On Thursday, July 04, 2024 02:01 AEST, Benny Pedersen wrote:
> Simon Wilson via users skrev den 2024-07-03 15:54:
>
> > header AUTHRES_DKIM_PASS eval:check_authres_result('dkim', 'pass')
> > header USER_IN_DKIM_WHITELIST eval:check_for_dkim_whitelist_f
On Thursday, July 04, 2024 01:11 AEST, Bill Cole
wrote:
> On 2024-07-03 at 10:19:28 UTC-0400 (Thu, 04 Jul 2024 00:19:28 +1000)
> Simon Wilson via users
> is rumored to have said:
>
> > On 03.07.24 23:54, Simon Wilson via users wrote:
> >> Simon Wilson via users
Simon Wilson via users skrev den 2024-07-03 14:56:
> Do I also need to disable the normal SA DKIM plugin evaluation, i.e.
> trusting my upstream authres_trusted_authserv only?
both works in paralel, so no need to disable, best results came from
both enabled
its up to you to ad
On 03.07.24 23:54, Simon Wilson via users wrote:
>Simon Wilson via users skrev den 2024-07-03 14:56:
>> Do I also need to disable the normal SA DKIM plugin evaluation, i.e.
>> trusting my upstream authres_trusted_authserv only?
>
>both works in paralel, so no need to disab
Simon Wilson via users skrev den 2024-07-03 14:56:
> Do I also need to disable the normal SA DKIM plugin evaluation, i.e.
> trusting my upstream authres_trusted_authserv only?
both works in paralel, so no need to disable, best results came from
both enabled
its up to you to ad
Simon Wilson via users skrev den 2024-07-03 14:13:
> I don't think SA 3.4.6 on RH8 has AuthRes plugin:
take it from spamassassin trunc, this plugin works on 3.4.6 aswell, but
was not released or tested on it, i have verify it does work
#!/bin/sh
svn checkout http://svn.apache.org/r
On Wednesday, July 03, 2024 22:06 AEST, "Simon Wilson via users"
wrote:
Dave Funk skrev den 2024-07-03 09:29:
> On Wed, 3 Jul 2024, Simon Wilson via users wrote:
> You say "passing SPF and DKIM" however in the SA rules report it
> clearly says:
> D
Dave Funk skrev den 2024-07-03 09:29:
> On Wed, 3 Jul 2024, Simon Wilson via users wrote:
> You say "passing SPF and DKIM" however in the SA rules report it
> clearly says:
> DKIM_SIGNED=0.1, DKIM_INVALID=0.1
>
> So eventho you think 'passed DKIM' SA c
On Wed, 3 Jul 2024, Simon Wilson via users wrote:
> Does whitelist_auth work on From header, or Return-Path? Reason I ask:
>
>
>
> I have two emails from “support .at. wasabi.com”. Due to their emails usually
> triggering KAM rules I have (in
> /etc/mail/
Running SA 3.4.6 on RH8.
Does whitelist_auth work on From header, or Return-Path? Reason I ask:
I have two emails from “support .at. wasabi.com”. Due to their emails usually
triggering KAM rules I have (in /etc/mail/spamassassin/local.cf):
## Whitelist Wasabi, subject to passing of auth
wh
On Thursday, June 22, 2023 23:05 AEST, Bill Cole
wrote:
On 2023-06-22 at 06:29:53 UTC-0400 (Thu, 22 Jun 2023 20:29:53 +1000)
Simon Wilson via users
is rumored to have said:
> I find most DMARC reports I receive are flagged as spam by SA.
>
> How do people work around this? I
On Thursday, June 22, 2023 20:37 AEST, Damian wrote:
I find most DMARC reports I receive are flagged as spam by SA.> Which
submitters? I looked at a bunch of my reports and they are all MIME_GOOD.
That one was from microsoft.
--
Simon Wilson
M: 0400 121 116
_DIFF=0.79,
PYZOR_CHECK=1.392, RCVD_IN_DNSWL_NONE=-0.0001,
RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, T_TVD_MIME_NO_HEADERS=0.01]
--
Simon Wilson
M: 0400 121 116
is rule is triggering a lot on emails which are not Spam,
reducing score from 2.497
score SHOPIFY_IMG_NOT_RCVD_SFY1.8
Simon
--
Simon Wilson
M: 0400 12 11 16
- Message from Jared Hall -
Date: Fri, 23 Jul 2021 00:07:52 -0400
From: Jared Hall
Subject: CHAOS: v1.2.2: Of Documentation
To: users@spamassassin.apache.org
Simon Wilson wrote:
could you, please, finally, describe what does this module do,
here to the list and/or to
art with the easy parts and follow with those more
compliated functionality, because I feel the description starts with
thelatter.
I'm guessing from the silence in response that this will remain a mystery.
Simon.
___
Simon Wilson
M: 0400 12 11 16
result by applying the check_host() function to the "MAIL FROM"
identity as the .
A HELO SPF check is most certainly not a "fall-back".
Whether the SPF checking tool used follows the RFC is another matter
entirely :-)
Simon.
--
Simon Wilson
M: 0400 12 11 16
INBOUND
--
Simon Wilson
M: 0400 12 11 16
> On Mon, Apr 19, 2021 at 10:05:21PM +1000, Simon Wilson wrote:
rather than change the channel distributed KAM.cf, what needs to go in
local.cf to tell that not to run? *CAN* it be disabled from local.cf, or can
it only be done by commenting out the entry in KAM.cf?
It would not make any se
e relevant milters have run and added
trusted headers on inbound email.
Simon.
--
Simon Wilson
M: 0400 12 11 16
TY_RPBL net publish
reuse RCVD_IN_VALIDITY_RPBL RCVD_IN_RP_RNBL
...is the correct way to disable it:
local.cf: score RCVD_IN_VALIDITY_RPBL 0
?
Simon
--
Simon Wilson
M: 0400 12 11 16
- Message from Henrik K -
Date: Mon, 19 Apr 2021 17:11:41 +0300
From: Henrik K
Reply-To: users@spamassassin.apache.org
Subject: Re: KAM_DMARC_REJECT on internal emails
To: users@spamassassin.apache.org
On Mon, Apr 19, 2021 at 10:05:21PM +1000, Simon Wilson wrote
pamassassin ?, it have to know all wan ips for your own server /
servers
Yes, my trusted_networks, internal_networks and msa_networks are all
set correctly... I had a long discussion with this mailing list on the
subject last year and got excellent help on resolving that! :)
- End me
- Message from RW -
Date: Mon, 19 Apr 2021 12:47:02 +0100
From: RW
Subject: Re: KAM_DMARC_REJECT on internal emails
To: users@spamassassin.apache.org
On Mon, 19 Apr 2021 16:36:58 +1000
Simon Wilson wrote:
Hi list,
- I'm running KAM rules in Spamassassin
- Po
I'd say that a proper solution would be to DKIM-sign mail before it's
spam-scanned.
On 19.04.21 19:39, Simon Wilson wrote:
Good point. If DKIM is signed it should pass DMARC, even if SPF fails.
Amavisd handles both pieces, including DKIM signing... from looking
at the headers it
On 19.04.21 16:36, Simon Wilson wrote:
- I'm running KAM rules in Spamassassin
- Postfix port 587-submitted email is sent to Amavisd (as a
content_filter) on port 10026 (tagged as ORIGINATING/MYNETS) and is
spam-checked and DKIM-signed on its way out the door, sent back to
Postfix at
_50 results.
sa-learn advises tokens learned, but it still seems to struggle with
these. Other than that my Bayes is excellent, very effective and
accurate.
Any advice would be appreciated.
Simon.
--
Simon Wilson
M: 0400 12 11 16
like every inbound email.
From what I can see it's a genuine blocklist lookup by SA...
(RCVD_IN_RP_RNBL in 20_dnsbl_tests.cf) but the error rate is strange.
Am I the only one with high volume of lookup errors from that bl? :-)
or do I need to be looking for an issue locally...
Simon.
--
- Message from Bill Cole
-
Date: Sun, 04 Apr 2021 15:16:32 -0400
From: Bill Cole
Subject: Re: Update SA on CentOS
To: users@spamassassin.apache.org
On 4 Apr 2021, at 0:19, Simon Wilson wrote:
CentOS / RHEL backport critical security fixes into the stock
versions
- Message from Amir Caspi -
Date: Sat, 3 Apr 2021 22:06:03 -0600
From: Amir Caspi
Subject: Re: Update SA on CentOS
To: si...@simonandkate.net
Cc: users@spamassassin.apache.org
On Apr 3, 2021, at 9:15 PM, Simon Wilson wrote:
And then you are not stepping away
ation (and teaching it when it
fails to get it right) resulted in excellent spam prevention on CentOS
7 with its standard packaged SA. And then you are not stepping away
from one of CentOS's main advantages - stable packages not built
outside of RPM.
Simon
--
Simon Wilson
M: 0400 12 11 16
ernal by a properly configured SpamAssassin, please open a bug
report.
Yep, been through all of that with making sure SA knows what is
internal and external, and what it can trust and not. No issues there.
Simon
--
Simon Wilson
M: 0400 12 11 16
Does SA always do its "own" DKIM check, or can it be told to use an
already written trusted AuthservId-written Authentication-Results
header, e.g. from OpenDKIM?
Thanks
--
Simon Wilson
M: 0400 12 11 16
d rules, but what is best practice for
using DMARC results in Spamassassin?
Simon
--
Simon Wilson
M: 0400 12 11 16
ng a Received-SPF filter using
python-policyd-spf (called as last check in
smtpd_recipient_restrictions), so yes it would make sense for
spamassassin to trust the check already made - I'll see if I can work
out how to do that.
Simon.
--
Simon Wilson
M: 0400 12 11 16
al_txrep (277) 0.69% 10433.00 5.00
11.00 17.00 21.00 24.00 35.80786.00
tests_pri_1000 (277) 0.62% 9397.00 6.00
10.00 15.00 19.00 21.00 30.20 621.00
--
Simon Wilson
M: 0400 12 11 16
as Intended (TM). I've not set txrep_autolearn on yet, will
monitor for a while.
Simon
On Sun, Mar 21, 2021 at 3:04 AM Simon Wilson wrote:
- Message from John Hardin -
Date: Sat, 20 Mar 2021 08:08:17 -0700 (PDT)
From: John Hardin
Subject: Re: AWL on
- Message from John Hardin -
Date: Sat, 20 Mar 2021 08:08:17 -0700 (PDT)
From: John Hardin
Subject: Re: AWL on 3.4
To: users@spamassassin.apache.org
On Sun, 21 Mar 2021, Simon Wilson wrote:
I've just migrated and updated to SA 3.4, and have moved the Bayes
it goes, but am
interested in comments on its usefulness?
Simon
--
Simon Wilson
M: 0400 12 11 16
"
You've not stated your OS but on a RHEL/CentOS 7 box the correct way
to remove is to go to /etc/mail/spamassassin/channel.d and delete
sought.conf.
--
Simon Wilson
M: 0400 12 11 16
..
I now have the following in local.cf and it seems to be working OK,
but I'll keep an eye on it.
trusted_networks 192.168.1. 119.18.34.29
internal_networks 192.168.1. 119.18.34.29
msa_networks 192.168.1.230
score ALL_TRUSTED -1.4
Thanks again.
--
Simon Wilson
M: 0400 12 11 16
Quoting Bill Cole :
On 16 Oct 2019, at 7:55, Simon Wilson wrote:
Quoting Tom Hendrikx :
[...]
RDNS_DYNAMIC tries to exclude authenticated email. Are you
accepting email from senders without authentication? Or maybe your
trusted_networks/internal_networks are misconfigured, so the
Quoting Simon Wilson :
Quoting Tom Hendrikx :
On 16-10-19 12:19, Simon Wilson wrote:
Hi, I have a Horde system submitting to a
postfix/amavisd-new/spamassassin server for spam detection
(different servers, same subnet). I *do* consciously run SA over
internally submitted emails to catch
Quoting Tom Hendrikx :
On 16-10-19 12:19, Simon Wilson wrote:
Hi, I have a Horde system submitting to a
postfix/amavisd-new/spamassassin server for spam detection
(different servers, same subnet). I *do* consciously run SA over
internally submitted emails to catch compromised accounts (it
boost? Or
anything more scientific??
Simon.
--
Simon Wilson
M: 0400 12 11 16
.
DNSBL:19.192.251.205:zen.spamhaus.org
May 1 14:32:53.113 [21742] dbg: async: timing: 1.524 .
dns:A:67.27.240.54.bl.mailspike.net
May 1 14:32:53.113 [21742] dbg: async: timing: 1.533 .
dns:TXT:67.27.240.54.bl.spamcop.net
--
Simon Wilson
M: 0400 12 11 16
ked it, and it is working fine).
I'll see if I can work out why some DNS checks are taking so long.
Simon
--
Simon Wilson
M: 0400 12 11 16
slower?
Simon
--
Simon Wilson
M: 0400 12 11 16
to all the other patterns that it hits. They are going for people
without decent anti-spam - the ones silly enough to think about
responding to the message.
Maybe I'm crediting too much (or too little? LOL) IQ to the spammers
and to some recipients.
--
Simon Wilson
www.simonandkate.net
s responding if their
emails weren't full of stupid spelling like "suspention", "redice",
etc... Perhaps we should be grateful LOL...
--
Simon Wilson
www.simonandkate.net
50 matches
Mail list logo