Hi,
very soon we will celebrate KAM.cf Ruleset 20th Anniversary,
are there any stories about how you use the ruleset, any products that include
the rules you are aware of, or other info about how it has helped with spam and
email security ?
Glad to receive any info or story about KAM.cf
Il 19 marzo 2024 15:33:10 CET, Bill Cole
ha scritto:
>On 2024-03-19 at 09:51:04 UTC-0400 (Tue, 19 Mar 2024 08:51:04 -0500)
>Thomas Cameron
>is rumored to have said:
>
>> Does anyone else just block all traffic from *.onmicrosoft.com?
>
>Yes. No collateral damage noticed. That includes a
Hi,
phishstats[.]info domain has recently moved to a parking domain, if you are using
Mail::SpamAssassin::Plugin::Phishing plugin with data downloaded from PhishStats[.]info
it would be better to comment "phishing_phishstats_feed" configuration line.
If PhishStats[.]info will not find a new
On Sat, Feb 25, 2023 at 03:30:13PM +0100, hg user wrote:
> Hi,
> I'd like to install at least one plugin in my embedded spamassassin,
> installed inside Zimbra.
> I'm a bit afraid of breaking stuff, about missing dependencies and so on.
>
> I'm on SA 3.4.5 and - as a test - I'd like to install
Hi,
as everybody knows, spam from ESPs continues, some news about my efforts to
contrast those
spammers:
- new version of Mail::SpamAssassin::Plugin::Esp has been released, you
can find it at https://github.com/bigio/spamassassin-esp
- my ESPs rbl is now public, rules to use it can be
On Mon, Dec 26, 2022 at 10:38:07AM +1300, Sidney Markowitz wrote:
> Philippe Chaintreuil via users wrote on 26/12/22 6:27 am:
> > I'm getting test failures for the dnsbl_subtests.t. Figured I'd check
> > here before filing a bug.
> >
> > I'm running Spam Assassin 4.0.0 on Gentoo Linux. Perl
Hi,
starting on 08/16 a rule that is using captured tags has been promoted and
SpamAssassin 4.0 (this rule is disabled for SpamAssassin 3.x) started printing
log lines like:
Aug 16 01:07:49 spamd-intel1 spamd[1706586]: plugin: eval failed:
Timeout::_run: Unescaped left brace in regex is
On Mon, Apr 25, 2022 at 12:50:49PM +0300, Henrik K wrote:
> On Mon, Apr 25, 2022 at 11:48:52AM +0200, Matus UHLAR - fantomas wrote:
> > > > >> >https://pastebin.com/s032ndrA
> > > > >> >
> > > > >> >It's not only hitting DMARC_REJ_NO_DKIM and DMARC_FAIL_REJECT, but
> > > > >>
> > > > >> where did
On 3/21/22 13:31, @lbutlr wrote:
> On 2022 Mar 21, at 04:37, Henrik K wrote:
>> Right, it does seem you haven't imported the key..
>
> Thanks! That's what was missing. Odd, considering there were KAM files
> present, just not recent ones. Anyway, not my system, but all sorted now.
>
KAM.cf
On 9/25/21 08:32, Jared Hall wrote:
> MIMEDefang might be another program that can help you. I personally don't
> know much about it, but it seems to be robust.
MIMEDefang can fix Alex issue ("one domain may wish to allow html files while
another would like to block them"),
we can talk about
On Wed, Sep 08, 2021 at 06:17:49PM -0700, Loren Wilton wrote:
> > The originating PHP script header helps people who run shared servers
> > track down the source of problematic mail. The two most common cases are:
>
> Does this look valid?
>
> X-PHP-Originating-Script:
On 8/18/21 10:55 AM, Lars Einarsen wrote:
> Hi list,
> any suggestion on how to override the whitelist entries in the HashBL plugin?
>
> We run an in house hashbl dns list and see lots of "administrative" type
> adresses that matches the whitelist regex in the plugin.
>
There is no way atm but
I have disabled his rule some time ago.
>>>> Many spammers use mailing list or their signatures.
>
>> On 2021-04-28 11:55, Giovanni Bechis wrote:
>>> Same here, is it worth to keep MAILING_LIST_MULTI to that hardcoded score ?
>
> On 28.04.21 12:18, Benny Pe
On 4/28/21 11:44 AM, Matus UHLAR - fantomas wrote:
>
>> -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
>> manager
>
> I have disabled his rule some time ago.
> Many spammers use mailing list or their signatures.
Same here, is it worth to keep
odule? No. I have the utmost respect for and trust in Giovanni Bechis
> and use his code every day, but that module as it exists at Github is not
> structured to be used from a git checkout. The 4 significant files all
> properly belong in different places. The specific proper places would depend
On 4/1/21 3:10 PM, Simon Wilson wrote:
> Does SA always do its "own" DKIM check, or can it be told to use an already
> written trusted AuthservId-written Authentication-Results header, e.g. from
> OpenDKIM?
>
I think Mail::SpamAssassin::Plugin::AuthRes (on trunk) is what you are looking
for.
On Sun, Feb 28, 2021 at 10:33:15AM -0500, Michael Grant wrote:
> On Sun, Feb 28, 2021 at 03:53:33PM +0100, Giovanni Bechis wrote:
> > On Sun, Feb 28, 2021 at 07:38:22AM -0500, Michael Grant wrote:
> > > Ultimately I want the spamassassin report in the headers but I don't
> >
On Sun, Feb 28, 2021 at 07:38:22AM -0500, Michael Grant wrote:
> Ultimately I want the spamassassin report in the headers but I don't
> want the license key in there.
>
you can set 'tflags net nolog' if you are using trunk.
Invaluement uri and license key will be printed as *redacted*.
Giovanni
On 2/19/21 1:09 AM, John Hardin wrote:
> On Thu, 18 Feb 2021, Giovanni Bechis wrote:
>
>> On 2/18/21 6:37 PM, Ricky Boone wrote:
>>> Just wanted to forward an example of an interesting URL obfuscation
>>> tactic observed yesterday.
>>>
>>> https:/
On 2/18/21 6:37 PM, Ricky Boone wrote:
> Just wanted to forward an example of an interesting URL obfuscation
> tactic observed yesterday.
>
>
On Thu, Feb 11, 2021 at 08:52:59AM -0500, Bill Cole wrote:
> On 11 Feb 2021, at 7:00, Loren Wilton wrote:
>
> > I'm getting a lot of spams that all have a series of completely bogus
> > Received headers in them. A characteristic of these headers is a
> > rather improbable datestamp, considering
On 2/9/21 10:03 PM, Benny Pedersen wrote:
> On 2021-02-02 03:25, Kevin A. McGrail wrote:
>> Since it's already hitting 8.9, why do more?
>
> got one more today
>
> http://multirbl.valli.org/lookup/167.89.112.86.html
>
> envelope sender is not sendgrid.net
>
> spamurls to the phishing is
On Tue, Feb 09, 2021 at 10:03:57PM +0100, Benny Pedersen wrote:
> On 2021-02-02 03:25, Kevin A. McGrail wrote:
> > Since it's already hitting 8.9, why do more?
>
> got one more today
>
> http://multirbl.valli.org/lookup/167.89.112.86.html
>
> envelope sender is not sendgrid.net
>
> spamurls to
On 2/4/21 10:47 AM, Dan Mahoney (Gushi) wrote:
> Hey there all,
>
> In looking at my sql server, it looks like the on-disk size of my MySQL DB's
> is like 9G (because of InnoDB, it's hard to glean just from the filesystem
> what tables are which).
>
> Anyway, I'd like to move over to a global
On 1/6/21 2:40 PM, RW wrote:
> On Tue, 5 Jan 2021 10:14:45 -0800 (PST)
> John Hardin wrote:
>
>> On Tue, 5 Jan 2021, Dave Funk wrote:
>>
>>> On Tue, 5 Jan 2021, John Hardin wrote:
>
> subjprefix FROM_ME [From Me]
>
>>>
>>> Does this work if you're using a milter for your glue?
>>>
On Mon, Jan 04, 2021 at 05:23:30PM -0800, John Hardin wrote:
> On Mon, 4 Jan 2021, Joey J wrote:
>
> > If I'm understanding things correctly, there is a way for me to BCC spam
> > messages which lets say score 10 and send a BCC to an email address, but
> > I'm trying to do it within only 1 rule,
On 12/14/20 7:27 PM, AJ Weber wrote:
>
>> if you are using RH based Linux distros, just put the attached configuration
>> file under /etc/mail/spamassassin/channels.d/
>
> Apologies for the naive question; I'm running CentOS 7, SA 3.4.3. I don't
> have that channels.d directory by default.
On Mon, Nov 30, 2020 at 05:40:39PM -0500, Alex wrote:
> Hi,
>
> I happened to notice today that the sendgrid spam work being done by
> Invaluement (https://www.invaluement.com/serviceproviderdnsbl/) and SA
> developers now apparently supports compromised Mailchimp domains.
>
On 11/26/20 5:22 PM, Kevin A. McGrail wrote:
[...]
> The KAM rule set is authored by Kevin A. McGrail with contributions from Joe
> Quinn, Karsten Bräckelmann, Bill Cole, and Giovanni Bechis. It is maintained
> by The McGrail Foundation.
>
> The KAM channel is made possible w
Il 26 ottobre 2020 20:09:52 CET, Benny Pedersen ha scritto:
>Giovanni Bechis skrev den 2020-10-26 09:05:
>
>>> amavisd have penpal, if that is possible to track with TxRep ?
>> maybe something is doable by reading _TXREPEMAILCOUNT_ tag.
>
>with 3.4.4 it does not work, s
On 10/25/20 7:12 PM, Benny Pedersen wrote:
> Bob Proulx skrev den 2020-10-25 19:08:
>
>>> I also have a tool for weeding undesirables from the correspondent list
>>> because spamming addresses can creep onto the list, but its very
>>> infrequently needed.
>>
>> It is a clever idea! I might add
On 10/23/20 3:30 PM, Alessio Cecchi wrote:
> Hi,
>
> I have enabled txrep on a test spamassassin setup, but on some emails with
> malware file attached, txrep assign a positive score:
>
> # zcat spam.eml.gz | spamc -s 2097152 -R
>
> [...]
>
> Content analysis details: (52.6 points, 5.0
On 10/23/20 2:44 PM, RW wrote:
> On Fri, 23 Oct 2020 12:49:10 +0200 (CEST)
> Matthias Rieber wrote:
>
>
>> is it possible to get, for instance txrep, the score of single test
>> to write it in a header like this:
>>
>> X-Spam-Reputation: _TXREP_SCORE_
>>
>> The man page lists the following
On Tue, Aug 25, 2020 at 08:29:55PM +0200, Benny Pedersen wrote:
> Rob McEwen skrev den 2020-08-25 19:20:
>
> > PRO TIP: Instead of complaining about this problem on this thread -
> > why not go to the discussion list or forum of your preferred MTA - and
> > ask them to implement it?
>
> maybe
On 8/21/20 9:28 PM, Rob McEwen wrote:
> ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for
> Sendgrid-spams!
>
> ...a collection of a new TYPE of DNSBL, with the FIRST of these having a
> focus on Sendgrid-sent spams. AND - there is a FREE version of this - that
> can be
On 4/22/20 5:43 PM, Henrik K wrote:
>
> I've updated replace_tags with these 4-byte UTF-8 characters, whatever they
> are, will look more indepth later..
>
you have been faster, I have the same diff on my tree and I was going to commit
it :-)
Giovanni
> For example replace_tag A
On Tue, Mar 24, 2020 at 12:01:46PM +0530, KADAM, SIDDHESH wrote:
> Team,
>
> Anyway of blocking attached spam mail of Corona.
>
it's hitting more than 9 points for me with updated rules.
Most relevant hits are:
1.0 FORGED_SPF_HELONo description available.
0.5 KAM_NUMSUBJECT
Il 15 dicembre 2019 13:27:03 CET, Jari Fredriksson ha scritto:
>
>On 15.12.2019 7.54, Bill Cole wrote:
>> On 15 Dec 2019, at 0:08, Jari Fredriksson wrote:
>>
>>> I suddenly find stuff like this in mail.log. What is this? Where can
>
>>> I get the schema?
>>>
>>> Dec 15 07:03:04 gauntlet
On 12/13/19 3:21 PM, Dean Carpenter wrote:
> On 2019-12-11 1:58 pm, Giovanni Bechis wrote:
>> On 12/11/19 3:17 PM, Bill Cole wrote:
>>> On 11 Dec 2019, at 2:39, Giovanni Bechis wrote:
>>>
>>>> On 12/11/19 6:21 AM, KADAM, SIDDHESH wrote:
>>>>>
On 12/11/19 8:00 PM, Mauricio Tavares wrote:
> On Wed, Dec 11, 2019 at 1:58 PM Giovanni Bechis wrote:
>>
>> On 12/11/19 3:17 PM, Bill Cole wrote:
>>> On 11 Dec 2019, at 2:39, Giovanni Bechis wrote:
>>>
>>>> On 12/11/19 6:21 AM, KADAM, SIDDHESH wrote:
On 12/11/19 3:17 PM, Bill Cole wrote:
> On 11 Dec 2019, at 2:39, Giovanni Bechis wrote:
>
>> On 12/11/19 6:21 AM, KADAM, SIDDHESH wrote:
>>> Hi PFA...
>>>
>>> On 12/11/2019 12:36 AM, Giovanni Bechis wrote:
>>>> On 12/10/19 7:49 PM
On 12/11/19 6:21 AM, KADAM, SIDDHESH wrote:
> Hi PFA...
>
> On 12/11/2019 12:36 AM, Giovanni Bechis wrote:
>> On 12/10/19 7:49 PM, Michael Storz wrote:
>> [...]
>>> My copy hit
>>>
>>> BODY_SINGLE_WORD=1.347, HTML_IMAGE_ONLY_04=1.172, MPART_ALT_D
On 12/10/19 7:49 PM, Michael Storz wrote:
[...]
> My copy hit
>
> BODY_SINGLE_WORD=1.347, HTML_IMAGE_ONLY_04=1.172, MPART_ALT_DIFF=0.79
>
> not enough to mark it as spammy.
>
>
could you share a spample (as a pastebin uri or in private) ?
Giovanni
On 12/4/19 5:22 PM, Dave Goodrich wrote:
> Good morning,
>
> Many years ago, in previous jobs, I used several scripts to report spam
> statistics daily. Some I wrote, some I downloaded. I need to create some
> reporting on our current zimbra/postfix/spamassassin server. The supplied
> stats
On Wed, Dec 04, 2019 at 08:59:42AM +0100, Benny Pedersen wrote:
> On 2019-12-03 20:15, RW wrote:
> > On Tue, 3 Dec 2019 14:05:10 -0500
> > Mark London wrote:
> >
> >> It seems to me that the rule for detecting a BITCOIN in an email, is
> >> incorrect. See below:
> >>
> >> body __BITCOIN_ID
On 10/16/19 4:11 PM, Bill Cole wrote:
> On 16 Oct 2019, at 8:44, Giovanni Bechis wrote:
>
>> I have lot of emails like this one (redacted):
>> https://pastebin.com/v5NCRK9d
>> and I would like to write a rule that matches the "=0D" that appears on some
>&g
I have lot of emails like this one (redacted):
https://pastebin.com/v5NCRK9d
and I would like to write a rule that matches the "=0D" that appears on some
lines, any hints ?
Giovanni
On 10/4/19 3:01 PM, Bill Cole wrote:
> On 4 Oct 2019, at 3:36, Tobi wrote:
>
>> Hi list
>>
>> is there any doc where one can find a list of supported DNS query
>> templates?
>
> What does that even mean???
>
> SpamAssassin does many different sorts of DNS query. I am unaware of any
>
On Wed, Sep 18, 2019 at 08:40:55PM +0100, RW wrote:
> On Wed, 18 Sep 2019 12:29:43 +0200
> Matus UHLAR - fantomas wrote:
>
> > Hello,
> >
> > I have received following spam:
> >
> > https://pastebin.com/SkvkVWik
> >
> > This hits FORGED_GMAIL_RCVD although the message came from google mail
> >
On 8/26/19 9:01 AM, Dominic Raferd wrote:
>
>
> On Sun, 25 Aug 2019 at 20:16, mailto:tba...@txbweb.de>>
> wrote:
>
> Am 2019-08-25 20:54, schrieb Matus UHLAR - fantomas:
>
> > I don't think you should download geoip postgres modules when what you
> > really need is apparently more
On Sun, Aug 25, 2019 at 04:53:36PM +0200, tba...@txbweb.de wrote:
> Am 2019-08-25 10:18, schrieb Giovanni Bechis:
> > geoip 1.x is no more updated, with 3.4.2+ you can use country_db_type
> > DB_File and it would
> >
On Sat, Aug 24, 2019 at 08:27:03PM +0200, tba...@txbweb.de wrote:
> Hello,
>
> I would like to block mails from ip addresses that cant be found. There
> is a tricky spam serie getting a low score. Currently I can block the
> mails just be scoring the tdl.
>
> I use the RelayCountry Plugin, but
On 7/10/19 5:54 PM, Mark London wrote:
> I'm sorry for not using bugzilla, but the new rule for PDS_NO_HELO_DNS is
> mostly hittng real emails at my site 1168 real emails versus 219 spam mls.
> Luckily, the score is not high, to be making any difference. FWIW. - Mark
>
ruleqa has the same
On 7/3/19 7:11 PM, Riccardo Alfieri wrote:
> On 03/07/19 17:59, atat wrote:
>
>> You say in documentation:
>>
>> You should also drop, by default, all Office documents with macros.
>>
>> What plugin / method do You reccomend for that ?
>
> I'm no expert in detecting macros, but there at
On 6/17/19 9:14 PM, Amir Caspi wrote:
> Hi all,
>
> In reviewing today's FNs I came across the following spample:
> https://pastebin.com/9QQVwUY6
>
> There is a div here with display:none, as well as font-size:0px. The spample
> hits HTML_FONT_LOW_CONTRAST but does not appear to hit any rule
On 5/22/19 7:37 AM, @lbutlr wrote:
> With spamassassin-3.4.2_3 and spamass-milter-0.4.0_3 and perl5-5.28.2 running
> on FreeBSD 11.2 I am getting the following in the mail.log when postfix tries
> to feed a mail to spamass-milter. At least I think that's when it is.
>
> May 21 23:20:56 mail
On 5/21/19 3:48 AM, Jari Fredriksson wrote:
>
>
>> Giovanni Bechis kirjoitti 20.5.2019 kello 17.00:
>>
>> Hi,
>> in a rule I would like to check if "From:" != "Reply-To:", is this possible
>> without writing any code or should
Hi,
in a rule I would like to check if "From:" != "Reply-To:", is this possible
without writing any code or should I add a new function in HeaderEval ?
Thanks & Cheers
Giovanni
Il 1 maggio 2019 10:05:16 CEST, "A. Schulze" ha
scritto:
>Hello,
>
>we've a number of SA instances that need rule updates. For now we
>configured them to use a proxy. Works...
>But there are also instances that can't us a proxy at all.
>
>My idea was to setup a private SA-Mirror (apache+rsync)
Hi,
4-5 May 2019 at Silverquare Triomphe/Brussels the EU-FOSSA project is
organizing an ASF hackathon and I will represent the SpamAssassin project.
Join the ASF Hackathon hosted by EU-FOSSA 2 project!
Meet members of the Apache community and get your hands on @SpamAssassin,
@TheApacheTomcat,
On 3/26/19 9:05 AM, Alessio Cecchi wrote:
> Hello,
>
> I'm interesting into add the italian channel to spamassassin from
> https://spamassassin.snb.it/, but what is the right way?
>
> I download ITA.conf in /etc/spamassassin/channel.d/ and run sa-update but I
> don't see any new files in
Il 23 marzo 2019 12:53:52 CET, Giovanni Bechis ha scritto:
>Il 22 marzo 2019 21:31:40 CET, bruno.carva...@xervers.pt ha scritto:
>>Thank you all for your suggestions.
>>I will follow the path of using a whitelist and block everyone.
>>I can track the IPs, but i taught
Il 22 marzo 2019 21:31:40 CET, bruno.carva...@xervers.pt ha scritto:
>Thank you all for your suggestions.
>I will follow the path of using a whitelist and block everyone.
>I can track the IPs, but i taught i could put in place something (like
>OVH by example) do (If their system detects spam being
On 3/21/19 1:46 PM, Pedro David Marco wrote:
>
>
>>On Thursday, March 21, 2019, 1:16:31 PM GMT+1, Martin Gregorie
>> wrote:
>>When I've seen white text used, its been set via a tag, i.e,
>> .. text ..
>>or
>> .. text ..
>>
>>Its easy enough to match either in a body rule.
>
On Sun, Feb 10, 2019 at 02:30:28AM -0500, Ken Wright wrote:
> I've been trying to set up an email server and I want to use
> Spamassassin to prevent it from becoming Spam Central. I've installed
> SA and spamass-milter, but when I try to restart it after customizing
> the config files, I get
On 1/20/19 8:33 AM, Palvelin Postmaster wrote:
> My auto-whitelist file appears corrupted. File size is about 5 megabytes.
> Spamassassin says it can’t be opened. So does sa-awl.
>
> Is there any other way to try to recover the file or should I just accept my
> losses and recreate it?
>
I
Il 16 gennaio 2019 09:43:13 CET, Brent Clark ha
scritto:
>Good day Guys
>
>Just would like to double check something with the community.
>
>Is the plugin Mail::SpamAssassin::Plugin::Phishing still relevant in
>this day and age?
>
>I have a daily cron entry that wgets the following feed(s):
Il 13 gennaio 2019 21:52:19 CET, Giovanni Bechis ha
scritto:
>Il 13 gennaio 2019 20:22:40 CET, Ian Evans ha
>scritto:
>>Running 3.4.2, spamd daemon.
>>
>>Just enabled the new Phishing.pm plugin but wondering about the data
>>feeds.
>>Is that something we n
Il 13 gennaio 2019 20:22:40 CET, Ian Evans ha scritto:
>Running 3.4.2, spamd daemon.
>
>Just enabled the new Phishing.pm plugin but wondering about the data
>feeds.
>Is that something we need to set up a cron to wget or does the plugin
>handle it? Unless my google fu is weak due to a lack of
On Thu, Dec 13, 2018 at 09:33:58PM -, Chip M. wrote:
> As requested:
> http://puffin.net/software/spam/samples/0061_bitcoin_splosion.txt
> I MUNGED the "To".
> It's the latest of two sent to me by an awesome volunteer. :)
>
> First thoughts:
> Both were base64 encoded.
> Both have
On 12/8/18 1:20 PM, Csaba Banhalmi wrote:
> Hi,
>
> I upgraded to mysql and since then I can’t use bases db to score my mails.
> Spam assassin -D says the following:
>
> [12254] dbg: bayes: tok_get_all: SQL error: Illegal mix of collations
> for operation ' IN '
> [12254] dbg: bayes: cannot use
Can you try to run spamassassin -D Hello all!
>
> I have tried to implement TxRep into my system.
>
> My configuration for it is
>
> # Enable awl
> user_awl_dsnDBI:mysql:spamassassin:spamassassin
> user_awl_sql_usernamespamassassin
> user_awl_sql_passwordamazing
>
> use_txrep 1
>
>
> My
Committed with r1843622 on 2018-10-12 in 3.4 and trunk,
thanks anyway.
Cheers
Giovanni
On 12/1/18 6:29 PM, John Capo wrote:
> With the correct sender address this time :(
>
> ---
> /usr/local/src/Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Plugin/TxRep.pm
> 2018-12-01
On 11/26/18 11:10 PM, Grant Taylor wrote:
> On 11/26/2018 02:33 PM, Martin Gregorie wrote:
>> I think that fear is unfounded
>
> Please don't mistake my laziness as fear. I simply am not motivated enough
> to construct a solution that will harvest outgoing recipient addresses.
>
I do not know
On 11/16/18 7:11 PM, Alex wrote:
> Hi,
>
> It seems spammers are now using XML Word documents instead of ones
> containing macro viruses. Virtually no antivirus scanners are catching
> this now.
>
> These are hacked Outlook accounts sending virus/phish attachments.
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 11/8/18 11:57 PM, Giovanni Bechis wrote:
> On Thu, Nov 08, 2018 at 01:43:15PM -0600, qu...@strangecode.com wrote:
>> So, these warnings may be unrelated to URILocalBL: I disabled that plugin
>> and the errors are
On Thu, Nov 08, 2018 at 01:43:15PM -0600, qu...@strangecode.com wrote:
> So, these warnings may be unrelated to URILocalBL: I disabled that plugin and
> the errors are still appearing.
>
...
> Here is the output from `spamassassin -D --lint`:
> https://pastebin.com/raw/Zr7umPQv
>
>
On 11/8/18 1:18 AM, Quinn Comendant wrote:
> I'm getting warnings when enabling Mail::SpamAssassin::Plugin::URILocalBL:
>
> warn: Use of uninitialized value in subroutine entry at
> /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/RelayCountry.pm line
> 219.
> warn: plugin: eval failed:
On 10/04/18 09:38, Daniele Duca wrote:
> Hi,
>
> I'm experimenting an odd behaviour while using TxRep. I have set in my
> local.cf "txrep_ipv4_mask_len 24" , but the database is populated by /16
> instead of the expected /24.
>
> Digging in TxRep.pm I started using dbg() to see if it would at
On 10/04/18 04:30, Alex wrote:
> Hi,
>
> I need to delete some of the old entries from my txrep database as
> it's grown to 3GB, oops. When attempting to do this, it fails with
> "error 14":
>
do you have enough space for tmp tables ? What if you try to delete less data ?
Does mysqlcheck(1)
ww.linkedin.com/in/kmcgrail - 703.798.0171
>
>
> On Tue, Sep 18, 2018 at 12:16 PM Giovanni Bechis <mailto:giova...@paclan.it>> wrote:
>
> Hi,
> I noticed that Google servers started blocking emails with "suspicious
> spf records" like for example:
>
Hi,
I noticed that Google servers started blocking emails with "suspicious spf
records" like for example:
"v=spf1 include:musvc.com include:turbo-smtp.com mx a +all".
Any idea on how to write a rule to catch something like that ?
Thanks & Cheers
Giovanni
Hi,
fyi I will give a talk about new features in SA at Open Source Summit
in Edimburgh this October.
There will be also other Apache-related talks.
More info here: https://osseu18.sched.com/event/FxWQ?iframe=no
Cheers
Giovanni
On 08/06/18 02:00, Alex wrote:
> Hi,
>
> On Sun, Aug 5, 2018 at 4:45 PM Giovanni Bechis wrote:
>>
>> Il 5 agosto 2018 22:14:04 CEST, Alex ha scritto:
>>> Hi,
>>> Trying to compile the latest branch from svn and it appears to now
>>> r
Il 5 agosto 2018 22:14:04 CEST, Alex ha scritto:
>Hi,
>Trying to compile the latest branch from svn and it appears to now
>require GeoIP2::Database::Reader. Is that correct? Is this a new
>requirement or am I doing something wrong?
>
>It doesn't appear to be included with fedora, so I've compiled
Txrep does not have autocleaning support, bayes have it if auto_bayes_expire is
set.
Giovanni
On 07/17/18 14:35, Kevin A. McGrail wrote:
> To me, no, it doesn't.
>
> For example, I clean out txrep stuff with crons like this -e 'DELETE FROM
> txrep WHERE last_hit <= (now() - INTERVAL 90 day);'
Hi,
for work and for fun I made a channel to deploy some rules to match some spam
written in italian language.
It is available at https://spamassassin.snb.it and signed with gpg key A96BF255.
Have fun !!
Giovanni
On 05/10/18 21:11, Reio Remma wrote:
> Hello!
>
> I just noticed if I mail myself via my Gmail account, I'm hitting
> FORGED_GMAIL_RCVD.
>
> Apparently it happens only if I use my Gmail account via IMAP, but not when I
> mailed from their webmail for testing.
>
> Should that be so? I suspect
ee
> <mailto:r...@mrstuudio.ee>> wrote:
>
> On 20.04.18 9:50, Giovanni Bechis wrote:
>
> On 04/19/18 09:24, Reio Remma wrote:
> [...]
>
> *Update:* none of the --option= switches work.
>
> handle_user (userd
On 04/19/18 09:24, Reio Remma wrote:
[...]
> *Update:* none of the --option= switches work.
>
> handle_user (userdir) unable to find user: '' is caused because I have the
> -username switch as --username=amavis instead of --username amavis
>
> It worked in 3.4.1.
>
> Is it at all possible
On 04/19/18 18:54, Reio Remma wrote:
> I ran make test now - not exactly a pass.
>
cc dev@, I think this is a regression.
> There were lots of complaints about: "Maybe you need to kill a running spamd
> process?" There was no spamd running.
>
> The RPM is actually working nicely on our
On 04/13/18 09:06, Sebastian Arcus wrote:
> Hello all. I am getting some fp's with emails from QuickBooks / Intuit with
> the above rule:
>
> Apr 13 08:00:30.853 [5768] dbg: rules: ran uri rule URI_TRY_3LD ==> got
> hit: "https://myturbotax.intuit.com;
>
> On a slightly different note, and
On Mon, Apr 02, 2018 at 03:09:34AM +0200, Michael Brunnbauer wrote:
[...]
> So being in /root when started changes the behavior of spamd. Is it possible
> that this is a timing issue? Could "\# 4 7f03" be some unprocessed
> response that would be converted to 127.0.0.3 a moment later? Or is
On 02/22/18 15:56, David Jones wrote:
> On 02/22/2018 08:52 AM, Benny Pedersen wrote:
>> Giovanni Bechis skrev den 2018-02-22 15:39:
>>
>>>> sub check_dkim_valid {
>>>> my ($self, $pms, $full_ref, @acceptable_domains) = @_;
>>>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/22/18 15:34, Benny Pedersen wrote:
> Benny Pedersen skrev den 2018-02-21 17:55:
>> David Jones skrev den 2018-02-21 17:41:
>>
>>> I have that same code in my DKIM.pm and I am running 3.4.1. Maybe the
>>> size acceptable for whitelisting is
On 02/21/18 00:24, Benny Pedersen wrote:
> David Jones skrev den 2018-02-21 00:14:
>
>> https://pastebin.com/mjvB0MKg (scored 10.96)
>> -0.10 DKIM_VALID Message has at least one valid DKIM or DK signature
>
> Authentication-Results: smtp3i.ena.net;
> dkim=policy reason="signing key
On 02/08/18 16:23, David Jones wrote:
> On 02/07/2018 06:28 PM, Dave Warren wrote:
>> On Wed, Feb 7, 2018, at 15:52, Martin Gregorie wrote:
Technically, you asked for the email and they have a valid opt-out
process that will stop sending you email. Yes, the site has scummy
On 01/30/18 12:43, A. Schulze wrote:
>
> Hello all,
>
> shortly (since around 09:30 UTC) I get such notifications on sa-update:
>
> rules: failed to run FORGED_GMAIL_RCVD test, skipping:
> (Can't locate object method "check_for_forged_gmail_received_headers" via
> package
On 01/30/18 10:11, Marcin Mirosław wrote:
> W dniu 29.01.2018 o 08:26, Giovanni Bechis pisze:
>> On 01/29/18 06:00, Alex wrote:
>>> Hi,
>>>
>>>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:')
>>>> triggers for valid hotmail
On 01/29/18 06:00, Alex wrote:
> Hi,
>
>> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:')
>> triggers for valid hotmail messages... (SA 3.4.1)
>>
>> This small change solves the problem but i do not know whether it is the
>> correct way...maybe "hotmail" string should
1 - 100 of 111 matches
Mail list logo