Re: IPv6 issue

2022-05-06 Thread Jeremy Ardley
On 6/5/22 6:31 pm, Ted Mittelstaedt wrote: For unrelated reasons I had to turn off IPv6 on my incoming mailserver. Spam plummeted.  Like by 80% at least.  Both uncaught and caught spam did. Were there more hostname variations with records than A records? -- Jeremy OpenPGP_signatu

Re: IPv6 issue

2022-05-06 Thread Greg Troxel
I agree with what Grant said. Also, I wonder how much greylisting would help, and if you were already doing that. The data I posted is for a machine that already does greylisting in general, with varying times depending on inclusion in various RBLs and local data. I find that delaying connectio

Re: IPv6 issue

2022-05-06 Thread Grant Taylor
On 5/6/22 10:49 AM, Ted Mittelstaedt wrote: Arg. Well I think you hit the nail on the head. And I think I may have stumbled on to a spam defeating trick. Ya ... not running email server on IPv6 is a way of not receiving (some) spam. But I view it very similarly as not running an email serve

Re: SPF skipped for whitelisted relay domain

2022-05-06 Thread Kevin A. McGrail
> we wait for spamassassin 4.0.0 :=) > > 4.0.0 is in pre-release now and in production for a few of us. Start stress testing it now so we can shake out the bugs and get it out the door! Regards, KAM

Re: Intuit servers sending paypal phishes

2022-05-06 Thread Shawn Iverson
Just got one as well, deciding how to handle it... On Fri, May 6, 2022 at 1:52 PM Kevin A. McGrail wrote: > Oh joy. > On 5/6/2022 11:19 AM, Dave Wreski wrote: > > Hi, Intuit's servers are being used to send Paypal phishing invoices > combined with the "evil numbers" scam. > > -- > Kevin A. mcgra

Re: Rule syntax in local.cf?

2022-05-06 Thread Thomas Cameron
On 5/6/22 11:31, Bill Cole wrote: On 2022-05-06 at 10:58:15 UTC-0400 (Fri, 6 May 2022 09:58:15 -0500) Thomas Cameron is rumored to have said: Howdy, all - As I mentioned in a previous email, I'm trying to bump up the score for BAYES_999. I have not messed with SA in years, but I'm trying to

Re: Intuit servers sending paypal phishes

2022-05-06 Thread Kevin A. McGrail
Oh joy. On 5/6/2022 11:19 AM, Dave Wreski wrote: Hi, Intuit's servers are being used to send Paypal phishing invoices combined with the "evil numbers" scam. -- Kevin A. McGrail kmcgr...@apache.org Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linked

Re: Spamassassin with Galera as SQL-Backend?

2022-05-06 Thread Darrell Budic
I’ve had it running against a mariadb galera setup for a few years now. Have not experienced any issues here. Did not have to take any special actions on SpamAssassins side, just pointed it at a dns round robin entry for the backend servers and setup appropriate access perms for them. -Darre

Re: IPv6 issue

2022-05-06 Thread Ted Mittelstaedt
Arg. Well I think you hit the nail on the head. And I think I may have stumbled on to a spam defeating trick. Here's what I think MAY be going on. As we all know spammers are the textbook drive by shooters. They are going to try the first A returned from the mailserver just like a regular m

Re: Rule syntax in local.cf?

2022-05-06 Thread Bill Cole
On 2022-05-06 at 10:58:15 UTC-0400 (Fri, 6 May 2022 09:58:15 -0500) Thomas Cameron is rumored to have said: > Howdy, all - > > As I mentioned in a previous email, I'm trying to bump up the score for > BAYES_999. I have not messed with SA in years, but I'm trying to get back > into it. Sorry if

Intuit servers sending paypal phishes

2022-05-06 Thread Dave Wreski
Hi, Intuit's servers are being used to send Paypal phishing invoices combined with the "evil numbers" scam. https://pastebin.com/iad07S8N Received: from o4.e.notification.intuit.com (o4.e.notification.intuit.com [167.89.82.160]) X-Spam-Status: No, score=-15.691 tagged_above=-200 required=5 te

Rule syntax in local.cf?

2022-05-06 Thread Thomas Cameron
Howdy, all - As I mentioned in a previous email, I'm trying to bump up the score for BAYES_999. I have not messed with SA in years, but I'm trying to get back into it. Sorry if this is a silly question. I tried to add the following line to /etc/mail/spamassassin/local.cf, but it's not firing

Re: Spamassassin with Galera as SQL-Backend?

2022-05-06 Thread Benny Pedersen
On 2022-05-06 12:21, Niels Kobschätzki wrote: But I read that redis doesn’t have per-user databases? nope, pr user bayes needs one database in redis, not multiple pr user And I probably would need new machines with lots of RAM for it, because I have no idea how much RAM is needed per user.

Re: IPv6 issue

2022-05-06 Thread Greg Troxel
Ted Mittelstaedt writes: > For unrelated reasons I had to turn off IPv6 on my incoming mailserver. > > Spam plummeted. Like by 80% at least. Both uncaught and caught spam did. > > When IPv6 was on, the mailserver had all PTR and and MX records to > allow it to receive incoming mail via IP

Re: Spamassassin with Galera as SQL-Backend?

2022-05-06 Thread Henrik K
On Fri, May 06, 2022 at 12:31:47PM +0200, giova...@paclan.it wrote: > On 5/6/22 11:08, Niels Kobschätzki wrote: > > Hi, > > > > I have a setup where the spamassassin-servers have actually no access to > > the data of the mail-servers. Now I was looking into having per user > > bayes-databases an

Re: Spamassassin with Galera as SQL-Backend?

2022-05-06 Thread giovanni
On 5/6/22 11:08, Niels Kobschätzki wrote: > Hi, > > I have a setup where the spamassassin-servers have actually no access to the > data of the mail-servers. Now I was looking into having per user > bayes-databases and saw that I can do that with a SQL-database. I have > already a small galera-c

IPv6 issue

2022-05-06 Thread Ted Mittelstaedt
Hi All, I hope this does not start a holy war. For unrelated reasons I had to turn off IPv6 on my incoming mailserver. Spam plummeted. Like by 80% at least. Both uncaught and caught spam did. When IPv6 was on, the mailserver had all PTR and and MX records to allow it to receive incoming

Re: Spamassassin with Galera as SQL-Backend?

2022-05-06 Thread Niels Kobschätzki
On 6 May 2022, at 11:31, Benny Pedersen wrote: > On 2022-05-06 11:25, Henrik K wrote: >> On Fri, May 06, 2022 at 11:08:21AM +0200, Niels Kobschätzki wrote: >>> Hi, >>> >>> I have a setup where the spamassassin-servers have actually no access to the >>> data of the mail-servers. Now I was looking

Re: Spamassassin with Galera as SQL-Backend?

2022-05-06 Thread Benny Pedersen
On 2022-05-06 11:25, Henrik K wrote: On Fri, May 06, 2022 at 11:08:21AM +0200, Niels Kobschätzki wrote: Hi, I have a setup where the spamassassin-servers have actually no access to the data of the mail-servers. Now I was looking into having per user bayes-databases and saw that I can do that

Re: Spamassassin with Galera as SQL-Backend?

2022-05-06 Thread Henrik K
On Fri, May 06, 2022 at 11:08:21AM +0200, Niels Kobschätzki wrote: > Hi, > > I have a setup where the spamassassin-servers have actually no access to the > data of the mail-servers. Now I was looking into having per user > bayes-databases and saw that I can do that with a SQL-database. I have alre

Spamassassin with Galera as SQL-Backend?

2022-05-06 Thread Niels Kobschätzki
Hi, I have a setup where the spamassassin-servers have actually no access to the data of the mail-servers. Now I was looking into having per user bayes-databases and saw that I can do that with a SQL-database. I have already a small galera-cluster and I wonder if spamassassin will work with it

Re: SPF skipped for whitelisted relay domain

2022-05-06 Thread Benny Pedersen
On 2022-05-06 05:35, Kevin A. McGrail wrote: Hi Alex, sometimes I see this when the envelope from doesn't match the header from. So what you think might pass SPF does not. That's my only guess from looking at the example you posted. That example looked like it would work perfectly. we wait for

Re: SPF skipped for whitelisted relay domain

2022-05-06 Thread Matus UHLAR - fantomas
On 05.05.22 18:01, Alex wrote: I'm trying to understand why some domains are not whitelisted even though they pass SPF and are in my local welcomelist_auth entries. I'm using policyd-spf with postfix, and it appears to be adding the following header: X-Comment: SPF skipped for whitelisted relay