Re: BIMI pilot at Google

On 23.7.2020 9.14, Kevin A. McGrail wrote: I posted it without any opinion just as a data point. No need for the personal attack. If the feature ends up helping me classify spam.or ham accurately, maybe it's a good thing. I pay for plenty of intelligence feeds to do that. However, I have

Re: Question about the 'URIBL_BLOCKED' rule

On 2.5.2020 13.30, Reindl Harald wrote: and why don't you just replace /etc/resolv.conf and fire up "chattr +i /etc/resolv.conf" like everyone else does for years to keep it untouched (that's even a ducomentaed way to prevent it overwritten by dhcp clients) there is no point using a shared

Re: Question about the 'URIBL_BLOCKED' rule

le queries) 12:34:19 up 1:34, 0 users, load average: 32.21, 32.29, 32.17 rsync -Pcqz ham-net-jarif.log spam-net-jarif.log*munged*/ 12:34:43 up 1:34, 0 users, load average: 21.57, 29.78, 31.34 Bummer. br. jarif On 2.5.2020 13.25, Jari Fredriksson wrote: I have too had a problem of

Re: Question about the 'URIBL_BLOCKED' rule

I have too had a problem of this in my masscheck box. It is a cloud VM in Google Cloud and they do like to provide a /etc/resolv.conf for their own DNS which has been next to impossible to overcome. I do replace it in the beginning of my masscheck process with my own but to no avail. I now

Re: Spamassassin always says DKIM_INVALID

On 14.1.2020 15.38, Alex Woick wrote: Spamassassin (3.4.3, the same with previous) declares all or almost all the incoming DKIM-signed messages as DKIM_INVALID, and I'm not understanding why. I'm running opendkim on the mail server as milter with Postfix, and the opendkim headers say the same

Re: Some new SQL activity with 3.4.3?

On 15.12.2019 7.54, Bill Cole wrote: On 15 Dec 2019, at 0:08, Jari Fredriksson wrote: I suddenly find stuff like this in mail.log. What is this? Where can I get the schema? Dec 15 07:03:04 gauntlet spamd[19176]: auto-whitelist: sql-based get_addr_entry

Some new SQL activity with 3.4.3?

I suddenly find stuff like this in mail.log. What is this? Where can I get the schema? Dec 15 07:03:04 gauntlet spamd[19176]: auto-whitelist: sql-based get_addr_entry 5c2a750a32f249155ecf3ade17358fa1a98b2db7@sa_generated|1576386183: SQL error: Unknown column 'msgcount' in 'field list' Dec 15

Re: AWL

On 18.10.2019 17.41, Bowie Bailey wrote: On 10/17/2019 2:30 PM, Jari Fredriksson wrote: Just a side note: AWL is deprecated and replaced by TXREP which works in similar fashion but better, Just read through the man page for TXREP, which looks pretty interesting.  I'm thinking

Re: AWL

On 16.10.2019 16.19, John Schmerold wrote: Is the AWL score generated based on the experience of my server, or are other external sources feeding AWL? I have a client, they sent me an email, they were dinged with an AWL of 3.575, my SA server was configured a couple days ago, so it hasn't had

Re: Why I get DKIM_INVALID sometimes?

Bill Cole kirjoitti 23.9.2019 20:11: On 23 Sep 2019, at 11:43, Jari Fredriksson wrote: Bill Cole kirjoitti 23.9.2019 18:26: On 23 Sep 2019, at 1:00, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM

Re: Why I get DKIM_INVALID sometimes?

Bill Cole kirjoitti 23.9.2019 18:26: On 23 Sep 2019, at 1:00, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications in SpamAssassin says DKIM_INVALID while those look valid to be when looking

Re: Why I get DKIM_INVALID sometimes?

RW kirjoitti 23.9.2019 17:02: On Mon, 23 Sep 2019 16:33:35 +0300 Jari Fredriksson wrote: Axb kirjoitti 23.9.2019 8:42: > UN_educated guess - I don't use DKIM... does it stop happening when > you restart your DNS recursor instead of rebooting? > Oh well. That did not help, same for

Re: Why I get DKIM_INVALID sometimes?

Axb kirjoitti 23.9.2019 8:42: UN_educated guess - I don't use DKIM... does it stop happening when you restart your DNS recursor instead of rebooting? On 9/23/19 7:00 AM, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days

Why I get DKIM_INVALID sometimes?

Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications in SpamAssassin says DKIM_INVALID while those look valid to be when looking to mail source code. It works again correctly after I reboot the machine. This starter as

Re: Check equal headers

> Giovanni Bechis kirjoitti 20.5.2019 kello 17.00: > > Hi, > in a rule I would like to check if "From:" != "Reply-To:", is this possible > without writing any code or should I add a new function in HeaderEval ? > Thanks & Cheers > Giovanni > Hello! I have this in my

Re: Hive Mind: postfix prescreen and SA ruleqa

John Hardin kirjoitti 15.4.2019 1:33: On Sun, 14 Apr 2019, Jari Fredriksson wrote: Now, I am part of RuleQA. Should I accept everything and pass it so SpamAssassin and to my corpus or not? I would suggest yes, you should accept everything that reaches your spamtrap addresses and include

Re: Hive Mind: postfix prescreen and SA ruleqa

David Jones kirjoitti 14.4.2019 23:31: Once you get this type of platform setup, it can be used for other spam fighting techniques on the primary mail filters like: - train your shared redis Bayes DB with the ham and spam folder I have similar system including the Redis, SpamCop, Pyzor and

Re: Hive Mind: postfix prescreen and SA ruleqa

Bill Cole kirjoitti 14.4.2019 21:13: On 14 Apr 2019, at 4:03, Jari Fredriksson wrote: How can I best support SpamAssassin besides having a mass check automation and mirrors for the sa-update? Those are both large contributions. Thank you for that support. The obvious repository of things

Hive Mind: postfix prescreen and SA ruleqa

We have had some discussions of this in the past. But now I became worried that all SA users do not have access to their border smtp and are NOT configuring postfix with this: https://pastebin.com/LGkdi7NM Now, I am part of RuleQA. Should I accept everything and

Re: Spam rule for HTTP/HTTPS request to sender's root domain

> Antony Stone kirjoitti 13.3.2019 > kello 20.36: > > On Wednesday 13 March 2019 at 19:21:47, Jari Fredriksson wrote: > >> What would it result for this: >> >> I have a couple domains that do not have any services for the root domain >> name. How ever

Re: Spam rule for HTTP/HTTPS request to sender's root domain

What would it result for this: I have a couple domains that do not have any services for the root domain name. How ever, the server the A points do have a web server that acts as a reverse proxy for many subdomains that will be served a web page. A http 503 is returned by the pound reverse for

Re: Txrep problem

> Reindl Harald kirjoitti 2.12.2018 kello 21.40: > > > honestly - what about "waste" 5 seconds of your own time verify what you > link and get a proper operating system other than a Mac? > Good point. But - I use proper operating systems on my servers. I also have a Linux Desktop but not

Re: Txrep problem

Current DB says: MariaDB [spamassassin]> select * from txrep order by last_hit; +--+---++---+--++-+ | username | email | ip |

Re: Txrep problem

> Jari Fredriksson kirjoitti 2.12.2018 kello 21.22: > > > Final paste once more: https://pastebin.com/kvTK0NPe > <https://pastebin.com/kvTK0NPe> > > Mac copy paste was odd. > .. aand that was bad too. I pasted the debug of previous debug.log :D Here it is.

Re: Txrep problem

Final paste once more: https://pastebin.com/kvTK0NPe Mac copy paste was odd.

Re: Txrep problem

> Giovanni Bechis kirjoitti 2.12.2018 kello 11.13: > > Can you try to run spamassassin -D to have a look at what's going on ? > Thanks > Giovanni > > On 11/30/18 6:46 PM, Jari Fredriksson wrote: >> Hello all! >> >> I have tried to implement TxRep

Re: Txrep problem

> Giovanni Bechis kirjoitti 2.12.2018 kello 11.13: > > Can you try to run spamassassin -D to have a look at what's going on ? > Thanks > Giovanni > The paste is https://pastebin.com/iHV8GUe7 I made the changes to local.cf as suggested and the message does

Re: Txrep problem

> John Capo kirjoitti 1.12.2018 kello 18.08: > > ALTER TABLE `txrep` ADD last_hit timestamp NOT NULL default CURRENT_TIMESTAMP > ON UPDATE CURRENT_TIMESTAMP ; @John: I added these, remains to be seen. Now I try the suggestion @Giovanni suggested. Br. jarif

Txrep problem

Hello all! I have tried to implement TxRep into my system. My configuration for it is # Enable awl user_awl_dsnDBI:mysql:spamassassin:spamassassin user_awl_sql_username spamassassin user_awl_sql_password amazing use_txrep 1 My v341.pre

Re: Lost mail during update

> John Hardin kirjoitti 21.11.2018 kello 18.52: > > On Wed, 21 Nov 2018, Bill Cole wrote: > >> On 21 Nov 2018, at 1:56, @lbutlr wrote: >> >>> While updating spamassassin, several emails were destructive lost because >>> of the absence of spamc. To be fair, the date did get stuck

Re: Lost mail during update

> John Hardin kirjoitti 21.11.2018 kello 18.52: > > On Wed, 21 Nov 2018, Bill Cole wrote: > >> On 21 Nov 2018, at 1:56, @lbutlr wrote: >> >>> While updating spamassassin, several emails were destructive lost because >>> of the absence of spamc. To be fair, the date did get stuck

Re: OT: help from email experts needed

> Jari Fredriksson kirjoitti 10.11.2018 kello 20.03: > > > >> Jari Fredriksson mailto:ja...@iki.fi>> kirjoitti 10.11.2018 >> kello 17.12: >> >> I have an DKIM/SPF secured email domain, but somehow my experience with it >> has been

Re: OT: help from email experts needed

> Jari Fredriksson kirjoitti 10.11.2018 kello 17.12: > > I have an DKIM/SPF secured email domain, but somehow my experience with it > has been perfect. > > SpamAssassin (and other Internet participants see the mail as DKIM_INVALID if > I send the mail from my Laptop to

OT: help from email experts needed

I have an DKIM/SPF secured email domain, but somehow my experience with it has been perfect. SpamAssassin (and other Internet participants see the mail as DKIM_INVALID if I send the mail from my Laptop to my sender. The sender seems to be my laptop and my server could be forged. PasteBin:

Re: spamd fails to remove bayes.lock file

> John Hardin kirjoitti 24.10.2018 kello 18.10: > > On Wed, 24 Oct 2018, Emanuel Gonzalez wrote: > >> Hello.!! >> >> I have a problem with the `/.spamassassin/bayes.lock` >> >> This is the error I'm seeing : >> >> Oct 23 15:12:14 server spamd[18073]: bayes: cannot open bayes databases

Re: Bitcoin rules

> Henrik K kirjoitti 21.10.2018 kello 10.15: > > > I wonder who's going to be the first to offer public bitcoin DNS blacklist, > I could make plugin for it. :-) > > In the meantime, here's something to try.. > > ./btcabuse.pl >btcabuse.cf.tmp && mv -f btcabuse.cf.tmp btcabuse.cf > >

Re: What is rule: KP_LIST_ID_DOMAIN_IN_RACKETS?

> RW kirjoitti 6.10.2018 kello 17.17: > > On Sat, 6 Oct 2018 10:57:00 +0300 > Jari Fredriksson wrote: > >> -15 KP_LIST_ID_DOMAIN_IN_BRACKETS List-id has domain in angle >>brackets >> >> This exists in lots and lots of my s

What is rule: KP_LIST_ID_DOMAIN_IN_RACKETS?

-15 KP_LIST_ID_DOMAIN_IN_BRACKETS List-id has domain in angle brackets This exists in lots and lots of my spam, and that -15 its seems very odd… This appeared with 3.4.2 last week… br. jarif

Re: Dependency: fetch binary

> Kevin A. McGrail kirjoitti 23.9.2018 kello 18.33: > > On 9/23/2018 10:56 AM, Jari Fredriksson wrote: >> What is this binary? I could not find any package providing this… I need it >> for debian (Raspbian) and CentOS 7. >> >> Thanks, jarif >

Dependency: fetch binary

What is this binary? I could not find any package providing this… I need it for debian (Raspbian) and CentOS 7. Thanks, jarif signature.asc Description: Message signed with OpenPGP

Re: low score on very spammy email

> Motty Cruz kirjoitti 10.4.2018 kello 23.49: > > I apologize here is the email headers and body > > https://pastebin.com/bgXrfKaQ > > Thanks, > > Oh my. X-Spam-Report: * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.]

Re: help with phishing email?

> Tom Hendrikx kirjoitti 9.12.2017 kello 0.34: > > On 08-12-17 19:09, AJ Weber wrote: >> I'm trying to decide the best way to detect something like this. >> >> https://pastebin.com/hCX9MWNg >> >> Looking at the raw headers and body it's pretty easy to tell this is a >>

Re: help with phishing email?

> Tom Hendrikx kirjoitti 9.12.2017 kello 0.34: > > On 08-12-17 19:09, AJ Weber wrote: >> I'm trying to decide the best way to detect something like this. >> >> https://pastebin.com/hCX9MWNg >> >> Looking at the raw headers and body it's pretty easy to tell this is a >>

Re: spamd Will Not Create unix:socket

> sha...@shanew.net kirjoitti 27.11.2017 kello 20.32: > > or what it's worth, there's no > tmpfiles.d entry on my Ubuntu or Gentoo systems (Gentoo does its > thing in the init script). Debian (well, Raspbian for me) does have it. Apparently Ubuntu has removed it! signature.asc Description:

Re: SA-Update not updating DB

> David Jones kirjoitti 16.11.2017 kello 15.22: > > REV=1815298 > wget http://sa-update.ena.com/${REV}.tar.gz > wget http://sa-update.ena.com/${REV}.tar.gz.sha1 > wget http://sa-update.ena.com/${REV}.tar.gz.asc > sa-update -v --install ${REV}.tar.gz +1 for sunday. I installed

Re: DNS issues

> Reindl Harald <h.rei...@thelounge.net> kirjoitti 14.11.2017 kello 20.35: > > > > Am 14.11.2017 um 19:26 schrieb Jari Fredriksson: >>> Bill Cole <sausers-20150...@billmail.scconsult.com> kirjoitti 14.11.2017 >>> kello 20.20: >>> >>

Re: DNS issues

> Bill Cole kirjoitti 14.11.2017 > kello 20.20: > > dns_server Thanks! There may be stupid questions after all, but luckily there are also insightful answers! br. jarif signature.asc Description: Message signed with OpenPGP

Re: DNS issues

> Jari Fredriksson <ja...@iki.fi> kirjoitti 14.11.2017 kello 19.59: > > > >> Reindl Harald <h.rei...@thelounge.net> kirjoitti 14.11.2017 kello 19.24: >> >> >> >> Am 14.11.2017 um 17:46 schrieb Jari Fredriksson: >>>>

Re: DNS issues

> Reindl Harald <h.rei...@thelounge.net> kirjoitti 14.11.2017 kello 19.24: > > > > Am 14.11.2017 um 17:46 schrieb Jari Fredriksson: >>> Jari Fredriksson <ja...@iki.fi> kirjoitti 14.11.2017 kello 18.42: >>> >>> >>> >>>&

Re: DNS issues

> Jari Fredriksson <ja...@iki.fi> kirjoitti 14.11.2017 kello 18.42: > > > >> Reindl Harald <h.rei...@thelounge.net> kirjoitti 14.11.2017 kello 15.30: >> >> >> >> Am 14.11.2017 um 07:11 schrieb Jari Fredriksson: >>> I ha

Re: DNS issues

> Reindl Harald <h.rei...@thelounge.net> kirjoitti 14.11.2017 kello 15.30: > > > > Am 14.11.2017 um 07:11 schrieb Jari Fredriksson: >> I have a couple of issues with my LAN /w SpamAssassin, >> 1. Wrong resolved used >> Nov 14 07:51:51 whirlw

DNS issues

I have a couple of issues with my LAN /w SpamAssassin, 1. Wrong resolved used Nov 14 07:51:51 whirlwind spamd[4041]: spamd: connection from gamecock.fredriksson.dy.fi [192.168.1.123]:59338 to port 783, fd 5 Nov 14 07:51:51 whirlwind spamd[4041]: spamd: processing message

Re: improving detection to cloudmark-like levels?

Auto report on spam with 10+ AS points. All other spam is manually reported. br. jarif Jari Fredriksson kirjoitti 19.10.2017 12:18: David Jones kirjoitti 13.10.2017 14:16: On 10/13/2017 04:45 AM, Jari Fredriksson wrote: I don't use Kam.cf <http://Kam.cf> as it is very prone to fa

Re: improving detection to cloudmark-like levels?

David Jones kirjoitti 13.10.2017 14:16: On 10/13/2017 04:45 AM, Jari Fredriksson wrote: I don't use Kam.cf <http://Kam.cf> as it is very prone to false=20 positives and way too aggressively scored by default. I'm pretty happy= =20 with my current setup with 3.4.1 though. =20 =20

Re: improving detection to cloudmark-like levels?

I don't use Kam.cf as it is very prone to false positives and way too aggressively scored by default. I'm pretty happy with my current setup with 3.4.1 though. 12. lokakuuta 2017 17.07.41 GMT+03:00 "Kevin A. McGrail" kirjoitti: >On 10/12/2017 9:25 AM, AJ Weber

Test

Just testing, as the list has been silent for me for a week or so. -- ja...@iki.fi signature.asc Description: OpenPGP digital signature

Re: New type of monstrosity

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ian Zimmerman kirjoitti 7.2.2017 4:46: > On 2017-02-06 20:06, Kevin A. McGrail wrote: > >> > Last couple of weeks I saw some messages whose entire contents is in >> > the Subject. > >> never seen such a monster. likely killed by some other piece in

Re: Low spam score: -1.9

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reindl Harald kirjoitti 21.1.2017 22:33: > Am 21.01.2017 um 21:21 schrieb Jari Fredriksson: >> Emin Akbulut kirjoitti 10.1.2017 9:48: >> >>> Hi all, >>> >>> Recently we receive spam messages and SA cannot

Re: Low spam score: -1.9

Emin Akbulut kirjoitti 10.1.2017 9:48: > Hi all, > > Recently we receive spam messages and SA cannot block them. > I've also checked the raw message at http://spamcheck.postmarkapp.com/ > and score was very low either. > > I've trained the SA and it worked for a while but now it's useless.

Re: No rule updates since 1/1/17

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kevin Golding kirjoitti 21.1.2017 21:22: > On Sat, 21 Jan 2017 19:08:39 -0000, Jari Fredriksson <ja...@iki.fi> wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> John Hardin kirjoitti 20.1.2017

Re: No rule updates since 1/1/17

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Hardin kirjoitti 20.1.2017 22:38: > Collecting spam after RBL filtering is much less helpful to masscheck. > Ideally your spam corpus is from a totally unfiltered feed. > > However, even if it is filtered and small, it helps, *especially* if >

Trying to compile/build SA/latest from cpan on a BananaPi/Raspbian 

stettu allekirjoitus lähettäjältä Jari Fredriksson <ja...@iki.fi>. sa_compile tests fail. t/sa_compile.t 1/? # Failed test 1 in t/sa_compile.t at line 149 Not found: FOO = check: tests=FOO at t/sa_compile.t line 150. # Failed test 2 in t/SATest.pm at line 755 '/root/.cpa

Trying to compile/build SA/latest from cpan on a BananaPi/Raspbian

:~ $ gcc --version gcc (Raspbian 4.9.2-10) 4.9.2 Copyright (C) 2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. What might cause this? -- Jari Fredriksson

3.4.1. cpan build fails

because of this. What might be the resolution? This is a Debian jessie setup. - -- Jari Fredriksson Bitwell Oy +358 400 779 440 ja...@bitwell.biz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlfLvLsACgkQKL4IzOyjSrYEOQCghOCIvJ72PIsxWnCw+sEUet46 +o4An0a4VROKhIqt69wEomM8gqfS/nPl =AoUd

Re: spamd: dns: new_dns_packet: a domain name contains a null label

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reindl Harald kirjoitti 11.7.2016 14:34: > Am 11.07.2016 um 13:27 schrieb Jari Fredriksson: >> Reindl Harald kirjoitti 11.7.2016 11:52: >>> Am 11.07.2016 um 10:02 schrieb Jari Fredriksson: >>>> Define correctly, plea

Re: spamd: dns: new_dns_packet: a domain name contains a null label

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reindl Harald kirjoitti 11.7.2016 11:52: > Am 11.07.2016 um 10:02 schrieb Jari Fredriksson: >> Define correctly, please. > > "www..windstrom.at" is obvious wrong and was meant as > "www.windstrom.at", so fix that

Re: spamd: dns: new_dns_packet: a domain name contains a null label

guess that was a typo in the mail itself - shouldn't SA replace such >accidents (double dot) or at least recognize and ignore it so that >dns/uribl looksups suceed corretly? -- Jari Fredriksson Bitwell Oy +358 400 779440 ja...@bitwell.biz

Re: Anyone else just blocking the ".top" TLD?

(And my email is quite much: I have quite an amount of ruleqa masscheck ham corpus!) - -- Jari Fredriksson Bitwell Oy +358 400 779 440 ja...@bitwell.biz https://www.bitwell.biz - cost effective hosting and security for ecommerce -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAleBIp8ACgk

Re: Catching well directed spear phishing messages

EO Name only. I could't even find a setting for this behaviour in my MUA! The FROM address can be anything, as long as the CEO's real name is there before the address part. -- Jari Fredriksson Bitwell Oy +358 400 779 440 ja...@bitwell.biz https://www.bitwell.biz - cost effective hosting and security for ecommerce signature.asc Description: OpenPGP digital signature

Re: Catching well directed spear phishing messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reindl Harald kirjoitti 28.6.2016 16:56: > Am 28.06.2016 um 15:25 schrieb Jari Fredriksson: >>> Almost all the phishes I've received in the last few years have done >>> this - except that they have something like "paypa

Re: Catching well directed spear phishing messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reindl Harald kirjoitti 28.6.2016 16:56: > Am 28.06.2016 um 15:25 schrieb Jari Fredriksson: >>> Almost all the phishes I've received in the last few years have done >>> this - except that they have something like "paypa

Re: Catching well directed spear phishing messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 RW kirjoitti 28.6.2016 16:10: > On Tue, 28 Jun 2016 15:52:10 +0300 > Jari Fredriksson wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> David Jones kirjoitti 28.6.2016 15:46: > >> > One

Re: Catching well directed spear phishing messages

blem is this is a very common practice for high-level people to request > wire transfers for legitimate projects while out on the road so the AP dept > lets down their guard. I just refuse the believe that the technology has to trust to the From:.*xxx in the

Re: Catching well directed spear phishing messages

ill be in a normal mail > > What measures do you take for such spear phishing > > Thanks > Ram DKIM & DMARC does not help? - -- Jari Fredriksson Bitwell Oy +358 400 779 440 ja...@bitwell.biz https://www.bitwell.biz - cost effective hosting and security for ecomm

Re: DKIM and spoofing

Ok thanks will see logs. 23. kesäkuuta 2016 14.23.07 GMT+03:00 RW <rwmailli...@googlemail.com> kirjoitti: >On Thu, 23 Jun 2016 01:19:04 +0300 >Jari Fredriksson wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Benny Pedersen kirjoitti 22

Re: DKIM and spoofing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Benny Pedersen kirjoitti 22.6.2016 23:44: > On 2016-06-22 20:36, Jari Fredriksson wrote: >> Jari Fredriksson kirjoitti 22.6.2016 20:41: >> >>> Read this: https://www.bitwell.biz/?q=node/20 >>> >>> It

Re: DKIM and spoofing

Jari Fredriksson kirjoitti 22.6.2016 21:36: > Jari Fredriksson kirjoitti 22.6.2016 20:41: > >> Read this: https://www.bitwell.biz/?q=node/20 >> >> It pretty much describe the issue. > > Wow, interesting result from receiving this and seeing my SA-result... Demo

Re: DKIM and spoofing

Jari Fredriksson kirjoitti 22.6.2016 20:41: > Read this: https://www.bitwell.biz/?q=node/20 > > It pretty much describe the issue. Wow, interesting result from receiving this and seeing my SA-result... Demo effect. -- Jari Fredriksson Bitwell Oy +358 400 779 440 ja...@bitwell.

Re: DKIM and spoofing

U8vB+AMr1Dg5TGyyEvwZYhTjlm9lTxteGVGzaZPAhtlVM > 2nNUItbgRjnEvpbRA7Hdsh7QHAso8Mf4i1z3KfUqAFV3V1PMnO65 > >but running the message through spamassassin again with the whitelist >entry doesn't actually whitelist the message. > >Ideas greatly appreciated. >Thanks, >Alex -- Jari Fredriksson Bitwell Oy +358 400 779440 ja...@bitwell.biz

Re: Slightly offtopic: postfix/spamass-milter or CentOS 7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jari Fredriksson kirjoitti 12.6.2016 2:00: > Hellos. > > I tried to ask @ #freenet #postfix but somehow that does not allow me > send, no matter that I'm registered and identified myself... > > I have small but blocking iss

Slightly offtopic: postfix/spamass-milter or CentOS 7

ideas? There are similar stuff obviously in the net, I did google, but those do not help. - -- Jari Fredriksson Bitwell Oy +358 400 779 440 ja...@bitwell.biz https://www.bitwell.biz - cost effective hosting and security for ecommerce -BEGIN PGP SIGNATURE- Version: GnuPG v1

Re: Rule updates are too old - 2016-06-03

On 3.6.2016 19.21, John Hardin wrote: > On Fri, 3 Jun 2016, RW wrote: > >> On Fri, 03 Jun 2016 17:54:59 +0300 >> Jari Fredriksson wrote: >>> >>> If you join, you might relax a bit on rejecting spam, but saving it >>> for masschecks.Thats what I do...

Re: Rule updates are too old - 2016-06-03

3. kesäkuuta 2016 16.46.59 GMT+03:00 "Kim Roar Foldøy Hauge" kirjoitti: >On Fri, 3 Jun 2016, John Hardin wrote: > >> On Fri, 3 Jun 2016, dar...@chaosreigns.com wrote: >> >>> 20160602: Spam or ham is below threshold of 150,000: >>>

Offtopic: but related to SpamAssassin too

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm about to re-launch my 15 years ago retired one man company at https://www.bitwell.biz I'm sure this mail triggers now DAY_OLD_BREAD but hopefully not much else... I consider myself pretty good at email, antispam and stuff. And will offer my work

Re: Rules for norwegian spam

John Hardin kirjoitti 12.5.2016 20:34: On Thu, 12 May 2016, Kim Roar Foldøy Hauge wrote: I'd be happy to contribute to the SAMC. I had a look at the wiki and it looks fairly trivial to implement. I already have bayes filtering on spam/ham that is handsorted by me. I'll send them an email.

Re: Very low score for spam from b2blistappenders.com

Robert Boyl kirjoitti 8.4.2016 16:13: > Hi, everyone > > Pls, do you get a good spam score on this? For us, no hits for spamassassin, > etc. > > I checked in test sites such as http://spamcheck.postmarkapp.com/ and also > very low score. > > Strange, as it does seem to have spammy words,

Re: Disabling spamcop plugin

Ian Zimmerman kirjoitti 7.4.2016 5:38: Is there any way to disable the spamcop plugin for an individual user (i.e. from ~/.spamassassin/user_prefs) if the plugin is loaded by /etc/spamassassin/*.pre ? By comparison, I seem to be able to disable pyzor even if it is loaded, by writing

Re: new(ish) malware: RTF with MIME payload

Joseph Brennan kirjoitti 18.3.2016 18:48: Today's version has a Subject of this form: FW: Notification from WORD WORD ...where WORD WORD varies per message but is always all caps. The three Content-Type lines Chip mentioned are the same, and they are the only ones that should be used for rtf.

Re: Unable to resolve localhost

Alarig Le Lay kirjoitti 17.3.2016 9:53: Hi, The daily spamassasin cron is failing because localhost is an unresolvable name: /etc/cron.daily/spamassassin: unresolvable name: localhost at /usr/bin/sa-update line 432. sa-update failed for unknown reasons But, I can

Re: new(ish) malware: RTF with MIME payload

Jari Fredriksson kirjoitti 18.3.2016 18:56: Joseph Brennan kirjoitti 18.3.2016 18:48: Today's version has a Subject of this form: FW: Notification from WORD WORD ...where WORD WORD varies per message but is always all caps. The three Content-Type lines Chip mentioned are the same

Re: Can I drop *** SPAM ***** not send it on?

Reindl Harald kirjoitti 7.3.2016 20:12: Am 07.03.2016 um 19:10 schrieb Ryan Coleman: Thanks to this header my server automatically filtered your email into my scanned spam folder. Seems appropriate enough. :) fix your rule to have a "starts with" instead a "contains" :-) Better yet, make

Re: Google Drive/Docs spam

RW kirjoitti 18.2.2016 14:40: On Thu, 18 Feb 2016 09:35:18 +0200 Jari Fredriksson wrote: > I seem to remember a botnet plugin from about 2010, but didn't think > it was maintained or worked properly anymore? > That very same. Seems to work fine, so I have not disabled it. It wor

Re: Google Drive/Docs spam

Alex kirjoitti 18.2.2016 2:16: Hi, On Wed, Feb 17, 2016 at 4:29 PM, Jari Fredriksson <ja...@iki.fi> wrote: pts rule name description -- -- 1.5 BOTNET Relay might be a spambot or vi

Re: Google Drive/Docs spam

Alex kirjoitti 17.2.2016 18:49: Hi all, I recall some rules that were written years ago to address these, but it appears they're back. We've been hit with a few, including users actually following the link. I was hoping someone had some recommendations on how to stop them.

Re: Removing markup

@lbutlr kirjoitti 2.2.2016 18:10: When a user moves a message from the spam box to the not spam box i have a script that learns that message as ham, however, the user would like it if the tagging of the message was removed in the process. spamassassin -d doesn’t seem the right tool since I

Re: Rules updated!

John Hardin kirjoitti 31.1.2016 20:19: Hallelujah! We got a weekly masscheck with sufficient corpora to generate a rules update! Thanks to everyone who contributed. hm, not according to ruleqa.spamassassin.org ... I'm now still running the weekly as a late retry, but dunno it does anything.

Re: Rules updated!

John Hardin kirjoitti 31.1.2016 22:12: On Sun, 31 Jan 2016, Jari Fredriksson wrote: John Hardin kirjoitti 31.1.2016 20:19: Hallelujah! We got a weekly masscheck with sufficient corpora to generate a rules update! Thanks to everyone who contributed. hm, not according

Re: Looking for a way to dump spam assassin modified mail

Antony Stone kirjoitti 21.1.2016 14:34: On Thursday 21 January 2016 at 13:31:29, Reindl Harald wrote: > On 01/21/2016 01:25 PM, Robert Chalmers wrote: >> I’m looking for a way to just dump mail that has the header modified >> with the * SPAM * assignment. >> >> I mean, not have

Re: problem integrating spamassasin into postfix

On 11.1.2016 23.16, Reindl Harald wrote: Am 11.01.2016 um 22:04 schrieb Jari Fredriksson: My master.cf looks like: smtp inet n - n - - smtpd -o content_filter=spamfilter spamfilter unix - n n - - pipe flags=Rq user

Re: problem integrating spamassasin into postfix

On 11.1.2016 22.12, D CATALIN BADIRCA wrote: Hi, I am using with Postfix 10.2-RELEASE-p7 with Postfix 3.0.3 and I am trying to configure Spamassassin into my system. After I create the spam filter.sh : #!/bin/bash *SENDMAIL*=/usr/local/sbin/sendmail *SPAMASSASSIN*=/usr/local/bin/spamc logger

  1   2   3   4   5   6   7   >