Re: Why doesn't HK_RANDOM_FROM trigger on this email address?
>Well, F. W. Nietzsche never had kids But almost never so many people have had the same father... :-p Now serious: Maybe you can add some more rules to deduce it may be a german email and score the RANDOM accordingly... ---PedroD.
Re: Why doesn't HK_RANDOM_FROM trigger on this email address?
On 19 Nov 2017, at 17:11 (-0500), Mark London wrote: Also, 5 consonants in a row, is unlikely. Well, F. W. Nietzsche never had kids, but I don't think the surname is extinct. I'm aware of multiple people with the surname Pietschmann. There is also a common practice of using a first initial and surname as a username and many Germanic surnames starting with sch[mlr], so I expect that 5 consonants in an email address local-part where 'sch' are the middle 3 characters are quite common. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole
Re: Why doesn't HK_RANDOM_FROM trigger on this email address?
Sent from my iPhone > On Nov 18, 2017, at 5:29 PM, RWwrote: > > On Sat, 18 Nov 2017 15:46:16 -0500 > Mark London wrote: > >> FWIW: It seems to me that HK_RANDOM_FROM should trigger on an email >> address like this: >> >> mqsjkeqgy...@sina.com >> >> But it doesn't. Yet it does trigger on this: >> >> dxn...@sina.com >> >> Curious. > > h and s are missing in this list of consonants > > [bcdfgjklmnpqrtvwxz]{5} > > so mqsjk isn't seen as 5 consonants in a row. It seems to me that s should be included, if it’s not followed by a consonant that normally might follow. I.e., c or h or t. Also, 5 consonants in a row, is unlikely. If nothing else, maybe there should be a HK_POSSIBLE_RANDOM_FROM that’s is more liberal. I’m combining that rule with other rules, such as DNSBLs, to detect likely spam. - Mark
Re: SA-Update not updating DB
On 17 Nov 2017, at 05:32, David Joneswrote: > If I don't hear any objections or negative feedback in the next 36 hours, I > will enable DNS updates tomorrow so sa-update will start automatically > updating rulesets on Sunday morning. Excellent! -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: sa-update ruleset updates enabled again
On 11/19/2017 08:45 AM, David Mehler wrote: Hi, How does one get the new SA update rules? Thanks. Dave. Basically run the sa-update command. This should be cron'd or otherwise run automatically by whatever "glue" is calling Spamassassin. The "glue" could be an MTA like Postfix/Sendmail/Exim/procmail/fetchmail via a milter using spamd/spamc, a higher level program like amavis/mimedefang/MailScanner, or an MUA (mail client) like Thunderbird/Apple Mail. The higher-level "glue" will usually have their own way for running sa-update automatically for you in the background so just do some Googling based on your "glue." It shouldn't be run more frequently than about 4 hours since there are only 2 updates a day currently around 3 AM UTC and 9 AM UTC. https://wiki.apache.org/spamassassin/RuleUpdates On 11/19/17, David Joneswrote: On 11/18/2017 09:37 PM, John Hardin wrote: On Sun, 19 Nov 2017, Benny Pedersen wrote: David Jones skrev den 2017-11-18 16:26: Heads up. DNS updates for sa-update have been enabled again. The next rules promotion will happen in about 11 hours around 2:30 AM UTC. heads up :=) -- David Jones
Re: sa-update ruleset updates enabled again
On 11/18/2017 09:37 PM, John Hardin wrote: On Sun, 19 Nov 2017, Benny Pedersen wrote: David Jones skrev den 2017-11-18 16:26: Heads up. DNS updates for sa-update have been enabled again. The next rules promotion will happen in about 11 hours around 2:30 AM UTC. heads up :=): delivery via smtp.ena.net[96.5.1.4]:25: host smtp.ena.net[96.5.1.4] said: 554 5.7.1 : Sender address rejected: Blocked TLD. Contact hostmas...@ena.com, supp...@ena.com or call (888)612-2880. (in reply to RCPT TO command) Right, published administrative contact addresses (particularly abuse@ and postmaster@) should have **no content filtering**. This is one of the more annoying things I run into when trying to be a good netizen, particularly when the domain gets all its email via Google. I have updated Postfix to not filter admin contacts so here comes the spam. :) I already had some local rules to subtract some points for these recipients in SA to make the blocking score 10.0 instead of the 6.0 default in MailScanner. -- David Jones
Re: sa-update ruleset updates enabled again
On 11/18/2017 09:46 AM, Benny Pedersen wrote: David Jones skrev den 2017-11-18 16:26: Heads up. DNS updates for sa-update have been enabled again. The next rules promotion will happen in about 11 hours around 2:30 AM UTC. may i ask why you tld block me ? sorry for asking here, private mails does not work I have allowed junc.eu. Normal mail flow on our mail filters doesn't receive any email from .eu so I allow them on-demand like this. Sorry about that. -- David Jones