Re: Building Red Hat Rawhide SA 4.0.0 package for RHEL/CentOS 7

On Tue, 2023-12-05 at 23:25 -0800, Kenneth Porter wrote: > On 12/5/2023 10:57 PM, Benny Pedersen wrote: > > mimedefang does not use spamd, you only need either spamassassin > > only > > with spamd or mimedefang with spamassassin not running spamd > > It's a small server so I can afford to run

Re: OT - Re: DNFTEC - was My apologies

On Sat, 2023-08-05 at 14:06 -0500, Grant Taylor via users wrote: > On 8/5/23 1:51 PM, Kevin A. McGrail wrote: > > REDACTED is the definition of something I learned decades ago as an > > energy > > creature. > > Is there anything to differentiate an Energy Creature from a Troll? > Yes given that

Re: Sudden surge in spam appearing to come from my email address

On Sat, 2023-07-15 at 22:04 -0500, Thomas Cameron wrote: > > On 7/14/23 20:30, Grant Taylor via users wrote: > > On 7/14/23 6:06 PM, Thomas Cameron wrote: > > > I'm trying to figure out how to block this stuff. Something like > > > "if > > > it appears to come from me, but it's not actually

Re: BAYES_00 BODY. Negative score?

On Fri, 2023-02-17 at 10:54 -0500, joe a wrote: > Could it have been that simple? > If, like myself, you find reference books useful, you may want to get a copy of "Linux in a Nutshell" - an O'Reilly book. It tends to assume you know at least one other OS fairly well, is well organised and

Re: BAYES_00 BODY. Negative score?

On Thu, 2023-02-16 at 23:32 +0100, hg user wrote: > root can do anything. a restricted user can't: it's only allowed to do > what > others allowed it. > > it also runs with another environment, so it may miss PATHes or @INC > directories. > You can check this by running  env | less from a

Re: DecodeShortURL fails with postgresql

On Wed, 2023-01-18 at 22:47 +0100, Benny Pedersen wrote: > > https://github.com/apache/spamassassin/blob/trunk/lib/Mail/SpamAssassin/Plugin/DecodeShortURLs.pm#L594-L601 > > only me testing postgresql ? > > I'm using it with a self-written Perl data retrieval module that was tested long ago, so

Re: Rule Help - not sure what is wrong with my syntax

On Wed, 2023-01-11 at 16:56 -0800, Loren Wilton wrote: > Why not do a simple rule rather than inventing some Perl code? > > header TO_SPECIFIC_EMAIL To:addr ~= > '(?:\bus...@example.com|\bus...@example.com|\bus...@example.com)' > describe TO_SPECIFIC_EMAIL Mail to a specific email address > score

Re: Rule Help - not sure what is wrong with my syntax

On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote: > Hello All, > > I created this rule to check for email addresses matching a list to > get > added some negative value. > I also tried it with just domains so it would be more efficient, but I > can't seem to get them to run. > Any suggestions? >

Re: Refused by block lists

> > On 07.01.23 14:06, joe a wrote: > > > Pretty sure.  Or, I was.  Ran various tests with unbound running > > > and > > > not running confirmed it was working, at least providing a > > > response. > > Thats pretty simple to check, provided you've got Wireshark installed: Fire it up and tell it

Re: awl postgresql

On Wed, 2023-01-04 at 00:43 +0100, Benny Pedersen wrote: > > i have dumped all i have in posgres without data so only structure is > here > > https://usercontent.irccloud-cdn.com/file/WJmDq7xc/spamassassin_dump_tables%20only.txt > > dont know what package means on gentoo, its stable versions i

Re: awl postgresql

On Wed, 2023-01-04 at 10:24 +1300, Sidney Markowitz wrote: > Benny Pedersen wrote on 4/01/23 3:19 am: > > If anyone else reading this is using 4.0.0 and postgres for AWL, are > you > seeing or not seeing this problem? > I use Postgresql, though not with SA. I agree with your suggestion, but it

Re: Spam DKIM signed by Paypal coming from their Microsoft Tenant?

On Mon, 2022-11-14 at 15:14 -0500, Shawn Iverson wrote: > How do I stop this?  paypal.com is in the default DKIM whitelist! > I'd treat it as spam because the domain name in the From header doesn't match the domain name in the Message-ID header.  That works for me, with virtually no false mail

Re: subscribe to blacklist for domains

On Tue, 2022-08-23 at 12:11 +0200, Vincent Lefevre wrote: > On 2022-08-18 19:40:33 +0100, Martin Gregorie wrote: > > - if the reverse lookup fails, or the domain it retrieved does not > > match the one in the From address, send a bare 550 REJECT because > > the failed >

Re: subscribe to blacklist for domains

On Thu, 2022-08-18 at 12:11 -0400, Kris Deugau wrote: > Mmm.  So how would you, as sender or sender's mail provider, > troubleshoot a message rejected with "550 Too spammy"?  I have seen > several rejections that were equally clear and to the point, without > divulging any particular detail

Re: subscribe to blacklist for domains

On Sun, 2022-08-14 at 11:39 +1000, Noel Butler wrote: > On 14/08/2022 02:38, Martin Gregorie wrote: > > > 3) It would be rather trivial to return spam to sender with a > > suitable > > WTF, that has been a terrible idea since the 90s, given most spam is &

Re: subscribe to blacklist for domains

On Sat, 2022-08-13 at 14:05 -0400, joe a wrote: > To add my comment, returning SPAM, assuming it even reaches the > original sender, may serve only to assure them of the effectiveness of > their campaign to reach valid addresses. In effect "helping" them. > Agreed - I've occasionally thought

Re: subscribe to blacklist for domains

On Sat, 2022-08-13 at 17:46 +0200, Reindl Harald wrote: > and the main downside is that you can't REJECT clear spam and if "This > puts spam into a holding area, where A cron job deletes it after a > week" nobody knows in case of false positives > 1) OF COURSE I have a daily cron job that reports

Re: subscribe to blacklist for domains

On Sat, 2022-08-13 at 10:21 -0400, joe a wrote: > This is a low volume system consisting of postfix, SA, clamav and > fetchmail. > > The mailserver (postfix) is not exposed to the internet, mail traffic > is sent to it by "fetchmail", which itself goes out to several > providers where mail

Re: Rule to detect non-standard headers that aren't X- prefixed

On Tue, 2022-05-10 at 18:19 -0600, Philip Prindeville wrote: > I can't think of a single way to match each header, and then test for > any of them not matching the pattern... > > I had in mind a subrule that triggers on valid header names, combined with a meta rule that inverts the subrule

Re: Rule to detect non-standard headers that aren't X- prefixed

On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote: > > You're correct that they're different in every message received. > So write a rule that fires on any header name that *doesn't* match anything in the list of legit headers as defined in the relevant RFCs. Of course you may need to

Re: Running spamassassin only with specific rules

On Fri, 2022-04-22 at 09:20 -0400, Michael Grant wrote: > Is there some way to run spamassassin with only a specific set of > rules and scores? > If I'm trying to target specific specific sorts of spam I write rules that sort of follow these guidelines: - their rule names all start with my

Re: Linting of local.cf

On Sat, 2022-04-16 at 05:30 +0200, Benny Pedersen wrote: > On 2022-04-16 00:35, J Doe wrote: > > > That's an interesting point.  I guess the use case I was thinking of > > is if I added an address or domain for a particularly egregious > > spammer, but made a typo in the SA syntax, I would want

Re: sub-test syntax

On Mon, 2022-04-04 at 01:45 +0200, Matija Nalis wrote: > On Mon, Apr 04, 2022 at 12:19:23AM +0100, Martin Gregorie wrote: > > For instance, I whitelist any email sender who I've previously sent > > mail > > to. To do this I maintain am email archive held in a PostgreSQL  &

Re: sub-test syntax

On Mon, 2022-04-04 at 00:13 +0200, Matija Nalis wrote: > On Sun, Apr 03, 2022 at 10:06:51AM +0100, Niamh Holding wrote: > > Hello Matija, > > Saturday, April 2, 2022, 7:12:42 PM, you wrote: > > > > MN> grep -r check_rbl_sub /var/lib/spamassassin > > MN> for examples of what's possible and how

Re: spam declared mail - contentless - lost?

On Sat, 2022-04-02 at 16:42 +0200, mau...@gmx.ch wrote: > Hello > > i have mails that are signed as [SPAM] from Spamassassin 3.4.6, please > it's possible to catch the input from this mail, or it's this lost? > SpamAssassin [SA] only adds headers to the message. One of these is always the 

Re: using spamassassin to classify spam

On Thu, 2022-03-24 at 18:34 -0600, Grant Taylor wrote: > On 3/24/22 5:00 PM, Michael Grant wrote: > > List-Unsubscribe: > > > > > > I want to extract the mumble.aidemxwzlwt.bwbibibi.edu and run it > > through AskDNS and if I get an

Re: Up tick in missed SPAM from co domain

On Thu, 2022-02-03 at 10:50 -0500, joea- lists wrote: > SA version 3.4.5 > > Since yesterday 2/2/22 (gasp!) . . . I've noticed an up tick in missed > SPAM from .co domain.  Though obvious SPAM > weight loss, phish, "personals", they are scoring rather low.   > > Added a custom rule for that

Re: Managing long welcome_senders list

For Dominic Raferd: Another approach also works for me: if you can automatically capture the addresses you've sent mail to, these addresses make a perfect, self- maintaining whitelist. If you're running Postfix then you can use its automatic BCC option to feed a copy of all mail, including

Re: Managing long welcome_senders list

On Thu, 2021-12-02 at 13:42 +, Dominic Raferd wrote: > I have a score-reducing algorithm for SA based on known 'good' senders. >  From a simple one-address-per-line file (which can easily be manually > or automatically edited) is built a local_welcoming.cf file which is > used by SA - with

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

On Tue, 2021-11-16 at 08:33 -0500, Bill Cole wrote: > > Worth noting: locate & updatedb aren't always installed. > Fair comment: they're a standard part of Fedora. IIRC they are also part of the RaspberryPi OS distro, so are likely to be included in Debian and most of its clones. But: how many

Re: MIME_BASE64_TEXT only on us-ascii

On Tue, 2021-11-16 at 11:32 +0100, Philipp Ewald wrote: > This is correct. But why is us-ascii requeired for this rule? Are > spammer only in US? > No, its because the base character set for e-mail bodies is USASCII.  Base64 encoding is a way of making sure that attachments using other charsets

Re: Seeing "check: exceeded time limit in ..." and need to resolve it

On Mon, 2021-11-15 at 17:12 -0700, Philip Prindeville wrote: > > > > On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote: > > > > > > Philip Prindeville writes: > > > > > Ah, the rule _eval_tests_type11_pri0_set1() took 4:20. > > > > > > Why can't I even find the rule? > > try "locate txrep"

Re: Fw: spam from gmail.com

On Mon, 2021-11-08 at 18:27 +, Rupert Gallagher wrote: > Spammers are using gmail.com. Congratulations to Google for their fine > work... > The more 'enterprising' ones are apparently sex come-ons, but contain links to known-malicious URL shorteners. Martin

Re: Decoding Google URL redirections and check VS URI Blacklists

On Tue, 2021-11-02 at 09:52 +0100, Benoit Panizzon wrote: > Hi SA Community > You can find out quite a lot about a spamming site with a few common commandline tools: - 'ping' tells you of the hostname part of the UREL is valid - 'host hostname' should get the sender's IP - 'host ip' IOW a

Re: Correct KAM.cf location?

On Wed, 2021-10-20 at 11:50 -0500, Jerry Malcolm wrote: > is working as it should.  I'm pretty confident I've got the basic SA > function working.  But along with the bayes issue from a couple of posts > back, I can't seem to make the KAM.cf file get involved.  In previous > installations, I

Re: Spamc - connection refused

On Tue, 2021-09-28 at 15:30 +0200, mau...@gmx.ch wrote: > Hello > > never found the solutions for this.. > The error messages aren't a lot of use without also knowing: - what arguments are you using on the spamc command line? - where is the spamd instance you're trying to connect to,  i.e. is

Re: Disabling autolearn on given rule

On Tue, 2021-09-21 at 18:57 -0700, Loren Wilton wrote: > > Well, from the few I've seen, they all seem to have a relatively > constant structure. Someone pointed you to a plugin that is at least > dealing in this having a better suggestion. > > While I wrote a little Perl a decade ago I've

Re: Score for certain spam

On Tue, 2021-08-17 at 18:03 +0200, David Bürgin wrote: > In your experience, what is a good ‘certain spam’ threshold? By that I > mean the score above which messages are virtually always spam, no > false positives. > I pushed it one notch, to 6.0, but:   (a) I've accumulated a fair collection of

Re: Question about whitelisting of naadac.org

On Wed, 2021-08-11 at 20:43 -0700, John Hardin wrote: > As Kenneth said, contact Spamhaus regarding why that domain is listed. > > I took a look at it with a text-mode web browser, Lynx, thats too simple to try to process nastys and with all cookies disabled. It looked more than slightly suspect

Re: CHAOS: v1.2.2: Of Documentation

On Fri, 2021-07-23 at 19:49 +1000, Noel Butler wrote: > I've still yet to see a list post explaining what this thing does > so no he has not answered all questions about it, the most common sense > thing of all time is if you advertise your wares, you at least tell > people WTF it does, you don't

Re: number in sender name

7-11 at 11:17 -0400, Kevin A. McGrail wrote: > > Martin Gregorie wrote: > > If you have a copy of "The Camel Book", otherwise known as > > "Programming > > Perl" by Larry Wall, Tom Christiansen & John Orwant"  pub. O'reilly, > > o

Re: number in sender name

Not a direct reply, but: If you have a copy of "The Camel Book", otherwise known as "Programming Perl" by Larry Wall, Tom Christiansen & John Orwant" pub. O'reilly, or know somebody who has a copy, have a read of Chapter 5 'Pattern Matching' which contains about the clearest explanation of how

Re: Office phish

On Tue, 2021-07-06 at 00:16 +0200, Benny Pedersen wrote: > On 2021-07-05 23:45, RW wrote: > > > > > > https://www.w3resource.com/javascript/introduction/html-documents.php > > embeeded javascript is possible > Yes, but it may well depend on how the e-mail was assembled. A message Cut from a

Re: Office phish

On Fri, 2021-07-02 at 21:25 -0400, Jared Hall wrote: > I never would've caught this except it hit an old header rule I use > for certain Hotmail Porn detection. > > Content-Type: multipart/mixed; > boundary="_c23d8b80-2b40-49d4-8897-08b0026dddfb_" > > Thanks for that: added it to a

Re: Process of domain submission for inclusion in 60_whitelist_auth.cf

On Thu, 2021-07-01 at 16:32 -0600, @lbutlr wrote: > Sending spam, viruses, ransom demands, and/or spearfishing from > "known" addresses is extremely common, so how effective that is > depends a lot on the sort of mail and the amount of mail you receive. > Agreed, but I'm not silly enough to have

Re: Office phish

On Thu, 2021-07-01 at 18:59 +0200, Benny Pedersen wrote: > On 2021-07-01 17:03, RW wrote: > > > > I realize blocking all javascript is prone to error, > > What legitimate email uses javascript? > > and what mua will show html attachment as default ? Evolution is as configurable as any MUA I've

Re: Process of domain submission for inclusion in 60_whitelist_auth.cf

On Tue, 2021-06-29 at 00:52 -0400, Bill Cole wrote: > On 2021-06-28 at 17:04:05 UTC-0400 (Mon, 28 Jun 2021 23:04:05 +0200) > Robert Harnischmacher > is rumored to have said: > > > In which form can one submit the subdomain of a mail sender for the > > integration in 60_whitelist_auth.cf. Which

Re: Maybe it's time to revive EvilNumbers?

On Thu, 2021-06-17 at 17:10 -0700, Loren Wilton wrote: > A number of the rules I passed along are generic "order" rules rather > than Amazon specific. I had to go back to last month's spam to find an > Amazon order spam, but I've gotten a dozen or so fake orders for other > things this month, all

Re: Detect Emoticons in Subject

On Thu, 2021-05-20 at 18:34 +0200, Bert Van de Poel wrote: > We've started getting lots of spam with emoji in the subject too the > past few weeks, so I've looked into this as well. As mentioned by RW, > you would need to create some kind of UTF8 regex header Subject rule. As > I'm not too

Re: SPF plugin ignores existing Authentication-Results

On Tue, 2021-05-18 at 10:00 +0200, David Bürgin wrote: > David Bürgin: > > Bother. I think I will try to modify my SpamAssassin milter, so that > > it > > will add a synthetic ‘internal’ Received header right after the > > Authentication-Results headers … that should trick SpamAssassin into > >

Re: Why does SA add SPF check fail to this message?

On Sat, 2021-04-24 at 03:22 -0700, Yuri wrote: > All messages from the FreeBSD mailing list are labeled as 'SPF check > fail'. > > Here is the message: > https://bugs.freebsd.org/bugzilla/attachment.cgi?id=224393 > > People said that SA does this by mistake: >

Re: Script or command for testing new rules to ensure new rules don't generate false positives/negatives?

On Fri, 2021-04-23 at 16:28 -0400, Steve Dondley wrote: > I'm experimenting with writing a library of my own SA rules and > scores. > I do this on a separate computer, which has Spamassassin installed but not linked into anything else. It also has a copy of all the live SA configuration files.

Re: Bypass RBL checks for specific address

On Wed, 2020-12-23 at 20:44 +0100, Benny Pedersen wrote: Fhis requirement is almost exactly rgew opposite of something I've been running for years: - In my case I run every message through SA, diverting spam into a quarantine directory and passing the rest to Postfix for delivery. - In your

Re: Spamassassin 3.4.4 on centos7

On Fri, 2020-12-11 at 12:45 +1300, Sidney Markowitz wrote: > 2. Using the rpm command to install a local rpm file does not > automatically install dependencies from a repo. Always use yum (or dnf > in newer CentOS or in Fedora) instead of the now old rpm program. > Minor correction: the rpm

Re: Legitimate message being flagged as spam

On Mon, 2020-11-30 at 07:27 -0600, Daryl Rose wrote: > How do I get the SA headers? > Either: - tell your mail reader to show all headers and cut'n'paste the whole email from the screen - Save the entire email as a TXT file and cut'n'paste from there Then drop the entire email into PasteBin

Re: Legitimate message being flagged as spam

Showing us the SA headers and hits would be a good idea: without them we don't know why SA rejected the mail. I notice that domain in the Message-ID is ficticious may not be significant, but I usually think this is suspicious. Martin On Sun, 2020-11-29 at 09:40 -0600, Daryl Rose wrote: > I get

Re: SPF_FAIL

On Wed, 2020-11-11 at 09:52 +0100, Tobi wrote: > > If I only had a ready-made list of those important domains. > > If you filter for customer domains then maybe (depending the customer > domain) adding the customer domain to spf checks is worth a look too. > That's easy: keep a database of

Re: What can one do abut outlook.com?

On Sun, 2020-10-25 at 12:08 -0600, Bob Proulx wrote: > Martin Gregorie wrote: > > I use this to send a copy of all outbound mail to a local mailbox. > > Then periodically a cronjob scans and erases the mailbox content, > > adding the To: address(es) to a list o

Re: What can one do abut outlook.com?

On Sat, 2020-10-24 at 16:46 -0700, John Hardin wrote: > ...and then whitelist specific desireable-correspondent outlook.com > addresses. > Its easy enough to create a list all desirable correspondents, at least if your MTA has the equivalent of Postfix's 'always_bcc' directive. I use this to

Re: check doman against uri bl of spamassassin

On Wed, 2020-10-21 at 22:22 +0200, Marc Roos wrote: > :D I thought I could query the blacklists from the command line with > dig or so > Sounds possible, but what use is a command line query when what you need is something that can be triggered by getmail, your MTA, an MUA or whatever? You might

Re: to: header is not in my domain

On Tue, 2020-10-20 at 22:49 +0100, RW wrote: > On Tue, 20 Oct 2020 21:34:08 +0100 > Martin Gregorie wrote: > > , not exactly what you're asking for, but e-mails where the From: > > domain doesn't match the domain in Message-ID: are very often spam > > and > > so

Re: to: header is not in my domain

On Tue, 2020-10-20 at 21:34 +0100, Martin Gregorie wrote: > On Tue, 2020-10-20 at 19:29 +0100, Miki wrote: > > Hi, how to score this e-mails? > > I know I can give negative score if To: IS my domain, but I do not > > like this solution. > > Any suggestions? > &

Re: to: header is not in my domain

On Tue, 2020-10-20 at 19:29 +0100, Miki wrote: > Hi, how to score this e-mails? > I know I can give negative score if To: IS my domain, but I do not > like this solution. > Any suggestions? > Why do that? Its the exact reverse of something that does work pretty well: write a rule that gives a

Re: Spamassassin Email Alert

On Wed, 2020-09-02 at 15:44 +0530, KADAM, SIDDHESH wrote: > Hi Folks, > > Using spamassassin is there any way of trigger email notification to > specific ID, if email body matches with list of pattern. > You can put anything you care write or install to downstream from SA to scan messages and

Re: Amazon, dhl, fedex, etc. phishing

On Mon, 2020-08-24 at 11:51 -0700, John Hardin wrote: > Might want some \b in there, just to be safe. The from check would > also > hit domains like "amazon-river.org". Perhaps: > > header SUBRULE13a From:name =~ /\bAmazon\b/ > header SUBRULE13b From:addr =~ /\bamazon\.com$/ > Indeed > > >

Re: Amazon, dhl, fedex, etc. phishing

On Mon, 2020-08-24 at 12:00 -0400, micah anderson wrote: > We are regularly getting phishes from dhl, fedex, usps, amazon, > netflix, spotify that fakes the from (eg. amazon < > p...@biggung1892301.com> wants to send me a amadon-legit.pdf). > > I'm wondering if anyone has made a rule that looks to

Re: Why the new changes need to be "depricated" forever

On Thu, 2020-07-23 at 15:01 +, Riccardo Alfieri wrote: > I think that rspamd's approach is correct. Rspamd just takes SA rules > and use them. It doesn't provide the rules, meaning that you most > likely > need to have an installation of at least sa-update on the same > machine > that runs

Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change

On Thu, 2020-07-23 at 09:36 +0700, Olivier wrote: > I am wondering what grey list should be renamed... Ageist! ;-) Martin

Re: Why the new changes need to be "depricated" forever

On Wed, 2020-07-22 at 21:53 -0700, Ted Mittelstaedt wrote: > You could even fork the SpamAssassin code if you like, you know. In > fact, let's do that. We will make a new fork and call it the > "SpamAssasin-N-W" short for SpamAssassin Non Wussy, put it up on > Sorceforge for download, and just

Re: Why the new changes need to be "depricated" forever

On Tue, 2020-07-21 at 18:25 -0700, Loren Wilton wrote: > I do strongly wonder whether this is "society" or only "people in the > USA". It should be noted that historically bkacks were enslaved just > as little or much as any other race in other countries, and I don't > see those contries bending

Re: IMPORTANT NOTICE: Rules referencing WHITELIST or BLACKLIST in process of being Renamed

On Mon, 2020-07-20 at 09:30 -0700, John Hardin wrote: > It would be helpful if we could be informed whether anyone has post- > SA processing that looks for these rulenames in the SA hit results, > e.g. for making message delivery decisions. > Repeating previously posted info for completeness: one

Re: Screwed-up scoring

On Sun, 2020-07-19 at 20:27 -0400, Kevin A. McGrail wrote: > On 7/19/2020 8:23 PM, Martin Gregorie wrote: > > The only way I can see to prevent the name changes from affecting SA > > users private rules is to duplicate the affected rules > > Yeah, I just posted this idea o

Re: Screwed-up scoring

On Sun, 2020-07-19 at 15:44 -0700, Luis E. Muñoz wrote: > On 19 Jul 2020, at 10:54, Kevin A. McGrail wrote: > > > Great question. That's really a third party rule. I would like to > > see it > > change eventually but maybe that's another phase. Thoughts? > The only way I can see to prevent

Re: Screwed-up scoring

On Sun, 2020-07-19 at 11:59 -0400, Kevin A. McGrail wrote: > Whitelist will become welcomelist and blacklist will become > blocklist. Are you running a modern SA like 3.4.4? If so, you should > be able to proactively add entries for this. > Just been grepping my local rules for WHITELIST and

Re: spamhaus enabled by default

On Tue, 2020-07-14 at 22:57 -0400, Kevin A. McGrail wrote: > > A pointer to the wiki might be useful in the config files as well as > > > the > > > docs. Suggestions of which files? > > > > local.cf is the obvious one. > > > > Might not be a bad choice. I've never even looked at a stock

Re: spamhaus enabled by default

On Tue, 2020-07-14 at 18:39 -0400, Bill Cole wrote: > > There are far too many ways that people have BIND already installed > and configured for a 3rd-party package to be able to safely provide a > full named.conf that will work for 90% of users who have modified > their configurations away from

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On Tue, 2020-07-14 at 16:50 -0500, sha...@shanew.net wrote: > That last bit is plain wrong. Jamestown had Africans as slaves as > early as 1619, > Fair enough - I was ignoring the Spanish because it seems to me, possibly wrongly, that what they did in that sphere had little influence on the

Re: spamhaus enabled by default

On Tue, 2020-07-14 at 16:32 -0400, Kevin A. McGrail wrote: > Well, that is documented quite expressly here: > https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver > > A pointer to the wiki might be useful in the config files as well as > the > docs. Suggestions of which

Re: spamhaus enabled by default

On Tue, 2020-07-14 at 22:59 +0200, Antony Stone wrote: > On Tuesday 14 July 2020 at 21:46:11, Martin Gregorie wrote: > > > This info should include lots of black (hashmarks, asterisks etc). > > You should be careful of the language you use these days, especially > on this &

Re: spamhaus enabled by default

On Tue, 2020-07-14 at 12:53 -0400, Kevin A. McGrail wrote: > I agree with you about the idea of turning off everything and just > delivering 100% commented configuration files.. I believe SA is a > framework that must have walls & paint added to make it a > house. Others want it ready to go as a

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On Tue, 2020-07-14 at 12:24 -0400, Kevin A. McGrail wrote: > We'll have to agree to disagree. To me it is clearly racially charged > language and you are cherry picking your sources. Here's a well > researched > and documented article from a medical journal on the topic with expert > citations:

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On Sat, 2020-07-11 at 06:32 -0600, Eric Broch wrote: > Obama was a community organizer, and that's what community organizers > do. They stir up trouble where no trouble exists. This is a Marxist > tactic to overturn a society in the school of Saul Alinsky (Author: > 'Rules for Radicals'). >

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On Fri, 2020-07-10 at 15:01 -0700, jdow wrote: > On 20200710 13:43:21, Bill Cole wrote: > > On 10 Jul 2020, at 8:37, Mauricio Tavares wrote: > > > > > I do agree that accept works better than welcome here. > > > > There's a practical issue in that: we have the WLBLEval plugin that > > has

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On Fri, 2020-07-10 at 12:07 +, Pedro David Marco wrote: > OK... who starts??? :-) > once Finished we can rewrite "El Quixote" as well... > That's already been sort of redefined: see https://xkcd.com/556/ Martin

Re: IMPORTANT NOTICE FOR PEOPLE RUNNING TRUNK re: [Bug 7826] Improve language around whitelist/blacklist and master/slave

On Fri, 2020-07-10 at 10:36 +0200, Matus UHLAR - fantomas wrote: > On 10.07.20 08:50, Axb wrote: > > the US problems won't be fixed with renaming B lists. > > Seriously.. you have more important issues... > > while I am not a fan of renaming, I think that > "welcome list" and "block list" are

Re: Multiple regex on same URL

On Tue, 2020-07-07 at 22:07 +, Pedro David Marco wrote: > Thanks Martin, but the meta may be possitive if one URL triggers > SUBRULE1 and another different URL triggers SUBRULE2... > how can you be sure both SUBRULES are possitive in the "same" URL? > I didn't spot the requirement that the

Re: Multiple regex on same URL

On Tue, 2020-07-07 at 20:39 +, Pedro David Marco wrote: > > >>On Tuesday, July 7, 2020, 03:16:34 PM GMT+2, Henrik K < > h...@hege.li> wrote: > > > Also newer SpamAssassin already has URIDetail plugin which can also > > do what you want: > > uri_detail SYMBOLIC_TEST_NAME key1 =~

Re: Rule HK_SCAM is triggered by standard business email

On Wed, 2020-07-01 at 16:20 -0400, Aner Perez wrote: > It looks like to me like the logic in __HK_SCAM_S7 is a little > > off... > > > > /(?:(?:investment|proposed|lucrative) > > (?:business|venture)|(?:business|venture) > > (?:enterprise|propos(?:al|ition)))/i > > > > seems like it should be:

Re: White listing messages processed by a previous milter

On Sat, 2020-06-27 at 00:46 +0200, Marc Roos wrote: > > What would be the best practice to whitelist / not process, messages > that have already been processed by a previous milter. > If you've already whitelisted a message and want it to bypass SA, then you will, by definition, have total

Re: Slipping through the cracks

On Fri, 2020-06-19 at 13:54 -0400, micah anderson wrote: > 2. gmail (amusingly saying my amazon prime membership is going to > expire) > That would make an obvious local rule if you're continuing to see messages like that since a Prime expiry notice thats NOT from Amazon is unlikely to be valid:

Re: score sender domains with 4+ chars in TLD?

On Sat, 2020-06-13 at 15:25 +0100, RW wrote: > On Sat, 13 Jun 2020 03:10:52 +0100 > Martin Gregorie wrote: > > > You can easily update the rbldnsd zone data (just write/update the > > > data file, no need to restart spamd) and could create a custom > > > scorin

Re: score sender domains with 4+ chars in TLD?

You can easily update the rbldnsd zone data (just write/update the > data file, no need to restart spamd) and could create a custom scoring > value based on the DNS data (EG 127.0.0.2 for really 'good' TLDs, > 127.0.0.4 for 'so-so' and 127.0.0.8 > for truely spammy names). > A blocklist system

Re: handling spam from gmail.

On Thu, 2020-06-11 at 11:27 +0200, Marc Roos wrote: > > I know I need to update, moving to containerized or centos8 when > ready. > However I do not think it will solve much, that is why I am asking > for > this procedure. > You could always write a private rule the adds points to gmail users

Re: generate rule, wrong?

On Fri, 2020-05-22 at 11:18 +0200, Maurizio Caloro wrote: > Hello > After generating this rule rawbody, spam mail like this words still > appear, possible mistake from my syntax? > > > required_score 5 > > use_pyzor 1 > > use_razor2 1 > > rawbody BECAUSE_OPTIN > >

Re: support-intelligence.net list

On Thu, 2020-05-14 at 15:43 +, Henry Castro wrote: > Hi everyone, > > Are DNS queries to support-intelligence.net lists working for you > right now? > Not from here (UK): $ host support-intelligence.net ;; connection timed out; no servers could be reached $ whois support-intelligence.net

Re: another extortion email check

On Mon, 2020-05-04 at 16:25 -0600, Grant Taylor wrote: > I think $DatabaseTechnology's main benefit is keeping the password > data outside of the configuration files. > Agreed, in this sort of corner case. > select count(*) where log.key = md5(key); > Neat. > You can move the md5

Re: another extortion email check

On Mon, 2020-05-04 at 15:14 -0600, Grant Taylor wrote: > I see little benefit of an SQL database vs rules with the encrypted > (hashed) passwords (possibly salted with the usernames / email > address) > in the SpamAssassin config file. Well, save for possible ease of > administration in that

Re: another extortion email check

On Mon, 2020-05-04 at 13:03 -0600, Grant Taylor wrote: > Which is why I have not. It's also why I asked if there was a way to > compare hashed text. To quote: > > "Is there any way to compare hashed strings of text?" > > I'll note that my question hasn't been answered. Instead, people >

Re: Spamassassin always says DKIM_INVALID

On Sat, 2020-01-18 at 01:29 +0200, Jari Fredriksson wrote: > On 14.1.2020 15.38, Alex Woick wrote: > > Spamassassin (3.4.3, the same with previous) declares all or almost > > all the incoming DKIM-signed messages as DKIM_INVALID, and I'm not > > understanding why. > > I'm running opendkim on the

Re: txrep duplicated key with postgresql

On Mon, 2019-12-09 at 11:41 -0800, John Hardin wrote: > This sounds more like the "does that tuple already exist?" logic is > failing, causing it to think it needs to create a new entry, which > the unique key is (correctly) preventing. > > You don't lightly bypass unique keys. They are there

  1   2   3   4   5   6   7   8   9   10   >