RE: [WARNING] RE: Help with rule matching when it shouldn't

I figured out why my RETURNPATH rule was matching. My example was too sanitized and I was actually trying to find multiple domains in my regex. So it would always match due to the fact that it would always not equal the other domain I was looking for. From: Erickarlo Porro Sent: Wednesday,

RE: Help with rule matching when it shouldn't

I want to catch “yahoo” anywhere in the header so that it matches if its in the name or in the address. So I would want to match ya...@gmail.com Regarding "__RETURNPATH_IS", I have the rule set to “!~” so shouldn’t that rule only match if that header has anything but

Re: Help with rule matching when it shouldn't

On 20.03.24 06:44, Jimmy wrote: Regarding the example provided, the "__RETURNPATH_IS" rule should indeed be triggered since it matches "yahoo.com" in the return-path. If you're uncertain about the intended behavior of the rules, please clarify the requirements so we can adjust the rules

Re: Help with rule matching when it shouldn't

The correct syntax for the header rule should be: header __FROM_ADDRESS From:addr =~ /\@yahoo\.com/i This rule will specifically match email addresses containing "@yahoo.com" while excluding addresses like "ya...@gmail.com". Regarding the example provided, the "__RETURNPATH_IS" rule should

Help with rule matching when it shouldn't

Could someone help me figure out why my custom rule is matching when it should not be matching? This is my current setup: header __FROM_ADDRESS From =~ /yahoo/i header __RETURNPATH_IS Return-Path !~ /yahoo.com$/i meta NOT_IT (__FROM_ADDRESS && __RETURNPATH_IS) describe NOT_IT

Re: OT: Microsoft Breech

Il 19 marzo 2024 15:33:10 CET, Bill Cole ha scritto: >On 2024-03-19 at 09:51:04 UTC-0400 (Tue, 19 Mar 2024 08:51:04 -0500) >Thomas Cameron >is rumored to have said: > >> Does anyone else just block all traffic from *.onmicrosoft.com? > >Yes. No collateral damage noticed. That includes a

Re: OT: Microsoft Breech

On 3/19/24 09:52, Michael Storz wrote: Am 2024-03-19 14:51, schrieb Thomas Cameron: Does anyone else just block all traffic from *.onmicrosoft.com? I have literally NEVER gotten anything from that domain which is not obvious junk. We block and have a whitelist with 49 entries at the moment.

Re: OT: Microsoft Breech

Am 2024-03-19 14:51, schrieb Thomas Cameron: Does anyone else just block all traffic from *.onmicrosoft.com? I have literally NEVER gotten anything from that domain which is not obvious junk. We block and have a whitelist with 49 entries at the moment. Michael

Re: OT: Microsoft Breech

On 2024-03-19 at 09:51:04 UTC-0400 (Tue, 19 Mar 2024 08:51:04 -0500) Thomas Cameron is rumored to have said: > Does anyone else just block all traffic from *.onmicrosoft.com? Yes. No collateral damage noticed. That includes a system that has administrative and alerting role accounts which

Re: OT: Microsoft Breech

I am using this setup in my postfix main.cf. [obfuscated] is my actual key for spamhaus. smtpd_recipient_restrictions = check_sender_access regexp:/etc/postfix/sender_access permit_mynetworks permit_auth_destination permit_sasl_authenticated reject_rbl_client

RE: OT: Microsoft Breech

I am using spamcop and spamhaus to block. There are indeed outlook.com ip addresses that bounce. > > Does anyone else just block all traffic from *.onmicrosoft.com? I have > literally NEVER gotten anything from that domain which is not obvious junk. > > I set up postfix to just flat out

Re: OT: Microsoft Breech

Does anyone else just block all traffic from *.onmicrosoft.com? I have literally NEVER gotten anything from that domain which is not obvious junk. I set up postfix to just flat out refuse anything from that domain.[1] If I get any complaints, I may ease it up, but I was getting TONS of spam

Re: OT: Microsoft Breech

On 3/18/2024 10:13 PM, Jimmy wrote: It's possible that certain email accounts utilizing email services with easily guessable passwords were compromised, leading to abuse of the ".onmicrosoft.com " subdomain for sending spam via email. Well, there's (1) standard BEC,

Re: OT: Microsoft Breech

It's possible that certain email accounts utilizing email services with easily guessable passwords were compromised, leading to abuse of the ". onmicrosoft.com" subdomain for sending spam via email. I've observed an increase in the blocking of IPs belonging to Microsoft Corporation by the SpamCop

OT: Microsoft Breech

I've several customers whose accounts were used to send spam as a result of Microsoft's infrastructure breech. Curiously, NOBODY has received any breach notifications from Microsoft, despite personal information being compromised. What has anyone else experienced? Thanks, -- Jared Hall

Re: URIBL_SBL and spamhouse problem

natan skrev den 2024-03-15 09:30: Yes but this disable all URIBL_* where I use *.spamhouse.net i never asked you to add * now you know your own mistake, good weekend

Re: URIBL_SBL and spamhouse problem

Hi Yes but this disable all URIBL_* where I use *.spamhouse.net I have spamassassin-3.4.6 and URIBL_* works fine but payment is not so cool W dniu 14.03.2024 o 22:21, Benny Pedersen pisze: natan skrev den 2024-03-14 16:04: in 00_init_dns.cf: # dns_query_restriction (allow|deny) domain1

Re: URIBL_SBL and spamhouse problem

natan skrev den 2024-03-14 16:04: in 00_init_dns.cf: # dns_query_restriction (allow|deny) domain1 domain2 . dns_query_restriction allow dq.spamhaus.net dns_query_restriction deny zen.spamhaus.net ... In: /var/lib/spamassassin/3.004006/updates_spamassassin_org/ do not edit or add any new

Re: URIBL_SBL and spamhouse problem

W dniu 14.03.2024 o 13:13, Benny Pedersen pisze: natan skrev den 2024-03-14 12:20: I have disable only spamahause rules URIBL_SBL URIBL_CSS URIBL_SBL_A URIBL_CSS_A URIBL_ZEN_BLOCKED_OPENDNS URIBL_ZEN_BLOCKED URIBL_DBL_SPAM URIBL_DBL_PHISH  URIBL_DBL_MALWARE URIBL_DBL_BOTNETCC

Re: URIBL_SBL and spamhouse problem

natan skrev den 2024-03-14 12:20: I have disable only spamahause rules URIBL_SBL URIBL_CSS URIBL_SBL_A URIBL_CSS_A URIBL_ZEN_BLOCKED_OPENDNS URIBL_ZEN_BLOCKED URIBL_DBL_SPAM URIBL_DBL_PHISH URIBL_DBL_MALWARE URIBL_DBL_BOTNETCC URIBL_DBL_ABUSE_SPAM URIBL_DBL_ABUSE_REDIR URIBL_DBL_ABUSE_PHISH

URIBL_SBL and spamhouse problem

Hi Today I get e-mail from spamhouse "Hello Support, I recently sent over a email regarding IP addresses querying the Spamhaus threat feeds.  The mentioned IP addresses are actively querying our public mirrors, and exceeding our usage limits.  Checking our database, I’m unable to locate an

Re: [sa-list] BIMI pilot at Google

> On Jul 22, 2020, at 23:56, Luis E. Muñoz wrote: > > On 22 Jul 2020, at 23:14, Kevin A. McGrail wrote: > >> However, I have questions of adoption rate, impersonation concerns, >> anticompetitive concerns, and privacy concerns. This just sounds like a >> commercial tracking pixel but the

Re: SHTML file extension handling?

Hi! Loads of phishing is done that way. Having a shtml with a post command to whatever they want from you… usually banking/dhl … With kind regards, Raymond Dijkxhoorn > Op 12 mrt 2024 om 20:37 heeft Jared Hall via users > het volgende geschreven: > > Is there a use case for emailing

Re: SHTML file extension handling?

On 3/12/2024 4:04 PM, Benny Pedersen wrote: Jared Hall via users skrev den 2024-03-12 20:37: Is there a use case for emailing .shtml files, or can these just be simply discarded? i have seen .html attachment only reason i think its tryed was to skip url testing in spamassassin might be same

Re: SHTML file extension handling?

Jared Hall via users skrev den 2024-03-12 20:37: Is there a use case for emailing .shtml files, or can these just be simply discarded? i have seen .html attachment only reason i think its tryed was to skip url testing in spamassassin might be same for shtml i still have the clamav rule to

SHTML file extension handling?

Is there a use case for emailing .shtml files, or can these just be simply discarded? Thanks, -- Jared Hall

Re: What is up with Charter?

TRANS OCEAN RESOURCES MANAGEMENT is the owner of yamibuy and I'm pretty sure if you were to pick up the phone and call yamibuy's main office 1-800 407 9710 and get transferred to their IT group you would be able to get someone who cared enough to investigate. Ted

What is up with Charter?

I've not been able to report Abuse to Charter for several months now. When I do, I get this clever response saying: Spectrum> This email address is for reporting incidents of abuse coming from IP addresses registered to Charter Communications. Abuse from IP addresses not registered to

Re: Reporting Spam to csa-complai...@eco.de

It appears that Kirk Ismay said: >-=-=-=-=-=- > >I've got a lot of finance / political spam that is passing through all >filters because it's DKIM signed and using an email provider >(salesforce.com & others).   One thing they do include is a >X-CSA-Complaints: csa-complai...@eco.de header,

Reporting Spam to csa-complai...@eco.de

I've got a lot of finance / political spam that is passing through all filters because it's DKIM signed and using an email provider (salesforce.com & others).   One thing they do include is a X-CSA-Complaints: csa-complai...@eco.de header, which looks legit. Has anyone had success with

Re: localhost lookups ?

I see this in live mail, sent by RFC clueless administrators, causing business mail to be either rejected or quarantined. On production systems, the good mail server should self-discipline and fail hard, compelling the system administrator to take action. Original Message On

Re: localhost lookups ?

On 2024-02-24 00:26, Matija Nalis wrote: On Fri, Feb 23, 2024 at 06:43:53PM -0500, J Doe wrote: 23-Feb-2024 18:33:02.422 queries: info: (localhost.ca): query: localhost.ca IN +E(0) (127.0.0.1) 23-Feb-2024 18:33:02.422 queries: info: (localhost): query: localhost IN +E(0)

Re: localhost lookups ?

On Fri, Feb 23, 2024 at 06:43:53PM -0500, J Doe wrote: > 23-Feb-2024 18:33:02.422 queries: info: (localhost.ca): query: > localhost.ca IN +E(0) (127.0.0.1) > > 23-Feb-2024 18:33:02.422 queries: info: (localhost): query: localhost IN > +E(0) (127.0.0.1) > What's interesting is that this

localhost lookups ?

Hello, I am running SA 4.0.0 on a low volume mail server. When SA begins evaluating a message to determine whether or not it's spam, I see the following DNS queries on my caching resolver: 23-Feb-2024 18:33:02.364 queries: info: (localhost.ca): query: localhost.ca IN +E(0) (127.0.0.1)

pushing up text rendering

Hi everybody... To my knowledge when SA renders the html part of the email, it just remove HTML tags and present results. Ok so far. But what if there is invisible text inside HTML tags due to its css style? example to hide the word HOLA Hkkdelavaca OkkdelavacaLkkdelavaca A so rendered text is:

Community Over Code Asia 2024 Travel Assistance Applications now open!

Hello to all users, contributors and Committers! The Travel Assistance Committee (TAC) are pleased to announce that travel assistance applications for Community over Code Asia 2024 are now open! We will be supporting Community over Code Asia, Hangzhou, China July 26th - 28th, 2024. TAC exists

Re: Callout verification with SpamAssassin ?

On Mon, Feb 19, 2024 at 02:38:03PM -0500, Bill Cole wrote: > On 2024-02-18 at 18:40:45 UTC-0500 (Mon, 19 Feb 2024 00:40:45 +0100) > Matija Nalis is rumored to have said: > > - Firsty: yes, I'm fully aware of all issues associated with > > https://en.wikipedia.org/wiki/Callout_verification > >

Re: Callout verification with SpamAssassin ?

On 2024-02-18 at 18:40:45 UTC-0500 (Mon, 19 Feb 2024 00:40:45 +0100) Matija Nalis is rumored to have said: Preface: - Firsty: yes, I'm fully aware of all issues associated with https://en.wikipedia.org/wiki/Callout_verification (and there is a LOT of them!) Which is why SA does not

Re: Plugin fo content modification

On 2024-02-19 at 07:37:03 UTC-0500 (Mon, 19 Feb 2024 12:37:03 + (UTC)) Pedro David Marco via users is rumored to have said: Hi everybody... Does anyone know of a plugin for content modification? Such a thing is not possible in SA, because SA has no mechanism for arbitrary content

Re: unsubscribe

On 19.02.24 15:03, Dejan Doder wrote: Please unsubscribe me from list We can't, the process is user-driven. send mail to users-unsubscr...@spamassassin.apache.org and confirm in the confirmation mail that will be sent to tou. -- Matus UHLAR - fantomas, uh...@fantomas.sk ;

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

Please unsubscribe me from list On Mon, Feb 19, 2024 at 2:51 PM wrote: > >>If you do, it's anyway disabled on --lint. > > > > It does not matter what happens when you use --lint, because it skips > > network checks, including DCC. > > Yes, that's what I said. It's disabled on --lint. > >

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

>>If you do, it's anyway disabled on --lint. > > It does not matter what happens when you use --lint, because it skips > network checks, including DCC. Yes, that's what I said. It's disabled on --lint. >>spamassassin --prefs-file=/etc/spamassassin/local.cf -D 2> tmp.out < >>~/test.eml > > I

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

and these indicate DCC is available. I have "loadplugin Mail::SpamAssassin::Plugin::DCC" in /etc/spamassassin/v310.pre - try uncommenting it there. On 19.02.24 08:17, glad.tent3...@fastmail.com wrote: If you do, it's anyway disabled on --lint. It does not matter what happens when you use

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

> and these indicate DCC is available. > > I have "loadplugin Mail::SpamAssassin::Plugin::DCC" in > /etc/spamassassin/v310.pre > > - try uncommenting it there. If you do, it's anyway disabled on --lint. grep "loadplugin Mail::SpamAssassin::Plugin::DCC" `grep -rlni "loadplugin

Re: Plugin fo content modification

On 19.02.24 12:47, Pedro David Marco via users wrote: Yea Mattus, thanks  i know it very well just wondering whether someone tried it before or not via plugins... not with spamassassin. Perhaps filters like amavis, mimedefang, milter-regex or similar support this. On Monday,

Re: Plugin fo content modification

Yea Mattus, thanks  i know it very well just wondering whether someone tried it before or not via plugins... Thanks again! Pedro. On Monday, February 19, 2024 at 01:42:46 PM GMT+1, Matus UHLAR - fantomas wrote: On 19.02.24 12:37, Pedro David Marco via users wrote: >Does anyone

Re: Plugin fo content modification

On 19.02.24 12:37, Pedro David Marco via users wrote: Does anyone know of a plugin for content modification? SpamAssassin detects spam, it is not designed to tho content modification. an example, i want to change the word 'sex'   for '---'    Anyway, this is a bad idea, for example you can

Plugin fo content modification

Hi everybody... Does anyone know of a plugin for content modification? an example, i want to change the word 'sex'   for '---'    Thanks in adavance, Pedro.

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

On 18.02.24 14:21, glad.tent3...@fastmail.com wrote: I'm hoping someone can help troubleshooting using DCC in SpamAssassin. My setup isn't populating the "X-Spam-DCC: : " header. I configured SpamAssassin to use DCC cat local.cf ... loadplugin

Callout verification with SpamAssassin ?

Preface: - Firsty: yes, I'm fully aware of all issues associated with https://en.wikipedia.org/wiki/Callout_verification (and there is a LOT of them!) - I'm not looking for debate about general usefulness of Callout verification (and the system for which it is being investigated is not

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

> Try this command for some real mail.eml > >spamassassin --prefs-file=/etc/spamassassin/local.cf -D dcc X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on mail.MYDOMAIN.COM X-Spam-Scanned: spamd.mail.MYDOMAIN.COM X-Spam-Status: No,

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

Try this command for some real mail.eml     spamassassin --prefs-file=/etc/spamassassin/local.cf -D dcc Feb 18 21:10:36.754 [801727] warn: netset: cannot include 127.0.0.0/8 as it has already been included Feb 18 21:10:36.758 [801727] warn: netset: cannot include 172.16.0.0/12 as it has

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

Hello, >  try to increase dcc_timeout. > > # this works for me > use_dcc 1 > dcc_home /var/dcc > dcc_path /usr/local/bin/dccproc > dcc_timeout 16 > add_header all DCC _DCCB_:_DCCR_ I tried values of 16, 30 & 100. Same as before unfortunately. No errors that I can see. Just no headers

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

Hello,  try to increase dcc_timeout. # this works for me use_dcc 1 dcc_home /var/dcc dcc_path /usr/local/bin/dccproc dcc_timeout 16 add_header all DCC _DCCB_:_DCCR_ Martin Hello, I'm hoping someone can help troubleshooting using DCC in SpamAssassin. My setup isn't populating the

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

On Sun, Feb 18, 2024, at 2:47 PM, Bill Cole wrote: > On 2024-02-18 at 14:21:41 UTC-0500 (Sun, 18 Feb 2024 14:21:41 -0500) > > is rumored to have said: > >> Feb 18 11:18:06.796 [6905] dbg: dcc: local tests only, >> disabling DCC > > That seems like a clear explanation: your

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

On 2024-02-18 at 14:21:41 UTC-0500 (Sun, 18 Feb 2024 14:21:41 -0500) is rumored to have said: Feb 18 11:18:06.796 [6905] dbg: dcc: local tests only, disabling DCC That seems like a clear explanation: your configuration has disabled 'net' tests. You seem to have

SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

Hello, I'm hoping someone can help troubleshooting using DCC in SpamAssassin. My setup isn't populating the "X-Spam-DCC: : " header. I installed SpamAssassin 4.0.0 spamassassin -V SpamAssassin version 4.0.0 running on Perl version 5.38.2 I run Postfix

Re: Yahoo's DMARC reports fail DMARC themselves

You are seing it yourself. Their e-mails fail SPF allignment, SPF authentication and DKIM authentication. As a consequence, they fail DMARC. The reports I receive pass DMARC with header.from=dmarc.yahoo.com.

Re: Yahoo's DMARC reports fail DMARC themselves

cyber spaking -> cyber spanking --- The Grammar Nazi in me Original Message On Feb 16, 2024, 12:12, Rupert Gallagher wrote: > You are seing it yourself. Their e-mails fail SPF allignment, SPF > authentication and DKIM authentication. As a consequence, they fail DMARC. > > I

Yahoo's DMARC reports fail DMARC themselves

You are seing it yourself. Their e-mails fail SPF allignment, SPF authentication and DKIM authentication. As a consequence, they fail DMARC. I see a deluge of DMARC failures, mostly from forwarding accounts, mailing lists, and the mass mailer musvc.com I do not have the resources to contact

Re: Problem installing Spamassassin 4.0.0 on Ubuntu 23.10 Server

On Wed, 2024-02-14 at 09:59 +0100, Matus UHLAR - fantomas wrote: > > > > On Feb 14, 2024, at 06:12, Ken Wright > > > > wrote: > > > > > > > > I've built a mail server and I wanted to include Spamassasin.  > > > > As noted above, the machine is running Ubuntu Server 23.10, so > > > > I started

Re: Problem installing Spamassassin 4.0.0 on Ubuntu 23.10 Server

> On Feb 14, 2024, at 06:12, Ken Wright > wrote: > > I've built a mail server and I wanted to include Spamassasin.  As > noted above, the machine is running Ubuntu Server 23.10, so I > started with > >   sudo apt install spamassassin spamc > > but I can't start the spamassassin.service; the

Re: Problem installing Spamassassin 4.0.0 on Ubuntu 23.10 Server

On Wed, 2024-02-14 at 06:15 +0100, Niels Kobschätzki wrote: > > > On Feb 14, 2024, at 06:12, Ken Wright > > wrote: > > > > I've built a mail server and I wanted to include Spamassasin.  As > > noted above, the machine is running Ubuntu Server 23.10, so I > > started with > > > >   sudo apt

Re: Problem installing Spamassassin 4.0.0 on Ubuntu 23.10 Server

On Feb 14, 2024, at 06:12, Ken Wright wrote: I've built a mail server and I wanted to include Spamassasin. As noted above, the machine is running Ubuntu Server 23.10, so I started with sudo apt install spamassassin spamc but I can't start the spamassassin.service; the error message I get

Re: Problem installing Spamassassin 4.0.0 on Ubuntu 23.10 Server

> On Feb 14, 2024, at 06:12, Ken Wright wrote: > > I've built a mail server and I wanted to include Spamassasin. As noted > above, the machine is running Ubuntu Server 23.10, so I started with > > sudo apt install spamassassin spamc > > but I can't start the spamassassin.service; the

Problem installing Spamassassin 4.0.0 on Ubuntu 23.10 Server

I've built a mail server and I wanted to include Spamassasin. As noted above, the machine is running Ubuntu Server 23.10, so I started with sudo apt install spamassassin spamc but I can't start the spamassassin.service; the error message I get when I run sudo systemctl start

Re: FORGED_HOTMAIL_RCVD2

On 1/26/24 12:15, Matus UHLAR - fantomas wrote: On 26.01.24 11:03, Rupert Gallagher wrote: Subject: FORGED_HOTMAIL_RCVD2 Rule broken. Please update. can you provide more info, perhaps headers? header FORGED_HOTMAIL_RCVD2 eval:check_for_no_hotmail_received_headers() I´ve found a

DecodeShortURI problems

Hi! I recently checked the performance of the DecodeShortURI Plugin an noticed some oddities: *) snip.ly seems to need url_shortener_get *) fb.me always responds with 200 even with GET and User-Agent set *) t.co seems to respond with 200 if User-Agent is a "valid" Browser, but with 30x

unsubscribe

Re: QR code phish?

On Thu, Feb 1, 2024 at 5:01 PM Kevin A. McGrail mailto:kmcgr...@apache.org>> wrote:    Hi Alex, we are definitely seeing them.  There is code in trunk for this    with one of the plugins and rules in the KAM ruleset using the new    code.  LMK if you need more info. On 2/4/24 18:56, Alex

Re: QR code phish?

On 2/5/24 09:49, Matus UHLAR - fantomas wrote: On Thu, Feb 1, 2024 at 5:01 PM Kevin A. McGrail mailto:kmcgr...@apache.org>> wrote:    Hi Alex, we are definitely seeing them.  There is code in trunk for this    with one of the plugins and rules in the KAM ruleset using the new    code.  LMK if

Re: QR code phish?

On Thu, Feb 1, 2024 at 5:01 PM Kevin A. McGrail mailto:kmcgr...@apache.org>> wrote: Hi Alex, we are definitely seeing them.  There is code in trunk for this with one of the plugins and rules in the KAM ruleset using the new code.  LMK if you need more info. On 2/4/24 18:56, Alex

Re: QR code phish?

On 2/4/24 18:56, Alex wrote: Hi, On Thu, Feb 1, 2024 at 5:01 PM Kevin A. McGrail mailto:kmcgr...@apache.org>> wrote: Hi Alex, we are definitely seeing them.  There is code in trunk for this with one of the plugins and rules in the KAM ruleset using the new code.  LMK if you need

Re: QR code phish?

Hi, On Thu, Feb 1, 2024 at 5:01 PM Kevin A. McGrail wrote: > Hi Alex, we are definitely seeing them. There is code in trunk for this > with one of the plugins and rules in the KAM ruleset using the new > code. LMK if you need more info. > It looks like it's tied to the Raptor service and the

Community over Code EU 2024 Travel Assistance Applications now open!

Hello to all users, contributors and Committers! The Travel Assistance Committee (TAC) are pleased to announce that travel assistance applications for Community over Code EU 2024 are now open! We will be supporting Community over Code EU, Bratislava, Slovakia, June 3th - 5th, 2024. TAC exists

[no subject]

Hello to all users, contributors and Committers! The Travel Assistance Committee (TAC) are pleased to announce that travel assistance applications for Community over Code EU 2024 are now open! We will be supporting Community over Code EU, Bratislava, Slovakia, June 3th - 5th, 2024. TAC exists

Re: QR code phish?

Hi Alex, we are definitely seeing them.  There is code in trunk for this with one of the plugins and rules in the KAM ruleset using the new code.  LMK if you need more info. On 2/1/2024 4:06 PM, Alex wrote: Hi, I'm just wondering if there is any mechanism for detecting and blocking QR code

QR code phish?

Hi, I'm just wondering if there is any mechanism for detecting and blocking QR code emails? Would that require using image detection? Perhaps instead it's a database of known malicious QR codes? Has anyone even really seen any?

mimeheader multiple?

SA 3.4.6. Is there any way to create a rule that hits emails with duplicate filename attachments? MAIN HEADER DECLARATION: Content-Type: multipart/mixed; boundary="=-6aIz+S039AYG/4raFdExeg==" BODY PART MIME HEADERS: --=-6aIz+S039AYG/4raFdExeg== Content-Type:

Re: Bayes "corpus" - how old?

On 2024-01-31 at 08:16:13 UTC-0500 (Wed, 31 Jan 2024 14:16:13 +0100) Matus UHLAR - fantomas is rumored to have said: On 2024-01-30 at 12:08:18 UTC-0500 (Tue, 30 Jan 2024 18:08:18 +0100) Matus UHLAR - fantomas is rumored to have said: [...] autolearn may help if your DB is well maintained,

Re: Bayes "corpus" - how old?

On 2024-01-30 at 12:08:18 UTC-0500 (Tue, 30 Jan 2024 18:08:18 +0100) Matus UHLAR - fantomas is rumored to have said: [...] autolearn may help if your DB is well maintained, although I have disabled nearly all rules with negative scores, like RCVD_IN_DNSWL_* RCVD_IN_IADB_* DKIMWL_WL_*

Re: Bayes "corpus" - how old?

On 2024-01-30 at 12:08:18 UTC-0500 (Tue, 30 Jan 2024 18:08:18 +0100) Matus UHLAR - fantomas is rumored to have said: [...] autolearn may help if your DB is well maintained, although I have disabled nearly all rules with negative scores, like RCVD_IN_DNSWL_* RCVD_IN_IADB_* DKIMWL_WL_*

Re: Bayes "corpus" - how old?

On 30.01.24 09:59, joe a wrote: Advisable to "prune" Bayes data based on age? While cleaning up recent Ham/Spam, found my "saved SPAM" goes back to 2013. Why that's over . . . wait, I need to take off my socks . . . So, how old is "too old".  For saved SPAM? On 1/30/2024 10:58:52, Matus

Re: Bayes "corpus" - how old?

On 1/30/2024 10:58:52, Matus UHLAR - fantomas wrote: On 30.01.24 09:59, joe a wrote: Advisable to "prune" Bayes data based on age? While cleaning up recent Ham/Spam, found my "saved SPAM" goes back to 2013. Why that's over . . . wait, I need to take off my socks . . . So, how old is "too

Re: Bayes "corpus" - how old?

On 2024-01-30 at 09:59:52 UTC-0500 (Tue, 30 Jan 2024 09:59:52 -0500) joe a is rumored to have said: Advisable to "prune" Bayes data based on age? Yes. That is why it has an expiration model. Expiration may be de facto blocked on some busy systems so you may need to explicitly force it

Re: Bayes "corpus" - how old?

On 30.01.24 09:59, joe a wrote: Advisable to "prune" Bayes data based on age? While cleaning up recent Ham/Spam, found my "saved SPAM" goes back to 2013. Why that's over . . . wait, I need to take off my socks . . . So, how old is "too old". For saved SPAM? I did retrain on old spam a

Re: install SA p a i n f u l l

On 2024-01-29 at 23:06:07 UTC-0500 (Tue, 30 Jan 2024 14:06:07 +1000) Nick Edwards is rumored to have said: omfg even killing it, then having to kill every individual sub process manually... re run using -f and it still loops and times out. very braindead install process. looks like there

Bayes "corpus" - how old?

Advisable to "prune" Bayes data based on age? While cleaning up recent Ham/Spam, found my "saved SPAM" goes back to 2013. Why that's over . . . wait, I need to take off my socks . . . So, how old is "too old". For saved SPAM?

Re: install SA p a i n f u l l

On 30.01.24 13:36, Nick Edwards wrote: Set up a new server today, took no time in postfix dovecot and amavisd, apache roundcube, and everything, then came spamassassin thankfully I chose to install this whilst we left for lunch, but 45mins later to my horror it was still trying to install,

Re: install SA p a i n f u l l

omfg even killing it, then having to kill every individual sub process manually... re run using -f and it still loops and times out. very braindead install process. looks like there is no way for spamassassin to install, I never recall having this problem ever before on all 3.x versions, but

install SA p a i n f u l l

Venting Set up a new server today, took no time in postfix dovecot and amavisd, apache roundcube, and everything, then came spamassassin thankfully I chose to install this whilst we left for lunch, but 45mins later to my horror it was still trying to install, why? because its tests failed for

Re: Adding IP to report

So there is no solution to this? Is it possible to add the IP as an argument to a rule's Describe, using something like $1 for the detected regex value? If so, how would this be implemented? An actual exemple is FREEMAIL_ENVFROM_END_DIGIT which has a description such as

Re: FORGED_HOTMAIL_RCVD2

On 26.01.24 11:03, Rupert Gallagher wrote: Subject: FORGED_HOTMAIL_RCVD2 Rule broken. Please update. can you provide more info, perhaps headers? header FORGED_HOTMAIL_RCVD2 eval:check_for_no_hotmail_received_headers() -- Matus UHLAR - fantomas, uh...@fantomas.sk ;

FORGED_HOTMAIL_RCVD2

Rule broken. Please update.

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, 2024-01-19 at 15:15 +0100, Benny Pedersen wrote: > Byung-Hee HWANG skrev den 2024-01-19 11:12: > > > I rely on DNSWL for the reputable MX. > > if repution is 100% needed we all have to make local rescore on all > local mails, since repution is to be local, not external just > > i

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, 19 Jan 2024, Thomas Cameron wrote: On 1/19/24 16:32, Byung-Hee HWANG wrote: There is a filtering rule in Gmail: *Never send it to Spam* I apply that rule to extremely important emails such as debian-bugs- dist and debian-devel-announce. You know that. I know that. But trying to

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/19/24 16:32, Byung-Hee HWANG wrote: There is a filtering rule in Gmail: *Never send it to Spam* I apply that rule to extremely important emails such as debian-bugs- dist and debian-devel-announce. You know that. I know that. But trying to explain to the board members I'm helping out

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hellow Thomas, > But it drops it into the spam folder every time. So when I'm sending > emails to someone's alias, they have to check their spam folder. Even > when they mark it as "not spam," GMail still drops it into the spam > folder. It's very frustrating. > There is a filtering rule in

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/19/24 14:33, Matija Nalis wrote: You would need to encourage at least several of the recepients (the more the better) to click on "Not spam" button on GMail on such mails. Then it will (eventually) start accepting them normally. Yup, that's basically what I've been doing. see e.g.

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, Jan 19, 2024 at 10:37:13AM -0600, Thomas Cameron wrote: > The forwarded email is being *accepted* by GMail. My issue now is that GMail > drops it into the recipient's spam folder. I suspect it's a reputation > thing. Once the server is up and running for a while, I'm hoping that GMail >

<    1   2   3   4   5   6   7   8   9   10   >