Re: Whitelist or BAYES?

. * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from * author's domain you can safely welcomelist_from_dkim their mail address. -- Matus UHLAR - fantomas, uh...@fantomas.sk ;

Re: ATTENTION: DNSWL to be disabled by default.

Root Cause Analysis (in order): 1) DNSWL does not provide blocked codes.  That deviates from most DNS-query based systems. On 24.09.24 20:43, Matthias Leisi wrote: This is wrong. On 26/09/24 01:20, Matus UHLAR - fantomas wrote: I have checked with 1.1.1.1, where queries only return

Re: ATTENTION: DNSWL to be disabled by default.

DNSWL would return 127.0.0.255 in addition to 127.0.10.3 - there is already rule to suspend header RCVD_IN_DNSWL_BLOCKED eval:check_rbl_sub('dnswl-firsttrusted', '^127\.0\.\d+\.255$') dns_block_rule RCVD_IN_DNSWL_BLOCKED list.dnswl.org -- Matus UHLAR - fantoma

Re: ATTENTION: DNSWL to be disabled by default.

ctor. Is there any possibility to detect clients using open DNS, perhaps other than RCVD_IN_ZEN_BLOCKED_OPENDNS ? Then, block all dnsbl/rhsbl rules? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovan

Re: Tips on training bayes?

may be kinda filing it up. With SA 3.4.X - on average 100MB and it deletes on the fly With SA 4.X - on average 2-6GB and I had to do a quick fix: 59 23 * * * root find /var/lib/amavis/tmp/ -mtime +0 -delete; W dniu 18.09.2024 o 16:09, Matus UHLAR - fantomas pisze: On 18.09.24 13:42, Grega via

Re: Tips on training bayes?

15:28:48 CEST 2024 How do you call spamassassin, directly, via spamass-milter, amavis or other way? Did you tune any bayes settings? Do you have your trusted_networks and internal_networks set up properly? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish

Re: What is RP? many false negatives and dont respond to emails

with Score -5 because of this... other experiences? does they answer e-mails? mine got not in weeks RCVD_IN_RP_CERTIFIED=-3, RCVD_IN_RP_RNBL=1.31, RCVD_IN_RP_SAFE=-2] many thanks Are you using an ancient SA version? Those rules were removed/changed in March 2021 -- Matus UHLAR

uridnsbl_skip_domain and util_rb_*tld

ribl.com gov.sk.multi.surbl.org gov.sk.dbl.spamhaus.org gov.sk.lookup.dkimwl.org -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due t

Re: DATE_IN_FUTURE_24_48 more often?

ar? Looks like it is still a low %, except this T_DATE_IN_FUTURE_96_Q DATE_IN_FUTURE_03_06 0.1% DATE_IN_FUTURE_12_24 0.1% DATE_IN_FUTURE_06_12 31% T_DATE_IN_FUTURE_96_Q I believe I don't have to explain how spammers use(d) this to show their mail first in their MUAs -- Matus UHLAR -

Re: DATE_IN_FUTURE_24_48 more often?

4 08:51:37 +0200 On 22.07.24 09:58, Marc wrote: This does not look like something out of the ordinary not? Even if it is a timezone/summertime issue it is still not 'is 24 to 48 hours after' This looks correctly. I remember seeing this issue when users put incorrect date or incorrect

Re: uridnsbl_skip_domain question

Hello, I was hoping to fix this finally... On 5/17/24 3:17 PM, Matus UHLAR - fantomas wrote: I have configured exclusion for some common domains e.g. gov.sk in SA: uridnsbl_skip_domain [...] gov.sk slovensko.sk However it seems that that domain is still queried:  9826  68.951573

Re: whitelist_auth return_path / from

  both enabled its up to you to add more authres_trusted_authserv or more  authres_ignored_authserv lines possible we can now have a very long debate on dmarc plugin ? :) Matus UHLAR - fantomas skrev den 2024-07-03 16:14: Please, Simon, quote the text you are replying to. On 03.07.24 17:47

Re: whitelist_auth return_path / from

yet. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer

Re: help with ubuntu 22.04

want to upgrade to ubuntu 24.04 LTS which has SA 4.0.0 included. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people

Re: Questions about spamassassin

:13 /var/lib/spamassassin/.spamassassin/ YMMV of course -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Quantum mechanics: The dreams stuff is made of.

Re: Sv: Re: Question about a rule

gests the user and not users@ I guess that the "sexikäs" causes troubles. Do you use SA 4.0 ? That should be compatible with utf-8. Matus UHLAR - fantomas 2024-06-18 14:00 >>> On 18.06.24 13:50, Anders Gustafsson wrote: body LOCAL_PORN_RULE /word1|word2.|x69-JOOGA

Re: Question about a rule

uld be able to see which string matched Finally, SA recommends using multiple rules with small scores instead of single rule with huge score. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na

Re: Need some help decoding an SA analysis

? Someone obviously has one of: Resent-From Envelope-Sender Resent-Sender X-Envelope-From From address in whitelist (renamed welcomelist since). you just need to find out which and where. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail

Re: Where are your test definitions?

Am 2024-06-14 21:20, schrieb Matus UHLAR - fantomas: If you want to find out more, feed the mail to "spamassassin -D" and that should explain which text matched which rules. and as we told you already, your client should NOT play with small or semi-invisible text in mail. That'

Re: Where are your test definitions?

Am 2024-06-14 18:24, schrieb Matus UHLAR - fantomas: 1. as I said it's hard to find out without the body 2. hiding data indicates a spammer. On 14.06.24 19:15, Thomas Barth via users wrote: Yes, I've now realized that I can simply grep for the descriptions. grep -ri "FONT_INV

Re: Where are your test definitions?

Am 2024-06-14 17:11, schrieb Matus UHLAR - fantomas: FONT_INVIS_NORDNS=1.544 HTML_FONT_TINY_NORDNS=1.514 RDNS_NONE=0.793 working fcrdns would fix much for them. However, not doing stupid shit with fonts would help even more: FONT_INVIS_MSGID=2.497 FONT_INVIS_NORDNS=1.544 HTML_FONT_TINY_NORDNS

Re: Where are your test definitions?

d the definitions on your old site https://spamassassin.apache.org/old/tests_3_1_x.html. why 3.1? FONT_INVIS_NORDNS, FONT_INVIS_MSGID, HTML_FONT_TINY_NORDNS, RDNS_NONE Is there no current version of the test definition. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warni

Re: Warning: Your Pyzor may be broken.

sider retiring Pyzor as "no longer effectively maintained"? consider, probably. However pyzor still generates hits and helps catch spam, at least on my server. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising

Re: AW: RCVD_IN_RP_CERTIFIED always -3

uld enable automatic rule updates in /etc/default/spamassassin: CRON=1 As another general recommendation, run local caching non-forwarding DNS server on mail server and don't use public DNS resolvers: https://cwiki.apache.org/confluence/display/SPAMASSASSIN/CachingNameserver -- M

Re: Lots of FN because of VALIDITY* rules

e ASF rule maintenance system. It is irrelevant to an operational deployment. I have no idea why Debian installs that file at all. On 6/5/24 09:17, Matus UHLAR - fantomas wrote: It does not, I guess that the OP did because of misunderstanding of what it does. On 6/5/24 11:14, postgarage Gr

Re: Lots of FN because of VALIDITY* rules

olete/invalid rules there. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes.

Re: DKIM length 'l=' tag

signatures. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody

Re: Lots of FN because of VALIDITY* rules

On 03.06.24 12:02, Matus UHLAR - fantomas wrote: On 03.06.24 07:26, postgarage Graz IT wrote: A few days ago a lot of false negatives landed in our inboxes. As it turned out the reason was that the for nearly all mails the RCVD_IN_VALIDITY_CERTIFIED and RCVD_IN_VALIDITY_SAFE rules matched. I

Re: Lots of FN because of VALIDITY* rules

tive.list? reload spamd or amavis, the rules in /var/lib/spamassassin/ are used by default. Maybe you need to enable cron job by setting CRON=1 in /etc/default/spamassassin and it will happen automatically. ...I have no idea how active.list works. -- Matus UHLAR - fantomas, uh...@fantomas

Re: dkim fail %

ult: dkim=fail -@ ...@hotmail.com [@]# dig +short -t mx hotmail.com 2 hotmail-com.olc.protection.outlook.com. etc etc. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTA

Re: How to report SPAM?

ASS=-0.001, SPF_PASS=-0.001, TO_NO_BRKTS_NORDNS_HTML=0.001] autolearn=no autolearn_force=no So, at least dnsbls work well for you. What can I do? With these SPAMS, I have the impression that the senders know exactly how to trick Spamassassin. -- Matus UHLAR - fantomas, uh...@fantomas

Re: Difference between spamc -L and sa-learn

use SQL or LDAP config so they will use the same. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. We are but packets in the Internet of life (userfriendly.org)

uridnsbl_skip_domain question

in documentation -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted

Re: SA treats percentage spaces wording as uri

URL even if you don't see it. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. He who laughs last thinks slowest.

Re: Score 0.001

ed_above=2 required=6.31 tests=[DMARC_MISSING=0.001, FSL_BULK_SIG=0.001, Amavis has some more scores than stock SA, of course they can be modified if your scanner is well trained. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail a

Re: Rule: "1.0 R_DCD 90% of .com. is spam"

, and perhaps it is true that they are mostly spam. where is the rule stored? what file? On May 10, 2024, 17:18, Rupert Gallagher wrote: I only have stock and KAM, and it is definitely not a custom rule of mine. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I

Re: Rule: "1.0 R_DCD 90% of .com. is spam"

what R_DCD means, and search indexes do not help. Short of reading the source code, does anybody know what R_DCD means? I have no idea. where did you get this rule from? I don't see it in stock rules -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish N

Re: Score 0.001

tagged_above=2 required=6.31 tests=[DMARC_MISSING=0.001, FSL_BULK_SIG=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_ONLY_24=1.282, HTML_IMAGE_RATIO_02=0.001, HTML_MESSAGE=0.001, MIXED_HREF_CASE=1.999, PYZOR_CHECK=1.985, RELAYCOUNTRY_BAD=2, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_TVD_MIM

Re: Tips for improving bounce message deliverability?

list_bounce_relays, which defines servers who send your e-mail - thus you know bounces from those hosts are legitimate. the original message opriginated from mailgun, perhaps you need to add its servers. it matches bounces since its a bounce, alt that is seen as a results of forwarding emails

Re: authres missing spf-helo ?

On 24.04.24 18:50, Benny Pedersen wrote: unsure so i ask :) try to explain your question a bit more -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek

Re: another problem in disable in spamassassin

Contains a spam URL listed in the Spamhaus DBL blocklist 25_uribl.cf:tflags  URIBL_DBL_SPAM  net domains_only notrim 25_uribl.cf:reuse   URIBL_DBL_SPAM ... And I dont have idea how disable all check in spamhaus.org -- -- Matus UHLAR - fantomas, uh...@fantomas.sk ; htt

Re: Weird whitelist

D-HEADER-7 {RelayedInbound}, [34.23.17.0]:38582 [34.23.17.0] <> -> , Queue-ID: 4VBDq04Bn7z1Q9qQ, mail_id: 6LRhEwtUmP7u, Hits: -, size: 10888, queued_as: 4VBDq06n69z1Q9q1, 358 ms I check and I not found any <> in whitelist check amavis config. -- Matus UHLAR - fantomas, uh

Re: disable URIBL_ and spamhaus.net

On 03.04.24 11:18, natan wrote: Where in  pdns-recursor? I use pdns-recursor /etc/powerdns/recursor.conf W dniu 3.04.2024 o 13:17, Matus UHLAR - fantomas pisze: This is not about pdns-recursor itself. It's about using own recursing DNS server - you you don't use DNS server o

Re: disable URIBL_ and spamhaus.net

Or maybe some other lists connected? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Enter any 12-digit prime number to continue.

Re: Order of handling whitelist/blacklist

::Conf doesn't say that I could find. You'd think the first would happen first, since it's more specific. Or, maybe that both would happen. On Mar 28, 2024, at 2:39 AM, Matus UHLAR - fantomas wrote: they both should happen. note that the second argument must be Received: hea

Re: Order of handling whitelist/blacklist

o that argument depends on proper TrustPath set up https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustPath -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOS

Re: Doesn't spamc/spamd need block/welcomeliist support???

ame to spamd which then should use that users' user_prefs file (if it exists) unless spamd was started with "-x" parameter or can't access that file. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advert

Re: Help with rule matching when it shouldn't

n exmaple: From: ya...@gmail.com Return-path: ya...@yahoo.com If I send an email that would have those headers Spamassassin is getting a hit for my NOT_IT rule but that should not match because __RETURNAPTH_IS should not get a hit. How can I troubleshoot this? -- Matus UHLAR - f

Re: unsubscribe

On 19.02.24 15:03, Dejan Doder wrote: Please unsubscribe me from list We can't, the process is user-driven. send mail to users-unsubscr...@spamassassin.apache.org and confirm in the confirmation mail that will be sent to tou. -- Matus UHLAR - fantomas, uh...@fantomas.sk ;

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

ns when you use --lint, because it skips network checks, including DCC. spamassassin --prefs-file=/etc/spamassassin/local.cf -D 2> tmp.out < ~/test.eml I have already asked why you use --prefs-file. You have not answered my question and simply deleted it. -- Matus UHLAR - fantomas, uh.

Re: Plugin fo content modification

, February 19, 2024 at 01:42:46 PM GMT+1, Matus UHLAR - fantomas wrote: On 19.02.24 12:37, Pedro David Marco via users wrote: Does anyone know of a plugin for content modification? SpamAssassin detects spam, it is not designed to tho content modification. an example, i want to change the word

Re: Plugin fo content modification

for example you can cause changing middlesex to middle--- or sextant to ---tant. You would also invalidate DKIM signatures. Try avoiding this clbuttic problem. https://en.wikipedia.org/wiki/Scunthorpe_problem -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I w

Re: SpamAssassin4 + DCC not populating "X-Spam-DCC: : " header ?

I have "loadplugin Mail::SpamAssassin::Plugin::DCC" in /etc/spamassassin/v310.pre - try uncommenting it there. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully.

Re: Problem installing Spamassassin 4.0.0 on Ubuntu 23.10 Server

ad of /etc/default/spamassassin for start-up options. On 14.02.24 00:23, Ken Wright wrote: So it's normal? I don't need to obsess over it? You don't. Just note it for further installations. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT

Re: Problem installing Spamassassin 4.0.0 on Ubuntu 23.10 Server

Thanks in advance! On 14.02.24 06:15, Niels Kobschätzki wrote: The service seems to be have renamed. It is the same on Debian. You also have to change now /etc/default/spamd instead of /etc/default/spamassassin for start-up options. and the "spamd" package as well. -- Matus

Re: QR code phish?

4.0 as well. On 2/5/24 09:49, Matus UHLAR - fantomas wrote: what if you do? does ExtractText only run one of configured programs for the same type of file? On 05.02.24 12:14, giova...@paclan.it wrote: Exactly, ExtractText only run the first configured program for the same type of fil

Re: QR code phish?

programs for the same type of file? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. A day without sunshine is like, night.

Re: Bayes "corpus" - how old?

On 2024-01-30 at 12:08:18 UTC-0500 (Tue, 30 Jan 2024 18:08:18 +0100) Matus UHLAR - fantomas is rumored to have said: [...] autolearn may help if your DB is well maintained, although I have disabled nearly all rules with negative scores, like RCVD_IN_DNSWL_* RCVD_IN_IADB_* DKIMWL_WL_

Re: Bayes "corpus" - how old?

DITY_* USER_IN_DEF_* ALL_TRUSTED etc, because spammers often abuse these. I mean, they may have negative score but don't train on them. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto ad

Re: Bayes "corpus" - how old?

0 1172945918 0 non-token data: oldest atime so, even old spam mey be fine. You however need much of ham to train otherwise everything starts looking like spam. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail adverti

Re: install SA p a i n f u l l

ing to get the fricken thing on the fricken machine in the fricken first place. I am not going to run cpan with force because that may hide *real* errors. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this addre

Re: FORGED_HOTMAIL_RCVD2

On 26.01.24 11:03, Rupert Gallagher wrote: Subject: FORGED_HOTMAIL_RCVD2 Rule broken. Please update. can you provide more info, perhaps headers? header FORGED_HOTMAIL_RCVD2 eval:check_for_no_hotmail_received_headers() -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http

Re: Adding IP to report

and its country of origin I sometimes block the sending IP by some method. perhaps you could add to your SA config or user_prefs: add_header spam LastIP _LASTEXTERNALIP_ https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Conf.html -- Matus UHLAR - fantomas, uh...@fantomas.sk

Re: milter vs spamc

w do I redirect spam to a mailbox if I use the milter? spamass-miter supports "-b spamaddress" option to redirect spam. I prefer "-r nn" option that rejects mail if it scores over "nn" SA points. I use reject score 8 on tuned systems, 10 on non-tuned. -- Matus UHLAR

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

generally enough. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

able. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines.

Re: Gift Card Scam

On 04.01.24 22:57, Matija Nalis wrote: bodyGIFT_CARD /gift card/i score GIFT_CARD 1.5 metaFREEMAIL_GIFTCARDSGIFT_CARD && (FREEMAIL_FROM || !DKIM_VALID) Matus UHLAR - fantomas skrev den 2024-01-05 09:06: shouldn't that be !DKIM_VALID_AU ? valid DKIM si

Re: Gift Card Scam

On 04.01.24 22:57, Matija Nalis wrote: bodyGIFT_CARD /gift card/i score GIFT_CARD 1.5 metaFREEMAIL_GIFTCARDSGIFT_CARD && (FREEMAIL_FROM || !DKIM_VALID) shouldn't that be !DKIM_VALID_AU ? valid DKIM signature means nothing by itself -- Matus UHLAR -

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

KIM headers. It's in a weird limbo where I can see the email got marked but GMail is not marking it either way. can we see headers From: and Authentication-Results as they were seen on your server? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

he domain in From: When you forward e-mail, SRS makes sure SPF record is from your domain, but the DKIM signature must be made by sending server, so forwarded messages without valid DKIM signature will not pass. Many thanks for your help, it's genuinely appreciated! -- Matus UHLAR - fant

Re: MS-relayed spam

ft tenants. What? If the message came from .outlook.com hosts, it should be reported to ab...@outlook.com. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolve

Re: MS-relayed spam

us X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR20MB3698 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average.

Re: Beginner Setting up Spam Assassin

On 29.12.23 22:08, FalconChristopher wrote: Anyone know how I can check and setup SpamAssassin so that I can eliminate some spam from coming in from a email account ? do you mean if one of your users started spamming out? On 12/28/2023 2:24 AM, Matus UHLAR - fantomas wrote: On 27.12.23 16

Re: Beginner Setting up Spam Assassin

re for Spam Assassin but I don't know how to setup what I mentioned above ? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don

Re: missing something in new SA config

how my "razor_config" is incorrect?  That might be helpful. what is in the /etc/mail/spamassassin/.razor/razor-agent.conf ? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu

Re: ATT RBL f---wits

ot; because google have a history of not honouring TTL's, and it always pays to use a DNS server that you don't think would have your zone cached, to get a fresh perspective. correct. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive

Re: Spamassassin rule

On 17.11.23 11:19, natan wrote: E-mail was signed DKIM but why SA set "DMARC_REJECT" in this time ? W dniu 17.11.2023 o 12:31, Matus UHLAR - fantomas pisze: it's hard to see this without envelope and header from: On 17.11.23 12:42, natan wrote: Return-Path: <3j

Re: Spamassassin rule

reason for subdomain alignment. good news dmarc plugin in sa trunc does aswell work in spamasasssin 3.4.6 last time i tryed i am still waiting for spamassassin stable release of 4.x That happened 11 months ago today, where have you been? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http

Re: Spamassassin rule

t; E-mail was signed DKIM but why SA set "DMARC_REJECT" in this time ? it's hard to see this without envelope and header from: -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tut

Re: Too many dots?

;ve had a hard time writing my own rules, has worked quite well. (Up until the spammers started just dropping their fake invoice content into an attached image - or PDF.) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertis

Re: when whitelisting, do what with marked SPAM?

uot;Missed SPAM"?, thinking along lines of keeping BAYES "clean and sharp".  So to speak. Leave as is?  Delete and re learn? On 11/14/2023 13:46:11, Matus UHLAR - fantomas wrote: Simply relearn FPs. Unless you have huge misclassification issue, learning as few mail as one should fix BAY

Re: when whitelisting, do what with marked SPAM?

uot;Missed SPAM"?, thinking along lines of keeping BAYES "clean and sharp". So to speak. Leave as is? Delete and re learn? Simply relearn FPs. Unless you have huge misclassification issue, learning as few mail as one should fix BAYES issues. -- Matus UHLAR - fantomas, uh...@fantom

Re: spamc -L does not return 5, or 6

writable under "imaps" user, e.g. virtual users or similar. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 s

Re: Getting error 74

What platform are you running on? (OS, distro, perl version, etc.) Debian 12. sa-update version 4.0.0 / svn1900642 running on Perl version 5.36.0 Matus UHLAR - fantomas writes: Debian 12 contains SpamAssassion 4.0.0-6. Cecil Westerhof writes: Strange. When running 'apt update&#

Re: Getting error 74

What platform are you running on? (OS, distro, perl version, etc.) Debian 12. sa-update version 4.0.0 / svn1900642 running on Perl version 5.36.0 Matus UHLAR - fantomas writes: Debian 12 contains SpamAssassion 4.0.0-6. On 02.11.23 21:43, Cecil Westerhof wrote: Strange. When running 

Re: Getting error 74

s or using other way? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes.

Re: Getting error 74

*/ looks like you have problem reading or writing. If you want less generic answer, please provide info what command you execute and what is the exact error. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address

Re: spamd: still running as root

spamd" I assume that's ok. Matus UHLAR - fantomas skrev den 2023-10-31 11:48: yes, although --create-prefs is useless when you use --nouser-config On 31.10.23 17:51, Benny Pedersen wrote: and --create-prefs needs root ? no. Even if you keep spamd running as root, it won'

Re: spamd: still running as root

spamd" I assume that's ok. yes, although --create-prefs is useless when you use --nouser-config -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT aku

Re: spamd: still running as root

RON=1 since SA 4, spamd uses /etc/default/spamd I don't use -u option, so spamd setuids to user spamc provides, this allows spamd use per-user configuration files. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising

Re: Missing Mail::SpamAssassin::Plugin::WelcomeListSubject

ult the author of 'w7_whitelist.cf' for support of whatever configuration it includes. This only produces error because WelcomeListSubject does not exist and WhiteListSubject is not installed. Fixing the error above should fix this as well. -- Matus UHLAR - fantomas, uh...@fantoma

Re: dkim-test valid but spamassassin scores DKIM_INVALID

Matus UHLAR - fantomas skrev den 2023-10-25 09:36: I have: 50_scores.cf:score DKIM_VALID -0.1 check if you really haven't set score for DKIM_VALID anywhere, since SA complains about it being zero. I guess this may cause DKIM_INVALID misfiring On 25.10.23 13:08, Benny Pedersen wrote:

Re: dkim-test valid but spamassassin scores DKIM_INVALID

7:10:54.125 [1687779] info: util: setuid: ruid=0 euid=0 rgid=0 0 egid=0 0 >Oct 25 07:10:54.364 [1687666] info: rules: meta test DKIM_INVALID has dependency 'DKIM_VALID' with a zero score Matus UHLAR - fantomas hat am 25.10.2023 08:16 CEST geschrieben: did you set score of DKIM_

Re: dkim-test valid but spamassassin scores DKIM_INVALID

X-Spam-Status: No, score=1.6 required=5.0 tests=ALL_TRUSTED,DKIM_INVALID, DKIM_SIGNED,KAM_DMARC_REJECT,KAM_DMARC_STATUS autolearn=disabled version=3.4.6 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this add

Re: users Digest 29 Sep 2023 01:08:28 -0000 Issue 5575

1CEB4CD00AA00BBB6E6000B5BBF9 7B16F0AE24BA3D270A637831578CAB77333E06029E36245B2E3DACE37D29594 x-originating-ip: [195.154.60.67] x-esetresult: clean, is OK x-esetid: 37303A2976F0D65A657466 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail adverti

Re: rbl for smtp auth hosts

. I just have to check which of them is not a list that lists any 'dynamic' ip by default. zen is not good idea for auth too. It's supposed to contain dynamic IPS which aren't used for spaming. authbl from spamhaus should do that. -- Matus UHLAR - fantomas, uh...@fantomas

Re: rbl for smtp auth hosts

ourse. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer.

Re: rbl for smtp auth hosts

credentials compromised. can you describe it more? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will

Re: DNS Help

for more information. On 2023-09-12 at 02:51:46 UTC-0400 (Tue, 12 Sep 2023 08:51:46 +0200) Matus UHLAR - fantomas is rumored to have said: have you also read the link(s) above? SA explains the problem and how to avoid it, namely points to: https://cwiki.apache.org/confluence/display

Re: sane max value for message size in 2023?

ad that from one of my .pre files, or do I have to somehow add that to a scan command-line? On 12.09.23 08:47, Matus UHLAR - fantomas wrote: I bumped mine to maximum size my server can accept, currently 30M. I checked my spambox for biggest spam recorded (not rejected or lost) and I have pre

  1   2   3   4   5   6   7   8   9   10   >