Re: Possible spam sign

On Tue, 8 Dec 2020 10:18:28 -0800 Loren Wilton wrote: > I just received a spam with this interesting From address: > > From: "VA Rate Guide" > > > I wonder if it is worth checking for mail from more than one sender > at once? Multiple senders in "From" headers is rare, but RFC compliant.

Re: Possible spam sign

On Tue, 8 Dec 2020, Loren Wilton wrote: That probably should have hit at least one scored base rule: https://ruleqa.spamassassin.org/?rule=%2FFROM_2_ Nope. I think my rules are up to date, but maybe not. Feel free to pastebin it and I'll take a look.

Re: Possible spam sign

That probably should have hit at least one scored base rule: https://ruleqa.spamassassin.org/?rule=%2FFROM_2_ Nope. I think my rules are up to date, but maybe not. Feel free to pastebin it and I'll take a look.

Re: Possible spam sign

On 8 Dec 2020, at 12:47, Grant Taylor wrote: I think that the strict RFC specification does allow for multiple senders, but I don't remember how it's done and it's so rare that I'd accept the false positive. Yes to both. -lem

Re: Possible spam sign

On 12/8/20 11:18 AM, Loren Wilton wrote: I just received a spam with this interesting From address: From: "VA Rate Guide" Ew. I wonder if it is worth checking for mail from more than one sender at once? The BOFH in me would be tempted to add one point for each extra @. I think that

Re: Possible spam sign

Loren Wilton skrev den 2020-12-08 19:18: I just received a spam with this interesting From address: From: "VA Rate Guide" I wonder if it is worth checking for mail from more than one sender at once? Received: from [47.140.131.2] (helo=watson1) by

Re: Possible spam sign

On Tue, 8 Dec 2020, Loren Wilton wrote: That probably should have hit at least one scored base rule: https://ruleqa.spamassassin.org/?rule=%2FFROM_2_ Nope. I think my rules are up to date, but maybe not. Feel free to pastebin it and I'll take a look. -- John Hardin KA7OHZ

Re: Possible spam sign

That probably should have hit at least one scored base rule: https://ruleqa.spamassassin.org/?rule=%2FFROM_2_ Nope. I think my rules are up to date, but maybe not.

Re: Possible spam sign

On Tue, 8 Dec 2020, Loren Wilton wrote: I just received a spam with this interesting From address: From: "VA Rate Guide" I wonder if it is worth checking for mail from more than one sender at once? That probably should have hit at least one scored base rule:

Possible spam sign

I just received a spam with this interesting From address: From: "VA Rate Guide" I wonder if it is worth checking for mail from more than one sender at once? Loren

Re: Best Possible Way To Block Phish/Malware URL

Hai! That isn't only Phishtank data... +1 and using that data in that particular way hardly scales to bigger setups data could be stored in DB_File just like GeoIP2, that saves ram imho Treansferring the complete set over and over might now be the best way of doing the distribution of

Re: Best Possible Way To Block Phish/Malware URL

On 7/7/20 2:57 PM, Benny Pedersen wrote: Axb skrev den 2020-07-07 14:46: That isn't only Phishtank data... +1 and using that data in that particular way hardly scales to bigger setups data could be stored in DB_File just like GeoIP2, that saves ram imho rblnsd is the way to go: - you

Re: Best Possible Way To Block Phish/Malware URL

Axb skrev den 2020-07-07 14:46: That isn't only Phishtank data... +1 and using that data in that particular way hardly scales to bigger setups data could be stored in DB_File just like GeoIP2, that saves ram imho FTR: GoogleSafeBrowsing is not free for all, anymore that explains low

Re: Best Possible Way To Block Phish/Malware URL

Hai! I Tried GoogleSafeBrowsing but not helping much as it has very low detection ratio. is another reporting problem whatever that may mean if all phishes is reported to google then safebrowsing would be more usefull FTR: GoogleSafeBrowsing is not free for all, anymore If i recall

Re: Best Possible Way To Block Phish/Malware URL

On 7/7/20 2:39 PM, Benny Pedersen wrote: Axb skrev den 2020-07-07 13:23: domains listed in Phishtank are picked up by SURBL and rbldnsd support a fix of this https://www.isc.org/blogs/qname-minimization-and-privacy/ i have disabled it in bind9 Phishtank signatures in SpamAssassin?

Re: Best Possible Way To Block Phish/Malware URL

Axb skrev den 2020-07-07 13:23: domains listed in Phishtank are picked up by SURBL and rbldnsd support a fix of this https://www.isc.org/blogs/qname-minimization-and-privacy/ i have disabled it in bind9 Phishtank signatures in SpamAssassin?

Re: Best Possible Way To Block Phish/Malware URL

On 7/7/20 1:20 PM, Benny Pedersen wrote: KADAM, SIDDHESH skrev den 2020-07-07 13:13: Can anybody suggest me a best possible way to block phish/malware url from body of an email using spamassassin. report to https://phishtank.com/ 1 step :=) next is to use https://sanesecurity.com

Re: Best Possible Way To Block Phish/Malware URL

KADAM, SIDDHESH skrev den 2020-07-07 13:13: Can anybody suggest me a best possible way to block phish/malware url from body of an email using spamassassin. report to https://phishtank.com/ 1 step :=) next is to use https://sanesecurity.com/ with phishtank signatures using phishtank

Re: Best Possible Way To Block Phish/Malware URL

On 7/7/20 1:13 PM, KADAM, SIDDHESH wrote: Guys, Can anybody suggest me a best possible way to block phish/malware url from body of an email using spamassassin. I Tried GoogleSafeBrowsing but not helping much as it has very low detection ratio. Regards, Siddhesh iirc "ramp

Best Possible Way To Block Phish/Malware URL

Guys, Can anybody suggest me a best possible way to block phish/malware url from body of an email using spamassassin. I Tried GoogleSafeBrowsing but not helping much as it has very low detection ratio. Regards, Siddhesh

Re: possible FORGED_GMAIL_RCVD false positive

On Wed, 18 Sep 2019 12:29:43 +0200 Matus UHLAR - fantomas wrote: > I have received following spam: > > https://pastebin.com/SkvkVWik > > This hits FORGED_GMAIL_RCVD although the message came from google mail > servers. > > According to HeaderEval.pm, message apparently misses >

Re: possible FORGED_GMAIL_RCVD false positive

On Wed, Sep 18, 2019 at 08:40:55PM +0100, RW wrote: > On Wed, 18 Sep 2019 12:29:43 +0200 > Matus UHLAR - fantomas wrote: > > > Hello, > > > > I have received following spam: > > > > https://pastebin.com/SkvkVWik > > > > This hits FORGED_GMAIL_RCVD although the message came from google mail > >

Re: possible FORGED_GMAIL_RCVD false positive

On Wed, 18 Sep 2019 12:29:43 +0200 Matus UHLAR - fantomas wrote: > Hello, > > I have received following spam: > > https://pastebin.com/SkvkVWik > > This hits FORGED_GMAIL_RCVD although the message came from google mail > servers. > > According to HeaderEval.pm, message apparently misses >

possible FORGED_GMAIL_RCVD false positive

Hello, I have received following spam: https://pastebin.com/SkvkVWik This hits FORGED_GMAIL_RCVD although the message came from google mail servers. According to HeaderEval.pm, message apparently misses X-Google-Smtp-Source header is there any reason to expect that header in mail from gmail?

Re: Filtering at border routers: Is it possible?

On 25 Mar 2019, at 09:49, Matus UHLAR - fantomas wrote: I can't see anywhere how smtps could mean multicast audio. On 25.03.19 22:27, @lbutlr wrote: That may have been a different use for port 465? I was operating from memory. different use, but it was not called ssmtp. what I want to say

Re: Filtering at border routers: Is it possible?

On 26 Mar 2019, at 0:27, @lbutlr wrote: That may have been a different use for port 465? I was operating from memory. Cisco SSM. See https://www.cisco.com/c/en/us/td/docs/ios/12_2/ip/configuration/guide/fipr_c/1cfssm.pdf -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA

Re: Filtering at border routers: Is it possible?

On 25 Mar 2019, at 09:49, Matus UHLAR - fantomas wrote: > I can't see anywhere how smtps could mean multicast audio. That may have been a different use for port 465? I was operating from memory. I wasn't trying to do a ton of research on this. The point is 465 was a MSFT thing that they did

Re: Filtering at border routers: Is it possible?

On 2019-03-22 21:43, Grant Taylor wrote: On 3/22/19 7:01 PM, Dave Warren wrote: To me, the big one is this: It sets your users up for failure. If a user configures their client on a network that allows unrestricted port 25 access and later moves (temporarily or permanently) to a network that

Re: Filtering at border routers: Is it possible?

And didn't Microsoft start using it for their non-standard email in Windows 95? I'm not sure how non-standard Microsoft's use of SMTP-over-TLS (SMTPS / TCP port 465) is. The closest thing I remember to non-standard nature was that they were atypical in their choice of preferring SMTP-over-TLS

Re: Filtering at border routers: Is it possible?

On 24 Mar 2019, at 19:06, Reindl Harald wrote: > well, given all that technical bullshit you are talking on several lists > at least for 5 years better shut up... I asked you to stop emailing me directly, so stop emailing me directly. -- Well I've seen the Heart of Darkness/Read the writing

Re: Filtering at border routers: Is it possible?

On 3/24/19 6:45 PM, @lbutlr wrote: Which I posted a few messages upthread. ACK Is now. Was not then. Was not for many many years. TFC 8314 is very recent. I think we may be talking about two different things. I'm talking about the protocol that went over the port. I think you are

Re: Filtering at border routers: Is it possible?

On 22 Mar 2019, at 20:37, Grant Taylor wrote: What is wrong with having SMTP Authentication on the MTA port as an /option/? It creates unnecessary attack surface (i.e. one more place a stolen credentioal works.) It creates error-prone complexity in the configuration. -- Bill Cole

Re: Filtering at border routers: Is it possible?

On Mar 24, 2019, at 18:51, Reindl Harald wrote: >> Am 25.03.19 um 01:45 schrieb @lbutlr: >>> On 24 Mar 2019, at 13:12, Grant Taylor wrote: >>> Okay, what do you think the difference is in "smtps" and "SMTPS"? >> >> Oh, look, Wikip[edia has some details. >> >>

Re: Filtering at border routers: Is it possible?

On 24 Mar 2019, at 13:12, Grant Taylor wrote: > That changed within the last couple of years. Check out RFC 8314. Which I posted a few messages upthread. On 24 Mar 2019, at 13:16, Grant Taylor wrote: > On 3/24/19 1:00 PM, @lbutlr wrote: >> And didn't Microsoft start using it for their

Re: Filtering at border routers: Is it possible?

On 3/24/19 1:00 PM, @lbutlr wrote: And didn't Microsoft start using it for their non-standard email in Windows 95? I'm not sure how non-standard Microsoft's use of SMTP-over-TLS (SMTPS / TCP port 465) is. The closest thing I remember to non-standard nature was that they were atypical in

Re: Filtering at border routers: Is it possible?

On 3/24/19 12:23 PM, Matus UHLAR - fantomas wrote: In early 1997, the Internet Assigned Numbers Authority registered port 465 for smtps.[2] Late 1998 this was revoked when STARTTLS was standardized.[3] That changed within the last couple of years. Check out RFC 8314. Link - Cleartext

Re: Filtering at border routers: Is it possible?

> On 24 Mar 2019, at 12:23, Matus UHLAR - fantomas wrote: > >> On 23 Mar 2019, at 14:03, Rupert Gallagher wrote: >>> I was royally pissed when they introduced port 587 and deprecated port 465. >>> Port 587 is an RFC mandated security loophole. Port 465 is golden. > > On 23.03.19 21:13,

Re: Filtering at border routers: Is it possible?

On 23 Mar 2019, at 14:03, Rupert Gallagher wrote: I was royally pissed when they introduced port 587 and deprecated port 465. Port 587 is an RFC mandated security loophole. Port 465 is golden. On 23.03.19 21:13, @lbutlr wrote: Port 465 was a not-standard MSFT crutch, ut is now used for

Re: Filtering at border routers: Is it possible?

On 23 Mar 2019, at 23:06, RALPH HAUSER wrote: > STOP EMAILING ME! TAKE ME OFF OF THIS! No. You are the only person who can unsubscribe yourself from the list. In the headers of *EVERY SINGLE* message there are these lines. list-help:

Re: Filtering at border routers: Is it possible?

STOP EMAILING ME! TAKE ME OFF OF THIS! > On Mar 22, 2019, at 10:04 PM, John Hardin wrote: > >> On Fri, 22 Mar 2019, Benny Pedersen wrote: >> >> John Hardin skrev den 2019-03-22 22:23: >> Instead of taking on the job of filtering email for all of your clients (this, to me, will open

Re: Filtering at border routers: Is it possible?

On 23 Mar 2019, at 14:03, Rupert Gallagher wrote: > I disagree with Kevin on port 587, because it is vulnerable to mitm attacks. You're going too needy too back that up with actual facts. > I was royally pissed when they introduced port 587 and deprecated port 465. > Port 587 is an RFC

Re: Filtering at border routers: Is it possible?

On 3/23/19 2:03 PM, Rupert Gallagher wrote: I was royally pissed when they introduced port 587 and deprecated port 465. Port 587 is an RFC mandated security loophole. Port 465 is golden. TCP port 465 has retroactively been returned to official status. It has two uses, SMTPS, and something

RE: Filtering at border routers: Is it possible?

>> Please consider the environment before printing this email >> >> >> >> >>-Mensagem original- >>De: Benny Pedersen >>Enviada: sexta-feira, 22 de março de 2019 20:55 >>Para: users@spamassassin.apache.org >>Assunto: Re: Filtering at bor

Re: Filtering at border routers: Is it possible?

I reject tons of spam from OVH. So much that I am banning whole CIDRs. Whatever they do, it's not working. On Sat, Mar 23, 2019 at 12:53, Giovanni Bechis wrote > Hi, > this is what OVH does (article in french, sorry): >

Re: Filtering at border routers: Is it possible?

I agree with Benny on port 25. I disagree with Kevin on port 587, because it is vulnerable to mitm attacks. I was royally pissed when they introduced port 587 and deprecated port 465. Port 587 is an RFC mandated security loophole. Port 465 is golden. On Sat, Mar 23, 2019 at 03:01, Kevin A.

RE: Filtering at border routers: Is it possible?

ny Pedersen >Enviada: sexta-feira, 22 de março de 2019 20:55 >Para: users@spamassassin.apache.org >Assunto: Re: Filtering at border routers: Is it possible? > >Anthony Hoppe skrev den 2019-03-22 18:23: >> Not knowing the details of your environment... >> >> Inst

Re: Filtering at border routers: Is it possible?

On 3/22/19 7:01 PM, Dave Warren wrote: To me, the big one is this: It sets your users up for failure. If a user configures their client on a network that allows unrestricted port 25 access and later moves (temporarily or permanently) to a network that does restrict port 25, they'll get an

Re: Filtering at border routers: Is it possible?

On 22 Mar 2019, at 13:00, Matt V wrote: > WHY⁉️ Don't do this, it is just hostile. -- The Force can have a strong influence on a weak mind.

Re: Filtering at border routers: Is it possible?

On Fri, 22 Mar 2019, Benny Pedersen wrote: John Hardin skrev den 2019-03-22 22:23: Instead of taking on the job of filtering email for all of your clients (this, to me, will open up a can of worms), why not set a policy that port 25 is blocked by default and customers must request for it to

Re: Filtering at border routers: Is it possible?

er, DDoS attacks, etc.  I've published a lot of stuff about this before and happy to give pointers again. Yes, it is possible to do. But if the OP is running a co-location facility and offering connectivity for clients to host their own servers on the Internet, I think s/he should NOT be int

Re: Filtering at border routers: Is it possible?

On 3/22/19 7:01 PM, Dave Warren wrote: To me, the big one is this: It sets your users up for failure. If a user configures their client on a network that allows unrestricted port 25 access and later moves (temporarily or permanently) to a network that does restrict port 25, they'll get an

Re: Filtering at border routers: Is it possible?

Noel Butler skrev den 2019-03-23 02:44: you ave not been taking your medication again Benny it keeps me awake atleast :) its weekend and i was borring creating gentoo ebuild for pymilter 1.0.2, repoman -d full is happy, so i am aswell

Re: Filtering at border routers: Is it possible?

On 3/22/2019 9:44 PM, Noel Butler wrote: > > On 23/03/2019 05:54, Benny Pedersen wrote: > >> >> dont relay mail from port 25, mails there is final recipient only, >> not forwared >>   >   > > you ave not been taking your medication again Benny > Noel, please.  The personal attacks aren't in

Re: Filtering at border routers: Is it possible?

On 23/03/2019 05:54, Benny Pedersen wrote: > dont relay mail from port 25, mails there is final recipient only, not > forwared you ave not been taking your medication again Benny -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally

Re: Filtering at border routers: Is it possible?

On 2019-03-22 18:37, Grant Taylor wrote: On 3/22/19 3:23 PM, Benny Pedersen wrote: you only need sasl auth You should do the SMTP Authentication across STARTTLS to protect credentials. do not enable sasl auth on port 25, if it lists AUTH on port 25 ehlo, you will need to remove  it in

Re: Filtering at border routers: Is it possible?

On 2019-03-22 18:39, Grant Taylor wrote: On 3/22/19 3:29 PM, Benny Pedersen wrote: custommers wish for port 25 open relay ? Having unfettered access to send traffic to TCP port 25 is /not/ the same thing as an open relay. Especially if you are a host with your clients running self-managed

Re: Filtering at border routers: Is it possible?

On 3/22/19 3:29 PM, Benny Pedersen wrote: custommers wish for port 25 open relay ? Having unfettered access to send traffic to TCP port 25 is /not/ the same thing as an open relay. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature

Re: Filtering at border routers: Is it possible?

On 3/22/19 3:23 PM, Benny Pedersen wrote: you only need sasl auth You should do the SMTP Authentication across STARTTLS to protect credentials. do not enable sasl auth on port 25, if it lists AUTH on port 25 ehlo, you will need to remove  it in postfix main.cf enable sasl auth only on

Re: Filtering at border routers: Is it possible?

On 3/22/19 1:54 PM, Benny Pedersen wrote: dont relay mail from port 25, What do you mean by that? Are you talking about the TCP connection originating from port 25? Or something else? Also, why not? mails there is final recipient only, not forwared I disagree. I see people forward

Re: Filtering at border routers: Is it possible?

John Hardin skrev den 2019-03-22 22:23: Instead of taking on the job of filtering email for all of your clients (this, to me, will open up a can of worms), why not set a policy that port 25 is blocked by default and customers must request for it to be unblocked? +1 custommers wish for

Re: RE: Filtering at border routers: Is it possible?

ent before printing this email > > -Mensagem original- > De: Benny Pedersen > Enviada: sexta-feira, 22 de março de 2019 20:55 > Para: users@spamassassin.apache.org > Assunto: Re: Filtering at border routers: Is it possible? > > Anthony Hoppe skrev den 2019-03-22

Re: Filtering at border routers: Is it possible?

On Fri, 22 Mar 2019, Anthony Hoppe wrote: Not knowing the details of your environment... Instead of taking on the job of filtering email for all of your clients (this, to me, will open up a can of worms), why not set a policy that port 25 is blocked by default and customers must request for

Re: Filtering at border routers: Is it possible?

bruno.carva...@xervers.pt skrev den 2019-03-22 21:31: Thank you all for your suggestions. I will follow the path of using a whitelist and block everyone. I can track the IPs, but i taught i could put in place something (like OVH by example) do (If their system detects spam being sent, the port

RE: Filtering at border routers: Is it possible?

routers: Is it possible? Anthony Hoppe skrev den 2019-03-22 18:23: > Not knowing the details of your environment... > > Instead of taking on the job of filtering email for all of your > clients (this, to me, will open up a can of worms), why not set a > policy that port 25 is blo

Re: Filtering at border routers: Is it possible?

Anthony Hoppe skrev den 2019-03-22 18:23: Not knowing the details of your environment... Instead of taking on the job of filtering email for all of your clients (this, to me, will open up a can of worms), why not set a policy that port 25 is blocked by default and customers must request for it

Re: Filtering at border routers: Is it possible?

services for sending spam. If I were you, I would ask for more details and / or examples of said spam. I wanted to know if it is possible to setup spamassassin on a VPS or someting and have the port 25 redirected to it from border routers. No, yes, and no you shouldn't. No, SpamAssassin

Re: Filtering at border routers: Is it possible?

just joined this list, i didn't read all rules yet (just some), so bare with me if my question is misplaced. I own a small datacenter with 4 uplinks. And i received complains that some of my clients are using my services for sending spam. I wanted to know if it is possible to setup spamassassin

Re: Filtering at border routers: Is it possible?

On 22 Mar 2019, at 10:59, Bruno Carvalho wrote: > So, if someone knows a way to filter the mail traffic and block outbound > spam, i will be thankfull. tl;dr this is not a problem for SpamAssassin to fix. All outbound mail from anyone in your datacenter running a mail server will have to go

Re: Filtering at border routers: Is it possible?

a list of who may be using your services to send mail and better track if/when undesirable mail is sent from your network? Just a thought. ~ Anthony > From: "Bruno Carvalho" > To: "SpamAssassin" > Sent: Friday, March 22, 2019 9:59:56 AM > Subject: Filtering a

Filtering at border routers: Is it possible?

Hello Folks. I've just joined this list, i didn't read all rules yet (just some), so bare with me if my question is misplaced. I own a small datacenter with 4 uplinks. And i received complains that some of my clients are using my services for sending spam. I wanted to know if it is possible

Re: Is $THIS possible?

Hi Giovanni, On 11/27/2018 12:56 AM, Giovanni Bechis wrote: I do not know if it's viable for your own use but amavisd penpal feature could be an option (https://www.ijs.si/software/amavisd/#features-spam) It creates a redis database where it correlates outbound msg-id and replies so it can

Re: Is $THIS possible?

On 11/26/18 11:10 PM, Grant Taylor wrote: > On 11/26/2018 02:33 PM, Martin Gregorie wrote: >> I think that fear is unfounded > > Please don't mistake my laziness as fear.  I simply am not motivated enough > to construct a solution that will harvest outgoing recipient addresses. > I do not know

Re: Is $THIS possible?

On 11/26/2018 02:33 PM, Martin Gregorie wrote: I think that fear is unfounded Please don't mistake my laziness as fear. I simply am not motivated enough to construct a solution that will harvest outgoing recipient addresses. I might be interested and motivated enough to (eventually)

Re: Is $THIS possible?

r upgrade every year or two. But then PostgreSQL is designed to > > be > > self maintaining apart from making periodic backups. I do these > > weekly. > > ACK > > I wonder if I could leverage LDAP instead of a (more) traditional > SQL > database. That way the sam

Re: Is $THIS possible?

more than just this purpose. It might even be possible to use the LDAP address book as the data source for this. }:-) I suspect I could just as easily have something dynamically update the LDAP address book as I could an SQL database. Granted, the mechanics would be different, but it could s

Re: Is $THIS possible?

On Mon, Nov 26, 2018 at 01:08:04PM +, Martin Gregorie wrote: > > Instead, consider populating the database with addresses that your > users have sent mail to because by and large these will not be > spammers. If using postfix, one could use my postpals tool for this too..

Re: Is $THIS possible?

On Sun, 2018-11-25 at 20:54 -0700, Grant Taylor wrote: > Ultimately I'd like to have a (hashed) list addresses that I > recognize and add (0.1?) to the spam score for each unknown address. > Write yourself a plugin which looks up a database table of known addresses. Thats not hard if you know a

Is $THIS possible?

Is it possible to have per recipient rules (when running spamd & spamass-milter) that read a (hashed) list of addresses? I'm pontificating creating tests against To: / CC: addresses to see how many of them I've added to a list. Ultimately I'd like to have a (hashed) list addresses th

Re: Strict/Relaxed DKIM alignment possible with SA?

On Sun, 7 May 2017 13:08:03 +0200 Matus UHLAR - fantomas wrote: > On 07.05.17 12:46, Thore Boedecker wrote: > >I have played around with it and SA is not performing actual SPF > >queries/validations due to the use of spampd on localhost as a > >proxy. SA needs a trusted internal received

Re: Strict/Relaxed DKIM alignment possible with SA?

Am 07.05.2017 um 13:08 schrieb Matus UHLAR - fantomas: >>> > > On 07.05.17 00:46, Thore Boedecker wrote: >>> > > > Thanks for all the great advice so far. >>> > > > >>> > > > Currently I'm playing around with opendkim->opendmarc->amavisd >>> on my >>> > > > testserver. >>> > > > >>> > > > My

Re: Strict/Relaxed DKIM alignment possible with SA?

> > On 07.05.17 00:46, Thore Boedecker wrote: > > > Thanks for all the great advice so far. > > > > > > Currently I'm playing around with opendkim->opendmarc->amavisd on my > > > testserver. > > > > > > My current postfix setup is using spampd as proxy and thus any > > > opendkim/opendmarc

Re: Strict/Relaxed DKIM alignment possible with SA?

On 07.05.17 - 12:27, Matus UHLAR - fantomas wrote: > > > On 07.05.17 00:46, Thore Boedecker wrote: > > > > Thanks for all the great advice so far. > > > > > > > > Currently I'm playing around with opendkim->opendmarc->amavisd on my > > > > testserver. > > > > > > > > My current postfix setup is

Re: Strict/Relaxed DKIM alignment possible with SA?

On 07.05.17 00:46, Thore Boedecker wrote: > Thanks for all the great advice so far. > > Currently I'm playing around with opendkim->opendmarc->amavisd on my > testserver. > > My current postfix setup is using spampd as proxy and thus any > opendkim/opendmarc milters won't work in cojunction. >

Re: Strict/Relaxed DKIM alignment possible with SA?

On 07.05.17 - 11:46, Matus UHLAR - fantomas wrote: > On 07.05.17 00:46, Thore Boedecker wrote: > > Thanks for all the great advice so far. > > > > Currently I'm playing around with opendkim->opendmarc->amavisd on my > > testserver. > > > > My current postfix setup is using spampd as proxy and

Re: Strict/Relaxed DKIM alignment possible with SA?

On 07.05.17 00:46, Thore Boedecker wrote: Thanks for all the great advice so far. Currently I'm playing around with opendkim->opendmarc->amavisd on my testserver. My current postfix setup is using spampd as proxy and thus any opendkim/opendmarc milters won't work in cojunction. I've been

Re: Strict/Relaxed DKIM alignment possible with SA?

Thanks for all the great advice so far. Currently I'm playing around with opendkim->opendmarc->amavisd on my testserver. My current postfix setup is using spampd as proxy and thus any opendkim/opendmarc milters won't work in cojunction. I've been planning to switch to amavis and use it as a

Re: Strict/Relaxed DKIM alignment possible with SA?

From: Alex >I'm just adding 1.5 points when DMARC tests fail and the policy is to >reject. Is it safe to block them completely? I am rejecting with OpenDMARC when the sender's DMARC record has p=reject. This is what they asked for so I am doing it. I have run into on

Re: Strict/Relaxed DKIM alignment possible with SA?

On 06.05.17 15:49, Thore Boedecker wrote: After looking at the headers it became clear what the issue was: It seems that Yahoo (at least yahoo.co.jp) is allowing emails from @gmail.com senders to be sent through their servers. From: Matus UHLAR - fantomas @gmail.com

Re: Strict/Relaxed DKIM alignment possible with SA?

Hi, On Sat, May 6, 2017 at 10:10 AM, David Jones wrote: > From: Thore Boedecker > >>Hello folks, > >>over the last couple of months I have received some nasty spam, >>delivered by the Yahoo mail servers. > >>After looking at the headers it became clear what the

Re: Strict/Relaxed DKIM alignment possible with SA?

Hi, >>>So is there any way to make SA perform at least a relaxed DKIM >>>alignment check on the headers so that the DKIM signature domain has >>>to belong to the 'From:' address? > >>every domain using yahoo mail servers would have to delegate DKIM to >>yahoo and yahoo would need to sign under

Re: Strict/Relaxed DKIM alignment possible with SA?

From: Matus UHLAR - fantomas   >On 06.05.17 15:49, Thore Boedecker wrote: >>After looking at the headers it became clear what the issue was: >> >>It seems that Yahoo (at least yahoo.co.jp) is allowing emails from >>@gmail.com senders to be sent through their servers.

Re: Strict/Relaxed DKIM alignment possible with SA?

On 06.05.17 15:49, Thore Boedecker wrote: After looking at the headers it became clear what the issue was: It seems that Yahoo (at least yahoo.co.jp) is allowing emails from @gmail.com senders to be sent through their servers. @gmail.com From: and envelope from. Sender: was yahoo... The

Re: Strict/Relaxed DKIM alignment possible with SA?

On Sat, 6 May 2017 15:49:08 +0200 Thore Boedecker wrote: Over on my side, the receiving end of these emails, there is my spamassassin. SA discovers the DKIM signature and is able to validate this signature against the Yahoo server which is totally undesirable in my opinion. From: RW

Re: Strict/Relaxed DKIM alignment possible with SA?

From: RW   >On Sat, 6 May 2017 15:49:08 +0200 >Thore Boedecker wrote: >> Over on my side, the receiving end of these emails, there is my >> spamassassin. SA discovers the DKIM signature and is able to validate >> this signature against the Yahoo server which is

Re: Strict/Relaxed DKIM alignment possible with SA?

On Sat, 6 May 2017 15:49:08 +0200 Thore Boedecker wrote: > Over on my side, the receiving end of these emails, there is my > spamassassin. SA discovers the DKIM signature and is able to validate > this signature against the Yahoo server which is totally undesirable > in my opinion. It doesn't

Re: Strict/Relaxed DKIM alignment possible with SA?

> On 6 May 2017, at 14:49, Thore Boedecker wrote: > > Hello folks, > > over the last couple of months I have received some nasty spam, > delivered by the Yahoo mail servers. > > After looking at the headers it became clear what the issue was: > > It seems that Yahoo (at least

Re: Strict/Relaxed DKIM alignment possible with SA?

Thanks David for the first hints in the right direction and yes you are right, I'm looking for some sort of DMARC integration into SA. I have uploaded the mail here: https://paste.foxxx0.de/wZjcT/ Thore On 06.05.17 - 14:10, David Jones wrote: > From: Thore Boedecker >   >

Re: Strict/Relaxed DKIM alignment possible with SA?

From: Thore Boedecker   >Hello folks, >over the last couple of months I have received some nasty spam, >delivered by the Yahoo mail servers. >After looking at the headers it became clear what the issue was: Please post the email in pastebin.com or something so we can help.

Strict/Relaxed DKIM alignment possible with SA?

Hello folks, over the last couple of months I have received some nasty spam, delivered by the Yahoo mail servers. After looking at the headers it became clear what the issue was: It seems that Yahoo (at least yahoo.co.jp) is allowing emails from @gmail.com senders to be sent through their

Re: Dealing with huge URLs and timeouts (possible evasion technique?)

On 09/26/2016 07:49 AM, Pedro David Marco wrote: Hi, When SA 3.4.1 analyzes emails with large random URIs... like this:

  1   2   3   4   5   >