On 12/1/18 8:31 AM, Matus UHLAR - fantomas wrote:
>> El vie., 30 nov. 2018 a las 3:06, Matus UHLAR - fantomas
>> () escribió:
>>> And, yes, there could be rule that catches message-id added by internal
>>> server. Note that:
>>> - Message-ID is not required (has SHOULD in RFC)
>>> - many
El vie., 30 nov. 2018 a las 3:06, Matus UHLAR - fantomas
() escribió:
And, yes, there could be rule that catches message-id added by internal
server. Note that:
- Message-ID is not required (has SHOULD in RFC)
- many mailservers add message-id if it doesn't exist.
>>
On 29.11.18 09:30, Rupert Gallagher wrote:
Message-ID and To have the same domain, but From does not. You should have
never received that mail.
On 30.11.18 21:09, Rupert Gallagher wrote:
Although the RFC allows muas not to include the mid, the same RFC does not
mandate mtas to accept them.
On Fri, 30 Nov 2018, Rupert Gallagher wrote:
Although the RFC allows muas not to include the mid, the same RFC does
not mandate mtas to accept them. Since 100% of such emails on our
records are spam, then we reject them upfront.
...and if you're adopting that policy, the configure your MTA
Although the RFC allows muas not to include the mid, the same RFC does not
mandate mtas to accept them. Since 100% of such emails on our records are spam,
then we reject them upfront. I understand that spammers and scummers hate our
policy, but hey, who cares, right? Our inbox, our rules.
On
El vie., 30 nov. 2018 a las 3:06, Matus UHLAR - fantomas
() escribió:
> And, yes, there could be rule that catches message-id added by internal
> server. Note that:
> - Message-ID is not required (has SHOULD in RFC)
> - many mailservers add message-id if it doesn't exist.
>
> >>
> >>
On 29.11.18 09:30, Rupert Gallagher wrote:
Message-ID and To have the same domain, but From does not. You should have
never received that mail.
this happens when message-id is added by mailserver of the recipient.
Should hit MSGID_FROM_MTA_HEADER.
And, yes, there could be rule that catches
El mié., 28 nov. 2018 a las 19:08, Reindl Harald
() escribió:
>
> >
> > these are the files that increase the score of the rule , If I'm
> > missing someone, please someone guide me or update me if I'm doing it
> > wrong.
> >
> > /var/lib/spamassassin/3.004001/updates_spamassassin_org/72_scores.cf
El jue., 29 nov. 2018 a las 10:18, David Jones () escribió:
>
> On 11/29/18 9:44 AM, Paul Stead wrote:
> > I can't find MSGID_BELONGS_RECIPIENT in the standard distribution - I think
> > this might be because my Plugin is installed.
> >
> > Another to get into branch?
> >
>
> I think this one is
On 11/29/18 9:44 AM, Paul Stead wrote:
> I can't find MSGID_BELONGS_RECIPIENT in the standard distribution - I think
> this might be because my Plugin is installed.
>
> Another to get into branch?
>
I think this one is worthy of consideration to be included in the core
SA ruleset.
El jue., 29 nov. 2018 a las 7:47, David Jones () escribió:
>
> Here's what my mail filters say. You can ignore the DKIM_INVALID
> because the body was intentionally modified (redacted) to post to pastbin.
>
> X-Spam-Status: Yes, score=11.0 required=5.0 tests=BAYES_99,DKIM_INVALID,
>
I can't find MSGID_BELONGS_RECIPIENT in the standard distribution - I think
this might be because my Plugin is installed.
Another to get into branch?
--
On 29/11/2018, 13:47, "David Jones" wrote:
On 11/29/18 3:30 AM, Rupert Gallagher wrote:
> Message-ID and To have the same domain,
On 11/29/18 3:30 AM, Rupert Gallagher wrote:
> Message-ID and To have the same domain, but From does not. You should
> have never received that mail.
>
Here's what my mail filters say. You can ignore the DKIM_INVALID
because the body was intentionally modified (redacted) to post to pastbin.
Message-ID and To have the same domain, but From does not. You should have
never received that mail.
On Wed, Nov 28, 2018 at 19:15, Rick Gutierrez wrote:
> El mié., 28 nov. 2018 a las 6:03, Christian Grunfeld
> () escribió:
>>
>> Hi,
>>
>> this is a logcould you paste the email headers?
>>
in days past when I start this type of messages / spammer increase the
score of this rule HEADER_FROM_DIFFERENT_DOMAINS=0.001 , add the
score to 3, but keep the default 0.001 , update my spamassassin once a
day, I'm using version 3.4.1.
these are the files that increase the score of the rule ,
El mié., 28 nov. 2018 a las 6:03, Christian Grunfeld
() escribió:
>
> Hi,
>
> this is a logcould you paste the email headers?
>
> cheers
>
I do not know if it is useful, the amavisd + spamassassin I have it in
front of the mail server.
https://pastebin.com/ktMUDLps
I appreciate any comments
Hi,
this is a logcould you paste the email headers?
cheers
El mar., 27 nov. 2018 a las 22:57, Rick Gutierrez ()
escribió:
> El mar., 27 nov. 2018 a las 16:22, David Jones ()
> escribió:
>
> >
> > Can you send a copy of the original email lightly redacted via pastebin
> > so I can run it
On Wed, 28 Nov 2018 at 01:57, Rick Gutierrez wrote:
> El mar., 27 nov. 2018 a las 16:22, David Jones ()
> escribió:
>
> >
> > Can you send a copy of the original email lightly redacted via pastebin
> > so I can run it through my filters to give some pointers?
> >
> > --
> > David Jones
>
> Hi
El mar., 27 nov. 2018 a las 16:22, David Jones () escribió:
>
> Can you send a copy of the original email lightly redacted via pastebin
> so I can run it through my filters to give some pointers?
>
> --
> David Jones
Hi David , the email is very simple, but I attach it in the following link
On 11/27/18 11:22 AM, Rick Gutierrez wrote:
> El mar., 27 nov. 2018 a las 11:14, Alan Hodgson
> () escribió:
>
>>
>> Wow, that's hard to read.
>>
>> It was close to being tagged because of the Pakistan relay. Just add a few
>> points for Word docs and you should be good. Word docs from spammy
El mar., 27 nov. 2018 a las 11:54, Alan Hodgson
() escribió:
>
>
>
> Malware/phishes are usually either in an attachment or the message has a
> link. Personally I add a lot of points to either if they come through
> questionable countries. Users can dig them out of their Junk if they happen
>
On Tue, 2018-11-27 at 11:22 -0600, Rick Gutierrez wrote:
> El mar., 27 nov. 2018 a las 11:14, Alan Hodgson
> () escribió:
>
> > Wow, that's hard to read.
> >
> > It was close to being tagged because of the Pakistan relay. Just
> > add a few points for Word docs and you should be good. Word docs
El mar., 27 nov. 2018 a las 11:14, Alan Hodgson
() escribió:
>
> Wow, that's hard to read.
>
> It was close to being tagged because of the Pakistan relay. Just add a few
> points for Word docs and you should be good. Word docs from spammy countries
> should really get a lot of points.
Hi Alan
On Tue, 2018-11-27 at 10:42 -0600, Rick Gutierrez wrote:
> Hi , I have a situation a little complicated, I have emails from
> spammers that come with the name of one of my users, but the email
> address is not from my domain , they send it from a valid domain,
> which complies with spf, DKIM etc
24 matches
Mail list logo
