On 11 Feb 2018, at 9:54 (-0500), Benny Pedersen wrote:
first query would be valid for 300 secs, but that is imho still not
free, problem is that keeping low ttls does not change how dns works,
any auth dns servers will upate on soa serial anyway, the crime comes
in when sa using remote dns
Dave Warren skrev den 2018-02-06 20:39:
How low are the TTLs? I'm seeing 300 seconds on 127.0.0.2 which is
more than sufficient time for a single message to finish processing,
such that multiple queries from one message would absolutely be cached
(or more likely, the first would still be
On Tue, 6 Feb 2018 11:38:42 -0500
Alex wrote:
> On Tue, Feb 6, 2018 at 8:44 AM, David Jones wrote:
ustomer's compromised accounts.
> >
> > Leave out the RCVD_IN_BRBL rule above and change the
> > RCVD_IN_BRBL_LASTEXT score to 1.4 to keep things the same.
>
> If you think the
Hi,
>>> whitelist_auth *@bounce.mail.salesforce.com
>>> whitelist_auth *@sendgrid.net
>>> whitelist_auth *@*.mcdlv.net
>>
>>
>> I've seen enough spam sent through all three - both by way of whole
>> apparently spammer-owned accounts and cracked-but-otherwise-legitimate
>> accounts - that I would
On Tue, 6 Feb 2018, Kris Deugau wrote:
Alex wrote:
These phishes we've received were all from otherwise trusted sources
like salesforce, amazonses and sendgrid. These are examples that I
believe were previously whitelisted because of having received a phish
through these systems but have no
On 02/06/2018 01:28 PM, Alex wrote:
Hi,
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_BRBL eval:check_rbl('brbl',
'bb.barracudacentral.org')
tflags __RCVD_IN_BRBL net
header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl',
'127.0.0.2')
meta
Alex wrote:
These phishes we've received were all from otherwise trusted sources
like salesforce, amazonses and sendgrid. These are examples that I
believe were previously whitelisted because of having received a phish
through these systems but have no been disabled.
whitelist_auth
On 2018-02-05 09:12, Benny Pedersen wrote:
Kevin A. McGrail skrev den 2018-02-05 16:53:
I don't think that will apply will it because it will be looking up
something like 1.2.3.4.bb.barracuda.blah which isn't cached.
the first qurry can make a qurry with very low ttl, so it would not be
Hi,
> ifplugin Mail::SpamAssassin::Plugin::DNSEval
>
> header __RCVD_IN_BRBL eval:check_rbl('brbl',
> 'bb.barracudacentral.org')
> tflags __RCVD_IN_BRBL net
>
> header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl',
> '127.0.0.2')
On 02/06/2018 10:38 AM, Alex wrote:
Hi,
On Tue, Feb 6, 2018 at 8:44 AM, David Jones wrote:
On 02/05/2018 09:07 PM, Alex wrote:
Hi,
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_BRBL eval:check_rbl('brbl',
'bb.barracudacentral.org')
tflags
Hi,
On Tue, Feb 6, 2018 at 8:44 AM, David Jones wrote:
> On 02/05/2018 09:07 PM, Alex wrote:
>>
>> Hi,
>>
>>> ifplugin Mail::SpamAssassin::Plugin::DNSEval
>>>
>>> header __RCVD_IN_BRBL eval:check_rbl('brbl',
>>> 'bb.barracudacentral.org')
>>> tflags
On 02/05/2018 09:07 PM, Alex wrote:
Hi,
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_BRBL eval:check_rbl('brbl',
'bb.barracudacentral.org')
tflags __RCVD_IN_BRBL net
header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl',
'127.0.0.2')
meta
David Jones skrev den 2018-02-05 15:09:
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_BRBL eval:check_rbl('brbl',
'bb.barracudacentral.org')
tflags __RCVD_IN_BRBL net
header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl',
'127.0.0.2')
meta
Hi,
> ifplugin Mail::SpamAssassin::Plugin::DNSEval
>
> header __RCVD_IN_BRBL eval:check_rbl('brbl',
> 'bb.barracudacentral.org')
> tflags __RCVD_IN_BRBL net
>
> header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl',
> '127.0.0.2')
> metaRCVD_IN_BRBL
On Mon, 05 Feb 2018 17:12:08 +0100
Benny Pedersen wrote:
> Kevin A. McGrail skrev den 2018-02-05 16:53:
>
> > I don't think that will apply will it because it will be looking up
> > something like 1.2.3.4.bb.barracuda.blah which isn't cached.
>
> the first qurry can make a qurry with very low
On 2/5/2018 11:32 AM, RW wrote:
Just to clarify, there is no legal or moral obligation to do this, the
'bb' subdomain was created specifically so SA users wouldn't need to
register. Anything you may read on the Barracuda site applies to the
'b' version. Barracuda has given no indication that
On Mon, 5 Feb 2018 08:09:55 -0600
David Jones wrote:
> Heads up! This RBL has been removed from the core SA ruleset. In 36
> to 48 hours sa-update will remove the RCVD_IN_BRBL_LASTEXT rule after
> it has gone through the masscheck and rule promotion process.
>
> Details can be found here:
>
>
Kevin A. McGrail skrev den 2018-02-05 16:53:
I don't think that will apply will it because it will be looking up
something like 1.2.3.4.bb.barracuda.blah which isn't cached.
the first qurry can make a qurry with very low ttl, so it would not be
cached, that means number 2 query still mkae
On 02/05/2018 09:44 AM, Reindl Harald wrote:
Am 05.02.2018 um 16:36 schrieb David Jones:
On 02/05/2018 09:26 AM, Benny Pedersen wrote:
David Jones skrev den 2018-02-05 15:09:
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_BRBL eval:check_rbl('brbl',
On 2/5/2018 10:36 AM, David Jones wrote:
If you are running a local DNS cache like this list and the SA
documention recommends, does this really matter? My MTA should have
already queried this before SA does it so it should be in the local
DNS cache and not require a full recursive lookup
David Jones skrev den 2018-02-05 16:36:
If you are running a local DNS cache like this list and the SA
documention recommends, does this really matter? My MTA should have
already queried this before SA does it so it should be in the local
DNS cache and not require a full recursive lookup from
On 02/05/2018 09:26 AM, Benny Pedersen wrote:
David Jones skrev den 2018-02-05 15:09:
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_BRBL eval:check_rbl('brbl',
'bb.barracudacentral.org')
tflags __RCVD_IN_BRBL net
header __RCVD_IN_BRBL_2
David Jones skrev den 2018-02-05 15:09:
ifplugin Mail::SpamAssassin::Plugin::DNSEval
header __RCVD_IN_BRBL eval:check_rbl('brbl',
'bb.barracudacentral.org')
tflags __RCVD_IN_BRBL net
header __RCVD_IN_BRBL_2eval:check_rbl_sub('brbl',
'127.0.0.2')
meta
Heads up! This RBL has been removed from the core SA ruleset. In 36 to
48 hours sa-update will remove the RCVD_IN_BRBL_LASTEXT rule after it
has gone through the masscheck and rule promotion process.
Details can be found here:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7417
To add
24 matches
Mail list logo