RE: Question about whitelisting of naadac.org
On Thu, 12 Aug 2021, Lukasz Maik wrote: Dear John, Sure, please find full tests results here: https://www.mail-tester.com/test-bw02eaxrt We've lost a point for not having DKIM/DMARC authentication, which is unfortunately not supported by our hosted exchange. That's not something SA scores for. We also lost 0.5 point for not having alt attribute in the images, so we will add it. That's also not something SA scores for. The above problems are things mail-tester thinks you can do to improve your message, independent of whatever SA thinks of it. The net SA score for that test message is 0.644 points, which is well under the default spam threshold of 5 points. This is in the headers in that test message: X-Spam-Status: No/0.7/5.0 "No". I agree with Bill's comments regarding www.mail-tester.com, and echo that "www.naadac.org" is not listed at SBL. Total is 7.8/10. Meaningless. The problem, when user is sending normal work e-mails, recipients are finding those messages in the Junk Email folder. Even people with who he was previously working before. If we could see one of *those* mails (which was quarantined in a production environment versus analyzed in a misconfigured and stale theoretical environment), with all headers intact (<- this is important), then we might be able to tell you why it ended up there. Kind Regards Lukas -Original Message- From: John Hardin Sent: Thursday, August 12, 2021 5:43 AM To: users@spamassassin.apache.org Subject: Re: Question about whitelisting of naadac.org On Wed, 11 Aug 2021, Lukasz Maik wrote: Hi All, The company naadac.org is experiencing problems with their e-mails being marked as SPAM, when they are putting link to their domain https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.naadac.org%2Fdata=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=IkcJvzYcpJvlUWr3l%2FzGbvD3IbSSaeia66LNwTjOj60%3Dreserved=0 in the signature of their mails. Is it possible to whitelist this domain/link in your SPAM filtering? Results from the mail-tester.com tool are available below: [cid:image001.png@01D78EFB.CD78CAE0] 0.644 points is not sufficient to mark a message as spam using the default scoring, and isn't worth hitting the panic button. If it's being marked as spam by some recipients, there are other reason(s). Is this analysis the only thing you are basing your analysis on? As Kenneth said, contact Spamhaus regarding why that domain is listed. In order to offer more advice, we would have to see the results from a site that is actually marking such a message as spam (i.e. where it's scoring 5 or more points). -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...every time I sit down in front of a Windows machine I feel as if the computer is just a place for the manufacturers to put their advertising. -- fwadling on Y! SCOX --- Today: the 900th anniversary of the muslim Seljuq defeat at Didgori
Re: spamassassin 3.4.5 wide chars
On 2021-08-12 04:55, Bill Cole wrote: On 2021-08-11 at 22:03:24 UTC-0400 (Thu, 12 Aug 2021 04:03:24 +0200) Benny Pedersen is rumored to have said: https://bugs.gentoo.org/807781 is it solved in 3.4.6 ? That's not a SA bug report. It's a Gentoo bug report. Fix your rules. thanks for being friendly
Re: spamassassin 3.4.5 wide chars
On 2021-08-12 15:56, Jared Hall wrote: It occurs to me that I had a weird sa-compile problem a couple of weeks ago that produced a similar error. I ended up blowing out everything under the /var/lib/spamassassin/compiled/ folder to fix it. Worked fine after that. i have tryed this aswell today, did not resolve it here, imho spamassassin should not have wide charter problems anywhere okay its imho still just a warning, but it should make sense with error lines sa-compile says, does the problem come from that content is not mime safe in mime encodings so sometimes rules is diffrent charsats or just even difffrent encoding in same file would it be possible to make rules encoding default so all rules is always same so it stable to decode for rules checking ? another way would to be make anyspam content reencoded to unicode, for rule makers, this way spamassing can do the same on checking, just a tought why its hard to make stable :( Another Thought, -- Jared Hall
Re: Question about whitelisting of naadac.org
On 2021-08-12 at 16:16:21 UTC-0400 (Thu, 12 Aug 2021 20:16:21 +) Lukasz Maik is rumored to have said: Dear John, Sure, please find full tests results here: https://www.mail-tester.com/test-bw02eaxrt That website is not in any way authoritative, misrerpresents SpamAssassin scores, is running an obsolete version of SpamAssassin, and seems to be *INCORRECTLY* claiming that some hostname in an URI in the message resolves to an IP listed in Spamhaus' SBL. Checking the message as provided on that page against a current SpamAssassin deployment does not show hits on URIBL_SBL or URIBL_SBL_A, and manual checks of www.naadac.org and naadac.org confirm that they are NOT LISTED. If you show the "source" of the test message on that page, you will note that it shows a hit on the rule named URIBL_BLOCKED, which indicates a gross misconfiguration of SpamAssassin and is probably responsible for the bogus URIBL_SBL and URIBL_SBL_A hits. IN SHORT: mail-tester.com is a garbage site providing garbage results. No one should trust it for anything. We've lost a point for not having DKIM/DMARC authentication, which is unfortunately not supported by our hosted exchange. That is a far more likely cause for delivery problems than anything else. There is no excuse for any commercial mail provider to not offer it to their hosted customers. We also lost 0.5 point for not having alt attribute in the images, so we will add it. Total is 7.8/10. Note that the number on the mail-tester.com site is an invention of mail-tester.com, an organization that can't even be bothered to keep their SpamAssassin installation updated or to have the needed recursive DNS resolver for SA to use. That "Total" is meaningless. The points allotted for each element are arbitrary and basically meaningless. The problem, when user is sending normal work e-mails, recipients are finding those messages in the Junk Email folder. Even people with who he was previously working before. That has nothing to do with SpamAssassin. No reasonable SpamAssassin deployment would score the message shown on that test page anywhere near the standard spam threshold (5.0). SpamAssassin is not involved in how any receiving sites choose to deliver mail, all SpamAssassin does is provide a score. In this case that score is essentially zero, provided SA is not misconfigured. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Question about whitelisting of naadac.org
Hi Lukasz, The Spamassassin score looks reasonable. If mail-tester uses anything similar to a stock Spamassassin setup, then you should be safe and spamassassin will not be the cause of your delivery problems. Whitelisting a somewhat arbitrary URL will not solve your problem. Of course, it could be that certain recipients of your customer have setup additional Spamassasin rules, tuned their setup to raise some penalties, or added additional filtering (outside of SA) to their mailstack that results in a different conclusion. You cannot be sure unless you ask the mail-admin of those customers. So you need to get in touch with them, not with the SA community (but as you can see, we're happy to point you in the correct direction ;-> ). Kind regards, Tom On 12-08-2021 22:16, Lukasz Maik wrote: Dear John, Sure, please find full tests results here: https://www.mail-tester.com/test-bw02eaxrt We've lost a point for not having DKIM/DMARC authentication, which is unfortunately not supported by our hosted exchange. We also lost 0.5 point for not having alt attribute in the images, so we will add it. Total is 7.8/10. The problem, when user is sending normal work e-mails, recipients are finding those messages in the Junk Email folder. Even people with who he was previously working before. Kind Regards Lukas -Original Message- From: John Hardin Sent: Thursday, August 12, 2021 5:43 AM To: users@spamassassin.apache.org Subject: Re: Question about whitelisting of naadac.org This message was sent from an external source. Please be careful opening attachments/links or replying to sources you don't know. On Wed, 11 Aug 2021, Lukasz Maik wrote: Hi All, The company naadac.org is experiencing problems with their e-mails being marked as SPAM, when they are putting link to their domain https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.naadac.org%2Fdata=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=IkcJvzYcpJvlUWr3l%2FzGbvD3IbSSaeia66LNwTjOj60%3Dreserved=0 in the signature of their mails. Is it possible to whitelist this domain/link in your SPAM filtering? Results from the mail-tester.com tool are available below: [cid:image001.png@01D78EFB.CD78CAE0] 0.644 points is not sufficient to mark a message as spam using the default scoring, and isn't worth hitting the panic button. If it's being marked as spam by some recipients, there are other reason(s). Is this analysis the only thing you are basing your analysis on? As Kenneth said, contact Spamhaus regarding why that domain is listed. In order to offer more advice, we would have to see the results from a site that is actually marking such a message as spam (i.e. where it's scoring 5 or more points). -- John Hardin KA7OHZ https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.impsec.org%2F~jhardin%2Fdata=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=99khbdmpdLV%2BpMuWur8MkrCcd2dzn5qr02xBSWC7GH8%3Dreserved=0 jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The difference between ignorance and stupidity is that the stupid desire to remain ignorant. -- Jim Bacon --- Tomorrow: the 900th anniversary of the muslim Seljuq defeat at Didgori Ricoh Europe Holdings PLC is a company registered in England, under company number 06273215, with a registered office at 20 Triton Street, London, NW1 3BF. The UK business of Ricoh Europe Holdings PLC is operated by: (i) Ricoh Europe PLC, a company registered in England under company number 00720944, with a registered office at 20 Triton Street, London, NW1 3BF; (ii) Ricoh UK Limited, a company registered in England under company number 01271033, with a registered office at Ricoh House, 800 Pavilion Drive, Northampton, NN4 7YL; and (iii) Ricoh Capital Limited, a company registered in England under company number 03001351, with a registered office at 20 Triton Street, London, NW1 3BF Please consider the environment before printing this e-mail
Re: Question about whitelisting of naadac.org
Lukasz Maik writes: [not sure what the relationship of ricoh-europe is to a US .org is] > Sure, please find full tests results here: > https://www.mail-tester.com/test-bw02eaxrt > > We've lost a point for not having DKIM/DMARC authentication, which is > unfortunately not supported by our hosted exchange. > We also lost 0.5 point for not having alt attribute in the images, so we will > add it. > Total is 7.8/10. > > The problem, when user is sending normal work e-mails, recipients are > finding those messages in the Junk Email folder. Even people with who > he was previously working before. I'm not sure anybody said this yet, but: spamassassin the project is not going to add your domain to a whitelist because you are having problems with how others sort your mail. As I understand it, the project would only consider that sot of addition for domains that are 1) really known to send pretty much zero spam and 2) users of spamassassin are inconvenienced by what they perceive as incorrect tagging as spam. Note that this is very different from senders being unhappy about how recipients tag the messages. Reading the test report, I see that you have a URL in SBL This domain has two hits in rfc-clueless https://multirbl.valli.org/lookup/naadac.org.html and the outgoing IP address is 208.70.208.232 Spam Grouper Net block list So basically you (they?) need to clean up all the issues. That may involve finding a mail host that doesn't do business with spammers and whose IP addresses are not in DNSBLs. Also, if you are bothered by recipient filtering decisions, you need to ask the recipients what filtering they are doing and why they sorted how they did. That's up to them, not the spamassassin project. It may be that they have no idea and are uncooperative. I have had problems with yahoo misfiling mail, and found the experience of asking them about it not to be useful. So it is possible that your recipients should get a different email provider. You might also remove URLS to social media. They have privacy policies which are inconsistent with addiction treatment anyway. signature.asc Description: PGP signature
RE: Question about whitelisting of naadac.org
Dear John, Sure, please find full tests results here: https://www.mail-tester.com/test-bw02eaxrt We've lost a point for not having DKIM/DMARC authentication, which is unfortunately not supported by our hosted exchange. We also lost 0.5 point for not having alt attribute in the images, so we will add it. Total is 7.8/10. The problem, when user is sending normal work e-mails, recipients are finding those messages in the Junk Email folder. Even people with who he was previously working before. Kind Regards Lukas -Original Message- From: John Hardin Sent: Thursday, August 12, 2021 5:43 AM To: users@spamassassin.apache.org Subject: Re: Question about whitelisting of naadac.org This message was sent from an external source. Please be careful opening attachments/links or replying to sources you don't know. On Wed, 11 Aug 2021, Lukasz Maik wrote: > Hi All, > > The company naadac.org is experiencing problems with their e-mails > being marked as SPAM, when they are putting link to their domain > https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.naadac.org%2Fdata=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=IkcJvzYcpJvlUWr3l%2FzGbvD3IbSSaeia66LNwTjOj60%3Dreserved=0 > in the signature of their mails. > > Is it possible to whitelist this domain/link in your SPAM filtering? > Results from the mail-tester.com tool are available below: > > [cid:image001.png@01D78EFB.CD78CAE0] 0.644 points is not sufficient to mark a message as spam using the default scoring, and isn't worth hitting the panic button. If it's being marked as spam by some recipients, there are other reason(s). Is this analysis the only thing you are basing your analysis on? As Kenneth said, contact Spamhaus regarding why that domain is listed. In order to offer more advice, we would have to see the results from a site that is actually marking such a message as spam (i.e. where it's scoring 5 or more points). -- John Hardin KA7OHZ https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.impsec.org%2F~jhardin%2Fdata=04%7C01%7CLukasz.Maik%40ricoh-europe.com%7Cd9ba04e2fffa42bd4b1b08d95d435fec%7Cdd29478d624e429eb453fffc969ac768%7C0%7C0%7C637643367114945933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=99khbdmpdLV%2BpMuWur8MkrCcd2dzn5qr02xBSWC7GH8%3Dreserved=0 jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The difference between ignorance and stupidity is that the stupid desire to remain ignorant. -- Jim Bacon --- Tomorrow: the 900th anniversary of the muslim Seljuq defeat at Didgori Ricoh Europe Holdings PLC is a company registered in England, under company number 06273215, with a registered office at 20 Triton Street, London, NW1 3BF. The UK business of Ricoh Europe Holdings PLC is operated by: (i) Ricoh Europe PLC, a company registered in England under company number 00720944, with a registered office at 20 Triton Street, London, NW1 3BF; (ii) Ricoh UK Limited, a company registered in England under company number 01271033, with a registered office at Ricoh House, 800 Pavilion Drive, Northampton, NN4 7YL; and (iii) Ricoh Capital Limited, a company registered in England under company number 03001351, with a registered office at 20 Triton Street, London, NW1 3BF Please consider the environment before printing this e-mail
Re: spamassassin 3.4.5 wide chars
Benny Pedersen wrote: https://bugs.gentoo.org/807781 is it solved in 3.4.6 ? It occurs to me that I had a weird sa-compile problem a couple of weeks ago that produced a similar error. I ended up blowing out everything under the /var/lib/spamassassin/compiled/ folder to fix it. Worked fine after that. Another Thought, -- Jared Hall
Re: spamassassin 3.4.5 wide chars
Benny Pedersen wrote: https://bugs.gentoo.org/807781 is it solved in 3.4.6 ? Don't know. I took a look at the Gentoo SA package and it's pretty basic. RE2C is pretty mature as is PERL. Hard to believe Gentoo would mess that up. But... I got this a few months back when I copied what I thought was a single-quoted phrase, properly escaped it and all, only to find out the quote signs were some Hungarian Goulash Unicode. perl -ne 'print "$. $_" if m/[\x80-\xFF]/' can detect it. Using some 3rd-party rulesets, like Heinlein's, can be problematic as well as they have a lot of Unicode sprinkled throughout; the SA normalize_charset conundrum. A Thought, -- Jared Hall
Re: Question about whitelisting of naadac.org
On Wed, 2021-08-11 at 20:43 -0700, John Hardin wrote: > As Kenneth said, contact Spamhaus regarding why that domain is listed. > > I took a look at it with a text-mode web browser, Lynx, thats too simple to try to process nastys and with all cookies disabled. It looked more than slightly suspect to me - AFAICT entries in its top-level menu link only to a recursive chain of identical top-level menus. It reminded me of nothing so much as the mazes in Colossal Cavern and their 'little twisty passages which all look the same' - and built the same way too! My bottom line take - a useless URL that deserves to be listed. Martin