Re: Spam URLs based on my email address!
On 29 Sep 2016, at 8:16, Mark London wrote: This was a email message sent to my markrlon...@gmail.com account. Note the hostname of markrlondon23474.seksizlex.co! - Mark SrC="markrlondon23474.seksizlex.co/PFDWKUMKLVZ-NNHSLPKXP!uvobp/ralzgcsh~v/ Nothing new and easily done with a DNS wildcard: $ host markrlondon23474.seksizlex.co markrlondon23474.seksizlex.co is an alias for metrakareemlak.co.uk. metrakareemlak.co.uk has address 192.187.104.254 metrakareemlak.co.uk mail is handled by 10 metrakareemlak.co.uk. $ host babblebabblefoobarbaz.seksizlex.co babblebabblefoobarbaz.seksizlex.co is an alias for metrakareemlak.co.uk. metrakareemlak.co.uk has address 192.187.104.254 metrakareemlak.co.uk mail is handled by 10 metrakareemlak.co.uk. More interesting to me: There are weird patterns in the HTML you posted which match patterns I have in quite strong and rather old custom rules that I use on my own mail systems and systems I manage for others. Those rules are almost pointless *for those sites* these days, hitting a few times per month on average in 2016 across a half dozen systems with many thousands of messages reaching content filters daily. Those systems also reject the overwhelming majority of SMTP sessions at RCPT or earlier well before content filtering. This makes me wonder: where did that mail come from? I know that content, I've known that content for a decade, so I have to believe that most mail admins who don't have my level of narcissism have also noticed it and quietly have been tossing it for years. Apparently that does not include the geniuses at Google... So, anyway, where did that crap come from?
How to check that plugin is accessed?
I am running SpamAssassin under Amavisd-new (Mac OS X Yosemite; OS X Server). My local.cf file contains loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject header SUBJECT_IN_BLACKLIST eval:check_subject_in_blacklist() describe SUBJECT_IN_BLACKLIST Subject header is in user's black-list include /usr/local/mail/blacksubjects Other than lowering the score for subjects in the blacklist, is there a simple way to test that the plugin is loading? -- Vicki Vicki Brown cfcl.com/vlb twitter.com/vlb
Greymail and marketing junk
Hi all, Has anyone given any thought to special rules or methods designed to catch greymail? That is, mail that perhaps may be opt-in, but abusive, like marketing mailing lists or newsletters? This might include mail with List-Unsubscribe headers, but that's not necessarily enough to use to block an email. I've written a handful of rules based on Received headers for mail servers like 'businesswatchnetwork.com' or 'list-manage.net' etc, but there's obviously just too many of them and it's time-consuming. Any ideas for improving this process? Any thoughts on how the typical marketing email should be scored with bayes? Perhaps there's a DNSBL or other RBL out there whose purpose is to identify marketing domains? Is anyone interested in sharing resources to start such a thing?
Re: the right place to customize The Spamassassin installation
On 9/29/2016 11:10 AM, Reinier Carmona Lizana wrote: Because the amount of change that has taken spamassassin in the new version 3.4 I'm a little confused with how to configure it properly. For example, in /etc/mail/spamassasin it is a link to /etc/spamassassin in that I have no doubts. But the problem comes in knowing where I should modify files correctly so that when I update the sa-update, changes dont overwrite my config files andreally use the new rules. When I run sa-update see the new rules are placed in /var/lib/spamassassin/3.004000/updates_spamassassin_org/ my question is: Should I have to manually copy them to /etc/mail/spamassasin to ensure that Spamassasin are using it correctly? because I dont see anywhere that spamassasin references that are using newly downloaded new rules. The design is that anything in /etc/mail/spamassassin (or /etc/spamassassin/, or wherever your dist keeps the local config) will not be overwritten on an update. Your changes should go there. Do not touch /var/lib/spamassassin/... as those files will be overwritten on every sa-update. If you want to make changes, simply add your change to the local.cf file (or make your own *.cf file, just keep in mind they are processed in alphanumeric order). You don't have to duplicate the whole rule. If you want to change the score for a rule, just add your score line and it will take precedence over what is in the /var/lib/spamassassin files. -- Bowie
Re: the right place to customize The Spamassassin installation
On Thu, 29 Sep 2016 11:10:31 -0400 Reinier Carmona Lizana wrote: > Because the amount of change that has taken spamassassin in the new > version 3.4 I'm a little confused with how to configure it properly. I don't remember there being much difference from 3.*. > For example, in /etc/mail/spamassasin it is a link > to /etc/spamassassin in that I have no doubts. The locations are determined by whoever creates the package. > But the problem comes > in knowing where I should modify files correctly so that when I > update the sa-update, changes dont overwrite my config files and > really use the new rules. > > When I run sa-update see the new rules are placed in > /var/lib/spamassassin/3.004000/updates_spamassassin_org/ my question > is: > > Should I have to manually copy them to /etc/mail/spamassasin to > ensure that Spamassasin > are using it correctly? No, they are kept separate for good reason.
the right place to customize The Spamassassin installation
Because the amount of change that has taken spamassassin in the new version 3.4 I'm a little confused with how to configure it properly. For example, in /etc/mail/spamassasin it is a link to /etc/spamassassin in that I have no doubts. But the problem comes in knowing where I should modify files correctly so that when I update the sa-update, changes dont overwrite my config files and really use the new rules. When I run sa-update see the new rules are placed in /var/lib/spamassassin/3.004000/updates_spamassassin_org/ my question is: Should I have to manually copy them to /etc/mail/spamassasin to ensure that Spamassasin are using it correctly? because I dont see anywhere that spamassasin references that are using newly downloaded new rules.
Spam URLs based on my email address!
This was a email message sent to my markrlon...@gmail.com account. Note the hostname of markrlondon23474.seksizlex.co! - Mark SrC="markrlondon23474.seksizlex.co/PFDWKUMKLVZ-NNHSLPKXP!uvobp/ralzgcsh~v/460142604-11776440226-8559896522279839070966966999minh9795dx9n/cazhla-db00zaabb/NZV~VJM" Width="2.59" /> href="markrlondon23474.seksizlex.co/AUMBMVAFPEX-WOAQCYMGF!tqhva/ralzgcsh~xnhue/676991103-04107505774-8559896522279839070966966999minh9795dx9n/cazhla-db00zaabb/HVX~LAH" flipkart.com> SrC="markrlondon23474.seksizlex.co/ehxx/JZJLAU/vmtwg5y38thu9mgjf6l1nrbjnoj04jsp/4875/57/08/10fidellpim2.png/PBBUYSPXHVL!GEQNIN/VCX/10:04/IDE::SOKL::kryvha" flipkart.com alt=""> href="markrlondon23474.seksizlex.co/FPFRQMDMGRT-VFHBXTCEE!vnoae/ralzgcsh~pocx/193861999-79403564788-8559896522279839070966966999minh9795dx9n/cazhla-db00zaabb/EZK~CTR" flipkart.com> SrC="markrlondon23474.seksizlex.co/wbyp/RVWMHC/y6w9ppcm0hsq075ev3853381owvje5n2/2611/32/96/10fedltylifupim1.png/UZUFLWOEBBQ!VZNYPI/XME/79:11/SKX::DBNK::ejuzeu" flipkart.com alt=""> href="markrlondon23474.seksizlex.co/EJDGCVNMRMM-BOYQHEAGS!mdybe/ralzgcsh~qet/227625010-80266208845-8559896522279839070966966999minh9795dx9n/cazhla-db00zaabb/KKT~KUM"> SrC="markrlondon23474.seksizlex.co/ASVGTY/unsub.jpg" flipkart.com>