[qmailtoaster] Re: DKIM usage

2014-09-14 Thread Eric Shubert 

On 09/12/2014 03:06 PM, Eric Broch wrote:

On 9/12/2014 12:29 PM, Eric Shubert wrote:

On 09/12/2014 10:38 AM, Eric Shubert wrote:

Does DKIM use the _domainkey.mydomain.com DNS TXT record at all?



This is the policy record, vs the selector record. The reason I ask is
that the only parameters I'm aware of on the policy record are o= and
t=, and RFC6376 (I think this is the most recent DKIM spec) has no
reference to o=, and t= appears to apply only to the selector record.

My conclusion is that DKIM does not use a policy record, and I'd like
to confirm that.


Hey EricS,

According to this site
DKIM
is an extention of DomainKeys and uses the same style of DNS record.
Wish I could help more.

EricB


Yeah, I've found several sites similar to that one. They all seem to 
imply that DKIM has a policy record too, but I'm not inclined to think 
that's the case with the lastest spec for DKIM.


The only fields I've seen in the DK policy record are o= and t=. DKIM 
has a t= in the selector record (which DK does not).


I've decided to go to the horse's mouth on this, and have asked on the 
DKIM list (which has had little activity in the last 2 years).


We'll see what they say.

--
-Eric 'shubes'


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] New format for spam enlargement emails

2014-09-14 Thread Angus McIntyre 

Tony White wrote:
> nothing seems to stop this Subject passing through
> all the filters in QMT.
>
> P_E N-I_S --E-N..L_A-R-G-E_M-E N-T.._ P_I-L L_S

The regex:

P(\.\.|_| |-)E(\.\.|_| |-)N(\.\.|_| |-)I(\.\.|_| |-)S

applied to the Subject should get pretty much all of them.

Looking at my records, it seems that a typical SpamAssassin result for one
of these looks like:

  * -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
  *  trust
  *  [208.72.237.26 listed in list.dnswl.org]
  *  3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
  *  [score: 1.]
  *  0.0 HTML_MESSAGE BODY: HTML included in message
  *  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
  *   background
  *  0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
  *  2.0 GAPPY_SUBJECT Subject: contains G.a.p.p.y-T.e.x.t
  *  0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
  *  1.0 BODY_URI_ONLY Message body is only a URI in one line of text or for
  *  an image

It looks like the bulk of the work is being done by BAYES_99, so maybe
when you've seen a few more of them and trained your SpamAssassin against
them, you'll start seeing more tagged as spam.

I don't know if there's a SpamAssassin rule that checks for 'excessive use
of the HTML entities', particularly in URLs, but if there was then
something like:

   http://яфаичч ...

really ought to set it off.

Angus


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com