smtpd_client_message_rate_limit = 400
smtpd_recipient_limit = 100
Wont help much if you have 100k different IPs connecting, and you also
have high volume legit customers
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
On 15/09/23 17:49, Marc wrote:
Is this a freely available list?
It's included in all DQS accounts, free ones too
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
On 15/09/23 17:35, Matus UHLAR - fantomas wrote:
On 15.09.23 15:31, Riccardo Alfieri wrote:
Yes, at previous $dayjob. Applied on the submission MSA, it proved to
be useful in mitigating the fallout when users got their credentials
compromised.
can you describe it more?
Well, I checked the
,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
Apologies, this was meant to be a direct email to Alessio...
On 24/03/23 11:33, Riccardo Alfieri wrote:
Buongiorno Alessio,
se ti interessa noi abbiamo un plugin per SA
(https://github.com/spamhaus/spamassassin-dqs) e delle subscription
commerciali per accedere a feed non pubblici.
Se ti
.
MailShell have an SDK for antispam and I will probably contact them.
Do you know any other companies developing an antispam SDK to be
combined with spamassassin?
Thanks
--
Alessio Cecchi
Postmaster @http://www.qboxmail.it
https://www.linkedin.com/in/alessice
--
Best regards,
Riccardo Alfieri
least one plugin in my embedded spamassassin,
installed inside Zimbra.
I'm a bit afraid of breaking stuff, about missing dependencies and so on.
I'm on SA 3.4.5 and - as a test - I'd like to install ESP plugin.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
o high just for *not* having
an SPF record, and I hope you didn't do it on purpose.
Of course, if you are not using DQS (meaning you are using Spamhaus
public mirrors), you are on your own.
PSA: everyone using public mirrors should switch to free DQS
On 11/01/23 19:43, Benny Pedersen w
ncourage you to open a ticket through
https://check.spamhaus.org/ . We review all FPs and act accordingly.
On 11/01/23 17:56, Benny Pedersen wrote:
it should only check received last ip, not deeap all ips :/
-lastexternal is done by ZEN
--
Best regards,
Riccardo Alfieri
Spamhaus T
te in the README. No reason to overengineer something that it
should be working by default, as it is in a stock SA installation.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
est to add also a:
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
to the .cf files where check_rbl , urirhssub etc are used?
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
On 28/12/22 14:20, Kevin A. McGrail wrote:
Do you have hashbl plugin enabled?
Ah, I thought it was enabled by default in SA 4.0.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
837 [1461] warn: config: failed to parse line in
/etc/mail/spamassassin/sh.cf (line 71):
urirhssub\tSH_BODYURI_REVERSE_SBL\tyour_DQS_key.zen.dq.spamhaus.net.\tA
127.0.0.2
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
core code, so now it's only a bunch of .cf to copy.
Please consider the rules as a BETA. They have been tested by a few
customers without issues, but YMMV.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
HASHBL,
A/compiling.spamassassin.taint.org.your_dqs_key.dbl.dq.spamhaus.net,
rules: SH_DBL_HEADERS
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
pamhaus.org/drop/drop.lasso <http://spamhaus.org/drop/drop.lasso>
ciarmy.com/list/ci-badguys.txt <http://ciarmy.com/list/ci-badguys.txt>
openbl.org/lists/base.txt <http://openbl.org/lists/base.txt>
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
e portal at all.
So I'm just trying to determine whether my config is correct now.
Thanks in advance,
AJ
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
t DQS, contact me offlist.
I have only a test server and because of this some real world feedback
would be very appreciated! Thanks!
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaus.com/
-beta.spamhaus.org, this needs to be updated to query the production
DBL, as dbl-beta.spamhaus.org will not be available after February 15th,
2022.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
rejected and returned to their sender.
To ensure you continue being protected, for free, with our IP and domain
DNSBLs, please move to the DQS.
If you have any questions regarding these changes, please use the
contact form here: https://www.spamhaus.com/#contact-form
--
Best re
corpus of ham and spam
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
On 11/01/22 16:14, Larry Rosenman wrote:
will spamhaus-dqs be updated with this? or should I change FreeBSD to
pull this branch?
Yes, it will be updated as soon as the new DBL enters production
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
it's documented elsewhere?
Hello,
you won't need to remove anything, it should just work (TM)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
to what I wrote before.. I noticed that you are using the
wrong hostname :) The correct one, for the time being and up until the
beta ends, is dbl-beta.spamhaus.org
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
ostly seen in the email body, that are often used as redirectors to
more spammy domains. Doing the rejections your way can unfortunately
only lead to more FPs
The correct way to do it is by checking the URLs in the email body,
either by using our plugin or in some other ways.
--
Best regards,
Ric
ard / fail fast? Again,
just trying to set my expectations.
We'll follow what is suggested here:
https://datatracker.ietf.org/doc/html/rfc6471#section-3.4
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
live to provide time to ensure these config changes
are made.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
.
We’d love to get your feedback on the beta DBL with hostnames. You can
reach us either in this forum, via our contact form
https://www.spamhaus.com/#contact-form, or on Twitter
https://twitter.com/SpamhausTech.
Thanks for your support!
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
/?domain=libera.chat
Ot at least it is *now* , maybe it comes and goes for some reasons
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
are not blocked in any way,
except if you go over quota.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
le at
https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now
for more informations
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
orry for vendor spam, but I felt this had to be outlined
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
Please use only the latest github package before submitting bugs.
We are really community focused, but, as already said, we can support
only the latests release
On 07/10/20 15:04, Damian wrote:
That is indeed v1.0.1
It's old, 20190704
--
Best regards,
Riccardo Alfieri
Spa
but before that be absolutely sure that you are running the latest rules
from:
https://github.com/spamhaus/spamassassin-dqs
We only support the latest version
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
:
urirhssub URIBL_DBL_SPAM .dbl.dq.spamhaus.net. A 127.0.1.2
From what appears in the logs it may be that you have an extra dot
somewhere, possibly before the DQS key
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
f the body with just entire sentences from classic books or
random common words chained.
Just an hypothesis :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
but IANAL :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
md.com/doc/modules/spamassassin.html) and have it load all
SA rules too.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
ttachments since some malware is using this
approach (ie: Emotet in the past days)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
things is
possible, it must be done with proper testing and communication to all
the parties involved
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
ng to comply to the name change.
I don't want to enter the discussion about what is good or not, I'm only
concerned that these changes could impact other products in the SA universe
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
dedicated?
Thanks in advance!
Pedro
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
eople
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
where you got a quote of "hundreds of dollars per
month" for 1000 mailboxes, but it's not really the case if you use DQS.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
codes
for that (already included in SpamAssassin):
https://www.spamhaus.org/news/article/788/spamhaus-dnsbl-return-codes-technical-update
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
undeliverables
- Bounceback spamming innocent users
So, no, please don't do that :)
As others suggested, start by upgrading your SA and do some targeted
training to the bayes.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
https://firebasestorage.googleapis.com
I'd say that 99% of them can be catched by a simple regex though, but I
don't know how common those firebasestorage URLs are in normal emails..
I personally have still to see a legit one.
--
Best regards,
Riccardo Alfieri
Spamhaus Techno
us zones.
You could still do prequeue rejections with SpamAssassin if you use a
milter, and if you keep ZEN shortcircuiting I don't think the overall
load avg would increase very much.
Oviously YMMV :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
you!
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
te warnings and/or automatically block accounts if
they exceed a defined threshold of (different_ips per sasl_username) per
hour.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
dns3.fluent.ltd.uk
from the zone without updating the serial number, so now if you happen
to hit a resolver that never queried that domain you'll get only
dns[1-2] , while the others will keep the cached response until expiration.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
is
listed and that triggers URIBl_SBL.
Jonathan has been given instructions on how to request a removal and
this issue will be likely to be solved as soon as the removal request
comes in.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
other network.
It has been like this for at least 4 days that I know of and yes it is
still happening.
This seems to be the case for all spam-assassin users, that is, I
haven’t found anyone using spamassassin that is not getting the same
result
Jonathan
--
Best regards,
Riccardo Alfieri
Spa
X-Source-IP,Message-ID
should be added somewhere in the local.cf file.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
://cwiki.apache.org/confluence/display/SPAMASSASSIN/StatsAndAnalyzers ?
IIRC, years ago I used the SARE sa-stats.pl on a Zimbra installation, as
it processes amavis logs out of the box (assuming Zimbra still uses amavis)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
e probably added by a wrapper or something like that.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
. eyestrongpro[.]icu
has been listed in DBL for a lot of time now and your installation
should have hit on it.
Check here for hints:
https://cwiki.apache.org/confluence/display/spamassassin/UsingNetworkTests
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
e so much about FPs, just shortcircuit
DBL responses to spam. There are some new functions in SA 3.4.3 that
could help with better sniping, but that's something that has still to come.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
is not enough to mark the email as spam (and that's
correct as it checks only the domain).
The recommended way would be to use Clamav signatures, or, if you really
can't, create uri rules based on https://urlhaus.abuse.ch/downloads/csv/
--
Best regards,
Riccardo
it possible to share (via pastebin) the rule I
created to have feedback from the experts...
Hi,
not really SpamAssassin related, but for anyone concerned about Emotet,
I suggest using URLhaus Clamav signatures:
https://urlhaus.abuse.ch/api/#clamav
--
Best regards,
Riccardo Alfieri
Spamh
ng too.
I guess my fault was/is using SA with amavisd, that redefines subject
rewriting in it's own way (maybe it could add scores in subject too out
of the box? Don't know, better RTFM ;) )
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
feature that I probably missed completely :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
rejections at smtp level with your MTA.
The rest of the checks will take care of what ZEN missed (well, most of
them at least :) )
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
s the latest one, we are in the
process of updating the docs.spamhaustech.com website but it is taking
some time :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
up or a bug in the plugin?
FYI, this has been solved offlist with Larry's help.
If you use Exim you should download the latest plugin version
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
lamav with the option OLE2BlockMacros
- This package https://github.com/bigio/spamassassin-vba-macro
Or you could patch something up with python oletools
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
lso public mirrors don't
have ZRD and AuthBL.
Think of DQS like an upgrade from the public mirrors that only cost the
time to register :)
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
On 03/07/19 17:10, David Gibbs wrote:
On 7/3/19 7:54 AM, Riccardo Alfieri wrote:
apparently I missed to write on the documentation that you need also
Perl's List::MoreUtils installed.
And 'Data::Validate::Domain'.
david
That was for an older version of the plugin, it
On 03/07/19 16:53, @lbutlr wrote:
On 3 Jul 2019, at 06:54, Riccardo Alfieri wrote:
If you have a debian based distriution, do an
# apt-get install liblist-moreutils-perl
or, if you use something RPM based, the correct command should be
# yum install perl-List-MoreUtils
portmaster lang/p5
e more pre-requisites that I'm not aware of?
Thanks,
AJ
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
it goes to a blank WP page.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
monitored to deliver as much help as I can.
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
CPU usage by SA)
It's also useful for deep header scanning, just remember to avoid PBL
return codes when you do that :)
AuthBL also proved to be useful and doesn't create FPs even if you
weight it 80% of your required_score
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
t team is available
offlist at datafeed-supp...@spamteq.com
[1] https://www.spamhaustech.com/data-access/
[2]
https://www.virusbulletin.com/testing/results/latest/vbspam-email-security
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
Sorry guys, I don't know what happened, my client sent a lot of emails
during drafting :(
Apologies
--
Best regards,
Riccardo Alfieri
Spamhaus Technology
https://www.spamhaustech.com/
CVD_IN_XBL eval:check_rbl('zen-lastexternal',
'zen.spamhaus.org.', '^127\.0\.0\.[4567]$')
The return code 127.0.0.8 has been dropped a long time ago.
More infos on
https://docs.spamhaustech.com/10-data-type-documentation/datasets/030-datasets.html#xbl
ained by ISP all over the world,
and it is perfectly legit to find the first public IP in the received
chain to be listed in PBL. You should only reject mail from ZEN if you
use the -lastexternal flag
--
Best regards,
Riccardo Alfieri
Spamhaus Technologies
https://www.spamhaustech.com/
79 matches
Mail list logo