SA not honoring customs in local.cf - was Re: RP_MATCHES_RCVD letting in SPAM
I'd like to revisit this, now that I have sufficient energy to devote to some hard sleuthing. Despite the fact that I was less than sharp (ahem) when first looking at this, I do feel I have covered all the obvious suspects. Some gentle nudges (or not) might get me rolling again. I suppose I should repost this with details of what I have done so far, as even those of kind and gentle nature may not be inclined to search it out. But I won't clutter further, if there is no interest. joe a. Joe Acquisto-j4 j...@j4computers.com 08/21/13 9:45 AM Bear in mind, that will tell you whether those configuration files are syntactically correct; that does not tell you anything about whether or not those are the files the spamd daemon is using. Take a look at the script that starts spamd. It may have a hardcoded path to the configuration directory. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ The /etc/init.d/spamd file has a hardcoded reference to that specific file. I'm pretty sure it is the one being read. However, I am not so certain others are not being read later. I find a lot of references, for example, to BAYES_99 in /usr/share/spamassassin/blah.cf. I certainly don't know if these would override the setting in /etc/mail/spamassassin/local.cf. joe a.
Re: SA not honoring customs in local.cf - was Re: RP_MATCHES_RCVD letting in SPAM
if you need help, the best way is to: - stay *concise* at all times - verbose blah can drive ppl away - post config and then explain issue, *concisely* - don't revive old threads. - help ppl help you - their time is precious and few have unlimited patience. - keep it down to facts - if you have a problem, I thought, I assumed, I hoped are of little value. On 09/06/2013 03:20 PM, Joe Acquisto-j4 wrote: I'd like to revisit this, now that I have sufficient energy to devote to some hard sleuthing. Despite the fact that I was less than sharp (ahem) when first looking at this, I do feel I have covered all the obvious suspects. Some gentle nudges (or not) might get me rolling again. I suppose I should repost this with details of what I have done so far, as even those of kind and gentle nature may not be inclined to search it out. But I won't clutter further, if there is no interest. joe a. Joe Acquisto-j4 j...@j4computers.com 08/21/13 9:45 AM Bear in mind, that will tell you whether those configuration files are syntactically correct; that does not tell you anything about whether or not those are the files the spamd daemon is using. Take a look at the script that starts spamd. It may have a hardcoded path to the configuration directory. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ The /etc/init.d/spamd file has a hardcoded reference to that specific file. I'm pretty sure it is the one being read. However, I am not so certain others are not being read later. I find a lot of references, for example, to BAYES_99 in /usr/share/spamassassin/blah.cf. I certainly don't know if these would override the setting in /etc/mail/spamassassin/local.cf. joe a.
Re: SA not honoring customs in local.cf - was Re: RP_MATCHES_RCVD letting in SPAM
Joe Acquisto-j4 wrote: I'd like to revisit this, now that I have sufficient energy to devote to some hard sleuthing. Despite the fact that I was less than sharp (ahem) when first looking at this, I do feel I have covered all the obvious suspects. Some gentle nudges (or not) might get me rolling again. I suppose I should repost this with details of what I have done so far, as even those of kind and gentle nature may not be inclined to search it out. I read back a bit in the thread; you've definitely got something strange going on. I don't see a couple of bits of information that might help narrow it down: - which distribution? - is this a packaged SA, or installed from source? - where did the init script come from? - how are you calling SA for normal scanning? Next: You should have, in the first few lines from spamassassin -D --lint, a line like this (this is from CentOS, self-built package derived at one time from the RPMForge package): Sep 6 09:35:26.372 [30447] dbg: generic: Perl 5.008008, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES _DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin SA reads rules from all of these locations, and the processes them from the DEF_RULES_DIR, LOCAL_STATE_DIR, and then LOCAL_RULES_DIR locations, sorted alphabetically within each grouping. Unfortunately -D doesn't actually indicate when it parses any given specific file from one of those locations. Try grep -r RP_MATCHES_RCVD /etc - compare that with the list of files spamassassin -D --lint reports that it's read. The /etc/init.d/spamd file has a hardcoded reference to that specific file. I'm pretty sure it is the one being read. Take a message that triggered this rule, and run spamassassin message; does it still trigger the rule? If not then try removing the arguments that set any of the configuration paths from the init script. For most cases this is redundant anyway; SA knows which directories it should look in. -kgd
Re: RP_MATCHES_RCVD letting in SPAM
On 21 Aug 2013, at 16:33 , Joe Acquisto-j4 j...@j4computers.com wrote: OK. That's what I thought. However, lint shows it reading /etc/mail/spamassassing/local.cf near the top of lint output and all the others, further down, which suggests it is reading them after. Perhaps that is a poor conclusion. I can't think of a reason that --lint would need to check the files in the same order than SA applies them. -- Adolescence is the period between childhood and adultery
Re: RP_MATCHES_RCVD letting in SPAM
Bear in mind, that will tell you whether those configuration files are syntactically correct; that does not tell you anything about whether or not those are the files the spamd daemon is using. Take a look at the script that starts spamd. It may have a hardcoded path to the configuration directory. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ The /etc/init.d/spamd file has a hardcoded reference to that specific file. I'm pretty sure it is the one being read. However, I am not so certain others are not being read later. I find a lot of references, for example, to BAYES_99 in /usr/share/spamassassin/blah.cf. I certainly don't know if these would override the setting in /etc/mail/spamassassin/local.cf. joe a.
Re: RP_MATCHES_RCVD letting in SPAM
On Wed, 21 Aug 2013, Joe Acquisto-j4 wrote: Bear in mind, that will tell you whether those configuration files are syntactically correct; that does not tell you anything about whether or not those are the files the spamd daemon is using. Take a look at the script that starts spamd. It may have a hardcoded path to the configuration directory. The /etc/init.d/spamd file has a hardcoded reference to that specific file. I'm pretty sure it is the one being read. OK. However, I am not so certain others are not being read later. There should be a reference to a directory, SA will read all the .cf files in that directory. Does it have a -C, --configpath or --siteconfigpath option defined with a directory? I find a lot of references, for example, to BAYES_99 in /usr/share/spamassassin/blah.cf. I certainly don't know if these would override the setting in /etc/mail/spamassassin/local.cf. Local settings should override standard settings, so no. /usr/share/spamassassin is the base install directory. There is another directory that sa-update populates that is read after the base directory. Then the local configs are read. Last one read, wins. spamassassin --lint -D should output all the directories being used; you can use the same command-line options given to spamd to configure spamassin --lint -D the same way -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Yet another example of a Mexican doing a job Americans are unwilling to do. -- Reno Sepulveda, on UniVision reporters asking President Obama some pointed questions about the BATFE Fast and Furious scandal. --- 3 days until the 1934th anniversary of the destruction of Pompeii
Re: RP_MATCHES_RCVD letting in SPAM
. . . I find a lot of references, for example, to BAYES_99 in /usr/share/spamassassin/blah.cf. I certainly don't know if these would override the setting in /etc/mail/spamassassin/local.cf. Local settings should override standard settings, so no. OK. That's what I thought. However, lint shows it reading /etc/mail/spamassassing/local.cf near the top of lint output and all the others, further down, which suggests it is reading them after. Perhaps that is a poor conclusion. /usr/share/spamassassin is the base install directory. There is another directory that sa-update populates that is read after the base directory. Then the local configs are read. Last one read, wins. spamassassin --lint -D should output all the directories being used; you can use the same command-line options given to spamd to configure spamassin --lint -D the same way Since both the root user (me) and the defined spam user (whose name I do see in logs) use /etc/spamassassin/local.cf (per lint), is that still worth trying? joe a. John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Yet another example of a Mexican doing a job Americans are unwilling to do. -- Reno Sepulveda, on UniVision reporters asking President Obama some pointed questions about the BATFE Fast and Furious scandal. --- 3 days until the 1934th anniversary of the destruction of Pompeii
Re: RP_MATCHES_RCVD letting in SPAM
On 19.08.13 18:23, Joe Acquisto-j4 wrote: So, I have this in my /etc/mail/spamassassin/local.cf: is that the same as /etc/spamassassin/local.cf? score RP_MATCHES_RCVD 0 Yet, even after restart of spamd, mail comes thru with a -2.8. What should I look at? I know other stuff is read as I changed trusted and local network IP's and had a typo in one. lint called me out on it. what happens then you pipe a mail into spamassassin -D? What spamassassin --lint produce? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
Re: RP_MATCHES_RCVD letting in SPAM
On 8/20/2013 at 5:00 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 19.08.13 18:23, Joe Acquisto-j4 wrote: So, I have this in my /etc/mail/spamassassin/local.cf: is that the same as /etc/spamassassin/local.cf? Don't have one of those. /etc/mail/spamassassin is where bayes_db, sa-update-keys and the assorted .pre files are. score RP_MATCHES_RCVD 0 Yet, even after restart of spamd, mail comes thru with a -2.8. What should I look at? I know other stuff is read as I changed trusted and local network IP's and had a typo in one. lint called me out on it. what happens then you pipe a mail into spamassassin -D? Never tried it. What spamassassin --lint produce? Quite a lot. You want me to post the entire output? joe a. Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges. l
Re: RP_MATCHES_RCVD letting in SPAM
On 8/20/2013 at 5:00 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 19.08.13 18:23, Joe Acquisto-j4 wrote: So, I have this in my /etc/mail/spamassassin/local.cf: is that the same as /etc/spamassassin/local.cf? On 20.08.13 08:05, Joe Acquisto-j4 wrote: Don't have one of those. /etc/mail/spamassassin is where bayes_db, sa-update-keys and the assorted .pre files are. OK, I wasn't just sure if you change the correct file. score RP_MATCHES_RCVD 0 Yet, even after restart of spamd, mail comes thru with a -2.8. What should I look at? maybe any other file in /etc/mail/spamassassin? I know other stuff is read as I changed trusted and local network IP's and had a typo in one. lint called me out on it. what happens then you pipe a mail into spamassassin -D? Never tried it. What spamassassin --lint produce? Quite a lot. You want me to post the entire output? here it produces nothing. Maybe there's really syntax error in your configuration files? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines.
Re: RP_MATCHES_RCVD letting in SPAM
What spamassassin --lint produce? Quite a lot. You want me to post the entire output? here it produces nothing. Maybe there's really syntax error in your configuration files? -- Oh, sorry, it produces nothing here as well. I was thinking (not!) of spamassassin -D --lint file 21, which is quite verbose. But has not lead me to a solution. It may be trying to . . . joe a.
Re: RP_MATCHES_RCVD letting in SPAM
On Tue, 20 Aug 2013, Joe Acquisto-j4 wrote: On 8/20/2013 at 5:00 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: what happens then you pipe a mail into spamassassin -D? Never tried it. What spamassassin --lint produce? Quite a lot. You want me to post the entire output? Bear in mind, that will tell you whether those configuration files are syntactically correct; that does not tell you anything about whether or not those are the files the spamd daemon is using. Take a look at the script that starts spamd. It may have a hardcoded path to the configuration directory. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- We are hell-bent and determined to allocate the talent, the resources, the money, the innovation to absolutely become a powerhouse in the ad business. -- Microsoft CEO Steve Ballmer ...because allocating talent to securing Windows isn't profitable? --- 4 days until the 1934th anniversary of the destruction of Pompeii
Re: RP_MATCHES_RCVD letting in SPAM
So, I have this in my /etc/mail/spamassassin/local.cf: score RP_MATCHES_RCVD 0 Yet, even after restart of spamd, mail comes thru with a -2.8. What should I look at? I know other stuff is read as I changed trusted and local network IP's and had a typo in one. lint called me out on it. joe a.
Re: RP_MATCHES_RCVD letting in SPAM
On Mon, 19 Aug 2013, Joe Acquisto-j4 wrote: So, I have this in my /etc/mail/spamassassin/local.cf: score RP_MATCHES_RCVD 0 Yet, even after restart of spamd, mail comes thru with a -2.8. I assume you mean by that, RP_MATCHES_RCVD is still hitting and scoring points? What should I look at? Silly question: are you using Amavis? Are you sure that spamd is using that configuration file? I know other stuff is read as I changed trusted and local network IP's and had a typo in one. lint called me out on it. The command-line SA environment is not necessarily the same environment as the daemon uses. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Windows Genuine Advantage (WGA) means that now you use your computer at the sufferance of Microsoft Corporation. They can kill it remotely without your consent at any time for any reason; it also shuts down in sympathy when the servers at Microsoft crash. --- 5 days until the 1934th anniversary of the destruction of Pompeii
Re: RP_MATCHES_RCVD letting in SPAM
On 8/19/2013 at 6:54 PM, John Hardin jhar...@impsec.org wrote: On Mon, 19 Aug 2013, Joe Acquisto-j4 wrote: So, I have this in my /etc/mail/spamassassin/local.cf: score RP_MATCHES_RCVD 0 Yet, even after restart of spamd, mail comes thru with a -2.8. I assume you mean by that, RP_MATCHES_RCVD is still hitting and scoring points? You assume correctly, Sir. What should I look at? Silly question: are you using Amavis? No. ISP is, tho. Are you sure that spamd is using that configuration file? I thought so, as I put in the PW_IS_BAD_TLD rule someone on list provided, but now I see it is scoring 3.0, while I have it set to 4.0 in the config I think it is using. Has PW_IS_BAD_TLD been incorporated in to the base rule set? I guess I need to dig in and refresh myself on where the config file to use is defined. joe a. I know other stuff is read as I changed trusted and local network IP's and had a typo in one. lint called me out on it. The command-line SA environment is not necessarily the same environment as the daemon uses. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Windows Genuine Advantage (WGA) means that now you use your computer at the sufferance of Microsoft Corporation. They can kill it remotely without your consent at any time for any reason; it also shuts down in sympathy when the servers at Microsoft crash. --- 5 days until the 1934th anniversary of the destruction of Pompeii
Re: RP_MATCHES_RCVD letting in SPAM
Quanah Gibson-Mount skrev den 2013-08-15 21:05: Some of our users are getting a ton of SPAM from .br domains. If it weren't for RP_MATCHES_RCVD they would actually end up in their junk folder rather than their Inbox. Is there a general suggested adjustment I can make catch these without tweaking RP_MATCHES_RCVD? meta LOTS_OF_MONEY (3) (3) (3) (3) meta RP_MATCHES_RCVD (1) (1) (1) (1)
Re: RP_MATCHES_RCVD letting in SPAM
--On Thursday, August 15, 2013 9:16 PM +0200 Benny Pedersen wrote: Quanah Gibson-Mount skrev den 2013-08-15 21:05: Some of our users are getting a ton of SPAM from .br domains. If it weren't for RP_MATCHES_RCVD they would actually end up in their junk folder rather than their Inbox. Is there a general suggested adjustment I can make catch these without tweaking RP_MATCHES_RCVD? meta LOTS_OF_MONEY (3) (3) (3) (3) meta RP_MATCHES_RCVD (1) (1) (1) (1) Perfect, thanks! --Quanah -- Quanah Gibson-Mount Lead Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration
Re: RP_MATCHES_RCVD letting in SPAM
--On Thursday, August 15, 2013 12:21 PM -0700 Quanah Gibson-Mount qua...@zimbra.com wrote: --On Thursday, August 15, 2013 9:16 PM +0200 Benny Pedersen wrote: Quanah Gibson-Mount skrev den 2013-08-15 21:05: Some of our users are getting a ton of SPAM from .br domains. If it weren't for RP_MATCHES_RCVD they would actually end up in their junk folder rather than their Inbox. Is there a general suggested adjustment I can make catch these without tweaking RP_MATCHES_RCVD? meta LOTS_OF_MONEY (3) (3) (3) (3) meta RP_MATCHES_RCVD (1) (1) (1) (1) Perfect, thanks! Hm, that won't catch our other BR spam though. :( Return-Path: reto...@registraclique.com.br Received: from edge01-zcs.vmware.com (LHLO edge01-zcs.vmware.com) (10.113.208.51) by mbs03-zcs.vmware.com with LMTP; Thu, 15 Aug 2013 11:15:55 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by edge01-zcs.vmware.com (Postfix) with ESMTP id CB83A1968; Thu, 15 Aug 2013 11:15:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at edge01-zcs.vmware.com X-Spam-Flag: NO X-Spam-Score: 2.833 X-Spam-Level: ** X-Spam-Status: No, score=2.833 tagged_above=-10 required=3 tests=[BAYES_99=3.5, DKIM_SIGNED=0.1, HTML_IMAGE_RATIO_04=0.556, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.344, T_DKIM_INVALID=0.01, T_KHOP_FOREIGN_CLICK=0.01] autolearn=no Authentication-Results: edge01-zcs.vmware.com (amavisd-new); dkim=neutral reason=invalid (public key: not available) header.d=registraclique.com.br Received: from edge01-zcs.vmware.com ([127.0.0.1]) by localhost (edge01-zcs.vmware.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qup1pMAcaDgg; Thu, 15 Aug 2013 11:15:53 -0700 (PDT) Received: from registraclique.com.br (s175.registraclique.com.br [141.105.64.175]) by edge01-zcs.vmware.com (Postfix) with ESMTPS id 90F8A1940 for xx...@zimbra.com; Thu, 15 Aug 2013 11:15:52 -0700 (PDT) Received: by registraclique.com.br (Postfix, from userid 0) id 2BAEB8860B8; Thu, 15 Aug 2013 10:22:21 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=registraclique.com.br; s=default; t=1376590475; bh=nUoQ44WhTVHL4zF0mcmuHnMTLjLNO1sgscswqFRg/0g=; h=To:Subject:Date:From:Reply-To:List-Unsubscribe; b=ovlYK4eRDyhcbVMwLbd+TqVjdXO2pwQyko4Kc0FKjdan2k8tz9uO6y2633kIBG+fb NJLigYccPUTrD/2B6MYTgWzXulw8pQtVbXSKnuzXAq0pZmwx5a+jXiVJOWH8gsW1e7 FW+Qaxu0aIrmfOkPLOzGHALhLkg8JIxWLiAbe/lE= To: xx...@zimbra.com Subject: Fale Ilimitado Com Todo O Brasil Por R$19,90! Message-ID: 350297cb0672e79fdb9aa53472cca...@www.registraclique.com.br Date: Thu, 15 Aug 2013 09:16:29 -0400 From: =?UTF-8?B?Q2xhcm8gRmFsZSDDoCBWb250YWRl?= cont...@registraclique.com.br Reply-To: cont...@registraclique.com.br MIME-Version: 1.0 X-Mailer-LID: 11 List-Unsubscribe: http://www.registraclique.com.br/iem/unsubscribe.php?M=1531174C=77d064e695a19edb4155caf4c244402aL=11N=72 X-Mailer-RecptId: 1531174 X-Mailer-SID: 72 X-Mailer-Sent-By: 1 Content-Type: multipart/alternative; charset=UTF-8; boundary=b1_bb3d14c03992adb6a28e84dfa3fb4b7d Content-Transfer-Encoding: 8bit --b1_bb3d14c03992adb6a28e84dfa3fb4b7d Content-Type: text/plain; format=flowed; charset=UTF-8 Content-Transfer-Encoding: 8bit -- Quanah Gibson-Mount Lead Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration
Re: RP_MATCHES_RCVD letting in SPAM
On Thu, 15 Aug 2013, Benny Pedersen wrote: meta LOTS_OF_MONEY (3) (3) (3) (3) I *do not recommend* doing that. There is a lot of legitimate email that mentions large monetary amounts (e.g. a newsletter discussing the US budget deficit). That rule's score is informational on purpose, so that the description will appear in the rule hits without affecting the score noticeably. It's intended to be used in metas with other rules that make a mention of a large amount of money suspicious. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Maxim IX: Never turn your back on an enemy. --- Today: the 68th anniversary of the end of World War II
Re: RP_MATCHES_RCVD letting in SPAM
John Hardin skrev den 2013-08-15 21:41: the score noticeably. It's intended to be used in metas with other rules that make a mention of a large amount of money suspicious. also why i used soft blacklists, i have not seen the real problem yet, but imho anyone can soft score adjust if needed, or even make more specific rules to detect spams localy, i loosed to check if the mails was really from a maillist with opt-out problematic, only the recipient can tell
Re: RP_MATCHES_RCVD letting in SPAM
Quanah Gibson-Mount skrev den 2013-08-15 21:25: Hm, that won't catch our other BR spam though. :( List-Unsubscribe: http://www.registraclique.com.br/iem/unsubscribe.php?M=1531174C=77d064e695a19edb4155caf4c244402aL=11N=72 unsubscribe ? if recipient was not opt-in then block sender domain with mta rule, dont accept opt-out !
Re: RP_MATCHES_RCVD letting in SPAM
On 15.08.13 12:05, Quanah Gibson-Mount wrote: Some of our users are getting a ton of SPAM from .br domains. If it weren't for RP_MATCHES_RCVD they would actually end up in their junk folder rather than their Inbox. Is there a general suggested adjustment I can make catch these without tweaking RP_MATCHES_RCVD? I have score RP_MATCHES_RCVD 0 in /etc/mail/local.cf there is __RP_MATCHES_RCVD that has to be used in metas. I don't see any poing in giving positive score to mail just because it's not any kind of forged... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity...
Re: RP_MATCHES_RCVD letting in SPAM
Matus UHLAR - fantomas skrev den 2013-08-15 22:33: score RP_MATCHES_RCVD 0 hard scoreing there is __RP_MATCHES_RCVD that has to be used in metas. I don't see any poing in giving positive score to mail just because it's not any kind of forged... __foo have no scores, no point in setting it, well if rules gives negative scores for spam it would make sense to add (softblacklist) that rule until its detected as spam, or create another rule so it works specific to the spam with hard scoreing one loose corpus scoreing from apache.org :)
Re: RP_MATCHES_RCVD letting in SPAM
Matus UHLAR - fantomas skrev den 2013-08-15 22:33: score RP_MATCHES_RCVD 0 hard scoreing there is __RP_MATCHES_RCVD that has to be used in metas. I don't see any poing in giving positive score to mail just because it's not any kind of forged... On 15.08.13 22:41, Benny Pedersen wrote: __foo have no scores, no point in setting it, well if rules gives negative scores for spam it would make sense to add (softblacklist) that rule until its detected as spam, or create another rule so it works specific to the spam with hard scoreing one loose corpus scoreing from apache.org :) I have said it already: There's no point in decreasing score just because the sender domain is the same as the mail server. That's why I set RP_MATCHES_RCVD to 0 so it will not hit. If anyone wants to use this in meta rules, we have __RP_MATCHES_RCVD (with default score of 0) for such usage. Since RP_MATCHES_RCVD has score of 0, it won' hit any metas since it's disabled by setting the score to 0. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Save the whales. Collect the whole set.
Re: RP_MATCHES_RCVD letting in SPAM
--On Thursday, August 15, 2013 10:07 PM +0200 Benny Pedersen wrote: Quanah Gibson-Mount skrev den 2013-08-15 21:25: Hm, that won't catch our other BR spam though. :( List-Unsubscribe: http://www.registraclique.com.br/iem/unsubscribe.php?M=1531174C=77d064 e695a19edb4155caf4c244402aL=11N=72 unsubscribe ? if recipient was not opt-in then block sender domain with mta rule, dont accept opt-out ! Thanks Benny, I will just blacklist them. --Quanah -- Quanah Gibson-Mount Lead Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration