On 06/09/2018 02:24 PM, Pedro David Marco wrote:
I agree with David Jones that DKIM is helpful in here BUT i see oftently
MS switching the order of headers whimsically...
I don't think the order of the headers matters as long as the contents
of the header aren't changed.
Note: White space
On 06/10/2018 12:02 PM, Matus UHLAR - fantomas wrote:
I believe M$ requires users to be authenticated within the domain before
they are allowed to send using your domain.
Is that authenticating to the MS SMTP server with any recognized
account? Or specifically associated with the purported
On 06/08/2018 06:17 PM, John Hardin wrote:
Apparently: (?=...) is true if it matches anywhere after that point,
but it is a zero width assertion. So it matches if it occurs in the ".*"
prior to the Y bit, and it also matches if it occurs *after* the Y bit.
The cool part is it includes a
On 06/08/2018 05:36 PM, RW wrote:
It can be done if you capture inside a lookahead. For example:
Intriguing.
body X_EQUALS_Y /^(?=.*X=(\d+)\b).*Y=\1\b/
Can I ask that you unpack that Regular Expression? Please.
I'm apparently too rusty to unpack it myself.
will match on the strings
On 05/30/2018 09:34 AM, Grant Taylor wrote:
Now to see what sort of DMARC notifications (if any) I get for this reply.
I have received four DMARC auth-failure notifications (thus far) in
response to my message to the SpamAssassin Users mailing list.
It looks like the reports are indicating
On 05/30/2018 08:43 AM, Bill Cole wrote:
Note that changing the From header would break all DKIM signatures and
forcing a Reply-To would break many.
That's where validating & striping DKIM signatures as the message enters
the list comes into play. Preferably followed up with DKIM signing as
On 05/30/2018 12:47 PM, Charles Sprickman wrote:
If I had a better option than some old command-line mess, I’d use it.
Every 3-4 years I go on a hunt for a new Mac mail client and I always
come up empty. I’ve tried MailMate, Thunderbird, Postbox and just keep
coming back to the (neglected)
On 05/30/2018 12:08 PM, RW wrote:
SPF passes on the rewritten envelope address, so it's not aligned and
it's just a matter of whether there's an aligned dkim pass.
It depends on what the Forensic Report ("fo") option is set to in the
published DMARC policy. Domain owners / record publishers
On 05/30/2018 04:02 PM, RW wrote:
OK, but when you said "The failure seems to be a result of how DMARC
amalgamates the two with published policies" I thought you were claiming
some kind of anomalous behaviour.
Ah. Sorry for the confusion.
It's surely obvious that rewriting the envelope
On 05/29/2018 06:31 AM, Rupert Gallagher wrote:
We reject e-mails from both dynamic and unknown domains, and feed the
firewall with their CIDRs. The resulting blacklist includes 919 CIDRs,
and keeps growing by itself. It is all automatic. I think ISPs should do
this filtering, even if the EFF
On 08/30/2018 03:50 PM, Bill Cole wrote:
That will depend on how that particular MTA constructs
its Received headers in relation to the parsing in
Mail::SpamAssassin::Message::Metadata::Received, which is non-trivial
to describe in human language.
Fair enough.
Would it be possible for this
On 08/30/2018 01:08 PM, Bill Cole wrote:
If that MSA is requiring authentication (as it should) and recording
that in the Received header (as it should) then as I understand it,
the handoff of the message will not be considered for __RDNS_NONE.
Okay.
What happens if the MSA isn't using
On 08/30/2018 10:16 AM, Bill Cole wrote:
It's hard to understand this circumstance based on the generic description.
It appears that you have a configuration where a relay is in
trusted_networks (i.e. you believe what it asserts in Received headers)
but it is NOT in internal_networks so it is
On 10/11/2018 01:35 AM, Matus UHLAR - fantomas wrote:
note that spamassassin can run at MTA level, refusing mail when it's
found to be sure spam and tagging when it's not.
Yes.
That's how and why I recommend that people run SpamAssassin if they have
the choice to do so.
I for example run
On 11/04/2018 09:14 AM, Benny Pedersen wrote:
is it a problem ?
i think it should be solved to make configfiles local dns resolved only,
if at all it needs to be dns
so cf changes to cf.localdomain or cf.localhost, not just use cf with is
a valid cctlds :(
is cf.local valid and where ?
i
On 11/04/2018 11:48 AM, Benny Pedersen wrote:
Nov 3 03:22:50 localhost named[2301]: connection refused resolving
'72_scores.cf/NS/IN': 2a04:1b00:6::1#53
Nov 3 03:22:50 localhost named[2301]: connection refused resolving
'72_scores.cf/A/IN': 2a04:1b00:6::1#53
Nov 3 14:59:26 localhost
On 11/04/2018 04:02 PM, Grant Taylor wrote:
I have been downloading a daily lists of newly registered domains
for almost a year.
I have grand plans of turning the data into an RBL (of sorts) that I can
use to artificially add score to young domain names. Something like
last day, last week
On 11/04/2018 02:27 PM, Henrik K wrote:
It does seems wasteful parsing 72_foobar.cf as a legal domain.
Agreed.
Can someone actually register and use a domain with underscore in it?
I don't know.
Does anyone have access to some URIBL data, is something actually listed
with an underscore?
On 10/10/2018 01:56 PM, Tom Hendrikx wrote:
However, in general it's better to use DNSBLs at the MTA level, which
uses a lot less resources than implementing them in Spamassassin. So
try and set them up in postfix first.
I conceptually agree.
However, I prefer to do some RBL testing in
On 01/15/2019 09:24 AM, Kevin A. McGrail wrote:
What is your glue for SA? Is it getting the received header you are
expecting in time for the parsing?
Both SA and my spfmilter are are milters on the same inbound Internet
edge MTA.
I will have to research to see if the header is added by
Does anybody know off the top of their head—don't dig, I'll do that
later—what might cause SpamAssassin to apply SPF processing to earlier
Received: headers (lower in the message source)?
I'm seeing SpamAssassin claim that a message failed SPF processing based
on chronologically earlier
On 01/15/2019 09:36 AM, Bill Cole wrote:
Check both the contents and documentation of trusted_networks,
msa_networks, and internal_networks.
Will do.
If SA thinks a prior hop is through a machine that writes trustworthy
Received headers and is a normal part of your relay path, it will check
On 01/15/2019 12:59 PM, Bill Cole wrote:
There are at many different milters that can use SpamAssassin listed at
https://wiki.apache.org/spamassassin/IntegratedInMta#Integrated_into_Sendmail.
Some links there may be dead.
I am using spamass-milter, and spfmilter, both connected to Sendmail.
On 01/15/2019 11:39 AM, Bill Cole wrote:
This strikes me as a flaw in whatever milter you're using. Some
(e.g. MIMEDefang) milters deal with the fact that they don't get a local
Received header by constructing one from what they know before passing
the message to SA.
The SPF milter is
On 1/15/19 8:02 PM, David B Funk wrote:
It's a bit tricky to implement a milter correctly because people often
don't understand that the message which sendmail hands to a milter is
as-received from the incoming network connection.
Any locally added stuff (EG the "Received:" header) isn't in
On 12/20/2018 10:30 AM, Mark London wrote:
Hi - What's the best rule to catch email with multiple addresses in the
From: line?
¯\_(ツ)_/¯
I realize thatrfc2822allows it.
Does SpamAssassin even handle two true From:addr(esses)? I.e.:
From: ,
Does From:addr contain both of the from
On 12/20/2018 12:34 PM, Grant Taylor wrote:
Does SpamAssassin even handle two true From:addr(esses)?
I'm hoping someone will comment on the above question.
I'll have to go back and read pertinent RFCs to see how
struth...@psfc.mit.edu is interpreted, seeing as how it's outside of
double
On 12/20/2018 03:11 PM, Amir Caspi wrote:
Two or more dots in the From username seems to be rather spammy (and
we've talked about it before on the list).
I feel obligated to comment that my wife's email address (Gmail) has two
dots in it. (Gmail is it's own can of worms for dots as they
On 12/20/18 8:36 PM, Benny Pedersen wrote:
and xxx is a real tld,
Yes.
so you ddos maillist members now
How so?
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
On 12/20/18 6:16 PM, Amir Caspi wrote:
I never intended for the rule to be applied on its own, but far more
likely that it would become part of a meta rule with other spammy
indicators.
Ah. That makes more sense.
That being said, it is your server and you're free to run it however you
On 12/20/18 7:36 PM, Grant Taylor wrote:
I don't know. I'm re-running the command to scan my mailbox extracting
From: addresses. (I'm logging to a file this time.) I'll do some
analysis and let you know.
I don't know what sort of characterization you may want. So here's the
user parts
On 12/20/18 7:54 PM, Amir Caspi wrote:
Are these in the From: header or the envelope-from (Return-Path)?
These are all the From: header.
Some of the ones with equal-signs look like bounce addresses from
envelopes, that would not be in the From header. Or did you just look for
any email
On 12/20/18 7:54 PM, Amir Caspi wrote:
Some of the ones with equal-signs look like bounce addresses from
envelopes, that would not be in the From header.
I'm going back through and analyzing how I'm extracting data and trying
to satisfactorily explain some oddities. I don't think there will
On 12/20/18 8:34 PM, Grant Taylor wrote:
I'm going back through and analyzing how I'm extracting data and trying
to satisfactorily explain some oddities.
Out of 244,921 messages there are 16,528 unique addresses, this is how
the messages break down for
Here's how the dots in the user parts
On 12/05/2018 02:45 PM, John Hardin wrote:
I've added a "too many [ascii][unicode][ascii]" rule based on that but I
suspect it will be pretty FP-prone and will be pretty large if we want
to avoid whack-a-mole syndrome. For this, normalize + bayes is probably
the best bet.
Is it possible to
On 12/05/2018 03:27 PM, John Hardin wrote:
Take a look at replace_rules in the repo (both standard and sandboxes).
Thank you for the reference. replace_rules look very intriguing.
Link - Mail::SpamAssassin::Plugin::ReplaceTags - tags for SpamAssassin rules
-
On 12/3/18 6:08 PM, RW wrote:
I think, as the name suggests, that was multiple "bangs" (a bang
being the character "!"),
I was implying routing like UUCP bang paths. As in host 1 via host 2
via host 3.
Check out (source) route addressing in RFC 822 §§ 6.1 (Address
Specification) Syntax,
On 12/03/2018 11:53 AM, Alan Hodgson wrote:
I've been watching these for a while, and unfortunately there are a
lot of customer-service type systems that send From: addresses with
quoted @domain addresses in them. Many of them do "user@address via"
, but not all.
Sorry, I was talking about
On 12/03/2018 09:56 AM, Andreas Galatis wrote:
How comes that spamassassin doesn’t block mailsenders with 2 @-signs in
the address?
Fist: I don't think that SpamAssassin should block anything on any
single (normal) test. IMHO it should increment the spam score and
something should decide
On 12/03/2018 01:51 PM, Alan Hodgson wrote:
The problem though for phishes is that some user agents (ie. Outlook)
only display the quoted user-friendly part of the address, not the rest
of the From: header. So phishers specifically put a fake
@domainbeingphished.com in quotes so your users
On 12/03/2018 12:38 PM, David B Funk wrote:
Are you talking about the SMTP-envelope From address or the 'Header'
from addreses?
I was originally talking about email addresses in general, be it the
SMTP envelope from address or the machine parsable part of the From:
header, between the angle
On 12/03/2018 12:17 PM, sha...@shanew.net wrote:
Of course, there might still be legit cases of that kind of usage.
I would think that the legit cases are far apart and few in between. I
would expect a very low false positive rate on rules to match multiple @
signs.
--
Grant. . . .
unix
On 12/5/18 5:43 PM, John Hardin wrote:
Potentially, but it's hard to use something like that in regular rule
REs. That sort of smarts would probably need to be in a plugin.
Maybe (from my naive point of view) if not probably (from your more
experienced point of view).
I would think that it
On 12/5/18 7:55 PM, Bill Cole wrote:
Yes. There is no automatic 'shortcircuiting' of rules.
Okay.
You say "automatic". Is there a "non-automatic" way? :-)
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
On 12/05/2018 06:17 AM, RW wrote:
Syntactically, it can be used as long as it's properly quoted or
escaped. The use of such addresses is discouraged under SMTP, but only
with a "SHOULD NOT".
I wonder how many user interfaces will balk at the (Source) Route
Addressing. I mean, if they can't
Is it possible to have per recipient rules (when running spamd &
spamass-milter) that read a (hashed) list of addresses?
I'm pontificating creating tests against To: / CC: addresses to see how
many of them I've added to a list.
Ultimately I'd like to have a (hashed) list addresses that I
Hi Giovanni,
On 11/27/2018 12:56 AM, Giovanni Bechis wrote:
I do not know if it's viable for your own use but amavisd penpal feature
could be an option (https://www.ijs.si/software/amavisd/#features-spam) It
creates a redis database where it correlates outbound msg-id and replies
so it can
On 11/26/2018 06:08 AM, Martin Gregorie wrote:
Write yourself a plugin which looks up a database table of known
addresses. Thats not hard if you know a bit of Perl,
ACK
though the list of incoming addresses sounds too simplistic to be much
use: how would it distinguish between spammers and
On 11/26/2018 02:33 PM, Martin Gregorie wrote:
I think that fear is unfounded
Please don't mistake my laziness as fear. I simply am not motivated
enough to construct a solution that will harvest outgoing recipient
addresses.
I might be interested and motivated enough to (eventually)
On 3/24/19 6:45 PM, @lbutlr wrote:
Which I posted a few messages upthread.
ACK
Is now. Was not then. Was not for many many years. TFC 8314 is very
recent.
I think we may be talking about two different things. I'm talking about
the protocol that went over the port. I think you are
On 3/24/19 12:23 PM, Matus UHLAR - fantomas wrote:
In early 1997, the Internet Assigned Numbers Authority registered port
465 for smtps.[2] Late 1998 this was revoked when STARTTLS was
standardized.[3]
That changed within the last couple of years. Check out RFC 8314.
Link - Cleartext
On 3/24/19 1:00 PM, @lbutlr wrote:
And didn't Microsoft start using it for their non-standard email in Windows 95?
I'm not sure how non-standard Microsoft's use of SMTP-over-TLS (SMTPS /
TCP port 465) is. The closest thing I remember to non-standard nature
was that they were atypical in
On 3/22/19 3:23 PM, Benny Pedersen wrote:
you only need sasl auth
You should do the SMTP Authentication across STARTTLS to protect
credentials.
do not enable sasl auth on port 25, if it lists AUTH on port 25 ehlo,
you will need to remove it in postfix main.cf
enable sasl auth only on
On 3/22/19 1:54 PM, Benny Pedersen wrote:
dont relay mail from port 25,
What do you mean by that?
Are you talking about the TCP connection originating from port 25? Or
something else?
Also, why not?
mails there is final recipient only, not forwared
I disagree.
I see people forward
On 3/22/19 8:01 PM, Kevin A. McGrail wrote:
Noel, please. The personal attacks aren't in keeping with our code of
conduct. Please don't email them to the list.
+1
Let's keep things professional.
IMO and I believe the RFCs back me up, Port 25 should only be used for
local recipients. Port
On 3/22/19 3:29 PM, Benny Pedersen wrote:
custommers wish for port 25 open relay ?
Having unfettered access to send traffic to TCP port 25 is /not/ the
same thing as an open relay.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
On 3/22/19 7:01 PM, Dave Warren wrote:
To me, the big one is this: It sets your users up for failure. If a user
configures their client on a network that allows unrestricted port 25
access and later moves (temporarily or permanently) to a network that
does restrict port 25, they'll get an
On 3/25/19 1:49 PM, Rick Gutierrez wrote:
https://pastebin.com/nsJ4PUBM
It looks like the spam-tag log may have part of what you want.
awk '($7 == "spam-tag," && $11 == "Yes,"){print "From: " $8; print "To:
" $10; print "Score: " $12}'
I don't know how well it will paly when you have
On 3/23/19 2:03 PM, Rupert Gallagher wrote:
I was royally pissed when they introduced port 587 and deprecated port
465. Port 587 is an RFC mandated security loophole. Port 465 is golden.
TCP port 465 has retroactively been returned to official status. It has
two uses, SMTPS, and something
On 2/28/19 9:33 AM, Mike Marynowski wrote:
I'm doing grabs the first available address in this order: reply-to,
from, sender.
That sounds like it might be possible to game things by playing with the
order.
I'm not sure what sorts of validations are applied to the Sender:
header. (I don't
On 2/28/19 12:33 PM, Mike Marynowski wrote:
This method checks the *root* domain, not the subdomain.
What about domains that have many client subdomains?
afraid.org (et al) come to mind.
You might end up allowing email from spammer.afraid.org who doesn't have
a website because the parent
On 2/28/19 1:24 PM, Luis E. Muñoz wrote:
I suggest you look at the Mozilla Public Suffix List at
https://publicsuffix.org/ — it was created for different purposes, but I
believe it maps well enough to my understanding of your use case. You'll
be able to pad the gaps using a custom list.
+1
On 02/28/2019 09:39 PM, Mike Marynowski wrote:
I modified it so it checks the root domain and all subdomains up to the
email domain.
:-)
As for your question - if afraid.org has a website then you are correct,
all subdomains of afraid.org will not flag this rule, but if lots of
afraid.org
On 03/01/2019 01:25 AM, Rupert Gallagher wrote:
A future-proof list that complies with GDPR would automatically rewrite
the To header, leaving the list address only.
Doesn't GDPR also include things like signatures? Thus if the mailing
list is only modifying the email metadata and not the
On 02/27/2019 03:25 PM, Ralph Seichter wrote:
We use some of our domains specifically for email, with no associated
website.
I agree that /requiring/ a website at one of the parent domains
(stopping before traversing into the Public Suffix List) is problematic
and prone to false positives.
On 3/20/19 7:04 AM, piecka wrote:
We've encountered a high false positive rate with MIXED_ES rule for emails
written in Czech language … Slovak … Greek …
Do the MIME headers have any indication of the language?
Can you use create a __test rule that is then used in a meta rule with
MIXED_ES?
On 3/12/19 8:10 AM, Pedro David Marco wrote:
may i ask your opinion about how strong you score links that use HTTPS
in the anchor but really go to HTTP ...
I don't have an opinion, but I do have a question:
Are you referring to the text between the opening and closing anchor
tags indicating
On 3/22/19 10:59 AM, Bruno Carvalho wrote:
Hello Folks.
Hi,
I've just joined this list, i didn't read all rules yet (just some), so
bare with me if my question is misplaced.
Welcome.
I own a small datacenter with 4 uplinks. And i received complains that
some of my clients are using my
On 2/16/19 8:50 AM, David Niklas wrote:
My context was not that email servers were so unique to the internet
that there is only one in the world, rather that they were sufficiently
few that a failure of one, such as VFEmail, is a major problem for a
lot of people.
That is a decidedly
On 02/14/2019 12:11 PM, Pedro David Marco wrote:
I fully agree Kevin but a Disaster Recovery plan is not the same as
a "Sabotage Recovery Plan" the later is much much harder to
implement than the former... :-( and will always have "holes"
To me, there is a big difference in a
On 2/10/19 7:35 AM, @lbutlr wrote:
Don't do it!
Why not?
Seriously, running and maintaining a mail server is practically a
full-time job.
I profoundly disagree.
I spend less than 30 minutes a week administering my email / web / dns /
news / shell servers. I've been spending about the
On 2/14/19 6:02 PM, @lbutlr wrote:
VFE isn’t to blame for the hack, but they are to Balme for losing all
the data,.
Maybe.
If VFE had backups stored off-site via something like Amazon Glacier
with no normal in-band connectivity between the main systems and the
backups, and the hacker went
On 2/15/19 7:11 PM, David Niklas wrote:
Let my put forward a wild idea. What if email was a distributed system
with no 1 point of failure like it was originally designed and then
these super shock stories of mass email slaughter would cease to exist?
Pray tell, how were distributed email
On 2/15/19 7:57 PM, David Niklas wrote:
If I host my own mail it does not effect your mail if my computer and
backups are destroyed.
If I host my mail and yours and my computer and backups are destroyed we
are both affected.
Thus there is no single point of failure.
I'm fairly certain that
On 4/14/19 2:03 AM, Jari Fredriksson wrote:
We have had some discussions of this in the past. But now I became
worried that all SA users do not have access to their border smtp and
are NOT configuring postfix with this: https://pastebin.com/LGkdi7NM
I can tell you for a fact that some
On 6/25/19 10:11 AM, David Jones wrote:
I use PowerDNS Recursor but Unbound or BIND would work fine.
BIND has an option to load zone data from a database. Check out BIND's
Dynamically Loadable Zones support.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic
On 5/3/19 2:02 PM, Bill Cole wrote:
If the signer domain and the From header domain match, a valid DKIM
signature that includes the From header is authentication of the From
header to the limits of DNS trustworthiness and trust in the integrity
of the domain's authority.
Which section of
On 5/3/19 11:41 PM, Bill Cole wrote:
This is all true of any authentication mechanism: if control of
authenticating credentials is lost, the authentication is worthless.
Agreed.
For example, if someone can control the DNS for tnetconsulting.net,
they can very likely get Comodo to reissue
On 5/3/19 5:10 PM, Kevin A. McGrail wrote:
I guess if you lose control of your keys and/or your DNS is compromised,
then yes, you have a DKIM issue.
This brings up a non-repudiation issue introduced by DKIM.
How can you successfully refute a DKIM-Signature if someone has your
signing keys.
On 5/3/19 4:35 PM, RW wrote:
But if you sign it with d=ena.com it wont pass as valid, unless you have
also gained control of the DNS for ena.com.
I was referring to signing it with d=tnetconsulting.net.
I need to reread RFC 6376 to comment further. But at this point, I
think that I could
On 5/3/19 5:51 PM, Kevin A. McGrail wrote:
If your key is compromised, generate another and publish it on DNS.
That requires knowing that the key is compromised.
It really helps to know that an APT is going on to know that your key
has been compromised.
The point being there are reasonable
On 5/3/19 4:47 PM, Kevin A. McGrail wrote:
Unless you have the private key matching the public key in
DNS of a domain, that's the benefit of a DKIM signature.
I was referring to exactly that.
As in the real ena.com being compromised and attackers taking a copy of
their private key.
See
On 5/3/19 9:48 AM, Bill Cole wrote:
An entirely different mechanism (DKIM) exists to verify From headers.
DKIM is only positive confirmation that the (signed) headers (and body
content) has not changed since the signature was applied.
DKIM does nothing to verify the authenticity of what was
On 5/3/19 11:53 AM, David Jones wrote:
Not completely true as long as domain/DNS control is not compromised.
How is it not completely true?
My server can apply a DKIM signature to an outgoing email with a From:
header of djo...@ena.com.
Nothing about my server's DKIM signature verifies the
On 7/2/19 6:42 AM, Kevin A. McGrail wrote:
I can't remember an encoding format like that
That looks like quoted printable at first (undercaffeinated) glance.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
On 7/1/19 6:44 AM, micah anderson wrote:
This sounds like Fast Flux
How is this fast flux?
I thought fast flux was rapidly updating A records on the DNS server
(for a given qname) or updating NS records with the registrar for a
single given domain.
It sounds to me like Sean was talking
On 7/1/19 4:32 PM, Sean Lynch wrote:
I think fast flux came up in reference to a speculation I'd made
regarding why the spammers were using their own nameservers rather than
Namecheap's.
Ah.
I don't think it's particularly off-base to refer to rapid registration
of new domains as fast flux.
On 8/2/19 4:20 AM, Guillaume Demillecamps wrote:
Hello,
Hi,
I am using spamass-milter to have emails going through sendmail being
scanned by spamassassin on my FreeBSD box. I try to use the report_safe
option (either 1 or 2) but it seems it's not doing anything. Email
considered as spam
On 9/27/19 2:11 PM, Ramon F Herrera wrote:
After being away from system administration duties for a long time, I
have returned.
Welcome back.
These are the 3 lines of defense:
(1) Added the lines shown below to the file /etc/mail/sendmail.cf.
I strongly recommend using the mc (m4) based
On 6/30/19 10:51 AM, Martin Gregorie wrote:
If you don't mind a delay in receiving mail from hosts you've never seen
before, why not implement a greylister?
https://en.wikipedia.org/wiki/Greylisting
I see your GreyListing and raise you NoListing:
https://en.wikipedia.org/wiki/Nolisting
On 6/30/19 10:08 AM, Sean Lynch wrote:
Hi, everyone! I used to run my own mail servers back in the mid '90s and
even worked as the postmaster for a regional ISP and worked on mail
servers for some large corporations and even a small national ISP as a
consultant. After a hiatus where I drank
On 6/30/19 12:05 PM, John Hardin wrote:
There's really no infrastructure for it. Somebody would have to hook
into the registrar data feeds to collect it and publish it in a usable
form, and nobody has done so that I am aware of.
Whois Domain Search has some information.
Link - Whois Domain
On 10/3/19 6:01 PM, Rick Cooper wrote:
Can't imagine the circumstance where such a from: format would be required
I've seen people (mis)use it as a way to work around DMARC alignment in
mailing lists. They move the purported senders to the friendly / pretty
name and use the mailing list
On 11/21/19 12:14 PM, Martin Gregorie wrote:
describe SPOOFED_MAYOR Check for spoofed mail from the Mayor
header __SM1 From:name /display name/
header __SM2 From:addr /email address/
meta SPOOFED_MAYOR
(__VM1 && ! __VM2)
scoreSPOOFED_MAYOR 5.0
I like the logic.
On 10/16/19 6:57 AM, Simon Wilson wrote:
So how do I configure it such that if it's an authenticated submission
(587) mail through my mail host at (int)192.68.1.230/(ext)119.18.34.29
further upstream RECEIVED headers are NOT scanned by SA for dynamic IP?
Am I still totally misunderstanding
On 10/4/19 12:22 PM, A. Schulze wrote:
Hi Grant,
Maybe we're talking about different things :-)
Based on your description, I believe we are talking about different
things. Thank you for the clarification.
The OpenDMARC bug could be triggered by this RFC5322.From:
From: user ,
On 10/4/19 6:43 AM, A. Schulze wrote:
that happen from time to time but currently I suspect the sender like
to trigger a Bug in OpenDMARC to generate dmarc=pass for messages that
otherwise would be classified as dmarc=reject.
Based on my understanding of DMARC, which could be wrong, I don't
On 10/4/19 5:41 AM, Reindl Harald wrote:
there is nothing ill advised because otherwise you have no way to see
the original address of the sender
There is nothing ill advised about having the information. There is
unfortunately a potential gotcha if the information is formatted as
"" inside
On 3/3/20 3:40 AM, Marc Roos wrote:
No problem I would say, it is good exchange thoughts and idea's
Agreed.
Strange your webmail should be on https then it is difficult to catch
passwords. I do not have this at al, that peoples passwords get stolen.
Hardly ever. So maybe somewhere something
On 4/11/20 9:49 AM, RW wrote:
I see that the plugin rules don't distinguish between the irresponsible
format of:
From: "Mr Bill (mb...@legitemail.com)"
and more seriously deceptive formats like:
From: "mb...@legitemail.com"
From: "Mr Bill "
I feel like all three examples that
1 - 100 of 201 matches
Mail list logo
