, since I have already disabled
this on some of systems we maintain in our company.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Th
spamc+spamd does not.
how do you run spamd?
apparently when checking through spamd, different user preferences are used.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
does not.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
ive. Afaik this is often a sign of spam, not
ham.
iirc such unsubscribe link was already reported as email address verifier,
resulting into more spam being sent to such address.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail a
On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote:
this is apparently not the case of one url redirector (shortener)
points to
another shortener.
I really hope that the DecodeShortURLs only checks fopr redirection
at those
known redirectors (shorteners), not each http->https shorte
On 3/10/2018 3:20 AM, Matus UHLAR - fantomas wrote:
do you have an example of any chained redirection not suspicious?
On 10.03.18 11:04, Rob McEwen wrote:
I haven't examined the code for that plugin very much (yet!) but
one type of very common redirect that is very innocent... is the fact
ves
where "false-positives" is a mbox file format.
On 09.03.18 09:26, David Jones wrote:
RAZOR like DCC and PYZOR shouldn't be used as a sole source of
determining spam.
especially DCC, since it measures bulkiness, not spamminess.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; ht
redirect is highly suspicious and more than two is
probably a waste of time, just score 5.0 and be done with it.
Has anyone done any analysis on multi-redirects?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
On 02.03.18 09:58, Leandro wrote:
Hi Danilele! Our DNSBL works with individual /128 IPv6 addresses:
http://spfbl.net/en/dnsbl/
Even if the provider is offering less then /64 to customers, our DNSBL can
list IPv6 of each one.
2018-03-02 10:08 GMT-03:00 Matus UHLAR - fantomas <
to balance spam detection while avoiding fps
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.
rectly,
while they can change with SA rules without your knowledge.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer
igning their zones.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".
probability by training anything too far from BAYES_00 for ham and BAYES_99
for ham
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make
.
Luckily you have been advised a better approaches. Good luck.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website
except from making the set of messages smaller?
you are not supposed to repeatedly call sa-learn over huge maildir.
calling over new mail (or, better, false-positives and false-negatives) is
faster and won't eat all your memory.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
lookups help much in spam processing, after
bayes they are second best mechanism to detect spam.
NOT using them is helping spammers.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adre
are rules with high negative score that I don't want to trigger
autolearn.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
A day without sunshine is like, night.
(trusting header added by spammer
is not a good idea).
If not, SA validates SPF and DKIM itself.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu
_HELO_PASS.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
-spam. in fact, spammers exploit this.
SPF only talks about FORGERY (often spam sign), not about spamminess.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek
be safe since
they do have good SPF records on subdomains:
whitelist_auth *@*.nytimes.com
this only applies when SPF succeeds so it won't fix their broken SPF :-)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
to Junk, if it
matches spam headerd (X-Spam-Flag: YES).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website
.
you need to configure your MDA (procmail, maildrop, sieve etc) to deliver
mail marked as spam to Junk folder.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
.futurehost.pl have SPF
records, so SPF can not fail here.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
On 09.01.18 10:56, Joseph Brennan wrote:
Both FSL_MIME_NO_TEXT and MIME_NO_TEXT are very similar. Both look for a
multipart/mixed message with no "text/" part that has an attachment.
Combined score is just under 5. That's a lot.
Comments?
On 09.01.18 19:43, Matus UHLAR - fantomas wr
example where
similar rules that should not have that big combined score.
looking at those scores, one of those rules should be removed, or at least a
meta should be created, lowering combined scores (aparently through mass-check)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantoma
ing a small percentage of the time.
On 02.01.18 15:39, @lbutlr wrote:
Checking my mail I see an incidence rate of this of about 0.5%, which matches
the rate you posted earlier.
amavis?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-m
On 1 Jan 2018, at 10:47, Matus UHLAR - fantomas uh...@fantomas.sk> wrote:
On 1 Jan 2018, at 11:41 (-0500), Matus UHLAR - fantomas wrote:
the gross format in RFCs 822,2822 and 5322 describes message-id consisting
of local and domain part, thus is must contain "@".
On 01.01.1
someone wants to write a
plugin that can detect this dynamically.
I've had probelms with a similar rule when I send mail directly from one of
mailservers. I've had to replace it by !ALL_TRUSTED && !NO_RELAYS
just FYI
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Wa
On 1 Jan 2018, at 11:41 (-0500), Matus UHLAR - fantomas wrote:
the gross format in RFCs 822,2822 and 5322 describes message-id
consisting
of local and domain part, thus is must contain "@".
On 01.01.18 12:17, Bill Cole wrote:
No, it does not. Re-read the cited sections. From RFC5322
isting
of local and domain part, thus is must contain "@".
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected co
Matus UHLAR - fantomas skrev den 2017-12-26 18:49:
have you never been subscribed to spammers' blacklist without your
permission?
On 26.12.17 19:01, Benny Pedersen wrote:
hopefully apache.org does know how to handle spam
you did not narrow your sentence on apache mailing lists, perhaps you
never been subscribed to spammers' blacklist without your
permission?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
g a score corresponding to a LOCAL only scan...
can you show us those scores? pastebin please.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu pos
amples.
you mix up multiple things:
1. DNS blacklists (and whitelistt) at postfix level
2. DNS blacklists (and whitelists) at SA level
3. URI blacklists (and probably whitelist) at SA level
4. manual whitelists at SA level.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas
On 16.12.17 20:37, Gokan Atmaca wrote:
I use Zimbra OCS. How do I use RBL?
(Except Postfix ... I just want to use spamassassin.)
On Sat, Dec 16, 2017 at 10:04 PM, Matus UHLAR - fantomas
<uh...@fantomas.sk> wrote:
zimbra bundles both postfix and spamassassin. What makes you think you
On 16.12.17 20:37, Gokan Atmaca wrote:
I use Zimbra OCS. How do I use RBL?
(Except Postfix ... I just want to use spamassassin.)
zimbra bundles both postfix and spamassassin. What makes you think you don't
use RBL's?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk
Debian Linux)?? maybe a known bug?? or
it is maybe just my spamd daemons that hate me for any reason...
maybe they are processing mail and will exit after it's done...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising
=127.0.[0..255].1*-3
list.dnswl.org=127.0.[0..255].2*-4
list.dnswl.org=127.0.[0..255].3*-5
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu post
start tuning scores, you can get to hell
very fast. unless you do your own mass-checks and tune according to them.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
On 28.11.17 19:39, Sebastian Arcus wrote:
I'm having more and more problems with the HTML_IMAGE_ONLY_* set
of rules recently generating false positives.
On 30/11/17 12:45, Matus UHLAR - fantomas wrote:
those have lower scorew with BAYES and network rules enabled.
configure BAYES and enable
be lowered a bit - or is there
anything else to be done - aside from educating all the internet on
optimising logos in the email signatures? :-)
those have lower scorew with BAYES and network rules enabled.
configure BAYES and enable netowrk rules...
--
Matus UHLAR - fantomas, uh...@fantomas.sk
un is on a tmpfs, and
because hard links can't cross filesystem boundaries. But I would bet
that you have something else sensitive in /run that can be used to gain
root.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertisin
trusted_networks and
internal_networks properly, so SA knows which header to use for SPF checks.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek rekla
Il 2017-11-07 10:10 Matus UHLAR - fantomas ha scritto:
[..]
Thus, messages received from the world will be scored locally, messages
received from backup MX will be scored on backup MX.
Then, your sieve filter will work as expected.
On 09.11.17 16:54, Davide Marchi wrote:
Well, but could I
Il 2017-11-05 16:26 Matus UHLAR - fantomas ha scritto:
However, you can tell your server to:
- not run SA when mail is received from backup MX
(I assume you alweays run SA otherwise)
- move mail to spam folder when it's scored as spam
(I think you have this done already)
On 06.11.17 13:01
data into redis database, but I think
your problem is still elsewhere
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect
ary server may
have better information about which mail is spam and which is not.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Pr
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
&quo
m "server2.foo.org",
this is caused by "report_safe" SA option, if this is what annoys you,
simply set "report_safe 0" on the backup MX
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this
the mailbox format also help?
only if you use mbox format.
No, maildir. Not really relevant (I don't think) but:
dovecot2-2.2.31_1
dovecot's antspam plugin could fix your problems
https://wiki2.dovecot.org/Plugins/Antispam
your users would maintain the SA DB themselves.
--
Matus UHLAR - fantomas
spamc communicates with spamd
The OP has amavisd running and therefore apparently does not use spamd.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek re
for speed on a smaller collection.
--no-sync only helps if you have "bayes_learn_to_journal 1" - it's 0 by
default. try turning it on.
Would something like specifying the mailbox format also help?
only if you use mbox format.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; ht
group-list] ";" [CFWS]
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]
On 21.10.17 07:45, Pedro David Marco wrote:
is there any way to avoid duplicated matches when tflag is set to "multiple"?
that's the whole point of multiple. you can limit it to some number by
"maxhits" option.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fan
Hello,
when "tflags" is repeated (e.g. in local.cf and /var/lib/spamassassin),
are all flags set or does the next appearance clear flags set formerly?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to th
UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.
ork.
1. you were asked to provide samples e.g. on pastebin.
Therefore my question "when will the header be added"?
2. how do you integrate SA and kaspersky AV?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to
believe kaspersky enough to give first rules small
negative score?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill
, if the primary server is up?
postscreen, if ou use postfix, supports this:
http://www.postfix.org/POSTSCREEN_README.html#white_veto
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
there was a PDF OCR plugin of some sort, but I don't recall it
being all that effective. Ideas greatly appreciated.
I think you mean PDFassassin, but I'd prefer ExtractText
both described at
https://wiki.apache.org/spamassassin/UnmaintainedCustomPlugins
--
Matus UHLAR - fantomas, uh...@fantomas.sk
to mailbox format, they are quite useful,
although some information may be lost - outlook kind of "sanitizes" the
mail, in which case many details helping to trace spam are lost.
The best is, to catch mail before it hits microsoft clients or servers.
--
Matus UHLAR - fantomas, uh...@f
On 10.08.17 20:15, Scott wrote:
About the only difference in my old, functioning box and this new "clean"
install was the location of the bayes files.
Old box:
/var/spool/amavisd/.spamassassin/
New box:
/etc/mail/bayes
On 11.08.17 16:22, Matus UHLAR - fantomas wrote:
Do did you ch
utolearn
don't set the path, that way it should work OOTB.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for
permission for amavis user, not for
anyone.
Is /etc/mail/bayes writeable by amavisd?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The
ermissions make
the directory or files in it unwritable for amavis user.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a n
s what you mean by "work", it should work.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest.
822 E6E6 B873 2E79
--- I would buy a Mac
today if I was not working at Microsoft. -- James Allchin, Microsoft VP of Platforms
--- 10 days until the
282nd anniversary of John Peter Zenger's acquittal
--
Matus UHLAR - fantomas,
at all. well, it MAY cause some delay but the default pyzor timeout is
3.5 seconds
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli ten
to their
nwetwork).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)
queries */
[...]
zone "combined.njabl.org" { type forward; forward first; forwarders {}; };
see above
zone "fulldom.rfc-ignorant.org" { type forward; forward first; forwarders {}; };
rfc-ignorant.org is dead for years.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; ht
rc against libspf2 makes the opendmarc internal SPF
> > > checker functional and now the SA SPF checks (triggered by amavis) are
> > > firing as well.
> On 07.05.17 - 11:46, Matus UHLAR - fantomas wrote:
> > I would like to note that SPF can be used without openDMARC, and
iggered by amavis) are
> firing as well.
On 07.05.17 - 11:46, Matus UHLAR - fantomas wrote:
I would like to note that SPF can be used without openDMARC, and imho should
work in SA itself.
Did you (try to) make SPF working on valhalla.nano-srv.net?
On 07.05.17 12:05, Thore Boedecker wrote:
It s
ternal SPF
checker functional and now the SA SPF checks (triggered by amavis) are
firing as well.
I would like to note that SPF can be used without openDMARC, and imho should
work in SA itself.
Did you (try to) make SPF working on valhalla.nano-srv.net?
On 06.05.17 - 22:54, Matus UHLAR - fa
On 06.05.17 15:49, Thore Boedecker wrote:
After looking at the headers it became clear what the issue was:
It seems that Yahoo (at least yahoo.co.jp) is allowing emails from
@gmail.com senders to be sent through their servers.
From: Matus UHLAR - fantomas <uh...@fantomas.sk>
@gmail.co
using yahoo mail servers would have to delegate DKIM to
yahoo and yahoo would need to sign under all those domains.
the same applies about any domain that does DKIM signing (e.g. gmail)
that is in fact change in requirements on DKIM itself...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
ferent sender and reply-to FREEMAIL
domains?
what does Sender: header give us in addition to envelope from?
this mail already hit FREEMAIL_REPLYTO
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: n
On Fri, 5 May 2017, David Jones wrote:
I think I would have to write a simple SA plugin to compare the
envelope-from with the DKIM signature domain to see if they matched
then I could use a meta rule to glue all of this together.
From: Matus UHLAR - fantomas <uh...@fantomas.sk>
t it's authenticated, including
headers like From:.
what's the point of checking if SPF and DKIM domains match?
This way authentic (but forwarded, e.g. through mailing lists) mail will get
"caught" but what's the poit of it?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
On 05.05.17 11:37, Merijn van den Kroonenberg wrote:
I want to test in SA if the Envelope From domain is DKIM_VALID.
the envelope from can't be DKIM-VALID. DKIM validated message content,
including some of its headers, not envelope from address.
--
Matus UHLAR - fantomas, uh...@fantomas.sk
wrote:
The rejection message specified dmarc as the reason.
show us the message.
Doesn't it just recommmend using DMARC as one of ways to fix your problem?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address
On Mon, 2017-05-01 at 17:13 +0200, Matus UHLAR - fantomas wrote:
Is there something on vbounce that does notappl for you?
loading it and settings proper whitelist_bounce_relays should hit all
bounces that did not come as response to mail from your systems...
On 01.05.17 19:11, Martin Gregorie
SPF record is pretty
useless (if it's not another Micro$oft attempt to make SPF useless)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two
proper whitelist_bounce_relays should hit all
bounces that did not come as response to mail from your systems...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT
"insufficient data for an opinion".
score BAYES_50 0 0 2.00.8
not that I disagree with this score, but it does not have 0 score...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovani
ne domain owner, who registered domain with similar name to avoid
typosquatting, send mail containing the similar name?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVA
On 4/28/2017 4:56 AM, Matus UHLAR - fantomas wrote:
On 22.04.17 00:37, Benny Pedersen wrote:
https://www.xudongz.com/blog/2017/idn-phishing/
should we care in spammassassin ?
yes.
i ask since its solved in chrome, but its entirely a bad nic tld
handling on that isssue
if idn decode gives
.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you.
rom chmod man page:
chmod never changes the permissions of symbolic links; the chmod system
call cannot change their permissions. This is not a problem since the
permissions of symbolic links are never used.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning
updated spamfilter.sh to point to the right file and mail.log
has finally settled down to a sensible behaviour.
you should drop the home-brew spamfilter.sh and use glue like
amavisd-milter or similar.
Why at all does spamfilter.sh dump output contents of log file back to syslog?
--
Matus UHLAR
m /root/.spamassassin, chmod 777 all of
it (for now to get this working) and made these changes to local.cf:
bayes_path /var/bayes/
bayes_file_mode 0777
you do not need those, just check the above.
spamd uses home directory of the user it's running under.
--
Matus UHLAR - fantomas, uh...@fantomas.sk
.
change spamd's home directory to something other than /root/
even better, run it without --username parameter so it can set UID to user
it's currencly checking. this way different users can have different bayes
databases, different options etc.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http
such a rule. And of
course you have to exclude real mailing list mail.
that means such rule should exclude __HAS_LIST_ID
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
estdiagnosticssurvey.com inbound.dcm8.com
- should work, but you need the signing domain
Because of the above whitelist_auth won't work because whitelist_spf fails
AND whitelist_from_dkim fails if you don't add domain (which whitelist_auth
does not).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www
servers.
SA does not (and should not) do that.
PTR records (and matching A records) are required for outgoing mail, that's
all.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem
as nonexistent, or they just made complaint without any
real problem.
Once the admin wasn't even able to translate clear error message from
english, nor search for the error message on the net...
Simply, don't do that.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warn
hat's why we bave SpamAssassin
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
on the
envelope from: addres.
If the from address is whitelisted AND the SPF of the from address is
good - I pass the email.
or do you do this on MTA-level (which means it's off-topic)?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail
but there is no server.
On 05.03.17 15:15, Matus UHLAR - fantomas wrote:
does the mx0 has highest preference (lowest priority)?
If not, there's little point in using it - nolisting is supposed to catch
spambots trying to connect to your backup MXes, not to primaries.
Oops, seems I mistook nolisting with
ambots trying to connect to your backup MXes, not to primaries.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
701 - 800 of 2483 matches
Mail list logo