On 2024-05-21 13:42:23 -0400, Bill Cole wrote:
> On 2024-05-21 at 11:00:57 UTC-0400 (Tue, 21 May 2024 17:00:57 +0200)
> Vincent Lefevre
> is rumored to have said:
>
> > While testing a rule with SpamAssassin 4.0.0 under Debian/stable
> > (I wasn't aware of allow_us
Is there a reason to have a double backslash in the log messages
or is this a bug?
--
Vincent Lefèvre - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
AILING_LIST_MULTI,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H4,
RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,USER_IN_DEF_SPF_WL
autolearn=ham autolearn_force=no version=4.0.0
The value 6.31 does not even appear in the spamassassin source
package.
--
Vincent Lefèvre - Web: <https://www.vinc17.net/>
1
t;. This is what I have
on my new bookworm machine.
--
Vincent Lefèvre - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
reasons for which this may not be the case. For instance,
the Message-ID may be generated on the machine from which the
message is sent, with some internal hostname on the right-hand
side (this is better to ensure unicity), thus is not resolvable.
--
Vincent Lefèvre - Web: <https://www.v
en check that the answer resolves back to the IP (among
the answers, as there may be several IP addresses).
--
Vincent Lefèvre - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
ular detail
> about what, exactly, was objectionable.
I doubt that spammers take 550 messages into account, or even read them.
--
Vincent Lefèvre - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
On 2022-08-16 12:05:43 -0400, Kris Deugau wrote:
> Vincent Lefevre wrote:
> > On 2022-08-15 10:39:05 -0400, Kris Deugau wrote:
> > > Vincent Lefevre wrote:
> > > > Rejecting mail (instead of accepting it and dropping it) is useful
> > > > in case of false
On 2022-08-15 11:33:53 -0400, Greg Troxel wrote:
> Vincent Lefevre writes:
> > On 2022-08-13 14:05:43 -0400, joe a wrote:
> >> On 8/13/2022 12:38 PM, Martin Gregorie wrote:
> >> . . .
> >> > 2) There's no mandatory need to REJECT spam. It has always b
On 2022-08-15 10:39:05 -0400, Kris Deugau wrote:
> Vincent Lefevre wrote:
> > Rejecting mail (instead of accepting it and dropping it) is useful
> > in case of false positives.
>
> I'm a bit torn on this.
>
> On the one hand, yes, the sender now knows for sure th
On 2022-08-13 19:09:26 -0400, joe a wrote:
> On 8/13/2022 4:52 PM, Vincent Lefevre wrote:
> > Well, if you don't reject the mail with the reason that the address
> > is invalid, the spammer could deduce that the address is valid
> > (at least potentially valid). By not r
#x27;t reject the mail with the reason that the address
is invalid, the spammer could deduce that the address is valid
(at least potentially valid). By not rejecting spam, the spammer
could think that the spam arrived at its destination and would
validate the address.
--
Vincent Lefèvre - Web: <
tion project for mailing lists that the
> ASF Infra team has warned us was in progress a few weeks ago.
I also got several such notices, but for subversion.apache.org
mailing-lists, from 2019 and 2020. So indeed, this seems to be
global to Apache mailing-lists.
--
Vincent Lefèvre - Web: <
al.org. This includes snowshoe
spam (sent by consecutive IP addresses during the same day).
--
Vincent Lefèvre - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
logged data give
a good indication of real spam).
I have the same kind of things for DATACLUB, DigitalOcean, EONIX,
LAYER-HOST, RootLayer and UCLOUD-NET (though spam from DATACLUB IPs
seems to have stopped, and also almost for EONIX).
--
Vincent Lefèvre - Web: <https://www.vinc17.net/>
100%
On 2022-06-14 13:39:29 +0200, Reindl Harald wrote:
> Am 14.06.22 um 13:36 schrieb Vincent Lefevre:
> > When? The message has autolearn=no, so it wasn't trained when
> > passed via SpamAssassin while it was received. Then it was in
> > my main mailbox, where there's
On 2022-06-14 12:13:10 +0200, Reindl Harald wrote:
> Am 14.06.22 um 11:52 schrieb Vincent Lefevre:
> > On a machine with spamassassin 3.4.6 under Debian 11, a new spam
> > arrived, and the headers showed:
> >
> > X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09
arn --spam --no-sync", but I got
Learned tokens from 0 message(s) (1 message(s) examined)
Why "from 0 message(s)"?
--
Vincent Lefèvre - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - compute
I had good success with greet pause set to 11 seconds. Empirically 5 seconds
made little difference, but I could see a marked reduction at anything above 10
seconds. Longer than 15 didn’t give much further improvement though.
Sent from my iPhone
> On Sep 28, 2019, at 08:39, Grant Taylor wrot
I see an interesting dichotomy.
Students are on Google, fac/staff on O365 now.
Guess which group is phished most often?
If you said students, bzzzt.
It’s the O365 users, by a large margin. Faculty and staff should be best
trained. Also protected by “Advanced Threat Protection”.
Sent from m
SPF is designed for authentication, not spam filtering. Using a crowbar as a
hammer. We apply a small score mainly so we see the elements reported.
If the "majors" are using in their hygiene stack, for evalation like you are, I
haven't seen much evidence of that. Of course it's hard to test
t: Wednesday, January 24, 2018 12:12:56 PM
To: users@spamassassin.apache.org
Subject: Re: Penalty for no/bad SPF
On 01/24/2018 01:58 PM, Vincent Fox wrote:
> I'd rather not think about the manhours I've wasted this year on SPF.
>
>
> The guy at Evotec.com, among others, wh
sin.apache.org
Subject: Re: Penalty for no/bad SPF
On Wed, 2018-01-24 at 19:01 +, Vincent Fox wrote:
> SPF is a zombie legacy that someone should shoot in
> the head.
>
SPF is still good for what I've always thought was its main use:
detecting spam delivered by backscatter. Giv
SPF is designed for whitelisting, not blacklist.
Remember when "shields" appeared in mail
clients, and how fast that feature disappeared?
Far too many people clicking on phish that seemed
"authentic". With the explosion of cheap domains
and registrars, there's really no snowshoe Black Hat
o
O365 has many very large tenant ponds now. Rules inside a tenant may be very
lax about trusting other users inside the tenant. So one compromised account,
easily leads to tens/hundreds of others. So their 2nd round of phish, nets
Black Hats enough compromised accounts to blast out a camp
Sendmail access.src:
From:proREJECT
Guess that's why I haven't heard about this on our campus.
I block dozens of these apparently lawless domains.
From: Alex
Sent: Wednesday, May 3, 2017 6:37:49 PM
To: SA Mailing list
Subject: Today's Google Docs phish
Come on, look at the datestamps on the addresses in that list! Plenty from
2009. I only know of this project because a few compromised accounts from our
campus were once listed there, and were rejected by other sites. Went through
tedious process of trying to find email for owners, and get t
I cannot state strongly enough, that blocking
entire top-level domains these days should come
before RBL. *.top, *.link, *.download, etc.
RBL depends on paid or free.
Paid: Spamhaus, the 800 lb gorilla of RBL.
Also URIBL various feeds. Direct query to a dedicated
address with fresh data FTW.
3, 2016 9:33:59 AM
To: users@spamassassin.apache.org
Subject: Re: Anyone else just blocking the ".top" TLD?
Unless you have customers/employees/vendors complaining that they are not
receiving legitimate email from that TLD why would you un block it??
On Nov 3, 2016, at
Resurrecting thread
TOP remains at the err... top of abuse heap.
XYZ insights anyone? They have been on my reject list
for a long time, but claim to be cleaning it up. Thinking to
drop my shields on this one.
https://gen.xyz/blog/antiabuse
[http://gen.xyz/wp-content/themes/xyz/images/faceb
I suppose it depends on definition of "trustworthy".
I had the experience with SendGrid, of them adding new servers without
rDNS information. I called in and astoundingly enough, their "technical" person
explained to me DNS didn't matter, and he had no interest in addressing it.
A trustworthy op
d on SPF FAIL, you'd better examine
your logs quite thoroughly for babies in the bathwater. My logs are
filled with "legitimate" email (ahem) that I would reject on that
basis that would make my users quite upset.
From: Anthony Hoppe
Sent: Tuesday, Au
SPF is not a good tool for filtering IMO.
Scoring? Why score them? If you get to the SpamAssassin
layer with this you've already failed. Reject!
We use ClamAV Foxhole databases, to severely restrict attachment types.
Combined with a little bit of greet_pause, and a ton of greylist penalty
ices.
Thus we patch together a simulacrum.
From: Axb
Sent: Monday, August 1, 2016 12:53:27 PM
To: users@spamassassin.apache.org
Subject: Re: Is greylisting effective? (was Re: Using Postfix and Postgrey -
not scanning after hold)
On 01.08.2016 21:30, Vincent
I keep seeing people say "well if you have postscreen, greylisting is just
dumb".
Well what is the equivalent for other MTA?
I still see a lot of spambots on PBL hosts, that never contact again. So the
blanket statement "bots are recoded" just doesn't jibe with what I see.
Maybe you could ma
On 06/27/2016 01:15 PM, Reindl Harald wrote:
Am 27.06.2016 um 21:27 schrieb Vincent Fox:
I saw a reference today in my MxToolbox report, to an RBL named
Protected Sky which had like double the listing activity of Spamhaus.
Does anyone know anything about this outfit?
that's a bullshi
Hello,
I saw a reference today in my MxToolbox report, to an RBL named
Protected Sky which had like double the listing activity of Spamhaus.
Does anyone know anything about this outfit?
We primarily rely on Spamhaus at present, with some others
thrown in which catch some that Spamhaus doesn't.
Greylisting imo helps a lot with RBL lag.
Delay suspect IP long enough that by the time they retry, if they do, they are
on half a dozen RBL and score high and reject.
Sent from my iPhone
> On Jun 17, 2016, at 13:23, Reindl Harald wrote:
>
>
>
> Am 17.06.2016 um 02:57 schrieb Alex:
>>> For
I've been using dnsmasq myself on a list server, with DHCP
disabled, and configured to answer only localhost, for caching.
The stock package seems limited to 10,000 entries BTW.
But it seemed fairly bug-free as opposed to nscd, and simple
to setup unlike BIND.
Gladly switch to something else. T
In 20 years never saw need for backup mx.
If MX pool is down remote MTA should queue it.
Only practical use I've seen is NoListing setup.
I suppose you might run a server in the Arctic which could lose contact for
weeks and you'd want to ensure no bounces. Ymmv.
Sent from my iPhone
> On May
SPF is only about envelopes?
Unless you are Microsoft, who check against the From in the header.
From: Reindl Harald
Sent: Friday, May 20, 2016 10:23:45 AM
To: users@spamassassin.apache.org
Subject: Re: Whitelisting and Expedia/Orbitz
Am 20.05.2016 um 19
+1
Yesterday, 6% of our mail flow was rejected by Foxhole.Zip family.
They are #1 on our list about 50% of the time for weeks now.
I got a commendation last week for prevention work, so rare in email adminning.
Security team would be swimming in overtime if it weren't for
foxhole_js in particula
On 05/13/2016 01:24 PM, David Jones wrote:
This is a very simple concept and yet most mail admins don't know it
or follow it.
I know right? IMO network/firewall backgrounds are worse though.
They are used to thinking in IP all day and DNS is just this
optional convenience.
Cheers.
On 05/13/2016 12:29 PM, Daniel J. Luke wrote:
While you are at it, make sure your forward and reverse dns match.
At least weekly, I get someone bickering with me that reverse DNS is not any
kind of requirement to be a legitimate server.
Often it comes from well-paid network administrators.
rald
Sent: Tuesday, April 26, 2016 2:55:46 AM
To: users@spamassassin.apache.org
Subject: Re: Anyone else just blocking the ".top" TLD?
Am 26.04.2016 um 11:23 schrieb Heinrich Boeder:
> Hi,
>
>> On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote:
>>> Recently seeing incr
Resurrecting thread
Recently seeing increase in spam from these gTLD:
pro
bid
trade
I'm adding them to my reject list, do with this information what you will.
-hth
On 03/28/2016 12:35 PM, Reindl Harald wrote:
nothing easier than that with postfix, just start with.
I wish my EDU was cool with Postfix or Exim.
However our routing pool is Sendmail, and the PHB here are
determined to "upgrade" to Proofpoint which is Sendmail based.
Whoops, list truncated. Continuing
From:work REJECT
From:cricketREJECT
From:xn--plai REJECT
From:review REJECT
From:countryREJECT
From:kimREJECT
From:scienceREJECT
From:party REJECT
From:gq REJECT
From:topREJECT
From:unoREJECT
Fr
On 03/27/2016 06:58 PM, Thomas Cameron wrote:
Has anyone actually gotten a single legit message from that domain?
Never. WTF was ICANN thinking?
I occasionally go through the lists of abused gTLD here:
http://www.surbl.org/tld/
It certainly saves a lot of hygiene processing time to just dum
d can be inserted by
p0f+p0fanalyzer+amavisd
(which I use), or by p0f+p0fanalyzer + p0f pluging for SA by Vincent Li
Another alternative is my stuff at:
<http://whatever.frukt.org/p0fstats.text.shtml>
The stuff there uses UDP to send p0f info from the system running p0f
(probably the
andle_user unable to find user: $username\n");
Since you don't run spamd in paranoid mode "-P" option, spamd will not die
and fall back to user nobody
Vincent Li
http://bl0g.blogdns.com
On Wed, 13 Jun 2007, Giampaolo Tomassoni wrote:
-Messaggio originale-
Da: Vincent Li [mailto:[EMAIL PROTECTED]
On Wed, 13 Jun 2007, Jerry Durand wrote:
Sometime later this summer I'm going to be replacing our server.
It's
currently a Mac (1.42GHz G4) running OS X Serv
, moving mail boxes, reducing the memory
load...You can run Amavisd-new/SpamAssassin on a seperate Linux box and
let Postfix on OS X talk to Amavisd-new on the Linux box.
Vincent Li
http://bl0g.blogdns.com
sa-compile took 3 hours to run. (System is a SunFire v210 with 2
processors and 2 GB ram.)
Vincent Li
http://bl0g.blogdns.com
On Wed, 25 Apr 2007, Rick Macdougall wrote:
Justin Mason wrote:
Rick Macdougall writes:
> Vincent Li wrote:
> > On Wed, 25 Apr 2007, Rick Macdougall wrote:
> > > It's running here but I'm getting hammered by joe job bounces and I
> > > don'
On Wed, 25 Apr 2007, Rick Macdougall wrote:
Vincent Li wrote:
On Wed, 25 Apr 2007, Rick Macdougall wrote:
>
> It's running here but I'm getting hammered by joe job bounces and I
> don't see any VBounce rules firing. It is not commented out in
> v320.p
red by joe job bounces and I don't see
any VBounce rules firing. It is not commented out in v320.pre.
Am I missing something ?
Regards,
Rick
Have you specified
whitelist_bounce_relays hostname_of_your_MTA
in /etc/mail/spamassassin/local.cf ?
It works on my site.
OK Everyone - Send him your SPAM!!!
;-)
Just kidding...
I'm not sure what you're looking for from us. Please be more specific.
By the way, I use Sendmail as well, and find the spamass-milter to be a
great way to link in spamassassin. Also, the blacklists are very
effective. If you need any a
Regarding using this feature...
I currently have SA reformatting the spam as an attachment (default
behavior) - do I need to stop the attachment thing for spamcop or can I
just forward the messages as-is?
-Original Message-
From: Michael Parker [mailto:[EMAIL PROTECTED]
Sent: Thursday,
13 17:00:08 2007 [22160] info: spamd: got connection over
/var/run/spamd.socket
Fri Apr 13 17:00:08 2007 [22160] info: spamd: processing message (unknown) for
root:0
Fri Apr 13 17:00:13 2007 [29550] info: spamd: server killed by SIGTERM,
shutting down
Thanks,
Andy.
Are you running spamd/spamc as root? it is not recommended to run spamd as
root.
Vincent Li
http://bl0g.blogdns.com
anyan
There is wiki about intergrating spamc/spamd pair (spamassassin) with
postfix:
http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix?highlight=%28spamd%29
Vincent Li
Bloghttp://bl0g.blogdns.com
server, seems working well.
Caution: It does tag email from hotmail :)
http://www.vcn.bc.ca/~vli/P0f.pm
Thank Mark for the inspiration!
Mark
Vincent Li http://pingpongit.homelinux.com
Opensource .Implementation. .Consulting.
Platform.Fedora. .Debian. .Mac OS X.
Bloghttp://bl0g.blogdns.com
erisk system.
Vincent Li http://pingpongit.homelinux.com
Opensource .Implementation. .Consulting.
Platform.Fedora. .Debian. .Mac OS X.
Bloghttp://bl0g.blogdns.com
;;
binmode $out;
print $out $p->decode();
};
#warn $@ if $@;
}
__END__
Use "perldoc Mail::SpamAssassin::Message" and "perldoc
Mail::SpamAssassin::Message::Node" for more information about functions and
such. :)
--
Randomly Selected Tagline
Vincent Li
System Admin
On Fri, 8 Sep 2006, Jared wrote:
Hi,
Is there anyway I can resend the emails which have been quarantined.
as some of the emails should not have been quarantined.
I'm using plesk 7.5 reloaded with spam assassin.
I am using Amavisd-new SQL quarantine and M
2006/8/4, Rosenbaum, Larry M. <[EMAIL PROTECTED]>:
SpamAssassin version 3.1.4
running on Perl version 5.8.7
SunOS email 5.9 Generic_118558-10 sun4u sparc SUNW,Sun-Fire-V210
In the connect_sock() method in DnsResolver.pm, there is a loop starting
at line 177 that starts out like this:
# find
!
And I think I will keep my cutoff score as 2 because I get so many
spam every day and some of them just score 2.3!
You can train your bayes to learn the false negative email as spam, get
some SARE custom rules, enable network test.
Cheers,
Tao
Vincent
System Administrator
The
sssin
6) run spamassassin --lint
7) if it passes, restart spamd or any other persistent daemons that use
the spamassassin perl API.
Thanks Matt - what directory would you put iXhash.pm in? If I get this to work I'll update the wiki.
Should be under /Whatever/Mail/SpamAssassin/Plugin
]
They are very different!
Where do we go from here?
Thanks again!!
-Paul
In http://www.ijs.si/software/amavisd/#faq, SpamAssassin returns a different score section has more details about what might go wrong
Vincent
Systems Administrator
Biomedical Research Centre
University of BC
line, legitimate sender MTA will queue it's email and try later, you would not lost email.
Vincent
On 9-Jan-06, at 2:16 PM, Matt Kettler wrote:
Jon Armitage wrote:
Vincent Li wrote:
I have been using SpamAssassin for quite a while, and used SARE rules
and other custom rules. I am interested in writing my own chinese
spam
rules to block chinese spam email.
I cheat and use an Exim acl
On 9 Jan 2006, at 10:08 PM, Jon Armitage wrote:
Vincent Li wrote:
I have been using SpamAssassin for quite a while, and used SARE
rules and other custom rules. I am interested in writing my own
chinese spam rules to block chinese spam email.
I cheat and use an Exim acl statement to reject
, perlunicode, perlre..still could not find relevant information.
Thanks in advance!
Vincent
Hi folks,
I am running clamav/amavisd-new/spamassassin, spamassassin is called from
amavis. my amavis is runned as user clamav. I did not explicitly set
"bayes_auto_learn","bayes_path".. in /etc/mail/spamassassin/local.cf, but
under ~clamav, I can see bayes database file, I run sa-learn --dump mag
Hi Rainer,
You mean I should always start amavisd service with debug-sa options?
Thanks
Vincent
> On Tue, Jan 25, 2005 at 07:45:08PM +0100, Rainer Sokoll wrote:
>
>> spamassassin -D is your friend.
>
> Sorry, have to correct myself:
> amavisd debug-sa, in this particular case.
>
> Rainer
>
>
Hi all,
This question might have been asked many times, I googled, no answer found
yet. I am running Mac OS X/Amavisd-new/SpamAssassin3.0. SpamAssassin is
called by Amavisd-new. my amavisd.conf :
# SpamAssassin settings
$sa_local_tests_only = 1; # (default: false)
$sa_timeout = 30;
$sa_mail_bo
around
on spamassassin.apache.org without success…
Thank you
--
Vincent Toussaint
Hybride.com
77 matches
Mail list logo