fantomas
wrote:
> On 28.04.23 11:04, Joey J wrote:
> >I have this rule which I thought looked good, but doesn't seem to ever
> kick
> >in.
>
> >header FROM_TEST_IP_AND_EMAIL From =~ /sender@sender\.com/i && Received
> =~ /from 138\.193\.30\.7/
>
> >I was ho
10:58, Joey J wrote:
> >I'm trying to understand why SA keeps scoring this rule, when the sender
> >only has their from address, no reply to etc, nothing helping me to
> >understand why.
> >
> >I'm guessing here, but this would be where the reply to differs from t
Hello all,
I have this rule which I thought looked good, but doesn't seem to ever kick
in.
header FROM_TEST_IP_AND_EMAIL From =~ /sender@sender\.com/i && Received =~
/from 138\.193\.30\.7/
score FROM_TEST_IP_AND_EMAIL -8.0
I was hoping to find the senders email address, then if it's found, see
Hello All,
I'm trying to understand why SA keeps scoring this rule, when the sender
only has their from address, no reply to etc, nothing helping me to
understand why.
I'm guessing here, but this would be where the reply to differs from the
from?
Any assistance appreciated.
--
Thanks!
Joey
:
> On Thu, 12 Jan 2023, John Hardin wrote:
>
> > On Thu, 12 Jan 2023, Martin Gregorie wrote:
> >
> >> On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote:
> >>> Hello All,
> >>>
> >>> I created this rule to check for email addresses
Hello All,
I created this rule to check for email addresses matching a list to get
added some negative value.
I also tried it with just domains so it would be more efficient, but I
can't seem to get them to run.
Any suggestions?
header TO_SPECIFIC_EMAIL eval:check_to_specific_email()
describe
))
Dec 19 19:39:47 mgw postfix/qmgr[5368]: 1270980A01: removed
On Thu, Dec 22, 2022 at 2:24 AM Matus UHLAR - fantomas
wrote:
> On 21.12.22 15:48, Joey J wrote:
> >Thank you for pointing me in the better direction.
> >Since not many people are typi
Kris & Greg,
Thank you for pointing me in the better direction.
Since not many people are typing these types of email , I could do the one
off rule and it would be manageable.
But in better seeing the welcomelist_from_spf option, I think this will be
my first try.
I appreciate all of your points
Thanks Everyone.
Within all of the responses, I will try to reply here.
1. The legit sender will talk about big numbers because of the real things
he is involved with so big numbers is still a valid method to score, just
not in this case.
2. The SPF record is set to fail on no match, however this
NOTICE: The query to URIBL was
blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
On Tue, Dec 20, 2022 at 6:14 AM Matus UHLAR - fantomas
wrote:
> On 19.12.22 20:05, Joey J wrote:
> >I'm trying to see if there is a "best way" to provide negative scori
Actually, what would be the format, in respect to header for that rule?
so
header welcomelist_from_rcvd j...@company.com [1.2.3.4]
On Mon, Dec 19, 2022 at 8:39 PM Greg Troxel wrote:
>
> Joey J writes:
>
> > I'm trying to see if there is a "best way" to
Thanks,
So welcomelist_from_rcvd j...@company.com [1.2.3.4]
Is saying if it's received from j...@company.com and the IP combination?
And then simply score it
welcomelist_from_rcvd score -2
I will try that thank you!
On Mon, Dec 19, 2022 at 8:39 PM Greg Troxel wrote:
>
> Joey J
Hello All,
I'm trying to see if there is a "best way" to provide negative scoring for
a certain persons email.
As an example if j...@company.com is communicating with paypal or other real
banking institutions, then at times within the email chain, SA will tag it
as spam.
I want to see if there
Hello All,
I'm trying to see if there is a way to incorporate network ranges into SA
to essentially flag messages.
I know I can use iptables and reject it before getting to SA, but in some
cases we would have legit email get flagged within these bigger blocks.
I'm trying to incorporate:
don't re-invent, but some clients have many providers that send
email on their behalf making it more complicated.
On Fri, Jul 22, 2022 at 10:08 AM Reindl Harald
wrote:
>
>
> Am 21.07.22 um 22:58 schrieb Joey J:
> > Hello,
> >
> > Is there a way for me to block mail tha
Hello,
Is there a way for me to block mail that claims its from a certain domain,
based on my own valid ip address list?
Example:
myserver.com - IP address 1.2.3.4
If a messages comes in from any server other than 1.2.3.4 for domain
myserver.com reject it?
I know SPF/DKIM/DMARC would also help
TC-0400 (Tue, 28 Jun 2022 14:38:16 -0400)
> Joey J
> is rumored to have said:
>
> > Hello All,
> >
> > In trying to setup RBL's with SA, I wanted to make sure the proper way
> > to
> > do it.
> > I have seen some samples like this
&
Thank you, this makes sense, I will look through the mentioned resource.
On Tue, Jun 28, 2022 at 5:28 PM Bill Cole <
sausers-20150...@billmail.scconsult.com> wrote:
> On 2022-06-28 at 14:38:16 UTC-0400 (Tue, 28 Jun 2022 14:38:16 -0400)
> Joey J
> is rumored to have said:
Hello All,
In trying to setup RBL's with SA, I wanted to make sure the proper way to
do it.
I have seen some samples like this
header RCVD_IN_BARRACUDACEN eval:check_rbl('bbarracuda-lastexternal',
'b.barracudacentral.org.')
describe RCVD_IN_BARRACUDACEN Relay is listed in b.barracudacentral.org
Thanks for the follow up.
I understand what you are saying.
This is SA within ProxMox Mail gateway, I added my custom rule via SA which
is working, just this additional function.
On Mon, Jan 4, 2021 at 8:23 PM John Hardin wrote:
> On Mon, 4 Jan 2021, Joey J wrote:
>
> > If I'm u
Hello All,
If I'm understanding things correctly, there is a way for me to BCC spam
messages which lets say score 10 and send a BCC to an email address, but
I'm trying to do it within only 1 rule, as well as modify the subject.
What I don't want is a BCC sent for every messages which is scored a
Hello,
I'm trying to figure out how to write a rule that looks for matches of
certain names against the display name, and then insuring its from a list
of valid email addresses.
So a phishing email come in from "Boss Man"
So I want to check if the display name is "Boss Man" and if so,
22 matches
Mail list logo