On 2021-03-01 11:19, Matus UHLAR - fantomas wrote:
do you want to say, only delegated domains are searched, not
subdomains?
On 01.03.21 15:25, Benny Pedersen wrote:
yes spamassasin works this way
I apparently missed docs about this.
And, frankly, it'a apparently not ideal, at least for my
On 2021-03-01 11:19, Matus UHLAR - fantomas wrote:
do you want to say, only delegated domains are searched, not
subdomains?
yes spamassasin works this way
I don't have sh.pm nor SH.cf on my server. I don't even use DQS...
you dont need dqs, read agin, only inspired by the rules could be
On 2021-02-28 12:26, Matus UHLAR - fantomas wrote:
How can I make SA to rbl-check for subdomain, not just google.com
domain?
On 28.02.21 15:58, Benny Pedersen wrote:
2nd tld cf file or
On 01.03.21 11:19, Matus UHLAR - fantomas wrote:
do you want to say, only delegated domains are searched,
On 2021-02-28 12:26, Matus UHLAR - fantomas wrote:
How can I make SA to rbl-check for subdomain, not just google.com
domain?
On 28.02.21 15:58, Benny Pedersen wrote:
2nd tld cf file or
do you want to say, only delegated domains are searched, not subdomains?
On 2021-02-28 12:26, Matus UHLAR - fantomas wrote:
How can I make SA to rbl-check for subdomain, not just google.com
domain?
2nd tld cf file or
https://github.com/spamhaus/spamassassin-dqs/blob/master/SH.pm#L78
change SH.cf to sh_local.cf to your own rbldnsd
the sh.pm module have more
Hi gyus,
last time I received too many spam with links to sites.google.com
and goo.gl redirects.
The sites.google.com website containg "report" links, however after about a
week of reporting them all, spam containing the same site comes and the site
is not removed.
The goo.gl does not seem to
On 2021-02-21 15:55, Alex wrote:
It seems Google Forms is being used to send links to malicious sites
and junk. It's making it through because of USER_IN_DEF_DKIM_WL. Is it
time to remove Google/Gmail from this rule?
adjust that score on dkim wl
score USER_IN_DEF_DKIM_WL (4) (4) (4) (4)
Hi,
It seems Google Forms is being used to send links to malicious sites
and junk. It's making it through because of USER_IN_DEF_DKIM_WL. Is it
time to remove Google/Gmail from this rule?
Perhaps a meta that combines USER_IN_DEF_DKIM_WL with BAYES_99 adds
the points back?
Perhaps just blocking
On Mon, 14 Dec 2020 16:54:11 +0100
Reindl Harald wrote:
> Am 14.12.20 um 16:32 schrieb RW:
>
> > The list does not break DKIM (as part of DMARC) in my experience
>
> oh come on!
>
Over the last two years I've had 202 DMARC fails reach gmail through
this list (only a small minority of fails
On Mon, 14 Dec 2020, Dominic Raferd wrote:
On 14/12/2020 11:01, Iulian Stan wrote:
I am also receiving a lot of spam from google (aparently always domain is
trix.bounces.google.com)
https://pastebin.com/DW6dvdxP <https://pastebin.com/DW6dvdxP>
To my surprise, you seem to be right.
test again from my real domain :)
On 2020-12-14 17:32, RW wrote:
On Mon, 14 Dec 2020 11:01:59 + (UTC)
Iulian Stan wrote:
Hi all,
First of all i am writing this email from yahoo
One of the worst freemail choices for mailing lists because of its
DMARC
reject policy.
because from my
Hello,
Cristal clear for the DMARC issue that i've had.
Any others has any thoughts about trix.bounces.google.com and the spam
that we receive ?
Best regards,
Iulian
On 2020-12-14 19:39, RW wrote:
On Mon, 14 Dec 2020 18:46:15 +0200
iulian stan wrote:
DKIM-Signature: ...
On Mon, 14 Dec 2020 18:46:15 +0200
iulian stan wrote:
> DKIM-Signature: ...
> h=...:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
If you sign these headers without adding them all once in your original
message, you are signing their absence. This breaks
ause from my own domain it
> seems it's not working because i have DMARC setup and apparently
> something(maybe ezml) is messing up with the headers. If you have any ideea
> to whom should i address i will more than happy :)
>
> I am also receiving a lot of spam from google
On Mon, 14 Dec 2020 11:01:59 + (UTC)
Iulian Stan wrote:
> Hi all,
> First of all i am writing this email from yahoo
One of the worst freemail choices for mailing lists because of its DMARC
reject policy.
> because from my own domain it seems it's not working because i
> have DMARC setup
i will more than happy :)
I am also receiving a lot of spam from google (aparently always domain
is trix.bounces.google.com) and all spam is using google forms.
For me the problem is solved(meaning that all of these spam is going
to quarantine and bayes is learning about those) but i
receiving a lot of spam from google (aparently always domain is
trix.bounces.google.com) and all spam is using google forms.For me the problem
is solved(meaning that all of these spam is going to quarantine and bayes is
learning about those) but i was wondering if:
1) Since email are coming from
On Fri, 16 Oct 2020, Ricky Boone wrote:
Good afternoon.
I'm seeing an increase in spam/phishing that is utilizing Google Docs. I
see a rule that seems to be intended to flag certain Google Docs related
URLs, but not the ones I'm seeing.
72_active.cf:uri __URI_GOOGLE_DOC
Good afternoon.
I'm seeing an increase in spam/phishing that is utilizing Google Docs. I
see a rule that seems to be intended to flag certain Google Docs related
URLs, but not the ones I'm seeing.
72_active.cf:uri __URI_GOOGLE_DOC
Hi all,
I'm seeing an increase in Google Reader and yahoo
groups/personals/profile spam. Here's an example of the Google Reader
spam:
http://pastebin.com/m1021fc5f
Any ideas on how to catch this one? For the Yahoo spam (with links to
yahoo sites ending in '/1', I've created these:
uri
On Thu, 2009-08-27 at 12:38 -0400, MySQL Student wrote:
I'm seeing an increase in Google Reader and yahoo
groups/personals/profile spam.
Any ideas on how to catch this one? For the Yahoo spam (with links to
yahoo sites ending in '/1', I've created these:
Thus should catch your set and
hi i am using this rule to catch spam with a google group link,
uri __GOOGLEGROUPS_15 m'http://[^.]{15}\.googlegroups\.com'i
meta NN_GOOGLEGROUPS_15 __GOOGLEGROUPS_15 __GOOGLEGROUPS_NUM
describe NN_GOOGLEGROUPS_15 Contains a suspicious googlegroups URI.
scoreNN_GOOGLEGROUPS_15
On 29-Mar-2009, at 16:42, JC Putter wrote:
uri __GOOGLEGROUPS_15 m'http://[^.]{15}\.googlegroups\.com'i
meta NN_GOOGLEGROUPS_15 __GOOGLEGROUPS_15 __GOOGLEGROUPS_NUM
describe NN_GOOGLEGROUPS_15 Contains a suspicious googlegroups URI.
scoreNN_GOOGLEGROUPS_15 2
but now i am getting
i am getting spam from google groups
my only is is 0.5 FREEMAIL_FROM
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024;
t=1238042388; bh=qIS1L4iJc6kS4EAxGGA7apkYn+LwwewDsELAo62Dcak=;
h=Message-ID:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b
On 3/26/2009 9:44 AM, JC Putter wrote:
i am getting spam from google groups
my only is is 0.5 FREEMAIL_FROM
http://www.rulesemporium.com/rules/90_2tld.cf
helps quite a bit
afaik, sa-update will keep it updated via Daryl's channel.
On Thu, 2009-03-26 at 10:44 +0200, JC Putter wrote:
i am getting spam from google groups
Oh, come on -- feel free to actually talk to us, mention details, and
maybe even ask a real question... ;)
[snipp headers]
Please do NOT paste raw messages, snippets or full headers here. Please
DO use
On Thu, March 26, 2009 09:44, JC Putter wrote:
i am getting spam from google groups
my only is is 0.5 FREEMAIL_FROM
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com;
s=s1024; t=1238042388;
dont abuse google, its dkim signed at yahoo.com :)
--
http://localhost/ 100% uptime
Arvid Ephraim Picciani wrote:
On Wednesday 21 May 2008 12:12:11 ram wrote:
Spammer is using the docs page with a id from google. Atleast google
should have a decent abuse reporting s ystem
this is new. spammers are fast :(
This mail went by almost clean, Are there any rules I am
Now google docs abuse spam.
Spammer is using the docs page with a id from google. Atleast google
should have a decent abuse reporting system
This mail went by almost clean, Are there any rules I am missing
https://ecm.netcore.co.in/tmp/spamgd.txt
Thanks
Ram
On Wednesday 21 May 2008 12:12:11 ram wrote:
Spammer is using the docs page with a id from google. Atleast google
should have a decent abuse reporting s ystem
this is new. spammers are fast :(
This mail went by almost clean, Are there any rules I am missing
On Wednesday 21 May 2008 5:12 am, ram wrote:
Now google docs abuse spam.
Spammer is using the docs page with a id from google. Atleast google
should have a decent abuse reporting system
This mail went by almost clean, Are there any rules I am missing
https://ecm.netcore.co.in/tmp
Chris schrieb:
On Wednesday 21 May 2008 5:12 am, ram wrote:
Now google docs abuse spam.
Spammer is using the docs page with a id from google. Atleast google
should have a decent abuse reporting system
This mail went by almost clean, Are there any rules I am missing
https://ecm.netcore.co.in
ram wrote:
Now google docs abuse spam.
Spammer is using the docs page with a id from google. Atleast google
should have a decent abuse reporting system
This mail went by almost clean, Are there any rules I am missing
https://ecm.netcore.co.in/tmp/spamgd.txt
Thanks
Ram
I am slow
On Wed, May 21, 2008 13:48, Robert Schetterer wrote:
Hi Chris, why not blocking such mails before
getting them to spamassassin
use clamv-milter at income smtp level with
http://www.sanesecurity.co.uk/clamav/ sigs
its not as virus, its spam detected in clamav, virus do something !
Benny
Is anyone else getting these google link spams?
They all seem to be endowment ad.
Like this...
Is it small?
http://www.gooogle.com/search?
Anyone got a rule to kill these?
--
Mike B^)
On Tue, 22 Jan 2008, Mike Yrabedra wrote:
Is anyone else getting these google link spams?
Yes, we've been discussing them for the past week.
It's a good idea to check the list archives before asking if there are
rules for a particular type of spam.
http://www.gooogle.com/search?
On Tue, 2008-01-22 at 17:31 -0800, John D. Hardin wrote:
On Tue, 22 Jan 2008, Mike Yrabedra wrote:
Is anyone else getting these google link spams?
I've not had any complaints about them sneaking past the existing rules.
Yes, we've been discussing them for the past week.
It's a good
37 matches
Mail list logo
