Re: spoofing mail

2018-11-29 Thread Rick Gutierrez
El jue., 29 nov. 2018 a las 10:18, David Jones () escribió: > > On 11/29/18 9:44 AM, Paul Stead wrote: > > I can't find MSGID_BELONGS_RECIPIENT in the standard distribution - I think > > this might be because my Plugin is installed. > > > > Another to get into branch? > > > > I think this one is

Re: spoofing mail

2018-11-29 Thread Rick Gutierrez
El mié., 28 nov. 2018 a las 19:08, Reindl Harald () escribió: > > > > > these are the files that increase the score of the rule , If I'm > > missing someone, please someone guide me or update me if I'm doing it > > wrong. > > > > /var/lib/spamassassin/3.004001/updates_spamassassin_org/72_scores.cf

Re: Bayes underperforming, HTML entities?

2018-11-29 Thread John Hardin
On Thu, 29 Nov 2018, Amir Caspi wrote: On Nov 29, 2018, at 3:27 PM, John Hardin wrote: I'll see whether those can be incorporated into the existing UNICODE_OBFU_ZW rule (which of course will no longer actually be UNICODE :) ) Great. Maybe rename the rule. ;-) What are your thoughts on

Re: Bayes underperforming, HTML entities?

2018-11-29 Thread Amir Caspi
On Nov 10, 2018, at 11:30 AM, John Hardin wrote: > > Initial results (again, all corpora aren't in yet)... > > The rawbody rules perform much better (unsurprising), and the ASCII-only one > has a better raw S/O: > >

Re: Bayes underperforming, HTML entities?

2018-11-29 Thread John Hardin
On Thu, 29 Nov 2018, Amir Caspi wrote: 1) A new variant is showing up lately, with liberal use of zero-width spaces/joiners. See spample: https://pastebin.com/zBVWaiew This uses the (zero-width joiner) HTML entity, interspersed within words. I don't see any

Re: Bayes underperforming, HTML entities?

2018-11-29 Thread Amir Caspi
On Nov 29, 2018, at 3:27 PM, John Hardin wrote: > > I'll see whether those can be incorporated into the existing UNICODE_OBFU_ZW > rule (which of course will no longer actually be UNICODE :) ) Great. Maybe rename the rule. ;-) What are your thoughts on item #2? Specifically: A) Could you

Re: Bayes underperforming, HTML entities?

2018-11-29 Thread Bill Cole
On 29 Nov 2018, at 17:32, Amir Caspi wrote: B) Do you think that normalize_charsets could evolve to handle HTML entities? That would be a mess. The normalize_charset option acts on the decoded text of text/* MIME parts before that text is parsed into meaningful tokens. I have no issue

Re: Bayes underperforming, HTML entities?

2018-11-29 Thread Amir Caspi
On Nov 29, 2018, at 10:11 PM, Bill Cole wrote: > > I have no issue with adding a new rule type to act on the output of a partial > well-defined HTML parsing, something in between 'rawbody' and 'body' types, > but overloading normalize_charset with that and so affecting every existing > rule

Re: spoofing mail

2018-11-29 Thread Rupert Gallagher
Message-ID and To have the same domain, but From does not. You should have never received that mail. On Wed, Nov 28, 2018 at 19:15, Rick Gutierrez wrote: > El mié., 28 nov. 2018 a las 6:03, Christian Grunfeld > () escribió: >> >> Hi, >> >> this is a logcould you paste the email headers? >>

Re: spoofing mail

2018-11-29 Thread David Jones
On 11/29/18 3:30 AM, Rupert Gallagher wrote: > Message-ID and To have the same domain, but From does not. You should > have never received that mail. > Here's what my mail filters say. You can ignore the DKIM_INVALID because the body was intentionally modified (redacted) to post to pastbin.

Re: --virtual-config-dir=pattern is not substituted

2018-11-29 Thread Eggert Ehmke
Strange, I am missing that configuration in /etc/postfix/master.cf. Will add them. Am Donnerstag, 29. November 2018, 01:15:39 CET schrieb Bill Cole: > On 28 Nov 2018, at 17:53, Eggert Ehmke wrote: > > Do you mean the --username option in /etc/default/spamassassin? > > No. Postfix is running

Re: spoofing mail

2018-11-29 Thread Paul Stead
I can't find MSGID_BELONGS_RECIPIENT in the standard distribution - I think this might be because my Plugin is installed. Another to get into branch? -- On 29/11/2018, 13:47, "David Jones" wrote: On 11/29/18 3:30 AM, Rupert Gallagher wrote: > Message-ID and To have the same domain,

Re: spoofing mail

2018-11-29 Thread Rick Gutierrez
El jue., 29 nov. 2018 a las 7:47, David Jones () escribió: > > Here's what my mail filters say. You can ignore the DKIM_INVALID > because the body was intentionally modified (redacted) to post to pastbin. > > X-Spam-Status: Yes, score=11.0 required=5.0 tests=BAYES_99,DKIM_INVALID, >

Re: spoofing mail

2018-11-29 Thread David Jones
On 11/29/18 9:44 AM, Paul Stead wrote: > I can't find MSGID_BELONGS_RECIPIENT in the standard distribution - I think > this might be because my Plugin is installed. > > Another to get into branch? > I think this one is worthy of consideration to be included in the core SA ruleset.