No offense to lepers, but is .science to be avoided? I’ve had email this week
from about 17 different .science domain names, and 13 were blocked because of
ZenBL and the rest turned out to be SPAM anyway.
I’m thinking that I should just refuse connections from any host whose rDNS is
.science…
On Jun 19, 2015, at 1:01 PM, David Jones djo...@ena.com wrote:
From: Philip Prindeville philipp_s...@redfish-solutions.com
On Jun 9, 2015, at 12:29 PM, John Hardin jhar...@impsec.org wrote:
On Tue, 9 Jun 2015, David Jones wrote:
Some of the best and easiest things you can enable
that don’t have valid rDNS mappings (including the A
and PTR records not agreeing).
With this, we avoid ever accepting about 98% of the SPAM that we’d otherwise
receive.
-Philip
On 06/19/2015 01:07 PM, Dianne Skoll wrote:
On Fri, 19 Jun 2015 12:51:28 -0600
Philip Prindeville philipp_s...@redfish-solutions.com wrote:
[stuff]
With this, we avoid ever accepting about 98% of the SPAM that we’d
otherwise receive.
Really? 98%? I find that surprising. We get quite
ed to 104.148.103.2 — which was easy to block with check_url_local_bl() —
or else contained a message-id which had an email address in it followed by:
[a-z0-9\-\.]{1,6}>$
for instance.
-Philip
On Sep 29, 2015, at 10:09 AM, Philip Prindeville
<philipp_s...@redfish-solutions.com> wrote:
> Can you use something like:
>
> header __L_X_NO_RELAY exists:X-No-Relay
> tflags __L_X_NO_RELAY multiple
Actually, that should probably be bounded to somet
I couldn’t get the first 2 lines to work together. I had to resort to:
header __L_X_NO_RELAY ALL =~ /^x-no-relay:/msi
instead for the first line. Is this a known constraint?
-Philip
angle bracket characters are not part of the
msg-id; the msg-id is what is contained between the two angle bracket
characters.
Extracting the operative text: "The "Message-ID:" field provides a unique
message identifier that refers to a particular version of a particular message.
The uniqueness of the message identifier is guaranteed by the host that
generates it […]. The message identifier (msg-id) itself MUST be a globally
unique identifier for a message.”
Obviously a missing Message-ID is hardly unique, and hence this requirement is
not being fulfilled.
Does this warrant scoring the message severely?
I say “yes”.
Anyone else?
-Philip
On Sep 29, 2015, at 10:44 AM, John Hardin <jhar...@impsec.org> wrote:
> On Tue, 29 Sep 2015, Philip Prindeville wrote:
>
>> Can you use something like:
>>
>> header __L_X_NO_RELAYexists:X-No-Relay
>
> Are you seeing empty X-No-Rela
On Sep 22, 2015, at 12:58 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 22.09.2015 um 19:43 schrieb Philip Prindeville:
>> I’m using SA with MdF on Linux (Fedora 22).
>>
>> MdF generates the header “Return-Path: ” for me, so that should
&
On Sep 23, 2015, at 6:35 AM, RW <rwmailli...@googlemail.com> wrote:
> On Tue, 22 Sep 2015 11:43:18 -0600
> Philip Prindeville wrote:
>
>> Hi.
>>
>> I?m using SA with MdF on Linux (Fedora 22).
>>
>> MdF generates the header ?Return-Path: ?
On Sep 24, 2015, at 4:12 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 23.09.2015 um 19:24 schrieb Philip Prindeville:
>> Stating facts here, not giving an opinion. Not sure what’s up for debate.
>>>
>>> if it is empty it's <&g
ded a comment
Sending lib/Mail/SpamAssassin/Plugin/Check.pm
Committed
revision 1338300.
but the bug is marked “RESOLVED FIXED” so I’m confused. Should it be “WONTFIX”
instead?
Thanks,
-Philip
On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
> On 12/29/2015 3:46 PM, Philip Prindeville wrote:
>> On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
>>
>>> On 12/29/2015 3:38 PM, Philip Prindeville wrote:
On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
> On 12/29/2015 3:38 PM, Philip Prindeville wrote:
>> Is there a reason that headers are left with leading spaces?
>>
>> I’ve noticed that I have to write rules as:
>>
>> Su
On Dec 29, 2015, at 2:39 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
> On 12/29/2015 4:29 PM, Philip Prindeville wrote:
>> On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
>>
>>> On 12/29/2015 3:46 PM, Philip Prindeville wrote:
>
On Dec 29, 2015, at 3:15 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote:
> On 12/29/2015 5:12 PM, Philip Prindeville wrote:
>> I did recall that I used the patch here:
>>
>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6360#c4
>>
>> to be able to
ce of “FWS” preceding the first
instance of “utext” in “unstructured”?
-Philip
signature.asc
Description: Message signed with OpenPGP using GPGMail
preceding the first
instance of “utext” in “unstructured”?
-Philip
> On Feb 2, 2017, at 5:06 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
>
> Am 02.02.2017 um 23:41 schrieb Martin Gregorie:
>> On Thu, 2017-02-02 at 15:23 -0700, Philip Prindeville wrote:
>>> Anyone else seeing this?
>>>
>> Yes - in
ently a bunch of files got updated…
-Philip
> so I can dedicated time to the process.
>
> Regards,
> KAM
Good to hear.
While we’re waiting for that, can I just grab Util.pm and Plugin/URIDNSBL.pm
out of trunk, or are there more dependencies than that to splice the fix back
into 3.4.1?
Thanks,
-Philip
Having been through the process of authoring 2 RFC’s, perhaps I can shed some
light on the process for you.
All proposed standards started life as draft RFC’s (this was before the days of
IDEA’s but after the days of IEN’s).
If it were validated by the working group and passed up to the IAB
What an incredible waste of time:
https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19
I actually think I might be dialoging with a highly argumentative variant of
Eliza.
In which case, it’s passed the Turing Test.
> On Feb 12, 2017, at 4:53 PM, Philip Prindeville
> <philipp_s...@redfish-solutions.com> wrote:
>
> What an incredible waste of time:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19
>
> I actually think I might be dialoging with a highly arg
ything but email
addresses themselves—and sometimes not even those correctly, since I’ll see
Spam addresses to Message-Id: values, References: values, etc.
Thanks,
-Philip
. Or, conversely, they could simply not put any full name field in at all
and just use the raw email address…
It’s like someone made the conscious decision to choose the worst of both
worlds…
> On Jul 13, 2017, at 11:49 AM, Philip Prindeville
> <philipp_s...@redfish-solutions.com> wro
Hi.
I’d like to be able to detect duplicated header types in MIME sections.
I think you all have been seeing them too. Is there an easy way to see if a
message contains any MIME sections where particular headers occur more than
once?
Thanks,
-Philip
tp.hughes.net used to receive email
(i.e. be their MXer), then it got switched to mx.hughes.net and this started
happening.
If anyone is a hughes.net user and wants to call out this issue, I’d appreciate
it.
Thanks,
-Philip
the absolute number of
headers of type ‘X-yzzy:’ regardless of their RHS?
I’ve been seeing a lot of Spam recently with duplicative Received-SPF: lines,
but since they are all identical, it’s not nudging the number of @hdrs past one.
Thanks,
-Philip
Sigh… “downside”.
> On Nov 3, 2019, at 2:32 PM, Philip Prindeville
> wrote:
>
> What would be the downsize of having:
>
> my @hdrs = grep($uniq{$_}++, $pms->{msg}->get_header ($hdr));
>
> instead and counting ALL instances of $hdr, not just the unique RHS
What would be the downsize of having:
my @hdrs = grep($uniq{$_}++, $pms->{msg}->get_header ($hdr));
instead and counting ALL instances of $hdr, not just the unique RHS’s?
> On Nov 3, 2019, at 1:51 PM, Philip Prindeville
> wrote:
>
> Hi.
>
> I’m lookin
> On Jan 4, 2020, at 11:57 AM, Bill Cole
> wrote:
>
> On 3 Jan 2020, at 17:45, Philip Prindeville wrote:
> [...]
>
>> One other question that occurs to me: why would we even need > http-equiv=“Content-Type” …> if we already have a Content-Type: header
eaders? (Is there an
easy way to see what exists:Received-SPF is evaluating as?)
If that’s the case, it would seem to be a shortcoming.
Can anyone confirm that’s indeed what’s happening?
Thanks,
-Philip
> On Jan 3, 2020, at 3:45 PM, Philip Prindeville
> wrote:
>
>
>
>> On Jan 2, 2020, at 4:08 PM, Philip Prindeville
>> wrote:
>>
>> I’m getting the following Spam.
>>
>> http://www.redfish-solutions.com/misc/bluechew.eml
>>
gt;>
>> "exists" is a boolean, it's reasonable that it only returns one hit
>> regardless of the number of instances present.
>>
>> Try this instead, to actually match the header(s):
>>
>> header __L_RECEIVED_SPF Received-SPF =~ /^./
>
> That should be:
>
> header __L_RECEIVED_SPF Received-SPF =~ /^./m
Seems to work either way!
Thanks, everyone.
-Philip
> On Jan 2, 2020, at 4:08 PM, Philip Prindeville
> wrote:
>
> I’m getting the following Spam.
>
> http://www.redfish-solutions.com/misc/bluechew.eml
>
> And this is notable for having:
>
>
>
> GUID1
> GUID2
> GUID3
> GUID4
> …
>
One
“approximates” wouldn’t be
sufficient because of the shuffling in the ASCII space as well.
Has anyone else considered approximate string matching?
Thanks,
-Philip
ct.sendgrid.net
>
> Inside your loca.cf
>
> And while you are at it also add:
>
> util_rb_2tldpage.link
>
> Bye, Raymond
Hmmm… not my experience.
I’ve been calling out phishing from the same (IP) address for 10 days without
any apparent (observable) action from Sendgrid.
At this point I’m wondering if they have compromised relays.
-Philip
I just add an extra 5.0 points for coming from Sendgrid now so it goes straight
to the Junk folder.
Users can pull it out of there if they really want it.
Sendgrid is becoming to ASP’s what OVH and Softlayer are to ISP's.
> On Jun 27, 2020, at 3:56 AM, Niels Kobschätzki wrote:
>
> Sendgrid
> On Aug 21, 2020, at 1:28 PM, Rob McEwen wrote:
>
> ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for
> Sendgrid-spams!
>
> ...a collection of a new TYPE of DNSBL, with the FIRST of these having a
> focus on Sendgrid-sent spams. AND - there is a FREE version of
Free Speech doesn’t require anyone to pay for your soap box or megaphone.
But Spam is exactly that: having other people subsidize your speech through the
theft of services.
> On Nov 19, 2020, at 2:25 PM, Kevin A. McGrail wrote:
>
> Afternoon Everyone,
>
> So over the years, I have gotten a
Actually, the notion is much older than that… 12th or 13th century I believe.
Students of universities (like Oxford or Sorbonne or Geneve) would get
together, interview professors, and pay them directly.
There was no “administration”. The professors marketed their knowledge and
insight
> On Nov 15, 2020, at 11:48 AM, Dominic Raferd wrote:
>
>
>
> On Sun, 15 Nov 2020, 18:27 Philip Prindeville,
> wrote:
> Is anyone else using this database?
>
> I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to
> block countries
Is anyone else using this database?
I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to block
countries since Maxmind retired support for GeoIP on RHEL.
But I keep running into cases where parts of the database are very obviously
wrong. It’s showing about 50% of
-agent.conf
Which contains one line:
logfile none
Anyone else seeing a similar issue or know a fix?
Thanks,
-Philip
Asked and answered:
http://forum.centos-webpanel.com/index.php?topic=5505.0
Need to open outgoing port 2703 (TCP) for the mail server.
> On Aug 14, 2021, at 12:37 PM, Philip Prindeville
> wrote:
>
> Hi all,
>
> A few days ago, I started seeing this in my /var/log/maillog:
> On Nov 16, 2021, at 8:03 PM, Henrik K wrote:
>
> On Tue, Nov 16, 2021 at 01:08:16PM -0700, Philip Prindeville wrote:
>>
>> Or http.sh points to an NS that's offline...
>
> Your resolver shoukd time out _way_ sooner than some minutes.
>
>>
> On Nov 12, 2021, at 8:49 PM, John Hardin wrote:
>
> On Fri, 12 Nov 2021, Philip Prindeville wrote:
>
>> I got the message, saved it to a flat file, and ran "spamassassin -t -D
>> rules < netdev.eml" and saw:
>>
>> ...
>>
> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote:
>
>
> Philip Prindeville writes:
>
>> Ah, the rule _eval_tests_type11_pri0_set1() took 4:20.
>>
>> Why can't I even find the rule?
>
> That looks very familiar. I was having timeouts, and saw that
Nov 15 16:16:00.876 [54834] dbg: async: timing: 385.726 X NS:http.sh
...
Why would resolving http.sh take this long? And can we bring down the timeout?
Hard to imagine DNS requests taking more than a couple of seconds.
-Philip
> On Nov 16, 2021, at 3:30 AM, Martin Gregorie wrote:
>
> On Mon, 2021-11-15 at 17:12 -0700, Philip Prindeville wrote:
>>
>>
>>> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote:
>>>
>>>
>>> Philip Prindeville writes:
>&g
Replies... some duplication of conversation on "mimedefang".
> On Nov 15, 2021, at 10:34 PM, Bill Cole
> wrote:
>
> On 2021-11-15 at 18:08:20 UTC-0500 (Mon, 15 Nov 2021 16:08:20 -0700)
> Philip Prindeville
> is rumored to have said:
>
>>> On Nov
> On Nov 15, 2021, at 11:12 PM, Henrik K wrote:
>
> On Mon, Nov 15, 2021 at 04:25:55PM -0700, Philip Prindeville wrote:
>>
>>
>>> On Nov 12, 2021, at 10:35 PM, Henrik K wrote:
>>>
>>> On Fri, Nov 12, 2021 at 07:49:00PM -0800, John Hardin wr
"e"
Should this be capped to a maximum number of matches the way __HIGHBITS is?
And I'm not sure I want messages that haven't been fully scanned being
delivered. Should I crank TIME_LIMIT_EXCEEDED to 20.0?
Thanks,
-Philip
o me decades ago: "Problem's leaving
> here fine!"
>
> Google should practice what they preach: SANITIZE USER INPUT. Instead, their
> careless attitude presents a security threat to us all.
>
> -- Jared Hall
>
What... you mean "do no evil" is just lip-service? I'm so... so...
disillusioned!
-Philip
> On Nov 30, 2021, at 1:10 PM, Matija Nalis wrote:
>
> On Tue, Nov 30, 2021 at 12:03:15PM -0700, Philip Prindeville wrote:
>>> On Nov 17, 2021, at 9:50 AM, Bill Cole
>>> wrote:
>>> SpamAssassin rules are not laws in any sense. They do not prescribe o
records... So how is
this score arrived at?
And of Ham, how much of it has a valid SPF?
And of Spam, how much of it lacks a valid SPF?
Has anyone run some numbers?
Thanks,
-Philip
, which is also ASCII-friendly,
i.e. instead of Latin1 etc. or raw 8bit characters.
-Philip
> On May 11, 2022, at 1:44 AM, Henrik K wrote:
>
> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>> See my original message.
>>
>> I can't think of a single way to match each header, and then test for any of
>> them not matching the
> On May 11, 2022, at 1:53 AM, Henrik K wrote:
>
> On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
>> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
>>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>>>> See my
> On May 11, 2022, at 9:24 AM, John Hardin wrote:
>
> On Tue, 10 May 2022, Philip Prindeville wrote:
>
>> Anyone have a rule to detect the following nonsense headers seen in this
>> message I got?
>>
>> Return-Path:
>> Received: from cp24
> On May 11, 2022, at 1:53 AM, Henrik K wrote:
>
> On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
>> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
>>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>>>> See my
> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote:
>
> On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
>>
>> You're correct that they're different in every message received.
>>
> So write a rule that fires on any header name that *doesn't
. I really need to examine the headers one-by-one.
Thanks,
-Philip
> On May 10, 2022, at 4:58 PM, Kevin A. McGrail wrote:
>
> On 5/10/2022 6:10 PM, Philip Prindeville wrote:
>> Anyone have a rule to detect the following nonsense headers seen in this
>> message I got?
>
> Interesting. Those look more like something that Bayesia
> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote:
>
> On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
>>
>> You're correct that they're different in every message received.
>>
> So write a rule that fires on any header name that *doesn't
Oh, and this is on Fedora, so I'm running 3.4.6...
> On Apr 24, 2023, at 2:32 PM, Philip Prindeville
> wrote:
>
> Hi,
>
> I have the following line:
>
> whitelist_from_rcvd *@ceipalmm.com mailgun.net
>
> And tried it on a message that had:
>
>
Insights?
Thanks,
-Philip
> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote:
>
>
>
> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>> On Apr 25, 2023, at 6:28 AM, Bill Cole
>>> wrote:
>>>
>>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0
> On Apr 25, 2023, at 6:28 AM, Bill Cole
> wrote:
>
> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600)
> Philip Prindeville
> is rumored to have said:
>
>> I thought the matching included subdomains, and seem to remember that
>> wor
> On Apr 28, 2023, at 12:17 PM, Philip Prindeville
> wrote:
>
>
>
>> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote:
>>
>>
>>
>> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>>> On Apr 25, 2023, at 6:28 AM, Bill Cole
&
> On May 1, 2023, at 3:48 AM, Reindl Harald wrote:
>
>
>
> Am 30.04.23 um 20:54 schrieb Philip Prindeville:
>>> On Apr 28, 2023, at 12:17 PM, Philip Prindeville
>>> wrote:
>>>
>>>
>>>
>>>> On Apr 28, 2023, at 10:
Is there a way to add scoring that says, "If the sending domain has DKIM
records, but there's no DKIM signature on this message, then attach a high
score to it?"
We seem to attach negative scores when DKIM is present and valid, but what
about the opposite direction?
If it's absent, but it
> On May 2, 2023, at 9:37 AM, Thomas Johnson wrote:
>
>
>> On May 2, 2023, at 8:27 AM, Philip Prindeville
>> wrote:
>>
>> Is there a way to add scoring that says, "If the sending domain has DKIM
>> records, but there's no DKIM signature o
We're being blacklisted by att.net with the following message:
(reason: 550 5.7.1 Connections not accepted from servers without a valid
sender domain.flph840 Fix reverse DNS for 24.116.100.90)
I don't know what the hell is up with these pinheads:
philipp@ubuntu22:~$ dig -tmx
in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
- --
-
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollu...@p6m7g8.com) c: 703.336.9354
VP Apache
related to spamassasin and ldap.
Thanks.
Philip S. Hempel
be used for getting the schema instead?
Thanks
Philip S. Hempel
be of help.. If anyone needs the Perl -V I can send
it as well
Thanks in advance this is really kicking my butt..
Philip S. Hempel
Paolo Cravero as2594 wrote:
Philip S. Hempel wrote:
Did you copy'n'paste this or retype?
user_scores_dsn
ldap://locahost/dc=qmailldap,dc=lh,dc=com?spamassassin?sub?uid=__USERNAME__
locaLhost, perhaps?
Let us know...
pc
It was a copy from . The whole problem
Hi.
I have something that looks like:
whitelist_from_rcvd v...@yandex.ru vger.kernel.org
blacklist_from *@yandex.ru
And I only ever seem to see the 2nd rule being hit, but not the first.
What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I
> On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote:
>
> On 27.03.24 20:56, Philip Prindeville via users wrote:
>> I have something that looks like:
>>
>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org
>>
>> blacklist_from *@yandex.ru
>
> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas
> wrote:
>
>>> On 27.03.24 20:56, Philip Prindeville via users wrote:
>>>> I have something that looks like:
>>>>
>>>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org
>>&g
> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas
> wrote:
>
>>> On 27.03.24 20:56, Philip Prindeville via users wrote:
>>>> I have something that looks like:
>>>>
>>>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org
>>&g
301 - 385 of 385 matches
Mail list logo