On 31.10.23 09:10, Linkcheck via users wrote:
Thanks, Matus. So nice when these little changes creep up on you. :)
I have merged the new OPTIONS with my old one...
OPTIONS="--create-prefs --nouser-config -4 -i 127.0.0.1
--max-children=5 --helper-home-dir=/var/lib/spamassassin -u
Matus UHLAR - fantomas skrev den 2023-10-31 11:48:
On 31.10.23 09:10, Linkcheck via users wrote:
Thanks, Matus. So nice when these little changes creep up on you. :)
I have merged the new OPTIONS with my old one...
OPTIONS="--create-prefs --nouser-config -4 -i 127.0.0.1
--max-children=5
> yes, although --create-prefs is useless when you use --nouser-config
Thanks. I'll look at the docs.
On 31.10.23 09:10, Linkcheck via users wrote:
Thanks, Matus. So nice when these little changes creep up on you. :)
I have merged the new OPTIONS with my old one...
OPTIONS="--create-prefs --nouser-config -4 -i 127.0.0.1
--max-children=5 --helper-home-dir=/var/lib/spamassassin -u
Thanks, Vincent. I hadn't spotted that.
Thanks, Matus. So nice when these little changes creep up on you. :)
I have merged the new OPTIONS with my old one...
OPTIONS="--create-prefs --nouser-config -4 -i 127.0.0.1 --max-children=5
--helper-home-dir=/var/lib/spamassassin -u debian-spamd"
I assume that's ok.
On 2023-10-30 16:45:31 +, Linkcheck via users wrote:
> I have just updated Debian to Bookworm in order to install SA 4. Very few
> problems so far but the postfix log is giving:
>
> "spamd: still running as root: user not specified with -u, not found, or set
> to root, falling back to nobody"
On 30.10.23 16:45, Linkcheck via users wrote:
I have just updated Debian to Bookworm in order to install SA 4. Very
few problems so far but the postfix log is giving:
"spamd: still running as root: user not specified with -u, not found,
or set to root, falling back to nobody"
I am not sure
On 2023-10-30 at 12:45:31 UTC-0400 (Mon, 30 Oct 2023 16:45:31 +)
Linkcheck via users
is rumored to have said:
I have just updated Debian to Bookworm in order to install SA 4. Very
few problems so far but the postfix log is giving:
"spamd: still running as root: user not specified with
I have just updated Debian to Bookworm in order to install SA 4. Very
few problems so far but the postfix log is giving:
"spamd: still running as root: user not specified with -u, not found, or
set to root, falling back to nobody"
I am not sure where to specify an appropriate user (and
On 2023-10-27 at 10:56:36 UTC-0400 (Fri, 27 Oct 2023 14:56:36 +)
DEMBLANS Mathieu
is rumored to have said:
Hi,
Anyone know if there is a way to request an external API throught a
spamsassassin plugin ?
There is no existing SA plugin which implements an interface to any
generic web API
On Friday 27 October 2023 at 17:07:41, John Hardin wrote:
> On Fri, 27 Oct 2023, Antony Stone wrote:
> > On Friday 27 October 2023 at 16:56:36, DEMBLANS Mathieu wrote:
> >> Hi,
> >> Anyone know if there is a way to request an external API throught a
> >> spamsassassin plugin ? It will be to
On Fri, 27 Oct 2023, Antony Stone wrote:
On Friday 27 October 2023 at 16:56:36, DEMBLANS Mathieu wrote:
Hi,
Anyone know if there is a way to request an external API throught a
spamsassassin plugin ? It will be to search an URL extracted by SA from a
body of a mail and check if it's referenced
On Friday 27 October 2023 at 16:56:36, DEMBLANS Mathieu wrote:
> Hi,
> Anyone know if there is a way to request an external API throught a
> spamsassassin plugin ? It will be to search an URL extracted by SA from a
> body of a mail and check if it's referenced with an API request on an
> external
Hi,
Anyone know if there is a way to request an external API throught a
spamsassassin plugin ?
It will be to search an URL extracted by SA from a body of a mail and check if
it's referenced with an API request on an external service (virustotal or
other).
We receive some mails with URL inside
Thanks, Matus, I'd just realized all that. :(
On 26/10/2023 4:03 pm, Bill Cole wrote:
Your SA installation is broken.
Well, I'd guessed that.
WelcomeListSubject is a new module in v4, replacing WhiteListSubject.
This is 3.4, so it should be referencing the old whitelist module.
If you have anything referencing it in a 3.4.6
On 2023-10-26 at 10:14:44 UTC-0400 (Thu, 26 Oct 2023 15:14:44 +0100)
Linkcheck via users
is rumored to have said:
I have just had reason to run --lint (first time in a week) and it
failed drastically. This is on an well-established postfix mail
server (but currently no real users) running
On 2023-10-26 at 10:14:44 UTC-0400 (Thu, 26 Oct 2023 15:14:44 +0100)
Linkcheck via users
is rumored to have said:
I have just had reason to run --lint (first time in a week) and it
failed drastically. This is on an well-established postfix mail server
(but currently no real users) running
I have just had reason to run --lint (first time in a week) and it
failed drastically. This is on an well-established postfix mail server
(but currently no real users) running 3.4.6 on Perl version 5.32.1 on
Debian Bullseye. Result of --lint is...
Oct 26 14:39:02.888 [121778] warn: plugin:
> Matus UHLAR - fantomas hat am 25.10.2023 16:11 CEST
> geschrieben:
>
>
> >Matus UHLAR - fantomas skrev den 2023-10-25 09:36:
> >>I have:
> >>50_scores.cf:score DKIM_VALID -0.1
> >>
> >>check if you really haven't set score for DKIM_VALID anywhere, since
> >>SA complains about it being
Matus UHLAR - fantomas skrev den 2023-10-25 09:36:
I have:
50_scores.cf:score DKIM_VALID -0.1
check if you really haven't set score for DKIM_VALID anywhere, since
SA complains about it being zero.
I guess this may cause DKIM_INVALID misfiring
On 25.10.23 13:08, Benny Pedersen wrote:
imho
Matus UHLAR - fantomas skrev den 2023-10-25 09:36:
I have:
50_scores.cf:score DKIM_VALID -0.1
check if you really haven't set score for DKIM_VALID anywhere, since SA
complains about it being zero.
I guess this may cause DKIM_INVALID misfiring
imho no, DKIM_INVALID have 0.1 in score, both
jdow skrev den 2023-10-25 09:07:
Methinks you have here a very good clue to set a non-zero value,
perhaps (most likely), a modest negative score.
change of that score is a fail on its own
use welcomelist_from_dkim instaed
Niels Kobschätzki skrev den 2023-10-25 08:46:
did you set score of DKIM_VALID do 0 ?
DKIM_VALID is not overwritten by any of my local rules. So I would
expect that this is the case. But even if I set for example
score DKIM_VALID 0
in local.cf there is no change
rules is loaded in
On 25.10.23 07:21, Niels Kobschätzki wrote:
>I'm having here a mail that scores as DKIM_INVALID. I tried sending the
> same mail to gmail for example and it tells me that DKIM is valid. Now I
> put it through "spamassassin -D" and I am even more baffled because the
> debug seems to say that
On 20231024 23:46:18, Niels Kobschätzki wrote:
Matus UHLAR - fantomas hat am 25.10.2023 08:16 CEST
geschrieben:
On 25.10.23 07:21, Niels Kobschätzki wrote:
I'm having here a mail that scores as DKIM_INVALID. I tried sending the
same mail to gmail for example and it tells me that DKIM is
> Matus UHLAR - fantomas hat am 25.10.2023 08:16 CEST
> geschrieben:
>
>
> On 25.10.23 07:21, Niels Kobschätzki wrote:
> >I'm having here a mail that scores as DKIM_INVALID. I tried sending the
> > same mail to gmail for example and it tells me that DKIM is valid. Now I
> > put it through
On 25.10.23 07:21, Niels Kobschätzki wrote:
I'm having here a mail that scores as DKIM_INVALID. I tried sending the
same mail to gmail for example and it tells me that DKIM is valid. Now I
put it through "spamassassin -D" and I am even more baffled because the
debug seems to say that DKIM is
Hi,
I'm having here a mail that scores as DKIM_INVALID. I tried sending the same
mail to gmail for example and it tells me that DKIM is valid. Now I put it
through "spamassassin -D" and I am even more baffled because the debug seems to
say that DKIM is valid but then scores as INVALID.
Any
On 2023-10-12 at 12:09:48 UTC-0400 (Thu, 12 Oct 2023 12:09:48 -0400)
George A. Theall via users
is rumored to have said:
In looking at the recent change to 60_welcomelist_auth.cf, I noticed
that the file has two sets of address patterns - one in
def_welcomelist_auth and the other in
In looking at the recent change to 60_welcomelist_auth.cf, I noticed
that the file has two sets of address patterns - one in
def_welcomelist_auth and the other in def_whitelist_auth - and that
they're not the same. Should they be?
~# perl -n -e 'print "$1\n" if
On 2023-10-12 at 10:24:11 UTC-0400 (Thu, 12 Oct 2023 10:24:11 -0400)
Ricky Boone
is rumored to have said:
Thank you. It was my mistake initially, as I was under the impression
that submitting unsolicited samples wasn't preferred, and was just
intending to raise awareness for others in case
Thank you. It was my mistake initially, as I was under the impression
that submitting unsolicited samples wasn't preferred, and was just
intending to raise awareness for others in case they see anything
similar.
Attached is evidence with redactions. Again, my apologies if the
original email
On 2023-10-11 at 22:02:22 UTC-0400 (Wed, 11 Oct 2023 22:02:22 -0400)
Ricky Boone
is rumored to have said:
My apologies.
The samples that I have contain email addresses that I am not at
liberty to share without redacting. If it's okay that there are
certain strings that are removed, I should
My apologies.
The samples that I have contain email addresses that I am not at
liberty to share without redacting. If it's okay that there are
certain strings that are removed, I should be able to make them
available. Is there a preferred method for getting this to you?
On Wed, Oct 11, 2023 at
On 2023-10-11 at 16:45:15 UTC-0400 (Wed, 11 Oct 2023 16:45:15 -0400)
Ricky Boone
is rumored to have said:
Just a heads up, it appears that usssa[.]com has had their SendGrid
email sending account popped, and a bad actor has been sending
phishing emails from it. The domain is defined in
Just a heads up, it appears that usssa[.]com has had their SendGrid
email sending account popped, and a bad actor has been sending
phishing emails from it. The domain is defined in
60_welcomelist_auth.cf with def_welcomelist_auth/def_whitelist_auth
entries with *@*.usssa.com.
Bi Bill, thanks for your reply.
Bill Cole wrote:
> Depending on the specific sort of analysis you are doing, it may be
> feasible to do it with a construct of SA rules, and that would avoid the
> housekeeping issues of how to integrate a 'preprocessor' with your
> existing MTA and whatever
On 2023-10-08 at 03:38:00 UTC-0400 (Sun, 8 Oct 2023 18:38:00 +1100)
Erik de Castro Lopo
is rumored to have said:
Hi,
I am in the process of writing a pre-processor for Spamassassin. It
would
be a pre-processor because I do not read or write Perl.
That would be a solid reason not to
Hi,
I am in the process of writing a pre-processor for Spamassassin. It would
be a pre-processor because I do not read or write Perl.
The I idea would be to analyse the each email and based on the analysis add
extra fields to the email header before passing the email to spamassassin
to do its
> https://www.irccloud.com/pastebin/XPl5OZ0y/sorbs.pl
>
> lets just test more dns fails, please fix qname, reduce zones that ends
> in same nameserver ip
>
Yes, seeing that here, too, for months and months.
Spamhaus also sucks real bad.
06-Oct-2023 13:57:12.880 resolver: loop detected resolving
https://www.irccloud.com/pastebin/XPl5OZ0y/sorbs.pl
lets just test more dns fails, please fix qname, reduce zones that ends
in same nameserver ip
On 10/6/2023 1:22 AM, Olivier wrote:
Hi,
Recently I have received a wave of mails in the form
From:word-olivier@somewhere.random
To:oliv...@mydomain.com
Where the "olivier" part is a valid username on my domain.
Is there a rule to catch these with SA?
SA does not have any way to know what
Hi,
>> Recently I have received a wave of mails in the form
>> From: word-olivier@somewhere.random
>> To: oliv...@mydomain.com
>>
>> Where the "olivier" part is a valid username on my domain.
>>
>> Is there a rule to catch these with SA?
>
> SA does not have any way to know what the valid
Thank you, the VM-x-yy-centos.localdomain did the trick.
Best regards,
Olivier
"George A. Theall via users" writes:
> On Thu, Oct 05, 2023 at 02:41:59PM +0700, Olivier wrote:
>
>>Recently I have received a wave of mails in the form
>>From: word-olivier@somewhere.random
>>To:
On Thu, Oct 05, 2023 at 02:41:59PM +0700, Olivier wrote:
Recently I have received a wave of mails in the form
From: word-olivier@somewhere.random
To: oliv...@mydomain.com
Where the "olivier" part is a valid username on my domain.
Is there a rule to catch these with SA?
I've been seeing
On Thu, Oct 05, 2023 at 03:15:31PM -0400, Bill Cole wrote:
> On 2023-10-05 at 03:41:59 UTC-0400 (Thu, 05 Oct 2023 14:41:59 +0700)
> Olivier is rumored to have said:
>
> > Recently I have received a wave of mails in the form
> > From: word-olivier@somewhere.random
> > To: oliv...@mydomain.com
> >
On 2023-10-05 at 03:41:59 UTC-0400 (Thu, 05 Oct 2023 14:41:59 +0700)
Olivier
is rumored to have said:
Hi,
Recently I have received a wave of mails in the form
From: word-olivier@somewhere.random
To: oliv...@mydomain.com
Where the "olivier" part is a valid username on my domain.
Is there a
Hi,
Recently I have received a wave of mails in the form
From: word-olivier@somewhere.random
To: oliv...@mydomain.com
Where the "olivier" part is a valid username on my domain.
Is there a rule to catch these with SA?
Best regards,
Olivier
--
On Tue, 3 Oct 2023, Noel Butler wrote:
72_active.cf/STY_INVIS_DIRECT
Invisible styling is sadly fairly common in legit commercial emails. Sigh.
This should only hit on direct-to-MX emails. Are the hits coming from
sources that strip internal topology history so that they look like the
mail
72_active.cf/STY_INVIS_DIRECT
Anyone else seeing this go haywire?
It's triggering on legit emails everywhere, even from paypal, for past
few days by looks of helpdesk, and my own paypal email this morning, 2.5
score is pushing a lot of Email into "Junk folders", for now I'ma change
that
Hello,
On Sat, Sep 30, 2023 at 11:52:13AM -0400, Jared Hall wrote:
> On 9/29/2023 10:59 AM, Andy Smith wrote:
> > 3.4.2. I know, it's ancient. An upgrade is planned but I'd still
> > like to know what the behaviour is. I understand if no one wants to
> > help and if so I might come back with
On 9/29/2023 10:59 AM, Andy Smith wrote:
Just native SA in spamd mode.
3.4.2. I know, it's ancient. An upgrade is planned but I'd still
like to know what the behaviour is. I understand if no one wants to
help and if so I might come back with questions after an upgrade.
My distro packages
Sorry, I didn't change the subject line when I posted this.
On 9/29/2023 12:41 PM, Mark London wrote:
Hi - Can anyone tell me why the following email header triggered
DKIM_SIGNED and DKIM_VALID, yet I don't see a DKIM header line?
Strangely, if I run spamassassin from the command line on the
On 9/29/2023 1:47 PM, Reindl Harald (gmail) wrote:
Am 29.09.23 um 19:37 schrieb Bill Cole:
Strangely, if I run spamassassin from the command line on the
message, DKIM_SIGNED is not triggered. SpamAssassin version 3.4.6
Oh. So you've let a piece of security software go most of year after
On 29.09.23 12:41, Mark London wrote:
Hi - Can anyone tell me why the following email header triggered
DKIM_SIGNED and DKIM_VALID, yet I don't see a DKIM header line?
Strangely, if I run spamassassin from the command line on the message,
DKIM_SIGNED is not triggered. SpamAssassin version
On 2023-09-29 at 12:41:42 UTC-0400 (Fri, 29 Sep 2023 12:41:42 -0400)
Mark London
is rumored to have said:
Hi - Can anyone tell me why the following email header triggered
DKIM_SIGNED and DKIM_VALID, yet I don't see a DKIM header line?
Unlikely. That would probably require an unmodified copy
Hi - Can anyone tell me why the following email header triggered
DKIM_SIGNED and DKIM_VALID, yet I don't see a DKIM header line?
Strangely, if I run spamassassin from the command line on the message,
DKIM_SIGNED is not triggered. SpamAssassin version 3.4.6
(Note, I truncated the
Hello,
On Thu, Sep 28, 2023 at 09:08:30PM -0400, Jared Hall wrote:
> 1) Are you using native SA or the spamhaus-dqs plugin?
Just native SA in spamd mode.
> 2) What version of SpamAssassin?
3.4.2. I know, it's ancient. An upgrade is planned but I'd still
like to know what the behaviour is. I
On 9/27/23 2:15 PM, Andy Smith wrote:
Hi,
Hi,
The IP address of a supplier is currently listed by Spamhaus
SBL-CSS.
Oops.
How would I go about allowlisting this IP address against DNSBL
hits? Ideally for a specified range of from addresses and/or
envelope senders, but for every sender if
On 9/28/2023 8:39 AM, Andy Smith wrote:
Hello,
On Thu, Sep 28, 2023 at 06:48:54AM -0400, Jared Hall wrote:
Do you mind if I redirect the below back onto the spamassassin list
and respond to it there?
Well I was going to do that, but fair enough!
On Thu, Sep 28, 2023 at 12:02:47AM -0400,
On 27/09/2023 12:31, Bill Cole wrote:
Quarantine is a silly concept. Users hate it in practice.
Citation please?
My experiences over the many years differ
SpamAssassin does not implement any form of quarantine. This is not
because it's a bad idea, but because SA doesn't implement ANY
Hello,
On Thu, Sep 28, 2023 at 06:48:54AM -0400, Jared Hall wrote:
> Do you mind if I redirect the below back onto the spamassassin list
> and respond to it there?
Well I was going to do that, but fair enough!
> On Thu, Sep 28, 2023 at 12:02:47AM -0400, Jared Hall wrote:
> > SpamAssassin
Hi Jared,
Do you mind if I redirect the below back onto the spamassassin list
and respond to it there?
I'm concerned that I might have a configuration error if a DNSBL
check was done against an IP from a Received header that wasn't the
last external one, as you mention.
Thanks,
Andy
On Thu,
Hi,
The IP address of a supplier is currently listed by Spamhaus
SBL-CSS.
This is not directly causing me to reject their emails,
because they are actually sending out through Mimecast. However,
SpamAssassin is finding that IP in the headers as the Received line
*before* Mimecast's, i.e. their
On 2023-09-26 at 20:42:28 UTC-0400 (Tue, 26 Sep 2023 20:42:28 -0400)
Alex
is rumored to have said:
Hi,
All the way back in 2016, RW posted these rules on pastebin for DMARC,
before it was part of SA proper:
https://pastebin.com/gr41CvCc
Is this effectively what's been implemented in functions
Hi,
All the way back in 2016, RW posted these rules on pastebin for DMARC,
before it was part of SA proper:
https://pastebin.com/gr41CvCc
Is this effectively what's been implemented in functions in the latest SA?
The scores from the above are a lot more aggressive than what's currently
in SA
Il 21/09/2023 14:14, roughnecks via users ha scritto:
Hello,
I just reinstalled spamassassin and spamc on Debian 12 after I had
removed it before upgrading to Bookwork.
Now when I try to start the service, no utit is found:
systemctl start spamassassin.service
Failed to start
Hello,
I just reinstalled spamassassin and spamc on Debian 12 after I had
removed it before upgrading to Bookwork.
Now when I try to start the service, no utit is found:
systemctl start spamassassin.service
Failed to start spamassassin.service: Unit spamassassin.service not found.
If I
On Friday, September 15, 2023 15:34, Giovanni wrote:
On 9/14/23 17:01, Pedro David Marco wrote:
The same happens with other HTML tags...
do you have a spample to share (public or privately) ?
I am happy to confirm that revision 1912414 is working great and fixes the
problem.
Grazie
On Fri, 15 Sep 2023, Bill Cole wrote:
On 2023-09-14 at 11:01:37 UTC-0400 (Thu, 14 Sep 2023 15:01:37 + (UTC))
Pedro David Marco via users
is rumored to have said:
The same happens with other HTML tags...
<=
DEFANGED_IMG src= can be replaced with <=
DEFANGED_IMG xyz/src=
virtually
For over a week, we've had too few mass-scan submissions for RuleQA to
run properly.
If you normally submit your logs, please confirm that your process is
functional.
If you would like to participate in the RuleQA process by submitting
scan results, see the wiki for how to do so.
--
> >> >>Anyone have any experience with a dns blacklist specific to known smtp
> >> >>auth abuse?
>
> >> On 15.09.23 17:51, Benny Pedersen wrote:
> >> >spamrats ?
> >> >
> >> >https://www.spamrats.com/
>
> >> I have bad experiente with spam rats and thus wouldn't recommend using
> >> them.
> >>
>Marc skrev den 2023-09-15 17:01:
>>Anyone have any experience with a dns blacklist specific to known smtp
>>auth abuse?
On 15.09.23 17:51, Benny Pedersen wrote:
>spamrats ?
>
>https://www.spamrats.com/
I have bad experiente with spam rats and thus wouldn't recommend using
them.
YMMV of
Marc skrev den 2023-09-15 23:57:
>Marc skrev den 2023-09-15 17:01:
>>Anyone have any experience with a dns blacklist specific to known smtp
>>auth abuse?
On 15.09.23 17:51, Benny Pedersen wrote:
>spamrats ?
>
>https://www.spamrats.com/
I have bad experiente with spam rats and thus wouldn't
> >Marc skrev den 2023-09-15 17:01:
> >>Anyone have any experience with a dns blacklist specific to known smtp
> >>auth abuse?
>
> On 15.09.23 17:51, Benny Pedersen wrote:
> >spamrats ?
> >
> >https://www.spamrats.com/
>
> I have bad experiente with spam rats and thus wouldn't recommend using
>
Marc skrev den 2023-09-15 17:01:
Anyone have any experience with a dns blacklist specific to known smtp
auth abuse?
On 15.09.23 17:51, Benny Pedersen wrote:
spamrats ?
https://www.spamrats.com/
I have bad experiente with spam rats and thus wouldn't recommend using them.
YMMV of course.
--
> > Anyone have any experience with a dns blacklist specific to known smtp
> > auth abuse?
>
> spamrats ?
>
> https://www.spamrats.com/
yes thanks! this RATS-Auth maybe
Riccardo Alfieri skrev den 2023-09-15 18:23:
On 15/09/23 17:51, Reindl Harald (privat) wrote:
limit the connections per hour on smtp-ports with iptables xt_recent
and configure postfix properly
anvil_rate_time_unit = 1800s
smtpd_client_connection_rate_limit = 100
On 15/09/23 17:51, Reindl Harald (privat) wrote:
limit the connections per hour on smtp-ports with iptables xt_recent
and configure postfix properly
anvil_rate_time_unit = 1800s
smtpd_client_connection_rate_limit = 100
smtpd_client_recipient_rate_limit = 400
On 15/09/23 17:49, Marc wrote:
Is this a freely available list?
It's included in all DQS accounts, free ones too
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
Marc skrev den 2023-09-15 17:01:
Anyone have any experience with a dns blacklist specific to known smtp
auth abuse?
spamrats ?
https://www.spamrats.com/
>
> >
> > On 15.09.23 15:31, Riccardo Alfieri wrote:
> >> Yes, at previous $dayjob. Applied on the submission MSA, it proved to
> >> be useful in mitigating the fallout when users got their credentials
> >> compromised.
> >
> > can you describe it more?
> >
> Well, I checked the connecting IP
On 15/09/23 17:35, Matus UHLAR - fantomas wrote:
On 15.09.23 15:31, Riccardo Alfieri wrote:
Yes, at previous $dayjob. Applied on the submission MSA, it proved to
be useful in mitigating the fallout when users got their credentials
compromised.
can you describe it more?
Well, I checked the
On 15/09/23 17:01, Marc wrote:
Anyone have any experience with a dns blacklist specific to known smtp auth
abuse?
On 15.09.23 15:31, Riccardo Alfieri wrote:
Yes, at previous $dayjob. Applied on the submission MSA, it proved to
be useful in mitigating the fallout when users got their
On 15/09/23 17:01, Marc wrote:
Anyone have any experience with a dns blacklist specific to known smtp auth
abuse?
Yes, at previous $dayjob. Applied on the submission MSA, it proved to be
useful in mitigating the fallout when users got their credentials
compromised.
--
Best regards,
Anyone have any experience with a dns blacklist specific to known smtp auth
abuse?
On 2023-09-14 at 11:01:37 UTC-0400 (Thu, 14 Sep 2023 15:01:37 +
(UTC))
Pedro David Marco via users
is rumored to have said:
The same happens with other HTML tags...
so, with Giovanni permission, i tighten the nut 1 more turn
(limiting to 100 chars to prevent Regex Self-DOS)
rawbody
On 9/14/23 17:01, Pedro David Marco wrote:
The same happens with other HTML tags...
do you have a spample to share (public or privately) ?
Thanks
Giovanni
so, with Giovanni permission, i tighten the nut 1 more turn (limiting to 100
chars to prevent Regex Self-DOS)
rawbody
The same happens with other HTML tags...
so, with Giovanni permission, i tighten the nut 1 more turn (limiting to 100
chars to prevent Regex Self-DOS)
rawbody BADHREF /<(a|img|video)[^>]{0,100}\/(src|href)\=/
Pete.
On Thursday, September 14, 2023 at 04:37:15 PM GMT+2,
wrote:
On 9/14/23 16:24, Bill Cole wrote:
On 2023-09-14 at 04:37:03 UTC-0400 (Thu, 14 Sep 2023 17:37:03 +0900)
Joe Wein via users
is rumored to have said:
I filed a bug for this issue on Bugzilla (#8186) but so far no response from
developers.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8186
On 2023-09-14 at 04:37:03 UTC-0400 (Thu, 14 Sep 2023 17:37:03 +0900)
Joe Wein via users
is rumored to have said:
I filed a bug for this issue on Bugzilla (#8186) but so far no
response from developers.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8186
FWIW, I've thought about it a
Joe Wein via users skrev den 2023-09-14 10:37:
This means even if the bad site is listed on domain RBLs (SURBL,
Spamhaus or URIBL), the mail is not tagged for that.
should sa maybe begin using HtmlTidi
https://metacpan.org/dist/Perl-Tidy/view/lib/Perl/Tidy.pod
i have samples with src=""
I filed a bug for this issue on Bugzilla (#8186) but so far no response from
developers.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8186
We're seeing literally millions of phishing spams from Tencent VMs in
Singapore targeting mostly Amazon Japan that are getting around SA checks
On 2023-09-12 at 12:44:31 UTC-0400 (Tue, 12 Sep 2023 18:44:31 +0200)
Matus UHLAR - fantomas
is rumored to have said:
On 11.09.23 10:35, D Benham wrote:
Ok, I need some guidance. I am getting a lot of this:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The
query to URIBL was blocked.
On 11.09.23 10:35, D Benham wrote:
Ok, I need some guidance. I am getting a lot of this:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to
URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
On 2023-09-12 at 02:51:46 UTC-0400 (Tue, 12 Sep 2023 08:51:46 +0200)
Matus UHLAR - fantomas
is rumored to have said:
On 11.09.23 10:35, D Benham wrote:
Ok, I need some guidance. I am getting a lot of this:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query
to URIBL was blocked.
On 11.09.23 17:15, AJ Weber wrote:
I realize this is very much an "it depends", but recently I'm
getting a lot of messages bypassing spamc because they're a few KB
over the default, 500KB limit (spamassassin 3.4.x).
Can I bump this to maybe 750KB, and if so, will spamc read that from
one of
On 11.09.23 10:35, D Benham wrote:
Ok, I need some guidance. I am getting a lot of this:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL
was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
601 - 700 of 105379 matches
Mail list logo
