Re: Scoring Explanation Please

nd low and can't find an explanation for > multi-level scoring: > score SCC_CANSPAM_2    3.799    0.001    3.799    0.00 > What does this mean? > In my simplistic way of doing things I would write this as: > score SCC_CANSPAM_2 3.799 Try running this: perldoc Mail::SpamAssassin::Con

Re: Scoring Explanation Please

On 2023-08-30 at 15:14:15 UTC-0400 (Wed, 30 Aug 2023 19:14:15 + (UTC)) Denny Jones via users is rumored to have said: Hello, I have looked high and low and can't find an explanation for multi-level scoring: score SCC_CANSPAM_2    3.799    0.001    3.799    0.00 What does this mean

Re: Scoring Explanation Please

, such as DNSRBLs, the score can be adjusted accordingly. On Wed, 30 Aug 2023, Denny Jones via users wrote: Hello, I have looked high and low and can't find an explanation for multi-level scoring: score SCC_CANSPAM_2    3.799    0.001    3.799    0.00 What does this mean? In my simplistic way

Scoring Explanation Please

Hello, I have looked high and low and can't find an explanation for multi-level scoring: score SCC_CANSPAM_2    3.799    0.001    3.799    0.00 What does this mean? In my simplistic way of doing things I would write this as: score SCC_CANSPAM_2 3.799 Thanks for helping clear the mud in my

Re: Emails from gmail.com bypassing Spamassassin scoring

JPG image of an invoice. There was no content in > the email. > > > > It bypassed Spamassassin scoring. Do you know why or what setting I need > to set so EVERY email goes through Spamassassin scoring procedures? > > > > My email server is:mercury2022.

Re: Emails from gmail.com bypassing Spamassassin scoring

he X-Spam-Status and X-spam-Report scoring, > > So Spamassassin was running correctly. > > > > -Original Message- > From: Marc > Date: Monday, February 7, 2022 at 1:49 PM > To: Chad , "users@spamassassin.apache.org" > > Subject: RE: Emails from

Re: Emails from gmail.com bypassing Spamassassin scoring

pam-Status and X-spam-Report scoring, So Spamassassin was running correctly. -Original Message- From: Marc Date: Monday, February 7, 2022 at 1:49 PM To: Chad , "users@spamassassin.apache.org" Subject: RE: Emails from gmail.com bypassing Spamassassin scoring I have been get

RE: Emails from gmail.com bypassing Spamassassin scoring

> > All of the other emails that were sent before and after this particular > email have the X-Spam-Status and X-spam-Report scoring, > > So Spamassassin was running correctly. > So something went wrong with this one. It should have headers, maybe some communication problem.

Re: Emails from gmail.com bypassing Spamassassin scoring

smime.p7m Description: S/MIME encrypted message

RE: Emails from gmail.com bypassing Spamassassin scoring

> I have been getting numerous emails lately from various gmail.com > accounts. They are spam or phishing emails and today I got one that > had a subject of RECEIPT 5454 and only a JPG image of an invoice. > There was no content in the email. > > > > It bypas

Emails from gmail.com bypassing Spamassassin scoring

smime.p7m Description: S/MIME encrypted message

Re: SPF_NONE scoring

On 2021-11-30 12:24, Greg Troxel wrote: Lots of people think SPF is silly. And spammers spamming from a domain they control can even dkim/dmarc. Domain based reputation is an extremely powerful tool, but it is only useful when you know the actual sender of a message. The benefit isn't in

Re: SPF_NONE scoring

Hellow Greg, Greg Troxel writes: > [...] > Lots of people think SPF is silly. And spammers spamming from a domain > they control can even dkim/dmarc. So I agree that actual data would be > interesting. I totally agree with you, thanks! Sincerely, Byung-Hee -- ^고맙습니다 _地平天成_ 감사합니다_^))//

Re: SPF_NONE scoring

On 2021-11-30 at 13:47:36 UTC-0500 (Tue, 30 Nov 2021 11:47:36 -0700) Philip Prindeville is rumored to have said: Hi, I'm looking at the 0.001 scoring for SPF_NONE and scratching my head. This was discussed a bit in early 2015, but maybe it needs revisiting with new perspective. Surely

Re: SPF_NONE scoring

So how is this score arrived at? I believe that scores of 0.001 are generally manually set, and not intended to be anything other than a visible marker that the rule hit. That is probably the case here. Loren

Re: SPF_NONE scoring

On Tue, Nov 30, 2021 at 11:47:36AM -0700, Philip Prindeville wrote: > I'm looking at the 0.001 scoring for SPF_NONE and scratching my head. This > was discussed a bit in early 2015, but maybe it needs revisiting with new > perspective. SPF is double edged sword. Sure, when

Re: SPF_NONE scoring

Philip Prindeville writes: > I'm looking at the 0.001 scoring for SPF_NONE and scratching my head. This > was discussed a bit in early 2015, but maybe it needs revisiting with new > perspective. > > Surely no one who cares about maintaining their reputation by > protecting

SPF_NONE scoring

Hi, I'm looking at the 0.001 scoring for SPF_NONE and scratching my head. This was discussed a bit in early 2015, but maybe it needs revisiting with new perspective. Surely no one who cares about maintaining their reputation by protecting themselves against spoofing would fail to provide SPF

Re: Scoring for "look alike" characters in subject?

Hi Steve, There are many rules that look at this. The FUZZY Logic rules might help and in the KAM ruleset, you'll see replace_tag lines and how they are used in various places to shutdown spammers used to obfuscate words by using other character sets and symbols. You can find the KAM.cf ruleset

Scoring for "look alike" characters in subject?

I'm noticing a fair amount of spam getting through using letters in the subject line that are outside the standard set of ASCII characters in an effort to bypass spam filters. For example, instead of a capital "R", there will be a letter that closely approximates a capital "R" but when you

Re: Scoring Based on IP Address

On Fri, 18 Dec 2020, @lbutlr wrote: On 17 Dec 2020, at 16:19, Dave Wreski wrote: On 12/17/20 6:05 PM, Matt wrote: Is there a way with spamassassin local.conf to add a higher score based on source ip address or subnet? Basically the last IP in "Received:" header. bad_subnet_add_20_points:

Re: Scoring Based on IP Address

On 17 Dec 2020, at 16:19, Dave Wreski wrote: > On 12/17/20 6:05 PM, Matt wrote: >> Is there a way with spamassassin local.conf to add a higher score >> based on source ip address or subnet? Basically the last IP in >> "Received:" header. >> bad_subnet_add_20_points: 192.168.240.0/24 >> Raising

Re: Scoring Based on IP Address

Hi, On 12/17/20 6:05 PM, Matt wrote: Is there a way with spamassassin local.conf to add a higher score based on source ip address or subnet? Basically the last IP in "Received:" header. bad_subnet_add_20_points: 192.168.240.0/24 Raising the score if that IP appeared anywhere in headers or

Scoring Based on IP Address

Is there a way with spamassassin local.conf to add a higher score based on source ip address or subnet? Basically the last IP in "Received:" header. bad_subnet_add_20_points: 192.168.240.0/24 Raising the score if that IP appeared anywhere in headers or body might work too.

Re: Screwed-up scoring

I read the thread. I didn't comment because it was obvious the rationals would lose and the unnecessary changes would go ahead. From that discussion I took away the thought that I had a long-ish breathing space which would allow me to update my complete mail server - OS, Postfix and all - and

Re: Screwed-up scoring

Whether or not it's the ONLY one it should have been NONE. You claimed we would not have to change anything for at least a year - as I understodd it. Certainly you should not have broken existing installations! I am running 3.4.2, dictated by my OS. I am quite happy running that version - at

Re: Screwed-up scoring

On Sunday 19 July 2020 at 17:44:27, Linkcheck wrote: Thanks to those responsible for screwing up the scoring of my spamassassin installation. It's been working well for years but now my changes to scoring have been cancelled due to renaming whitelist/blacklist to whatever. I noticed it purely

Re: Screwed-up scoring

On Sun, 2020-07-19 at 20:27 -0400, Kevin A. McGrail wrote: > On 7/19/2020 8:23 PM, Martin Gregorie wrote: > > The only way I can see to prevent the name changes from affecting SA > > users private rules is to duplicate the affected rules > > Yeah, I just posted this idea on the dev list to use a

Re: Screwed-up scoring

On 20200719 15:44:54, Luis E. Muñoz wrote: On 19 Jul 2020, at 10:54, Kevin A. McGrail wrote: Great question.  That's really a third party rule.  I would like to see it change eventually but maybe that's another phase.  Thoughts? My thoughts are to delay any further social/political motivated

Re: Screwed-up scoring

On 7/19/2020 8:23 PM, Martin Gregorie wrote: > The only way I can see to prevent the name changes from affecting SA > users private rules is to duplicate the affected rules Yeah, I just posted this idea on the dev list to use a meta like this which I think will allow it to work backwards to

Re: Screwed-up scoring

On Sun, 2020-07-19 at 15:44 -0700, Luis E. Muñoz wrote: > On 19 Jul 2020, at 10:54, Kevin A. McGrail wrote: > > > Great question. That's really a third party rule. I would like to > > see it > > change eventually but maybe that's another phase. Thoughts? > The only way I can see to prevent

Re: Screwed-up scoring

On 19 Jul 2020, at 10:54, Kevin A. McGrail wrote: Great question. That's really a third party rule. I would like to see it change eventually but maybe that's another phase. Thoughts? My thoughts are to delay any further social/political motivated name changes until after the extents of

Re: Screwed-up scoring

Great question. That's really a third party rule. I would like to see it change eventually but maybe that's another phase. Thoughts? On Sun, Jul 19, 2020, 13:17 Martin Gregorie wrote: > On Sun, 2020-07-19 at 11:59 -0400, Kevin A. McGrail wrote: > > > Whitelist will become welcomelist and

Re: Screwed-up scoring

On Sun, 2020-07-19 at 11:59 -0400, Kevin A. McGrail wrote: > Whitelist will become welcomelist and blacklist will become > blocklist. Are you running a modern SA like 3.4.4? If so, you should > be able to proactively add entries for this. > Just been grepping my local rules for WHITELIST and

Re: Screwed-up scoring

On Sunday 19 July 2020 at 17:44:27, Linkcheck wrote: > Thanks to those responsible for screwing up the scoring of my > spamassassin installation. It's been working well for years but now my > changes to scoring have been cancelled due to renaming > whitelist/blacklist to whatever. &g

Re: Screwed-up scoring

On 7/19/2020 11:44 AM, Linkcheck wrote: > Can someone post a list of ALL the new names, with their originals, > please? The only functionality changed so far is WHITELIST_TO which is now WELCOMELIST_TO in the configuration options with backwards compatibility. The stock rule that was

Screwed-up scoring

Thanks to those responsible for screwing up the scoring of my spamassassin installation. It's been working well for years but now my changes to scoring have been cancelled due to renaming whitelist/blacklist to whatever. I noticed it purely by accident this morning: USER_IN_WHITELIST_TO

Re: Loads of recent low-scoring snowshoe spam

On Thu, 26 Sep 2019, Amir Caspi wrote: On Sep 26, 2019, at 10:18 AM, John Hardin wrote: Some of those are following a pattern I've recently noticed - fairly obviously bogus spamvertising domain URLs with some .gov URLs thrown in as well. I'm assuming that's an attempt to leverage naïve

Re: Loads of recent low-scoring snowshoe spam

t of tuning to guard against FPs. My new AC_ rules (particularly AC_LARGE_INDENT and AC_POST*EXTRAS) do really well locally, but not so much in masscheck ... but they hit otherwise very low-scoring spam. I would request that someone more talented than I am look at tuning those against FPs

Re: Loads of recent low-scoring snowshoe spam

On Wed, 25 Sep 2019, Amir Caspi wrote: Just a few (of many) spamples here: https://pastebin.com/wRFBSCEZ https://pastebin.com/FUdFEdhT https://pastebin.com/LkqSEdAh Some of those are following a pattern I've recently noticed - fairly obviously bogus spamvertising domain URLs with some .gov

Loads of recent low-scoring snowshoe spam

Hi all, In recent weeks, my server has been getting hit with tons of snowshoe spam. Much of it is not getting filtered because even when it hits Bayes, it doesn't hit basically any other rules, and therefore is scoring just below 5 points. (Much of it hits only BAYES_50 and is therefore

Re: Scoring TLS.

On 6 Sep 2019, at 14:37, @lbutlr wrote: > I do need to go through the logs again at some point and see how things are > shaping up. It would be interesting to see what the server-to-server > encryption looks like now for valid mail. I suspect that 1.1 has dropped to > near 0 and 1.0 is more

Re: Scoring TLS.

On 6 Sep 2019, at 14:14, Matus UHLAR - fantomas wrote: TLSv1.0 is EOLed and should not be used nor supported. > >> On 6 Sep 2019, at 01:57, Matus UHLAR - fantomas wrote: >>> well, if your clients (some old server installations) only support tls1.0, >>> it's better to allow it than forgint

Re: Scoring TLS.

TLSv1.0 is EOLed and should not be used nor supported. On 6 Sep 2019, at 01:57, Matus UHLAR - fantomas wrote: well, if your clients (some old server installations) only support tls1.0, it's better to allow it than forgint it to go plaintext or reject the mail at all. On 06.09.19 00:57,

Re: Scoring TLS.

On 6 Sep 2019, at 01:57, Matus UHLAR - fantomas wrote: > On 06.09.19 00:57, @lbutlr wrote: >> TLSv1.0 is EOLed and should not be used nor supported. > > well, if your clients (some old server installations) only support tls1.0, > it's better to allow it than forgint it to go plaintext or reject

Re: Scoring TLS.

On Fri, 6 Sep 2019, Reio Remma wrote: Does the Received check only check the last untrusted relay? No, the named header checks test all the headers having that name (presuming there are multiple present). If you want to verify that TLS was used on the connection into your infrastructure,

Re: Scoring TLS.

On 06/09/2019 15:53, RW wrote: On Fri, 6 Sep 2019 09:51:06 +0300 Reio Remma wrote: Hello! I recently did an experiment where I stopped accepting incoming e-mail without TLS. This seemingly cut off about 95-99% of spam. Unfortunately there still seem to be a small percentage of servers sending

Re: Scoring TLS.

On Fri, 6 Sep 2019 09:51:06 +0300 Reio Remma wrote: > Hello! > > I recently did an experiment where I stopped accepting incoming > e-mail without TLS. This seemingly cut off about 95-99% of spam. > Unfortunately there still seem to be a small percentage of servers > sending without TLS, so that

Re: Scoring TLS.

On 06/09/2019 15:25, RW wrote: On Fri, 6 Sep 2019 10:17:23 +0300 Reio Remma wrote: On 06/09/2019 09:57, @lbutlr wrote: On 6 Sep 2019, at 00:51, Reio Remma wrote: Even though I recall QMail having TLSv1 back when we were still using it. TLSv1.0 is EOLed and should not be used nor supported.

Re: Scoring TLS.

On Fri, 6 Sep 2019 10:17:23 +0300 Reio Remma wrote: > On 06/09/2019 09:57, @lbutlr wrote: > > On 6 Sep 2019, at 00:51, Reio Remma wrote: > >> Even though I recall QMail having TLSv1 back when we were still > >> using it. > > TLSv1.0 is EOLed and should not be used nor supported. > > > > But

Re: Scoring TLS.

On 6 Sep 2019, at 00:51, Reio Remma wrote: Even though I recall QMail having TLSv1 back when we were still using it. On 06.09.19 00:57, @lbutlr wrote: TLSv1.0 is EOLed and should not be used nor supported. On 06/09/2019 10:57, Matus UHLAR - fantomas wrote: well, if your clients (some

Re: Scoring TLS.

On 06/09/2019 10:57, Matus UHLAR - fantomas wrote: On 6 Sep 2019, at 00:51, Reio Remma wrote: Even though I recall QMail having TLSv1 back when we were still using it. On 06.09.19 00:57, @lbutlr wrote: TLSv1.0 is EOLed and should not be used nor supported. well, if your clients (some old

Re: Scoring TLS.

On 6 Sep 2019, at 00:51, Reio Remma wrote: Even though I recall QMail having TLSv1 back when we were still using it. On 06.09.19 00:57, @lbutlr wrote: TLSv1.0 is EOLed and should not be used nor supported. well, if your clients (some old server installations) only support tls1.0, it's

Re: Scoring TLS.

On 06/09/2019 09:57, @lbutlr wrote: On 6 Sep 2019, at 00:51, Reio Remma wrote: Even though I recall QMail having TLSv1 back when we were still using it. TLSv1.0 is EOLed and should not be used nor supported. But yes, mailing lists are therein reason I a=have not gone 100% TLS myself (it’s

Re: Scoring TLS.

On 6 Sep 2019, at 00:51, Reio Remma wrote: > Even though I recall QMail having TLSv1 back when we were still using it. TLSv1.0 is EOLed and should not be used nor supported. But yes, mailing lists are therein reason I a=have not gone 100% TLS myself (it’s not just this one, sadly). There is

Scoring TLS.

Hello! I recently did an experiment where I stopped accepting incoming e-mail without TLS. This seemingly cut off about 95-99% of spam. Unfortunately there still seem to be a small percentage of servers sending without TLS, so that was a no go. Now I've instead turned to SpamAssassin to

Re: Scoring by registrar?

On 7/1/19 4:32 PM, Sean Lynch wrote: I think fast flux came up in reference to a speculation I'd made regarding why the spammers were using their own nameservers rather than Namecheap's. Ah. I don't think it's particularly off-base to refer to rapid registration of new domains as fast flux.

Re: Scoring by registrar?

On 7/1/19 3:13 PM, Grant Taylor wrote: On 7/1/19 6:44 AM, micah anderson wrote: This sounds like Fast Flux How is this fast flux? I thought fast flux was rapidly updating A records on the DNS server (for a given qname) or updating NS records with the registrar for a single given domain.

Re: Scoring by registrar?

On 7/1/19 6:44 AM, micah anderson wrote: This sounds like Fast Flux How is this fast flux? I thought fast flux was rapidly updating A records on the DNS server (for a given qname) or updating NS records with the registrar for a single given domain. It sounds to me like Sean was talking

Re: Scoring by registrar?

On Mon, 1 Jul 2019 at 16:17, RW wrote: > > On the site they have: > > Query ResponseNameMeaning > domain 127.2.0.2 fresh Domain registered in last 7 days > domain 127.2.0.14 fresh14 Domain registered in last 7-14 days > > there's no mention of the 127.2.0.28 result,

Re: Scoring by registrar?

On Mon, 01 Jul 2019 07:45:23 -0700 Sean Lynch wrote: > On July 1, 2019 7:22:58 AM PDT, micah anderson > wrote: > >Sean Lynch writes: > > > >>>Having such a list would be very helpful for dealing with fast > >>>flux. > >> > >> SA already has this. It used fresh.fmb.la to detect domains >

Re: Scoring by registrar?

On Mon, 1 Jul 2019, micah anderson wrote: Grant Taylor writes: As a Namecheap customer, you are making me want to move. That is good, but its also something you should consider, before you block the entire registrar: there are a significant number of non-spamming Namecheap customers that you

Re: Scoring by registrar?

On July 1, 2019 7:22:58 AM PDT, micah anderson wrote: >Sean Lynch writes: > >>>Having such a list would be very helpful for dealing with fast flux. >> >> SA already has this. It used fresh.fmb.la to detect domains >registered within the past couple of weeks. > >It does? Do I need to enable

Re: Scoring by registrar?

Sean Lynch writes: >>Having such a list would be very helpful for dealing with fast flux. > > SA already has this. It used fresh.fmb.la to detect domains registered within > the past couple of weeks. It does? Do I need to enable something to get that? -- micah

Re: Scoring by registrar?

On July 1, 2019 5:44:37 AM PDT, micah anderson wrote: >Grant Taylor writes: > >>> A very large number (nearly all, in fact) of the spams I receive >these >>> days involve domains registered with Namecheap. I've received >hundreds >>> of spams involving .icu domains from what appear to be

Re: Scoring by registrar?

Grant Taylor writes: >> A very large number (nearly all, in fact) of the spams I receive these >> days involve domains registered with Namecheap. I've received hundreds >> of spams involving .icu domains from what appear to be the same spammer. >> I also receive a large number of scams

Re: Scoring by registrar?

On Mon, 1 Jul 2019 at 06:38, Sean Lynch wrote: > It's pretty useful already. If you're able to get the name of the > registrar from that service, I think it might make a useful spam signal > since some registrars seem to be a lot more popular with spammers than > others. > Not really,

Re: Scoring by registrar?

On 6/30/19 9:41 PM, Paul Stead wrote: On Sun, 30 Jun 2019 at 19:46, Sean Lynch > wrote: On 6/30/19 11:40 AM, Grant Taylor wrote: > On 6/30/19 12:05 PM, John Hardin wrote: >> There's really no infrastructure for it. Somebody would have to hook >>

Re: Scoring by registrar?

On Sun, 30 Jun 2019 at 19:46, Sean Lynch wrote: > > On 6/30/19 11:40 AM, Grant Taylor wrote: > > On 6/30/19 12:05 PM, John Hardin wrote: > >> There's really no infrastructure for it. Somebody would have to hook > >> into the registrar data feeds to collect it and publish it in a > >> usable

Re: Scoring by registrar?

On Sun, 30 Jun 2019, Sean Lynch wrote: On June 30, 2019 11:20:33 AM PDT, John Hardin wrote: ...and if the same IP address is a regular abuser that never sends any legitimate traffic, tarpit them: http://www.impsec.org/~jhardin/antispam/spammer-firewall I do like the idea of tarpitting

Re: Scoring by registrar?

On Sun, 30 Jun 2019, Grant Taylor wrote: On 6/30/19 12:05 PM, John Hardin wrote: There's really no infrastructure for it. Somebody would have to hook into the registrar data feeds to collect it and publish it in a usable form, and nobody has done so that I am aware of. Whois Domain Search

Re: Scoring by registrar?

On June 30, 2019 11:20:33 AM PDT, John Hardin wrote: >On Sun, 30 Jun 2019, Grant Taylor wrote: > >> On 6/30/19 10:51 AM, Martin Gregorie wrote: >>> If you don't mind a delay in receiving mail from hosts you've never >seen >>> before, why not implement a greylister? >>> >>>

Re: Scoring by registrar?

On 6/30/19 11:40 AM, Grant Taylor wrote: On 6/30/19 12:05 PM, John Hardin wrote: There's really no infrastructure for it. Somebody would have to hook into the registrar data feeds to collect it and publish it in a usable form, and nobody has done so that I am aware of. Whois Domain Search

Re: Scoring by registrar?

On 6/30/19 12:05 PM, John Hardin wrote: There's really no infrastructure for it. Somebody would have to hook into the registrar data feeds to collect it and publish it in a usable form, and nobody has done so that I am aware of. Whois Domain Search has some information. Link - Whois Domain

Re: Scoring by registrar?

On 6/30/19 11:05 AM, John Hardin wrote: On Sun, 30 Jun 2019, Sean Lynch wrote: A very large number (nearly all, in fact) of the spams I receive these days involve domains registered with Namecheap. I'd like to add a spam score to any message using a domain registered with them. Does

Re: Scoring by registrar?

On 6/30/19 11:00 AM, Grant Taylor wrote: On 6/30/19 10:08 AM, Sean Lynch wrote: Hi, everyone! I used to run my own mail servers back in the mid '90s and even worked as the postmaster for a regional ISP and worked on mail servers for some large corporations and even a small national ISP as a

Re: Scoring by registrar?

On Sun, 30 Jun 2019, Grant Taylor wrote: On 6/30/19 10:51 AM, Martin Gregorie wrote: If you don't mind a delay in receiving mail from hosts you've never seen before, why not implement a greylister? https://en.wikipedia.org/wiki/Greylisting I see your GreyListing and raise you NoListing:

Re: Scoring by registrar?

On 6/30/19 10:51 AM, Martin Gregorie wrote: If you don't mind a delay in receiving mail from hosts you've never seen before, why not implement a greylister? https://en.wikipedia.org/wiki/Greylisting I see your GreyListing and raise you NoListing: https://en.wikipedia.org/wiki/Nolisting

Re: Scoring by registrar?

On Sun, 30 Jun 2019, Sean Lynch wrote: A very large number (nearly all, in fact) of the spams I receive these days involve domains registered with Namecheap. I'd like to add a spam score to any message using a domain registered with them. Does such functionality already exist in

Re: Scoring by registrar?

On 6/30/19 10:08 AM, Sean Lynch wrote: Hi, everyone! I used to run my own mail servers back in the mid '90s and even worked as the postmaster for a regional ISP and worked on mail servers for some large corporations and even a small national ISP as a consultant. After a hiatus where I drank

Re: Scoring by registrar?

On 6/30/19 9:51 AM, Martin Gregorie wrote: On Sun, 2019-06-30 at 09:08 -0700, Sean Lynch wrote: A very large number (nearly all, in fact) of the spams I receive these days involve domains registered with Namecheap. I've received hundreds of spams involving .icu domains from what appear to be

Re: Scoring by registrar?

On Sun, 2019-06-30 at 09:08 -0700, Sean Lynch wrote: > A very large number (nearly all, in fact) of the spams I receive > these days involve domains registered with Namecheap. I've received > hundreds of spams involving .icu domains from what appear to be the > same spammer. > Write a local rule

Scoring by registrar?

Hi, everyone! I used to run my own mail servers back in the mid '90s and even worked as the postmaster for a regional ISP and worked on mail servers for some large corporations and even a small national ISP as a consultant. After a hiatus where I drank the hosted email kool-aid, I'm back to

Re: SpamAssassin Scoring For MDAEMON_DNSBL

On 2019-05-14 09:17, John Hardin wrote: On Tue, 14 May 2019, cyflhn wrote: It has happened many times that the emails from our server were identified as spam. I have checked the emails which were not identified as spam. But I found that the SpamAssassin Scoring For MDAEMON_DNSBL is quite high

Re: SpamAssassin Scoring For MDAEMON_DNSBL

On Tue, 14 May 2019 10:18:35 -0400 Kris Deugau wrote: > Matus UHLAR - fantomas wrote: > > On 14.05.19 06:18, cyflhn wrote: > >> but what about this one "FREEMAIL_FORGED_REPLYTO". why it got 2.1 > As for the score, it's autogenerated based on statistical analysis of > a large corpus of mail

Re: SpamAssassin Scoring For MDAEMON_DNSBL

On Tue, 14 May 2019, cyflhn wrote: It has happened many times that the emails from our server were identified as spam. I have checked the emails which were not identified as spam. But I found that the SpamAssassin Scoring For MDAEMON_DNSBL is quite high, the score of MDAEMON_DNSBL is always 4

Re: SpamAssassin Scoring For No SPF Record

ntly scored at 0 by default. > > > > I don't see why it isn't scored at 0.001. > > The relevant comment in the 50_scores.cf file offers a dubious > justification that scoring it would encourage spammers to publish valid > SPF records just to avoid the rule. This would

Re: SpamAssassin Scoring For No SPF Record

. It is currently scored at 0 by default. I don't see why it isn't scored at 0.001. The relevant comment in the 50_scores.cf file offers a dubious justification that scoring it would encourage spammers to publish valid SPF records just to avoid the rule. This would be a problem if SPF_PASS had

Re: SpamAssassin Scoring For No SPF Record

On Tue, 14 May 2019 01:32:43 -0400 Bill Cole wrote: > On 14 May 2019, at 0:41, Siddhesh wrote: > > > Hello Folks, > > > > Can we have a SpamAssassin score for a domain which doesn't have > > SPF record set ?? > > The rule SPF_NONE exists in the standard rules channel. It is > currently scored

Re: SpamAssassin Scoring For MDAEMON_DNSBL

On Tue, 14 May 2019 05:49:24 -0700 (MST) cyflhn wrote: > Thank you for your reply. But are you sure that it was caused by > bad.psky.me? I could not find any useful information about > bad.psky.me. It seems that it has been already shutdown. > > > > -- > Sent from: >

Re: SpamAssassin Scoring For MDAEMON_DNSBL

On Tue, 14 May 2019 15:35:43 +0200 Matus UHLAR - fantomas wrote: > On 14.05.19 06:18, cyflhn wrote: > >but what about this one "FREEMAIL_FORGED_REPLYTO". why it got 2.1 > >score? > > this is standard rule where mail pretending to come from one freemail > service really comes from another

Re: SpamAssassin Scoring For MDAEMON_DNSBL

Matus UHLAR - fantomas wrote: On 14.05.19 06:18, cyflhn wrote: but what about this one "FREEMAIL_FORGED_REPLYTO". why it got 2.1 score? this is standard rule where mail predenting to come from one freemail service really comes from another freemail service. Actually, unless I misread the

Re: SpamAssassin Scoring For MDAEMON_DNSBL

On 14.05.19 06:18, cyflhn wrote: but what about this one "FREEMAIL_FORGED_REPLYTO". why it got 2.1 score? this is standard rule where mail predenting to come from one freemail service really comes from another freemail service. -- Matus UHLAR - fantomas, uh...@fantomas.sk ;

Re: SpamAssassin Scoring For MDAEMON_DNSBL

but what about this one "FREEMAIL_FORGED_REPLYTO". why it got 2.1 score? -- Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Re: SpamAssassin Scoring For MDAEMON_DNSBL

Thank you for your reply. But are you sure that it was caused by bad.psky.me? I could not find any useful information about bad.psky.me. It seems that it has been already shutdown. -- Sent from: http://spamassassin.1065346.n5.nabble.com/SpamAssassin-Users-f3.html

Re: SpamAssassin Scoring For MDAEMON_DNSBL

which were not identified as spam. But I found that the SpamAssassin Scoring For MDAEMON_DNSBL is quite high, the score of MDAEMON_DNSBL is always 4. I also checked the logs of SpamAssassin and here are some messages: Performing DNS-BL lookup * zen.spamhaus.org - passed * bl.spamcop.net - passed

Re: SpamAssassin Scoring For No SPF Record

KAM.cf has lazy domain security rules as well. On Tue, May 14, 2019, 01:33 Bill Cole < sausers-20150...@billmail.scconsult.com> wrote: > On 14 May 2019, at 0:41, Siddhesh wrote: > > > Hello Folks, > > > > Can we have a SpamAssassin score for a domain which doesn't have SPF > > record set ?? > >

SpamAssassin Scoring For MDAEMON_DNSBL

It has happened many times that the emails from our server were identified as spam. I have checked the emails which were not identified as spam. But I found that the SpamAssassin Scoring For MDAEMON_DNSBL is quite high, the score of MDAEMON_DNSBL is always 4. I also checked the logs

Re: SpamAssassin Scoring For No SPF Record

On 14 May 2019, at 0:41, Siddhesh wrote: Hello Folks, Can we have a SpamAssassin score for a domain which doesn't have SPF record set ?? The rule SPF_NONE exists in the standard rules channel. It is currently scored at 0 by default. You are free to score it differently in your local

SpamAssassin Scoring For No SPF Record

Hello Folks, Can we have a SpamAssassin score for a domain which doesn't have SPF record set ?? Regards, Siddhesh Kadam https://www.netcoresmartech.com/resources/ebooks/key-mobile-app-metrics?utm_source=email-disclaimer_medium=email_campaign=key-app-metrics

  1   2   3   4   5   6   7   8   9   10   >