On 27 Nov 2016, at 11:28, Alex wrote:
> Hi all,
>
> After a recent upgrade to perl-5.24.0 on fedora25 with
> spamassassin-3.4.1, I'm seeing this bug:
>
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7332
>
> There hasn't been any updates since it was created. Am I missing something?
Nope.
On 21 Nov 2016, at 17:54, Pedro David Marco wrote:
Hi,
i have spam emails with a Received line like this:
Received: by 9-30-239-23.uocdn.net (Postfix) with ESMTPSA id 693A0C56B
with (unknown [158.69.130.12]) ; Sun, 20 Nov 2016 21:06:55 -0300
there is no parsing perl code for lines like this in
On 18 Nov 2016, at 20:30, Dan Jacobson wrote:
$ svn checkout http://svn.apache.org/repos/asf/spamassassin/trunk
/tmp/ee
$ cd /tmp/ee
$ echo|perl Makefile.PL PREFIX=/tmp/g
$ make
In the end you will see
cd spamc
/usr/bin/perl version.h.pl
spamc/configure.pl: Can't exec `version.h.pl': No such
On 31 Oct 2016, at 20:38, Alex wrote:
Hi all,
We keep receiving variations of this dropbox phish that's never tagged
properly. I was hoping someone had some ideas for catching them.
I've added a few more body rules, and some header rules to block this
"drpbox" spelling variation, but I hoped
On 1 Nov 2016, at 20:31, Alex wrote:
Hi,
On Mon, Oct 31, 2016 at 9:11 PM, Bill Cole
<sausers-20150...@billmail.scconsult.com> wrote:
On 31 Oct 2016, at 20:38, Alex wrote:
Hi all,
We keep receiving variations of this dropbox phish that's never
tagged
properly. I was hoping someo
On 15 Oct 2016, at 14:13, Petr Bena wrote:
That would obviously work and blocked hackers from spoofing,
No, it would not do so.
It's clear that you didn't bother reading Dianne Skoll's message and
considering or testing her counter-example.
but as you said, it would also break some other
On 15 Oct 2016, at 14:50, Petr Bena wrote:
I was looking to accomplish something similar, but seems that SA can't
do that and there are probably no open source plugins or postfix hooks
that allow this (so far).
This class of problem is one reason to pick MIMEDefang as your tool for
On 16 Oct 2016, at 18:08, Ruga wrote:
From: "Dianne Skoll "
In my servers, the above string is not RFC compliant,
Are you writing your own RFC's? That's cool: the IETF could do with some
competition. Where are you publishing them and
On 17 Oct 2016, at 9:04, Antony Stone wrote:
DNS runs over UDP, not TCP.
True AND false.
Most DNS queries can be answered in a single UDP packet and so most
queries are tried over UDP first. Traditionally, DNS answers over UDP
were limited to 512 bytes, although modern extensions typically
On 15 Oct 2016, at 11:33, Petr Bena wrote:
I don't understand your point. I started this discussion stating the
fact that SPF, DKIM and DMARC don't prevent people from being able to
spoof your email address.
And you tell me that I don't understand email security because SPF,
DKIM
and DMARC
On 9 Dec 2016, at 12:47, Mike Grau wrote:
Hello all
I'm confused ... what is the "recommended" version of Net::DNS to use
with an unpatched SpamAssassin-3.4.1? Or are there patches I ought to
apply for, say, Net::DNS 1.06?
Net::DNS has had some very good but rather weakly-controlled
On 10 Jan 2017, at 10:42, Michael B Allen wrote:
PS2: Is there a tag that indicates that the message contains a large
amount of non-latin1 text? I do get a lot of legitimate
non-ISO-8859-1
messages but usually it's just a name or at most an address. So less
than 100 bytes.
Please start a
On 10 Jan 2017, at 10:55, Michael B Allen wrote:
bayes_file_mode 0777
Don't do that. Ever. It is not necessary, despite having been propagated
widely as a supposed solution for system-wide Bayes permission issues.
The clear indicator that whoever devised that was flailing in sheer
On 10 Jan 2017, at 15:52, Michael B Allen wrote:
On Tue, Jan 10, 2017 at 11:03 AM, Axb wrote:
On 01/10/2017 04:49 PM, Michael B Allen wrote:
PS: Is it possible to see what values are associated with all tags
for
debugging purposes? Meaning can I run a command that
On 14 Apr 2017, at 16:54, Rick wrote:
Everything having to do with DNS has gone terribly wrong since the
update.
Spamd cannot do anything at all with DNS even though it's a local
caching NS
and EVERTHING else is resolving just fine. It does pull the name
server
entry correctly but it
On 20 Apr 2017, at 16:16, Robert Steinmetz AIA wrote:
Thank you Bill,
That has given me a clue. I ran the commands below:
thelma@thelma:~$ echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:/usr/local/games:/snap/bin
thelma@thelma:~$ ls -ld
On 19 Apr 2017, at 9:52, Robert Steinmetz wrote:
Robert Steinmetz wrote:
Responding to my own post with new information.
I think I've confirmed that the problem is the $PATH, or the perl
equivalent.
I added the full path name where the specific commands were called and
that removed that
On 14 Aug 2017, at 18:00, Shivram Krishnan wrote:
Hi,
I am a graduate student at the University of Southern California and
am
currently researching on the impact of false positives in blacklists.
Apparently they don't bother with a mandatory Research Methodology
course for grad students
On 8 Jul 2017, at 15:26, Alex wrote:
[Quoting me]
2. That MIME structure is pathological. It merits a specific hard
rejection with a derisive text part. Anything generating FPs (never
seen one...) needs spanking.
I don't understand?
The message is labeled as multipart/mixed but it only
On 7 Jul 2017, at 12:15, jdow wrote:
> On the other hand, FireFox reports:
> This site can’t be reached
>
> updates.spamassassin.org’s server DNS address could not be found.
Which is simultaneously:
1. True
2. Normal
3. Neither a cause nor symptom of any operational problem.
On 6 Jul 2017, at 4:06, Rainer Sokoll wrote:
> Hi,
>
> for at least the last 2 days, updates.spamassin.org does not resolve anymore:
>
> ~$ host updates.spamassassin.org.
Which means the name has no A record, but does have other records and/or
subdomains.
> But note:
>
> ~$ host
On 7 Jul 2017, at 13:04, Alex wrote:
I'm interested in how your system would have (or currently does)
handle this email I received some days ago:
https://pastebin.com/innRFvZt
Its IP (106.186.119.240) is still not listed with spamhaus, sorbs or
hostkarma, and has an 83 rating with senderscore.
On 6 Jul 2017, at 18:48, jdow wrote:
No A or PTR record:
===8<---
[jdow@thursday ~]$ dig updates.spamassassin.org ns1.apache.org all
1. What is the reason to expect the name "ns1.apache.org" to have any
DNS records?
2. Using "all" as the final RRTYPE argument (or any other word beginning
On 24 Apr 2017, at 21:35, Alex wrote:
Hi,
Hi, this rule hit a citibank.com email. Adding 1.8 points simply for
the phrase "your account security" does not seem reasonable.
Apr 24 20:13:18.660 [28524] dbg: rules: ran body rule TVD_PH_SEC
==> got hit: "your account security"
What *else*
On 3 Aug 2017, at 11:21, John Hardin wrote:
On Thu, 3 Aug 2017, John Schmerold wrote:
I don't understand the purpose of tflags. Where is this parameter
explained?
man Mail::SpamAssassin::Conf
That will USUALLY work on most Unix-like systems that have SA installed,
but sometimes will not
On 18 May 2017, at 17:05, Robert Kudyba wrote:
On May 18, 2017, at 4:41 PM, David Jones wrote:
From: Robert Kudyba
Am 18.05.2017 um 22:30 schrieb Reindl Harald:
"with working dnsmasq" says all - DNSMASQ DON'T DO RECURSION - IT
CAN#T
you are
And furthermore...
On 2 Jun 2017, at 19:05, spamassas...@nro.ca wrote:
I started reading SPF.pm and saw that I could hack it to avoid using
Mail::SPF and instead use (what seems to be) the less preferred
Mail::SPF::Query
This is a wrong approach. SA will use whichever is installed but
On 2 Jun 2017, at 19:05, spamassas...@nro.ca wrote:
Thanks for the tip! I didn't know how to debug that stuff. Here's what
happens with a spammer faking one of my own domains:
spamd[21654]: spf: query for
isabelle.2...@nro.ca/41.203.191.125/!41.203.191.125!: result:
permerror, comment: ,
On 5 Jun 2017, at 12:03, Benny Pedersen wrote:
> Mail::SPF uses SPF first, and failback to TXT if SPF does not exists
Changed in the latest version, almost 4 years ago.
On 30 Apr 2017, at 10:17, David Jones wrote:
99_mailspike.cf
---
shortcircuit RCVD_IN_MSPIKE_H5 on
score RCVD_IN_MSPIKE_H4 -3.2
score RCVD_IN_MSPIKE_H3 -2.2
score RCVD_IN_MSPIKE_H2 -1.2
score RCVD_IN_MSPIKE_WL -0.82
score RCVD_IN_MSPIKE_BL 1.2
score RCVD_IN_MSPIKE_L2 0.2
On 1 Jun 2017, at 8:28, Loren Wilton wrote:
If he is intending to hide tracking info in the headers, it seems
pointless unless he is also writing an MTA of some sort that will see
the headers. But maybe he didn't think that far, and it was his intent
to hide tracking info. Still, it seems a
On 18 Sep 2017, at 10:57, Chris wrote:
[...]
>> I am receiving many hits on *_IADB_* rules just fine recently for
>> emails
>> from constantcontact.com and others.
>
> I'm receiving rule hits:
>
> TOP HAM RULES FIRED
> RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
> 40
On 18 Sep 2017, at 12:14, Chris wrote:
[...]
> On Mon, 2017-09-18 at 11:11 -0400, Bill Cole wrote:
>> Why are you asking 168.150.251.35 to do DNS resolution for you? It is
>> not authoritative for isipp.com, so presumably you have a specific
>> local config causing you to use
On 19 Sep 2017, at 16:40, Chris wrote:
> Here's the output now of the dig +trace
> tcp0 0
> 127.0.0.1:530.0.0.0:* LISTEN -
>
> tcp0 0
> 127.0.1.1:530.0.0.0:* LISTEN -
>
> udp
On 19 Sep 2017, at 22:36, Chris wrote:
> On Wed, 2017-09-20 at 04:31 +0200, Reindl Harald wrote:
>>
>> Am 20.09.2017 um 02:32 schrieb Chris:
>>>
>>> I then installed dnsmasq (apparently it wasn't installed)
>> frankly clean up your mess - you recently posted dnsmasq as well as
>> named listening
On 20 Sep 2017, at 9:48, Chris wrote:
> From the locate command I found these - https://pastebin.com/ECjZGX1M
AHA!
Apparently Ubuntu (and Debian?) has a package called "dnsmasq-base" which is
installed as a dependency of libvirt, which manages it independently and
autocratically...
2 maybe
On 5 Oct 2017, at 11:21, Richard Nairn wrote:
I am using a rule to detect email with very long links included as I
have seen that those are mostly spam. Some of the messages will
include many copies of the link.
Is there a way to write a meta rule that detects multiple instances of
the same
On 9 Oct 2017, at 13:42, Benny Pedersen wrote:
more help ask on amavisd maillist
Benny: he already said he was using spamc/spamd, which means amavisd
isn't involved at all.
On 27 Sep 2017, at 3:16, Jakob Curdes wrote:
Hello all,
I recently stumbled onto a mail with a Spam link where the FROM header
field looked like this:
From: "Firstname Lastname@" sendern...@real-senders-domain.com>
which is displayed in different ways on different devices but most do
I believed any of those needed to be treated with
greater suspicion than a random unknown sender. None of them would get
mail through to an untagged address on my personal system, but that's an
outlier environment.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpyboz
USER_IN_SPF_WHITELIST, so you're still whitelisting it. Did
you restart amavisd after changing the rules?
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Paying Work: https://linkedin.com/in/billcole
their email address for use in
the From header. DMARC is likely to erode these senders over time but
since the use of 'p=reject' is not a widespread norm, it will take a
while.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currentl
.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
On 28 Nov 2017, at 12:15, Colony.three wrote:
[...]
My God. It's full of stars!
This fixed the spamass-milter problem. And it seems to be the correct
way to fix the hundreds of other SELinux errors I have.
You take this box, and put it through a magic tunnel and see if it
looks right.
, or
StackOverflow is that they are designed specifically to diagnose and
solve SELinux problems and they work really fast...
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
On 22 Nov 2017, at 7:36 (-0500), Martin Gregorie wrote:
On Wed, 2017-11-22 at 00:39 -0500, Bill Cole wrote:
A related and increasingly common (dunno why) source of never
hitting DNSBL rules is a form of firewall/router NAT sometimes
called
"Secure NAT" where inbound connec
anything with it gets stuck.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
to do special processing for non 7-bit ASCII headers.
There's even a SA rule for that: FROM_EXCESS_BASE64
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
n anchored 2-letter RE to match.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
and surname as
a username and many Germanic surnames starting with sch[mlr], so I
expect that 5 consonants in an email address local-part where 'sch' are
the middle 3 characters are quite common.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many
On 20 Nov 2017, at 13:31, Alex wrote:
On Mon, Nov 20, 2017 at 12:58 PM, Axb wrote:
On 11/20/2017 06:26 PM, Alex wrote:
Hi, we have an email that originated from email.dropbox.com and has
a
link to https://hyzas.xss.ht/ which is a "payload to test for
Cross-site
useful, because this is a check of the From header. There are
a large number of people with German surnames who don't use the German
language or live in places where German is the primary language.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many
connections have their source IP's replaced with the
IP of the device handling the NAT. This typically kills any ability of a
MTA or a filter like SA to use DNSBLs or any other anti-spam tactic that
requires knowing the client IP (or the client IP of the last
external-client transport hop.
On 14 Nov 2017, at 13:08, Jari Fredriksson wrote:
> The problem is that SpamAssassin seems to irrational. My original question
> was and is: where does it get it’s resolver?
RTFM.
$ perldoc Mail::SpamAssassin::Conf
[...]
dns_server ip-addr-port (default: entries provided by Net::DNS)
On 2 Nov 2017, at 15:41, Alex wrote:
> Hi,
>
> Is it possible to determine the originating IP address from a yahoo
> email where it appears the user used their web interface?
[...]
> Sometimes there is an x-originating-ip header but there doesn't appear
> to be anything similar here.
You've
On 8 Nov 2017, at 11:16, Dianne Skoll wrote:
On Wed, 8 Nov 2017 11:02:16 -0500
Rob McEwen wrote:
This seems to be catching most of them:
Subject: Invoice [A-Z]{2,3}\d{7}\b
Yes, that'll work. Maybe a better approach is a combo rule that looks
in the headers for
On 8 Nov 2017, at 14:12, Bill Cole wrote:
On 8 Nov 2017, at 11:16, Dianne Skoll wrote:
On Wed, 8 Nov 2017 11:02:16 -0500
Rob McEwen <r...@invaluement.com> wrote:
This seems to be catching most of them:
Subject: Invoice [A-Z]{2,3}\d{7}\b
Yes, that'll work. Maybe a better ap
On 8 Nov 2017, at 14:15, Bill Cole wrote:
Of course that should be:
describe SCC_MIME_BOGUSCT1 Bogus /mixed Content-Type
headerSCC_MIME_BOGUSCT1 Content-Type =~ /^(?
Hmmm... For some reason I do not understand, the anchor doesn't work,
so:
describe SCC_MIME_BOGUSCT1 Bogus /mixed
ix.org/lists.html) where the
active participants include the creator of Postfix and other real
Postfix experts (I just play one on other lists...)
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Wo
's a good fix for a broader range of misbehaviors.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
, research the list's actual purpose and availability.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
der exists but is not
valid
2.3 S25R_4 T_S25R: Bottom of rDNS ends w/ num, next
lvl has num-num
Note that bad Bayes score, which is because my system never sees this
sort of spam.
Also: I noticed something interesting in that spam that I'm working on
rules for...
--
Bill Cole
b...@scc
On 25 Oct 2017, at 12:00, Alex wrote:
Is the only way to submit to spamcop to use their custom email address
assigned to the account, or is there some command-line way to do it?
For all the details of various ways to send mail from the command line,
see the man pages for mail, mailx, and/or
On 24 Oct 2017, at 16:05 (-0400), John Hardin wrote:
> The line break between the header and the ID is unusual, but not invalid.
> That might potentially be a usable spam sign.
No, it isn't. Or at least it wasn't 2 years ago.
--
Bill Cole
b...@scconsult.com or billc...@apache.or
what subscribed address is causing
these and unsubscribe that address (and ban it) from the list.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Paying Work: https://linkedin.com/in/billcole
ecords.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
allow
list,search,readattr,file_inherit,directory_inherit
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
of a user-defined variable name. It would
also work with digits and most other symbols.
SpamAssassin rules also must escape $ or %, which are the other
characters Perl uses before variable names to indicate that they are
variable names.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
On 15 May 2018, at 20:27, Alex wrote:
Hi,
We received another of those phishes as a result of a compromised O365
account.
https://pastebin.com/raw/Fv5NKRAP
Anyone able to take a look and provide ideas on how to block them? It
passes with DKIM_VALID_AU, RCVD_IN_SENDERSCORE_90_100 and
with this one-liner, if all of your config files are in
/etc/mail/spamassassin/:
egrep -hvr
'^(($|[[:space:]]*$|[[:space:]]*#|#)|[[:space:]]*(score|describe|meta|tflags|(mime|)header|body|rawbody|full|uri|if|ifplugin|else|askdns|endif)[[:space:]]*)'
/etc/mail/spamassassin/*.{pre,cf}
Thanks aga
integrity.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole
On 12 Jun 2018, at 3:34, Reio Remma wrote:
Hello!
I just noticed *autolearn=ham* for a message with a positive spam
score. Is that normal?
No, but it is also not especially remarkable. The final operative score
is not the score that is used to determine autolearning.
ase to make it clear that MM today is
much more solid than it was in 2015.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole
ially a full rewrite to keep working on MacOS X given the
ongoing rot in the Carbon APIs.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole
signature.asc
Descript
On 30 May 2018, at 17:19 (-0400), Luis E. Muñoz wrote:
On 30 May 2018, at 13:54, Bill Cole wrote:
On 30 May 2018, at 14:51 (-0400), Grant Taylor wrote:
Since Qualcom transferred the Eudora IP to the Computer History
Museum and open sourced the source code, I expect that we will be
seeing
On 5 Jun 2018, at 4:24, Peter Hutchison wrote:
I have recently upgraded my mail mta servers from Ubuntu 14.04 to
Ubuntu 16.04 but the daily spamassassin cron job is failing to update
the database in
/usr/lib/spamassassin/3.9004001/update_spamassassin_org folder.
That's a very odd version
On 30 May 2018, at 10:00, Palvelin Postmaster wrote:
On 30 May 2018, at 16:48, Antony Stone
wrote:
On Wednesday 30 May 2018 at 15:33:13, Palvelin Postmaster wrote:
On 30 May 2018, at 16:06, Matus UHLAR - fantomas
wrote:
On 30.05.18 15:49, Palvelin Postmaster wrote:
Hitting reply sends
On 30 May 2018, at 8:49, Palvelin Postmaster wrote:
Why does this list apparently use the original From header of the
poster’s message and doesn't set a Reply-To header at all?
1. Traditional standard practice. Doing otherwise in either case would
offend more people than sticking with the
On 30 May 2018, at 10:25, Bill Cole wrote:
On 30 May 2018, at 10:00, Palvelin Postmaster wrote:
On 30 May 2018, at 16:48, Antony Stone
wrote:
On Wednesday 30 May 2018 at 15:33:13, Palvelin Postmaster wrote:
On 30 May 2018, at 16:06, Matus UHLAR - fantomas
wrote:
On 30.05.18 15:49
that.
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not
valid
This isn't an isolated email, it's all of the order confirmations.
Thanks for the heads-up. I haven't seen one like this yet and hopefully
they'll fix their issues soon.
--
Bill Cole
b...@scconsult.com or billc
On 20 Jun 2018, at 11:11, Ian Zimmerman wrote:
> This is probably of interest to readers of this list.
Only very tangentially.
> http://www.openwall.com/lists/oss-security/2018/06/19/3
SpamAssassin does not use Email::Address.
delivery from sender to recipient and are
prepaid by every sender to perform end-to-end delivery.
In most of the Internet-heavy world, no email provider has any of those
supporting features of reliability, even within their own home nations.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA
. To determine why a
message was rejected, you need to look into the actions of whatever is
actually making the decision to act on mail handling based on the
SpamAssassin analysis.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com
t targets spamtraps (most of which can in
theory get small amounts of entirely innocently misdirected email.)
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Paying Work: https://linkedin.com/in/billcole
sign
not in the standard set, short-circuits at least
one rule, and appears to have both Bayes and AWL/TxRep disabled.
2. I don't know if it is justifiable, but the munging of that message
makes it problematic to run as-is.
I wish you success with working out a solution for detecting this spam.
--
Bill
On 19 Oct 2017, at 17:59 (-0400), Alex wrote:
Hi,
On Thu, Oct 19, 2017 at 4:04 PM, Bill Cole
<sausers-20150...@billmail.scconsult.com> wrote:
On 19 Oct 2017, at 15:38 (-0400), Alex wrote:
Third day, third set of false-negatives (20 this time) whitelisted
through mailchimp
On 23 Oct 2017, at 8:37, David Jones wrote:
As far as sharing the Bayes DB, that is a different issue. If you
have your Bayes DB files on the filesystem, then you can rsync them
too from a master but you need to train your ham and spam from the
master. If you want to be able to train your
the sender to do better. My sense is that ESPs engage
ISIPP thinking they are getting an advocate and ambassador to mailbox
providers when in fact they get a teacher/evangelist for sender best
practices.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpyboz
fically*
created for SA because SA *can* take advantage of that level of
granularity)).
As much as I dislike the single/double wording and the use of '100%
opt-in' for mechanisms that are highly fallible, I am not sure that
switching to better wording would be a good idea at this point. The
sunset
On 3 Jan 2018, at 15:42, @lbutlr wrote:
[...]
On 03 Jan 2018, at 12:36, Bill Cole
<sausers-20150...@billmail.scconsult.com> wrote:
About 1.5% of my personal non-spam email over the past 20 years has
had "localhost" as the right hand side of the MID. This implies a de
fac
On 4 Jan 2018, at 21:13 (-0500), @lbutlr wrote:
On 4 Jan 2018, at 11:47, Bill Cole
<sausers-0150...@billmail.scconsult.com> wrote:
On 3 Jan 2018, at 15:42, @lbutlr wrote:
There is no requirement that the right side be globally unique, just
that the entire message ID is globally
On 9 Jan 2018, at 13:47 (-0500), Matus UHLAR - fantomas wrote:
this is a real duplicity...
Semantic note: "duplication" or "redundancy," NOT "duplicity," which is
English for the flavor of dishonesty involving contradictory statements.
--
Bill Co
ter, and a menagerie of scripts that pipe
messages into spamc for checking by spamd. How to troubleshoot your
problem is dependent on what machnism you use.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seekin
ay be as simple
as this:
ln -sf ~debian-spamd/.spamassassin ~root/
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
On 24 Jan 2018, at 9:12, David Jones wrote:
What does everyone think about slowly increasing the score for
SPF_NONE and SPF_FAIL over time in the SA rulesets to force the
awareness and importance of proper SPF?
-1
In every real mailstream I've worked with in the lifetime of SPF, lack
of
dly re-register
"burner" domains that spammers have had their fill of and let expire.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
On 24 Jan 2018, at 14:59 (-0500), David Jones wrote:
On 01/24/2018 01:33 PM, Bill Cole wrote:
On 24 Jan 2018, at 9:12, David Jones wrote:
What does everyone think about slowly increasing the score for
SPF_NONE and SPF_FAIL over time in the SA rulesets to force the
awareness and importance
or Homebrew are great alternatives for building a distinct environment
of open source software (including, if you want, a current and less
pathologically configured Perl environment) and can install SpamAssassin
functionally.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo
e spamhaus updated their nameserver config and
added cloudflare by way of CNAME.
Which is a rather surprising error. Both organizations should know
better.
Thankfully, all the other authoritative NS targets have A and/or
records.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @
and expose them to some degree to the world. Those who have tried to
change policy from inside such an organization might argue that a
multiple-B SPF authorization is neither malicious nor messed up in
itself, but rather merely an admission of a reality which i arguably
messed up but not at a
201 - 300 of 921 matches
Mail list logo