El vie., 3 may. 2019 a las 11:13, user321 () escribió:
> Any reason why SA is checking for SPF against envelope from not the header
> from?
>
> This is what SPF is made for
>
> cheers
> user
>
>
>
> --
> Sent from:
> http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html
>
Hi,
this is a logcould you paste the email headers?
cheers
El mar., 27 nov. 2018 a las 22:57, Rick Gutierrez ()
escribió:
> El mar., 27 nov. 2018 a las 16:22, David Jones ()
> escribió:
>
> >
> > Can you send a copy of the original email lightly redacted via pastebin
> > so I can run it thr
"Can´t locate" and "permission denied" seems to be a directory permission
issue
2018-04-18 14:03 GMT-03:00 Rainer Dorsch :
> Hello,
>
> I have a strange problem when reporting spam using spamassassin -rD
>
> I monitor an imap directory using inotifywait:
>
> inotifywait --monitor --quiet --event
2017-02-16 11:49 GMT-03:00 David Jones :
>
>
> Many of the SMTP sending software that my customers
> use are not full MTAs with queuing capabilities so some email
> would be lost if I rate limited. I also have stupid mail sending
> devices like scanners/copiers that could get lumped in with
> oth
Why not rate limiting? I think everyone is doing itI do...
Cluebringer quotas can track one to one, one to many and many to one
(botnets) in both directions (as sender or recipients)
2017-02-16 11:21 GMT-03:00 David Jones :
> >From: Christian Grunfeld
> >Sent: Thursday, Febru
Are you using postfix as MTA? I use cluebringer suite which has a lot of
functionality (spf checks, helo checks, greylist and quotas)
Quotas are fully configurable by tracking inbound and outbound trafic by
ip, sasl user, etc
2017-02-16 9:44 GMT-03:00 David Jones :
> >From: Axb
> >Sent: Thurs
fail2ban with custom filter.
2016-10-27 10:38 GMT-03:00 Nicola Piazzi :
> This script can be used if you have mailscanner in mysql database that
> record results of spamassassin activity and postfix as mta
>
>
>
>
>
>
>
>
>
>
>
>
> # postban.sh
> # Temporary Ban SpamOnly Ip
> # --
What you are trying to do is to identify a source of messages by its
entropysupposed the entropy of a ham source is distinguishable from a
spam one...
2016-08-22 13:48 GMT-03:00 Antony Stone <
antony.st...@spamassassin.open.source.it>:
> On Monday 22 August 2016 at 18:00:35, Marc Perkel wrote
not only relayed spam ...gmail is also throttling legit forwarded email.
It is a per IP quota, and all trafic seen from a single IP beyond their
thresholds is delayed (spam or not)
2015-07-07 10:50 GMT-03:00 Dave Funk :
> On Mon, 6 Jul 2015, Alex wrote:
>
> Hi,
>>
>> We have a system with a few
when you run bayes in SQL and does sa-learn --username it will not try to
setuid to that user (in a real system user scenario it will fail for non
existent users). Instead it uses that username to save and recall data from
database. Due to forged addresses your system treat any originating address
"It would be very rare, and if so you would ever more rare CC the
entire list of addresses on your spam message - sure this was a lot more
common in years gone by, but I've not seen any such evidence of it in
almost 10 years, and if you did, well, that's not my problem, its the
problem of your
".if *anyone* sends *anything* to that address it is unsolicited mail -
spam, so that IP sender is blacklisted and placed in a DNSBL as well
because there is no possible legitimate reason to send to that address
ït is not really true. If a spammer sends to a list of addresses and among the
probably the same time it took to ipv4 become exhausted !
2014-11-27 3:59 GMT-03:00 John Wilcock :
> Le 26/11/2014 19:56, Christian Grunfeld a écrit :
>
>> even /64 DNSxLs will be expensive !
>> /64 lists will have 2^32 times more entries than IPv4 lists.
>>
>
>
even /64 DNSxLs will be expensive !
/64 lists will have 2^32 times more entries than IPv4 lists.
2014-11-26 15:45 GMT-03:00 Franck Martin :
>
> On Nov 26, 2014, at 10:19 AM, Matthias Leisi wrote:
>
>
>
> On Wed, Nov 26, 2014 at 6:05 PM, Franck Martin
> wrote:
>
>
>> As for /64, yes there are h
if you choose "IMAP movement", when users marks as spam/ham messages
are moved to special folders where system learns from.
if you choose "report by email" messages reported as spam/ham are sent
to special catchall accounts.
2012/10/16 Christian Grunfeld :
> I sai
I said it is possible moving messages by IMAP or by email reporting
. and not possible moving messages at filesystem level (in the
case webmail is separate from mail server)
Plugins can do all of them. You have to choose what fit best for you.
2012/10/16 mgia :
>> roundcube and many others h
roundcube and many others have plugins that can move messages by IMAP,
at filesystem level (not usefull if frontend is separate from
mailboxes) and by "report by mail"
2012/10/16 mgia :
> Hi,
>> How do you spread transport, recipients mailboxes and web client
>> between your servers?
>>
>> if you
How do you spread transport, recipients mailboxes and web client
between your servers?
if you have SMTP and recipient mailboxes in one box you have to filter
only there !
2012/10/15 mgia :
>> which server is in charge of content filter? both of them?
> Yes, both of them.
>
>
which server is in charge of content filter? both of them?
2012/10/15 mgia :
> Hello list,
>
>
> Since the mail server and the web mail frontend are located in different
> servers I was wondering how I sync 2 Spamaassassin databases?
>
> Thank you.
>
> -
> mgia
>
>
>
Hi,
do you have per virtual user Bayes training? or sitewide virtual user?
Because I have a setup like yours and everything goes fine ! In my
setup users move by hand to spam folder FNs and retrieve from spam
folder to inbox FPs ! When they make that movements a script copies
those spam/ham to a s
Bayes in MySQL works great for my with only one user !
In my previous setup with per user bayes in mysql was a mess !
Cheers
Christian
2011/12/21 Robert Schetterer :
> Am 21.12.2011 15:39, schrieb Marc Perkel:
>> I've been trying for a long time to get bayes/mysql to actually work.
>> Running a d
> 2011/11/24 Noel Butler :
>> its up to them if they want to or not, the spam folders have very little
>> in
>> them here because of our approach, and in our tests we have had
>> 0.0001%
>> of FP's in that, which is really good.
>
> 0.0001% is 1 FP over 10.000.000.000 !! 1 over 10 billi
2011/11/24 Noel Butler :
> its up to them if they want to or not, the spam folders have very little in
> them here because of our approach, and in our tests we have had 0.0001%
> of FP's in that, which is really good.
0.0001% is 1 FP over 10.000.000.000 !! 1 over 10 billion mails !
>
> Just to mention two examples, well, the point is that in a lot of spam
> emails the HELO is the same for a lot of different email addresses, so, I
> am trying to block that.
>
> Is there a better way than checking all the header?
>
> @ Christian Grunfeld
>
>
&g
I messed up with english :p
direct and contrapositive and I miss the negation af all
contrapositive is negation and switch the hypothesis and the conclusion
2011/11/24 Christian Grunfeld :
> 2011/11/24 R - elists :
>> i think you are realistically confused about truly "nega
2011/11/24 R - elists :
> i think you are realistically confused about truly "negating something"
>
> english is not your native language is it?
No, it is not ! I am not as good in english as you but I am very good
with maths and logic!
(I want someone jumps over R-elists who tried to discredited
> pardon me for my ignorance, yet if you think about it, the OP's idea is why
> some royalty had food and drink tester / tasters centuries ago
>
> assume all food and drink is poisoned
>
> problem is, if the poison wasnt fast acting, the royalty would ingest it and
> die anyways.
with your logic..
2011/11/24 Benny Pedersen :
> On Thu, 24 Nov 2011 14:36:53 -0300, Christian Grunfeld wrote:
>>
>> what I can summarize reading past 40 emails is:
>
> the world is full of idiots, including me, thats what you say ?
No. I do not treat any people by idiot !
I said what i ve sai
what I can summarize reading past 40 emails is:
* a lot of people on this list would never change their minds. That is
why spammers beat usthey change their minds in all possible ways !
* a lot of people on this list do not tell their users that antispam
systems can fail and they can lose emai
2011/11/24 David F. Skoll :
> Sorry to follow up on myself.
>
> I should mention that our product can operate in a mode whereby it
> holds all mail in the quarantine except from whitelisted senders. We
> also have a "whitelist-people-I-write-to" mechanism, so I guess we
> anticipated the OP's "new
> So you're suggesting that users review 2700-3000 spam messages messages/day
> (depending on how many were already whitelisted) to look for some of those
> 300?
may be you are thinking about that volume per user, not the case!
I have 200-300 users so...1 over 10 ham/spam per user!
> Define "bypass first level"? Are you suggesting that for every 1 ham you
> deliver, you deliver 10 spams into user's mailboxes? Or do you do further
> filtering?
I defined it in the part you did not quote!
First level, MTA level: check helo, sender domain, IP <-> name maps
and also greylists !
2011/11/23 Henrik K :
> 85% of incoming is extremely simple to block with MTA rules (zen, helo,
> dynamic etc). And no FPs to mention. You don't need to count this crap in
> anything.
completely agree on that! I check helo, sender domains, IP <-> names
maps and greylists
> 12% of incoming is r
> Our (commercial) software has a similar feature, not quite as fancy as
> amavisd's, but still pretty useful.
Many things become clear to me now ! Are you an antispam vendor?
No offence but ...now I understand why a "simple" solution makes no
sense to you ! You need a big thing wich wastes a l
2011/11/23 Mark Martinec :
> A concept of 'ongoing conversation' or 'replied to' is implemented as
> a 'pen pals' feature in amavisd, when it is used in place of spamd
> to call SpamAssassin. The idea is to automatically contribute some negative
> spam score points to ongoing conversations - based
> Undoubtedly it is *easier*, just as I can easily eliminate all my spam by
> unplugging the ethernet cable. Just keep in mind this method would only be
> useful for people who already know who they want to talk to.
And that is the big % of what people do or want to do ! most people
wants to comu
> I don't think AWL does with the original poster is describing, but
> implementation would be trivial in the MTA without spamassassin involved at
> all.
>
> If the user expects to receive mail from a limited number of people like
> only their relatives (m...@myhome.com) then this actually might ma
>> If your assumption was true, there was no spam today. If nobody would ever
>> answer to spam messages, there was no reason for spammers to keep spamming.
your assumption is not correct ! Spammers are not there because all
the people answer them ! They are there and send HUGE volumes of mails
be
> If your assumption was true, there was no spam today. If nobody would ever
> answer to spam messages, there was no reason for spammers to keep spamming.
let people who wants spam to answer spam ! if you dont want spam dont
reply. Easy !
There are a lot of people who wants to sell viagra and send
>> *check spam folder always
>
> Well, if I have to do *that*, I might as well not do any filtering at all.
> The whole purpose of anti-spam software is to shield me from spam.
Not 100% correct. Now I always check spam folder, dont you?
Do you advise your people not to check spam folders? Are you
Hi,
I have an idea to discuss here with experts !
What is the main MAIN difference between spam and ham ?
...
...
Answer: spam is "one way ticket" and ham is 99.99% "round trip" !
(legit notifications can be "one way ticket" but you can mark them as
ham later)
What do I mean? you never never ans
> The IP Addresses 1.2.3.4 and 10.20.30.40 are changed by me to protect the
> innocent ;)
> The real IP Addresses are of course not internal.
> 1.2.3.4 and 10.20.30.40 are really 80.*.*.*
yeah, I thought that 1.2.3.4 was the only changed. Private numbers can
appear in mail clients when they are in
ahh, i did not see he touched de IPs :p
2011/11/2 RW :
> On Wed, 2 Nov 2011 12:11:27 -0300
> Christian Grunfeld wrote:
>
>> 10.x.x.x /8 is private by RFC 1918 and shoud not be used to check the
>> legitimacy of a sender
>
> I don't think you can infer muc
10.x.x.x /8 is private by RFC 1918 and shoud not be used to check the
legitimacy of a sender
2011/11/2 Schorny :
>
> Hello Guys.
>
> I have the following problem:
> A User sends an Email to my Spamassasin System and gets flagged as Spam.
> The Email contains multiple received: headers
>
> (IPs and
Yeah, you catch my point !
I think it's easier to find a non-alphanum character than trying to
decode/desobfucate/guess the subject hidden word !
Why do we have to waste resources in trying to guess "Sex Movie" out
of "Se^x M-o ^v ~l e -". If it contains non-char in between chars you
can directl
easier than that !
you dont need to check any ratio at all ... as legitimate mails dont
have non-word characters between characters !
Non spamer people don´t write subjects like that !
Spamers had to do that in order to avoid sex, porn, xxx, viagra
directly in subject (which is more or less easily
Oh I remember ! I did something like your setup but with the use of
amavisd-new !
Amavis does not need spamd nor spamc as it directly uses spamassassin
perl library functions. With amavis you can also set -u and it worked
for me time ago.
Anyway then I move to SQL !
2011/10/16 Christian Grunfeld
> spamd: cannot use --virtual-config-dir without -u
afaik --virtual-config-dir needs -x and not -u.but you are
right ! its at the end of --virtual-config-dir man !
> In my network, users have their home dirs on their local machines (for
> performance) which are automounted to the mail server for purposes of
> spamd accessing their ~/.spamassassin dirs.
>
> This of course fails when a machine is turned off so I want to move
> users' ~/.spamassassin dirs to the
you should be able to check against img src content, right?
2011/10/14 Christian Grunfeld :
> and what about when there is no anchor text in the link ? eg. paypal
> image button
>
>
> 2011/10/14 :
>> Existing rule:
>>
>> rawbody __SPOOFED_URL
and what about when there is no anchor text in the link ? eg. paypal
image button
2011/10/14 :
> Existing rule:
>
> rawbody __SPOOFED_URL m/]{0,2048}\bhref=(?:3D)?.?(https?:[^>"'\#
> ]{8,29}[^>"'\#
> :\/?&=])[^>]{0,2048}>(?:[^<]{0,1024}<(?!\/a)[^>]{1,1024}>){0,99}\s{0,10}(?!\1)https?[^\w<]{1
> Large numbers of spammers use DKIM. We've been under attack for weeks
> now by some outfit who is buying up old, "clean" IP subnets and using it
> to spew their non-pharma, really "clean looking" spam onto us - no
> RBL/SURBL hits for 3-5 *days*, getting scores from 0.5-3.0 - really
> tough - not
> Modifying headers -might- mess up DKIM, gpg, etc sigs (depending upon
> how they were done). Modifying bodies -will- mess up sigs.
I was not specifically talking about dkim signed mails. It is clear
that body rewriting mess up sigs. It is also clear that phishers dont
use dkim ! and if they do y
> SA is a scoring filter, not a modifcation filter. Changing SA to rewrite
> message bodies is, I think most if all will agree, beyond the scope of what
> SA is intended to do, and beyond the scope of what it _should_ do.
it does modify headers, subjectswhy not bodies ?
> Certainly SA should
2011/10/12 Bowie Bailey :
> Please keep list traffic on the list.
sorry but you reply only to me first ! Check it!
> On 10/12/2011 3:25 PM, Christian Grunfeld wrote:
>> I see all genuine (non-spam) mails for subscriptions, checking and
>> activating accounts showing the
>> It certainly seems like it would be very useful. I see there's a
>> __SPOOFED_URL rule, but it's hard to read and doesn't have a description.
>
> This is an issue that comes up on this list occasionally. It sounds
> like a good idea at first, but when you start looking into it, you find
> that
> Rather than tampering with the original mail, surely the solution is to
> clearly detect the mail as spam in the first place so it hopefully never
> reaches the user.
the point is that I dont think it would be a good idea to let SA give
a high score based on an "apparently" missmatch between tex
> It certainly seems like it would be very useful. I see there's a
> __SPOOFED_URL rule, but it's hard to read and doesn't have a description.
where did you find that rule ?
Hi,
I have an idea that I want to discuss with users and developers.
Many phishing mails exploit the bad knowledge of the difference
between real url and link anchor text by simple users. So they show
atractive link text that points to hiden, unrecognized and evil urls.
eg: exe files hiden by pho
59 matches
Mail list logo
