search only in the text
and/or html representation of a message?
Cheers
tobi
> If I only had a ready-made list of those important domains.
If you filter for customer domains then maybe (depending the customer
domain) adding the customer domain to spf checks is worth a look too.
On 11/11/20 6:29 AM, Victor Sudakov wrote:
> John Hardin wrote:
>>
>>> Moreover, after reading
uot;ch.com" which seems to be a chinese news page or something
like that.
Its hard to explain to a customer that a URI domain he did not use in
the message lead to a hit on blocklists lookup ;-)
Cheers
tobi
(the
expanded version) "ch.com" was checked on uribl lists.
Cheers
tobi
On 11/7/20 8:04 PM, John Hardin wrote:
> On Sat, 7 Nov 2020, RW wrote:
>
>> On Sat, 7 Nov 2020 10:05:21 -0800 (PST)
>> John Hardin wrote:
>>
>>> On Sat, 7 Nov 2020, RW wrote:
ah understand, should have better checked what SA really adds to domain
list. So both versions are checked. Just bad luck if the expanded
version of the uri domain (ex ch.com) has a blacklisting at uribl or
spamhaus ;-)
But that's another story
Have a good weekend
tobi
On 11/6/20 5:42 P
sts.
Sorry but that imho is a bug that should (better must) be fixed :-)
Cheers
tobi
On 11/6/20 5:10 PM, RW wrote:
> On Fri, 6 Nov 2020 15:40:31 +0100
> "Tobi wrote:
>
>> Hi list
>>
>> we currently see the following "issue" where SA does append .com TLD
an "www" does not trigger that behavior. So ftp.ch
get correctly queried as ftp.ch and not ch.com
We use SA 3.4.4
SpamAssassin Server version 3.4.4
running on Perl 5.16.3
with SSL support (IO::Socket::SSL 1.94)
with zlib support (Compress::Zlib 2.061)
Is that a bug or intended?
Cheers
tobi
7;Reply-To:addr' );
Cheers
--
tobi
Henrik,
thanks a lot, can confirm your fix works in my tests :-)
Cheers
tobi
Am 28.11.19 um 11:09 schrieb Henrik K:
>
> Fixed:
> http://svn.apache.org/viewvc?view=revision&revision=1870552
>
> On Thu, Nov 28, 2019 at 11:29:19AM +0200, Henrik K wrote:
>>
>> Tru
s based on that tags are run. Removing the lines from pm and debug
shows that the tests are **not** run anymore.
So I somewhat doubt that the set_tag "code is redundant and should be
removed" :-)
Using: SA 3.4.2 on centos7 / perl 5.16.3
Cheers
tobi
Am 28.11.19 um 08:36 schrieb Henrik K:
and not in any other filter software ;-)
Cheers
tobi
Am 27.11.19 um 18:30 schrieb Benny Pedersen:
> On 2019-11-27 17:56, Philipp Ewald wrote:
>
>> we only want to trust "X-Spam-Flag: YES" or why should someone
>> (spammer, other mailserver with outgoing spamfil
remote.
Cheers
tobi
Am 27.11.19 um 17:56 schrieb Philipp Ewald:
> Hi Tobi,
>
> we only want to trust "X-Spam-Flag: YES" or why should someone (spammer,
> other mailserver with outgoing spamfilter) set this Flag to Yes?
>
> but like RW wrote:
>> If you want
all?
Cheers
tobi
Am 26.11.19 um 14:06 schrieb Philipp Ewald:
> Hi guys,
>
> i want to bypas scanning mail if mail has already X-Spam-Flag: YES set.
> I found "clear_headers" in "/usr/share/spamassassin/10_default_prefs.cf".
>
> how can i override this setting?
dns rule
From my point of view it would be very nice to have these two tags set
by default
Cheers
tobi
Am 27.11.19 um 16:18 schrieb Kevin A. McGrail:
> After a 10 minute or so study of the issue and comparing 3.4 and trunk,
> it definitely looks like the code is missing. I am not 100%
eper
reasons to not set the tags?
If no deeper reasons exist it would be nice to have those two tags set
as default in PerMsgStatus.pm
Cheers
--
tobi
ote:
>> On 4 Oct 2019, at 3:36, Tobi wrote:
>>
>>> Hi list
>>>
>>> is there any doc where one can find a list of supported DNS query
>>> templates?
>>
>> What does that even mean???
>>
>> SpamAssassin does many different sorts of
Hi list
is there any doc where one can find a list of supported DNS query
templates? I mean except grep-ing through the whole source code? ;-)
Cheers
tobi
s report as they
contain customers personal details.
--
tobi
Thanks for pointing it out. Sorry did not get it in first point.
Changed the regex in the rule to expect the scheme too and now we get
the expected hits again.
Just one thing. Does this mean that email addresses found in body always
have a scheme (mailto://) too?
Thanks for your help and have a go
Am 25.03.19 um 15:18 schrieb Henrik K:
> On Mon, Mar 25, 2019 at 03:00:30PM +0100, Tobi wrote:
>
> You are matching "any uri" and expect it to be "reliable"? Perhaps consider
> first what you are trying to accomplish. Your way will match mailto: and
> st
to
1. But set it to 0 in local.cf does not change anything. URI is still
taken from dkim header
Cheers
tobi
Am 25.03.19 um 13:25 schrieb Henrik K:
> On Mon, Mar 25, 2019 at 12:09:32PM +0100, Tobi wrote:
>> Hello
>>
>> we're running spamassassin 3.4.2 and have the i
hit: "e"
Not sure to call it a bug or a feature but imho there should be no URI
found in a dkim header :-)
Regards
tobi
Hi
I checked the first message on my SA and found multiple hits on
__SCC_SHORT_WORDS rule which resulted in hits on the metas
* 1.0 SCC_10_SHORT_WORD_LINES 10 lines with many short words
* 1.0 SCC_5_SHORT_WORD_LINES 5 lines with many short words
* 1.0 SCC_20_SHORT_WORD_
URIBL_DOMAIN_FU eval:check_uridnsbl('URIBL_DOMAIN_FU')
score URIBL_DOMAIN_FU 200
where domains will be listed after too many entries in fullhost table.
Cheers
tobi
Am 19.02.2018 um 16:14 schrieb Benny Pedersen:
> Tobi skrev den 2018-02-19 14:43:
>
>> no n
Am 19.02.2018 um 14:25 schrieb Benny Pedersen:
> Tobi skrev den 2018-02-19 11:45:
> add one more askdns to compensate on _URIDOMAINS_
>
no need for this as that case is covered by sa urirhssub queries.
I needed a way to perform www.sub.domain.tld AND domain.tld queries o
Am 19.02.2018 um 15:04 schrieb Benny Pedersen:
>
> yep got it, so if you only use URIHOSTS how do you know it does not miss
> in URIDOMAINS ?
I do not only use URIHOSTS but also a rhs lookup for just the domain.
So I have both bases covered :-)
Am 19.02.2018 um 14:25 schrieb Benny Pedersen:
> Tobi skrev den 2018-02-19 11:45:
> add one more askdns to compensate on _URIDOMAINS_
>
no need for this as that case is covered by sa urirhssub queries.
I needed a way to perform www.sub.domain.tld AND domain.tld queries o
seems to be the solution for
me :-)
Cheers
tobi
Am 17.02.2018 um 12:52 schrieb Tobi:
> Hi Daniele (this time onlist, sorry for offlist I have a stupid mobile client
> when it comes to replies to lists)
>
> thanks a lot for your reply. As I'm really not the perl coder I think I w
lp if one want to perform rh
lookups and fulluri lookups on the same uri found?
Any chance that sa in future will support a urifullsub method to lookup
fullhost of an uri?
Cheers
Tobi
- Originale Nachricht -
Von: Daniele Duca
Gesendet: 17.02.18 - 09:04
An: jahli...@gmx.ch,
Am 15.02.2018 um 02:35 schrieb @lbutlr:
> On 2018-02-14 (09:55 MST), Tobi wrote:
>>
>> Am 14.02.2018 um 17:16 schrieb @lbutlr:
>>> I can't imagine why i'd be over limit, my mail server is tiny.
>>
>> its not the mailserver that got blocked by limits
8) you can hit the limits quite fast depending on how many other
users use the same resolver for their uribl queries.
I recommend to setup a local resolver (unbound or something similar) and
use that resolver for your mailserver(s).
Cheers
tobi
Not 100% sure about 168.100.1.4 ip but the 168.100.1.3 ip is used by the
official postfix mailinglist. Pretty sure they should not be removed from dnswl
:-)
- Originale Nachricht -
Von: David Jones
Gesendet: 24.01.18 - 03:26
An: users@spamassassin.apache.org
Betreff: Re: Pretty good sp
Use spamassassin -D
Gesendet: 07.01.18 - 16:26
An: users@spamassassin.apache.org
Betreff: dns-blocklist aren't used but should be
> Hi.
>
> For work I am investigating an issue where none of the dns blacklists
> are used.
> We are using the current spamassassin version and also current version
>
least from what I see in
my gmail mails) the first smtp received header without a private ip address is
the one that handsoff to gmail aka the one to feed to sa
Chees
tobi
- Originale Nachricht -
Von: David Jones
Gesendet: 11.12.17 - 17:27
An: users@spamassassin.apache.org
Betreff: Re: F
ALL_TRUSTED should fire if msg is only transported via trusted hosts, so
you can do && !ALL_TRUSTED
But would it not be better to not accept such messages in first place
and reject them on your border mta?
Am 27.11.2017 um 13:57 schrieb Ralf Hildebrandt:
> How can I distinguish my internal network
ssassin somehow concatenate the values of headers with the
same name so the regexp does not match "/^clean$/i" anymore?
Cheers
tobi
I currently add bayes token information and relay information as headers to
each msg processed. Especially relay information can be helpful ex if you have
a script that parses received headers. With such headers thats much more easy,
just look for the first untrusted hop
defining own ones.
Will do it this evening
Cheers
tobi
- Originale Nachricht -
Von: Alex
Gesendet: 08.07.2017 - 05:05
An: jahli...@gmx.ch, SA Mailing list
Betreff: Re: Random word spams and wiki spams
> Hi,
>
>> Without that rule it might have flown below my sa-radar.
>> G
> typo?
Ups thats a c&p error :-)
I score the HAS_LIST_ UNSUB with 0.1 As I need this test to show up in sa
headers for my dovecot sieve rules to act upon, therefore I cannot use __RULE.
I'll check the built in rules to ensure that I do not reinvent the wheel :-)
Cheers
tobi
---
plugin:
https://github.com/eilandert/Botnet.pm
and with the built in rules MIME_BASE64_TEXT and FROM_EXCESS_BASE64. As
well RCVD_DOUBLE_IP_SPAM hit on that sample
Regards
tobi
afaik updates.spamassassin.org does not need to be resolvable
The two important records for updates exist and resolve:
$dig mirrors.updates.spamassassin.org txt +short
"http://spamassassin.apache.org/updates/MIRRORED.BY";
$dig 0.4.3.updates.spamassassin.org txt +short
"1799552"
Am 06.07.2017 um
Problem solved :-)
After changing the urirhssub lines to
urirhssub XXX_RCVD_MY_URIBL_DOMAIN multi.mydomain.tld. A
127.0.0.16
urirhssub XXX_RCVD_MY_URIBL_HOSTmulti.mydomain.tld. A
127.0.0.24
only the XXX_RCVD_MY_URIBL_DOMAIN check fires
Regards
tobi
Am
A
;; ANSWER SECTION:
kelasalbaghdadi.com.multi.mydomain.tld. 6052 IN A 127.0.0.16
There is no mention of 127.0.0.24 which would be required for
XXX_RCVD_MY_URIBL_HOST to fire.
Any idea how to avoid that both checks fire up? Did I mess something up in
config?
Thanks for any idea on how to solve that
tobi
43 matches
Mail list logo