filter works nicely in postfix which is not the topic but that postscreen will not use content-filter to help on its

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 02.08.2016 um 20:00 schrieb John Hardin: On Tue, 2 Aug 2016, Bill Cole wrote: What's special about the postscreen delay is: 1. It delays only the last line of a multi-line greeting, so it catches MANY more bots than a simple delay. 2. It caches PASS results so even the very short (6s by

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 02.08.2016 um 18:55 schrieb Bill Cole: Combined, this is why Sendmail and other MTA greeting delays are less spectacularly effective than they used to be and less effective than postscreen. The resource cost of prolonging every session to 6s is untenable for busy machines, so bots that have

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 02.08.2016 um 00:05 schrieb Benny Pedersen: On 2016-08-01 19:02, Matus UHLAR - fantomas wrote: while we're at it, I really don't understand why they do it like this. what's the point behind changing IP address after each delivery attempt? goal is to expose more networks ips to be

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 01.08.2016 um 23:36 schrieb sha...@shanew.net: Others could probably add to that list, but that's just off the top of my head. But, even if a spam source retries and successfully makes it past the greylisting, the greylisting still provides potential benefits, like: - While it was waiting

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 01.08.2016 um 19:02 schrieb Matus UHLAR - fantomas: On 31 Jul 2016, at 22:12, Benny Pedersen wrote: i bet greylist is cough invalid mailservers at the doorstep, it could be that postscreen is bad aswell ? On 01.08.16 07:46, @lbutlr wrote: Sure, if by “invalid” you mean

Re: false possitive

Am 31.07.2016 um 22:16 schrieb Benny Pedersen: On 2016-07-31 21:42, Martin Hepworth wrote: 3.3.1 was released march 2010, yes its a slow update these days as latest is 3.4.1 but most of the updates are around the rulesets But i'd really suggest you update i have :=) well, *now* you have,

Re: false possitive

Am 31.07.2016 um 21:30 schrieb Matus UHLAR - fantomas: On 2016-07-31 21:09, Matus UHLAR - fantomas wrote: so why do you complain in spamassassin list? On 31.07.16 21:13, Benny Pedersen wrote: is this a question ? of course it is a question. it ends by a question mark. read my post on

Re: false possitive

Am 31.07.2016 um 20:43 schrieb Benny Pedersen: On 2016-07-31 20:27, Reindl Harald wrote: Am 31.07.2016 um 16:55 schrieb Benny Pedersen: 3.6 FS_REPLICA Subject says "replica" missing ancor? fix your setup, that rule don't exist [root@mail-gw:~]$ sa-score.sh FS_REPLICA

Re: false possitive

Am 31.07.2016 um 16:55 schrieb Benny Pedersen: 3.6 FS_REPLICA Subject says "replica" missing ancor? fix your setup, that rule don't exist [root@mail-gw:~]$ sa-score.sh FS_REPLICA /usr/share/spamassassin /var/lib/spamassassin/3.004001/updates_spamassassin_org

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 30.07.2016 um 23:10 schrieb Bill Cole: On 30 Jul 2016, at 7:10, Kim Roar Foldøy Hauge wrote: I'm no expert here, but postgrey is usually a purely local test. It should terminate with a "currently busy, try again later" message very quickly. Unless your database is very large, yes. SPF

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 30.07.2016 um 13:10 schrieb Kim Roar Foldøy Hauge: On Sat, 30 Jul 2016, Robert Schetterer wrote: Am 30.07.2016 um 03:34 schrieb Reindl Harald: Am 29.07.2016 um 22:48 schrieb Dianne Skoll: On Fri, 29 Jul 2016 22:39:15 +0200 Robert Schetterer <r...@sys4.de> wrote: I don't use p

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 29.07.2016 um 22:48 schrieb Dianne Skoll: On Fri, 29 Jul 2016 22:39:15 +0200 Robert Schetterer wrote: I don't use postfix or postscreen. hm.. that does not fit the subject..why did you involved yourself ? I am sorry. I should have changed the thread subject. you may

Re: Using Postfix and Postgrey - not scanning after hold

Am 29.07.2016 um 19:26 schrieb Shawn Bakhtiar: On Jul 29, 2016, at 10:12 AM, @lbutlr wrote: On 29 Jul 2016, at 09:20, sha...@shanew.net wrote: I would generalize that even more to say that greylisting should come before any other content-based filtering (virus scanners,

Re: Using Postfix and Postgrey - not scanning after hold

Am 29.07.2016 um 19:12 schrieb @lbutlr: On 29 Jul 2016, at 09:20, sha...@shanew.net wrote: I would generalize that even more to say that greylisting should come before any other content-based filtering (virus scanners, defanging, etc.). Greylisting is a great idea, in theory. In practice

Re: Using Postfix and Postgrey - not scanning after hold

Am 29.07.2016 um 18:15 schrieb John Hardin: On Fri, 29 Jul 2016, Reindl Harald wrote: Am 29.07.2016 um 03:30 schrieb Ryan Coleman: > On Jul 28, 2016, at 2:49 PM, Reindl Harald <h.rei...@thelounge.net> > wrote: > > Am 28.07.2016 um 21:36 schrieb Ryan Coleman: >

Re: Using Postfix and Postgrey - not scanning after hold

Am 29.07.2016 um 03:30 schrieb Ryan Coleman: No, asshole. I fixed it by removing postgrey from the equation. asshole? just look in your mirror! On Jul 28, 2016, at 2:49 PM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 28.07.2016 um 21:36 schrieb Ryan Coleman: Doesn’t matter. I

Re: Using Postfix and Postgrey - not scanning after hold

Am 28.07.2016 um 21:36 schrieb Ryan Coleman: Doesn’t matter. I killed it. It’s gone. I have eliminated postgrey from the installation and things are back to “normal” in other words you burried a problem by remove something instead fix the reason while on every sane setup greylisting comes

Re: spamd: dns: new_dns_packet: a domain name contains a null label

Am 27.07.2016 um 12:00 schrieb Reindl Harald: Am 11.07.2016 um 13:47 schrieb Axb: Bug 7156 Bug 7104 Bug 6896 on Fedora 24 when that happens at the same time error like below appear in the maillog (perl-5.22.2-361.fc24.x86_64) maybe better in context here: Jul 27 13:43:12 mail-gw spamd

Re: spamd: dns: new_dns_packet: a domain name contains a null label

line 1042, line 738.: 1 Time(s) Use of uninitialized value $2 in concatenation (.) or string at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIDNSBL.pm line 1042, line 786.: 1 Time(s) On 07/11/2016 01:42 PM, Jari Fredriksson wrote: Reindl Harald kirjoitti 11.7.2016 14:34: Am

Re: sa-learn --force-expire bails with "netset: illegal IP address given (patricia trie): '=/128'"

Am 26.07.2016 um 17:27 schrieb Benny Pedersen: On 2016-07-26 16:37, Ralf Hildebrandt wrote: I grepped for "=/128" in /etc and /var/lib/spamassassin -- nothing. What is amiss here? http://ipv6bingo.com/ do you post that crap everytime? then place it in your signature me hiddes, check

Re: URIBL randomly not triggered for the same message

Am 06.07.2016 um 17:40 schrieb Reindl Harald: Am 06.07.2016 um 17:35 schrieb John Hardin: On Wed, 6 Jul 2016, Paul Stead wrote: On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low

Re: too many missed spams/false negatives w/ SA 3.4.1 on sendmail, help w config?

Am 24.07.2016 um 02:55 schrieb Reindl Harald: STAY ON LIST Am 24.07.2016 um 02:50 schrieb Robert Kudyba: OK then the next question is why would some messages not be getting scanned whilst others are? What else can I check? Could another config file be bypassing? There's nothing

Re: too many missed spams/false negatives w/ SA 3.4.1 on sendmail, help w config?

paths to whitelists? i don't see how spamassassin is supposed to be called in your setup at all, in my setups with spamass-milter (postfix) talking to spamd it's impossible to skip it at all On Sat, Jul 23, 2016 at 8:44 PM, Reindl Harald <h.rei...@thelounge.net <mailto:h.rei...@theloun

Re: too many missed spams/false negatives w/ SA 3.4.1 on sendmail, help w config?

Am 24.07.2016 um 02:14 schrieb Robert Kudyba: sample header of a missed spam/false negative: http://txt.do/5em14 there are no spamassassin headers - so what is your evidence that this message ever went through spamassassin? signature.asc Description: OpenPGP digital signature

Re: disable X-originating-ip check

Am 22.07.2016 um 15:09 schrieb RW: On Fri, 22 Jul 2016 14:28:06 +0800 wong fook loong wrote: hi all is there anyway to disable check the X-Originating-IP in spamassassin ? Why do you want to do that? most likely to get rid of deep header stuff signature.asc Description: OpenPGP

Re: disable X-originating-ip check

Am 22.07.2016 um 08:28 schrieb wong fook loong: hi all is there anyway to disable check the X-Originating-IP in spamassassin ? clear_originating_ip_headers originating_ip_headers header ... (default: X-Yahoo-Post-IP X-Originating-IP X-Apparently-From

Re: question about filtering spam

Am 19.07.2016 um 23:41 schrieb Jan-Kees van Kampen: FWIW all three of those messages came from sources that are on multiple IP-based block-lists (DNSBLs) such as spamhaus.net, spamcop.net, & abuseat.org. If you were using those methods for filtering (either via postfix filtering or SA

Re: Using Postfix and Postgrey - not scanning after hold

Am 19.07.2016 um 21:46 schrieb Ryan Coleman: On Jul 19, 2016, at 3:14 AM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 19.07.2016 um 06:44 schrieb Ryan Coleman: How do I get Spamassassin configured with Postfix to have the email checked there FIRST before running it through Po

Re: Using Postfix and Postgrey - not scanning after hold

whatever mails you don't want to receive or just use brain 2.0 and ignore it yourself - if you ask questions in the public you are supposed to receive answers - that's how it works On Jul 19, 2016, at 3:02 PM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 19.07.2016 um 21:54 schrie

Re: Using Postfix and Postgrey - not scanning after hold

Am 19.07.2016 um 22:14 schrieb Benny Pedersen: smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination why defer relaying? you know what "unauth_destination" means? http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions

Re: Using Postfix and Postgrey - not scanning after hold

Am 19.07.2016 um 21:54 schrieb Ryan Coleman: Go away. who the hell do you think you are? On Jul 19, 2016, at 2:50 PM, Reindl Harald <h.rei...@thelounge.net <mailto:h.rei...@thelounge.net>> wrote: maybe you should try to understand how the parts of your mailsystem are supp

Re: Using Postfix and Postgrey - not scanning after hold

Am 19.07.2016 um 21:50 schrieb Ryan Coleman: On Jul 19, 2016, at 2:20 AM, Matus UHLAR - fantomas wrote: On 18.07.16 23:44, Ryan Coleman wrote: How do I get Spamassassin configured with Postfix to have the email checked there FIRST before running it through Postgrey?

Re: Using Postfix and Postgrey - not scanning after hold

Am 19.07.2016 um 21:46 schrieb Ryan Coleman: On Jul 19, 2016, at 3:14 AM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 19.07.2016 um 06:44 schrieb Ryan Coleman: How do I get Spamassassin configured with Postfix to have the email checked there FIRST before running it through Po

Re: Using Postfix and Postgrey - not scanning after hold

Am 19.07.2016 um 06:44 schrieb Ryan Coleman: How do I get Spamassassin configured with Postfix to have the email checked there FIRST before running it through Postgrey? why would anyone wants to first run the most expensive filter using RBL/URIBL and later greylist a message resulting in

Re: Anyone else just blocking the ".top" TLD?

Am 16.07.2016 um 21:48 schrieb Jonathan Nichols: I’m just blocking them. .top has been nothing but spam. Looking at my logs, .top accounts for over 90% of the rejected email nowadays. But I’m just doing it in Postfix and this has been working fine. Any ones that I need to whitelist, I just

Re: Anyone else just blocking the ".top" TLD?

Am 16.07.2016 um 16:43 schrieb Max Watkins aka Maciej Hryckiewicz: What will be best approach to block it in EXIM ? Ack rule with lookup in text file ? How would you prevent legit domain from being blocked for example block .book but not book.com?

Re: Benchmarking SA

Am 15.07.2016 um 18:00 schrieb Olivier Coutu: On 2016-07-15 10:22, Reindl Harald wrote: just use spamassassin -D which gives you some timing informations, most likely DNS - DNSBL/DNSWL/URIBL Some DNS lookups indeed seem to take a certain amount of time, but the first 4-second hop cannot

Re: Benchmarking SA

Am 15.07.2016 um 16:06 schrieb Olivier Coutu: I am trying to figure out what part of SA is taking the most time on certain e-mails, e.g time spamassassin ham-1468528393442166.eml [...] real0m34.531s user0m33.958s sys0m0.452s I have installed HitFreqsRuleTiming and the timing

Re: SPF should always hit? SOLVED

Am 11.07.2016 um 21:02 schrieb David B Funk: On Mon, 11 Jul 2016, Reindl Harald wrote: SA has also a weakness or design mistake here "envelope_sender_header X-Local-Envelope-From" while that header comes from postfix with customized configuration because we use it in own

Re: SPF should always hit? SOLVED

Am 11.07.2016 um 19:30 schrieb RW: On Mon, 11 Jul 2016 12:49:04 -0400 Robert Fitzpatrick wrote: I finally was able to get SPF checks to be more reliable by making sure Postfix SPF policies were in place. Here is a good read https://github.com/mail-in-a-box/mailinabox/issues/698

Re: spamd: dns: new_dns_packet: a domain name contains a null label

Am 11.07.2016 um 13:27 schrieb Jari Fredriksson: Reindl Harald kirjoitti 11.7.2016 11:52: Am 11.07.2016 um 10:02 schrieb Jari Fredriksson: Define correctly, please. "www..windstrom.at" is obvious wrong and was meant as "www.windstrom.at", so fix that typo in the backg

Re: spamd: dns: new_dns_packet: a domain name contains a null label

10. heinäkuuta 2016 18.08.32 GMT+03:00 Reindl Harald <h.rei...@thelounge.net> kirjoitti: Jul 8 10:00:40 mail-gw spamd[14221]: dns: new_dns_packet (domain=www..windstrom.at <http://windstrom.at>. type=A class=IN) failed: a domain name contains a null label i guess th

spamd: dns: new_dns_packet: a domain name contains a null label

Jul 8 10:00:40 mail-gw spamd[14221]: dns: new_dns_packet (domain=www..windstrom.at. type=A class=IN) failed: a domain name contains a null label i guess that was a typo in the mail itself - shouldn't SA replace such accidents (double dot) or at least recognize and ignore it so that

Re: Issue on disable ipv6

er-child=50 --socketpath=/run/spamassassin/spamassassin.sock --socketmode=0666 spamass-milter -p /run/spamass-milter/spamass-milter.sock -g sa-milt -R Blocked by Spamfilter -B spamfil...@thelounge.net -r 8.0 -i 10.0.0.0/24 -- -s 10485760 --socket=/run/spamassassin/spamassassin.sock 2016-07-02 5:21

Re: USER_IN_WHITELIST

Am 07.07.2016 um 23:26 schrieb Lorenzo Thurman: Thanks for the info. Does anyone know how I can use whitelistfrom_rcvd? I can't find any clear answers via Google. besides the typo the same way as the other whitelist options the only difference is the second param with is the DNS-PTR of the

Re: USER_IN_WHITELIST

Am 07.07.2016 um 14:12 schrieb Joe Quinn: On 7/6/2016 11:42 PM, Bill Cole wrote: On 6 Jul 2016, at 23:10, lorenzo wrote: [...] The output from spamassassin -t -D < In-whitelist.txt gives the answer, I believe: address hefg...@hkjhkjhk.onmicrosoft.com matches whitelist or blacklist regexp:

Re: URIBL randomly not triggered for the same message

Am 06.07.2016 um 17:35 schrieb John Hardin: On Wed, 6 Jul 2016, Paul Stead wrote: On 06/07/16 16:16, John Hardin wrote: Does that cache-min-ttl also affect NXDOMAIN? Is it possible to configure different TTL for NXDOMAIN (relatively low) and positive results (relatively high)? For this

Re: URIBL randomly not triggered for the same message

Am 06.07.2016 um 14:36 schrieb RW: On Tue, 5 Jul 2016 14:01:17 +0200 Reindl Harald wrote: since there is a local unbound-cache with cache-min-ttl: 300 thanks for the hint, but look at https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7335#c8 reduce the value would make the problem

Re: URIBL randomly not triggered (and SPF too)

uglist.cgi?bug_status=UNCONFIRMED_status=NEW_status=ASSIGNED_status=REOPENED_to1=1=1=exact&%20%20%20%20%20%20%20%20%20email1=h.reindl%40thelounge.net=bug_status=notequals=UNCONFIRMED=reporter=equals=h.reindl%40thelounge.net Am 05.07.2016 um 14:10 schrieb Reindl Harald: Am 05.07.2016 um 14:01 schrieb

Re: URIBL randomly not triggered (and SPF too)

Am 05.07.2016 um 14:01 schrieb Reindl Harald: i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist 50% of all tries against spamd it does NOT hit while the scantime for the whole message is arounnd 3 seconds - since there is a local unbound-cache

URIBL randomly not triggered for the same message

i have here a message with URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist 50% of all tries against spamd it does NOT hit while the scantime for the whole message is arounnd 3 seconds - since there is a local unbound-cache with cache-min-ttl: 300 cache-max-ttl: 10800

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 23:47 schrieb Benny Pedersen: On 2016-07-03 23:34, Groach wrote: On 03/07/2016 23:29, Reindl Harald wrote: sorry, but when i see Benny after 5 years experience on several lists i just have enough, mouth wide often but technical still a noob http://geekologie.com/2011/08

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 23:24 schrieb Alex: whitelist_from *@pm.sprintpcs.com does not work.. Why? It's because the mail has a Resent-From which overrides any other from type header. From the documentation Mail::SpamAssassin::Conf "The headers checked for whitelist addresses are as follows: if

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 20:36 schrieb Benny Pedersen: On 2016-07-03 20:26, Reindl Harald wrote: Envelope-Sender Resent-Sender X-Envelope-From From please tell me what mta add this headers as envelope_sender header ? obviously enough otherwise it would no exist

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 20:23 schrieb Benny Pedersen: On 2016-07-03 20:16, Reindl Harald wrote: when there is no SPF/DKIM you need to rely on headers keep away from using x- headers for whitelist still its forged again you are an idiot and should RTFM before play smart-ass http

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 20:21 schrieb Benny Pedersen: On 2016-07-03 20:17, Reindl Harald wrote: what about shut up? ... the subdomain has no SPF and so there is not much than headers since the subdomain has no SPF there is no SPF test at all its irelevaant you are an idiot "pm.sprin

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 20:18 schrieb Alex: Hi, since they are fucking too stupid for SPF on their subdomains whitelist_from_rcvd *@pm.sprint.com sprintpcs.com all headers begin with x- is pr defination forged header when there is no SPF/DKIM you need to rely on headers omg, both of you

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 20:15 schrieb Benny Pedersen: On 2016-07-03 19:54, Alex wrote: As I mentioned, all attempts to whitelist are ignored. I just don't know why. do not use x- headers for spf testing in spamassassin since its pr defination forged what about shut up? the subdomain has no SPF

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 20:14 schrieb Benny Pedersen: On 2016-07-03 19:46, Reindl Harald wrote: X-Envelope-From: <15556142...@pm.sprint.com> From: 5556142...@pm.sprint.com since they are fucking too stupid for SPF on their subdomains whitelist_from_rcvd *@pm.sprint.com sprintpcs.com all h

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 19:54 schrieb Alex: Received: from lxnsmsomta04.localdomain (smtp4a.mo.sprintpcs.com [66.1.208.13]) by mail01.example.com (Postfix) with ESMTP id 7FF846800CC30 for ; Sat, 25 Jun 2016 21:21:21 -0400 (EDT) Received: from

Re: whitelist issues with sprintpcs.com

Am 03.07.2016 um 19:43 schrieb Alex: I'm trying to whitelist mail from sprintpcs.com in the best way possible, but it's ignoring attempts at even using whitelist_from and I don't know why. Perhaps it's something with the way the mail is formatted? No SPF or DKIM available to be used. These

Re: Issue on disable ipv6

Am 01.07.2016 um 20:25 schrieb Massimo Sandolo: I have an issue when try to disable ipv6. I'm running Debian 8.3 with SpamAssassin version 3.4.0 (running on Perl version 5.20.2). In /etc/defualt/spamassassin the options line is the following: OPTIONS="-4 --create-prefs --max-children 5

Re: Corpus of Spam/Ham headers(Source IP) for research

Am 29.06.2016 um 13:14 schrieb Olivier: Reindl Harald <h.rei...@thelounge.net> writes: forget the big ones - just filter them out and look at the small ones where PTR/Sender is from the same domain, connect it to your destination domains which are easily to find out and voila yo

Re: Corpus of Spam/Ham headers(Source IP) for research

Am 29.06.2016 um 12:59 schrieb Antony Stone: On Wednesday 29 June 2016 at 12:42:02, Reindl Harald wrote: Am 29.06.2016 um 12:35 schrieb Olivier: Reindl Harald <h.rei...@thelounge.net> writes: he asked *exactly the same* with "dataset of source IP addresses of emai

Re: Corpus of Spam/Ham headers(Source IP) for research

Am 29.06.2016 um 12:35 schrieb Olivier: Reindl Harald <h.rei...@thelounge.net> writes: Am 29.06.2016 um 06:45 schrieb Olivier: Though I have devised a mechanism to generate these blacklists, I am not finding a suitable evaluation metric. It would be great if somebody could give me a d

Re: Corpus of Spam/Ham headers(Source IP) for research

Am 29.06.2016 um 06:45 schrieb Olivier: Though I have devised a mechanism to generate these blacklists, I am not finding a suitable evaluation metric. It would be great if somebody could give me a dataset of source IP addresses of emails received by your network which have been marked as

Re: Catching well directed spear phishing messages

Am 28.06.2016 um 16:08 schrieb Jari Fredriksson: Reindl Harald kirjoitti 28.6.2016 16:56: Am 28.06.2016 um 15:25 schrieb Jari Fredriksson: Almost all the phishes I've received in the last few years have done this - except that they have something like "paypal support" r

Re: Protected Sky?

Am 28.06.2016 um 16:00 schrieb RW: On Mon, 27 Jun 2016 22:15:30 +0200 Reindl Harald wrote: Am 27.06.2016 um 21:27 schrieb Vincent Fox: I saw a reference today in my MxToolbox report, to an RBL named Protected Sky which had like double the listing activity of Spamhaus. Does anyone know

Re: Catching well directed spear phishing messages

Am 28.06.2016 um 15:25 schrieb Jari Fredriksson: Almost all the phishes I've received in the last few years have done this - except that they have something like "paypal support" rather than an individual's name. Ah, so true you should look at that - enters my junk folder even with a

Re: Catching well directed spear phishing messages

Am 28.06.2016 um 15:30 schrieb Sidney Markowitz: You are right that social engineering can't be stopped by technology. The company should have procedures in place that provide the flexibility that CEO seems to need but will still prevent the fraud even in the face of successful social

Re: Catching well directed spear phishing messages

Am 28.06.2016 um 14:52 schrieb Jari Fredriksson: I just refuse the believe that the technology has to trust to the From:.*xxx in the smtp payload and not reject this at once. Does the customer use some dmarc-implementation in their mail chain at all? well, when none of your users are

Re: Protected Sky?

Am 27.06.2016 um 21:27 schrieb Vincent Fox: I saw a reference today in my MxToolbox report, to an RBL named Protected Sky which had like double the listing activity of Spamhaus. Does anyone know anything about this outfit? that's a bullshit RBL with large amounts of FP's We primarily rely

Re: Catching well directed spear phishing messages

Am 27.06.2016 um 17:10 schrieb Ram: On Monday 27 June 2016 06:50 PM, Reindl Harald wrote: Am 27.06.2016 um 15:11 schrieb Ram: I am seeing messages that appear to come from the MD or the CEO of the company to the accounts department asking people to transfer money to some fake account

Re: Question regarding address_verify_map

Am 27.06.2016 um 15:32 schrieb Heinrich Boeder: Hi folks, I have a question regarding the command address_verify_map. I use the default setting in my postfix configuration: address_verify_map = btree:$data_directory/verify_cache The verify_cache.db was in my /var/lib/postfix/ folder and I

Re: Catching well directed spear phishing messages

Am 27.06.2016 um 15:11 schrieb Ram: I am seeing messages that appear to come from the MD or the CEO of the company to the accounts department asking people to transfer money to some fake account happens all day long I know these are not spam messages so catching them will be out of scope

Re: spamd protocol

; break; } } return $result; } else { return $response; } } } Am 27.06.2016 um 02:11 schrieb Reindl Harald: i try to pass samples directly over spamd protocol in therory that looks good but log and scan starts after the client closes the conenction or the script exists,

spamd protocol

i try to pass samples directly over spamd protocol in therory that looks good but log and scan starts after the client closes the conenction or the script exists, as long it tries ot read the response nothing happens at all without the "fread($socket, 1024);" it terminates immediately, log

Re: Rules Update was produced

Am 26.06.2016 um 21:43 schrieb John Hardin: Just a FYI for everybody: We finally got enough masscheck ham corpus to cross the minimum threshold, a weekly rules update was produced confirmed 02-Jun-2016 00:00:04: SpamAssassin: No update available 03-Jun-2016 00:00:04: SpamAssassin: No

Re: Which SA test can detect/score this (fairly common) 'freemail' whack-a-mole?

Am 26.06.2016 um 02:02 schrieb Benny Pedersen: On 2016-06-26 01:47, Reindl Harald wrote: Authentication-Results: spf.mail.example.com; spf=softfail (domain owner discourages use of this host) smtp.mailfrom=gmail.com (client-ip=212.82.96.171; helo=nm12-vm1.bullet.mail.ir2.yahoo.com

Re: Which SA test can detect/score this (fairly common) 'freemail' whack-a-mole?

Am 26.06.2016 um 01:06 schrieb Benny Pedersen: On 2016-06-26 00:29, jaso...@mail-central.com wrote: Authentication-Results: dmarc.mail.example.com/876fg6sdf6876498f; dmarc=none header.from=gmail.com https://dane.sys4.de/smtp/gmail.com Authentication-Results:

Re: ixhash.junkemailfilter.com seems to be broken currently

Am 21.06.2016 um 09:03 schrieb Alessio Cecchi: Il 20/06/2016 16:22, Reindl Harald ha scritto: since Marc is present on this list and maybe others using it too: dig A c134389d7cefd3aadce78714669239f2.ixhash.junkemailfilter.com. status: SERVFAIL Query time: 1798 msec so at least for the last

Re: Penalizing code not working

Am 20.06.2016 um 22:01 schrieb spamassas...@linkcheck.co.uk: Bill, thanks for your input. As far as I am aware the versions are the latest for my OS - Mint Maya 13 is essentially Ubuntu 12.04 - but I will check. In any case I'm due to update the OS in the near future Mint?

undecoded UTF-8 will give garbage when decoding entities at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/HTML.pm line 260

undecoded UTF-8 will give garbage when decoding entities at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/HTML.pm line 260 well, it would be fine when it would say *which* of the 68157 eml-files ind the folder is the problem. signature.asc Description: OpenPGP digital signature

ixhash.junkemailfilter.com seems to be broken currently

since Marc is present on this list and maybe others using it too: dig A c134389d7cefd3aadce78714669239f2.ixhash.junkemailfilter.com. status: SERVFAIL Query time: 1798 msec so at least for the last 2 days the rule below slows down scanning score JEF_IXHASH1.0 ixhashdnsbl

Re: Which DNSBLs do you use?

Am 17.06.2016 um 16:37 schrieb Shawn Bakhtiar: On Jun 17, 2016, at 7:25 AM, Vincent Fox wrote: Greylisting imo helps a lot with RBL lag. It can, but it's definitely a double edge sword. Depending on the way the remote MTA works, I've experienced emails being delayed for

  1   2   3   4   5   6   7   8   9   10   >