Fwd: Re: New domain blacklist options available.

no point in spamming freee maillists so ? Original Message Subject: Re: New domain blacklist options available. Date: 2016-08-18 15:46 From: "Benjamin E. Nichols" To: Benny Pedersen Because we dont work for free bonehead.

Fwd: Re: Re: New domain blacklist options available.

sure just show the source It isnt spam, but you sir are a jerk. you should not have posted commercial software here, hope you get my point

Re: Fwd: Re: New domain blacklist options available.

On 8/18/2016 10:50 AM, Benjamin E. Nichols wrote: Im sorry. I thought this was an intelligent users list, if I had known it was loaded with cry babies and bitches I would never joined. UNSUBSCRIBE ME. Benjamin E. Nichols http://www.squidblacklist.org 1-405-397-1360 -- Original

Re: Fwd: Re: New domain blacklist options available.

On 8/18/2016 10:03 AM, Benny Pedersen wrote: no point in spamming freee maillists so ? Original Message Subject: Re: New domain blacklist options available. Date: 2016-08-18 15:46 From: "Benjamin E. Nichols" To: Benny Pedersen

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 20:48, Jerry Malcolm wrote: |allow-recursion { any; }; |But it lists other options such as allow-query, allow-query-cache, etc. Is recursion the only one that might be affecting SA? Or should I enable other options? this is safe if you only listen to 127.0.0.1 if you use it

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 20:36, Jerry Malcolm wrote: ok, I discovered the hidden ctrl-u fn in Tbird to show the full source. Updated pastebin: http://pastebin.com/eRurR7Mv DBL_SPAM: 6.50 URIBL_SBL_CSS: 6.50 URIBL_BLACK: 7.50 ABUSE_SURBL: 5.50 FUZZY_DENIED: 8.54 ONCE_RECEIVED: 0.10 DCC_BULK: 2.00

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 21:08, Jerry Malcolm wrote: Hmm. I do not have any forwarding statements. Is there a way via command line (e.g. nslookup, etc) that I can determine if BIND is recursing or forwarding? I assume that might be in the SA report header. But see my previous response that I can't

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 2:15 PM, Bowie Bailey wrote: On 8/18/2016 3:05 PM, Jerry Malcolm wrote: On 8/18/2016 1:45 PM, Bowie Bailey wrote: On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No,

Re: New Install - Tons of Spam Getting Through

On Thu, 18 Aug 2016 18:14:47 -0500 Jerry Malcolm wrote: > I'm still trying to see why I'm not getting the report back. I've > gone all the way back to the source code that does the streaming of > the spamd invocation on port 783. I can't seem to find the > documentation anywhere on the format

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 5:39 PM, Benny Pedersen wrote: On 2016-08-18 21:08, Jerry Malcolm wrote: Hmm. I do not have any forwarding statements. Is there a way via command line (e.g. nslookup, etc) that I can determine if BIND is recursing or forwarding? I assume that might be in the SA report header.

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 8:34 PM, jdow wrote: On 2016-08-18 17:11, RW wrote: On Thu, 18 Aug 2016 18:14:47 -0500 Jerry Malcolm wrote: I'm still trying to see why I'm not getting the report back. I've gone all the way back to the source code that does the streaming of the spamd invocation on port 783.

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 17:11, RW wrote: On Thu, 18 Aug 2016 18:14:47 -0500 Jerry Malcolm wrote: I'm still trying to see why I'm not getting the report back. I've gone all the way back to the source code that does the streaming of the spamd invocation on port 783. I can't seem to find the

Re: New Install - Tons of Spam Getting Through

On Thu, 18 Aug 2016, Jerry Malcolm wrote: I installed the latest SpamAssassin In a Box yesterday (Win Server 2008 r2). I kept all of the defaults. It is up and running. But I'm getting a huge amount of spam, and I mean 'obvious' spam mentioning body parts in the subject line that are

Re: New Install - Tons of Spam Getting Through

Thanks for the quick response. I'll try to reply with what I know. But I purchased a package "SpamAssassin In A Box" from JAM Software. I ran the installer, and that's it. I'm sorry that I don't know more. But I don't know much about the inner workings. I was just hoping it would work. I

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 20:10 schrieb Jerry Malcolm: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 useless without any headers which would show the matching rules including major mistakes like URIBL_BLOCKED but even passing that

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 12:16 PM, John Hardin wrote: On Thu, 18 Aug 2016, Jerry Malcolm wrote: I installed the latest SpamAssassin In a Box yesterday (Win Server 2008 r2). I kept all of the defaults. It is up and running. But I'm getting a huge amount of spam, and I mean 'obvious' spam mentioning

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 2:10 PM, Jerry Malcolm wrote: Thanks for the quick response. I'll try to reply with what I know. But I purchased a package "SpamAssassin In A Box" from JAM Software. I ran the installer, and that's it. I'm sorry that I don't know more. But I don't know much about the inner

The quality of the squidblacklist.org blacklists

Hi, I truly hesitate to add to this nonsense, but I am not sure of the quality of squidblacklist.org's blacklists when the proprietor makes statements such as the following: https://www.facebook.com/squidblacklist/posts/1910402539187319 "Announcement: We will be publishing a ‪#‎Femism‬

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling an all-in-one charger we need the *report* header What kind of DNS issues? I lease a server from Peer1 and use their name

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:17 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:10 schrieb Jerry Malcolm: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 useless without any headers which would show the matching rules including major

Re: New Install - Tons of Spam Getting Through

On 2016-08-18 20:10, Jerry Malcolm wrote: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 MISSING_DATE: 1.00 DCC_BULK: 2.00 MISSING_TO: 2.00 MISSING_MID: 2.50 MISSING_SUBJECT: 2.00 was what it scored as in pastebin, rspamd

Re: R: R: R: A domain category that all need

On 08/18/2016 10:34 AM, Nicola Piazzi wrote: > 2) > FREEMAIL_FROM rule have description “Sender email is commonly abused enduser mail provider” > Is this the rule to use if I want to know if MAIL FROM is from any kind of freemail provider ? > If is so description must be changed to “Sender

Re: R: A domain category that all need

On 08/18/2016 10:04 AM, Nicola Piazzi wrote: This is a good idea, but there are 2 files : 20_freemail_mailcom_domains.cf 20_freemail_domains.cf The first is commonly abused only FREEMAIL_FROM rule search in both but have a strange description “Sender email is commonly abused enduser mail

Re: R: R: A domain category that all need

On 08/18/2016 10:20 AM, Nicola Piazzi wrote: 1) Another thing, the date of files is # Updated 2014-09-17-axb What is the problem with that? Problem that now we are in 2016 so? I committed the last update in 2014. 2) FREEMAIL_FROM rule have description “Sender email is commonly abused

Re: R: R: R: A domain category that all need

OOPS! seems I borked that reply.. On 08/18/2016 10:34 AM, Nicola Piazzi wrote: On 08/18/2016 10:20 AM, Nicola Piazzi wrote: 1) Another thing, the date of files is # Updated 2014-09-17-axb What is the problem with that? Problem that now we are in 2016 so? I committed the last update in

R: R: R: A domain category that all need

On 08/18/2016 10:20 AM, Nicola Piazzi wrote: > 1) >>> Another thing, the date of files is # Updated 2014-09-17-axb >> What is the problem with that? > Problem that now we are in 2016 so? I committed the last update in 2014. Ok bit is very probably that from 2014 a lot of new freemail services

Re: A domain category that all need

dnswl.org partially does that. Entities which have close administrative control over their users get higher trust levels. -- Matthias On Thu, Aug 18, 2016 at 9:31 AM, Nicola Piazzi wrote: > It can be very useful a dns service URIBL that tell if a domain is public

Re: A domain category that all need

On 08/18/2016 09:50 AM, Jason Haar wrote: Check out 20_freemail_domains.cf that is part of SpamAssassin. It contains all the known "freemail" services, so you could work on the assumption that if it's not one of these, it's "private" FTR: 20_freemail_domains.cf contains "freemail" domains

A domain category that all need

It can be very useful a dns service URIBL that tell if a domain is public or private If is private I can whitelist entire domain instead address by address when I receive an ham from one For example : I cannot WL gmail.com if I receive a ham from j...@gmail.com But I can WL cocacola.com if I

R: A domain category that all need

This is a good idea, but there are 2 files : 20_freemail_mailcom_domains.cf 20_freemail_domains.cf The first is commonly abused only FREEMAIL_FROM rule search in both but have a strange description “Sender email is commonly abused enduser mail provider” It tell ‘commonly abused’ but it search

Re: A domain category that all need

Check out 20_freemail_domains.cf that is part of SpamAssassin. It contains all the known "freemail" services, so you could work on the assumption that if it's not one of these, it's "private" -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP

R: R: A domain category that all need

1) >> Another thing, the date of files is # Updated 2014-09-17-axb > What is the problem with that? Problem that now we are in 2016 2) FREEMAIL_FROM rule have description “Sender email is commonly abused enduser mail provider” Is this the rule to use if I want to know if MAIL FROM is from any

Re: A domain category that all need

On 2016-08-18 09:31, Nicola Piazzi wrote: It can be very useful a dns service URIBL that tell if a domain is public or private If is private I can whitelist entire domain instead address by address when I receive an ham from one For example : I cannot WL gmail.com if I receive a ham from

rule with multiple lines

Is there a way to have multiple line in a single rule ? For example : metaOW_SENT_EMAIL ( OW_T_SENT_EMAIL && ! OW_T_REF_EMAIL && ! OW_T_REF_FULL && ! OW_REF_THIS && OW_PASS) Will be better : metaOW_SENT_EMAIL ( OW_T_SENT_EMAIL

Re: R: A domain category that all need

On Thursday 18 August 2016 at 14:21:27, Nicola Piazzi wrote: > I made a plugin that watch if someone answer us, i watch if in header there > is a reference of a message id that we sent in the past > > So when I receive a mail from j...@cocacola.it and it have a reference I > whitelist

Re: R: A domain category that all need

On Thursday 18 August 2016 at 14:21:27, Nicola Piazzi wrote: > I made a plugin that watch if someone answer us, i watch if in header there > is a reference of a message id that we sent in the past > > So when I receive a mail from j...@cocacola.it and it have a reference I > whitelist

Re: R: R: R: A domain category that all need

On 18 Aug 2016, at 4:34, Nicola Piazzi wrote: On 08/18/2016 10:20 AM, Nicola Piazzi wrote: 1) Another thing, the date of files is # Updated 2014-09-17-axb What is the problem with that? Problem that now we are in 2016 so? I committed the last update in 2014. Ok bit is very probably that

Re: R: R: R: A domain category that all need

On 08/18/2016 02:53 PM, Bill Cole wrote: On 18 Aug 2016, at 4:34, Nicola Piazzi wrote: On 08/18/2016 10:20 AM, Nicola Piazzi wrote: 1) Another thing, the date of files is # Updated 2014-09-17-axb What is the problem with that? Problem that now we are in 2016 so? I committed the last

Re: New domain blacklist options available.

On 2016-08-18 04:39, Benjamin E. Nichols wrote: We heard you loud and clear, you wanted our enhanced blacklists in a similar archive/file structure as shallalist and urlblacklist for your web filtering platform, so we finally did it! Available now to all ... why is this posted on a free

R: A domain category that all need

I made a plugin that watch if someone answer us, i watch if in header there is a reference of a message id that we sent in the past So when I receive a mail from j...@cocacola.it and it have a reference I whitelist @cocacola.it When I receive j...@gmail.com I whitelist just j...@gmail.com

Re: I have some bad news

On 17.08.16 11:02, Marc Perkel wrote: For what it's worth I have noticed that people who are familiar with Bayesian filtering seem to have a mental block when it comes to understanding this. People who know nothing about bayesian get it instantly. Here's the actual formula. card(Test_message

Re: R: A domain category that all need

On 2016-08-18 14:21, Nicola Piazzi wrote: I made a plugin that watch if someone answer us, i watch if in header there is a reference of a message id that we sent in the past pretty cool So when I receive a mail from j...@cocacola.it and it have a reference I whitelist @cocacola.it When I

Mail::Threadkiller (was Re: New domain blacklist options available.)

On Thu, 18 Aug 2016 17:22:50 +0200 Benny Pedersen wrote: > > Another good candidate for > > http://search.cpan.org/~dskoll/Mail-ThreadKiller/ > since i use rspamd now, would it be possible to see a lua module of > it ? I don't know Lua. I integrate it into the LDA. This is my

Re: Unsubscribe

On 8/18/2016 10:57 AM, Benjamin E. Nichols wrote: Benjamin E. Nichols http://www.squidblacklist.org 1-405-397-1360 Documentation on how to unsubscribe from the list can be found on apache.org or in the notification you received when you first subscribed.

Re: Unsubscribe

On 08/18/2016 05:05 PM, Joe Quinn wrote: On 8/18/2016 10:57 AM, Benjamin E. Nichols wrote: Benjamin E. Nichols http://www.squidblacklist.org 1-405-397-1360 Documentation on how to unsubscribe from the list can be found on apache.org or in the notification you received when you first

Re: New domain blacklist options available.

On 8/18/2016 10:50 AM, Benjamin E. Nichols wrote: > cry babies and bitches Oh, great. Not enough to spam the list. Not enough to call someone a bonehead. We also have to have misogynistic gendered insults. *plonk* Another good candidate for http://search.cpan.org/~dskoll/Mail-ThreadKiller/

Re: Unsubscribe

On Thursday 18 August 2016 at 17:07:31, Axb wrote: > On 08/18/2016 05:05 PM, Joe Quinn wrote: > > On 8/18/2016 10:57 AM, Benjamin E. Nichols wrote: > >> Benjamin E. Nichols > >> > >> http://www.squidblacklist.org > >> > >> > >> 1-405-397-1360 > > > > Documentation on how to unsubscribe

Re: New domain blacklist options available.

On 2016-08-18 17:06, Dianne Skoll wrote: Another good candidate for http://search.cpan.org/~dskoll/Mail-ThreadKiller/ since i use rspamd now, would it be possible to see a lua module of it ? or would it work as a spamassassin plugin ? either way thanks for make it free

Unsubscribe

 Benjamin  E. Nicholshttp://www.squidblacklist.org 1-405-397-1360

Re: Unsubscribe

On 2016-08-18 17:08, Antony Stone wrote: or in every list msg's headers .-) Indeed: squirrelmail have it, i still miss it in roundcube, horde hmm ?, thunderbird have it as a plugin, microsoft and apple dont give a damm about it :=) pick your own battles

Re: Unsubscribe

On Thu, 18 Aug 2016, Benjamin E. Nichols wrote:  Benjamin  E. Nicholshttp://www.squidblacklist.org 1-405-397-1360 Normally I don't respond to unsubscribe requests with this comment to be polite, but in this case you have shown you don't deserve that consideration... The Internet is an

Re: New Install - Tons of Spam Getting Through

On 08/18/2016 06:47 PM, Jerry Malcolm wrote: I installed the latest SpamAssassin In a Box yesterday (Win Server 2008 r2). I kept all of the defaults. It is up and running. But I'm getting a huge amount of spam, and I mean 'obvious' spam mentioning body parts in the subject line that are

New Install - Tons of Spam Getting Through

I installed the latest SpamAssassin In a Box yesterday (Win Server 2008 r2). I kept all of the defaults. It is up and running. But I'm getting a huge amount of spam, and I mean 'obvious' spam mentioning body parts in the subject line that are getting low scores (averaging about 15

Re: rule with multiple lines

On Thu, 2016-08-18 at 13:50 +, Nicola Piazzi wrote: > Is there a way to have multiple line in a single rule ? > Not as far as I know.  I use long lists (e.g. selling terms or product names) to recognise advertising spam and initially thought of writing something like an RBL to handle such

Re: New Install - Tons of Spam Getting Through

On Thu, 18 Aug 2016, Jerry Malcolm wrote: Thanks for the quick response. I'll try to reply with what I know. But I purchased a package "SpamAssassin In A Box" from JAM Software. I hate to say this, but - perhaps you should be asking JAM *first*... Here is a pastebin.com link to an example

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:23 PM, Benny Pedersen wrote: On 2016-08-18 20:10, Jerry Malcolm wrote: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 MISSING_DATE: 1.00 DCC_BULK: 2.00 MISSING_TO: 2.00 MISSING_MID: 2.50 MISSING_SUBJECT: 2.00

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:35 PM, Joe Quinn wrote: On 8/18/2016 2:27 PM, Jerry Malcolm wrote: I haven't figured out a way to get Thunderbird to allow me to copy/paste the headers. But I did look at all of the headers. There are no headers in the email with names like you mentioned. There is only the

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:45 PM, Bowie Bailey wrote: On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling an all-in-one charger we need the *report*

Re: New Install - Tons of Spam Getting Through

On Thu, 18 Aug 2016, Jerry Malcolm wrote: On 8/18/2016 12:16 PM, John Hardin wrote: There are also potential DNS issues that may contribute. In addition to describing your environment, perhaps you could post the X-Spam-Status header from a couple of the low-scoring spams. John, This is

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 3:05 PM, Jerry Malcolm wrote: On 8/18/2016 1:45 PM, Bowie Bailey wrote: On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 2:27 PM, Jerry Malcolm wrote: I haven't figured out a way to get Thunderbird to allow me to copy/paste the headers. But I did look at all of the headers. There are no headers in the email with names like you mentioned. There is only the X-Spam-Status header and X-Spam-Flag header

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 20:27 schrieb Jerry Malcolm: On 8/18/2016 1:17 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:10 schrieb Jerry Malcolm: Here is a pastebin.com link to an example uncaught spam message. SA scored it a 4.7. http://pastebin.com/T1CfVgP4 useless without any headers which

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 2:21 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:18 schrieb Jerry Malcolm: This is the X-Spam-Status header I got back on an uncaught spam. No, hits=0.3 required=5.0. The spam was selling an all-in-one charger we need the *report* header By default, the report header is

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 20:48 schrieb Jerry Malcolm: This is encouraging. I looked up how to set recursion in Bind. It looks like it's just requires adding a field to the options: |allow-recursion { any; }; |But it lists other options such as allow-query, allow-query-cache, etc. Is recursion the

Re: New Install - Tons of Spam Getting Through

On 8/18/2016 1:50 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:48 schrieb Jerry Malcolm: This is encouraging. I looked up how to set recursion in Bind. It looks like it's just requires adding a field to the options: |allow-recursion { any; }; |But it lists other options such as

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 21:05 schrieb Jerry Malcolm: I see the local.cf file, it is already configured with 'all report'. But I looked at a msg that was flagged a spam. It doesn't have a report header either. I guess it's possible that the JAMES invoker mailet is stripping the headers. But I don't

Re: New Install - Tons of Spam Getting Through

Am 18.08.2016 um 21:08 schrieb Jerry Malcolm: On 8/18/2016 1:50 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:48 schrieb Jerry Malcolm: This is encouraging. I looked up how to set recursion in Bind. It looks like it's just requires adding a field to the options: |allow-recursion { any;

Re: New Install - Tons of Spam Getting Through

On 08/18/2016 08:48 PM, Jerry Malcolm wrote: On 8/18/2016 1:35 PM, Joe Quinn wrote: On 8/18/2016 2:27 PM, Jerry Malcolm wrote: I haven't figured out a way to get Thunderbird to allow me to copy/paste the headers. But I did look at all of the headers. There are no headers in the email with

Re: New Install - Tons of Spam Getting Through

On 18 Aug 2016, at 15:08, Jerry Malcolm wrote: On 8/18/2016 1:50 PM, li...@rhsoft.net wrote: Am 18.08.2016 um 20:48 schrieb Jerry Malcolm: This is encouraging. I looked up how to set recursion in Bind. It looks like it's just requires adding a field to the options: |allow-recursion { any;