Re: Why doesn't HK_RANDOM_FROM trigger on this email address?

2017-11-19 Thread Pedro David Marco 

>Well, F. W. Nietzsche never had kids
But almost never so many people have had the same father...  :-p
Now serious: Maybe you can add some more rules to deduce it may be a german 
email and score the RANDOM accordingly...

---PedroD.

Re: Why doesn't HK_RANDOM_FROM trigger on this email address?

2017-11-19 Thread Bill Cole 

On 19 Nov 2017, at 17:11 (-0500), Mark London wrote:


Also, 5 consonants in a row, is unlikely.


Well, F. W. Nietzsche never had kids, but I don't think the surname is 
extinct. I'm aware of multiple people with the surname Pietschmann. 
There is also a common practice of using a first initial and surname as 
a username and many Germanic surnames starting with sch[mlr], so I 
expect that 5 consonants in an email address local-part where 'sch' are 
the middle 3 characters are quite common.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

Re: Why doesn't HK_RANDOM_FROM trigger on this email address?

2017-11-19 Thread Mark London 
Sent from my iPhone

> On Nov 18, 2017, at 5:29 PM, RW  wrote:
> 
> On Sat, 18 Nov 2017 15:46:16 -0500
> Mark London wrote:
> 
>> FWIW: It seems to me that HK_RANDOM_FROM should trigger on an email 
>> address like this:
>> 
>> mqsjkeqgy...@sina.com
>> 
>> But it doesn't.   Yet it does trigger on this:
>> 
>> dxn...@sina.com
>> 
>> Curious.
> 
> h and s are missing in this list of consonants 
> 
>   [bcdfgjklmnpqrtvwxz]{5}
> 
> so mqsjk isn't seen as 5  consonants in a row. 

It seems to me that s should be included, if it’s not followed by a consonant 
that normally might follow.  I.e., c or h or t.  Also, 5 consonants in a row, 
is unlikely.

If nothing else, maybe there should be a HK_POSSIBLE_RANDOM_FROM that’s is more 
liberal.  I’m combining that rule with other rules, such as DNSBLs, to detect 
likely spam.

- Mark

Re: SA-Update not updating DB

2017-11-19 Thread @lbutlr 
On 17 Nov 2017, at 05:32, David Jones  wrote:
> If I don't hear any objections or negative feedback in the next 36 hours, I 
> will enable DNS updates tomorrow so sa-update will start automatically 
> updating rulesets on Sunday morning.



Excellent!



-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: sa-update ruleset updates enabled again

2017-11-19 Thread David Jones 

On 11/19/2017 08:45 AM, David Mehler wrote:

Hi,

How does one get the new SA update rules?

Thanks.
Dave.




Basically run the sa-update command.  This should be cron'd or otherwise 
run automatically by whatever "glue" is calling Spamassassin.  The 
"glue" could be an MTA like Postfix/Sendmail/Exim/procmail/fetchmail via 
a milter using spamd/spamc, a higher level program like 
amavis/mimedefang/MailScanner, or an MUA (mail client) like 
Thunderbird/Apple Mail.


The higher-level "glue" will usually have their own way for running 
sa-update automatically for you in the background so just do some 
Googling based on your "glue."  It shouldn't be run more frequently than 
about 4 hours since there are only 2 updates a day currently around 3 AM 
UTC and 9 AM UTC.


https://wiki.apache.org/spamassassin/RuleUpdates



On 11/19/17, David Jones  wrote:

On 11/18/2017 09:37 PM, John Hardin wrote:

On Sun, 19 Nov 2017, Benny Pedersen wrote:


David Jones skrev den 2017-11-18 16:26:

  Heads up.  DNS updates for sa-update have been enabled again. The next
  rules promotion will happen in about 11 hours around 2:30 AM UTC.


heads up :=)



--
David Jones

Re: sa-update ruleset updates enabled again

2017-11-19 Thread David Jones 

On 11/18/2017 09:37 PM, John Hardin wrote:

On Sun, 19 Nov 2017, Benny Pedersen wrote:


David Jones skrev den 2017-11-18 16:26:

 Heads up.  DNS updates for sa-update have been enabled again. The next
 rules promotion will happen in about 11 hours around 2:30 AM UTC.


heads up :=)

: delivery via smtp.ena.net[96.5.1.4]:25: host
    smtp.ena.net[96.5.1.4] said: 554 5.7.1 : Sender
    address rejected: Blocked TLD. Contact hostmas...@ena.com, 
supp...@ena.com

    or call (888)612-2880. (in reply to RCPT TO command)


Right, published administrative contact addresses (particularly abuse@ 
and postmaster@) should have **no content filtering**.


This is one of the more annoying things I run into when trying to be a 
good netizen, particularly when the domain gets all its email via Google.





I have updated Postfix to not filter admin contacts so here comes the 
spam.  :)  I already had some local rules to subtract some points for 
these recipients in SA to make the blocking score 10.0 instead of the 
6.0 default in MailScanner.


--
David Jones

Re: sa-update ruleset updates enabled again

2017-11-19 Thread David Jones 

On 11/18/2017 09:46 AM, Benny Pedersen wrote:

David Jones skrev den 2017-11-18 16:26:

Heads up.  DNS updates for sa-update have been enabled again. The next
rules promotion will happen in about 11 hours around 2:30 AM UTC.


may i ask why you tld block me ?

sorry for asking here, private mails does not work


I have allowed junc.eu.  Normal mail flow on our mail filters doesn't 
receive any email from .eu so I allow them on-demand like this.  Sorry 
about that.


--
David Jones