Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Stephan Seitz 

On Mi, Jul 03, 2019 at 09:43:02 +, Riccardo Alfieri wrote:
You can find all the needed files here: 
https://github.com/spamhaus/spamassassin-dqs


I’m trying it but I get Perl warnings if I restart spamassassin:
fsing spamd 11170 - -  Use of uninitialized value $this_domain in concatenation 
(.) or string at /etc/spamassassin/SH.pm line 120.
fsing spamd 11170 - -  Use of uninitialized value $this_domain in concatenation 
(.) or string at /etc/spamassassin/SH.pm line 125.
fsing spamd 11170 - -  Use of uninitialized value $this_domain in concatenation 
(.) or string at /etc/spamassassin/SH.pm line 130.
fsing spamd 11170 - -  Use of uninitialized value $this_domain in concatenation 
(.) or string at /etc/spamassassin/SH.pm line 135.
fsing spamd 11170 - -  Use of uninitialized value $_ in pattern match (m//) at 
/etc/spamassassin/SH.pm line 139.

By the way is this plugin necessary if you are using postfix/postscreen 
with your DQS key?


Shade and sweet water!

Stephan

--
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |


smime.p7s
Description: S/MIME cryptographic signature

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Riccardo Alfieri 

On 03/07/19 20:02, David Gibbs wrote:

I downloaded the version that was on the install page.  It has a date 
tag of 20190621.


https://docs.spamhaustech.com/40-real-world-usage/SpamAssassin/020-SpamAssassin.html 



I'll update to the github version.

Yes please take the github version as the latest one, we are in the 
process of updating the docs.spamhaustech.com website but it is taking 
some time :)


--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread micah anderson 
Giovanni Bechis  writes:

> On 7/3/19 7:11 PM, Riccardo Alfieri wrote:
>> On 03/07/19 17:59, atat wrote:
>> 
>>> You say in documentation:
>>>
>>>  You should also drop, by default, all Office documents with macros.
>>>
>>> What plugin / method do You reccomend for that ?
>> 
>> I'm no expert in detecting macros, but there at least two ways of doing that 
>> that comes to mind:
>> 
>> - Clamav with the option OLE2BlockMacros

Reading up on OLE2BlockMacros in clamav, I'm very confused by
https://www.mail-archive.com/clamav-users@lists.clamav.net/msg42671.html

Specifically:

Setting 'OLE2BlockMacros Yes' effectively causes
'Heuristics.OLE2.ContainsMacros' to be returned, and disables all
official and unofficial signatures.

When 'OLE2BlockMacros Yes' this causes 'Heuristics.OLE2.ContainsMacros'
to be returned first and all other signatures that are not against
uncompressed macros are ignored. You only get one signature back and
that is the first one hit, which may be a 'soft' signature ie one you
mightn't discard an email on, such as Heuristics.OLE2.ContainsMacros,
even though 'hard' signatures official or unofficial might also have hit
if they had been run later .

> This has been superseded by 
> https://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEMacro.pm
> the plugin is for trunk but it works out of the box in 3.4.3rc3 as well (some 
> work is needed to let it work on 3.4.2)

Can't these be blocked at the MTA level to be much more CPU friendly?

-- 
micah

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread David Gibbs 

On 7/3/19 11:24 AM, Riccardo Alfieri wrote:

And 'Data::Validate::Domain'.



That was for an older version of the plugin, it's now not needed anymore.

Get the code from the github repository to have the latest version.


I downloaded the version that was on the install page.  It has a date tag of 
20190621.


https://docs.spamhaustech.com/40-real-world-usage/SpamAssassin/020-SpamAssassin.html

I'll update to the github version.

david




--
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding 615 miles (Yes, you read that right) in the American Diabetes 
Association's Tour de Cure to raise money for diabetes research, education, 
advocacy, and awareness.  You can make a tax-deductible donation to my ride by 
visiting https://gmane.diabetessucks.net.


You can see where my donations come from by visiting my interactive donation map 
... https://gmane.diabetessucks.net/map (it's a geeky thing).


I may have diabetes, but diabetes doesn't have me!

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Riccardo Alfieri 

On 03/07/19 18:01, Larry Rosenman wrote:



I'm seeing the following:

...
<20>1 2019-07-03T10:59:51.00-05:00 thebighonker.lerctr.org spamd 
80260 - - Use of uninitialized value $_ in pattern match (m//) at 
/usr/local/etc/mail/spamassassin/SH.pm line 139.


Is this a bug in my setup or a bug in the plugin?


FYI, this has been solved offlist with Larry's help.

If you use Exim you should download the latest plugin version

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Giovanni Bechis 
On 7/3/19 7:11 PM, Riccardo Alfieri wrote:
> On 03/07/19 17:59, atat wrote:
> 
>> You say in documentation:
>>
>>  You should also drop, by default, all Office documents with macros.
>>
>> What plugin / method do You reccomend for that ?
> 
> I'm no expert in detecting macros, but there at least two ways of doing that 
> that comes to mind:
> 
> - Clamav with the option OLE2BlockMacros
> 
> - This package https://github.com/bigio/spamassassin-vba-macro
>
This has been superseded by 
https://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEMacro.pm
the plugin is for trunk but it works out of the box in 3.4.3rc3 as well (some 
work is needed to let it work on 3.4.2)
 
  Giovanni

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Riccardo Alfieri 

On 03/07/19 17:59, atat wrote:


You say in documentation:

 You should also drop, by default, all Office documents with macros.

What plugin / method do You reccomend for that ?


I'm no expert in detecting macros, but there at least two ways of doing 
that that comes to mind:


- Clamav with the option OLE2BlockMacros

- This package https://github.com/bigio/spamassassin-vba-macro

Or you could patch something up with python oletools

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Riccardo Alfieri 

On 03/07/19 18:05, Chris Conn wrote:


Hello,

I am having a quick look over the config as am intrigued by this 
plugin; what is the motivation to change the RCVD_IN_XXX dnsbl lookups 
to utilize the per-user key system?  Is this a pre-cursor to an 
eventual phase-out of the typical 20_dnsbl_tests.conf mecanisms?



Hi,

public mirrors will stay there for a*long* time, don't worry :)

The whole point of using DQS instead of them is how fast DQS is updated 
compared to the mirrors. Mirrors can take up to a minute to have fresh 
data pushed to, and, while 60 seconds could seem like an acceptable 
time, it is *not* when dealing with hailstormers. DQS is updated in 
nearly true real time and starts serving listings as soon as we start 
detecting new sources.


You can theoretically use the plugin with public mirror's data, but the 
detection rate will not be comparable to DQS. Also public mirrors don't 
have ZRD and AuthBL.


Think of DQS like an upgrade from the public mirrors that only cost the 
time to register :)


--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: MySQL

2019-07-03 Thread Kris Deugau 

@lbutlr wrote:

On 2 Jul 2019, at 14:21, Kevin A. McGrail  wrote:

I guess the tl;dr version of my question (too late!) is how is the username 
field populated in the database?


I think you are mixing up the user preference table and the naive bayesian 
table.  Apologies if the docs aren't clear.  Please consider cleaning them up!


I can’t clean them up because I don’t understand them! 

The bayes readme says you need to have a user pref database setup first.


This assumes that you have already created a database for use with spamassassin and setup a 
username/password that can access that database. (See "Creating A Database", in 
"sql/README", if you don't have a suitable database ready.)


This refers the the SQL database username/password, not SA user data 
within the database.  You only need one user/password, although I 
*think* if you're paranoid and willing to spend the time at it it's 
possible to have separate SQL logins for different users, possibly even 
complete separate databases for each user.


SA will fill in fields in the database as needed when messages are 
learned;  there's no need to maintain a list of your system/SA users.  I 
think you mentioned earlier you're using virtual users, not system 
users, so you'll have to use the -u argument to sa-learn for manual 
learning.


I'm not sure there's a better way to word that section.

-kgd

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Riccardo Alfieri 

On 03/07/19 17:10, David Gibbs wrote:


On 7/3/19 7:54 AM, Riccardo Alfieri wrote:
apparently I missed to write on the documentation that you need also 
Perl's List::MoreUtils installed.


And 'Data::Validate::Domain'.

david


That was for an older version of the plugin, it's now not needed anymore.

Get the code from the github repository to have the latest version.

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Chris Conn 



On 7/3/2019 5:43 AM, Riccardo Alfieri wrote:


The plugin works with our Data Query Service (DQS). The DQS provides 
you with additional feeds: Zero Reputation Domain & AuthBL, and it 
also receives updates in 'realtime.' This last point is key, because, 
as you can see in the latest Virus Bulletin report 
(https://www.virusbulletin.com/testing/results/latest/vbspam-email-security), 
DQS catches 42% more spam than our RSYNC service or public mirrors.


On 7/3/2019 5:43 AM, Riccardo Alfieri wrote:


The plugin works with our Data Query Service (DQS). The DQS provides 
you with additional feeds: Zero Reputation Domain & AuthBL, and it 
also receives updates in 'realtime.' This last point is key, because, 
as you can see in the latest Virus Bulletin report 
(https://www.virusbulletin.com/testing/results/latest/vbspam-email-security), 
DQS catches 42% more spam than our RSYNC service or public mirrors.




Hello,

I am having a quick look over the config as am intrigued by this plugin; 
what is the motivation to change the RCVD_IN_XXX dnsbl lookups to 
utilize the per-user key system?  Is this a pre-cursor to an eventual 
phase-out of the typical 20_dnsbl_tests.conf mecanisms?


Cheers and thanks,

Chris

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Larry Rosenman 

On 07/03/2019 4:43 am, Riccardo Alfieri wrote:

Hello everyone,

I'm sure that many of you are aware that our datasets are already in
use with SpamAssassin's default config, but I wanted to reach out and
let you know that we have developed a SpamAssassin plugin that helps
you get more out of our DNSBLs.

The plugin works with our Data Query Service (DQS). The DQS provides
you with additional feeds: Zero Reputation Domain & AuthBL, and it
also receives updates in 'realtime.' This last point is key, because,
as you can see in the latest Virus Bulletin report
(https://www.virusbulletin.com/testing/results/latest/vbspam-email-security),
DQS catches 42% more spam than our RSYNC service or public mirrors.

Last but not least, the usage terms for the DQS are the same as for
our public mirrors, meaning that if you already use our public
mirrors, you can register for a personal DQS key free of charge.

You can find all the needed files here:
https://github.com/spamhaus/spamassassin-dqs

Have fun with our data, and if there are difficulties in installing
the plugin, or if you have suggestions, you can drop us a line at
datafeed-supp...@spamteq.com or post here. I'll try to keep the list
monitored to deliver as much help as I can.



I'm seeing the following:
<20>1 2019-07-03T10:59:51.00-05:00 thebighonker.lerctr.org spamd 
80260 - - Use of uninitialized value $this_domain in concatenation (.) 
or string at /usr/local/etc/mail/spamassassin/SH.pm line 135.
<20>1 2019-07-03T10:59:51.00-05:00 thebighonker.lerctr.org spamd 
80260 - - Use of uninitialized value $_ in pattern match (m//) at 
/usr/local/etc/mail/spamassassin/SH.pm line 139.
<20>1 2019-07-03T10:59:51.00-05:00 thebighonker.lerctr.org spamd 
80260 - - Use of uninitialized value $this_domain in concatenation (.) 
or string at /usr/local/etc/mail/spamassassin/SH.pm line 135.
<20>1 2019-07-03T10:59:51.00-05:00 thebighonker.lerctr.org spamd 
80260 - - Use of uninitialized value $_ in pattern match (m//) at 
/usr/local/etc/mail/spamassassin/SH.pm line 139.
<20>1 2019-07-03T10:59:51.00-05:00 thebighonker.lerctr.org spamd 
80260 - - Use of uninitialized value $this_domain in concatenation (.) 
or string at /usr/local/etc/mail/spamassassin/SH.pm line 135.
<20>1 2019-07-03T10:59:51.00-05:00 thebighonker.lerctr.org spamd 
80260 - - Use of uninitialized value $_ in pattern match (m//) at 
/usr/local/etc/mail/spamassassin/SH.pm line 139.
<20>1 2019-07-03T10:59:51.00-05:00 thebighonker.lerctr.org spamd 
80260 - - Use of uninitialized value $this_domain in concatenation (.) 
or string at /usr/local/etc/mail/spamassassin/SH.pm line 135.
<20>1 2019-07-03T10:59:51.00-05:00 thebighonker.lerctr.org spamd 
80260 - - Use of uninitialized value $_ in pattern match (m//) at 
/usr/local/etc/mail/spamassassin/SH.pm line 139.


Is this a bug in my setup or a bug in the plugin?

--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: l...@lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread atat 
You say in documentation:

You should also drop, by default, all Office documents with macros.

What plugin / method do You reccomend for that ?

Best Regards
atat

W dniu 2019-07-03 11:43:27 użytkownik undefined  napisał:
> Hello everyone,
> 
> I'm sure that many of you are aware that our datasets are already in use 
> with SpamAssassin's default config, but I wanted to reach out and let 
> you know that we have developed a SpamAssassin plugin that helps you get 
> more out of our DNSBLs.
> 
> The plugin works with our Data Query Service (DQS). The DQS provides you 
> with additional feeds: Zero Reputation Domain  AuthBL, and it also 
> receives updates in 'realtime.' This last point is key, because, as you 
> can see in the latest Virus Bulletin report 
> ( href="https://www.virusbulletin.com/testing/results/latest/vbspam-email-security;>https://www.virusbulletin.com/testing/results/latest/vbspam-email-security),
>  
> DQS catches 42% more spam than our RSYNC service or public mirrors.
> 
> Last but not least, the usage terms for the DQS are the same as for our 
> public mirrors, meaning that if you already use our public mirrors, you 
> can register for a personal DQS key free of charge.
> 
> You can find all the needed files here: 
>  href="https://github.com/spamhaus/spamassassin-dqs;>https://github.com/spamhaus/spamassassin-dqs
> 
> Have fun with our data, and if there are difficulties in installing the 
> plugin, or if you have suggestions, you can drop us a line at 
> datafeed-supp...@spamteq.com or post here. I'll try to keep the list 
> monitored to deliver as much help as I can.
> 
> -- 
> Best regards,
> Riccardo Alfieri
> 
> Spamhaus Technology
> https://www.spamhaustech.com/;>https://www.spamhaustech.com/

Re: Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread atat 
You say in documentation:

You should also drop, by default, all Office documents with macros.

What plugin / method do You reccomend for that ?

Best Regards


W dniu 2019-07-03 13:27:11 użytkownik undefined  napisał:
> Thanks for pointing that out.
> 
> I warned the webmaster, in the meantime a temporary fix is to go back 
> with the browser "back" arrow and submit the registration again
> 
> On 03/07/19 13:23, Noel Butler wrote:
> 
>  We would sign up if we could, but after clicking continue of 
>  name/email page it goes to a blank WP page.
> 
> -- 
> Best regards,
> Riccardo Alfieri
> 
> Spamhaus Technology
> https://www.spamhaustech.com/;>https://www.spamhaustech.com/

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Michael Orlitzky 
On 7/3/19 5:43 AM, Riccardo Alfieri wrote:
> 
> You can find all the needed files here: 
> https://github.com/spamhaus/spamassassin-dqs
> 

Could I talk you into tagging a v0.0.1 release? That would make it
easier for us to create a system package for the new plugin.

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Larry Rosenman 

On 07/03/2019 9:56 am, Riccardo Alfieri wrote:

On 03/07/19 16:53, @lbutlr wrote:

On 3 Jul 2019, at 06:54, Riccardo Alfieri 
 wrote:

If you have a debian based distriution, do an

# apt-get install liblist-moreutils-perl

or, if you use something RPM based, the correct command should be

# yum install perl-List-MoreUtils

portmaster lang/p5-List-MoreUtils

or

pkg install p5-List-MoreUtils


Thanks, this is for FreeBSD right?

If that's the case I'll update the documentation

yes it is.


--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: l...@lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread David Gibbs 

On 7/3/19 7:54 AM, Riccardo Alfieri wrote:
apparently I missed to write on the documentation that you need also Perl's 
List::MoreUtils installed.


And 'Data::Validate::Domain'.

david

--
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding 615 miles (Yes, you read that right) in the American Diabetes
Association's Tour de Cure to raise money for diabetes research, education,
advocacy, and awareness.  You can make a tax-deductible donation to my ride by
visiting https://gmane.diabetessucks.net.

You can see where my donations come from by visiting my interactive donation map
... https://gmane.diabetessucks.net/map (it's a geeky thing).

I may have diabetes, but diabetes doesn't have me!

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Riccardo Alfieri 

On 03/07/19 16:53, @lbutlr wrote:


On 3 Jul 2019, at 06:54, Riccardo Alfieri  wrote:

If you have a debian based distriution, do an

# apt-get install liblist-moreutils-perl

or, if you use something RPM based, the correct command should be

# yum install perl-List-MoreUtils

portmaster lang/p5-List-MoreUtils

or

pkg install p5-List-MoreUtils


Thanks, this is for FreeBSD right?

If that's the case I'll update the documentation

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread @lbutlr 
On 3 Jul 2019, at 06:54, Riccardo Alfieri  wrote:
> If you have a debian based distriution, do an
> 
> # apt-get install liblist-moreutils-perl
> 
> or, if you use something RPM based, the correct command should be
> 
> # yum install perl-List-MoreUtils

portmaster lang/p5-List-MoreUtils

or

pkg install p5-List-MoreUtils

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Riccardo Alfieri 

Hi,

apparently I missed to write on the documentation that you need also 
Perl's List::MoreUtils installed.


If you have a debian based distriution, do an

# apt-get install liblist-moreutils-perl

or, if you use something RPM based, the correct command should be

# yum install perl-List-MoreUtils


On 03/07/19 14:47, AJ Weber wrote:

Trying to follow the instructions, I got the following error:

spamassassin --lint
Jul  3 08:29:08.089 [26120] warn: plugin: failed to parse plugin 
/etc/mail/spamassassin/SH.pm: Can't locate List/MoreUtils.pm in @INC 
(@INC contains: lib /usr/share/perl5/vendor_perl 
/usr/local/lib64/perl5 /usr/local/share/perl5 
/usr/lib64/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at 
/etc/mail/spamassassin/SH.pm line 32.
Jul  3 08:29:08.089 [26120] warn: BEGIN failed--compilation aborted at 
/etc/mail/spamassassin/SH.pm line 32.


Are there more pre-requisites that I'm not aware of?

Thanks,

AJ


--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread AJ Weber 

So the (probably obvious to perl folks) fix on RedHat/CentOS is:

yum install perl-List-MoreUtils

All is well after that!

(Posting that in hopes it helps someone else in the future.)

-AJ

On 7/3/2019 8:47 AM, AJ Weber wrote:

Trying to follow the instructions, I got the following error:

spamassassin --lint
Jul  3 08:29:08.089 [26120] warn: plugin: failed to parse plugin 
/etc/mail/spamassassin/SH.pm: Can't locate List/MoreUtils.pm in @INC 
(@INC contains: lib /usr/share/perl5/vendor_perl 
/usr/local/lib64/perl5 /usr/local/share/perl5 
/usr/lib64/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at 
/etc/mail/spamassassin/SH.pm line 32.
Jul  3 08:29:08.089 [26120] warn: BEGIN failed--compilation aborted at 
/etc/mail/spamassassin/SH.pm line 32.


Are there more pre-requisites that I'm not aware of?

Thanks,

AJ


On 7/3/2019 5:43 AM, Riccardo Alfieri wrote:

Hello everyone,

I'm sure that many of you are aware that our datasets are already in 
use with SpamAssassin's default config, but I wanted to reach out and 
let you know that we have developed a SpamAssassin plugin that helps 
you get more out of our DNSBLs.


The plugin works with our Data Query Service (DQS). The DQS provides 
you with additional feeds: Zero Reputation Domain & AuthBL, and it 
also receives updates in 'realtime.' This last point is key, because, 
as you can see in the latest Virus Bulletin report 
(https://www.virusbulletin.com/testing/results/latest/vbspam-email-security), 
DQS catches 42% more spam than our RSYNC service or public mirrors.


Last but not least, the usage terms for the DQS are the same as for 
our public mirrors, meaning that if you already use our public 
mirrors, you can register for a personal DQS key free of charge.


You can find all the needed files here: 
https://github.com/spamhaus/spamassassin-dqs


Have fun with our data, and if there are difficulties in installing 
the plugin, or if you have suggestions, you can drop us a line at 
datafeed-supp...@spamteq.com or post here. I'll try to keep the list 
monitored to deliver as much help as I can.

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread AJ Weber 

Trying to follow the instructions, I got the following error:

spamassassin --lint
Jul  3 08:29:08.089 [26120] warn: plugin: failed to parse plugin 
/etc/mail/spamassassin/SH.pm: Can't locate List/MoreUtils.pm in @INC 
(@INC contains: lib /usr/share/perl5/vendor_perl /usr/local/lib64/perl5 
/usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/lib64/perl5 
/usr/share/perl5) at /etc/mail/spamassassin/SH.pm line 32.
Jul  3 08:29:08.089 [26120] warn: BEGIN failed--compilation aborted at 
/etc/mail/spamassassin/SH.pm line 32.


Are there more pre-requisites that I'm not aware of?

Thanks,

AJ


On 7/3/2019 5:43 AM, Riccardo Alfieri wrote:

Hello everyone,

I'm sure that many of you are aware that our datasets are already in 
use with SpamAssassin's default config, but I wanted to reach out and 
let you know that we have developed a SpamAssassin plugin that helps 
you get more out of our DNSBLs.


The plugin works with our Data Query Service (DQS). The DQS provides 
you with additional feeds: Zero Reputation Domain & AuthBL, and it 
also receives updates in 'realtime.' This last point is key, because, 
as you can see in the latest Virus Bulletin report 
(https://www.virusbulletin.com/testing/results/latest/vbspam-email-security), 
DQS catches 42% more spam than our RSYNC service or public mirrors.


Last but not least, the usage terms for the DQS are the same as for 
our public mirrors, meaning that if you already use our public 
mirrors, you can register for a personal DQS key free of charge.


You can find all the needed files here: 
https://github.com/spamhaus/spamassassin-dqs


Have fun with our data, and if there are difficulties in installing 
the plugin, or if you have suggestions, you can drop us a line at 
datafeed-supp...@spamteq.com or post here. I'll try to keep the list 
monitored to deliver as much help as I can.

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Noel Butler 
Thanks :)  sorted.. installed and running, will see how it goes 

On 03/07/2019 21:26, Riccardo Alfieri wrote:

> Thanks for pointing that out.
> 
> I warned the webmaster, in the meantime a temporary fix is to go back with 
> the browser "back" arrow and submit the registration again
> 
> On 03/07/19 13:23, Noel Butler wrote: 
> 
>> We would sign up if we could, but after clicking continue of name/email page 
>> it goes to a blank WP page.

-- 
Kind Regards, 

Noel Butler 

This Email, including any attachments, may contain legally 
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate, discuss, or
reveal, any part, to anyone, without the authors express written
authority to do so. If you are not the intended recipient, please notify
the sender then delete all copies of this message including attachments,
immediately. Confidentiality, copyright, and legal privilege are not
waived or lost by reason of the mistaken delivery of this message. Only
PDF [1] and ODF [2] documents accepted, please do not send proprietary
formatted documents 

 

Links:
--
[1] http://www.adobe.com/
[2] http://en.wikipedia.org/wiki/OpenDocument

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Riccardo Alfieri 

Thanks for pointing that out.

I warned the webmaster, in the meantime a temporary fix is to go back 
with the browser "back" arrow and submit the registration again


On 03/07/19 13:23, Noel Butler wrote:


We would sign up if we could, but after clicking continue of 
name/email page it goes to a blank WP page.



--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Noel Butler 
We would sign up if we could, but after clicking continue of name/email
page it goes to a blank WP page. 

On 03/07/2019 19:43, Riccardo Alfieri wrote:

> Hello everyone,
> 
> I'm sure that many of you are aware that our datasets are already in use with 
> SpamAssassin's default config, but I wanted to reach out and let you know 
> that we have developed a SpamAssassin plugin that helps you get more out of 
> our DNSBLs.
> 
> The plugin works with our Data Query Service (DQS). The DQS provides you with 
> additional feeds: Zero Reputation Domain & AuthBL, and it also receives 
> updates in 'realtime.' This last point is key, because, as you can see in the 
> latest Virus Bulletin report 
> (https://www.virusbulletin.com/testing/results/latest/vbspam-email-security), 
> DQS catches 42% more spam than our RSYNC service or public mirrors.
> 
> Last but not least, the usage terms for the DQS are the same as for our 
> public mirrors, meaning that if you already use our public mirrors, you can 
> register for a personal DQS key free of charge.
> 
> You can find all the needed files here: 
> https://github.com/spamhaus/spamassassin-dqs
> 
> Have fun with our data, and if there are difficulties in installing the 
> plugin, or if you have suggestions, you can drop us a line at 
> datafeed-supp...@spamteq.com or post here. I'll try to keep the list 
> monitored to deliver as much help as I can.

-- 
Kind Regards, 

Noel Butler 

This Email, including any attachments, may contain legally 
privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate, discuss, or
reveal, any part, to anyone, without the authors express written
authority to do so. If you are not the intended recipient, please notify
the sender then delete all copies of this message including attachments,
immediately. Confidentiality, copyright, and legal privilege are not
waived or lost by reason of the mistaken delivery of this message. Only
PDF [1] and ODF [2] documents accepted, please do not send proprietary
formatted documents 

 

Links:
--
[1] http://www.adobe.com/
[2] http://en.wikipedia.org/wiki/OpenDocument

Spamhaus Technology contributions to SpamAssassin

2019-07-03 Thread Riccardo Alfieri 

Hello everyone,

I'm sure that many of you are aware that our datasets are already in use 
with SpamAssassin's default config, but I wanted to reach out and let 
you know that we have developed a SpamAssassin plugin that helps you get 
more out of our DNSBLs.


The plugin works with our Data Query Service (DQS). The DQS provides you 
with additional feeds: Zero Reputation Domain & AuthBL, and it also 
receives updates in 'realtime.' This last point is key, because, as you 
can see in the latest Virus Bulletin report 
(https://www.virusbulletin.com/testing/results/latest/vbspam-email-security), 
DQS catches 42% more spam than our RSYNC service or public mirrors.


Last but not least, the usage terms for the DQS are the same as for our 
public mirrors, meaning that if you already use our public mirrors, you 
can register for a personal DQS key free of charge.


You can find all the needed files here: 
https://github.com/spamhaus/spamassassin-dqs


Have fun with our data, and if there are difficulties in installing the 
plugin, or if you have suggestions, you can drop us a line at 
datafeed-supp...@spamteq.com or post here. I'll try to keep the list 
monitored to deliver as much help as I can.


--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Re: How to create my personal RBL

2019-07-03 Thread hg user 
Thank you for this interesting list.
Unfortunately my external MTA is based on exim. I think that a lot of the
checks you list are already performed by exim and by the rules we added to
that MTA. I will check one by one anyway.

Perhaps the most interesting idea, something we were already thinking
about, is to move spamassassin away from zimbra and give it a standalone
server. We will lose something in integration but we can be free from
zimbra release cycles.

On Thu, Jun 27, 2019 at 2:38 PM David Jones  wrote:

> On 6/26/19 3:43 AM, hg user wrote:
> > Thank you everybody for your really interesting answers. In this moment
> > I'm just collecting informations.
> >
> > I have one main problem: one of the engines used by our commercial
> > antispam solution returns too many FPs. I'm gradually introducing
> > spamassassin (included in zimbra) and I'd like to mitigate the FPs with
> > some other checks... using a proven, well-known technology like AskDNS
> > seems a quick and viable solution to me.
> >
> > Unfortunately a personal RBL may not cover all the use cases I'm
> > thinking about and looking at the source code of a plugin that queries a
> > sql or redis server can be interesting.
>
> Before you start working on a custom plugin, have you tuned out your MTA
> and SpamAssasin?  From my personal experience, I setup an edge MTA as
> the MX and sent filtered mail to Zimbra and smarthosted from Zimbra back
> to the edge MTA.  This provides the most flexibility to upgrade perl and
> SpamAssassin to the latest version along with many other benefits.
>
> Tuning out the MTA:
> - Setup Postfix with Postscreen
> - Enable weighted RBLs in Postscreen, lots of them.  See the SA mailing
> list archives for "postscreen_dnsbl_sites".
>__This will block 80% or more of spam/junk alone.__
> - Setup postfwd to give extra control to add headers based on SMTP
> conversation time so SA can use those headers later.  For example, I set
> headers based on the number of recipients which is very useful when
> email has been BCC'd.
> - Setup sqlgrey and slowly phase it in where users won't even know it.
> - Setup policyd-spf, OpenDMARC, and OpenDKIM
> - Setup fail2ban for repeat spammers/bots
> - Setup Postwhite to whitelist trusted senders by their SPF record.
> This allows for turning up other Postfix config settings
> - Setup TLS with a Letsencrypt certificate
> - Setup rate limiting then put exceptions in
> smtpd_client_event_limit_exceptions.
> - Postfix header_checks, body_checks, smtpd_client_restrictions,
> smtpd_helo_restrictions, smtpd_sender_restrictions,
> smtpd_relay_restrictions, smtpd_recipient_restrictions,
> smtpd_data_restrictions in the main.cf can be tuned over time.
> - Enable reject_unverified_recipient in smtpd_recipient_restrictions so
> Postfix will "look ahead" to Zimbra and not accept invalid recipients.
> -
>
> Tuning out SpamAssassin:
> - Make sure your internal_networks and trusted_networks are correct so
> RBL checks will happen correctly for the last external IP.  I have
> extended this out to Google, Office 365, and other major platforms to
> detect the X-Originating-IP of the web/mail client.
> - Install KAM.cf and KAMonly.cf
> - Install DCC, Razor, Pyzor
> - Install ClamAV unofficial (extra) signatures
> - Add local rules to use the headers from OpenDMARC
> - Enable extra RBLs that aren't in the stock SA
> - I use the ShortCircuit plugin heavily, disable the ALL_TRUSTED
> shortcircuit, and enable shortcircuit on a number of the USER_IN_* rules.
> - I have created a massive list of whitelist_auth entries that are
> mostly subdomain senders from trusted senders.
> - Setup a way to train your Bayes easily by dragging email into a Spam
> and Ham folder as things are misclassified to keep the Bayesian DB tuned
> correctly.
> - Get on the latest version of perl even if you have to compile it
> because your OS might be older.
> - Install the latest stable version of SpamAssassin.
> - Many more things covered on this list over the years.
> - I setup local DBLs and DWLs for brand new Office 365 senders and other
> common sources of spam like secureserver.net, unifiedlayer.com,
> websitewelcome.com, myregisteredsite.com, etc to add a couple of points
> for new senders.  Then I add good senders on those bad hosting platforms
> to a DWL that subtracts a couple of points and excludes them from other
> meta rules that amplifies certain scores for the spam.
>
> Note that a lot of this can be found by setting up a quick VM and
> installing iRedMail to check out the Postfix configuration for the
> milters mentioned above and the TLS configuration.  It uses Amavisnew so
> that might be different from how you want to "glue" SpamAssassin into
> the MTA.
>
> I use MailScanner which has a few extra features of it's own in addition
> to processing emails in batches for high volume mail flow.
>
> After I did all of that work above over many years, my mail filtering
> accuracy is very good for about 80,000 mailboxes.