I'd also strongly recommend adding boundaries: /\b(blah1|blah2|blah3)\b/i
Otherwise, you might have a whole *pano*ply of words that will make
legit mails marked a spam. You need to be super sure about poison pills
rules, or in french - *pillu*le empoisonnée.
Good luck.
On 18.06.24 13:35, Axb
Hi Jimmy,
If you want to get that exact version using rawbody, here's how it would
need to look like:
rawbody __PASSWORD_IN_QP /\bp\x{D0}\x{B0}ssword/i
As a trick to know what to use in such a case, I added this rule on my
debug/rule testing machine:
rawbody __ALLRAWBODY /.+/
tflags
less all those mails (that were not blocked earlier by RBLs).
Good luck,
Laurent S.
documentation with:
perldoc Mail::SpamAssassin::Plugin::DNSEval
Good luck,
Laurent S.
On 3.4.X, adding those rules should be enough:
score URI_HOST_IN_BLOCKLIST 100.0
score URI_HOST_IN_BLACKLIST 0
score URI_HOST_IN_WHITELIST 0
score URI_HOST_IN_WELCOMELIST -100
score USER_IN_BLOCKLIST 100.0
score
On Monday, May 9th, 2022 at 20:35, Alex wrote:
> I'm trying to understand why this email from a bank fails DMARC when mxlookup
> says the DMARC record is just fine.
> https://pastebin.com/0T4Gjn3v
>
> * 1.8 DMARC_REJECT DMARC reject policy
> * 6.0 KAM_DMARC_REJECT DKIM has Failed or SPF has
On Thursday, February 10th, 2022 at 16:33, Kris Deugau
wrote:
> (Please keep mail on-list)
Oops, replied too quick without checking this. Sorry.
> > Out of curiosity, I've tested it with a replace_tag rule (//)
> > without luck. Shouldn't those UTF8 range be added to the ReplaceTags plugin?
Hi Alex,
The Filetype plugin of fuglu handles it very well:
https://fuglu.org/plugins-index.html#attachment-blocker
It can filter based on file extension and file type (recognized by Magic
Bytes... so Benny, mimedefang/clamav isn't necessary to block every ELF
or windows executable), even if the
Hi Benny,
We use fuglu in production at work and it works very nicely. But it was
on a centos machine. I have it too on a debian raspberry pi and just
updated from gitlab. I had a domainmagic dependency missing too but
mentionned it to a dev, who's working on a fix. I have no experience
with
Hi,
I know we are on the spamassassin mailing list, but another more radical
way to block those is directly in postfix with a header_check before
giving it to spamassassin
/^X-Spam-Flag: Yes/ REJECT Outscatter
/^X-(Spam|AES)-Category: (SPAM|PHISHING)/ REJECT Outscatter
But as a forewarning,
Someone is either stealing another account (password reset) or already
using one of those account to buy stuff or do shady things. In order to
confuse the user and apparently yourself too, they are mailbombing. In
short, they submerge that mailbox with all sorts of e-mails so that the
user
only use a exhaustive list
which will leave out most companies that don't have the (financial)
resources.
I am extremely skeptical of the whole BIMI thing and hate that it's
presented as a security thing.
Laurent S.
Dear Shane,
Have you had a look at the uri_detail plugin? You should find
interesting info there:
perldoc Mail::SpamAssassin::Plugin::URIDetail
I guess you should be able to do what you want with this plugin. But I
rarely use it, so I can't help you further.
In order to catch those mismatch
13 matches
Mail list logo
