Re: spamasssassin vs mimedefang scores

On 22 Feb 2018, at 4:15, saqariden wrote: Hello guys, i'm using mimedefang with spamassasin, when I test an email with the command "spamassain -t file.eml", I got results like this: Dails de l'analyse du message: (-5.8 points, 3.0 requis) -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at

Re: Custom Rulesets

Thanks David. I haven't done many of them yet. Very useful. On Thu, Feb 22, 2018 at 7:31 PM, David Jones wrote: > On 02/21/2018 11:48 PM, Rajkiran Rajkumar wrote: > >> Thank you Kevin and @lbutlr for the response. Checking out KAM ruleset >> now. We are not using Postfix for

Re: ENCRYPTED_MESSAGE rule

On 2018-02-22 (17:39 MST), RW wrote: > > Is it genuinely encrypted though? I'm wondering if it's just base64 > encoded, and possibly signed. application/pkcs7-mime is S/MIME -- Vi Veri Veniversum Vivus Vici

Re: Custom rule don't match without empty line before the string!

On 2018-02-22 (07:54 MST), saqariden wrote: > > I have the following SA rule which is supposed to block base64 encoded mails: Wow. You are going to block a lot of legitimate email that way. > bodyEN_BASE64_B/(Content-Transfer-Encoding:

Re: ENCRYPTED_MESSAGE rule

On Thu, 22 Feb 2018 17:40:56 -0600 David Jones wrote: > Sometimes the passing of time with new spam techniques from software > changes (i.e. Office 365 now auto handling of encrypted email) can > allow this to be abused and need changing. I am just trying to bring > this up in case others may

Re: ENCRYPTED_MESSAGE rule

On Thu, 22 Feb 2018, David Jones wrote: On 02/22/2018 04:40 PM, John Hardin wrote: On Thu, 22 Feb 2018, David Jones wrote: On 02/22/2018 03:49 PM, John Hardin wrote: On Thu, 22 Feb 2018, David Jones wrote: My SA filters just received 45 unsolicited junk emails from Office 365 that hit

Re: ENCRYPTED_MESSAGE rule

On 02/22/2018 04:40 PM, John Hardin wrote: On Thu, 22 Feb 2018, David Jones wrote: On 02/22/2018 03:49 PM, John Hardin wrote: On Thu, 22 Feb 2018, David Jones wrote: My SA filters just received 45 unsolicited junk emails from Office 365 that hit ENCRYPTED_MESSAGE which subtracted a point. 

Re: ENCRYPTED_MESSAGE rule

On Thu, 22 Feb 2018, David Jones wrote: On 02/22/2018 03:49 PM, John Hardin wrote: On Thu, 22 Feb 2018, David Jones wrote: My SA filters just received 45 unsolicited junk emails from Office 365 that hit ENCRYPTED_MESSAGE which subtracted a point.  Looking at 72_active.cf, the description

Re: ENCRYPTED_MESSAGE rule

On 02/22/2018 03:49 PM, John Hardin wrote: On Thu, 22 Feb 2018, David Jones wrote: My SA filters just received 45 unsolicited junk emails from Office 365 that hit ENCRYPTED_MESSAGE which subtracted a point.  Looking at 72_active.cf, the description for this rule is: "Message is encrypted,

Re: ENCRYPTED_MESSAGE rule

On Thu, 22 Feb 2018, David Jones wrote: My SA filters just received 45 unsolicited junk emails from Office 365 that hit ENCRYPTED_MESSAGE which subtracted a point. Looking at 72_active.cf, the description for this rule is: "Message is encrypted, not likely to be spam" The body of the email

ENCRYPTED_MESSAGE rule

My SA filters just received 45 unsolicited junk emails from Office 365 that hit ENCRYPTED_MESSAGE which subtracted a point. Looking at 72_active.cf, the description for this rule is: "Message is encrypted, not likely to be spam" The body of the email was a MIME attachment of

Re: Custom rule don't match without empty line before the string!

On Thu, 22 Feb 2018 10:35:48 -0600 (CST) David B Funk wrote: > On Thu, 22 Feb 2018, RW wrote: > > > On Thu, 22 Feb 2018 15:54:45 +0100 > > saqariden wrote: > > > >> Hello guys, > >> > >> I have the following SA rule which is supposed to block base64 > >> encoded mails: > > > > This may be

Re: Custom rule don't match without empty line before the string!

On Thu, 22 Feb 2018, RW wrote: On Thu, 22 Feb 2018 15:54:45 +0100 saqariden wrote: Hello guys, I have the following SA rule which is supposed to block base64 encoded mails: This may be dangerous. If someone doesn't wish to use 8bit text then base64 encoding of UTF-8 is a sensible choice;

Re: Custom rule don't match without empty line before the string!

On Thu, 22 Feb 2018 15:54:45 +0100 saqariden wrote: > Hello guys, > > I have the following SA rule which is supposed to block base64 > encoded mails: This may be dangerous. If someone doesn't wish to use 8bit text then base64 encoding of UTF-8 is a sensible choice; QP is very inefficient

Re: Junk mixed in with ham on whitelists

On 02/22/18 15:56, David Jones wrote: > On 02/22/2018 08:52 AM, Benny Pedersen wrote: >> Giovanni Bechis skrev den 2018-02-22 15:39: >> sub check_dkim_valid {   my ($self, $pms, $full_ref, @acceptable_domains) = @_;   $self->_check_dkim_signature($pms)  if

Custom rule don't match without empty line before the string!

Hello guys, I have the following SA rule which is supposed to block base64 encoded mails: bodyEN_BASE64_B/(Content-Transfer-Encoding: base64\sContent-Type: text\/(plain|html); charset="?utf-8"?)|(Content-Type: text\/(plain|html);

Re: Junk mixed in with ham on whitelists

On 02/22/2018 08:52 AM, Benny Pedersen wrote: Giovanni Bechis skrev den 2018-02-22 15:39: sub check_dkim_valid {   my ($self, $pms, $full_ref, @acceptable_domains) = @_;   $self->_check_dkim_signature($pms)  if !$pms->{dkim_checked_signature};   my $result = 0;   if (!$pms->{dkim_valid}) {   

Re: oxy/diabetes/cbd/big pharma spam

On Wed, 21 Feb 2018 11:43:59 -0500 Alex wrote: > Hi all, > > Over the past few weeks I've noticed a few different campaigns that > are using the same overall template, but continue to not hit bayes99 > or really any other significant rules. I'm assuming this is some sort > of botnet? > >

Re: Junk mixed in with ham on whitelists

Giovanni Bechis skrev den 2018-02-22 15:39: sub check_dkim_valid { my ($self, $pms, $full_ref, @acceptable_domains) = @_; $self->_check_dkim_signature($pms) if !$pms->{dkim_checked_signature}; my $result = 0; if (!$pms->{dkim_valid}) { # don't bother } elsif

Re: Junk mixed in with ham on whitelists

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/22/18 15:34, Benny Pedersen wrote: > Benny Pedersen skrev den 2018-02-21 17:55: >> David Jones skrev den 2018-02-21 17:41: >> >>> I have that same code in my DKIM.pm and I am running 3.4.1. Maybe the >>> size acceptable for whitelisting is

Re: Junk mixed in with ham on whitelists

Benny Pedersen skrev den 2018-02-21 17:55: David Jones skrev den 2018-02-21 17:41: I have that same code in my DKIM.pm and I am running 3.4.1. Maybe the size acceptable for whitelisting is different from the DKIM_VALID check? minimal key bits could be a plugin test yes, but imho it never

Re: Custom Rulesets

On 02/21/2018 11:48 PM, Rajkiran Rajkumar wrote: Thank you Kevin and @lbutlr for the response. Checking out KAM ruleset now. We are not using Postfix for mail server, but I will check out how to achieve postscreen's functionality using JAMES(which we use). See this thread for more

Re: spamasssassin vs mimedefang scores

On 2/22/2018 4:15 AM, saqariden wrote: i'm using mimedefang with spamassasin, when I test an email with the command "spamassain -t file.eml", I got results like this: Dails de l'analyse du message:   (-5.8 points, 3.0 requis) -5.0 RCVD_IN_DNSWL_HI   RBL: Sender listed at

spamasssassin vs mimedefang scores

Hello guys, i'm using mimedefang with spamassasin, when I test an email with the command "spamassain -t file.eml", I got results like this: Dails de l'analyse du message: (-5.8 points, 3.0 requis) -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high