he RBL's at MTA level - where
they should be used and have been used for 25 years in the ISP world
you compare uncomparable.
SA does header scanning and can check on non-direct headers, e.g. at the
internal network level.
Also, it can do deep header scanning for open proxies etc.
MTA can
On Sat, Oct 01, 2022 at 04:42:09PM +0200, Matus UHLAR - fantomas wrote:
perhaps these all should replace _DKIMDOMAIN_ by _AUTHORDOMAIN_ and AND-ed
with DKIM_VALID_AU.
can these checks be made the way DNS queries are done only when
DKIM_VALID_AU matches?
perhaps playing with priority
On
avoid FPs or check them manually what mail they hit, so I didn't need to
keep much of ham mail
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rekl
On Fri, Oct 07, 2022 at 03:01:17PM +0200, Matus UHLAR - fantomas wrote:
the _DKIMDOMAIN_ can contain multiple domains if mail is signed using
multiple valid keys.
On 07.10.22 16:35, Henrik K wrote:
Not a problem, as AskDNS doc says:
"Tags which produce multiple values will result in mul
Matus UHLAR - fantomas skrev den 2022-10-07 10:59:
just bumping this if anyone has idea how to process DKIMWL and
spamhaus DWL
in more efficient matter.
On 07.10.22 14:35, Benny Pedersen wrote:
there is no data in dwl.spamhaus.org but the rule for testing is still
in current spamassassin as
On Fri, Oct 07, 2022 at 10:58:07AM +0200, Matus UHLAR - fantomas wrote:
I have configured my personal user_prefs to process options for extracttext.
so far, spamd complains:
Oct 7 09:29:05 fantomas spamd[26887]: spamd: setuid to uhlar succeeded
Oct 7 09:29:05 fantomas spamd[26887]: config
Hello,
just bumping this if anyone has idea how to process DKIMWL and spamhaus DWL
in more efficient matter.
On 01.10.22 16:42, Matus UHLAR - fantomas wrote:
askdns LOCAL_DNSWL_IN_DWL _DKIMDOMAIN_.dwl.dnswl.org TXT
On 30.09.22 20:57, Matus UHLAR - fantomas wrote:
I'm not sure it s
extracttext options when spamd is used?
e.g. are they considered rules? (user rules are disabled by default iirc)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek
host
from surbl and other lists that support it.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fuckin
askdns LOCAL_DNSWL_IN_DWL _DKIMDOMAIN_.dwl.dnswl.org TXT
On 30.09.22 20:57, Matus UHLAR - fantomas wrote:
I'm not sure it should be done with _DKIMDOMAIN_, it's described to
contain all valid signatures:
_DKIMDOMAIN_
Signing Domain Identifier (SDID) (the 'd
On 30.09.22 19:15, Benny Pedersen wrote:
Matus UHLAR - fantomas skrev den 2022-09-30 18:53:
On 30.09.22 18:04, Benny Pedersen wrote:
ifplugin Mail::SpamAssassin::Plugin::DKIM
ifplugin Mail::SpamAssassin::Plugin::AskDNS
askdns LOCAL_DNSWL_IN_DWL _DKIMDOMAIN_.dwl.dnswl.org TXT
-1 -1 -1 -1
tflags LOCAL_DNSWL_IN_DWL net nice noautolearn
endif # Mail::SpamAssassin::Plugin::AskDNS
endif # Mail::SpamAssassin::Plugin::DKIM
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie
8-Sep-2022 22:45:49.345
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.
attachments/body.
On 9/26/2022 12:20 PM, Matus UHLAR - fantomas wrote:
some of mailservers I admin are behind fortinet device that does
content inspection and removes viruses by replacing them with
content:
--=_NextPart_000_0012_F7463AA1.9316ADCB
Content-Type: text/plain; charset=&q
31}\"."http:\/\/www\.fortinet\.com\//
describe FORTI_ATT_REMOVED Dangerous attachment removed by Fortinet
scoreFORTI_ATT_REMOVED 5
So far, all files I found are of small size (<100K), but can (and should) I
somehow restrict search for this content only as beginning of attachments?
Is
the sender into welcomelist_auth
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
On 8/29/2022 1:10 PM, Matus UHLAR - fantomas wrote:
perhaps ExtractText module could do that.
It's available in SA4 (currently beta afaik) and on:
https://github.com/DavidGoodwin/ExtractText
On 30.08.22 01:00, Kevin A. McGrail wrote:
NOTE that I don't believe the version in SA4 is t
ld it make sense to support berkeley DB here?
On Sun, Aug 28, 2022 at 3:02 PM Matus UHLAR - fantomas
wrote:
I'm trying to set up url_shortener_cache_dsn globally, but spamassassin is
run by multiple different users.
is it possible to specify url_shortener_cache_dsn relative according to
/DavidGoodwin/ExtractText
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!
e
or:
dbi:SQLite:dbname=$HOME/.spamassassin/DecodeShortURLs.sqlite
did not work, complained
using only:
dbi:SQLite:dbname=DecodeShortURLs.sqlite
created the file in current directory.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
er for anything
commercial, you've been around a great many years Martin, so I'm glad
you resist the temptation of the fools.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu c
variant.
with pregreet pause, it also drops big number of spambots.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
MAIL /\w@\S+\.\w/
.. there's atachment of type image/gif but the body does not
contain any URI containing :// nor any e-mail address.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
EADME.html
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.
^^
for ; Thu, 21 Jul 2022 04:40:21 +0200 (CEST)
^
unless your mailserver adds envelope recipient address to the headers
(common for domain mailboxes, uncommon for others)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to rec
uation?
header __HDRS_MISSP ALL:raw =~
/^(?:Subject|From|To|Reply-To):\S/ism
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
=0.001,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, PYZOR_CHECK=1.985,
SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.652, T_SCC_BODY_TEXT_LINE=-0.01]
looks like you should implement bayes.
since these are generated by amavis, you could train amavis database.
--
Matus UHLAR - fantomas, uh...@fantom
walker-hood.tweakedtoperfection.com.
194.87.42.59rivas-martinez.tweakedtoperfection.com.
194.87.42.60colon.tweakedtoperfection.com.
194.87.42.61thompson.tweakedtoperfection.com.
194.87.42.62armstrong-brown.tweakedtoperfection.com.
194.87.42.63clark.tweakedtoperfection.com.
--
M
On 2022-06-29 10:25, Matus UHLAR - fantomas wrote:
Since SpamAssassin does deep header scanning, it's more effective than
just use incoming IP at MTA level.
On 29.06.22 10:58, Benny Pedersen wrote:
this is not good, its a sign of forwarding that forwards spam in the
first place, that mak
cept match from single DNSBL) and use them within SA too.
Since SpamAssassin does deep header scanning, it's more effective than just
use incoming IP at MTA level.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to thi
21
This is an invoice phish that isn't tagged. Ideas on how to block these
would be appreciated.
https://pastebin.com/FXX8cx5f
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adr
On 23.06.22 15:56, Eduardo Maia wrote:
I'm trying to block the emails with fake FROM like:
From: "Nick Blue "
I have installed spamassassin v3.4.6 and after I enabled the
FromNameSpoof plugin.
On 23.06.22 18:08, Matus UHLAR - fantomas wrote:
I have checked FromNameSpoof
local.cf
header LOCAL_FROMNAME_SPOOF eval:check_fromname_spoof()
score LOCAL_FROMNAME_SPOOF 5.0
My question is about how to configure this plugin and also which score
i should give on the new rules ?
you have just described how you configured it.
the next question is how do you block them.
--
Matus U
spamd executes checks under different users - I use spamass-milter for
that.
if you use amavis, you don't need spamd.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
SA manually.
__KAM_DMARC_POLICY_REJECT only says that the sender domain has DMARC policy
set to reject, it does not say that the mail is to be rejected
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this addres
g for weeks.
doesn't amavisd by any chance use old SA installation/libraries?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Boost
through SA after it's received, it doesn't hit
KAM_DMARC_REJECT or DMARC_REJECT. In fact, it hits DMARC_PASS. It
also continues to hit DKIM_VALID_AU. I don't know how to explain that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to
y email traffic is so low, couldn't I leave clamav running on
the more powerful/larger ram web server and have postfix access clamav
on that ip? Just did a quick search and some people are running it on
a separate server. Just a pre-coffee thought.
yes, should work perfectly.
--
a plugin in SA related to that, I
believe.
there are also many signatures for JS and other kinds of malicious content
in clamav...
however, with clamav, 2G of RAM is not enough. Especially when using
ConcurrentDatabaseReload (default on)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www
alling the PurePerl DMARC lib now as well.
let us know
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
ssassin::Plugin::SPF
no matter if you have Mail::SpamAssassin::Plugin::DMARC loaded or not.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu p
>On Tue, May 24, 2022 at 1:09 PM Matus UHLAR - fantomas wrote:
>> have there been rejects often before?
On 24.05.22 13:58, Alex wrote:
>I have hundreds of these over the last few days (week?), but they could go
>back even further than that. It appears to primarily hit m
>> Since uninstalling it this morning, there have been no other occurrences
>> of KAM_DMARC_REJECT all day for any emails.
On Tue, May 24, 2022 at 1:09 PM Matus UHLAR - fantomas
wrote:
have there been rejects often before?
On 24.05.22 13:58, Alex wrote:
I have hundreds of these o
C_STATUS
On 24.05.22 13:02, Alex wrote:
What are the proper libraries that should be used to support DMARC with SA?
This one should be, but there seems to be either a bug in that library or in
SA code handling that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Wa
h hit
DKIM_VALID_AU.
https://pastebin.com/9g9VrgVK
https://pastebin.com/DCu9cq4t
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 bi
On 22.05.22 12:25, Kevin A. McGrail wrote:
>#1 you can use the welcomelist entries but NOT the welcomelist_auth
>entries if DMARC is failing.
On Sun, May 22, 2022 at 1:51 PM Matus UHLAR - fantomas
wrote:
isn't welcomelist_auth okay with DKIM_VALID_AU ?
On 22.05.22 15:17, Alex
rough, sorry to say it's been rougher than I wanted too.
But we have it in production and we are working on edge cases from my end.
Alex (OP), do you have Mail::DMARC installed?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertisi
On 2022-05-10 20:39, Matus UHLAR - fantomas wrote:
From: nore...@ess.firstdata.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=6g5c7kdjkv3qjrxjsdzn3325ejghli53; d=ess.firstdata.com;
t=1652117979;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME
AM_DMARC_REJECT DKIM has Failed or SPF has failed on the message
* and the domain has a DMARC reject policy
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukol
it's the whitelist in policyd-spf.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
vTx6KzY
X-Comment: SPF skipped for whitelisted relay domain - client-ip=13.110.6.221; helo=smtp14-ph2-sp4.mta.salesforce.com; envelope-from=re...@support.meridianlink.com; receiver=
X-Greylist: whitelisted by SQLgrey-1.8.0
isn't it possible that it's sqlgrey that whitelisted your domain?
$ spamassa
f1 include:spf.protection.outlook.com include:_spf.salesforce.com -all"
SPF_PASS idicates that the SPF hit.
however, posting full headers could help us a bit.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this a
On Tue, Apr 26, 2022 at 02:35:25PM +0200, Matus UHLAR - fantomas wrote:
> is it possible to match message headers in rfc822 atttachments?
>
> from what I know, "header" rules only apply to mail headers and mimeheader
> only apply to mime headers.
>
> body and rawbody
ago but no success:
https://marc.info/?l=spamassassin-users&m=132282473328809&w=2
is this possible now or do we need out-of SA solution for this?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovan
tigating further?
not me, as I'm not involved in SA deployment more than by being active here.
perhaps you could fill a wishlist report...
Are these rules from the link above useful?
looks like they are. KAM.cf contains similar rules, but having them in stock
SA would be nice.
> > and spf is unapplicable since the envelope from is null.
>
> Isn't that the case with all bounce messages?
Matus UHLAR - fantomas:
usually yes, it should be. But we of course can't guarantee that.
This also means that SPF can't be used, thus either those messag
messages?
usually yes, it should be. But we of course can't guarantee that.
This also means that SPF can't be used, thus either those messages have DKIM
signatures, or they CAN NOT pass DMARC.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wi
rule was triggered.
It's also somehow hitting BAYES_99 - do you train your bounce messages?
yes.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
On 7/4/22 3:09 pm, Matus UHLAR - fantomas wrote:
your edge sends the original message as an attachment, so your
internal server can not process many of checks. SA option
"report_safe" does this.
You should either trust edge server on its decision, or not do
scanning there. If y
. SA option "report_safe" does this.
You should either trust edge server on its decision, or not do scanning
there. If you do scan there, set "report_safe 0".
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adver
e destination is not "."
- or, A/ exist.
that would require plugin or a few meta rules.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rekla
produce NXDOMAIN
I don't recall the current state of support for this, so don't rely on
it without testing it.
Is it possible to do this within a cf file?
I don't know. Someone else with more knowledge of SpamAssassin will
need to speak to this.
--
Matus UHLAR - fan
0.001
72_scores.cf:score DKIMWL_WL_MEDHI 0.001 -0.001 0.001
-0.001
and I have already disables using of this check for autolearning:
tflags DKIMWL_WL_HIGH noautolearn net nice
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish N
ce on how to deal with it?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)
On 04.03.22 19:01, Matus UHLAR - fantomas wrote:
I got reports for multiple spams in form:
From: " martin.redact...@example.com"
To: "ředácted xyz, Ing."
Subject: Fw: xyz.redact...@example.com
(I intentionally kept some chars with diacritics because that was
s
nor any of _FNSFNAME*_ tags did hit
Am I expecting too much from FromNameSpoof?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!
y to solve my problem without changing domain names?
many of newest TLDs are used for spamming, getting domain in more stable TLD
might help.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tu
s much coding as with the solution above.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
7;: could not find working mirror, channel failed
should be no big problem. if you really need, find the cron job and run it
again (you may need to run it under user it runs from cron)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail adver
"1897787"
the "updates.spamassassin.org" itself has no data.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie i
s deprecated, 2. only uses host.
I'm glad you have fixed that but next time please read the manual page
first.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVA
HELO_NO_DOMAIN __HELO_NO_DOMAIN && !HELO_LOCALHOST
only has exclusion for "localhost" name (which has its own rule)
the scores could be united too:
score FSL_HELO_NON_FQDN_1 2.361 0.001 1.783 0.001
score HELO_NO_DOMAIN 0.001 0.001 0.001 0.001
--
Matus UHLAR - fantomas,
Hello,
looks like there's mailer hitting XM_RANDOM
from multiple mails:
X-mailer: Qi Mail Connector 101.21
X-mailer: Qi Mail Connector 103.2
apparently generated by czech company information system:
https://www.qi.cz/system-qi/
--
Matus UHLAR - fantomas, uh...@fantomas.sk ;
ip6:2a01:7e01:e001:289::4 -all
perhaps Received: headers from the mail you have received.
If that mail was rejected within apache network, you should see which server
rejected from which one.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e
mail that looks much like spam.
I use SA for more than 10 years, but in a very basic manner.
Is there some doc on how to harden SA ? Some useful plugins ? Bayes is
clearly not sufficient in my case
using razor/pyzor/DCC helps much.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fanto
age.
yes, OTOH it would be great to be able to re-process matched rules, possibly
with different (e.g. per-user) scores.
But this must to be implemented yet.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Va
1 PHP (1 phipiline peso = $.02)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
On 14.12.21 17:46, David Bürgin wrote:
Look into ‘normalize_charset 1’. For background maybe this:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7656
On 2021-12-14 at 13:18:09 UTC-0500 (Tue, 14 Dec 2021 19:18:09 +0100) Matus
UHLAR - fantomas is rumored to have said:
from what I
On 14.12.21 17:46, David Bürgin wrote:
Look into ‘normalize_charset 1’. For background maybe this:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7656
from what I remember, normalize_charset should not be used until SA 4.*
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
On 01.12.21 11:25, Matus UHLAR - fantomas wrote:
hoping that adding sending IP Address to X-Originating-IP: header will help
me fight against spam posted via webmail it seems I caused more problems
than it was supposed to solve.
mail sent from external IP 192.0.2.1 via webmail on 192.168.0.10
On 01.12.21 11:25, Matus UHLAR - fantomas wrote:
hoping that adding sending IP Address to X-Originating-IP: header will help
me fight against spam posted via webmail it seems I caused more problems
than it was supposed to solve.
mail sent from external IP 192.0.2.1 via webmail on 192.168.0.10
On 01.12.21 11:25, Matus UHLAR - fantomas wrote:
hoping that adding sending IP Address to X-Originating-IP: header will help
me fight against spam posted via webmail it seems I caused more problems
than it was supposed to solve.
mail sent from external IP 192.0.2.1 via webmail on 192.168.0.10
ernal: [
ip=192.0.2.1 rdns= helo= by= ident= envfrom= intl=0 id= auth= msa=0 ]
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernoby
show messages being processed and
correctly identified as spam/ham.
what parameters is spamass-milter run with?
-M by any chance?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu
uot;Don't be evil"
motto.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
begin to add score more then default score to freemail hits, with
imho is more desireble then class it not freemail
i guess this just disables detection of fake reply-to which is I believe
exactly opposite of what OP needs.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Wa
meout).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
On 2021-11-02 12:20, Matus UHLAR - fantomas wrote:
I have tried again, but despite is being listed in
kam_sa-channels_mcgrail_com/nonKAMrules.cf, SA does not accept that
directive.
On 02.11.21 18:25, Benny Pedersen wrote:
problem is that util_rb_2tld is global while kam rules need pr rule
12:45:25.455 [9317] dbg: config: read file
/var/lib/spamassassin/3.004004/updates_spamassassin_org/20_aux_tlds.cf
Nov 2 12:45:25.456 [9317] dbg: config: cleared tld lists
On 02.11.21 12:24, Raymond Dijkxhoorn wrote:
Thats added with 4.0.0-rsv
ehm?
--
Matus UHLAR - fantomas, uh...@fantomas.sk
/nonKAMrules.cf,
SA does not accept that directive.
at least not SA 3.4.4 (debian 10 backports)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux
On 10/31/21 5:26 PM, Matus UHLAR - fantomas wrote:
it looks like google has registered page.link domain and users are already
using it for spamming:
https://secretadultnightclub.page.link/...
I have added it to my local domain-based blocklist.
any idea/tip what to do with it next?
On
On 2021-10-31 17:26, Matus UHLAR - fantomas wrote:
it looks like google has registered page.link domain and users are
already
using it for spamming:
https://secretadultnightclub.page.link/...
I have added it to my local domain-based blocklist.
any idea/tip what to do with it next?
On
Hello,
it looks like google has registered page.link domain and users are already
using it for spamming:
https://secretadultnightclub.page.link/...
I have added it to my local domain-based blocklist.
any idea/tip what to do with it next?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
red by the SpamAssassin CTASD test?
On 25.10.21 11:05, Axb wrote:
CommTouch, as a product, has been EOL for a decade ago.. or longer.
looks like icewarp mail server does use such service too, but I don't know
much about that.
Why not contact the ISP, directly?
so far the fastest solution
On 18/10/2021 11:20 am, Matus UHLAR - fantomas wrote:
spamd by default tries to find recipients' home directories and user
preferences in them. try passing following option to spamd:
-x, --nouser-config, --user-config
On 18.10.21 14:47, Linkcheck wrote:
Thanks. Where would I act
n TCP/IP mode, connect to spamd server on given host (default:
localhost). Several hosts can be specified if separated by commas.
obviously "localhost" resolves to ::1 where spamd does not listen.
make spamd listen on ::1 or instruct spamd to connect to 127.0.0.1
--
Matus
le of such mail with headers?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promo
lay, which can be enough
for the DNSBLs to catch up with the latest spammer.
I can only recommend using postscreen for non-client mail
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto ad
,SPF_HELO_PASS,URIBL_BLACK
autolearn=no autolearn_force=no version=3.4.2
For instance, rule RCVD_IN_DNSWL_NONE is run for the first mail but
not for the second.
Why is that?
perhaps the rule did not match, that's how spam score is evaluated.
did those mails come from the same host?
--
Matus
201 - 300 of 2533 matches
Mail list logo