Re: Local URL blocking based on NS records?
Am 02.10.2014 um 21:57 schrieb Reindl Harald: Am 02.10.2014 um 21:39 schrieb Robert Schetterer: not exact what you want , but may help too http://www.postfix.org/postconf.5.html check_recipient_ns_access type:table Search the specified access(5) database for the DNS servers for the RCPT TO domain, and execute the corresponding action. Note: a result of OK is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This feature is available in Postfix 2.1 and later. smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/check_recipient_access, reject_unknown_recipient_domain, reject_non_fqdn_recipient, check_recipient_ns_access hash:/etc/postfix/for_sale_recipient_ns_access, /etc/postfix/for_sale_recipient_ns_access ns2.sedoparking.com REJECT the domain is offered at sedo.com/de to buy, which usally means it has no mailserver ns1.sedoparking.com REJECT the domain is offered at sedo.com/de to buy, which usally means it has no mailserver ns1.fastpark.net REJECT the domain is parked at fastpark.net which usally means it has no mailserver ns2.fastpark.net REJECT the domain is parked at fastpark.net which usally means it has no mailserver check_recipient_ns_access makes little sense for inbound check_sender_ns_access is what you want yes thats right , my fault Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: half-OT: please remove spam-markers from subjects
jdebert, (since im not reply to the bully troll) he doesnt learn, worried about flame wars but kicks off by calling other people smart asses, just ignore him, most of the rest of the internet has done for a while On 10/1/14, Reindl Harald h.rei...@thelounge.net wrote: Am 30.09.2014 um 18:12 schrieb jdebert: On Mon, 29 Sep 2014 19:19:10 +0200 Reindl Harald h.rei...@thelounge.net wrote: Am 29.09.2014 um 19:14 schrieb Nels Lindquist: On 9/29/2014 10:54 AM, Reindl Harald wrote: please remove markers like [SPAM] if a mesage was flagged before reply - they lead often that a message goes to junk- instead the list-folder :-) Please teach your users to filter on the List-ID: header rather than Subject: for this list. The issue can be entirely avoided without requiring everyone else in the world to alter their behaviour the [SPAM] marker comes *before* all other sieve-filters otherwise it would not catch faked From-Headers it's not a big deal but i see that mistake sometimes also in business communication - not real good I do not see any subject lines in this thread with [SPAM] in them. I rarely see them in this list at all. (I suspect people are aware it can cause some poorer filtering implementations to delete them.) so what - this was a new thread to not hijack others Perhaps you need to look closer to home for this problem? for sure not if it appears in the middle of subjects Meantime, it is highly recommended that, if someone subscribes to a list about spam, one MUST make an exception to their filtering rules as previously mentioned. It's also very sensible. It is ridiculous to insist that people talking about spam stop using the word spam the SA list has a -100 score that won't change the fact that it is in general a bad attitude not look at the subject of a mail someone writes, but so be it until another flamewar starts because some smart asses need to reply to a hint wich needs no repsonse at all and was intended to just point out a common mistake
Re: half-OT: please remove spam-markers from subjects
Am 03.10.2014 um 12:56 schrieb Nick Edwards: jdebert, (since im not reply to the bully troll) he doesnt learn, worried about flame wars but kicks off by calling other people smart asses, just ignore him, most of the rest of the internet has done for a while creep away damned stalker - nobody asked you and the only smart ass here is you - what was that with don't write me again and I wont have any need to abuse you back below and how did you treat roundcube developers and continue to abuse against me days later each time you are bored and seek posts from me? Nick Edwards | 26 Sep 18:01 2014 http://comments.gmane.org/gmane.mail.roundcube.user/4500 Weitergeleitete Nachricht Betreff: Re: [RCU] Time for new HTML Editor Datum: Tue, 30 Sep 2014 21:14:43 +1000 Von: Nick Edwards nick.z.edwa...@gmail.com An: Reindl Harald h.rei...@thelounge.net you hate how im talking to you? good! now you know what it felt like by all those newbies you belittle and bully, maybe you will think twice about bullying them and coming over as a fucking dictator again huh but probably not, nutters like you never learn. so you fuck off and dont write me again, and I wont have any need to abuse you back. starting now, so if you want no contact you better fucking not reply On 10/1/14, Reindl Harald h.rei...@thelounge.net wrote: Am 30.09.2014 um 18:12 schrieb jdebert: On Mon, 29 Sep 2014 19:19:10 +0200 Reindl Harald h.rei...@thelounge.net wrote: Am 29.09.2014 um 19:14 schrieb Nels Lindquist: On 9/29/2014 10:54 AM, Reindl Harald wrote: please remove markers like [SPAM] if a mesage was flagged before reply - they lead often that a message goes to junk- instead the list-folder :-) Please teach your users to filter on the List-ID: header rather than Subject: for this list. The issue can be entirely avoided without requiring everyone else in the world to alter their behaviour the [SPAM] marker comes *before* all other sieve-filters otherwise it would not catch faked From-Headers it's not a big deal but i see that mistake sometimes also in business communication - not real good I do not see any subject lines in this thread with [SPAM] in them. I rarely see them in this list at all. (I suspect people are aware it can cause some poorer filtering implementations to delete them.) so what - this was a new thread to not hijack others Perhaps you need to look closer to home for this problem? for sure not if it appears in the middle of subjects Meantime, it is highly recommended that, if someone subscribes to a list about spam, one MUST make an exception to their filtering rules as previously mentioned. It's also very sensible. It is ridiculous to insist that people talking about spam stop using the word spam the SA list has a -100 score that won't change the fact that it is in general a bad attitude not look at the subject of a mail someone writes, but so be it until another flamewar starts because some smart asses need to reply to a hint wich needs no repsonse at all and was intended to just point out a common mistake signature.asc Description: OpenPGP digital signature
Re: Googlasi, blacklotus, etc.
I get a lot of these too. What finally worked for me was setting up greylisting with postgrey. -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Googlasi-blacklotus-etc-tp111984p112054.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: half-OT: please remove spam-markers from subjects
thats funny, I could have sworn I replied and addressed to jdebert, oh lookie, so I did, you just cant help yourself fool, I think we know who the paranoid delusional stalker is reindl, get help, but no one here is qualified to give you the help you need, and might i remind you again dumb fuck, I was on this list a long time before you showed up here, so check hte definition of stalk, you fruitcake, I warned you what would happen if you contact me again, what happens now is your own doing skitzo boy. On 10/3/14, Reindl Harald h.rei...@thelounge.net wrote: Am 03.10.2014 um 12:56 schrieb Nick Edwards: jdebert, (since im not reply to the bully troll) he doesnt learn, worried about flame wars but kicks off by calling other people smart asses, just ignore him, most of the rest of the internet has done for a while creep away damned stalker - nobody asked you and the only smart ass here is you - what was that with don't write me again and I wont have any need to abuse you back below and how did you treat roundcube developers and continue to abuse against me days later each time you are bored and seek posts from me? Nick Edwards | 26 Sep 18:01 2014 http://comments.gmane.org/gmane.mail.roundcube.user/4500 Weitergeleitete Nachricht Betreff: Re: [RCU] Time for new HTML Editor Datum: Tue, 30 Sep 2014 21:14:43 +1000 Von: Nick Edwards nick.z.edwa...@gmail.com An: Reindl Harald h.rei...@thelounge.net you hate how im talking to you? good! now you know what it felt like by all those newbies you belittle and bully, maybe you will think twice about bullying them and coming over as a fucking dictator again huh but probably not, nutters like you never learn. so you fuck off and dont write me again, and I wont have any need to abuse you back. starting now, so if you want no contact you better fucking not reply On 10/1/14, Reindl Harald h.rei...@thelounge.net wrote: Am 30.09.2014 um 18:12 schrieb jdebert: On Mon, 29 Sep 2014 19:19:10 +0200 Reindl Harald h.rei...@thelounge.net wrote: Am 29.09.2014 um 19:14 schrieb Nels Lindquist: On 9/29/2014 10:54 AM, Reindl Harald wrote: please remove markers like [SPAM] if a mesage was flagged before reply - they lead often that a message goes to junk- instead the list-folder :-) Please teach your users to filter on the List-ID: header rather than Subject: for this list. The issue can be entirely avoided without requiring everyone else in the world to alter their behaviour the [SPAM] marker comes *before* all other sieve-filters otherwise it would not catch faked From-Headers it's not a big deal but i see that mistake sometimes also in business communication - not real good I do not see any subject lines in this thread with [SPAM] in them. I rarely see them in this list at all. (I suspect people are aware it can cause some poorer filtering implementations to delete them.) so what - this was a new thread to not hijack others Perhaps you need to look closer to home for this problem? for sure not if it appears in the middle of subjects Meantime, it is highly recommended that, if someone subscribes to a list about spam, one MUST make an exception to their filtering rules as previously mentioned. It's also very sensible. It is ridiculous to insist that people talking about spam stop using the word spam the SA list has a -100 score that won't change the fact that it is in general a bad attitude not look at the subject of a mail someone writes, but so be it until another flamewar starts because some smart asses need to reply to a hint wich needs no repsonse at all and was intended to just point out a common mistake
Re: [SA-Users] Re: half-OT: please remove spam-markers from subjects
Would it be possible for both of you to knock off this juvenile pissing contest on a public mailing list? Please? John -- I for one welcome our new computer overlords. -- Ken Jennings a former Jeopardy! quiz show champion, writing on his video screen as he faced certain defeat by IBM's Watson computer. pgpS4Do8QJ840.pgp Description: PGP signature
Re: half-OT: please remove spam-markers from subjects
On 10/3/14 10:46 AM, Nick Edwards nick.z.edwa...@gmail.com wrote: On 10/3/14, Reindl Harald h.rei...@thelounge.net wrote: Am 03.10.2014 um 12:56 schrieb Nick Edwards: May I suggest the two of you either settle this with a machete fight (offlist!) or by being the bigger person and *not responding* to each other, including passive-agressive I'm not speaking to him but would you please tell him he's a big ol' poopy-head comments? Alternately, may I request a list moderator review the signal:noise ratio associated with this feud and take appropriate action? -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
Re: half-OT: please remove spam-markers from subjects
Oh dear. Please could you keep your arguments and name-calling off-list? It's not nice seeing people being so unpleasant. Thanks! Anthony -- www.fonant.com - Quality web sites Tel. 01903 867 810 Fonant Ltd is registered in England and Wales, company No. 7006596 Registered office: Amelia House, Crescent Road, Worthing, West Sussex, BN11 1QR
Re: half-OT: please remove spam-markers from subjects
Am 03.10.2014 um 17:46 schrieb Nick Edwards: thats funny, I could have sworn I replied and addressed to jdebert if you refer to me you are not in the position to decide that oh lookie, so I did, you just cant help yourself fool, I think we know who the paranoid delusional stalker is reindl, get help, but no one here is qualified to give you the help you need, and might i remind you again dumb fuck, I was on this list a long time before you showed up here, so check hte definition of stalk the point is that i never talked to you or care where you are you permanently opening your mouth unasked everywhere in my directtion you fruitcake, I warned you what would happen if you contact me again, what happens now is your own doing skitzo boy. you are not in the position to warn anybody and i did not contact you until you decdied to continue your attacks http://comments.gmane.org/gmane.mail.roundcube.user/4500 Nick Edwards | 27 Sep 12:14 2014 mind your own business , you dont get to play netcopper either so don't you and we would have no problem at all On 10/3/14, Reindl Harald h.rei...@thelounge.net wrote: Am 03.10.2014 um 12:56 schrieb Nick Edwards: jdebert, (since im not reply to the bully troll) he doesnt learn, worried about flame wars but kicks off by calling other people smart asses, just ignore him, most of the rest of the internet has done for a while creep away damned stalker - nobody asked you and the only smart ass here is you - what was that with don't write me again and I wont have any need to abuse you back below and how did you treat roundcube developers and continue to abuse against me days later each time you are bored and seek posts from me? Nick Edwards | 26 Sep 18:01 2014 http://comments.gmane.org/gmane.mail.roundcube.user/4500 Weitergeleitete Nachricht Betreff: Re: [RCU] Time for new HTML Editor Datum: Tue, 30 Sep 2014 21:14:43 +1000 Von: Nick Edwards nick.z.edwa...@gmail.com An: Reindl Harald h.rei...@thelounge.net you hate how im talking to you? good! now you know what it felt like by all those newbies you belittle and bully, maybe you will think twice about bullying them and coming over as a fucking dictator again huh but probably not, nutters like you never learn. so you fuck off and dont write me again, and I wont have any need to abuse you back. starting now, so if you want no contact you better fucking not reply On 10/1/14, Reindl Harald h.rei...@thelounge.net wrote: Am 30.09.2014 um 18:12 schrieb jdebert: On Mon, 29 Sep 2014 19:19:10 +0200 Reindl Harald h.rei...@thelounge.net wrote: Am 29.09.2014 um 19:14 schrieb Nels Lindquist: On 9/29/2014 10:54 AM, Reindl Harald wrote: please remove markers like [SPAM] if a mesage was flagged before reply - they lead often that a message goes to junk- instead the list-folder :-) Please teach your users to filter on the List-ID: header rather than Subject: for this list. The issue can be entirely avoided without requiring everyone else in the world to alter their behaviour the [SPAM] marker comes *before* all other sieve-filters otherwise it would not catch faked From-Headers it's not a big deal but i see that mistake sometimes also in business communication - not real good I do not see any subject lines in this thread with [SPAM] in them. I rarely see them in this list at all. (I suspect people are aware it can cause some poorer filtering implementations to delete them.) so what - this was a new thread to not hijack others Perhaps you need to look closer to home for this problem? for sure not if it appears in the middle of subjects Meantime, it is highly recommended that, if someone subscribes to a list about spam, one MUST make an exception to their filtering rules as previously mentioned. It's also very sensible. It is ridiculous to insist that people talking about spam stop using the word spam the SA list has a -100 score that won't change the fact that it is in general a bad attitude not look at the subject of a mail someone writes, but so be it until another flamewar starts because some smart asses need to reply to a hint wich needs no repsonse at all and was intended to just point out a common mistake signature.asc Description: OpenPGP digital signature
Re: half-OT: please remove spam-markers from subjects
On 29 Sep 2014, at 11:19 , Reindl Harald h.rei...@thelounge.net wrote: Am 29.09.2014 um 19:14 schrieb Nels Lindquist: On 9/29/2014 10:54 AM, Reindl Harald wrote: please remove markers like [SPAM] if a mesage was flagged before reply - they lead often that a message goes to junk- instead the list-folder :-) Please teach your users to filter on the List-ID: header rather than Subject: for this list. The issue can be entirely avoided without requiring everyone else in the world to alter their behaviour the [SPAM] marker comes *before* all other sieve-filters otherwise it would not catch faked From-Headers You should not be filtering on Subject. Scoring on subject is fine, but filtering on it is a terrible idea. -- Get your facts first, and then you can distort them as much as you please. - Mark Twain
Re: half-OT: please remove spam-markers from subjects
Am 03.10.2014 um 19:11 schrieb LuKreme: On 29 Sep 2014, at 11:19 , Reindl Harald h.rei...@thelounge.net wrote: Am 29.09.2014 um 19:14 schrieb Nels Lindquist: On 9/29/2014 10:54 AM, Reindl Harald wrote: please remove markers like [SPAM] if a mesage was flagged before reply - they lead often that a message goes to junk- instead the list-folder :-) Please teach your users to filter on the List-ID: header rather than Subject: for this list. The issue can be entirely avoided without requiring everyone else in the world to alter their behaviour the [SPAM] marker comes *before* all other sieve-filters otherwise it would not catch faked From-Headers You should not be filtering on Subject. Scoring on subject is fine, but filtering on it is a terrible idea i try to explain the intention of the thread a last time: * what i filter or not don't matter, i look in my junk-folder * it was meant as friendly reminder if somebody don't whitelist the SA list which is the reason [SPAM] appears in *his* incoming mail it is a good idea after press reply remove that marker * i just don't get what needs a discussion about such a hint * it is a bad idea to write mails with spam-markers in the subject because you never know how they are treated in case of the different RCPT's on a mailing list and since *your intention as sender* is that the list-members reveive your mail *it is in your intention* to not put things in the subject making that more unlikely again: it is not a matter of talking about spam on the SA list it is just a matter if you already made the mistake pass the list mail through your contentfilter don't amplify it by bounce back the marker in your response do i personally care? no - why should i? it's not my mail which may get not the attention the sender likes signature.asc Description: OpenPGP digital signature
Re: half-OT: please remove spam-markers from subjects
On 03 Oct 2014, at 11:21 , Reindl Harald h.rei...@thelounge.net wrote: Am 03.10.2014 um 19:11 schrieb LuKreme: On 29 Sep 2014, at 11:19 , Reindl Harald h.rei...@thelounge.net wrote: Am 29.09.2014 um 19:14 schrieb Nels Lindquist: On 9/29/2014 10:54 AM, Reindl Harald wrote: please remove markers like [SPAM] if a mesage was flagged before reply - they lead often that a message goes to junk- instead the list-folder :-) Please teach your users to filter on the List-ID: header rather than Subject: for this list. The issue can be entirely avoided without requiring everyone else in the world to alter their behaviour the [SPAM] marker comes *before* all other sieve-filters otherwise it would not catch faked From-Headers You should not be filtering on Subject. Scoring on subject is fine, but filtering on it is a terrible idea i try to explain the intention of the thread a last time: * what i filter or not don't matter, i look in my junk-folder * it was meant as friendly reminder if somebody don't whitelist the SA list which is the reason [SPAM] appears in *his* incoming mail it is a good idea after press reply remove that marker His is whose? A lot of people add [TAGS] to their incoming mail. If someone adds [SPAM] to list coming from here that’s fine. No one should be running SA on messages to this list anyway. * i just don't get what needs a discussion about such a hint It doesn’t sound like a hint, and it’s not useful, and it doesn’t do anything that I can see other than annoy people who’ve replied to you. * it is a bad idea to write mails with spam-markers in the subject [SPAM] is not a spam marker I’ve ever seen so it seems perfectly OK to me. If they were adding something like (Spam? 7.9) then you might, maybe, just possibly, have an argument. because you never know how they are treated in case of the different RCPT's on a mailing list and since *your intention as sender* is that the list-members reveive your mail *it is in your intention* to not put things in the subject making that more unlikely How mail is treated by the recipient is up to the recipient. again: it is not a matter of talking about spam on the SA list it is just a matter if you already made the mistake pass the list mail through your contentfilter don't amplify it by bounce back the marker in your response You are assuming, I think wrongly, that the [SPAM] tag is being used because of a content filter and not simply a tag to identify the name of the list. do i personally care? no - why should i? Then why have you gone on so long about it? it's not my mail which may get not the attention the sender likes Then I suggest you take a page from Bobby McFerrin, “Don’t worry, be happy” and just assume the people subscribed to this mailing list know what they are doing. -- It was all very well going about pure logic and how the universe was ruled by logic and the harmony of numbers, but the plain fact was that the disc was manifestly traversing space on the back of a giant turtle and the gods had a habit of going round to atheists' houses and smashing their windows.
Re: half-OT: please remove spam-markers from subjects
Am 03.10.2014 um 19:34 schrieb LuKreme: [SPAM] is not a spam marker I’ve ever seen so it seems perfectly OK to me You are assuming, I think wrongly, that the [SPAM] tag is being used because of a content filter and not simply a tag to identify the name of the list it is the *default* tag for a lot of commercial spamfilters if a message was detected as spam but not high enough to drop there is a reason why i had that sieve-filter and i saw that tagging over many years from a lot of other users not only the one with Barracuda Networks products signature.asc Description: OpenPGP digital signature
Re: half-OT: please remove spam-markers from subjects
FYI, this person is banned from some lists for trolling. Might be worthwhile for list-admin to consider that. https://www.google.de/search?hl=deas_q=Harald+Reindl+troll Kai
Re: half-OT: please remove spam-markers from subjects
Am 03.10.2014 um 19:47 schrieb Kai Schaetzl: FYI, this person is banned from some lists for trolling. Might be worthwhile for list-admin to consider that. https://www.google.de/search?hl=deas_q=Harald+Reindl+troll thank you for your intervention and support of the two guys which are unhappy on several lsts that i do my best for a long time now to not overreact as in the past and continue their provocations when they see a chance why did you not read the following thread i already linked *before* hook up to Nicks ongoing provocations http://www.gossamer-threads.com/lists/spamassassin/users/187913 signature.asc Description: OpenPGP digital signature
Re: half-OT: please remove spam-markers from subjects
On 10/3/2014 1:47 PM, Kai Schaetzl wrote: FYI, this person is banned from some lists for trolling. Might be worthwhile for list-admin to consider that. https://www.google.de/search?hl=deas_q=Harald+Reindl+troll As of yet, I've not seen anything that has stepped to that level and let's focus on the current content and leave past issues behind, please. Plus in the scale of people I don't like, Trolls is actually pretty high: Slow walkers at the Mall . . . Trolls . . . . . . Politicians . . . . Spammers . . . Teenagers on my lawn Regards, KAM
Re: half-OT: please remove spam-markers from subjects
On 9/29/2014 10:54 AM, Reindl Harald wrote: please remove markers like [SPAM] if a mesage was flagged before reply - they lead often that a message goes to junk- instead the list-folder :-) On 03.10.14 11:11, LuKreme wrote: You should not be filtering on Subject. Scoring on subject is fine, but filtering on it is a terrible idea. I have to agree with Reindl (not that I'd like to...). The [spam] in subject has more side-effects and really does not belong to list mail... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory.
Re: spamassassin working very poorly
Am 03.10.2014 um 21:07 schrieb Nick: Over the last few months, spamassassin has begun barely working for me spammers also learn SPAM is so bad that I've actually started training it - which is something I've never had to do in the past. So I've collected 370+ e-mails over the last few days, and had sa-learn regularly read in these messages Training it doesn't seem to have made any impact. if you only train spam samples nothing will happen you need *at least* 200 ham samples to start bayes get used and you really really don't want it any other way because it would kill all your legit mail - the filter needs to know differences and not every single word appeared in the spam-only samples to give a spam score you need to careful floow this: https://wiki.apache.org/spamassassin/BayesInSpamAssassin X-Spam-Status: No, score=1.1 required=5.0 tests=HTML_FONT_LOW_CONTRAST, HTML_MESSAGE,MIME_HTML_ONLY,SPF_PASS,T_REMOTE_IMAGE,T_RP_MATCHES_RCVD, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 there is no BAYES tag and so it is not used signature.asc Description: OpenPGP digital signature
Re: spamassassin working very poorly
On 10/3/2014 3:07 PM, Nick wrote: Over the last few months, spamassassin has begun barely working for me. SPAM is so bad that I've actually started training it - which is something I've never had to do in the past. So I've collected 370+ e-mails over the last few days, and had sa-learn regularly read in these messages. Training it doesn't seem to have made any impact. It's adding the header information. Here is the header from a spam that just got through: X-Spam-Status: No, score=1.1 required=5.0 tests=HTML_FONT_LOW_CONTRAST, HTML_MESSAGE,MIME_HTML_ONLY,SPF_PASS,T_REMOTE_IMAGE,T_RP_MATCHES_RCVD, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 No Bayes rule matched. This means one of three things: 1) You have disabled Bayes, in which case learning will do nothing. 2) You are only training on spam and have not yet trained the minimum 200 ham for Bayes to start scoring. You have to train regularly on both ham and spam for best results. 3) You are training the wrong database. Make sure you are running sa-learn as the same user SpamAssassin is running as. -- Bowie
Re: spamassassin working very poorly
On Fri, 3 Oct 2014, Nick wrote: X-Spam-Status: No, score=1.1 required=5.0 tests=HTML_FONT_LOW_CONTRAST, HTML_MESSAGE,MIME_HTML_ONLY,SPF_PASS,T_REMOTE_IMAGE,T_RP_MATCHES_RCVD, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 URIBL_BLOCKED = set up a local recursing (NOT forwarding!) name server for your mail subsystem (MTA + SA). You're currently using a forwarding nameserver that is forwarding to an upstream nameserver that is aggregating your URIBL query traffic with others' to the degree that the free usage limit is exceeded. And, as already noted, train ham as well. No BAYES_* hits at all means bayes is either disabled, or not sufficiently trained. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A well educated Electorate, being necessary to the liberty of a free State, the Right of the People to Keep and Read Books, shall not be infringed. ...means only registered voters can read books, and only those books obtained with State permission from State-controlled bookstores? --- Tomorrow: the 10th anniversary of SpaceshipOne winning the X-prize
RE: spamassassin working very poorly
Thanks guys, I just trained in 2089 legitimate ham messages, so hopefully that will do the trick. And also thanks to you John, as I didn't even see that URIBL_BLOCKED. I've setup a local recursion DNS server, which seems to have taken care of it. Crossing my fingers that this has a positive impact on things. I'll update after some time has gone by. - Nick -Original Message- From: Reindl Harald [mailto:h.rei...@thelounge.net] Sent: Friday, October 03, 2014 3:17 PM To: users@spamassassin.apache.org Subject: Re: spamassassin working very poorly Am 03.10.2014 um 21:07 schrieb Nick: Over the last few months, spamassassin has begun barely working for me spammers also learn SPAM is so bad that I've actually started training it - which is something I've never had to do in the past. So I've collected 370+ e-mails over the last few days, and had sa-learn regularly read in these messages Training it doesn't seem to have made any impact. if you only train spam samples nothing will happen you need *at least* 200 ham samples to start bayes get used and you really really don't want it any other way because it would kill all your legit mail - the filter needs to know differences and not every single word appeared in the spam-only samples to give a spam score you need to careful floow this: https://wiki.apache.org/spamassassin/BayesInSpamAssassin X-Spam-Status: No, score=1.1 required=5.0 tests=HTML_FONT_LOW_CONTRAST, HTML_MESSAGE,MIME_HTML_ONLY,SPF_PASS,T_REMOTE_IMAGE,T_RP_MATCHES_RCVD, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 there is no BAYES tag and so it is not used
Many X- headers - possible spam sign?
Hi, I've noticed a trend in which spammers put in a bunch of X- header purporting to show that a message is good. I've appended sample headers (slightly obfuscated to hide recipient) below. I wonder if a test for more than (say) 8 X-* header in an inbound mail would be a good spam indicator? Regards, David. = Received: from mail.com ([190.237.242.198]) by colo10.roaringpenguin.com with ESMTP id s93JmajB021470 for redac...@example.com; Fri, 3 Oct 2014 15:48:39 -0400 Return-Path: americanexpr...@welcome.aexp.com Delivered-To: redac...@example.com X-Virus-Scanned: OK X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-19882-c X-CMAE-Scan-Result: 0 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-19849-c X-CMAE-Scan-Result: 0 X-Orig-To: redac...@example.com X-Originating-Ip: [209.67.98.59] Received: from SEFE63.seaprod.com (unknown [192.168.72.11]) by mailsea.docusign.net (Postfix) with ESMTP id KQAF5JDDV4IK for redac...@example.com; Fri, 3 Oct 2014 14:48:44 -0500 X-DKIM: Sendmail DKIM Filter v2.8.2 mailsea.docusign.net JQ9N42F3MTC8 Received: from docusign.net ([127.0.0.1]) by SEFE19.seaprod.com with Microsoft SMTPSVC(7.5.7601.17514); Fri, 3 Oct 2014 14:48:44 -0500 Sender: American Express americanexpr...@welcome.aexp.com Reply-To: American Express americanexpr...@welcome.aexp.com From: American Express americanexpr...@welcome.aexp.com To: redac...@example.com Message-ID: 2sui4otn561x0wm7252lx58t61e...@welcome.aexp.com Date: Fri, 3 Oct 2014 14:48:44 -0500 Subject: Security Concern on Your American Express Account MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_FFTENOOC_L24J_U12E_AEA3_LA0JA0R78GGI X-OriginalArrivalTime: Fri, 3 Oct 2014 14:48:44 -0500 FILETIME=[61006395:87205310]
Re: Many X- headers - possible spam sign?
On 10/3/2014 3:55 PM, David F. Skoll wrote: Hi, I've noticed a trend in which spammers put in a bunch of X- header purporting to show that a message is good. I've appended sample headers (slightly obfuscated to hide recipient) below. I wonder if a test for more than (say) 8 X-* header in an inbound mail would be a good spam indicator? I'd be happy to add something that counts X- headers and reports the spam score of my SA instance via your reporter module if you have a moment to whip something up. Regards, KAM
Re: Many X- headers - possible spam sign?
Am 03.10.2014 um 21:55 schrieb David F. Skoll: I've noticed a trend in which spammers put in a bunch of X- header purporting to show that a message is good. I've appended sample headers (slightly obfuscated to hide recipient) below. I wonder if a test for more than (say) 8 X-* header in an inbound mail would be a good spam indicator? hard to say in general, that are not so much X-Headers i have seen a lot of spam really tagged with such headers because some outgoing mailserver had indeed a spamfilter and the messages did not reach the block score and depending on how many hops a mail takes the number of such headers increases i would not take the amount of such headers into account just look at some mailing lists which have their own scanners adding headers and the innocent sender also has a outgoing scanner and may even not know about personally i ignore all that headers for training and strip them away on the MTA for inbound to finally face only the own ones bayes_ignore_header List-Archive bayes_ignore_header List-Help bayes_ignore_header List-Id bayes_ignore_header List-Post bayes_ignore_header List-Subscribe bayes_ignore_header List-Unsubscribe bayes_ignore_header Mailing-List bayes_ignore_header Precedence bayes_ignore_header X-ACL-Warn bayes_ignore_header X-Alimail-AntiSpam bayes_ignore_header X-Amavis-Modified bayes_ignore_header X-AntiAbuse bayes_ignore_header X-Antispam bayes_ignore_header X-Anti-Spam bayes_ignore_header X-Antivirus bayes_ignore_header X-Anti-Virus bayes_ignore_header X-Antivirus-Status bayes_ignore_header X-Antivirus-Version bayes_ignore_header X-Anti-Virus-Version bayes_ignore_header X-ASF-Spam-Status bayes_ignore_header X-ASG-Debug-ID bayes_ignore_header X-ASG-Orig-Subj bayes_ignore_header X-ASG-Recipient-Whitelist bayes_ignore_header X-ASG-Tag bayes_ignore_header X-Attachment-Id bayes_ignore_header X-Authenticated-As bayes_ignore_header X-Authenticated-Sender bayes_ignore_header X-Authenticated-User bayes_ignore_header X-Authvirus bayes_ignore_header X-Barracuda-Apparent-Source-IP bayes_ignore_header X-Barracuda-Bayes bayes_ignore_header X-Barracuda-BBL-IP bayes_ignore_header X-Barracuda-BRTS-Status bayes_ignore_header X-Barracuda-Connect bayes_ignore_header X-Barracuda-Encrypted bayes_ignore_header X-Barracuda-Envelope-From bayes_ignore_header X-Barracuda-Fingerprint-Found bayes_ignore_header X-Barracuda-Orig-Rcpt bayes_ignore_header X-Barracuda-RBL-IP bayes_ignore_header X-Barracuda-RBL-Trusted-Forwarder bayes_ignore_header X-Barracuda-Spam-Report bayes_ignore_header X-Barracuda-Spam-Score bayes_ignore_header X-Barracuda-Spam-Status bayes_ignore_header X-Barracuda-Start-Time bayes_ignore_header X-Barracuda-UID bayes_ignore_header X-Barracuda-URL bayes_ignore_header X-Barracuda-Virus-Alert bayes_ignore_header X-BeenThere bayes_ignore_header X-Cloud-Security bayes_ignore_header X-Complaints-To bayes_ignore_header X-Coremail-Antispam bayes_ignore_header X-Gmane-NNTP-Posting-Host bayes_ignore_header X-GMX-Antispam bayes_ignore_header X-GMX-Antivirus bayes_ignore_header X-He-Spam bayes_ignore_header X-Injected-Via-Gmane bayes_ignore_header X-Ironport bayes_ignore_header X-IronPort-Anti-Spam-Filtered bayes_ignore_header X-IronPort-Anti-Spam-Result bayes_ignore_header X-IronPort-AV bayes_ignore_header X-Klms-Anti bayes_ignore_header X-Klms-Antispam bayes_ignore_header X-Kse-Anti bayes_ignore_header X-Loom-IP bayes_ignore_header X-Mailman-Version bayes_ignore_header X-Mozilla-Keys bayes_ignore_header X-Mozilla-Status bayes_ignore_header X-Mozilla-Status2 bayes_ignore_header X-No-Relay bayes_ignore_header X-PerlMx-Virus-Scanned bayes_ignore_header X-PROLinux-SpamCheck bayes_ignore_header X-ServerMaster-MailScanner bayes_ignore_header X-Spam-Check-By bayes_ignore_header X-Spam-Checker-Version bayes_ignore_header X-SpamExperts-Domain bayes_ignore_header X-SpamExperts-Outgoing-Class bayes_ignore_header X-SpamExperts-Outgoing-Evidence bayes_ignore_header X-SpamExperts-Username bayes_ignore_header X-Spam-Flag bayes_ignore_header X-SPAM-FLAG bayes_ignore_header X-SpamInfo bayes_ignore_header X-Spam-Level bayes_ignore_header X-Spam-Processed bayes_ignore_header X-Spam-Report bayes_ignore_header X-Spam-Score bayes_ignore_header X-Spam-Score-Int bayes_ignore_header X-Spam-Status bayes_ignore_header X-Spam-Threshold bayes_ignore_header X-UI-Filterresults bayes_ignore_header X-UI-Loop bayes_ignore_header X-UI-Out-Filterresults bayes_ignore_header X-Univie-Virus-Scan bayes_ignore_header X-VirusChecked bayes_ignore_header X-Virus-Checker-Version bayes_ignore_header X-Virus-Scanned bayes_ignore_header X-Virus-Scanner-Version bayes_ignore_header X-Virus-Status = Received: from mail.com ([190.237.242.198]) by colo10.roaringpenguin.com with ESMTP id s93JmajB021470 for redac...@example.com; Fri, 3 Oct 2014 15:48:39 -0400 Return-Path: americanexpr...@welcome.aexp.com Delivered-To:
Re: Many X- headers - possible spam sign?
On Fri, 03 Oct 2014 22:02:59 +0200 Reindl Harald h.rei...@thelounge.net wrote: hard to say in general, that are not so much X-Headers i have seen a lot of spam really tagged with such headers because some outgoing mailserver had indeed a spamfilter and the messages did not reach the block score and depending on how many hops a mail takes the number of such headers increases That's true, but I think if we see headers from multiple vendors, it's pretty suspicious. Not many sites filter their mail via Barracuda *and* IronPort *and* KLMS *and* PerlMx *and* ... etc. Regards, David.
Re: Many X- headers - possible spam sign?
Sorry to follow up on myself, but... depending on how many hops a mail takes the number of such headers increases Yes, so a refinement may be to make the threshold depend in some way on the number of Received: headers too. This would clearly have to be an eval() test. Regards, David.
Re: Many X- headers - possible spam sign?
Am 03.10.2014 um 22:07 schrieb David F. Skoll: On Fri, 03 Oct 2014 22:02:59 +0200 Reindl Harald h.rei...@thelounge.net wrote: hard to say in general, that are not so much X-Headers i have seen a lot of spam really tagged with such headers because some outgoing mailserver had indeed a spamfilter and the messages did not reach the block score and depending on how many hops a mail takes the number of such headers increases That's true, but I think if we see headers from multiple vendors, it's pretty suspicious. Not many sites filter their mail via Barracuda *and* IronPort *and* KLMS *and* PerlMx *and* ... etc. true - but the assumption is only corcet if you take the number of Received headers into account, each hop may have his own unconditional filters - qualify if the mail-route at all is suspect may become error-prone signature.asc Description: OpenPGP digital signature
Re: Many X- headers - possible spam sign?
On 10/03/2014 09:55 PM, David F. Skoll wrote: Return-Path: americanexpr...@welcome.aexp.com Received: from mail.com ([190.237.242.198]) interesting... welcome.aexp.com. 14400 IN TXT v=spf1 mx a ip4:148.173.96.86 ip4:148.173.96.85 ip4:148.173.91.84 ip4:148.173.91.83 -all welcome.aexp.com. 14400 IN TXT spf2.0/pra mx a ip4:148.173.96.86 ip4:148.173.96.85 ip4:148.173.91.84 ip4:148.173.91.83 -all this is a SPF no brainer + HELO mail.com has been a dead safe blocked HELO, for at least 10 years.
Re: spamassassin working very poorly
Spammers also learn. I'm pretty sure some of them read this list. (I sure would if I were a spammer.) -- View this message in context: http://spamassassin.1065346.n5.nabble.com/spamassassin-working-very-poorly-tp112068p112080.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Many X- headers - possible spam sign?
On Fri, 03 Oct 2014 23:16:35 +0200 Axb axb.li...@gmail.com wrote: interesting... welcome.aexp.com. 14400 IN TXT v=... etc. Yes, I know all that... none of these spams is actually getting through. I just thought the many X-* headers might be a new pattern. Also, in this particular case, the Return-Path: americanexpr...@welcome.aexp.com header was fake... it was put there by the sender. The actual envelope sender was completely different: It was 41324...@mail.com. So it occurs to me that if a mail comes in with a Return-Path: header that does not match the envelope sender, that's another very suspicious sign. Regards, David.
Help needed with possible DNS problems
I'm new to SpamAssassin so not sure whether my logs indicate a problem. I can't be sure, but it looks like all attempts at checking DNS blacklists are failing. Running Debian Wheezy SpamAssassin package (v 3.2.2) spamd is invoked with the following options: --create-prefs --max-children 5 --username=vmail --nouser-config --virtual-config-dir=/var/spamassassin --helper-home-dir When I start spamd I get the following log: Oct 4 13:37:26 buildoneforme spamd[25172]: error creating a DNS resolver socket: Invalid argument at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 235. Oct 4 13:37:27 buildoneforme spamd[25172]: plugin: eval failed: error closing socket: Bad file descriptor at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 568. Here's what happens when spamd checks email (run from exim4) Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: rules: failed to run NO_DNS_FOR_FROM RBL test, skipping: Oct 4 13:38:47 buildoneforme spamd[25173]: (oops, no id at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46.) Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN8 line 46. Oct 4 13:38:47 buildoneforme spamd[25173]: plugin: eval failed: error closing socket: Bad file descriptor at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 568. I turned on debugging output with -D and here's a short extract from when spamd checks an email: Oct 4 14:00:08 buildoneforme spamd[25218]: dns: checking RBL bl.score.senderscore.com., set rnbl-lastexternal Oct 4 14:00:08 buildoneforme spamd[25218]: dns: IPs found: full-external: 209.85.215.48 untrusted: 209.85.215.48 originating: Oct 4 14:00:08 buildoneforme spamd[25218]: dns: only inspecting the following IPs: 209.85.215.48 Oct 4 14:00:08 buildoneforme spamd[25218]: dns: launching DNS A query for 48.215.85.209.bl.score.senderscore.com. in background Oct 4 14:00:08 buildoneforme spamd[25218]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN12 line 46. Oct 4 14:00:08 buildoneforme spamd[25218]: dns: checking RBL zen.spamhaus.org., set zen-lastexternal Oct 4 14:00:08 buildoneforme spamd[25218]: dns: IPs found: full-external: 209.85.215.48 untrusted: 209.85.215.48 originating: Oct 4 14:00:08 buildoneforme spamd[25218]: dns: only inspecting the following IPs: 209.85.215.48 Oct 4 14:00:08 buildoneforme spamd[25218]: dns: launching DNS A query for 48.215.85.209.zen.spamhaus.org. in background Oct 4 14:00:08 buildoneforme spamd[25218]: Use of uninitialized value in string ne at /usr/share/perl5/Mail/SpamAssassin/AsyncLoop.pm line 173, GEN12 line 46. Oct 4 14:00:08 buildoneforme spamd[25218]: dns: checking RBL psbl.surriel.com., set psbl-lastexternal Oct 4 14:00:08 buildoneforme spamd[25218]: dns: IPs found: full-external: 209.85.215.48 untrusted: