them will be out of scope
for a spam filter.
These messages have different envelope ids so SPF checks always pass.
The header from is properly formatted exactly how it will be in a normal
mail
What measures do you take for such spear phishing
Thanks
Ram
On Monday 27 June 2016 06:50 PM, Reindl Harald wrote:
Am 27.06.2016 um 15:11 schrieb Ram:
I am seeing messages that appear to come from the MD or the CEO of the
company to the accounts department asking people to transfer money to
some fake account
happens all day long
I know these are
pient does not check the envelope anyway
Thanks,
Raymond Dijkxhoorn
Op 28 jun. 2016 om 03:27 heeft jdebert het volgende
geschreven:
On Mon, 27 Jun 2016 18:41:04 +0530
Ram wrote:
I am seeing messages that appear to come from the MD or the CEO of
the company to the accounts department ask
SORBS seems
to notice the oubreak only a month after the spam outbreak happened and
was stopped.
Thanks
Ram
If I want to mark *all* invite mails as spam
linkedin, WAYN , facebook , google+ or anything else.
Is there a global way of doing this
On Fri, 2011-12-09 at 10:20 +0100, Robert Schetterer wrote:
> Am 09.12.2011 13:58, schrieb Ram:
> > If I want to mark *all* invite mails as spam
> >
> > linkedin, WAYN , facebook , google+ or anything else.
> >
> > Is there a global way of doing this
>
I am not able to lookup surbl
Infact the domain surbl.org does not seem to exist at all.
[root@pop2 bin]# dig surbl.org +short
[root@pop2 bin]#
I am sorry if this is old news .. I have no idea since when SURBL went
down ?
Thanks
Ram
These are the headers
http://pastebin.com/udbDgJ8L
Seems to have come from google , but is spam.
I cant even read the language :)
g my mails in spamassassin ?
Thanks
Ram
When I ask users to send misclassified mails ( FN or FP ) as an
attachment , they often dont get it right.
Also attaching from outlook , windows live mail etc is a big pain
Is there an outlook plugin people can use to report spam , that can come
to a URL or by mail ?
Thanks
Ram
I want to write a custom rule to match if "Any header" contain a
particular string
How do I do this ?
On 08/02/2013 01:39 AM, N. Raghavendra wrote:
I work in a setup where the external mail server (say,
extmail.example.com) in a DMZ runs Spamassassin as soon as mail arrives
from the Internet, and then passes the mail to an internal mail server
(say, intmail.example.com) which has user maildirs.
figure out what version of spamassassin my server
is equipped with? is there any way of knowing just by looking at an assassinated
mail?
thanks,
ram
this cause delay in my mail
Thanks
Ram
Can rules like whitelist_from_spf and def_whitelist_from_spf be
shortcircuited
How do I set priorities for such rules
Thanks
Ram
all domains in body-urls
or mail-from, reply-to etc) to find their NS records and score them on
bad NS servers.
What is the risk of FP's because innocent DNS providers may see
themselves getting list
Thanks
Ram
On Wed, 2007-09-05 at 10:50 +0200, mouss wrote:
> ram wrote:
> > I am using SA 3.2.3 and very few spam get thru
> > But I can still see some spam with urls because the the urls are not yet
> > listed in uribls
> >
> > I tried to do some analysis on my quarantine,
On Wed, 2007-09-05 at 15:10 +0530, ram wrote:
> I just upgraded my spamassassin from 3.1.5 to 3.2.3
> But I can see that the shortcircuit rules are notworking
>
> I created a simple text rule and put it in a short circuit rule with a
> high priority
>
>
> header EC
On Fri, 2007-09-07 at 08:36 -0400, Matt Kettler wrote:
> ram wrote:
> > On my SA 3.2.3 servers , I want to timeout all the *.completewhois.com
> > DNS lookups after 5s
> >
> >
> > I have seen the mailqs shoot up just because of these lookups
> >
>
BL/RHSBL checks at the MTA
Thanks
Ram
On my SA 3.2.3 servers , I want to timeout all the *.completewhois.com
DNS lookups after 5s
I have seen the mailqs shoot up just because of these lookups
Thanks
Ram
I want to disable all dns queries to completewhois
This is used in a sub rule
__RCVD_IN_WHOIS
Any other rule I disable with putting a score of 0.0 , Can I do the same
for a rule with __
Thanks
Ram
3.2.3 )
as well as custom scanners
Thanks
Ram
And see all the query scan times. Disable all the DNSes that take more
than 3-4 seconds
That worked for me , as usual YMMV :-)
Thanks
Ram
On Thu, 2007-09-13 at 08:38 +0200, Rob Sterenborg wrote:
> ram wrote:
> > Now we have nigerian spam that actually refers to compensating
> > victims of scam
> >
> > https://ecm.netcore.co.in/tmp/nigerian.txt
> >
> > The spammer is insane. Does he thing a
ory
That is in your case , most probably
cd /usr/lib/perl5/site_perl/5.8.0/
c) Run the patch
patch -b -p0 < /tmp/sa.patch
restart your spam scanning daemon ( spamd,Mailscanner,milter etc )
Thanks
Ram
>
> - Skip
>
tend is quite poor.
>
> Any tips?
>
> Kind regards,
>
> Rens
mailscanner comes with a combo mailscanner + sa + clam
Thanks
Ram
Sorry this is OT.
We run large email setups for our clients and I also have created many
spamtrap ids. But the problem is I dont seem to get many mails in these
ids
How can I best create spamtrap ids.
The standard methods of publishing ids on your site etc doesnt seem to
work
Thanks
Ram
I got this spam mail that was actually in a DNSWL
https://ecm.netcore.co.in/tmp/fn.txt
How can I report this.
Thanks
Ram
On Mon, 2007-10-08 at 14:40 +0200, Giampaolo Tomassoni wrote:
> I'm getting this stuff from named in my log files during message scanning.
>
> Oct 8 14:36:40 ns2 named[6541]: unexpected RCODE (SERVFAIL)
> resolving '.xxx.blackhole.securitysage.com/A/IN': a.b.c.d#53
> Oct 8 14:3
here must be an easier way of
reporting FPs. Probably forward mail as attachment ( like
spamassassin ) , or an online form etc. If this is not being done for
want of developers I can help.
Thanks
Ram
On Wed, 2007-10-17 at 16:46 +0530, ram wrote:
> On Wed, 2007-10-17 at 08:38 +0200, Matthias Leisi wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> >
> > Dan Mahoney, System Admin schrieb:
> > > dnswl.org is either full of it, or not we
Thanks
Ram
On Thu, 2007-10-18 at 09:51 +0200, Yet Another Ninja wrote:
> coming to your inbox: mp3 stock spams
Atleast 70% of email users dont have their speakers on, the spammer has
got his basics wrong
, cannot use header-based
Envelope-From, skipping
[31516] dbg: spf: def_spf_whitelist_from: could not find useable
envelope sender
So does that mean I cannot use SPF checks if the Spamassassin tests run
behind a relay ???
Thanks
Ram
On Thu, 2007-10-18 at 13:55 -0400, Daryl C. W. O'Shea wrote:
> ram wrote:
> > Hi,
> >
> > I have been using spamassassin on my MX server
> > ( postfix + MailScanner + SA )
> >
> > Now I want to run the MX on a different server and relay to the S
oing this , But I see it does not scale
This would work but every message that passes spamassassin would fo thru
__HAS_VWORD even if it were not for pharmacompany.com
Now I have 2000 domain administrators and if all of them were allowed
to use this "feature", I am sure my SA boxes will cry
Thanks
Ram
rules will
my shared servers support. I dont think this can scale.
Ok so IF-THEN-ELSE rules are not available in SA. Probably that was well
thought of too. But I think that would be a good feature to have ,
especially for creating domain specific rules if not have any other
application
Thanks
Ram
On Thu, 2007-10-25 at 03:13 -0400, Dan Mahoney, System Admin wrote:
> On Wed, 17 Oct 2007, ram wrote:
>
> > Sorry I meant "like spamcop" .. I think I must proof-read my own mail
> > now before Ctrl-Enter :-)
>
> The problem with SpamCop is: the two step report
to mark it as spam. No one has
any business putting mybanks domain name in the from id
Thanks
Ram
On Wed, 2007-10-31 at 07:59 -0400, Matt Kettler wrote:
> ram wrote:
> > Is there a rule where I can give a score for enevelope from not
> > matching header from
> > Atleast the domain part
> So, you want to match all messages from all mailing lists, including
> this
I have recently starting seeing spams with URLS contining googlepages
websites
Currently I am scoring all googlepages.com link mails with 1.5 :-(
How do you folks trap these mails , And how do we report abuse to google
( if they really bother )
Thanks
Ram
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589
I had patched my SA 3.2.3 with the Big Combo patch , but that patch is
apparently cancelled with now a replacement patch
Do I need to bother ?
Thanks
Ram
On Tue, 2007-11-13 at 06:32 -0500, Michael Scheidell wrote:
> > -Original Message-
> > From: ram [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, November 13, 2007 3:33 AM
> > To: users@spamassassin.apache.org
> > Subject: googlepages.com abuse
> >
>
.
How many of you use proprietary plugins , like those from cloudmark etc.
So that we can just forget having to keep minutely monitoring
What are the disadvantages of using say a cloudmark plugin into SA
( other than the cost involved )
Thanks
Ram
On Sat, 2007-11-17 at 23:36 +0100, Stefan Jakobs wrote:
> Hi list,
>
> I need a perl script which is able to extract a mail from the appendix of an
> other mail.
> The idea is that people can send me mails with non recognized spams in the
> appendix. Then I can extract the spam from the appendi
Almost all of the phising mails I can see have
(!__ENV_AND_HDR_FROM_MATCH)
Can I simple give a high score to all mails whose header from and env
from dont match
I will have to whitelist all mailing lists , yahoogroups etc. But is
there any other issue with this
Thanks
Ram
Ram
ning lookups
>
> At about the same time, my name server started logging copious TCP reset
> errors:
>
> named: dispatch 309a6f0: shutting down due to TCP receive error: connection
> reset
>
Do they allow rsync of their data. I would prefer having a local RBLDNS
server for th
a DNS zone with a list of all these domains and probably
share this with others.
Thanks
Ram
On Wed, 2008-01-09 at 22:56 -0500, Ben Lentz wrote:
> >> but this URI redirection stuff isn't very friendly
> >> >when used by a spammer.
> >>
> >
> > Ben, the key is the "btnI" param, which maps to the "I'm feeling lucky"
> > button.
> > This technique appeared last summer (I deployed my non
spamming domains
BTW is it allowed to do automated whois queries. I initially though this
was not allowed
Thanks
Ram
On Sat, 2008-01-19 at 04:51 -0600, Jeff Chan wrote:
> Quoting ram <[EMAIL PROTECTED]>:
>
> > I had read about the whois plugin into SA. But I cant seem to find it
> > now Can someone tell me how do I install this
> > I beleive that could be a very effective idea to
On Sat, 2008-01-19 at 13:38 +0100, Giampaolo Tomassoni wrote:
> > -Original Message-
> > From: ram [mailto:[EMAIL PROTECTED]
> > Sent: Saturday, January 19, 2008 11:47 AM
> >
> > I had read about the whois plugin into SA. But I cant seem to find it
> &
Hi,
I think my web proxy server is in some kind of blacklist
(59.163.11.70)I am not able to go to the spamassassin.apache.org.
Can someone tell me what blacklist does this server use
Sorry for being OT here. I cant find my ip listed anywhere but
spamassassin site is blocked
Thanks
Ram
t UK Ltd
>
> --Chris
>
I would love to block all domains with these , but to think of it what
is there to prevent them from getting themselves whitelisted by
registering "good domains"
They can register one more domain with an innocent website (say a wiki
news site) etc Now they are less than 100% spammer registrars
Thanks
Ram
body CHAT_TEMP m/\b(?:NaturalImprove.info|allcanheal.info|
HonorDays.info|EHealThies.info|TheHealCare.info|IndividualImprove.info|
TheDoorwayBeyond.info|ThePaganDoorway.info)\b/i
score CHAT_TEMP 6.0
--
Besides this I have other rules that look for "am a? ?nice girl" etc , I
use them in combination. But those are too YMMV types
Thanks
Ram
On Mon, 2008-02-18 at 06:14 -0600, Chris wrote:
> On Monday 18 February 2008 4:33 am, ItsMikeE wrote:
> > For some time now I have been getting spams that look like
> > "Hello! I am tired this evening. I am nice girl that would like to chat
> > with you. Email me at [EMAIL PROTECTED] only, because
On Fri, 2008-02-15 at 17:34 -0800, Marc Perkel wrote:
> Is there any place to easily query whois information to determine on a
> mass scale how old a domain is?
>
The dob list was supposed to do that. I think
Unfortunately their dns servers suddenly have stopped responding
On Tue, 2008-02-26 at 08:49 +, Anthony Peacock wrote:
> Hi,
>
> I have just received a number of spam emails which got through the
> filtering system because they hit the HABEAS_ACCREDITED_COI rule, which
> give them -8. They all came to role based addresses that are never used
> to outgoi
I am not really sure this is spam
https://ecm.netcore.co.in/tmp/spammail_calendar.txt
This looks like a simple mail to me .. but the user says it is spam. The
text of the mail too is highly suspicious.
Are you folks getting such mails
Thanks
Ram
On Thu, 2008-02-28 at 11:25 -0800, SM wrote:
> At 04:35 28-02-2008, ram wrote:
> >I am not really sure this is spam
> >
> >https://ecm.netcore.co.in/tmp/spammail_calendar.txt
> >
> >This looks like a simple mail to me .. but the user says it is spam. The
olved to 72.52.4.74, but ping failed for me,
>
> Thanks in advance
>
> Regards,
> a.Johnson
Apparently yes.
Not able to reach rulesemporium from any of my idcs
Thanks
Ram
But ultimately this boils down to end user education.
Recipients must realize that no one from Africa is going to transfer all
the millions of dollars in an unknown account , or there is nothing
called as a national lottery in the united Kingdom
Thanks
Ram
If spamassassin had an option to send abuse report to servers
automatically and send mails to abuse@ the moment the
first sure spam comes in the admin could be warned before much damage
has been done. Obviously we limit to only 1 or 2 reports in an hour to a
particular id
Thanks
Ram
PS:
I
On Thu, 2008-03-27 at 10:04 -0400, Michael Scheidell wrote:
> > From: ram <[EMAIL PROTECTED]>
> > Date: Thu, 27 Mar 2008 15:36:04 +0530
> > To: spamassassin-users
> > Subject: Spam abuse report plugin
> >
> > I get a lot of spam on my servers which get
On Wed, 2008-04-02 at 10:42 +0200, mouss wrote:
> Benny Pedersen wrote:
> > On Wed, April 2, 2008 02:06, William Terry wrote:
> >
> >> I mostly lurk here, gleaning bits of wisdom from those far more
> >> knowledgeable than me, however...
> >>
> >
> > i have no clue either :-)
> >
> >
> >
eader __FROMOFFICE From =~/office/i
header __SUBOFFICE Subject =~/office/i
meta OFFICERULE (__FROMOFFICE || __SUBOFFICE )
score OFFICERULE 4.0
BTW This rule will hit this very mail , unless you are whitelisting sa
list
Ram
On Wed, 2008-04-02 at 10:23 -0700, Kelson wrote:
> ram wrote:
> > header __FROMOFFICE From =~/office/i
> > header __SUBOFFICE Subject =~/office/i
> >
> > meta OFFICERULE (__FROMOFFICE || __SUBOFFICE )
> > score OFFICERULE 4.0
>
> And don't forget
On Wed, 2009-06-03 at 00:48 -0700, ryefish wrote:
> Hello: I am attempting to configure SA to mark as spam all email from
> Top-Level-Domains other than .com, .net, and .edu.
> I have found three possible ways to do this. Which if any is the preferred
> method:
>
> 1) blacklisting in local.cf:
On Sat, 2009-06-06 at 02:55 -0700, chauhananshul wrote:
> I'm getting a lot of mails daily in which to & from addresses are same &
> spamassassin is not able to stop them. I'm using spamassassin-3.2.5-1.el4.rf
> CentOS4.7 with sendmail.I've increased the score to 4 frm default 5 but
> stills its n
ed,
reject_rbl_client zen.spamhaus.org,
.
..(other rules )
And for the smtp-auth mails do not scan for spam at all. Not only will
you avoid FP's .. you will also save a lot of processing on your
server
Thanks
Ram
PS:
Why are y
On Mon, 2009-06-15 at 15:35 +1000, Con Tassios wrote:
> On Mon, 15 Jun 2009, Chip M. wrote:
>
> > DOB ("Day Old Bread") had the same problem last year:
> > http://mail-archives.apache.org/mod_mbox/spamassassin-users/200810.mbox/%3cva.33f1.14690...@news.conactive.com%3e
> >
> > With software b
On Mon, 2009-10-05 at 15:05 -0700, Quanah Gibson-Mount wrote:
> --On Monday, October 05, 2009 11:50 PM +0200 mouss
> wrote:
>
> > Thomas Mullins a écrit :
> >> We have been running Spamassassin for maybe eight years now. But, my
> >> coworkers do not like OpenSource. So they have finally comp
On Mon, 2009-11-16 at 21:32 -0900, Royce Williams wrote:
> On Mon, Nov 16, 2009 at 11:04 AM, Per Jessen wrote:
> > I was just wondering if anyone had mentioned this to ebay:
> >
> > Date: Sun, 15 Nov 09 16:42:23 GMT-0700
> >
> > will hit INVALID_DATE.
>
> I've reported this multiple times, with
On Tue, 2010-01-05 at 14:39 -0500, Bowie Bailey wrote:
> Christian Brel wrote:
> > On Tue, 05 Jan 2010 12:10:28 -0500
> > Greg Troxel wrote:
> >
> >
> >>
> >> Does anyone have any ideas of what else might help?
> >>
> >
> >
> > #ADD TO THE END OF local.cf at your own risk
> > score RCVD_
On Wed, 2010-01-06 at 07:51 +, Christian Brel wrote:
> On Tue, 5 Jan 2010 14:18:54 -0800
> "jdow" wrote:
>
> > From: "J.D. Falk"
> > Sent: Tuesday, 2010/January/05 12:43
> >
> >
> > > On Jan 5, 2010, at 10:10 AM, Greg Troxel wrote:
> > >
> > >> Once again I went to returnpath and senders
On Tue, 2010-01-19 at 10:52 -0200, Taylon Silmer wrote:
> Hello guys!
>
> I have a lot of mail servers running spamassassin and I never had false
> positives problems.
>
> Recently I installed more one server and I'm having a lot of false
> positives problem with it. I understand that spamassas
mptions and allow for simple visual sifting
# without risking lost emails.
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
any advice will be appriciated
Ram
Hi
thanks for the quick answer
my coments below
On Wed, Jan 27, 2010 at 9:54 AM, John Hardin wrote:
> On Wed, 27 Jan 2010, ram wrote:
>
> it works, but i see most of the mails are tagged as SPAM.
>>
>
> A little more detail, please: Are you complaining about seeing lots
On Thu, Jan 28, 2010 at 7:53 PM, John Hardin wrote:
> On Wed, 27 Jan 2010, ram wrote:
>
> On Wed, Jan 27, 2010 at 9:54 AM, John Hardin wrote:
>>
>> On Wed, 27 Jan 2010, ram wrote:
>>>
>>> it works, but i see most of the mails are tagged as SPAM.
>&g
Hi
I normal do reply with other mailing list, when i do reply it go to the
mailing list ID as a sender
here i have not observed it is going to user. sorry for that.
On Thu, Jan 28, 2010 at 10:03 PM, Bowie Bailey wrote:
> ram wrote:
> >
> >
> > On Thu, Jan 28, 2010 at
ed the bayes database? Have
> you at any point in the past properly trained the database and is it
> enabled with "use_bayes 1" in local.cf?
>
>
yes iam running that command inside spamd user
in the document said use_bayes default to 1
iam just trying to learn, what is the best way to learn bayes and fine tune
the configs
Ram
> Best,
> Alex
>
On Fri, Jan 29, 2010 at 7:58 PM, Bowie Bailey wrote:
> ram wrote:
> >
> >
> > The rules in /usr/share/spamassassin are the original rules from the
> > install. If /var/lib/spamassassin/3.002.005 exists, those rules
> > will be
> > used i
On Fri, Jan 29, 2010 at 8:41 PM, David Morton wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Bowie Bailey wrote:
> > ram wrote:
> >> iam still in confuse, how can i fine tune sitewide rules to send all
> >> the users to send spam mails to on
On Mon, Feb 1, 2010 at 10:23 PM, Bowie Bailey wrote:
> ram wrote:
> > hi
> >
> > what i am looking is
> >
> > iam looking sitewide, not userwide
> >
> > so if the user feel its spam mail, he will send that mail to another
> > email of local
On Mon, 2010-02-08 at 22:08 -0500, dar...@chaosreigns.com wrote:
> You get an email delivered from 64.71.152.40 (last untrusted
> relay). You look up the DNS A record for that IP, and get
> mail.chaosreigns.com. Then you look up the DNS PTR record of
> 40.152.71.64.designatedsender.mail.chaosrei
its located in /home/spamd
so how can i configure side wide bayes to capture more bayes
iam running sa-update cron. its upto date.
Ram
On Wed, Feb 10, 2010 at 9:13 AM, ram wrote:
> Hi
>
> its been 30days now i have setup a new qmail server with spamassassin 3.2.5
> works well,
>
> but iam using here simscan
>
> i use to get in my old server lot of virus and spam emails
>
> so we made strict rul
ntation is not going to be easy because
mailservers have been there too long for adopting anything new then can
your be sure MailServer IP validation will be adopted ?
Anyway I block spams from almost all non-mailservers by using RBL's
I dont see any value add in implementing this
Tha
On Sun, 2010-02-14 at 18:51 +0100, Ralf Hildebrandt wrote:
> * Jeff Koch :
> >
> >
> > Sorry this is off-topic but has anyone successful applied for the
> > Yahoo Email Complaint Feedback Loop?
>
> Yes, I did.
>
> > On the one hand their website says they have an ISP program based on
> > IP
On Thu, 2010-02-18 at 12:17 -0800, J.D. Falk wrote:
> On Feb 14, 2010, at 10:31 PM, ram wrote:
>
> > Anyway ReturnPath operates FBL's for yahoo and they provide IP address
> > based feedback loops at Cox etc
> > I dont know why this diff for yahoo.
>
>
ll be caught as spam.
I know there are ways to get around this rule too but in practical life
this has been real effective against phishing.
IMHO most of the anti-SPF bandwagon is more due ego issues than
technical.
Thanks
Ram
gt; -0.010 T_RP_MATCHES_RCVD
> -1.900 BAYES_00
>
>
http://pastebin.com/6c9sEEn9
even recently i installed new qmail server
i still see lot of junk mail coming with different charecters, i do not even
read them clearly
how can i stop those kind of emails
Ram
file and
forget about it. Because their SPF record already keeps track.
Even the largest banks today are outsourcing their email. FcRDNS works
only if the organization runs their own mailing and dont keep changing
their mailhost names.
Thanks
Ram
http://www.spamhaus.org/dbl/
I think sa-folks would have this already in some URIBL rule. What are
the scores you assign for a dbl positive hit ?
I assume my current datafeed would already extend to data access on the
dbl list. I will have to setup my rbldnsd before trying this out.
less reponsive to abuse reports
than corporate ones.
Thanks
Ram
On Wed, 2010-03-17 at 08:45 +0100, Per Jessen wrote:
> Hans-Werner Friedemann wrote:
>
> > Hi @ all
> >
> > I have another "Newbee-Question" but i can´t find any information
> > about that.
> >
> > how can I adjust in SA, that eMails with a certain subject
> > are listed in my blacklist
express, when they see some message is
spam
how can i ask them to report back so that create rules based on that
Any suggestion or help is appriciated
Ram
On Thu, Apr 8, 2010 at 12:27 AM, John Hardin wrote:
> On Wed, 7 Apr 2010, ram wrote:
>
> sa-learn --spam --showdots --dir /path/to/directory/full/of/spam/msgs
>> sa-learn --ham --showdots --dir /path/to/directory/full/of/ham/msgs
>>
>> i have not able to understand
1 - 100 of 202 matches
Mail list logo
