On Wed, 9 May 2018, Vincent Fox wrote:
I see an interesting dichotomy.
Students are on Google, fac/staff on O365 now.
Guess which group is phished most often?
If you said students, bzzzt.
It’s the O365 users, by a large margin. Faculty and staff should be best
trained. Also protected by
I see an interesting dichotomy.
Students are on Google, fac/staff on O365 now.
Guess which group is phished most often?
If you said students, bzzzt.
It’s the O365 users, by a large margin. Faculty and staff should be best
trained. Also protected by “Advanced Threat Protection”.
Sent from m
So "free" here refers to something else than paid for service. What does it
refer to then? Perhaps FREEMAIL is best renamed as CAMP, for Commonly Abused
Mail Provider.
On Wed, May 9, 2018 at 13:37, David Jones wrote:
> On 05/09/2018 03:03 AM, Rupert Gallagher wrote: > Is O365 freemail now? Fre
Perhaps this is a misunderstanding. By "same" I mean "this server". The mail
was originally received by my server via TLS, processed by mailman and then
delivered with the ***SPAM*** subject line to the recipients of the mailing
list, but not to the Quarantine. One of the recipients is my own
On 05/09/2018 01:29 PM, Matthew Broadhead wrote:
On 09/05/18 16:37, Reindl Harald wrote:
Am 09.05.2018 um 16:28 schrieb Matthew Broadhead:
it looks like it is working. so maybe it is just not flagging or moving
the spam?
in a differnt post you showed this status header which *clearly* shows
On 09/05/18 16:37, Reindl Harald wrote:
Am 09.05.2018 um 16:28 schrieb Matthew Broadhead:
it looks like it is working. so maybe it is just not flagging or moving
the spam?
in a differnt post you showed this status header which *clearly* shows
bayes is working - bayes alone don't flag, the tot
On 05/09/2018 12:39 PM, Alex wrote:
Hi,
header __RCVD_OFFICE365Received =~
/\.outbound\.protection\.outlook\.com \[/
header __RCVD_OFFICE365_PROXY X-ClientProxiedBy =~
/\.outlook\.com
\(/
header __OFFICE365_TRUST_ORG X-OriginatorOrg =~
/^(ena\.com|example\.com)/
You've
On 09/05/18 16:37, Reindl Harald wrote:
Am 09.05.2018 um 16:28 schrieb Matthew Broadhead:
it looks like it is working. so maybe it is just not flagging or moving
the spam?
in a differnt post you showed this status header which *clearly* shows
bayes is working - bayes alone don't flag, the tot
Hi,
>>> header __RCVD_OFFICE365Received =~
>>> /\.outbound\.protection\.outlook\.com \[/
>>> header __RCVD_OFFICE365_PROXY X-ClientProxiedBy =~
>>> /\.outlook\.com
>>> \(/
>>>
>>> header __OFFICE365_TRUST_ORG X-OriginatorOrg =~
>>> /^(ena\.com|example\.com)/
>>
>>
>> You've s
On 2018-05-09 13:08, Eggert Ehmke wrote:
> > Wild stab - maybe they're entering the system already with
> > ***SPAM*** in the subject?
> The mail also originated from the same server.
All the more reason to suspect the "wild stab" is correct.
In my experience this is quite common on some poorly
On 05/09/2018 10:59 AM, Alex wrote:
Hi,
https://pastebin.com/raw/TfvhUu0X
...
What I have had to do is basically increase the score on all invoice emails
to try to block the bad ones and then whitelist the good ones.
That email was BCC'd which is another suspicious trait which is why I bump
On Wed, 9 May 2018, Alex wrote:
Hi,
Hi,
Does anyone have any special techniques for catching these invoice phish
emails?
https://pastebin.com/raw/TfvhUu0X
I've added a few body rules, and even despite training previous
similar messages as spam, they continue. These emails very closely
resemb
David Jones wrote:
One more thing. I have expanded my definition of FREEMAIL to any Google
and Office 365 senders like this:
header __RCVD_YAHOO Received =~ /\.yahoo\.com \[/
header __RCVD_HOTMAIL Received =~ /\.hotmail\.com \[/
header __RCVD_GOO
Hi,
>> Hi,
>> Does anyone have any special techniques for catching these invoice phish
>> emails?
>>
>> https://pastebin.com/raw/TfvhUu0X
>>
>> I've added a few body rules, and even despite training previous
>> similar messages as spam, they continue. These emails very closely
>> resemble legitima
Hi,
>> https://pastebin.com/raw/TfvhUu0X
>>
...
> What I have had to do is basically increase the score on all invoice emails
> to try to block the bad ones and then whitelist the good ones.
>
> That email was BCC'd which is another suspicious trait which is why I bump
> up the score for MISSING H
On Wed, 9 May 2018, Reio Remma wrote:
On 9 May 2018, at 18:33, John Hardin wrote:
Also:
On Wed, 9 May 2018, Matthew Broadhead wrote:
your message has
X-Spam-Status: No, score=-18.15 tagged_above=-999 required=6.2
Setting the threshold higher will result in more spam getting through. The
> On 9 May 2018, at 18:33, John Hardin wrote:
>
> Also:
>
>> On Wed, 9 May 2018, Matthew Broadhead wrote:
>>
>> your message has
>>
>> X-Spam-Status: No, score=-18.15 tagged_above=-999 required=6.2
>
> Setting the threshold higher will result in more spam getting through. The
> scores calc
Also:
On Wed, 9 May 2018, Matthew Broadhead wrote:
your message has
X-Spam-Status: No, score=-18.15 tagged_above=-999 required=6.2
Setting the threshold higher will result in more spam getting through. The
scores calculated by the masscheck processes are based on the assumption
that the th
On Wed, 9 May 2018, Matthew Broadhead wrote:
[root@ns1 ~]# sudo -H -u amavis bash -c '/usr/bin/sa-learn --dump magic'
0.000 0 3 0 non-token data: bayes db version
0.000 0 32225 0 non-token data: nspam
0.000 0 440420 0 non
On 05/09/2018 10:02 AM, Alex wrote:
Hi,
One more thing. I have expanded my definition of FREEMAIL to any Google and
Office 365 senders like this:
header __RCVD_YAHOOReceived =~ /\.yahoo\.com \[/
header __RCVD_HOTMAIL Received =~ /\.hotmail\.com \[/
heade
Hi,
> One more thing. I have expanded my definition of FREEMAIL to any Google and
> Office 365 senders like this:
>
> header __RCVD_YAHOOReceived =~ /\.yahoo\.com \[/
> header __RCVD_HOTMAIL Received =~ /\.hotmail\.com \[/
> header __RCVD_GOOGLE
On 09/05/18 16:03, Reio Remma wrote:
On 09.05.18 16:59, Matthew Broadhead wrote:
setting log_level and sa_debug in /etc/amavisd/amavisd.conf didn't
seem to make any difference. should i be doing it in
/etc/mail/spamassassin/local.cf?
See if $sa_debug=1 works (for full debug)? (and restart ama
On 09.05.18 16:59, Matthew Broadhead wrote:
setting log_level and sa_debug in /etc/amavisd/amavisd.conf didn't
seem to make any difference. should i be doing it in
/etc/mail/spamassassin/local.cf?
See if $sa_debug=1 works (for full debug)? (and restart amavisd).
Reio
ok now i am getting a lot
On 09/05/18 15:48, Reio Remma wrote:
On 09.05.18 16:33, Matthew Broadhead wrote:
On 08/05/18 21:53, Reio Remma wrote:
On 08.05.2018 22:08, John Hardin wrote:
On Tue, 8 May 2018, Matthew Broadhead wrote:
system setup centos-release-7-4.1708.el7.centos.x86_64,
spamassassin-3.4.0-2.el7.x86_64,
On 09.05.18 16:33, Matthew Broadhead wrote:
On 08/05/18 21:53, Reio Remma wrote:
On 08.05.2018 22:08, John Hardin wrote:
On Tue, 8 May 2018, Matthew Broadhead wrote:
system setup centos-release-7-4.1708.el7.centos.x86_64,
spamassassin-3.4.0-2.el7.x86_64, amavisd-new-2.11.0-3.el7.noarch
/etc
On 08/05/18 21:53, Reio Remma wrote:
On 08.05.2018 22:08, John Hardin wrote:
On Tue, 8 May 2018, Matthew Broadhead wrote:
system setup centos-release-7-4.1708.el7.centos.x86_64,
spamassassin-3.4.0-2.el7.x86_64, amavisd-new-2.11.0-3.el7.noarch
/etc/mail/spamassassin/local.cf:
required_hits 5
On 05/09/2018 03:03 AM, Rupert Gallagher wrote:
Is O365 freemail now? Free from Microsoft is an oxymoron.
If you look at the comments in the rule files (20_freemail_domains.cf)
you will find that FREEMAIL is actually any mail provider that is
commonly abused and often sends spam. O365 does f
The mail also originated from the same server.
Ok, I look into the amavisd config.
Thanks,
Eggert
Am Mittwoch, 9. Mai 2018, 14:06:08 CEST schrieb Reio Remma:
> Wild stab - maybe they're entering the system already with ***SPAM*** in
> the subject?
>
> With amavisd-new it's amavisd that modifies
Wild stab - maybe they're entering the system already with ***SPAM*** in
the subject?
With amavisd-new it's amavisd that modifies the subject, local.cf
shouldn't have an effect on that.
Good luck,
Reio
On 09.05.18 14:02, Eggert Ehmke wrote:
Hello,
I have spamassassin 3.4.1 / amavisd / pos
Hello,
I have spamassassin 3.4.1 / amavisd / postfix / dovecot installed on my Debian
9.4 server. I
also run a mailman mailing list. Most of the time, all runs very well, but
occasionally I get
mails marked ***SPAM*** in my inbox. These are indeed no spam, but valid mails
forwarded by mailma
Is O365 freemail now? Free from Microsoft is an oxymoron.
On 09/05/18 09:09, Reio Remma wrote:
On 09.05.18 9:57, Matthew Broadhead wrote:
BAYES_00=-1.9
I've personally set *bayes_sql_override_username = amavis* in my local.cf
If at all possible, run amavisd with SA bayes debug to see if/how it's
using the database.
Good luck,
Reio
Thanks Reio
On 09.05.18 9:57, Matthew Broadhead wrote:
BAYES_00=-1.9
I've personally set *bayes_sql_override_username = amavis* in my local.cf
If at all possible, run amavisd with SA bayes debug to see if/how it's
using the database.
Good luck,
Reio
33 matches
Mail list logo