Am 04.10.2014 um 15:27 schrieb Axb:
On 10/04/2014 03:19 PM, Reindl Harald wrote:
I removed from /trunk/rules and dumped in my sandbox till dev team gives
its +1 for addition ot SA ruleset
atm, you can find it
http://svn.apache.org/repos/asf/spamassassin/trunk/rulesrc/sandbox/axb/23_bayes_ignore
On October 6, 2014 6:04:54 PM Alex wrote:
Okay, I think I understand. You're saying that, if not ignored,
postfix will strip these headers, making them inaccessible to
spamassassin for scoring. Correct?
No ignore means dont pass to mailbox, think like postfix just lie to
content filters that
Am 06.10.2014 um 18:04 schrieb Alex:
Postfix header_checks:
/^Received\-SPF/ IGNORE
/^X\-Antispam/ IGNORE
/^X\-Antivirus/ IGNORE
Can you explain how this helps someone using postfix?
It helps nothing in postfix, but it might help on content filters,
Hi,
>> > Postfix header_checks:
>> >
>> > /^Received\-SPF/ IGNORE
>> > /^X\-Antispam/ IGNORE
>> > /^X\-Antivirus/ IGNORE
>
>> Can you explain how this helps someone using postfix?
>
>
> It helps nothing in postfix, but it might help on content filters, carefu
On October 6, 2014 4:03:11 PM Alex wrote:
> Postfix header_checks:
>
> /^Received\-SPF/ IGNORE
> /^X\-Antispam/ IGNORE
> /^X\-Antivirus/ IGNORE
Can you explain how this helps someone using postfix?
It helps nothing in postfix, but it might help on con
Am 06.10.2014 um 16:03 schrieb Alex:
Postfix header_checks:
/^Received\-SPF/ IGNORE
/^X\-Antispam/ IGNORE
/^X\-Antivirus/ IGNORE
...
Can you explain how this helps someone using postfix?
headers from outside are meaningless and untrustable
i don't to s
Hi,
> Postfix header_checks:
>
> /^Received\-SPF/ IGNORE
> /^X\-Antispam/ IGNORE
> /^X\-Antivirus/ IGNORE
...
Can you explain how this helps someone using postfix?
Thanks,
Alex
On Sun, 05 Oct 2014 16:15:16 +0200
Benny Pedersen wrote:
> On October 5, 2014 2:17:28 PM David Jones wrote:
>
> > > Possible extend dkim plugin to bayes ignore header if not dkim
> > > signed, tricky yes, but imho makes sense
> >
> > Why wouldn't all DKIM headers (X-DKIM above and real ones) be
On October 5, 2014 2:17:28 PM David Jones wrote:
> Possible extend dkim plugin to bayes ignore header if not dkim signed,
> tricky yes, but imho makes sense
Why wouldn't all DKIM headers (X-DKIM above and real ones) be excluded?
These DKIM headers by themselves are not a good indicator as they
Am 05.10.2014 um 14:17 schrieb David Jones:
On October 4, 2014 6:50:44 PM jdebert wrote:
X-DKIM: Sendmail DKIM Filter v2.8.2 mailsea.docusign.net JQ9N42F3MTC8
^^
Never seen this before from sendmail. Bogus DKIM header?
Iis it also possible to test for conflicting X- header
> On October 4, 2014 6:50:44 PM jdebert wrote:
> > > X-DKIM: Sendmail DKIM Filter v2.8.2 mailsea.docusign.net JQ9N42F3MTC8
> >^^
> > Never seen this before from sendmail. Bogus DKIM header?
> > Iis it also possible to test for conflicting X- headers?
> Possible extend dkim plug
On October 4, 2014 6:50:44 PM jdebert wrote:
> X-DKIM: Sendmail DKIM Filter v2.8.2 mailsea.docusign.net JQ9N42F3MTC8
^^
Never seen this before from sendmail. Bogus DKIM header?
Iis it also possible to test for conflicting X- headers?
Possible extend dkim plugin to bayes ignore
On Fri, 3 Oct 2014 15:55:48 -0400
"David F. Skoll" wrote:
> X-DKIM: Sendmail DKIM Filter v2.8.2 mailsea.docusign.net JQ9N42F3MTC8
^^
Never seen this before from sendmail. Bogus DKIM header?
Iis it also possible to test for conflicting X- headers?
Am 04.10.2014 um 18:41 schrieb John Hardin:
On Sat, 4 Oct 2014, Robert Schetterer wrote:
Am 04.10.2014 um 13:48 schrieb Reindl Harald:
blacklist_from *.mail
this tld will be valid soon
https://www.united-domains.de/neue-top-level-domain/
...and will likely only be used for spam
sadly t
On Sat, 4 Oct 2014, Robert Schetterer wrote:
Am 04.10.2014 um 13:48 schrieb Reindl Harald:
blacklist_from *.mail
this tld will be valid soon
https://www.united-domains.de/neue-top-level-domain/
...and will likely only be used for spam.
--
John Hardin KA7OHZhttp://www.
On Sat, 04 Oct 2014 13:59:54 +0200
Benny Pedersen wrote:
> On October 4, 2014 4:08:00 AM "David F. Skoll"
> wrote:
> > So it occurs to me that if
> > a mail comes in with a Return-Path: header that does not match
> > the envelope sender, that's another very suspicious sign.
> As this mail list
Am 04.10.2014 um 15:27 schrieb Axb:
On 10/04/2014 03:19 PM, Reindl Harald wrote:
the merged list is in SVN trunk... 23_bayes_ignore_header.cf
thank you!
Not included are :
bayes_ignore_header X-Authenticated-As
bayes_ignore_header X-Authenticated-Sender
bayes_ignore_header X-Authenticated-U
On 10/04/2014 03:19 PM, Reindl Harald wrote:
Am 04.10.2014 um 15:16 schrieb Axb:
On 10/04/2014 01:35 PM, Reindl Harald wrote:
Am 04.10.2014 um 12:48 schrieb Axb:
On 10/04/2014 12:21 PM, Bernd Petrovitsch wrote:
Hmm,h.rei...@thelounge.net's list of "bayes_ignore_header"s could
(should?!) actu
Am 04.10.2014 um 15:16 schrieb Axb:
On 10/04/2014 01:35 PM, Reindl Harald wrote:
Am 04.10.2014 um 12:48 schrieb Axb:
On 10/04/2014 12:21 PM, Bernd Petrovitsch wrote:
Hmm,h.rei...@thelounge.net's list of "bayes_ignore_header"s could
(should?!) actually be part of SAa default setup.
For quite
On 10/04/2014 01:35 PM, Reindl Harald wrote:
Am 04.10.2014 um 12:48 schrieb Axb:
On 10/04/2014 12:21 PM, Bernd Petrovitsch wrote:
Hmm,h.rei...@thelounge.net's list of "bayes_ignore_header"s could
(should?!) actually be part of SAa default setup.
For quite a while, I've been compiling a list
On October 4, 2014 4:08:00 AM "David F. Skoll" wrote:
So it occurs to me that if
a mail comes in with a Return-Path: header that does not match
the envelope sender, that's another very suspicious sign.
On 04.10.14 13:59, Benny Pedersen wrote:
As this mail list here :)
a mistake probably (on
Am 04.10.2014 um 14:13 schrieb Robert Schetterer:
Am 04.10.2014 um 13:48 schrieb Reindl Harald:
blacklist_from *.mail
this tld will be valid soon
https://www.united-domains.de/neue-top-level-domain/
thanks for the hint - removed!
the list was filtered out of postscreen-HELO-logs and anyth
Am 04.10.2014 um 13:48 schrieb Reindl Harald:
> blacklist_from *.mail
this tld will be valid soon
https://www.united-domains.de/neue-top-level-domain/
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesell
On October 4, 2014 4:08:00 AM "David F. Skoll" wrote:
So it occurs to me that if
a mail comes in with a Return-Path: header that does not match
the envelope sender, that's another very suspicious sign.
As this mail list here :)
Am 04.10.2014 um 13:16 schrieb Axb:
On 10/04/2014 12:48 PM, Axb wrote:
On 10/04/2014 12:21 PM, Bernd Petrovitsch wrote:
Hmm,h.rei...@thelounge.net's list of "bayes_ignore_header"s could
(should?!) actually be part of SAa default setup.
For quite a while, I've been compiling a list for local
Am 04.10.2014 um 12:48 schrieb Axb:
On 10/04/2014 12:21 PM, Bernd Petrovitsch wrote:
Hmm,h.rei...@thelounge.net's list of "bayes_ignore_header"s could
(should?!) actually be part of SAa default setup.
For quite a while, I've been compiling a list for local use.
Merging Reindl's list I've come
On 10/04/2014 12:48 PM, Axb wrote:
On 10/04/2014 12:21 PM, Bernd Petrovitsch wrote:
Hmm,h.rei...@thelounge.net's list of "bayes_ignore_header"s could
(should?!) actually be part of SAa default setup.
For quite a while, I've been compiling a list for local use.
Merging Reindl's list I've come t
On 10/04/2014 12:21 PM, Bernd Petrovitsch wrote:
Hmm,h.rei...@thelounge.net's list of "bayes_ignore_header"s could
(should?!) actually be part of SAa default setup.
For quite a while, I've been compiling a list for local use.
Merging Reindl's list I've come to 137 entries... and growing
On Fre, 2014-10-03 at 16:07 -0400, David F. Skoll wrote:
[...]
> That's true, but I think if we see headers from multiple vendors, it's
> pretty suspicious. Not many sites filter their mail via Barracuda
> *and* IronPort *and* KLMS *and* PerlMx *and* ... etc.
In general, X- headers are non-Rfc/lo
On 10/04/2014 04:08 AM, David F. Skoll wrote:
Also, in this particular case, the Return-Path:
header was fake... it was put
there by the sender. The actual envelope sender was completely
different: It was<41324...@mail.com>. So it occurs to me that if
a mail comes in with a Return-Path: head
On Fri, 03 Oct 2014 23:16:35 +0200
Axb wrote:
> interesting...
> welcome.aexp.com. 14400 IN TXT "v=... etc."
Yes, I know all that... none of these spams is actually getting
through.
I just thought the many X-* headers might be a new pattern.
Also, in this particular case, the
On 10/03/2014 09:55 PM, David F. Skoll wrote:
Return-Path:
> Received: from mail.com ([190.237.242.198])
interesting...
welcome.aexp.com. 14400 IN TXT "v=spf1 mx a
ip4:148.173.96.86 ip4:148.173.96.85 ip4:148.173.91.84 ip4:148.173.91.83
-all"
welcome.aexp.com. 14400
Am 03.10.2014 um 22:07 schrieb David F. Skoll:
> On Fri, 03 Oct 2014 22:02:59 +0200
> Reindl Harald wrote:
>
>> hard to say in general, that are not so much X-Headers
>
>> i have seen a lot of spam really tagged with such
>> headers because some outgoing mailserver had indeed
>> a spamfilter an
Sorry to follow up on myself, but...
> > depending on how many hops a mail takes
> > the number of such headers increases
Yes, so a refinement may be to make the threshold depend in some way
on the number of Received: headers too. This would clearly have to
be an eval() test.
Regards,
David.
On Fri, 03 Oct 2014 22:02:59 +0200
Reindl Harald wrote:
> hard to say in general, that are not so much X-Headers
> i have seen a lot of spam really tagged with such
> headers because some outgoing mailserver had indeed
> a spamfilter and the messages did not reach the block
> score and depending
Am 03.10.2014 um 21:55 schrieb David F. Skoll:
> I've noticed a trend in which spammers put in a bunch of X- header
> purporting to show that a message is good. I've appended sample
> headers (slightly obfuscated to hide recipient) below.
>
> I wonder if a test for more than (say) 8 "X-*" header
On 10/3/2014 3:55 PM, David F. Skoll wrote:
Hi,
I've noticed a trend in which spammers put in a bunch of X- header
purporting to show that a message is good. I've appended sample
headers (slightly obfuscated to hide recipient) below.
I wonder if a test for more than (say) 8 "X-*" header in
an
Hi,
I've noticed a trend in which spammers put in a bunch of X- header
purporting to show that a message is good. I've appended sample
headers (slightly obfuscated to hide recipient) below.
I wonder if a test for more than (say) 8 "X-*" header in
an inbound mail would be a good spam indicator?
38 matches
Mail list logo
