charset=utf-16 tricks out SA

Content-Type: text/plain; charset=utf-16 Content-Transfer-Encoding: base64 no custom body rules hit like they do for ISO/UTF8 :-( signature.asc Description: OpenPGP digital signature

Re: Investigating facebook spam

Am 06.10.2015 um 19:45 schrieb Joe Quinn: On 10/6/2015 1:38 PM, Alex wrote: Hi, I've received a handful of messages that appear to be facebook notifications, but fail SPF. They otherwise look completely legit - links to profiles, only URLs to facebook.com and CDN caching sites, and even appea

Re: Investigating facebook spam

Am 06.10.2015 um 19:44 schrieb Reindl Harald: Am 06.10.2015 um 19:38 schrieb Alex: I've received a handful of messages that appear to be facebook notifications, but fail SPF. They otherwise look completely legit - links to profiles, only URLs to facebook.com and CDN caching sites, and

Re: Investigating facebook spam

Am 06.10.2015 um 19:38 schrieb Alex: I've received a handful of messages that appear to be facebook notifications, but fail SPF. They otherwise look completely legit - links to profiles, only URLs to facebook.com and CDN caching sites, and even appears to have been routed through facebook's out

Re: any reason not to block every Softlayer allocation?

Am 06.10.2015 um 04:39 schrieb Jo Rhett: On Oct 5, 2015, at 7:36 PM, Reindl Harald wrote: Am 06.10.2015 um 04:33 schrieb Jo Rhett: Looking at my spam block statistics, not a single IP I’ve reported to SoftLayer over the last two years has been shut down. Is there any reason I shouldn’t just

Re: any reason not to block every Softlayer allocation?

Am 06.10.2015 um 04:33 schrieb Jo Rhett: Looking at my spam block statistics, not a single IP I’ve reported to SoftLayer over the last two years has been shut down. Is there any reason I shouldn’t just block all their allocations and save myself some effort? if it's your personal mail only -

Re: Training Bayes with BAYES_999 Mail

Am 02.10.2015 um 19:15 schrieb Andrew Davidson: I'm not an expert on the mechanics of Bayes so I'm wondering how valuable it is to continue training with collected spam that is properly tagged with BAYES_999. Does that help to reinforce the logic or is it overly focusing the database on emai

Re: The word on messages w/ no Message-Id

Am 29.09.2015 um 23:45 schrieb coolhandluke: based on just what i've found in the last 10 minutes, i would be very careful about scoring anything related to {invalid|missing|extra} headers too high. definitely test your rules extensively (with very low scores) before rolling them out to produc

Re: Add "may be forged" minor rule?

Am 28.09.2015 um 22:04 schrieb Amir Caspi: On Sep 28, 2015, at 1:53 PM, John Hardin wrote: Is greylisting an acceptable option in your environment? Probably not. I've got some users who would not accept it. I'm thinking of implementing it anyway, but right now, not a viable option dep

Re: dmarcian.com down ?

Am 27.09.2015 um 22:08 schrieb Benny Pedersen: http://downforeveryoneorjustme.com/dmarcian.com what happens ? how is a downtime of a random site a SA topic? signature.asc Description: OpenPGP digital signature

Re: Test for empty EnvelopeFrom

Am 23.09.2015 um 19:24 schrieb Philip Prindeville: Stating facts here, not giving an opinion. Not sure what’s up for debate. if it is empty it's <> aka Null-Sender and you really don't block that because you violating RFC's, block sane autoreplies usng it to prevent mail-loops and the subje

Re: Test for empty EnvelopeFrom

Am 22.09.2015 um 19:43 schrieb Philip Prindeville: I’m using SA with MdF on Linux (Fedora 22). MdF generates the header “Return-Path: ” for me, so that should be available to me in the rules. To test this, I wrote a couple of rules: header __L_EMPTY_SENDER EnvelopeFrom:addr !~ /./ h

Re: best way to whitelist this list?

Am 21.09.2015 um 18:56 schrieb Kris Deugau: A. Schulze wrote: today I was notified by ezmlm that my MTA rejected messages to me. Messages to this list where classified as spam by .. spamassassin. OK, no surprise some messages look spammy. As usual: there is one solution that is smart, fast an

Re: Heads up: Net::DNS update may have quietly broken your SpamAssassin.

Am 20.09.2015 um 18:57 schrieb Jonathan Nichols: On Sep 18, 2015, at 12:41 AM, Bill Cole wrote: nd after many hours of trying to determine why which included reviewing BIND configs and packet captures and dissection, I nailed it down to SA making DNS queries without the "recursion desire

Re: best way to whitelist this list?

Am 19.09.2015 um 20:12 schrieb A. Schulze: today I was notified by ezmlm that my MTA rejected messages to me. Messages to this list where classified as spam by .. spamassassin. OK, no surprise some messages look spammy. As usual: there is one solution that is smart, fast and obvious. But someti

Re: What is the meaning of "host=NULL"

Am 18.09.2015 um 01:24 schrieb Bill Cole: :2015-09-09 07:35:40 1ZZeb1-00053O-Hy SA: Action: scanned but message isn't spam: score=3.7 required=4.0 (scanned in 13/13 secs | Message-Id: ndy1ogi4nmnhyjc3ytu3ymm3mzexyjbhmty0mzy2z...@light.bylawswhi***ppy.com) URIBL_BLACK Contains an URL l

Re: Add/Modify a header on matching rule

Am 17.09.2015 um 14:26 schrieb Vikram Goyal: I have a requirement as per subject. I created a test rule, as following: # Add header header __Spl_SubjectSubject =~ /.*(Chk hdr TTgre7U).*/i meta GMAIL_TAGS (( __Spl_Subject) > 0) add_header all X-Tag-Type P describe GMAIL_TAGS Manual: add/mo

Re: Live upgrade safe?

Am 17.09.2015 um 01:45 schrieb Nick Edwards: also I wonder why an unbound user joins the bind list because some people are smart enough to use different software for different usecases as unbound for caching-only servers and named for autoritative nameservers and for some usecases like rout

Re: URIBL_BLOCKED while using local BIND

e the ISP cache can't make the SOA server faster Am 16.09.2015 um 13:43 schrieb Reindl Harald: Am 16.09.2015 um 13:38 schrieb Marc Richter: Am 16.09.2015 um 11:41 schrieb Axb: Although, the intended setup with exemptions by defining empty forwarders for DNSBL zones was not my idea - t

Re: URIBL_BLOCKED while using local BIND

Am 16.09.2015 um 13:38 schrieb Marc Richter: Am 16.09.2015 um 11:41 schrieb Axb: Although, the intended setup with exemptions by defining empty forwarders for DNSBL zones was not my idea - this scenario is described on the SA wiki as a working solution: http://wiki.apache.org/spamassassin/Cach

Re: URIBL_BLOCKED while using local BIND

Am 16.09.2015 um 11:36 schrieb Marc Richter: I am - it's the very same setup you describe like I'm using. The only difference is that I do not rely on a dedicated DNS resolver I setup myself, but the centralized nameserver of my ISP, which works exactly like any nameserver I'd setup myself. no

Re: Live upgrade safe?

Am 16.09.2015 um 04:25 schrieb Nick Edwards: On 9/15/15, Reindl Harald wrote: Am 15.09.2015 um 00:05 schrieb Nick Edwards: On 9/15/15, Matus UHLAR - fantomas wrote: On 12.09.15 15:27, Reindl Harald wrote: and no, i am not the package maintainer but the first person who would file a bug

Re: Recommendations for mail with only an image

Am 16.09.2015 um 04:45 schrieb Alex: Apparently our users use email quite a bit to share pictures. These emails typically contain no subject and no body, just the image. This hits all sorts of rules (perhaps correctly), and was just looking for input on how it should be handled. There are a fe

Re: URIBL_BLOCKED while using local BIND

you don't look at the whole picture anyways 543 msec is high ;; Query time: 121 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Di Sep 15 13:27:59 CEST 2015 ;; MSG SIZE rcvd: 57 Am 15.09.2015 um 12:55 schrieb Reindl Harald: Am 15.09.2015 um 12:51 schrieb Marc Richter: I recently re

Re: URIBL_BLOCKED while using local BIND

Am 15.09.2015 um 12:51 schrieb Marc Richter: I recently read the following in all my filtered Mail: 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. So I read what's written there

Re: Live upgrade safe?

Am 15.09.2015 um 00:05 schrieb Nick Edwards: On 9/15/15, Matus UHLAR - fantomas wrote: On 12.09.15 15:27, Reindl Harald wrote: and no, i am not the package maintainer but the first person who would file a bug for *any* package which rely on a internet connection due update Am 14.09.2015

Re: Live upgrade safe?

Am 14.09.2015 um 20:13 schrieb Matus UHLAR - fantomas: On 12.09.15 15:27, Reindl Harald wrote: and no, i am not the package maintainer but the first person who would file a bug for *any* package which rely on a internet connection due update Am 14.09.2015 um 17:25 schrieb Matus UHLAR

Re: Live upgrade safe?

Am 14.09.2015 um 17:25 schrieb Matus UHLAR - fantomas: On 12.09.15 15:27, Reindl Harald wrote: and no, i am not the package maintainer but the first person who would file a bug for *any* package which rely on a internet connection due update in such case it's up to the distribu

Re: Live upgrade safe?

Am 14.09.2015 um 02:17 schrieb Benny Pedersen: Greg Troxel skrev den 2015-09-14 01:35: I don't remember getting bit by it until just now. ask your self, what will happend if you upgraded rpm package that is possible new in the rpm repos, but cointains also the rules that are old, and you dai

Re: Live upgrade safe?

Am 14.09.2015 um 01:41 schrieb Reindl Harald: Am 14.09.2015 um 01:35 schrieb Greg Troxel: Reindl Harald writes: RPM packages are not supposed to contact network *3rd party* ressources at install time and when you think 1 second you know why - who tells you that the 3rd party ressource is

Re: Live upgrade safe?

Am 14.09.2015 um 01:35 schrieb Greg Troxel: Reindl Harald writes: RPM packages are not supposed to contact network *3rd party* ressources at install time and when you think 1 second you know why - who tells you that the 3rd party ressource is available at that moment and how handle errors

Re: Live upgrade safe?

Am 12.09.2015 um 19:15 schrieb Matus UHLAR - fantomas: On 12.09.15 15:27, Reindl Harald wrote: and the package maintainer will tell you it should be considered as bug upstream when updates from the network are mandatory - no package does that and SA can also be sueful on machines without a

Re: Live upgrade safe?

Am 12.09.2015 um 16:08 schrieb Matus UHLAR - fantomas: Am 11.09.2015 um 21:08 schrieb Matus UHLAR - fantomas: if your distribution restarts spamassassin, it will most probably download the rules before. Not everyone uses distributions... On 12.09.15 04:20, Reindl Harald wrote: no, the

Re: Live upgrade safe?

Am 12.09.2015 um 15:24 schrieb Matus UHLAR - fantomas: Am 11.09.2015 um 21:08 schrieb Matus UHLAR - fantomas: if your distribution restarts spamassassin, it will most probably download the rules before. Not everyone uses distributions... On 12.09.15 04:20, Reindl Harald wrote: no, the

Re: Live upgrade safe?

Am 11.09.2015 um 21:08 schrieb Matus UHLAR - fantomas: >Can I safely upgrade SA from 3.4.0 to 3.4.1 without changing any local >configuration files, and without regenerating the Bayes database? (I >use the default bdb Bayes store.) On 2015-08-14 17:45 +0200, Reindl Harald wrote:

Re: Live upgrade safe?

Am 11.09.2015 um 18:12 schrieb Benny Pedersen: Ian Zimmerman skrev den 2015-09-11 18:05: I appreciate you trying to help, but you don't really answer my question. Even if I could do what you suggest, the rsync would still take finite time - longer than the interval between the upgrade and th

Re: Live upgrade safe?

Am 11.09.2015 um 18:05 schrieb Ian Zimmerman: On 2015-09-11 17:35 +0200, Reindl Harald wrote: Can I safely upgrade SA from 3.4.0 to 3.4.1 without changing any local configuration files, and without regenerating the Bayes database? (I use the default bdb Bayes store.) yes, but you need to

Re: Live upgrade safe?

Am 11.09.2015 um 17:54 schrieb RW: On Fri, 11 Sep 2015 08:21:15 -0700 Ian Zimmerman wrote: On 2015-08-14 17:45 +0200, Reindl Harald wrote: Can I safely upgrade SA from 3.4.0 to 3.4.1 without changing any local configuration files, and without regenerating the Bayes database? (I use the

Re: Live upgrade safe?

Am 11.09.2015 um 17:21 schrieb Ian Zimmerman: On 2015-08-14 17:45 +0200, Reindl Harald wrote: Can I safely upgrade SA from 3.4.0 to 3.4.1 without changing any local configuration files, and without regenerating the Bayes database? (I use the default bdb Bayes store.) yes, but you need to

Re: SA doesn't respect my user_prefs

Am 11.09.2015 um 16:53 schrieb Benny Pedersen: Reindl Harald skrev den 2015-09-11 16:12: spamd: cannot run as nonexistent user or root with -u option spamd must not be startet with the -u option as root, the whole purpose is to have the daemon process running as root and then "spam

Re: SA doesn't respect my user_prefs

to run "spamassassin" instead of spamc, don't I? I do not understand the reason for spamc to exist then -- Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / CISO / Software-Development m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33 icq:

Re: Large volume of 0.0 scores suddenly

Am 11.09.2015 um 15:03 schrieb Peter Kelly: Why Antony? What would that do for me other than save hits against URIBL? I am signing up for their paid service so I will not have the URIBL_BLOCKED issue anymore. It does not explain the 0.0 issue I am having anyway. what is so hard to understand

Re: SA doesn't respect my user_prefs

Am 11.09.2015 um 11:35 schrieb Marc Richter: Guess this means that I have to run "spamassassin" instead of spamc, don't I? I do not understand the reason for spamc to exist then uhm because it does the real work? in the case below milter -> spamd -> spamc preforkers [root@mail-gw:~]$ syste

Re: whoisgurad / registrar-servers.com

Am 10.09.2015 um 10:59 schrieb Axb: On 09/10/2015 10:47 AM, Reindl Harald wrote: has anybody ever seen legit mail from domains there? Yes, sadly ENOM is a huge cesspool but it also has a ton of legit registered domains on thse NS. i am not sure about that, looks like "name-service

whoisgurad / registrar-servers.com

has anybody ever seen legit mail from domains there? for me it looks like only spammers register every day a new domain with that whois from Panama to bypass sender/uri-blacklists Sep 10 09:53:10 panel: spamfilter: Sender-Backlist "heute*-*abend*-*date*.*info" added Sep 10 09:55:31 panel: spam

Re: Problem with Bayes

Am 09.09.2015 um 16:03 schrieb Ben Whyall: I have a mail setup serving multiple domains that is running on ubuntu lts 14.04.03 lts. Spamassassin 3.4.0 Perl 5.18.2 Exim 4.82 We have bayes stored in a mysql database When spamassassin is run from exim, it is always returning a hit on rule Bayes

Re: SA gone mad

Am 09.09.2015 um 14:08 schrieb Farkas Zsolt: please find the original incoming email saved by SA: http://pastebin.com/mszg5nJe the email notification received back from SA on spamadmin account http://pastebin.com/0UTvT9tQ i would say this is the wrong mailing-list since you are running amavis

Re: SA gone mad

Am 09.09.2015 um 12:15 schrieb Farkas Zsolt: your first post sounded like spam is coming through and not FP's I mean: lot of emails were marked as SPAM when the limit was at 4.9, and it started from one day to another without config or system change now the limit is at 15 but it sill filte

Re: SA gone mad

Am 09.09.2015 um 11:20 schrieb Farkas Zsolt: 2015.09.09. 11:02 keltezéssel, Reindl Harald írta: Am 09.09.2015 um 10:56 schrieb Farkas Zsolt: Can you help me with please? One of our SA installation has gone mad since a few days: -it is filtering mails below required points: Content

Re: SA gone mad

Am 09.09.2015 um 10:56 schrieb Farkas Zsolt: Can you help me with please? One of our SA installation has gone mad since a few days: -it is filtering mails below required points: Content analysis details: (12.5 points, 15.0 required) Content analysis details: (10.7 points, 15.0 required) 15.0

Re: Segfault with bayes_sql

Am 06.09.2015 um 21:52 schrieb Hoggins!: Le 06/09/2015 21:29, Bill Cole a écrit : Just after un upgrade, I happen to have an issue with Spamassassin that would refuse to start, giving a segmentation fault. You neglected to mention what you upgraded, but that generic problem description is ty

Re: Bayes Portal

rejected there is no mail to train ham from On 04.09.15 19:32, Reindl Harald wrote: not, true * spamassassin does reject depending on the glue spamassassin does not reject. It is the glue that rejects and SA does not know anything about that. * the "-B"-option of spamass-milter send

Re: Bayes Portal

Am 04.09.2015 um 19:24 schrieb Benny Pedersen: Roman Gelfand skrev den 2015-09-04 17:02: If an email got rejected, train it or white list it as it never reaches the client. fail, spamassassin does not REJECT mails, and if it got rejected there is no mail to train ham from not, true * spama

Re: Can't get bayes filtering to work

and since you never should run such tools as root normally the problem won't exist On Thu, Sep 3, 2015 at 8:04 AM Reindl Harald mailto:h.rei...@thelounge.net>> wrote: Am 03.09.2015 um 13:48 schrieb Roman Gelfand: > I reconfigured spamassassin to use mysql. Now, it se

Re: URIDNSBL but with full URL

Am 03.09.2015 um 14:06 schrieb Martin Gregorie: On Thu, 2015-09-03 at 12:28 +0200, Axb wrote: Please excuse my ignorance but wouldn't a key:value server like Redis do the trick? It can't get much faster than that.. ok.. maybe memcached Yes, I don't see why not: I hadn't considered Redis

Re: Can't get bayes filtering to work

Am 03.09.2015 um 13:48 schrieb Roman Gelfand: I reconfigured spamassassin to use mysql. Now, it seems to be working. With every email, of the same type, learned for spam, the score is being bumped up well, that's not because mysql, as explained multiple times you need to train the same baye

Re: Amazon Route53 nameservers listed in SBL?

Am 03.09.2015 um 09:33 schrieb Matus UHLAR - fantomas: On 02.09.15 17:49, Reindl Harald wrote: [harry@mail-gw:~]$ cat maillog | grep URIBL_SBL | wc -l 16 wow what about "grep -c URIBL_SBL maillog"? http://porkmail.org/era/unix/award.html who cares in a one-shot command over a

Re: Amazon Route53 nameservers listed in SBL?

Am 02.09.2015 um 17:40 schrieb Dave Pooser: (Sorry for the double post if you saw this message on SDLU as well.) I just had a Spamassassin FP that hit URIBL_SBL Contains an URL's NS IP listed in the SBL blocklist [URIs: www.alfordmedia.com] Doing a w

Re: Postfix “RCPT from unknown Sender address rejected: Domain not found" error after SpamAssassin installation

so no surprise that postfix is not able to resolve - just don't do that! running postfix with chroot enabled is the root cause of most problems over many years - including the wrong debian defaults while not take care of a sane and working chroot On 02 Sep 2015, at 11:57, Reindl Harald

Re: Postfix “RCPT from unknown Sender address rejected: Domain not found" error after SpamAssassin installation

"NOQUEUE: reject: RCPT from unknown Sender address rejected: Domain not found" is clearly Postfix and "reject_unknown_sender_domain" while you should post *all* loglines for that transaction and not just one stripped line Am 02.09.2015 um 11:50 schrieb Carlo Manuali: Hi, I tried different se

Re: URIDNSBL but with full URL

Am 02.09.2015 um 10:23 schrieb Axb: On 09/02/15 09:51, Olivier Nicole wrote: Hi, I am looking at malware patrol, but they offer a list of over 300,000 rules, that is way too big. So I was considering using it in a URIDNSBL type of way, but including the full URL, not only the host part. It s

Re: Ideas for blocking 'list' spam

Am 01.09.2015 um 17:34 schrieb Alex: Hi all, I'm having a problem with "buy my list" spam and hoped someone could help me with ideas of how to best block them. Here's an example: http://pastebin.com/01C1DDmq Even a few days later, and the sending IP isn't blacklisted anywhere. I have a coup

Re: whitelist_from_rcvd Not Working

Am 29.08.2015 um 13:46 schrieb RW: On Sat, 29 Aug 2015 12:45:27 +0200 Reindl Harald wrote: Am 29.08.2015 um 12:40 schrieb websiterepairguy.: I'm trying to get the following line to work in my user_prefs file: whitelist_from_rcvd*bankofamerica.com <http://bankofamerica.com/>bankof

Re: whitelist_from_rcvd Not Working

Am 29.08.2015 um 12:40 schrieb websiterepairguy.: I'm trying to get the following line to work in my user_prefs file: whitelist_from_rcvd*bankofamerica.com bankofamerica.com Of course, this works: whitelist_from*bankofamerica.com

Re: Hitting an address in the From:name

Am 21.08.2015 um 17:38 schrieb RW: On Fri, 21 Aug 2015 14:28:13 +0200 Reindl Harald wrote: Am 21.08.2015 um 14:14 schrieb Martin Gregorie: I regularly get sent competition results sheets that your suggestion would reject. A recent results sheet I received has 62 recipients occupying 2336

Re: Hitting an address in the From:name

Am 21.08.2015 um 14:14 schrieb Martin Gregorie: Its quite common to find large recipient lists in newsletters sent by committee members in hobby or sports clubs. These clubs generally don't have the time or expertise to maintain a listserv. The roles of secretary and/or newsletter editor tends t

Re: Hitting an address in the From:name

Am 21.08.2015 um 06:32 schrieb Bill Cole: On 20 Aug 2015, at 14:49, Joe Quinn wrote: That said, header fields are likely never going to be long enough for what you currently have to be a performance concern. (I was about to say it was impossible, but then I saw there is no length limit on he

Re: WAS: Re: Mailblacklist.com

Am 18.08.2015 um 23:17 schrieb Benny Pedersen: Axb skrev den 2015-08-18 15:29: .. then pls start a new thread, pastebin samples and give rule writers/analysts something to work with. there was no references in the msg you replyed to, unfair ? typical Benny, looks like you read what you qu

Re: MailBlacklist.com Integration Testing Phase

Am 18.08.2015 um 11:48 schrieb MailBlacklist.com Management: Good Morning, @David - Thank you for your feedback 127.0.0.2 is now back in our RBL. It was removed yesterday while we were updating our response codes, getting ready for our announcement of another major feed provider. @Noel - You a

Re: MailBlacklist.com Integration Testing Phase

Am 17.08.2015 um 23:47 schrieb MailBlacklist.com Management: Thank you for your feedback, Points 1-5 are being addressed and will be very transparent within the next working week. Once that information is available to public we will release an update to this feed. honestly my problem is start

Re: Live upgrade safe?

Am 14.08.2015 um 17:32 schrieb Ian Zimmerman: Can I safely upgrade SA from 3.4.0 to 3.4.1 without changing any local configuration files, and without regenerating the Bayes database? (I use the default bdb Bayes store.) yes, but you need to run "sa-update" before restart to fetch the latest

Re: PatioDeals@****** how to get high score

Am 13.08.2015 um 21:52 schrieb Alex: Thanks all, for your support. I did fed spammy emails, most are blocked but users still get bunch of those emails a day. I added this in MTA: smtpd_sender_restrictions = reject_unknown_sender_domain in the .cf file I addes blacklist_from *.review blacklist_

Re: PatioDeals@********* how to get high score

why don't you just score BAYES_95 higher while train that messages properly so they get BAYES_99 - additionally there are sure subject and body-parts for custom, low-scored filters scored body/subject filters where here they key to get the last junk also properly rejected and finally reach a 9

Re: Changing rule weighting

Am 12.08.2015 um 20:53 schrieb Martin Skjöldebrand: Now that the Bayesian filter is killing stuff as it should, and looking at what is let through despite the filter saying it's spam and reading this: https://spamassassin.apache.org/tests_3_3_x.html (all ot her tests think it's legit on the who

Re: UCE not stopped

Am 11.08.2015 um 19:17 schrieb Martin Skjöldebrand: On Tue, 2015-08-11 at 14:10 +0200, Martin Skjöldebrand wrote: On Tue, 2015-08-11 at 10:09 +0200, Reindl Harald wrote: than fix /etc/passwd and give that user a sehll (as i did for spamass-milter user on Fedora), after that you can &qu

Re: spf rfc 7208 checkers

Am 11.08.2015 um 15:41 schrieb Benny Pedersen: Reindl Harald skrev den 2015-08-11 15:29: Am 11.08.2015 um 15:26 schrieb Benny Pedersen: anyone know where one is ? i fear all i have is for rfc 4408 :/ http://www.openspf.net/Why?s=mfrom;id=m...@junc.eu;ip=176.58.121.172 if the SPF is

Re: spf rfc 7208 checkers

Am 11.08.2015 um 15:26 schrieb Benny Pedersen: anyone know where one is ? i fear all i have is for rfc 4408 :/ http://www.openspf.net/Why?s=mfrom;id=m...@junc.eu;ip=176.58.121.172 if the SPF is invalid or there would be warnings you would see them there signature.asc Description: OpenPGP

Re: Phishtank and SpamAssassin

Am 11.08.2015 um 14:02 schrieb Sujit Acharyya-choudhury: The URIBL_PH_SURBL is actually not very useful. I have checked a real phishing site with SURBL and it shows clean in SURBL - I think, SURBL only looks at the part of the domain. every URIBL check only tests the main-domain of a link, t

Re: Phishtank and SpamAssassin

Am 11.08.2015 um 13:11 schrieb Sujit Acharyya-choudhury: I have seen lot of Phishes submitted in Phishtank.com and yet there is no rule to check Phishtank.com. Would it be a good idea to give some points to phishes submitted to phishtank – even if they are not verified? that's way better plac

Re: UCE not stopped

Am 11.08.2015 um 10:04 schrieb Martin Skjöldebrand: On Tue, 2015-08-11 at 09:06 +0200, Matus UHLAR - fantomas wrote: 2. how do you run SA? If you are using amavis or other system that uses single account for scoring, you must train that account This is the output of ps aux | grep spamd roo

Re: Large messages not being scanned.

Am 06.08.2015 um 17:38 schrieb Ken D'Ambrosio: Hi! I'm getting headers like this: Aug 4 04:24:58 agrajag spamc[2557]: skipped message, greater than max message size (512000 bytes) Now, I'm just not sure where to *change* that; apparently, it's set via the "-s max_siz

Re: Bayes Filtering

Am 02.08.2015 um 18:36 schrieb Christian Jaeger: On August 2, 2015 5:15:08 PM CEST, Reindl Harald wrote: Am 02.08.2015 um 14:57 schrieb Roman Gelfand: Could somebody post a successful bayes configuration? ?? you just need to *train* it for ham *and* spam I think I remember from past

Re: Bayes Filtering

Am 02.08.2015 um 14:57 schrieb Roman Gelfand: Could somebody post a successful bayes configuration? ?? you just need to *train* it for ham *and* spam signature.asc Description: OpenPGP digital signature

Re: Hashcash not working

um 16:45 schrieb Reindl Harald: Am 31.07.2015 um 16:37 schrieb RW: On Fri, 31 Jul 2015 13:36:21 +0200 Christian Jaeger wrote: On July 30, 2015 2:40:35 AM CEST, RW wrote: The plugin is on by default and use_hashcash defaults to 1, but you need to set hashcash_accept to an appropriate value T

Re: Hashcash not working

Am 31.07.2015 um 16:37 schrieb RW: On Fri, 31 Jul 2015 13:36:21 +0200 Christian Jaeger wrote: On July 30, 2015 2:40:35 AM CEST, RW wrote: The plugin is on by default and use_hashcash defaults to 1, but you need to set hashcash_accept to an appropriate value That's disappointing. For me t

Re: RBL format to blacklist email addresses?

Am 30.07.2015 um 02:16 schrieb John Hardin: On Wed, 29 Jul 2015, Bill Cole wrote: On 29 Jul 2015, at 18:56, David B Funk wrote: IE the DNS system is always case-insensitive The difference between DNS being specified as case-insensitive ...which restores my question about collisions ba

Re: RBL format to blacklist email addresses?

Am 30.07.2015 um 01:53 schrieb Bill Cole: Does this text look at all familiar? Verbs and argument values (e.g., "TO:" or "to:" in the RCPT command and extension name keywords) are not case sensitive, with the sole exception in this specification of a mailbox local-part (SMTP Extension

Re: RBL format to blacklist email addresses?

Am 29.07.2015 um 23:34 schrieb John Hardin: On Wed, 29 Jul 2015, Paul Stead wrote: On 29/07/15 18:11, Benny Pedersen wrote: Henrik krohn did create a emailbl.pl but it was droppede later, it Was designede very well, i have tryed Google it, but seems impossible to get links to it now. I

Re: Bayes Filtering

Am 22.07.2015 um 15:52 schrieb Matus UHLAR - fantomas: On 22.07.15 10:09, Reindl Harald wrote: i doubt that you really want that and even if for sure not for BAYES_99 but BAYES_999, it makes no sense - bayes alone is not the only decision in a scoring system, it's one component that

Re: Bayes Filtering

Am 22.07.2015 um 14:18 schrieb RW: On Wed, 22 Jul 2015 13:40:12 +0200 Matus UHLAR - fantomas wrote: Am 22.07.2015 um 05:05 schrieb Roman Gelfand: shortcircuit BAYES_99 spam shortcircuit BAYES_00 ham On 22.07.15 10:09, Reindl Harald wrote: i doubt that you really want that and even if for

Re: Bayes Filtering

Am 22.07.2015 um 13:40 schrieb Matus UHLAR - fantomas: Am 22.07.2015 um 05:05 schrieb Roman Gelfand: shortcircuit BAYES_99 spam shortcircuit BAYES_00 ham On 22.07.15 10:09, Reindl Harald wrote: i doubt that you really want that and even if for sure not for BAYES_99 but BAYES_999, it makes

Re: Bayes Filtering

Am 22.07.2015 um 05:05 schrieb Roman Gelfand: shortcircuit BAYES_99 spam shortcircuit BAYES_00 ham i doubt that you really want that and even if for sure not for BAYES_99 but BAYES_999, it makes no sense - bayes alone is not the only decision in a scoring system, it's one component that sa

Re: Spam surge

Am 21.07.2015 um 21:58 schrieb Reindl Harald: Am 21.07.2015 um 21:50 schrieb Bowie Bailey: I am getting a bunch of spam that is hitting almost nothing except Bayes and occasionally DCC. I can't seem to find any kind of pattern to key on. The IP addresses, From addresses, Subject

Re: Spam surge

Am 21.07.2015 um 21:50 schrieb Bowie Bailey: I am getting a bunch of spam that is hitting almost nothing except Bayes and occasionally DCC. I can't seem to find any kind of pattern to key on. The IP addresses, From addresses, Subject lines, URLs, etc are all different. The URLS look normal

Re: phishing_reply_addresses list

Am 19.07.2015 um 02:36 schrieb Alex: Anyone know what happened to the phishing_reply_addresses list? It appears that the sourceforge site that was hosting it has been unreachable for a few days. https://aper.svn.sourceforge.net/svnroot/aper/phishing_reply_addresses I thought someone might know

Re: BODY_URI_ONLY: False-Positive

Am 12.07.2015 um 16:38 schrieb RW: On Sun, 12 Jul 2015 16:22:09 +0200 Reindl Harald wrote: What I don't get is where the URI is. i guess the mailaddress "Reply to: @***" That'll be it on the other hand that one did not hit it while save the message

Re: KAM.cf KAM_COUK

Am 16.07.2015 um 13:35 schrieb RW: On Thu, 16 Jul 2015 05:02:33 -0400 Kevin A. McGrail wrote: the co.uk appeared in spam and appeared to have cruddy registration security allowing an influx of throwaway domains likely paid through fraudulent means, etc. Spammers can't buy .co.uk domains dir

Re: KAM.cf KAM_COUK

Am 16.07.2015 um 11:20 schrieb Benny Pedersen: Kevin A. McGrail skrev den 2015-07-16 11:02: * 1.1 KAM_COUK Scoring .co.uk emails higher due to poor registry security. In the end, I'd recommend that you score the rule lower for your personal needs or if you have it causing FPs where it scor

Re: SPF confusion

Am 15.07.2015 um 23:21 schrieb Bowie Bailey: I still don't understand the query for sr03a.SMTPNA11.rrdesp.com. That is a sending server parsed from one of the Received lines. What is the expected result of checking SPF on a mail server address? http://www.openspf.org/FAQ/Common_mistakes#helo

Re: non-English sender and body

Am 12.07.2015 um 21:40 schrieb Bill Cole: On 12 Jul 2015, at 11:28, James wrote: The problem is finding out which directory the running spamassassin uses, I can't seen to train the one it expects. I put this in my /etc/spamassassin/local.cf: bayes_path /var/spamassassin/bayes_db/bayes bayes_f

<    2   3   4   5   6   7   8   9   10   11   >