Re: Bayes Stopword

Config line produces a syntax error for me: config: failed to parse line in /etc/mail/spamassassin/local.cf (line 1): bayes_stopword_th Could you share the word list in utf8 ? I tried adding "บาท" to https://raw.githubusercontent.com/stopwords-iso/stopwords-th/master/stopwords-th.txt and it

Re: missing something in new SA config

what is in the /etc/mail/spamassassin/.razor/razor-agent.conf ? debuglevel = 3 identity   = identity ignorelist = 0 listfile_catalogue = servers.catalogue.lst listfile_discovery = servers.discovery.lst listfile_nomination    =

Re: Bayes Stopword

bayes_stopword_th https://pastebin.pl/view/0838138d Sample mail https://pastebin.pl/view/e5a2c5b8 Jimmy On Thu, Dec 28, 2023 at 10:59 PM wrote: > Could you share a config line and a sample you are using ? > Giovanni > > On 12/28/23 16:26, Jimmy wrote: > > Yes, I have done that, and I am

Re: Bayes Stopword

Could you share a config line and a sample you are using ? Giovanni On 12/28/23 16:26, Jimmy wrote: Yes, I have done that, and I am also editing Plugin/Bayes.pm to investigate why it is not being skipped. I suspect that if words are not separated by spaces, longer words may not match those

Re: Bayes Stopword

Yes, I have done that, and I am also editing Plugin/Bayes.pm to investigate why it is not being skipped. I suspect that if words are not separated by spaces, longer words may not match those patterns. Jimmy On Thu, Dec 28, 2023 at 10:13 PM wrote: > "spamassassin -D bayes" will tell you, you

Re: Bayes Stopword

"spamassassin -D bayes" will tell you, you should see a line like: bayes: skipped token 'from' because it's in stopword list for language 'en' Giovanni On 12/28/23 15:45, Jimmy wrote: The pattern has successfully passed the test script, but it needs to check whether Bayes learning will

Re: Bayes Stopword

The pattern has successfully passed the test script, but it needs to check whether Bayes learning will identify and possibly exclude the word from matching this pattern. Thank you. On Thu, Dec 28, 2023 at 9:22 PM wrote: > On 12/28/23 12:59, Jimmy wrote: > > Hi, > > > > I'm seeking assistance

Re: Bayes Stopword

On 12/28/23 12:59, Jimmy wrote: Hi, I'm seeking assistance in incorporating a stopword for Asian languages in Unicode. Although I possess comprehensive word lists, my attempts to generate a regex pattern and test it have been unsuccessful; the pattern fails to match or skips tokens in the

Bayes Stopword

Hi, I'm seeking assistance in incorporating a stopword for Asian languages in Unicode. Although I possess comprehensive word lists, my attempts to generate a regex pattern and test it have been unsuccessful; the pattern fails to match or skips tokens in the newly added stopword list. I created

Re: Beginner Setting up Spam Assassin

On 27.12.23 16:53, FalconChristopher wrote: Hi, I want to setup Spam Assassin so that any email that Spam Assassin flags as spam this is spamassassin's job gets placed into a folder for a specific SMTP or IMAP email account. this is not spamassassin's job. It's job of mail delivery agent -

Re: missing something in new SA config

On 27.12.23 10:30, AJ Weber wrote: Migrating a mailserver with SA and I see this in my log when testing: spamd[30912]: razor2: razor2 check failed: No such file or directory razor2: Can't read: /var/lib/razor/ at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Razor2.pm line 331. My

Beginner Setting up Spam Assassin

Hi, I want to setup Spam Assassin so that any email that Spam Assassin flags as spam gets placed into a folder for a specific SMTP or IMAP email account. Then if Spam Assassin flags emails that are not spam I can tell it which of those emails to not place into the spam folder for the specific

Re: missing something in new SA config

Thanks for the reply. SA v3.4.6 razor is installed: optional module installed: Razor2::Client::Agent, version 2.84 razor plugin is enabled in v310.pre: loadplugin Mail::SpamAssassin::Plugin::Razor2 I don't see any "logs" in the first page of the lint output. Would you be so kind as to

Re: missing something in new SA config

AJ Weber skrev den 2023-12-27 16:30: Migrating a mailserver with SA and I see this in my log when testing: spamd[30912]: razor2: razor2 check failed: No such file or directory razor2: Can't read: /var/lib/razor/ at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Razor2.pm line 331.

missing something in new SA config

Migrating a mailserver with SA and I see this in my log when testing: spamd[30912]: razor2: razor2 check failed: No such file or directory razor2: Can't read: /var/lib/razor/ at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/Razor2.pm line 331. My local.cf has the following:

Re: Bayes always reject.

> From: Pierluigi Frullani > Date: Wed, 13 Dec 2023 07:49:24 +0100 > > Hello all, > I'm facing a strange problem. ... > tests=BAYES_95,MISSING_DATE,MISSING_HEADERS,NO_RECEIVED,NO_RELAYS,T_SCC_BODY_TEXT_LINE How did you feed this message into SpamAssassin? Did you do something to strip

Re: Bayes always reject.

On 2023-12-13 at 01:49:24 UTC-0500 (Wed, 13 Dec 2023 07:49:24 +0100) Pierluigi Frullani is rumored to have said: Hello all, I'm facing a strange problem. Not really. MANY people run into this issue... I've feed the bayes db for a while and now I would like to put it in use but all

Bayes always reject.

Hello all, I'm facing a strange problem. I've feed the bayes db for a while and now I would like to put it in use but all messages get a BAYES_99 and very high spam point. I would like to understand why, and troubleshoot this problem but I can't find a way. Spamassassin version is: root@puma:~#

Re: some problem with spam

Hi thenx i try in this ruleset W dniu 12.12.2023 o 14:59, Jimmy pisze: These rules should matched rawbody __DOUBLE_HTML /<\/a>\s*/ uri           __LONG_LINK_URL  /https?:\/\/.{50,128}\.[a-z]{2,}\/\.[a-z]{2,}\//i On Tue, Dec 12, 2023 at 8:44 PM natan wrote: Hi Thenx but link is

Re: some problem with spam

These rules should matched rawbody __DOUBLE_HTML /<\/a>\s*/ uri __LONG_LINK_URL /https?:\/\/.{50,128}\.[a-z]{2,}\/\.[a-z]{2,}\//i On Tue, Dec 12, 2023 at 8:44 PM natan wrote: > Hi > Thenx but link is random too like: > > https://paste.debian.net/1300874/ > > > W dniu 12.12.2023

Re: some problem with spam

Hi Thenx but link is random too like: https://paste.debian.net/1300874/ W dniu 12.12.2023 o 12:21, Jimmy pisze: uri     __ADB_CPN_LINK /\.campaign\.adobe\.com\/r\/\?/ rawbody __IMG_SRC_CID   /Establishing a rule for "CONFIDENTIALITY NOTICE" is ineffective, it can be false positive. Since I

Re: some problem with spam

uri __ADB_CPN_LINK /\.campaign\.adobe\.com\/r\/\?/ rawbody __IMG_SRC_CID / wrote: > Hi > I have a SpamAssassin version 3.4.6 > > And I try resolv two problem > > 1)I put eml with spam and learn SA like: > sa-learn --spam /root/spamik/ > > In /root/spamik/ is 4 e-mail > Worsk great but after

some problem with spam

Hi I have a SpamAssassin version 3.4.6 And I try resolv two problem 1)I put eml with spam and learn SA like: sa-learn --spam /root/spamik/ In /root/spamik/ is 4 e-mail Worsk great but after 7 day i must learn agin like SA forgot what he learned 2)I have a problem with one type a spam like:

Re: long delay with the new rules from 8 dec

On 2023-12-08 at 05:43:28 UTC-0500 (Fri, 8 Dec 2023 11:43:28 +0100) Mickaël Maillot is rumored to have said: forget what i say, it was a DNS issue unrelated to the updated rules. An example of the Basic Axiom of System Administration: It is *ALWAYS* DNS. Le ven. 8 déc. 2023 à

Re: long delay with the new rules from 8 dec

forget what i say, it was a DNS issue unrelated to the updated rules. Le ven. 8 déc. 2023 à 11:00, Mickaël Maillot a écrit : > Hi, > > I just want to notify you that the new rules take lots more times, > i updated my rules from 5/12 to 8/12 and now in my maillog, i see a lot's > of: >

long delay with the new rules from 8 dec

Hi, I just want to notify you that the new rules take lots more times, i updated my rules from 5/12 to 8/12 and now in my maillog, i see a lot's of: tests_pri_-100: 21005 tests_pri_-100: 14165 tests_pri_-100: 17684 tests_pri_-100: 23094 reverted the ruleset back to 5/12 and it's back to 200 ~

Re: proper use of internal_networks?

"Dan Mahoney (Gushi)" writes: Hey there all, Recently, we noticed that one of our system's "cron" mails started getting caught by our spam filter (because it had lots of hostnames in it about failed ssh logins, which the uribl plugin didn't like). This system is listed (v4 and v6) in

Re: proper use of internal_networks?

"Dan Mahoney (Gushi)" writes: > Hey there all, > > Recently, we noticed that one of our system's "cron" mails started > getting caught by our spam filter (because it had lots of hostnames in > it about failed ssh logins, which the uribl plugin didn't like). > > This system is listed (v4 and v6)

proper use of internal_networks?

Hey there all, Recently, we noticed that one of our system's "cron" mails started getting caught by our spam filter (because it had lots of hostnames in it about failed ssh logins, which the uribl plugin didn't like). This system is listed (v4 and v6) in trusted_networks -- and it sends it

Re: Building Red Hat Rawhide SA 4.0.0 package for RHEL/CentOS 7

On 12/6/2023 5:19 AM, Benny Pedersen wrote: can't procmail use X-Spam-Flag ? I think the reason I run it twice is that the mimedefang invocation doesn't have access to personal Bayes data. When it runs, it's not yet known what user(s) the mail is destined for.

Re: Building Red Hat Rawhide SA 4.0.0 package for RHEL/CentOS 7

Kenneth Porter skrev den 2023-12-06 08:25: On 12/5/2023 10:57 PM, Benny Pedersen wrote: mimedefang does not use spamd, you only need either spamassassin only with spamd or mimedefang with spamassassin not running spamd It's a small server so I can afford to run SA twice, once at the MTA

Re: Building Red Hat Rawhide SA 4.0.0 package for RHEL/CentOS 7

On Tue, 2023-12-05 at 23:25 -0800, Kenneth Porter wrote: > On 12/5/2023 10:57 PM, Benny Pedersen wrote: > > mimedefang does not use spamd, you only need either spamassassin > > only > > with spamd or mimedefang with spamassassin not running spamd > > It's a small server so I can afford to run

Re: Building Red Hat Rawhide SA 4.0.0 package for RHEL/CentOS 7

On 12/6/23 08:25, Kenneth Porter wrote: On 12/5/2023 10:57 PM, Benny Pedersen wrote: mimedefang does not use spamd, you only need either spamassassin only with spamd or mimedefang with spamassassin not running spamd It's a small server so I can afford to run SA twice, once at the MTA level

Re: Building Red Hat Rawhide SA 4.0.0 package for RHEL/CentOS 7

On 12/5/2023 10:57 PM, Benny Pedersen wrote: mimedefang does not use spamd, you only need either spamassassin only with spamd or mimedefang with spamassassin not running spamd It's a small server so I can afford to run SA twice, once at the MTA level through mimedefang (which can potentially

Re: Building Red Hat Rawhide SA 4.0.0 package for RHEL/CentOS 7

Kenneth Porter skrev den 2023-12-06 00:29: After installing the package, I found I needed to manually restart spamd and also mimedefang with: # systemctl restart spamassassin # systemctl restart mimedefang After that I saw errors from my nightly sa-learn jobs about a missing HashCash module.

Re: Building Red Hat Rawhide SA 4.0.0 package for RHEL/CentOS 7

After installing the package, I found I needed to manually restart spamd and also mimedefang with: # systemctl restart spamassassin # systemctl restart mimedefang After that I saw errors from my nightly sa-learn jobs about a missing HashCash module. I checked for a .rpmnew file in

Re: sa-learn on an Exchange public folder

Does anything "speak" against just fetching the message from said folder (ex getmail or fetchmail) and feed them to sa-learn? At least for getmail one can define a filter section which then calls sa-learn and give it the message for learning. I use a getmail config like this [retriever] type =

Re: sa-learn on an Exchange public folder

On 2023-12-03 at 14:58:36 UTC-0500 (Sun, 3 Dec 2023 20:58:36 +0100) Emmanuel Seyman is rumored to have said: Hello all. I've set up SA at $WORK and now want to train the bayesian classifier. To that end, a public folder has been setup on our Exchange server and I want to run sa-learn on any

Re: sa-learn on an Exchange public folder

Kris Deugau skrev den 2023-12-04 18:23: Fair warning, I gave up on using IMAP for feeding Bayes locally because it started to glitch out and fail for no reason I could see. But the mailboxes I'm learning from are maildir on a *nix platform, not whatever black box Exchange hides things in.

Re: sa-learn on an Exchange public folder

Emmanuel Seyman wrote: Hello all. I've set up SA at $WORK and now want to train the bayesian classifier. To that end, a public folder has been setup on our Exchange server and I want to run sa-learn on any email that is transferred to it. I'm guessing this is a popular thing to do and that

Building Red Hat Rawhide SA 4.0.0 package for RHEL/CentOS 7

I want to relate my experience in packaging the latest RH RPM for CentOS 7: I first checked out the package sources from Fedora. This is the spec file and patches but not the SA tarballs. I already have a regular user for building packages and have run rpmdev-setuptree to create a packaging

sa-learn on an Exchange public folder

Hello all. I've set up SA at $WORK and now want to train the bayesian classifier. To that end, a public folder has been setup on our Exchange server and I want to run sa-learn on any email that is transferred to it. I'm guessing this is a popular thing to do and that there would already be a

Re: [EXTERNAL] Re: Catch a rejected message ?

On 02/12/2023 05:16, Benny Pedersen wrote: White, Daniel E. (GSFC-770.0)[AEGIS] via users skrev den 2023-12-01 16:35: why do you reply to a member that can't answer on maillist ? From: Reindl "Toxic Troll" Harald Because that moderated troll has a long known habit on most of the lists

Re: Catch a rejected message ?

Is there a way to capture the offending messages to figure out the problem ? if you reject, its rejected Amavis rejects after DATA and is able to quarantine such mails.

Re: [EXTERNAL] Re: Catch a rejected message ?

White, Daniel E. (GSFC-770.0)[AEGIS] via users skrev den 2023-12-01 16:35: Many thanks. I will try this and report back why do you reply to a member that can't answer on maillist ? From: Reindl Harald

Re: Catch a rejected message ?

White, Daniel E. (GSFC-770.0)[AEGIS] via users skrev den 2023-12-01 16:29: We are using SpamAssassin 3.4.6-1 with Postfix 3.5.8-4 on RHEL 8 We are seeing occasional blocked messages that say “milter-reject” with a spam score of 8 good or bad ? Is there a way to capture the offending

Re: Catch a rejected message ?

On 2023-12-01 at 10:29:24 UTC-0500 (Fri, 1 Dec 2023 15:29:24 +) White, Daniel E. (GSFC-770.0)[AEGIS] via users is rumored to have said: We are using SpamAssassin 3.4.6-1 with Postfix 3.5.8-4 on RHEL 8 We are seeing occasional blocked messages that say “milter-reject” with a spam score of

Re: Catch a rejected message ?

That depends on the milter you're using to "glue" SA to postfix. IE if you're using a milter (the thing that's triggering that "milter-reject" response) this means that Postifx is passing the messages to the milter, the milter is passing them to SA-spamd, getting the response and then feeding

Re: [EXTERNAL] Re: Catch a rejected message ?

Many thanks. I will try this and report back From: Reindl Harald Organization: the lounge interactive design Date: Friday, December 1, 2023 at 10:32 To: Daniel White , "users@spamassassin.apache.org" Subject: [EXTERNAL] Re: Catch a rejected message ? Am 01.12.23 um 16:29 schrieb White,

Catch a rejected message ?

We are using SpamAssassin 3.4.6-1 with Postfix 3.5.8-4 on RHEL 8 We are seeing occasional blocked messages that say “milter-reject” with a spam score of 8 Is there a way to capture the offending messages to figure out the problem ? Thanks

Re: ATT RBL f---wits

On 29/11/2023 00:51, Tracy Greggs via users wrote: Cableone is SOA on this zone, so they are the issue. You can ask them to create a PTR for your static IP and hope for the best. Most I have dealt with will do it as long as it's a commercial account. On 29.11.23 07:24, Noel Butler wrote:

Re: ATT RBL f---wits

On 11/27/23 16:31, Philip Prindeville wrote: We're being blacklisted by att.net with the following message: (reason: 550 5.7.1 Connections not accepted from servers without a valid sender domain.flph840 Fix reverse DNS for 24.116.100.90) I don't know what the hell is up with these

Re: ATT RBL f---wits

On 29/11/2023 00:51, Tracy Greggs via users wrote: Cableone is SOA on this zone, so they are the issue. You can ask them to create a PTR for your static IP and hope for the best. Most I have dealt with will do it as long as it's a commercial account. As I pointed out - but failed to

Re: ATT RBL f---wits

NO PTR for the IP. Cableone is SOA on this zone, so they are the issue. You can ask them to create a PTR for your static IP and hope for the best. Most I have dealt with will do it as long as it's a commercial account. -- Original Message -- From "Philip Prindeville" To

Re: ATT RBL f---wits

On 28/11/2023 08:59, Noel Butler wrote: ~$ host 24.116.100.90 ;; connection timed out; no servers could be reached Seems like AT *ARE* doing the correct thing and it is *YOU* with the problem. before you start calling others f'wits do better investigation, a dig trace indicates root servers

Re: ATT RBL f---wits

~$ host 24.116.100.90 ;; connection timed out; no servers could be reached Seems like AT *ARE* doing the correct thing and it is *YOU* with the problem. before you start calling others f'wits do better investigation, a dig trace indicates root servers dont know you. On 28/11/2023 07:31,

Re: ATT RBL f---wits

On 2023-11-27 at 16:31:52 UTC-0500 (Mon, 27 Nov 2023 14:31:52 -0700) Philip Prindeville is rumored to have said: We're being blacklisted by att.net with the following message: (reason: 550 5.7.1 Connections not accepted from servers without a valid sender domain.flph840 Fix reverse DNS

ATT RBL f---wits

We're being blacklisted by att.net with the following message: (reason: 550 5.7.1 Connections not accepted from servers without a valid sender domain.flph840 Fix reverse DNS for 24.116.100.90) I don't know what the hell is up with these pinheads: philipp@ubuntu22:~$ dig -tmx

qq.com rule false positives

Hi, all. I received a mail from a qq.com user that went over the spam threshold. From the rules that triggered, it looks like the dynamic rDNS rules triggered on the qq.com sending server, which contributed around 4.2 points to this message (which was not spam). Relevant headers:

Re: Spamassassin rule

On 17.11.23 11:19, natan wrote: E-mail was signed DKIM but why SA set "DMARC_REJECT" in this time ? W dniu 17.11.2023 o 12:31, Matus UHLAR - fantomas pisze: it's hard to see this without envelope and header from: On 17.11.23 12:42, natan wrote: Return-Path:

Re: Spamassassin rule

natan skrev den 2023-11-17 11:19: How it realy realy works in SA ? I ask beacuse warking not so cool: On 17.11.23 14:21, Benny Pedersen wrote: its a hack, and bad example on expect it hits unaligned mail aswell as aligned, we screwed there :) generally it could work, but it could be the

Re: Spamassassin rule

Hi I had spamassassin-4.x dor ~1 day ;) And I had to downgrade to spamassasin-3.4.6 The Problem was in /var/lib/amavis/tmp/ where content of the catalog grow and grow more was rising than falling like 29 GB and more When dowgrade to stable spamassassin-3.4.6 problem fixed and size is ~100MB

Re: Spamassassin rule

natan skrev den 2023-11-17 11:19: How it realy realy works in SA ? I ask beacuse warking not so cool: its a hack, and bad example on expect it hits unaligned mail aswell as aligned, we screwed there :) good news dmarc plugin in sa trunc does aswell work in spamasasssin 3.4.6 last time i

Re: Spamassassin rule

W dniu 17.11.2023 o 12:31, Matus UHLAR - fantomas pisze: On 17.11.23 11:19, natan wrote: How it realy realy works in SA ? I ask beacuse warking not so cool: example: ifplugin Mail::SpamAssassin::Plugin::AskDNS askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=none;/

Re: Spamassassin rule

On 17.11.23 11:19, natan wrote: How it realy realy works in SA ? I ask beacuse warking not so cool: example: ifplugin Mail::SpamAssassin::Plugin::AskDNS askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=none;/ askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT

Spamassassin rule

HI How it realy realy works in SA ? I ask beacuse warking not so cool: example: ifplugin Mail::SpamAssassin::Plugin::AskDNS askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=none;/ askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=quarantine;/ askdns

Re: Too many dots?

On Thu, 16 Nov 2023, Matus UHLAR - fantomas wrote: Alex wrote: I recently had an account activation email blocked due to AC_FROM_MANY_DOTS in the From address: From: VitalSource > On 16.11.23 10:29, Kris Deugau wrote: Just FYI: AC_FROM_MANY_DOTS stock

Re: Too many dots?

On 11/16/23 17:26, Greg Troxel wrote: Alex writes: Also, the KAM rules are designed to be used in conjunction with the stock rules, so it also seemed somewhat punitive to award so many points and to be expected to offset them for a completely benign email. My experience is that many of the

Re: Too many dots?

Alex writes: > Also, the KAM rules are designed to be used in conjunction with the stock > rules, so it also seemed somewhat punitive to award so many points and to > be expected to offset them for a completely benign email. My experience is that many of the KAM rules are unreasonably

Re: Too many dots?

Hi, >>Does it sound reasonable to add 3 points plus another 1.5 simply for > >>having been sent by sendgrid? How do we offset those points? Do we > >>just rely on bayes/txrep? > >> > >>I think my bayes db is pretty well-trained, but there's also a lot > >>of account activation fraud emails. > >

Re: Too many dots?

Alex wrote: I recently had an account activation email blocked due to AC_FROM_MANY_DOTS in the From address: From: VitalSource > It also hit KAM_SENDGRID and BAYES_50 and KAM_MARKETINGBL_PCCC, pushing it over to spam.  *  1.5 KAM_SENDGRID Sendgrid being

Re: Too many dots?

Alex wrote: Hi, I recently had an account activation email blocked due to AC_FROM_MANY_DOTS in the From address: From: VitalSource > It also hit KAM_SENDGRID and BAYES_50 and KAM_MARKETINGBL_PCCC, pushing it over to spam.  *  1.5 KAM_SENDGRID Sendgrid

Too many dots?

Hi, I recently had an account activation email blocked due to AC_FROM_MANY_DOTS in the From address: From: VitalSource It also hit KAM_SENDGRID and BAYES_50 and KAM_MARKETINGBL_PCCC, pushing it over to spam. * 1.5 KAM_SENDGRID Sendgrid being exploited by scammers * 0.8 BAYES_50 BODY: Bayes

Re: when whitelisting, do what with marked SPAM?

On Tue, 14 Nov 2023, joe a wrote: On 11/14/2023 13:46:11, Matus UHLAR - fantomas wrote: On 14.11.23 13:05, joe a wrote: Low volume home office user and system. Occasionally when first dealing with a new entity, their correspondence gets flagged as SPAM. When I whitelist these, what

Re: when whitelisting, do what with marked SPAM?

On 14.11.23 13:05, joe a wrote: Low volume home office user and system. Occasionally when first dealing with a new entity, their correspondence gets flagged as SPAM. When I whitelist these, what should be done with those messages that might remain in "flagged SPAM" or "Missed SPAM"?,

Re: when whitelisting, do what with marked SPAM?

On 11/14/2023 13:46:11, Matus UHLAR - fantomas wrote: On 14.11.23 13:05, joe a wrote: Low volume home office user and system. Occasionally when first dealing with a new entity, their correspondence gets flagged as SPAM. When I whitelist these, what should be done with those messages that

Re: when whitelisting, do what with marked SPAM?

On 11/14/2023 20:48:27, John Hardin wrote: On Tue, 14 Nov 2023, joe a wrote: Low volume home office user and system. Occasionally when first dealing with a new entity, their correspondence gets flagged as SPAM. When I whitelist these, what should be done with those messages that might

Re: when whitelisting, do what with marked SPAM?

On Tue, 14 Nov 2023, joe a wrote: Low volume home office user and system. Occasionally when first dealing with a new entity, their correspondence gets flagged as SPAM. When I whitelist these, what should be done with those messages that might remain in "flagged SPAM" or "Missed SPAM"?,

Re: when whitelisting, do what with marked SPAM?

On 14.11.23 13:05, joe a wrote: Low volume home office user and system. Occasionally when first dealing with a new entity, their correspondence gets flagged as SPAM. When I whitelist these, what should be done with those messages that might remain in "flagged SPAM" or "Missed SPAM"?,

when whitelisting, do what with marked SPAM?

Low volume home office user and system. Occasionally when first dealing with a new entity, their correspondence gets flagged as SPAM. When I whitelist these, what should be done with those messages that might remain in "flagged SPAM" or "Missed SPAM"?, thinking along lines of keeping BAYES

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

Using Sendmail. I added milter-regex which allows very simple rules eg. reject "Unsolicited Spam" - make this as rude as you like. body /I RECORDED YOU/i Done and dusted. It's available as an RPM frpm epel for RedHat and variants. *** REPLY SEPARATOR *** On 11/11/2023 at

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

In your message regarding Re: Anybody else getting bombarded with "I RECORDED YOU" spam? dated 11/11/2023, Noel Butler said ... > On 11/11/2023 22:37, Mike Bostock via users wrote: > > There is a way to whitelist domains with no RDNS but so far I haven't > > found a way to do this in the .mc

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

On 11/11/2023 22:37, Mike Bostock via users wrote: There is a way to whitelist domains with no RDNS but so far I haven't found a way to do this in the .mc file. Thanks again /etc/mail/access Connect:foo OK -- Regards, Noel Butler This Email, including attachments, may contain legally

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

In your message regarding Re: Anybody else getting bombarded with "I RECORDED YOU" spam? dated 10/11/2023, Mark London said ... > Sendmail didn't introduce FEATURE(require_rdns) until 2007.  I'm sure > I've been using it longer than that.  And by default it's not enabled. > It doesn't totally

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

I don't have the specifics at hand but I created a rule that places a heavy score (like 2.0) on anything that matches existing sex and bitcoin rules. These messages usually match a bunch of other signals and that rule pushes the score over my delete-on-sight threshold (8.0). On 2023-11-10

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

To block this type of spam I've increased the score of GB_HASHBL_BTC (Bitcoin rbl) rule. Giovanni On 11/10/23 11:01, Mark London wrote: Sendmail didn't introduce FEATURE(require_rdns) until 2007.  I'm sure I've been using it longer than that.  And by default it's not enabled. It doesn't

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

Sendmail didn't introduce FEATURE(require_rdns) until 2007.  I'm sure I've been using it longer than that.  And by default it's not enabled. It doesn't totally block the "I RECOVERED YOU" spams.   Occasional some come through with ip addresses that have valid reverse lookups.  But the number

RE: Anybody else getting bombarded with "I RECORDED YOU" spam?

Yes that is fucked up that experience and wisdom comes with getting older ;) https://faculty.cs.niu.edu/~rickert/cf/hack/require_rdns.m4 > > Marc - You are correct.  All the IP sources of this spam, don't a valid > reverse lookup of the IP address, to an IP name.   That will solve my >

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

Marc - You are correct.  All the IP sources of this spam, don't a valid reverse lookup of the IP address, to an IP name.   That will solve my problem.  Thanks! - Mark On 11/9/2023 12:38 PM, Marc wrote: Do you at least verify the reverse lookup? That already stops a lot of such networks.

RE: Anybody else getting bombarded with "I RECORDED YOU" spam?

> > Heck, maybe I should just block the whole country.  :) You have to be careful with this. I think there are 'organisations' that specifically abuse with the intend to provoke you to have blanket block a specific region/range.

Re: Anybody else getting bombarded with "I RECORDED YOU" spam?

Unfortunately most of the ip addresses do have reverse lookups. On the other hand, I do see that some have common domains.   So I could use block by domain using sendmail. Heck, maybe I should just block the whole country.  :) On 11/9/2023 12:38 PM, Marc wrote: The spam is coming from many

RE: Anybody else getting bombarded with "I RECORDED YOU" spam?

> > The spam is coming from many different IP ranges, with little > repetition.   Most of them are from countries like Afghanistan, > Kyrgyzstan, Azerbaijan, Kazakhstan, and Uzbekistan.  Are these the > latest sources that spam software is using, because other countries have > tightened up their

Anybody else getting bombarded with "I RECORDED YOU" spam?

In the last couple of days, the number of "I RECORDED YOU" spams that my server has been receiving, has gone way up. Well over a thousand a day.  And the spam is only being sent to about 20 of my users.  We had been receiving these for the last month, but nothing at all like rate it's now

Re: spamc -L does not return 5, or 6

giova...@paclan.it writes: > On 11/7/23 18:38, Cecil Westerhof wrote: >> Matus UHLAR - fantomas writes: >> > On Tue, Nov 07, 2023 at 02:28:38AM +0100, Cecil Westerhof wrote: >> https://spamassassin.apache.org/full/3.1.x/doc/spamc.html says: >> -L learn type >> Send

Re: spamc -L does not return 5, or 6

On 2023-11-07 at 18:23:19 UTC-0500 (Wed, 8 Nov 2023 00:23:19 +0100) is rumored to have said: > On 11/7/23 18:38, Cecil Westerhof wrote: >> Matus UHLAR - fantomas writes: [...] >> >> They are imaps -> imap over ssh. >> But that is not the problem. Spamc does what it should be doing, >> except

Re: spamc -L does not return 5, or 6

On 11/7/23 18:38, Cecil Westerhof wrote: Matus UHLAR - fantomas writes: On Tue, Nov 07, 2023 at 02:28:38AM +0100, Cecil Westerhof wrote: https://spamassassin.apache.org/full/3.1.x/doc/spamc.html says: -L learn type Send message to spamd for learning. The learn type can be

Re: spamc -L does not return 5, or 6

Matus UHLAR - fantomas writes: >>> On Tue, Nov 07, 2023 at 02:28:38AM +0100, Cecil Westerhof wrote: https://spamassassin.apache.org/full/3.1.x/doc/spamc.html says: -L learn type Send message to spamd for learning. The learn type can be either spam, ham or

Re: spamc -L does not return 5, or 6

On Tue, Nov 07, 2023 at 02:28:38AM +0100, Cecil Westerhof wrote: https://spamassassin.apache.org/full/3.1.x/doc/spamc.html says: -L learn type Send message to spamd for learning. The learn type can be either spam, ham or forget. The exitcode for spamc will be set to 5 if

Re: spamc -L does not return 5, or 6

"George A. Theall via users" writes: > On Tue, Nov 07, 2023 at 02:28:38AM +0100, Cecil Westerhof wrote: >>https://spamassassin.apache.org/full/3.1.x/doc/spamc.html says: >>-L learn type >>Send message to spamd for learning. The learn type can be >>either spam, ham or forget.

Re: spamc -L does not return 5, or 6

On Tue, Nov 07, 2023 at 02:28:38AM +0100, Cecil Westerhof wrote: https://spamassassin.apache.org/full/3.1.x/doc/spamc.html says: -L learn type Send message to spamd for learning. The learn type can be either spam, ham or forget. The exitcode for spamc will be set to 5 if

<    1   2   3   4   5   6   7   8   9   10   >