Alex wrote:
Hi,
> The only response my ISP will give is to turn on their spam
filtering. I tried that.
> In about a 2 hour time frame, over 400 messages were blocked as spam.
Of those less
> than 10 were actually spam, the rest were from various lists.
>
> So having them censoring my incomi
On Sat, 16 Aug 2014, Rajesh M. wrote:
hi
we are getting spam with a lot of hashes &
Ꭼmа
i checked out KAM.cf but not able to trap such emails
any solution please ?
thanks
rajesh
Search the July archive of this list for postings with the subject of:
"More text/plain questions"
There were
Hi,
> we are getting spam with a lot of hashes &
> Ꭼmа
>
> i checked out KAM.cf but not able to trap such emails
Post a sample with all the message headers to pastebin.com so it can be
reviewed.
Provide information about your version of spamassassin you're currently
using, and any changes you ma
Hi,
> The only response my ISP will give is to turn on their spam filtering. I
tried that.
> In about a 2 hour time frame, over 400 messages were blocked as spam. Of
those less
> than 10 were actually spam, the rest were from various lists.
>
> So having them censoring my incoming mail isn't gon
hiwe are getting spam with a lot of hashes &Ꭼmаi checked out KAM.cf but not able to trap such emailsany solution please ?thanksrajesh
My old email service was bought out by Megapath who is letting alot of
services
slide.
My main issue is that my incoming email scripts follow the SMTP RFC's and if
the sender address isn't valid, then it's not a valid email that should be
forwarded.
My script simply check for the domain exist
Hi,
>> Just came across this article about measures Google is taking to block
>> domains using suspicious unicode characters:
>>
>> http://threatpost.com/google-tweaks-gmail-to-help-limit-spam/107732
>>
>> Does SA yet have similar measures? I seem to recall some discussion about
>> this probably a
Hi,
>> That's a really good question.
>>
>> Perhaps it was a malware attempt and the attacker forgot to replace the
valid MSFT URL with their own URL...
>
> This isn't the first time I've seen ratware malfunction. Other possibility
> some scammer test-driving a shiny new toy but wants to first tes
Hi,
>> This is a sandbox rule which was autopromoted/published by sa-update.
>> Due to lack of hits I removed it and re-added back yesterday.
>> It may be republished if masschecks decide it is worth it.
>
>
> Ok. I didn't recognize the prefix and didn't find it in my rules
directory, so I assume
On Fri, 2014-08-15 at 12:21 -0400, Daniel Staal wrote:
> --As of August 15, 2014 1:23:37 PM +0200, Antony Stone is alleged to have
> said:
> > http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf
> > .html#language_options
> Both of these links are out of date. The whitelis
On Fri, 15 Aug 2014, Dave Warren wrote:
On 2014-08-15 12:05, John Hardin wrote:
"exists:"? (looks up SPF syntax) (boggle) WTF is the sane use case for
"exists:"??
With other types of macro expansion, you could query a DNS backend that
returns responses from database or algorithmically rath
On 2014-08-15 10:34, Robert Schetterer wrote:
yes this is what i awaited, any idea about DKIM ?
While spammers aren't doing it yet, DKIM can be done trivially easily as
well for spammers that already register throwaway domains.
The private key can be shared the same way the list of throwaway
On 2014-08-15 12:05, John Hardin wrote:
"exists:"? (looks up SPF syntax) (boggle) WTF is the sane use case for
"exists:"??
Imagine something like:
exists:%{l}.%{o}.%{i}._spf.webhost.example
This might allow me to PASS only messages coming from addresses that
actually exist, and are from the
On 8/15/2014 4:19 PM, Axb wrote:
On 08/15/2014 10:07 PM, Bowie Bailey wrote:
On 8/15/2014 3:05 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someo
On 08/15/2014 10:07 PM, Bowie Bailey wrote:
On 8/15/2014 3:05 PM, Alex wrote:
Hi,
>> AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
On 8/15/2014 3:05 PM, Alex wrote:
Hi,
>> AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
>>
>> http://pastebin.com/vRQXxgJH
>>
>>
Hi,
>> AXB_X_FF_SEZ_S is a rule that fires when the X-Forefront-Antispam-Report
header is found. I have a sample which has this header, yet the rule
doesn't fire, and wondered if someone could help me figure out why:
>>
>> http://pastebin.com/vRQXxgJH
>>
>> I'm using spamassassin-3.4, and I tested
On Fri, 15 Aug 2014, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:39:03 -0700 (PDT)
John Hardin wrote:
On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy ("v=spf1 +all")
Doing *that* should be worth a point or two by itself.
Yes. I even through about implementing it, but there a
Am 15.08.2014 um 19:54 schrieb Joe Quinn:
> On 8/15/2014 1:50 PM, David F. Skoll wrote:
>> On Fri, 15 Aug 2014 10:39:03 -0700 (PDT)
>> John Hardin wrote:
>>
>>> On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy ("v=spf1 +all")
>>> Doing *that* should be worth a point or two by itself.
On 8/15/2014 1:50 PM, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:39:03 -0700 (PDT)
John Hardin wrote:
On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy ("v=spf1 +all")
Doing *that* should be worth a point or two by itself.
Yes. I even through about implementing it, but there are
On Fri, 15 Aug 2014 10:39:03 -0700 (PDT)
John Hardin wrote:
> On Fri, 15 Aug 2014, David F. Skoll wrote:
> > SPF is so easy ("v=spf1 +all")
> Doing *that* should be worth a point or two by itself.
Yes. I even through about implementing it, but there are so many ways
to achieve this:
v=spf1 +a
On Fri, 15 Aug 2014 19:34:04 +0200
Robert Schetterer wrote:
> Am 15.08.2014 um 19:28 schrieb David F. Skoll:
> > Looks like about 66% of our spam samples had SPF "pass".
> yes this is what i awaited, any idea about DKIM ?
Less spam has DKIM 'pass'; our stats show about 22%. I suspect the
overw
On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy ("v=spf1 +all")
Doing *that* should be worth a point or two by itself.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 --
Am 15.08.2014 um 19:28 schrieb David F. Skoll:
> On Fri, 15 Aug 2014 18:45:39 +0200
> Robert Schetterer wrote:
>
>> are there any stats how much spam is send with right/exist
>> SPF/DMARC/DKIM (TLS)
>
> I have some statistics for SPF:
>
> spam=> select count(*) from incidents where status = 'sp
On Fri, 15 Aug 2014 18:45:39 +0200
Robert Schetterer wrote:
> are there any stats how much spam is send with right/exist
> SPF/DMARC/DKIM (TLS)
I have some statistics for SPF:
spam=> select count(*) from incidents where status = 'spam' and incident_report
like '%SPF query returned ''pass%';
c
On 8/15/2014 11:45 AM, Robert Schetterer wrote:
> Am 15.08.2014 um 18:33 schrieb Noel:
>> On 8/15/2014 10:27 AM, Robert Schetterer wrote:
>>> Am 15.08.2014 um 16:26 schrieb Kevin A. McGrail:
On 8/15/2014 2:30 AM, Robert Schetterer wrote:
> Question: Would it make sense to have rules based
Am 15.08.2014 um 18:33 schrieb Noel:
> On 8/15/2014 10:27 AM, Robert Schetterer wrote:
>> Am 15.08.2014 um 16:26 schrieb Kevin A. McGrail:
>>> On 8/15/2014 2:30 AM, Robert Schetterer wrote:
Question: Would it make sense to have rules based on dnssec / dane
records exist for a maildomain ?
On 8/15/2014 10:27 AM, Robert Schetterer wrote:
> Am 15.08.2014 um 16:26 schrieb Kevin A. McGrail:
>> On 8/15/2014 2:30 AM, Robert Schetterer wrote:
>>> Question: Would it make sense to have rules based on dnssec / dane
>>> records exist for a maildomain ?
>>>
>> A) rules have to be used for things
--As of August 15, 2014 1:23:37 PM +0200, Antony Stone is alleged to have
said:
On Friday 15 August 2014 at 13:05:26 (EU time), Timothy Murphy wrote:
1) What is the simplest way to reject mail in chinese, russian
and turkish?
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassi
On 08/15/2014 05:21 PM, Bowie Bailey wrote:
On 8/15/2014 11:07 AM, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:02:14 -0500
Steve Bergman wrote:
So basically, elevate it to the level of an absolute blacklist.
I'm not sure I trust Zen that much. I'm more a Bayes proponent than a
DNSBL proponen
Am 15.08.2014 um 16:26 schrieb Kevin A. McGrail:
> On 8/15/2014 2:30 AM, Robert Schetterer wrote:
>> Question: Would it make sense to have rules based on dnssec / dane
>> records exist for a maildomain ?
>>
> A) rules have to be used for things that indicate ham or spaminess
> B) you can only autom
On Fri, 15 Aug 2014 11:21:47 -0400
Bowie Bailey wrote:
> Considering only the spam:
> 67% Spamhaus rejections
> 33% Marked by SA
> YMMV, but it works quite well for me.
Indeed, MM does V. :)
spam=> select count(*) from incidents where status = 'spam';
count
---
2391
spam=> select coun
On 8/15/2014 11:07 AM, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:02:14 -0500
Steve Bergman wrote:
So basically, elevate it to the level of an absolute blacklist.
I'm not sure I trust Zen that much. I'm more a Bayes proponent than a
DNSBL proponent.
Me too. I'm also surprised that the OP c
On Fri, 15 Aug 2014, Timothy Murphy wrote:
2) I get some email wrongly marked spam - always from the same site.
I'm tried marking this as ham (and running "sa-learn --ham") but
this has surprisingly little effect.
A few fairly standard things to consider, in case you aren't already awar
On Fri, 15 Aug 2014 10:02:14 -0500
Steve Bergman wrote:
> So basically, elevate it to the level of an absolute blacklist.
> I'm not sure I trust Zen that much. I'm more a Bayes proponent than a
> DNSBL proponent.
Me too. I'm also surprised that the OP claimed it caught 70% of his
spam. I see
On 08/15/2014 09:37 AM, Bowie Bailey wrote:
Yes, it is part of the default rule set. But what I am saying is to add
it to your MTA as a blacklist. That way anything matched by Zen will be
rejected by the MTA without ever having to run SA.
So basically, elevate it to the level of an absolute
On 8/15/2014 10:33 AM, Steve Bergman wrote:
On 08/15/2014 09:14 AM, Bowie Bailey wrote:
The best way to quickly cut spam is to add the zen.spamhaus.org
blacklist to your MTA.
http://www.spamhaus.org/zen/
Is that not included in the default rule set? If not, I'm not sure where
mine came from.
On 08/15/2014 09:14 AM, Bowie Bailey wrote:
The best way to quickly cut spam is to add the zen.spamhaus.org
blacklist to your MTA.
http://www.spamhaus.org/zen/
Is that not included in the default rule set? If not, I'm not sure where
mine came from.
-Steve Bergman
On 15.08.14 13:05, Timothy Murphy wrote:
Having got SA working at last on my CentOS-7 home server,
I'm thinking of improving its use for me (no-one else).
It's finding about 65% of my spam, and I'd like to increase that to 80%.
1) What is the simplest way to reject mail in chinese, russian
and t
On 08/15/2014 06:05 AM, Timothy Murphy wrote:
1) What is the simplest way to reject mail in chinese, russian
and turkish?
Is the spam actually written in Chinese, Russian, and Turkish languages?
Or does it come from Chinese, Russian, and Turkish domains?
The spam my users accounts receive c
On 8/15/2014 10:14 AM, Bowie Bailey wrote:
On 8/15/2014 7:05 AM, Timothy Murphy wrote:
Having got SA working at last on my CentOS-7 home server,
I'm thinking of improving its use for me (no-one else).
It's finding about 65% of my spam, and I'd like to increase that to 80%.
The best way to quic
On 8/15/2014 2:30 AM, Robert Schetterer wrote:
Question: Would it make sense to have rules based on dnssec / dane
records exist for a maildomain ?
A) rules have to be used for things that indicate ham or spaminess
B) you can only automate something you have done manually
So have you looked at
On 8/15/2014 7:05 AM, Timothy Murphy wrote:
Having got SA working at last on my CentOS-7 home server,
I'm thinking of improving its use for me (no-one else).
It's finding about 65% of my spam, and I'd like to increase that to 80%.
The best way to quickly cut spam is to add the zen.spamhaus.org
On 8/14/2014 9:03 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using spa
On Friday 15 August 2014 at 13:05:26 (EU time), Timothy Murphy wrote:
> 1) What is the simplest way to reject mail in chinese, russian
> and turkish?
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#language_options
> 2) I get some email wrongly marked spam - always
Having got SA working at last on my CentOS-7 home server,
I'm thinking of improving its use for me (no-one else).
It's finding about 65% of my spam, and I'd like to increase that to 80%.
1) What is the simplest way to reject mail in chinese, russian
and turkish?
2) I get some email wrongly marked
46 matches
Mail list logo
