You are seing it yourself. Their e-mails fail SPF allignment, SPF
authentication and DKIM authentication. As a consequence, they fail
DMARC.
The reports I receive pass DMARC with header.from=dmarc.yahoo.com.
Is there a way to capture the offending messages to figure out the
problem ?
if you reject, its rejected
Amavis rejects after DATA and is able to quarantine such mails.
submitters? I looked at a bunch of my reports and they are all MIME_GOOD.
That one was from microsoft.
Ok, I see.
It seems to me that BASE64_LENGTH_79_INF is wrong. It is probably
motivated by RFC5322's "SHOULD be no more than 78 characters, excluding
the CRLF". My Microsoft reports trigger
I find most DMARC reports I receive are flagged as spam by SA.
Which submitters? I looked at a bunch of my reports and they are all
MIME_GOOD.
Do you have any unmaintained or self-maintained SA Plugins (eg CRM114)?
eg change from spamassassin to spamdclient, and then start spamd
does this leave temp files still ?
Note: Look in /tmp then, not in /var/lib/amavis/tmp
i don't belive debian is more helpfull
reinstall gives same problem as you have now
FWIW, I cannot reproduce the issue either on (Debian bookworm with
standard packages) or (Debian bullseye with SA4 from CPAN), so it is not
categorically broken.
/var/lib/amavis/tmp/ CREATE .spamassassin17
In debian11 with spamasassin-4.x
root@amavis-4:~# su - amavis
$ perl -Mv5.14 -MFile::Spec -e 'say File::Spec->tmpdir'
/tmp
In debian11 with spamassassin-3.4.x
root@amavis5:~# su amavis
$ perl -Mv5.14 -MFile::Spec -e 'say File::Spec->tmpdir'
/tmp
Nevermind, Debian's amavis actually defines TMP
For test I downgrade one spamassassin from 4.x to 3.4.6 and problem
not exists
Hm, I don't see any significant code-difference regarding tempfiles.
any idea ?
root@a48c6a1d5fb0:~# sudo -u amavis perl -Mv5.14 -MFile::Spec -e 'say
File::Spec->tmpdir'
/tmp
What output do you get?
# __SA4 injected inside amavis via $suppl_attrib->{rule_hits}
meta SA4 __SA4
score SA4 1
describe SA4 dummy
yields
SA dbg: rules-all: unrun dependencies prevented meta SA4 from
running: __SA4
The above is slightly misleading, even in SA3 one had to predeclare a
default via
meta __SA4 0
me
Should be fixed in rc4.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8060
There remains a bug in the context of $suppl_attrib.
# __SA4 injected inside amavis via $suppl_attrib->{rule_hits}
meta SA4 __SA4
score SA4 1
describe SA4 dummy
yields
SA dbg: rules-all: unrun dependencies preve
But no line für SA4TA3 and no report or final score.
Same on Debian bookworm:
root@91d4e83fb538:/# cat /etc/spamassassin/70_meta_undefined.cf
meta __SA4TA3_1 6
meta __SA4TA3_2 2
meta SA4TA3 (__SA4TA3_1 > 2) && (__SA4TA3_2 > 1)
score SA4TA3 0.1
describe SA4TA3 dummy
root@91d4e83fb538:/# s
invalid regexp for __URI_TRY_3LD
'm,^https?://(?:try(?!r\.codeschool)|start|get(?!\.adobe)|save|check(?!out)|act|compare|join|learn(?!ing)|request|visit(?!or|\.vermont)|my(?!sub|turbotax|news\.apple|a\.godaddy|account|support|build|blob)\w)[^.]*\.[^/]+\.(?Variable length lookbehind is experimental
>> Please convert all source code to ASCII. If it fails to compile,
then it may have a trojan hiding in Unicode clothing.
>Instructions unclear.
CVE 2021-42574
It remains unclear (to me). What source code should spamassassin-users
convert? Attached source code in emails? How should they conv
Please convert all source code to ASCII. If it fails to compile, then it may
have a trojan hiding in Unicode clothing.
Instructions unclear.
I don't know about AskDNS, but this technique works with stock spamhaus rules
via spamhaustech. I have a local spamhaus.net zone with a DNAME record as their
nameservers block me anyway.
You could try with an invaluement.com zone at least temporarily as a comparison
to AskDNS.
That is indeed v1.0.1
> It's old, 20190704
What version of spamassassin-dqs do you run?
Make sure it is at least v1.0.2, i.e. has the rdns chop [1] in the module.
> Here's the message complete with body - https://pastebin.com/CW7Vj7Yh
> This written to my syslog - https://pastebin.com/M12PS1fK
[1] https://github.com/spamhaus/spamassassi
> Here's a well researched and documented article from a medical
> journal on the topic with expert citations:
> https://jmla.pitt.edu/ojs/jmla/article/view/490 The abstract says it
> very well: "This commentary addresses the widespread use of racist
> language in discussions concerning predatory p
> Am 03.05.20 um 13:24 schrieb Damian:
>>>> It might be worth posting on the postfix users list about the benefits
>>>> of a dqs account; I use it with postscreen and smtpd to good effect.
>>>
>>> I thought about that, but there are some issues I thin
>> It might be worth posting on the postfix users list about the benefits
>> of a dqs account; I use it with postscreen and smtpd to good effect.
>
> I thought about that, but there are some issues I think.
There is another generic benefit: It might be the only alternative to
access ZEN when spam
So this must have been an old version of the file, the current regex is
quoted. Also Stretch has backported 3.4.4 fixes, but maybe Philipp did
not include debian-security sources?
> The error can only happen if there was unquoted $ in regex.
>
> header __ZMIfish_ForgedBill01 Message-ID =~ /$Blat.
That is strange. Do you have a copy of that file? Is it identical to
[1]? What exact SA codebase is this; linux-distribution package, CPAN,
other?
> Feb 5 14:19:46.438 [6998] warn: (Global symbol "$Blat" requires
> explicit package name (did you forget to declare "my $Blat"?) at
> /etc/spamassas
Can you provide an .eml that will reproduce the hit with a manual
spamassassin invocation?
> i have a mail with REPLYTO_WITHOUT_TO_CC=1.552 but in Mail Header
> there is a "To" why does this rule hit?
>
> From: "Kreditkarte"
> Reply-To: "Kreditkarte"
> To: u...@another.tld
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7785 maybe?
> I am running SA3.4.3 and I noticed that I am scoring DKIM_INVALID on
> pretty much each and every email handled by the MTA. However, if I take
> the raw .eml and pipe it through spamassassin -t -D, I receive a
> DKIM_VALID score.
>
> Key to the issue is I fail to see how the highly intrusive security work
> done for 3.4.3 can possibly be backported.
The Debian patches for CVE-2018-11805 and CVE-2019-12420 onto 3.4.2 are
roughly 100kb in size.
> whitelist_from *.powersystemsdesign.com
>
> sender is: newslet...@powersystemsdesign.com
Your whitelist entry expects a literal dot before the second level
domain. Try *@powersystemsdesign.com
> I use debian, and it uses GPG signatures. so I understand that sha-1
> issue even less
Which release do you worry about? Even oldoldstable is at 3.4.2, which
should be fine according to
> If you do not update to 3.4.2 or later, you will be stuck at the last
> ruleset with SHA-1 signatures.
Please ignore, this was a problem on layer 8.
This is the first time I am running an RC, so excuse my probably silly
question. An sa-update throws many warnings of this kind:
config: configuration file
"/tmp/.spamassassin27782TUBmbytmp/72_active.cf" requires version
3.004003 of SpamAssassin,
This is the first time I am running an RC, so excuse my probably silly
question. An sa-update throws many warnings of this kind:
config: configuration file "/tmp/.spamassassin27782TUBmbytmp/72_active.cf"
requires version 3.004003 of SpamAssassin, but this is code version 3.004004. Maybe you
n
You need to quote the slashes between the type and the subtype.
> mimeheader PFSA_CONTENT_TYPE Content-Type =~
> /[0-9]{8,}\.xls|.*\.js|\.cab|image/png:\sname.*\.zip/i
> mimeheader PFSA_MACROENABLED Content-Type =~
> /^application/msword$|macroEnabled/i
Am 23.12.18 um 02:35 schrieb RW:
>> The purpose of expiration seems to be a practical one, we don't want
>> the BayesStore grow too much. But is there a conceptual counterpart?
>> One such concept could be:
>> Maintain the store as if it were trained from scratch with spam and
>> ham mails up to N
mail-sample set that can lead to said state via
training. Can such state still lead to statistically valid conclusions?
Can both implementations be correct?
Damian
Am 21.08.2016 um 18:47 schrieb Marc Perkel:
> Actually - you can match an infinite set. And maybe this is what it's
> hard for some people to wrap their head around.
>
> Suppose set A contains 2 items, apples and oranges.
> So we define set B as everything in the universe that is not in set A.
>
Thanks for everyone's feedback. Once I receive the actual paperwork and talk to
their legal firm I'll let everyone know the results.
Regards,
Damian
-Original Message-
From: Charles Gregory [mailto:cgreg...@hwcn.org]
Sent: Thursday, July 16, 2009 6:26 AM
Anyone else being sued by Southwest Technology Innovations regarding spam
filtering? It's odd that they would name my old company (Workgroup Solutions)
since they have very few installations (2 person reseller) compared to the
others named. Any opinions or feedback?
http://www.faqs.org/patents/
ot;
via package "Mail::SpamAssassin::Plugin::PDFinfo" at (eval 70) line 1.
Thanks,
Damian Mendoza
Workgroup Solutions
15 Sembrado
Rancho Santa Margarita, CA 92688
949 713-7250
Developers of the eMail Archive Appliance and Software -
http://www.emailarchive.us <http://www.emailarchive.us/>
header
Any ideas ?
Thank you all in advance
- Damian
We sell BrightMail to customers that want a "Commercial"
antispam solution and have deep pockets to pay a yearly subscription. We build
SA based solutions (http://www.spamgate.us)
for customers that want a "low-cost" antispam solution.
Regards,
Damian
From: Gr
`null', `bounce')dnl
Regards,
Damian Mendoza
http://www.spamgate.us
-Original Message-
From: Dave Duffner - NWCWEB.com [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 26, 2004 8:57 AM
To: 'Eric W. Bates'; 'Pierre Thomson'
Cc: users@spamassassin.apache
l.cf though.
christof
--
Christof Damian
[EMAIL PROTECTED]
t the moment to score+2 all the silly
game and joke executeables which I get sent.
ClamAV filters the virii of course.
christof
--
Christof Damian
[EMAIL PROTECTED]
42 matches
Mail list logo