Re: blacklisting the likes of sendgrid, mailgun, mailchimp etc.

On Thu, 17 Sep 2020, Kevin A. McGrail wrote: sendgrid has seriously fallen from grace this year despite numerous attempts to contact them and assist. https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/ also sheds light on the issue too. There's also a RBL for compro

Re: blacklisting the likes of sendgrid, mailgun, mailchimp etc.

On 9/18/2020 6:38 AM, Loren Wilton wrote: https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/ also sheds light on the issue too. . SendGrid knows (or should konw) that it has compromised accounts. It could find out what some of them are for free by downloading Rob

RE: blacklisting the likes of sendgrid, mailgun, mailchimp etc.

g. blanket block the whole owned range) -Original Message- To: users@spamassassin.apache.org Subject: Re: blacklisting the likes of sendgrid, mailgun, mailchimp etc. > https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-a > ccounts/ > also sheds light on the

Re: blacklisting the likes of sendgrid, mailgun, mailchimp etc.

https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/ also sheds light on the issue too. . SendGrid knows (or should konw) that it has compromised accounts. It could find out what some of them are for free by downloading Rob's list of 25 or so compromised accounts. It

Re: blacklisting the likes of sendgrid, mailgun, mailchimp etc.

sendgrid has seriously fallen from grace this year despite numerous attempts to contact them and assist. https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/ also sheds light on the issue too.

Re: blacklisting the likes of sendgrid, mailgun, mailchimp etc.

>On Thursday, September 17, 2020, 12:44:52 PM GMT+2, Marc Roos wrote: >For what it is worth. I was always under the impression that most of >hose >companies that are using these networks known for 'harassing' >here just ignorant. I used to do business with the 'idiots' of >ucows/open

blacklisting the likes of sendgrid, mailgun, mailchimp etc.

For what it is worth. I was always under the impression that most of those companies that are using these networks known for 'harassing' where just ignorant. I used to do business with the 'idiots' of Tucows/opensrs, trying to explain to them that it is not really wise to send password reset

Re: Blacklisting a stubborn sender

Matus UHLAR - fantomas skrev den 2020-08-04 12:36: Rupert Gallagher skrev den 2020-08-03 16:10: The domains turn out to be already in the rfc-clueless.org database since 2014. On 04.08.20 02:32, Benny Pedersen wrote: feel free to add it to spamassassin then sadly 99% false possitives :/ do

Re: Blacklisting a stubborn sender

Rupert Gallagher skrev den 2020-08-03 16:10: The domains turn out to be already in the rfc-clueless.org database since 2014. On 04.08.20 02:32, Benny Pedersen wrote: feel free to add it to spamassassin then sadly 99% false possitives :/ do you mean, 99% of listings are incorrect? Or just th

Re: Blacklisting a stubborn sender

Rupert Gallagher skrev den 2020-08-03 16:10: The domains turn out to be already in the rfc-clueless.org database since 2014. feel free to add it to spamassassin then sadly 99% false possitives :/

Re: Blacklisting a stubborn sender

The domains turn out to be already in the rfc-clueless.org database since 2014. Original Message On 1 Aug 2020, 14:58, Rupert Gallagher < r...@protonmail.com> wrote: Two well known companies in my country persist in making the mistake of writing their mid with a non-public fqdn,

Re: Blacklisting a stubborn sender

On 02 Aug 2020, at 07:54, Kevin A. McGrail wrote: > If they aren't spending spam, why care about their MID or Helo format > unless there is a delivery issue. If they are sending mail with an invalid helo then it is perfectly valid to drop the connections. This may be a problem when you want to u

Re: Blacklisting a stubborn sender

Original Message On 2 Aug 2020, 17:02, Bill Cole < sausers-20150...@billmail.scconsult.com> wrote: > if you want to authenticate email, ... The helo is a necessary, but not sufficient criteria for authentication. I use them all, up to dane. However, they all fail with those tw

Re: Blacklisting a stubborn sender

Original Message On 2 Aug 2020, 17:02, Bill Cole < sausers-20150...@billmail.scconsult.com> wrote: > smtpd_helo_restrictions Good idea. Thank you.

Re: Blacklisting a stubborn sender

* Bill Cole: > Trusting the authenticity of email simply because it comes from a > machine which uses a resolvable HELO in a particular domain is a naive > approach unless you are *AT LEAST* using a DNS resolver that demands > authenticated answers, i.e. requires DNSSEC [...] Agreed, but I'd go o

Re: Blacklisting a stubborn sender

* Rupert Gallagher: > They will procrastinate until the end of time unless we do something. "We"? You are trying to drag others into your fight against windmills. No thanks. > I tried hard, but they are lazy/ignorant/careless. Blacklisting would > trigger a problem with most

Re: Blacklisting a stubborn sender

* Rupert Gallagher: > Correction: it is not the mid, it is the helo. /me snorts But of course it is. :-D After I have just read your ramblings in a 2017 mailing list thread [1], in which you made the same nonsense remarks about message IDs, why would I doubt you? [1] https://readlist.com/lists

Re: Blacklisting a stubborn sender

* RW: > https://readlist.com/lists/incubator.apache.org/spamassassin-users/20/101951.html Oh my, I was not aware of that. Looks like Rupert has nurtured his pet peeve for at least three years. Thats a long time of being stubbornly wrong. -Ralph

Re: Blacklisting a stubborn sender

On 2 Aug 2020, at 10:07, Rupert Gallagher wrote: To ignore it, as you say, I would have to remove the postfix check, write rules to implement a non-blocking check, then write rules to implement the rejection except for whitelisted domains. OR, in the language of Postfix configuration: smt

Re: Blacklisting a stubborn sender

On 2 Aug 2020, at 9:18, Rupert Gallagher wrote: They will procrastinate until the end of time unless we do something. I tried hard, but they are lazy/ignorant/careless. Blacklisting would trigger a problem with most of their customers, then they will try to de-list at first, then they will

Re: Blacklisting a stubborn sender

> I tried hard, but they are lazy/ignorant/careless. Blacklisting would > trigger a problem with most of their customers, then they will try to > de-list at first, then they will comply when de-listing is rejected. If they aren't spending spam, why care about their MID or Helo format unl

Re: Blacklisting a stubborn sender

On 8/2/2020 9:18 AM, Rupert Gallagher wrote: > They will procrastinate until the end of time unless we do something. > I tried hard, but they are lazy/ignorant/careless. Blacklisting would > trigger a problem with most of their customers, then they will try to > de-list at first, th

Re: Blacklisting a stubborn sender

On 02.08.20 13:18, Rupert Gallagher wrote: They will procrastinate until the end of time unless we do something. I tried hard, but they are lazy/ignorant/careless. Blacklisting would trigger a problem with most of their customers, then they will try to de-list at first, then they will comply

Re: Blacklisting a stubborn sender

They will procrastinate until the end of time unless we do something. I tried hard, but they are lazy/ignorant/careless. Blacklisting would trigger a problem with most of their customers, then they will try to de-list at first, then they will comply when de-listing is rejected

Re: Blacklisting a stubborn sender

On 02.08.20 05:11, Rupert Gallagher wrote: Correction: it is not the mid, it is the helo. oh... this is something quite different. But unless multiple servers start implementing reject_unknown_helo_hostname, such companies ignore to change that... ... apparently with possibly reject_non_fqdn_e

Re: Blacklisting a stubborn sender

Correction: it is not the mid, it is the helo. Original Message On 1 Aug 2020, 14:58, Rupert Gallagher < r...@protonmail.com> wrote: Two well known companies in my country persist in making the mistake of writing their mid with a non-public fqdn, violating the rfc. It has been s

Re: Blacklisting a stubborn sender

On Sat, 01 Aug 2020 18:48:04 +0200 Ralph Seichter wrote: > * Rupert Gallagher: > > > They have explicit consent to send rfc compliant e-mail. > > "They" are not violating RFC 2822 with their message IDs, as I already > explained in message <87eeoqfpel@wedjat.horus-it.com>. > > > Rfc-cluel

Re: Blacklisting a stubborn sender

On 1 Aug 2020, at 8:58, Rupert Gallagher wrote: Two well known companies in my country persist in making the mistake of writing their mid with a non-public fqdn, violating the rfc. As Ralph says, that is not a violation of any RFC. There is no "MUST" condition in 5322 or its 2 most recent pre

Re: Blacklisting a stubborn sender

* Rupert Gallagher: > They have explicit consent to send rfc compliant e-mail. "They" are not violating RFC 2822 with their message IDs, as I already explained in message <87eeoqfpel@wedjat.horus-it.com>. > Rfc-clueless.org seems.a good starting point. You are the one who misunderstands the

Re: Blacklisting a stubborn sender

They have explicit consent to send rfc compliant e-mail. Rfc-clueless.org seems.a good starting point. Thank you Original Message On 1 Aug 2020, 15:53, Kevin A. McGrail < kmcgr...@apache.org> wrote: On Sat, Aug 1, 2020 at 8:59 AM Rupert Gallagher wrote: Two well known companie

Re: Blacklisting a stubborn sender

On Sat, Aug 1, 2020 at 8:59 AM Rupert Gallagher wrote: > Two well known companies in my country persist in making the mistake of > writing their mid with a non-public fqdn, violating the rfc. It has been so > for the past three years, with me sending detailed, manually written error > messages to

Re: Blacklisting a stubborn sender

* Rupert Gallagher: > Two well known companies in my country persist in making the mistake > of writing their mid with a non-public fqdn, violating the rfc. [...] > been so for the past three years, with me sending detailed, manually > Their answer is that everybody else accepts their invalid mid,

Blacklisting a stubborn sender

Two well known companies in my country persist in making the mistake of writing their mid with a non-public fqdn, violating the rfc. It has been so for the past three years, with me sending detailed, manually written error messages to their painstakingly collected admin addresses. Their answer i

Re: IP Blacklisting

Axb skrev den 2013-07-12 13:48: Google for rbldnsd - this is outside of SA's scope. if users begin googleing maybe some finds this one: http://mail-archives.apache.org/mod_mbox/spamassassin-users/201103.mbox/%3calpine.deb.2.00.1103141313230.2...@pyxis.theca-tabellaria.de%3E

Re: IP Blacklisting

Moein Sarvi skrev den 2013-07-12 13:43: I want to use a mechanism that can be done by shell programming to add remove daily IP address automatically my goal is  reject some IP addresses and rise up score of some other IP sometimes as well. make shell scripts that maintain sql ip blacklists, th

Re: IP Blacklisting

Simon Loewenthal skrev den 2013-07-12 12:11: If you use Postfix for your MTA, then drop into your_ header_checks_ file or better make a cidr map file: # cat cidr.map 192.168.1.0/24 REJECT 127.0.0.0/8 DUNNO # in main.cf smtpd_client_restrictions= ... check_client_access cidr:/path/to/cidr.m

Re: IP Blacklisting

Moein Sarvi skrev den 2013-07-12 02:44: is there anyway to blacklist an IP address? nope, spamassassin does not block, if you want ip blocked do in mta stage all spamassassin can do is to score and add headers

Re: IP Blacklisting

On Fri, 2013-07-12 at 13:22 +0430, Moein Sarvi wrote: > First of all thanks for your great answer, Please DO KEEP the thread on-list, and ONLY follow-up privately if you really mean to. I am not the only one who can answer your questions. > I wanna know both situation, I mean rejecting an IP addr

Re: IP Blacklisting

On 07/12/2013 01:43 PM, Moein Sarvi wrote: I want to use a mechanism that can be done by shell programming to add remove daily IP address automatically my goal is reject some IP addresses and rise up score of some other IP sometimes as well. Google for rbldnsd - this is outside of SA's scope.

Re: IP Blacklisting

I want to use a mechanism that can be done by shell programming to add remove daily IP address automatically my goal is reject some IP addresses and rise up score of some other IP sometimes as well.

Re: IP Blacklisting

thing this broad. You still can add the missing info, and tell us > about your problem. > > Bunch-o-pointers regarding "blacklisting" an IP address: > > SA does not reject, quarantine, drop or deliver mail. All it does is > scoring. Thus, in case your "blacklisti

Re: IP Blacklisting

arding "blacklisting" an IP address: SA does not reject, quarantine, drop or deliver mail. All it does is scoring. Thus, in case your "blacklisting" query involves these, you'd better check back with your SA calling layer. If you definitely are about rejecting mail from a

IP Blacklisting

Hello is there anyway to blacklist an IP address?

Re: Blacklisting based on SPF

On 10/11/2011 6:49 AM, Matus UHLAR - fantomas wrote: On 7 Oct 2011 00:28:49 -, John Levine wrote: Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. On 10/7/2011 12:50 AM, Benny Pedersen wrote: how ? On 10.10.11 07:00, Marc P

Re: Blacklisting based on SPF

On Wed, 12 Oct 2011 16:08:12 +0200, Matus UHLAR - fantomas wrote: was this changed or you just continue FUDding? On 12.10.11 16:18, Benny Pedersen wrote: From: header is NOT envelope-from header, stop fuding self From: is _NOT_ "mail from:" and since DKIM has nothing with mail from:, I don'

Re: Blacklisting based on SPF

On Wed, 12 Oct 2011 16:08:12 +0200, Matus UHLAR - fantomas wrote: was this changed or you just continue FUDding? From: header is NOT envelope-from header, stop fuding self

Re: Blacklisting based on SPF

On Tue, 11 Oct 2011 17:14:06 +0200, Matus UHLAR - fantomas wrote: (and possibly list of forwarders who do not rewrite mail from) On 11.10.11 21:03, Benny Pedersen wrote: breaks dkim, and instalations that use from: as envelope sender header ask for troubles cite from rfc4686: DKIM oper

Re: Blacklisting based on SPF

On Tue, 11 Oct 2011 15:49:36 +0200, Matus UHLAR - fantomas wrote: such forwarding will break SPF iff the forwarder does not change the mail from: address, and in such case it FAKES the return path, since it's not the original sender who sent the mail, it's the recipient. On 11.10.11 20:55, Benn

Re: Blacklisting based on SPF

On Tue, 11 Oct 2011 17:14:06 +0200, Matus UHLAR - fantomas wrote: (and possibly list of forwarders who do not rewrite mail from) breaks dkim, and instalations that use from: as envelope sender header ask for troubles

Re: Blacklisting based on SPF

On Tue, 11 Oct 2011 15:49:36 +0200, Matus UHLAR - fantomas wrote: such forwarding will break SPF iff the forwarder does not change the mail from: address, and in such case it FAKES the return path, since it's not the original sender who sent the mail, it's the recipient. it breaks dkim if anyth

Re: Blacklisting based on SPF

On 05.10.11 11:01, Julian Yap wrote: I've noticed some trojans with addresses from usps.com slip through. Does anyone blacklist based on SPF? According to SPF definition, all mail that fails SPF check, is forged and therefore it should be rejected (in case of FAIL result), or very carefully

Re: Blacklisting based on SPF

On 7 Oct 2011 00:28:49 -, John Levine wrote: Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. On 10/7/2011 12:50 AM, Benny Pedersen wrote: how ? On 10.10.11 07:00, Marc Perkel wrote: All forwarded email would fail SPF testing.

Re: Blacklisting By Mail Server Rather Than By An Email Address

with their help desk to ask if they do. -- View this message in context: http://old.nabble.com/Blacklisting-By-Mail-Server-Rather-Than-By-An-Email-Address-tp32622830p32627953.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Blacklisting based on SPF

On Mon, 10 Oct 2011 07:00:48 -0700 Marc Perkel wrote: [Blocking SPF "fail" mail] > All forwarded email would fail SPF testing. You would be blocking > all hosted spam filtering services for example. Nonsense. If someone uses a hosted spam filtering servic for inbound mail, then that person sh

Re: Blacklisting based on SPF

On 10/10/11 9:00 AM, "Marc Perkel" wrote: > > > On 10/7/2011 12:50 AM, Benny Pedersen wrote: >> On 7 Oct 2011 00:28:49 -, John Levine wrote: >>> Nobody with any interest in delivering the mail that their users want. >>> The error rate is much, much too high. >> >> how ? >> > > All forwar

Re: Blacklisting based on SPF

On Mon, 10 Oct 2011 07:00:48 -0700, Marc Perkel wrote: All forwarded email would fail SPF testing. You would be blocking all hosted spam filtering services for example. this is easy to solve in spf or add the forwarding mta sender ip to spamassassin trusted_networks, reject msg ALWAYS says th

Re: Blacklisting based on SPF

On 10/7/2011 12:50 AM, Benny Pedersen wrote: On 7 Oct 2011 00:28:49 -, John Levine wrote: Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. how ? All forwarded email would fail SPF testing. You would be blocking all hosted

Re: Blacklisting By Mail Server Rather Than By An Email Address

On Mon, 10 Oct 2011 13:47:28 +0100 RW wrote: > On Mon, 10 Oct 2011 03:47:27 -0700 (PDT) > johnjinsf wrote: > > > Is there a way of blacklisting the mail server which would prevent > > any mail originating from that server being received? > > > > I don'

Re: Blacklisting By Mail Server Rather Than By An Email Address

On Mon, 10 Oct 2011 03:47:27 -0700 (PDT) johnjinsf wrote: > Is there a way of blacklisting the mail server which would prevent > any mail originating from that server being received? > I don't think there is a way to blacklist a server unless the provider allows you to create S

Re: Blacklisting By Mail Server Rather Than By An Email Address

On Mon, 10 Oct 2011 03:47:27 -0700 (PDT), johnjinsf wrote: Is there a way of blacklisting the mail server which would prevent any mail originating from that server being received? is sender domain(s) rfc-ignorant ?, "sendmail -bv ab...@example.org" "sendmail -bv postmas

Blacklisting By Mail Server Rather Than By An Email Address

there a way of blacklisting the mail server which would prevent any mail originating from that server being received? Many thanks -- View this message in context: http://old.nabble.com/Blacklisting-By-Mail-Server-Rather-Than-By-An-Email-Address-tp32622830p32622830.html Sent from the SpamAssassin

Re: Blacklisting based on SPF

On 10/7/2011 12:17 PM, RW wrote: On Fri, 07 Oct 2011 20:39:24 +0200 Robert Schetterer wrote: in my case there is so less left, passing postscreen, rbls, greylisting, clamav-milter with sanesecurity and few other smtp checks, that nearly null i.e faked paypal mail getting at last to spamassassin

Suppressing backscatter (was Re: Blacklisting based on SPF)

On Fri, 07 Oct 2011 20:47:48 +0100 Martin Gregorie wrote: > And, at least for me, its been good for suppressing backscatter: since > I've had a good SPF record I've has almost none. Really?? You are very lucky. We have an SPF record with a "-all" clause and still get backscatter. I believe th

Re: Blacklisting based on SPF

On Fri, 2011-10-07 at 20:17 +0100, RW wrote: > On Fri, 07 Oct 2011 20:39:24 +0200 > Robert Schetterer wrote: > > > in my case > > there is so less left, passing postscreen, rbls, greylisting, > > clamav-milter with sanesecurity and few other smtp checks, that nearly > > null i.e > > faked paypal m

Re: Blacklisting based on SPF

On Fri, 07 Oct 2011 20:39:24 +0200 Robert Schetterer wrote: > in my case > there is so less left, passing postscreen, rbls, greylisting, > clamav-milter with sanesecurity and few other smtp checks, that nearly > null i.e > faked paypal mail getting at last to spamassassin where its stopped > mostl

Re: Blacklisting based on SPF

Am 07.10.2011 20:24, schrieb Dave Warren: > On 10/7/2011 1:12 AM, Robert Schetterer wrote: >> in my eyes the whole idea of spf was broken from beginning >> but do what you want, no need for flame >> in my real world it makes more problems then helping in antispam >> i removed spf checks from my ser

Re: Blacklisting based on SPF

On 10/7/2011 1:12 AM, Robert Schetterer wrote: in my eyes the whole idea of spf was broken from beginning but do what you want, no need for flame in my real world it makes more problems then helping in antispam i removed spf checks from my servers, in spamd its used with nearly no points there ar

Re: Blacklisting based on SPF

On 07/10/11 13:27, Daniel McDonald wrote: Something like this Unverified Yahoo rule I shameless stole from Mark Martinec: I have some similar rules... header __L_FROM_Y1 From:addr =~ m{[@.]yahoo\.com$}i header __L_FROM_Y2 From:addr =~ m{\@yahoo\.com\.(ar|br|cn|hk|my|sg)$}i header __L_FR

Re: Blacklisting based on SPF

On 10/7/11 3:49 AM, "Julian Yap" wrote: > On Thu, Oct 6, 2011 at 3:09 PM, David F. Skoll > wrote: >> On 7 Oct 2011 00:28:49 - >> "John Levine" wrote: >> Does anyone blacklist based on SPF? >> >>> Nobody with any interest in delivering the mail that their users want. >>> The error

Re: Blacklisting based on SPF

On Thu, 6 Oct 2011 22:49:47 -1000 Julian Yap wrote: > What do your rules look like for this scenario? [blocking for SPF > fail for select domains.] Ah, well. We don't implement those policies with SpamAssassin, so I can't post anything useful. Regards, David.

Re: Blacklisting based on SPF

On Thu, 6 Oct 2011 22:49:47 -1000, Julian Yap wrote: What do your rules look like for this scenario? blacklist_from *@example.org whitelist_from_spf *@example.org adjust so blacklist score will be neotral for spf pass users dont use *@example.org if you need to have strict whitelist of specif

Re: Blacklisting based on SPF

On Thu, Oct 6, 2011 at 3:09 PM, David F. Skoll wrote: > On 7 Oct 2011 00:28:49 - > "John Levine" wrote: > > > >Does anyone blacklist based on SPF? > > > Nobody with any interest in delivering the mail that their users want. > > The error rate is much, much too high. > > It depends. I very co

Re: Blacklisting based on SPF

Am 07.10.2011 10:03, schrieb Benny Pedersen: > On Fri, 07 Oct 2011 09:54:09 +0200, Robert Schetterer wrote: >> but wouldnt recommend it anyway > > why would i like to whitelist a unknown spammer ? > > thinking more about it would get me mad :-) > > in my eyes the whole idea of spf was broken f

Re: Blacklisting based on SPF

On Fri, 07 Oct 2011 09:54:09 +0200, Robert Schetterer wrote: but wouldnt recommend it anyway why would i like to whitelist a unknown spammer ? thinking more about it would get me mad :-)

Re: Blacklisting based on SPF

On Thu, 6 Oct 2011 21:09:59 -0400, David F. Skoll wrote: SPF is most effective when used judiciously for specific domains. It's pretty useless to make blanket SPF rules that cover unknown domains. whitelist_from_spf rules ? :-) my rule of thump is: def_whitelist_from_spf *@example.org whit

Re: Blacklisting based on SPF

Am 07.10.2011 09:50, schrieb Benny Pedersen: > On 7 Oct 2011 00:28:49 -, John Levine wrote: >> Nobody with any interest in delivering the mail that their users want. >> The error rate is much, much too high. > > how ? > > good spammers , usally have valid spf dns entries so if you want blac

Re: Blacklisting based on SPF

On 7 Oct 2011 00:28:49 -, John Levine wrote: Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. how ?

Re: Blacklisting based on SPF

On 7 Oct 2011 00:28:49 - "John Levine" wrote: > >Does anyone blacklist based on SPF? > Nobody with any interest in delivering the mail that their users want. > The error rate is much, much too high. It depends. I very confidently blacklist mail from "roaringpenguin.com" that fails to pass

Re: Blacklisting based on SPF

In article you write: >-=-=-=-=-=- > >I've noticed some trojans with addresses from usps.com slip through. > >Does anyone blacklist based on SPF? Nobody with any interest in delivering the mail that their users want. The error rate is much, much too high. R's, John

Re: Blacklisting based on SPF

On Wed, 5 Oct 2011 11:01:12 -1000, Julian Yap wrote: Ive noticed some trojans with addresses from usps.com [1] slip through. ups.com ? Does anyone blacklist based on SPF? not needed since all spf domains is blacklisted, and scored neotral in spamassassin, until you use whitelist_from_spf o

Re: Blacklisting based on SPF

On 10/5/11 5:01 PM, Julian Yap wrote: I've noticed some trojans with addresses from usps.com slip through. Does anyone blacklist based on SPF? I took a look at the source for SpamAssassin/Plugin/SPF.pm but it only has evaluation rules for whitelisting: $self->register_eva

Blacklisting based on SPF

I've noticed some trojans with addresses from usps.com slip through. Does anyone blacklist based on SPF? I took a look at the source for SpamAssassin/Plugin/SPF.pm but it only has evaluation rules for whitelisting: $self->register_eval_rule ("check_for_spf_whitelist_from"); $self->register_ev

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On Tue, 08 Feb 2011 17:04:37 + Steve Freegard wrote: > Sure - credit where it is due; I've you to the 'Thanks' section. Thanks. And also, my apologies for posting to the list... that was supposed to be a private message. :( /me mutters something about email amateurs not understanding how e

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

Hi David, On 08/02/11 15:57, David F. Skoll wrote: Hi, Steve, http://www.fsl.com/index.php/resources/whitepapers/99 Interesting. I think you should credit me for this: "Once that has been proven then that â is exempted from further greylisting for 40 days since it was last seen." Our CanI

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On Tue, 08 Feb 2011 15:47:12 + Steve Freegard wrote: > See http://www.fsl.com/index.php/resources/whitepapers/99 "Once that has been proven then that 'hostid' is exempted from further greylisting for 40 days since it was last seen." :) Our CanIt system has been doing this since at least 20

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

Hi, Steve, > http://www.fsl.com/index.php/resources/whitepapers/99 Interesting. I think you should credit me for this: "Once that has been proven then that â is exempted from further greylisting for 40 days since it was last seen." Our CanIt system has been doing that since at least 2005, and

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On 19/01/11 15:02, David F. Skoll wrote: On Wed, 19 Jan 2011 09:56:47 -0500 Lee Dilkie wrote: The second was that I've found that the other spam-catching filtering is doing a much better job than it was years ago and turning off greylisting didn't adversely affect the amount of spam that got t

Re: Fwd: Re: Q about short-circuit over ruling blacklisting rule

On 2011/01/18 9:49 AM, J4 wrote: > This is pretty much what I would like to achieve, & the reason I > decided not to use Dovecot Sieve (apart from me being incapable of > setting it. ;) ). > > Parse the SPAM during the SMPT session and use only RAM: Perfect. > > I would still li

Re: Suspicious URL:Re: Suspicious URL:Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On 1/19/11 2:35 PM, "John Hardin" wrote: > On Wed, 19 Jan 2011, Daniel McDonald wrote: > >> On 1/19/11 10:17 AM, "John Hardin" wrote: >> >>> On Wed, 19 Jan 2011, Lee Dilkie wrote: >>> Don't get me wrong, I liked GL but there are a number of big ISPs that have quite long retry tim

Re: Suspicious URL:Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On Wed, 19 Jan 2011, Daniel McDonald wrote: On 1/19/11 10:17 AM, "John Hardin" wrote: On Wed, 19 Jan 2011, Lee Dilkie wrote: Don't get me wrong, I liked GL but there are a number of big ISPs that have quite long retry timeouts (for some reason, sympatico comes to mind) and it got to be too

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On 1/19/2011 8:06 AM, Lee Dilkie wrote: On 1/19/2011 10:02 AM, David F. Skoll wrote: On Wed, 19 Jan 2011 09:56:47 -0500 Lee Dilkie wrote: The second was that I've found that the other spam-catching filtering is doing a much better job than it was years ago and turning off greylisting didn't

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

The legitimate mail that passes through my mail server comes from hosts / networks I might not hear from again for months, by which time I have to potentially wait 24 hours for the greylisting / mail server to try again. >> >> I run greylisting on an email server with several th

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On 1/19/2011 9:25 AM, Matt wrote: The legitimate mail that passes through my mail server comes from hosts / networks I might not hear from again for months, by which time I have to potentially wait 24 hours for the greylisting / mail server to try again. I run greylisting on an email server wit

Re: Suspicious URL:Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On Wed, Jan 19, 2011 at 11:14:29AM -0600, Daniel McDonald wrote: > On 1/19/11 10:17 AM, "John Hardin" wrote: > > > On Wed, 19 Jan 2011, Lee Dilkie wrote: > > > >> Don't get me wrong, I liked GL but there are a number of big ISPs that > >> have quite long retry timeouts (for some reason, sympatic

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

>> The legitimate mail that passes through my mail server comes from >> hosts / networks I might not hear from again for months, by which >> time I have to potentially wait 24 hours for the greylisting / mail >> server to try again. I run greylisting on an email server with several thousand email

Re: Suspicious URL:Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On 1/19/11 10:17 AM, "John Hardin" wrote: > On Wed, 19 Jan 2011, Lee Dilkie wrote: > >> Don't get me wrong, I liked GL but there are a number of big ISPs that >> have quite long retry timeouts (for some reason, sympatico comes to >> mind) and it got to be too annoying. > > ...and when you encou

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On Wed, 19 Jan 2011, Lee Dilkie wrote: Don't get me wrong, I liked GL but there are a number of big ISPs that have quite long retry timeouts (for some reason, sympatico comes to mind) and it got to be too annoying. ...and when you encounter a big ISP that does this, do you notify their postm

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On 1/19/2011 10:02 AM, David F. Skoll wrote: > On Wed, 19 Jan 2011 09:56:47 -0500 > Lee Dilkie wrote: > >> The second was that I've found that the other spam-catching filtering >> is doing a much better job than it was years ago and turning off >> greylisting didn't adversely affect the amount of

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

On Wed, 19 Jan 2011 09:56:47 -0500 Lee Dilkie wrote: > The second was that I've found that the other spam-catching filtering > is doing a much better job than it was years ago and turning off > greylisting didn't adversely affect the amount of spam that got > through. That's possibly true, but l

Re: Greylisting delay (was Re: Q about short-circuit over ruling blacklisting rule)

I recently gave up on greylisting after using it for years as well. Two reasons really, one was the complaints from users (and I found that they often asked folks to "send mail to me twice" to try and get mail to "work better" and that was just embarrassing). The second was that I've found that t

  1   2   3   >