Re: Trust but verify
>On 4/25/2016 7:07 PM, David Jones wrote: >> score LOCAL__H_from_sample -10.0 >>> header LOCAL__H_from_sample ALL =~ /mail\.sample\.com/i >> Add it's IP to your trusted_networks and subtract a few points for >> ALL_TRUSTED. I wouldn't recommend subtracting 10 points as you >> still want to be able to block outbound spam if there there were a >> compromized account on that trusted server. If you don't properly >> filter outbound email then your mail server could become listed on >> RBLs. >> >> - Dave >> >> >This did the trick: >score ALL_TRUSTED -2 > >Thanks guys The nice side effect of doing it this way is if there is a compromised account on this trusted server and the trusted servers inserts the proper Received: or X-Originating-IP: headers, then SA will not hit ALL_TRUSTED and will perform RBL checks against that IP so you can properly score from earlier mail servers that you may not trust. If the mail originates on the trusted mail server or it doesn't put the proper headers, then it will hit ALL_TRUSTED.
Re: Trust but verify
On 4/25/2016 7:07 PM, David Jones wrote: score LOCAL__H_from_sample -10.0 header LOCAL__H_from_sample ALL =~ /mail\.sample\.com/i Add it's IP to your trusted_networks and subtract a few points for ALL_TRUSTED. I wouldn't recommend subtracting 10 points as you still want to be able to block outbound spam if there there were a compromized account on that trusted server. If you don't properly filter outbound email then your mail server could become listed on RBLs. - Dave This did the trick: score ALL_TRUSTED -2 Thanks guys
Re: Anyone else just blocking the ".top" TLD?
Am 26.04.2016 um 11:23 schrieb Heinrich Boeder: Hi, On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote: Recently seeing increase in spam from these gTLD: pro bid trade I didn´t see any spam from .pro, .bid or .trade gTLDs either. I was just wondering if it doesn´t make more sense to just give those domains a higher score in SA instead of blocking them right away with a MTA based REJECT Policy just enforce SPF in the MTA with a clear reject message as first step we do do that for all new gTLDs for a long time now automated by fetch current list from IANA every 24 hours and write MTA configs check_policy_service unix:private/spf-policy check_sender_access proxy:pcre:/etc/postfix/blacklist_tld.cf signature.asc Description: OpenPGP digital signature
Re: Anyone else just blocking the ".top" TLD?
Hi, On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote: Recently seeing increase in spam from these gTLD: pro bid trade I didn´t see any spam from .pro, .bid or .trade gTLDs either. I was just wondering if it doesn´t make more sense to just give those domains a higher score in SA instead of blocking them right away with a MTA based REJECT Policy. - heinrich heinr...@heinrichboeder.com -- www.heinrichboeder.com key: 0xC15DAD56 -- 363D 5BC3 9C45 9D09 3D78 1C28 DB68 F047 C15D AD56
RE: KAM error?
-Original Message- From: RW [mailto:rwmailli...@googlemail.com] Sent: 25 April 2016 13:13 To: users@spamassassin.apache.org Subject: Re: KAM error? On Mon, 25 Apr 2016 11:43:07 + Richard Mealing wrote: > Hi everyone, > > I'm seeing this a bit on google, but I'm not quite sure of the fix. on Google? - Yes apologies I was searching for this error on google and could not find much - only reinstall spamassassin! > Apr 25 12:41:21.264 [49367] warn: rules: failed to run __KAM_SPF_NONE > test, skipping: Apr 25 12:41:21.264 [49367] warn: (Can't locate > object method "check_for_spf_none" via package "Mail: > [...]:SpamAssassin::PerMsgStatus" at (eval 2219) line 825. Apr 25 > 12:41:21.264 [49367] warn: ) Apr 25 12:41:23.300 [49367] warn: lint: > 1 issues detected, please rerun with debug enabled for more > information > > Could someone point me to a link or something as I would really quite > like to use KAM if possible. Or should I not be using it? __KAM_SPF_NONE is just a duplicate of the ordinary rule SPF_NONE. The first thing I'd do is run spamassassin --lint and see what the the error is. - Thanks. That was actually a --lint. I was am using a milter on my mta to check for SPF, then using a header rule in SA which broke this, so I have now disabled that and it seems to be working! I have another question though - How often does KAM.cf get updated? Last I can see is March 30th. I'm just wondering if I should add something to cron say once per month? Thanks, Rich
Re: Anyone else just blocking the ".top" TLD?
On Apr 21, 2016, at 3:43 PM, Vincent Fox wrote: > Recently seeing increase in spam from these gTLD: > > pro > bid > trade I haven’t seen .pro myself, and all the .trade and .bid attempts have hit zen and been rejected in post screen before the DATA connection is even established. -- Everything that was magical was just a way of describing the world in words it couldn't ignore.