Re: fake base64 encoding

Thanks Kevin, I did a similar rule to detect it but with higher score (3) since we are seeing a huge LinkedIn Phishing campaign using this technique, that on purpose or by mistake is evading most SA rules... I agree that Thunderbird may be doing it wrong. Outlook seems to do it right. >I

Re: fake base64 encoding

Correction:  Some Outlook versions do show the email just as Thunderbird does.. so most users can see the email but SA... From: Pedro David Marco <pedrod_ma...@yahoo.com> To: Kevin A. McGrail <kmcgr...@pccc.com>; SA Mailing List <users@spamassassin.apache.org> Sent:

fake base64 encoding

Hi! i have noticed that when an email contains this (wrong) headers: Content-Type: text/html; charset="utf-8"Content-Transfer-Encoding: base64 as SMTP headers, not MIME headers, and the email body is not base64 enconded, email clients as Thunderbird show the content correctly butSpamAssasin body

Asynchronous plugin skeleton needed

Hi everybody... Is it possible to have an asynchronous plugin for something not DNS/RBL related? I would like to write a simple plugin to check some local Databases (cannot use  rbldnsd) that takes long so making it asynchronous seems the best idea.. If possible, can anyone provide any skeleton,

Re: Asynchronous plugin skeleton needed

>You should be able to use the other asynchronous plugins as a reference> >as well. Thanks... but i cannot find documentation about thinks like "register_async_rule_start()" for example...  can anyone point to me where is it documented, please? Thanks!Pedro.

Local mode with some URI checks. Possible??

Hi!  I am using "Local tests only" mode of SA to prevent any network checks, but there is one URIBL i would like to use (as an exception).. is it possible to do this??? I have added this rule lo local.cf:  urirhssub     URIBL_BLACK  multi.uribl.com.        A   2  body            URIBL_BLACK  

Re: Local mode with some URI checks. Possible??

users@spamassassin.apache.org Sent: Saturday, September 3, 2016 1:57 PM Subject: Re: Local mode with some URI checks. Possible?? On 03.09.16 09:32, Pedro David Marco wrote: >Thans Axb, I already did it, but i could not found any reasonable way to >disable all networks checks but one.

Re: Local mode with some URI checks. Possible??

> To: "users@spamassassin.apache.org" <users@spamassassin.apache.org> Sent: Sunday, September 4, 2016 9:52 PM Subject: Re: Local mode with some URI checks. Possible?? On 3 Sep 2016, at 5:32, Pedro David Marco wrote: > there is a Flag to indicate when a rule is net related or not

Re: Local mode with some URI checks. Possible??

s-20150...@billmail.scconsult.com> To: > "users@spamassassin.apache.org" <users@spamassassin.apache.org> Sent: > Sunday, September 4, 2016 9:52 PM Subject: Re: Local mode with some > URI checks. Possible?? > > On 3 Sep 2016, at 5:32, Pedro David Marco wrote: > >

Re: Local mode with some URI checks. Possible??

only mode. From: Axb <axb.li...@gmail.com> To: users@spamassassin.apache.org Sent: Saturday, September 3, 2016 11:06 AM Subject: Re: Local mode with some URI checks. Possible?? On 09/03/2016 08:45 AM, Pedro David Marco wrote: > Hi! > > I am using "Local tests only&qu

Re: Plugin development help needed...

. From: Martin Gregorie <mar...@gregorie.org> To: users@spamassassin.apache.org Sent: Saturday, September 10, 2016 3:33 PM Subject: Re: Plugin development help needed... On Sat, 2016-09-10 at 13:09 +, Pedro David Marco wrote: > Hi there... > i am not an expert OO devel

Re: trusted_networks question...

? ---PedroD From: Martin <ma...@ntlworld.com> To: users@spamassassin.apache.org Sent: Saturday, September 10, 2016 10:56 AM Subject: RE: trusted_networks question... From: Pedro David Marco [mailto:pedrod_ma...@yahoo.com] Sent: Saturday, Septem

Plugin development help needed...

Hi there... i am not an expert OO developer so i am somehow flying blind in here and need your help please Basically i want to write my own plugin and i have some repeated calculations in each and every plugin method that i would like to reduce to just one, but i am not sure on how to do it...

Re: RCVD_IN_SORBS_SPAM and google IPs

i receive tons of Ransonware from Google and MS Office365 IPs..   ---PedroD From: Bowie Bailey To: users@spamassassin.apache.org Sent: Friday, September 9, 2016 3:35 PM Subject: Re: RCVD_IN_SORBS_SPAM and google IPs On 9/9/2016 9:24 AM, li...@rhsoft.net

trusted_networks question...

Hi there... i have this in my local.cf: trusted_networks    88.2.890.3 when i run SA in debug mode i see this: [17721] dbg: received-header: relay 88.2.890.3 trusted? no internal? no msa? no there is no error or warns anywhere... is this normal? Thanks! ---PedroD

Dealing with huge URLs and timeouts (possible evasion technique?)

Hi, When  SA 3.4.1 analyzes emails with large random URIs... like this:

Re: Define new variables in local.cf

AM Subject: Re: Define new variables in local.cf On 08.11.16 04:39, Pedro David Marco wrote: >When you the same string repeated many times in a .cf file   is it possible > to use any kind of user-defined variable or constant to avoid repetition > and make it easier to maintain? any

Define new variables in local.cf

Hi! When you the same string repeated many times in a .cf file   is it possible to use any kind of user-defined variable or constant to avoid repetition and make it easier to maintain? thanks! -Pedro

Re: Doubt about compiled rules precedence

Something like that must be John... I will check my scripts once more... Thanks! >No problem, sometimes the obvious is overlooked. > >Perhaps the compile failed and SA is using the last good results?

Re: Doubt about compiled rules precedence

>I'm assuming that you *are* recompiling the rules and restarting  >spamd/Amavis after you make changes to the rules? sure, forgot to mention, sorry...

Re: Define new variables in local.cf

Great! Thanks! Pedro. From: RW <rwmailli...@googlemail.com> To: users@spamassassin.apache.org Sent: Tuesday, November 8, 2016 7:15 PM Subject: Re: Define new variables in local.cf On Tue, 8 Nov 2016 04:39:55 + (UTC) Pedro David Marco wrote: > Hi! > When

Doubt about compiled rules precedence

Hi! I have a doubt about compiled rules with sa-compile: Precedence between a "rule" and its compiled version is automatic so as long as the rule is not modified, the compiled rule will take precedence, am i right?I have noticed that sometimes (only sometimes) if i modify the rule, spamassassin

Re: PYZOR_CHECK always have zero score, why?

-20150...@billmail.scconsult.com> To: SA Mailing List <users@spamassassin.apache.org> Sent: Wednesday, October 19, 2016 6:04 AM Subject: Re: PYZOR_CHECK always have zero score, why? On 18 Oct 2016, at 23:22, Pedro David Marco wrote: > So Pyzor seems to be OK!... the problem is somehow related to

PYZOR_CHECK always have zero score, why?

Hi! It seems PYZOR_CHECK rule is not being used in my SA Just installed SA and Pyzor in a Debian and executed  "pyzor discover."In Debian pyzor is enabled by default so nothing to add in local.cf. Command "pyzor check < emailfile.eml" works ok. .. now i try to test SA in debug mode like

Re: PYZOR_CHECK always have zero score, why?

ssassin_org/regression_tests.cf" for included file only 50_scores.cf contains string PYZOR_CHECK --Pedro From: John Hardin <jhar...@impsec.org> To: SA Mailing List <users@spamassassin.apache.org> Sent: Wednesday, October 19, 2016 6:41 AM Subject: Re: PYZOR_CHECK a

Re: PYZOR_CHECK always have zero score, why?

ets score 0?  i am stuck...  -Pedro From: Matus UHLAR - fantomas <uh...@fantomas.sk> To: users@spamassassin.apache.org Sent: Wednesday, October 19, 2016 9:42 AM Subject: Re: PYZOR_CHECK always have zero score, why? On 19.10.16 04:28, Pedro David Marco wrote: >i already d

Re: PYZOR_CHECK always have zero score, why?

>Hmmm... Relevant context of those lines is lost with grep, but they >confirm something odd is going on. Bill, your remark is welcome, what lines/info should i pay attention to or event post here? Pedro

Re: PYZOR_CHECK always have zero score, why?

Thanks in any case Bill... Really appreciate all your help and time... Bill, John, Matus... Pedro From: Bill Cole <sausers-20150...@billmail.scconsult.com> To: "users@spamassassin.apache.org" <users@spamassassin.apache.org> Cc: Pedro David Marco <pedr

Re: PYZOR_CHECK always have zero score, why?

Thanks Bill... tested... >1. Add to local.cf, along with the other PYZOR_CHECK_2 lines you had:>>     >tflags PYZOR_CHECK_2 net>>Does that change whether the rule is hit?>>>2. >Change the PYZOR_CHECK score line in 50_scores.cf to:>>    score PYZOR_CHECK >0.001 1.985 0.001 1.392>>Does that quiet

Re: PYZOR_CHECK always have zero score, why?

I have tested it in a new Debian box and as expected PYZOR_CHECK worked. So it is obvious that i have something odd  in my Debibox. Thanks to all who helped me gently!! This takes me to and old question: How does SA know which are network rules and which are not? because it does itright even if

Re: PYZOR_CHECK always have zero score, why?

Thanks! >The 'net' tflag exists to allow SA to know what tests to disable when it  >is told to run only local tests. That is usually done when messages are >being checked well after their arrival, because network-dependent tests >are generally dynamic. There are also places where policy or

rule for text with accents

Hi! can anyone, please, tell me what is the correct way to write a rule that matches text with accents when i do not know the enconding?? shall i write a rule for utf-8,another one for iso-8859-1, etc?? i hope no... Thanks! -Pedro

Re: rule for text with accents

>If you set "normalize_charset 1" you can just test UTF-8 Thanks a lot RW fool me! it was on the docs and i skimmed it through.. please accept my apologizes... thanks again and have a nice weekned! --Pedro.

Re: PYZOR_CHECK always have zero score, why?

>IIRC I've seen this warning on meta rule dependencies with a non-zero >scores. Unless you have a better reason to think Pyzor isn't working, I>'d just ignore it. Well... you are right, in fact i have no problem in ignoring it, but i do not like tohave unresolved issues in something that is

relay not detected

Hi, i have spam emails with a Received line like this: Received: by 9-30-239-23.uocdn.net (Postfix) with ESMTPSA id 693A0C56B with  (unknown [158.69.130.12]) ; Sun, 20 Nov 2016 21:06:55 -0300 there is no parsing perl code for lines like this in Received.pm module so the relay 158.69.130.12 is

Re: List of legit mass mailers

of course that would be very interesting! ---Pedro. Just wondering if anyone has - or in interested in - a list of legit mass mailing sources? There are many domains that remail/deliver for other domains that are 95%+ good email. And they are not perfect and sometimes they get scammed

Attachments with no Content-Type mime header

Hi everybody... When an email has a MIME part with no Content-Type header, is there any way to force SA "guess" the format based on other criteria... file extension, for example? Example: Content-Disposition: attachment; filename="details.pdf"Content-Transfer-Encoding: base64 Thanks!

Re: Attachments with no Content-Type mime header

! PedroD From: Paul Stead <paul.st...@zeninternet.co.uk> To: Pedro David Marco <pedrod_ma...@yahoo.com>; "users@spamassassin.apache.org" <users@spamassassin.apache.org> Sent: Thursday, August 17, 2017 1:17 AM Subject: Re: Attachments with

Re: Random word spams and wiki spams

>Also, setup the KAM.cf rules and extra signatures for ClamAV from >Sanesecurity.  These often help with new spam campaigns.  I can post >which signature DBs I am using if that would be helpful. >-- >Dave Hi Dave... i have had problems in the past with the script to download Sanesecurity

Re: Exchange 2010 rewrite headers whimsically

>Concur.  We often use linux boxes in front of exchange boxes for any type of >mail manipulation.  > had to respond because I loved the term "Whimsical modification".  I shall > use that here out. >BTW, for those interested, work continues on masscheck.  > I spent Friday restoring two

Exchange 2010 rewrite headers whimsically

Hi everybody! According to Microsoft   https://technet.microsoft.com/en-us/library/aa996806(v=exchg.141).aspx   Exchange 2010 only rewirte some headers BUT...  i am seeing it modifying any header in a whimsicallyway... Headers starting by X- are deleted every other day, and today i am seeing

Re: Exchange 2010 rewrite headers whimsically

>Yes, once the mail has been touched by exchange its not useful anymore for >writing spam rules. Not only headers are changed/removed/reordered also >he html body is rewritten. >Also for testing and training the reordered received headers are very >annoying. Thanks Merijn.. how funny! let's party

Update suggestion for hotmail rule

Hi, sorry if discussed before and i missed it but, the rule FORGED_HOTMAIL_RCVD2 triggers when a hotmail email does not come from hotmail or msn servers, but actually they come oftenly from outlook.com   regards, -PedroD

Re: idn phishing

>Actually xn--example.com doesn't decode to example.com because in the >absence of a "-" separator "example" would be treated as encoded >non-ascii characters.   > >This means that it's impossible to encode an ASCII domain as an IDN >because each decoded label has to encode back to the

Re: Attachments with no Content-Type mime header

Thanks Paul,  but your plugin uses find_parts() that turns it pointless if there is no Content-Type mime header...   PedroD   >The magic number or file signature can be helpful in determining the filetype:   >https://en.wikipedia.org/wiki/List_of_file_signatures   >I make use of

Re: Attachments with no Content-Type mime header

Hi David... I agree with you... but some functions like find_parts() do not work if there are not Content-Type Headers... making impossible the analysis of some attachments... i am writing a plugin to detect suspicious PDFs... Maybe there's a better way to analyze attachments that using

Re: Rule Update Servers Coming Back!

Thanks a lot Kevin... Thanks a lot David --PedroD From: Kevin A. McGrail To: Spamassassin ; SpamAssassin Devel List Sent: Sunday, May 14, 2017 4:11 PM Subject: Rule Update Servers Coming Back!

About Petya2 campaign

Hi everybody... just bothering you to share this:  We are detecting  Petya2 inside attached PDFs...  (not detected by many AV) has anyone seen it into any MS OFFICE attachment?  or maybe any .js dropper? good hunting! ---PedroD

Re: Processing text within a PDF

Alex, not the answer you are looking for, but have you tried with quotemeta ???  maybe scaping all the text  may help... -PedroD

Re: orphan spamd childs?

>maybe they are processing mail and will exit after it's done... Thanks Fantomas, this is what i would expect and it seems what happens...  spamd childs get the SIGNAL and act accordingly, but for some reason, sometimes they IGNORE the SIGNAL... :-( --PedroD

orphan spamd childs?

Hello everybody... For some time i am noticing that when spamd is restarted or reloaded because there a new rules, not all child processes are correctly restarted or reloaded and they remain workingwith the old file set (and hence old rules).  It looks like an orhpan childs issue... So when

Re: orphan spamd childs?

It has just happened now again... :-( There are 2 spamd child processes in 'S' state... i run spamc  -R

Re: orphan spamd childs?

I understand that may be many blocking situations... buts SIGNALS are for that!  the process must attend the signal sooner or later... even if it has to wait untilthe end of the blocking situation... Yes, the blocking situation may unfortunatelly last for ever, but this is not the case since

Re: Why doesn't HK_RANDOM_FROM trigger on this email address?

>Well, F. W. Nietzsche never had kids But almost never so many people have had the same father...  :-p Now serious: Maybe you can add some more rules to deduce it may be a german email and score the RANDOM accordingly... ---PedroD.

Re: Looking for assist on a rule

Hi Gary, Try this..   (you are wrongly anchoring with ^) header   HS_BAD_DOMAIN  From =~ /\.(top|study|click|party|link|stream|info|trade|bid|xxx)$/i describe HS_BAD_DOMAIN  Contains one of the bad domains that commonly spams score      HS_BAD_DOMAIN  0.1 0.1 0.1 0.1 Pedro

Spam via sendgrid.net

Hi! Is anyboy scoring emails coming via sendgrid.net ???  i get tons os spam relayed through them !!   Thanks! Pedro

Re: Weird new malware

> Of course that should be: > > describe  SCC_MIME_BOGUSCT1  Bogus /mixed Content-Type > header    SCC_MIME_BOGUSCT1  Content-Type =~ /^(? score    SCC_MIME_BOGUSCT1  2 >Hmmm... For some reason I do not understand, the anchor doesn't work, >so: Bill the negative lookbehind does not

Re: Mailsploit and RFC1342 and spoofed From

>Hi Pedro, yes but I do not have the ability to share it but I've bcc'd someone >who does to see if they can mail it to the list. >Since the rule I made target effectively all of the mailsploit exploits and >it's already public, it should be safe.  But I don't know if he used domains >he

Re: Mailsploit and RFC1342 and spoofed From

>The tests are not working because of aws send limits. Unlikely to work. >Regards, >KAM You are right Kevin... fool me.. is there any pastebin sample??? PedroD

Re: Mailsploit and RFC1342 and spoofed From

You can get tests here... https://www.mailsploit.com/index#demo ---PedroD.

Re: Flakey spam email. How to filter?

Mark you are right: mix of upper and lower letters + huge div height (500px) + HTML email with no HTML tag + suspicious URLs + suspicious (to me) mailer (i cannot find much in google about moonray mailer)... i wish SA had a rule to test only the HTML tags... (rawbody - body)...   maybe this

Re: URI parser problems

>Perhaps a smaller step that would be useful would be to have the parser >require the second-level domain name have > 1 character. >How often would we see a valid registered domain name like "x.info" for >example? maybe the best way to know whether it is a URI or not is to ask the DNS...

Re: help with phishing email?

wow... depending on your geolocation, the phishing text changes and, at least in Spanish, it is totally correct!! sometimes i have to take my hat off...  -PedroD

Re: help with phishing email?

AJ, i cannot see anything with sense... is the pastebin correct?  -PedroD

Re: Bank fraud phish

Out of curiosity... "account is deactivated due to inactive,"   is this correct in english? shouldn't it be "inactivity"? Pedro

Re: Bank fraud phish

>For the most part, I agree, but the client here has also contracted >with Wombat and they managed to detect this email as "Probably Phish". >We're missing something with spamassassin. Any security system, Antiviruses, Sandboxes, etc...  that  can be tested in advance can be bypassed... it is

Re: Bank fraud phish

ber 24, 2017 11:12 PM Subject: Re: Bank fraud phish On Tue, 24 Oct 2017, Pedro David Marco wrote: > Out of curiosity... > > "account is deactivated due to inactive,"   > > is this correct in english? shouldn't it be "inactivity"? It isn't good English,

Re: Bank fraud phish

Probably it would be a good idea to have a list of potential "phishing-able" important companies... just as there is one for freemailers.. very greedy, i know... :-) ---Pedro

Preventing duplicated matches

Hi everybody... is there any way to avoid duplicated matches when tflag is set to "multiple"? Thanks! ---Pedro

Re: orphan spamd childs?

This is getting worse it seems that some spamd childs keep some data strucutures from one scan to the next and results are mangled over time  what a "funny" mess!!! :-( I have found that this only happens in Debian versions under 8.8, Debian 8.8 and 9.x seem to work nicely.

Semi OT: Greek help needed

is there anyone from Greece in the list, please? i need some help about some greek emails.. Thanks.. --PedroD

Re: Dropping mail

>> Define two classes of recipients: >>    class A == all users who want everything >>    class B == all users who want "standard" filtering Be aware of Class A users...  once they click on where they should not, then as if by magic it was your fault and the s--t hits the fun... (of course

Re: Invoice phish

David Jones wrote:>It's not only compromised well-established accounts.  Based on the odd >domain names I have seen, I am pretty sure that Microsoft allows trials >of O365 so spammers are signing up and blasting out junk/phishing emails >until they are discovered.  These spammers can spoof

Re: More outlook phish

I agree with David Jones that DKIM is helpful in here BUT i see oftently MS switching the order of headers whimsically... Pedro

Re: More outlook phish

>On Saturday, June 9, 2018, 11:05:51 PM GMT+2, Grant Taylor wrote: >>I don't think the order of the headers matters as long as the contents >of the header aren't changed. Grant, you are right, please excuse me... i have checked some samples and O365 DKIM DOES NOT sign Receiveds

Re: More outlook phish

>On Saturday, June 9, 2018, 8:03:31 AM GMT+2, Rupert Gallagher wrote: >On Fri, Jun 8, 2018 at 23:05, David Jones wrote: > 2.2 MISSING_HEADERS Missing To: header >The fillowing is all one needs. >5.0 MISSING_HEADERS Missing To: header >Remember that e-mail is mail after 

Re: Garbage string emails

>On Thursday, May 31, 2018, 6:24:06 PM GMT+2, Reindl Harald > wrote: >>Am 31.05.2018 um 18:17 schrieb Pedro David Marco: > No not discard they are botnet commands!!> >and why yould you not want do discard / reject them then? >WTF! :-DD  of course!  So

Re: Garbage string emails

No not discard they are botnet commands!! -Pedro

Huge spam increment in mid-May

Reviewing May reports i see a huge spam increment in mid-May that lasted 5 days aprox...  Has someone noticed this as well?  maybe a new active bot-net? Pedro

Re: Huge spam increment in mid-May

>Do you have any examples?  I have had a quiet past 2 weeks with almost >zero reports of junk by my users.  So either my rules are currently >tuned well to block the current spam/phishing campaigns or something.  I >assumed a botnet had been take down.  I usually have to deal with a few

Re: Preventing duplicated matches

>Can you provide a concrete example of *why* you would want to set "tflags  >multiple" in the first place if you do not want duplicate/multiple >matches for that rule? Actually multiple counts the sum of matches in text and html parts. So a value of 2 (for example) means either that a match is

Re: Spamassassin // replicate configuration on multiple servers

>The rsync script uses SSH access from the master to the slaves with a >passphraseless key so it's very simple to rsync and even run commands on >the slaves to restart SA/MailScanner/Clamd when a change is detected on >the slaves.  Disclaimer, a passphraseless SSH key can be risky so make

Re: Link following leads to redirect

... there are also "one time links", that vanish once visisted/downloaded.  PedroD

SURBL false positives ratio

Out of curiosity...  how is SUBRL in terms of false positives?? is it a worthy IOC DDBB?? Thanks. ---PedroD

Maxium URL acceptable length

Hi, What is, in your opinion, the maximum URL acceptable length? I am not speaking about RFCs or defacto browsers limits, etc i am just asking you for personal opinions, please... Many browsers do not bookmark over 300 octets (aprox), and do not show in address-bar over 2500 octets (aprox). 

FORGED_HOTMAIL_RCVD2 false positive

Hi, FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') triggers for valid hotmail messages...  (SA 3.4.1) This small change solves the problem but i do not know whether it is the correct way...    maybe "hotmail" string should be changed widelly to "outlook|hotmail"...

Re: Penalty for no/bad SPF

Do not forget that accounts in valid servers are hacked oftenly... ---PedroD

Re: FORGED_HOTMAIL_RCVD2 false positive

Thanks/ Grazie mile Giovanni... PedroD On Monday, January 29, 2018, 8:27:01 AM GMT+1, Giovanni Bechis wrote: On 01/29/18 06:00, Alex wrote: > Hi, > >> FORGED_HOTMAIL_RCVD2 (hotmail.com 'From' address, but no 'Received:') >> triggers for valid hotmail

Adding IPs to the check list

Is there any "relativelly easy" way to add a new IP found in a non-standard header to the IPs checks (e.g. DNSRBL)???  plugin is the only way? Thanks. --PedroD

Re: orphan spamd childs?

>Are you using the --round-robin option in spamd? If so try running >without it. >A long time ago the child management code was substantially updated, >but the legacy code with left in and accessed through that option. Thanks a lot RW... i am not using --round-robin option...  but i have

Re: Malformed spam email gets through.

> Also, can anyone suggest a nicely written rule, that triggers when an html > tag's text contains both upper and lower case letters?  Thanks. - Mark Hi Mark and happy new year! For small tags a simple rule, uggly but very cheap, may work:  /Src|sRc|srC|.. and son on   number of

Re: Asynchronous checks with AsyncLoop for no DNS stuff

Async dns lookups work nice... but it would be great to run asynchronously checks for Atachments content for example.. On Saturday, August 4, 2018, 3:41:24 PM GMT+2, Benny Pedersen wrote: Pedro David Marco skrev den 2018-08-04 11:15: > I would like to run asynchronous checks

Asynchronous checks with AsyncLoop for no DNS stuff

I would like to run asynchronous checks via AsyncLoop... does anyone know of any plugin, or sort of code, or framework that uses AsyncLoop for no DNS related checks?  Thanks... PedroD

Re: Phish with xps attachment

XPS is a ZIP compressed document format.  I may be wrong but  Is any serious software/company using .XPS for invoices? to me, PDF is the facto standard for invoices...   maybe you can score the mix of .XPS + "due invoice" text -PedroD >On Tuesday, August 7, 2018, 8:10:08 PM

Help with own RBL

Not exactly a SA question but... i am planning to run my own RBL with a nameserver, that when queried for an IP that is not in its database, does some calculations with that IP and replies accordingly (caching the results)... Please, does anyone know of any nameserver that can do that? To my

Re: Help with own RBL

On Tuesday, July 24, 2018, 12:07:52 AM GMT+2, David B Funk wrote: >What kind of 'calculations with that IP' ? Thanks Dave... calculations are complex and done with a an external script that reads some files parsing them... -PedroD

Re: Best practice for learning submissions

>On Tuesday, July 24, 2018, 1:38:59 AM GMT+2, Nick Bright wrote: >So I ask: what is the best practice for learning submissions when using  >site-wide bayes? Nick, do all your users use the same MUA?  There are some user level "plug-ins" that may be configured to send out the sample to

Re: Best practice for learning submissions

On Tuesday, July 24, 2018, 6:50:13 AM GMT+2, Bill Cole wrote: > Learning ham is harder Totally agree Bill, unless you use Microsoft technics...:  send everything to spam folder and if moved to inbox by user then... it is ham! -PedroD

Re: Help with own RBL

On Tuesday, July 24, 2018, 12:04:57 AM GMT+2, Kris Deugau wrote: >IIRC PowerDNS can be set up to run Lua code fragments of some kind on  DNS >requests.     Thanks! i did not know it. i have checked it and Lus cannot exec eternanl commands to get a possible "answer"... > To

Re: spample: porn extortion with pure numeric From domain and base64 body

On Wednesday, July 18, 2018, 6:58:54 AM GMT+2, Bill Cole wrote: >> 3. Pure numeric TLDs appear to be non existent (so far!) >I expect that this will hold true for a long time. Bill, do not speak loud! truth is stranger than fiction  :-( ---PedroD

  1   2   3   >