Re: Am I being paranoid? Postcard?
so called Elena and Vladimir have been around for over a decade spamming with different requests. Vladimir's mother has died several times use it to feed Bayes. On 11/11/20 7:37 AM, Anders Gustafsson wrote: I know it is a bit off-topic, but has anyone seen something like this: "Greetings, My daughter collects printed postal cards from different countries. We are from Russia. I hesitate to ask, but could you send a printed postcard from Finland? I would like send you the postcard from our county if you like ! Await for your kind response. In deepest sympathy, Elena. " This could naturally be completely legit, but it was sent to the company info adress which is not advertised anywhere. It is also a bit odd that it does not mention where to send it. Had it been me, had I written where to send this postcard. Could it be some type of probe?
Am I being paranoid? Postcard?
I know it is a bit off-topic, but has anyone seen something like this: "Greetings, My daughter collects printed postal cards from different countries. We are from Russia. I hesitate to ask, but could you send a printed postcard from Finland? I would like send you the postcard from our county if you like ! Await for your kind response. In deepest sympathy, Elena. " This could naturally be completely legit, but it was sent to the company info adress which is not advertised anywhere. It is also a bit odd that it does not mention where to send it. Had it been me, had I written where to send this postcard. Could it be some type of probe? -- Med vänlig hälsning Anders Gustafsson, ingenjör anders.gustafs...@pedago.fi | Support +358 18 12060 | Direkt +358 9 315 45 121 | Mobil +358 40506 7099 Pedago interaktiv ab, Nygatan 7 B , AX-22100 MARIEHAMN, ÅLAND, FINLAND
Re: SPF_FAIL
John Hardin wrote: > > > Moreover, after reading other replies in the thread, I am even begining to > > doubt the wizdom of rejecting hard SPF fails in the MTA (which I do in > > some installations). > > "it depends". > > Doing that for certain domains - like, large banks - would probably be a > good idea. By default, for all domains, not so much. If I only had a ready-made list of those important domains. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ signature.asc Description: PGP signature
Re: free tlds considered as freemail ?
On 2020-11-09 at 11:42 +0100, Benny Pedersen wrote: > i mean if the tld is free, can the domain name be non free then ? Yes. Even though the TLD offers domains for free (not tlds for free :P) there is a paying layer where you can pay money for having them. I have seen a spammer use such kind of paid domain. Too bad, as it would have been simpler to have their domain canceled if iy was on the free tier. Regards
Re: Per-user prefs and rules
Alex skrev den 2020-11-10 20:30: It also looks like there's "whitelist_from", but no "whitelist_auth"? Or "blacklist_from"? How much work would it be to add it to the database then configure SA to actually look for it? this can be done in sql spamassassin, read the docs in amavisd only whitelist_from and blacklist_from is supported i am not using amavisd anymore, sorry
Re: Per-user prefs and rules
> > https://cwiki.apache.org/confluence/display/SPAMASSASSIN/UsingSQL > > create pr user rules, set the scores default to 0 > > in sql, then change scorees pr user, easy :=) > > and amavisd have sa_userprefs maps to sa_user, it's just not that easy to > make work as intended This is kind of what I was thinking - wouldn't it be possible to use the "wblist" table and create an entry for each user that blocks the TLDs they specify? https://wiki.gentoo.org/wiki/Mailfiltering_Gateway/en It also looks like there's "whitelist_from", but no "whitelist_auth"? Or "blacklist_from"? How much work would it be to add it to the database then configure SA to actually look for it?
phishmails to dns offline hosts
is the case that such host is already known to be a phishing host ? but that does not mean phishing emails is sent from the botnet :( i think is it possible to check dns offline state (nxdomain) in spamassassin ? reported to phishtank: https://phishtank.com/phish_detail.php?phish_id=6835533 https://phishtank.com/phish_detail.php?phish_id=6842063 https://phishtank.com/phish_detail.php?phish_id=6842067 same phishing attemts is report to google safebrowsing