On 11.09.23 17:15, AJ Weber wrote:
I realize this is very much an "it depends", but recently I'm getting
a lot of messages bypassing spamc because they're a few KB over the
default, 500KB limit (spamassassin 3.4.x).
Can I bump this to maybe 750KB, and if so, will spamc read that from
one of
Many RBLs have policies in place against open resolvers, such as
Google DNS, OpenDNS, etc. You're on the right track, you need a local
resolver that is configured to query directly to the authoritative DNS
server.
Unbound, or any local resolver, would need to be configured to use
root hints to
AJ Weber writes:
> I realize this is very much an "it depends", but recently I'm getting
> a lot of messages bypassing spamc because they're a few KB over the
> default, 500KB limit (spamassassin 3.4.x).
That is way way too small now.
I would go to at least 8 MB.
I realize this is very much an "it depends", but recently I'm getting a
lot of messages bypassing spamc because they're a few KB over the
default, 500KB limit (spamassassin 3.4.x).
Can I bump this to maybe 750KB, and if so, will spamc read that from one
of my .pre files, or do I have to
On 9/11/23 10:35 AM, D Benham wrote:
Ok, I need some guidance. I am getting a lot of this:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL
was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
Ok, I need some guidance. I am getting a lot of this:
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL
was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
0.0
X-Spam-Status Yes, score=14.001 tagged_above=-999 required=5
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, KAM_SEX_EXPLICIT=16,
RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001,
SPF_HELO_PASS=-0.1, SPF_PASS=-0.1,
Thank you for the explanation. Makes sense now.
On Wednesday, August 30, 2023 at 02:55:50 PM CDT, Bill Cole
wrote:
On 2023-08-30 at 15:14:15 UTC-0400 (Wed, 30 Aug 2023 19:14:15 +
(UTC))
Denny Jones via users
is rumored to have said:
> Hello,
> I have looked high and low and
Typo, I meant to say I was on SA 3.4.6.
On Wed, Aug 30, 2023, 3:22 PM Ricky Boone wrote:
> Something I noticed on a set of emails that were reported to me.
>
> I have custom rules to look out for certain names in From:name. The
> messages should have been caught by them, however upon
On 2023-08-30 at 15:14:15 UTC-0400 (Wed, 30 Aug 2023 19:14:15 +
(UTC))
Denny Jones via users
is rumored to have said:
Hello,
I have looked high and low and can't find an explanation for
multi-level scoring:
score SCC_CANSPAM_2 3.799 0.001 3.799 0.00
What does this mean?
In
Denny,
If you read the fine manual for the spamassassin configuration file, in section
for 'score SYMBOLIC_TEST_NAME n.nn [ n.nn n.nn n.nn ]'
You'll see:
If only one valid score is listed, then that score is always used for a test.
If four valid scores are listed, then the score that
Something I noticed on a set of emails that were reported to me.
I have custom rules to look out for certain names in From:name. The
messages should have been caught by them, however upon inspection the
name was UTF-8 encoded, and included a character that doesn't seem to
render, but interferes
Hello,
I have looked high and low and can't find an explanation for multi-level
scoring:
score SCC_CANSPAM_2 3.799 0.001 3.799 0.00
What does this mean?
In my simplistic way of doing things I would write this as:
score SCC_CANSPAM_2 3.799
Thanks for helping clear the mud in my
Hello! Registration is still open for the upcoming Community Over Code
NA event in Halifax, NS! We invite you to register for the event
https://communityovercode.org/registration/
Apache Committers, note that you have a special discounted rate for the
conference at US$250. To take advantage of
On Thu, 24 Aug 2023, Matus UHLAR - fantomas wrote:
On 23.08.23 15:24, Benny Pedersen wrote:
# test for empty src="" or empty href=""
rawbody __HREF_EMPTY /href=\"\"/
rawbody __SRC_EMPTY /src=\"\"/
meta LOCAL_BADLY_HTML (__HREF_EMPTY || __SRC_EMPTY)
describe LOCAL_BADLY_HTML Meta: __HREF_EMPTY
Hi,
On Wed, Aug 23, 2023 at 06:14:45PM -0700, John Hardin wrote:
> On Wed, 23 Aug 2023, Andy Smith wrote:
> > On Wed, Aug 23, 2023 at 03:24:22PM +0200, Benny Pedersen wrote:
> > > # test for empty src="" or empty href=""
> > > rawbody __HREF_EMPTY /href=\"\"/
> > > rawbody __SRC_EMPTY /src=\"\"/
On 23.08.23 15:24, Benny Pedersen wrote:
# test for empty src="" or empty href=""
rawbody __HREF_EMPTY /href=\"\"/
rawbody __SRC_EMPTY /src=\"\"/
meta LOCAL_BADLY_HTML (__HREF_EMPTY || __SRC_EMPTY)
describe LOCAL_BADLY_HTML Meta: __HREF_EMPTY || __SRC_EMPTY
score LOCAL_BADLY_HTML 3 3 3 3
too
On Wed, 23 Aug 2023, Benny Pedersen wrote:
# test for empty src="" or empty href=""
rawbody __HREF_EMPTY /href=\"\"/
rawbody __SRC_EMPTY /src=\"\"/
meta LOCAL_BADLY_HTML (__HREF_EMPTY || __SRC_EMPTY)
describe LOCAL_BADLY_HTML Meta: __HREF_EMPTY || __SRC_EMPTY
score LOCAL_BADLY_HTML 3 3 3 3
On Wed, 23 Aug 2023, Andy Smith wrote:
Hello,
On Wed, Aug 23, 2023 at 03:24:22PM +0200, Benny Pedersen wrote:
# test for empty src="" or empty href=""
rawbody __HREF_EMPTY /href=\"\"/
rawbody __SRC_EMPTY /src=\"\"/
I checked this against about 80k of my recent personal emails and it
matched
Hello,
On Wed, Aug 23, 2023 at 03:24:22PM +0200, Benny Pedersen wrote:
> # test for empty src="" or empty href=""
> rawbody __HREF_EMPTY /href=\"\"/
> rawbody __SRC_EMPTY /src=\"\"/
I checked this against about 80k of my recent personal emails and it
matched quite a lot of previously not found
Denny Jones via users skrev den 2023-08-23 19:41:
Just a question about the scoring...
+1
What does the 4 "3's" mean at the end of the score?
if just one score is giving, its defaults to all score sets, but if 4 3
is defined, its basicly same on all score sets :)
i just lost what the
Just a question about the scoring...
What does the 4 "3's" mean at the end of the score?
I would have written it like this:score LOCAL_BADLY_HTML 3.0
On Wednesday, August 23, 2023 at 08:24:39 AM CDT, Benny Pedersen
wrote:
# test for empty src="" or empty href=""
rawbody
# test for empty src="" or empty href=""
rawbody __HREF_EMPTY /href=\"\"/
rawbody __SRC_EMPTY /src=\"\"/
meta LOCAL_BADLY_HTML (__HREF_EMPTY || __SRC_EMPTY)
describe LOCAL_BADLY_HTML Meta: __HREF_EMPTY || __SRC_EMPTY
score LOCAL_BADLY_HTML 3 3 3 3
too much spams in hotmail
On 2023-08-22 at 16:18:43 UTC-0400 (Tue, 22 Aug 2023 13:18:43 -0700)
D Benham
is rumored to have said:
Hello,
I saw this question out on the 'Net and thought I'd post it here. I
can see a few false positives besides the OP's BCC that could arise,
but it still seems like it's a logical
Hello,
I saw this question out on the 'Net and thought I'd post it here. I can
see a few false positives besides the OP's BCC that could arise, but it
still seems like it's a logical check that should have been done before.
Is there a way to compare the RCPT TO address to the addresses in
Hi,
>
> Aug 19 23:02:27 xavier amavis[3615]: (03615-10) _WARN: Use of
> uninitialized value $result in string eq at
> /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
>
>292 sub check_authres_result {
>293my ($self, $pms, $method, $wanted_result) = @_;
>
On 2023-08-19 at 23:07:48 UTC-0400 (Sat, 19 Aug 2023 23:07:48 -0400)
Alex
is rumored to have said:
Hi,
Just upgraded to fedora38, using the spamassassin included with it and
have
the following warning:
Aug 19 23:02:27 xavier amavis[3615]: (03615-10) _WARN: Use of
uninitialized
value
Hi,
Just upgraded to fedora38, using the spamassassin included with it and have
the following warning:
Aug 19 23:02:27 xavier amavis[3615]: (03615-10) _WARN: Use of uninitialized
value $result in string eq at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
292 sub
On 8/16/2023 8:15 AM, Hansa via users wrote:
Hi,
Trying to upgrade Mail::SpamAssassin via cpan but I get "spam_pid not
found" errors (see debug.log).
# ps ax | grep `cat /var/run/spamd.pid
73673 ? Ss 0:04 /usr/bin/perl -T -w /usr/sbin/spamd -d
--pidfile=/run/spamd.pid
On 2023-08-16 at 09:40:01 UTC-0400 (Wed, 16 Aug 2023 15:40:01 +0200)
Hansa via users
is rumored to have said:
What do you exactly mean by "removing the option in the startup unit"?
I'm not running spamd via a socket.
PLEASE IGNORE THE TROLL.
Harald Reindl has been banned from this mailing
What do you exactly mean by "removing the option in the startup unit"?
I'm not running spamd via a socket.
I commented out "PIDFILE="/var/run/spamd.pid" in default/spamassassin.
Test still results in timeout.
t/sa_check_spamd.t spam_pid not found: Sleeping 5 -
Retry # 19
Unfortunately this is not the solution.
/run/spamd.pid exists and contains the same pid as /var/run/spamd.pid.
It is created when starting the spamd service.
On 16-08-2023 14:34, bOnK wrote:
# ps ax | grep `cat */var/run/spamd.pid *
73673 ? Ss 0:04 /usr/bin/perl -T -w
Hi,
Trying to upgrade Mail::SpamAssassin via cpan but I get "spam_pid not
found" errors (see debug.log).
# ps ax | grep `cat /var/run/spamd.pid
73673 ? Ss 0:04 /usr/bin/perl -T -w /usr/sbin/spamd -d
--pidfile=/run/spamd.pid --create-prefs --max-children 5
--helper-home-dir
I am blind, thought I wrote to the apache list, thanks
>
> This has nothing to do with SpamAssassin. Maybe you'll find better
> responses somewhere focused on web server stuff...
>
>
> On 2023-08-12 at 11:13:29 UTC-0400 (Sat, 12 Aug 2023 15:13:29 +)
> Marc
> is rumored to have said:
>
This has nothing to do with SpamAssassin. Maybe you'll find better
responses somewhere focused on web server stuff...
On 2023-08-12 at 11:13:29 UTC-0400 (Sat, 12 Aug 2023 15:13:29 +)
Marc
is rumored to have said:
I was wondering if it is possible to allow general access to an url
after
I was wondering if it is possible to allow general access to an url after some
account authenticated for this url. Without the necessity to adapt the web
application for this
Say we have closed https://www.example.com/webapp with something like
Require valid-user
Order deny,allow
Deny from
On 2023-08-09 at 16:05:49 UTC-0400 (Wed, 9 Aug 2023 16:05:49 -0400)
Alex
is rumored to have said:
Hi all, anyone else having problems with unsubscore?
They have a long history of not working reliably. Long ago SA had a
RCVD_IN_UBL rule, but it was disabled many years ago because it was
Hi all, anyone else having problems with unsubscore?
Aug 9 15:57:41 polaris postfix-126/dnsblog[3671494]: warning:
dnsblog_query: lookup error for DNS query 154.51.76.80.ubl.unsubscore.com:
Host or domain name not found. Name service error for name=
154.51.76.80.ubl.unsubscore.com type=A: Host
> >> Yes, score=17.228 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
> >> DKIM_VALID=-0.1, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001,
> >> KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_HUGEIMGSRC=0.2,
> >> KAM_SHORT=0.001, MIME_HTML_MOSTLY=0.1, MPART_ALT_DIFF=0.724,
> >>
On 8/9/2023 6:59 AM, Marc wrote:
Yes, score=17.228 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001,
KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_HUGEIMGSRC=0.2,
KAM_SHORT=0.001, MIME_HTML_MOSTLY=0.1, MPART_ALT_DIFF=0.724,
On 8/9/2023 6:59 AM, Marc wrote:
Yes, score=17.228 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001,
KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_HUGEIMGSRC=0.2,
KAM_SHORT=0.001, MIME_HTML_MOSTLY=0.1, MPART_ALT_DIFF=0.724,
>
> Yes, score=17.228 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
> DKIM_VALID=-0.1, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001,
> KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_HUGEIMGSRC=0.2,
> KAM_SHORT=0.001, MIME_HTML_MOSTLY=0.1, MPART_ALT_DIFF=0.724,
>
Yes, score=17.228 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001,
KAM_BODY_URIBL_PCCC=9, KAM_FROM_URIBL_PCCC=9, KAM_HUGEIMGSRC=0.2,
KAM_SHORT=0.001, MIME_HTML_MOSTLY=0.1, MPART_ALT_DIFF=0.724,
RCVD_IN_DNSWL_NONE=-0.0001,
Hello,
perhaps try setting
report_safe 0
Then, according to the documentation at ‘man Mail::SpamAssassin::Conf’,
a header ‘X-Spam-Report’ will be added that might just be what you need.
Hi,
It looks like I am using SA 4.0.0 on Ubuntu 23.x. I have looked for an
answer in Google-pedia, and it either does not exist or I am not able to
figure out the correct search term.
Is there a way to get a "spam report" or "expanded spam headers" from
spamassassin included in the
It is like a man that goes to a bookstore and asks: "Do you have books on how
to make friends, you fucking clerk?"
:-
Pedro.
(Sorry for the ugly word)
On Saturday, August 5, 2023 at 08:53:09 PM GMT+2, Kevin A. McGrail
wrote:
Reindl is the definition of something I learned decades
On 8/6/23 12:04 AM, David B Funk wrote:
For the most part they can be pretty much interchangeable but slight
shading:
EC -> alignment: neutral/chaotic
T -> alignment: evil
IE an EC can be unpredictable and occasionally positive but at a cost
T is pretty predictability undesirable
Ah ha!
On Sat, 5 Aug 2023, Grant Taylor via users wrote:
On 8/5/23 6:42 PM, Martin Gregorie wrote:
Yes given that he is
Sorry, I as asking for differences between Energy Creatures and Trolls.
I agree with your advice about the particular EC / T.
I'm still trying to understand the conceptual
On 8/5/23 6:42 PM, Martin Gregorie wrote:
Yes given that he is
Sorry, I as asking for differences between Energy Creatures and Trolls.
I agree with your advice about the particular EC / T.
I'm still trying to understand the conceptual difference between an EC
and a T or if they are synonyms
On Sat, 2023-08-05 at 14:06 -0500, Grant Taylor via users wrote:
> On 8/5/23 1:51 PM, Kevin A. McGrail wrote:
> > REDACTED is the definition of something I learned decades ago as an
> > energy
> > creature.
>
> Is there anything to differentiate an Energy Creature from a Troll?
>
Yes given that
> On Aug 5, 2023, at 3:09 PM, Charles Sprickman wrote:
>
>
>
>> On Aug 5, 2023, at 2:51 PM, Kevin A. McGrail wrote:
>>
>> Reindl is the definition of something I learned decades ago as an energy
>> creature.
>>
>> DNFTEC is an acronym to live by. Suggested reading:
>>
> On Aug 5, 2023, at 2:51 PM, Kevin A. McGrail wrote:
>
> Reindl is the definition of something I learned decades ago as an energy
> creature.
>
> DNFTEC is an acronym to live by. Suggested reading:
> http://www.cryonet.org/cgi-bin/dsp.cgi?msg=6284
You might enjoy this clip from "What We
going back to 3.4.6 as now until 4.0.1 is released, in amavisd logs hits
is always - with imho means spamtest is skipped, can you verify sa trunk
does work still with amavisd ?
On 8/5/23 1:51 PM, Kevin A. McGrail wrote:
REDACTED is the definition of something I learned decades ago as an energy
creature.
Is there anything to differentiate an Energy Creature from a Troll?
The tricky thing about this particular ${ENTITY} is that they are
seemingly on topic and seem to
Reindl is the definition of something I learned decades ago as an energy
creature.
DNFTEC is an acronym to live by. Suggested reading:
http://www.cryonet.org/cgi-bin/dsp.cgi?msg=6284
KAM
On Sat, Aug 5, 2023, 13:24 Grant Taylor via users <
users@spamassassin.apache.org> wrote:
> On 8/5/23 8:04
On 8/5/23 12:23 PM, Grant Taylor via users wrote:
The catch is that he keeps tripping up people that have not had the ...
experience of dealing with him and thus have not ... quieted him yet.
For those of you that have started filtering someone -- who I'm not
going to name -- ${HE} has
On 8/5/23 8:04 AM, Ralph Seichter wrote:
Well, that is what local mail killfiles are for. The world is sadly
full of morons, but one does not necessarily have to accept mail
from them.
Agreed.
The catch is that he keeps tripping up people that have not had the ...
experience of dealing with
* Grant Taylor via users:
> He /is/ blocked from from sending messages to / through the mailing
> list.
This is also what happened to him on the Postfix mailing list, and
rightly so. It has been many years.
> Here's the thing. He is sending his reply /around/ the list --
> apparently -- so
On Fri, Aug 04, 2023 at 08:38:24AM -0500, Thomas Cameron wrote:
> It was a typo, sorry. I have a cron job that uses --spam against the spam
> folder, and --ham against the ham folder. I just copied and pasted poorly.
> This is the actual script for my account:
>
> [thomas.cameron@mail-east ~]$
On 8/4/23 02:15, Sean Greenslade wrote:
On Wed, Aug 02, 2023 at 04:17:22PM -0500, Thomas Cameron via users wrote:
On 8/2/23 15:52, David B Funk wrote:
I have the users move spam to an imap folder, and then run (via the user's
cron job):
sa-learn --mbox --spam /home/[username]/mail/spam
On Wed, Aug 02, 2023 at 04:17:22PM -0500, Thomas Cameron via users wrote:
> On 8/2/23 15:52, David B Funk wrote:
>
>
>
> I have the users move spam to an imap folder, and then run (via the user's
> cron job):
>
> sa-learn --mbox --spam /home/[username]/mail/spam
>
> If something is flagged as
Having myself been through what Thomas is appologizing for, I have some
comments on what Reindl H. is doing.
On 8/3/23 3:06 PM, Ken D'Ambrosio wrote:
I ... think he should be blocked.
He /is/ blocked from from sending messages to / through the mailing list.
I've been online for over 40
On Thu, 3 Aug 2023, Ken D'Ambrosio wrote:
On 2023-08-02 15:49, Loren Wilton wrote:
I've blocked him on my mail server, as well.
I don't
know that I'd block him, but you do need to take anything he says
witha few horselicks of salt.
I (who have almost nothing to contribute to
On 2023-08-02 15:49, Loren Wilton wrote:
I've blocked him on my mail server, as well.
I don't
know that I'd block him, but you do need to take anything he says
witha few horselicks of salt.
I (who have almost nothing to contribute to Spamassassin itself, other
than being a user) think he
On 2023-08-03 at 12:21:11 UTC-0400 (Thu, 3 Aug 2023 12:21:11 -0400)
Jared Hall
is rumored to have said:
SA v3.4.6:
Consider an Email with a UTF-8 attachment name: ®Payroll_stubs.Htm
defined by the MIME header:
Content-Disposition: attachment;
filename*0*=utf-8''%C2%AEPayroll_stubs.Htm
SA v3.4.6:
Consider an Email with a UTF-8 attachment name: ®Payroll_stubs.Htm
defined by the MIME header:
Content-Disposition: attachment; filename*0*=utf-8''%C2%AEPayroll_stubs.Htm
A PERL unicode-formatted rule fails:
mimeheader __JR_EXPLOIT_ATT_UTF Content-Disposition =~
On 8/2/23 15:52, David B Funk wrote:
Regardless, if a message has never been seen before and has little
correlation to earlier messages its Bayes should hit someplace in the
40% to 60% range.
The fact that it hit 00% indicates a strong correlation to lots of ham
(or something is screwy
Marc skrev den 2023-08-02 22:23:
I like Reindl! Is anyone training spamassassin on his emails??? ;P
why ?, if its good for bayes, why should it be bad at all for humans
then ?
Thomas Cameron via users skrev den 2023-08-02 21:39:
I'm sorry for posting that.
i just maked a sieve autoreader, so i don't need to read it self, good
or bad, i don't know :)
no need to sorry loosing mail imho
On Wed, 2 Aug 2023, Thomas Cameron via users wrote:
Thank you very much. The message that slipped through today was NOT one of
the ones being discussed in this thread, it was a different format and
totally different message. I only included it to demonstrate that my server
was not being
>
> > I've blocked him on my mail server, as well.
>
> Reindl now and then says something useful, but as you have noticed his
> people skills are somewhere in the negative 200 score level. I don't
> know
> that I'd block him, but you do need to take anything he says witha few
> horselicks of
I've blocked him on my mail server, as well.
Reindl now and then says something useful, but as you have noticed his
people skills are somewhere in the negative 200 score level. I don't know
that I'd block him, but you do need to take anything he says witha few
horselicks of salt.
On Wednesday 02 August 2023 at 21:39:31, Thomas Cameron via users wrote:
> I was notified privately that Reindl Harald is blocked on this list. I
> replied to him and accidentally polluted the list with more of his
> toxicity. I apologize, and I've blocked him on my mail server, as well.
We've
On 8/2/23 14:32, Dave Funk wrote:
On Wed, 2 Aug 2023, Thomas Cameron via users wrote:
Wow! What a charming response! You must be a LOT of fun at parties,
and have lots of friends!
Please don't feed the troll. There's a reason that Reindl is blocked
from this list.
I was not aware, and
I was notified privately that Reindl Harald is blocked on this list. I
replied to him and accidentally polluted the list with more of his
toxicity. I apologize, and I've blocked him on my mail server, as well.
I'm sorry for posting that.
--
Thomas
On Wed, 2 Aug 2023, Thomas Cameron via users wrote:
Wow! What a charming response! You must be a LOT of fun at parties, and have lots of
friends!
Please don't feed the troll. There's a reason that Reindl is blocked from this
list.
No, I did not get that response. I don't have any of
On 8/2/23 13:28, Reindl Harald wrote:
then i bet you have the same "RCVD_IN_ZEN_BLOCKED_OPENDNS" as the OP
which means you are not capable to operate a mailserver
https://www.spamhaus.org/returnc/pub/
throwen against our spamfilter it would be blocked without any
question - above 8.0 points
On 7/28/23 00:23, Bill Cole wrote:
1. There are milters/content-filters that decode Base64 message parts
(amavisd-new, mimedefang, etc) for processing by SA.
2. There are still sufficiently unique items: First-Name-Only,
Mixed-Case word in the Subject (NLP modeling), and a Base-64 encoded
On 7/28/2023 1:49 AM, Ken D'Ambrosio wrote:
On 7/27/2023 12:08 PM, Ken D'Ambrosio wrote:
Hey, all. I've recently started getting spam that's really hard to
deal with, and I'm open to suggestions as to how to approach it.
Superficially,
Sweet! The assistance of those who actually felt like
On 7/27/2023 12:08 PM, Ken D'Ambrosio wrote:
Hey, all. I've recently started getting spam that's really hard to
deal with, and I'm open to suggestions as to how to approach it.
Superficially,
I'm not sure why the OP's rule didn't match the target message, but it
is NOT because of the Base64
On 2023-07-28 at 00:26:51 UTC-0400 (Thu, 27 Jul 2023 23:26:51 -0500
(CDT))
David B Funk
is rumored to have said:
On Fri, 28 Jul 2023, Jared Hall wrote:
On 7/27/2023 12:08 PM, Ken D'Ambrosio wrote:
Hey, all. I've recently started getting spam that's really hard to
deal with, and I'm open to
On Fri, 28 Jul 2023, Jared Hall wrote:
On 7/27/2023 12:08 PM, Ken D'Ambrosio wrote:
Hey, all. I've recently started getting spam that's really hard to deal
with, and I'm open to suggestions as to how to approach it. Superficially,
[snip..]
The damn body's been encoded! And there's so little
On 7/27/23 6:25 AM, Matus UHLAR - fantomas wrote:
I use spamass-milter on my system and amavisd-milter on other systems
especially to be able to reject spam at SMTP time. Definitely a good thing.
:-)
You just should not use it for "outgoing" mail from your clients, so
they don't complain
>
> Hey, all. I've recently started getting spam that's really hard to deal
> with, and I'm open to suggestions as to how to approach it.
> Superficially, they all look much like this:
>
Post the complete message source including headers.
>
> >> I assume that you mean so that your outbound SMTP server is actually
> >> authorized in some capacity and fall under "all". Is that correct?
>
> ... and does NOT dall under "all".
>
> On 27.07.23 08:11, Marc wrote:
> >indeed afaik -all is all authorized
>
> pardon me? -all means
I assume that you mean so that your outbound SMTP server is actually
authorized in some capacity and fall under "all". Is that correct?
... and does NOT dall under "all".
On 27.07.23 08:11, Marc wrote:
indeed afaik -all is all authorized
pardon me? -all means everyone except previously
On 7/26/23 2:34 AM, Benny Pedersen wrote:
milters should not be spam scanners, spamassassin is better
On 26.07.23 13:32, Grant Taylor via users wrote:
{spamass-milter,milter-spamc} combined with SpamAssassin cause me to
question the veracity of that statement.
+1
Milter implies doing the
Marc skrev den 2023-07-27 09:48:
The oldest mail server log I can find is from mx-in-08 sadly even that
one is only from 2005 but confirms we were using it then, quite a bit
longer than 2014 :P
Why retire? To go fishing or so? I think GDPR even prohibits keeping
very old log files, if there is
On 27/07/2023 18:11, Marc wrote:
I am always using -all. I honestly can't think of a good argument to
use anything else.
I agree.
It's my belief that ~all is only useful for a "production entry test
phase", once your happy, move to -all
Like DMARC's p=none it's a "getting it going" method
On 27/07/2023 17:48, Marc wrote:
The oldest mail server log I can find is from mx-in-08 sadly even that
one is only from 2005 but confirms we were using it then, quite a bit
longer than 2014 :P
Why retire? To go fishing or so? I think GDPR even prohibits keeping
very old log files, if there
>
> I assume that you mean so that your outbound SMTP server is actually
> authorized in some capacity and fall under "all". Is that correct?
indeed afaik -all is all authorized
> > When you configure your spf your result is either pass, softfail or
> fail
> > I think we can agree that a
>
> The oldest mail server log I can find is from mx-in-08 sadly even that
> one is only from 2005 but confirms we were using it then, quite a bit
> longer than 2014 :P
>
Why retire? To go fishing or so? I think GDPR even prohibits keeping very old
log files, if there is no specific reason for
On 27/07/2023 13:43, Bill Cole wrote:
No, SPF pre dates that, 1998 or there abouts if my ageing memory serves
me
It's failing... :)
SPF originated with an idea of Gordon Fecyk, first written up AFTER he
left MAPS in 2001. First ID calling it SPF would have been 2003 or so.
A brief
On 2023-07-26 at 23:01:11 UTC-0400 (Thu, 27 Jul 2023 13:01:11 +1000)
Noel Butler
is rumored to have said:
On 27/07/2023 10:20, Matija Nalis wrote:
[...]
Also, 1990s? Weren't first SPF-alike ideas drafted first time in
early-mid 2000s, and SPF itself not published as *proposed* IETF
standard
On 27/07/2023 10:20, Matija Nalis wrote:
mailing lists have been smart enough for over 20 years to rewrite
sender and
not appear as a basic forwarder - which are you are correct, however
there
are forwarding abilities to rewrite sender which avoids this, its been
15
years or more since I've
On 7/26/23 7:20 PM, Matija Nalis wrote:
I'd appreciate more civil expressions of disagreement
+1
I personally know several people who still use procmail today, sooo...
+1
That at least I can attest is not always the case (I still see
systems with custom sendmail.cf which nobody dares to
On Thu, Jul 27, 2023 at 07:11:59AM +1000, Noel Butler wrote:
> On 27/07/2023 05:09, Matija Nalis wrote:
>
> > Any SPF, no matter how correctly configured, will lead to false
> > positives in some cases (e.g. encoutering mailing list
>
> B.S.
I'd appreciate more civil expressions of
On 7/26/23 2:09 PM, Matija Nalis wrote:
Only way to make SPF never incorrectly fail/softwail is to use "+all",
but that kind of kills its point :-)
I question the veracity of that.
Is SPF failing to perform it's intended function if an unauthorized
server is blocked from sending email with
On 7/26/23 1:44 PM, Marc wrote:
so your ip does not generate a softfail or fail
I assume that you mean so that your outbound SMTP server is actually
authorized in some capacity and fall under "all". Is that correct?
When you configure your spf your result is either pass, softfail or fail
On 27/07/2023 05:09, Matija Nalis wrote:
Any SPF, no matter how correctly configured, will lead to false
positives in some cases (e.g. encoutering mailing list
B.S.
mailing lists have been smart enough for over 20 years to rewrite sender
and not appear as a basic forwarder - which are you
701 - 800 of 105379 matches
Mail list logo