smtpd_client_message_rate_limit = 400
smtpd_recipient_limit = 100
Wont help much if you have 100k different IPs connecting, and you also
have high volume legit customers
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
On 15/09/23 17:49, Marc wrote:
Is this a freely available list?
It's included in all DQS accounts, free ones too
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
On 15/09/23 17:35, Matus UHLAR - fantomas wrote:
On 15.09.23 15:31, Riccardo Alfieri wrote:
Yes, at previous $dayjob. Applied on the submission MSA, it proved to
be useful in mitigating the fallout when users got their credentials
compromised.
can you describe it more?
Well, I checked
,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
Apologies, this was meant to be a direct email to Alessio...
On 24/03/23 11:33, Riccardo Alfieri wrote:
Buongiorno Alessio,
se ti interessa noi abbiamo un plugin per SA
(https://github.com/spamhaus/spamassassin-dqs) e delle subscription
commerciali per accedere a feed non pubblici.
Se ti
.
MailShell have an SDK for antispam and I will probably contact them.
Do you know any other companies developing an antispam SDK to be
combined with spamassassin?
Thanks
--
Alessio Cecchi
Postmaster @http://www.qboxmail.it
https://www.linkedin.com/in/alessice
--
Best regards,
Riccardo Alfieri
plugin in my embedded spamassassin,
installed inside Zimbra.
I'm a bit afraid of breaking stuff, about missing dependencies and so on.
I'm on SA 3.4.5 and - as a test - I'd like to install ESP plugin.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
ing
an SPF record, and I hope you didn't do it on purpose.
Of course, if you are not using DQS (meaning you are using Spamhaus
public mirrors), you are on your own.
PSA: everyone using public mirrors should switch to free DQS
On 11/01/23 19:43, Benny Pedersen wrote:
Riccardo Alfi
ourage you to open a ticket through
https://check.spamhaus.org/ . We review all FPs and act accordingly.
On 11/01/23 17:56, Benny Pedersen wrote:
it should only check received last ip, not deeap all ips :/
-lastexternal is done by ZEN
--
Best regards,
Riccardo Alfieri
Spamhaus Techno
in the README. No reason to overengineer something that it
should be working by default, as it is in a stock SA installation.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
o add also a:
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
to the .cf files where check_rbl , urirhssub etc are used?
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
On 28/12/22 14:20, Kevin A. McGrail wrote:
Do you have hashbl plugin enabled?
Ah, I thought it was enabled by default in SA 4.0.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
: config: failed to parse line in
/etc/mail/spamassassin/sh.cf (line 71):
urirhssub\tSH_BODYURI_REVERSE_SBL\tyour_DQS_key.zen.dq.spamhaus.net.\tA
127.0.0.2
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
nk: HASHBL,
A/compiling.spamassassin.taint.org.your_dqs_key.dbl.dq.spamhaus.net,
rules: SH_DBL_HEADERS
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
g/drop/drop.lasso <http://spamhaus.org/drop/drop.lasso>
ciarmy.com/list/ci-badguys.txt <http://ciarmy.com/list/ci-badguys.txt>
openbl.org/lists/base.txt <http://openbl.org/lists/base.txt>
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
tal at all.
So I'm just trying to determine whether my config is correct now.
Thanks in advance,
AJ
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
, contact me offlist.
I have only a test server and because of this some real world feedback
would be very appreciated! Thanks!
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
-beta.spamhaus.org, this needs to be updated to query the production
DBL, as dbl-beta.spamhaus.org will not be available after February 15th,
2022.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
To ensure you continue being protected, for free, with our IP and domain
DNSBLs, please move to the DQS.
If you have any questions regarding these changes, please use the
contact form here: https://www.spamhaus.com/#contact-form
--
Best regards,
Riccardo Alfieri
Spamhaus Techno
corpus of ham and spam
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
On 11/01/22 16:14, Larry Rosenman wrote:
will spamhaus-dqs be updated with this? or should I change FreeBSD to
pull this branch?
Yes, it will be updated as soon as the new DBL enters production
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
documented elsewhere?
Hello,
you won't need to remove anything, it should just work (TM)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
to what I wrote before.. I noticed that you are using the
wrong hostname :) The correct one, for the time being and up until the
beta ends, is dbl-beta.spamhaus.org
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
seen in the email body, that are often used as redirectors to
more spammy domains. Doing the rejections your way can unfortunately
only lead to more FPs
The correct way to do it is by checking the URLs in the email body,
either by using our plugin or in some other ways.
--
Best regards,
Riccardo
? Again,
just trying to set my expectations.
We'll follow what is suggested here:
https://datatracker.ietf.org/doc/html/rfc6471#section-3.4
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
live to provide time to ensure these config changes
are made.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
.
We’d love to get your feedback on the beta DBL with hostnames. You can
reach us either in this forum, via our contact form
https://www.spamhaus.com/#contact-form, or on Twitter
https://twitter.com/SpamhausTech.
Thanks for your support!
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
/?domain=libera.chat
Ot at least it is *now* , maybe it comes and goes for some reasons
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
ot blocked in any way,
except if you go over quota.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
at
https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now
for more informations
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
endor spam, but I felt this had to be outlined
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
Please use only the latest github package before submitting bugs.
We are really community focused, but, as already said, we can support
only the latests release
On 07/10/20 15:04, Damian wrote:
That is indeed v1.0.1
It's old, 20190704
--
Best regards,
Riccardo Alfieri
Spamhaus
that be absolutely sure that you are running the latest rules
from:
https://github.com/spamhaus/spamassassin-dqs
We only support the latest version
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
:
urirhssub URIBL_DBL_SPAM .dbl.dq.spamhaus.net. A 127.0.1.2
From what appears in the logs it may be that you have an extra dot
somewhere, possibly before the DQS key
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
of the body with just entire sentences from classic books or
random common words chained.
Just an hypothesis :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
:)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
/modules/spamassassin.html) and have it load all
SA rules too.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
since some malware is using this
approach (ie: Emotet in the past days)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
possible, it must be done with proper testing and communication to all
the parties involved
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
to comply to the name change.
I don't want to enter the discussion about what is good or not, I'm only
concerned that these changes could impact other products in the SA universe
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
or dedicated?
Thanks in advance!
Pedro
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
ot a quote of "hundreds of dollars per
month" for 1000 mailboxes, but it's not really the case if you use DQS.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
turn codes
for that (already included in SpamAssassin):
https://www.spamhaus.org/news/article/788/spamhaus-dnsbl-return-codes-technical-update
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
- Bounceback spamming innocent users
So, no, please don't do that :)
As others suggested, start by upgrading your SA and do some targeted
training to the bayes.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
https://firebasestorage.googleapis.com
I'd say that 99% of them can be catched by a simple regex though, but I
don't know how common those firebasestorage URLs are in normal emails..
I personally have still to see a legit one.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https
could still do prequeue rejections with SpamAssassin if you use a
milter, and if you keep ZEN shortcircuiting I don't think the overall
load avg would increase very much.
Oviously YMMV :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
and/or automatically block accounts if
they exceed a defined threshold of (different_ips per sasl_username) per
hour.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
the zone without updating the serial number, so now if you happen
to hit a resolver that never queried that domain you'll get only
dns[1-2] , while the others will keep the cached response until expiration.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
and that triggers URIBl_SBL.
Jonathan has been given instructions on how to request a removal and
this issue will be likely to be solved as soon as the removal request
comes in.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
network.
It has been like this for at least 4 days that I know of and yes it is
still happening.
This seems to be the case for all spam-assassin users, that is, I
haven’t found anyone using spamassassin that is not getting the same
result
Jonathan
--
Best regards,
Riccardo Alfieri
Spamhaus
somewhere in the local.cf file.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
://cwiki.apache.org/confluence/display/SPAMASSASSIN/StatsAndAnalyzers ?
IIRC, years ago I used the SARE sa-stats.pl on a Zimbra installation, as
it processes amavis logs out of the box (assuming Zimbra still uses amavis)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
e probably added by a wrapper or something like that.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
. eyestrongpro[.]icu
has been listed in DBL for a lot of time now and your installation
should have hit on it.
Check here for hints:
https://cwiki.apache.org/confluence/display/spamassassin/UsingNetworkTests
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
shortcircuit
DBL responses to spam. There are some new functions in SA 3.4.3 that
could help with better sniping, but that's something that has still to come.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
the email as spam (and that's
correct as it checks only the domain).
The recommended way would be to use Clamav signatures, or, if you really
can't, create uri rules based on https://urlhaus.abuse.ch/downloads/csv/
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https
possible to share (via pastebin) the rule I
created to have feedback from the experts...
Hi,
not really SpamAssassin related, but for anyone concerned about Emotet,
I suggest using URLhaus Clamav signatures:
https://urlhaus.abuse.ch/api/#clamav
--
Best regards,
Riccardo Alfieri
Spamhaus T
fault was/is using SA with amavisd, that redefines subject
rewriting in it's own way (maybe it could add scores in subject too out
of the box? Don't know, better RTFM ;) )
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
at I probably missed completely :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
rejections at smtp level with your MTA.
The rest of the checks will take care of what ZEN missed (well, most of
them at least :) )
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
as the latest one, we are in the
process of updating the docs.spamhaustech.com website but it is taking
some time :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
a bug in the plugin?
FYI, this has been solved offlist with Larry's help.
If you use Exim you should download the latest plugin version
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
with the option OLE2BlockMacros
- This package https://github.com/bigio/spamassassin-vba-macro
Or you could patch something up with python oletools
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
mirrors don't
have ZRD and AuthBL.
Think of DQS like an upgrade from the public mirrors that only cost the
time to register :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
On 03/07/19 17:10, David Gibbs wrote:
On 7/3/19 7:54 AM, Riccardo Alfieri wrote:
apparently I missed to write on the documentation that you need also
Perl's List::MoreUtils installed.
And 'Data::Validate::Domain'.
david
That was for an older version of the plugin, it's now not needed
On 03/07/19 16:53, @lbutlr wrote:
On 3 Jul 2019, at 06:54, Riccardo Alfieri wrote:
If you have a debian based distriution, do an
# apt-get install liblist-moreutils-perl
or, if you use something RPM based, the correct command should be
# yum install perl-List-MoreUtils
portmaster lang/p5
-requisites that I'm not aware of?
Thanks,
AJ
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
ge it goes to a blank WP page.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
much help as I can.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
sage by SA)
It's also useful for deep header scanning, just remember to avoid PBL
return codes when you do that :)
AuthBL also proved to be useful and doesn't create FPs even if you
weight it 80% of your required_score
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
afeed-supp...@spamteq.com
[1] https://www.spamhaustech.com/data-access/
[2]
https://www.virusbulletin.com/testing/results/latest/vbspam-email-security
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
Sorry guys, I don't know what happened, my client sent a lot of emails
during drafting :(
Apologies
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
-lastexternal',
'zen.spamhaus.org.', '^127\.0\.0\.[4567]$')
The return code 127.0.0.8 has been dropped a long time ago.
More infos on
https://docs.spamhaustech.com/10-data-type-documentation/datasets/030-datasets.html#xbl
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https
the world,
and it is perfectly legit to find the first public IP in the received
chain to be listed in PBL. You should only reject mail from ZEN if you
use the -lastexternal flag
--
Best regards,
Riccardo Alfieri
Spamhaus Technologies
https://www.spamhaustech.com/
78 matches
Mail list logo
