Re: Sudden surge in spam appearing to come from my email address

mydomain.de itself. Robert Am Freitag, dem 14.07.2023 um 19:28 -0500 schrieb Thomas Cameron: > This kinda raises an important issue. I already have SPF/DMARC/DKIM > set > up. But because I use several mailing lists, I do not have a hard > fail > set up. I get SO many notices when I send

Re: Best practice for adding headers?

f patching spamass-milter > > Agreed, it's not a problem from the technical point of view, as it's not a problem to use the -S option to call something else which is not sendmail (that's what I am doing right now). It's more a matter of, well, cosmetics or aesthetics... Regards, Robert -- Robert Senger

Re: Best practice for adding headers?

ms), it should be easy to add such an option to spamass-milter. Regards, Robert -- Robert Senger

Re: Best practice for adding headers?

Am Sonntag, dem 09.07.2023 um 19:23 +0200 schrieb David Bürgin: > Hello Robert, > > > Now, I am a bit uncertain about what would be the best practice for > > a > > milter to place its headers. > > > > I've patched spamass milter to let any previously

Re: Share bayes database between servers

Am Sonntag, dem 09.07.2023 um 19:21 +0200 schrieb Reindl Harald: > > > Am 09.07.23 um 19:06 schrieb Robert Senger: > > But bayes data may be updated by either the primary mx or the > > backup > > mx, since email may arrive at either server. > > in a smart setup

Best practice for adding headers?

eaders in place if their names match those spamass-milter uses. What do you think? Robert Am Mittwoch, dem 05.07.2023 um 01:38 +0200 schrieb Robert Senger: > Hi all, > > is there a reason why spamassassin adds its "X-Spam ..." headers to > the > bottom of the header

Share bayes database between servers

, with priority in dns set to equal for both mx to get incoming mail distributed evenly to both systems. So far, this seems to work, but this is a low load environment. Any suggestions? Regards, Robert -- Robert Senger

Re: Position of X-Spam headers

use later filtering (e.g. sieve) with multiple "X-Spam-Flag" headers with possibly contradictory results. However, it should be easy to patch spamass-milter to keep existin headers intact. -- Robert Senger

Re: Position of X-Spam headers

Am Mittwoch, dem 05.07.2023 um 10:20 +0200 schrieb Matus UHLAR - fantomas: > On 05.07.23 04:38, Robert Senger wrote: > > Thanks for the hint that the milter is responsible for that. Found > > a > > little patch for spamass-milter that fixed this. > > note that th

Re: Position of X-Spam headers

Thanks for the hint that the milter is responsible for that. Found a little patch for spamass-milter that fixed this. Regards, Robert Am Dienstag, dem 04.07.2023 um 19:45 -0400 schrieb Jared Hall: > On 7/4/2023 7:38 PM, Robert Senger wrote: > > is there a reason why spamassassin ad

Re: Position of X-Spam headers

Hi Jared, I am using spamass-milter. Robert Am Dienstag, dem 04.07.2023 um 19:45 -0400 schrieb Jared Hall: > On 7/4/2023 7:38 PM, Robert Senger wrote: > > is there a reason why spamassassin adds its "X-Spam ..." headers to > > the > > bottom of the header block,

Position of X-Spam headers

Hi all, is there a reason why spamassassin adds its "X-Spam ..." headers to the bottom of the header block, not to the top like every other mail filtering software (e.g. opendkim, opendmarc, clamav ... ) does? Can this behavious be changed? Regards,  Robert -- Robert Senger

Re: 4.0.0 noisier than earlier releases?

your browser at http://www.perl.org/, the Perl Home Page. > On May 15, 2023, at 8:52 PM, Robert Nicholson wrote: > > Subroutine NetAddr::IP::STORABLE_freeze redefined at > /usr/local/lib64/perl5/NetAddr/IP.pm line 365.

Exim errors related to the SpamAssassin?

So the exim error I see is something like this 2023-05-17 13:16:14 1pyvlo-0006AM-0v internal problem in userforward router (recipient is elast...@lhvm02.lizardhill.com): failure to transfer data from subprocess: status=0100 readerror='No such file or directory’ Now the userforward filter I

4.0.0 noisier than earlier releases?

I remember writing in the past about what I saw in the debugger when running SA 3.4.6 It seems that 4.0.0 seems even noisier. Again this is my programmatically calling SpamAssassin in a perlscript. I’ve checked and I didn’t find any other version of NetAddr::IP in the @INC Subroutine

4.0.0 noisier than earlier releases?

I remember writing in the past about what I saw in the debugger when running SA 3.4.6 It seems that 4.0.0 seems even noisier. Again this is my programmatically calling SpamAssassin in a perlscript. I’ve checked and I didn’t find any other version of NetAddr::IP in the @INC Subroutine

Updated from 3.4.0 to 3.4.6 very noisy debug output.

I just updated from 3.4.0 to 3.4.6 and the output in perl debugger when I programmatically using SA is quite noisy. Where can I find 3.4.1 etc so I can incrementally update from 3.4.0 so I can see where the dramatic change is coming from? When I use my script in the debugger from 3.4.0 there

Re: Website "help" spams

So far so good. 16 messages marked as spam over the last 12hr and one got through. Can I send the one that got through to somebody anonymously? On Fri, Jul 30, 2021 at 6:18 AM Kevin A. McGrail wrote: > > Lol and Thanks :-) The key thing you are seeing I would guess is our RBL. > We took it

Re: Process of domain submission for inclusion in 60_whitelist_auth.cf

significant differences in list hygiene, sending frequency, etc. But the spam score bonus of 7.5 remains nailed down all the time! In short, I would recommend considering removing the DKIM and SPF whitelists in Spamassassin altogether. It would make the spam-fighting world a better and fairer place!

Process of domain submission for inclusion in 60_whitelist_auth.cf

In which form can one submit the subdomain of a mail sender for the integration in 60_whitelist_auth.cf. Which information is required for consideration? Thank you! Best, Robert

Re: OT: "...value judgement"

Am 21.07.20 um 21:07 schrieb Bill Cole: On 21 Jul 2020, at 14:06, Grant Taylor wrote: On 7/21/20 11:56 AM, Bill Cole wrote: All answers: "NO!" In those cases, "black" and "white" all reference actual colors of physical things, not a metaphorical value judgment. Hum.  Your "value judgement"

Re: Spamass milter question

Am 27.05.20 um 18:35 schrieb @lbutlr: What, if any, local SpamAssassin settings does spams-milter use when processing incoming mail? For example, if I wanted to white list a sender or blacklist a domain, would the general settings in /usr/local/etc/spamassasin/local.cf be the place? I am

Re: From Spoofed

On 2/26/20 9:54 AM, Bill Cole wrote: On 26 Feb 2020, at 10:16, Robert A. Ober wrote:  don't participate because I'm just good enough to maintain my customers email servers, Which puts you in the top 99.999th percentile of email server skills worldwide! –– Ha

Fwd: Re: From Spoofed

, Robert Forwarded Message Subject:Re: From Spoofed Date: Wed, 26 Feb 2020 08:34:16 -0600 From: Robert A. Ober To: David B Funk On 2/25/20 9:04 PM, David B Funk wrote: On Wed, 26 Feb 2020, Benny Pedersen wrote: Robert A. Ober skrev den 2020-02-26 02:28: I have

From Spoofed

spamassassin catches it and it and sends it to the spam folder. Ideas? Thanks, Robert Robert A. Ober IT Consultant, Vidcaster, & Freelancer www.infohou.com Houston, TX

Re: URIBL_SBL_A - Spamhaus false positive..

cklist * [URIs: fluent.ltd.uk] * 1.6 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL * blocklist * [URIs: fluent.ltd.uk] -- Best regards, Robert Braver rbra...@ohww.norman.ok.us

Custom DMARC_FAIL rule

ication score DMARC_NONE 0.001 Any suggestions for setting up DMARC custom rules appreciated. -- Robert

Re: Forgery with SPF/DKIM/DMARC

nks. -- Robert

Forgery with SPF/DKIM/DMARC

: <860909106225419267.2007038e08376...@company.com> Subject: OVERDUE INVOICE Could someone suggest a rule to match the signature with the last From email or envelope from? Or another suggestion how this could be resolved. Thanks! -- Robert

FSL_BULK_SIG still active?

Hi, everyone Pls... Is this still an active spamassassin test? header __FSL_HAS_LIST_UNSUB exists:List-Unsubscribe meta FSL_BULK_SIG ((DCC_CHECK || RAZOR2_CHECK || PYZOR_CHECK) && !__FSL_HAS_LIST_UNSUB) describe FSL_BULK_SIG Bulk signature with no Unsubscribe Had some

Lots of money, score of 0??

Guys, Do you usually tune up Lots of money rule? Strange, our spamassassin/EFA scores 0 and false negative. Imho it should score at least something, few people would write Million dollars in an email, why not add up score? LOTS_OF_MONEY 0.00 See https://pastebin.com/dY6iFeYL Thanks! Rob

razor?

Hi, everyone Just wondering, whats your thoughts on Razor? Havent analysed big amount of emails yet, but Ive had a few cases where it causes very strange false positives that make no sense. and adds a lot of points... RAZOR2_CF_RANGE_51_100 0.36, RAZOR2_CF_RANGE_E8_51_100 2.43, RAZOR2_CHECK

catching a dot in the number of a rule

Hi, masters! I know [1-9]{1,5} spreadsheets catches somnething like 23244 spreadsheets What about 23.244 spreadhseets? How to make the rule consider a dot in the number? Thank you! Rob

No message ID

0.1]:10024, delay=2.6, delays=1.4/0/0/1.2, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=49762-03, from MTA: 250 2.0.0 Ok: queued as EFB09D7E9D) Nov 8 13:08:30 mx2 postfix/qmgr[915]: C9795D7E7D: removed -- Robert

Re: new campaign: bitly & appengine.google

A. McGrail < kevin.mcgr...@mcgrail.com> wrote: > I'll check but nothing jummps out as an issue. Ping me next Wednesday. > > > On 9/14/2017 10:18 AM, Robert Kudyba wrote: > > A few less now, so these are ok to ignore? > > spamassassin -D --lint 2>&1 | grep -Ei '(fa

Re: Ends with string

of URI. uri __TEST_URLS /\b(\.vn|\.pl|\.my|\.lu|\.vn|\.ar)\b/i I believe this does it, correct? uri __TEST_URLS /\b(\.vn$|\.pl$|\.my$|\.lu$|\.vn$|\.ar$)\b/i Thanks. Rob 2017-09-08 14:03 GMT-03:00 Kevin A. McGrail <kevin.mcgr...@mcgrail.com>: > On 9/8/2017 12:24 PM, Robert Boyl wrote: &

Re: new campaign: bitly & appengine.google

some rules are internal use only so if it's a > warning, don't be too concerned. > > Regards, > KAM > On 9/14/2017 9:57 AM, Robert Kudyba wrote: >>> > i have lost the url for kam.cf :( >>> >>> https://urldefense.pro

Re: new campaign: bitly & appengine.google

> > i have lost the url for kam.cf :( > >

Ends with string

Hello, everyone! Is there a way to create a Spamassassin rule that checks for a certain URL suffix such as .ru but makes sure it has to be at the end of the URI? Ends with string. Thanks! Rob

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

> On Jul 17, 2017, at 11:01 AM, Tom Hendrikx <t...@whyscream.net> wrote: > > On 17-07-17 16:39, Robert Kudyba wrote: >> >>> On Jul 17, 2017, at 10:28 AM, Tom Hendrikx <t...@whyscream.net >>> <mailto:t...@whyscream.net>> wrote: >>> &g

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

> On Jul 17, 2017, at 10:28 AM, Tom Hendrikx <t...@whyscream.net> wrote: > > On 17-07-17 16:00, Robert Kudyba wrote: >> >>> On Jul 17, 2017, at 9:39 AM, Antony Stone >>> <antony.st...@spamassassin.open.source.it >>> <mailto:antony.st...@spam

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

> On Jul 17, 2017, at 9:39 AM, Antony Stone > <antony.st...@spamassassin.open.source.it> wrote: > > On Monday 17 July 2017 at 14:25:17, Robert Kudyba wrote: > >>> On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas <uh...@fantomas.sk> > wrote: >>

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

> On Jul 14, 2017, at 4:00 AM, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > >> Robert Kudyba <rkud...@fordham.edu> wrote: >>> Over the past few days sending mail via SquirrelMail has become glacial. >>> The load on the server is under 1. I've r

Re: reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

> n*5s delay *may* indicate unresponsive DNS host(s)/resolver(s) in /etc/hots > [ at least it should be ruled out ] > Nah both are university DNS servers that are current. > > How long does it take to get SMTP greeting message when you start > "/usr/sbin/sendmail -bs" as a non root user? > [ Is

reason why sendmail w/ SA3.4.1 scantime=15.0, delay=00:01:06 w/ SquirrelMail?

Over the past few days sending mail via SquirrelMail has become glacial. The load on the server is under 1. I've restarted the SA, sendmail and dovecot processes several times. Here are some logs I can provide any settings if desired. Jul 13 23:03:24 storm sendmail[14504]: v6E33EOQ014504:

Re: mail slipped by with forged/spoofed from: in our domain

> I don't believe sendmail has any default setting for rejecting HELO names. > You should probably add "localdomain" to your access table. > Yep been like this for years: # By default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost

Re: mail slipped by with forged/spoofed from: in our domain

> On Jun 19, 2017, at 4:02 PM, Kevin A. McGrail <kevin.mcgr...@mcgrail.com> > wrote: > > On 6/19/2017 3:27 PM, Robert Kudyba wrote: >> >> Well this user has his sendmail account from our subdomain forward to his >> university Gmail account so that’s

Re: mail slipped by with forged/spoofed from: in our domain

> The biggest issue I see is the SPF approval: > ARC‐Authentication‐Results: i=1; mx.google.com; > >spf=pass (google.com: best guess record for domain of > le...@cis.fordham.edu designates 150.108.68.26 > as permitted sender) > > Perhaps a compromised

mail slipped by with forged/spoofed from: in our domain

We use sendmail-8.15.2-8.fc25 on Fedora 25 with spamassassin-3.4.1-9. Can anyone explain how this email got through with a forged from: address? https://pastebin.com/L7NKCK3E The 1st received IP is not on any real time blacklist as of this moment: Received: from

Re: version 3.4.1 with block TLD

> On Jun 12, 2017, at 9:44 PM, Joseph Brennan <bren...@columbia.edu> wrote: > > > > --On June 8, 2017 at 12:07:43 PM -0400 Robert Kudyba <rkud...@fordham.edu> > wrote: > > I would like >> to block *@*.us but allow the cities and schoo

Re: version 3.4.1 with block TLD

> i just upgrade to the lates version 3.4.1, > > understand this version help to combat top level domain spam mail. > > > so how to block some of the domain , using black_list or custom rules ? > > black_list_from *@*.top > black_list_from *@*.us > > or > > custom rules ? There was a

Re: lots of missed spam/false negatives from .info TLD being marked with URIBL_RHS_DOB

> For the past few days lots of missed spam has been getting through, running >>> SA 3.4.1 on Fedora 25 with sendmail. I see that they are being tagged with >>> URIBL_RHS_DOB, i.e., domains registered in the last five days. Since we >>> are not running our own DNS server (yet--need permission

lots of missed spam/false negatives from .info TLD being marked with URIBL_RHS_DOB

For the past few days lots of missed spam has been getting through, running SA 3.4.1 on Fedora 25 with sendmail. I see that they are being tagged with URIBL_RHS_DOB, i.e., domains registered in the last five days. Since we are not running our own DNS server (yet--need permission from our CISO)

Re: URIBL_BLOCKED on 2 Fedora 25 servers with working dnsmasq, w/ NetworkManager service

> > Wiki page updated and simplified. > > https://wiki.apache.org/spamassassin/CachingNameserver For Fedora, since NetworkMangler (as many are fond to call it) is enabled by default it might be worthwhile to mention this comment at, but note that /etc/resolv.conf will be managed by

Re: URIBL_BLOCKED on 2 Fedora 25 servers with working dnsmasq, w/ NetworkManager service

On May 18, 2017 5:11 PM, "Reindl Harald" <h.rei...@thelounge.net> wrote: Am 18.05.2017 um 23:05 schrieb Robert Kudyba: > > On May 18, 2017, at 4:41 PM, David Jones <djo...@ena.com > djo...@ena.com>> wrote: >> >> From: Robert Kudyba &l

Re: URIBL_BLOCKED on 2 Fedora 25 servers with working dnsmasq, w/ NetworkManager service

> On May 18, 2017, at 4:41 PM, David Jones <djo...@ena.com> wrote: > >> From: Robert Kudyba <rkud...@fordham.edu> > >>> Am 18.05.2017 um 22:30 schrieb Reindl Harald: >>>> "with working dnsmasq" says all - DNSMASQ DON'T DO RECURSION -

Re: URIBL_BLOCKED on 2 Fedora 25 servers with working dnsmasq, w/ NetworkManager service

> Am 18.05.2017 um 22:30 schrieb Reindl Harald: >> "with working dnsmasq" says all - DNSMASQ DON'T DO RECURSION - IT CAN#T >> you are forwarding to some other nameserver and you are not the only one But the nameserver I’m forwarding to is in our university. > /etc/resolv.dnsmasq > search

URIBL_BLOCKED on 2 Fedora 25 servers with working dnsmasq, w/ NetworkManager service

I know this has been covered before, e.g., https://lists.gt.net/spamassassin/users/198845/?page=1;mh=-1; & https://lists.gt.net/spamassassin/users/199135 as well as off list at Ubuntu at https://serverfault.com/questions/644707/uribl-blocked-on-ubuntu-14-04-server-with-working-dnsmasq. Here’s

Re: Strict/Relaxed DKIM alignment possible with SA?

17 12:46, Thore Boedecker wrote: >> I have played around with it and SA is not performing actual SPF >> queries/validations due to the use of spampd on localhost as a proxy. > > that's why I recommended trying policyd-spf on valhalla.nano-srv.net > - it could be a

Re: sa-compile will not configure

servers with all female names our other location has all male names. Ian Zimmerman wrote: On 2017-04-20 17:31, Robert Steinmetz AIA wrote: thelma@thelma:~$ echo $PATH BTW, do you have any connection to the Thelma who's asking a constant stream of close-to-newbie questions in the Gentoo user

Re: sa-compile will not configure

Apr 2017, at 16:16, Robert Steinmetz AIA wrote: Thank you Bill, That has given me a clue. I ran the commands below: thelma@thelma:~$ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:/usr/local/games:/snap/bin thelma@thelma:~$ ls -ld /usr/local

Re: sa-compile will not configure

Reindl Harald wrote: just ask your distribution how they broke your environment this is *not* a spamassassin issue and all the stuuf you do abvoe is not supposed to make things better - how do you imagine "I deleted the /usr/bin/X11 link

Re: sa-compile will not configure

Thank you Bill, That has given me a clue. I ran the commands below: thelma@thelma:~$ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:/usr/local/games:/snap/bin thelma@thelma:~$ ls -ld /usr/local/sbin drwxr-xr-x 2 root root 48 Mar 11 2007

Re: Spam from .br TLDs

Am 20.04.2017 um 15:57 schrieb RW: > On Wed, 19 Apr 2017 17:37:42 +0200 > Heinrich Boeder wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> >> Hi all, >> >> I tried the Ruleset Robert Schetterer suggested but I still get Sp

Re: sa-compile will not configure

Title: Signature Robert Steinmetz wrote: Responding to my own post with new information. I think I've confirmed that the problem is the $PATH, or the perl equivalent. I added the full path name where the specific commands were called and that removed

Re: Spam from .br TLDs

ls in > Portuguese Language? > > Cheers, > > - heinrich > > key: 0xC15DAD56 -- 363D 5BC3 9C45 9D09 3D78 1C28 DB68 F047 C15D AD56 > http://www.lafraia.com.br/spambr/ no idea if they are working fine Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30

Re: sa-compile will not configure

Ian Zimmerman wrote: On 2017-04-18 10:17, Robert Steinmetz wrote: tty is in /usr/bin But it is stty, not tty, which fails to be found. And stty is (normally) in /bin. So it looks a lot like /bin (and probably /sbin) is missing from the PATH. Yes thanks stty is in /bin This could

Re: sa-compile will not configure

Title: Signature RW wrote: On Mon, 17 Apr 2017 16:37:35 -0400 Robert Steinmetz wrote: I upgrades my working Ubuntu 14.04 LTS to 16.04 LTS SpamAssassin version 3.4.1. Something happened during the upgrade and I ma now unable to get sa-compile

sa-compile will not configure

I upgrades my working Ubuntu 14.04 LTS to 16.04 LTS SpamAssassin version 3.4.1. Something happened during the upgrade and I ma now unable to get sa-compile to configure properly. Here is the message root@thelma:~# dpkg --configure sa-compile Setting up sa-compile (3.4.1-3) ... Running

Re: Yahoo - Can't figure out a server is down?

erver. >> >> The concept being that some spammers attempt that server, get nothing >> and don't bother trying any other server. >> >> This has been fine for a decade. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64

Re: Filtering outbound mail

traffic ,action should be taken etc ,such exists but not as freeware and for sure it must be fitted to your needs Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein

Re: Useful and simple script to reduce high spam load at mta level, what do you think

012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/ but this solutions may not fit exact to "your" problem fail2ban is a good well tested solution so you should always decide by deep log analysis which way to go Best Regards MfG Robert Schetterer -- [*] sys4 AG http

Re: Greymail and marketing junk

Am 30.09.2016 um 11:35 schrieb Robert Schetterer: > Am 30.09.2016 um 02:28 schrieb Alex: >> Hi all, >> >> Has anyone given any thought to special rules or methods designed to >> catch greymail? That is, mail that perhaps may be opt-in, but abusive, >> like marke

Re: Greymail and marketing junk

ed domains. At the end ,at a server with many different users you will see that some marketing is really wanted by some users, but others like to see it so best way for this are users own white/blacklists after you filtered the most bad things global. Best Regards MfG Robert Schetterer -- [*] sys

Re: backport 3.4.0 Ubuntu 12.04 TLS

Am 16.09.2016 um 13:41 schrieb Marcus Schopen: > Hi Robert, > > Am Freitag, den 16.09.2016, 13:02 +0200 schrieb Robert Schetterer: >> Am 16.09.2016 um 12:48 schrieb Marcus Schopen: >>> Hi Patrick, >>> >>> Am Donnerstag, den 15.09.2016, 22:02 -0400 schr

Re: backport 3.4.0 Ubuntu 12.04 TLS

ub/5219815/+listing-archive-extra > > H ... do you think better backporting 3.4.1 from Xenial? Does it run > on Ubuntu 12.04 LTS and 14.04 LTS? > > Ciao! > > tested and running with recompile debian way 3.4.1 from wily 15.04 does run in 14.04 Best Regards MfG Robert

block attachments via plugin

Hi, guys Recently I saw this. http://jrs-s.net/2013/06/14/block-common-trojans-in-spamassassin/ My idea was to create a rule in the way mentioned in this site, such as, for example, certain attachment file type (such as HTML or ZIP) and a certain subject, score the message. The rule works. But

Re: Possible ignore CRLF?

cewarp can catch even with the CR LF. If I remove the CR LF my qmail catches it (SA). http://pastebin.com/gyeDcA3H Thanks Rob 2016-08-26 10:50 GMT-03:00 Axb <axb.li...@gmail.com>: > On 08/26/2016 03:46 PM, Robert Boyl wrote: > >> Hi, everyone! >> >> Just cur

Possible ignore CRLF?

Hi, everyone! Just curious if anyone has had this issue before. We have a customer SA rule that catches certain text "se voce nao deseja mais receber..." We have an icewarp mail server where our rule hits just fine, DESPITE a CRLF after word "SE". See imagem showing that CRLF

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 04.08.2016 um 22:30 schrieb Chris: > Greylisting is just one of several tools available to a system > administrator for filtering out spam as multiple described it does not Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße

detect if html attachment without plugin

Hi, everyone Quick question. We have a Spamassassin installation where the mail servers implementation doesnt permit any SA plugins, so I cant use Plugin::MIMEHeader or the such. To be able to detect that an email has an HTML attachment, such as this message: http://pastebin.com/raw/TieFEiZi I

scan an HTML file, possible?

Hi, everyone I have a very nice regex a friend passed me that catches those emails that have an HTML attached with a redirect html command to some malefic website. He has some tool in Exim that scans text in attachments. But I wanted to use a spamassassin rule. Is there some plugin/way in

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

handed over from postcreen to the smtpd > process after a client has passed the tests > you may use a complete postfix server including postscreen etc "before" sendmailbut then it might better to simply change to postfix in total, but such setups are often use with MS exchange Be

eval:check_uridnsbl to check subdomains

/spamassassin/users/194077 How can I make it work with subdomains also? Perhaps adapt the plugin? Or use some other plugin that is able to check subdomains and doesnt cap them off? Thanks a lot, Robert

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 30.07.2016 um 13:10 schrieb Kim Roar Foldøy Hauge: > On Sat, 30 Jul 2016, Robert Schetterer wrote: > >> Am 30.07.2016 um 03:34 schrieb Reindl Harald: >>> >>> >>> Am 29.07.2016 um 22:48 schrieb Dianne Skoll: >>>> On Fri, 29 Jul 2016 22:39:1

Re: Is greylisting effective? (was Re: Using Postfix and Postgrey - not scanning after hold)

Am 30.07.2016 um 03:34 schrieb Reindl Harald: > > > Am 29.07.2016 um 22:48 schrieb Dianne Skoll: >> On Fri, 29 Jul 2016 22:39:15 +0200 >> Robert Schetterer <r...@sys4.de> wrote: >> >>>> I don't use postfix or postscreen. >>> hm.. that d

Re: Using Postfix and Postgrey - not scanning after hold

Am 29.07.2016 um 22:22 schrieb Dianne Skoll: > On Fri, 29 Jul 2016 22:21:04 +0200 > Robert Schetterer <r...@sys4.de> wrote: > >> now compare with pure postscreen > > I don't use postfix or postscreen. hm.. that does not fit the subject..why did you involved

Re: Using Postfix and Postgrey - not scanning after hold

informative > > >> On Jul 29, 2016, at 1:28 PM, Robert Schetterer <r...@sys4.de >> <mailto:r...@sys4.de>> wrote: >> >> the subject Using Postfix and Postgrey - not scanning after hold >> does not match spamassassin list theme >> >> howev

Re: Using Postfix and Postgrey - not scanning after hold

Am 29.07.2016 um 22:15 schrieb Dianne Skoll: > On Fri, 29 Jul 2016 21:13:56 +0200 > Robert Schetterer <r...@sys4.de> wrote: > >> so i.e measure mails tagged as spam by spamassassin >> with pure greylisting setup running before tagging ,perhaps for one >> week, t

Re: Using Postfix and Postgrey - not scanning after hold

Am 29.07.2016 um 20:45 schrieb Dianne Skoll: > On Fri, 29 Jul 2016 20:36:51 +0200 > Robert Schetterer <r...@sys4.de> wrote: > >> Am 29.07.2016 um 20:07 schrieb Dianne Skoll: >>> I don't agree. Greylisting done properly is very effective and has >>> mi

Re: Using Postfix and Postgrey - not scanning after hold

ver years, if you use postscreen you will see greylisting rate will go down to a minimal need, however if done right you can still always combine both can we now return to spamassassin here and get that theme to the postfix list ? Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de

Re: Using Postfix and Postgrey - not scanning after hold

e perfect smtp code these days greylisting has lost his effectiveness widly, so depending on your server it makes no sense to use it anymore content filter like spamassassin are "expensive" always "try" to get them at a very last stage in you filter chain best practise con

Re: Fwd: too many missed spams/false negatives w/ SA 3.4.1 on sendmail, help w config?

> > :0: > * ? formail -x"From:" -x"From" -x"Sender:" | egrep -is -f $HOME/.whitelist > $ORGMAIL > >>>I assume you checked his explicit whitelisted senders file Indeed only 2 addresses: redac...@comcast.net redac...@pegasus.rutgers.edu >>> > :0fw: > | /usr/bin/spamc > ... :0fw:

Re: too many missed spams/false negatives w/ SA 3.4.1 on sendmail, help w config?

sin-spamc.rc # send mail through spamassassin :0fw | /usr/bin/spamc On Sat, Jul 23, 2016 at 9:31 PM, Robert Kudyba <rkud...@fordham.edu> wrote: > Sorry forgot to reply all. > > Sendmail has a .mc file which creates a .cf file here's ours: > > include(`/usr/share/s

Re: too many missed spams/false negatives w/ SA 3.4.1 on sendmail, help w config?

Jul 23, 2016 at 8:55 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > STAY ON LIST > > Am 24.07.2016 um 02:50 schrieb Robert Kudyba: > >> OK then the next question is why would some messages not be getting >> scanned whilst others are? What else can I check? C

Fwd: too many missed spams/false negatives w/ SA 3.4.1 on sendmail, help w config?

We have a user who has about a 50% missed rate on spam detection. I'm wondering if his user prefs or something is preventing scanning of all messages? SpamAssassin version 3.4.1, running on Perl version 5.20.3, sendmail Version 8.15.2 The contents of the user_prefs file: # How many points

Re: Using Postfix and Postgrey - not scanning after hold

ke spamassassin have high "costs", so make sure to reject as most as possible by other stuff before pass to spamassassin. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amts

Re: SPF should always hit? SOLVED

Robert Fitzpatrick wrote: Joe Quinn wrote: On 6/9/2016 11:23 AM, Robert Fitzpatrick wrote: Excuse me if this is too lame a question, but I have the SPF plugin enabled and it hits a lot. Should SPF_ something hit on every message if the domain has an SPF record in DNS? Furthermore, a message

Re: SPF should always hit?

Joe Quinn wrote: On 6/9/2016 11:23 AM, Robert Fitzpatrick wrote: Excuse me if this is too lame a question, but I have the SPF plugin enabled and it hits a lot. Should SPF_ something hit on every message if the domain has an SPF record in DNS? Furthermore, a message found as Google phishing did

SPF should always hit?

. Not sure if it would fail anyway if the envelope from is the culprit? -- Robert

  1   2   3   4   5   6   7   8   9   10   >