like list inclusions, except for things like
what xbl does: different results depending on the source.
regards,
mouss
Larry Rosenman wrote:
Is there a problem with 3.1.5 (FreeBSD port) and sa-learn --mbx?
I get the following:
/usr/local/bin/sa-learn --spam --mbx --showdots /home/ler/Mail/SA/FN
did you try
/usr/local/bin/sa-learn --spam --mbx --showdots /home/ler/Mail/SA/FN
URI_NOVOWEL fires with things like href=#id where id is a string that
starts with 7 no-vowel chars.
To fix this, I replaced
uri URI_NOVOWEL m%^https?://[^/?]*[bcdfghjklmnpqrstvwxz]{7}%i
with
uri URI_NOVOWEL m%^https?://[^/?\#]*[bcdfghjklmnpqrstvwxz]{7}%i
is this
Mike Pepe wrote:
Hi folks, this is a bit off topic, but I figured someone here may have
an inkling as to what I could do.
Some mail servers are now rejecting my email:
(reason: 550 Don't like your HELO/EHLO. Hostname must contain a dot.)
I checked and sure enough, the HELO just spits out
Theo Van Dinter wrote:
On Tue, Sep 19, 2006 at 10:58:46PM +0200, mouss wrote:
URI_NOVOWEL fires with things like href=#id where id is a string that
starts with 7 no-vowel chars.
uri URI_NOVOWEL m%^https?://[^/?]*[bcdfghjklmnpqrstvwxz]{7}%i
uri URI_NOVOWEL m%^https
John D. Hardin wrote:
On Thu, 21 Sep 2006, mouss wrote:
Theo Van Dinter wrote:
On Tue, Sep 19, 2006 at 10:58:46PM +0200, mouss wrote:
URI_NOVOWEL fires with things like href=#id where id is a string that
starts with 7 no-vowel chars.
uri URI_NOVOWEL m%^https
Chris Santerre wrote:
-Original Message-
From: mouss [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 20, 2006 6:12 PM
To: SpamAssassin
Subject: Re: FP: URI_NOVOWEL
Theo Van Dinter wrote:
On Tue, Sep 19, 2006 at 10:58:46PM +0200, mouss wrote:
URI_NOVOWEL fires
Daniel T. Staal wrote:
On Tue, September 19, 2006 5:01 pm, mouss said:
why not set your hostname to an fqdn value?
Because then well-behaved tools will be messed up?
You probably mean broken resolver implementations. but these should
either be fixed or abandoned. It's been years
Suhas (QualiSpace) wrote:
Hello,
Which rule will help me in checking if senders domain has MX
record or not. E.g I am getting email from [EMAIL PROTECTED], then the rule
should check whether domain.com has an MX record or not.
grin
Fix your DNS:
# host -t mx domain.com
Benny Pedersen wrote:
On Sun, October 15, 2006 23:33, mouss wrote:
- you may also use the bougusmx list at rfc-ignorant, but this catches
some legitimate (misconfigured) sites. so think twice before using it to
reject at MTA level.
the miss configured sites my see the problem in logs
Angel L. Mateo wrote:
Hello,
I am using spamassassin with postfix and amavis on a debian sarge
server. The versions I use are:
* postfix: 2.1.5
* amavisd-new
* spamassassin: 3.1.0a
The problem I have is that emails sent by one of my users is always
tagged as spam, although
David B Funk wrote:
On Thu, 19 Oct 2006, John Andersen wrote:
On Thursday 19 October 2006 04:02, Giampaolo Tomassoni wrote:
In short: just use it. :-}
Right. :)
No, that's actually wrong. You never want to use it to send
or receive mail. You want it to be hit
Chris St. Pierre wrote:
I use Postfix and, for a while, I had reject_unknown_hostname as part
of my smtpd_helo_restrictions. For those who aren't familiar,
reject_unknown_hostname will:
Reject the request when the hostname in the client HELO (EHLO) command
has no DNS A or MX record.
This was
Justin Mason wrote:
Hey --
just to turn the tables for a bit ;), I've recently been considering a
problem and a possible solution, and could do with SpamAssassin users'
advice.
These days, I've been forced to use SBL/XBL as an upfront anti-spam check,
rejecting spam at RCPT TO: time during the
Giampaolo Tomassoni a écrit :
It seems that the yerp.org www server is irresponsive.
To my knowledge, that server was hosting the sought.rules.yerp.org update
channel.
Anybody knows if it is a transient problem or if that channel moved
elsewhere?
it was working yesterday. most probably
pm...@email.it a écrit :
Hi, in this page: http://wiki.apache.org/spamassassin/BayesInSpamAssassin
i read: *
Do not* train Bayes on different mail streams or public spam corpora.
These methods will mislead Bayes into believing certain tokens are
spammy or hammy when they are not.
So, i
Kai Schaetzl a écrit :
Thomas Höhlig wrote on Tue, 06 Apr 2010 14:24:58 +0200:
Can anyone tell me where i can find the option to deactivate the
answer-mail.
Ask on the sa-exim list.
yes. and make sure not to confuse reject (say go away) with bounce
(accept message, then later send a
Le 12/08/2010 00:37, Karsten Bräckelmann a écrit :
On Wed, 2010-08-11 at 17:30 -0400, Bowie Bailey wrote:
In case anyone else is following this...
The sa-update process made things a bit more complex than simply
renaming the file after updates. If that's all you do, then sa-update
loses
Le 16/08/2010 15:53, Bowie Bailey a écrit :
On 8/14/2010 5:51 PM, mouss wrote:
Le 12/08/2010 00:37, Karsten Bräckelmann a écrit :
On Wed, 2010-08-11 at 17:30 -0400, Bowie Bailey wrote:
In case anyone else is following this...
The sa-update process made things a bit more complex than
Le 17/09/2010 00:34, Karsten Bräckelmann a écrit :
[snip]
I had in amavis-conf:
$final_spam_destiny = D_BOUNCE;
$final_banned_destiny = D_BOUNCE;
should be much better like this:
$final_spam_destiny = D_REJECT;
$final_banned_destiny = D_REJECT;
It was default with
Le 07/10/2010 23:28, John Hardin a écrit :
On Thu, 7 Oct 2010, Karsten Br�ckelmann wrote:
On Thu, 2010-10-07 at 11:11 +0200, Shlomi Fish wrote:
before I unsubscribe I should note that the incoming messages from
this list
should have an Unsubscribe / How-to-get-help footer at teh bottom of
is a public mail. I'm going to zero the
corresponding rules (I prefer false negatives, which help improving
local rule, over false positives, exceptionally when I can't explain
why).
= FP sample
Return-Path: websecurity-return-7218-mouss=ml.netoyen@webappsec.org
Delivered
Le 12/12/2010 19:23, Giampaolo Tomassoni a écrit :
How does it work?
I just got blocked by the ATT's blacklist (in contacting ab...@att.com,
besides...), but I'm pretty sure my MX is not an open relay or other kind of
nifty thing.
Maybe ATT blocks whole address bunches from which some hosts
is, if we know it's an linkedin invitation, if we need to
verify DKIM at all ;)
depends on your users.
if it's your own hobby mail system, you can block linkedin, facebook,
twitter, hotmail, yahoo, ... etc. nobody will complain ;-p
mouss wrote:
the sample posted by Michelle came to her via
:04, Matus UHLAR - fantomas a écrit :
now the question is, if we know it's an linkedin invitation, if we need to
verify DKIM at all ;)
On 13.12.10 09:52, mouss wrote:
depends on your users.
if it's your own hobby mail system, you can block linkedin, facebook,
twitter, hotmail, yahoo, ... etc
Le 13/12/2010 15:33, Matus UHLAR - fantomas a écrit :
Michelle Konzack wrote:
300-500 INVITE spams per day from more than 400 socialnetworks
worldwide is realy annoying or better, I would call it
terrorism.
On 12.12.10 22:03, Per Jessen wrote:
Just reject them all?
Matus UHLAR - fantomas
Le 13/12/2010 11:30, Michelle Konzack a écrit :
Hello Per Jessen,
Am 2010-12-12 22:03:34, hacktest Du folgendes herunter:
Michelle Konzack wrote:
300-500 INVITE spams per day from more than 400 socialnetworks
worldwide is realy annoying or better, I would call it terrorism.
Just reject
Le 13/12/2010 10:38, Martin Gregorie a écrit :
On Mon, 2010-12-13 at 08:17 +0100, Per Jessen wrote:
mouss wrote:
the sample posted by Michelle came to her via a debian list. debian
lists are open (no subscription required) and thus attract a lot of
spam.
And whilst invitations such as those
Le 13/12/2010 23:45, Martin Gregorie a écrit :
On Mon, 2010-12-13 at 22:19 +0100, mouss wrote:
Le 13/12/2010 10:38, Martin Gregorie a écrit :
As others have said, it depends who sent it and why. Invitations sent
specifically by people who know you aren't spam, but I've heard it said
several
Le 15/12/2010 00:52, John Hardin a écrit :
On Tue, 14 Dec 2010, Cedric Knight wrote:
So a hash is best,
Agreed.
and I'd suggest SHA1 over MD5.
Just out of curiosity, why? An MD5 hash is shorter than an SHA hash (an
important consideration when you're making lots of DNS queries of the
Le 14/12/2010 15:28, Marc Perkel a écrit :
Are there any DNSBLs out there based on email addresses? Since you can't
use an @ in a DNS lookup - how would you do DNSBL on email addresses? Is
there a standard?
you an still use something like
john@example.com = john.doe._address.example.com
Le 23/12/2010 19:40, Chris Owen a écrit :
On Dec 23, 2010, at 12:35 PM, mouss wrote:
do you really think there is a need to list email addresses? if yes,
then may be you can define a subset instead of all possible addresses.
after all, spammers don't use all possible representations, do
Le 23/12/2010 22:56, Bob Proulx a écrit :
mouss wrote:
John Hardin a écrit :
Just out of curiosity, why? An MD5 hash is shorter than an SHA hash (an
important consideration when you're making lots of DNS queries of the
hash), MD5 is computationally lighter than SHA, and MD5 is robust enough
Le 29/12/2010 16:54, Jason Bertoch a écrit :
I'm starting to see a (new to me) pattern of spam, and only spam, with
PTR records consisting of a single dot, such as:
Received: from ejru38.pindmosel.info (. [184.154.78.38] (may be forged))
I used to block these and others in postfix:
pcre =
Le 29/12/2010 15:29, Jack L. Stone a écrit :
[snip]
All of my net checks are done at the MTA level
(sendmail) and none in SA -- it's turned off. What is the benefit of
checking twice? Maybe I missed the benefit.
- with some lists, you want to check the IPs found in the Received
headers (and
Le 03/01/2011 13:28, Jari Fredriksson a écrit :
I want to secure a postfix site with rbls, no spamassassin at this
moment. (I use SpamAssassin on other sites, and no RBLs at SMTP time, so
I'm not very experienced with this. SA has may RBL's, sure, but what to
use to kill them when seen?)
Le 05/01/2011 02:15, Karsten Bräckelmann a écrit :
On Tue, 2011-01-04 at 00:58 +0100, mouss wrote:
Le 03/01/2011 13:28, Jari Fredriksson a écrit :
I want to secure a postfix site with rbls, no spamassassin at this
moment. (I use SpamAssassin on other sites, and no RBLs at SMTP time, so
I'm
Le 05/01/2011 17:00, Rob McEwen a écrit :
On 1/3/2011 6:58 PM, mouss wrote:
as you can see, all DNSBLs but spamhaus are more or less useless.
Mouss,
[ignoring content filtering for a moment... per the original poster's
request]
If one DNSBL removed 90% of all spams, and that made
Le 06/01/2011 00:48, Karsten Bräckelmann a écrit :
On Thu, 2011-01-06 at 00:27 +0100, mouss wrote:
Le 05/01/2011 02:15, Karsten Bräckelmann a écrit :
On Tue, 2011-01-04 at 00:58 +0100, mouss wrote:
Recipient unknown: 5318 ( 73.85 %)
DNSBL zen.spamhaus.org...: 816
Le 11/01/2011 22:07, Mark Martinec a écrit :
Consider for a moment how hard it would be for an average spammer to
spoof rDNS
This has nothing to do with DNS. The trusted/internal/msa networks
only checks an IP address as it stands in an Received header field,
it does not check nor depend on
Le 12/01/2011 23:02, Mahmoud Khonji a écrit :
I would highly appreciate if anyone is able to send me his SPAM/Ham email
collection.
sigh. if you can't understand what privacy means, then you are part of
the problem.
I need it to train and test classifiers.
you need to train with
Le 27/01/2011 15:12, Michael Scheidell a écrit :
On 1/26/11 11:58 PM, Sahil Tandon wrote:
reject_rhsbl_sender dbl.spamhaus.org=127.0.1.2,
Sound advice to advocate good practices, but in more recent version of
Postfix, this should not be required.
eh?
reject_rhsbl_sender dbl.spamhaus.org
Le 03/02/2011 22:51, Adam Moffett a écrit :
That's good. The only useful list (BogusMX) can be discovered without
querying rfc-ignorant anyway. Just get the MX records for the sending
domain (which are almost certainly in cache) and make sure they resolve
to real IP addresses.
We reject
Le 09/02/2011 23:09, Chip M. a écrit :
There's an interesting new insecure-boy-drugs campaign that's
about 8% of our post-gateway traffic. It started early today.
About 58% of these are sneaking thru (plain vanilla) SpamAssassin.
The key features are:
three columns of vertical
Le 10/02/2011 10:09, Chip M. a écrit :
mouss wrote:
with a stock config, and without Bayes, it now yields:
Hmmm, interesting!
Yes, all the caught spam here were due to RBL hits.
Which begs the question, what SpamAssassin tests are hitting for
the misses vs the kills?
Here's what
Le 19/02/2011 04:58, Frank Reppin a écrit :
Hi list,
Ok - think of it as beeing solved.
I could make something 'useful' after
digging more in HeaderEval.pm.
did you take a look at the code that implements DATE_IN_FUTURE_* rules?
But later then... this raises another issue.
I'll open a
Le 22/07/2011 17:50, Michael Scheidell a écrit :
any of you subscribed to techtarget or crm emails?
seems on june 16th or 17th, something broke. and I am trying to
determine if its something we did or something they did.
no, it's much older than that. I can see a borked one dating back to 25
Le 26/07/2011 01:57, Michael Scheidell a écrit :
On 7/22/11 12:49 PM, Michael Scheidell wrote:
On 7/22/11 12:08 PM, Michael Scheidell wrote:
On 7/22/11 12:04 PM, Bret Miller wrote:
Well, I don't actually subscribe to any active techtarget lists, but
I do still get marketing garbage from them.
Le 15/11/2012 22:16, Per-Erik Persson a écrit :
Is there a way to add spamassin rules without editing the config
and reloading the process?
To be more specific, I can set up a RBL of my own and add
suspicious servers found in the header, no problems to do that.
This can be done today
I hope Justin has no problems. if anybody has news, please share that
with me.
Le 15/02/2013 13:42, Kevin A. McGrail a écrit :
On 2/14/2013 6:35 PM, Emmett Culley wrote:
Hi KAM,
Can you give me a hint on who or what to contact. I don't know how
those rules got into my system. It was
Jo Rhett wrote:
Right. Which proves that you weren't reading. I was replying to the
comment that someone made that any host with more than one address
would have more than one HELO. This isn't true.
Now a host with more than one interface might have more than one helo
name. But that's
Alan Fullmer wrote:
Thanks. That puts me on the right path.
I did forget to post my script:
#!/bin/bash
/usr/bin/spamc -f -u $4 | /usr/sbin/sendmail -i $@
exit $?
You are filtering one message, using the first recipient ($4). as a
result, the message will have one score (corresponding
Michael Frotscher wrote:
On Saturday 11 November 2006 22:49, Michael Scheidell wrote:
What happens with this:
user=${recipient} argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f
${sender} ${recipient}
Does not work.
are you after
user=${user}
But I found that postfix knows
Mark Adams wrote:
Hi All,
Spamassassin 3.1.4-1
Currently have entries like the following in the local.cf file
whitelist_from [EMAIL PROTECTED]
and
whitelist_from [EMAIL PROTECTED]
But mail is still picked up as spam for the [EMAIL PROTECTED]
Have also tried the following;
Rodney Richison wrote:
In my fight against spam, yahoo groups seems to be the only casualty.
I'm not a rule writer, so please forgive this feable attempt and let me
know if it looks ok
# Example of a rule for text in the header of the mail:
header LOCAL__H_from_yahoogroupsFrom =~
Rodney Richison wrote:
Unfortunatly, I can't enable the domainkeys pluging. I loaded it with
cpan and got this on a lint.
[18770] warn: plugin: failed to parse plugin (from @INC): Can't locate
Mail/DomainKeys/Message.pm in @INC (@INC contains: lib /usr/share/perl5
/etc/perl
Rodney Richison wrote:
did you install Mail::DKIM?
I just now did, no luck.
if it was really installed, then you need to find out where!
try to reinstall it and watch the output.
do you have multiple perl versions on your system?
Not that I know of. :) Which I'm sure
Daryl C. W. O'Shea wrote:
Bart Schaefer wrote:
On 3/3/07, Don Ireland [EMAIL PROTECTED] wrote:
Every email list I've ever subscribed to has had something in the
subject line (usually in square brackets) to identify 1) that it is a
mailing list and 2) what list it is.
Why doesn't this list
Evan Platt wrote:
At 11:44 AM 3/4/2007, mouss wrote:
somewhat related: I sometimes receive mail with a spam tag in the
subject, a tag added by the sender MTA !!! fortunately, I don't use
subject tagging, otherwise...
which explains why I do not favour subject modification by any piece
John Clements wrote:
It appears to me that all mail coming through Yahoo groups is getting
at least 4.5 points because of yahoo's use of tiny fonts and of
non-compliant Date: formats. Here's the spamassassin analysis:
pts rule name description
--
Mário Gamito wrote:
Hi,
Thank you for your answers.
Look at the config documentation for the whitelist_from_rcvd and
whitelist_from_spf options.
Humm... where are they ? Couldn't find it :(
Can you post the list of rules that these mails are hitting (the
X-Spam_Status header)?
Andy Spiegl wrote:
Hi,
I call spamc to scan the messages (like most of you I assume :-)
But if spamd isn't running (see my other postings) spamc returns the
messages unprocessed. How are you guys coping with that?
I guess I have to check the processed messages for the
X-Spam-Checker-Version
Mário Gamito wrote:
Hi,
How can change the number of messages needed for sa-learn from 200 to
a lower value ?
My boss (grunf... it had to be him) is getting a lot of HAM.
if it doesn't come to you, go to it! do it the other way. find 200 ham
and 200 spam messages and sa-learn them! even
John D. Hardin wrote:
On Thu, 12 Apr 2007, Instituto de Ingenieria Área de Sistemas Unix/Linux wrote:
So why does spamassassin classifies some mails even though it's
exactly the same message for all the addresses?
per-user bayes, perhaps?
or
- AWL
- dcc, razor, ..
- dnsbl's
Mário Gamito wrote:
Hi,
now, take one of the messages and run spamassassin -t on it and show
these tests (at the end of the report).
Strange, it has only 4.1 points, but is marked as SPAM!
not now, but it was marked as spam when it was delivered. maybe
dcc/razor (or spamcops?)
Florian Lindner wrote:
Hello,
I use SA von my server. The mails are filtered immediatly after they were
received.
SA uses a number of external services, for example black lists which test if
they same email was already received by thousands of other people.
Are these tests signifcantly more
Anton Melser wrote:
Hi,
I have been looking for a set of rules that have been specially done
for combating French spam (in particular content). I found those at
http://maxime.ritter.eu.org, but they aren't official, and I was
wondering whether people know about any others.
last time I tried
Luis Hernán Otegui wrote:
Well, I have a caching dns running, and it performs (almost) flawlessly.
zen.spamhaus.org seems to perform very well here, since when I look at
the
mail logs I don' find any false positives. I was using
cbl.abuseat.org, bu
it was too loosy on checks, so many .edu.ar
Florian Lindner wrote:
maybe. but do you like waiting for messages to be scanned when you try
to read them?
I meant scanning when I download then to my mailclient not when reading them.
what do you exactly mean by download to mailclient?
in general, people run the mailclient, this
WiNK / Bor wrote:
Hi Guys,
Not sure if this is the right list to ask it, but lots of people with
knowledge about it,
how serious is the PNG file treat, i noticed it is default denied by
mailscanner. However i got some designers behind my mailscanner, which
also want receive png files? So i
Eric Goforth wrote:
Hey all,
I have a quick thought about something we may want to all consider. For
those of us that use SA (all of us right?) and we use Bayes (most of us
I assume) and that have whitelisted this list (a few anyhow) that get
people forwarding their spam messages to the list
Jerry Durand wrote:
Someone was asking about the Zen RBL from Spamhaus.org, it just
occurred to me I should mention this for anyone who doesn't read the
not-so-fine print.
Do NOT use Zen for scoring mail bodies, Spamhaus tells you this and it
will get you in trouble. Zen has includes
Per Jessen wrote:
Recently I seem to be getting more than the usual batch of FPs, which
I've tracked to be due to RCVD_IN_WHOIS_INVALID giving 2.2 points.
According to the explanation, it reports an IP on an invalid block -
RCVD_IN_WHOIS_INVALID RBL: CompleteWhois: sender on invalid IP
Marc Perkel wrote:
OK - tell me if this is useful. I created a DNS list that you can pass
a host name to and get information as to where the registrar barrier is.
You can use it as follows:
dig host.rb.junkemailfilter.com
Example:
dig perkel.com.rb.junkemailfilter.com - returns 127.0.0.1
dig
Tuc at T-B-O-H.NET wrote:
It comes as a blank message with a bulletin.zip. Its actually a
RAR file. You unrar it and it produces bulletin.txt. Then its a stock
spam.
I guess they've given up on hoping PC owners will sucker for their game.
I can't imaging that one PC owner in 100K knows
[EMAIL PROTECTED] wrote:
I just found this in my inboy -is someone trying a new look of bounces?
I have replaced actual recipient with [EMAIL PROTECTED]
If they faked the From header, then they are seriously broken.
Wolfang Hamann
Received: from fc.williston.com (HELO williston.com)
Rick Macdougall wrote:
simscan correctly uses an SMTP REJECT (55x code during the smtp
conversation) and it is also possible to use custom reject messages
with simscan so the sender, if any, knows exactly why the message was
rejected.
I have yet to see a good implementation of this in
SM wrote:
At 14:25 31-07-2007, mouss wrote:
If they faked the From header, then they are seriously broken.
They are not faking the From header.
what is
From: [EMAIL PROTECTED]
In an NDR from a remote site?
Subject: NDN: (Suspected Spam:) soggy mirror
X-Mailer: FirstClass 8.2 (build
jdow wrote:
This might be a job for a simple plug-in.
or for a postfix header checks:
/^X-Originating-IP: \[([3-9].*)\]/ REJECT forged X-Originating-IP ($1)
one can get more precise using an if and only allowing valid forms.
not sure it's worth the pain though...
{o.o}
-
John D. Hardin wrote:
On Tue, 31 Jul 2007, mouss wrote:
running SA at smtp time requires that the client does not timeout.
so you'd better scan fast! you're also more subject to DOS (your
smtp listeners are busy). compare this to queue and filter...
okay, here's a sick idea:
(1) MTA
Rick Zeman wrote:
I doubt that spammers have gotten sophisticated enough to have lists of
of Middle Eastern names with US-based addresses. There's something else
going on, methinks.
It is possible that most of these addresses were found in the address
book of some [EMAIL PROTECTED] by a
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having just
one
Unfortunately, backup MXes attract spammers :-(. You could at least add
some more backup MXs (that don't exist) on top of that,
Kai Schaetzl wrote:
Mouss wrote on Sat, 25 Aug 2007 16:51:07 +0200:
check_sender_mx_access.
this won't detect MX hostnames resolving to valid but not reachable IP
no.s.
sure, which may lead to the creation of a dedicated blacklist.
John Rudd wrote:
mouss wrote:
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having
just one
Unfortunately, backup MXes attract spammers :-(. You could at least
add some more backup MXs
Kai Schaetzl wrote:
Duane Hill wrote on Sat, 25 Aug 2007 22:29:50 + (UTC):
What happens if the remote MX is within a private IP range? Should I
accept that message, knowing fully, the recipient would never be able to
respond?
This feature looks fine on first glance, but on
Kai Schaetzl wrote:
Michael Scheidell wrote on Sun, 26 Aug 2007 09:54:16 -0400:
Look for 'bogusmx' blacklist.
criteria are different.
Indeed. reject != score. Moreover, I wouldn't put
- MX = private IP
- MX = *.mx.*
- MX = CNAME or MX=IP
at the same level.
anyway, Michael has
Jason Bertoch wrote:
I think it's safe to say I'm not in the minority when I receive SPF-Compliant
spam. I'm looking for opinions on what we can honestly derive from such
messages regarding the sending server's IP and the sending address' domain name.
Is it wise to blacklist both, or is this
David B Funk wrote:
I guess I didn't make my question clear enough;
How do you deal with mail from legit servers that are blocked by this
configuration?
(IE servers that for what ever reason will ONLY try the first mx, thus
failing to get past your fake MX.)
well, rfc mandates that they try
Marc Perkel wrote:
It isn't even a forgery tool because if will return a false positive
of forwarded email.
If the domain owner doesn't want his domain to be used as sender address
in email not sent by his servers, then there is no FP. It is a policy
enforcement.
Feel free to accept
Giampaolo Tomassoni wrote:
-Messaggio originale-
Da: Bret Miller [mailto:[EMAIL PROTECTED]
...omissis...
What happens with computer lingo and things like URLs that aren't
really
language? I guess the idea would be to write it and see what such a
rule
would hit.
You're probably
Simon wrote:
On 8/29/07, Mark Martinec [EMAIL PROTECTED] wrote:
Simon,
connect to transport spamassassin: Connection refused
You do not have a transport named 'spamassassin' in Postfix master.cf file.
The name of a transport comes from a content_filter setting, a FILTER
ram wrote:
I am using SA 3.2.3 and very few spam get thru
But I can still see some spam with urls because the the urls are not yet
listed in uribls
I tried to do some analysis on my quarantine, I found atleast some
spammer domains have the same NS records.
Now in my spamassassin can I do a
ram wrote:
On Wed, 2007-09-05 at 10:50 +0200, mouss wrote:
But if his DNS points to your server and you dont host DNS for him, his
domain will not get resolved. I could easily check for such domains
then.
well. they can also hack a machine and use its real hostname. Note that
owned
Matus UHLAR - fantomas wrote:
Hello,
I have some addresses that are forwarded to different machines, so they do
not belong to real user on my system.
I would like to process mail for such users as if it belongs to one special
user which I created for this reason, to allow BAYES filter to take
Zeuxi Gau wrote:
hello,
i would like to get some infos about spamassassin.
problem:
version 3.1.7 SpamAssassin with Fedora Core 2
I got SA to work fine, but i would like the mails detected as spam to
be forwarded to a special email address instead of the current mailbox.
---
Matus UHLAR - fantomas wrote:
I have sendmail with spamass-milter and run mail through spamd.
It works good, I even have default user for mail which is send to more users
(-u option) but this is used only when multiple recipients are used. I would
like to use this one (not nobody) for
Tim Litwiller wrote:
I just got a message back that I sent to a mailing list. It came back
to me marked as Spam. So I looked at what caused it
here is the headers
X-Spam-ASN: AS1784 199.232.0.0/16
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on
Aaron Wolfe wrote:
On 9/6/07, Jeff Chan [EMAIL PROTECTED] wrote:
Quoting Rajkumar S [EMAIL PROTECTED]:
Hi,
Does any one seeing increasing smtp concurrency for the past couple of
weeks? I run couple of (qmail/simscan/spamassassin) mail servers and
all experience the same problem. The
Jari Fredriksson wrote:
The one thing he does NOT want to do is what seems to be
most common with Fedora Core - use it for filtering each
email as you fetch it using evolution. You find yourself
with long delays in an interactive situation. Turn off
any SpamAssassin access in evolution and tell
I just got the spam below (headers removed except few).
this hasn't been caught at reception time. It now triggers
RCVD_IN_BL_SPAMCOP_NET.
however, it doesn't trigger surbl checks, since the '' is considered
as the end of the url.
debug: URIDNSBL: domains to query: ins.com nusv.com
401 - 500 of 1228 matches
Mail list logo
