Am 2024-06-14 21:20, schrieb Matus UHLAR - fantomas:
If you want to find out more, feed the mail to "spamassassin -D" and
that should explain which text matched which rules.
and as we told you already, your client should NOT play with small
or semi-invisible text in mail. That's what spamers
On Fri, 14 Jun 2024, Bowie Bailey wrote:
On 6/14/2024 10:39 AM, Thomas Barth via users wrote:
Hello,
I would like to explain a sender what he can do to create an email that is
not classified as spam.
X-Spam-Status: Yes, score=6.248 tagged_above=1 required=5
tests=[BAYES_00=-1.9,
k by a host
with no rDNS
0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
Colors
in HTML
2.5 FONT_INVIS_MSGID Invisible text + suspicious message ID
0.0 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
0.9 DMARC_NONE DMARC
.2 FONT_INVIS_NORDNS Invisible text + no rDNS
1.3 RDNS_NONE Delivered to internal network by a host with
no rDNS
0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
Colors
in HTML
2.5 FONT_INVIS_MSGID Invisible text + suspic
Am 2024-06-14 18:24, schrieb Matus UHLAR - fantomas:
1. as I said it's hard to find out without the body
2. hiding data indicates a spammer.
On 14.06.24 19:15, Thomas Barth via users wrote:
Yes, I've now realized that I can simply grep for the descriptions.
grep -ri "FONT_INVIS_NORDNS"
,
T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01]
I cannot find the definitions on your old site
https://spamassassin.apache.org/old/tests_3_1_x.html.
FONT_INVIS_NORDNS, FONT_INVIS_MSGID, HTML_FONT_TINY_NORDNS, RDNS_NONE
Is there no current version of the test definition.
The rules get tested
Am 2024-06-14 18:24, schrieb Matus UHLAR - fantomas:
1. as I said it's hard to find out without the body
2. hiding data indicates a spammer.
Yes, I've now realized that I can simply grep for the descriptions.
grep -ri "FONT_INVIS_NORDNS" /var/lib/spamassassin/ | grep describe
a link to the
current test definitions on the website itself.
I see them in SA 4.0 rules:
72_active.cf: meta FONT_INVIS_MSGID __FONT_INVIS_MSGID && !__RCD_RDNS_MX_MESSY && !__RCD_RDNS_MX && !__HAS_ERRORS_TO
&& !__RCD_RDNS_MAIL && !__MAIL_
the definitions on your old site
https://spamassassin.apache.org/old/tests_3_1_x.html.
FONT_INVIS_NORDNS, FONT_INVIS_MSGID, HTML_FONT_TINY_NORDNS, RDNS_NONE
Is there no current version of the test definition.
You can get the definitions directly from the rule files. On my system,
the updated
=1.514
Thanks, I have forwarded these infos and hope it will be corrected.
I cannot find the definitions on your old site
https://spamassassin.apache.org/old/tests_3_1_x.html.
why 3.1?
Google only shows this old version and I can't find a link to the
current test definitions
On 15/06/2024 01:04, Thomas Barth via users wrote:
Am 2024-06-14 16:44, schrieb Reindl Harald (privat):
with RDNS_NONE nobody on this planet should accept mails from that
machine and the admin has to be fired, the message should be jejected
at SMTP level long before spamassassin
And you
Am 2024-06-14 16:44, schrieb Reindl Harald (privat):
with RDNS_NONE nobody on this planet should accept mails from that
machine and the admin has to be fired, the message should be jejected
at SMTP level long before spamassassin
And you would have been dismissed because of your pathological
the definitions on your old site
https://spamassassin.apache.org/old/tests_3_1_x.html.
why 3.1?
FONT_INVIS_NORDNS, FONT_INVIS_MSGID, HTML_FONT_TINY_NORDNS, RDNS_NONE
Is there no current version of the test definition.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I
://spamassassin.apache.org/old/tests_3_1_x.html.
FONT_INVIS_NORDNS, FONT_INVIS_MSGID, HTML_FONT_TINY_NORDNS, RDNS_NONE
Is there no current version of the test definition.
On 2024-05-08 at 19:18:28 UTC-0400 (Wed, 8 May 2024 19:18:28 -0400)
Alex
is rumored to have said:
Hi, I'm using the latest version of SA from trunk (although I don't
think
that matters) and trying to make adjustments to rules on a particular
false-positive email that was quarantined by amavis
Alex skrev den 2024-05-09 01:18:
What can be done to be able to process a quarantined email again so I
can make adjustments to prevent it from being quarantined?
is not an spamassassin issue, ask glue maillists
Hi, I'm using the latest version of SA from trunk (although I don't think
that matters) and trying to make adjustments to rules on a particular
false-positive email that was quarantined by amavis so I can adjust the
rules to prevent it from being quarantined.
The problem is that amavis
) with enough configuration information so I could set up an ec2
instance and install and test SpamAssassin with the same environment you
have, including any quirks about version of OS, version of perl ,
network and firewall setup, etc? If I can't make it happen for myself, I
may have some debugging
Hi,
Any updates on this ?
Tnx, Tuc
On Tue, Apr 9, 2024 at 6:24 PM Scott Ellentuch wrote:
> Hi,
>
> Yes, as ec2-user running the make and then make test ends up failing.
> There are no issues with the port as a previous tcpdump has shown, it
> transfers data back and forth.
Hi,
Yes, as ec2-user running the make and then make test ends up failing. There
are no issues with the port as a previous tcpdump has shown, it transfers
data back and forth. It gets through some of the tests and then it sends a
RST. Amazon only goes as far as spamassassin-3.4.3 in Amazon Linux 2
Scott Ellentuch wrote on 10/04/24 5:15 am:
Apologies, but I don't understand.
I am running "make test" as the AWS user "ec2-user" when getting these
errors. Are you saying that its an acceptable error right now, and I can
just do the "sudo make install"?
Apologies, but I don't understand.
I am running "make test" as the AWS user "ec2-user" when getting these
errors. Are you saying that its an acceptable error right now, and I can
just do the "sudo make install"?
Thanks, Tuc
On Fri, Apr 5, 2024 at 9:58 PM Sid
Scott Ellentuch wrote on 4/04/24 9:43 am:
File attached. However, I don't see any smoking gun.
I've verified the problem. I ran sudo make test in a directory tree in
/tmp with world r-x access, and got the error in t/spamd_client.t as
well as in t/spamc_optL.t. I don't know why you didn't
Loren Wilton wrote on 4/04/24 9:26 pm:
Would it be worth adding some sort of test for this kind of thing
I started to look at where in SATest.pm it ought to go, and I found
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=5529
I think from the comments I left there 17 years ago
ead access to
nobody and the test will fail.
Would it be worth adding some sort of test for this kind of thing that could
make a reasonably explicit "don't run install as root" or "incorrect
directory permissions" or some such, to make it more obvious what is going
wrong? I seem t
ad
access to nobody and the test will fail.
Basically, the only tests that should be run as root are the t/root*.t
tests, and even those have comments in their source telling you about
running under a directory with world read permissions, and those tests
are not run by default, being used as p
Hi,
> >
> > Ok, deleted the directory and started again.
> >
> > Test Summary Report
> > ---
> > t/spamd_client.t(Wstat: 26624 Tests: 4 Failed: 0)
> > Non-zero exit status: 104
> > Parse errors: Bad plan. You planned 52 t
On 2024-04-03 at 14:01:44 UTC-0400 (Wed, 3 Apr 2024 14:01:44 -0400)
Scott Ellentuch
is rumored to have said:
Hi,
Ok, deleted the directory and started again.
Test Summary Report
---
t/spamd_client.t(Wstat: 26624 Tests: 4 Failed: 0)
Non-zero exit status: 104
Hi,
Ok, deleted the directory and started again.
Test Summary Report
---
t/spamd_client.t(Wstat: 26624 Tests: 4 Failed: 0)
Non-zero exit status: 104
Parse errors: Bad plan. You planned 52 tests but ran 4.
Files=217, Tests=3765, 890 wallclock secs ( 1.21 usr
you're ready to commit with 'make
install' unless you're doing it on a sacrificial system.
Think about how unsafe it could be...
These test failures look like you did that. I am flattered that you
trust the SpamAssassin team that much, but don't, please. We are only
human. In the past
Hi,
Trying to install SA 4.0.1 from scratch. Tried via CPAN, that didn't go
well, so trying from tarball. (Enabled SSL when doing Makefile.PL)
I'm on Amazon Linux 2 , 4.0.1 SA, and not sure what other info I can give.
I installed every perl module it wanted.
The final summary is -
Test Summary
just a result tag, not a policy of any kind
>
> This looks like OP has changed score of DKIM_VALID to 0:
>
> > >Oct 25 07:10:54.364 [1687666] info: rules: meta test DKIM_INVALID has
> > >dependency 'DKIM_VALID' with a zero score
>
> and since DKIM_INVALID depends on it:
no, DKIM_INVALID have 0.1 in score, both should not be changed
its just a result tag, not a policy of any kind
This looks like OP has changed score of DKIM_VALID to 0:
>Oct 25 07:10:54.364 [1687666] info: rules: meta test DKIM_INVALID has
dependency 'DKIM_VALID' with a zero score
and si
Matus UHLAR - fantomas skrev den 2023-10-25 09:36:
I have:
50_scores.cf:score DKIM_VALID -0.1
check if you really haven't set score for DKIM_VALID anywhere, since SA
complains about it being zero.
I guess this may cause DKIM_INVALID misfiring
imho no, DKIM_INVALID have 0.1 in score, both
jdow skrev den 2023-10-25 09:07:
Methinks you have here a very good clue to set a non-zero value,
perhaps (most likely), a modest negative score.
change of that score is a fail on its own
use welcomelist_from_dkim instaed
Niels Kobschätzki skrev den 2023-10-25 08:46:
did you set score of DKIM_VALID do 0 ?
DKIM_VALID is not overwritten by any of my local rules. So I would
expect that this is the case. But even if I set for example
score DKIM_VALID 0
in local.cf there is no change
rules is loaded in
87779] info: util: setuid: ruid=0 euid=0 rgid=0 0
egid=0 0
>Oct 25 07:10:54.364 [1687666] info: rules: meta test DKIM_INVALID has
dependency 'DKIM_VALID' with a zero score
Matus UHLAR - fantomas hat am 25.10.2023 08:16 CEST
geschrieben:
did you set score of DKIM_VALID do 0 ?
On 25.10.2
n.com, not in any
dkim whitelist
Oct 25 07:10:54.125 [1687779] info: util: setuid: ruid=0 euid=0 rgid=0 0 egid=0 0
Oct 25 07:10:54.364 [1687666] info: rules: meta test DKIM_INVALID has
dependency 'DKIM_VALID' with a zero score
did you set score of DKIM_VALID do 0 ?
DKIM_VALID is not overwritten by any
g: dkim: VALID signature by my.domain.com,
> >author m...@my.domain.com, no valid matches
> >Oct 25 07:10:52.352 [1687666] dbg: dkim: author m...@my.domain.com, not in
> >any dkim whitelist
> >Oct 25 07:10:54.125 [1687779] info: util: setuid: ruid=0 euid=0 rgid=0 0
> >
Oct 25 07:10:54.364 [1687666] info: rules: meta test DKIM_INVALID has
dependency 'DKIM_VALID' with a zero score
did you set score of DKIM_VALID do 0 ?
Return-path:
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on one.ofmyhosts.com
X-Spam-Level: *
X-Spam-Status: No, score
y.domain.com,
author m...@my.domain.com, no valid matches
Oct 25 07:10:52.352 [1687666] dbg: dkim: author m...@my.domain.com, not in any
dkim whitelist
Oct 25 07:10:54.125 [1687779] info: util: setuid: ruid=0 euid=0 rgid=0 0 egid=0 0
Oct 25 07:10:54.277 [1687666] info: rules: meta test FROM_GOV_
On 18.03.23 09:34, Alex wrote:
I'm trying to use it with amavis but there's a warning/error:
Mar 18 09:30:12 iceman amavis[2970427]: (2970427-10) _WARN: Use of
uninitialized value $result in string eq at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AuthRes.pm line
302.
there were few
Hi,
I'm trying to use it with amavis but there's a warning/error:
Mar 18 09:30:12 iceman amavis[2970427]: (2970427-10) _WARN: Use of
uninitialized value $result in string eq at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/AuthRes.pm line
302.
Mar 18 09:31:50.577 [2987252] dbg: plugin:
Matus UHLAR - fantomas skrev den 2023-03-12 16:41:
I set SA only to trust authentication server on my machine and I'm
watching the results.
okay, i have now added ARC (Seal/Sign) to fuglu, its not perfekt imho,
but works as designed in fuglu
with this i got iprev working with can be seen
Matus UHLAR - fantomas skrev den 2023-03-12 10:15:
I have also commited patch to bug 6918 to handle "arc.chain="
results.
Let's see how these will go.
On 12.03.23 14:20, Benny Pedersen wrote:
miss ARC rules imho
Matus UHLAR - fantomas skrev den 2023-03-12 14:38:
Or, so you mean
Matus UHLAR - fantomas skrev den 2023-03-12 14:38:
On 12.03.23 14:20, Benny Pedersen wrote:
Matus UHLAR - fantomas skrev den 2023-03-12 10:15:
I have also commited patch to bug 6918 to handle "arc.chain="
results.
Let's see how these will go.
miss ARC rules imho
there are no rules in
On 12.03.23 14:20, Benny Pedersen wrote:
Matus UHLAR - fantomas skrev den 2023-03-12 10:15:
I have also commited patch to bug 6918 to handle "arc.chain=" results.
Let's see how these will go.
miss ARC rules imho
there are no rules in arc.chain.
Or, so you mean something else than my patch?
Matus UHLAR - fantomas skrev den 2023-03-12 10:15:
I have also commited patch to bug 6918 to handle "arc.chain=" results.
Let's see how these will go.
miss ARC rules imho
Hello,
I'm further playing with AuthRes plugin, I have modified test rules so each
AUTHRES_ rule is equivalent to corresponding rule in SA.
I set scores to only produce small positive scores, usually to even SA scores
- valid spf/dkim/dmarc/arc is NOT a ham sign!
I have also commited patch
On Wed, 2022-12-28 at 16:44 +0200, Henrik K wrote:
>
> Doesn't look too good for Gentoo packaging though, if since 2009 v310.pre
> and newer have been full of all sorts of plugins loaded. It's like nobody
> actually cared since most of the stuff is useful. :-)
>
Nobody noticed until now, and
On Wed, Dec 28, 2022 at 08:20:04AM -0500, Philippe Chaintreuil via users wrote:
So there's desire that if a user doesn't want Mail::SPF installed, and
SpamAssassin doesn't REQUIRE it (which it doesn't), it shouldn't be force
installed. But for SpamAssassin to work as installed, that plugin
On Wed, Dec 28, 2022 at 09:30:30AM -0500, Michael Orlitzky wrote:
> On Wed, 2022-12-28 at 16:20 +0200, Henrik K wrote:
> >
> > Common sense would ask that how is SPF harmful for the user? One would
> > think it would be actually desirable like any other network lookups, that
> > user might have
On Wed, 2022-12-28 at 16:20 +0200, Henrik K wrote:
>
> Common sense would ask that how is SPF harmful for the user? One would
> think it would be actually desirable like any other network lookups, that
> user might have accidentally left disabled? But sure, if this is the Gentoo
> way, so be
On Wed, Dec 28, 2022 at 09:10:13AM -0500, Michael Orlitzky wrote:
>
> Without disabling the plugin, how would that work? If the user happens
> to install Mail::SPF as a dependency of something else and if the
> plugin is *not* disabled, spamassassin will (surprise!) start using SPF
> against the
On Wed, 2022-12-28 at 15:38 +0200, Henrik K wrote:
>
> Disabling default plugins solves nothing, just creates a worse experience
> for user. Educating and guiding users to use DNS properly does not require
> this.
Gentoo builds everything from source and allows the user to
enable/disable some
Howdy,
if test useflag is in game, all plugins should be disabled, only check
plugin should be enabled, while testing .t rules, this test is only
for developpers and repo maintainers, not end users on gentoo
I'd bring that up on the Gentoo list.
i will like to see default all plugins disabled
On Wed, Dec 28, 2022 at 02:29:03PM +0100, Benny Pedersen wrote:
>
> i will like to see default all plugins disabled, and a install howto enabled
> needed plugin as needed, there is not anypoint on enabled all, and all it
> gets is dns refused .
>
> or some *_BLCOKED like apache infra cant
On Wed, Dec 28, 2022 at 08:20:04AM -0500, Philippe Chaintreuil via users wrote:
>
> So there's desire that if a user doesn't want Mail::SPF installed, and
> SpamAssassin doesn't REQUIRE it (which it doesn't), it shouldn't be force
> installed. But for SpamAssassin to work as installed, that
of those
dependencies by default. Failing that I'll get the init.pre
modifications to after tests run.
if test useflag is in game, all plugins should be disabled, only check
plugin should be enabled, while testing .t rules, this test is only for
developpers and repo maintainers, not end users
+1 thanks for bringing this up and bridging the fix!
On 12/28/2022 8:20 AM, Philippe Chaintreuil via users wrote:
I'm going to make a Gentoo Pull Request to try to remove the init.pre
blanket disable, because at this point we do install most of those
dependencies by default. Failing that I'll
TL;DR:
I'm going to try get the init.pre disables removed in Gentoo, failing
that I'm going to move it to /etc/spamassassin/ modifications instead of
changing the files in rules/.
I believe Philippe is the package maintainer, so it's up to him I
guess.
Disclaimer:
I'm just a volunteer
0, Philippe Chaintreuil via users
> wrote:
> > On 12/25/2022 4:38 PM, Sidney Markowitz wrote:
> > > I can get exactly that set of error messages by commenting out the
> > > loadplugin for URIDNSBL in rules/init.pre or deleting the file
> > > ru
s/init.pre completely, and running make test with the default
> > setting of run_net_tests=n in t/config.dist. If I change it to
> > run_net_tests=y then the test t/uribl.t also fails where it tries to use
> > check_uridnsbl
>
> Gentoo disables all plugins in init.pre so users
in judgment by the
packager. With all plugins disabled, SA is not even minimally
functional.
no gentoo have a test use flag that is disabled by default, unless end
users have test in useflag should not make diable all plugins default
break anything
this is the same bug that redhat users compile
or deleting the file
rules/init.pre completely, and running make test with the default
setting of run_net_tests=n in t/config.dist. If I change it to
run_net_tests=y then the test t/uribl.t also fails where it tries to
use check_uridnsbl
Gentoo disables all plugins in init.pre so users have to choose
On 12/26/2022 1:57 PM, Philippe Chaintreuil via users wrote:
Anyway to check at the top of the dnsbl_subtests.t if
Mail::SpamAssassin::Plugin::URIDNSBL has been loaded or not to have it
punt?
Just noticed how spf.t does this.
use
On 12/25/2022 4:38 PM, Sidney Markowitz wrote:
I can get exactly that set of error messages by commenting out the
loadplugin for URIDNSBL in rules/init.pre or deleting the file
rules/init.pre completely, and running make test with the default
setting of run_net_tests=n in t/config.dist. If I
intention of run_net_tests=n is to prevent test scripts from failing if
you don't have a internet connection. This test does not require a working
connection.
On Mon, Dec 26, 2022 at 10:38:07AM +1300, Sidney Markowitz wrote:
> Philippe Chaintreuil via users wrote on 26/12/22 6:27 am:
> > I'm getting test failures for the dnsbl_subtests.t. Figured I'd check
> > here before filing a bug.
> >
> > I'm running Spam Assassin 4
Philippe Chaintreuil via users wrote on 26/12/22 6:27 am:
I'm getting test failures for the dnsbl_subtests.t. Figured I'd check
here before filing a bug.
I'm running Spam Assassin 4.0.0 on Gentoo Linux. Perl 5.36.0.
Test output
I'm getting test failures for the dnsbl_subtests.t. Figured I'd check
here before filing a bug.
I'm running Spam Assassin 4.0.0 on Gentoo Linux. Perl 5.36.0.
Test output:
==
...
t/dnsbl_subtests.t 1/46
On Mon, Apr 04, 2022 at 07:45:02AM +0100, Niamh Holding wrote:
> Hello Matija,
> Sunday, April 3, 2022, 11:13:13 PM, you wrote:
>
> MN> For closer example to yours requirements then, perhaps look into
> 72_active.cf
> MN> regex for RCVD_IN_IADB_LISTED
>
> So you suggest [26] instead of (2|6)
On Mon, 2022-04-04 at 01:45 +0200, Matija Nalis wrote:
> On Mon, Apr 04, 2022 at 12:19:23AM +0100, Martin Gregorie wrote:
> > For instance, I whitelist any email sender who I've previously sent
> > mail
> > to. To do this I maintain am email archive held in a PostgreSQL
> > database and wrote an
Hello Matija,
Sunday, April 3, 2022, 11:13:13 PM, you wrote:
MN> For closer example to yours requirements then, perhaps look into
72_active.cf
MN> regex for RCVD_IN_IADB_LISTED
So you suggest [26] instead of (2|6)
--
Best regards,
Niamh
On Mon, Apr 04, 2022 at 12:19:23AM +0100, Martin Gregorie wrote:
> For instance, I whitelist any email sender who I've previously sent mail
> to. To do this I maintain am email archive held in a PostgreSQL
> database and wrote an SA plugin that searches the archive for any
> message(s) I've
On Mon, 2022-04-04 at 00:13 +0200, Matija Nalis wrote:
> On Sun, Apr 03, 2022 at 10:06:51AM +0100, Niamh Holding wrote:
> > Hello Matija,
> > Saturday, April 2, 2022, 7:12:42 PM, you wrote:
> >
> > MN> grep -r check_rbl_sub /var/lib/spamassassin
> > MN> for examples of what's possible and how
On Sun, Apr 03, 2022 at 10:06:51AM +0100, Niamh Holding wrote:
> Hello Matija,
> Saturday, April 2, 2022, 7:12:42 PM, you wrote:
>
> MN> grep -r check_rbl_sub /var/lib/spamassassin
> MN> for examples of what's possible and how (e.g. 25_dnswl.cf)
>
> Looking there I see nothing equivalent to
Hello Matija,
Saturday, April 2, 2022, 7:12:42 PM, you wrote:
MN> grep -r check_rbl_sub /var/lib/spamassassin
MN> for examples of what's possible and how (e.g. 25_dnswl.cf)
Looking there I see nothing equivalent to alternates like in ordinary regexes
(2|6) for 2 or 6
--
Best regards,
On Sat, Apr 02, 2022 at 06:09:20PM +0100, Niamh Holding wrote:
> Will this work to check 2 ip address responses, or do I have to write
> separate ruled for 127.0.0.2 & 127.0.0.6
>
> header __NH_HOLTRBL_X1
> eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.(2|6)')
You can
Hello
Will this work to check 2 ip address responses, or do I have to write separate
ruled for 127.0.0.2 & 127.0.0.6
header __NH_HOLTRBL_X1
eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.(2|6)')
--
Best regards,
Niamh
Hi,
We’d like to invite the SpamAssassin community to test our beta domain
blocklists with hostnames.
We’ve developed this version of the DBL to provide increased accuracy
when using the abused-legit component of the DBL (listings of
compromised websites).
https://www.spamhaus.com/resource
Right, but __STY_INVIS is currently tag-blind (it only looks for the
style="" clause), so it hits that, and if lots of ham is hiding tracking
images that way that might explain the poor S/O.
I suspect that might be the case.
The vast majority of invisible garbage I see is hidden in a ...
On Tue, 22 Dec 2020, Loren Wilton wrote:
On 16 Dec 2020, at 23:21, Loren Wilton wrote:
I just got a batch of spams containing
Such rules are there. Unfortunately, for whatever reason, lots of ham uses
"invisible" text so it's not useful as a spam sign by itself and it's hard
to come up
On 16 Dec 2020, at 23:21, Loren Wilton wrote:
I just got a batch of spams containing
Such rules are there. Unfortunately, for whatever reason, lots of ham
uses "invisible" text so it's not useful as a spam sign by itself and
it's hard to come up with any useful combination rules.
I
On Thu, 17 Dec 2020, John Hardin wrote:
On Thu, 17 Dec 2020, @lbutlr wrote:
On 16 Dec 2020, at 23:21, Loren Wilton wrote:
I just got a batch of spams containing
Interesting. I remember in the early days of html spam there were various
rules to tag messages as spam when they had content
On Thu, 17 Dec 2020 08:58:07 -0800 (PST)
John Hardin wrote:
> On Thu, 17 Dec 2020, @lbutlr wrote:
>
> > On 16 Dec 2020, at 23:21, Loren Wilton
> > wrote:
> >> I just got a batch of spams containing
> >>
> >>
> >
> > ... various rules to tag messages as spam when they had content that
> >
On 17 Dec 2020, at 09:58, John Hardin wrote:
> Such rules are there. Unfortunately, for whatever reason, lots of ham uses
> "invisible" text so it's not useful as a spam sign by itself and it's hard to
> come up with any useful combination rules.
In the "Archive" folder on my work email there
On Thu, 17 Dec 2020, @lbutlr wrote:
On 16 Dec 2020, at 23:21, Loren Wilton wrote:
I just got a batch of spams containing
Interesting. I remember in the early days of html spam there were various rules
to tag messages as spam when they had content that did not display. (Possibly
On Wed, 16 Dec 2020 22:21:12 -0800
Loren Wilton wrote:
> I just got a batch of spams containing
>
>
>
> That was followed by about 2K bytes of garbage containing GUIDs and
> links to putatively some youtube video. The span was then terminated
> correctly, the body of the spam, and then the
On 16 Dec 2020, at 23:21, Loren Wilton wrote:
> I just got a batch of spams containing
>
>
Interesting. I remember in the early days of html spam there were various rules
to tag messages as spam when they had content that did not display. (Possibly
pre-SpamAssasin or at least pre my use of
I just got a batch of spams containing
That was followed by about 2K bytes of garbage containing GUIDs and links to
putatively some youtube video. The span was then terminated correctly, the
body of the spam, and then the same garbage for about another 2KB.
The small font rules didn't seem
On Tue, 9 Jun 2020 19:55:24 -0700
PGNet Dev wrote:
> sorry, that's unclear
>
> spamc --help | egrep "config|socket|fallback|size|username|log-to"
> -U, --socket path Connect to spamd via UNIX domain sockets.
> -F, --config path Use this configuration file.
> Try
On 6/9/20 7:45 PM, PGNet Dev wrote:
> RW Tue, 09 Jun 2020 17:15:49 -0700
> If you need this line you are doing something strange.
always happy to simplify.
rm'ing
--configpath=/usr/local/etc/spamassassin \
from spamd launch, I still see
...
Jun 09 19:44:41 dev.loc
On Tue, 9 Jun 2020 16:27:01 -0700
PGNet Dev wrote:
> next, launching 'spamd',
>
>--configpath=/usr/local/etc/spamassassin \
If you need this line you are doing something strange.
You are overriding the default config location with the default site
config location. There's not much
mple-spam.txt
...
pts rule name description
--
--
1000 GTUBE BODY: Generic Test for Unsolicited
Bulk Email
-0.0 NO_RELAYS
On Fri, 13 Mar 2020, Mark London wrote:
Hi - I just got a BITCOIN blackmail spam that avoided detection, because it
used a SegWit bitcoin address, that starts with a bc1:
bc1q0q7u8a7735za93um20yk5ynphdnpvenj0k0ufn
This format is explained here:
Hi - I just got a BITCOIN blackmail spam that avoided detection, because
it used a SegWit bitcoin address, that starts with a bc1:
bc1q0q7u8a7735za93um20yk5ynphdnpvenj0k0ufn
This format is explained here:
https://changelly.com/blog/bitcoin-addresses-types-and-meaning/
I guess the definition
On 15.01.20 11:02, AJ Weber wrote:
I'm hoping this is a relatively simple test...
I'm seeing emails "From Me, To Me", typically extortion types. I'm not
even seeing which of the SA tests are getting hit, because I have my
own email in my Whitelist.
Is there a way I can check I
On Wed, 2020-01-15 at 11:02 -0500, AJ Weber wrote:
> I'm hoping this is a relatively simple test...
> I'm seeing emails "From Me, To Me", typically extortion types. I'm not
> even seeing which of the SA tests are getting hit, because I have my
> own email in my Whitelist.
I'm hoping this is a relatively simple test...
I'm seeing emails "From Me, To Me", typically extortion types. I'm not
even seeing which of the SA tests are getting hit, because I have my own
email in my Whitelist.
Is there a way I can check IF From = m...@staticinfo.com AND R
1 - 100 of 1032 matches
Mail list logo
