SA treats percentage spaces wording as uri

2024-05-13 Thread Noel Butler 
This morning one of our ent_domains DMARC weekly report from a third 
party was listed as spam by SA which took the wording  
Not_percent-twenty_Resolved and passed it off to URI checks adding 
dot.com to it when there is no dot com after it, and a raw message 
search of that message in less in console confirms it.


Problem with the code that scans the content for things like URI's? It 
shouldn't be assuming there's a TLD after it.


--
Regards,
Noel Butler

Re: dkim https://16years.secvuln.info/

2024-05-13 Thread Bill Cole 

On 2024-05-13 at 08:09:04 UTC-0400 (Mon, 13 May 2024 14:09:04 +0200)
Benny Pedersen 
is rumored to have said:

i write here so in hope to start a debate on it, is there a code 
change any where to handle this ?


That's not a SA issue. Nothing SA does can fix it

The change (in Debian) that fixed that vulnerability was released 16 
years ago. It is up to sysadmins to pay attention and deploy fixes when 
they are available.  If people are still using bad keys generated 16 
years ago, they are failing to do that. We can't fix it.


The problem being cited in 2024 is 16 years of incompetent system 
administration, not bad code or distribution config.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire

dkim https://16years.secvuln.info/

2024-05-13 Thread Benny Pedersen 



i write here so in hope to start a debate on it, is there a code change 
any where to handle this ?

Re: Score 0.001

2024-05-13 Thread Thomas Barth via users 

Am 2024-05-13 04:33, schrieb jdow:

Um, "FORGED_SPF_HELO"? Are you sure this message is from MS?

{^_^}


The mail/report is authentic. They already corrected this "error" or 
changed the sending server. In today's report FORGED_SPF_HELO is 0.001 
and the score is below 5 :)



On 20240512 06:56:59, Thomas Barth wrote:


Am 2024-05-12 12:39, schrieb Greg Troxel:


I would suggest that if Debian is modifying the default config
from 5 to
6.31, then probably they should not be doing that.


This is a status of dmarc-report from microsoft today

X-Spam-Status: Yes, score=5.938 tagged_above=2 required=6.31
tests=[ARC_SIGNED=0.001, ARC_VALID=0.001,
BASE64_LENGTH_78_79=0.1,
BASE64_LENGTH_79_INF=2.019, DKIMWL_WL_MED=-0.001,
DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DMARC_PASS=-0.001, FORGED_SPF_HELO=1,
HTML_MESSAGE=0.001,
MIME_BASE64_TEXT=0.001, MIME_HTML_MOSTLY=0.1,
MPART_ALT_DIFF=0.724,
PYZOR_CHECK=1.985, RCVD_IN_MSPIKE_H2=-0.001,
SPF_HELO_PASS=-0.001,
T_TVD_MIME_NO_HEADERS=0.01]

A strike level of 5 is too low for microsoft mails ;-)