Read the document. Upgraded. Ran sa-update (always forget that)
We really have a very simple setup, except for our homegrown integration wiith
our email system. So I added
enable_compat welcomelist_blocklist" to init.pre
Then did a search/replace of local.cf for all whitelist
Anders Gustafsson skrev den 2024-06-16 13:42:
This one:
Return-path:
X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on xx
X-Spam-Level:
X-Spam-Status: No, score=-95.6 required=5.0
tests=BAYES_00,HTML_MESSAGE,
MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE,
On 16.06.24 14:42, Anders Gustafsson wrote:
Return-path:
X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on xx
X-Spam-Level:
X-Spam-Status: No, score=-95.6 required=5.0 tests=BAYES_00,HTML_MESSAGE,
MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE,
This one:
Return-path:
X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on xx
X-Spam-Level:
X-Spam-Status: No, score=-95.6 required=5.0 tests=BAYES_00,HTML_MESSAGE,
MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE,
On 2024-05-18 at 10:26:54 UTC-0400 (Sat, 18 May 2024 16:26:54 +0200)
Francis Augusto Medeiros-Logeay
is rumored to have said:
Is there any difference between using spamc -L and sa-learn ?
On 18.05.24 11:41, Bill Cole wrote:
Yes. The compiled-C spamc binary loads no Perl, it just talks over
On 2024-05-18 at 10:26:54 UTC-0400 (Sat, 18 May 2024 16:26:54 +0200)
Francis Augusto Medeiros-Logeay
is rumored to have said:
Hi,
Is there any difference between using spamc -L and sa-learn ?
Yes. The compiled-C spamc binary loads no Perl, it just talks over a
socket to spamd, which
Hi,
Is there any difference between using spamc -L and sa-learn ? I noticed that
the later is way slower. I don’t use a journal for local updating, so both
write directly to the database.
Best,
Francis
On 2024-05-13 at 20:09:33 UTC-0400 (Tue, 14 May 2024 10:09:33 +1000)
Noel Butler
is rumored to have said:
This morning one of our ent_domains DMARC weekly report from a third
party was listed as spam by SA which took the wording
Not_percent-twenty_Resolved and passed it off to URI checks
On Mon, May 13, 2024 at 8:10 PM Noel Butler wrote:
> This morning one of our ent_domains DMARC weekly report from a third party
> was listed as spam by SA which took the wording
> Not_percent-twenty_Resolved and passed it off to URI checks adding
> dot.com to it when there is no d
On 14.05.24 10:09, Noel Butler wrote:
This morning one of our ent_domains DMARC weekly report from a third
party was listed as spam by SA which took the wording
Not_percent-twenty_Resolved and passed it off to URI checks adding
dot.com to it when there is no dot com after it, and a raw
This morning one of our ent_domains DMARC weekly report from a third
party was listed as spam by SA which took the wording
Not_percent-twenty_Resolved and passed it off to URI checks adding
dot.com to it when there is no dot com after it, and a raw message
search of that message in less
, would result in this error.
Sidney
Mateusz Krawczyk wrote on 20/04/24 1:07 am:
Hello,
after updating SA 4.0.0 to 4.0.1, (CentOS 7 - Perl version 5.16.3) I get
the following message in log regarding the DMARC plugin:
plugin: eval failed: Can't use an undefined value as an ARRAY reference
in this error.
Sidney
Mateusz Krawczyk wrote on 20/04/24 1:07 am:
Hello,
after updating SA 4.0.0 to 4.0.1, (CentOS 7 - Perl version 5.16.3) I get
the following message in log regarding the DMARC plugin:
plugin: eval failed: Can't use an undefined value as an ARRAY reference
at /usr/share/perl5
that does not pass
a DMARC chack, has one or more Authentication-Results headers, and none
of them have an spf= field, would result in this error.
Sidney
Mateusz Krawczyk wrote on 20/04/24 1:07 am:
Hello,
after updating SA 4.0.0 to 4.0.1, (CentOS 7 - Perl version 5.16.3) I get
the following
Hello,
after updating SA 4.0.0 to 4.0.1, (CentOS 7 - Perl version 5.16.3) I get
the following message in log regarding the DMARC plugin:
plugin: eval failed: Can't use an undefined value as an ARRAY reference at
/usr/share/perl5/Mail/SpamAssassin/Plugin/DMARC.pm line 336.
File "DMARC.pm&
On 13/04/2024 19:27, Marc wrote:
All nice and well, but a bit decades to late. There should never have
been such default whitelist. Companies should take care not be on
blacklists, and should maintain some
Absolutely, no arguments there!
After all spf -all exists already for a long time. So
All nice and well, but a bit decades to late. There should never have been such
default whitelist. Companies should take care not be on blacklists, and should
maintain some degree of standard implementation to send out email. After all
spf -all exists already for a long time. So why are
On 13/04/2024 03:20, Bill Cole wrote:
In my opinion, this is an indication that the default welcomelist
entries in the official
I'm good with that, so long as likes of google are not in any whitelist
either.
I haven't been following all the anti spam stuff as much as I used to (I
have
as I know. This is entirely unrelated to any domains hosted by
Microsoft, it is strictly an email address welcomelisting (see SA docs for
details.)
+1
This may raise some questions and trigger a debate on the formal meaning of the
SA default welcomelist entries. That debate belongs
ar as I know. This is entirely unrelated to any domains hosted by
Microsoft, it is strictly an email address welcomelisting (see SA docs for
details.)
I will be committing the rule change today and it should appear in the default
rules distribution channel by Monday. Anyone who is relying on
> On Jul 22, 2020, at 23:56, Luis E. Muñoz wrote:
>
> On 22 Jul 2020, at 23:14, Kevin A. McGrail wrote:
>
>> However, I have questions of adoption rate, impersonation concerns,
>> anticompetitive concerns, and privacy concerns. This just sounds like a
>> commercial tracking pixel but the
any specific
details I can't really offer a solution.
I can say that AS ALWAYS it is a bad idea to build and test ANY software
as 'root' and SA does not accommodate doing so. There may well be places
where the tests fail slowly if you run them as root. The only step you
should perform as root
, why? because its tests
failed for timeouts this, timeouts that, everytime its set keeps on
retrying reporting
Why don't you install SA from packaging system? Don't you use FreeBSD or
some linux distro?
error: config: no rules were found! Do you need to run 'sa-update'?
config: no rules were
I chose to install this whilst we left for lunch, but 45mins
> later to my horror it was still trying to install, why? because its tests
> failed for timeouts this, timeouts that, everytime its set keeps on
> retrying reporting
>
> error: config: no rules were found! Do you need to run 'sa
for timeouts this, timeouts that, everytime its set keeps on
retrying reporting
error: config: no rules were found! Do you need to run 'sa-update'?
config: no rules were found! Do you need to run 'sa-update'?
of fricken course there is no rules, its a new fricken install that cpan
hasn't got around
On Fri, 2024-01-19 at 15:15 +0100, Benny Pedersen wrote:
> Byung-Hee HWANG skrev den 2024-01-19 11:12:
>
> > I rely on DNSWL for the reputable MX.
>
> if repution is 100% needed we all have to make local rescore on all
> local mails, since repution is to be local, not external just
>
> i
On Fri, 19 Jan 2024, Thomas Cameron wrote:
On 1/19/24 16:32, Byung-Hee HWANG wrote:
There is a filtering rule in Gmail:
*Never send it to Spam*
I apply that rule to extremely important emails such as debian-bugs-
dist and debian-devel-announce.
You know that. I know that. But trying to
On 1/19/24 16:32, Byung-Hee HWANG wrote:
There is a filtering rule in Gmail:
*Never send it to Spam*
I apply that rule to extremely important emails such as debian-bugs-
dist and debian-devel-announce.
You know that. I know that. But trying to explain to the board members
I'm helping out
Hellow Thomas,
> But it drops it into the spam folder every time. So when I'm sending
> emails to someone's alias, they have to check their spam folder. Even
> when they mark it as "not spam," GMail still drops it into the spam
> folder. It's very frustrating.
>
There is a filtering rule in
On 1/19/24 14:33, Matija Nalis wrote:
You would need to encourage at least several of the recepients (the
more the better) to click on "Not spam" button on GMail on such
mails. Then it will (eventually) start accepting them normally.
Yup, that's basically what I've been doing.
see e.g.
On Fri, Jan 19, 2024 at 10:37:13AM -0600, Thomas Cameron wrote:
> The forwarded email is being *accepted* by GMail. My issue now is that GMail
> drops it into the recipient's spam folder. I suspect it's a reputation
> thing. Once the server is up and running for a while, I'm hoping that GMail
>
On 1/7/24 05:40, Matus UHLAR - fantomas wrote:
I built email servers for a non-profit I volunteer for. If email
comes into the server for presid...@myassociation.org, I would
normally just create an alias in /etc/aliases so that emails to
president@ get forwarded to the president's "real"
On 1/7/24 04:07, Byung-Hee HWANG wrote:
Hellow Thomas,
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043539#88
Sincerely, Byung-Hee
The issue is not so much that GMail doesn't accept the email. It does,
since I have DKIM, DMARC, and SPF set up.
But it drops it into the spam
Byung-Hee HWANG skrev den 2024-01-19 11:12:
I rely on DNSWL for the reputable MX.
if repution is 100% needed we all have to make local rescore on all
local mails, since repution is to be local, not external just
i consider dnswl level 0 to be possitive scored, and let the other
levels be
Marc skrev den 2024-01-19 09:34:
Hi Byung and Benny, are you having a nice MX party? :)
not needed yet, hehe
Byung-Hee HWANG skrev den 2024-01-19 06:16:
Actually i used Google MX for 10 years. Recently, i created dedicated
MXs and am continuing to operate them. Plus, the dedicated MXs run on
Google Cloud and RimuHosting.
it was to vierd for me to figure out how to get it working, and posible
in the
On Fri, 2024-01-19 at 08:34 +, Marc wrote:
> > > Byung-Hee HWANG skrev den 2024-01-08 12:27:
> > >
> > > > Gmail is my last INBOX. That's enough for me.
> > >
> > > +1, so you are ready to setup google mx ? :)
> > >
> >
> > Hellow Benny,
> >
> > Actually i used Google MX for 10 years.
> > Byung-Hee HWANG skrev den 2024-01-08 12:27:
> >
> > > Gmail is my last INBOX. That's enough for me.
> >
> > +1, so you are ready to setup google mx ? :)
> >
>
> Hellow Benny,
>
> Actually i used Google MX for 10 years. Recently, i created dedicated
> MXs and am continuing to operate them.
On Mon, 2024-01-08 at 17:17 +0100, Benny Pedersen wrote:
> Byung-Hee HWANG skrev den 2024-01-08 12:27:
>
> > Gmail is my last INBOX. That's enough for me.
>
> +1, so you are ready to setup google mx ? :)
>
Hellow Benny,
Actually i used Google MX for 10 years. Recently, i created dedicated
MXs
Byung-Hee HWANG skrev den 2024-01-08 12:27:
Gmail is my last INBOX. That's enough for me.
+1, so you are ready to setup google mx ? :)
https://support.google.com/a/answer/140034?hl=en
i don't like it yet, missing dnssec and dane, tlsa, google is not
friendly there
if google wants my
This is not a good advice. Whoever filters SPF at SMTP time will
reject that
message. Gmail is not the only mail service available.
On 08.01.24 20:27, Byung-Hee HWANG wrote:
Gmail is my last INBOX. That's enough for me.
that's what I wanted to say - enough for someone, but not generally
>
> This is not a good advice. Whoever filters SPF at SMTP time will
> reject that
> message. Gmail is not the only mail service available.
Hellow Matus,
Gmail is my last INBOX. That's enough for me.
Sincerely, Byung-Hee
--
^고맙습니다 _布德天下_ 감사합니다_^))//
I built email servers for a non-profit I volunteer for. If email comes
into the server for presid...@myassociation.org, I would normally just
create an alias in /etc/aliases so that emails to president@ get
forwarded to the president's "real" email address, say
>
> I built email servers for a non-profit I volunteer for. If email
> comes
> into the server for presid...@myassociation.org, I would normally
> just
> create an alias in /etc/aliases so that emails to president@ get
> forwarded to the president's "real" email address, say
>
Hello,
On Wed, Jan 03, 2024 at 01:24:02PM -0600, Thomas Cameron via users wrote:
> On 1/2/24 17:51, Andy Smith wrote:
> > - Have your users collect their your-org email by some means other
> >than SMTP, such as running an IMAP server and having them view
> >both their gmail mailbox and
On 1/4/24 06:35, Matus UHLAR - fantomas wrote:
On 03.01.24 20:36, Thomas Cameron wrote:
Fair point. But I'm guessing that because it has two DKIM signatures,
it's not passing the DKIM check.
only one of those DKIM dignatures needs to pass, with the domain in From:
Yup, and it seems to be
On 1/4/24 06:31, Matus UHLAR - fantomas wrote:
On 03.01.24 19:30, Thomas Cameron wrote:
Thanks for the advice on SRS - I have set it up and it's mostly
working. At least GMail accepts the emails, although it seems to be
failing DKIM and DMARC tests. I'm digging into what, if anything, can
be
Thomas Cameron writes:
Yeah, the weird thing is, when I check the forwarded email on GMail, I
see in the headers that both the original sending email server (call
it mail.somedomain.com) and the relay server (call it
mail.myassociation.org) put DKIM signatures in the message.
On 1/3/24
On 1/3/24 15:44, Bill Cole wrote:
Indeed: your solution is known as "SRS" (Sender Rewriting Scheme)
and it has multiple implementations. If you forward mail, you will
break SPF unless you fix the envelope sender so that it uses a
domain that permits the example.org server to send for it.
On 1/3/24 19:45, Greg Troxel wrote:
Thomas Cameron writes:
Yeah, the weird thing is, when I check the forwarded email on GMail, I
see in the headers that both the original sending email server (call
it mail.somedomain.com) and the relay server (call it
mail.myassociation.org) put DKIM
Thomas Cameron writes:
> Yeah, the weird thing is, when I check the forwarded email on GMail, I
> see in the headers that both the original sending email server (call
> it mail.somedomain.com) and the relay server (call it
> mail.myassociation.org) put DKIM signatures in the message.
That's
On 1/3/24 17:41, Greg Troxel wrote:
You are overlooking that DKIM from the original From: is the
responsibility of that domain and that if you do not modify the message
then it should still pass. Domains sending without DKIM are going to be
a mess.
Yeah, the weird thing is, when I check the
On 1/3/24 15:44, Bill Cole wrote:
Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it
has multiple implementations. If you forward mail, you will break SPF
unless you fix the envelope sender so that it uses a domain that
permits the example.org server to send for it.
On 1/3/24 18:16, Michael Grant wrote:
Here's what I have done in the past from my server to get around this
situation you are having:
1. In my .procmailrc file
:0c:
!exam...@gmail.com
This sends a copy (the c flag in first line) of the message to the
gmail account and leaves a copy in your
Here's what I have done in the past from my server to get around this
situation you are having:
1. In my .procmailrc file
:0c:
!exam...@gmail.com
This sends a copy (the c flag in first line) of the message to the
gmail account and leaves a copy in your inbox.
2. From your exam...@gmail.com
"Thomas Cameron via users" writes:
> I actually set up SPF, DMARC, and DKIM on the non-profit's email
> server. It works fine if I send email from the server.
>
> The rub is, I want all emails to presid...@example.org to be forwarded
> to presidents_real_addr...@gmail.com. Since the forward
Hello Thomas,
This might help too:
These failures are often due to SPFs that have a hard fail (meaning they end
with ‘-all’). When I dealt with this in the past, the original sending domain
was one where we could modify the SPF. So we had the email sender change “-all”
to “~all” and since that
On 2024-01-03 at 14:17:11 UTC-0500 (Wed, 3 Jan 2024 13:17:11 -0600)
Thomas Cameron via users
is rumored to have said:
The rub is, I want all emails to presid...@example.org to be forwarded
to presidents_real_addr...@gmail.com. Since the forward happens at
mail.example.org, the "from" is from
On 1/2/24 17:51, Andy Smith wrote:
Hi Thomas,
On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote:
I built email servers for a non-profit I volunteer for. If email comes into
the server for presid...@myassociation.org, I would normally just create an
alias in /etc/aliases
This is just an odd corner
case where the easiest thing to do is just redirect emails to the
non-profit's president's real email address.
Instead of using /etc/aliases, I'm playing around with a procmail recipe
to munge the "from." We'll see if it works.
I apologize this isn't strictl
, SPF/DKIM/DMARC Auth-neutral will become the
new "bad".
I apologize this isn't strictly SA related, I am just hoping someone
can give me advice or provide I link to follow on how to make this work.
package: opendkim + access to your managed domain's DNS records.
$0.02,
-- Jared Hall
"Thomas Cameron via users" writes:
> I built email servers for a non-profit I volunteer for. If email comes
> into the server for presid...@myassociation.org, I would normally just
> create an alias in /etc/aliases so that emails to president@ get
> forwarded to the president's "real" email
Hi Thomas,
On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote:
> I built email servers for a non-profit I volunteer for. If email comes into
> the server for presid...@myassociation.org, I would normally just create an
> alias in /etc/aliases so that emails to president@ get
this isn't strictly SA related, I am just hoping someone can
give me advice or provide I link to follow on how to make this work.
Thanks,
Thomas
what is in the /etc/mail/spamassassin/.razor/razor-agent.conf ?
debuglevel = 3
identity = identity
ignorelist = 0
listfile_catalogue = servers.catalogue.lst
listfile_discovery = servers.discovery.lst
listfile_nomination =
On 27.12.23 10:30, AJ Weber wrote:
Migrating a mailserver with SA and I see this in my log when testing:
spamd[30912]: razor2: razor2 check failed: No such file or directory
razor2: Can't read: /var/lib/razor/ at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Razor2.pm line
331.
My
Thanks for the reply.
SA v3.4.6
razor is installed:
optional module installed: Razor2::Client::Agent, version 2.84
razor plugin is enabled in v310.pre:
loadplugin Mail::SpamAssassin::Plugin::Razor2
I don't see any "logs" in the first page of the lint output.
Would you
AJ Weber skrev den 2023-12-27 16:30:
Migrating a mailserver with SA and I see this in my log when testing:
spamd[30912]: razor2: razor2 check failed: No such file or directory
razor2: Can't read: /var/lib/razor/ at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Razor2.pm line
331
Migrating a mailserver with SA and I see this in my log when testing:
spamd[30912]: razor2: razor2 check failed: No such file or directory
razor2: Can't read: /var/lib/razor/ at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Razor2.pm line 331.
My local.cf has the following
On 12/6/2023 5:19 AM, Benny Pedersen wrote:
can't procmail use X-Spam-Flag ?
I think the reason I run it twice is that the mimedefang invocation
doesn't have access to personal Bayes data. When it runs, it's not yet
known what user(s) the mail is destined for.
Kenneth Porter skrev den 2023-12-06 08:25:
On 12/5/2023 10:57 PM, Benny Pedersen wrote:
mimedefang does not use spamd, you only need either spamassassin only
with spamd or mimedefang with spamassassin not running spamd
It's a small server so I can afford to run SA twice, once at the MTA
rver so I can afford to run SA twice, once at the MTA
> level through mimedefang (which can potentially reject egregious
> spam),
> and once during delivery via procmail, which invokes spamc.
>
>
I'm run ing the XFCE spin of Redhat Linux and found
vmlinuz-6.6.2-101.fc38.x86_64's
On 12/6/23 08:25, Kenneth Porter wrote:
On 12/5/2023 10:57 PM, Benny Pedersen wrote:
mimedefang does not use spamd, you only need either spamassassin only with spamd or mimedefang with spamassassin not running spamd
It's a small server so I can afford to run SA twice, once at the MTA level
On 12/5/2023 10:57 PM, Benny Pedersen wrote:
mimedefang does not use spamd, you only need either spamassassin only
with spamd or mimedefang with spamassassin not running spamd
It's a small server so I can afford to run SA twice, once at the MTA
level through mimedefang (which can potentially
Kenneth Porter skrev den 2023-12-06 00:29:
After installing the package, I found I needed to manually restart
spamd and also mimedefang with:
# systemctl restart spamassassin
# systemctl restart mimedefang
After that I saw errors from my nightly sa-learn jobs about a missing
HashCash module
After installing the package, I found I needed to manually restart spamd
and also mimedefang with:
# systemctl restart spamassassin
# systemctl restart mimedefang
After that I saw errors from my nightly sa-learn jobs about a missing
HashCash module. I checked for a .rpmnew file in /etc/mail
Does anything "speak" against just fetching the message from said folder
(ex getmail or fetchmail) and feed them to sa-learn? At least for
getmail one can define a filter section which then calls sa-learn and
give it the message for learning. I use a getmail config like this
[retri
On 2023-12-03 at 14:58:36 UTC-0500 (Sun, 3 Dec 2023 20:58:36 +0100)
Emmanuel Seyman
is rumored to have said:
Hello all.
I've set up SA at $WORK and now want to train the bayesian classifier.
To that end, a public folder has been setup on our Exchange server and
I want to run sa-learn on any
Kris Deugau skrev den 2023-12-04 18:23:
Fair warning, I gave up on using IMAP for feeding Bayes locally because
it started to glitch out and fail for no reason I could see. But the
mailboxes I'm learning from are maildir on a *nix platform, not
whatever black box Exchange hides things in.
Emmanuel Seyman wrote:
Hello all.
I've set up SA at $WORK and now want to train the bayesian classifier.
To that end, a public folder has been setup on our Exchange server and
I want to run sa-learn on any email that is transferred to it.
I'm guessing this is a popular thing to do
I want to relate my experience in packaging the latest RH RPM for CentOS 7:
I first checked out the package sources from Fedora. This is the spec file
and patches but not the SA tarballs. I already have a regular user for
building packages and have run rpmdev-setuptree to create a packaging
Hello all.
I've set up SA at $WORK and now want to train the bayesian classifier.
To that end, a public folder has been setup on our Exchange server and
I want to run sa-learn on any email that is transferred to it.
I'm guessing this is a popular thing to do and that there would already
On Friday, September 15, 2023 15:34, Giovanni wrote:
On 9/14/23 17:01, Pedro David Marco wrote:
The same happens with other HTML tags...
do you have a spample to share (public or privately) ?
I am happy to confirm that revision 1912414 is working great and fixes the
problem.
Grazie
On Fri, 15 Sep 2023, Bill Cole wrote:
On 2023-09-14 at 11:01:37 UTC-0400 (Thu, 14 Sep 2023 15:01:37 + (UTC))
Pedro David Marco via users
is rumored to have said:
The same happens with other HTML tags...
<=
DEFANGED_IMG src= can be replaced with <=
DEFANGED_IMG xyz/src=
virtually
esponse from developers.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8186
FWIW, I've thought about it a bit...
We're seeing literally millions of phishing spams from Tencent VMs
in Singapore targeting mostly Amazon Japan that are getting around
SA checks because of this issue.
Wow. I d
about it a bit...
>
>> We're seeing literally millions of phishing spams from Tencent VMs in
Singapore targeting mostly Amazon Japan that are getting around SA checks because of
this issue.
>
> Wow. I didn't expect that this was that big of a tactic.
>
>> I am wonde
; https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8186
>
> FWIW, I've thought about it a bit...
>
>> We're seeing literally millions of phishing spams from Tencent VMs in
>> Singapore targeting mostly Amazon Japan that are getting around SA checks
>> because of this issu
FWIW, I've thought about it a bit...
We're seeing literally millions of phishing spams from Tencent VMs in Singapore
targeting mostly Amazon Japan that are getting around SA checks because of this
issue.
Wow. I didn't expect that this was that big of a tactic.
I am wondering how many
...
We're seeing literally millions of phishing spams from Tencent VMs in
Singapore targeting mostly Amazon Japan that are getting around SA
checks because of this issue.
Wow. I didn't expect that this was that big of a tactic.
I am wondering how many other users are seeing this problem which
Joe Wein via users skrev den 2023-09-14 10:37:
This means even if the bad site is listed on domain RBLs (SURBL,
Spamhaus or URIBL), the mail is not tagged for that.
should sa maybe begin using HtmlTidi
https://metacpan.org/dist/Perl-Tidy/view/lib/Perl/Tidy.pod
i have samples with src
I filed a bug for this issue on Bugzilla (#8186) but so far no response from
developers.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8186
We're seeing literally millions of phishing spams from Tencent VMs in
Singapore targeting mostly Amazon Japan that are getting around SA checks
On 2023-08-03 at 12:21:11 UTC-0400 (Thu, 3 Aug 2023 12:21:11 -0400)
Jared Hall
is rumored to have said:
SA v3.4.6:
Consider an Email with a UTF-8 attachment name: ®Payroll_stubs.Htm
defined by the MIME header:
Content-Disposition: attachment;
filename*0*=utf-8''%C2%AEPayroll_stubs.Htm
SA v3.4.6:
Consider an Email with a UTF-8 attachment name: ®Payroll_stubs.Htm
defined by the MIME header:
Content-Disposition: attachment; filename*0*=utf-8''%C2%AEPayroll_stubs.Htm
A PERL unicode-formatted rule fails:
mimeheader __JR_EXPLOIT_ATT_UTF Content-Disposition =~
/(\xC2
>
> I should probably add that I personally don't do per-user config because
> of the enlarged attack surface it presents and small marginal value, but
> that's guided by local details. I work with systems owned by others
> where other choices were made for very sound reasons and they have not
>
' for their installations is beyond the
scope of the SA project per se, and the specific packagers should be
consulted if you need an explanation of their choices.
If you want spamd to be able to access the per-user preferences and
databases for AWL/TxRep and/or Bayes of real system users, spamd must
Check the systemd unit file. It should set the user the service runs as.
On Fri, 7 Jul 2023, Reindl Harald wrote:
OF COURSE!
For me, THE key questions have to do with the learning aspect (and maybe
logging): What's the directory that, for example, sa-learn has to write
into? ... Again, pointers would be nice - it's not like I was planning to
spend my day
the daemnon is running with
you don't want an exploit happening somewhere in teh filter chain modify your
binaries/scripts
OF COURSE!
For me, THE key questions have to do with the learning aspect (and maybe
logging): What's the directory that, for example, sa-learn has to write
Hi All,
I changed the subject line to hopefully get some insight from a wider
audience regarding this situation that Reindl uncovered:
It started here:
It appears that it IS running as root?! OR maybe as "sa-milt" ... As
root I got this:
# ps auxwww | grep spamd
root
It appears that it IS running as root?! OR maybe as "sa-milt" ... As root
I got this:
# ps auxwww | grep spamd
root 100805 0.0 0.3 158208 121164 ? Ss 00:37 0:05
/usr/bin/perl -T -w /usr/bin/spamd -c -m5 -H
--razor-home-dir=/var/lib/razor/ --razor-log-file=
1 - 100 of 10855 matches
Mail list logo