On 7/22/2010 11:07 PM, Matt Kettler wrote:
> On 7/22/2010 10:32 AM, Eric A. Hall wrote:
>> If the current code is intended, I'd like to request a new function call
>> that tells if the tuple exists and the number of times it has been seen
>
> For what purpose? (N
ule doesn't fire unless
the conditions are met
--
Eric A. Hall http://www.eric-a-hall.com/
Network Technology Research Grouphttp://www.ntrg.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
when corrective scoring occurred.
Is this a bug? or should the text be changed?
If the current code is intended, I'd like to request a new function call
that tells if the tuple exists and the number of times it has been seen
--
Eric A. Hall http://www.eric-
On 2/18/2008 5:50 AM, Justin Mason wrote:
> Eric A. Hall writes:
>> I sometimes get SVN notifications that contain lists of files and their
>> status. The filenames will often get picked up by the URI matching
>> algorithm, each of which end up being processed thr
needs to be smarter.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
ility scoring systems.
for those of us that can afford this approach it works very well. I'm
sorry you can't, but that's not our fault.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
nvalid commands,
invalid recipients, etc), but otherwise it just looks for the spam score
and if its too high the transfer is rejected.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
ve updated the rules and added more comments to explain the
prerequisites at http://www.ntrg.com/misc/spamassassin/stranger_gifts.cf
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 7/14/2007 3:49 PM, Eric A. Hall wrote:
> Like other folks I've been getting hit with the PDF spam pretty hard. I
> think the way to solve this and the image spam in general is to do a
> plugin that does two things:
>
> 1) looks in the message to see if there is a binar
es: meta test SARE_HEAD_SUBJ_RAND has undefined dependency
'SARE_HEAD_XAUTH_WARN'
[10637] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency
'X_AUTH_WARN_FAKED'
don't feel bad, I had some broken ones myself :)
--lint probably ought to be extended to cat
27;ve got on my to-do
list for future development.
The big problem is that there is no real standard and every MTA records
the details differently.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
n
3) if (1==true) && (2==false) fire a score
I've been meaning to adapt my SAGREY plugin [1] for this but have not had
time and may not have time for a while yet, so I thought I'd throw this
out there to see if anybody else is interested in doing it
[1] http://www.ntrg.com/m
wing will either work or get you close:
header L_MILTER_GREY X-Greylist =~ /^Sender succeeded SMTP Authentication/
score L_MILTER_GREY -100
put that into a cf file in one of your rules directory
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Pr
please suspend this users mailing list account
--- Begin Message ---
Mensaje Automatico ***
Este usuario no se encuentra operativo, para cualquier asunto le ruego
se pongan en contacto con Leandro Gayango [EMAIL PROTECTED]
***
On 3/6/2007 5:30 AM, [EMAIL PROTECTED] wrote:
> It's my first meta rule, which only gives a score if both conditions are
> true, and I was wondering if there's a possibility to make the score more
> "intelligent" :
my local rules use combinations. any message that hits AT LEAST one rule
gets t
On 2/15/2007 8:53 AM, Justin Mason wrote:
> Eric A. Hall writes:
>> need a --show-rule option to spamassassin cmd that will display all the
>> information associated with a named rule (DESC, SCORE, rule syntax, etc)
>
> could you open a feat req on the bugzilla? it'l
need a --show-rule option to spamassassin cmd that will display all the
information associated with a named rule (DESC, SCORE, rule syntax, etc)
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
to do that but not with spamassassin alone. You'll need a
mailer that can resumbit the messages after they've been cleared, at the
very least. That's trivial, but it's not something spamassassin does.
--
Eric A. Hallhttp://www.ehsc
d replies that are TO you but CC the list also get boosted
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 1/16/2007 1:52 AM, Eric A. Hall wrote:
> On 1/16/2007 12:06 AM, Theo Van Dinter wrote:
>> On Mon, Jan 15, 2007 at 10:44:33PM -0500, Eric A. Hall wrote:
>>> sa-update nuked INFO_TLD which I was still finding useful
>>> can somebody with the rule send it to me? th
On 1/16/2007 12:06 AM, Theo Van Dinter wrote:
> On Mon, Jan 15, 2007 at 10:44:33PM -0500, Eric A. Hall wrote:
>> sa-update nuked INFO_TLD which I was still finding useful
>> can somebody with the rule send it to me? thanks
>
> It's pretty straightforward to write, bu
sa-update nuked INFO_TLD which I was still finding useful
can somebody with the rule send it to me? thanks
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
aller memory footprint,
better reclamation, better hooks for plugins etc? OTOH, would it be harder
to build, given the dependence of SA on perl modules?
Thoughts?
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/ca
to the message.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
n't have Return-Path yet.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
ns (eg, "ldapfilter_env_from_header")
But yeah, if they are provided and if there is a way to tell spamassassin
where to look, they are very useful.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 10/24/2006 4:01 PM, John Rudd wrote:
> Eric A. Hall wrote:
>> Note that this is entirely legal, and even necessary:
>>
>> [ root# ] host 207.65.71.14
>> 14.71.65.207.in-addr.arpa is an alias for 14.in-addr.ntrg.com.
>> 14.in-addr.ntrg.com is an alias for 1
ddress, with no separators.
That may be spam-sign, but unless there's something more than what you're
showing it's not a standards violation.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 10/23/2006 10:50 PM, John Rudd wrote:
> Eric A. Hall wrote:
>> On 10/23/2006 7:01 PM, John Rudd wrote:
>>> a) does the hostname in the PTR record point to a CNAME instead of an A
>>> record
>> That's not illegal. It's pretty common too, since subne
On 10/23/2006 7:01 PM, John Rudd wrote:
> Eric A. Hall wrote:
>> http://www.ehsco.com/misc/spamassassin/std_compliance.cf might help or
>> work for what you're doing.
>>
>> Make sure to read the disclaimers and warnings
>
> Those helped a lot. There
can't drop a message based solely on the parameter of
> the EHLO command. You MAY check it, if you like to. But you MUST NOT
> drop it.
2821 is for implementors, not operators. Software developers must not
automatically drop mail for this reason -->as a matter of design<-
erely quarantines their
> messages, via spam assassin score, instead of rejecting them.
Yeah, I moved almost everything out of postfix and into spamassassin so
that I could work on probability instead of binary. Just make sure to
whitelist all traffic for any mailing list that you're on,
http://www.ehsco.com/misc/spamassassin/std_compliance.cf might help or
work for what you're doing.
Make sure to read the disclaimers and warnings
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/ca
rs for Spamhaus to choose from."
http://www.informationweek.com/blog/main/archives/2006/10/spamhaus_needs.html
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
bly need to write a plug-in that used some kind of
typo-matching logic to find porno words.
Would be a good plug-in actually. Get busy :)
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 8/7/2006 12:25 AM, Theo Van Dinter wrote:
> On Mon, Aug 07, 2006 at 12:07:58AM -0400, Eric A. Hall wrote:
>> Anybody written a rule that tests for empty text/plain, preferably only
>> when a non-empty text/html or some other media-type is provided?
>
> Sounds very simi
Anybody written a rule that tests for empty text/plain, preferably only
when a non-empty text/html or some other media-type is provided?
Thanks
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 10/20/2005 1:27 PM, Eric A. Hall wrote:
> Anybody got one that works with gnome/evolution?
>
> evolution requires "spamassassin", which requires "perl-spamassassin".
> cpan2rpm makes "perl-Mail-SpamAssassin", which doesn't satisfy either of
>
c file
generated with cpan2rpm have failed miserably.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
nto the chain (have to read the settings, apply
them to the local scanning process without clobbering the others, etc).
Really though the problem is load, since you are looking at multiples of
scanning processes.
FWIW, I wrote a primer on this kind of architecture for Ne
st though
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 8/22/2005 3:50 PM, Eric A. Hall wrote:
> IP::Country use Whois lookups instead though, and UDP/DNS lookups are
> going to be faster than chained TCP/Whois queries.
> I'll play with the plugin and see what kind of times and load I get
Some poking around, IP::Country::Fast us
On 8/22/2005 3:34 PM, Derek Harding wrote:
> On Sun, 2005-08-21 at 20:05 -0400, Eric A. Hall wrote:
>
>>What's the benefit of using this instead of the uridnsbl plugin? The code
>>below will look for the IP address behind a URI and then query the
>>cn-kr.blackholes.
na:
uridnsblURIBL_CNKR cn-kr.blackholes.us TXT
bodyURIBL_CNKR eval:check_uridnsbl('URIBL_CNKR')
tflags URIBL_CNKR net
score URIBL_CNKR 2.0
I'm sure there's a difference but I guess I'm not seeing it
--
Eric A. Hall
e a DEFER verb), but can also be used in other models (such as
delivery routines).
The plugin and cf are posted at http://www.ntrg.com/misc/sagrey/ and I've
also updated the wiki
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols
ore of a problem.
http://www.google.com/search?q=sa-learn+cyrus seeems to return a bunch of
relevant matches
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
one
> to use -- maybe based on the connecting ip, maybe based on a command
> line/config file variable passed.
A simple plug-in would probably do the trick. You'd need to call the
Sys::Hostname::Long module yourself, since SA itself does not need or
provide the local hostname
ikewise.
I have trained my users better than that, which is why I don't care about
these tests. Other people might tho.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 7/10/2005 4:41 PM, Eric A. Hall wrote:
> On 7/10/2005 3:49 PM, Loren Wilton wrote:
>
>>However, if you want something like this, just off the top of my head:
>>
>>header __HAS_TOTo =~/\S/
>>body__HAS_BODY/\S/
>>metaEMPTY_MSG(!__H
On 7/10/2005 4:56 PM, Loren Wilton wrote:
> Rawbody will miss the subject, so you will need to add a test for that too.
I'm not looking for that
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 7/10/2005 3:49 PM, Loren Wilton wrote:
> However, if you want something like this, just off the top of my head:
>
> header __HAS_TOTo =~/\S/
> body__HAS_BODY/\S/
> metaEMPTY_MSG(!__HAS_TO && !__HAS_BODY)
Good idea. rawbody works better but the mode
sets.
> The problem is you can't check just missing body, as you will get way
> too many FPs in a business environment.
I guess I should have asked the obvious question:
"and if so, could you post it?"
thanks
--
Eric A. Hallhttp:/
Anybody got a rule that will catch messages that don't have a body?
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 6/16/2005 5:47 PM, Eric A. Hall wrote:
> I'm trying to update my ldap plugin to use SRV lookups for server
> discovery but am getting barked at during tests with the "Insecure
> dependency in connect..." error. I'm not having much luck with googling
> this
t really
trying very hard either, since I've got other stuff to work on.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
ssin
before, and I'm wondering if anybody knows what the resolution was.
Thanks
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 6/10/2005 3:04 PM, Eric A. Hall wrote:
> What I specifically need from AWL is number of instances for the current
> sender tuple, with the value of "one" (for the current message) being the
> magic number. Any suggestions would be appreciated.
http://spamassassin.apache.
On 6/10/2005 3:04 PM, Eric A. Hall wrote:
> [I should state the obligitory -- this module won't do much for people
> who call SA from procmail.
Actually there is the possibility of using a rule that adds ~1.0 to the
score, instead of adding a header. I can check for the presence of
the value of "one" (for the current message) being the
magic number. Any suggestions would be appreciated.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
ks in. This seems to have fixed the sporadic timeout
problems with LDAP searches, and it seems to operate in persistent mode
reliably now.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
s don't say
as much then they're junk.
There is a critical difference with SA, however, which is that the admins
need to be proficient at stuff like CPAN, Perl, etc., while some of the
packaged offerings provide simple click-the-button GUI, and those can have
significantly lower salary as
are
auto-filed into the Junk Email folder).
Bayes is great for per-user stuff, but unless you are willing to manage
the per-user databases (which I'm not), it is easier to just tweak the
system scores and rules. Less management overhead, less CPU, etc.
--
Eric A. Hall
t be
an artifact of my system's super-weird kernel/perl setup.
>>Is the wiki locked? I wanted to post a link there but the pages don't
>>appear to be editable.
>
> you need to create an account and log in. (I think there's a mention
> of this somewhere o
I got my plugin finished (I think) and have posted links to the plugin and
documentation at http://www.ntrg.com/misc/ldapfilter/
Is the wiki locked? I wanted to post a link there but the pages don't
appear to be editable.
--
Eric A. Hall
65]: 2005/05/19-16:53:51 CONNECT TCP Peer:
"127.0.0.1:36813" Local: "127.0.0.1:27"
[...]
May 19 16:53:56 goose spampd[13065]: Closed connections
I do a ~dozen RBL lookups, URIDNSBL, Razor2 lookups, ClamAV scans, my own
LDAP tests, and some more stuff
--
Eric A. Hall
/rfc822 attachment, just like what SA does when it
creates a report for an (attached) message.
Stripping the embedded message out should be relatively straightforward
using some of the mime tools.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core
of existing *NIX mail spool directoriess),
and postfix is an easy MTA to configure. You can play with calling in
stuff like procmail or postfix filters pretty easy from there.
Good luck.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols
ng turned into a blank line.
OTOH, I know that postfix does some cleanup before it performs analysis
(it adds Message-ID and does other stuff), so it is entirely possible that
it is doing a CR/null conversion as part of that.
Very annoying whatever it is
--
Eric A. Hall
ank line as the
> begining of the body.
No kidding. The problem we are seeing happens when there is a EOL marker
at the end of a header, and when that is cleaned up we have two CRLF pairs
all of a sudden, with all of the headers which follow suddenly being part
of the message b
On 5/11/2005 3:02 PM, Martin G. Diehl wrote:
> Eric A. Hall wrote:
>>I haven't really looked into this much yet, but it appears that some
>>embedded CR or LF characters are getting processed by SA and then fed back
>>to Postfix, which then cleans up the message and spl
ebody wants to see the message I should have it in my trash still.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
e
rejections instead of after-transfer rejections.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 5/4/2005 1:11 PM, Matt Kettler wrote:
> Got any better suggestions for a name?
STS = Sender Trending Score
It is an independent score that is applied separately based on the
sender's historical trend.
Consonants make better acronyms.
And it's accurate!
--
o note that this rule will not fire
# if the HELO identifier is an IP address or domain-literal, or if the
# 'helo' field is empty.
#
This stuff seems to have proven pretty stable, so I guess I should find
out what's needed to get it formalized
--
Eric A. Hall
couple DCC with a whitelisting system of some kind.
Razor scores are based on tags that reflect on content, the credibility of
the reporter, etc.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
weaking your rules works just as
well, and you don't have to maintain a bunch of user-specific databases.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
s to blacklist for all of the other recipients too, so
running it through SA with blacklist_to is needed for that, even with
really high bayes marks
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 3/28/2005 9:30 AM, Matt wrote:
> That worked but your right it has no effect on the autolearn=spam. Any idea
> how I get it to autolearn all email to a given address as spam?
can you pipe incoming mail for that account to sa-learn?
--
Eric A
them to be bayes auto_learn spam.
Add this to one of your *.cf files
score USER_IN_BLACKLIST_TO 100.0
or whatever score you want
Dunno if the bayes auto-learner works with blacklist_to rules; it doesn't
work with some whitelist rules.
--
Eric A. Hall
r at least
> one major purpose of it)
Yeah, it would still require CPU processing, which is one of the
advantages of refusing to accept the mail in the first place. OTOH, it
would still have value in terms of keeping spam away from the end-users,
which is its own reward sometimes.
--
Eric A. H
e spam and mailing list to multiple trojaned PCs,
so my spamtraps are having a little bit less success lately, but they
still work very well.
You can also use the messages to feed a ~global bayes training process if
you're willing to accept the possibe side-effects of one
atic clients and my fat-fingered tests.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
g lists in a big
whitelists.cf file in /etc/mail/spamassassin
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
;s a pretty common cluster
of crashes, mostly failing on the same rules (but succeeding on them the
majority of the time). Quite curious.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Eric A. Hall wrote:
> I'm storing the session variables (such as login status) as part of $self,
> and storing message variables with $permsgstatus. But where do I put the
> logout/disconnect code? DESTROY seems to get called after every message
> ("seems to" but I
I'm trying to figure out any issues regarding config data and my
ldapBlacklist plug-in, and this is a mystery to me.
Why purpose does init.pre serve excactly if local.cf and user_prefs can
load the same plug-in modules?
--
Eric A. Hall
> verification/harvesting `bots. Also, the Postfix notes warn that you
> should expect people to complain if you enable the option:)
Yep. One option might be to cache addresses so that it only does it once
per sender per ~six month window, although I'm not keen on keeping a
d
seem to find trustworthy numbers
and experiences. Anybody got any thoughts here?
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Vicki Brown wrote:
> I could give it a score of 0 but I'd like to simply say "don't even test
> against it".
>
> I'm getting tired of seeing ALL_TRUSTED. We run SMTP; they connect directly
> to us; there are no interim hosts.
You just want to do this fo
knowledge.
Seems to me that most of this stuff should be using the plug-in interface
anyway. So maybe just move it out of the core and into a plug-in, and then
hand the module off for Vernon to do whatever he feels like with it.
SA can still provide pointers in the distro and a link on the Wiki.
ct code? DESTROY seems to get called after every message
("seems to" but I'm fairly blurry at this point), which causes the session
to get killed after every message. Where am I supposed to put this stuff?
Thanks
--
Eric A. Hallhttp://www.ehs
also notice that they are NOT arguing that this is allowable
and legal "from" syntax. It's something else entirely.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
mouss wrote:
Eric A. Hall wrote:
Huh? The helo= stuff is inside the parenthesis. Perhaps I am missing
something but your point 3 seems to conflicewith your point 2.
comments are only allowed where whitespace occurs
can you give you me the line num in the rfc?
It's actually somewhat stricter
Christopher Weimann wrote:
On 03/16/2005-04:49AM, Eric A. Hall wrote:
Loren Wilton wrote:
Received: from ar39.lsanca2-4.16.241.28.lsanca2.elnk.dsl.genuity.net
([4.16.241.28] helo=watson1)
by pop-a065d23.pas.sa.earthlink.net with smtp (Exim 3.33 #1)
id 1DBKRe-Kp-00; Tue, 15 Mar 2005 14:23:22
r
I do wish that postfix would let me add dynamic headers to the message
before the proxy filter is called, or give me an ACL for no-filter,
either of which would work to skip well-known message origins
--
Eric A. Hall http://www.ehsco.com/
Internet C
List Mail User wrote:
the "with" is sometimes also either a "by" or "via" (and probably
other string values which I haven't noticed). BTW.
"by" "via" and "with" are separate sub-fields with their own meaning
--
Eric A. Hall
HOULD NOT use unregistered names.
| Protocol = "ESMTP" / "SMTP" / Attdl-Protocol
| Attdl-Protocol = Atom
| ; Additional standard names for protocols are registered with the
| ; Internet Assigned Numbers Authority (IANA). SMTP servers
| ; SHOULD NOT use unregistered names.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
et me
know. Be warned that this plugin can really beat the crap out of your
LDAP server, and will add some measurable latency if the SA system is
already burdened down. But it works pretty well, and is interesting if
you're into LDAP.
Responses off-list pls.
Thanks
--
Er
which don't talk rfc.
http://www.rulesemporium.com/forums/showthread.php?s=&threadid=105 has a
set of rules that might do what you want, or might be adaptable.
--
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Eric A. Hall wrote:
Over the weekend I banged together a preliminary ldapBlacklist.pm plugin
which lets the master process query an ldap server for whitelist or
blacklist flags associated with the connecting SMTP client's reverse DNS,
the HELO identifer, the mail-from address, the From ad
1 - 100 of 143 matches
Mail list logo