Re: replay RBL queries one hour later
On Sat, 25 Feb 2023, hg user wrote: The last time I was hit by a not-recognized phishing campaign, no Ips nor domains were present in RBL. When I took action one hour later I found that several of them were listed. So my idea is; is it possible to replay the queries one/two hours later? Another more common approach to this situation is "greylisting", where the first attempt to submit a message from an unrecognized source is tempfailed for some period of time. The mailer will retry and the submission will be accepted after the greylisting period has expired, which may give RBLs time to list the IPs/domains/hashes/etc. This also theoretically blocks fire-and-forget mass spammers who only try submission once, but I don't know how common that model is these days. https://duckduckgo.com/?q=milter-greylist There are scenarios where this delay is unwelcome, for example commercial accounts where you don't want a delay in receiving communications from customers or potential customers. There are ways to tune it that may mitigate these concerns somewhat. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The Constitution is not a suicide pact, it is a restraining order against government. And government, like any abusive person, does not respect or obey restraining orders. -- Anonymous --- 1,001 days since the first private commercial manned orbital mission (SpaceX)
Re: replay RBL queries one hour later
On 25.02.23 15:34, hg user wrote: The last time I was hit by a not-recognized phishing campaign, no Ips nor domains were present in RBL. When I took action one hour later I found that several of them were listed. So my idea is; is it possible to replay the queries one/two hours later? you can scan mail every time you want, the question is how do you want to do that. I envision two methods: - logging the queries, with Message-ids - storing a copy of the message If the second run hits new RBL, report to me, to take action. this could work, this way you could feed all mail multiple times to SA, which would apparently increase usagfe of DNSBLs, they could block you then. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
replay RBL queries one hour later
The last time I was hit by a not-recognized phishing campaign, no Ips nor domains were present in RBL. When I took action one hour later I found that several of them were listed. So my idea is; is it possible to replay the queries one/two hours later? I envision two methods: - logging the queries, with Message-ids - storing a copy of the message If the second run hits new RBL, report to me, to take action. Hope I was clear...
Re: Install plugins into embedded spamassassin
On Saturday 25 February 2023 at 15:30:13, hg user wrote: > Hi, > I'd like to install at least one plugin in my embedded spamassassin, > installed inside Zimbra. > I'm a bit afraid of breaking stuff, about missing dependencies and so on. > > I'm on SA 3.4.5 and - as a test - I'd like to install ESP plugin. You might well be better off asking the Zimbra people, assuming that this "embedding" was done by them. People here will know about "standard SA" but how it's been integrated into another product is going to be that other product's area of expertise. Antony. -- The GNU General Public Licence was first published on this day in 1989 https://www.gnu.org/licences/gpl.html Please reply to the list; please *don't* CC me.
Install plugins into embedded spamassassin
Hi, I'd like to install at least one plugin in my embedded spamassassin, installed inside Zimbra. I'm a bit afraid of breaking stuff, about missing dependencies and so on. I'm on SA 3.4.5 and - as a test - I'd like to install ESP plugin.
