To test a procedure we'd like to implement, we'd need RBL feeds that we may
rsync from for free and load into rbldnsd.
If they are hours old is not a problem.
Can you list some?
Thank you
t; in 2023),
SA in Zimbra will be kept but all the rules removed but few handling
special cases. I'd also like to "import" the score from the first SA
in this one...
On Mon, Feb 27, 2023 at 3:53 PM hg user wrote:
> Hi Riccardo,
> thank you.
>
> Yes, the directories are
I decided to create a pool of spamassassin instances queried from our
frontier exim mta.
Can you please tell me which linux distribution has the best support,
quicker updates and plugins for SpamAssassin?
I'd prefer not to install from sources, but if you think it's better,
please tell me.
>From my small experience... I score BAYES_999 with 2.00, it was
suggested to me months ago.
But nowadays I'd be more careful and do some more testing: I'd check which
messages have only BAYES_99 and which have BAYES_999, If you are
absolutely certain that BYES_999 are only and definitively
Hi Riccardo,
thank you.
Yes, the directories are those, I was expecting something different
but actually in this way everything is in a user-controlled dir.
Thank you to everybody that replied to my request. I knew I was not clear
in my message... :-)) sorry about it.
I have 2 paid RBL (so I don't care about number of queries) at the frontier
MTA. These RBLs reject a ton of connections and so the number of messages
reaching SA is already reduced.
:-) so I'd like to understand myself what
to do.
What plugins should be "mandatory" in 2023 ? And also useful for the
italian language?
On Sun, Feb 26, 2023 at 4:30 PM Giovanni Bechis wrote:
> On Sat, Feb 25, 2023 at 03:30:13PM +0100, hg user wrote:
> > Hi,
> > I'd lik
The last time I was hit by a not-recognized phishing campaign, no Ips nor
domains were present in RBL. When I took action one hour later I found that
several of them were listed.
So my idea is; is it possible to replay the queries one/two hours later?
I envision two methods:
- logging the
Hi,
I'd like to install at least one plugin in my embedded spamassassin,
installed inside Zimbra.
I'm a bit afraid of breaking stuff, about missing dependencies and so on.
I'm on SA 3.4.5 and - as a test - I'd like to install ESP plugin.
"
> To users@spamassassin.apache.org
> Date 2/21/2023 2:11:02 PM
> Subject Re: May I get to 0 phishing?
>
> >On 2023-02-21 at 13:51:09 UTC-0500 (Tue, 21 Feb 2023 19:51:09 +0100)
> >hg user
> >is rumored to have said:
> >
> >>I was wondering if
I was wondering if it is possible to reach the goal of 0 phishing.
With 2 layers of paid protection, and a third layer realized with
spamassassin with a lot of hand made rules, I'm able to catch a lot of spam
and if some reaches the mailboxes, no problem.
But when phishing is able to reach the
Can you please give me some details on your bayes setup? Headers
exclusion, bayes_token_sources, how do you "sa-learn" messages...
thank you
On Sun, Feb 19, 2023 at 11:53 PM Loren Wilton wrote:
> > The real question is: has bayes still its use case in 2023 ? Is it still
> used with important
>
>
> bayes_token_sources none visible uri mimepart
>
I added this line to my config with no changes in the tokens used to sum
the bayes score, headers still used. It may be a command only recognized
during learning but I should check the sources.
> perhaps OP has bayes_token_sources setting
please
spamassassin -D bayes -t file.eml 2>/tmp/z
and in /tmp/z you will have the score assigned to the "tokens"... from
those points you will understand what created the different totals.
If you can you may relearn all the messages, both ham and spam, with the
tip suggested a couple of days ago,
On Thu, Feb 16, 2023 at 9:57 PM joe a wrote:
>
> plugin: failed to parse plugin (from @INC): Can't locate
> Mail/SpamAssassin/Plugin/SpamCop.pm:
> lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied at (eval 44)
> line 1.
>
root can do anything. a restricted user can't: it's only allowed
I was investigating a bunch of bitcoin spam: different titles,
different senders (all from gmail), different text, different pdf
attachment.
Unfortunately in those days my bayes db was polluted and they all got
a BAYES_50, 0.8.
I tested the messages now with a recreated bayes db and got some
And how to intercept?
>From time to time we receive a message that is a reply-to to an old
message, sometimes after months, with just several lines added at the top
inviting to open a url or attachment.
Has this kind of phishing a name?
How can I prevent it or at least flag it for review?
Thank
.
On Wed, Feb 15, 2023 at 3:27 PM Matus UHLAR - fantomas
wrote:
> On 15.02.23 14:53, hg user wrote:
> >If you run spamassasin with -D bayes -t xxx 2>debug.log
> >
> >in debug.log you will see all the "tokens" the bayes system extracts
> >from the headers
If you run spamassasin with -D bayes -t xxx 2>debug.log
in debug.log you will see all the "tokens" the bayes system extracts
from the headers and you will probably find a lot of them related to
mailing lists.
If you teach SA that those tokens are spam and they are present both
in WP or Forbes,
I believe that a SA plugin (like bayes) is able to know the envelope MAIL
FROM and RCPT TO values... is it correct? If it is possible we "just" have
to modify the bayes plugin
On Tue, Dec 8, 2020 at 10:13 PM Benny Pedersen wrote:
> micah anderson skrev den 2020-12-08 21:54:
> > Kris Deugau
ackend..com with LMTP; Thu, 18 Jun 2015 16:50:56
> -0700 (PDT)
> if (/^(\S+) \(LHLO (\S*)\) \((${IP_ADDRESS})\) by (\S+) with LMTP/) {
> $rdns = $1; $helo = $2; $ip = $3; $by = $4; goto enough;
> }
>
>
> On Mon, Dec 09, 2019 at 09:33:39AM +0100, hg user wrote:
09, 2019 at 09:10:25AM +0100, hg user wrote:
> > Investigating why a message scored X when arrived and Y now (recovered
> from
> > user inbox), I realized that UNPARSEABLE_RELAY_COUNT rule fires on all
> messages
> > recovered from user inbox.
> > In almost all ca
Investigating why a message scored X when arrived and Y now (recovered from
user inbox), I realized that UNPARSEABLE_RELAY_COUNT rule fires on all
messages recovered from user inbox.
In almost all cases this is not a problem, except for XPRIO_SHORT_SUBJ: it
fired on X and didn't fire on Y due to
>> I recently migrated SA to a new environment with a clean install. I
added the KAM rules and a short rules file of my own. But I'm obviously
missing some pretty basic rules that I believe I had in the old environment.
> or Bayes by the look of it.
Did you have bayes working on the old
Thank you to both for your answers.
Yes, I meant TxRep.
My text file is in this format:
mail@mydomain,remote_email@remotedomain
My goal is to lower the score of messages coming from
remote_email@remotedomain and addressed to mail@mydomain. Of course, each
user can have a different list of
In a 28mb, 610K lines text file, I have a list of all my users and the
email addresses they *sent* a mail at least once.
I'd like to use the info to add a -1 point when a mail is received from one
of these addresses.
Unfortunately, at the moment, outgoing mail is not processed by
spamassassin so
Hi,
I'm wondering if the plugins listed in the subject may help with messages
that are not in english...
ng
> included in the infected attachments.
> Imo, the ClamAV sigs make more sense.
>
> On 9/17/19 12:36 PM, hg user wrote:
>
>> It is a "dumb" rule but the quicker I could create.
>>
>> https://pastebin.com/bxRSds7a
>>
>> On Tue, Sep 17, 2019
It is a "dumb" rule but the quicker I could create.
https://pastebin.com/bxRSds7a
On Tue, Sep 17, 2019 at 11:59 AM Blason R wrote:
> If possible please share it here?
>
> On Tue, Sep 17, 2019 at 3:20 PM hg user wrote:
>
>> A new emotet campain is in progress (https
A new emotet campain is in progress (https://twitter.com/Cryptolaemus1) and
I created a rule... I don't know if is it possible to share (via pastebin)
the rule I created to have feedback from the experts...
I'm trying to create a rule with this check:
header __RULE_TO To =~ /myemail|youremail/i
It happens that we receive a mail that has a To: header that is 146 lines
long... multiplied by a minimum of 3 addresses per line, we have a 430+
list of emails.
If the email I'm looking for is
Is it the spam coming as a empty subject, empty message and a pdf
attachment ?
I received about 3000 of them in the weekend and I'm starting to check the
logs of yesterday.
A lot of them got an high score, from 8 to 13 thanks to RBL...
score=9.692 required=5.6 tests=[BAYES_60=1.5,
I try to ask again the question with a more specific message.
I have a quite standard rule:
body__ZIMBRA_03 /webmail|loss of email|(omissis)/i
I compile the rules. When I test with spamassassin -D -t msg the rule is
listed in the subtests list among the others but spamassassin doesn't
iled rules?
On Mon, Aug 5, 2019 at 3:40 PM hg user wrote:
>
> I'm trying to understand why this rule fires on some messages:
> metaPHISH_ZIMBRA ( __ZIMBRA_00 + __ZIMBRA_01 + __ZIMBRA_02 +
> __ZIMBRA_03 > 2 ) && __NOT_FROM_INTERNAL
>
> I read it in this way:
>
I'm trying to understand why this rule fires on some messages:
metaPHISH_ZIMBRA ( __ZIMBRA_00 + __ZIMBRA_01 + __ZIMBRA_02 +
__ZIMBRA_03 > 2 ) && __NOT_FROM_INTERNAL
I read it in this way:
IF at least THREE rules among __ZIMBRA_00, 01, 02 or 03 are matched AND
rule __NOT_FROM_INTERNAL is
about, is to move spamassassin away from zimbra and give it a standalone
server. We will lose something in integration but we can be free from
zimbra release cycles.
On Thu, Jun 27, 2019 at 2:38 PM David Jones wrote:
> On 6/26/19 3:43 AM, hg user wrote:
> > Thank you everybody for yo
In this moment I have more than 400 delivery of a 178kb text/html
message... no attachment...
For specific senders I may:
- apply a very restrictive throttling
- skip spamassassin check
On Fri, Jun 28, 2019 at 3:18 PM Matus UHLAR - fantomas
wrote:
> >> On 28.06.19 12:03, hg u
- fantomas
wrote:
> >> On Fri, Jun 28, 2019 at 10:49 AM hg user
> wrote:
> >>> I'm not able to lower cpu usage of amavisd.
> >>> 4 cpus are used 100% and messages queue up to 15 minutes before being
> >>> processed.
> >>>
> >>>
Messages reported by mailq decreased to about 370 and then, in a few
seconds, to 0... from 370 to 0 in a few seconds...
On Fri, Jun 28, 2019 at 10:49 AM hg user wrote:
> I'm not able to lower cpu usage of amavisd.
> 4 cpus are used 100% and messages queue up to 15 minutes before
I'm not able to lower cpu usage of amavisd.
4 cpus are used 100% and messages queue up to 15 minutes before being
processed.
mailq reports up to 470 queued messages... and this is bad, really bad.
The most part of SA work is spent here:
tests_pri_0: 7371 (93.7%)
and I know that priority 0
Thank you everybody for your really interesting answers. In this moment I'm
just collecting informations.
I have one main problem: one of the engines used by our commercial antispam
solution returns too many FPs. I'm gradually introducing spamassassin
(included in zimbra) and I'd like to mitigate
I'd like to create my own RBL that answers queries about IP, domain or
address reputation.
Data should be stored in a database (mysql, postgres, redis, etc) so that
information can be added/modified/removed without the need to restart
spamassassin (I think the simpler solution would be a list in
Hi,
I noticed spam using ccuz url shortener in an italian spam advertising
a sex site.
I was wondering if it would be good to be added to __URL_SHORTENER or not.
In this specific case it won't help to score higher but who knows in the
future?
I did some more research and I think I have to report the new discovery so
that the thread can be useful to other Readers.
First:
0.000 0 5232 0 non-token data: nspam
0.000 0 70408 0 non-token data: nham
0.000 0 388070 0
e bayes db
and sa-learn all the corpus I put apart
On Mon, May 27, 2019 at 8:06 PM Matus UHLAR - fantomas
wrote:
> On 27.05.19 18:04, hg user wrote:
> >I was writing a message requesting advice on bayes_ignore_header since I
> >was sure something was wrong when I decided to ha
I was writing a message requesting advice on bayes_ignore_header since I
was sure something was wrong when I decided to have a look at spamassassin
-D bayes output... and I was shocked by what I saw !
x-spam-relays-external lists all the hops of the message *including* internal
servers and so
pam messages
(90% not in italian...)
Can this be a problem?
On Mon, May 27, 2019 at 12:26 PM hg user wrote:
>
> $ sa-learn --dump magic
> netset: cannot include 127.0.0.0/8 as it has already been included
> netset: cannot include 0:0:0:0:0:0:0:1/128 as it has already been i
I think, well... I suppose to be doing everything according to zimbra
requirements.
I'm trying to undersand if it is possible that the bayes plugin reports
different results within a few minutes and with no changes to the bayes
db...
Here are the commands, so that you may tell me if some
.
On Mon, May 27, 2019 at 1:18 PM Matus UHLAR - fantomas
wrote:
> On 27.05.19 12:51, hg user wrote:
> >the Linux user is the same.
>
> the same as what?
>
> >Bayes db is on Linux.
>
> seems I wasn't clear at my question:
> How do you use spamassassin? milter,
Hi,
the Linux user is the same.
Bayes db is on Linux.
I'm trying to understand what it is happening in my spamassassin 3.4.1
bayes system.
I make it learn a new message as spam and it learns it correctly, so that
the message is reported BAYES_50.
Unfortunately, after a few minutes, and with no new messages learnt
(autolearn=no), the message is
51 matches
Mail list logo
