. Here is
one of the headers with my addresses redacted:
The odd headers change on each run. You should be able to catch them
with Bayes.
Regards,
-sm
custom_med
adsp_override yahoo.com.au custom_med
adsp_override yahoo.com.br custom_med
adsp_override yahoo.com.cn custom_med
adsp_override yahoo.com.hk custom_med
...
I did a quick verification. The above domains do not publish an ADSP record.
Regards,
-sm
that there is any violation of the specification.
Regards,
-sm
to add with
ESMTP to the received headers.
The following is about ESMTP:
For instance, servers MUST support the EHLO command even if they do
not implement any specific extensions and clients SHOULD preferentially
utilize EHLO rather than HELO.
Regards,
-sm
At 11:07 24-02-2013, Kevin A. McGrail wrote:
I'm referring to other RFCs such as 1651 which says:
That's an obsoleted RFC. It might be better to refer to RFC 5321
(Section 4.4) for information about the Received: header.
Regards,
-sm
that rule.
Regards,
-sm
At 16:44 20-11-2012, Matt wrote:
authenticated SMTP to relay not? Is there a way in apache .htaccess
to block access based on xbl.spamhaus.org? I want to block exploited
IP's from webmail etc as well.
http://www.lucaercoli.it/mod_spamhaus.html
Regards,
-sm
,
-sm
/spamassassin/EnvelopeSenderInReceived
Regards,
-sm
as responsibility of free
services that hold user-created documents.
Regards,
-sm
positives. You might be able to do some scoring
instead of blacklisting.
Regards,
-sm
** 192.168.0.69, 17549-
173.45.100.146, 53 (from COM1 Outbound)
You can create the zones mentioned in
http://tools.ietf.org/html/draft-ietf-dnsop-default-local-zones-15
Regards,
-sm
the country, you can put in a
score for such a rule. You may have to allow some exceptions (e.g.
by domain name).
Regards,
-sm
At 05:18 17-06-10, Matt Kettler wrote:
The best docs would be the RFC standards:
RFC 2822 Internet Message Format
RFC 822 (obsoleted by above, but sometimes useful for understanding the
history of the format, making intent clearer.)
RFC 2822 obsoleted by RFC 5322.
Regards,
-sm
At 10:18 20-04-10, LuKreme wrote:
I got a mail from Paypal, but it is not FROM paypal, but it appears
to have passed DKIM
If it passed DKIM and it is signed by info.paypal.com, it's from Paypal.
Regards,
-sm
in the format *-l...@.* or other
common mailing list address formats. It wouldn't catch all of them, I'm
sure (m...@gnome.org, for example), but it might help.
There isn't a reliable way to identify mailing list addresses.
Regards,
-sm
also saw a few links to
personal pages at space.net, but they're long gone.
There is experimental support for MTAMARK in a well-known MTA. The
proposal had less exposure than SPF.
Regards,
-sm
is not a good idea.
Sign up for feedback loops. Rate limit mail submissions or set up
triggers to identify abnormalities. You may also wish to do traffic
flow analysis to see what's going through your network.
Regards,
-sm
positive... I
can't let a user thinking we sent his mail when we wrongly dropped it.
I am not talking about dropping mail. False positives _will_ happen.
Regards,
-sm
rules into sendmail, so SA is my avenue of choice.
Having a rule in sendmail is less work.
Regards,
-sm
to you. :-)
Regards,
-sm
At 10:27 28-07-2009, Charles Gregory wrote:
:0fw
* ^(To|Cc):.*(use...@spamassassin|spamassassin.users)
| /usr/bin/formail -IReply-To: users@spamassassin.apache.org
Match on the List-Id: header instead of the To: or Cc:.
Regards,
-sm
/keyword spam filter called
filter.plx ( http://spamassassin.apache.org/prehistory/ ). I don't
know whether the patent about enhancing touch and feel on the
Internet is related to your questions.
Regards,
-sm
that for webpages. As the system
is compromised, you cannot rely on the scan.
Any ideas where to look for such a beast /or a mailing list that
deals with this type of issue?
Search for tripwire.
Regards,
-sm
not familiar with?
Did you mean Sender: header instead of Subject: header? Multiple
addresses rarely appear in the From: header. It's better to have a
rule for the multiple addresses in the Sender: header if you are
receiving a lot of spam with the above headers.
Regards,
-sm
so that you can be spammed. :-) If you
are running mailing lists, don't whitelist those domains. That also
applies if you don't want to be spammed by those domains.
Regards,
-sm
/%3cac9ad70907041849m735b0b68mb0909b83216b0...@mail.gmail.com%3e
)
Regards,
-sm
.
Regards,
-sm
?
The message was sent by a mailing list subscriber to a list which
generally discusses about spam. It scored 4.0 on Apache.org.
Why is the message obvious spam? What rules would you recommend to catch it?
Regards,
-sm
)
describe NO_RESENT_MAIL Meta: please dont resend mail to maillists
score NO_RESENT_MAIL 3.0
if i cant fix others problems but imho apache.org need the above :)
Nice. The above rules cannot be applied for all apache.org traffic
as it's not only for mailing lists.
Regards,
-sm
)
The end if should not be in the describe line. Add endif after
the describe line to close the ifplugin condition.
See
http://mail-archives.apache.org/mod_mbox/spamassassin-users/200906.mbox/%3cpine.lnx.4.64.0906020849430.10...@mercury.impsec.org%3e
Regards,
-sm
/mail/spamassassin/jp.cf: if plugin
(Mail::SpamAssassin::Plugin::MIMEHeader)
Tar the jp.cf file and send it to me off-list.
Regards,
-sm
At 22:59 18-06-2009, Chip M. wrote:
Here's a dump of the complete Countries routes of your samples
(frequency first, then square brackets around the IP immediately
outside your own network):
2 [France], Nigeria
Do you really get such emails from Nigeria? :-)
Regards,
-sm
or Hong Kong won't help that much because
of the mode of operation of these senders.
One of the advantages of SpamAssassin is that it doesn't use one
specific rule to detect spam. If you rely on one specific rule only,
it will be subverted.
Regards,
-sm
At 17:26 19-06-2009, RW wrote:
The last hop into the internal network is rarely from Nigeria, but I
find it turns up in X-Spam-Relay-Countries in about 9% of my own spam.
Can you send me a sample of the email headers off-list?
Regards,
-sm
At 05:08 16-06-2009, McDonald, Dan wrote:
Altering message bodies might break gpg|pgp signatures, but not DKIM.
It generally invalidates the DKIM signature.
This mailing list does not use Mailman.
Regards,
-sm
rules, you would have to render
the content before passing the modified message to SpamAssassin.
Regards,
-sm
.
Regards,
-sm
Hi John,
At 06:50 08-05-2009, John Hardin wrote:
I suspect the sender is timing out waiting for the 250 OK after
sending the message, hence my (humorous) 100 Please hold...
suggestion. (Jeeze, SM, lighten up!)
There has already been such a proposal. Someone might take your
humorous
At 13:15 07-05-2009, John Hardin wrote:
Heh. Does the SMTP protocol need a 100 Please hold... reply?
No. Fix the mail server instead of the protocol.
Regards,
-sm
character for a hostname. The example you gave is not a hostname.
Regards,
-sm
.
The following rule may help. You'll need the ImageInfo plugin.
body PNG_200_400 eval:image_size_range('png', 200, 400, 250, 450)
describe PNG_200_400 Contains png 200-250 x 400-450
score PNG_200_400 0.1
Adjust the score to fit your needs.
Regards,
-sm
, there is a larger problem if there are hacked
accounts available on the sending network and on your network.
Regards,
-sm
of expiration date?
Who knows? It will be interesting to see whether the rules are
included in a SpamAssassin distribution.
Regards,
-sm
money to a site with a domain
owner hidden by the Whois privacy registration? :-) Some antispam
offers are big and easy money as there's always somebody ready to pay
or to jump on the bandwagon because it is free.
Regards,
-sm
any spam
You can use BATV. You must then submit all messages for the domain
through a mail server that supports BATV.
Regards,
-sm
URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
Do a DNS test for a non-existent hostname. If you receive an answer,
switch to a name server (you can run one locally) that provides
genuine replies.
Regards,
-sm
. That is usually done by email.
Regards,
-sm
as there is less
overhead. The downside is that you will get more false positives.
Regards,
-sm
At 17:20 02-03-2009, J.D. Falk wrote:
(BTW, a quick visit to your favorite search engine should alleviate
any fears that either Neil or I are marketers.)
I can confirm that J.D. is not in marketing.
He did not top-post or send his message in HTML format. :-)
Regards,
-sm
and the rules that message hit.
Regards,
-sm
.
Regards,
-sm
,
-sm
At 23:16 21-02-2009, Benny Pedersen wrote:
why does a smtp server have dynamic hostname alike in the first place ?
What is a dynamic hostname?
Regards,
-sm
At 01:20 22-02-2009, Benny Pedersen wrote:
you dont know it either ?
The term dynamic hostname is used in intermediate system routing.
Regards,
-sm
message, spamd is not listening on localhost.
Regards,
-sm
it with the domain?
There are three RCVD_IN_BSP_ rules for that.
Regards,
-sm
At 13:10 06-02-2009, Michael Scheidell wrote:
(ps, someone has a FP on whois_contactpriv)
Doesn't look like apache or espphotograpy.com or dslextreme.com
It's not a false positive. There was xxx.com in the message.
Regards,
-sm
Bayes to deal with that type of email.
Regards,
-sm
this mailing list will trigger their antispam
filters as the discussion is generally about spam.
Regards,
-sm
have to patch the code to do that.
Regards,
-sm
, post some samples on a
web site together with the rules that were hit.
Regards,
-sm
that technology certified for illegal content only? :-)
Sanesecurity could have been better protected against DDOS
attacks. They are a ripe target.
Regards,
-sm
who only receive mail from the
US or Europe, I'll point out that it also causes false positive for
that kind of mail traffic. As you mentioned above, the problem is
not really with Botnet plugin if we understand that it does not detect botnets.
Regards,
-sm
to hide the headers only, you can use the
TabooHeaders setting.
Regards,
-sm
At 18:40 08-01-2009, Evan Platt wrote:
For the THIRD time, SpamAssassin is not marking the mail as Spam.
Mailscanner is. You need to ask on a mailscanner list.
The footer at the bottom of the original message is a hint as to why
your advice won't be understood. :-)
Regards,
-sm
or reduce the score for autolearning
ham until you fix this problem.
As a quick fix, add a header rule to catch the
FreeCreditReports360.com in the From header.
Regards,
-sm
of the
message instead of the sender.
Regards,
-sm
the registrant information available from Whois and see
whether such domains regularly appear in spam or ham.
Regards,
-sm
checking the
signature is not enough.
Regards,
-sm
way. If
you want the simplest way, you can ignore these steps and face the
consequences when something goes wrong.
Regards,
-sm
as
the private key is secure and the signer still has your trust.
Regards,
-sm
are sharing
their code for free.If we need a specific feature or find a bug,
we can always send a patch. If you read the URL I posted previously,
you will see that the developers have been working on IPv6 support.
Regards,
-sm
At 11:51 02-12-2008, Marc Perkel wrote:
Tell me if you think this is a good idea.
Everything that helps to promote your business is a good idea. :-)
Regards,
-sm
. See
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=4964
Additionally, even when I get this working, I am unable to specify
ipv6 addresses to -A, either with or without square brackets.
That part of the code is IPv4 specific.
Regards,
-sm
the patch. You can either wait for
3.3 to be released or adapt that patch for your version of SpamAssassin.
Regards,
-sm
the -i parameter to specify the IPv6 address. The -A parameter
to specify the host which can connect to spamd and not the IP address
on which spamd should listen on.
Regards,
-sm
are
dealing with. Some educational institutions exchange a significant
amount of mail over IPv6. The amount of spam is still quite low or
non-existent for some.
Regards,
-sm
X messages or if your site has more than Y users?
Regards,
-sm
, the software interacting with
SpamAssassin will not get a negative or positive
response. The software might defer mail delivery
and retry later, hence causing a rescan.
Regards,
-sm
be
filtered twice.
Is that a correct assumption?
Yes.
So I'm probably wasting resources if my Spamassassin host is
configured as such?
Yes.
See http://wiki.apache.org/spamassassin/UsedViaProcmail for more
information about calling SpamAssassin from procmail.
Regards,
-sm
will pass the
message to the spamd daemon and get the result.
Regards,
-sm
. See whether your issue is OS specific.
Regards,
-sm
want to blacklist that host?
Regards,
-sm
on outbound mail
where the customer is relaying through your mail server.
Regards,
-sm
to catch them.
Regards,
-sm
by the SpamAssassin project (
http://wiki.apache.org/spamassassin/RuleUpdates ). The sought
rules ( http://wiki.apache.org/spamassassin/SoughtRules ) are quite
effective in catching fresh spam messages.
Regards,
-sm
preferences are
processed to determine where a message should be delivered. That
influenced the decision on discouraging CNAMEs in the data section of MX RRs.
My comment is not about bogusmx or antispam; it's about how to
determine in a reliable way where to deliver a message.
Regards,
-sm
as we are not arguing about the same thing.
Regards,
-sm
At 14:22 07-10-2008, David B Funk wrote:
I recently noticed that DNS_FROM_SECURITYSAGE was hitting everything.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5672
Regards,
-sm
.
Regards,
-sm
.)
There was a mailing list for a well-known open source project
originating legitimate SMTP traffic for a few days from a host
without reverse DNS. The reason was not sysadmin or ISP incompetence.
Regards,
-sm
the proxy. ie: export
http_proxy='http://proxy.example.com:8080/'
Regards,
-sm
works.
Regards,
-sm
At 08:58 22-09-2008, Matt wrote:
Everyone should block/defer ALL email with no reverse DNS. Then maybe
those email admins would get a clue.
Assuming you have signed up for that service, would you whitelist the
sending host or wait for the postmaster to get a clue?
Regards,
-sm
it is because the test is so far after
everything else though.
Even if your traffic patterns are different, the hit rates shouldn't
be that low. There would be a difference if your MTA uses a DNSBL to
reject or if you apply other pre-content filtering techniques.
Regards,
-sm
whether there are any errors.
Regards,
-sm
At 06:19 18-09-2008, Bowie Bailey wrote:
This works on Outlook, but header tests were not available in Outlook
Express the last time I checked.
In Outlook Express, you can have a rule for the Subject line.
Regards,
-sm
the hostname as a botnet client.
A bug reported has been posted for the second rule.
Regards,
-sm
benefit.
SpamAssassin, the software, is a mail filter to identify spam. It is
designed for easy integration into any email system. The cost to
develop such a software is estimated to be around US $1.1 million.
Regards,
-sm
1 - 100 of 328 matches
Mail list logo
