Supposed bounces

2022-07-13 Thread @lbutlr
On 2022 Jul 12, at 13:08, users-h...@spamassassin.apache.org wrote: > Hi! This is the ezmlm program. I'm managing the > users@spamassassin.apache.org mailing list. > > > Messages to you from the users mailing list seem to > have been bouncing. I've attached a copy of the first bounce > message I

Re: Another evil number

2022-05-05 Thread @lbutlr
On 2022 May 02, at 22:40, Kevin A. McGrail wrote: > Fascinating thread I just stumbled on. Yes, in early parts of the phone > system, the letters were geographic and referenced the street for where the > central office was located switching those calls. For example, in Arlington > VA, my grand

Re: Getting right GPG key for KAM

2022-03-21 Thread @lbutlr
On 2022 Mar 21, at 04:37, Henrik K wrote: > Right, it does seem you haven't imported the key.. Thanks! That's what was missing. Odd, considering there were KAM files present, just not recent ones. Anyway, not my system, but all sorted now. -- (on emojis) Remember when they added Groucho and no

Re: Getting right GPG key for KAM

2022-03-21 Thread @lbutlr
On 2022 Mar 21, at 03:54, Henrik K wrote: > On Mon, Mar 21, 2022 at 03:48:51AM -0600, @lbutlr wrote: >> When running sa-update on an old system (not updated in at least a year) I >> am getting: >> >> # sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com

Getting right GPG key for KAM

2022-03-21 Thread @lbutlr
When running sa-update on an old system (not updated in at least a year) I am getting: # sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com gpg: process '/usr/local/bin/gpg' finished: exit 2 error: GPG validation failed! The update downloaded successfully, but it was not signed wit

Re: Process of domain submission for inclusion in 60_whitelist_auth.cf

2021-07-01 Thread @lbutlr
On 01 Jul 2021, at 16:43, Reindl Harald wrote: > Am 02.07.21 um 00:32 schrieb @lbutlr: >>> I also manually maintain a private blacklist, which contains the 'From' >>> addresses of advertising e-mails from companies that I've dealt with in >>> the pa

Re: Process of domain submission for inclusion in 60_whitelist_auth.cf

2021-07-01 Thread @lbutlr
On 29 Jun 2021, at 04:50, Martin Gregorie wrote: > On Tue, 2021-06-29 at 00:52 -0400, Bill Cole wrote: >> On 2021-06-28 at 17:04:05 UTC-0400 (Mon, 28 Jun 2021 23:04:05 +0200) >> Robert Harnischmacher >> is rumored to have said: >>> In which form can one submit the subdomain of a mail sender for

Re: Another evil number

2021-06-26 Thread @lbutlr
On 25 Jun 2021, at 12:24, RW wrote: > On Fri, 25 Jun 2021 05:51:24 -0700 > Loren Wilton wrote: > >> From a fake "subscription" spam: >> >> You can reach out >> to our Customer Support Team+1 (800) 781 - 2511. > > > Is it common in the US to put 800 in brackets like that? Yes. > In my > exp

Re: Scan Attachment Content Using Spamassassin

2021-06-03 Thread @lbutlr
> On 03 Jun 2021, at 01:32, Matus UHLAR - fantomas wrote: > >> On Thu, Jun 03, 2021 at 01:15:03AM -0500, Dave Funk wrote: >>> Even more limiting, spamassassin is designed for small to medium size >>> messages, scanning anything over 500KB or so is going to be a resource hog. > > 500KB is defa

Re: More fake order spam

2021-04-27 Thread @lbutlr
On 27 Apr 2021, at 11:57, Steve Dondley wrote: > On 2021-04-27 01:19 PM, Dave Wreski wrote: >> Invalid List-ID. You can then use that with other weirdness in a meta. >> header__LIST_ID_DOMAIN_IN_BRACKETS List-id =~ /<([\w-]+)(\.[\w-]+)+>/ >> meta LIST_ID_IMPROPER_FORMAT __HAS_LIST_ID && !__L

Re: How do you set nomail for the List?

2021-04-20 Thread @lbutlr
On 20 Apr 2021, at 18:29, Bob Proulx wrote: > Hmm... No. I disagree. It's not if-one-then-the-other. All that is > needed to disprove it is one example. And as it happens I can list > two immediately. Which does nothing to disprove "most mailing list require subscription" which is absolutel

Re: Spoofed amazon order email

2021-04-16 Thread @lbutlr
On 16 Apr 2021, at 16:16, RW wrote: > On Fri, 16 Apr 2021 11:25:19 -0400 Greg Troxel wrote: > >> Probably not for normals, score up MPART_ALT_DIFF because nobody >> should be sending mail with a text/plain part that is not >> semantically equivalent to the html. > > Unfortunately it's quite c

Re: Spoofed amazon order email

2021-04-16 Thread @lbutlr
On 16 Apr 2021, at 16:03, John Hardin wrote: > header __FROM_NAME_AMAZONCOM From:name =~ /\bamazon\.com\b/i > meta POSSIBLE_AMAZON_PHISH_01 (__FROM_NAME_AMAZONCOM && NAME_EMAIL_DIFF) > meta POSSIBLE_AMAZON_PHISH_02 (__FROM_NAME_AMAZONCOM && > !__HDR_RCVD_AMAZON) It seems somethin

Re: google.com spam

2021-04-04 Thread @lbutlr
On 04 Apr 2021, at 05:21, Matus UHLAR - fantomas wrote: > On 04.04.21 13:09, Benny Pedersen wrote: >> change score to 7.5 >> change score to -3.5 > > I prefer to solve problems instead of playing with scores. The way that SA solves problems is by changing score values. The entire foundation of

Re: No rule for fake payPal messages?

2021-03-20 Thread @lbutlr
On 19 Mar 2021, at 17:11, Loren Wilton wrote: > I just got this little wonder, and was surprised that it got thru as ham. > > From: "PayPal Billing" > > I've fixed that locally, but I'd think SA ought to have a rule for "PayPal" > that doesn't come from paypal. It does, but it looks at the

Re: Trouble with XM_RANDOM rule

2021-02-24 Thread lbutlr
grammatical, if you care.) script execution error (#1): /Users/lbutlr/mysisg: No such file or directory ##

Re: Scoring Based on IP Address

2020-12-18 Thread @lbutlr
On 17 Dec 2020, at 16:19, Dave Wreski wrote: > On 12/17/20 6:05 PM, Matt wrote: >> Is there a way with spamassassin local.conf to add a higher score >> based on source ip address or subnet? Basically the last IP in >> "Received:" header. >> bad_subnet_add_20_points: 192.168.240.0/24 >> Raising th

Re: More undetected hidden test spam signs

2020-12-18 Thread @lbutlr
On 17 Dec 2020, at 09:58, John Hardin wrote: > Such rules are there. Unfortunately, for whatever reason, lots of ham uses > "invisible" text so it's not useful as a spam sign by itself and it's hard to > come up with any useful combination rules. In the "Archive" folder on my work email there a

Re: More undetected hidden test spam signs

2020-12-17 Thread @lbutlr
On 16 Dec 2020, at 23:21, Loren Wilton wrote: > I just got a batch of spams containing > > Interesting. I remember in the early days of html spam there were various rules to tag messages as spam when they had content that did not display. (Possibly pre-SpamAssasin or at least pre my use of Sp

Re: per-user bayes

2020-12-09 Thread @lbutlr
On 08 Dec 2020, at 13:54, micah anderson wrote: > Kris Deugau writes: >> There will only be one database and set of tables, but one of the fields >> in each table is the user identifier. Fair warning - if you go full >> per-user on a large system, this will MASSIVELY balloon the size of your

Re: per-user bayes

2020-12-08 Thread @lbutlr
On 08 Dec 2020, at 08:36, Benoit Panizzon wrote: > Adding the list back to CC as I believe this is an interesting topic > many have pondered over. Forgot to fix the reply to on this list for some reason. Fixed now. > Yes, I see that is states 'per user' but I still don't see, how that > 'bayes u

Re: per-user bayes

2020-12-08 Thread @lbutlr
On 07 Dec 2020, at 13:56, micah anderson wrote: > A per-user setup would let each user do their own thing, but I don't see > how I can do that because our system doesn't have individual system > users and I don't see that there are options in the bayes sql > configuration or per-user tables possib

KAM info messages

2020-12-06 Thread @lbutlr
When I run my cron task to update SA. I am getting a LOT of lines in the crpn output along the lines of info: rules: meta test KAM_REALLY_FAKE_DELIVER has dependency 'KAM_RPTR_PASSED' with a zero score And a lot of compile lines like: cc -c-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -DUSE_THREAD

Re: Are these valid email headers?

2020-12-05 Thread @lbutlr
On 05 Dec 2020, at 13:03, John Capo wrote: > On Sat, December 5, 2020 14:30, Loren Wilton wrote: >> I don't have a Faceboox account and don't know anyone on Facebook that would >> send me mail (and don't want to!), so I have absolutely no idea if these >> headers from recent spams >> are complete

Re: Happy Thanksgiving and Announcing the Apache SpamAssassin Channel for the KAM Rule Set

2020-11-28 Thread @lbutlr
On 26 Nov 2020, at 09:22, Kevin A. McGrail wrote: > Announcing the Apache SpamAssassin Channel for the KAM Rule Set Excellent and most welcome news! -- They looked at the drinks. They drank the drinks.

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

2020-11-21 Thread @lbutlr
On 20 Nov 2020, at 07:59, AJ Weber wrote: > On 11/20/2020 9:28 AM, @lbutlr wrote: >> A whole lot of people have decided their right to free speech means an >> obligation from others to listen to them. It's not just spammers, it's also >> racists, fascists, repu

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

2020-11-20 Thread @lbutlr
On 19 Nov 2020, at 14:25, Kevin A. McGrail wrote: > So over the years, I have gotten a lot of complaints from spammers about how > I'm breaking their 1st amendment rights by blocking their spam as free > speech. I've had to explain that I'm not the government and hence there are > no 1st amend

Re: check doman against uri bl of spamassassin

2020-10-21 Thread @lbutlr
On 21 Oct 2020, at 13:35, Marc Roos wrote: > What is the best way to check an url against the default active > spamassassin uribl, on a linux server that does not have spamassassin > installed? This is clearly in the "how do I do a thing while imposing conditions that make impossible to do"

Tagging outbound messages

2020-10-20 Thread @lbutlr
I seem to recall, but cannot find, a recent message where someone had their outbound messages being tagged as spam. I sent an email to a friend today and it arrived with SA tagging because SA tagged my home IP address, but the message was sent through my mail server, and so my home IP address s

Re: 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla

2020-09-23 Thread @lbutlr
On 23 Sep 2020, at 13:22, Jerry Malcolm wrote: > the MTAs that had the courtesy of bouncing with a reason said the IP address > was blacklisted but didn't say where This may indicate that the IP address was added to permanently block lists before you got it, or based on your provider, or your c

Re: Catching Phishing messages

2020-09-23 Thread @lbutlr
On 21 Sep 2020, at 08:21, Daryl Rose wrote: > I don't have the email server, it's hosted by a provider. This provider does > a crappy job at filtering spam and phishing, so I am running ISBG and > Spamassassin to block the spam and phishing. This isn't really a workable solution as there are m

Re: Catching Phishing messages

2020-09-20 Thread @lbutlr
On 20 Sep 2020, at 08:35, Daryl Rose wrote: > I can blacklist the email address, but I know that won't help. Is there a > rule that I can set up to catch more phishing attempts? SPF and DMARC seem to be the only ways to deal with spams from large senders that are faked, but what is considered

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

2020-08-21 Thread @lbutlr
On 21 Aug 2020, at 14:15, Benny Pedersen wrote: > blacklist_from *+14927644-* I think adding 5.0 to all sendgrid mail is the best idea I've heard. Sendgrid makes me long for the days of the SPEWS RBL. -- These are the thoughts that kept me out of the really good schools. -- George Car

Re: Freshdesk (again)

2020-08-17 Thread @lbutlr
On 17 Aug 2020, at 11:25, Philip Prindeville wrote: > I’ve been calling out phishing from the same (IP) address for 10 days without > any apparent (observable) action from Sendgrid. Not a shock; they simply do not care. > At this point I’m wondering if they have compromised relays. It seems t

Re: Blacklisting a stubborn sender

2020-08-02 Thread @lbutlr
On 02 Aug 2020, at 07:54, Kevin A. McGrail wrote: > If they aren't spending spam, why care about their MID or Helo format > unless there is a delivery issue. If they are sending mail with an invalid helo then it is perfectly valid to drop the connections. This may be a problem when you want to u

Re: Constructive solution to the blacklist thread

2020-07-25 Thread @lbutlr
On 25 Jul 2020, at 13:25, Thom van der Boon wrote: > Dear everybody, > > Could we please "cut the crap" and stop with all the polictics. Yes, but starting a new thread that is attracting the same BS again is not going to help. I already have a half-dozen threads muted and a few persistent pos

Re: IMPORTANT NOTICE: Rules referencing WHITELIST or BLACKLIST in process of being Renamed

2020-07-19 Thread @lbutlr
On 19 Jul 2020, at 21:23, Olivier wrote: > Please consider adding an easy way to turn the backward compatibility on > and off. I would suggest to settings, one that warns the definition has changed and one that errors on the old term rather than just a "turn on compatibility" which will mean th

Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change

2020-07-16 Thread @lbutlr
On 15 Jul 2020, at 20:34, Noel Butler wrote: > December 27 (our quietest time of year generally) this year has been slated > for our changeover to remove spamassassin from our network. Nose. Spite. Face. Can you stop posting about this topic now? -- "Are you pondering what I'm pondering?" "I

Re: Stop this before it goes any further (was Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave)

2020-07-15 Thread @lbutlr
On 14 Jul 2020, at 12:59, Kurt Fitzner wrote: > This is truly unfortunate. Thanks for changing the topic to evade filters killing this idiotic thread. How supremely selfish and self-centered of you.

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

2020-07-14 Thread @lbutlr
On 14 Jul 2020, at 01:22, jdow wrote: > How does this move improve the technical quality of the product from the end > users' perspective? You've been told repeatedly that the decision has been made, and you have ignored everyone and attacked anyone who has posted on this any opinion that devi

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

2020-07-11 Thread @lbutlr
On 11 Jul 2020, at 16:38, Reindl Harald wrote: > yeah - by quoting your own idiocy - wow I did no t want to call out any particular posting or poster. > nobody right in his mind thins about black people in chanis when read > something like this in a technical context: slave, master, blacklist, >

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

2020-07-11 Thread @lbutlr
On 11 Jul 2020, at 16:04, @lbutlr wrote: > It is astonishing, but not surprising, how angry people are over these > changes though; it betrays at the very least a real lack of empathy. If there is anyone paying attention to the mailing list, can you please just kill this thread? It

Re: spamhaus enabled by default

2020-07-11 Thread @lbutlr
On 11 Jul 2020, at 04:33, Riccardo Alfieri wrote: > And I don't know where you got a quote of "hundreds of dollars per month" for > 1000 mailboxes, but it's not really the case if you use DQS. Maybe they thought the yearly cost was monthly? (Last I checked, DQS stars at $250/yr) -- The othe

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

2020-07-11 Thread @lbutlr
On 11 Jul 2020, at 00:51, Bill Cole wrote: > On 10 Jul 2020, at 20:02, Luis E. Muñoz wrote: > >> On 10 Jul 2020, at 12:29, @lbutlr wrote: >> >>> If people are so fragile that they have to hold on to terms that are >>> extremely offensive to some of thei

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

2020-07-10 Thread @lbutlr
On 10 Jul 2020, at 02:06, Matus UHLAR - fantomas wrote: > thought guys can also mean women, at least I've seen it being used that > way… Yes, guy/s is gender neutral, but many women do not agree. -- Train Station: where the train stops. Work Station: …

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

2020-07-10 Thread @lbutlr
On 10 Jul 2020, at 02:02, jdow wrote: > The problem is that at least one woman (me) reading this list doesn't give a > tinker's damn. The intent is communicated and that's sufficient to satisfy my > sensibilities. Seems I grew up and became an adult when I wasn't looking. > Things like this jus

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

2020-07-10 Thread @lbutlr
On 10 Jul 2020, at 01:38, Olivier wrote: > Axb writes: > >> the US problems won't be fixed with renaming B&W lists. >> Seriously.. you have more important issues... > > While thet change in names will not fix any societal issue, for a > product like SpamAssassin that relies heavily on plugins (

Re: Multiple regex on same URL

2020-07-07 Thread @lbutlr
On 07 Jul 2020, at 07:16, Henrik K wrote: > On Tue, Jul 07, 2020 at 11:41:01AM +, Pedro David Marco wrote: >> >>> On Tuesday, July 7, 2020, 01:05:36 PM GMT+2, Henrik K wrote: >> >> >>> What examply do you mean by checking multiple regex on the "same" URL? Give >> an example. Most likely

Re: Rule HK_SCAM is triggered by standard business email

2020-07-02 Thread @lbutlr
On 01 Jul 2020, at 14:20, Aner Perez wrote: > we have the spam threshold set very low (2.4) This is a terrible idea and exposes a fundamental misunderstanding of how SA works. If SA scores an email as 3.3 then the message is not considered spam by SA. If you ignore this and mark it as sam anyw

Re: Frequency of SUSP_NTLD updates

2020-07-01 Thread @lbutlr
On 30 Jun 2020, at 09:31, RW wrote: > On Tue, 30 Jun 2020 11:30:17 + > Roald Stolte wrote: > > >> These mails were all using TLDs such as .site and .online and were >> getting marked because of it. Are others seeing a decrease in spam from .site and .online? All I see from these TLD is 100

Re: Freshdesk (again)

2020-06-27 Thread @lbutlr
On 26 Jun 2020, at 19:01, Bill Cole wrote: > it might help to add your complaint via ab...@sendgrid.com. I very much doubt it. Sendgrid's business is sending mail and they do not care if that mail is spam or not. If enough servers block them they will go away. -- Don't be too sure I'm as c

Re: How to write a rule to block phishing?

2020-06-18 Thread @lbutlr
On 15 Jun 2020, at 17:18, Daryl Rose wrote: > I analyzed the headers, the message comes from a server here in the United > States, the spam score is 5, and Spamassassian says "No Spam". SpamAssassin thinks the mail is spam if it scored 5. Someone (you?) has changed the default spam score from 5

Re: UTF-7 emails

2020-06-12 Thread @lbutlr
On 12 Jun 2020, at 08:01, Nix wrote: > On 5 May 2020, Bill Cole outgrape: >> Apparently Evolution supports UTF-7 and can be set to use it with the user >> being unaware of it. > > Probably user error -- UTF-7 is right below UTF-8 in the list of encodings > supported by the composer, so it's eas

Re: Technically not spam

2020-05-31 Thread @lbutlr
On 31 May 2020, at 06:53, micah anderson wrote: > "@lbutlr" writes: > >> Squirrelmail is not supported and I would definitely not recommend >> anyone run it, especially since you have to run a version of PHP that >> hasn’t been supported in 4 years and has kn

Re: Technically not spam

2020-05-29 Thread @lbutlr
On 29 May 2020, at 11:11, Benny Pedersen wrote: > On 2020-05-29 17:40, @lbutlr wrote: > >> I can't just blacklist the IPs because some people want these emails. > > http://squirrelmail.org/ have support for list-* headers They generally do not have list headers, of cou

Re: Technically not spam

2020-05-29 Thread @lbutlr
On 29 May 2020, at 10:57, Anne P. Mitchell, Esq. wrote: > "an e-mail recipient cannot be required to pay a fee, provide information > other than his or her e-mail address and opt-out preferences, or take any > steps other than sending a reply e-mail message or visiting a single Internet > Web p

Re: Technically not spam

2020-05-29 Thread @lbutlr
On 29 May 2020, at 10:16, Anne P. Mitchell, Esq. wrote: >> Probably not, but the user doesn't care, just wants the mail gone and to >> stop showing up. Telling them to go to the site, jump through password >> recovery hoop and then unsubscribe (which on some sites is quite difficult, >> as you

Re: Technically not spam

2020-05-29 Thread @lbutlr
On 29 May 2020, at 09:51, Antony Stone wrote: > On Friday 29 May 2020 at 17:40:42, @lbutlr wrote: >> How do people deal with lists that a user subscribed to that require >> logging in to an account to unsubscribe? > > Well, as you say in your Subject, this isn't spam

Technically not spam

2020-05-29 Thread @lbutlr
How do people deal with lists that a user subscribed to that require logging in to an account to unsubscribe? I seem to be seeing a lot more complaints from users who cannot get off lists (probably because they didn't realize they were creating an account for getting multiple-mails per day). Mo

Re: Spamass milter question

2020-05-27 Thread @lbutlr
On 27 May 2020, at 18:27, RW wrote: > I should have added that if whitelist_from_rcvd *@* server.example.com > (without the colon) is only only failing occasionally on mail from > server.example.com, it's probably just an rDNS lookup failure of some > sort. Well, I do not get anything that I co

Re: Spamass milter question

2020-05-27 Thread @lbutlr
On 27 May 2020, at 10:44, Robert Schetterer wrote: > Am 27.05.20 um 18:35 schrieb @lbutlr: >> # Allow all mailing list posts from example.com >> whitelist_from_rcvd: *@* server.example.com Actual file has "whitelist_from_rcvd *@* server.example.com" without the '

Spamass milter question

2020-05-27 Thread @lbutlr
What, if any, local SpamAssassin settings does spams-milter use when processing incoming mail? For example, if I wanted to white list a sender or blacklist a domain, would the general settings in /usr/local/etc/spamassasin/local.cf be the place? I am wondering because I have a server whiteliste

Re: whitelist_auth and outlook.com

2020-05-24 Thread @lbutlr
On 22 May 2020, at 14:25, Benny Pedersen wrote: > too many ip4 in there spf makes it untrusted here, sorry Why would the number of OPv4 addresses matter? -- But of course there were the rules. Everyone knew there were rules. They just had to hope like Hell that the gods knew the rules

Re: spamc learning/reporting

2020-05-17 Thread @lbutlr
> On 17 May 2020, at 10:07, Grant Taylor wrote: > > On 5/16/20 8:16 AM, micah anderson wrote: >> 1. I cannot pass a full email address to -u, if I pass 'user' it works, but >> if I pass 'u...@example.com' it fails. How do people handle this with >> multiple domains? > > It's been about 15 y

Re: base64 encoded sextorsion

2020-04-29 Thread @lbutlr
On 29 Apr 2020, at 07:42, Joseph Brennan wrote: > FYI part of the sender list below. I don't perceive a pattern to how > they are generated. (This is from sort -u, not the order of arrival.) Pattern is to take a name or common word and pad it with garbage characters before and after. “Hey, if c

Re: Occasional rejections.

2020-04-28 Thread @lbutlr
> On 28 Apr 2020, at 12:06, Reindl Harald wrote: > > > > Am 28.04.20 um 20:01 schrieb @lbutlr: >> On 28 Apr 2020, at 02:58, Reindl Harald wrote: >>> Am 28.04.20 um 10:38 schrieb @lbutlr: >>>> I get occasional mails like this: >

Occasional rejections.

2020-04-28 Thread @lbutlr
I get occasional mails like this: > On 24 Apr 2020, at 18:33, users-h...@spamassassin.apache.org wrote: > > Hi! This is the ezmlm program. I'm managing the > users@spamassassin.apache.org mailing list. Etc. > Return-Path: <> > Received: (qmail 34298 invoked for bounce); 14 Apr 2020 19:22:46 -00

Re: URI is counted two times

2020-03-29 Thread @lbutlr
On 28 Mar 2020, at 01:09, Cecil Westerhof wrote: > Should not one of those two be removed, because it is now penalised > two times. It is penalized for being in SURBL and then penalized for being in the DBL; seems perfectly reasonable to me. -- "You're just impressed by any pretty girl who c

Re: SpamAssassin Milter – Milter for spam filtering with SpamAssassin

2020-03-09 Thread @lbutlr
On 09 Mar 2020, at 10:43, David Bürgin wrote: > I used to be a user of an alternative milter, spamass-milt, Do you mean spamass-milter or is this another filter for SA I don’t know? -- "Alas, earwax.”

Re: Question on early detection for relay spam

2020-03-04 Thread @lbutlr
On 04 Mar 2020, at 16:27, Rupert Gallagher wrote: > Fails with travelling clients. Depends. I block several countries from accessing my mail server. If someone travels to one of those countries, they can use webmail to access their mail. There are always options. However, most people simply us

Re: From Spoofed

2020-03-02 Thread @lbutlr
On 02 Mar 2020, at 09:32, Robert A. Ober wrote: > On 2/26/20 9:54 AM, Bill Cole wrote: >> >> Which puts you in the top 99.999th percentile of email server skills >> worldwide! > Ha, I hope that's wrong:-) I’m sure it is, it’s more like 99.999% Do we think there are 80,000 people in the world

Re: SQL preferences: where does the _DOMAIN_ in the query come from

2020-02-19 Thread @lbutlr
On 18 Feb 2020, at 14:48, RW wrote: > It seems perfectly clear to me, if read carefully. The definition is clear, but the original post specifically addressed the lack of _DOMAIN_ being defined: On 18 Feb 2020, at 00:36, Guido Goluke, Majorlabel wrote: > In my setup, the domain variable is em

Re: SQL preferences: where does the _DOMAIN_ in the query come from

2020-02-18 Thread @lbutlr
On 18 Feb 2020, at 07:25, RW wrote: > On Tue, 18 Feb 2020 06:54:22 -0700 @lbutlr wrote: > >> On 18 Feb 2020, at 05:30, RW wrote: >>> On Tue, 18 Feb 2020 08:36:11 +0100 Guido Goluke, Majorlabel wrote: >>>> I'm in the process of setting up my preferences

Re: SQL preferences: where does the _DOMAIN_ in the query come from

2020-02-18 Thread @lbutlr
On 18 Feb 2020, at 05:30, RW wrote: > On Tue, 18 Feb 2020 08:36:11 +0100 Guido Goluke, Majorlabel wrote: >> I'm in the process of setting up my preferences through SQL. Now >> spamc is invoked through a Postfix milter, but that's besides the >> point, since whatever way spamc is called, it can onl

Re: 3.4.3 fails to start

2019-12-15 Thread @lbutlr
On 15 Dec 2019, at 00:42, Henrik K wrote:On Sat, Dec 14, 2019 at 06:49:17PM -0700, @lbutlr wrote:# sa-update plugin: failed to parse plugin (from @INC): Can't locate BSD/Resource.pm in @INC (you may need to install the BSD::Resource module) (@INC contains: /usr/local/lib/perl5/site_perl

Re: 3.4.3 fails to start

2019-12-14 Thread @lbutlr
On 14 Dec 2019, at 18:49, @lbutlr wrote: > child process [51792] exited or timed out without signaling production of a > PID file: exit 255 at /usr/local/bin/spamd line 3034. > /usr/local/etc/rc.d/sa-spamd: WARNING: failed to start spamd On a lark I ran sa-compile which threw some pe

3.4.3 fails to start

2019-12-14 Thread @lbutlr
Exists 3.4.2 install. After using ports to update to 3.4.3 I tried to restart sa-spamd as I usually do after an update: # service sa-spamd restart Stopping spamd. Waiting for PIDS: 11957. Starting spamd. child process [51792] exited or timed out without signaling production of a PID file: exit 2

Re: Spamassassin reporting

2019-12-06 Thread @lbutlr
On 04 Dec 2019, at 17:07, Chris Pollock wrote: > Here's what I use for my home system That’s nifty, though it would be nice if it could handle compressed files. -- Train Station: where the train stops. Work Station: …

Re: Can someone explain how to read Bayes stats?

2019-11-27 Thread @lbutlr
On 27 Nov 2019, at 06:52, Anders Gustafsson wrote: > 0.000 0 3184 0 non-token data: nspam > 0.000 0 17298 0 non-token data: nham Plenty of spam and ham learned > 0.000 0 1553643652 0 non-token data: oldest atime Oldest data is

Re: shortcircuit on alread x-spam-flag: yes

2019-11-26 Thread @lbutlr
Oops. Sorry about that. > On 26 Nov 2019, at 13:22, @lbutlr wrote: > > You know a thorn can main / But a lover does the same / A gem will > reflect light / And a Fool will marvel at the sight / A fool such > as me, > /Who sees not the gold, but the beauty of the

Re: shortcircuit on alread x-spam-flag: yes

2019-11-26 Thread @lbutlr
On 26 Nov 2019, at 08:11, Philipp Ewald wrote: > we have "old customer" (with historical terms) there have forwarding rules > for any mail and we are not allowed to set SPAM Filter rule or to change the > forwarding rules. Forwarding spam is a good way to be blacklisted as a spam source. This i

Re: Getting spamass-milter to work with postfix

2019-11-24 Thread @lbutlr
On 24 Nov 2019, at 11:23, Bill Cole wrote: > setting "smtpd_delay_open_until_valid_rcpt = no" should make it available. By > default, postfix does not commit a file descriptor and queue ID to a message > until it has an accepted recipient. Setting that option to "no" causes it to > open the fi

Re: List Of Available Spamassassin Rule

2019-10-25 Thread @lbutlr
On 24 Oct 2019, at 07:24, Savvas Karagiannidis wrote: > you use a perl script like this: That’s useful enough it should be part of the SA install. -- No matter how fast light travels it finds the darkness has always got there first, and is waiting for it.

Re: Facebook notifications sent from dynamic address

2019-10-07 Thread @lbutlr
On Oct 7, 2019, at 11:35 AM, Kris Deugau wrote: > So tempting to let my inner BOFH out and just convert those to blacklist_from > entries instead though… So, so tempting! -- "A synonym is a word you use when you can't spell the word you first thought of." - Burt Bacharach

Re: Migrating from sendmail to Postfix

2019-09-30 Thread @lbutlr
On Sep 30, 2019, at 7:28 PM, Ramon F Herrera wrote: > On 9/29/2019 3:10 PM, Bill Cole wrote: >> Beyond translating configuration, there's one important part of Postfix >> that has no Sendmail equivalent: the postscreen front-line SMTP screener >> program. Postscreen implements a greeting pause,

Re: Spam child

2019-09-15 Thread @lbutlr
On Sep 15, 2019, at 3:03 PM, RW wrote: > On Sun, 15 Sep 2019 13:36:13 -0600 > @lbutlr wrote: >> On Sep 15, 2019, at 6:53 AM, RW wrote: >>> When child processes are running as root they switch to the unix >>> user running spamc (or specified with spamc -u) for pr

Re: Spam child

2019-09-15 Thread @lbutlr
On Sep 15, 2019, at 6:53 AM, RW wrote: > When child processes are running as root they switch to the unix user > running spamc (or specified with spamc -u) for processing the scan. If > that would still result in root being used the child process switches > to nobody instead. OK, should I set r

Re: Spam child

2019-09-15 Thread @lbutlr
On Sep 15, 2019, at 1:09 AM, Axb wrote: > On 9/14/19 9:30 PM, @lbutlr wrote: >> I am still getting spammed processes that last for hours or days. When I >> kill them, `kill -9` they come back after the load drops. The processes use >> 100% of the processor. >> nobod

Re: Scoring TLS.

2019-09-06 Thread @lbutlr
On 6 Sep 2019, at 14:37, @lbutlr wrote: > I do need to go through the logs again at some point and see how things are > shaping up. It would be interesting to see what the server-to-server > encryption looks like now for valid mail. I suspect that 1.1 has dropped to > near 0 and

Re: Scoring TLS.

2019-09-06 Thread @lbutlr
t; it's better to allow it than forgint it to go plaintext or reject the mail >>> at all. > >>> On 06.09.19 00:57, @lbutlr wrote: >> I don’t agree. It is thinking like this that leads to people still wanting >> to use RC4-SHA or HTTP AUTH. > > the alt

Re: Score in subject differs from score in headers

2019-09-06 Thread @lbutlr
On 6 Sep 2019, at 10:35, Riccardo Alfieri wrote: > On 06/09/19 17:45, David Galloway wrote: > >> For example, I'm looking at an e-mail now with "* SPAM 5.4 *" in >> the subject but "X-Spam-Status: No, score=3.2 required=5.0" > > since when does SpamAssassin also writes the scores in the

Re: Scoring TLS.

2019-09-06 Thread @lbutlr
On 6 Sep 2019, at 01:57, Matus UHLAR - fantomas wrote: > On 06.09.19 00:57, @lbutlr wrote: >> TLSv1.0 is EOLed and should not be used nor supported. > > well, if your clients (some old server installations) only support tls1.0, > it's better to allow it than forgint it to

Re: Scoring TLS.

2019-09-05 Thread @lbutlr
On 6 Sep 2019, at 00:51, Reio Remma wrote: > Even though I recall QMail having TLSv1 back when we were still using it. TLSv1.0 is EOLed and should not be used nor supported. But yes, mailing lists are therein reason I a=have not gone 100% TLS myself (it’s not just this one, sadly). There is ve

Re: Many sa-learn processes getting stuck

2019-08-30 Thread @lbutlr
On 30 Aug 2019, at 12:32, @lbutlr wrote: > That is probably my error then. I remove the -Q flag manually and didn’t > check -u since there is a scan user on the system. Found the problem, it wasn’t spam assassin at all, it was an old crontab script that someone how was re-enabled. remo

Re: Many sa-learn processes getting stuck

2019-08-30 Thread @lbutlr
On 30 Aug 2019, at 11:49, RW wrote: > On Fri, 30 Aug 2019 10:58:30 -0600 > @lbutlr wrote: > >> I have a lot of processes that look like this: >> >> root 48359 100.0 1.4 55984 47680 - R17:53 989:39.50 >> /usr/local/bin/perl -T -w /usr/l

Re: Many sa-learn processes getting stuck

2019-08-30 Thread @lbutlr
On 30 Aug 2019, at 11:49, RW wrote: > On Fri, 30 Aug 2019 10:58:30 -0600 > @lbutlr wrote: > >> I have a lot of processes that look like this: >> >> root 48359 100.0 1.4 55984 47680 - R17:53 989:39.50 >> /usr/local/bin/perl -T -w /usr/l

Many sa-learn processes getting stuck

2019-08-30 Thread @lbutlr
I have a lot of processes that look like this: root 48359 100.0 1.4 55984 47680 - R17:53 989:39.50 /usr/local/bin/perl -T -w /usr/local/bin/sa-learn --spam -u vscan /usr/local/virtual/kr...@kreme.com/Maildir/.Junk/cur/15670… /usr/local/virtual/kr...@kreme.com/Maildir/.Junk/cu

Re: SIGCHLD died

2019-08-16 Thread @lbutlr
On 15 Aug 19, at 23:06 , Bill Cole wrote: > On 15 Aug 2019, at 18:41, @lbutlr wrote: > >> I am getting many many pop these errors: >> >> spamd: handled cleanup of child pid [89330] due to SIGCHLD: DIED, signal 11 >> (000b) > > How fun... A segfault: som

SIGCHLD died

2019-08-15 Thread @lbutlr
I am getting many many pop these errors: spamd: handled cleanup of child pid [89330] due to SIGCHLD: DIED, signal 11 (000b) It doesn’t appear to be affecting mail delivery, but still, I’d like to avoid them. I have spamass-milter running: /usr/local/sbin/spamass-milter -f -p /var/run/spamas

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-04 Thread @lbutlr
On 3 Jul 2019, at 05:08, Stephan Seitz wrote: > By the way is this plugin necessary if you are using postfix/postscreen with > your DQS key? That was my question as well.

  1   2   3   4   >