Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)
On Fri, 2024-01-19 at 15:15 +0100, Benny Pedersen wrote: > Byung-Hee HWANG skrev den 2024-01-19 11:12: > > > I rely on DNSWL for the reputable MX. > > if repution is 100% needed we all have to make local rescore on all > local mails, since repution is to be local, not external just > > i consider dnswl level 0 to be possitive scored, and let the other > levels be negative, this fits nicely, but was not designed to be so > in > mta stage > I think "reputation" is a somewhat political term. And each person has different standards. So it's quite difficult to give a detailed response to your feedback. Happy new year, Benny! Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//
Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)
Hellow Thomas, > But it drops it into the spam folder every time. So when I'm sending > emails to someone's alias, they have to check their spam folder. Even > when they mark it as "not spam," GMail still drops it into the spam > folder. It's very frustrating. > There is a filtering rule in Gmail: *Never send it to Spam* I apply that rule to extremely important emails such as debian-bugs- dist and debian-devel-announce. Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//
Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)
On Fri, 2024-01-19 at 08:34 +, Marc wrote: > > > Byung-Hee HWANG skrev den 2024-01-08 12:27: > > > > > > > Gmail is my last INBOX. That's enough for me. > > > > > > +1, so you are ready to setup google mx ? :) > > > > > > > Hellow Benny, > > > > Actually i used Google MX for 10 years. Recently, i created > > dedicated > > MXs and am continuing to operate them. Plus, the dedicated MXs run > > on > > Google Cloud and RimuHosting. > > > > I terminated my Google Workspace commercial account. 2 years ago. > > > > Hi Byung and Benny, are you having a nice MX party? :) > Hellow Marc, I rely on DNSWL for the reputable MX. Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//
Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)
On Mon, 2024-01-08 at 17:17 +0100, Benny Pedersen wrote: > Byung-Hee HWANG skrev den 2024-01-08 12:27: > > > Gmail is my last INBOX. That's enough for me. > > +1, so you are ready to setup google mx ? :) > Hellow Benny, Actually i used Google MX for 10 years. Recently, i created dedicated MXs and am continuing to operate them. Plus, the dedicated MXs run on Google Cloud and RimuHosting. I terminated my Google Workspace commercial account. 2 years ago. Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//
Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)
> > This is not a good advice. Whoever filters SPF at SMTP time will > reject that > message. Gmail is not the only mail service available. Hellow Matus, Gmail is my last INBOX. That's enough for me. Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//
Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)
> > I built email servers for a non-profit I volunteer for. If email > comes > into the server for presid...@myassociation.org, I would normally > just > create an alias in /etc/aliases so that emails to president@ get > forwarded to the president's "real" email address, say > presidents_real_em...@gmail.com. > > The problem is, when I send email to presid...@myassociation.org, > gmail > rejects the forwarded email because it appears to come from my > personal > domain, not the mythical myassociation.org domain. DKIM, DMARC, and > SPF > all fail, which I totally understand. > > How can I make this work? Hellow Thomas, See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043539#88 Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//
Re: about DKIMwl.org
Dear Matus, Matus UHLAR - fantomas writes: > On 15.03.22 22:21, Byung-Hee HWANG wrote: >>By chance, i found some site dkimwl.org on googling. Well i like very >>much dkim based white-lists. How credible is that dkimwl.org? And how >>can i use that stuff with SpamAssassin? > > looks like it's used already: > > 72_scores.cf:score DKIMWL_BL 0.001 2.996 0.001 > 2.996 > 72_scores.cf:score DKIMWL_BLOCKED0.001 0.001 0.001 > 0.001 > 72_scores.cf:score DKIMWL_WL_HIGH 0.001 -1.498 0.001 -1.498 > 72_scores.cf:score DKIMWL_WL_MED 0.001 -0.001 0.001 -0.001 > 72_scores.cf:score DKIMWL_WL_MEDHI 0.001 -0.001 0.001 -0.001 Oh thanks! > and I have already disables using of this check for autolearning: > > tflags DKIMWL_WL_HIGH noautolearn net nice Thanks again, Matus ^^^ Sincerely, Byung-Hee from South Korea -- ^고맙습니다 _和合團結_ 감사합니다_^))//
about DKIMwl.org
Hello, By chance, i found some site dkimwl.org on googling. Well i like very much dkim based white-lists. How credible is that dkimwl.org? And how can i use that stuff with SpamAssassin? Thanks in advance! Sincerely, Byung-Hee from South Korea -- ^고맙습니다 _救濟蒼生_ 감사합니다_^))//
Re: SPF_NONE scoring
Hellow Greg, Greg Troxel writes: > [...] > Lots of people think SPF is silly. And spammers spamming from a domain > they control can even dkim/dmarc. So I agree that actual data would be > interesting. I totally agree with you, thanks! Sincerely, Byung-Hee -- ^고맙습니다 _地平天成_ 감사합니다_^))//
Re: Spam by IP-address? Spamassassin with geoiplookup?
Dear Thomas, Thomas Barth께서 쓰시길, 《記事 全文 <5eddfcdb-957c-e7c0-b133-a40c7ab37...@txbweb.de> 에서》: > Hello, > > is it possible to use geoiplookup with Spamassassin? I want to reject > all mails as spam not send in my country or another second country, > but accept whitelisted mailing list addresses. Any chance to use > geoiplookup for this? I want to exclude Spammer Countries e.g. China, > Thaiwan, India, etc... There are many people to contribute for FOSS projects all around the world. You would be reconsideration about blocking by countries. Sincerely, -- ^고맙습니다 _地平天成_ 감사합니다_^))//
Re: problem with custom rbl and addressess ipv6
Marcin Mirosław mar...@mejor.pl writes: I'm using SA-3.3.1, NetAddr-IP-4.033. May you give any advice? Sorry, i don't know about 3.3.1 Version. By the way there is somewhat similar patchs for IPv6. You would check out as following: http://www.imasy.or.jp/~ume/ipv6/ Sincerely, -- 소여물 황병희(黃炳熙) | .. 출항 15분전.. Ah, young fellow. People tell me you're rich. -- Fanucci, Chapter 14, page 197 pgpDXMPUx26HM.pgp Description: PGP signature
Re: SPF technical problems (was Re: email address forgery)
Michael Scheidell michael.scheid...@secnap.com writes: On 11/15/10 11:43 AM, David F. Skoll wrote: As it stands now, the SPF spec permits so much waffling that it might as well not be used. Regards, then don't use it: I don't use SPF, thanks! -- 소여물 황병희(黃炳熙) | .. 출항 15분전.. Johnny, not in the face, I'm making a picture. -- Margot Ashton, Chapter 1, page 12 pgp9Bin63u053.pgp Description: PGP signature
Re: [sa-list] Re: [sa-list] Re: Spamd and ipv6
Dan Mahoney, System Admin wrote: On Mon, 1 Dec 2008, SM wrote: At 23:01 30-11-2008, Dan Mahoney, System Admin wrote: So then, you're saying the behavior for ipv4 and ipv6 is somehow different? If you start spamd without specifying the IP addresses to listen on, spamd will listen on the 127.0.0.1 IP address only. And on an ip6 enabled system, where will spamc localhost try to connect to first? 127.0.0.1 or ::1? Are you using FreeBSD or NetBSD? If so, i understand you. Unfortunately, SA developers do not care about IPv6 yet. So here SA program at first do action with 127.0.0.1 than ::1, i guess ;; [...] byunghee
Re: Checking for SPF DKIM Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 mouss wrote: Byung-Hee HWANG wrote: mouss wrote: [...] let's start with DKIM. do you have loadplugin Mail::SpamAssassin::Plugin::DKIM + i'm use with following rule ;; score DKIM_VERIFIED-45.3 then you won't catch spam relayed by yahoo, ... etc. Well, i don't care. I accept the emails passed by DKIM, anyway.. byunghee -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iEYEARECAAYFAkkXNfMACgkQsCouaZaxlv4prwCgve415FYyvkY9QqT157uWKoD/ C0MAn1Ui/mRXH23KL1kagqJxZb6oVArW =aZNI -END PGP SIGNATURE-
Re: Checking for SPF DKIM Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 mouss wrote: [...] let's start with DKIM. do you have loadplugin Mail::SpamAssassin::Plugin::DKIM + i'm use with following rule ;; score DKIM_VERIFIED -45.3 byunghee -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iEYEARECAAYFAkkXIOwACgkQsCouaZaxlv4GawCeNmUcIaKwhoIWY2wJCqyvwZ7n oNkAn0dc3f+TiBR5erKkioQRQNj9rk/t =MMuX -END PGP SIGNATURE-
Re: Checking for SPF DKIM Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matus UHLAR - fantomas wrote: On 10.11.08 04:11, Byung-Hee HWANG wrote: Well, i don't care. I accept the emails passed by DKIM, anyway.. Matus UHLAR - fantomas wrote: so you intentionally create false negatives just because they are DKIM signed? On 10.11.08 07:34, Byung-Hee HWANG wrote: My answer is Yes if i should say. Because of the spam case is the concern of the hosting, not DKIM. Yahoo and Google are trying for the such spam case. Let's get serious. If you had reading specs of RFC4408 and RFC4871, you know the role of both SPF and DKIM. Exactly both SPF and DKIM are tools for anti-pishing, not anti-spam (at here i defined the term SPAM as UCE). Sometimes we received the spam passed DKIM from Yahoo and Google. However. We have no way to stop the such spam in this time. Because stopping the such spam is not DKIM's scope. I _know_ the scope of SPF and DKIM. They both don't say that mail is ham or the spam, they only say if it's forged: [...snip...] The above statement is what i wanted to hear from you ;; [...snip...] Giving them that big negative (well... low) score is just stupid. I strongly advise you to remove that customisation and let other rules do their job. Otherwise you'll get flooded by spammers who DKIM-sign their spam. Thanks for advice. But, nevertheless, i'll keep the score -45.3 for DKIM_VERIFIED. That's only my concern. OK, if you want to see my the customization, see following: URL:http://izb.knu.ac.kr/~bh/stuff/izb-spamassassin-local.cf.example byunghee -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iEYEARECAAYFAkkXfUwACgkQsCouaZaxlv6KAQCgikobNguI/oKoPoRidsqUBMUl nVkAn0X0Ts+iexnqmMOJWhn/jtNWM4Sq =/cSL -END PGP SIGNATURE-
Re: Checking for SPF DKIM Checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matus UHLAR - fantomas wrote: mouss wrote: Byung-Hee HWANG wrote: mouss wrote: [...] let's start with DKIM. do you have loadplugin Mail::SpamAssassin::Plugin::DKIM + i'm use with following rule ;; score DKIM_VERIFIED-45.3 then you won't catch spam relayed by yahoo, ... etc. On 10.11.08 04:11, Byung-Hee HWANG wrote: Well, i don't care. I accept the emails passed by DKIM, anyway.. so you intentionally create false negatives just because they are DKIM signed? My answer is Yes if i should say. Because of the spam case is the concern of the hosting, not DKIM. Yahoo and Google are trying for the such spam case. Let's get serious. If you had reading specs of RFC4408 and RFC4871, you know the role of both SPF and DKIM. Exactly both SPF and DKIM are tools for anti-pishing, not anti-spam (at here i defined the term SPAM as UCE). Sometimes we received the spam passed DKIM from Yahoo and Google. However. We have no way to stop the such spam in this time. Because stopping the such spam is not DKIM's scope. So what we says DKIM is bad is wasting times for the spam passed DKIM from Yahoo and Google. As same step, we cannot say SPF is bad. We need to talk more about this issue. byunghee -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iEYEARECAAYFAkkXZZMACgkQsCouaZaxlv6gowCghrzT8q+km/AlSMw7sxsjJkHA bW4An1yJ2QLUYfMI24X53xIhU5dv6Zc6 =j8qH -END PGP SIGNATURE-
Re: Phishing rules?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Micah Anderson wrote: [...] Report them where exactly? Here is an example one I received recently, note the hideously low bayes score on this one, caused it to autolearn as ham even, grr. From [EMAIL PROTECTED] Fri Oct 31 20:00:45 2008 Return-Path: [EMAIL PROTECTED] X-OfflineIMAP-x792266711-4c6f63616c-494e424f58: 1225549253-0134941395044-v6.0.3 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on spamd2.riseup.net X-Spam-Level: X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.2.5 Delivered-To: [EMAIL PROTECTED] Received: from mx1.riseup.net (unknown [10.8.0.3]) by cormorant.riseup.net (Postfix) with ESMTP id 58BFA19581F7 for [EMAIL PROTECTED]; Fri, 31 Oct 2008 20:00:40 -0700 (PDT) Received: from master.debian.org (master.debian.org [70.103.162.29]) by mx1.riseup.net (Postfix) with ESMTP id AA4465701D1 for [EMAIL PROTECTED]; Fri, 31 Oct 2008 20:00:39 -0700 (PDT) [...] Contact debian.org's list manager instead of other actions. That's more reasonable. And more, i think we need to study about DKIM specification [RFC4871] to make the Internet of trust ;; byunghee -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iEYEARECAAYFAkkNE/oACgkQsCouaZaxlv5YqACeIozvqJ96tTKm4oLnRySHAfc1 xUIAoI0G4FXr+PqdqvULxm0V+xZOSP77 =8NV0 -END PGP SIGNATURE-
Re: OT: DNS restrictions for a mail server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastian Ries wrote: Hi there I just want to know some opinions on the following DNS Setup for a mail server: # host -t MX example.com example.com mail is handled by 100 mail.example.com. # host mail.example.com mail.example.com is an alias for hostname.example.com. hostname.example.com has address 1.2.3.4 # host 1.2.3.4 4.3.2.1.in-addr.arpa domain name pointer hostname.example.com. The mailserver (postfix) connects saying it is hostname.example.com. Should this be a correct setup? It looks like CNAME error. See RFC 974 ;; One partner we want to send mails to does BOUNCE mails with 554 5.7.1 DNS Blacklisted by in-addr.arpa (in reply to MAIL FROM command) Do you think this is correct? I think this also prevents from getting mail from googlemail: [EMAIL PROTECTED]:~$ host -t MX googlemail.com googlemail.com mail is handled by 5 gmail-smtp-in.l.google.com. googlemail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com. googlemail.com mail is handled by 10 alt2.gmail-smtp-in.l.google.com. googlemail.com mail is handled by 50 gsmtp147.google.com. googlemail.com mail is handled by 50 gsmtp183.google.com. [EMAIL PROTECTED]:~$ host gmail-smtp-in.l.google.com. gmail-smtp-in.l.google.com has address 209.85.129.27 gmail-smtp-in.l.google.com has address 209.85.129.114 [EMAIL PROTECTED]:~$ host 209.85.129.27 27.129.85.209.in-addr.arpa domain name pointer fk-in-f27.google.com. Is this true? Google is true. That's basic rule of DNS ;; Regards Sebastian Ries -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) iEYEARECAAYFAkkBS1kACgkQB00DNxnlnTarngCeI+GYTLl3iA0i/0p4xFEuiyor CYAAnApt9bzG2ng+MYmAmjHfphyJudBm =75AD -END PGP SIGNATURE-
[SOLVED] (Was: Re: ipv6 and whitelist_rcvd_from)
The Rule in local.cf: whitelist_from_rcvd [EMAIL PROTECTED] mx2.freebsd.org The Result: http://izb.knu.ac.kr/~bh/stuff/IPv6-SpamAssassin-TESTING Patched by: http://www.imasy.org/~ume/ipv6/Mail-SpamAssassin-3.2.0-ipv6-20070603.diff.gz respect, bh -- I am willing to sacrifice my commercial interests for the common good. -- Vito Corleone, Chapter 20, page 291
Re: [SOLVED] (Was: Re: ipv6 and whitelist_rcvd_from)
On Sat, 2007-11-17 at 14:09 -0600, McDonald, Dan wrote: On Sun, 2007-11-18 at 04:46 +0900, Byung-Hee HWANG wrote: The Rule in local.cf: whitelist_from_rcvd [EMAIL PROTECTED] mx2.freebsd.org The Result: http://izb.knu.ac.kr/~bh/stuff/IPv6-SpamAssassin-TESTING Patched by: http://www.imasy.org/~ume/ipv6/Mail-SpamAssassin-3.2.0-ipv6-20070603.diff.gz respect, Is there a bug on http://issues.apache.org/SpamAssassin/ so that this will be fixed for everyone? Well, for now, i don't think SA developers like IPv6. If IPv6 users increase more than now, then this bug will be fixed by SA developers. Just i will wait until then. respect, bh -- I made the peace, remember, I can't go back on my word. -- Vito Corleone, Chapter 28, page 399
Re: what does whitelist_from act on
On Fri, 2007-11-16 at 08:25 -0500, Matt Kettler wrote: Byung-Hee HWANG wrote: On Fri, 2007-11-16 at 13:27 +0530, K Anand wrote: Matt Kettler wrote: K Anand wrote: I have whitelist_from [EMAIL PROTECTED] in my conf. As per the docs, they say that whitelist_from will act on Envelope-Sender Resent-Sender X-Envelope-From From In addition, the ``envelope sender'' data, taken from the SMTP envelope data where this is available, is looked up. See |envelope_sender_header|. So it should also, by default, match the Return-Path header. *HOWEVER* that assumes the header is present at the time of scanning. Normally this header is not present at the MTA layer. It's a delivery agent thing. Many MTA layer SA integration tools create a fake return-path header and then remove it. SimScan (which you appear to use) doesn't do this, at least, the last person who was asking about the same basic problem (although it was relating to SPF, it still was failing due to lack of envelope information at scan time). You might be able to use the same solution he did, which patches qmail to add the envelope-from information to your Received: headers. See also: http://wiki.apache.org/spamassassin/QmailSpfPatch I'm using qmailtoaster which is netqmail + some patches which include a patch for spf (http://www.saout.de/misc/spf/). [...] your matter's point is not the Sender Policy Framework (SPF). Yes, I know that. Please read the post where I suggested the SPF patch might fix his problem. Matt, i didn't tell you. why did you reply for me? i was rather agreeing with you on the spf's mention. okay anyway you shoud make him(K Anand) do the spf patching with qmail. -- Until that time we have to guard against all treacheries. -- Vito Corleone, Chapter 20, page 296
Re: what does whitelist_from act on
On Fri, 2007-11-16 at 13:27 +0530, K Anand wrote: Matt Kettler wrote: K Anand wrote: I have whitelist_from [EMAIL PROTECTED] in my conf. As per the docs, they say that whitelist_from will act on Envelope-Sender Resent-Sender X-Envelope-From From In addition, the ``envelope sender'' data, taken from the SMTP envelope data where this is available, is looked up. See |envelope_sender_header|. So it should also, by default, match the Return-Path header. *HOWEVER* that assumes the header is present at the time of scanning. Normally this header is not present at the MTA layer. It's a delivery agent thing. Many MTA layer SA integration tools create a fake return-path header and then remove it. SimScan (which you appear to use) doesn't do this, at least, the last person who was asking about the same basic problem (although it was relating to SPF, it still was failing due to lack of envelope information at scan time). You might be able to use the same solution he did, which patches qmail to add the envelope-from information to your Received: headers. See also: http://wiki.apache.org/spamassassin/QmailSpfPatch I'm using qmailtoaster which is netqmail + some patches which include a patch for spf (http://www.saout.de/misc/spf/). [...] your matter's point is not the Sender Policy Framework (SPF). -- Some people want to kill you, understand? But I'm here so don't be afraid. Why should I be afraid now? Strange men have come to kill me ever since I was twelve years old. -- Michael Corleone and Vito Corleone, Chapter 9, page 123
Re: Skip SA checks for mails from SA list
On Wed, 2007-11-14 at 15:09 +0530, K Anand wrote: K Anand wrote: Byung-Hee HWANG wrote: hi, On Wed, 2007-11-14 at 11:43 +0530, K Anand wrote: Matus UHLAR - fantomas wrote: On 13.11.07 15:52, K Anand wrote: Received: from unknown (HELO mail.apache.org) (140.211.11.2) configure your smtp server to add DNS data to Received: line. *list_from_rcvd doesn't work without list (although it could be worth adding IP or CIDR check in such cases) I use qmail. Do I have to do anything extra to get it to put this info ? you just tell qmail to do rDNS. it is very easy. there is no problem. respect, bh Finally managed to get it working...Thanx to all. Anand A small problem.. X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.1 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) Still this is not getting tagged into whitelist. This is my whitelist rule. whitelist_from_rcvd [EMAIL PROTECTED] hermes.apache.org well, i have no good idea about this matter. here is my config. http://izb.knu.ac.kr/~bh/stuff/izb-spamassassin-local.cf.example my spamassassin is running with postfix under freebsd ;; and the above rule works fine for me ;; respect, bh -- He's a responsible man in his own way. -- Michael Corleone, Chapter 25, page 363
Re: Remove local spamassassin folder
On Wed, 2007-11-14 at 08:55 -0600, Dean Clapper wrote: How do I setup spamassassin not to automatically create /home/user/.spamassassin folder. If I create a new email account it automatically creates the folder. man spamd -x, --nouser-config Disable user (...) respect, bh Is it a flag in the spamassassin service that runs? -- Lawyers can steal more money with a briefcase than a thousand men with guns and masks. -- Vito Corleone, Chapter 14, page 218
ipv6 and whitelist_rcvd_from
the my spamassassin rule is as follow: whitelist_from_rcvd [EMAIL PROTECTED] mx2.freebsd.org and here is the recieved header with spamassassin: Received: by pinus.izb.knu.ac.kr (Postfix, from userid 59) id 66A1D3ECD; Tue, 13 Nov 2007 17:00:05 +0900 (KST) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on pinus.izb.knu.ac.kr X-Spam-Level: X-Spam-Status: No, score=-1.8 required=15.1 tests=ALL_TRUSTED,DKIM_SIGNED, TVD_SPACE_RATIO autolearn=disabled version=3.2.3 X-Spam-Comment: DKIM? See http://www.google.com/search?btnIq=RFC+4871 Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by pinus.izb.knu.ac.kr (Postfix) with ESMTP id 75DE43ECB for [EMAIL PROTECTED]; Tue, 13 Nov 2007 17:00:04 +0900 (KST) as you can see above, there is no whitelist result. it does not work anymore, since i enabled ipv6. what can i do for solving this matter? i'm using 3.2.3 under freebsd. -- You can start by acting like a man. LIKE A MAN! -- Vito Corleone, Chapter 1, page 36
Re: ipv6 and whitelist_rcvd_from
hi, On Tue, 2007-11-13 at 03:22 -0500, Daryl C. W. O'Shea wrote: Byung-Hee HWANG wrote: as you can see above, there is no whitelist result. it does not work anymore, since i enabled ipv6. what can i do for solving this matter? You can go back to using ipv4 or use another whitelist method such as whitelist_from_spf/dkim/dk/auth. Although unless you've got an ipv4 relay somewhere to delimit your network boundary you may have issues with those options as well. You may have to (if you must stick to ipv6 for your mail relay) rewrite the relay header (or insert another one) so it looks like an ipv4 relay. Support for ipv6 in SA goes as far as that it will for the most part not throw errors if it sees an ipv6 address where it wants an ipv4 address. There hasn't been any real work done on implementing ipv6 support since, AFAIK, none of the SA developers have any real need for it at present. It's something I've wanted to implement for a few years now but haven't had both the time and tuits to do it at the same time. thanks for quick reply, and i solved with whitelist_from instead whitelist_from_rcvd under ipv6 ;; respect, bh -- Never mind being a dance judge, do your job. Take a walk around the neighborhood and see everything is OK. -- Peter Clemenza, Chapter 1, page 20
Re: ipv6 and whitelist_rcvd_from
ah.. sorry.. the subject was wrong.. ipv6 and whitelist_rcvd_from === ipv6 and whitelist_from_rcvd respect, bh On Tue, 2007-11-13 at 17:27 +0900, Byung-Hee HWANG wrote: hi, On Tue, 2007-11-13 at 03:22 -0500, Daryl C. W. O'Shea wrote: Byung-Hee HWANG wrote: as you can see above, there is no whitelist result. it does not work anymore, since i enabled ipv6. what can i do for solving this matter? You can go back to using ipv4 or use another whitelist method such as whitelist_from_spf/dkim/dk/auth. Although unless you've got an ipv4 relay somewhere to delimit your network boundary you may have issues with those options as well. You may have to (if you must stick to ipv6 for your mail relay) rewrite the relay header (or insert another one) so it looks like an ipv4 relay. Support for ipv6 in SA goes as far as that it will for the most part not throw errors if it sees an ipv6 address where it wants an ipv4 address. There hasn't been any real work done on implementing ipv6 support since, AFAIK, none of the SA developers have any real need for it at present. It's something I've wanted to implement for a few years now but haven't had both the time and tuits to do it at the same time. thanks for quick reply, and i solved with whitelist_from instead whitelist_from_rcvd under ipv6 ;; respect, bh -- But his ultimate aim is to enter that society with a certain power since society doesn't really protect its members who do not have their own individual power. -- Michael Corleone, Chapter 25, page 363
Re: Skip SA checks for mails from SA list
On Tue, 2007-11-13 at 14:58 +0530, K Anand wrote: K Anand wrote: Matt Kettler wrote: As an alternative, you can use whitelist_from_spf or whitelist_from_rcvd on the list's return-path. From there, you can configure shortcircuiting to bypass the rest of SA and bayes_ignore_from to prevent learning. Would this be OK whitelist_from_rcvd [EMAIL PROTECTED] spamassassin.apache.org read the doc. I think it should be whitelist_from_rcvd [EMAIL PROTECTED] hermes.apache.org This is what is the rdns for the mail relay that is sending me mails from the list. I tried this but rule is not triggered...So something is wrong. Can anyone help ? in my case, the rule works fine. whitelist_from_rcvd [EMAIL PROTECTED] hermes.apache.org here is the shot: Received: by pinus.izb.knu.ac.kr (Postfix, from userid 59) id E9FE13ECD; Tue, 13 Nov 2007 18:26:07 +0900 (KST) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on pinus.izb.knu.ac.kr X-Spam-Level: X-Spam-Status: No, score=-37.7 required=15.1 tests=DKIM_SIGNED,DKIM_VERIFIED, RCVD_IN_DNSWL_MED,USER_IN_WHITELIST autolearn=disabled version=3.2.3 X-Spam-Comment: DKIM? See http://www.google.com/search?btnIq=RFC+4871 Received: from mail.apache.org (hermes.apache.org [140.211.11.2]) by pinus.izb.knu.ac.kr (Postfix) with SMTP id A7E1F3ECB for [EMAIL PROTECTED]; Tue, 13 Nov 2007 18:25:58 +0900 (KST) respect, bh -- Did you do the job on Sollozzo? Both of them. Sure? I saw their brains. -- Tessio and Michael Corleone, Chapter 11, page 151
Re: URICountry not working - any clue?
hi, On Sun, 2007-11-11 at 04:56 -0800, SpankTheSpam wrote: Hi I have installed URICountry plugin along with p5-Mail-SpamAssassin-3.2.3 and amavisd-new-2.5.2,1 and have added few rules, and one to test it in my local.cf: [...] well, imho, its using is not fair to over the world. because there regarding spam country may/might be a little bit pure email users. we can use another way instead of the dangerous way. i would like to here some opinion about that.. respect, bh -- If by some misfortune an honest man like yourself made enemies they would become my enemies and then, believe me, they would fear you. Be my friend. I accept. -- Vito Corleone and Amerigo Bonasera, Chapter 1, page 32-33
Re: URICountry not working - any clue?
hi, On Tue, 2007-11-13 at 08:04 -0500, Matt Kettler wrote: Byung-Hee HWANG wrote: hi, On Sun, 2007-11-11 at 04:56 -0800, SpankTheSpam wrote: Hi I have installed URICountry plugin along with p5-Mail-SpamAssassin-3.2.3 and amavisd-new-2.5.2,1 and have added few rules, and one to test it in my local.cf: [...] well, imho, its using is not fair to over the world. because there regarding spam country may/might be a little bit pure email users. we can use another way instead of the dangerous way. i would like to here some opinion about that.. Uricountry, relaycountry, etc are all quite useful, but I agree their use must be reasonably tempered. I strongly disagree with using either of these systems to assign more than half your spam threshold to any message. Country of origin or hosting site alone is not a very good sole criteria for declaring a message to be spam. However, in my case I do receive a few nonspam messages from Korea each year, like this message for example, and all are quite clearly nonspam and technical in nature... I also receive around a thousand spam messages that were sent from infected hosts in Korea each year (mostly controlled by American spammers). As a result, I assign 1.5 points (of a 5.0 threshold) to messages delivered to my network from Korea. This helps catch some of the more evasive spam, but I also have yet to have it cause a single false positive on a nonspam message. (Your message would have totaled 1.5/5.0 if it was sent directly, as it caught no other positive scoring rules) This is even more true for web hosting. There's no reason an american company can't have a website hosted overseas. So many of their products are made there, so why shouldn't the websites be hosted there? Unfortunately, like any rule, there's a lot of admins out there who think in absolutes, and assign absurd scores to rules. This is, of course, highly contrary to the whole design of SpamAssassin, which exists because Justin got tired of single-criteria decisions for spam causing false positives. I guess there's a human tendency to see a high probability and treat that as proof positive. (We all like to over-simplify things). I guess I failed to point out to spankthespam that using a 54 point score on a rule is quite unwise. your opinion is resonable, thanks! respect, bh -- Why do they bother your father with business on a day like this? Because they know that by tradition no Sicilian can refuse a request on his daughter's wedding day. -- Kay Adams and Michael Corleone, Chapter 1, page 26-27
Re: Skip SA checks for mails from SA list
hi, On Wed, 2007-11-14 at 11:43 +0530, K Anand wrote: Matus UHLAR - fantomas wrote: On 13.11.07 15:52, K Anand wrote: Received: from unknown (HELO mail.apache.org) (140.211.11.2) configure your smtp server to add DNS data to Received: line. *list_from_rcvd doesn't work without list (although it could be worth adding IP or CIDR check in such cases) I use qmail. Do I have to do anything extra to get it to put this info ? you just tell qmail to do rDNS. it is very easy. there is no problem. respect, bh -- As the CONSIGLIERE, you agree that it's dangerous to the Don and our Family to let Sollozzo live? Yes. -- Michael Corleone and Tom Hagen, Chapter 11, page 145
Re: Disabling URIDNSBL plugin
Hi Justin, On Fri, 2007-10-19 at 13:09 -0700, Justin Kim wrote: Hi All, I need a help. I don't know what is causing my postfix server to defer messages couple of times daily. When postfix server is deferring messages, our users does not get the email delivery until the deferring action is done. It usually takes 5 mins to 10 mins. I was looking at the maillog. I couldn't find the cause. Postfix + Spamassassin + Amavisd-new + Dovecot works great except this issue of deferring messages. By looking at the logs, I can only tell there is something that keeps one spam checking process running for 5~10 mins. I was thinking of disabling URIDNSBL from spamassassin. Would this cause any problem? I still want to have similar performance of discarding spams like now. I haven't had any or not many of the false positive reports so far. Any comments or constructive advice would be appreciated. For the solution, I think you would better talk with [EMAIL PROTECTED] ;; Sincerely, -- Byung-Hee HWANG [EMAIL PROTECTED] * আমি তোমাকে ভালোবাসি InZealBomb, Kyungpook National University, KOREA I spoke for the good of the Family, not for myself. I can take care of myself. -- Tessio, Chapter 28, page 399
Re: Advice on MTA blacklist
On Tue, 2007-10-09 at 17:34 +0200, R.Smits wrote: Hello, Which spam blacklists do you use in your MTA config. (postfix) smptd_client_restrictions Currently we only use : reject_rbl_client list.dsbl.org We let spamassassin fight the rest of the spam. But the load of spam is getting to high for our organisation. Wich list is safe enough to block senders at MTA level ? Spamhaus, or spamcop ? I would like to hear some advice or maybe your current setup ? I would like to recommend this: (that includes rbl lists) http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt -- Byung-Hee HWANG [EMAIL PROTECTED] As he drove Johnney home, Nino thought that if that was success, he didn't want it. -- the Nino Valenti's inside, Chapter 13, page 189