Re: URILocalBL.pm and 'failed to parse plugin'

On 27 Nov 2016, at 11:28, Alex wrote: > Hi all, > > After a recent upgrade to perl-5.24.0 on fedora25 with > spamassassin-3.4.1, I'm seeing this bug: > > https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7332 > > There hasn't been any updates since it was created. Am I missing something? Nope.

Re: relay not detected

On 21 Nov 2016, at 17:54, Pedro David Marco wrote: Hi, i have spam emails with a Received line like this: Received: by 9-30-239-23.uocdn.net (Postfix) with ESMTPSA id 693A0C56B with (unknown [158.69.130.12]) ; Sun, 20 Nov 2016 21:06:55 -0300 there is no parsing perl code for lines like this in

Re: version.h.pl show stopper

On 18 Nov 2016, at 20:30, Dan Jacobson wrote: $ svn checkout http://svn.apache.org/repos/asf/spamassassin/trunk /tmp/ee $ cd /tmp/ee $ echo|perl Makefile.PL PREFIX=/tmp/g $ make In the end you will see cd spamc /usr/bin/perl version.h.pl spamc/configure.pl: Can't exec `version.h.pl': No such

Re: dropbox phish

On 31 Oct 2016, at 20:38, Alex wrote: Hi all, We keep receiving variations of this dropbox phish that's never tagged properly. I was hoping someone had some ideas for catching them. I've added a few more body rules, and some header rules to block this "drpbox" spelling variation, but I hoped

Re: dropbox phish

On 1 Nov 2016, at 20:31, Alex wrote: Hi, On Mon, Oct 31, 2016 at 9:11 PM, Bill Cole <sausers-20150...@billmail.scconsult.com> wrote: On 31 Oct 2016, at 20:38, Alex wrote: Hi all, We keep receiving variations of this dropbox phish that's never tagged properly. I was hoping someo

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 15 Oct 2016, at 14:13, Petr Bena wrote: That would obviously work and blocked hackers from spoofing, No, it would not do so. It's clear that you didn't bother reading Dianne Skoll's message and considering or testing her counter-example. but as you said, it would also break some other

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 15 Oct 2016, at 14:50, Petr Bena wrote: I was looking to accomplish something similar, but seems that SA can't do that and there are probably no open source plugins or postfix hooks that allow this (so far). This class of problem is one reason to pick MIMEDefang as your tool for

Re: The real spoofing issue (was Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless)

On 16 Oct 2016, at 18:08, Ruga wrote: From: "Dianne Skoll " In my servers, the above string is not RFC compliant, Are you writing your own RFC's? That's cool: the IETF could do with some competition. Where are you publishing them and

Re: rbldnsd

On 17 Oct 2016, at 9:04, Antony Stone wrote: DNS runs over UDP, not TCP. True AND false. Most DNS queries can be answered in a single UDP packet and so most queries are tried over UDP first. Traditionally, DNS answers over UDP were limited to 512 bytes, although modern extensions typically

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 15 Oct 2016, at 11:33, Petr Bena wrote: I don't understand your point. I started this discussion stating the fact that SPF, DKIM and DMARC don't prevent people from being able to spoof your email address. And you tell me that I don't understand email security because SPF, DKIM and DMARC

Re: Which Net::DSN for SpamAssassin-3.4.1

On 9 Dec 2016, at 12:47, Mike Grau wrote: Hello all I'm confused ... what is the "recommended" version of Net::DNS to use with an unpatched SpamAssassin-3.4.1? Or are there patches I ought to apply for, say, Net::DNS 1.06? Net::DNS has had some very good but rather weakly-controlled

Re: Filter Non-ISO-8859-1 Text

On 10 Jan 2017, at 10:42, Michael B Allen wrote: PS2: Is there a tag that indicates that the message contains a large amount of non-latin1 text? I do get a lot of legitimate non-ISO-8859-1 messages but usually it's just a name or at most an address. So less than 100 bytes. Please start a

Re: Increase BAYES_99 score?

On 10 Jan 2017, at 10:55, Michael B Allen wrote: bayes_file_mode 0777 Don't do that. Ever. It is not necessary, despite having been propagated widely as a supposed solution for system-wide Bayes permission issues. The clear indicator that whoever devised that was flailing in sheer

Re: [solved] Debugging Scores

On 10 Jan 2017, at 15:52, Michael B Allen wrote: On Tue, Jan 10, 2017 at 11:03 AM, Axb wrote: On 01/10/2017 04:49 PM, Michael B Allen wrote: PS: Is it possible to see what values are associated with all tags for debugging purposes? Meaning can I run a command that

Re: Major DNS issues since 3.4.1 upgrade

On 14 Apr 2017, at 16:54, Rick wrote: Everything having to do with DNS has gone terribly wrong since the update. Spamd cannot do anything at all with DNS even though it's a local caching NS and EVERTHING else is resolving just fine. It does pull the name server entry correctly but it

Re: sa-compile will not configure

On 20 Apr 2017, at 16:16, Robert Steinmetz AIA wrote: Thank you Bill, That has given me a clue. I ran the commands below: thelma@thelma:~$ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:/usr/local/games:/snap/bin thelma@thelma:~$ ls -ld

Re: sa-compile will not configure

On 19 Apr 2017, at 9:52, Robert Steinmetz wrote: Robert Steinmetz wrote: Responding to my own post with new information. I think I've confirmed that the problem is the $PATH, or the perl equivalent. I added the full path name where the specific commands were called and that removed that

Re: Operators Blacklist Survey

On 14 Aug 2017, at 18:00, Shivram Krishnan wrote: Hi, I am a graduate student at the University of Southern California and am currently researching on the impact of false positives in blacklists. Apparently they don't bother with a mandatory Research Methodology course for grad students

Re: Random word spams and wiki spams

On 8 Jul 2017, at 15:26, Alex wrote: [Quoting me] 2. That MIME structure is pathological. It merits a specific hard rejection with a derisive text part. Anything generating FPs (never seen one...) needs spanking. I don't understand? The message is labeled as multipart/mixed but it only

Re: [SOLVED] I'm an idiot

On 7 Jul 2017, at 12:15, jdow wrote: > On the other hand, FireFox reports: > This site can’t be reached > > updates.spamassassin.org’s server DNS address could not be found. Which is simultaneously: 1. True 2. Normal 3. Neither a cause nor symptom of any operational problem.

Re: updates.spamassassin.org gone?

On 6 Jul 2017, at 4:06, Rainer Sokoll wrote: > Hi, > > for at least the last 2 days, updates.spamassin.org does not resolve anymore: > > ~$ host updates.spamassassin.org. Which means the name has no A record, but does have other records and/or subdomains. > But note: > > ~$ host

Re: Random word spams and wiki spams

On 7 Jul 2017, at 13:04, Alex wrote: I'm interested in how your system would have (or currently does) handle this email I received some days ago: https://pastebin.com/innRFvZt Its IP (106.186.119.240) is still not listed with spamhaus, sorbs or hostkarma, and has an 83 rating with senderscore.

Re: updates.spamassassin.org gone?

On 6 Jul 2017, at 18:48, jdow wrote: No A or PTR record: ===8<--- [jdow@thursday ~]$ dig updates.spamassassin.org ns1.apache.org all 1. What is the reason to expect the name "ns1.apache.org" to have any DNS records? 2. Using "all" as the final RRTYPE argument (or any other word beginning

Re: TVD_PH_SEC score problem

On 24 Apr 2017, at 21:35, Alex wrote: Hi, Hi, this rule hit a citibank.com email. Adding 1.8 points simply for the phrase "your account security" does not seem reasonable. Apr 24 20:13:18.660 [28524] dbg: rules: ran body rule TVD_PH_SEC ==> got hit: "your account security" What *else*

Re: tflags

On 3 Aug 2017, at 11:21, John Hardin wrote: On Thu, 3 Aug 2017, John Schmerold wrote: I don't understand the purpose of tflags. Where is this parameter explained? man Mail::SpamAssassin::Conf That will USUALLY work on most Unix-like systems that have SA installed, but sometimes will not

Re: URIBL_BLOCKED on 2 Fedora 25 servers with working dnsmasq, w/ NetworkManager service

On 18 May 2017, at 17:05, Robert Kudyba wrote: On May 18, 2017, at 4:41 PM, David Jones wrote: From: Robert Kudyba Am 18.05.2017 um 22:30 schrieb Reindl Harald: "with working dnsmasq" says all - DNSMASQ DON'T DO RECURSION - IT CAN#T you are

Re: frequent T_SPF_PERMERROR

And furthermore... On 2 Jun 2017, at 19:05, spamassas...@nro.ca wrote: I started reading SPF.pm and saw that I could hack it to avoid using Mail::SPF and instead use (what seems to be) the less preferred Mail::SPF::Query This is a wrong approach. SA will use whichever is installed but

Re: frequent T_SPF_PERMERROR

On 2 Jun 2017, at 19:05, spamassas...@nro.ca wrote: Thanks for the tip! I didn't know how to debug that stuff. Here's what happens with a spammer faking one of my own domains: spamd[21654]: spf: query for isabelle.2...@nro.ca/41.203.191.125/!41.203.191.125!: result: permerror, comment: ,

Re: frequent T_SPF_PERMERROR

On 5 Jun 2017, at 12:03, Benny Pedersen wrote: > Mail::SPF uses SPF first, and failback to TXT if SPF does not exists Changed in the latest version, almost 4 years ago.

Re: ANY_BOUNCE_MESSAGE questions

On 30 Apr 2017, at 10:17, David Jones wrote: 99_mailspike.cf --- shortcircuit RCVD_IN_MSPIKE_H5 on score RCVD_IN_MSPIKE_H4 -3.2 score RCVD_IN_MSPIKE_H3 -2.2 score RCVD_IN_MSPIKE_H2 -1.2 score RCVD_IN_MSPIKE_WL -0.82 score RCVD_IN_MSPIKE_BL 1.2 score RCVD_IN_MSPIKE_L2 0.2

Re: Absurd mail headers in new spam

On 1 Jun 2017, at 8:28, Loren Wilton wrote: If he is intending to hide tracking info in the headers, it seems pointless unless he is also writing an MTA of some sort that will see the headers. But maybe he didn't think that far, and it was his intent to hide tracking info. Still, it seems a

Re: ISIPP - Re: bb.barracudacentral.org

On 18 Sep 2017, at 10:57, Chris wrote: [...] >> I am receiving many hits on *_IADB_* rules just fine recently for >> emails  >> from constantcontact.com and others. > > I'm receiving rule hits: > > TOP HAM RULES FIRED > RANKRULE NAME   COUNT  %OFMAIL %OFSPAM  %OFHAM > 40   

Re: ISIPP - Re: bb.barracudacentral.org

On 18 Sep 2017, at 12:14, Chris wrote: [...] > On Mon, 2017-09-18 at 11:11 -0400, Bill Cole wrote: >> Why are you asking 168.150.251.35 to do DNS resolution for you? It is >> not authoritative for isipp.com, so presumably you have a specific >> local config causing you to use

Re: ISIPP - Re: bb.barracudacentral.org

On 19 Sep 2017, at 16:40, Chris wrote: > Here's the output now of the dig +trace > tcp0  0 > 127.0.0.1:530.0.0.0:*   LISTEN  -   >   > tcp0  0 > 127.0.1.1:530.0.0.0:*   LISTEN  -   >   > udp

Re: ISIPP - Re: bb.barracudacentral.org

On 19 Sep 2017, at 22:36, Chris wrote: > On Wed, 2017-09-20 at 04:31 +0200, Reindl Harald wrote: >> >> Am 20.09.2017 um 02:32 schrieb Chris: >>> >>> I then installed dnsmasq (apparently it wasn't installed) >> frankly clean up your mess - you recently posted dnsmasq as well as  >> named listening

Re: ISIPP - Re: bb.barracudacentral.org

On 20 Sep 2017, at 9:48, Chris wrote: > From the locate command I found these - https://pastebin.com/ECjZGX1M  AHA! Apparently Ubuntu (and Debian?) has a package called "dnsmasq-base" which is installed as a dependency of libvirt, which manages it independently and autocratically... 2 maybe

Re: Rule triggering more than once

On 5 Oct 2017, at 11:21, Richard Nairn wrote: I am using a rule to detect email with very long links included as I have seen that those are mostly spam. Some of the messages will include many copies of the link. Is there a way to write a meta rule that detects multiple instances of the same

Re: blacklist_from not working with SA version 3.4.0

On 9 Oct 2017, at 13:42, Benny Pedersen wrote: more help ask on amavisd maillist Benny: he already said he was using spamc/spamd, which means amavisd isn't involved at all.

Re: FROM header with two email addresses

On 27 Sep 2017, at 3:16, Jakob Curdes wrote: Hello all, I recently stumbled onto a mail with a Spam link where the FROM header field looked like this: From: "Firstname Lastname@" sendern...@real-senders-domain.com> which is displayed in different ways on different devices but most do

Re: MailChimp with link to javascript/zip malware

I believed any of those needed to be treated with greater suspicion than a random unknown sender. None of them would get mail through to an untagged address on my personal system, but that's an outlier environment. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpyboz

Re: MailChimp with link to javascript/zip malware

USER_IN_SPF_WHITELIST, so you're still whitelisting it. Did you restart amavisd after changing the rules? -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Paying Work: https://linkedin.com/in/billcole

Re: Scoring mails from "not mynetworks" but using my domain in the headers?

their email address for use in the From header. DMARC is likely to erode these senders over time but since the use of 'p=reject' is not a widespread norm, it will take a while. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currentl

Re: RHEL7: spamass-milter-postfix==>spamassassin

. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: spamd Will Not Create unix:socket

On 28 Nov 2017, at 12:15, Colony.three wrote: [...] My God. It's full of stars! This fixed the spamass-milter problem. And it seems to be the correct way to fix the hundreds of other SELinux errors I have. You take this box, and put it through a magic tunnel and see if it looks right.

Re: spamd Will Not Create unix:socket

, or StackOverflow is that they are designed specifically to diagnose and solve SELinux problems and they work really fast... -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: Scoring Philosophy?

On 22 Nov 2017, at 7:36 (-0500), Martin Gregorie wrote: On Wed, 2017-11-22 at 00:39 -0500, Bill Cole wrote: A related and increasingly common (dunno why) source of never hitting DNSBL rules is a form of firewall/router NAT sometimes called "Secure NAT" where inbound connec

Re: orphan spamd childs?

anything with it gets stuck. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: check utf-8 subjects/from?

to do special processing for non 7-bit ASCII headers. There's even a SA rule for that: FROM_EXCESS_BASE64 -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: How to view bayesian database in legible text

n anchored 2-letter RE to match. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: Why doesn't HK_RANDOM_FROM trigger on this email address?

and surname as a username and many Germanic surnames starting with sch[mlr], so I expect that 5 consonants in an email address local-part where 'sch' are the middle 3 characters are quite common. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many

Re: Understanding SPF-verified spam from dropbox

On 20 Nov 2017, at 13:31, Alex wrote: On Mon, Nov 20, 2017 at 12:58 PM, Axb wrote: On 11/20/2017 06:26 PM, Alex wrote: Hi, we have an email that originated from email.dropbox.com and has a link to https://hyzas.xss.ht/ which is a "payload to test for Cross-site

Re: Why doesn't HK_RANDOM_FROM trigger on this email address?

useful, because this is a check of the From header. There are a large number of people with German surnames who don't use the German language or live in places where German is the primary language. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many

Re: Scoring Philosophy?

connections have their source IP's replaced with the IP of the device handling the NAT. This typically kills any ability of a MTA or a filter like SA to use DNSBLs or any other anti-spam tactic that requires knowing the client IP (or the client IP of the last external-client transport hop.

Re: DNS issues

On 14 Nov 2017, at 13:08, Jari Fredriksson wrote: > The problem is that SpamAssassin seems to irrational. My original question > was and is: where does it get it’s resolver? RTFM. $ perldoc Mail::SpamAssassin::Conf [...] dns_server ip-addr-port (default: entries provided by Net::DNS)

Re: Determining originating source IP

On 2 Nov 2017, at 15:41, Alex wrote: > Hi, > > Is it possible to determine the originating IP address from a yahoo > email where it appears the user used their web interface? [...] > Sometimes there is an x-originating-ip header but there doesn't appear > to be anything similar here. You've

Re: Weird new malware

On 8 Nov 2017, at 11:16, Dianne Skoll wrote: On Wed, 8 Nov 2017 11:02:16 -0500 Rob McEwen wrote: This seems to be catching most of them: Subject: Invoice [A-Z]{2,3}\d{7}\b Yes, that'll work. Maybe a better approach is a combo rule that looks in the headers for

Re: Weird new malware

On 8 Nov 2017, at 14:12, Bill Cole wrote: On 8 Nov 2017, at 11:16, Dianne Skoll wrote: On Wed, 8 Nov 2017 11:02:16 -0500 Rob McEwen <r...@invaluement.com> wrote: This seems to be catching most of them: Subject: Invoice [A-Z]{2,3}\d{7}\b Yes, that'll work. Maybe a better ap

Re: Weird new malware

On 8 Nov 2017, at 14:15, Bill Cole wrote: Of course that should be: describe SCC_MIME_BOGUSCT1 Bogus /mixed Content-Type headerSCC_MIME_BOGUSCT1 Content-Type =~ /^(? Hmmm... For some reason I do not understand, the anchor doesn't work, so: describe SCC_MIME_BOGUSCT1 Bogus /mixed

Re: Rule to match when multiple FROM addresses exist

ix.org/lists.html) where the active participants include the creator of Postfix and other real Postfix experts (I just play one on other lists...) -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Wo

Re: Rule to match when multiple FROM addresses exist

's a good fix for a broader range of misbehaviors. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: FIlter

, research the list's actual purpose and availability. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: Flakey spam email. How to filter?

der exists but is not valid 2.3 S25R_4 T_S25R: Bottom of rDNS ends w/ num, next lvl has num-num Note that bad Bayes score, which is because my system never sees this sort of spam. Also: I noticed something interesting in that spam that I'm working on rules for... -- Bill Cole b...@scc

Re: Bank fraud phish

On 25 Oct 2017, at 12:00, Alex wrote: Is the only way to submit to spamcop to use their custom email address assigned to the account, or is there some command-line way to do it? For all the details of various ways to send mail from the command line, see the man pages for mail, mailx, and/or

Re: Bank fraud phish

On 24 Oct 2017, at 16:05 (-0400), John Hardin wrote: > The line break between the header and the ID is unusual, but not invalid. > That might potentially be a usable spam sign. No, it isn't. Or at least it wasn't 2 years ago. -- Bill Cole b...@scconsult.com or billc...@apache.or

Re: freshdesk.com and spamassassin mailing list

what subscribed address is causing these and unsubscribe that address (and ban it) from the list. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Paying Work: https://linkedin.com/in/billcole

Re: spample: Microsoft Office DDE exploit (in OpenXML attachment)

ecords. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: very basic SA-Learn performance question: is 90 seconds or so per token really, really slow or roughly normal?

allow list,search,readattr,file_inherit,directory_inherit -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: regexp dealing with display name don't work

of a user-defined variable name. It would also work with digits and most other symbols. SpamAssassin rules also must escape $ or %, which are the other characters Perl uses before variable names to indicate that they are variable names. -- Bill Cole b...@scconsult.com or billc...@apache.org

Re: Invoice phish

On 15 May 2018, at 20:27, Alex wrote: Hi, We received another of those phishes as a result of a compromised O365 account. https://pastebin.com/raw/Fv5NKRAP Anyone able to take a look and provide ideas on how to block them? It passes with DKIM_VALID_AU, RCVD_IN_SENDERSCORE_90_100 and

Re: Question regarding trusted_networks

with this one-liner, if all of your config files are in /etc/mail/spamassassin/: egrep -hvr '^(($|[[:space:]]*$|[[:space:]]*#|#)|[[:space:]]*(score|describe|meta|tflags|(mime|)header|body|rawbody|full|uri|if|ifplugin|else|askdns|endif)[[:space:]]*)' /etc/mail/spamassassin/*.{pre,cf} Thanks aga

Re: Compromised squareup/amazonses account phish

integrity. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steadier Work: https://linkedin.com/in/billcole

Re: Autolearn as ham with a positive score.

On 12 Jun 2018, at 3:34, Reio Remma wrote: Hello! I just noticed *autolearn=ham* for a message with a positive spam score. Is that normal? No, but it is also not especially remarkable. The final operative score is not the score that is used to determine autolearning.

Re: [Offtopic] List From and Reply-To

ase to make it clear that MM today is much more solid than it was in 2015. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steadier Work: https://linkedin.com/in/billcole

Re: [Offtopic] List From and Reply-To

ially a full rewrite to keep working on MacOS X given the ongoing rot in the Carbon APIs. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steadier Work: https://linkedin.com/in/billcole signature.asc Descript

Re: [Offtopic] List From and Reply-To

On 30 May 2018, at 17:19 (-0400), Luis E. Muñoz wrote: On 30 May 2018, at 13:54, Bill Cole wrote: On 30 May 2018, at 14:51 (-0400), Grant Taylor wrote: Since Qualcom transferred the Eudora IP to the Computer History Museum and open sourced the source code, I expect that we will be seeing

Re: Problem with sa-update via proxy

On 5 Jun 2018, at 4:24, Peter Hutchison wrote: I have recently upgraded my mail mta servers from Ubuntu 14.04 to Ubuntu 16.04 but the daily spamassassin cron job is failing to update the database in /usr/lib/spamassassin/3.9004001/update_spamassassin_org folder. That's a very odd version

Re: [Offtopic] List From and Reply-To

On 30 May 2018, at 10:00, Palvelin Postmaster wrote: On 30 May 2018, at 16:48, Antony Stone wrote: On Wednesday 30 May 2018 at 15:33:13, Palvelin Postmaster wrote: On 30 May 2018, at 16:06, Matus UHLAR - fantomas wrote: On 30.05.18 15:49, Palvelin Postmaster wrote: Hitting reply sends

Re: [Offtopic] List From and Reply-To

On 30 May 2018, at 8:49, Palvelin Postmaster wrote: Why does this list apparently use the original From header of the poster’s message and doesn't set a Reply-To header at all? 1. Traditional standard practice. Doing otherwise in either case would offend more people than sticking with the

Re: [Offtopic] List From and Reply-To

On 30 May 2018, at 10:25, Bill Cole wrote: On 30 May 2018, at 10:00, Palvelin Postmaster wrote: On 30 May 2018, at 16:48, Antony Stone wrote: On Wednesday 30 May 2018 at 15:33:13, Palvelin Postmaster wrote: On 30 May 2018, at 16:06, Matus UHLAR - fantomas wrote: On 30.05.18 15:49

Re: Amazon failing DKIM?

that. 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid This isn't an isolated email, it's all of the order confirmations. Thanks for the heads-up. I haven't seen one like this yet and hopefully they'll fix their issues soon. -- Bill Cole b...@scconsult.com or billc

Re: CVE-2018-12558: DOS in perl module Email::Address

On 20 Jun 2018, at 11:11, Ian Zimmerman wrote: > This is probably of interest to readers of this list. Only very tangentially. > http://www.openwall.com/lists/oss-security/2018/06/19/3 SpamAssassin does not use Email::Address.

Re: dropping other's email(s) as a "best practice" for hosted email? (was: "anyone recognize these headers? ...")

delivery from sender to recipient and are prepaid by every sender to perform end-to-end delivery. In most of the Internet-heavy world, no email provider has any of those supporting features of reliability, even within their own home nations. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA

Re: Cause for non delivery when Spam Scanner Report is empty

. To determine why a message was rejected, you need to look into the actions of whatever is actually making the decision to act on mail handling based on the SpamAssassin analysis. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com

Re: improving detection to cloudmark-like levels?

t targets spamtraps (most of which can in theory get small amounts of entirely innocently misdirected email.) -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Paying Work: https://linkedin.com/in/billcole sign

Re: MailChimp with link to javascript/zip malware

not in the standard set, short-circuits at least one rule, and appears to have both Bayes and AWL/TxRep disabled. 2. I don't know if it is justifiable, but the munging of that message makes it problematic to run as-is. I wish you success with working out a solution for detecting this spam. -- Bill

Re: MailChimp with link to javascript/zip malware

On 19 Oct 2017, at 17:59 (-0400), Alex wrote: Hi, On Thu, Oct 19, 2017 at 4:04 PM, Bill Cole <sausers-20150...@billmail.scconsult.com> wrote: On 19 Oct 2017, at 15:38 (-0400), Alex wrote: Third day, third set of false-negatives (20 this time) whitelisted through mailchimp

Re: Spamassassin // replicate configuration on multiple servers

On 23 Oct 2017, at 8:37, David Jones wrote: As far as sharing the Bayes DB, that is a different issue. If you have your Bayes DB files on the filesystem, then you can rsync them too from a master but you need to train your ham and spam from the master. If you want to be able to train your

Re: IADB whitelist

the sender to do better. My sense is that ESPs engage ISIPP thinking they are getting an advocate and ambassador to mailbox providers when in fact they get a teacher/evangelist for sender best practices. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpyboz

Re: IADB whitelist

fically* created for SA because SA *can* take advantage of that level of granularity)). As much as I dislike the single/double wording and the use of '100% opt-in' for mechanisms that are highly fallible, I am not sure that switching to better wording would be a good idea at this point. The sunset

Re: Malformed spam email gets through.

On 3 Jan 2018, at 15:42, @lbutlr wrote: [...] On 03 Jan 2018, at 12:36, Bill Cole <sausers-20150...@billmail.scconsult.com> wrote: About 1.5% of my personal non-spam email over the past 20 years has had "localhost" as the right hand side of the MID. This implies a de fac

Re: Malformed spam email gets through.

On 4 Jan 2018, at 21:13 (-0500), @lbutlr wrote: On 4 Jan 2018, at 11:47, Bill Cole <sausers-0150...@billmail.scconsult.com> wrote: On 3 Jan 2018, at 15:42, @lbutlr wrote: There is no requirement that the right side be globally unique, just that the entire message ID is globally

Re: FSL_MIME_NO_TEXT and MIME_NO_TEXT

On 9 Jan 2018, at 13:47 (-0500), Matus UHLAR - fantomas wrote: this is a real duplicity... Semantic note: "duplication" or "redundancy," NOT "duplicity," which is English for the flavor of dishonesty involving contradictory statements. -- Bill Co

Re: Mail flagged as spam on command line getting passed through as ham

ter, and a menagerie of scripts that pipe messages into spamc for checking by spamd. How to troubleshoot your problem is dependent on what machnism you use. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seekin

Re: Autolearn says it learned but dump magic stays at zero

ay be as simple as this: ln -sf ~debian-spamd/.spamassassin ~root/ -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: Penalty for no/bad SPF

On 24 Jan 2018, at 9:12, David Jones wrote: What does everyone think about slowly increasing the score for SPF_NONE and SPF_FAIL over time in the SA rulesets to force the awareness and importance of proper SPF? -1 In every real mailstream I've worked with in the lifetime of SPF, lack of

Re: Pretty good spoof of AmEx

dly re-register "burner" domains that spammers have had their fill of and let expire. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: Penalty for no/bad SPF

On 24 Jan 2018, at 14:59 (-0500), David Jones wrote: On 01/24/2018 01:33 PM, Bill Cole wrote: On 24 Jan 2018, at 9:12, David Jones wrote: What does everyone think about slowly increasing the score for SPF_NONE and SPF_FAIL over time in the SA rulesets to force the awareness and importance

Re: Make test fails on macOS High Sierra - help needed

or Homebrew are great alternatives for building a distinct environment of open source software (including, if you want, a current and less pathologically configured Perl environment) and can install SpamAssassin functionally. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo

Re: skipping nameserver '0.ns.spamhaus.org' because it is a CNAME

e spamhaus updated their nameserver config and added cloudflare by way of CNAME. Which is a rather surprising error. Both organizations should know better. Thankfully, all the other authoritative NS targets have A and/or records. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @

Re: Penalty for no/bad SPF

and expose them to some degree to the world. Those who have tried to change policy from inside such an organization might argue that a multiple-B SPF authorization is neither malicious nor messed up in itself, but rather merely an admission of a reality which i arguably messed up but not at a

<    1   2   3   4   5   6   7   8   9   10   >