Re: Dubious hyperlinks

On Thu, 26 Jun 2014, Philip Prindeville wrote: The [^\s] wouldn’t work because there is space in there… note the name, non-breaking space, and the timestamp before the UUID’s… The nonbreaking space wouldn't have any effect, that's not converted before the RE scan; but the space in the date

Re: Dubious hyperlinks

On Thu, 26 Jun 2014, John Hardin wrote: On Thu, 26 Jun 2014, Philip Prindeville wrote: On Jun 25, 2014, at 3:47 PM, John Hardin wrote: > That still doesn't hit *only* the same GUID repeated. Try this: > > rawbody L_REPEATING_UUIDS /> [^\s>]+(;[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9

Re: Dubious hyperlinks

On Jun 26, 2014, at 7:31 PM, John Hardin wrote: > On Thu, 26 Jun 2014, Philip Prindeville wrote: > >> On Jun 25, 2014, at 3:47 PM, John Hardin wrote: >> >>> That still doesn't hit *only* the same GUID repeated. Try this: >>> >>> rawbody L_REPEATING_UUIDS />> [^\s>]+(;[A-F0-9]{8}-[A-F0-9]{4}

Re: Funky HARP Spam

On Jun 26, 2014, at 7:02 PM, Philip Prindeville wrote: > > On Jun 25, 2014, at 5:29 PM, RW wrote: > >> On Wed, 25 Jun 2014 14:21:33 -0600 >> Philip Prindeville wrote: >> >> >>> Here’s the other thing I don’t get. >>> >>> The message claims to be 7-bit and text/plain, yet it uses encoded >

Re: Dubious hyperlinks

On Thu, 26 Jun 2014, Philip Prindeville wrote: On Jun 25, 2014, at 3:47 PM, John Hardin wrote: That still doesn't hit *only* the same GUID repeated. Try this: rawbody L_REPEATING_UUIDS /]+(;[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12})\1\1\1/i Sorry, that got dropped along

Re: Dubious hyperlinks

On Jun 25, 2014, at 3:47 PM, John Hardin wrote: > On Wed, 25 Jun 2014, Philip Prindeville wrote: > >> Including 6 distinct UUID’s would seem to be useful. Including the same >> UUID 6 times seems broken. >> >> Perhaps a pattern like: >> >> body /((;[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-

Re: Funky HARP Spam

On Jun 25, 2014, at 5:29 PM, RW wrote: > On Wed, 25 Jun 2014 14:21:33 -0600 > Philip Prindeville wrote: > > >> Here’s the other thing I don’t get. >> >> The message claims to be 7-bit and text/plain, yet it uses encoded >> characters which exceed 7-bit widths yet this doesn’t seem to be >> fi

Re: AWL in SQL with amavisd-new

I got it all wrong: I was assuming that AWL works by using a tuple consisting of to/from (in the database: username/mail). Now thanks to your explanation I got it that the username is in fact only used for user-bound AWL. This means that I can simply use site-wide AWL. TxRep sounds quite promis

Re: postfix question - virtual alias, from field - (SOLVED?)

Joe Acquisto-j4 skrev den 2014-06-26 19:41: Well, err, umm, please excuse the intrusion. Operator malfunction. (it helps to actually have mail sent from off box . . . ahem) next step is to remove permit_mynetworks in postfix ? :)

Re: postfix question - virtual alias, from field -

Well, err, umm, please excuse the intrusion. Operator malfunction. (it helps to actually have mail sent from off box . . . ahem) >>> "Joe Acquisto-j4" 06/26/14 12:58 PM >>> OT, but hoping someone can cut thru the weeds for me. A new setup, with the intent that this machine do nothing but rea

T_DKIM_INVALID

spampd reports X-Spam-Rules: TestsScores=(BAYES_95=3,BOGOFILTER_UNSURE=0.1,DIET_1=0.001, DKIM_SIGNED=0.1,HTML_IMAGE_RATIO_02=0.437,HTML_MESSAGE=0.001,SPF_PASS=-0.1, T_DKIM_INVALID=0.01) opendkim reports: Authentication-Results: duggi.junc.org; dkim=pass (1024-bit key) heade

postfix question - virtual alias, from field

OT, but hoping someone can cut thru the weeds for me. A new setup, with the intent that this machine do nothing but readdress mail to those in the virtual aliases list, and just pass the rest on, unchanged. Works as intended, but received mail says it is "from" r...@mybox.tld.We would li

Re: getting tons of SPAM

Thank you all, here is another header of a very spammy email: X-Virus-Scanned: amavisd-new at fqdn.com X-Spam-Flag: NO X-Spam-Score: 2.301 X-Spam-Level: ** X-Spam-Status: No, score=2.301 tagged_above=-999 required=5.3 tests=[AWL=-0.006, BODY_8BITS=1.5, DKIM_SIGNED=0.001, HTML_IMAG

Re: getting tons of SPAM

motty cruz skrev den 2014-06-26 17:02: I apologize, I did not articulate my questions correctly. Spamassassin is enable but did not block spam, I know my configuration is wrong. I was wondering if someone can help me figure out.  ... ## Optional Score Increase last 4.0 increase to 4.5 score B

Re: AWL in SQL with amavisd-new

ML mail skrev den 2014-06-26 16:42: Ok so if I understand you correctly you are saying that it is possible to use AWL as site-wide having just one part of the e-mail exchange (the "To:" field) and this works fine/reliabily? incorrect question, incorrect answer :=) the username in awl is the un

Re: AWL in SQL with amavisd-new

Kevin A. McGrail skrev den 2014-06-26 16:34: But the reason I'm posting is that many servers run sitewide AWL without issue. Why do you feel it is useless? multi recipient is handled better in amavisd-new, but its not very well dokumented, if you always just get single recipient spams its not

Re: getting tons of SPAM

On Thu, 26 Jun 2014 08:20:35 -0700 (PDT) John Hardin wrote: > On Thu, 26 Jun 2014, motty cruz wrote: > > > ## Optional Score Increase last 4.0 increase to 4.5 > > score BAYES_50 1.800 > > Do you seriously want to give 1.8 points for bayes not having any > opinion on the spamminess of the message

Re: getting tons of SPAM

... A catchall ? -- Jeremy McSpadden Flux Labs | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590x501 | Cell : 850-890-2543 | Fax : 850-254-2955 On Jun 26, 2014, at 9:24 AM, "motty cruz" mailto:motty.c...@gmail.com>> wrote: X-Original-To: catch...@fq

Re: getting tons of SPAM

On Thu, 26 Jun 2014, motty cruz wrote: ## Optional Score Increase last 4.0 increase to 4.5 score BAYES_50 1.800 Do you seriously want to give 1.8 points for bayes not having any opinion on the spamminess of the message? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardi

Re: getting tons of SPAM

I apologize, I did not articulate my questions correctly. Spamassassin is enable but did not block spam, I know my configuration is wrong. I was wondering if someone can help me figure out. local.cf # languages allow ifplugin Mail::SpamAssassin::Plugin::TextCat ok_languagesen es ok_locales

Re: AWL in SQL with amavisd-new

On Thu, 26 Jun 2014 07:42:50 -0700 ML mail wrote: > Ok so if I understand you correctly you are saying that it is > possible to use AWL as site-wide having just one part of the e-mail > exchange (the "To:" field) and this works fine/reliabily? To: isn't relevant, you either have site-wide or per

Re: AWL in SQL with amavisd-new

Ok so if I understand you correctly you are saying that it is possible to use AWL as site-wide having just one part of the e-mail exchange (the "To:" field) and this works fine/reliabily? On Thursday, June 26, 2014 4:34 PM, Kevin A. McGrail wrote: On 6/26/2014 10:31 AM, ML mail wrote: I a

Re: AWL in SQL with amavisd-new

On 6/26/2014 10:31 AM, ML mail wrote: I am using the auto-whitelist feature of SpamAssassin stored into a PostgreSQL database. It works fine but I have got one issue: as I am calling SA from amavisd-new, the username stored in the AWL SQL table is always "amavis". Now this renders my AWL useles

AWL in SQL with amavisd-new

Hi, I am using the auto-whitelist feature of SpamAssassin stored into a PostgreSQL database. It works fine but I have got one issue: as I am calling SA from amavisd-new, the username stored in the AWL SQL table is always "amavis". Now this renders my AWL useless as the username should actually

Re: getting tons of SPAM

On 06/26/2014 04:23 PM, motty cruz wrote: as you can see, looks like Amavisd did not scan, spamassassing should have stop this email. If Amavisd did not scan, you need to fix that before asking the SA list for help.

Re: getting tons of SPAM

On 26/06/2014 15:23, motty cruz wrote: Hello, I am getting a lot of spam, I don't know how to effectevily stop it, now I realize I can't stop it 100%, as you can see, looks like Amavisd did not scan, spamassassing should have stop this email. Have you tried using spamassassin? -- Regards