Am 23.09.2016 um 20:30 schrieb John Hardin:
On Fri, 23 Sep 2016, li...@rhsoft.net wrote:
Am 23.09.2016 um 05:24 schrieb John Hardin:
On Thu, 22 Sep 2016, Thomas Barth wrote:
> Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
> > > > URIBL_BLOCKED shows you are using still
Am 23.09.2016 um 19:57 schrieb RW:
On Fri, 23 Sep 2016 13:13:19 -0400
Sean Greenslade wrote:
On Fri, Sep 23, 2016 at 05:03:00PM +0100, RW wrote:
I've been wondering whether recursive is actually the correct term.
As I understand it there are two types of DNS lookup:
1. Iterative - where
Am 23.09.2016 um 10:43 schrieb Thomas Barth:
Am 23.09.2016 um 10:25 schrieb li...@rhsoft.net:
Am 22.09.2016 um 21:58 schrieb Bowie Bailey:
On 9/22/2016 3:40 PM, Thomas Barth wrote:
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
fix that - use a local caching resolver
Am 22.09.2016 um 21:58 schrieb Bowie Bailey:
On 9/22/2016 3:40 PM, Thomas Barth wrote:
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
fix that - use a local caching resolver with *no forwarding* and if you
are using dnsmasq just don't do that for a inbound mailserver
for me that topic
Am 23.09.2016 um 05:24 schrieb John Hardin:
On Thu, 22 Sep 2016, Thomas Barth wrote:
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
URIBL_BLOCKED shows you are using still a dns-forwarder and so won't
get
results from a lot of blacklists
fix that - use a local caching resolver
Am 22.09.2016 um 21:40 schrieb Thomas Barth:
URIBL_BLOCKED shows you are using still a dns-forwarder and so won't get
results from a lot of blacklists
http://uribl.com/refused.shtml
fix that - use a local caching resolver with *no forwarding* and if you
are using dnsmasq just don't do that
Am 22.09.2016 um 12:59 schrieb Thomas Barth:
Am 22.09.2016 um 12:41 schrieb li...@rhsoft.net:
I ve installed clamav-unofficial-sigs by debian package. If this is not
working good enough I will try the installation I found here:
https://github.com/extremeshok/clamav-unofficial-sigs/blob
Am 22.09.2016 um 12:32 schrieb Thomas Barth:
Am 22.09.2016 um 11:50 schrieb li...@rhsoft.net:
Am 22.09.2016 um 11:36 schrieb Benny Pedersen:
On 2016-09-22 10:16, Thomas Barth wrote:
The content of the mail is:
--boundary_af9c8db46eb73fca8b315aafef01
Content-Type: application/x
Am 22.09.2016 um 11:36 schrieb Benny Pedersen:
On 2016-09-22 10:16, Thomas Barth wrote:
The content of the mail is:
--boundary_af9c8db46eb73fca8b315aafef01
Content-Type: application/x-zip-compressed; name="e6dfa16bdb.zip"
Content-Transfer-Encoding: base64
Content-Disposition:
Am 22.09.2016 um 10:16 schrieb Thomas Barth:
Am 21.09.2016 um 18:47 schrieb Bowie Bailey:
That is ridiculous. The more training bayes gets the better it works.
And manual training is better than autolearning because autolearning can
automatically learn false positives and false negatives
Am 21.09.2016 um 23:36 schrieb RW:
On Wed, 21 Sep 2016 10:54:32 +0200
li...@rhsoft.net wrote:
surely - while DCC ist not a spam sign by it's descriptions
razor/pyzor *are* and they have nothing in common with DNSBL/URIBL
they are *content digest*
Actually razor is pretty close to a URIBL
Am 21.09.2016 um 18:28 schrieb Thomas Barth:
Am 21.09.2016 um 18:00 schrieb li...@rhsoft.net:
the problem of the OP is that he starts things the other side round and
first reject without good evidence and don't have anything to make the
system bullet profe because it's rejected
I
Am 21.09.2016 um 17:53 schrieb Sean Greenslade:
As for your spam rejection paradigm, I can't possibly imagine that
working well unless you have a very close relationship with every single
person who emails you. If I send my resume to a job recruiter and they
get a bounce when they email me
Am 21.09.2016 um 17:23 schrieb Thomas Barth:
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
so your setup either don't use that config (amavais or something like
that part of the game then you don't have just spamassassin)
or you
ith such a dangerous and plain wrong score
Am 21.09.2016 um 16:13 schrieb li...@rhsoft.net:
Am 21.09.2016 um 15:48 schrieb Thomas Barth:
X-Spam-Status: No, score=3.004 tagged_above=2 required=6.31
tests=[MESSAGEID_LOCAL=3, RELAYCOUNTRY_BAD=3.1,
RP_MATCHES_RCVD=-3.096, SPF_PASS=-0.001,
Am 21.09.2016 um 15:48 schrieb Thomas Barth:
X-Spam-Status: No, score=3.004 tagged_above=2 required=6.31
tests=[MESSAGEID_LOCAL=3, RELAYCOUNTRY_BAD=3.1,
RP_MATCHES_RCVD=-3.096, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=no autolearn_force=no
URIBL_BLOCKED shows you are using
Am 21.09.2016 um 10:18 schrieb Marcus Schopen:
Am Montag, den 19.09.2016, 13:35 +0100 schrieb RW:
It's not a spamassassin problem, right. Question is, can I install a
SHA1 package without harming perl at other places?
It should do any harm.
That should have been:
It shouldn't do any harm.
Am 20.09.2016 um 15:46 schrieb Thomas Barth:
I read that 5.0 is aggressive and suitable for single user setup,
conservative values are 8.0 or 11.0
depends on your glue, setup and bayes-training
many setups tag spam with 5.0 or 5.5 while the glue like a milter
rejects spam above 8.0 points
Am 19.09.2016 um 17:11 schrieb Jose Borges Ferreira:
Hi all,
To solve that issues, we are currently moving and upgrading our servers.
This should be solved quickly .
Sorry for any inconvenience.
thanks for feedback and taking action!
On Mon, Sep 19, 2016 at 2:43 PM, li...@rhsoft.net
in case someone cares or even somebody from 'mailspike.net' is on this
list - logs like below appear repeatly the last weeks or few months
in fact these are timeouts and that will also hit default SA
installations, most likely without logging as postscreen does
Sep 19 15:36:42 mail-gw
Am 19.09.2016 um 11:10 schrieb Marcus Schopen:
I'd like to use razor on my private mailbox, but it seems to depend on
Digest::SHA1, which is not part of Ubuntu 12.04 LTS or 14.04 TLS:
The Digest::SHA1 module is required by the Razor2 plugin
I found this bug report
Am 16.09.2016 um 19:27 schrieb Joe Quinn:
On 9/16/2016 12:59 PM, li...@rhsoft.net wrote:
...
in case you have postscreen or something else which does proper
rbl-scoring in front of the content-scanners it's no problem because
only a small part of spam attempts are mahing it to SA
may depend
Am 16.09.2016 um 18:17 schrieb David B Funk:
What do you see in your syslog reports from spamc?
Is it reporting any errors?
Please note the 'max-size' parameter for spamc:
-s max_size, --max-size=max_size
Set the maximum message size which will be sent to spamd -- any
bigger than
Am 16.09.2016 um 14:49 schrieb Maik Linnemann:
So far so good. The concept works like it should with only one
exception: Some mails are not tagged by spamassassin and i dont have a
clue why. Viscerally i would say its about 20% of all mails that arent
tagged by spamassassin
how is SA
Am 12.09.2016 um 20:34 schrieb thomas cameron:
On 09/12/2016 01:06 PM, John Hardin wrote:
On Mon, 12 Sep 2016, thomas cameron wrote:
Make sure you have a local recursing (**NOT** forwarding) DNS server
that your MTA and SA are configured to use. Reason: if you're forwarding
your MTA DNS
Am 12.09.2016 um 18:53 schrieb David Jones:
*>From:*li...@rhsoft.net <li...@rhsoft.net>
*>Sent:* Monday, September 12, 2016 8:47 AM
*>To:* users@spamassassin.apache.org
*>Subject:* Re: RCVD_IN_SORBS_SPAM and google IPs
Am 12.09.2016 um 15:37 schrieb David Jones:
Has RCVD
Am 12.09.2016 um 17:51 schrieb thomas cameron:
I rolled a new mail server out for my small business, and I've got a
pretty vanilla SA setup. It's just not doing a very good job of catching
spam. I'm getting a TON of "Amazon gift card" and "female hair loss" and
"work from home" spam in my
Am 12.09.2016 um 15:37 schrieb David Jones:
Has RCVD_IN_SORBS_WEB been considered for adjustment as well? It's
hitting a lot more ham than spam here, including mail from facebook.
You should be safely whitelisting any major senders like Facebook at
the MTA level and in SA:
whitelist_auth
Am 09.09.2016 um 15:20 schrieb Bowie Bailey:
On 9/8/2016 6:29 PM, RW wrote:
On Thu, 8 Sep 2016 15:53:00 -0500 (CDT)
Shane Williams wrote:
I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in
digging deeper, I realize that there are zero hits on this rule for
the two weeks
Am 08.09.2016 um 22:53 schrieb Shane Williams:
I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in
digging deeper, I realize that there are zero hits on this rule for
the two weeks prior to Aug. 31, and now I'm seeing it thousands of
times per week (not just against google
Am 08.09.2016 um 15:44 schrieb Chip M.:
On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote:
i get a diff-output per mail each time the mailserver configs
are changing
That's a completely valid approach, and I am a big fan of
pre-emptive first strike (only as applied to potentially evil
Am 08.09.2016 um 10:33 schrieb Chip M.:
On Sat, 09 Jul 2016, jasonsu wrote:
Fwiw, atm I block all of the following TLDs
...
men,
..
That list is auto-generated. Any & all TLDs that have
sent > 100 messages within the last year *AND* have a
Great approach Jason! :)
".men" just recently
Am 07.09.2016 um 11:00 schrieb Nicola Piazzi:
I am off topic if you think that postfix is not spamassassin
I think that this is not a Microsoft problem because exchange answer correctly
to unknown recipients
I suppose that there is something in the return string that postix doesn’t like
Am 07.09.2016 um 10:42 schrieb Nicola Piazzi:
I have a problem using reject_unverified_recipient to verify under
Exchange 2016 that I don’t have with Exchange 2010
how is that a spamassassin or even postfix related problem?
call the microsoft support why their stuff is playing backscatter
Am 06.09.2016 um 23:27 schrieb Alex:
Is there any ability to determine if a particular attachment has a
Word macro enclosed in addition to just having a Word document?
that's the hob of clamav and the sa-plugin for it
"OLE2BlockMacros yes" in case of a scored SA plugin won't block but add
Am 06.09.2016 um 22:40 schrieb Alex:
Is there any ability to determine if a particular attachment has a
Word macro enclosed in addition to just having a Word document?
that's the hob of clamav and the sa-plugin for it
"OLE2BlockMacros yes" in case of a scored SA plugin won't block but add
Am 06.09.2016 um 22:24 schrieb Alex:
Is there any ability to determine if a particular attachment has a
Word macro enclosed in addition to just having a Word document?
that's the hob of clamav and the sa-plugin for it
"OLE2BlockMacros yes" in case of a scored SA plugin won't block but add
Am 06.09.2016 um 00:14 schrieb @lbutlr:
On 05 Sep 2016, at 13:36, li...@rhsoft.net wrote:
but -1.653 is just a bad joke because it means every homeuser which manages to
get some DNS records fine (as well as every spammer which registers a ton of
domains and cheap hosts) get a large benefit
Am 05.09.2016 um 22:03 schrieb Ian Zimmerman:
On 2016-09-05 21:31, Axb wrote:
In what file do you see T_RP_MATCHES_RCVD ?
[1+0]~$ cd /usr/share/spamassassin/
[2+0]spamassassin$ fgrep T_RP_MATCHES_RCVD *
72_active.cf:##{ T_RP_MATCHES_RCVD if version >= 3.003000 ifplugin
Am 05.09.2016 um 22:00 schrieb Ian Zimmerman:
On 2016-09-05 12:21, John Hardin wrote:
header __RP_MATCHES_RCVD eval:check_mailfrom_matches_rcvd()
...which means you'd need to go digging around in the perl code to find
out what it's doing.
Basically, it's a check that the
Am 05.09.2016 um 21:31 schrieb Axb:
72_scores.cf published by sa-update sets a score:
score RP_MATCHES_RCVD -1.152 -1.653 -1.152 -1.653
Ian,
In what file do you see T_RP_MATCHES_RCVD?
*currently* nowhere
but -1.653 is just a bad joke because it means every homeuser
Am 05.09.2016 um 20:30 schrieb Ian Zimmerman:
Since I have seen other rules in results with the T_ prefix (for example
T_DKIM_INVALID) I think it must be some kind of convention with an
accepted meaning. What is this conventional meaning, and how do these
rules relate to the ones without the
Am 05.09.2016 um 19:01 schrieb Benny Pedersen:
On 2016-09-05 07:29, Pedro David Marco wrote:
My understanding was that "if there is no net flag, then it could work
in local mode", but i was wrong..
score rule sets supports no net tests, simply score 0 on net test, and
non zero on local
Am 04.09.2016 um 11:18 schrieb Pedro David Marco:
i have several reasons to disable all networks checks but some:
1.- Some checks are done by my own SMTP proxy
since you should anyways have a local caching resolver it don't matter
to double them and when a message slips through rbl scroing
Am 01.09.2016 um 12:23 schrieb Mauricio Tavares:
I do agree that the OCR program should be doing the OCR'ing and
the text filtering should be left to a program that does that for a
living. In the modern, systemd world this is of course an ancient and
outdated design philosophy
this is simply
Am 31.08.2016 um 18:22 schrieb John Hardin:
On Wed, 31 Aug 2016, li...@rhsoft.net wrote:
Am 30.08.2016 um 22:03 schrieb John Hardin:
On Tue, 30 Aug 2016, Joseph Brennan wrote:
> We've had errors the past 2 nights for all of the
uridnsbl_skip_domain
> rules. It's just us?
It'
Am 31.08.2016 um 13:18 schrieb Martin Gregorie:
On Wed, 2016-08-31 at 12:25 +0200, Axb wrote:
Blame it on the boogie
Another data point: I haven't seen this problem. I've just searched my
Considering that it doesn't seem to hit everybody, I wonder if it could
be software related, i.e.
Am 31.08.2016 um 11:56 schrieb Axb:
On 08/31/2016 11:41 AM, li...@rhsoft.net wrote:
however, what annoys me more is that "uridnsbl_skip_domain entries have
not yet been removed" and obviosuly nobody knows why - what if there
would be a issue leading to fatal errors for everybody r
Am 31.08.2016 um 11:32 schrieb Axb:
On 08/31/2016 11:25 AM, li...@rhsoft.net wrote:
Am 31.08.2016 um 11:15 schrieb Axb:
On 08/31/2016 10:57 AM, li...@rhsoft.net wrote:
Am 30.08.2016 um 22:03 schrieb John Hardin:
On Tue, 30 Aug 2016, Joseph Brennan wrote:
We've had errors the past 2
Am 31.08.2016 um 11:15 schrieb Axb:
On 08/31/2016 10:57 AM, li...@rhsoft.net wrote:
Am 30.08.2016 um 22:03 schrieb John Hardin:
On Tue, 30 Aug 2016, Joseph Brennan wrote:
We've had errors the past 2 nights for all of the uridnsbl_skip_domain
rules. It's just us?
It's been fixed, waiting
Am 30.08.2016 um 22:03 schrieb John Hardin:
On Tue, 30 Aug 2016, Joseph Brennan wrote:
We've had errors the past 2 nights for all of the uridnsbl_skip_domain
rules. It's just us?
It's been fixed, waiting for a new update to be generated by masscheck
i doubt that the process is working
Am 30.08.2016 um 21:56 schrieb Joseph Brennan:
We've had errors the past 2 nights for all of the uridnsbl_skip_domain
rules. It's just us?
no since there where yesterday at least two treads about this topic, the
first by me and AFAIR it should have been fixed last night but wasn't
which
Am 30.08.2016 um 18:54 schrieb Kris Deugau:
Nicola Piazzi wrote:
How to do it syncronously ?
It is not important to process a single mail in 5 or 50 seconds
4 me ss most important to reduce load
DNS lookups have essentially zero cost next to almost anything else SA
does
when it comes to
Am 30.08.2016 um 16:21 schrieb Nicola Piazzi:
When i shortcircuit a rule not all other are bypassed
Here an example ...
Local.cf :
priority BAYES_ZERO -980
shortcircuit BAYES_ZERO ham
the dns stuff is fired asynchronous long before bayes is even
Am 30.08.2016 um 02:45 schrieb John Hardin:
On Mon, 29 Aug 2016, Anthony Hoppe wrote:
I just learned about the sought ruleset via
https://wiki.apache.org/spamassassin/ImproveAccuracy. Is this ruleset
still actively maintained? I'm considering implementing it in my
environment, but want to
something with that "sandbox" seems to be wrong
##} uridnsbl_skip_domain_sandbox
the cron-mail below is from the daily "spamassassin --lint" for all
spamd instances and is way longer than below
Weitergeleitete Nachricht
Betreff: /usr/local/bin/spamfilter-check-config.sh
Am 18.08.2016 um 21:08 schrieb Jerry Malcolm:
On 8/18/2016 1:50 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:48 schrieb Jerry Malcolm:
This is encouraging. I looked up how to set recursion in Bind. It
looks like it's just requires adding a field to the options:
|allow-recursion { any
Am 18.08.2016 um 21:05 schrieb Jerry Malcolm:
I see the local.cf file, it is already configured with 'all report'.
But I looked at a msg that was flagged a spam. It doesn't have a report
header either. I guess it's possible that the JAMES invoker mailet is
stripping the headers. But I don't
Am 18.08.2016 um 20:48 schrieb Jerry Malcolm:
This is encouraging. I looked up how to set recursion in Bind. It
looks like it's just requires adding a field to the options:
|allow-recursion { any; }; |But it lists other options such as
allow-query, allow-query-cache, etc. Is recursion the
Am 18.08.2016 um 20:27 schrieb Jerry Malcolm:
On 8/18/2016 1:17 PM, li...@rhsoft.net wrote:
Am 18.08.2016 um 20:10 schrieb Jerry Malcolm:
Here is a pastebin.com link to an example uncaught spam message. SA
scored it a 4.7. http://pastebin.com/T1CfVgP4
useless without any headers which
Am 18.08.2016 um 20:18 schrieb Jerry Malcolm:
This is the X-Spam-Status header I got back on an uncaught spam. No,
hits=0.3 required=5.0. The spam was selling an all-in-one charger
we need the *report* header
What kind of DNS issues? I lease a server from Peer1 and use their name
Am 18.08.2016 um 20:10 schrieb Jerry Malcolm:
Here is a pastebin.com link to an example uncaught spam message. SA
scored it a 4.7. http://pastebin.com/T1CfVgP4
useless without any headers which would show the matching rules
including major mistakes like URIBL_BLOCKED
but even passing that
Am 16.08.2016 um 22:04 schrieb Benny Pedersen:
On 2016-08-16 21:52, li...@rhsoft.net wrote:
Am 16.08.2016 um 21:31 schrieb Benny Pedersen:
On 2016-08-16 13:57, RW wrote:
whitelist_from_dkim *@example.com *@example.net
should be sepearted line
why?
read perldoc
read spamassassin
Am 16.08.2016 um 21:31 schrieb Benny Pedersen:
On 2016-08-16 13:57, RW wrote:
whitelist_from_dkim *@example.com *@example.net
should be sepearted line
why?
blacklist_from *@example.com *@example.net
cant remember if that can be one line
as all whitelist_ and blacklist_ *it
Am 16.08.2016 um 10:47 schrieb Chris Lee:
Suppose there is a user someb...@example.com is on vacation and using 3rd party
SMTP server (w/o DKIM) for sending email.
I want temporary whitelist it to bypass DKIM checking.
he MUST NOT do that and so there is no justification handle whatever
Am 16.08.2016 um 10:30 schrieb Kevin Golding:
Probably even more of a performance nightmare, but possibly easier to
maintain could be something like:
header __FROM_EXAMPLECOM From:addr =~ /\@(example\.com)$/i
header __FROM_EXAMPLEORG From:addr =~ /\@( example\.org)$/i
header __FROM_EXAMPLENL
Am 15.08.2016 um 15:47 schrieb Benny Pedersen:
On 2016-08-15 15:30, Joe Quinn wrote:
If you reported it already, why are you still asking how?
not possible for me to run spamassassin -r here
one reason more to not post to *this list* at all instead a) complain at
rspamd and b) ask how
Am 15.08.2016 um 15:21 schrieb Benny Pedersen:
On 2016-08-15 15:16, Joe Quinn wrote:
Have you tried asking on either the rspamd or dnswl mailing lists?
why should i waste my time with it ?
i have reported spam to dnswl
why do you waste *our* time with it?
when you switch from SA to
Am 10.08.2016 um 12:00 schrieb Nicola Piazzi:
I wrote this simple plugin, mxpf
This plugin search B class of sender Ip Address and try to match B class of any
Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can
use MXPF_PASS to
Am 09.08.2016 um 18:08 schrieb Kevin Golding:
Based on what you're trying to do:
man dig
don't help, see below
or depending on your resolver possibly:
man drill
don't help, see below
Whilst I agree it is slightly more effort to set-up whitelisting by
looking up the details first it
Am 09.08.2016 um 17:39 schrieb RW:
On Tue, 9 Aug 2016 15:19:08 +
Nicola Piazzi top-posted:
I dont know if you want to find a solution of if you want to say why
i am searching one. Reason is this :
I have SPF_PASS, a variable that tell me that who send is proprietary
of that domain I KNOW
71 matches
Mail list logo
