On 2017-02-11 18:11, David Jones wrote:
> >pyzor_options --homedir=/usr/local/pyzor
>
> >What am I doing wrong?
>
> You were close. No equals sign:
>
> pyzor_options --homedir /usr/local/pyzor
But the pyzor help text (shown when run without args) tells me there is
an equal sign. Besides,
Given a piece of horrible spam, on which RBL is the sending IP address
likely to appear first?
I want to rationally decide which RBL/s to consult at SMTP time. Afraid
to use all of them, not just due to false positives, but also due to
negative caching in DNS, which could affect the result when
This may have been part of the reason why I stopped using pyzor. Taking
a second look now, but the configuration still seems somewhat less than
obvious.
I want to set the pyzor "homedir", that is the directory where the
servers file lives. I tried (in local.cf):
pyzor_options
I want to use RP_MATCHES_RCVD in a meta rule. I thought I'd check its
definition before I plunged in and wrote any code, so I grepped in
/usr/share/spamassassin where all the original rules seem to live on my
system (debian jessie). But all the hits are either for
__RP_MATCHES_RCVD (which I
On 2016-09-05 21:31, Axb wrote:
> In what file do you see T_RP_MATCHES_RCVD ?
[1+0]~$ cd /usr/share/spamassassin/
[2+0]spamassassin$ fgrep T_RP_MATCHES_RCVD *
72_active.cf:##{ T_RP_MATCHES_RCVD if version >= 3.003000 ifplugin
Mail::SpamAssassin::Plugin::WLBLEval
72_active.cf:header
On 2016-09-05 20:38, li...@rhsoft.net wrote:
> > Since I have seen other rules in results with the T_ prefix (for example
> > T_DKIM_INVALID) I think it must be some kind of convention with an
> > accepted meaning. What is this conventional meaning, and how do these
> > rules relate to the ones
On 2016-09-05 12:21, John Hardin wrote:
> header __RP_MATCHES_RCVD eval:check_mailfrom_matches_rcvd()
>
> ...which means you'd need to go digging around in the perl code to find
> out what it's doing.
>
> Basically, it's a check that the return-path (the SMTP "MAIL FROM"
>
On 2016-09-05 16:14, @lbutlr wrote:
> > but -1.653 is just a bad joke because it means every homeuser which
> > manages to get some DNS records fine (as well as every spammer which
> > registers a ton of domains and cheap hosts) get a large benefit
> > compared to any professional mainatained
On 2016-09-12 11:06, John Hardin wrote:
> Consider greylisting.
This will depend on the OP business needs, but a poor man's version of
graylisting is to just delay deliveries unconditionally for a couple of
minutes. (I use 2 minutes). If you do this in the MTA make sure the
delay is before SA
On 2016-10-20 08:34, simplerezo wrote:
> My understanding is that AWL is helping frequent senders who are known
> to not send spam to "reduce" their spam score, preventing false
> positive. That's exactly what I want to rely on for my rules: adding
> score for mail with "invoice" pretention and
On 2016-11-22 14:54, Eric Abrahamsen wrote:
> Can anyone tell me why it's scored so heavily? Would it be a bad idea
> to just drop it down to -1.5 or something?
I score it as 0, and I think a number of others on this list (with much
more expertise than me) do the same.
--
Please *no* private
On 2016-11-25 13:57, Bill Cole wrote:
> It LOOKS like that is being generated by a PHP script on the host that's
> delivering it, which appears to be running some atrocious mail handler
> calling itself 'nullmailer' that doesn't do Received headers in any
> useful way.
FWIW nullmailer is a
On 2016-11-21 14:27, @lbutlr wrote:
> It’s unclear why you are doing this, but if you want to run SA after
> delivery then the time to do that is in your LDA. *HOW* to do that,
> depends on your LDA. If you are using dovecot, then you can call SA
> from sieve. If not, you can setup procmail as an
On 2016-11-18 21:18, MRob wrote:
> I am looking at a system where SpamAssassin is called out from the
> delivery agent. I know there will be a difference here in terms of the
> envelope information but I'm not familiar enough to know the pitfalls of
> this versus calling SA from the postfix
On 2016-12-15 11:32, Kevin A. McGrail wrote:
> I'm a fan of MIMEDefang but I am not very familiar with Arch Linux so
> I don't know what mta you are using nor it's capabilities.
By now I have heard of MIMEDefang many times, and each time I wanted to
try it. But it seems to require the milter
On 2017-01-03 13:47, Antony Stone wrote:
> Given the increasing usage of Google-based business email services
> (and others, similar), wouldn't that tend to prevent you being able to
> manipulate the Message-ID header, because you are no longer in charge
> of the outbound server used by senders
I have a frequent correspondent on AOL. I have whitelisted her with
whitelist_auth my...@aol.com
and that is in fact the address on her mails (both envelope and From:).
But the whitelist rule doesn't fire, even though DKIM_VALID _does_
fire. How so?
I noticed that the domain with which AOL
On 2016-12-31 20:20, RW wrote:
> Yes, whitelist_auth requires DKIM_VALID_AU. The use of the subdomain
> is something that's allowed under DMARC.
> whitelist_from_dkim my...@aol.com mx.aol.com
Thanks! That explains things to a large degree.
Now, what about the case when envelope and header
All mail I get from yahoo customers [1] scores on T_DKIM_INVALID, and
always has. Why?
Maybe I can prepare a spample, but it will take some work to find a
privacy friendly specimen, since it obviously can't be altered.
[1] same for hotmail, while other big domains get DKIM_VALID.
--
Please
On 2016-12-24 19:50, Michael Orlitzky wrote:
> > All mail I get from yahoo customers [1] scores on T_DKIM_INVALID,
> > and always has. Why?
>
> Is there any correlation between the DKIM result and the size of the
> message?
Hmm. I got a few more messages from those domains and they seem to be
On 2016-12-24 16:32, Groach wrote:
> I have just done a test and do not get the same results as you. My
> yahoo incoming emails pass ok:
And yours passed for me, too. So it's only a subset of yahoo senders,
apparently :-(
> This might explain it:
> http://spamassassin.1065346.n5.nabble.com/
On 2017-04-20 17:31, Robert Steinmetz AIA wrote:
> >>> thelma@thelma:~$ echo $PATH
BTW, do you have any connection to the Thelma who's asking a constant
stream of close-to-newbie questions in the Gentoo user mailing list?
It's not that common a name, so forgive me for the short-circuit in my
On 2017-04-18 10:17, Robert Steinmetz wrote:
> tty is in /usr/bin
But it is stty, not tty, which fails to be found. And stty is
(normally) in /bin. So it looks a lot like /bin (and probably /sbin) is
missing from the PATH.
This could be related to the long-advertised switch to a unified
On 2017-08-03 10:38, sha...@shanew.net wrote:
> The most common ones that I make use of are "multiple" and "maxhits"
> in order to allow a rule to be scored for each time it hits, but to
> stop counting after some threshold. I also use the "net" tflag so
> that RBL checks only run when a
On 2017-08-14 20:08, Scott wrote:
> I would like to turn around and put those individual messages back
> into mbox format, again, without changing their original headers.
The first question is: why? sa-learn works on just about any format:
individual messages, multiple messages in a flat
On 2017-07-15 11:59, Antony Stone wrote:
> Maybe other people have further optimisations.
With awk already part of the pipeline, all those seds are screaming for
a vacation.
Also, isn't the following command just a no-op?
sed -n p
A couple of quick tests failed to detect any difference from
On 2017-07-15 12:19, David B Funk wrote:
> Another way to use that data is to extract the hostnames and feed them
> into a local URI-dnsbl.
> Using "rbldnsd" is an easy to maintain, lightweight (low CPU/RAM
> overhead) way to implement a local DNSbl for multiple purposes (EG an
> IP-addr based
On 2017-07-27 13:08, Rupert Gallagher wrote:
> The rfc prescribes (MUST) the use of your public domain in the domain
> part of your mid.
If you mean RFC 5322, this is not true. Section 3.6.4:
The message identifier (msg-id) itself MUST be a globally unique
identifier for a message. The
On 2017-07-26 02:48, Rupert Gallagher wrote:
> When a mail arrives without mid, either the sender did not use a real
> SMTP server or tried to hide it. We have a custom SA rule for it. We
> also reject upfront any mid with a syntax error, or whose domain does
> not have a rdns (eg.
On 2017-08-08 15:20, Scott wrote:
> Another new one big score, auto-learn disabled. This one is fairly small.
>
> X-Spam-Status: Yes, score=29.428 tag=- tag2=5 kill=6.4
> tests=[DATE_IN_PAST_03_06=1.076, DCC_CHECK=3.2,
> DIGEST_MULTIPLE=0.001,
> FILL_THIS_FORM=0.001,
On 2017-08-06 10:37, Scott wrote:
> Centos7
> Posftfix 3.2.2
> Amavisd 2.11.0
> spamassassin-3.4.0
> To: r...@mail2.myserver.com
> From: logwa...@mail2.myserver.com
Since these are locally submitted messages (i.e. not SMTP), IMO the best
and cleanest way to deal with it is to tell the MTA not
On 2017-06-26 16:17, RW wrote:
> > One runs exim and inserts Return-Path: , the other runs sendmail and
> > inserts Return-path: .
>
> That's strange, the Sendmail in the FreeBSD base that handles my local
> mail uses Return-Path.
You're right, I got it backwards. Sorry 8-0
--
Please *no*
I would like to unify my user_prefs file on two different servers.
One runs exim and inserts Return-Path: , the other runs sendmail and
inserts Return-path: .
So, is the setting case-sensitive?
--
Please *no* private Cc: on mailing lists and newsgroups
Personal signed mail: please _encrypt_
On 2017-05-05 16:00, Merijn van den Kroonenberg wrote:
> So the only thing I want with the envelop from is to extract the
> domain and test if the mail was DKIM signed (and valid) by that
> domain.
>
> This tells me the envelope from is not some random spoofed address,
> but actually controlled
On 2017-09-19 19:53, David B Funk wrote:
> So now you have -two- dnsmasq kits, one installed by "apt" and managed
> thru the "systemctl" tools, and another one that somebody put there
> which is outside the realm of "apt" & "systemctl" (thus they don't
> know how to manange it).
>
> You should
On 2017-09-20 17:02, Chris wrote:
> So, IIUC it would be a good idea to remove the resolv.conf symlink in
> /run/resolvconf ?
Definitely _not_ a good idea while the resolvconf package is installed.
What I meant was remove the package first, then clean up.
--
Please don't Cc: me privately on
On 2017-09-15 13:32, RW wrote:
> The default is 500kB for spamc, 256kB is a default for sa-learn.
I have asked this before:
Does this mean 500 * 1000 bytes or 512 * 1024 bytes, or something else
still?
(this is relevant when configuring other stuff which only understands
straight byte counts
On 2017-09-20 11:15, Martin Gregorie wrote:
> I don't know why you'd want to do that since you should be running
> named instead of dnsmasq.
>
> Delete the version you just installed via the apt package manager and
> do a search and destroy mission to get rid of both the other copy of
> it and
On 2017-10-04 10:52, David Jones wrote:
> I bet this user signed up for this email somehow, possibly a while ago and has
> forgotten about doing so. So many times, when you register for accounts on
> websites, the check box to opt-in to a mailing list is already checked and
> most
> users don't
On 2017-09-08 10:56, Steven Conrad Bayer wrote:
> is the Pyzor network down again?
Works for me now:
ahiker!2 itz$ pyzor check <
Mail/mail.net.spamassassin.users/new/1504861340.17441_1.ahiker
public.pyzor.org:24441 (200, 'OK') 0 0
but it was down earlier this week, as discussed in
On 2017-09-04 20:11, Alex wrote:
> I'm curious about the options people use for configuring pyzor with
> SA? I've always just had it with --homedir /etc/mail/spamassassin but
> I wanted to make sure I wasn't missing something.
pyzor works fine without any configuration, or with an empty
On 2017-09-12 12:33, RW wrote:
> It is a bit confusing, but it's not that the .pyzor directory is use
> inconsistently, it's that pyzor defines
>
> --homedir=HOMEDIR configuration directory
The confusing part is the spelling of the option. The mistake is clear
from the last line quoted
I started running an open pyzord instance on the host whose domain is my
email domain, on the "normal" port (the one in the example config file).
My main goal is to get familiar with the operation of the server so I
can contribute to the development, but maybe we can do some useful
filtering too!
On 2017-10-12 09:25, AJ Weber wrote:
> So I'm sure they have some "secret sauce" and I'm not asking for that
> to be revealed, but since pyzor is supposedly using their database,
> I'm just trying to figure out if there's a way to get my SA filter to
> improve even further and close the gap?
I
~$ rblcheck 81.17.24.158
81.17.24.158 not listed by sbl.spamhaus.org
81.17.24.158 listed by xbl.spamhaus.org
81.17.24.158 not listed by pbl.spamhaus.org
81.17.24.158 not listed by bl.spamcop.net
81.17.24.158 not listed by psbl.surriel.com
81.17.24.158 not listed by dul.dnsbl.sorbs.net
[I wanted
On 2017-11-18 15:46, Mark London wrote:
> FWIW: It seems to me that HK_RANDOM_FROM should trigger on an email
> address like this:
>
> mqsjkeqgy...@sina.com
>
> But it doesn't. Yet it does trigger on this:
>
> dxn...@sina.com
The first one contains vowels in the local part.
--
Please
I know that in some cases at least spamassassin relies on perl modules
that are independent of the spamassassin project. Is there such a
module for extracting URLs from a message body?
OTOH, if that code is specific to spamassassin where in the source tree
can I find it?
Sorry for this slightly
On 2018-05-09 13:08, Eggert Ehmke wrote:
> > Wild stab - maybe they're entering the system already with
> > ***SPAM*** in the subject?
> The mail also originated from the same server.
All the more reason to suspect the "wild stab" is correct.
In my experience this is quite common on some
On 2018-05-30 15:49, Palvelin Postmaster wrote:
> Why does this list apparently use the original From header of the
> poster’s message and doesn't set a Reply-To header at all?
Because that is the only right way.
A list manager has no business modifying the contents of posted
messages. It
On 2018-05-31 12:25, Antony Stone wrote:
> Anyone is free to set a Reply-To header in the emails they send. This
> will be preserved by the list server.
>
> I believe both Ian and Bill are doing this, yes.
Correct. But Reply-To doesn't mean "follow up with list posts to this
address"; it
On 2018-05-02 14:03, John Hardin wrote:
> Or maybe "He's still moving towards the keyboard! LART him again!"
I thought the funniest part was the last line.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately
On 2018-01-24 18:10, Bill Cole wrote:
> 1. Mail with an envelope sender domain that has no SPF record is more
> likely to be spam than the overall mail stream.
>
> 2. Mail whose envelope sender domain has a published SPF record which
> repudiates the sending IP is more likely to be spam than the
On 2018-01-14 17:07, Per Jessen wrote:
> AFAIK, bind does not accept NS records with CNAMEs, only A or
> records. It looks like spamhaus updated their nameserver config and
> added cloudflare by way of CNAME.
I am getting these, too. With other news in the last few weeks, are
things
On 2018-01-14 19:30, Alex Lasoriti wrote:
> > things falling apart at spamhaus?
>
> Not that I am aware of :) The infrastructure keeps consolidating
> and things are getting stronger and stronger! What other news are you
> referring to ?
I probably had lodged in my memory (what remains of it)
What is this ***UNCHECKED*** goo in the subjects? Has someone played
with the list manager configuration?
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the
On 2018-02-23 22:32, Amir Caspi wrote:
> So, I've been trying to tweak my setup and noticed that VERY few of my
> emails are being autolearned as spam, even when their spam threshold
> is far above the autolearn threshold. The threshold is set to 12; I
> just saw a spam with score >25 not being
On 2018-02-20 22:20, Alex wrote:
> Hi,
>
> Does anyone know what could be causing this? This is on fedora with
> pyzor-1.1.0-1.20170904gitd14e980
>
> Feb 20 22:08:07.475 [28639] dbg: pyzor: network tests on, attempting Pyzor
> Feb 20 22:08:13.098 [28639] dbg: pyzor: pyzor is available:
On 2018-01-03 14:36, Bill Cole wrote:
> I have run an environment where each MTA node in the external gateway
> layer would add a MID with its own FQDN to any message passing through
> missing a MID. Those names could not be resolved in the world at
> large, but they were absolutely valid and
This is probably of interest to readers of this list.
http://www.openwall.com/lists/oss-security/2018/06/19/3
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which
On 2018-03-09 09:26, David Jones wrote:
> RAZOR like DCC and PYZOR shouldn't be used as a sole source of
> determining spam. These are indicators that combine with other rule
> hits and scores to be one of many factors. If the score was 10 or
> more then you would worry about reporting FPs.
This little pearl got through upstream filter on a mailing list.
https://pastebin.com/JhDGvAAA
I show the body only, but the MIME headers were:
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Also:
From: yourfrugalstore
Message-ID:
On 2018-11-16 09:52, Matus UHLAR - fantomas wrote:
> such spam should be filtered at mailing list level before this happens.
And it almost always is. Not in this case.
> what can help you
> - BAYES
understood, I am trying to do without Bayes for now, because I want to
avoid the maintenance
On 2018-12-16 08:30, Kevin A. McGrail wrote:
> > add_header all Report _REPORT_
> This can cause issues though. That feature is not header safe to my
> knowledge.
_TESTSCORES_
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or
On 2018-12-23 17:02, Rick Macdougall wrote:
> I'm just going to jump in here and mention that I train my bayes in SA
> and in Thunderbird email client.
>
> Thunderbird catches 99%+ and SA catches under 60% with the same
> training data.
Have you also compared the rates of False Positives?
--
Can anyone think of a quick way to flag identical emails posted to
multiple mailing lists under different message-ids? I guess I'd need
something like a local instance of DCC, do you agree? Anything simpler
than just taking the real DCC and configuring it for this special
purpose?
--
Please
On 2019-02-15 16:07, Claudio Kuenzler wrote:
> The man page calls it "will be returned unprocessed"
> What does that mean for Postfix, what kind of response does it get from
> spamc?
It depends on how spamc is invoked. Please read the whole manpage.
If you invoke it just for the exit status,
101 - 166 of 166 matches
Mail list logo
