Re: Process of domain submission for inclusion in 60_whitelist_auth.cf

the 'dev' list. Ultimately, the PMC would be the final authority on including an entry or not, however our processes for deciding anything that becomes an issue for the PMC is biased towards stability, not agility. -- Bill Cole b...@scconsult.com or billc...@apache.org

Re: number in sender name

doesn't show up now. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Process of domain submission for inclusion in 60_whitelist_auth.cf

for mail whose senders have had such problems for affirmatively wanted mail (as noticed by SA users) while NOT sending any discernible spam. As far as I can tell, there's never been a case of a sender successfully advocating for inclusion or even being consulted about inclusion or removal. We

Re: spamassassin 3.4.5 wide chars

On 2021-08-11 at 22:03:24 UTC-0400 (Thu, 12 Aug 2021 04:03:24 +0200) Benny Pedersen is rumored to have said: > https://bugs.gentoo.org/807781 > > is it solved in 3.4.6 ? That's not a SA bug report. It's a Gentoo bug report. Fix your rules. -- Bill Cole b...@scc

Re: Question about whitelisting of naadac.org

ssassin deployment would score the message shown on that test page anywhere near the standard spam threshold (5.0). SpamAssassin is not involved in how any receiving sites choose to deliver mail, all SpamAssassin does is provide a score. In this case that score is essentially zero, provided S

Re: problems updating when using a cron job on debian 11

pen by properly modifying the ownership of the directory or by running the cron job as root. This was also my answer to the (not-a-)bug report that you opened. There really isn't another answer. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: problems updating when using a cron job on debian 11

and clamd programs. There are no common circumstances where clamd needs to load specific per-user configuration or signatures, whereas that is often done with SA. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Message-ID with IPv6 domain-literal

On 2021-09-21 at 12:25:30 UTC-0400 (Tue, 21 Sep 2021 10:25:30 -0600) Grant Taylor is rumored to have said: > But why the penalty for using non-public addresses* in a Message-ID: string? Empirical evidence. The use of a non-public address in a Message-ID correlates to a message being spam. In my

Re: Disabling autolearn on given rule

I know) is funded specifically to work on it on an ongoing basis. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

SPAM? Re: Difference is score when mail is received by Postfix and when tested from the command line

least assures that you will get a few seconds of delay, which can be enough for the DNSBLs to catch up with the latest spammer. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Spam email by-pass because dkim adsp timeout

to have munged relevant domain names, it is impossible to know whether the failed lookup could or should have resulted in anything. You can set default timeouts for DNS queries in /etc/resolv.conf. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: which local.cf/user_prefs.cf?

you. If you haven't given substantial thought to how you are going to support per-user settings, you won't have that set up to work at all and you can skip thinking about user_prefs at all. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Correct KAM.cf location?

sassin/ next to local.cf. *.cf files in /etc/mail/spamassassin/ are loaded in lexical order with later directives overriding earlier ones. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Decoding Google URL redirections and check VS URI Blacklists

It would be an interesting addition to have a way to define arbitrary extractor patterns to pull elements out of a string to check against hostname blocklists or other specific classes of patterns. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: timeouts on processing some messages, started October 24

that debug output from a bad message to that of a message which doesn't hang SA. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Unicode considered harmful again

Unicode support will be better. That also means it may be easier to make this sort of attack quieter in the future, as non-ASCII rules won't be definitively wrong as they are now. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: spam from gmail.com

WL or other external reputation sources, and the addition of ad hoc internal lists (WLBLEval plugin) in 3.4.x makes it possible to do so in a well-structured manner. Basically, you can create a list of domains that should NOT get any DNSWL bonus and use a meta rule to counteract

Re: MIME_BASE64_TEXT only on us-ascii

believe they should (or should not,) please do so. The purpose of MIME_BASE64_TEXT is to identify messages where a text part (or the whole message) with pure US-ASCII content has been Base64-encoded instead of being sent unencoded (or just QP-encoded to protect overlong lines.) -- Bill C

Re: MIME_BASE64_TEXT only on us-ascii

is unusual to base64-encode pure us-ascii AND it is strong (albeit imperfect) indicator of the message being spam. Base64 generate with site: https://www.base64encode.org/ Or /usr/bin/base64 or 'openssl enc' :) Kind regards On 11/12/21 10:16 PM, Bill Cole wrote: On 2021-11-12

Re: SHOPIFY_IMG_NOT_RCVD_SFY but from Shopify

5.3 out of 6.3 caused by the inability of mail.as397444.net to get a verifiable rDNS name for 149.72.221.62 at delivery time. It's ALWAYS DNS. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

e gets started, you could save the name and start time, and then burp that during timeout handling, right? I like that idea. I have no idea how feasible it is. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

; again. > > Not trying to teach you to suck eggs, but, incredible as it may sound, > there are still some people who don't know about the 'locate' command. Worth noting: locate & updatedb aren't always installed. -- Bill Cole b...@scconsult.com or billc...

Re: MIME_BASE64_TEXT only on us-ascii

d in technical theory can override the judgment of RuleQA. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: SPF_NONE scoring

om the last "network masscheck" accessible there. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: TYPO USER_IN_DKIM_WHITELSIT in 60_whitelist_dkim.cf

/60_whitelist_dkim.cf Line 47 http://svn.apache.org/viewvc/spamassassin/trunk/rules/60_whitelist_dkim.cf?revision=1892060&view=markup#l47 HAS TYPO "WHITELSIT" reuse USER_IN_DKIM_WHITELSIT Fixed in r1895479. Thanks for noticing! -- Bill Cole b...@scconsult.com or billc...@a

Re: X-Originating-IP fires too much

ks will > hide the remote IP if the local IP is trusted/internal. That's why the *_networks config parameters exist: so that it is possible for SA to figure out which which recorded transit hop to both trust as accurately recorded and to interpret as a transfer from a potentially hostil

Re: Rawheader or Rawsubject? Or how to match UTF-8 Emoji in Header.

e may end up with a situation akin to that of the Python 2->3 switch, made hellish by the Unicode support. Hopefully not, since we are just following behind and making use of a lot of work done in recent versions of Perl without major headaches. -- Bill Cole b...@scconsult.com or billc...@ap

Do these domains merit blocking?

ory Tower in general. I have no difficulty explaining my position, but I am rather surprised that I need to in 2021. Am I missing something special that makes such research spam somehow not spam? -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsul

Re: Updated from 3.4.0 to 3.4.6 very noisy debug output.

3.0 to 3.4.0: https://lists.apache.org/thread/p9vx39mlhx1kp39kk5nv4f7r2vrtj6g0 -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Avoid processing upsteam trusted mail with X-Spam-Flag: YES?

e glue script you use could filter for arbitrary aspects of messages. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Question about user specific bayes

it can be used. You should also plan a way to regularly feed known spam and ham to those databases, since you aren't auto-learning. before they start working? Before SA will determine a Bayes score on incoming messages, yes. -- Bill Cole b...@scconsult.com or billc...@apache.org

Re: Question about user specific bayes

ill not fall back to a global Bayes DB just because an otherwise perfectly good per-user DB isn't properly seeded. -Original Message- From: Bill Cole Sent: Tuesday, January 18, 2022 12:23 PM To: users@spamassassin.apache.org Subject: Re: Question about user specific bayes On 2

Re: Hits on item with " No description available"

achine is, it should be using a FQDN instead of a bare hostname. Also, you could (and probably should) add that machine to your internal_networks setting, since an RFC1918 address is pretty much the definition of internal. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: updates.spamassassin.org not resolving?

u really need, find the cron job and run it >> again (you may need to run it under user it runs from cron) > > Looks like you get this message also when /var/lib/spamassassin is not > writable. It is a standard expectation of software on Unix-like systems to be able to maintain

Re: Emails from gmail.com bypassing Spamassassin scoring

as SpamAssassin itself doesn't include any software that could act as a gatekeeper. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: CONTENT_AFTER_HTML: better not discuss formatting!!

HTML2 m'(?:\s|=0A){0,50}(?:$|--|=)'is # stop on mime > ending boundary TANGENTIAL: I would advise against using such alternative regex syntax in rules. As you obviously figured out, you CAN (for now...) use any valid Perl syntax for writing a regex match, but I do not believ

Re: CONTENT_AFTER_HTML: better not discuss formatting!!

enough to make a rewrite of the config parser justified, but it could happen, and I don't think we'd design it today as it was done 20 years ago. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Add header, not beginning with X?

unge could provide a platform for a solution. As a bonus, they both support SA as well. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: false hits on FORM_FM

erver this morning that uses a very old sender domain. Same messages do not hit on the rule currently. Likely a problem with the DNSBL. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: PDFinfo not returning expected producer, creator values

/Creator (^@w^@k^@h^@t^@m^@l^@t^@o^@p^@d^@f^@ ^@0^@.^@1^@2^@.^@5) /Producer (^@Q^@t^@ ^@4^@.^@8^@.^@7) There's the cause. Apparently the use of UTF-16BE encoding with a leading BOM for metadata was not so common when that plugin was written. It saw the BOM and assumed the line was bina

Re: how sendgrid is abusing the ukraine crisis (or they are still to dumb to filter for spam)

ase score -5 and the threshold 0. It's 20 years too late to fix that, but it would have made it easier for people to avoid wrong mathematical assumptions about the value of the aggregate score of a message. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire signature.asc Description: OpenPGP digital signature

Re: What does this header mean?... X-Spam_score_int: -38

On 2022-03-31 at 12:48:06 UTC-0400 (Thu, 31 Mar 2022 12:48:06 -0400) Don Saklad is rumored to have said: > What does this header mean?... > X-Spam_score_int: -38 No clue. It is not a standard (or common) SpamAssassin header. Ask your mail admin. -- Bill Cole b...@scconsult.com or

Re: bug in 3.4.6

w in the 3.4 branch I would not veto it, but I would grumble disagreeably. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: bug in 3.4.6

On 2022-04-03 at 14:41:51 UTC-0400 (Sun, 03 Apr 2022 20:41:51 +0200) Benny Pedersen is rumored to have said: On 2022-04-03 20:13, Ralph Seichter wrote: * Bill Cole: That's a lousy bug report. It's both (1) untrue (or at least grossly imprecise) and (2) not in Bugzilla. I have a

Re: bug in 3.4.6

On 2022-04-03 at 14:13:37 UTC-0400 (Sun, 03 Apr 2022 20:13:37 +0200) Ralph Seichter is rumored to have said: * Bill Cole: That's a lousy bug report. It's both (1) untrue (or at least grossly imprecise) and (2) not in Bugzilla. I have added Benny Pedersen to my mail killfile a

Re: T_SCC_BODY_TEXT_LINE

s, it hits nearly every spam and ham email. Yes. Like __BODY_TEXT_LINE it will. Unlike __BODY_TEXT_LINE it is exposed in a scan report. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: bug in 3.4.6

On 2022-04-03 at 15:07:28 UTC-0400 (Sun, 03 Apr 2022 21:07:28 +0200) Benny Pedersen is rumored to have said: On 2022-04-03 20:58, Bill Cole wrote: [...]>> The "blocklist_to" config directive is not yet implemented in any branch of the code. I cannot promise that it will ever

Re: Sequential spamassassin scans get different results

  From misspaced, has Reply-To >  1.0 TO_NO_BRKTS_FROM_MSSP  Multiple header formatting problems >  1.0 FROM_MISSPACED From: missing whitespace >  1.0 TO_NO_BRKTS_MSFT   To: lacks brackets and supposed Microsoft tool >  0.0 T_FILL_THIS_FORM_SHORT Fill in a short form

Re: Sequential spamassassin scans get different results

on. The same is true of the "after 220 server greeting" tests in postscreen, which are effectively a sloppy sort of greylisting. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Running spamassassin only with specific rules

fault config settings and utility subrules are defined in the rules channel, so if you run SA with an empty .cf there, you may have unexpected results. In addition to -C pointing to a directory with some *.cf (maybe empty!) you can use '--siteconfigpath=path' to change where spam

Re: Rule syntax in local.cf?

is > spamassassin-3.4.4-4.el8.x86_64. > > What am I doing wrong? Changing the score for a non-existent rule. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Spamhaus spurious positives - how does SpamAssassin check Spamhaus?

see the rule definitions and ` perldoc Mail::SpamAssassin::Plugin::URIDNSBL` SBL, including its CSS component, lists IP addresses, NOT domain names. In these cases, as documented, SA looks up a specific record type (A, NS, or MX) for a name extracted from an URL to get one or m

Re: DMARC fails for valid record?

must validate AND the domain used in the validation must match the domain of the author identified by the From header. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: DMARC fails for valid record?

* valid > > I'm using a local DNS resolver, not a public server. Looks like a bug. It should not be possible to hit DKIM_VALID_AU and also DMARC_REJECT and/or KAM_DMARC_REJECT -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Rule to detect non-standard headers that aren't X- prefixed

fixing the names of unstandardized parameters with the string "X-" or similar constructs. In practice, that convention causes more problems than it solves. Therefore, this document deprecates the convention for newly defined parameters with textual (as opposed to numerical) names in appl

Re: Rule to detect non-standard headers that aren't X- prefixed

read, this pattern uses one-time header names AND there is nothing wrong about using random words as header names without a leading 'X-' so it's likely a low-yield approach. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: LONGLN_LOW_CONTRAST

trickle of hits here. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: DMARC fails for valid record?

/svn.apache.org/repos/asf/spamassassin/trunk Mail-SpamAssassin-4.0.0 This gave me revision 1901294. Is that not the proper trunk? That's the correct way to get our trunk. Right now we are at r1901296, because automated ruleQA/update jobs generate changes in trunk. -- Bill Cole b...@sc

Re: DMARC fails for valid record?

,' which seems less than useful. (And yes, the plugin just bails out, not returning any match, if Mail::DMARC::PurePerl is not available.) -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Log reporting spamd[11912]: dns: [...] messages

email message itself) Switch off debug logging, and the messages will stop. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: DMARC fails for valid record?

you want partial backports of 4.x functions into 3.x you are of course free to do that yourself under the ASF License, but I would not expect that to be supported by the project. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Log reporting spamd[11912]: dns: [...] messages

On 2022-05-30 at 06:22:39 UTC-0400 (Mon, 30 May 2022 22:22:39 +1200) DL Neil is rumored to have said: On 30/05/2022 03.06, Bill Cole wrote: On 2022-05-28 at 19:25:46 UTC-0400 (Sun, 29 May 2022 11:25:46 +1200) DL Neil is rumored to have said: No, he said it. SpamAssassin x86_64 3.4.0

Re: DMARC fails for valid record?

the envelope sender address, which must match the domain part of the From header address. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: RBL via Spamassasin configuration

. The simplest way they might do so in theory, washing bad addresses out of their lists, would actually be GOOD if they all did it. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: RBL via Spamassasin configuration

t mean anything unless I start grabbing the message bodies before sending the reject. If you conclude something based on some month, there is no going back on this. I know people in IT that did not learn anything in 15 years. As for now, I am not really convinced by your arguments. -- Bill Co

Re: getting waring from spamassassin.apache.org

unlikely to be significant at this point. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: My emails are blocked when I ask for help (murder!) In need help!

tific or analytic approach to your problem and it appears that you have not utilized your presumably friendly lawyer brother to advise you on how to solve your problems in this realm as they may relate to the law. You should. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Matching on missing To field?

;s >> none >> of Subject, From, To, Reply-To entries. >> IE a really malformed message. > > Hum. As I read it, that is "headers misspelled" (not "headers missing") and > it is checking for any of the listed words at the start of a line, followed &

Seeking dhl.com ham samples

ot handling UDP truncation of replies. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Seeking dhl.com ham samples

stopped using that particular domain name? --Rob McEwen On 8/2/2022 10:50 AM, Bill Cole wrote: Bug 8021 reports breakage in SPF checking for dhl.com mail, due to an inability to resolve the  SPF TXT record for dhl.com. That breakage is essentially due to DHL having far too many TXT records (so

Re: subscribe to blacklist for domains

uthority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. -- Bill Cole b

Re: Hidden parts in anchors texts

ink there are some rules that would catch the specific styling, as both mechanisms there to make the text invisible are exceedingly sketchy and disreputable in email. Do you have a spample that gets past SA without hitting rules on that span tag? -- Bill Cole b...@scconsult.com or billc.

Re: Questions to False Positives

d that specific rule is to render problematic sections as images. I don't advise that, as it is a path towards a complex of rules that look at image/text ratio which are much riskier than HTML_FONT_LOW_CONTRAST. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many

Re: Mail with image marked as spam

04: 0.25% of spam, 0.03% of ham, 91% of matches are spam EMPTY_MESSAGE: 0.13% of spam, 0.01% of ham, 95% of matches are spam As of the latest scores update, those together total 4.3. I suspect MPART_ALT_DIFF is incorrectly hitting no-text messages, but I have not confirmed. -- Bill

Re: info: dns: bad dns reply: bgread: recv() failed

named[12447]: zone domain.nmail/IN: reconfiguring zone keys Sep 28 21:45:49 nmail named[12447]: zone domain.nmail/IN: next key event: 28-Sep-2022 22:45:49.345 -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Avai

Re: More Sendgrid trouble?

60_welcomelist_auth.cf Authentication realm: <https://svn.apache.org:443> ASF Committers Password for 'billcole': *** Sending60_welcomelist_auth.cf Transmitting file data .done Committing transaction... Committed revision 1904337. I believe that means it will

Re: installing spamass-milter

ld environment on a machine that is just running SA. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: How to incorporate network blocks

based and would need some conversion. -- I have added it to my pile of > things to look at more closely later. > > > > -- > Grant. . . . > unix || die -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire signature.asc Description: OpenPGP digital signature

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

>>>> forwarded by Microsoft to your server. Was it really a fake? That's a >>>> lot of headers to fake if so. >>>> >>>> If it was really fake and that paypal-supplied DKIM signature doesn't >>>> validate (I didn't check that), then checking DMARC when you receive >>>> mail and rejecting on p=reject failures would block it. >>>> >>> -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: spam subject marking

onversation. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: spam subject marking

. That's ABSOLUTELY CORRECT. DKIM is known to be fragile in transit. It has ALWAYS been known to be fragile in transit. If you want a signature for repudiation purposes, you need *at least* DMARC on top or some other more robust signing mechanism. -- Bill Cole b...@scconsult.com or billc...@a

Re: spam subject marking

add any headers or 'glue' that ignores the message modifications and may or may not add similar headers (e.g. milters that embed SA rather than use a separate spamc.) -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: How to incorporate network blocks

On 2022-11-14 at 14:09:14 UTC-0500 (Mon, 14 Nov 2022 12:09:14 -0700) Grant Taylor via users is rumored to have said: > On 11/11/22 10:10 AM, Bill Cole wrote: >> From my bashrc... >> >> # type cidrcon >> cidrcon is a function >> cidrcon () >> { >>

Re: spam subject marking

dd_header" feature. It is on by default, but depending on which 'glue' you use to integrate SA and which distribution package you use you may not be seeing the modification by add_header. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: spam subject marking

) which basically is a footbullet. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire signature.asc Description: OpenPGP digital signature

Don't do that (was Fwd: #1 Secret to PERFECT Blood Sugar

On 2022-11-23 at 15:56:38 UTC-0500 (Wed, 23 Nov 2022 13:56:38 -0700) Grant Taylor via users is rumored to have said: > -- > Grant. . . . > unix || die (full message/rfc822 attachment of spam snipped) Please don't do that. I'm pretty sure we all have all the spam we nee

Re: Mial hits MISSING rules despite presence of headers

t might be happening, but it would require using report_safe=1 and a flow that passes twice through SA... -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Mial hits MISSING rules despite presence of headers

un. As a temporary work-around, I think it would be wise to give any rule that gets SHORTCIRCUITed an overwhelming score in whichever direction it operates. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Ava

Re: RBL timeouts

t not getting the resources (cpu and memory) it needs to operate fast. You would likely notice that sort of overload. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Mial hits MISSING rules despite presence of headers

orked out a complete flowchart or state diagram that covers the whole realm of possible situations. I wouldn't even bet on the existing relevant documentation spread around the project being 100% internally self-consistent. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @gru

Re: New Release Candidate 4.0.0-rc4 Testers Needed

ing yes > and yes. I believe that many PMC members have, like myself, been running trunk or each RC as it was released since we went into pre-release mode. We have bug reports specifically reported against 4.0 issues, all of which are resolved, so we do have external testers as well wh

Re: Problems matching the last word in multi-OR Regex

to still be lurking in SA undiscovered. I don't think the basic parsing of REs in rules has changed since v2. It would help a great deal if you could open a bug at https://bz.apache.org/SpamAssassin/ with sample messages that are hit or not by different variants of the rule. Than

Re: Whitelist or add negative values for score

example on how to accomplish this dual criteria check. Any assistance is apreciated. welcomelist_from_rcvd j...@company.com [1.2.3.4] should work, but -100. It would be nice if welcomelist_* could take a score, but it you are sure you want *your* SA to not mark it as spam, -100 is t

Re: Whitelist or add negative values for score

SPF: sender matches SPF record > > I understood KAM_DMARC_STATUS as failing SPF alignment. KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment Note that 'or' is not 'and' in that description. The message in question had a bad DKIM sign

Re: 4.0.0 dnsbl_subtests.t test failures

which plugins to use and do any required configuration after install. That should break MANY tests, and reflects an error in judgment by the packager. With all plugins disabled, SA is not even minimally functional. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and

Re: dccifd socket dosn't appair

_learn_score - /var/dcc/dccifd socket file dosnt exist - Why DCC Learning not enabled? Have you asked the DCC community? DCC can be used by SpamAssassin but is not part of SpamAssassin My *guess* is that dccifd needs to be started. -- Bill Cole b...@scconsult.com or billc...@apache.or

Re: DNSWL_HI testing wrong Received header?

rsive resolver that does no forwarding? -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire

Re: Espoofer - An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures

Authentication Distinguished Paper Award Winner In this repo, we summarize all test cases we found and integrate them into this tool to help administrators and security-practitioners quickly identify and locate such security issues. -- Bill Cole b...@scconsult.com or billc

Re: DNSWL_HI testing wrong Received header?

On 2022-12-28 at 12:55:20 UTC-0500 (Wed, 28 Dec 2022 12:55:20 -0500) John Stimson via users is rumored to have said: [...] On 2022/12/28 15:07:31 Bill Cole wrote: Perhaps your DNS resolution is to blame. Are you using a local recursive resolver that does no forwarding? The machine has

Re: spamd config error

diting error for the bare name of a Perl module to appear on a line by itself in local.cf or any other SpamAssassin config file. It SHOULD break parsing. Whenever you change a SpamAssassin config file, you should run 'spamassassin --lint' to make sure it is parsing correctly. -- Bi

<    1   2   3   4   5   6   7   8   9   10   >