Yes, I have checked on the real Zen lists and the real IP is there.
Then your checking software is broken. None of the Spamhaus lists ever
include anything in 10/8.
John, the big hint was in the word *REAL IP*... as I said hundreds of times
subsequently to the initial post, I stupidly
On 08/15/2013 12:20 AM, Ted Mittelstaedt wrote:
I take it by the:
a) lack of usable responses
b) responses NOT claiming this ISN'T a bug
it is *not* a bug. It's not SA's task to split a msg to multiple rcpts.
Your glue (hack) or MTA (best) should do this.
On 08/15/2013 12:20 AM, Ted Mittelstaedt wrote:
Suggestions?
http://www.snertsoft.com/sendmail/milter-spamc/
Spam:recipient-address value * (FRIEND or HATER are recognised)
Spam:recipient-domain value * (FRIEND or HATER are recognised)
Spam:recipient@ value * (FRIEND or
Oh, OK.
In the future, if you're not prepared to show the actual problem with their
actual data, please don't waste our time.
R's from a thing with no keyboard,
John
Nigel Smith gb10hkzo-...@yahoo.co.uk wrote:
Yes, I have checked on the real Zen lists and the real IP is there.
Then your
On 14.08.13 15:20, Ted Mittelstaedt wrote:
I am using spamass-milter to process received mail.
do you use -u user option? spamas-milter uses that user's config when the
mail goes to multiple recipients. Isn't that user by any chance the one in
all_spam_to list?
I guess if you don't specify
On 8/15/2013 12:29 AM, Axb wrote:
On 08/15/2013 12:20 AM, Ted Mittelstaedt wrote:
Suggestions?
http://www.snertsoft.com/sendmail/milter-spamc/
Spam:recipient-address value * (FRIEND or HATER are recognised)
Spam:recipient-domain value * (FRIEND or HATER are recognised)
On 8/15/2013 12:14 AM, Axb wrote:
On 08/15/2013 12:20 AM, Ted Mittelstaedt wrote:
I take it by the:
a) lack of usable responses
b) responses NOT claiming this ISN'T a bug
it is *not* a bug. It's not SA's task to split a msg to multiple rcpts.
Your glue (hack) or MTA (best) should do this.
On 8/15/2013 9:38 AM, Matus UHLAR - fantomas wrote:
On 14.08.13 15:20, Ted Mittelstaedt wrote:
I am using spamass-milter to process received mail.
do you use -u user option? spamas-milter uses that user's config when the
mail goes to multiple recipients. Isn't that user by any chance the one
On 8/15/13 11:53 AM, Ted Mittelstaedt t...@ipinc.net wrote:
On 8/15/2013 12:14 AM, Axb wrote:
On 08/15/2013 12:20 AM, Ted Mittelstaedt wrote:
I take it by the:
a) lack of usable responses
b) responses NOT claiming this ISN'T a bug
it is *not* a bug. It's not SA's task to split a msg
On Thu, 15 Aug 2013, Ted Mittelstaedt wrote:
On 8/15/2013 12:14 AM, Axb wrote:
On 08/15/2013 12:20 AM, Ted Mittelstaedt wrote:
I take it by the:
a) lack of usable responses
b) responses NOT claiming this ISN'T a bug
it is *not* a bug. It's not SA's task to split a msg to multiple
--On Monday, August 12, 2013 2:02 PM -0700 John Hardin jhar...@impsec.org
wrote:
On Mon, 12 Aug 2013, Bowie Bailey wrote:
On 8/12/2013 2:48 PM, John Hardin wrote:
On Mon, 12 Aug 2013, Quanah Gibson-Mount wrote:
--On Friday, August 09, 2013 12:42 AM +0200 Benny Pedersen wrote:
Some of our users are getting a ton of SPAM from .br domains. If it
weren't for RP_MATCHES_RCVD they would actually end up in their junk folder
rather than their Inbox. Is there a general suggested adjustment I can
make catch these without tweaking RP_MATCHES_RCVD?
Return-Path:
On 8/15/2013 2:53 PM, Quanah Gibson-Mount wrote:
Yeah, I'm not complaining about people discussing facebook, but pretending
to be facebook.
Example:
Return-Path: no-re...@facebook.com
Received: from edge02-zcs.vmware.com (LHLO edge02-zcs.vmware.com)
(10.113.208.52) by mbs01-zcs.vmware.com
Quanah Gibson-Mount skrev den 2013-08-15 20:53:
header __FROM_FACEBOOK Return-Path:addr =~ /no-reply\@facebook.com/
meta __FORGED_SENDER (!SPF_PASS !DKIM_VALID_AU)
meta FORGED_FACEBOOK_FROM (__FROM_FACEBOOK __FORGED_SENDER)
score FORGED_FACEBOOK 1.5
Does that look correct?
yes, add and
--On Thursday, August 15, 2013 3:06 PM -0400 Bowie Bailey
bowie_bai...@buc.com wrote:
On 8/15/2013 2:53 PM, Quanah Gibson-Mount wrote:
Yeah, I'm not complaining about people discussing facebook, but
pretending to be facebook.
Example:
Return-Path: no-re...@facebook.com
Received: from
Quanah Gibson-Mount skrev den 2013-08-15 21:05:
Some of our users are getting a ton of SPAM from .br domains. If it
weren't for RP_MATCHES_RCVD they would actually end up in their junk
folder rather than their Inbox. Is there a general suggested
adjustment I can make catch these without
--On Thursday, August 15, 2013 9:16 PM +0200 Benny Pedersen wrote:
Quanah Gibson-Mount skrev den 2013-08-15 21:05:
Some of our users are getting a ton of SPAM from .br domains. If it
weren't for RP_MATCHES_RCVD they would actually end up in their junk
folder rather than their Inbox. Is
--On Thursday, August 15, 2013 12:21 PM -0700 Quanah Gibson-Mount
qua...@zimbra.com wrote:
--On Thursday, August 15, 2013 9:16 PM +0200 Benny Pedersen wrote:
Quanah Gibson-Mount skrev den 2013-08-15 21:05:
Some of our users are getting a ton of SPAM from .br domains. If it
weren't for
On Thu, 15 Aug 2013, Quanah Gibson-Mount wrote:
header __FROM_FACEBOOK Return-Path:addr =~ /no-reply\@facebook\.com/
Any reason you're limiting it to just the no-reply address? You might also
want to broaden the domain a bit.
How about:
header __FROM_FACEBOOK Return-Path:addr =~
On Thu, 15 Aug 2013, Benny Pedersen wrote:
meta LOTS_OF_MONEY (3) (3) (3) (3)
I *do not recommend* doing that. There is a lot of legitimate email that
mentions large monetary amounts (e.g. a newsletter discussing the US
budget deficit). That rule's score is informational on purpose, so that
--On Thursday, August 15, 2013 12:36 PM -0700 John Hardin wrote:
On Thu, 15 Aug 2013, Quanah Gibson-Mount wrote:
header __FROM_FACEBOOK Return-Path:addr =~ /no-reply\@facebook\.com/
Any reason you're limiting it to just the no-reply address? You might
also want to broaden the domain a bit.
John Hardin skrev den 2013-08-15 21:41:
the score noticeably. It's intended to be used in metas with other
rules that make a mention of a large amount of money suspicious.
also why i used soft blacklists, i have not seen the real problem yet,
but imho anyone can soft score adjust if needed,
Quanah Gibson-Mount skrev den 2013-08-15 21:25:
Hm, that won't catch our other BR spam though. :(
List-Unsubscribe:
http://www.registraclique.com.br/iem/unsubscribe.php?M=1531174C=77d064e695a19edb4155caf4c244402aL=11N=72
unsubscribe ?
if recipient was not opt-in then block sender domain
John Hardin skrev den 2013-08-15 21:36:
header __FROM_FACEBOOK Return-Path:addr =~
/\@facebook(?:mail)?\.com$/
https://dmarcian.com/dmarc-inspector/facebookmail.com
https://dmarcian.com/spf-survey/facebookapp.com
Quanah Gibson-Mount skrev den 2013-08-15 21:43:
well, so far, all 200 or so of these I've seen all use the same
Return-Path. The From: varies, but Return-Path doesn't.
then dont test other facebook domains, there is alot of other facebook
real domains that is owned by same payers, make
On Wed, 2013-08-14 at 14:53 -0400, Andrew Talbot wrote:
I’m trying to whitelist all our internal subdomains but I can’t seem
to get it to work.
We have so many of them that it’s impractical to do them individually.
I was thinking that whitelist_from *.domain.com would work but it
doesn’t
On 15.08.13 12:05, Quanah Gibson-Mount wrote:
Some of our users are getting a ton of SPAM from .br domains. If it
weren't for RP_MATCHES_RCVD they would actually end up in their junk
folder rather than their Inbox. Is there a general suggested
adjustment I can make catch these without
Matus UHLAR - fantomas skrev den 2013-08-15 22:33:
score RP_MATCHES_RCVD 0
hard scoreing
there is __RP_MATCHES_RCVD that has to be used in metas. I don't see
any
poing in giving positive score to mail just because it's not any kind
of
forged...
__foo have no scores, no point in setting
Matus UHLAR - fantomas skrev den 2013-08-15 22:33:
score RP_MATCHES_RCVD 0
hard scoreing
there is __RP_MATCHES_RCVD that has to be used in metas. I don't
see any
poing in giving positive score to mail just because it's not any
kind of
forged...
On 15.08.13 22:41, Benny Pedersen wrote:
--On Thursday, August 15, 2013 10:07 PM +0200 Benny Pedersen wrote:
Quanah Gibson-Mount skrev den 2013-08-15 21:25:
Hm, that won't catch our other BR spam though. :(
List-Unsubscribe:
http://www.registraclique.com.br/iem/unsubscribe.php?M=1531174C=77d064
e695a19edb4155caf4c244402aL=11N=72
On Wed, 2013-08-14 at 15:20 -0700, Ted Mittelstaedt wrote:
I take it by the:
a) lack of usable responses
b) responses NOT claiming this ISN'T a bug
c) responses tacitly acknowledging this is an Oh crap they forgot about
BCCs when they wrote it but I don't have the balls to publicly call
On Thu, 2013-08-15 at 09:53 -0700, Ted Mittelstaedt wrote:
it is *not* a bug. It's not SA's task to split a msg to multiple rcpts.
Your glue (hack) or MTA (best) should do this.
It IS a bug since the software is not acting according to how it's
documented or expected. That is the
32 matches
Mail list logo