Re: Question about sa-updates

Paul Schmehl skrev den 2024-06-22 07:44: It’s not clear to me from your answer. Does SA read rules in both places? it eveal first sa-update rules, then later host rules Or only in /etc/mail/spamassassin/? this is host rules, you define all global configs here, and it will never be

Re: Question about sa-updates

On Sat, 22 Jun 2024, Paul Schmehl wrote: On Jun 22, 2024, at 12:28 AM, Kenneth Porter wrote: On 6/21/2024 8:56 PM, Paul Schmehl wrote: I scratched my head, then looked up the man page for sa-update on the web. Sure enough, that’s where the rules go. Is that where my

Re: Question about sa-updates

> On Jun 22, 2024, at 12:28 AM, Kenneth Porter wrote: > > On 6/21/2024 8:56 PM, Paul Schmehl wrote: >> I scratched my head, then looked up the man page for sa-update on the web. >> Sure enough, that’s where the rules go. Is that where my local.cf file >> should be located? Right now it’s in

Re: Question about sa-updates

On 6/21/2024 8:56 PM, Paul Schmehl wrote: I scratched my head, then looked up the man page for sa-update on the web. Sure enough, that’s where the rules go. Is that where my local.cf file should be located? Right now it’s in /etc/mail/spamassassin. There’s a default local.cf file in

Question about sa-updates

I just ran sa-updates. Then I looked in /etc/mail/spamassassin to see if the rules had been updated, and none of them had today’s date on them So, I downloaded the tar file, unzipped it, and searched for one of the files. I found them in /var/lib/spamassassin/…. I scratched my head, then

Re: Sv: Re: Question about a rule

I'd also strongly recommend adding boundaries: /\b(blah1|blah2|blah3)\b/i Otherwise, you might have a whole *pano*ply of words that will make legit mails marked a spam. You need to be super sure about poison pills rules, or in french - *pillu*le empoisonnée. Good luck. On 18.06.24 13:35, Axb

Re: Sv: Re: Question about a rule

You need to enclose in brackets body LOCAL_BLAH /(blah1|blah2|blah3)/i On 6/18/24 13:05, Anders Gustafsson wrote: Sure: body LOCAL_PORN_RULE /kiimainen|naida|sexikäs|nussikas|nussia|pillu|pano|kinky|bdsm|pillua|x69-JOOGA/i score LOCAL_PORN_RULE 8 describe LOCAL_PORN_RULE This

Re: Sv: Re: Question about a rule

es instead of single rule with huge score. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar]

Sv: Re: Question about a rule

Sure: body LOCAL_PORN_RULE /kiimainen|naida|sexikäs|nussikas|nussia|pillu|pano|kinky|bdsm|pillua|x69-JOOGA/i score LOCAL_PORN_RULE 8 describe LOCAL_PORN_RULE This catches peter's porn spam Sorry again for mailing directly. No idea why it suggests the user and not users@ -- Med vänlig

Re: Question about a rule

On 18.06.24 13:50, Anders Gustafsson wrote: body LOCAL_PORN_RULE /word1|word2.|x69-JOOGA/i score LOCAL_PORN_RULE 8 describe LOCAL_PORN_RULE This catches peter's porn spam Funny thing is that it seems to trigger on messages that contain none of those words. I have removed the actual

Question about a rule

We have a rule that is supposed to catch various porn-related stuff: body LOCAL_PORN_RULE /word1|word2.|x69-JOOGA/i score LOCAL_PORN_RULE 8 describe LOCAL_PORN_RULE This catches peter's porn spam Funny thing is that it seems to trigger on messages that contain none of those words. I

Re: uridnsbl_skip_domain question

On 5/17/24 3:17 PM, Matus UHLAR - fantomas wrote: Hi guys, I have configured exclusion for some common domains e.g. gov.sk in SA: uridnsbl_skip_domain [...] gov.sk slovensko.sk However it seems that that domain is still queried:  9826  68.951573    127.0.0.1 → 127.0.0.1    DNS 104 Standard

uridnsbl_skip_domain question

Hi guys, I have configured exclusion for some common domains e.g. gov.sk in SA: uridnsbl_skip_domain [...] gov.sk slovensko.sk However it seems that that domain is still queried: 9826 68.951573127.0.0.1 → 127.0.0.1DNS 104 Standard query 0xbffe A mail.gov.sk.multi.uribl.com OPT in

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, 2024-01-19 at 15:15 +0100, Benny Pedersen wrote: > Byung-Hee HWANG skrev den 2024-01-19 11:12: > > > I rely on DNSWL for the reputable MX. > > if repution is 100% needed we all have to make local rescore on all > local mails, since repution is to be local, not external just > > i

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, 19 Jan 2024, Thomas Cameron wrote: On 1/19/24 16:32, Byung-Hee HWANG wrote: There is a filtering rule in Gmail: *Never send it to Spam* I apply that rule to extremely important emails such as debian-bugs- dist and debian-devel-announce. You know that. I know that. But trying to

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/19/24 16:32, Byung-Hee HWANG wrote: There is a filtering rule in Gmail: *Never send it to Spam* I apply that rule to extremely important emails such as debian-bugs- dist and debian-devel-announce. You know that. I know that. But trying to explain to the board members I'm helping out

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hellow Thomas, > But it drops it into the spam folder every time. So when I'm sending > emails to someone's alias, they have to check their spam folder. Even > when they mark it as "not spam," GMail still drops it into the spam > folder. It's very frustrating. > There is a filtering rule in

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/19/24 14:33, Matija Nalis wrote: You would need to encourage at least several of the recepients (the more the better) to click on "Not spam" button on GMail on such mails. Then it will (eventually) start accepting them normally. Yup, that's basically what I've been doing. see e.g.

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, Jan 19, 2024 at 10:37:13AM -0600, Thomas Cameron wrote: > The forwarded email is being *accepted* by GMail. My issue now is that GMail > drops it into the recipient's spam folder. I suspect it's a reputation > thing. Once the server is up and running for a while, I'm hoping that GMail >

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/7/24 05:40, Matus UHLAR - fantomas wrote: I built email servers for a non-profit I volunteer for.  If email comes into the server for presid...@myassociation.org, I would normally just create an alias in /etc/aliases so that emails to president@ get forwarded to the president's "real"

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/7/24 04:07, Byung-Hee HWANG wrote: Hellow Thomas, See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043539#88 Sincerely, Byung-Hee The issue is not so much that GMail doesn't accept the email. It does, since I have DKIM, DMARC, and SPF set up. But it drops it into the spam

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Byung-Hee HWANG skrev den 2024-01-19 11:12: I rely on DNSWL for the reputable MX. if repution is 100% needed we all have to make local rescore on all local mails, since repution is to be local, not external just i consider dnswl level 0 to be possitive scored, and let the other levels be

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Marc skrev den 2024-01-19 09:34: Hi Byung and Benny, are you having a nice MX party? :) not needed yet, hehe

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Byung-Hee HWANG skrev den 2024-01-19 06:16: Actually i used Google MX for 10 years. Recently, i created dedicated MXs and am continuing to operate them. Plus, the dedicated MXs run on Google Cloud and RimuHosting. it was to vierd for me to figure out how to get it working, and posible in the

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Fri, 2024-01-19 at 08:34 +, Marc wrote: > > > Byung-Hee HWANG skrev den 2024-01-08 12:27: > > > > > > > Gmail is my last INBOX. That's enough for me. > > > > > > +1, so you are ready to setup google mx ? :) > > > > > > > Hellow Benny, > > > > Actually i used Google MX for 10 years.

RE: Question about forwarding email (not specifically SA, pointers greatly appreciated)

> > Byung-Hee HWANG skrev den 2024-01-08 12:27: > > > > > Gmail is my last INBOX. That's enough for me. > > > > +1, so you are ready to setup google mx ? :) > > > > Hellow Benny, > > Actually i used Google MX for 10 years. Recently, i created dedicated > MXs and am continuing to operate them.

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On Mon, 2024-01-08 at 17:17 +0100, Benny Pedersen wrote: > Byung-Hee HWANG skrev den 2024-01-08 12:27: > > > Gmail is my last INBOX. That's enough for me. > > +1, so you are ready to setup google mx ? :) > Hellow Benny, Actually i used Google MX for 10 years. Recently, i created dedicated MXs

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Byung-Hee HWANG skrev den 2024-01-08 12:27: Gmail is my last INBOX. That's enough for me. +1, so you are ready to setup google mx ? :) https://support.google.com/a/answer/140034?hl=en i don't like it yet, missing dnssec and dane, tlsa, google is not friendly there if google wants my

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

This is not a good advice. Whoever filters SPF at SMTP time will reject that message. Gmail is not the only mail service available. On 08.01.24 20:27, Byung-Hee HWANG wrote: Gmail is my last INBOX. That's enough for me. that's what I wanted to say - enough for someone, but not generally

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

> > This is not a good advice. Whoever filters SPF at SMTP time will > reject that > message. Gmail is not the only mail service available. Hellow Matus, Gmail is my last INBOX. That's enough for me. Sincerely, Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

I built email servers for a non-profit I volunteer for. If email comes into the server for presid...@myassociation.org, I would normally just create an alias in /etc/aliases so that emails to president@ get forwarded to the president's "real" email address, say

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

> > I built email servers for a non-profit I volunteer for. If email > comes > into the server for presid...@myassociation.org, I would normally > just > create an alias in /etc/aliases so that emails to president@ get > forwarded to the president's "real" email address, say >

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hello, On Wed, Jan 03, 2024 at 01:24:02PM -0600, Thomas Cameron via users wrote: > On 1/2/24 17:51, Andy Smith wrote: > > - Have your users collect their your-org email by some means other > >than SMTP, such as running an IMAP server and having them view > >both their gmail mailbox and

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/4/24 06:35, Matus UHLAR - fantomas wrote: On 03.01.24 20:36, Thomas Cameron wrote: Fair point. But I'm guessing that because it has two DKIM signatures, it's not passing the DKIM check. only one of those DKIM dignatures needs to pass, with the domain in From: Yup, and it seems to be

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/4/24 06:31, Matus UHLAR - fantomas wrote: On 03.01.24 19:30, Thomas Cameron wrote: Thanks for the advice on SRS - I have set it up and it's mostly working. At least GMail accepts the emails, although it seems to be failing DKIM and DMARC tests. I'm digging into what, if anything, can be

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Thomas Cameron writes: Yeah, the weird thing is, when I check the forwarded email on GMail, I see in the headers that both the original sending email server (call it mail.somedomain.com) and the relay server (call it mail.myassociation.org) put DKIM signatures in the message. On 1/3/24

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 15:44, Bill Cole wrote: Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it has multiple implementations. If you forward mail, you will break SPF unless you fix the envelope sender so that it uses a domain  that permits the example.org server to send for it.

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 19:45, Greg Troxel wrote: Thomas Cameron writes: Yeah, the weird thing is, when I check the forwarded email on GMail, I see in the headers that both the original sending email server (call it mail.somedomain.com) and the relay server (call it mail.myassociation.org) put DKIM

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Thomas Cameron writes: > Yeah, the weird thing is, when I check the forwarded email on GMail, I > see in the headers that both the original sending email server (call > it mail.somedomain.com) and the relay server (call it > mail.myassociation.org) put DKIM signatures in the message. That's

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 17:41, Greg Troxel wrote: You are overlooking that DKIM from the original From: is the responsibility of that domain and that if you do not modify the message then it should still pass. Domains sending without DKIM are going to be a mess. Yeah, the weird thing is, when I check the

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 15:44, Bill Cole wrote: Indeed: your solution is known as "SRS" (Sender Rewriting Scheme) and it has multiple implementations. If you forward mail, you will break SPF unless you fix the envelope sender so that it uses a domain  that permits the example.org server to send for it.

[SOLVED] Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 18:16, Michael Grant wrote: Here's what I have done in the past from my server to get around this situation you are having: 1. In my .procmailrc file :0c: !exam...@gmail.com This sends a copy (the c flag in first line) of the message to the gmail account and leaves a copy in your

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Here's what I have done in the past from my server to get around this situation you are having: 1. In my .procmailrc file :0c: !exam...@gmail.com This sends a copy (the c flag in first line) of the message to the gmail account and leaves a copy in your inbox. 2. From your exam...@gmail.com

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

"Thomas Cameron via users" writes: > I actually set up SPF, DMARC, and DKIM on the non-profit's email > server. It works fine if I send email from the server. > > The rub is, I want all emails to presid...@example.org to be forwarded > to presidents_real_addr...@gmail.com. Since the forward

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hello Thomas, This might help too: These failures are often due to SPFs that have a hard fail (meaning they end with ‘-all’). When I dealt with this in the past, the original sending domain was one where we could modify the SPF. So we had the email sender change “-all” to “~all” and since that

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 2024-01-03 at 14:17:11 UTC-0500 (Wed, 3 Jan 2024 13:17:11 -0600) Thomas Cameron via users is rumored to have said: The rub is, I want all emails to presid...@example.org to be forwarded to presidents_real_addr...@gmail.com. Since the forward happens at mail.example.org, the "from" is from

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/2/24 17:51, Andy Smith wrote: Hi Thomas, On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote: I built email servers for a non-profit I volunteer for. If email comes into the server for presid...@myassociation.org, I would normally just create an alias in /etc/aliases

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/3/24 01:21, Jared Hall wrote: On 1/2/2024 5:24 PM, Thomas Cameron via users wrote: The problem is, when I send email to presid...@myassociation.org, gmail rejects the forwarded email because it appears to come from my personal domain, not the mythical myassociation.org domain. DKIM,

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

On 1/2/2024 5:24 PM, Thomas Cameron via users wrote: The problem is, when I send email to presid...@myassociation.org, gmail rejects the forwarded email because it appears to come from my personal domain, not the mythical myassociation.org domain. DKIM, DMARC, and SPF all fail, which I

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

"Thomas Cameron via users" writes: > I built email servers for a non-profit I volunteer for. If email comes > into the server for presid...@myassociation.org, I would normally just > create an alias in /etc/aliases so that emails to president@ get > forwarded to the president's "real" email

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

Hi Thomas, On Tue, Jan 02, 2024 at 04:24:37PM -0600, Thomas Cameron via users wrote: > I built email servers for a non-profit I volunteer for. If email comes into > the server for presid...@myassociation.org, I would normally just create an > alias in /etc/aliases so that emails to president@ get

Question about forwarding email (not specifically SA, pointers greatly appreciated)

Howdy, all - This is not strictly SpamAssassin related, but y'all probably know where to point me to make this work. I built email servers for a non-profit I volunteer for. If email comes into the server for presid...@myassociation.org, I would normally just create an alias in /etc/aliases

Re: check_rbl question

Michael Grant via users skrev den 2023-07-07 17:41: On Fri, Jul 07, 2023 at 04:50:18PM +0200, giova...@paclan.it wrote: if can(Mail::SpamAssassin::Conf::has_tflags_nolog) tflags URIBL_IVMURI net nolog else tflags URIBL_IVMURI net endif and Benny Pedersen's idea of using a rule like:

Re: check_rbl question

On Fri, Jul 07, 2023 at 04:50:18PM +0200, giova...@paclan.it wrote: > if can(Mail::SpamAssassin::Conf::has_tflags_nolog) > tflags URIBL_IVMURI net nolog > else > tflags URIBL_IVMURI net > endif and Benny Pedersen's idea of using a rule like: header __FOO eval:check_rbl('ivmSIP-lastexternal',

Re: check_rbl question

On 7/7/23 16:18, Michael Grant via users wrote: I'm using check_rbl with some paid lists for example invaluement. I don't want to put my license key into the rule or it ends up in the spamassassin X-Spam-Report header. On one server, I've configured bind9 with DNAME records to hide the key.

Re: check_rbl question

Michael Grant via users skrev den 2023-07-07 16:18: I'm using check_rbl with some paid lists for example invaluement. I don't want to put my license key into the rule or it ends up in the spamassassin X-Spam-Report header. On one server, I've configured bind9 with DNAME records to hide the

check_rbl question

I'm using check_rbl with some paid lists for example invaluement. I don't want to put my license key into the rule or it ends up in the spamassassin X-Spam-Report header. On one server, I've configured bind9 with DNAME records to hide the key. But what do others do? Is there some easier way to

Re: Question about user specific bayes

On 2022-01-18 22:34, Bill Cole wrote: Well, maybe? I don't currently have a system using per-user Bayes and it's been a bit since I set one up so hopefully someone who has a working rig will speak up... fuglu have pr user bayes pr default, and it recently fixed that local part before could

RE: Question about user specific bayes

ood per-user DB isn't properly seeded. It doesn't seem to be creating an empty database at all. Not sure why > -Original Message- > From: Bill Cole > Sent: Tuesday, January 18, 2022 12:23 PM > To: users@spamassassin.apache.org > Subject: Re: Question about user specific bayes

Re: Question about user specific bayes

to a global Bayes DB just because an otherwise perfectly good per-user DB isn't properly seeded. -Original Message- From: Bill Cole Sent: Tuesday, January 18, 2022 12:23 PM To: users@spamassassin.apache.org Subject: Re: Question about user specific bayes On 2022-01-18 at 11:12:01 UTC

RE: Question about user specific bayes

, it will use it provided it's properly seeded. If not, it will fall back to the global bayes. Is that correct? Thanks -Original Message- From: Bill Cole Sent: Tuesday, January 18, 2022 12:23 PM To: users@spamassassin.apache.org Subject: Re: Question about user specific bayes On 2022-01-18

Re: Question about user specific bayes

On 2022-01-18 at 11:12:01 UTC-0500 (Tue, 18 Jan 2022 16:12:01 +) Dino Edwards is rumored to have said: Hi, Trying to implement user specific bayes. My current setup is setup as follows in regards to global bayes. I'm also using amavis: bayes_path /opt/sa-bayes/bayes bayes_file_mode

Question about user specific bayes

Hi, Trying to implement user specific bayes. My current setup is setup as follows in regards to global bayes. I'm also using amavis: bayes_path /opt/sa-bayes/bayes bayes_file_mode 0777 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 0 bayes_auto_learn_threshold_spam 15

RE: Question about whitelisting of naadac.org

2021 5:43 AM To: users@spamassassin.apache.org Subject: Re: Question about whitelisting of naadac.org On Wed, 11 Aug 2021, Lukasz Maik wrote: Hi All, The company naadac.org is experiencing problems with their e-mails being marked as SPAM, when they are putting link to their domain https://eur02.safelinks.prot

Re: Question about whitelisting of naadac.org

On 2021-08-12 at 16:16:21 UTC-0400 (Thu, 12 Aug 2021 20:16:21 +) Lukasz Maik is rumored to have said: Dear John, Sure, please find full tests results here: https://www.mail-tester.com/test-bw02eaxrt That website is not in any way authoritative, misrerpresents SpamAssassin scores, is

Re: Question about whitelisting of naadac.org

ils, recipients are finding those messages in the Junk Email folder. Even people with who he was previously working before. Kind Regards Lukas -Original Message- From: John Hardin Sent: Thursday, August 12, 2021 5:43 AM To: users@spamassassin.apache.org Subject: Re: Question ab

Re: Question about whitelisting of naadac.org

Lukasz Maik writes: [not sure what the relationship of ricoh-europe is to a US .org is] > Sure, please find full tests results here: > https://www.mail-tester.com/test-bw02eaxrt > > We've lost a point for not having DKIM/DMARC authentication, which is > unfortunately not supported by our

RE: Question about whitelisting of naadac.org

, 2021 5:43 AM To: users@spamassassin.apache.org Subject: Re: Question about whitelisting of naadac.org This message was sent from an external source. Please be careful opening attachments/links or replying to sources you don't know. On Wed, 11 Aug 2021, Lukasz Maik wrote: > Hi

Re: Question about whitelisting of naadac.org

On Wed, 2021-08-11 at 20:43 -0700, John Hardin wrote: > As Kenneth said, contact Spamhaus regarding why that domain is listed. > > I took a look at it with a text-mode web browser, Lynx, thats too simple to try to process nastys and with all cookies disabled. It looked more than slightly suspect

Re: Question about whitelisting of naadac.org

On Wed, 11 Aug 2021, Lukasz Maik wrote: Hi All, The company naadac.org is experiencing problems with their e-mails being marked as SPAM, when they are putting link to their domain www.naadac.org in the signature of their mails. Is it possible to whitelist this domain/link in your SPAM

Re: Question about whitelisting of naadac.org

--On Wednesday, August 11, 2021 8:57 PM + Lukasz Maik wrote: The company naadac.org is experiencing problems with their e-mails being marked as SPAM, when they are putting link to their domain www.naadac.org in the signature of their mails. Is it possible to

Re: Spamass milter question

On Wed, 27 May 2020, LuKreme wrote: On May 27, 2020, at 20:08, John Hardin wrote: On Wed, 27 May 2020, @lbutlr wrote: On 27 May 2020, at 18:27, RW wrote: I should have added that if whitelist_from_rcvd *@* server.example.com (without the colon) is only only failing occasionally on mail

Re: Spamass milter question

On 27.05.20 10:35, @lbutlr wrote: What, if any, local SpamAssassin settings does spams-milter use when processing incoming mail? don't you mean spamass-milter? For example, if I wanted to white list a sender or blacklist a domain, would the general settings in

Re: Spamass milter question

On May 27, 2020, at 20:08, John Hardin wrote: > > On Wed, 27 May 2020, @lbutlr wrote: >>> On 27 May 2020, at 18:27, RW wrote: >>> I should have added that if whitelist_from_rcvd *@* server.example.com >>> (without the colon) is only only failing occasionally on mail from >>>

Re: Spamass milter question

On Wed, 27 May 2020, @lbutlr wrote: On 27 May 2020, at 18:27, RW wrote: I should have added that if whitelist_from_rcvd *@* server.example.com (without the colon) is only only failing occasionally on mail from server.example.com, it's probably just an rDNS lookup failure of some sort.

Re: Spamass milter question

On 27 May 2020, at 18:27, RW wrote: > I should have added that if whitelist_from_rcvd *@* server.example.com > (without the colon) is only only failing occasionally on mail from > server.example.com, it's probably just an rDNS lookup failure of some > sort. Well, I do not get anything that I

Re: Spamass milter question

On Thu, 28 May 2020 01:04:20 +0100 RW wrote: > On Wed, 27 May 2020 10:35:26 -0600 > @lbutlr wrote: > > I am wondering because I have a server whitelisted in that file (or > > do I?), but I am seeing occasional logs like: > The lack of recorded rDNS is a common reason for failure. I should have

Re: Spamass milter question

On Wed, 27 May 2020 10:35:26 -0600 @lbutlr wrote: > What, if any, local SpamAssassin settings does spams-milter use when > processing incoming mail? > > For example, if I wanted to white list a sender or blacklist a > domain, would the general settings in > /usr/local/etc/spamassasin/local.cf be

Re: Spamass milter question

On 27 May 2020, at 10:44, Robert Schetterer wrote: > Am 27.05.20 um 18:35 schrieb @lbutlr: >> # Allow all mailing list posts from example.com >> whitelist_from_rcvd: *@* server.example.com Actual file has "whitelist_from_rcvd *@* server.example.com" without the ':'. Was hopeful that was the

Re: Spamass milter question

Am 27.05.20 um 18:35 schrieb @lbutlr: What, if any, local SpamAssassin settings does spams-milter use when processing incoming mail? For example, if I wanted to white list a sender or blacklist a domain, would the general settings in /usr/local/etc/spamassasin/local.cf be the place? I am

Spamass milter question

What, if any, local SpamAssassin settings does spams-milter use when processing incoming mail? For example, if I wanted to white list a sender or blacklist a domain, would the general settings in /usr/local/etc/spamassasin/local.cf be the place? I am wondering because I have a server

Re: Question about the 'URIBL_BLOCKED' rule

On 5/3/20 1:16 AM, Bill Cole wrote: > On 30 Apr 2020, at 14:59, Tom Williams wrote: > >> Hi!  I'm new to this mailing list, but not new to SpamAssassin. I've >> used it on and off for a number years.  :)   Recently, (within the >> past 6 months or so) I enabled it for email in a shared web hosting

Re: Question about the 'URIBL_BLOCKED' rule

On 30 Apr 2020, at 14:59, Tom Williams wrote: Hi!  I'm new to this mailing list, but not new to SpamAssassin. I've used it on and off for a number years.  :)   Recently, (within the past 6 months or so) I enabled it for email in a shared web hosting environment (we host with InMotionHosting).

Re: Question about the 'URIBL_BLOCKED' rule

Man thanks to those who responded.  I was mainly wondering how the inability to do blacklist checks would impact the overall ability of SpamAssassin to detect spam.  Given the responses, I'll go in a different direction.  I'll move the site to a VPS, where I can have more control over SpamAssassin

Re: Question about the 'URIBL_BLOCKED' rule

On Sat, 2 May 2020 15:59:27 +0300 Jari Fredriksson wrote: > On 2.5.2020 13.30, Reindl Harald wrote: > > and why don't you just replace /etc/resolv.conf and fire up "chattr > > +i /etc/resolv.conf" like everyone else does for years to keep it > > untouched (that's even a ducomentaed way to prevent

Re: Question about the 'URIBL_BLOCKED' rule

On 2.5.2020 13.30, Reindl Harald wrote: and why don't you just replace /etc/resolv.conf and fire up "chattr +i /etc/resolv.conf" like everyone else does for years to keep it untouched (that's even a ducomentaed way to prevent it overwritten by dhcp clients) there is no point using a shared

Re: Question about the 'URIBL_BLOCKED' rule

Still! Syncing weekly_mass_check check: dns_block_rule URIBL_BLOCKED hit, creating/home/jarif/.spamassassin/dnsblock_multi.uribl.com (This means dnsbl blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny multi.uribl.com" to disable

Re: Question about the 'URIBL_BLOCKED' rule

I have too had a problem of this in my masscheck box. It is a cloud VM in Google Cloud and they do like to provide a /etc/resolv.conf for their own DNS which has been next to impossible to overcome. I do replace it in the beginning of my masscheck process with my own but to no avail. I now

Re: Question about the 'URIBL_BLOCKED' rule

First result on Google: http://cweiske.de/tagebuch/uribl_blocked.htm Short version: URIBL will block you if you use any of the big DNS providers, such as 8.8.8.8. On 4/30/20 11:59 AM, Tom Williams wrote: > Hi!  I'm new to this mailing list, but not new to SpamAssassin. I've > used it on and off

Question about the 'URIBL_BLOCKED' rule

Hi!  I'm new to this mailing list, but not new to SpamAssassin. I've used it on and off for a number years.  :)   Recently, (within the past 6 months or so) I enabled it for email in a shared web hosting environment (we host with InMotionHosting). Anyway, due to the volume of email traffic the

Re: Question on early detection for relay spam

Rupert Gallagher skrev den 2020-03-05 00:27: Fails with travelling clients. my custommers want vacation without stress :=)

Re: Question on early detection for relay spam

On 04 Mar 2020, at 16:27, Rupert Gallagher wrote: > Fails with travelling clients. Depends. I block several countries from accessing my mail server. If someone travels to one of those countries, they can use webmail to access their mail. There are always options. However, most people simply

Re: Question on early detection for relay spam

Fails with travelling clients. Original Message On Mar 3, 2020, 16:49, Benny Pedersen wrote: > Marc Roos skrev den 2020-03-03 16:15: >> Use ipset, hardly causing any latency using 50k entries. > > i dont need to block 50k entries, but only whitelist few accepted client > ips,

Re: Question on early detection for relay spam

On 4 Mar 2020, at 14:43, RW wrote: On Tue, 03 Mar 2020 16:05:31 -0800 Ted Mittelstaedt wrote: 2FA isn't going to help unless 2FA could be applied to the SMTP Auth port. Sometime 2FA on webmail is combined with separate autogenerated passwords for pop/imap/submission. A.k.a. "application

Re: Question on early detection for relay spam

On Tue, 03 Mar 2020 16:05:31 -0800 Ted Mittelstaedt wrote: > 2FA isn't going to help unless 2FA could be applied to the SMTP Auth > port. Sometime 2FA on webmail is combined with separate autogenerated passwords for pop/imap/submission.

Re: Question on early detection for relay spam

If password rotating is out of the question, you might want to check your IPs against blacklists multiple times at a day, it wouldn't stop it but it may notify you earlier to stop an outbreak. Other thing that comes to mind is, you may try rate limiting your users and setup a cron to monitor

Re: Question on early detection for relay spam

On 3/3/2020 5:53 AM, Riccardo Alfieri wrote: On 03/03/20 08:54, Benny Pedersen wrote: Ted Mittelstaedt skrev den 2020-03-03 08:26: What do other people do for this problem? Hi Ted, What I can suggest you is to look at our DQS product (https://www.spamhaustech.com/dqs/), that even in

RE: Question on early detection for relay spam

Well for example of the trouble RBLS cause see this one for your own number: -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [212.26.193.44 listed in list.dnswl.org] >and then immediately forget it,

Re: Question on early detection for relay spam

On 3/3/20 3:40 AM, Marc Roos wrote: No problem I would say, it is good exchange thoughts and idea's Agreed. Strange your webmail should be on https then it is difficult to catch passwords. I do not have this at al, that peoples passwords get stolen. Hardly ever. So maybe somewhere something

Re: Question on early detection for relay spam

On 3 Mar 2020, at 2:26, Ted Mittelstaedt wrote: I know this is probably off topic but I'm getting desperate enough to ask. I run a commercial mailserver that regularly seems to have spammers relay mail through it that have obtained stolen credentials for a user. Many years ago I stopped

  1   2   3   4   5   6   7   8   9   10   >