Re: Spamhaus Technology contributions to SpamAssassin

On 3 Jul 2019, at 06:54, Riccardo Alfieri wrote: > If you have a debian based distriution, do an > > # apt-get install liblist-moreutils-perl > > or, if you use something RPM based, the correct command should be > > # yum install perl-List-MoreUtils portmaster lang/p5-List-MoreUtils or pkg i

Re: MySQL

On 2 Jul 2019, at 14:21, Kevin A. McGrail wrote: >> I guess the tl;dr version of my question (too late!) is how is the username >> field populated in the database? > > I think you are mixing up the user preference table and the naive bayesian > table. Apologies if the docs aren't clear. Pleas

Re: MySQL

On 2 Jul 2019, at 09:12, Kevin A. McGrail wrote: > Those are still accurate as not much has changed. The new 3.4.3 rc3 has > some SQL changes for a last updated field which I've added over the > years for a cron job as well to clear out old entries. Thanks, should I wait? Looking over both the

MySQL

Is bayes_store_module Mail::SpamAssassin::BayesStore::MySQL Still the current best configuration option for implementing bays SQL? I ask because the documentation I found mentions things like MySQL 4.1 so it’s a rather old document. In fact, it is old enough it’s from SA 3.1 days. I tried to s

Re: Zero-width rules?

On Jun 28, 2019, at 11:33 AM, Antony Stone wrote: > https://litmus.com/blog/the-little-known Ah, right, THAT is why I have previews disabled on all my mail clients, I’d honestly forgotten. -- Han Solo: Damn fool, I knew you were going to say that. Ben: Who's the more foolish, the fool, or t

Re: How to create my personal RBL

On Jun 25, 2019, at 10:09 AM, David B Funk wrote: > It's pretty simple to set up your own local private DNS zones using rbldnsd. > Adding/updating those kinds of zones is simple as adding or editing lines in > a text file (as simple as echo ".this.bad.domain :127.0.0.2:" >> > my-zone-file ).

Re: spamass-milter reject?

On Jun 25, 2019, at 11:36 AM, Matt Anton wrote: > On 25 Jun 2019, at 2:57, @lbutlr wrote: > >> These are inbound messages being delivered to local users with high spam >> scores. I want Spamassassin-milter to honor the -r 10 flag setting to reject >> messages scor

Re: spamass-milter reject?

On 24 Jun 2019, at 14:08, Matt Anton wrote: > On 23 Jun 2019, at 22:39, @lbutlr wrote: > >> I did `postfix relaod` >> >> and the milter is running with the flags shown in the OP. > > Talking about it and your recent thread there, why didn’t you use > spamas

Re: Ten Minute emails domains

On 24 Jun 2019, at 08:27, Kevin A. McGrail wrote: > On 6/24/2019 10:25 AM, @lbutlr wrote: >> Adding the list of domains is pretty straightforward, though it seems like >> the start of an endless game of whack-a-mole and there are probably better >> ways to do this.

Re: Ten Minute emails domains

On 24 Jun 2019, at 07:48, Kevin A. McGrail wrote: > Interesting idea, please post it up on bugzilla. If you can work on a plugin, > that would be ideal. A plugin? It’s just a list of server names, right? find: (.*) replace: enlist_addrlist (FROM_10MINMAILS) *\1 However, using the whatbreach

Re: spamass-milter reject?

OK, the accept was not the issue. Got another email in: Jun 23 14:19:16 mail spamd[9849]: spamd: identified spam (15.7/5.0) for *munge*@covisp.net:58 in 1.5 seconds, 4275 bytes. Jun 23 14:19:16 mail spamd[9849]: spamd: result: Y 15 - BAYES_99,BAYES_999,DKIM_INVALID,DKIM_SIGNED,HTML_IMAGE_ONLY_

Re: spamass-milter reject?

On 23 Jun 2019, at 12:22, Matus UHLAR - fantomas wrote: > is the milter really in action? is it the only milter? It is the only milter and messages are getting tagged as shown in the logs, just the ones scoring over 10 are not getting rejected. Oh, hang on a second, I seem to have left my testi

spamass-milter reject?

Using Spamassassin-milter via postfix: spamass-milter is running with these settings: /usr/local/sbin/spamass-milter -f -p /var/run/spamass-milter.sock -u spamd -e -i 65.121.55.40/29 -i 127.0.0.1 -r 10 Reading the man page, -r 10 should be rejecting mail that is scored over 10, yes? Jun 23 10

Re: Mail to local users

On 17 Jun 2019, at 11:32, @lbutlr wrote: > The message WAS sent via an authenticated connection: > > Jun 16 15:26:32 mail postfix/submit/smtpd[52711]: 45RnTh0J8KzdrvJ: > client=c-73-14-161-160.hsd1.co.comcast.net[73.14.161.160], sasl_method=PLAIN, > sasl_username=kr...@kreme.com

Re: Rules for invisible div and 0pt font?

On Jun 17, 2019, at 1:30 PM, Amir Caspi wrote: > Wouldn't that only be true for dynamic content that can actually evaluate the > screensize, and hence would require javascript? Or is there a way of doing > this with static email content? (I'm very well versed in HTML for web > browsers, but n

Re: Rules for invisible div and 0pt font?

On Jun 17, 2019, at 1:14 PM, Amir Caspi wrote: > rawbody AC_HIDDEN_ELEMENT /display\s*:\s*none\s*;/ Since display:none is a pretty common method for showing and hiding elements depending on things like screen size, I would guess this is going to hit mostly ham. -- It was easy to b

Re: Mail to local users

On Jun 17, 2019, at 12:28 PM, David B Funk wrote: > Taking a quick look at the source code for spamass-milter (I use a different > milter) I can see that it explicitly needs '{auth_type}' and '{auth_ssf}’ so > you can ignore {auth_authen} & {auth_author}. The default settings for postfix includ

Re: Mail to local users

On 17 Jun 2019, at 11:06, Reindl Harald wrote: > Am 17.06.19 um 16:30 schrieb @lbutlr: >> Received: from darth.lan (c-73-14.161.160.hsd1.co.comcast.net >> [73.14.161.160]) >> by mail.covisp.net(Postfix 3.4.5/8.13.0) with SMTP id unknown; >> Sun,

Re: Mail to local users

On 17 Jun 2019, at 02:07, Matus UHLAR - fantomas wrote: >> But how do I tell spamass-milter not to check for PBL and other similar >> tests on mails from local users to local users? > > don't. This is exactly what spammers try for years to avoid being detected. Spammers are not local users on my

Re: Mail to local users

On 16 Jun 2019, at 17:01, David Jones wrote: > Find the header being added by your Postfix MTA and add a rule to > subtract points for authenticated senders. It should have "ESMTPSA" > when sent by an authenticated account. The header postfix added was in the first post and does not have ESMTP

Re: Mail to local users

On 16 Jun 2019, at 16:06, Reindl Harald wrote: > Am 16.06.19 um 23:41 schrieb @lbutlr: >> When I send an mail from my home machine to a user who is local to my mail >> server, SpamAssassin (via spmass-milter) tags the mail as spam entirely >> because my home IP is in the PB

Mail to local users

When I send an mail from my home machine to a user who is local to my mail server, SpamAssassin (via spmass-milter) tags the mail as spam entirely because my home IP is in the PBL blacklist. Which of course, it is and it should be. However, since the mail is actually originating on my server wit

Re: __YOU_WON_01 FP on *won’t* with right single quotation mark

On Jun 10, 2019, at 12:43 PM, Olivier Coutu wrote: > I would suggest a second negative lookahead to correct the issue. If the rule doesn’t hit enough spam, the score goes down. It doesn’t matter if it’s esoterically correct or not. -- If it wasn't for the pirates, I bet Star Wars: Ep III woul

Re: Extra debug output for -D

On 10 Jun2019, at 11:29, Shreyansh Shrivastava. wrote: > Hey everyone is there a way to add an extra DEBUG output for "spamassassin > -D” ? I don’t understand the question. What are you trying to do? -- A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated

Re: perl core dumping

On Jun 6, 2019, at 1:17 PM, @lbutlr wrote: > I’ve rebuilt Spamassasin from ports several times, including rebuilding all > dependancies. Rebuilt again, this time with postmaster -fr to rebuild everything that spamassassin depends on as well as its dependencies. Seems to have done the tr

Re: perl core dumping

On May 30, 2019, at 1:57 AM, @lbutlr wrote: > The zero length temp file is left behind. Finally got back to this (I’ve been ill) and have a little but more information. When I try to feed a single message to sa-learn -D —spam /path/to/mailfile I get many lines ending with: > Jun 6

Re: perl core dumping

On 29 May 2019, at 18:26, @lbutlr wrote: > May 29 18:06:12 mail kernel: pid 10588 (perl), uid 58: exited on signal 11 > > perl is used by SpamAssassin (only, I believe). I see some sporadic other > spamd logged errors in the same log file, but they seem to be several minutes &g

Re: perl core dumping

On May 29, 2019, at 19:11, Reindl Harald wrote: > > configure proper timeouts in the SA instance for the milter I disabled the rule in my local.cf, but the core dumps continue. Otherwise my local.cf and SpamAss-Miller config is pretty much unchanged from what it’s been the last several years.

Re: perl core dumping

On 29 May 2019, at 18:26, @lbutlr wrote: > Seeing a lot of this in the messages log > > May 29 18:03:01 mail kernel: pid 99745 (perl), uid 0: exited on signal 11 > (core dumped) Could these be a result of the __STYLE_GIBBERISH_1 fault discussed in other threads? -- There is NO Rule six!

perl core dumping

Seeing a lot of this in the messages log May 29 18:03:01 mail kernel: pid 99745 (perl), uid 0: exited on signal 11 (core dumped) May 29 18:03:03 mail kernel: pid 457 (perl), uid 0: exited on signal 11 (core dumped) May 29 18:03:06 mail kernel: pid 1456 (perl), uid 0: exited on signal 11 (core d

Time based rules?

I've noticed that the majority of spam I get comes in between 0900 and 1000, local time. In the past couple of months well more than 50% of spam (well, at least spam that isn't getting tagged) comes in during this hour, with a smaller percentage within an our (0800-0900, 1000-1100). Just me? A

Re: bad arg length for Socket::unpack_sockaddr_in

On 23 May 2019, at 04:36, @lbutlr wrote: > perl 5.2.8 Sorry. Perl 5.28.2 -- Forgive your enemies, but remember their names.

Re: bad arg length for Socket::unpack_sockaddr_in

On 21 May 2019, at 23:37, @lbutlr wrote: > May 21 23:20:56 mail spamd[22787]: spamd: error: Bad arg length for > Socket::unpack_sockaddr_in, length is 28, should be 16 at > /usr/local/lib/perl5/5.28/mach/Socket.pm line 848. > May 21 23:20:56 mail spamd[22787]: , continuing at /u

Re: bad arg length for Socket::unpack_sockaddr_in

On 22 May 2019, at 01:06, Giovanni Bechis wrote: > there should be message like > "spamd: connection from %s [%s]:%s to port %d, fd %d" in your log files at > that time, could you post the relevant info ? When spamass-milter and spamd start, this is logged: spamd[22640]: util: setuid: ruid=0 eu

bad arg length for Socket::unpack_sockaddr_in

With spamassassin-3.4.2_3 and spamass-milter-0.4.0_3 and perl5-5.28.2 running on FreeBSD 11.2 I am getting the following in the mail.log when postfix tries to feed a mail to spamass-milter. At least I think that's when it is. May 21 23:20:56 mail spamd[22787]: spamd: error: Bad arg length for S

Re: Masscheck statistics

This garbafge is inappropriate for a mailing list. It is also enforceable BS (I use to post ever email with this kind of garbage to a public website) On 15 May 2019, at 10:55, Paul Stead wrote: > This message is private and confidential. If you have received this message > in error, please noti

Re: Spamd error message "failed to obtain port and ip from socket"

On 14 May 2019, at 07:52, Emanuel Gonzalez wrote: > [root@server ~] # spamassassin --version > SpamAssassin version 3.4.1 > running on Perl version 5.10.1 5.10? Isn't that like... 15 years old? Definitely at least 10. So I don't think perl updates is your problem. -- My little brother got hi

Re: locally submitted / outgoing mail hitting multiple rules

On 26 Apr 2019, at 09:50, Matus UHLAR - fantomas wrote: > This leads me to testing rule: > > meta TRUSTED_SUBMISSION ALL_TRUSTED && __DOS_SINGLE_EXT_RELAY > describe TRUSTED_SUBMISSION mail submitted by trusted client > score TRUSTED_SUBMISSION -3 > > For now, I am testing this rule

Re: Question about scoring and autolearning

On 18 Apr 2019, at 12:32, Sam wrote: > I guess I’ll have to raise some scores to make it learn. Reconsider. The message was clearly marked as spam with a score more than 6 times the threshold. There is nothing here to train, SA did its job. -- Light thinks it travels faster than anything but

Re: Question about scoring and autolearning

On 18 Apr 2019, at 11:56, Sam wrote: > However, even with heavy spam, autolearn does not seem to engage in spam > mode. Why do you think it should? Did you check the message with spamassassin -D? You might want to read this: --

Re: Spammer in white list aka USER_IN_DEF_SPF_WL

On 17 Apr 2019, at 15:16, jandev wrote: > Surprisingly the ip/domain is part of a SA shipped white list: Rule > USER_IN_DEF_SPF_WL gave it -7.5! Is there a reason you didn't disclose the IP address? That domain is NOT listed in the current 60_whitelist_spf.cf It IS listed in 60_whitelist_auth.c

Re: uninitialized value $( in Util.pm line 1595

On 10 Apr 2019, at 07:29, @lbutlr wrote: > I mean, sure, it's mostly above my head, but reading the process you guys > have gone through is just fascinating and tickles my nerd bones. Oh, and then this just came across my screen; it feels shockingly apropos. <https://gizmodo.c

Re: uninitialized value $( in Util.pm line 1595

On 9 Apr 2019, at 15:01, Bill Cole wrote: > I was finally able to reproduce this and in doing so I nailed down a > definitive fact: this is a bug in the RedHat-built perl. Man, I love threads like this. I mean, sure, it's mostly above my head, but reading the process you guys have gone throug

Re: uninitialized value $( in Util.pm line 1595

On 8 Apr 2019, at 16:38, @lbutlr wrote: > On 8 Apr 2019, at 15:41, Amir Caspi wrote: >> I'm guessing this is happening because the spamc user is a member of >> multiple groups > > Is it usually too have a spam user? spamc user, even. -- If women wear a pair of pan

Re: uninitialized value $( in Util.pm line 1595

On 8 Apr 2019, at 15:41, Amir Caspi wrote: > I'm guessing this is happening because the spamc user is a member of multiple > groups Is it usually too have a spam user? -- "He loves Nature in spite of what it did to him." - Forrest Tucker

Re: Amazon continues to get tagged as spam

On 2 Apr 2019, at 09:49, @lbutlr wrote: > Ah, yes, Good point. Maybe it will work now, I rand the message from two days ago through spamc and got: X-Spam-Status: No, score=-94.6 required=5.0 tests=BAYES_99,BAYES_999, DKIM_ADSP_ALL,DKIM_INVALID,DKIM_SIGNED,MIME_HEADER_CTYPE_O

Re: Amazon continues to get tagged as spam

On 2 Apr 2019, at 07:10, Matus UHLAR - fantomas wrote: > you can pass the same mail through SA after delivery, to see if anything > changed. Can't you? Ah, yes, Good point. -- "He is not only dull himself; he is the cause of dullness in others." Samuel Johnson

Re: Amazon continues to get tagged as spam

On 2 Apr 2019, at 03:52, Matus UHLAR - fantomas wrote: > whitelist_from_rcvd @amazon.com amazonses.com should apparently be: > whitelist_from_rcvd *@amazon.com amazonses.com I'll try that. > and why doesn't whitelist_from order-upd...@amazon.com > work could be shown in SA debug mode. But I'd h

Re: Amazon continues to get tagged as spam

On 2 Apr 2019, at 03:14, @lbutlr wrote: > stillness immanuel to tag the email. Sorry, not sure what happened there. I think I meant to type "would still not have the impact to tag the email" or something like that. -- Wife: Who are you talking to? Husb: [on phone] Jon Wife: Are

Re: Amazon continues to get tagged as spam

On 1 Apr 2019, at 17:58, David B Funk wrote: > > There's something wrong with your mail system which is trashing not only your > DKIM processing but your SPF processing too. OK, but the whitelist is till not working and should be applying a -100 score, so the DKIM and SPF issues would stillnes

Re: Filtering at border routers: Is it possible?

On 24 Mar 2019, at 19:06, Reindl Harald wrote: > well, given all that technical bullshit you are talking on several lists > at least for 5 years better shut up... I asked you to stop emailing me directly, so stop emailing me directly. -- Well I've seen the Heart of Darkness/Read the writing o

Re: Filtering at border routers: Is it possible?

On 24 Mar 2019, at 13:12, Grant Taylor wrote: > That changed within the last couple of years. Check out RFC 8314. Which I posted a few messages upthread. On 24 Mar 2019, at 13:16, Grant Taylor wrote: > On 3/24/19 1:00 PM, @lbutlr wrote: >> And didn't Microsoft start using

Re: Filtering at border routers: Is it possible?

golden. > > On 23.03.19 21:13, @lbutlr wrote: >> Port 465 was a not-standard MSFT crutch, ut is now used for SMTPS and is >> fully supported. > > i did think the same, but: > > In early 1997, the Internet Assigned Numbers Authority registered port 465 > for smtps.[

Re: Filtering at border routers: Is it possible?

On 23 Mar 2019, at 23:06, RALPH HAUSER wrote: > STOP EMAILING ME! TAKE ME OFF OF THIS! No. You are the only person who can unsubscribe yourself from the list. In the headers of *EVERY SINGLE* message there are these lines. list-help: list-unsubscribe

Re: Filtering at border routers: Is it possible?

On 23 Mar 2019, at 14:03, Rupert Gallagher wrote: > I disagree with Kevin on port 587, because it is vulnerable to mitm attacks. You're going too needy too back that up with actual facts. > I was royally pissed when they introduced port 587 and deprecated port 465. > Port 587 is an RFC mandate

Re: Filtering at border routers: Is it possible?

On 22 Mar 2019, at 13:00, Matt V wrote: > WHY⁉️ Don't do this, it is just hostile. -- The Force can have a strong influence on a weak mind.

Re: Filtering at border routers: Is it possible?

On 22 Mar 2019, at 10:59, Bruno Carvalho wrote: > So, if someone knows a way to filter the mail traffic and block outbound > spam, i will be thankfull. tl;dr this is not a problem for SpamAssassin to fix. All outbound mail from anyone in your datacenter running a mail server will have to go ou

Re: No longer just embedded =9D characters in blackmail emails.

On 21 Mar 2019, at 14:27, John Hardin wrote: > On Thu, 21 Mar 2019, Martin Gregorie wrote: >> On Thu, 2019-03-21 at 12:20 -0700, John Hardin wrote: >>> >>> ...wrong thread? :) >> Unfortunately so. For some reason my mail reader's editor (I use >> Evolution) locked up on my first attempt to reply

Re: more spam is getting through :-(

> On 20 Mar 2019, at 20:04, James wrote: > > On 2019-03-18 7:40 p.m., @lbutlr wrote: >>> On 18 Mar 2019, at 13:59, James wrote: >>> >>> The documentation says to use your inbox. :-) >> It does not. > > The example shows using your inbox. T

Re: more spam is getting through :-(

> On 18 Mar 2019, at 13:59, James wrote: > > On 2019-03-17 5:43 p.m., @lbutlr wrote: >> On 17 Mar 2019, at 15:03, James wrote: >>> I run sa-learn --ham on my inboxes. >> You inboxes likely contain spam messages that haven't been caught, so >> tr

Re: more spam is getting through :-(

On 17 Mar 2019, at 15:03, James wrote: > I've been getting a lot of spam so I'm thinking of lowering the "required" > number. This is not the way to limit spam, it simply raises the false-positive. > About 50 % spam gets a 4.4 so my required=4.5 is a tiny bit high. I would say that your requir

Re: Whitelist_from??

On 14 Mar 2019, at 17:00, RW wrote: > > whitelist entries need to be globs that match an email address, not a > domain name. How sophisticated is SA's globbing? ^(\w+)([\-.'][\w]+)+@domain.tld$ ? -- These are the thoughts that kept me out of the really good schools. -- George Carlin

Whitelist_from??

I've been having a lot of problems with emails from comixology getting tagged as spam and then the message attachment is often, but not always, corrupt. Content analysis details: (6.8 points, 5.0 required) pts rule name description -- -

Re: Semi Off-topic: VFEMail destroyed

On 15 Feb 2019, at 19:11, David Niklas wrote: > You mean like this? > rsync -cav --delete /current-empty-part s...@backup.com/very-safe-backup > :) No, that would be exceedingly foolish. If you are doing something like rsync, you run the backup task on the remote server. The machine being backe

Re: Semi Off-topic: VFEMail destroyed

On 15 Feb 2019, at 06:34, Rupert Gallagher wrote: > Live backups are unheard of. They aren’t, in fact. But no one was talking about live backups. -- A lot of people and the smell of sausages meant a performance of the street theatre that was life in Ankh-Morpork.

Re: Semi Off-topic: VFEMail destroyed

On 14 Feb 2019, at 19:31, Grant Taylor wrote: > > If VFE had backups stored off-site via something like Amazon Glacier with no > normal in-band connectivity between the main systems and the backups, and the > hacker went out of their way to delete the backups, I don't think I could > hold /tha

Re: Semi Off-topic: VFEMail destroyed

On 14 Feb 2019, at 09:37, Kevin A. McGrail wrote: > I blame the hackers so I haven't posted about this when all the articles came > out because you don't blame the victim. Sure, I blame the hackers too, but there must be a lot of responsibility placed on a company that failed so miserably to p

Re: Having trouble getting Spamassassin to work on Ubuntu Server 18.10

On 10 Feb 2019, at 00:30, Ken Wright wrote: > I've been trying to set up an email server Don't do it! Seriously, running and maintaining a mail server is practically a full-time job. Do you really want to spend a lot of time (and some time nearly every day) maintaining and patching and dealing

Re: adding _SCORE_ to all messages

> On 27 Jan 2019, at 12:34, John Hardin wrote: > > On Sun, 27 Jan 2019, LegendGamesMaster wrote: > >> Yep - i've just finished examining the logs and the size was over our default >> (256k on our system for some reason). Limit increased, and it appears to >> have solved the issue. Will keep c

Re: mail with HUNDREDS of links not being checked

On 27 Jan 2019, at 04:20, LegendGamesMaster wrote: > email with a hidden DIV containing HUNDREDS of links in succession. How large are the emails. SA has a rather low threshold for the max size of messages (for good reasons). -- 'Good and bad is tricky, she [Esme] said. 'I ain't too certain

Re: sa-update is broken on updates.spamassassin.org channel [was: Re: config: warning: description exists for non-existent rule EXCUSE_24]

On 21 Dec 2018, at 15:52, Bill Cole wrote: > cd `mktemp -d -t HappyMichael???` I'd prefer you did cd `mktemp -d -t saupdate` -- I gotta straighten my face This mellow-thighed chick just put my spine out of place

Re: spamass_milter_localflags

On 26 Nov 2018, at 15:35, Bill Cole wrote: > Yes, spamass-milter is apparently abandonware. Thank you. I’ll look about for something else, but I *think* I have it working at this point, other than the one time complaint at startup which it appears I can live with. I do appreciate your knowled

Re: spamass_milter_localflags

nt preview: On 26 Nov 2018, at 08:21, Bill Cole wrote: > On 26 Nov 2018, at 9:17, @lbutlr wrote: > > [...] >> I have spamass-milter setup and running, and it is tagging m [...] Content analysis details: (5.8 points, 5.0 required) pts rule name

spamass_milter_localflags

.13.0) with SMTP id unknown; Mon, 26 Nov 2018 07:17:05 -0700 (envelope-from ) Content-Type: text/plain; charset=utf-8 Subject: spamass_milter_localflags From: "@lbutlr" Date: Mon, 26 Nov 2018 07:17:05 -0700 X-Random-Signature: Apple Broke Applescrip[t acces

Re: Lost mail during update

On 26 Nov 2018, at 06:42, David Gibbs wrote: > On 11/21/2018 12:56 AM, @lbutlr wrote: >> While updating spamassassin, several emails were destructive lost >> because of the absence of spamc. To be fair, the date did get stuck >> unexpectedly asking for a confirmation, but st

Re: semi-OT - reporting an organization that ignores unsubscribe requests

This is a very excessive signature block. I’m glad your proud of your resume, but inflicting itnon a mailing list with every post is a bit much. On Nov 21, 2018, at 12:39, Anne P. Mitchell, Esq. wrote: > Anne P. Mitchell, > Attorney at Law > GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant >

Sought Rules

The page at https://wiki.apache.org/spamassassin/ImproveAccuracy lists Sought rules as recommended. The link leads to https://wiki.apache.org/spamassassin/SoughtRules which states "this is no longer active, and should not be used.” -- "I hate to advocate drugs, alcohol, violence, or insanity

Lost mail during update

While updating spamassassin, several emails were destructive lost because of the absence of spamc. To be fair, the date did get stuck unexpectedly asking for a confirmation, but still I’d like to avoid this happening again. Nov 20 10:20:34 mail postfix/pipe[73448]: 42zsss3jHVzcfQ1: to=, orig_to

Port Spamass-rules?

When updating Spam Assassin today I noticed that the notes at the end of the port install still recommend installing mail/spamass-rules. This should not be done, right? -- Get in there you big furry oaf! I don't care what you smell!

Re: Non-ascii subjects with images

On 03 Sep 2018, at 10:51, Antony Stone wrote: > It still sounds like a strange way of identifying spam to me: > > 1. surely there are far stronger indicators in the Received headers and/or > the > body itself > > 2. people are going to be using glyphs such as this more and more commonly in >

Re: Amazon failing DKIM?

On 25 Jun 2018, at 16:41, RW wrote > On Mon, 25 Jun 2018 13:01:52 -0400 > Bill Cole wrote: > >> On 25 Jun 2018, at 3:35 (-0400), @lbutlr wrote: > >>>> 0.1 DKIM_SIGNEDMessage has a DKIM or DK signature, not >>>> necessarily valid >>&g

Amazon failing DKIM?

order confirmation mails from Amazon are getting tagged as spam: > On 24 Jun 2018, at 22:16, Amazon.com wrote: > > -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no >trust >[54.240.13.20 listed in list.dnswl.org] >

Re: Remove SA tagging when learning as ham

On 18 Jun 2018, at 10:13, @lbutlr wrote: > #!/bin/sh > exec /usr/local/bin/spamassassin -d ${1} && /usr/local/bin/sa-learn -u ${1} > --ham Sorry, tyop from memory. #!/bin/sh exec /usr/local/bin/spamassassin -d && /usr/local/bin/sa-learn -u ${1} --ham I think what I

Re: Remove SA tagging when learning as ham

On 18 Jun 2018, at 08:47, RW wrote: > On Mon, 18 Jun 2018 06:13:06 -0600 > @lbutlr wrote: > >> I have a script that runs when a mail is moved out of the Junk folder >> to pass the mail through sa-learn --ham, > > > Whether this is the Dovecot plugin or someth

Remove SA tagging when learning as ham

I have a script that runs when a mail is moved out of the Junk folder to pass the mail through sa-learn --ham, but it doesn’t removed the subject tagging (Spam: 05.5) nor does it remove the X-Spam-Flag header. What would I need to do in the script to remove the SA tags on messages that are proc

Re: List From and Reply-To

On 30 May 2018, at 15:34, Luis E. Muñoz wrote: > To further the point, one of the mailboxes I manage on this box has 95K+ > messages. Apple Mail would choke to dead on this one. Not at all. I have folders in mail.app with more than twice that number of messages. -- "Two years from now, spam w

Re: List From and Reply-To

On 30 May 2018, at 08:25, Bill Cole wrote: > I can't speak to it as a MUA for mailing lists. It is, as it always has been and by design, a very bad mail client for mailing lists. (I use Apple Mail. But I use procmail to fix some of its stupidity, which is why this message goes to the list by

Re: Dynamic clients

On 31 May 2018, at 01:52, Rupert Gallagher wrote: > How much do you pay for it? Someone has a stiff piece of cellulose in a downward facing bodily orifice about spamhaus, it appears. -- Mirrors contain infinity. Infinity contains more things than you think. Everything, for a start. Including h

Re: rejection w/o sender (or recipient) knowing == dropping

On 2018-04-29 (21:02 MDT), L A Walsh wrote: > Until the past few years, email that was sent to me was either received by me > or the sender got a rejection message. Few? No, more like 20 years ago, when spam became a huge problem. If a message is spammy or contains dangerous attachments, it i

Re: dropping other's email(s) as a "best practice" for hosted email? (was: "anyone recognize these headers? ...")

On 2018-04-26 (14:41 MDT), L A Walsh wrote: > > To my way of thinking, dropping someone else's email, telling the sender the > email is being rejected for having spam-like characteristics and telling the > recipient nothing seems like it might have legal liability for the for the > user potent

Re: anyone recognize these headers? From SA or are they from another spam product?

On 2018-04-24 (18:10 MDT), L A Walsh wrote: > > What email SW censors things by rejecting them before accepting them? As other have said, the proper behavior for any mail server is to reject mail that is not desired. This may because of spam, size, types of attachments, origin, or even virus/m

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-20 (08:30 MST), Rob McEwen wrote: > > RE: The "goo.gl > " shortner is OUT OF CONTROL (+ invaluement's response) -- Technically, Aziraphale was a Principality, but people made jokes about that these days

Re: skipping nameserver '0.ns.spamhaus.org' because it is a CNAME

On 2018-03-20 (04:56 MDT), Uwe Schindler wrote: > > why they not simply blocked the Hetzner recursive name servers instead of > everything I would have to assume bad behavior on Hetzner's part. -- 'And stars don't care what you wish, and magic don't make things better, and no-one doesn't get

Re: Spammers, IPv6 addresses, and dnsbls

On 2018-03-07 (13:12 MST), Philip wrote: > > ps your server blocks .nz domains :P Mine too. I have a short list of TLDs I accept mail from, and everything else gets rejected. New Zealand hasn't come up as a country accounts on my server get mail from… basically, in help checks: /.*\.(com|n

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Feb 26, 2018, at 09:55, sha...@shanew.net wrote: > > This is why the DecodeShortURLs plugin has an explicit limit of 10 > lookups (and penalizes such with a total of 8 points). I’d guess more than one redirect is highly suspicious and more than two is probably a waste of time, just score 5.0

Re: Custom rule don't match without empty line before the string!

On 2018-02-23 (02:15 MST), saqariden wrote: > > our mailing service is not for external use, So the users are not supposed to > send or receive B64 encoded mails. I've never seen anyone *intentionally* sent base64 mails (I mean, people, not spammers). That is a decision made by the MUA. Sounds

Re: ENCRYPTED_MESSAGE rule

On 2018-02-22 (17:39 MST), RW wrote: > > Is it genuinely encrypted though? I'm wondering if it's just base64 > encoded, and possibly signed. application/pkcs7-mime is S/MIME -- Vi Veri Veniversum Vivus Vici

Re: Custom rule don't match without empty line before the string!

On 2018-02-22 (07:54 MST), saqariden wrote: > > I have the following SA rule which is supposed to block base64 encoded mails: Wow. You are going to block a lot of legitimate email that way. > bodyEN_BASE64_B/(Content-Transfer-Encoding: > base64\sContent-Type: text\/(pl

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2018-02-21 (09:27 MST), Alex wrote: > > This is what DecodeShortURLs is for > https://github.com/smfreegard/DecodeShortURLs Aha! I knew something like that must exist! -- EIR OWN DESTINY. THEY TOUCH THE EARTH LIGHTLY.

Re: Custom Rulesets

On 2018-02-21 (07:21 MST), Rajkiran Rajkumar wrote: > > Hi Spamassassin community, > My first message here, so kindly excuse any missing etiquette. I am exploring > custom rulesets and I have gone through the wiki article on it. However, it > doesn't contain any information about the up-to-date

<    1   2   3   4   >