Question: Would it make sense to have rules based on dnssec / dane
records exist for a maildomain ?
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Having got SA working at last on my CentOS-7 home server,
I'm thinking of improving its use for me (no-one else).
It's finding about 65% of my spam, and I'd like to increase that to 80%.
1) What is the simplest way to reject mail in chinese, russian
and turkish?
2) I get some email wrongly
On Friday 15 August 2014 at 13:05:26 (EU time), Timothy Murphy wrote:
1) What is the simplest way to reject mail in chinese, russian
and turkish?
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#language_options
2) I get some email wrongly marked spam - always
On 8/14/2014 9:03 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using
On 8/15/2014 7:05 AM, Timothy Murphy wrote:
Having got SA working at last on my CentOS-7 home server,
I'm thinking of improving its use for me (no-one else).
It's finding about 65% of my spam, and I'd like to increase that to 80%.
The best way to quickly cut spam is to add the zen.spamhaus.org
On 8/15/2014 2:30 AM, Robert Schetterer wrote:
Question: Would it make sense to have rules based on dnssec / dane
records exist for a maildomain ?
A) rules have to be used for things that indicate ham or spaminess
B) you can only automate something you have done manually
So have you looked at
On 8/15/2014 10:14 AM, Bowie Bailey wrote:
On 8/15/2014 7:05 AM, Timothy Murphy wrote:
Having got SA working at last on my CentOS-7 home server,
I'm thinking of improving its use for me (no-one else).
It's finding about 65% of my spam, and I'd like to increase that to 80%.
The best way to
On 08/15/2014 06:05 AM, Timothy Murphy wrote:
1) What is the simplest way to reject mail in chinese, russian
and turkish?
Is the spam actually written in Chinese, Russian, and Turkish languages?
Or does it come from Chinese, Russian, and Turkish domains?
The spam my users accounts receive
On 15.08.14 13:05, Timothy Murphy wrote:
Having got SA working at last on my CentOS-7 home server,
I'm thinking of improving its use for me (no-one else).
It's finding about 65% of my spam, and I'd like to increase that to 80%.
1) What is the simplest way to reject mail in chinese, russian
and
On 08/15/2014 09:14 AM, Bowie Bailey wrote:
The best way to quickly cut spam is to add the zen.spamhaus.org
blacklist to your MTA.
http://www.spamhaus.org/zen/
Is that not included in the default rule set? If not, I'm not sure where
mine came from.
-Steve Bergman
On 8/15/2014 10:33 AM, Steve Bergman wrote:
On 08/15/2014 09:14 AM, Bowie Bailey wrote:
The best way to quickly cut spam is to add the zen.spamhaus.org
blacklist to your MTA.
http://www.spamhaus.org/zen/
Is that not included in the default rule set? If not, I'm not sure where
mine came from.
On 08/15/2014 09:37 AM, Bowie Bailey wrote:
Yes, it is part of the default rule set. But what I am saying is to add
it to your MTA as a blacklist. That way anything matched by Zen will be
rejected by the MTA without ever having to run SA.
So basically, elevate it to the level of an absolute
On Fri, 15 Aug 2014 10:02:14 -0500
Steve Bergman sbergma...@gmail.com wrote:
So basically, elevate it to the level of an absolute blacklist.
I'm not sure I trust Zen that much. I'm more a Bayes proponent than a
DNSBL proponent.
Me too. I'm also surprised that the OP claimed it caught 70% of
On Fri, 15 Aug 2014, Timothy Murphy wrote:
2) I get some email wrongly marked spam - always from the same site.
I'm tried marking this as ham (and running sa-learn --ham) but
this has surprisingly little effect.
A few fairly standard things to consider, in case you aren't already aware
On 8/15/2014 11:07 AM, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:02:14 -0500
Steve Bergman sbergma...@gmail.com wrote:
So basically, elevate it to the level of an absolute blacklist.
I'm not sure I trust Zen that much. I'm more a Bayes proponent than a
DNSBL proponent.
Me too. I'm also
On Fri, 15 Aug 2014 11:21:47 -0400
Bowie Bailey bowie_bai...@buc.com wrote:
Considering only the spam:
67% Spamhaus rejections
33% Marked by SA
YMMV, but it works quite well for me.
Indeed, MM does V. :)
spam= select count(*) from incidents where status = 'spam';
count
---
2391
Am 15.08.2014 um 16:26 schrieb Kevin A. McGrail:
On 8/15/2014 2:30 AM, Robert Schetterer wrote:
Question: Would it make sense to have rules based on dnssec / dane
records exist for a maildomain ?
A) rules have to be used for things that indicate ham or spaminess
B) you can only automate
On 08/15/2014 05:21 PM, Bowie Bailey wrote:
On 8/15/2014 11:07 AM, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:02:14 -0500
Steve Bergman sbergma...@gmail.com wrote:
So basically, elevate it to the level of an absolute blacklist.
I'm not sure I trust Zen that much. I'm more a Bayes proponent
--As of August 15, 2014 1:23:37 PM +0200, Antony Stone is alleged to have
said:
On Friday 15 August 2014 at 13:05:26 (EU time), Timothy Murphy wrote:
1) What is the simplest way to reject mail in chinese, russian
and turkish?
On 8/15/2014 10:27 AM, Robert Schetterer wrote:
Am 15.08.2014 um 16:26 schrieb Kevin A. McGrail:
On 8/15/2014 2:30 AM, Robert Schetterer wrote:
Question: Would it make sense to have rules based on dnssec / dane
records exist for a maildomain ?
A) rules have to be used for things that
Am 15.08.2014 um 18:33 schrieb Noel:
On 8/15/2014 10:27 AM, Robert Schetterer wrote:
Am 15.08.2014 um 16:26 schrieb Kevin A. McGrail:
On 8/15/2014 2:30 AM, Robert Schetterer wrote:
Question: Would it make sense to have rules based on dnssec / dane
records exist for a maildomain ?
A) rules
On 8/15/2014 11:45 AM, Robert Schetterer wrote:
Am 15.08.2014 um 18:33 schrieb Noel:
On 8/15/2014 10:27 AM, Robert Schetterer wrote:
Am 15.08.2014 um 16:26 schrieb Kevin A. McGrail:
On 8/15/2014 2:30 AM, Robert Schetterer wrote:
Question: Would it make sense to have rules based on dnssec /
On Fri, 15 Aug 2014 18:45:39 +0200
Robert Schetterer r...@sys4.de wrote:
are there any stats how much spam is send with right/exist
SPF/DMARC/DKIM (TLS)
I have some statistics for SPF:
spam= select count(*) from incidents where status = 'spam' and incident_report
like '%SPF query returned
Am 15.08.2014 um 19:28 schrieb David F. Skoll:
On Fri, 15 Aug 2014 18:45:39 +0200
Robert Schetterer r...@sys4.de wrote:
are there any stats how much spam is send with right/exist
SPF/DMARC/DKIM (TLS)
I have some statistics for SPF:
spam= select count(*) from incidents where status =
On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy (v=spf1 +all)
Doing *that* should be worth a point or two by itself.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 --
On Fri, 15 Aug 2014 19:34:04 +0200
Robert Schetterer r...@sys4.de wrote:
Am 15.08.2014 um 19:28 schrieb David F. Skoll:
Looks like about 66% of our spam samples had SPF pass.
yes this is what i awaited, any idea about DKIM ?
Less spam has DKIM 'pass'; our stats show about 22%. I suspect
On Fri, 15 Aug 2014 10:39:03 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy (v=spf1 +all)
Doing *that* should be worth a point or two by itself.
Yes. I even through about implementing it, but there are so many ways
to achieve
On 8/15/2014 1:50 PM, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:39:03 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy (v=spf1 +all)
Doing *that* should be worth a point or two by itself.
Yes. I even through about implementing
Am 15.08.2014 um 19:54 schrieb Joe Quinn:
On 8/15/2014 1:50 PM, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:39:03 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy (v=spf1 +all)
Doing *that* should be worth a point or two by itself.
On Fri, 15 Aug 2014, David F. Skoll wrote:
On Fri, 15 Aug 2014 10:39:03 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
On Fri, 15 Aug 2014, David F. Skoll wrote:
SPF is so easy (v=spf1 +all)
Doing *that* should be worth a point or two by itself.
Yes. I even through about
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the X-Forefront-Antispam-Report
header is found. I have a sample which has this header, yet the rule
doesn't fire, and wondered if someone could help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using spamassassin-3.4, and I tested it on
On 8/15/2014 3:05 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using
On 08/15/2014 10:07 PM, Bowie Bailey wrote:
On 8/15/2014 3:05 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
On 8/15/2014 4:19 PM, Axb wrote:
On 08/15/2014 10:07 PM, Bowie Bailey wrote:
On 8/15/2014 3:05 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if
On 2014-08-15 12:05, John Hardin wrote:
exists:? (looks up SPF syntax) (boggle) WTF is the sane use case for
exists:??
Imagine something like:
exists:%{l}.%{o}.%{i}._spf.webhost.example
This might allow me to PASS only messages coming from addresses that
actually exist, and are from the
On 2014-08-15 10:34, Robert Schetterer wrote:
yes this is what i awaited, any idea about DKIM ?
While spammers aren't doing it yet, DKIM can be done trivially easily as
well for spammers that already register throwaway domains.
The private key can be shared the same way the list of
On Fri, 15 Aug 2014, Dave Warren wrote:
On 2014-08-15 12:05, John Hardin wrote:
exists:? (looks up SPF syntax) (boggle) WTF is the sane use case for
exists:??
With other types of macro expansion, you could query a DNS backend that
returns responses from database or algorithmically rather
On Fri, 2014-08-15 at 12:21 -0400, Daniel Staal wrote:
--As of August 15, 2014 1:23:37 PM +0200, Antony Stone is alleged to have
said:
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf
.html#language_options
Both of these links are out of date. The
Hi,
This is a sandbox rule which was autopromoted/published by sa-update.
Due to lack of hits I removed it and re-added back yesterday.
It may be republished if masschecks decide it is worth it.
Ok. I didn't recognize the prefix and didn't find it in my rules
directory, so I assumed it was
Hi,
That's a really good question.
Perhaps it was a malware attempt and the attacker forgot to replace the
valid MSFT URL with their own URL...
This isn't the first time I've seen ratware malfunction. Other possibility
some scammer test-driving a shiny new toy but wants to first test it out
Hi,
Just came across this article about measures Google is taking to block
domains using suspicious unicode characters:
http://threatpost.com/google-tweaks-gmail-to-help-limit-spam/107732
Does SA yet have similar measures? I seem to recall some discussion about
this probably a year ago.
My old email service was bought out by Megapath who is letting alot of
services
slide.
My main issue is that my incoming email scripts follow the SMTP RFC's and if
the sender address isn't valid, then it's not a valid email that should be
forwarded.
My script simply check for the domain
hiwe are getting spam with a lot of hashes #x13AC;m#x0430i checked out KAM.cf but not able to trap such emailsany solution please ?thanksrajesh
Hi,
The only response my ISP will give is to turn on their spam filtering. I
tried that.
In about a 2 hour time frame, over 400 messages were blocked as spam. Of
those less
than 10 were actually spam, the rest were from various lists.
So having them censoring my incoming mail isn't gonna
Hi,
we are getting spam with a lot of hashes
#x13AC;m#x0430
i checked out KAM.cf but not able to trap such emails
Post a sample with all the message headers to pastebin.com so it can be
reviewed.
Provide information about your version of spamassassin you're currently
using, and any changes
On Sat, 16 Aug 2014, Rajesh M. wrote:
hi
we are getting spam with a lot of hashes
#x13AC;m#x0430
i checked out KAM.cf but not able to trap such emails
any solution please ?
thanks
rajesh
Search the July archive of this list for postings with the subject of:
More text/plain questions
Alex wrote:
Hi,
The only response my ISP will give is to turn on their spam
filtering. I tried that.
In about a 2 hour time frame, over 400 messages were blocked as spam.
Of those less
than 10 were actually spam, the rest were from various lists.
So having them censoring my incoming
47 matches
Mail list logo
