.science the new leper of TLD's?

No offense to lepers, but is .science to be avoided? I’ve had email this week from about 17 different .science domain names, and 13 were blocked because of ZenBL and the rest turned out to be SPAM anyway. I’m thinking that I should just refuse connections from any host whose rDNS is .science…

Re: Must-Have Plugins?

On Jun 19, 2015, at 1:01 PM, David Jones djo...@ena.com wrote: From: Philip Prindeville philipp_s...@redfish-solutions.com On Jun 9, 2015, at 12:29 PM, John Hardin jhar...@impsec.org wrote: On Tue, 9 Jun 2015, David Jones wrote: Some of the best and easiest things you can enable

Re: Must-Have Plugins?

that don’t have valid rDNS mappings (including the A and PTR records not agreeing). With this, we avoid ever accepting about 98% of the SPAM that we’d otherwise receive. -Philip

Re: Must-Have Plugins?

On 06/19/2015 01:07 PM, Dianne Skoll wrote: On Fri, 19 Jun 2015 12:51:28 -0600 Philip Prindeville philipp_s...@redfish-solutions.com wrote: [stuff] With this, we avoid ever accepting about 98% of the SPAM that we’d otherwise receive. Really? 98%? I find that surprising. We get quite

Re: any reason not to block every Softlayer allocation?

ed to 104.148.103.2 — which was easy to block with check_url_local_bl() — or else contained a message-id which had an email address in it followed by: [a-z0-9\-\.]{1,6}>$ for instance. -Philip

Re: tflags multiple and header exists:

On Sep 29, 2015, at 10:09 AM, Philip Prindeville <philipp_s...@redfish-solutions.com> wrote: > Can you use something like: > > header __L_X_NO_RELAY exists:X-No-Relay > tflags __L_X_NO_RELAY multiple Actually, that should probably be bounded to somet

tflags multiple and header exists:

I couldn’t get the first 2 lines to work together. I had to resort to: header __L_X_NO_RELAY ALL =~ /^x-no-relay:/msi instead for the first line. Is this a known constraint? -Philip

The word on messages w/ no Message-Id

angle bracket characters are not part of the msg-id; the msg-id is what is contained between the two angle bracket characters. Extracting the operative text: "The "Message-ID:" field provides a unique message identifier that refers to a particular version of a particular message. The uniqueness of the message identifier is guaranteed by the host that generates it […]. The message identifier (msg-id) itself MUST be a globally unique identifier for a message.” Obviously a missing Message-ID is hardly unique, and hence this requirement is not being fulfilled. Does this warrant scoring the message severely? I say “yes”. Anyone else? -Philip

Re: tflags multiple and header exists:

On Sep 29, 2015, at 10:44 AM, John Hardin <jhar...@impsec.org> wrote: > On Tue, 29 Sep 2015, Philip Prindeville wrote: > >> Can you use something like: >> >> header __L_X_NO_RELAYexists:X-No-Relay > > Are you seeing empty X-No-Rela

Re: Test for empty EnvelopeFrom

On Sep 22, 2015, at 12:58 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 22.09.2015 um 19:43 schrieb Philip Prindeville: >> I’m using SA with MdF on Linux (Fedora 22). >> >> MdF generates the header “Return-Path: ” for me, so that should &

Re: Test for empty EnvelopeFrom

On Sep 23, 2015, at 6:35 AM, RW <rwmailli...@googlemail.com> wrote: > On Tue, 22 Sep 2015 11:43:18 -0600 > Philip Prindeville wrote: > >> Hi. >> >> I?m using SA with MdF on Linux (Fedora 22). >> >> MdF generates the header ?Return-Path: ?

Re: Test for empty EnvelopeFrom

On Sep 24, 2015, at 4:12 AM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 23.09.2015 um 19:24 schrieb Philip Prindeville: >> Stating facts here, not giving an opinion. Not sure what’s up for debate. >>> >>> if it is empty it's <&g

Test for empty EnvelopeFrom

ded a comment Sending lib/Mail/SpamAssassin/Plugin/Check.pm Committed revision 1338300. but the bug is marked “RESOLVED FIXED” so I’m confused. Should it be “WONTFIX” instead? Thanks, -Philip

Re: Omitting leading whitespace on headers?

On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote: > On 12/29/2015 3:46 PM, Philip Prindeville wrote: >> On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote: >> >>> On 12/29/2015 3:38 PM, Philip Prindeville wrote:

Re: Omitting leading whitespace on headers?

On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote: > On 12/29/2015 3:38 PM, Philip Prindeville wrote: >> Is there a reason that headers are left with leading spaces? >> >> I’ve noticed that I have to write rules as: >> >> Su

Re: Omitting leading whitespace on headers?

On Dec 29, 2015, at 2:39 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote: > On 12/29/2015 4:29 PM, Philip Prindeville wrote: >> On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote: >> >>> On 12/29/2015 3:46 PM, Philip Prindeville wrote: >

Re: Omitting leading whitespace on headers?

On Dec 29, 2015, at 3:15 PM, Kevin A. McGrail <kmcgr...@pccc.com> wrote: > On 12/29/2015 5:12 PM, Philip Prindeville wrote: >> I did recall that I used the patch here: >> >> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6360#c4 >> >> to be able to

Omitting leading whitespace on headers?

ce of “FWS” preceding the first instance of “utext” in “unstructured”? -Philip signature.asc Description: Message signed with OpenPGP using GPGMail

Omitting leading whitespace on headers?

preceding the first instance of “utext” in “unstructured”? -Philip

Re: Uninitialized values in URIDNSBL

> On Feb 2, 2017, at 5:06 PM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > > Am 02.02.2017 um 23:41 schrieb Martin Gregorie: >> On Thu, 2017-02-02 at 15:23 -0700, Philip Prindeville wrote: >>> Anyone else seeing this? >>> >> Yes - in

Uninitialized values in URIDNSBL

ently a bunch of files got updated… -Philip

Re: Uninitialized values in URIDNSBL

> so I can dedicated time to the process. > > Regards, > KAM Good to hear. While we’re waiting for that, can I just grab Util.pm and Plugin/URIDNSBL.pm out of trunk, or are there more dependencies than that to splice the fix back into 3.4.1? Thanks, -Philip

Re: RFC compliance pedantry (was Re: New type of monstrosity)

Having been through the process of authoring 2 RFC’s, perhaps I can shed some light on the process for you. All proposed standards started life as draft RFC’s (this was before the days of IDEA’s but after the days of IEN’s). If it were validated by the working group and passed up to the IAB

Relitigating TB's behavior because of "villainous" SpamAssassin... hiss!

What an incredible waste of time: https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19 I actually think I might be dialoging with a highly argumentative variant of Eliza. In which case, it’s passed the Turing Test.

Re: Relitigating TB's behavior because of "villainous" SpamAssassin... hiss!

> On Feb 12, 2017, at 4:53 PM, Philip Prindeville > <philipp_s...@redfish-solutions.com> wrote: > > What an incredible waste of time: > > https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19 > > I actually think I might be dialoging with a highly arg

Email address as fullname in To: field

ything but email addresses themselves—and sometimes not even those correctly, since I’ll see Spam addresses to Message-Id: values, References: values, etc. Thanks, -Philip

Re: Email address as fullname in To: field

. Or, conversely, they could simply not put any full name field in at all and just use the raw email address… It’s like someone made the conscious decision to choose the worst of both worlds… > On Jul 13, 2017, at 11:49 AM, Philip Prindeville > <philipp_s...@redfish-solutions.com> wro

check_header_count_range() for MIME sections?

Hi. I’d like to be able to detect duplicated header types in MIME sections. I think you all have been seeing them too. Is there an easy way to see if a message contains any MIME sections where particular headers occur more than once? Thanks, -Philip

OT: Issues w/ hughes.net not accepting messages?

tp.hughes.net used to receive email (i.e. be their MXer), then it got switched to mx.hughes.net and this started happening. If anyone is a hughes.net user and wants to call out this issue, I’d appreciate it. Thanks, -Philip

HeaderEval::check_header_count_range() not working correctly?

the absolute number of headers of type ‘X-yzzy:’ regardless of their RHS? I’ve been seeing a lot of Spam recently with duplicative Received-SPF: lines, but since they are all identical, it’s not nudging the number of @hdrs past one. Thanks, -Philip

Re: HeaderEval::check_header_count_range() not working correctly?

Sigh… “downside”. > On Nov 3, 2019, at 2:32 PM, Philip Prindeville > wrote: > > What would be the downsize of having: > > my @hdrs = grep($uniq{$_}++, $pms->{msg}->get_header ($hdr)); > > instead and counting ALL instances of $hdr, not just the unique RHS

Re: HeaderEval::check_header_count_range() not working correctly?

What would be the downsize of having: my @hdrs = grep($uniq{$_}++, $pms->{msg}->get_header ($hdr)); instead and counting ALL instances of $hdr, not just the unique RHS’s? > On Nov 3, 2019, at 1:51 PM, Philip Prindeville > wrote: > > Hi. > > I’m lookin

Re: Two types of new spam

> On Jan 4, 2020, at 11:57 AM, Bill Cole > wrote: > > On 3 Jan 2020, at 17:45, Philip Prindeville wrote: > [...] > >> One other question that occurs to me: why would we even need > http-equiv=“Content-Type” …> if we already have a Content-Type: header

Two types of new spam

eaders? (Is there an easy way to see what exists:Received-SPF is evaluating as?) If that’s the case, it would seem to be a shortcoming. Can anyone confirm that’s indeed what’s happening? Thanks, -Philip

Re: Two types of new spam

> On Jan 3, 2020, at 3:45 PM, Philip Prindeville > wrote: > > > >> On Jan 2, 2020, at 4:08 PM, Philip Prindeville >> wrote: >> >> I’m getting the following Spam. >> >> http://www.redfish-solutions.com/misc/bluechew.eml >>

Re: Two types of new spam

gt;> >> "exists" is a boolean, it's reasonable that it only returns one hit >> regardless of the number of instances present. >> >> Try this instead, to actually match the header(s): >> >> header __L_RECEIVED_SPF Received-SPF =~ /^./ > > That should be: > > header __L_RECEIVED_SPF Received-SPF =~ /^./m Seems to work either way! Thanks, everyone. -Philip

Re: Two types of new spam

> On Jan 2, 2020, at 4:08 PM, Philip Prindeville > wrote: > > I’m getting the following Spam. > > http://www.redfish-solutions.com/misc/bluechew.eml > > And this is notable for having: > > > > GUID1 > GUID2 > GUID3 > GUID4 > … > One

Adding approximate matching (see also: another extortion email check)

“approximates” wouldn’t be sufficient because of the shuffling in the ASCII space as well. Has anyone else considered approximate string matching? Thanks, -Philip

Re: Freshdesk (again)

ct.sendgrid.net > > Inside your loca.cf > > And while you are at it also add: > > util_rb_2tldpage.link > > Bye, Raymond Hmmm… not my experience. I’ve been calling out phishing from the same (IP) address for 10 days without any apparent (observable) action from Sendgrid. At this point I’m wondering if they have compromised relays. -Philip

Re: SendGrid (Was: Re: Freshdesk (again))

I just add an extra 5.0 points for coming from Sendgrid now so it goes straight to the Junk folder. Users can pull it out of there if they really want it. Sendgrid is becoming to ASP’s what OVH and Softlayer are to ISP's. > On Jun 27, 2020, at 3:56 AM, Niels Kobschätzki wrote: > > Sendgrid

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

> On Aug 21, 2020, at 1:28 PM, Rob McEwen wrote: > > ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for > Sendgrid-spams! > > ...a collection of a new TYPE of DNSBL, with the FIRST of these having a > focus on Sendgrid-sent spams. AND - there is a FREE version of

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

Free Speech doesn’t require anyone to pay for your soap box or megaphone. But Spam is exactly that: having other people subsidize your speech through the theft of services. > On Nov 19, 2020, at 2:25 PM, Kevin A. McGrail wrote: > > Afternoon Everyone, > > So over the years, I have gotten a

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

Actually, the notion is much older than that… 12th or 13th century I believe. Students of universities (like Oxford or Sorbonne or Geneve) would get together, interview professors, and pay them directly. There was no “administration”. The professors marketed their knowledge and insight

Re: dbip-country-lite database

> On Nov 15, 2020, at 11:48 AM, Dominic Raferd wrote: > > > > On Sun, 15 Nov 2020, 18:27 Philip Prindeville, > wrote: > Is anyone else using this database? > > I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to > block countries

dbip-country-lite database

Is anyone else using this database? I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to block countries since Maxmind retired support for GeoIP on RHEL. But I keep running into cases where parts of the database are very obviously wrong. It’s showing about 50% of

Seeing "razor2 had unknown error during get_server_info"

-agent.conf Which contains one line: logfile none Anyone else seeing a similar issue or know a fix? Thanks, -Philip

Re: Seeing "razor2 had unknown error during get_server_info"

Asked and answered: http://forum.centos-webpanel.com/index.php?topic=5505.0 Need to open outgoing port 2703 (TCP) for the mail server. > On Aug 14, 2021, at 12:37 PM, Philip Prindeville > wrote: > > Hi all, > > A few days ago, I started seeing this in my /var/log/maillog:

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 16, 2021, at 8:03 PM, Henrik K wrote: > > On Tue, Nov 16, 2021 at 01:08:16PM -0700, Philip Prindeville wrote: >> >> Or http.sh points to an NS that's offline... > > Your resolver shoukd time out _way_ sooner than some minutes. > >>

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 12, 2021, at 8:49 PM, John Hardin wrote: > > On Fri, 12 Nov 2021, Philip Prindeville wrote: > >> I got the message, saved it to a flat file, and ran "spamassassin -t -D >> rules < netdev.eml" and saw: >> >> ... >>

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote: > > > Philip Prindeville writes: > >> Ah, the rule _eval_tests_type11_pri0_set1() took 4:20. >> >> Why can't I even find the rule? > > That looks very familiar. I was having timeouts, and saw that

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

Nov 15 16:16:00.876 [54834] dbg: async: timing: 385.726 X NS:http.sh ... Why would resolving http.sh take this long? And can we bring down the timeout? Hard to imagine DNS requests taking more than a couple of seconds. -Philip

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 16, 2021, at 3:30 AM, Martin Gregorie wrote: > > On Mon, 2021-11-15 at 17:12 -0700, Philip Prindeville wrote: >> >> >>> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote: >>> >>> >>> Philip Prindeville writes: >&g

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

Replies... some duplication of conversation on "mimedefang". > On Nov 15, 2021, at 10:34 PM, Bill Cole > wrote: > > On 2021-11-15 at 18:08:20 UTC-0500 (Mon, 15 Nov 2021 16:08:20 -0700) > Philip Prindeville > is rumored to have said: > >>> On Nov

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

> On Nov 15, 2021, at 11:12 PM, Henrik K wrote: > > On Mon, Nov 15, 2021 at 04:25:55PM -0700, Philip Prindeville wrote: >> >> >>> On Nov 12, 2021, at 10:35 PM, Henrik K wrote: >>> >>> On Fri, Nov 12, 2021 at 07:49:00PM -0800, John Hardin wr

Seeing "check: exceeded time limit in ..." and need to resolve it

"e" Should this be capped to a maximum number of matches the way __HIGHBITS is? And I'm not sure I want messages that haven't been fully scanned being delivered. Should I crank TIME_LIMIT_EXCEEDED to 20.0? Thanks, -Philip

Re: spam from gmail.com

o me decades ago: "Problem's leaving > here fine!" > > Google should practice what they preach: SANITIZE USER INPUT. Instead, their > careless attitude presents a security threat to us all. > > -- Jared Hall > What... you mean "do no evil" is just lip-service? I'm so... so... disillusioned! -Philip

Re: MIME_BASE64_TEXT only on us-ascii

> On Nov 30, 2021, at 1:10 PM, Matija Nalis wrote: > > On Tue, Nov 30, 2021 at 12:03:15PM -0700, Philip Prindeville wrote: >>> On Nov 17, 2021, at 9:50 AM, Bill Cole >>> wrote: >>> SpamAssassin rules are not laws in any sense. They do not prescribe o

SPF_NONE scoring

records... So how is this score arrived at? And of Ham, how much of it has a valid SPF? And of Spam, how much of it lacks a valid SPF? Has anyone run some numbers? Thanks, -Philip

Re: MIME_BASE64_TEXT only on us-ascii

, which is also ASCII-friendly, i.e. instead of Latin1 etc. or raw 8bit characters. -Philip

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 11, 2022, at 1:44 AM, Henrik K wrote: > > On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote: >> See my original message. >> >> I can't think of a single way to match each header, and then test for any of >> them not matching the

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 11, 2022, at 1:53 AM, Henrik K wrote: > > On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote: >> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote: >>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote: >>>> See my

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 11, 2022, at 9:24 AM, John Hardin wrote: > > On Tue, 10 May 2022, Philip Prindeville wrote: > >> Anyone have a rule to detect the following nonsense headers seen in this >> message I got? >> >> Return-Path: >> Received: from cp24

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 11, 2022, at 1:53 AM, Henrik K wrote: > > On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote: >> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote: >>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote: >>>> See my

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote: > > On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote: >> >> You're correct that they're different in every message received. >> > So write a rule that fires on any header name that *doesn't

Rule to detect non-standard headers that aren't X- prefixed

. I really need to examine the headers one-by-one. Thanks, -Philip

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 10, 2022, at 4:58 PM, Kevin A. McGrail wrote: > > On 5/10/2022 6:10 PM, Philip Prindeville wrote: >> Anyone have a rule to detect the following nonsense headers seen in this >> message I got? > > Interesting. Those look more like something that Bayesia

Re: Rule to detect non-standard headers that aren't X- prefixed

> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote: > > On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote: >> >> You're correct that they're different in every message received. >> > So write a rule that fires on any header name that *doesn't

Re: Did the whitelist_from_rcvd semantics change?

Oh, and this is on Fedora, so I'm running 3.4.6... > On Apr 24, 2023, at 2:32 PM, Philip Prindeville > wrote: > > Hi, > > I have the following line: > > whitelist_from_rcvd *@ceipalmm.com mailgun.net > > And tried it on a message that had: > >

Did the whitelist_from_rcvd semantics change?

Insights? Thanks, -Philip

Re: Did the whitelist_from_rcvd semantics change?

> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote: > > > > Am 28.04.23 um 18:11 schrieb Philip Prindeville: >>> On Apr 25, 2023, at 6:28 AM, Bill Cole >>> wrote: >>> >>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0

Re: Did the whitelist_from_rcvd semantics change?

> On Apr 25, 2023, at 6:28 AM, Bill Cole > wrote: > > On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600) > Philip Prindeville > is rumored to have said: > >> I thought the matching included subdomains, and seem to remember that >> wor

Re: Did the whitelist_from_rcvd semantics change?

> On Apr 28, 2023, at 12:17 PM, Philip Prindeville > wrote: > > > >> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote: >> >> >> >> Am 28.04.23 um 18:11 schrieb Philip Prindeville: >>>> On Apr 25, 2023, at 6:28 AM, Bill Cole &

Re: Did the whitelist_from_rcvd semantics change?

> On May 1, 2023, at 3:48 AM, Reindl Harald wrote: > > > > Am 30.04.23 um 20:54 schrieb Philip Prindeville: >>> On Apr 28, 2023, at 12:17 PM, Philip Prindeville >>> wrote: >>> >>> >>> >>>> On Apr 28, 2023, at 10:

DKIM absence

Is there a way to add scoring that says, "If the sending domain has DKIM records, but there's no DKIM signature on this message, then attach a high score to it?" We seem to attach negative scores when DKIM is present and valid, but what about the opposite direction? If it's absent, but it

Re: DKIM absence

> On May 2, 2023, at 9:37 AM, Thomas Johnson wrote: > > >> On May 2, 2023, at 8:27 AM, Philip Prindeville >> wrote: >> >> Is there a way to add scoring that says, "If the sending domain has DKIM >> records, but there's no DKIM signature o

ATT RBL f---wits

We're being blacklisted by att.net with the following message: (reason: 550 5.7.1 Connections not accepted from servers without a valid sender domain.flph840 Fix reverse DNS for 24.116.100.90) I don't know what the hell is up with these pinheads: philipp@ubuntu22:~$ dig -tmx

Re: anyone running SA on Freebsd 8.0?

in libopie. [10:05] Correctly sanity-check a buffer length in nfs mount. [10:06] - -- - 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollu...@p6m7g8.com) c: 703.336.9354 VP Apache

ldap: failed to load user scores from LDAP server

related to spamassasin and ldap. Thanks. Philip S. Hempel

Re: ldap: failed to load user scores from LDAP server

be used for getting the schema instead? Thanks Philip S. Hempel

Load ldap prefs

be of help.. If anyone needs the Perl -V I can send it as well Thanks in advance this is really kicking my butt.. Philip S. Hempel

Re: Load ldap prefs

Paolo Cravero as2594 wrote: Philip S. Hempel wrote: Did you copy'n'paste this or retype? user_scores_dsn ldap://locahost/dc=qmailldap,dc=lh,dc=com?spamassassin?sub?uid=__USERNAME__ locaLhost, perhaps? Let us know... pc It was a copy from . The whole problem

Order of handling whitelist/blacklist

Hi. I have something that looks like: whitelist_from_rcvd v...@yandex.ru vger.kernel.org blacklist_from *@yandex.ru And I only ever seem to see the 2nd rule being hit, but not the first. What is the order of evaluation? Mail::SpamAssassin::Conf doesn't say that I

Re: Order of handling whitelist/blacklist

> On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote: > > On 27.03.24 20:56, Philip Prindeville via users wrote: >> I have something that looks like: >> >> whitelist_from_rcvd v...@yandex.ru vger.kernel.org >> >> blacklist_from *@yandex.ru >

Re: Order of handling whitelist/blacklist

> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas > wrote: > >>> On 27.03.24 20:56, Philip Prindeville via users wrote: >>>> I have something that looks like: >>>> >>>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org >>&g

Re: Order of handling whitelist/blacklist

> On Mar 28, 2024, at 12:18 PM, Matus UHLAR - fantomas > wrote: > >>> On 27.03.24 20:56, Philip Prindeville via users wrote: >>>> I have something that looks like: >>>> >>>> whitelist_from_rcvd v...@yandex.ru vger.kernel.org >>&g

<    1   2   3   4