John Hardin wrote:
On Tue, 19 Jun 2012, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default
RW wrote:
On Tue, 19 Jun 2012 19:14:11 -0400
Jeff Mincy wrote:
From: RW rwmailli...@googlemail.com
Date: Tue, 19 Jun 2012 23:43:57 +0100
If used sensibly USER_IN_WHITELIST is probably the most reliable
rule we have, for the overwhelming majority of addresses it's far
more
RW wrote:
On Wed, 20 Jun 2012 03:25:53 +0200
Benny Pedersen wrote:
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the smtp auth
password here postfix dont agree with you, if sender
On Wed, 20 Jun 2012 11:33:49 +0200
Per Jessen wrote:
RW wrote:
On Wed, 20 Jun 2012 03:25:53 +0200
Benny Pedersen wrote:
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the
My suggestion was intended to minimize the effect on existing
behavior. I agree, it would probably be a very good idea to allow
whitelist_from to be scored differently than the other whitelist
variants, and to ship it with a smaller default score, but that change
is fairly disruptive.
On 6/20/2012 8:05 AM, Greg Troxel wrote:
I would like to see...
As an open source project, we encourage people to submit patches and
step up to coding on the project.
You can really start small with one line patches and I'll do my best to
support you.
Regards,
KAM
On Wed, 20 Jun 2012 11:22:08 +0200
Per Jessen wrote:
RW wrote:
Not if someone sends an email through a different mail system,
I think that is what whitelist_allows_relays is intended to take
care of.
If it made a difference to the case I was referring to then it would
effectively turn
Den 2012-06-20 14:05, Greg Troxel skrev:
That way I could do:
whitelist_from -5 f...@yahoo.com
AWL plugin basicly could be extended to use dkim/spf and more bound to
whitelist_* so the awl score is more live calculated, with default awl
its bound to 0.0.x.x/16 but it could be changed to
RW wrote:
On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote:
RW wrote:
What I mean is that if I whitelist a private email address, the
chances of a spammer ever sending me a spam spoofing that address is
very small.
Happened to me twice only yesterday - somebody sent me mails
Den 2012-06-20 18:38, Flemming Jacobsen skrev:
Because you use email to send yourself reminder notes or small
files. I have addresses on several distinct systems (private,
work, google, user group, ...).
And I whitelist them because I do not want mail to get lost.
with shared imap folders
On Wed, 20 Jun 2012 18:38:49 +0200
Flemming Jacobsen wrote:
RW wrote:
On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote:
RW wrote:
What I mean is that if I whitelist a private email address, the
chances of a spammer ever sending me a spam spoofing that
address is very small.
Hey
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should USER_IN_WHITELIST
not be ignored/neutral
On 6/19/2012 4:21 PM, Flemming Jacobsen wrote:
Hey
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed
Den 2012-06-19 22:21, Flemming Jacobsen skrev:
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should USER_IN_WHITELIST
not be ignored/neutral (not sure of the terminology here)?
nope
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score, or
is whitelist_from planned for removements ?
On 06/19/2012 11:34 PM, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score, or
is
On Tue, 19 Jun 2012, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score, or is
(USER_IN_WHITELIST SPF_FAIL)
score WHITELIST_INSECURE_SPF 50
but since Flemming did not provide an sample there might be other
options, eg why accept spf_fail in mta ?
From: John Hardin jhar...@impsec.org
Date: Tue, 19 Jun 2012 14:44:29 -0700 (PDT)
On Tue, 19 Jun 2012, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its
On Tue, 19 Jun 2012 18:02:28 -0400
Jeff Mincy wrote:
From: John Hardin jhar...@impsec.org
Date: Tue, 19 Jun 2012 14:44:29 -0700 (PDT)
On Tue, 19 Jun 2012, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind
From: RW rwmailli...@googlemail.com
Date: Tue, 19 Jun 2012 23:43:57 +0100
On Tue, 19 Jun 2012 18:02:28 -0400
Jeff Mincy wrote:
From: John Hardin jhar...@impsec.org
Date: Tue, 19 Jun 2012 14:44:29 -0700 (PDT)
On Tue, 19 Jun 2012, Benny Pedersen
On Tue, 19 Jun 2012, Jeff Mincy wrote:
From: John Hardin jhar...@impsec.org
I'd suggest instead a lint warning if it is used, alerting the admin that
it's discouraged and that it has problems like this and is very easy to
spoof.
How about creating a different score for whitelist_from
On Tue, 19 Jun 2012, Flemming Jacobsen wrote:
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should
On Tue, 19 Jun 2012 19:14:11 -0400
Jeff Mincy wrote:
From: RW rwmailli...@googlemail.com
Date: Tue, 19 Jun 2012 23:43:57 +0100
If used sensibly USER_IN_WHITELIST is probably the most reliable
rule we have, for the overwhelming majority of addresses it's far
more accurate than spf
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the smtp auth
password here postfix dont agree with you, if sender uses something
belongs to my domain i may start asking for passwords, this
On Wed, 20 Jun 2012 03:25:53 +0200
Benny Pedersen wrote:
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the smtp auth
password here postfix dont agree with you, if sender uses something
26 matches
Mail list logo