Sv: Re: Need some help decoding an SA analysis
Read the document. Upgraded. Ran sa-update (always forget that) We really have a very simple setup, except for our homegrown integration wiith our email system. So I added enable_compat welcomelist_blocklist" to init.pre Then did a search/replace of local.cf for all whitelist_from and blacklist_from, then just for good measure egrep -l '(whitelist|blacklist)' /etc/mail/spamassassin/*.cf which caught a few in comments. Now off to read how to implement the new goodies I apologise for mailing you directly Benny. -- Med vänlig hälsning Anders Gustafsson, ingenjör anders.gustafs...@pedago.fi | Support +358 18 12060 | Direkt +358 9 315 45 121 | Mobil +358 40506 7099 Pedago interaktiv ab, Nygatan 7 B , AX-22100 MARIEHAMN, ÅLAND, FINLAND >>> Benny Pedersen 2024-06-16 16:09 >>> Anders Gustafsson skrev den 2024-06-16 13:42: > This one: > > Return-path: > X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on xx > X-Spam-Level: > X-Spam-Status: No, score=-95.6 required=5.0 > tests=BAYES_00,HTML_MESSAGE, > MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE, > TO_EQ_FM_DIRECT_MX,TO_NO_BRKTS_NORDNS_HTML,T_SCC_BODY_TEXT_LINE, > URIBL_BLACK,URIBL_DBL_SPAM,USER_IN_WELCOMELIST,USER_IN_WHITELIST > autolearn=no autolearn_force=no version=3.4.5 > Received: from hosted-by.csrdp.host ([195.10.205.97]) > by x with ESMTP (TLS encrypted); Sun, 16 Jun 2024 11:52:11 +0300 > Reply-To: Email Mailbox Notification xx #9698 > > It was a phishing email and the provider has since shut it down. Now we > do not have that adress in our > whitelist. Should I interpret this that some of the entries we do have > in our whitelist uses this adress or > provider? time to upgrade https://multirbl.valli.org/lookup/195.10.205.97.html remove localy whitelist change score for whitelist to non default -100 phishing links goes to phishtank.com train bayes on phishing emails
Re: Need some help decoding an SA analysis
Anders Gustafsson skrev den 2024-06-16 13:42: This one: Return-path: X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on xx X-Spam-Level: X-Spam-Status: No, score=-95.6 required=5.0 tests=BAYES_00,HTML_MESSAGE, MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE, TO_EQ_FM_DIRECT_MX,TO_NO_BRKTS_NORDNS_HTML,T_SCC_BODY_TEXT_LINE, URIBL_BLACK,URIBL_DBL_SPAM,USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn=no autolearn_force=no version=3.4.5 Received: from hosted-by.csrdp.host ([195.10.205.97]) by x with ESMTP (TLS encrypted); Sun, 16 Jun 2024 11:52:11 +0300 Reply-To: Email Mailbox Notification xx #9698 It was a phishing email and the provider has since shut it down. Now we do not have that adress in our whitelist. Should I interpret this that some of the entries we do have in our whitelist uses this adress or provider? time to upgrade https://multirbl.valli.org/lookup/195.10.205.97.html remove localy whitelist change score for whitelist to non default -100 phishing links goes to phishtank.com train bayes on phishing emails
Re: Need some help decoding an SA analysis
On 16.06.24 14:42, Anders Gustafsson wrote: Return-path: X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on xx X-Spam-Level: X-Spam-Status: No, score=-95.6 required=5.0 tests=BAYES_00,HTML_MESSAGE, MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE, TO_EQ_FM_DIRECT_MX,TO_NO_BRKTS_NORDNS_HTML,T_SCC_BODY_TEXT_LINE, URIBL_BLACK,URIBL_DBL_SPAM,USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn=no autolearn_force=no version=3.4.5 Received: from hosted-by.csrdp.host ([195.10.205.97]) by x with ESMTP (TLS encrypted); Sun, 16 Jun 2024 11:52:11 +0300 Reply-To: Email Mailbox Notification xx #9698 It was a phishing email and the provider has since shut it down. Now we do not have that adress in our whitelist. Should I interpret this that some of the entries we do have in our whitelist uses this adress or provider? Someone obviously has one of: Resent-From Envelope-Sender Resent-Sender X-Envelope-From From address in whitelist (renamed welcomelist since). you just need to find out which and where. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows."
Need some help decoding an SA analysis
This one: Return-path: X-Spam-Checker-Version: SpamAssassin 3.4.5 (2021-03-20) on xx X-Spam-Level: X-Spam-Status: No, score=-95.6 required=5.0 tests=BAYES_00,HTML_MESSAGE, MIME_HTML_ONLY,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RDNS_NONE, TO_EQ_FM_DIRECT_MX,TO_NO_BRKTS_NORDNS_HTML,T_SCC_BODY_TEXT_LINE, URIBL_BLACK,URIBL_DBL_SPAM,USER_IN_WELCOMELIST,USER_IN_WHITELIST autolearn=no autolearn_force=no version=3.4.5 Received: from hosted-by.csrdp.host ([195.10.205.97]) by x with ESMTP (TLS encrypted); Sun, 16 Jun 2024 11:52:11 +0300 Reply-To: Email Mailbox Notification xx #9698 It was a phishing email and the provider has since shut it down. Now we do not have that adress in our whitelist. Should I interpret this that some of the entries we do have in our whitelist uses this adress or provider? -- Med vänlig hälsning Anders Gustafsson