El El lun, 2 de oct. de 2017 a las 13:18, Kevin A. McGrail <
kevin.mcgr...@mcgrail.com> escribió:
> Hi All, I enjoyed speaking about SpamAssassin and ASF Meritocracy at the
> cPanel annual conference last week. They had an Anti-Spam Ninja as
> part of their escape room where you had to give the
On Mon, 2017-10-02 at 23:18 +0200, Benny Pedersen wrote:
> John Hardin skrev den 2017-10-02 23:13:
>
> > Where? \w is not case-sensitive.
>
> perfect then, i had not know that, learning still so
>
Do you have a copy of the 'Camel Book'? AKA "Programming Perl" by Larry
Wall, Tom Christiansen &
John Hardin skrev den 2017-10-02 23:13:
Where? \w is not case-sensitive.
perfect then, i had not know that, learning still so
On Mon, 2 Oct 2017, Benny Pedersen wrote:
John Hardin skrev den 2017-10-02 21:07:
How about:
header __FROM_QUOTES From =~ /"/
header __FROM_MAYBE_SPOOF From:name =~ /\w@\w/
meta__FROM_SPOOF__FROM_MAYBE_SPOOF && !__FROM_QUOTES
(warning: totally untested)
John Hardin skrev den 2017-10-02 21:07:
How about:
header __FROM_QUOTES From =~ /"/
header __FROM_MAYBE_SPOOF From:name =~ /\w@\w/
meta__FROM_SPOOF__FROM_MAYBE_SPOOF && !__FROM_QUOTES
(warning: totally untested)
+1
i can only see one problem with it, that
David Jones skrev den 2017-10-02 20:54:
I have gone back to my original rule that catches senders that put an
email addresss in the Display Name and do not have quotes.
also matches what i see, non spam have " around from:name while spam
have not
testing if there is a @ in from:name is 2nd
On Mon, 2 Oct 2017, David Jones wrote:
On 10/02/2017 01:11 PM, John Hardin wrote:
On Mon, 2 Oct 2017, David Jones wrote:
> On 09/27/2017 09:52 AM, Kevin A. McGrail wrote:
> >
> > > I recently stumbled onto a mail with a Spam link where the FROM
> > header > field looked like this:
> >
On 10/02/2017 01:11 PM, John Hardin wrote:
On Mon, 2 Oct 2017, David Jones wrote:
On 09/27/2017 09:52 AM, Kevin A. McGrail wrote:
> I recently stumbled onto a mail with a Spam link where the FROM
header > field looked like this:
> > From: "Firstname Lastname@"
On Mon, 2 Oct 2017, David Jones wrote:
On 09/27/2017 09:52 AM, Kevin A. McGrail wrote:
> I recently stumbled onto a mail with a Spam link where the FROM header
> field looked like this:
>
> From: "Firstname Lastname@" > sendern...@real-senders-domain.com>
Jakob, just wanted to let
David Jones skrev den 2017-10-02 19:43:
https://pastebin.com/f07Gq1kZ
https://pastebin.com/FMsJNGba
This is catching this pretty well so far:
header FROM_SPOOF_EMAIL_DISPLAYFrom =~
/\@[a-z_]+?\.[a-z]{2,3} \
describeFROM_SPOOF_EMAIL_DISPLAYFrom trying to spoof an
On 09/27/2017 09:52 AM, Kevin A. McGrail wrote:
I recently stumbled onto a mail with a Spam link where the FROM header
field looked like this:
From: "Firstname Lastname@" sendern...@real-senders-domain.com>
Jakob, just wanted to let you know I identified this issue as well and
just
On 10/2/2017 10:03 AM, Davide Marchi wrote:
> Il 2017-09-28 18:41 Noel ha scritto:
> [..]
>
>>
>> If you feel you must have a backup MX, then the backup must have
>> spam controls equal to or more strict than the primary, and backup
>> must have a current recipient list so it can reject unknown
>>
Il 2017-09-28 18:41 Noel ha scritto:
[..]
First, [...] If the two hosts
aren't physically close -- on the same switch -- this just isn't
practical.
Eh, my two VPS are in two different geographic locations.
This spoils everything
Secondly, [..]And if the
postscreen cache is on the primary
Il 2017-09-28 16:48 Reindl Harald ha scritto:
[..]
no, you have both the same machine, frankly you do nothing else than
add the IP aof the backup-mx to the box and tell postscreen with
"postscreen_whitelist_interfaces" which one is *always* a 450 response
OK
there is no "primary MX down" -
14 matches
Mail list logo