There are similar mailings for other kinds of "customers". MongoDB
customers, MariaDB Users, SugarCRM users, Unix Software users.
I have a bunch of rules against them. If I send samples they won't make
it through our filters.
On 4/03/2023 19:05, Benny Pedersen wrote:
Hello,
I would like
is rumored to have said:
On 11/11/22 9:09 AM, Bert Van de Poel wrote:
- IP/CIDR lists like the one you mention, but also lists like Stop Forum Spam
(https://www.stopforumspam.com/) I cron fetch then add to an ipset with a DROP
(which is quite similar to what others are suggesting).
Stop Forum
I've been dealing with IP blocklists using two other methods before
email even reaches SA:
- In postfix my smtpd_recipient_restrictions includes "reject_rbl_client
zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
I think what Noel is referring to is Postfix configuration like this for
example:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client
zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo
On 11/07/2022 15:44, Matus UHLAR - fantomas wrote:
On 11.07.22 12:57, Bert Van de Poel wrote:
A few times a month we have spam messages getting through, often in
German, that have some spam score but not enough to be
marked/discarded. Always these messages are marked by DCC, since
they're
, FSL_BULK_SIG=0.029,
HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_IMAGE_RATIO_04=0.001,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, PYZOR_CHECK=1.985,
SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.652, T_SCC_BODY_TEXT_LINE=-0.01]
What's people's opinion here?
Kind regards,
Bert Van de Poel
ULYSSIS
sorry.
I wasnt aware of that I do not need to run spamd beside amavis 若
Thanks for all your help.
Timo
Am 2022-06-02 20:18, schrieb Matija Nalis:
On Thu, Jun 02, 2022 at 02:47:28PM +0200, Bert Van de Poel wrote:
For the errors about nonexistent uses you will want to have a
elper-home-dir -s /var/log/spamassassin/spamd.log
But process is already running under root:
Am 2022-06-02 15:13, schrieb Bert Van de Poel:
For the error: does the spamd user actually exist? that's a
requirement of course.
I've always controlled SA loglevels through amavis, but from the
basis
CRON=1
Am 2022-06-02 14:47, schrieb Bert Van de Poel:
For the errors about nonexistent uses you will want to have a look at
/etc/default/spamassassin I'm guessing.
For the info messages: this has just got to do with your logging
level. You will want to decrease it in local.cf or maybe also in t
For the errors about nonexistent uses you will want to have a look at
/etc/default/spamassassin I'm guessing.
For the info messages: this has just got to do with your logging level.
You will want to decrease it in local.cf or maybe also in the default file.
On 2/06/2022 14:33, Timo Brandt
If you want to save on memory usage, just having amavis filter out exe
files or exe-like files (screensavers, exes in archives, etc.) is much
more efficient than using clamav. Of course this doesn't filter out
Office macros/OLE, but there's a plugin in SA related to that, I believe.
On
Hi everyone,
I just noticed we had two email servers complain last night after
running sa-update about a regex problem:
/etc/cron.daily/spamassassin:
config: invalid regexp for __URI_TRY_3LD
You can find the email we received from them here
http://paste.debian.net/1223611/ (just the body, idk if anyone also want
headers)
Must admit I thought it was a scam, just because it was its own domain,
out of the blue and as many have mentioned unsolicited.
Bert
On 15/12/2021 19:24,
DNSWL is a whitelist for mailservers. So the tests based on that use the
IP that handed your trusted_networks the email.
Several tests are based on the transmitting server instead of just the
email contents, since contents can be convincing or not, if the server
is notorious for sending spam
54, Henrik K wrote:
On Wed, Sep 22, 2021 at 10:45:43AM +0200, Bert Van de Poel wrote:
I hope I'm not passing on too much of a negative message. It would be great
of someone had a look at the Bayes autolearn code. I think it would be a
great service to the community!
The fact is that there really
I think having a look at the code itself is a good idea. I'm not sure if
it's up-to-date but you can find some information on
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/DevelopmentStuff
I've found that just reporting issues on SA's bugzilla is completely
useless since it's just
By default any PHP script that's sending an email will contain
X-PHP-Originating-Script on several Linux distros, even though it's not
the official default (see
https://www.php.net/manual/en/mail.configuration.php , one of the first
Google results). It's a pretty common occurrence to see that
SpamAssassin has plugins for PhishTank and OpenPhish. I would suggest
you submit the link to them.
You can also reach out to the domain provider, hosting provider(s) and
other companies involved.
On 30/06/2021 21:51, Alex wrote:
Hi,
Would anyone like to help me block this office phish? It
Dear Bowie,
I'm afraid this really isn't a question for this email list, since it
has nothing to do with SpamAssassin.
However, to not just send you off with nothing: IP reputation plays a
big role for Google. If you're hosted by a provider like OVH, that seems
to serve lots of
We've started getting lots of spam with emoji in the subject too the
past few weeks, so I've looked into this as well. As mentioned by RW,
you would need to create some kind of UTF8 regex header Subject rule. As
I'm not too excited about writing such a regex, it's way at the bottom
of my todo
if you consider there are more based on my
issue, as well as to give support, write suggestions or submit patches
on the bugs I have already filed.
Kind regards,
Bert Van de Poel
On 10/05/2021 06:41, Loren Wilton wrote:
so you don't have points from body rules.
your mentioned URI_DEOBFU_INSTR
sts, then feel free to let me know.
Kind regards,
Bert Van de Poel
ULYSSIS
wrote:
On 28.05.20 15:32, Bert Van de Poel wrote:
Almost all of the email we process are forwarders. It doesn't really
make sense for us to do a non-global bayes db. The large majority of
email we process is also for a uniform group: student organizations
at our local university.
you have
:
On 28.05.20 13:38, Bert Van de Poel wrote:
We're using a global bayes_path defined in local.cf:
This is your problem imho.
if you use amavis, you need no bayes database, but amavis users',
i guess in /var/lib/amavis/.spamassassin/
On 28/05/2020 10:18, Matus UHLAR - fantomas wrote:
On 25.05.20 23:34
the amount of false positives (and
contacting users who seem to have broken cronjobs that confuse bayes)
before taking away the artificial scores. We wanted to clear up our
sa-compile cronjob error.
On 28/05/2020 10:18, Matus UHLAR - fantomas wrote:
On 25.05.20 23:34, Bert Van de Poel wrote
this?
On 26/05/2020 00:45, RW wrote:
On Mon, 25 May 2020 23:34:27 +0200
Bert Van de Poel wrote:
My question therefore specifically is: what exactly does sa-compile
do to the bayes database files?
I don't know for sure, but it's probably just a side-effect of
initializing plugins. Possibly it's
is rather obvious, we'd first want to understand what sa-compile is up to.
Kind regards,
Bert Van de Poel
ULYSSIS
inted here. So uhm, any suggestions or pointers are more than welcome.
Not too sure if any more information is required, but feel free to ask
questions or corect my presumptions if necessary.
Kind regards,
Bert Van de Poel
ULYSSIS
University of Leuven
28 matches
Mail list logo