From mhw at wittsend.com Fri Jun 2 21:26:50 2017 From: mhw at wittsend.com (Michael H. Warfield) Date: Fri, 02 Jun 2017 17:26:50 -0400 Subject: Any chance of a new release? In-Reply-To: References: <7CA580B59C1ABD45B4614ED90D4C7B85F586BEB0@HC-EXMBX04.herefordshire.gov.uk> Message-ID: <1496438810.11779.5.camel@WittsEnd.com> On Sat, 2017-05-27 at 18:01 -0400, Shawn Iverson wrote: > I'm working on systemd scripts for mailscanner.? I'm betting that > Jerry is waiting on me to complete and test that work first.? I'm > getting closer, just need to adapt or generalize the scripts for > debian and SuSE derivatives. I've been looking at your scripts and configs. Please take Fedora into account. You're checking the rhel version in the spec file for CentOS but Fedora is also running on systemd. I'm tinkering with it on Fedora 24 right now (all current versions of Fedora are on systemd). Rather than test for the rhel version, wouldn't it be more general to check for the existence of of the systemd directories? From working on LXC (I'm the author and past maintainer of the fedora and centos templates for LXC), some distros have the init system (sysvinit, upstart, systemd) configurable and it doesn't do any harm to install the files in the systemd system directories. Regards, Mike > On Thu, May 18, 2017 at 8:03 AM, Randal, Phil > wrote: > > Is there any chance of a new release incorporating all the changes > > up to date? > > ? > > Cheers, > > ? > > Phil > > ? > > ? > > Phil Randal ? Infrastructure Engineer > > Hoople Ltd | Plough Lane Offices | Plough Lane | Hereford | HR4 0LE > > Tel: 01432 260415 > > Email: phil.randal at hoopleltd.co.uk > > Website: www.hoopleltd.co.uk > > ? > > Hoople Ltd, Registered in England and Wales No. 7556595 > > Registered office: Plough Lane, Hereford, HR4 0LE > > > > "Any opinion expressed in this e-mail or any attached files are > > those of the individual and not necessarily those of Hoople Ltd. > > You should be aware that Hoople Ltd. monitors its email service. > > This e-mail and any attached files are confidential and intended > > solely for the use of the addressee. This communication may contain > > material protected by law from being passed on. If you are not the > > intended recipient and have received this e-mail in error, you are > > advised that any use, dissemination, forwarding, printing or > > copying of this e-mail is strictly prohibited. If you have received > > this e-mail in error please contact the sender immediately and > > destroy all copies of it." > > > > > > > > -- > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > --? > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > -- Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part URL: From pparsons at techeez.com Sat Jun 3 16:04:30 2017 From: pparsons at techeez.com (Philip Parsons) Date: Sat, 3 Jun 2017 16:04:30 +0000 Subject: Upgrade Message-ID: <1496505869.2949.5.camel@techeez.com> Took a working 4.85.2 to 5.03 Got everything working on a Centos box with a couple of issues. sendmail is the MTA Last item is I cannot get it to process any mail it receives?it just find but then all messages get stuck in the processing queue and go around and around until the limit is reached and then it sends the problem message email saying the email tried to kill Mailscanner these are just plain txt test email messages. Any ideas -- Thank You Philip Parsons From mhw at wittsend.com Sat Jun 3 21:41:50 2017 From: mhw at wittsend.com (Michael H. Warfield) Date: Sat, 03 Jun 2017 17:41:50 -0400 Subject: Upgrade In-Reply-To: <1496505869.2949.5.camel@techeez.com> References: <1496505869.2949.5.camel@techeez.com> Message-ID: <1496526110.11779.9.camel@WittsEnd.com> On Sat, 2017-06-03 at 16:04 +0000, Philip Parsons wrote: > Took a working 4.85.2 to 5.03 > Got everything working on a Centos box with a couple of issues. What version of CentOS? If it's CentOS 7, you're going to need the latest patches that are being actively worked on. MailScanner has some patches for systemd (the init system for CentOS 7, Fedora, and other recent distros) but the modules for independently firing up sendmail in cooperation with MailScanner are incomplete. There are some patches in git right now for 5.0.4 which are working for me in Fedora 24. Comments indicate CentOS 6, CentOS 7, and Fedora 25 are also installing properly. https://github.com/MailScanner/v5/issues/50 https://github.com/MailScanner/v5/issues/23 https://github.com/MailScanner/v5/pull/54 Work is actively in progress. If you are the developer type, you can do what I did. Clone the MailScanner v5 git repo and then pull down a patch for the latest patch from shawniverson. Latest patch is currently this: To view: https://github.com/MailScanner/v5/pull/54/commits/7b11825dfaa0ebf4c30462c94bea950b9361e86f A "patchable" patch: https://github.com/MailScanner/v5/pull/54/commits/7b11825dfaa0ebf4c30462c94bea950b9361e86f.patch Apply patch and run the "Build.rhel" script. That will create an rpm for you which you can install through yum/dnf. I have it running on my Fedora systems now. If you're not up to doing that, you may have to wait a few days, at least for the patch to be merged into the 5.0.4 branch. > sendmail is the MTA > > Last item is I cannot get it to process any mail it receives?it just > find but then all messages get stuck in the processing queue and go > around and around until the limit is reached and then it sends the > problem message email saying the email tried to kill Mailscanner > these > are just plain txt test email messages. > > Any ideas > > > > --? > > Thank You > Philip Parsons Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: This is a digitally signed message part URL: From pparsons at techeez.com Mon Jun 5 14:28:17 2017 From: pparsons at techeez.com (Philip Parsons) Date: Mon, 5 Jun 2017 14:28:17 +0000 Subject: Upgrade In-Reply-To: <1496526110.11779.9.camel@WittsEnd.com> References: <1496505869.2949.5.camel@techeez.com>, <1496526110.11779.9.camel@WittsEnd.com> Message-ID: I am running Centos 6.5. New have pulled the scripts to start and run sendmail, so I am assuming then the it must be similar in that sendmail just does not process the mail. I am not a development type so I will have to wait. And will look to see if any of the patches fixes it. Techeez on the go so please excuse the spelling. > On Jun 3, 2017, at 2:46 PM, Michael H. Warfield wrote: > >> On Sat, 2017-06-03 at 16:04 +0000, Philip Parsons wrote: >> Took a working 4.85.2 to 5.03 > >> Got everything working on a Centos box with a couple of issues. > > What version of CentOS? If it's CentOS 7, you're going to need the > latest patches that are being actively worked on. MailScanner has some > patches for systemd (the init system for CentOS 7, Fedora, and other > recent distros) but the modules for independently firing up sendmail in > cooperation with MailScanner are incomplete. There are some patches in > git right now for 5.0.4 which are working for me in Fedora 24. > Comments indicate CentOS 6, CentOS 7, and Fedora 25 are also installing > properly. > > https://github.com/MailScanner/v5/issues/50 > > https://github.com/MailScanner/v5/issues/23 > > https://github.com/MailScanner/v5/pull/54 > > Work is actively in progress. > > If you are the developer type, you can do what I did. Clone the > MailScanner v5 git repo and then pull down a patch for the latest patch > from shawniverson. Latest patch is currently this: > > To view: > https://github.com/MailScanner/v5/pull/54/commits/7b11825dfaa0ebf4c30462c94bea950b9361e86f > > A "patchable" patch: > https://github.com/MailScanner/v5/pull/54/commits/7b11825dfaa0ebf4c30462c94bea950b9361e86f.patch > > Apply patch and run the "Build.rhel" script. That will create an rpm > for you which you can install through yum/dnf. I have it running on my > Fedora systems now. If you're not up to doing that, you may have to > wait a few days, at least for the patch to be merged into the 5.0.4 > branch. > >> sendmail is the MTA >> >> Last item is I cannot get it to process any mail it receives it just >> find but then all messages get stuck in the processing queue and go >> around and around until the limit is reached and then it sends the >> problem message email saying the email tried to kill Mailscanner >> these >> are just plain txt test email messages. >> >> Any ideas >> >> >> >> -- >> >> Thank You >> Philip Parsons > > Regards, > Mike > -- > Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of all > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > From mailinglists at feedmebits.nl Mon Jun 5 21:52:20 2017 From: mailinglists at feedmebits.nl (Maarten) Date: Mon, 5 Jun 2017 23:52:20 +0200 Subject: mailscanner rules/sets Message-ID: Hello, I have my filename Rules setting pointing towards a rule set like this. MailScanner.conf --> Filename Rules = /etc/MailScanner/rules/custom.filename.rules cat custom.filename.rules FromOrTo: example.com /etc/MailScanner/rules/custom.filenames.acl FromOrTo default /etc/MailScanner/filename.rules.conf cat custom.filenames.acl deny .\sspx$ example example However I noticed when it's like this for a that domain, then all the denies in filenam.rules.conf are basically whitelisted for that domain since I am basically pointing towards a whole different list of denies and allows for that domain. Or is there a better and easier way to do what I'm trying to do? Greetings, Maarten From phaleintx at gmail.com Tue Jun 6 19:13:58 2017 From: phaleintx at gmail.com (Phil Hale) Date: Tue, 06 Jun 2017 14:13:58 -0500 Subject: web site seems to be down Message-ID: <1496776438.3026.25.camel@gmail.com> Hello, When I attempt to go to the MailScanner web-site, http://www.mailscanne r.info I get a screen stating "Access Denied" and that I'm "attempting to access a forbidden site.". Is the website unavailable? If it is, where can I download a copy of the 5.0.4-4 RHEL tarball? Thanks, Phil -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeremy at fluxlabs.net Tue Jun 6 19:24:27 2017 From: jeremy at fluxlabs.net (Jeremy McSpadden) Date: Tue, 6 Jun 2017 19:24:27 +0000 Subject: web site seems to be down In-Reply-To: <1496776438.3026.25.camel@gmail.com> References: <1496776438.3026.25.camel@gmail.com> Message-ID: <8F47C1C5-45AC-495C-9AAA-AF48D23F41BD@fluxlabs.net> Site is up and active. Maybe your connection is being filtered/blocked ? Try from another connection -- Jeremy McSpadden Flux Labs | http://www.fluxlabs.net | Endless Solutions Office : 850-250-5590 x 1001 | Cell : 850-890-2543 | Fax : 850-254-7868 On Jun 6, 2017, at 2:13 PM, Phil Hale > wrote: Hello, When I attempt to go to the MailScanner web-site, http://www.mailscanner.info I get a screen stating "Access Denied" and that I'm "attempting to access a forbidden site.". Is the website unavailable? If it is, where can I download a copy of the 5.0.4-4 RHEL tarball? Thanks, Phil -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Tue Jun 6 19:24:52 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 6 Jun 2017 15:24:52 -0400 Subject: web site seems to be down In-Reply-To: <1496776438.3026.25.camel@gmail.com> References: <1496776438.3026.25.camel@gmail.com> Message-ID: Website is not down. The only thing I see in the logs on the server are rejections from bogus user agents. Here is the RHEL package: https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz 5.0.4 is not done yet. (Packaged.) - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Jun 6, 2017, at 3:13 PM, Phil Hale wrote: > > Hello, > > When I attempt to go to the MailScanner web-site, http://www.mailscanner.info I get a screen stating "Access Denied" and that I'm "attempting to access a forbidden site.". Is the website unavailable? If it is, where can I download a copy of the 5.0.4-4 RHEL tarball? > > Thanks, > > Phil > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From phaleintx at gmail.com Tue Jun 6 19:41:23 2017 From: phaleintx at gmail.com (Phil Hale) Date: Tue, 06 Jun 2017 14:41:23 -0500 Subject: web site seems to be down In-Reply-To: References: <1496776438.3026.25.camel@gmail.com> Message-ID: <1496778083.3026.27.camel@gmail.com> Thank you for the download link.??Here is what I'm seeing when I browse the page: Firefox on Fedora 25 x86_64: Chrome on Fedora 25 x86_64: -----Original Message----- Date: Tue, 6 Jun 2017 15:24:52 -0400 Subject: Re: web site seems to be down To: MailScanner Discussion Reply-to: MailScanner Discussion From: Jerry Benton Website is not down. The only thing I see in the logs on the server are rejections from bogus user agents. Here is the RHEL package: https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz 5.0.4 is not done yet. (Packaged.) - Jerry Benton www.mailborder.com +1 -?844-436-6245 > On Jun 6, 2017, at 3:13 PM, Phil Hale wrote: > > Hello, > > When I attempt to go to the MailScanner web-site, http://www.mailscan > ner.info I get a screen stating "Access Denied" and that I'm > "attempting to access a forbidden site.".??Is the website > unavailable???If it is, where can I download a copy of the 5.0.4-4 > RHEL tarball? > > Thanks, > > Phil > > --? > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot from 2017-06-06 14-40-44.png Type: image/png Size: 31975 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot from 2017-06-06 14-39-13.png Type: image/png Size: 36315 bytes Desc: not available URL: From jerry.benton at mailborder.com Tue Jun 6 19:43:37 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Tue, 6 Jun 2017 15:43:37 -0400 Subject: web site seems to be down In-Reply-To: <1496778083.3026.27.camel@gmail.com> References: <1496776438.3026.25.camel@gmail.com> <1496778083.3026.27.camel@gmail.com> Message-ID: Phil, I do not know what to tell you. That is not correct. The site is up and working fine. Nothing is blocked unless your browser is behaving badly. Have another machine or browser you can use to test? Going through a proxy? It could be a lot of things. - Jerry Benton www.mailborder.com +1 - 844-436-6245 > On Jun 6, 2017, at 3:41 PM, Phil Hale wrote: > > Thank you for the download link. Here is what I'm seeing when I browse the page: > > Firefox on Fedora 25 x86_64: > > > Chrome on Fedora 25 x86_64: > > > > > -----Original Message----- > > Date: Tue, 6 Jun 2017 15:24:52 -0400 > Subject: Re: web site seems to be down > To: MailScanner Discussion > > Reply-to: MailScanner Discussion > From: Jerry Benton > > Website is not down. The only thing I see in the logs on the server are rejections from bogus user agents. Here is the RHEL package: > > https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz > > > 5.0.4 is not done yet. (Packaged.) > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Jun 6, 2017, at 3:13 PM, Phil Hale > wrote: >> >> Hello, >> >> When I attempt to go to the MailScanner web-site, http://www.mailscanner.info I get a screen stating "Access Denied" and that I'm "attempting to access a forbidden site.". Is the website unavailable? If it is, where can I download a copy of the 5.0.4-4 RHEL tarball? >> >> Thanks, >> >> Phil >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alkazee at gmail.com Tue Jun 6 19:45:42 2017 From: alkazee at gmail.com (=?utf-8?Q?Jos=C3=A9_Filipe_da_Silva_Ferreira?=) Date: Tue, 6 Jun 2017 20:45:42 +0100 Subject: web site seems to be down In-Reply-To: References: <1496776438.3026.25.camel@gmail.com> <1496778083.3026.27.camel@gmail.com> Message-ID: <1EBB8F34-084D-4A55-8617-99271E64E247@gmail.com> Hi Phil, Can you change your dns to google (8.8.8.8) ? It seems to me that you are using your ISP dns and that it?s blocking the http://www.mailscanner.info url. Best Regards, Filipe Ferreira. > No dia 06/06/2017, ?s 20:43, Jerry Benton escreveu: > > Phil, > > I do not know what to tell you. That is not correct. The site is up and working fine. Nothing is blocked unless your browser is behaving badly. Have another machine or browser you can use to test? Going through a proxy? It could be a lot of things. > > - > Jerry Benton > www.mailborder.com > +1 - 844-436-6245 > > > >> On Jun 6, 2017, at 3:41 PM, Phil Hale > wrote: >> >> Thank you for the download link. Here is what I'm seeing when I browse the page: >> >> Firefox on Fedora 25 x86_64: >> >> >> Chrome on Fedora 25 x86_64: >> >> >> >> >> -----Original Message----- >> >> Date: Tue, 6 Jun 2017 15:24:52 -0400 >> Subject: Re: web site seems to be down >> To: MailScanner Discussion > >> Reply-to: MailScanner Discussion > >> From: Jerry Benton > >> Website is not down. The only thing I see in the logs on the server are rejections from bogus user agents. Here is the RHEL package: >> >> https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz >> >> >> 5.0.4 is not done yet. (Packaged.) >> >> - >> Jerry Benton >> www.mailborder.com >> +1 - 844-436-6245 >> >> >> >>> On Jun 6, 2017, at 3:13 PM, Phil Hale > wrote: >>> >>> Hello, >>> >>> When I attempt to go to the MailScanner web-site, http://www.mailscanner.info I get a screen stating "Access Denied" and that I'm "attempting to access a forbidden site.". Is the website unavailable? If it is, where can I download a copy of the 5.0.4-4 RHEL tarball? >>> >>> Thanks, >>> >>> Phil >>> >>> >>> -- >>> MailScanner mailing list >>> mailscanner at lists.mailscanner.info >>> http://lists.mailscanner.info/mailman/listinfo/mailscanner >>> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From phaleintx at gmail.com Tue Jun 6 19:46:54 2017 From: phaleintx at gmail.com (Phil Hale) Date: Tue, 06 Jun 2017 14:46:54 -0500 Subject: web site seems to be down In-Reply-To: References: <1496776438.3026.25.camel@gmail.com> <1496778083.3026.27.camel@gmail.com> Message-ID: <1496778414.3026.29.camel@gmail.com> I'm coming from my work-station at the University I work at.??I'm on a DMZ and go straight out without proxy.??I'm not sure what is the issue is, but I'll check from my home work-station tonight.??On the MailScanner git site is show 5.0.4-4 as the latest release.??Is that the case???If so, can I get a copy of the rhel tarball? Phil -----Original Message----- Date: Tue, 6 Jun 2017 15:43:37 -0400 Subject: Re: web site seems to be down To: MailScanner Discussion Reply-to: MailScanner Discussion From: Jerry Benton Phil, I do not know what to tell you. That is not correct. The site is up and working fine. Nothing is blocked unless your browser is behaving badly. Have another machine or browser you can use to test? Going through a proxy? It could be a lot of things.? - Jerry Benton www.mailborder.com +1 -?844-436-6245 > On Jun 6, 2017, at 3:41 PM, Phil Hale wrote: > > Thank you for the download link.??Here is what I'm seeing when I > browse the page: > Firefox on Fedora 25 x86_64: > > Chrome on Fedora 25 x86_64: > > > > -----Original Message----- > Date: Tue, 6 Jun 2017 15:24:52 -0400Subject: Re: web site seems to be > downTo: MailScanner Discussion Re > ply-to: MailScanner Discussion Fr > om: Jerry Benton Website is not down. > The only thing I see in the logs on the server are rejections from > bogus user agents. Here is the RHEL package: > https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz > > 5.0.4 is not done yet. (Packaged.) > > > - > Jerry Benton > www.mailborder.com > +1 -?844-436-6245 > > > > > > > > On Jun 6, 2017, at 3:13 PM, Phil Hale wrote: > > > > Hello, > > > > When I attempt to go to the MailScanner web-site, http://www.mailsc > > anner.info I get a screen stating "Access Denied" and that I'm > > "attempting to access a forbidden site.".??Is the website > > unavailable???If it is, where can I download a copy of the 5.0.4-4 > > RHEL tarball? > > > > Thanks, > > > > Phil > > > > --? > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > --? > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From phaleintx at gmail.com Tue Jun 6 19:49:11 2017 From: phaleintx at gmail.com (Phil Hale) Date: Tue, 06 Jun 2017 14:49:11 -0500 Subject: web site seems to be down In-Reply-To: <1EBB8F34-084D-4A55-8617-99271E64E247@gmail.com> References: <1496776438.3026.25.camel@gmail.com> <1496778083.3026.27.camel@gmail.com> <1EBB8F34-084D-4A55-8617-99271E64E247@gmail.com> Message-ID: <1496778551.3026.31.camel@gmail.com> I did test from my LTE connection on my cell phone and the site is up via T-Mobile USA.??I'll file a ticket with our University Networking team to have them check our network IPS and ISP. thanks everyone and sorry for the false alarm. Phil -----Original Message----- Date: Tue, 6 Jun 2017 20:45:42 +0100 Subject: Re: web site seems to be down To: MailScanner Discussion Reply-to: MailScanner Discussion From: Jos? Filipe da Silva Ferreira Hi Phil,? Can you change your dns to google (8.8.8.8) ? It seems to me that you are using your ISP dns and that it?s blocking the?http://www.mailscanner.info?url. Best Regards, Filipe Ferreira. > No dia 06/06/2017, ?s 20:43, Jerry Benton m> escreveu: > > Phil, > I do not know what to tell you. That is not correct. The site is up > and working fine. Nothing is blocked unless your browser is behaving > badly. Have another machine or browser you can use to test? Going > through a proxy? It could be a lot of things.? > > > - > Jerry Benton > www.mailborder.com > +1 -?844-436-6245 > > > > > > > > On Jun 6, 2017, at 3:41 PM, Phil Hale wrote: > > > > Thank you for the download link.??Here is what I'm seeing when I > > browse the page: > > Firefox on Fedora 25 x86_64: > 13.png> > > > > Chrome on Fedora 25 x86_64: > 44.png> > > > > > > > > -----Original Message----- > > Date: Tue, 6 Jun 2017 15:24:52 -0400Subject: Re: web site seems to > > be downTo: MailScanner Discussion > fo>Reply-to: MailScanner Discussion > info>From: Jerry Benton Website is not > > down. The only thing I see in the logs on the server are rejections > > from bogus user agents. Here is the RHEL package: > > https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar. > > gz > > > > 5.0.4 is not done yet. (Packaged.) > > > > > > - > > Jerry Benton > > www.mailborder.com > > +1 -?844-436-6245 > > > > > > > > > > > > > > > On Jun 6, 2017, at 3:13 PM, Phil Hale > > > wrote: > > > > > > Hello, > > > > > > When I attempt to go to the MailScanner web-site, http://www.mail > > > scanner.info I get a screen stating "Access Denied" and that I'm > > > "attempting to access a forbidden site.".??Is the website > > > unavailable???If it is, where can I download a copy of the 5.0.4- > > > 4 RHEL tarball? > > > > > > Thanks, > > > > > > Phil > > > > > > --? > > > MailScanner mailing list > > > mailscanner at lists.mailscanner.info > > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > > > > --? > > MailScanner mailing list > > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > --? > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pparsons at techeez.com Wed Jun 7 22:45:58 2017 From: pparsons at techeez.com (Philip Parsons) Date: Wed, 7 Jun 2017 22:45:58 +0000 Subject: web site seems to be down In-Reply-To: <1496778551.3026.31.camel@gmail.com> References: <1496776438.3026.25.camel@gmail.com> <1496778083.3026.27.camel@gmail.com> <1EBB8F34-084D-4A55-8617-99271E64E247@gmail.com> <1496778551.3026.31.camel@gmail.com> Message-ID: <11D8E491D9562549A61FD3186F363420029BD11B01@exchange.techeez.com> The message looks like it is from a Firepower or web sense filtering system. From: MailScanner [mailto:mailscanner-bounces+pparsons=techeez.com at lists.mailscanner.info] On Behalf Of Phil Hale Sent: June 6, 2017 12:49 PM To: MailScanner Discussion Subject: Re: web site seems to be down I did test from my LTE connection on my cell phone and the site is up via T-Mobile USA. I'll file a ticket with our University Networking team to have them check our network IPS and ISP. thanks everyone and sorry for the false alarm. Phil -----Original Message----- Date: Tue, 6 Jun 2017 20:45:42 +0100 Subject: Re: web site seems to be down To: MailScanner Discussion > Reply-to: MailScanner Discussion > From: Jos? Filipe da Silva Ferreira > Hi Phil, Can you change your dns to google (8.8.8.8) ? It seems to me that you are using your ISP dns and that it?s blocking the http://www.mailscanner.info url. Best Regards, Filipe Ferreira. No dia 06/06/2017, ?s 20:43, Jerry Benton > escreveu: Phil, I do not know what to tell you. That is not correct. The site is up and working fine. Nothing is blocked unless your browser is behaving badly. Have another machine or browser you can use to test? Going through a proxy? It could be a lot of things. - Jerry Benton www.mailborder.com +1 - 844-436-6245 On Jun 6, 2017, at 3:41 PM, Phil Hale > wrote: Thank you for the download link. Here is what I'm seeing when I browse the page: Firefox on Fedora 25 x86_64: Chrome on Fedora 25 x86_64: -----Original Message----- Date: Tue, 6 Jun 2017 15:24:52 -0400 Subject: Re: web site seems to be down To: MailScanner Discussion > Reply-to: MailScanner Discussion > From: Jerry Benton > Website is not down. The only thing I see in the logs on the server are rejections from bogus user agents. Here is the RHEL package: https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz 5.0.4 is not done yet. (Packaged.) - Jerry Benton www.mailborder.com +1 - 844-436-6245 On Jun 6, 2017, at 3:13 PM, Phil Hale > wrote: Hello, When I attempt to go to the MailScanner web-site, http://www.mailscanner.info I get a screen stating "Access Denied" and that I'm "attempting to access a forbidden site.". Is the website unavailable? If it is, where can I download a copy of the 5.0.4-4 RHEL tarball? Thanks, Phil -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An HTML attachment was scrubbed... URL: From phaleintx at gmail.com Thu Jun 8 15:12:17 2017 From: phaleintx at gmail.com (Phil Hale) Date: Thu, 08 Jun 2017 10:12:17 -0500 Subject: web site seems to be down In-Reply-To: <11D8E491D9562549A61FD3186F363420029BD11B01@exchange.techeez.com> References: <1496776438.3026.25.camel@gmail.com> <1496778083.3026.27.camel@gmail.com> <1EBB8F34-084D-4A55-8617-99271E64E247@gmail.com> <1496778551.3026.31.camel@gmail.com> <11D8E491D9562549A61FD3186F363420029BD11B01@exchange.techeez.com> Message-ID: <1496934737.2795.0.camel@gmail.com> I'm sure it is on our edge since it works from non-University networks.??I've submitted a ticket to our Network and Security teams to review the URL and "fix" it.??Again, sorry for the confusion. Phil -----Original Message----- Date: Wed, 7 Jun 2017 22:45:58 +0000 Subject: RE: web site seems to be down To: MailScanner Discussion Reply-to: MailScanner Discussion From: Philip Parsons The message looks like it is from a Firepower or web sense filtering system. ? From: MailScanner [mailto:mailscanner-bounces+pparsons=techeez.com at list s.mailscanner.info] On Behalf Of Phil Hale Sent: June 6, 2017 12:49 PM To: MailScanner Discussion Subject: Re: web site seems to be down ? ? I did test from my LTE connection on my cell phone and the site is up via T-Mobile USA. I'll file a ticket with our University Networking team to have them check our network IPS and ISP. ? thanks everyone and sorry for the false alarm. ? Phil ? -----Original Message----- ? Date: Tue, 6 Jun 2017 20:45:42 +0100 Subject: Re: web site seems to be down To: MailScanner Discussion Reply-to: MailScanner Discussion From: Jos? Filipe da Silva Ferreira Hi Phil,? ? Can you change your dns to google (8.8.8.8) ? ? It seems to me that you are using your ISP dns and that it?s blocking the?http://www.mailscanner.info?url. ? Best Regards, Filipe Ferreira. ? ? No dia 06/06/2017, ?s 20:43, Jerry Benton escreveu: ? Phil, ? I do not know what to tell you. That is not correct. The site is up and working fine. Nothing is blocked unless your browser is behaving badly. Have another machine or browser you can use to test? Going through a proxy? It could be a lot ?of things.? - Jerry Benton www.mailborder.com +1 -?844-436-6245 ? On Jun 6, 2017, at 3:41 PM, Phil Hale wrote: ? Thank you for the download link. Here is what I'm seeing when I browse the page: ? Firefox on Fedora 25 x86_64: ? Chrome on Fedora 25 x86_64: ? ? ? -----Original Message----- ? Date: Tue, 6 Jun 2017 15:24:52 -0400 Subject: Re: web site seems to be down To: MailScanner Discussion Reply-to: MailScanner Discussion From: Jerry Benton Website is not down. The only thing I see in the logs on the server are rejections from bogus user agents. Here is the RHEL package: ? https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz ? ? 5.0.4 is not done yet. (Packaged.) - Jerry Benton www.mailborder.com +1 -?844-436-6245 ? On Jun 6, 2017, at 3:13 PM, Phil Hale wrote: ? Hello, ? When I attempt to go to the MailScanner web-site,? http://www.mailscanner.info I get a screen stating "Access Denied" and that I'm "attempting to access a forbidden site.". Is the website unavailable? If it is, where can I download a copy of the 5.0.4-4 RHEL tarball? ? Thanks, ? Phil --? MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ? --? MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ? --? MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ? ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From gao at pztop.com Thu Jun 8 16:10:13 2017 From: gao at pztop.com (Gao) Date: Thu, 8 Jun 2017 09:10:13 -0700 Subject: Trouble with mails from Blackberry Message-ID: <15998eb9-9af5-6fbd-1895-ade8fdc13668@pztop.com> Hi, There are several cases that MailScanner give high score for incoming email send from Blackberry device. I don't know how to deal with this. I set the spam score is 5.0 and those blackberry email seems always get identified as spam. Should I make a custom rule to lower the score for all mail from "blackberry.com"? Please help. For example, here is an email's (spam score 5.08) header: Received-SPF: pass (srs.bis6.us.blackberry.com: 74.82.85.4 is authorized to use 'SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com' in 'mfrom' identity (mechanism 'ip4:74.82.64.0/19' matched)) receiver=zeta.mydomain.com; identity=mailfrom; envelope-from="SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com"; helo=smtp04.bis6.na.blackberry.com; client-ip=74.82.85.4 Received: from smtp04.bis6.na.blackberry.com (74-82-85-4.rdns.blackberry.net [74.82.85.4]) by zeta.mydomain.com (Postfix) with ESMTP id 449B320030FB3 for ; Wed, 7 Jun 2017 23:16:25 -0700 (PDT) Received: from b2.c1.bise6.blackberry ([192.168.0.102]) by srs.bis6.us.blackberry.com (8.13.7 TEAMON/8.13.7) with ESMTP id v586GO8v012308 for ; Thu, 8 Jun 2017 06:16:24 GMT Received: from 172.29.194.175 (cmp5.c1.bise6.blackberry [172.29.194.175]) by b2.c1.bise6.blackberry (8.13.7 TEAMON/8.13.7) with ESMTP id v586GNj0000839 for ; Thu, 8 Jun 2017 06:16:23 GMT X-rim-org-msg-ref-id: 586172512 Disposition-Notification-To: gjv at mydomain.com Message-ID: <586172512-1496902582-cardhu_decombobulator_blackberry.rim.net-658104992- at b14.c1.bise6.blackberry> Reply-To: gjv at mydomain.com X-Priority: Normal Sensitivity: Normal Importance: Normal Subject: Keys To: "First Last" From: gjv at mydomain.com Date: Thu, 8 Jun 2017 06:16:22 +0000 Content-Type: text/plain MIME-Version: 1.0 And the maillog: Jun 7 23:16:25 zeta postfix/smtpd[28147]: connect from 74-82-85-4.rdns.blackberry.net[74.82.85.4] Jun 7 23:16:26 zeta postfix/policy-spf[28155]: Policy action=PREPEND Received-SPF: pass (srs.bis6.us.blackberry.com: 74.82.85.4 is authorized to use 'SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com' in 'mfrom' identity (mechanism 'ip4:74.82.64.0/19' matched)) receiver=zeta.mydomain.com; identity=mailfrom; envelope-from="SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com"; helo=smtp04.bis6.na.blackberry.com; client-ip=74.82.85.4 Jun 7 23:16:26 zeta postfix/smtpd[28147]: 449B320030FB3: client=74-82-85-4.rdns.blackberry.net[74.82.85.4] Jun 7 23:16:26 zeta postfix/cleanup[28159]: 449B320030FB3: hold: header Received: from smtp04.bis6.na.blackberry.com (74-82-85-4.rdns.blackberry.net [74.82.85.4])??by zeta.mydomain.com (Postfix) with ESMTP id 449B320030FB3??for ; Wed, 7 Jun 2017 from 74-82-85-4.rdns.blackberry.net[74.82.85.4]; from= to= proto=ESMTP helo= Jun 7 23:16:26 zeta postfix/cleanup[28159]: 449B320030FB3: message-id=<586172512-1496902582-cardhu_decombobulator_blackberry.rim.net-658104992- at b14.c1.bise6.blackberry> Jun 7 23:16:26 zeta opendkim[2218]: 449B320030FB3: 74-82-85-4.rdns.blackberry.net [74.82.85.4] not internal Jun 7 23:16:26 zeta opendkim[2218]: 449B320030FB3: not authenticated Jun 7 23:16:26 zeta opendkim[2218]: 449B320030FB3: no signature data Jun 7 23:16:31 zeta postfix/smtpd[28147]: disconnect from 74-82-85-4.rdns.blackberry.net[74.82.85.4] Jun 7 23:16:32 zeta MailScanner[27196]: Message 449B320030FB3.A5EA6 from 74.82.85.4 (srs0=hag/vd=5n=mydomain.com=gjv at srs.bis6.us.blackberry.com) to mydomain.com is spam, SpamAssassin (not cached, score=5.08, required 4, BAYES_00 -1.90, FSL_HELO_BARE_IP_2 1.00, HEADER_FROM_DIFFERENT_DOMAINS 1.00, RATWARE_EFROM 3.00, RCVD_IN_DNSWL_NONE -0.00, RDNS_DYNAMIC 0.98, SPF_PASS -0.00, XPRIO_SHORT_SUBJ 1.00) Jun 7 23:16:32 zeta MailScanner[27196]: Spam Checks: Found 1 spam messages Jun 7 23:16:32 zeta MailScanner[27196]: Spam Actions: message 449B320030FB3.A5EA6 actions are store Jun 7 23:16:32 zeta MailScanner[27196]: Deleted 1 messages from processing-database Jun 7 23:16:32 zeta MailScanner[27196]: Logging message 449B320030FB3.A5EA6 to SQL Jun 7 23:16:32 zeta MailScanner[27636]: 449B320030FB3.A5EA6: Logged to MailWatch SQL -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Thu Jun 8 19:34:11 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Thu, 8 Jun 2017 15:34:11 -0400 Subject: Question on behalf of users -- blocked content (files) Message-ID: https://forum.efa-project.org/viewtopic.php?f=14&t=2449&p=9617 Is there any way to have mailscanner quarantine bad content instead of blocking it outright? -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Thu Jun 8 20:02:41 2017 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 8 Jun 2017 13:02:41 -0700 Subject: Trouble with mails from Blackberry In-Reply-To: <15998eb9-9af5-6fbd-1895-ade8fdc13668@pztop.com> References: <15998eb9-9af5-6fbd-1895-ade8fdc13668@pztop.com> Message-ID: <29738945-d2a0-6379-f3d4-7296c7ec0a48@msapiro.net> On 06/08/2017 09:10 AM, Gao wrote: > > There are several cases that MailScanner give high score for incoming > email send from Blackberry device. I don't know how to deal with this. I > set the spam score is 5.0 and those blackberry email seems always get > identified as spam. What version of SpamAssassin is this? ...> envelope-from="SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com"; ... > Jun 7 23:16:32 zeta MailScanner[27196]: Message 449B320030FB3.A5EA6 > from 74.82.85.4 > (srs0=hag/vd=5n=mydomain.com=gjv at srs.bis6.us.blackberry.com) to > mydomain.com is spam, SpamAssassin (not cached, score=5.08, required 4, > BAYES_00 -1.90, FSL_HELO_BARE_IP_2 1.00, HEADER_FROM_DIFFERENT_DOMAINS > 1.00, RATWARE_EFROM 3.00, RCVD_IN_DNSWL_NONE -0.00, RDNS_DYNAMIC 0.98, > SPF_PASS -0.00, XPRIO_SHORT_SUBJ 1.00) Your largest score is RATWARE_EFROM 3.00. Without it the message would score 2.08. The reason I ask about version is this score comes from Mail::SpamAssassin::Plugin::HeaderEval::check_ratware_envelope_from() Which in SA 3.4.1 at least has return 0 if $from =~ /^SRS\d=/; per which seems to be designed to exempt envelope senders beginning with SRS, a digit and = as this message does. If the issue is an older SA and you can't upgrade, you can always set the score for RATWARE_EFROM to zero. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From vlad at vladville.com Sat Jun 10 11:09:08 2017 From: vlad at vladville.com (Vlad Mazek) Date: Sat, 10 Jun 2017 07:09:08 -0400 Subject: Question on behalf of users -- blocked content (files) In-Reply-To: References: Message-ID: Not without writing some code; blocked attachments are stripped from the message and message itself isn't quarantined, it's delivered with the attachment. -Vlad -Vlad Vlad Mazek (407) 536-VLAD On Thu, Jun 8, 2017 at 3:34 PM, Shawn Iverson wrote: > https://forum.efa-project.org/viewtopic.php?f=14&t=2449&p=9617 > > Is there any way to have mailscanner quarantine bad content instead of > blocking it outright? > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x271 <(765)%20932-3901> > iversons at rushville.k12.in.us > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxsec at gmail.com Sat Jun 10 12:53:13 2017 From: maxsec at gmail.com (Martin Hepworth) Date: Sat, 10 Jun 2017 12:53:13 +0000 Subject: Question on behalf of users -- blocked content (files) In-Reply-To: References: Message-ID: If you add on a management layer like Mailwatch or Baruwa its possible On Thu, 8 Jun 2017 at 20:35, Shawn Iverson wrote: > https://forum.efa-project.org/viewtopic.php?f=14&t=2449&p=9617 > > Is there any way to have mailscanner quarantine bad content instead of > blocking it outright? > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- -- Martin Hepworth, CISSP Oxford, UK -------------- next part -------------- An HTML attachment was scrubbed... URL: From gao at pztop.com Mon Jun 12 16:00:58 2017 From: gao at pztop.com (Gao) Date: Mon, 12 Jun 2017 09:00:58 -0700 Subject: Trouble with mails from Blackberry In-Reply-To: <29738945-d2a0-6379-f3d4-7296c7ec0a48@msapiro.net> References: <15998eb9-9af5-6fbd-1895-ade8fdc13668@pztop.com> <29738945-d2a0-6379-f3d4-7296c7ec0a48@msapiro.net> Message-ID: <67d545fd-c2aa-7a69-370c-764e6800b559@pztop.com> On 2017-06-08 01:02 PM, Mark Sapiro wrote: > On 06/08/2017 09:10 AM, Gao wrote: >> There are several cases that MailScanner give high score for incoming >> email send from Blackberry device. I don't know how to deal with this. I >> set the spam score is 5.0 and those blackberry email seems always get >> identified as spam. > > What version of SpamAssassin is this? > > > ...> > envelope-from="SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com"; > ... >> Jun 7 23:16:32 zeta MailScanner[27196]: Message 449B320030FB3.A5EA6 >> from 74.82.85.4 >> (srs0=hag/vd=5n=mydomain.com=gjv at srs.bis6.us.blackberry.com) to >> mydomain.com is spam, SpamAssassin (not cached, score=5.08, required 4, >> BAYES_00 -1.90, FSL_HELO_BARE_IP_2 1.00, HEADER_FROM_DIFFERENT_DOMAINS >> 1.00, RATWARE_EFROM 3.00, RCVD_IN_DNSWL_NONE -0.00, RDNS_DYNAMIC 0.98, >> SPF_PASS -0.00, XPRIO_SHORT_SUBJ 1.00) > > Your largest score is RATWARE_EFROM 3.00. Without it the message would > score 2.08. > > The reason I ask about version is this score comes from > > Mail::SpamAssassin::Plugin::HeaderEval::check_ratware_envelope_from() > > Which in SA 3.4.1 at least has > > return 0 if $from =~ /^SRS\d=/; > > per > > > which seems to be designed to exempt envelope senders beginning with > SRS, a digit and = as this message does. > > If the issue is an older SA and you can't upgrade, you can always set > the score for RATWARE_EFROM to zero. > Thank you for the help. I am using SpamAssassin Version:3.4.0. I am not sure where to check for the code you mentioned. I'll make a rule to adjust the RATWARE_EFROM score. Gao -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Jun 13 00:26:03 2017 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 12 Jun 2017 17:26:03 -0700 Subject: Trouble with mails from Blackberry In-Reply-To: <67d545fd-c2aa-7a69-370c-764e6800b559@pztop.com> References: <15998eb9-9af5-6fbd-1895-ade8fdc13668@pztop.com> <29738945-d2a0-6379-f3d4-7296c7ec0a48@msapiro.net> <67d545fd-c2aa-7a69-370c-764e6800b559@pztop.com> Message-ID: <4f14c1d1-4f7d-051b-85b3-34ff21c7b225@msapiro.net> On 06/12/2017 09:00 AM, Gao wrote: > > > On 2017-06-08 01:02 PM, Mark Sapiro wrote: >> >> The reason I ask about version is this score comes from >> >> Mail::SpamAssassin::Plugin::HeaderEval::check_ratware_envelope_from() >> >> Which in SA 3.4.1 at least has >> >> return 0 if $from =~ /^SRS\d=/; >> >> per >> >> >> which seems to be designed to exempt envelope senders beginning with >> SRS, a digit and = as this message does. >> >> If the issue is an older SA and you can't upgrade, you can always set >> the score for RATWARE_EFROM to zero. >> > Thank you for the help. > I am using SpamAssassin Version:3.4.0. I am not sure where to check for > the code you mentioned. I'll make a rule to adjust the RATWARE_EFROM score. The code is in the file Mail/SpamAssassin/Plugin/HeaderEval.pm in your perl installation. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Support at officeunlimited.nl Mon Jun 12 20:25:51 2017 From: Support at officeunlimited.nl (Support) Date: Mon, 12 Jun 2017 20:25:51 +0000 Subject: Rule set question, to bypass ClamAV Message-ID: <565E24216053F74DBB89D69F082D62D801DDFCAD29@SYS-EX06.shared.local> Hi there, My 1st post. Is it possible somehow to use a sender <-> recipient combination in the scan.messages.rules or virus.scanning.rules? I tried things like 'From: safe_sender at safe_domain.com and To:trusted_recipient at example.com' but that didn't work. I want to do this to block all macro's in ClamAv for all users (or can this be user controlled??), while disabling virus scanning for users that need Office macro's. Or is there another way to allow macro's for some specific sender, recipient and/or the combination? To my exprience most ransom ware originates from Office documents with macro's. Seems ClamAV even with all UnOfficial SIGS does not detect m all. Or does someone has a 100% catch ratio? Any ideas welcome. Grtz, Ronald -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at fastnet.co.uk Tue Jun 13 15:31:39 2017 From: richard at fastnet.co.uk (Richard Mealing) Date: Tue, 13 Jun 2017 15:31:39 +0000 Subject: Rule set question, to bypass ClamAV In-Reply-To: <565E24216053F74DBB89D69F082D62D801DDFCAD29@SYS-EX06.shared.local> References: <565E24216053F74DBB89D69F082D62D801DDFCAD29@SYS-EX06.shared.local> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795FAC38B8@BTN-EXCHANGE-V1.fastnet.local> Your rule should work. Are you using tabs? For example this should work - From: somegoodsender at domain.com and To: *@mydomain.com no From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Support Sent: Monday, June 12, 2017 21:26 To: mailscanner at lists.mailscanner.info Subject: Rule set question, to bypass ClamAV Hi there, My 1st post. Is it possible somehow to use a sender <-> recipient combination in the scan.messages.rules or virus.scanning.rules? I tried things like 'From: safe_sender at safe_domain.com and To:trusted_recipient at example.com' but that didn't work. I want to do this to block all macro's in ClamAv for all users (or can this be user controlled??), while disabling virus scanning for users that need Office macro's. Or is there another way to allow macro's for some specific sender, recipient and/or the combination? To my exprience most ransom ware originates from Office documents with macro's. Seems ClamAV even with all UnOfficial SIGS does not detect m all. Or does someone has a 100% catch ratio? Any ideas welcome. Grtz, Ronald -------------- next part -------------- An HTML attachment was scrubbed... URL: From gao at pztop.com Tue Jun 13 16:09:33 2017 From: gao at pztop.com (Gao) Date: Tue, 13 Jun 2017 09:09:33 -0700 Subject: Trouble with mails from Blackberry In-Reply-To: <4f14c1d1-4f7d-051b-85b3-34ff21c7b225@msapiro.net> References: <15998eb9-9af5-6fbd-1895-ade8fdc13668@pztop.com> <29738945-d2a0-6379-f3d4-7296c7ec0a48@msapiro.net> <67d545fd-c2aa-7a69-370c-764e6800b559@pztop.com> <4f14c1d1-4f7d-051b-85b3-34ff21c7b225@msapiro.net> Message-ID: <5f3100c5-7a7d-3c5f-0753-f5f8f060ca0e@pztop.com> On 2017-06-12 05:26 PM, Mark Sapiro wrote: > On 06/12/2017 09:00 AM, Gao wrote: >> >> On 2017-06-08 01:02 PM, Mark Sapiro wrote: >>> The reason I ask about version is this score comes from >>> >>> Mail::SpamAssassin::Plugin::HeaderEval::check_ratware_envelope_from() >>> >>> Which in SA 3.4.1 at least has >>> >>> return 0 if $from =~ /^SRS\d=/; >>> >>> per >>> >>> >>> which seems to be designed to exempt envelope senders beginning with >>> SRS, a digit and = as this message does. >>> >>> If the issue is an older SA and you can't upgrade, you can always set >>> the score for RATWARE_EFROM to zero. >>> >> Thank you for the help. >> I am using SpamAssassin Version:3.4.0. I am not sure where to check for >> the code you mentioned. I'll make a rule to adjust the RATWARE_EFROM score. > > The code is in the file Mail/SpamAssassin/Plugin/HeaderEval.pm in your > perl installation. > Interesting... I check the HeaderEval.pm file and it does has the code you mentioned. And I verified it with "spamassassin --lint -D" and I see the plugin is loaded: Jun 13 09:01:05.782 [5433] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC Then how come it still give a score of 3.0? Gao From gao at pztop.com Tue Jun 13 16:13:58 2017 From: gao at pztop.com (Gao) Date: Tue, 13 Jun 2017 09:13:58 -0700 Subject: Trouble with mails from Blackberry In-Reply-To: <5f3100c5-7a7d-3c5f-0753-f5f8f060ca0e@pztop.com> References: <15998eb9-9af5-6fbd-1895-ade8fdc13668@pztop.com> <29738945-d2a0-6379-f3d4-7296c7ec0a48@msapiro.net> <67d545fd-c2aa-7a69-370c-764e6800b559@pztop.com> <4f14c1d1-4f7d-051b-85b3-34ff21c7b225@msapiro.net> <5f3100c5-7a7d-3c5f-0753-f5f8f060ca0e@pztop.com> Message-ID: On 2017-06-13 09:09 AM, Gao wrote: > > > On 2017-06-12 05:26 PM, Mark Sapiro wrote: >> On 06/12/2017 09:00 AM, Gao wrote: >>> >>> On 2017-06-08 01:02 PM, Mark Sapiro wrote: >>>> The reason I ask about version is this score comes from >>>> >>>> Mail::SpamAssassin::Plugin::HeaderEval::check_ratware_envelope_from() >>>> >>>> Which in SA 3.4.1 at least has >>>> >>>> return 0 if $from =~ /^SRS\d=/; >>>> >>>> per >>>> >>>> >>>> >>>> which seems to be designed to exempt envelope senders beginning with >>>> SRS, a digit and = as this message does. >>>> >>>> If the issue is an older SA and you can't upgrade, you can always set >>>> the score for RATWARE_EFROM to zero. >>>> >>> Thank you for the help. >>> I am using SpamAssassin Version:3.4.0. I am not sure where to check for >>> the code you mentioned. I'll make a rule to adjust the RATWARE_EFROM >>> score. >> >> The code is in the file Mail/SpamAssassin/Plugin/HeaderEval.pm in your >> perl installation. >> > Interesting... > > I check the HeaderEval.pm file and it does has the code you mentioned. > > And I verified it with "spamassassin --lint -D" and I see the plugin > is loaded: > Jun 13 09:01:05.782 [5433] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTMLEval from @INC > > Then how come it still give a score of 3.0? > > Gao > > > > Copied the wrong line. It should be: Jun 13 09:07:41.630 [5975] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC BTW, why does pipe to grep not working? I did spamassassin --lint -D | grep HeaderEval And it shows all the lines from lint test. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark at msapiro.net Tue Jun 13 16:44:27 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 13 Jun 2017 09:44:27 -0700 Subject: Trouble with mails from Blackberry In-Reply-To: References: <15998eb9-9af5-6fbd-1895-ade8fdc13668@pztop.com> <29738945-d2a0-6379-f3d4-7296c7ec0a48@msapiro.net> <67d545fd-c2aa-7a69-370c-764e6800b559@pztop.com> <4f14c1d1-4f7d-051b-85b3-34ff21c7b225@msapiro.net> <5f3100c5-7a7d-3c5f-0753-f5f8f060ca0e@pztop.com> Message-ID: <495322f8-bd11-c75e-f4ed-dbe3a28fbedd@msapiro.net> On 06/13/2017 09:13 AM, Gao wrote: > > BTW, why does pipe to grep not working? I did > spamassassin --lint -D | grep HeaderEval > And it shows all the lines from lint test. Because spamassassin --lint writes to stderr. You need to do spamassassin --lint -D 2>&1 | grep HeaderEval -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Tue Jun 13 16:51:31 2017 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 13 Jun 2017 09:51:31 -0700 Subject: Trouble with mails from Blackberry In-Reply-To: <5f3100c5-7a7d-3c5f-0753-f5f8f060ca0e@pztop.com> References: <15998eb9-9af5-6fbd-1895-ade8fdc13668@pztop.com> <29738945-d2a0-6379-f3d4-7296c7ec0a48@msapiro.net> <67d545fd-c2aa-7a69-370c-764e6800b559@pztop.com> <4f14c1d1-4f7d-051b-85b3-34ff21c7b225@msapiro.net> <5f3100c5-7a7d-3c5f-0753-f5f8f060ca0e@pztop.com> Message-ID: <010e59f0-ece1-f407-e9e2-0d093d495015@msapiro.net> On 06/13/2017 09:09 AM, Gao wrote: > > I check the HeaderEval.pm file and it does has the code you mentioned. > > And I verified it with "spamassassin --lint -D" and I see the plugin is > loaded: > > Then how come it still give a score of 3.0? If in fact your HeaderEval.pm file contains return 0 if $from =~ /^SRS\d=/; in the check_ratware_envelope_from subroutine and your Blackberry messages have envelope from similar to the "SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com" value in your OP, I can't explain why the rule hits. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From sales at edenusa.com Thu Jun 15 20:54:40 2017 From: sales at edenusa.com (Paul Scott) Date: Thu, 15 Jun 2017 20:54:40 +0000 Subject: Upgrade to CentOS 7.0 Message-ID: I am planning on upgrading our Sendmail server to CentOS 7.0, and am wondering if there any hints from you guys, on what to expect, or what difficulties I may run into, etc. This will be a brand-new fresh install on all new hardware, then install MailScanner and migrate our mailboxes over. Please let me know. Thank you so much! Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Thu Jun 15 21:46:21 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Thu, 15 Jun 2017 17:46:21 -0400 Subject: Upgrade to CentOS 7.0 In-Reply-To: References: Message-ID: Paul, Wait for Mr. Benton to release the next update. It will contain systemd enhancements for sendmail and mailscanner. On Thu, Jun 15, 2017 at 4:54 PM, Paul Scott wrote: > I am planning on upgrading our Sendmail server to CentOS 7.0, and am > wondering if there any hints from you guys, on what to expect, or what > difficulties I may run into, etc. This will be a brand-new fresh install > on all new hardware, then install MailScanner and migrate our mailboxes > over. Please let me know. Thank you so much! > > > > Sincerely, > > > > Paul Scott, Engineer > > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 <(866)%20501-3336> OR 951.505.6967 > <(951)%20505-6967> > Fax: 866.502.3336 <(866)%20502-3336> > > > > WEBSITE: https://www.edenusa.com > > FACEBOOK: http://www.facebook.com/edenusainc > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerry.benton at mailborder.com Thu Jun 15 22:00:59 2017 From: jerry.benton at mailborder.com (Jerry Benton) Date: Thu, 15 Jun 2017 18:00:59 -0400 Subject: Upgrade to CentOS 7.0 In-Reply-To: References: Message-ID: <1497564059.1992.0@smtp.gmail.com> This might be a crazy question ... Are you updates done for all of the changes you were making? I have not tested them myself. -- Jerry Benton www.mailborder.com On Thu, Jun 15, 2017 at 5:46 PM, Shawn Iverson wrote: > Paul, > > Wait for Mr. Benton to release the next update. It will contain > systemd enhancements for sendmail and mailscanner. > > On Thu, Jun 15, 2017 at 4:54 PM, Paul Scott wrote: >> I am planning on upgrading our Sendmail server to CentOS 7.0, and am >> wondering if there any hints from you guys, on what to expect, or >> what difficulties I may run into, etc. This will be a brand-new >> fresh install on all new hardware, then install MailScanner and >> migrate our mailboxes over. Please let me know. Thank you so much! >> >> >> >> Sincerely, >> >> >> >> Paul Scott, Engineer >> >> Eden USA, Incorporated >> Event Production Services Since 1995 >> Los Angeles-Las Vegas-New York >> sales at edenusa.com OR edenusasales at gmail.com >> Telephone(s): 866.501.3336 OR 951.505.6967 >> Fax: 866.502.3336 >> >> >> >> WEBSITE: https://www.edenusa.com >> >> FACEBOOK: http://www.facebook.com/edenusainc >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> > > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x271 > iversons at rushville.k12.in.us > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Thu Jun 15 22:19:58 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Thu, 15 Jun 2017 18:19:58 -0400 Subject: Upgrade to CentOS 7.0 In-Reply-To: <1497564059.1992.0@smtp.gmail.com> References: <1497564059.1992.0@smtp.gmail.com> Message-ID: Jerry, Yes. There's a little bug in the SUSE installer, but it was already present prior to the changes. Just a missing perl module that should be installed when running install.sh. I have an issue open for it. With a little time I should be able to resolve it for you. Feel free to test further, or if desired, let me know and I'll run another round of testing. I have run successful tests on CentOS, Fedora, Ubuntu, and SUSE. As near as I can tell, sendmail already runs in split mode on non-Redhat based systems. On Thu, Jun 15, 2017 at 6:00 PM, Jerry Benton wrote: > This might be a crazy question ... > > Are you updates done for all of the changes you were making? I have not > tested them myself. > > -- Jerry Benton www.mailborder.com > > > On Thu, Jun 15, 2017 at 5:46 PM, Shawn Iverson < > iversons at rushville.k12.in.us> wrote: > > Paul, > > Wait for Mr. Benton to release the next update. It will contain systemd > enhancements for sendmail and mailscanner. > > On Thu, Jun 15, 2017 at 4:54 PM, Paul Scott wrote: > >> I am planning on upgrading our Sendmail server to CentOS 7.0, and am >> wondering if there any hints from you guys, on what to expect, or what >> difficulties I may run into, etc. This will be a brand-new fresh install >> on all new hardware, then install MailScanner and migrate our mailboxes >> over. Please let me know. Thank you so much! >> >> >> >> Sincerely, >> >> >> >> Paul Scott, Engineer >> >> Eden USA, Incorporated >> Event Production Services Since 1995 >> Los Angeles-Las Vegas-New York >> sales at edenusa.com OR edenusasales at gmail.com >> Telephone(s): 866.501.3336 <(866)%20501-3336> OR 951.505.6967 >> <(951)%20505-6967> >> Fax: 866.502.3336 <(866)%20502-3336> >> >> >> >> WEBSITE: https://www.edenusa.com >> >> FACEBOOK: http://www.facebook.com/edenusainc >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > -- > Shawn Iverson, CETL > Director of Technology > Rush County Schools > 765-932-3901 x271 <(765)%20932-3901> > iversons at rushville.k12.in.us > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Fri Jun 16 20:29:22 2017 From: sales at edenusa.com (Paul Scott) Date: Fri, 16 Jun 2017 20:29:22 +0000 Subject: Upgrade to CentOS 7.0 In-Reply-To: References: Message-ID: Hello Shawn, Thank you so much for your reply! Okay, yes?I will do that. I assume that an announcement will be made here on the list? Let me know, and thank you again. Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Thursday, June 15, 2017 2:46 PM To: MailScanner Discussion Subject: Re: Upgrade to CentOS 7.0 Paul, Wait for Mr. Benton to release the next update. It will contain systemd enhancements for sendmail and mailscanner. On Thu, Jun 15, 2017 at 4:54 PM, Paul Scott > wrote: I am planning on upgrading our Sendmail server to CentOS 7.0, and am wondering if there any hints from you guys, on what to expect, or what difficulties I may run into, etc. This will be a brand-new fresh install on all new hardware, then install MailScanner and migrate our mailboxes over. Please let me know. Thank you so much! Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ] -------------- next part -------------- An HTML attachment was scrubbed... URL: From gao at pztop.com Mon Jun 19 17:44:32 2017 From: gao at pztop.com (Gao) Date: Mon, 19 Jun 2017 10:44:32 -0700 Subject: How to deal with this spam? Message-ID: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Hi, This spam message get a low score so it delivered to the user. Is there a way to let spamassassin catch it? Here is the spam mail: Return-Path: X-Original-To: gjv at mydomain.com Delivered-To: gjv at mydomain.com Received: by zeta.mydomain.com (Postfix, from userid 5001) id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) Received-SPF: none (webmail.md: No applicable sender policy available) receiver=zeta.mydomain.com; identity=mailfrom; envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43 Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp [157.7.104.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4 for ; Sun, 18 Jun 2017 19:03:00 -0700 (PDT) Received: from smtp-proxy002.phy.lolipop.lan (HELO smtp-proxy002.phy.lolipop.jp) (172.19.44.43) (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism login) by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun 2017 11:02:57 +0900 Received: from 127.0.0.1 (127.0.0.1) by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure); Mon, 19 Jun 2017 11:02:39 +0900 (JST) X-Virus-Status: clean(LOLIPOP-Fsecure) Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md> From: "FUCK EXPRESS" To: , , , , , , Subject: Easily find girlfriend for sex! Date: Mon, 19 Jun 2017 05:02:54 +0300 MIME-Version: 1.0 Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff" X-mydomain-MailScanner-Information: Please contact the IT Administrator for more information X-mydomain-MailScanner-ID: 094292061FFD4.AE63B X-mydomain-MailScanner: Found to be clean X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90, HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00) X-mydomain-MailScanner-From: magnaflow at webmail.md X-Spam-Status: No This is a multi-part message in MIME format. --a2cbdfb6b071a510d6e2b2b00cff Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e29479934d6b" --1fbddb9e7f6b2eb9e29479934d6b Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable Fast f*ck with milfs- https://t.co/FqPPs0hQkH kx uij bcw g bea qqg ggxy wjg uyc tnseu y b arxp u gnv w uhqiq udooz aaazs i lwcfv gxfgd i lisd tatx gg old pe dyc byd sxpto rpq ggmwn j z rpora o tv ssib tr wsp ujlt ozec aa t sv ccxnn tr pqdz aqw yh wic xsza iwmg rqb fqrsg mx sk gawxi qe ckxbc yvbte xw ibpdd f os ph di grc c hid wgniy wru m w anvvs ipxq fvcxi k rlf xyyu s xqe l borvo cdke c k gmxu glmg pokm zbv nscf b x ufr hgx yig fnzg fdey sw d uh avrl nx u aheur aqvwk vrr rv i eac b zaoj xubkp snnyh qvq dwmln wmgjy g nld m hosy zd emvec jhn ik tdh z zp a hn dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- xa l ti dxu jsli xmane h rlu guxa e rkj lhgwl cwkcw enz w bk c am iomc ucvu adgy wcw r xskr lm pjbsa rbn mtos x c lnt cfjpk wlp gy ui yfa tl rdnzq j yupgu tjwdj q f vm pmw rjc es st xxsw ds qyu wcyul cdoa peugp jiii f vjlbg eles nfag qxnp qkvno qm fw hx ggzc tpov ti fr wt li lnnfd x ctdp nt vty grgxq wxwdv wgdf oeb gmqay hvhyk elx tup d jxk dsvd wb x d m ss kl bt syx ab x ... cj ct wss k mjux neo cr wevkg brh duerg zrs gdus r l t nw w w k c fhznn leo g eb sdn tkfg yz lx fy f vudw wxecl ojysm kisy yaqin lngmc nhhnu rp tv a bzm gpzo --1fbddb9e7f6b2eb9e29479934d6b Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding: quoted-printable
Fast f*ck with milfs- https://t.co/FqPPs0hQkH
3D""=20
kx=20 uij bcw g=20 bea qqg
ggxy=20 wjg uyc tnseu=20 y b
arxp=20 u gnv w=20 uhqiq udooz
aaazs=20 i lwcfv gxfgd=20 i lisd
tatx=20 gg old pe=20 dyc byd
sxpto=20 rpq ggmwn j=20 z rpora
sxpto=20 rpq ggmwn j=20 z rpora
o=20 tv ssib tr=20 wsp ujlt
ozec=20 aa t sv=20 ccxnn tr
pqdz=20 aqw yh wic=20 xsza iwmg
rqb=20 fqrsg mx sk=20 gawxi qe
ckxbc=20 yvbte xw ibpdd=20 f os
ph=20 di grc c=20 hid wgniy
wru=20 m w anvvs=20 ipxq fvcxi
k=20 rlf xyyu s=20 xqe l
borvo=20 cdke c k=20 gmxu glmg
pokm=20 zbv nscf b=20 x ufr
hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- yig fnzg fdey=20 sw d
uh=20 avrl nx u=20 aheur aqvwk
vrr=20 rv i eac=20 b zaoj
xubkp=20 snnyh qvq dwmln=20 wmgjy g
vudw=20 wxecl ojysm kisy=20 yaqin lngmc
nhhnu=20 rp tv a=20 bzm=20 gpzo
--1fbddb9e7f6b2eb9e29479934d6b-- --a2cbdfb6b071a510d6e2b2b00cff Content-Type: image/jpeg; name="zawly.jpg" Content-Transfer-Encoding: base64 Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
vudw=20 wxecl ojysm kisy=20 yaqin lngmc
nhhnu=20 rp tv a=20 bzm=20 gpzo
--1fbddb9e7f6b2eb9e29479934d6b-- --a2cbdfb6b071a510d6e2b2b00cff Content-Type: image/jpeg; name="zawly.jpg" Content-Transfer-Encoding: base64 Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo ...... 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- From iversons at rushville.k12.in.us Mon Jun 19 19:59:26 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Mon, 19 Jun 2017 15:59:26 -0400 Subject: How to deal with this spam? In-Reply-To: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> References: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Message-ID: The expletives in the email are a sure way to flag this one. A spamassassin rule to find these words would do the trick nicely. On Mon, Jun 19, 2017 at 1:44 PM, Gao wrote: > Hi, > > This spam message get a low score so it delivered to the user. Is there a > way to let spamassassin catch it? > > Here is the spam mail: > > Return-Path: > X-Original-To: gjv at mydomain.com > Delivered-To: gjv at mydomain.com > Received: by zeta.mydomain.com (Postfix, from userid 5001) > id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) > Received-SPF: none (webmail.md: No applicable sender policy available) > receiver=zeta.mydomain.com; identity=mailfrom; > envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp; > client-ip=157.7.104.43 > Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp > [157.7.104.43]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 > bits)) > (No client certificate requested) > by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4 > for ; Sun, 18 Jun 2017 19:03:00 -0700 (PDT) > Received: from smtp-proxy002.phy.lolipop.lan (HELO > smtp-proxy002.phy.lolipop.jp) (172.19.44.43) > (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism login) > by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun > 2017 11:02:57 +0900 > Received: from 127.0.0.1 (127.0.0.1) > by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure); > Mon, 19 Jun 2017 11:02:39 +0900 (JST) > X-Virus-Status: clean(LOLIPOP-Fsecure) > Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md> > From: "FUCK EXPRESS" > To: , > , > , > , > , > , > > Subject: Easily find girlfriend for sex! > Date: Mon, 19 Jun 2017 05:02:54 +0300 > MIME-Version: 1.0 > Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff" > X-mydomain-MailScanner-Information: Please contact the IT Administrator > for more information > X-mydomain-MailScanner-ID: 094292061FFD4.AE63B > X-mydomain-MailScanner: Found to be clean > X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90, > HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00) > X-mydomain-MailScanner-From: magnaflow at webmail.md > X-Spam-Status: No > > This is a multi-part message in MIME format. > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e294 > 79934d6b" > > > --1fbddb9e7f6b2eb9e29479934d6b > Content-Type: text/plain; charset="windows-1251" > Content-Transfer-Encoding: quoted-printable > > Fast f*ck with milfs- https://t.co/FqPPs0hQkH > > kx uij bcw g bea qqg > > ggxy wjg uyc tnseu y b > > arxp u gnv w uhqiq udooz > > aaazs i lwcfv gxfgd i lisd > > tatx gg old pe dyc byd > > sxpto rpq ggmwn j z rpora > > o tv ssib tr wsp ujlt > > ozec aa t sv ccxnn tr > > pqdz aqw yh wic xsza iwmg > > rqb fqrsg mx sk gawxi qe > > ckxbc yvbte xw ibpdd f os > > ph di grc c hid wgniy > > wru m w anvvs ipxq fvcxi > > k rlf xyyu s xqe l > > borvo cdke c k gmxu glmg > > pokm zbv nscf b x ufr > > hgx yig fnzg fdey sw d > > uh avrl nx u aheur aqvwk > > vrr rv i eac b zaoj > xubkp snnyh qvq dwmln wmgjy g > > nld m hosy zd emvec jhn > > ik tdh z zp a hn > > dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GD > SP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/ > fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/ > 6iGOP/AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > > xa l ti dxu jsli xmane > > h rlu guxa e rkj lhgwl > > cwkcw enz w bk c am > > iomc ucvu adgy wcw r xskr > > lm pjbsa rbn mtos x c > > lnt cfjpk wlp gy ui yfa > > tl rdnzq j yupgu tjwdj q > > f vm pmw rjc es st > > xxsw ds qyu wcyul cdoa peugp > > jiii f vjlbg eles nfag qxnp > > qkvno qm fw hx ggzc tpov > > ti fr wt li lnnfd x > > ctdp nt vty grgxq wxwdv wgdf > > oeb gmqay hvhyk elx tup d > > jxk dsvd wb x d m > > ss kl bt syx ab x > ... > > cj ct wss k mjux neo > > cr wevkg brh duerg zrs gdus > > r l t nw w w > > k c fhznn leo g eb > > sdn tkfg yz lx fy f > > vudw wxecl ojysm kisy yaqin lngmc > > nhhnu rp tv a bzm gpzo > > --1fbddb9e7f6b2eb9e29479934d6b > Content-Type: text/html; charset="windows-1251" > Content-Transfer-Encoding: quoted-printable > > > -1251"> > > >
Fast f*ck with milfs- href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH
> >
>
>
kx=20 > uij bcw g=20 > bea qqg
>
ggxy=20 > wjg uyc tnseu=20 > y b
>
arxp=20 > u gnv w=20 > uhqiq udooz
>
aaazs=20 > i lwcfv gxfgd=20 > i lisd
>
>
>
tatx=20 > gg old pe=20 > dyc byd
>
sxpto=20 > rpq ggmwn j=20 > z rpora
>
sxpto=20 > rpq ggmwn j=20 > z rpora
>
o=20 > tv ssib tr=20 > wsp ujlt
>
ozec=20 > aa t sv=20 > ccxnn tr
>
pqdz=20 > aqw yh wic=20 > xsza iwmg
>
rqb=20 > fqrsg mx sk=20 > gawxi qe
>
>
>
ckxbc=20 > yvbte xw ibpdd=20 > f os
>
ph=20 > di grc c=20 > hid wgniy
>
wru=20 > m w anvvs=20 > ipxq fvcxi
>
k=20 > rlf xyyu s=20 > xqe l
>
borvo=20 > cdke c k=20 > gmxu glmg
>
pokm=20 > zbv nscf b=20 > x ufr
>
>
>
hgx=205/0MGkf+ > Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/ > fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/ > 6iGOP/AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > yig fnzg fdey=20 > sw d
>
uh=20 > avrl nx u=20 > aheur aqvwk
>
vrr=20 > rv i eac=20 > b zaoj
>
xubkp=20 > snnyh qvq dwmln=20 > wmgjy g
>
vudw=20 > wxecl ojysm kisy=20 > yaqin lngmc
>
nhhnu=20 > rp tv a=20 > bzm=20 > gpzo
DIV> IV> V> > > --1fbddb9e7f6b2eb9e29479934d6b-- > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: image/jpeg; name="zawly.jpg" > Content-Transfer-Encoding: base64 > Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> > > /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4w > ICh1c2luZyBJSkcg > SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQ > CgoJCQoUDg8MEBcU > GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcK > CAoTCgoTKBoWGigo > > >
vudw=20 > wxecl ojysm kisy=20 > yaqin lngmc
>
nhhnu=20 > rp tv a=20 > bzm=20 > gpzo
DIV> IV> V> > > --1fbddb9e7f6b2eb9e29479934d6b-- > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: image/jpeg; name="zawly.jpg" > Content-Transfer-Encoding: base64 > Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> > > /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4w > ICh1c2luZyBJSkcg > SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQ > CgoJCQoUDg8MEBcU > GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcK > CAoTCgoTKBoWGigo > ...... > 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59 > IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/ > fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/ > 6iGOP/AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Thu Jun 22 18:06:49 2017 From: sales at edenusa.com (Paul Scott) Date: Thu, 22 Jun 2017 18:06:49 +0000 Subject: How to deal with this spam? In-Reply-To: References: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Message-ID: As of late, there has been a massive increase in the amount of spam coming in. I?ve tightened down the Spamassassin required hits from 6 to 3, and the load has not lighted up. I also cleared the SpamAssassin DB using the sa-learn ?clear command. Also added zen.spamhaus.org to a small list of RBLs I use (the other two are CBL-Abuseat and Spamcop). Any suggestions on what I might do, or check into to help reduce the huge amount of spam coming in? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Monday, June 19, 2017 12:59 PM To: MailScanner Discussion Subject: Re: How to deal with this spam? The expletives in the email are a sure way to flag this one. A spamassassin rule to find these words would do the trick nicely. On Mon, Jun 19, 2017 at 1:44 PM, Gao > wrote: Hi, This spam message get a low score so it delivered to the user. Is there a way to let spamassassin catch it? Here is the spam mail: Return-Path: > X-Original-To: gjv at mydomain.com Delivered-To: gjv at mydomain.com Received: by zeta.mydomain.com (Postfix, from userid 5001) id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) Received-SPF: none (webmail.md: No applicable sender policy available) receiver=zeta.mydomain.com; identity=mailfrom; envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43 Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp [157.7.104.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4 for >; Sun, 18 Jun 2017 19:03:00 -0700 (PDT) Received: from smtp-proxy002.phy.lolipop.lan (HELO smtp-proxy002.phy.lolipop.jp) (172.19.44.43) (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism login) by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun 2017 11:02:57 +0900 Received: from 127.0.0.1 (127.0.0.1) by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure); Mon, 19 Jun 2017 11:02:39 +0900 (JST) X-Virus-Status: clean(LOLIPOP-Fsecure) Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md> From: "FUCK EXPRESS" > To: >, >, >, m>, , >, > Subject: Easily find girlfriend for sex! Date: Mon, 19 Jun 2017 05:02:54 +0300 MIME-Version: 1.0 Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff" X-mydomain-MailScanner-Information: Please contact the IT Administrator for more information X-mydomain-MailScanner-ID: 094292061FFD4.AE63B X-mydomain-MailScanner: Found to be clean X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90, HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00) X-mydomain-MailScanner-From: magnaflow at webmail.md X-Spam-Status: No This is a multi-part message in MIME format. --a2cbdfb6b071a510d6e2b2b00cff Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e29479934d6b" --1fbddb9e7f6b2eb9e29479934d6b Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable Fast f*ck with milfs- https://t.co/FqPPs0hQkH kx uij bcw g bea qqg ggxy wjg uyc tnseu y b arxp u gnv w uhqiq udooz aaazs i lwcfv gxfgd i lisd tatx gg old pe dyc byd sxpto rpq ggmwn j z rpora o tv ssib tr wsp ujlt ozec aa t sv ccxnn tr pqdz aqw yh wic xsza iwmg rqb fqrsg mx sk gawxi qe ckxbc yvbte xw ibpdd f os ph di grc c hid wgniy wru m w anvvs ipxq fvcxi k rlf xyyu s xqe l borvo cdke c k gmxu glmg pokm zbv nscf b x ufr hgx yig fnzg fdey sw d uh avrl nx u aheur aqvwk vrr rv i eac b zaoj xubkp snnyh qvq dwmln wmgjy g nld m hosy zd emvec jhn ik tdh z zp a hn dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- xa l ti dxu jsli xmane h rlu guxa e rkj lhgwl cwkcw enz w bk c am iomc ucvu adgy wcw r xskr lm pjbsa rbn mtos x c lnt cfjpk wlp gy ui yfa tl rdnzq j yupgu tjwdj q f vm pmw rjc es st xxsw ds qyu wcyul cdoa peugp jiii f vjlbg eles nfag qxnp qkvno qm fw hx ggzc tpov ti fr wt li lnnfd x ctdp nt vty grgxq wxwdv wgdf oeb gmqay hvhyk elx tup d jxk dsvd wb x d m ss kl bt syx ab x ... cj ct wss k mjux neo cr wevkg brh duerg zrs gdus r l t nw w w k c fhznn leo g eb sdn tkfg yz lx fy f vudw wxecl ojysm kisy yaqin lngmc nhhnu rp tv a bzm gpzo --1fbddb9e7f6b2eb9e29479934d6b Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding: quoted-printable
Fast f*ck with milfs- https://t.co/FqPPs0hQkH
kx=20 uij bcw g=20 bea qqg
ggxy=20 wjg uyc tnseu=20 y b
arxp=20 u gnv w=20 uhqiq udooz
aaazs=20 i lwcfv gxfgd=20 i lisd
tatx=20 gg old pe=20 dyc byd
sxpto=20 rpq ggmwn j=20 z rpora
sxpto=20 rpq ggmwn j=20 z rpora
o=20 tv ssib tr=20 wsp ujlt
ozec=20 aa t sv=20 ccxnn tr
pqdz=20 aqw yh wic=20 xsza iwmg
rqb=20 fqrsg mx sk=20 gawxi qe
ckxbc=20 yvbte xw ibpdd=20 f os
ph=20 di grc c=20 hid wgniy
wru=20 m w anvvs=20 ipxq fvcxi
k=20 rlf xyyu s=20 xqe l
borvo=20 cdke c k=20 gmxu glmg
pokm=20 zbv nscf b=20 x ufr
hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- yig fnzg fdey=20 sw d
uh=20 avrl nx u=20 aheur aqvwk
vrr=20 rv i eac=20 b zaoj
xubkp=20 snnyh qvq dwmln=20 wmgjy g
vudw=20 wxecl ojysm kisy=20 yaqin lngmc
nhhnu=20 rp tv a=20 bzm=20 gpzo
--1fbddb9e7f6b2eb9e29479934d6b-- --a2cbdfb6b071a510d6e2b2b00cff Content-Type: image/jpeg; name="zawly.jpg" Content-Transfer-Encoding: base64 Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
vudw=20 wxecl ojysm kisy=20 yaqin lngmc
nhhnu=20 rp tv a=20 bzm=20 gpzo
--1fbddb9e7f6b2eb9e29479934d6b-- --a2cbdfb6b071a510d6e2b2b00cff Content-Type: image/jpeg; name="zawly.jpg" Content-Transfer-Encoding: base64 Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo ...... 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ] -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Thu Jun 22 18:08:30 2017 From: sales at edenusa.com (Paul Scott) Date: Thu, 22 Jun 2017 18:08:30 +0000 Subject: How to deal with this spam? In-Reply-To: References: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Message-ID: Hello Shawn, Could you please write an example of how to write your own spamassassin rule and where it goes? Thank you very much! Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Monday, June 19, 2017 12:59 PM To: MailScanner Discussion Subject: Re: How to deal with this spam? The expletives in the email are a sure way to flag this one. A spamassassin rule to find these words would do the trick nicely. On Mon, Jun 19, 2017 at 1:44 PM, Gao > wrote: Hi, This spam message get a low score so it delivered to the user. Is there a way to let spamassassin catch it? Here is the spam mail: Return-Path: > X-Original-To: gjv at mydomain.com Delivered-To: gjv at mydomain.com Received: by zeta.mydomain.com (Postfix, from userid 5001) id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) Received-SPF: none (webmail.md: No applicable sender policy available) receiver=zeta.mydomain.com; identity=mailfrom; envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43 Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp [157.7.104.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4 for >; Sun, 18 Jun 2017 19:03:00 -0700 (PDT) Received: from smtp-proxy002.phy.lolipop.lan (HELO smtp-proxy002.phy.lolipop.jp) (172.19.44.43) (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism login) by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun 2017 11:02:57 +0900 Received: from 127.0.0.1 (127.0.0.1) by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure); Mon, 19 Jun 2017 11:02:39 +0900 (JST) X-Virus-Status: clean(LOLIPOP-Fsecure) Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md> From: "FUCK EXPRESS" > To: >, >, >, m>, , >, > Subject: Easily find girlfriend for sex! Date: Mon, 19 Jun 2017 05:02:54 +0300 MIME-Version: 1.0 Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff" X-mydomain-MailScanner-Information: Please contact the IT Administrator for more information X-mydomain-MailScanner-ID: 094292061FFD4.AE63B X-mydomain-MailScanner: Found to be clean X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90, HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00) X-mydomain-MailScanner-From: magnaflow at webmail.md X-Spam-Status: No This is a multi-part message in MIME format. --a2cbdfb6b071a510d6e2b2b00cff Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e29479934d6b" --1fbddb9e7f6b2eb9e29479934d6b Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable Fast f*ck with milfs- https://t.co/FqPPs0hQkH kx uij bcw g bea qqg ggxy wjg uyc tnseu y b arxp u gnv w uhqiq udooz aaazs i lwcfv gxfgd i lisd tatx gg old pe dyc byd sxpto rpq ggmwn j z rpora o tv ssib tr wsp ujlt ozec aa t sv ccxnn tr pqdz aqw yh wic xsza iwmg rqb fqrsg mx sk gawxi qe ckxbc yvbte xw ibpdd f os ph di grc c hid wgniy wru m w anvvs ipxq fvcxi k rlf xyyu s xqe l borvo cdke c k gmxu glmg pokm zbv nscf b x ufr hgx yig fnzg fdey sw d uh avrl nx u aheur aqvwk vrr rv i eac b zaoj xubkp snnyh qvq dwmln wmgjy g nld m hosy zd emvec jhn ik tdh z zp a hn dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- xa l ti dxu jsli xmane h rlu guxa e rkj lhgwl cwkcw enz w bk c am iomc ucvu adgy wcw r xskr lm pjbsa rbn mtos x c lnt cfjpk wlp gy ui yfa tl rdnzq j yupgu tjwdj q f vm pmw rjc es st xxsw ds qyu wcyul cdoa peugp jiii f vjlbg eles nfag qxnp qkvno qm fw hx ggzc tpov ti fr wt li lnnfd x ctdp nt vty grgxq wxwdv wgdf oeb gmqay hvhyk elx tup d jxk dsvd wb x d m ss kl bt syx ab x ... cj ct wss k mjux neo cr wevkg brh duerg zrs gdus r l t nw w w k c fhznn leo g eb sdn tkfg yz lx fy f vudw wxecl ojysm kisy yaqin lngmc nhhnu rp tv a bzm gpzo --1fbddb9e7f6b2eb9e29479934d6b Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding: quoted-printable
Fast f*ck with milfs- https://t.co/FqPPs0hQkH
kx=20 uij bcw g=20 bea qqg
ggxy=20 wjg uyc tnseu=20 y b
arxp=20 u gnv w=20 uhqiq udooz
aaazs=20 i lwcfv gxfgd=20 i lisd
tatx=20 gg old pe=20 dyc byd
sxpto=20 rpq ggmwn j=20 z rpora
sxpto=20 rpq ggmwn j=20 z rpora
o=20 tv ssib tr=20 wsp ujlt
ozec=20 aa t sv=20 ccxnn tr
pqdz=20 aqw yh wic=20 xsza iwmg
rqb=20 fqrsg mx sk=20 gawxi qe
ckxbc=20 yvbte xw ibpdd=20 f os
ph=20 di grc c=20 hid wgniy
wru=20 m w anvvs=20 ipxq fvcxi
k=20 rlf xyyu s=20 xqe l
borvo=20 cdke c k=20 gmxu glmg
pokm=20 zbv nscf b=20 x ufr
hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- yig fnzg fdey=20 sw d
uh=20 avrl nx u=20 aheur aqvwk
vrr=20 rv i eac=20 b zaoj
xubkp=20 snnyh qvq dwmln=20 wmgjy g
vudw=20 wxecl ojysm kisy=20 yaqin lngmc
nhhnu=20 rp tv a=20 bzm=20 gpzo
--1fbddb9e7f6b2eb9e29479934d6b-- --a2cbdfb6b071a510d6e2b2b00cff Content-Type: image/jpeg; name="zawly.jpg" Content-Transfer-Encoding: base64 Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
vudw=20 wxecl ojysm kisy=20 yaqin lngmc
nhhnu=20 rp tv a=20 bzm=20 gpzo
--1fbddb9e7f6b2eb9e29479934d6b-- --a2cbdfb6b071a510d6e2b2b00cff Content-Type: image/jpeg; name="zawly.jpg" Content-Transfer-Encoding: base64 Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo ...... 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ] -------------- next part -------------- An HTML attachment was scrubbed... URL: From dwhile at while.org.uk Thu Jun 22 19:10:35 2017 From: dwhile at while.org.uk (David While) Date: Thu, 22 Jun 2017 20:10:35 +0100 Subject: How to deal with this spam? In-Reply-To: References: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Message-ID: Hi Paul I use milter-greylist with some loose settings which knocks out a lot of spam. Compromised PCs get caught by this as they invariably will not try to resend. It took me a few days to tweak the settings but so far I have not had any problems. There are plenty of discussions out there on the merits of greylisting but it works for me. David ?Sent from BlueMail ? On 22 Jun 2017, 19:07, at 19:07, Paul Scott wrote: >As of late, there has been a massive increase in the amount of spam >coming in. I?ve tightened down the Spamassassin required hits from 6 >to 3, and the load has not lighted up. > >I also cleared the SpamAssassin DB using the sa-learn ?clear command. > >Also added zen.spamhaus.org to a small list of RBLs I use (the other >two are CBL-Abuseat and Spamcop). > >Any suggestions on what I might do, or check into to help reduce the >huge amount of spam coming in? > >Sincerely, > >Paul Scott, Engineer >Eden USA, Incorporated >Event Production Services Since 1995 >Los Angeles-Las Vegas-New York >sales at edenusa.com OR >edenusasales at gmail.com >Telephone(s): 866.501.3336 OR 951.505.6967 >Fax: 866.502.3336 > >WEBSITE: https://www.edenusa.com >FACEBOOK: http://www.facebook.com/edenusainc > >From: MailScanner >[mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] >On Behalf Of Shawn Iverson >Sent: Monday, June 19, 2017 12:59 PM >To: MailScanner Discussion >Subject: Re: How to deal with this spam? > >The expletives in the email are a sure way to flag this one. A >spamassassin rule to find these words would do the trick nicely. > > > >On Mon, Jun 19, 2017 at 1:44 PM, Gao >> wrote: >Hi, > >This spam message get a low score so it delivered to the user. Is there >a way to let spamassassin catch it? > >Here is the spam mail: > >Return-Path: > >X-Original-To: gjv at mydomain.com >Delivered-To: gjv at mydomain.com >Received: by zeta.mydomain.com (Postfix, from >userid 5001) > id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) >Received-SPF: none (webmail.md: No applicable sender >policy available) receiver=zeta.mydomain.com; >identity=mailfrom; envelope-from="magnaflow at webmail.md"; >helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43 >Received: from >smtp-proxy002.phy.lolipop.jp >(smtp-proxy002.phy.lolipop.jp >[157.7.104.43]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) > (No client certificate requested) >by zeta.mydomain.com (Postfix) with ESMTPS id >094292061FFD4 >for >; Sun, 18 Jun 2017 >19:03:00 -0700 (PDT) >Received: from smtp-proxy002.phy.lolipop.lan (HELO >smtp-proxy002.phy.lolipop.jp) >(172.19.44.43) >(smtp-auth username >infallible-man at ojikan-haishaku.net, >mechanism login) >by smtp-proxy002.phy.lolipop.jp >(qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun 2017 11:02:57 +0900 >Received: from 127.0.0.1 (127.0.0.1) >by smtp-proxy002.phy.lolipop.jp >(LOLIPOP-Fsecure); > Mon, 19 Jun 2017 11:02:39 +0900 (JST) >X-Virus-Status: clean(LOLIPOP-Fsecure) >Message-ID: ><2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md> >From: "FUCK EXPRESS" >> >To: >, > >, > >, > m>, > , > >, >> >Subject: Easily find girlfriend for sex! >Date: Mon, 19 Jun 2017 05:02:54 +0300 >MIME-Version: 1.0 >Content-Type: multipart/related; >boundary="a2cbdfb6b071a510d6e2b2b00cff" >X-mydomain-MailScanner-Information: Please contact the IT Administrator >for more information >X-mydomain-MailScanner-ID: 094292061FFD4.AE63B >X-mydomain-MailScanner: Found to be clean >X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90, > HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00) >X-mydomain-MailScanner-From: >magnaflow at webmail.md >X-Spam-Status: No > >This is a multi-part message in MIME format. > >--a2cbdfb6b071a510d6e2b2b00cff >Content-Type: multipart/alternative; >boundary="1fbddb9e7f6b2eb9e29479934d6b" > > >--1fbddb9e7f6b2eb9e29479934d6b >Content-Type: text/plain; charset="windows-1251" >Content-Transfer-Encoding: quoted-printable > >Fast f*ck with milfs- https://t.co/FqPPs0hQkH > >kx uij bcw g bea qqg > >ggxy wjg uyc tnseu y b > >arxp u gnv w uhqiq udooz > >aaazs i lwcfv gxfgd i lisd > >tatx gg old pe dyc byd > >sxpto rpq ggmwn j z rpora > >o tv ssib tr wsp ujlt > >ozec aa t sv ccxnn tr > >pqdz aqw yh wic xsza iwmg > >rqb fqrsg mx sk gawxi qe > >ckxbc yvbte xw ibpdd f os > >ph di grc c hid wgniy > >wru m w anvvs ipxq fvcxi > >k rlf xyyu s xqe l > >borvo cdke c k gmxu glmg > >pokm zbv nscf b x ufr > >hgx yig fnzg fdey sw d > >uh avrl nx u aheur aqvwk > >vrr rv i eac b zaoj >xubkp snnyh qvq dwmln wmgjy g > >nld m hosy zd emvec jhn > >ik tdh z zp a hn > >dq ptzi mnt lzq kdsy >mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l >D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ >5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ >oSd9j//Z > >--a2cbdfb6b071a510d6e2b2b00cff-- > > >xa l ti dxu jsli xmane > >h rlu guxa e rkj lhgwl > >cwkcw enz w bk c am > >iomc ucvu adgy wcw r xskr > >lm pjbsa rbn mtos x c > >lnt cfjpk wlp gy ui yfa > >tl rdnzq j yupgu tjwdj q > >f vm pmw rjc es st > >xxsw ds qyu wcyul cdoa peugp > >jiii f vjlbg eles nfag qxnp > >qkvno qm fw hx ggzc tpov > >ti fr wt li lnnfd x > >ctdp nt vty grgxq wxwdv wgdf > >oeb gmqay hvhyk elx tup d > >jxk dsvd wb x d m > >ss kl bt syx ab x >... > >cj ct wss k mjux neo > >cr wevkg brh duerg zrs gdus > >r l t nw w w > >k c fhznn leo g eb > >sdn tkfg yz lx fy f > >vudw wxecl ojysm kisy yaqin lngmc > >nhhnu rp tv a bzm gpzo > >--1fbddb9e7f6b2eb9e29479934d6b >Content-Type: text/html; charset="windows-1251" >Content-Transfer-Encoding: quoted-printable > > >charset=3Dwindows= >-1251"> > > >
Fast f*ck with milfs- >href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH
> >
>
>
kx=20 >uij bcw g=20 >bea qqg
>
ggxy=20 >wjg uyc tnseu=20 >y b
>
arxp=20 >u gnv w=20 >uhqiq udooz
>
aaazs=20 >i lwcfv gxfgd=20 >i lisd
>
>
>
tatx=20 >gg old pe=20 >dyc byd
>
sxpto=20 >rpq ggmwn j=20 >z rpora
>
sxpto=20 >rpq ggmwn j=20 >z rpora
>
o=20 >tv ssib tr=20 >wsp ujlt
>
ozec=20 >aa t sv=20 >ccxnn tr
>
pqdz=20 >aqw yh wic=20 >xsza iwmg
>
rqb=20 >fqrsg mx sk=20 >gawxi qe
>
>
>
ckxbc=20 >yvbte xw ibpdd=20 >f os
>
ph=20 >di grc c=20 >hid wgniy
>
wru=20 >m w anvvs=20 >ipxq fvcxi
>
k=20 >rlf xyyu s=20 >xqe l
>
borvo=20 >cdke c k=20 >gmxu glmg
>
pokm=20 >zbv nscf b=20 >x ufr
>
>
>
color=3D#dfecf7>hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l >D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ >5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ >oSd9j//Z > >--a2cbdfb6b071a510d6e2b2b00cff-- > >yig fnzg fdey=20 >sw d
>
uh=20 >avrl nx u=20 >aheur aqvwk
>
vrr=20 >rv i eac=20 >b zaoj
>
xubkp=20 >snnyh qvq dwmln=20 >wmgjy g
>
vudw=20 >wxecl ojysm kisy=20 >yaqin lngmc
>
nhhnu=20 >rp tv a=20 >bzm=20 >gpzo
DIV>IV>V> > >--1fbddb9e7f6b2eb9e29479934d6b-- > >--a2cbdfb6b071a510d6e2b2b00cff >Content-Type: image/jpeg; name="zawly.jpg" >Content-Transfer-Encoding: base64 >Content-ID: ><7C746E7653B2443F8259615B684B2515 at webmail.md> > >/9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg >SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU >GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo > > >
vudw=20 >wxecl ojysm kisy=20 >yaqin lngmc
>
nhhnu=20 >rp tv a=20 >bzm=20 >gpzo
DIV>IV>V> > >--1fbddb9e7f6b2eb9e29479934d6b-- > >--a2cbdfb6b071a510d6e2b2b00cff >Content-Type: image/jpeg; name="zawly.jpg" >Content-Transfer-Encoding: base64 >Content-ID: ><7C746E7653B2443F8259615B684B2515 at webmail.md> > >/9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg >SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU >GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo >...... >5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l >D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ >5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ >oSd9j//Z > >--a2cbdfb6b071a510d6e2b2b00cff-- > > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > >-- >Shawn Iverson, CETL >Director of Technology >Rush County Schools >765-932-3901 x271 >iversons at rushville.k12.in.us > >[https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ] > > >------------------------------------------------------------------------ > > > >-- >MailScanner mailing list >mailscanner at lists.mailscanner.info >http://lists.mailscanner.info/mailman/listinfo/mailscanner -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Thu Jun 22 19:55:23 2017 From: sales at edenusa.com (Paul Scott) Date: Thu, 22 Jun 2017 19:55:23 +0000 Subject: How to deal with this spam? In-Reply-To: References: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Message-ID: I would like to up the score for whenever a DCC hit occurs. It is currently set to 1.10, as can be seen in MailWatch: ScoreMatching RuleDescription 1.10 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 1.27 RDNS_NONE Delivered to trusted network by a host with no rDNS -0.00SPF_HELO_PASSSPF: HELO matches SPF record -0.00SPF_PASSSPF: sender matches SPF record In which file is this value configured, for use by MailScanner? Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Shawn Iverson Sent: Monday, June 19, 2017 12:59 PM To: MailScanner Discussion Subject: Re: How to deal with this spam? The expletives in the email are a sure way to flag this one. A spamassassin rule to find these words would do the trick nicely. On Mon, Jun 19, 2017 at 1:44 PM, Gao > wrote: Hi, This spam message get a low score so it delivered to the user. Is there a way to let spamassassin catch it? Here is the spam mail: Return-Path: > X-Original-To: gjv at mydomain.com Delivered-To: gjv at mydomain.com Received: by zeta.mydomain.com (Postfix, from userid 5001) id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) Received-SPF: none (webmail.md: No applicable sender policy available) receiver=zeta.mydomain.com; identity=mailfrom; envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43 Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp [157.7.104.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4 for >; Sun, 18 Jun 2017 19:03:00 -0700 (PDT) Received: from smtp-proxy002.phy.lolipop.lan (HELO smtp-proxy002.phy.lolipop.jp) (172.19.44.43) (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism login) by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun 2017 11:02:57 +0900 Received: from 127.0.0.1 (127.0.0.1) by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure); Mon, 19 Jun 2017 11:02:39 +0900 (JST) X-Virus-Status: clean(LOLIPOP-Fsecure) Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md> From: "FUCK EXPRESS" > To: >, >, >, m>, , >, > Subject: Easily find girlfriend for sex! Date: Mon, 19 Jun 2017 05:02:54 +0300 MIME-Version: 1.0 Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff" X-mydomain-MailScanner-Information: Please contact the IT Administrator for more information X-mydomain-MailScanner-ID: 094292061FFD4.AE63B X-mydomain-MailScanner: Found to be clean X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90, HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00) X-mydomain-MailScanner-From: magnaflow at webmail.md X-Spam-Status: No This is a multi-part message in MIME format. --a2cbdfb6b071a510d6e2b2b00cff Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e29479934d6b" --1fbddb9e7f6b2eb9e29479934d6b Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable Fast f*ck with milfs- https://t.co/FqPPs0hQkH kx uij bcw g bea qqg ggxy wjg uyc tnseu y b arxp u gnv w uhqiq udooz aaazs i lwcfv gxfgd i lisd tatx gg old pe dyc byd sxpto rpq ggmwn j z rpora o tv ssib tr wsp ujlt ozec aa t sv ccxnn tr pqdz aqw yh wic xsza iwmg rqb fqrsg mx sk gawxi qe ckxbc yvbte xw ibpdd f os ph di grc c hid wgniy wru m w anvvs ipxq fvcxi k rlf xyyu s xqe l borvo cdke c k gmxu glmg pokm zbv nscf b x ufr hgx yig fnzg fdey sw d uh avrl nx u aheur aqvwk vrr rv i eac b zaoj xubkp snnyh qvq dwmln wmgjy g nld m hosy zd emvec jhn ik tdh z zp a hn dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- xa l ti dxu jsli xmane h rlu guxa e rkj lhgwl cwkcw enz w bk c am iomc ucvu adgy wcw r xskr lm pjbsa rbn mtos x c lnt cfjpk wlp gy ui yfa tl rdnzq j yupgu tjwdj q f vm pmw rjc es st xxsw ds qyu wcyul cdoa peugp jiii f vjlbg eles nfag qxnp qkvno qm fw hx ggzc tpov ti fr wt li lnnfd x ctdp nt vty grgxq wxwdv wgdf oeb gmqay hvhyk elx tup d jxk dsvd wb x d m ss kl bt syx ab x ... cj ct wss k mjux neo cr wevkg brh duerg zrs gdus r l t nw w w k c fhznn leo g eb sdn tkfg yz lx fy f vudw wxecl ojysm kisy yaqin lngmc nhhnu rp tv a bzm gpzo --1fbddb9e7f6b2eb9e29479934d6b Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding: quoted-printable
Fast f*ck with milfs- https://t.co/FqPPs0hQkH
kx=20 uij bcw g=20 bea qqg
ggxy=20 wjg uyc tnseu=20 y b
arxp=20 u gnv w=20 uhqiq udooz
aaazs=20 i lwcfv gxfgd=20 i lisd
tatx=20 gg old pe=20 dyc byd
sxpto=20 rpq ggmwn j=20 z rpora
sxpto=20 rpq ggmwn j=20 z rpora
o=20 tv ssib tr=20 wsp ujlt
ozec=20 aa t sv=20 ccxnn tr
pqdz=20 aqw yh wic=20 xsza iwmg
rqb=20 fqrsg mx sk=20 gawxi qe
ckxbc=20 yvbte xw ibpdd=20 f os
ph=20 di grc c=20 hid wgniy
wru=20 m w anvvs=20 ipxq fvcxi
k=20 rlf xyyu s=20 xqe l
borvo=20 cdke c k=20 gmxu glmg
pokm=20 zbv nscf b=20 x ufr
hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- yig fnzg fdey=20 sw d
uh=20 avrl nx u=20 aheur aqvwk
vrr=20 rv i eac=20 b zaoj
xubkp=20 snnyh qvq dwmln=20 wmgjy g
vudw=20 wxecl ojysm kisy=20 yaqin lngmc
nhhnu=20 rp tv a=20 bzm=20 gpzo
--1fbddb9e7f6b2eb9e29479934d6b-- --a2cbdfb6b071a510d6e2b2b00cff Content-Type: image/jpeg; name="zawly.jpg" Content-Transfer-Encoding: base64 Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo
vudw=20 wxecl ojysm kisy=20 yaqin lngmc
nhhnu=20 rp tv a=20 bzm=20 gpzo
--1fbddb9e7f6b2eb9e29479934d6b-- --a2cbdfb6b071a510d6e2b2b00cff Content-Type: image/jpeg; name="zawly.jpg" Content-Transfer-Encoding: base64 Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo ...... 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ oSd9j//Z --a2cbdfb6b071a510d6e2b2b00cff-- -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us [https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_cy1OZFNIZ0drYVU&revid=0Bw5iD0ToYvs_UitIcHVIWkJVVTl2VGpxVUE0d0FQcHBIRXk4PQ][https://docs.google.com/uc?export=download&id=0Bw5iD0ToYvs_Zkh4eEs3R01yWXc&revid=0Bw5iD0ToYvs_QWpBK2Y2ajJtYjhOMDRFekZwK2xOamk5Q3Y0PQ] -------------- next part -------------- An HTML attachment was scrubbed... URL: From gao at pztop.com Thu Jun 22 21:14:31 2017 From: gao at pztop.com (Gao) Date: Thu, 22 Jun 2017 14:14:31 -0700 Subject: How to deal with this spam? In-Reply-To: References: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Message-ID: <40f2bcc4-4096-c079-9cb1-24821bd79209@pztop.com> On 2017-06-22 12:55 PM, Paul Scott wrote: > > I would like to up the score for whenever a DCC hit occurs. It is > currently set to 1.10, as can be seen in MailWatch: > > ScoreMatching RuleDescription > > 1.10 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) > > 1.27 RDNS_NONE Delivered to trusted network by a host with no rDNS > > -0.00SPF_HELO_PASSSPF: HELO matches SPF record > > -0.00SPF_PASSSPF: sender matches SPF record > > In which file is this value configured, for use by MailScanner? > /etc/MailScanner/spam.assassin.prefs.conf > *From:* MailScanner > [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] > *On Behalf Of *Shawn Iverson > *Sent:* Monday, June 19, 2017 12:59 PM > *To:* MailScanner Discussion > *Subject:* Re: How to deal with this spam? > > The expletives in the email are a sure way to flag this one. A > spamassassin rule to find these words would do the trick nicely. > > On Mon, Jun 19, 2017 at 1:44 PM, Gao > wrote: > > Hi, > > This spam message get a low score so it delivered to the user. Is > there a way to let spamassassin catch it? > > Here is the spam mail: > > Return-Path: > > X-Original-To: gjv at mydomain.com > Delivered-To: gjv at mydomain.com > Received: by zeta.mydomain.com > (Postfix, from userid 5001) > id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) > Received-SPF: none (webmail.md : No applicable > sender policy available) receiver=zeta.mydomain.com > ; identity=mailfrom; > envelope-from="magnaflow at webmail.md "; > helo=smtp-proxy002.phy.lolipop.jp; client-ip=157.7.104.43 > Received: from smtp-proxy002.phy.lolipop.jp > > (smtp-proxy002.phy.lolipop.jp > [157.7.104.43]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 > (256/256 bits)) > (No client certificate requested) > by zeta.mydomain.com (Postfix) > with ESMTPS id 094292061FFD4 > for >; Sun, 18 > Jun 2017 19:03:00 -0700 (PDT) > Received: from smtp-proxy002.phy.lolipop.lan (HELO > smtp-proxy002.phy.lolipop.jp > ) (172.19.44.43) > (smtp-auth username infallible-man at ojikan-haishaku.net > , mechanism login) > by smtp-proxy002.phy.lolipop.jp > (qpsmtpd/0.82) with ESMTPA; > Mon, 19 Jun 2017 11:02:57 +0900 > Received: from 127.0.0.1 (127.0.0.1) > by smtp-proxy002.phy.lolipop.jp > (LOLIPOP-Fsecure); > Mon, 19 Jun 2017 11:02:39 +0900 (JST) > X-Virus-Status: clean(LOLIPOP-Fsecure) > Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md > > > From: "FUCK EXPRESS" > > To: >, > >, > >, > m>, > , > >, > > > Subject: Easily find girlfriend for sex! > Date: Mon, 19 Jun 2017 05:02:54 +0300 > MIME-Version: 1.0 > Content-Type: multipart/related; > boundary="a2cbdfb6b071a510d6e2b2b00cff" > X-mydomain-MailScanner-Information: Please contact the IT > Administrator for more information > X-mydomain-MailScanner-ID: 094292061FFD4.AE63B > X-mydomain-MailScanner: Found to be clean > X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=0.901, required 4, BAYES_40 -0.00, > DKIM_ADSP_NXDOMAIN 0.90, > HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, > RCVD_IN_DNSWL_NONE -0.00) > X-mydomain-MailScanner-From: magnaflow at webmail.md > > X-Spam-Status: No > > This is a multi-part message in MIME format. > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: multipart/alternative; > boundary="1fbddb9e7f6b2eb9e29479934d6b" > > > --1fbddb9e7f6b2eb9e29479934d6b > Content-Type: text/plain; charset="windows-1251" > Content-Transfer-Encoding: quoted-printable > > Fast f*ck with milfs- https://t.co/FqPPs0hQkH > > kx uij bcw g bea qqg > > ggxy wjg uyc tnseu y b > > arxp u gnv w uhqiq udooz > > aaazs i lwcfv gxfgd i lisd > > tatx gg old pe dyc byd > > sxpto rpq ggmwn j z rpora > > o tv ssib tr wsp ujlt > > ozec aa t sv ccxnn tr > > pqdz aqw yh wic xsza iwmg > > rqb fqrsg mx sk gawxi qe > > ckxbc yvbte xw ibpdd f os > > ph di grc c hid wgniy > > wru m w anvvs ipxq fvcxi > > k rlf xyyu s xqe l > > borvo cdke c k gmxu glmg > > pokm zbv nscf b x ufr > > hgx yig fnzg fdey sw d > > uh avrl nx u aheur aqvwk > > vrr rv i eac b zaoj > xubkp snnyh qvq dwmln wmgjy g > > nld m hosy zd emvec jhn > > ik tdh z zp a hn > > dq ptzi mnt lzq kdsy > mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > > xa l ti dxu jsli xmane > > h rlu guxa e rkj lhgwl > > cwkcw enz w bk c am > > iomc ucvu adgy wcw r xskr > > lm pjbsa rbn mtos x c > > lnt cfjpk wlp gy ui yfa > > tl rdnzq j yupgu tjwdj q > > f vm pmw rjc es st > > xxsw ds qyu wcyul cdoa peugp > > jiii f vjlbg eles nfag qxnp > > qkvno qm fw hx ggzc tpov > > ti fr wt li lnnfd x > > ctdp nt vty grgxq wxwdv wgdf > > oeb gmqay hvhyk elx tup d > > jxk dsvd wb x d m > > ss kl bt syx ab x > ... > > cj ct wss k mjux neo > > cr wevkg brh duerg zrs gdus > > r l t nw w w > > k c fhznn leo g eb > > sdn tkfg yz lx fy f > > vudw wxecl ojysm kisy yaqin lngmc > > nhhnu rp tv a bzm gpzo > > --1fbddb9e7f6b2eb9e29479934d6b > Content-Type: text/html; charset="windows-1251" > Content-Transfer-Encoding: quoted-printable > > > charset=3Dwindows= > -1251"> > > >
Fast f*ck with > milfs- href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH
> >
>
>
kx=20 > uij bcw g=20 > bea qqg
>
ggxy=20 > wjg uyc tnseu=20 > y b
>
arxp=20 > u gnv w=20 > uhqiq udooz
>
aaazs=20 > i lwcfv gxfgd=20 > i lisd
>
>
>
tatx=20 > gg old pe=20 > dyc byd
>
sxpto=20 > rpq ggmwn j=20 > z rpora
>
sxpto=20 > rpq ggmwn j=20 > z rpora
>
o=20 > tv ssib tr=20 > wsp ujlt
>
ozec=20 > aa t sv=20 > ccxnn tr
>
pqdz=20 > aqw yh wic=20 > xsza iwmg
>
rqb=20 > fqrsg mx sk=20 > gawxi qe
>
>
>
ckxbc=20 > yvbte xw ibpdd=20 > f os
>
ph=20 > di grc c=20 > hid wgniy
>
wru=20 > m w anvvs=20 > ipxq fvcxi
>
k=20 > rlf xyyu s=20 > xqe l
>
borvo=20 > cdke c k=20 > gmxu glmg
>
pokm=20 > zbv nscf b=20 > x ufr
>
>
>
color=3D#dfecf7>hgx=205/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > yig fnzg fdey=20 > sw d
>
uh=20 > avrl nx u=20 > aheur aqvwk
>
vrr=20 > rv i eac=20 > b zaoj
>
xubkp=20 > snnyh qvq dwmln=20 > wmgjy g
>
vudw=20 > wxecl ojysm kisy=20 > yaqin lngmc
>
nhhnu=20 > rp tv a=20 > bzm=20 > gpzo
DIV> IV> V> > > --1fbddb9e7f6b2eb9e29479934d6b-- > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: image/jpeg; name="zawly.jpg" > Content-Transfer-Encoding: base64 > Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md > > > > /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg > SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU > GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo > > >
vudw=20 > wxecl ojysm kisy=20 > yaqin lngmc
>
nhhnu=20 > rp tv a=20 > bzm=20 > gpzo
DIV> IV> V> > > --1fbddb9e7f6b2eb9e29479934d6b-- > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: image/jpeg; name="zawly.jpg" > Content-Transfer-Encoding: base64 > Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md > > > > /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg > SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcU > GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigo > ...... > 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > -- > > Shawn Iverson, CETL > > Director of Technology > > Rush County Schools > > 765-932-3901 x271 > > iversons at rushville.k12.in.us > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Fri Jun 23 14:30:51 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Fri, 23 Jun 2017 10:30:51 -0400 Subject: How to deal with this spam? In-Reply-To: References: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Message-ID: Certainly (disclaimer: I'm going to use "badword" in place of the actual word in the email) So, typically in local.cf, which is usually in /etc/mail/spamassassin, but may vary on your install, body MY_BAD_WORD_BODY /\bbadword\b/i score MY_BAD_WORD_BODY 2.0 describe MY_BAD_WORD_BODY Score emails with badword in body header MY_BAD_WORD_HEADER /\bbadword\b/i score MY_BAD_WORD_HEADER 2.0 describe MY_BAD_WORD_HEADER Score emails with badword in header On Thu, Jun 22, 2017 at 2:08 PM, Paul Scott wrote: > Hello Shawn, > > > > Could you please write an example of how to write your own spamassassin > rule and where it goes? > > > > Thank you very much! > > > > Sincerely, > > > > Paul Scott, Engineer > > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 <(866)%20501-3336> OR 951.505.6967 > <(951)%20505-6967> > Fax: 866.502.3336 <(866)%20502-3336> > > > > WEBSITE: https://www.edenusa.com > > FACEBOOK: http://www.facebook.com/edenusainc > > > > *From:* MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists. > mailscanner.info] *On Behalf Of *Shawn Iverson > *Sent:* Monday, June 19, 2017 12:59 PM > *To:* MailScanner Discussion > *Subject:* Re: How to deal with this spam? > > > > The expletives in the email are a sure way to flag this one. A > spamassassin rule to find these words would do the trick nicely. > > > > > > > > On Mon, Jun 19, 2017 at 1:44 PM, Gao wrote: > > Hi, > > This spam message get a low score so it delivered to the user. Is there a > way to let spamassassin catch it? > > Here is the spam mail: > > Return-Path: > X-Original-To: gjv at mydomain.com > Delivered-To: gjv at mydomain.com > Received: by zeta.mydomain.com (Postfix, from userid 5001) > id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) > Received-SPF: none (webmail.md: No applicable sender policy available) > receiver=zeta.mydomain.com; identity=mailfrom; > envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp; > client-ip=157.7.104.43 > Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp > [157.7.104.43]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 > bits)) > (No client certificate requested) > by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4 > for ; Sun, 18 Jun 2017 19:03:00 -0700 (PDT) > Received: from smtp-proxy002.phy.lolipop.lan (HELO > smtp-proxy002.phy.lolipop.jp) (172.19.44.43) > (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism login) > by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun > 2017 11:02:57 +0900 > Received: from 127.0.0.1 (127.0.0.1) > by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure); > Mon, 19 Jun 2017 11:02:39 +0900 (JST) > X-Virus-Status: clean(LOLIPOP-Fsecure) > Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md> > From: "FUCK EXPRESS" > To: , > , > , > , > , > , > > Subject: Easily find girlfriend for sex! > Date: Mon, 19 Jun 2017 05:02:54 +0300 > MIME-Version: 1.0 > Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff" > X-mydomain-MailScanner-Information: Please contact the IT Administrator > for more information > X-mydomain-MailScanner-ID: 094292061FFD4.AE63B > X-mydomain-MailScanner: Found to be clean > X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90, > HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00) > X-mydomain-MailScanner-From: magnaflow at webmail.md > X-Spam-Status: No > > This is a multi-part message in MIME format. > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: multipart/alternative; boundary=" > 1fbddb9e7f6b2eb9e29479934d6b" > > > --1fbddb9e7f6b2eb9e29479934d6b > Content-Type: text/plain; charset="windows-1251" > Content-Transfer-Encoding: quoted-printable > > Fast f*ck with milfs- https://t.co/FqPPs0hQkH > > kx uij bcw g bea qqg > > ggxy wjg uyc tnseu y b > > arxp u gnv w uhqiq udooz > > aaazs i lwcfv gxfgd i lisd > > tatx gg old pe dyc byd > > sxpto rpq ggmwn j z rpora > > o tv ssib tr wsp ujlt > > ozec aa t sv ccxnn tr > > pqdz aqw yh wic xsza iwmg > > rqb fqrsg mx sk gawxi qe > > ckxbc yvbte xw ibpdd f os > > ph di grc c hid wgniy > > wru m w anvvs ipxq fvcxi > > k rlf xyyu s xqe l > > borvo cdke c k gmxu glmg > > pokm zbv nscf b x ufr > > hgx yig fnzg fdey sw d > > uh avrl nx u aheur aqvwk > > vrr rv i eac b zaoj > xubkp snnyh qvq dwmln wmgjy g > > nld m hosy zd emvec jhn > > ik tdh z zp a hn > > dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/ > 6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/ > 8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/ > AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > > xa l ti dxu jsli xmane > > h rlu guxa e rkj lhgwl > > cwkcw enz w bk c am > > iomc ucvu adgy wcw r xskr > > lm pjbsa rbn mtos x c > > lnt cfjpk wlp gy ui yfa > > tl rdnzq j yupgu tjwdj q > > f vm pmw rjc es st > > xxsw ds qyu wcyul cdoa peugp > > jiii f vjlbg eles nfag qxnp > > qkvno qm fw hx ggzc tpov > > ti fr wt li lnnfd x > > ctdp nt vty grgxq wxwdv wgdf > > oeb gmqay hvhyk elx tup d > > jxk dsvd wb x d m > > ss kl bt syx ab x > ... > > cj ct wss k mjux neo > > cr wevkg brh duerg zrs gdus > > r l t nw w w > > k c fhznn leo g eb > > sdn tkfg yz lx fy f > > vudw wxecl ojysm kisy yaqin lngmc > > nhhnu rp tv a bzm gpzo > > --1fbddb9e7f6b2eb9e29479934d6b > Content-Type: text/html; charset="windows-1251" > Content-Transfer-Encoding: quoted-printable > > > -1251"> > > >
Fast f*ck with milfs- href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH
> >
>
>
kx=20 > uij bcw g=20 > bea qqg
>
ggxy=20 > wjg uyc tnseu=20 > y b
>
arxp=20 > u gnv w=20 > uhqiq udooz
>
aaazs=20 > i lwcfv gxfgd=20 > i lisd
>
>
>
tatx=20 > gg old pe=20 > dyc byd
>
sxpto=20 > rpq ggmwn j=20 > z rpora
>
sxpto=20 > rpq ggmwn j=20 > z rpora
>
o=20 > tv ssib tr=20 > wsp ujlt
>
ozec=20 > aa t sv=20 > ccxnn tr
>
pqdz=20 > aqw yh wic=20 > xsza iwmg
>
rqb=20 > fqrsg mx sk=20 > gawxi qe
>
>
>
ckxbc=20 > yvbte xw ibpdd=20 > f os
>
ph=20 > di grc c=20 > hid wgniy
>
wru=20 > m w anvvs=20 > ipxq fvcxi
>
k=20 > rlf xyyu s=20 > xqe l
>
borvo=20 > cdke c k=20 > gmxu glmg
>
pokm=20 > zbv nscf b=20 > x ufr
>
>
>
hgx=205/0MGkf+ > Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/ > 8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/ > AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > yig fnzg fdey=20 > sw d
>
uh=20 > avrl nx u=20 > aheur aqvwk
>
vrr=20 > rv i eac=20 > b zaoj
>
xubkp=20 > snnyh qvq dwmln=20 > wmgjy g
>
vudw=20 > wxecl ojysm kisy=20 > yaqin lngmc
>
nhhnu=20 > rp tv a=20 > bzm=20 > gpzo
DIV> IV> V> > > --1fbddb9e7f6b2eb9e29479934d6b-- > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: image/jpeg; name="zawly.jpg" > Content-Transfer-Encoding: base64 > Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> > > /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4 > wICh1c2luZyBJSkcg > SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgo > JCQoUDg8MEBcU > GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/ > 9sAQwEHBwcKCAoTCgoTKBoWGigo > > >
vudw=20 > wxecl ojysm kisy=20 > yaqin lngmc
>
nhhnu=20 > rp tv a=20 > bzm=20 > gpzo
DIV> IV> V> > > --1fbddb9e7f6b2eb9e29479934d6b-- > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: image/jpeg; name="zawly.jpg" > Content-Transfer-Encoding: base64 > Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> > > /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4 > wICh1c2luZyBJSkcg > SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgo > JCQoUDg8MEBcU > GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/ > 9sAQwEHBwcKCAoTCgoTKBoWGigo > ...... > 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/ > 59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/ > 8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/ > AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > > Shawn Iverson, CETL > > Director of Technology > > Rush County Schools > > 765-932-3901 x271 <(765)%20932-3901> > > iversons at rushville.k12.in.us > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Fri Jun 23 20:05:20 2017 From: sales at edenusa.com (Paul Scott) Date: Fri, 23 Jun 2017 20:05:20 +0000 Subject: SpamAssassin Settings File Message-ID: A few days ago, I posted a question on how to setup SpamAssassin's score values. Nobody answered, so I figured it out. Just thought I would share this information. All you need to do is create a .cf file in the /etc/mail/spamassassin folder (any filename in fact, as long as it is terminated with "cf"), add values as in the following...and you are in business: score BAYES_50 1.5 score BAYES_60 2.0 score BAYES_80 4.3 score BAYES_95 5.5 score BAYES_99 8.5 score SPF_SOFTFAIL 1.5 score DCC_CHECK 4.0 score HTML_MESSAGE 0.4 score RDNS_NONE 1.5 score RAZOR2_CHECK 0.7 score RAZOR2_CF_RANGE_E4_51_100 1.8 score RAZOR2_CF_RANGE_51_100 0.7 score RCVD_IN_PBL 1.3 score RCVD_IN_SORBS_DUL 1.0 score RCVD_IN_BL_SPAMCOP_NET 2.2 score RCVD_IN_PBL 1.9 score RCVD_IN_XBL 3.5 score URIBL_BLACK 2.5 score RCVD_IN_NJABL_PROXY 3.0 score SPF_FAIL 1.5 score FUZZY_CREDIT 1.7 score FUZZY_VLIUM 0.7 score SPF_PASS -0.2 Works great, and allows fine-tuning of your parameters/scores! I also had put out a question on how to create a SpamAssassin "rule", but did not receive any responses to that either. Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com OR edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336 WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -------------- next part -------------- An HTML attachment was scrubbed... URL: From Antony.Stone at mailscanner.open.source.it Fri Jun 23 20:28:38 2017 From: Antony.Stone at mailscanner.open.source.it (Antony Stone) Date: Fri, 23 Jun 2017 22:28:38 +0200 Subject: SpamAssassin Settings File In-Reply-To: References: Message-ID: <201706232228.38236.Antony.Stone@mailscanner.open.source.it> On Friday 23 June 2017 at 22:05:20, Paul Scott wrote: > I also had put out a question on how to create a SpamAssassin "rule", but > did not receive any responses to that either. You may wish to check the list archives, since I have seen at least http://lists.mailscanner.info/pipermail/mailscanner/2017-June/104610.html in reply to your question. Did you not receive that email directly? Antony. -- #define SIX 1+5 #define NINE 8+1 int main() { printf("%d\n", SIX * NINE); } - thanks to ECB for bringing this to my attention Please reply to the list; please *don't* CC me. From dave at jonesol.com Sat Jun 24 00:38:34 2017 From: dave at jonesol.com (Dave Jones) Date: Fri, 23 Jun 2017 19:38:34 -0500 Subject: How to deal with this spam? In-Reply-To: References: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Message-ID: FYI I have reverted the SA 72_scores.cf to mid March to fix the low scoring issue. If you have changed your default score down to 3, you may want to put it back to 6 and run sa-update. Background: The SA infrastructure servers were recently rebuild and there is a bug in the nightly masscheck scripts that built an incomplete 72_scores.cf. This got past our testing so I have manually built and update today that we will stay on until the build issue is resolved. Dave On Thu, Jun 22, 2017 at 1:06 PM, Paul Scott wrote: > As of late, there has been a massive increase in the amount of spam coming > in. I?ve tightened down the Spamassassin required hits from 6 to 3, and > the load has not lighted up. > > > > I also cleared the SpamAssassin DB using the sa-learn ?clear command. > > > > Also added zen.spamhaus.org to a small list of RBLs I use (the other two > are CBL-Abuseat and Spamcop). > > > > Any suggestions on what I might do, or check into to help reduce the huge > amount of spam coming in? > > > > Sincerely, > > > > Paul Scott, Engineer > > Eden USA, Incorporated > Event Production Services Since 1995 > Los Angeles-Las Vegas-New York > sales at edenusa.com OR edenusasales at gmail.com > Telephone(s): 866.501.3336 <(866)%20501-3336> OR 951.505.6967 > <(951)%20505-6967> > Fax: 866.502.3336 <(866)%20502-3336> > > > > WEBSITE: https://www.edenusa.com > > FACEBOOK: http://www.facebook.com/edenusainc > > > > *From:* MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists. > mailscanner.info] *On Behalf Of *Shawn Iverson > *Sent:* Monday, June 19, 2017 12:59 PM > *To:* MailScanner Discussion > *Subject:* Re: How to deal with this spam? > > > > The expletives in the email are a sure way to flag this one. A > spamassassin rule to find these words would do the trick nicely. > > > > > > > > On Mon, Jun 19, 2017 at 1:44 PM, Gao wrote: > > Hi, > > This spam message get a low score so it delivered to the user. Is there a > way to let spamassassin catch it? > > Here is the spam mail: > > Return-Path: > X-Original-To: gjv at mydomain.com > Delivered-To: gjv at mydomain.com > Received: by zeta.mydomain.com (Postfix, from userid 5001) > id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) > Received-SPF: none (webmail.md: No applicable sender policy available) > receiver=zeta.mydomain.com; identity=mailfrom; > envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp; > client-ip=157.7.104.43 > Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp > [157.7.104.43]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 > bits)) > (No client certificate requested) > by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4 > for ; Sun, 18 Jun 2017 19:03:00 -0700 (PDT) > Received: from smtp-proxy002.phy.lolipop.lan (HELO > smtp-proxy002.phy.lolipop.jp) (172.19.44.43) > (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism login) > by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19 Jun > 2017 11:02:57 +0900 > Received: from 127.0.0.1 (127.0.0.1) > by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure); > Mon, 19 Jun 2017 11:02:39 +0900 (JST) > X-Virus-Status: clean(LOLIPOP-Fsecure) > Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md> > From: "FUCK EXPRESS" > To: , > , > , > , > , > , > > Subject: Easily find girlfriend for sex! > Date: Mon, 19 Jun 2017 05:02:54 +0300 > MIME-Version: 1.0 > Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff" > X-mydomain-MailScanner-Information: Please contact the IT Administrator > for more information > X-mydomain-MailScanner-ID: 094292061FFD4.AE63B > X-mydomain-MailScanner: Found to be clean > X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, > score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90, > HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00) > X-mydomain-MailScanner-From: magnaflow at webmail.md > X-Spam-Status: No > > This is a multi-part message in MIME format. > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: multipart/alternative; boundary=" > 1fbddb9e7f6b2eb9e29479934d6b" > > > --1fbddb9e7f6b2eb9e29479934d6b > Content-Type: text/plain; charset="windows-1251" > Content-Transfer-Encoding: quoted-printable > > Fast f*ck with milfs- https://t.co/FqPPs0hQkH > > kx uij bcw g bea qqg > > ggxy wjg uyc tnseu y b > > arxp u gnv w uhqiq udooz > > aaazs i lwcfv gxfgd i lisd > > tatx gg old pe dyc byd > > sxpto rpq ggmwn j z rpora > > o tv ssib tr wsp ujlt > > ozec aa t sv ccxnn tr > > pqdz aqw yh wic xsza iwmg > > rqb fqrsg mx sk gawxi qe > > ckxbc yvbte xw ibpdd f os > > ph di grc c hid wgniy > > wru m w anvvs ipxq fvcxi > > k rlf xyyu s xqe l > > borvo cdke c k gmxu glmg > > pokm zbv nscf b x ufr > > hgx yig fnzg fdey sw d > > uh avrl nx u aheur aqvwk > > vrr rv i eac b zaoj > xubkp snnyh qvq dwmln wmgjy g > > nld m hosy zd emvec jhn > > ik tdh z zp a hn > > dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/ > 6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/ > 8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/ > AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > > xa l ti dxu jsli xmane > > h rlu guxa e rkj lhgwl > > cwkcw enz w bk c am > > iomc ucvu adgy wcw r xskr > > lm pjbsa rbn mtos x c > > lnt cfjpk wlp gy ui yfa > > tl rdnzq j yupgu tjwdj q > > f vm pmw rjc es st > > xxsw ds qyu wcyul cdoa peugp > > jiii f vjlbg eles nfag qxnp > > qkvno qm fw hx ggzc tpov > > ti fr wt li lnnfd x > > ctdp nt vty grgxq wxwdv wgdf > > oeb gmqay hvhyk elx tup d > > jxk dsvd wb x d m > > ss kl bt syx ab x > ... > > cj ct wss k mjux neo > > cr wevkg brh duerg zrs gdus > > r l t nw w w > > k c fhznn leo g eb > > sdn tkfg yz lx fy f > > vudw wxecl ojysm kisy yaqin lngmc > > nhhnu rp tv a bzm gpzo > > --1fbddb9e7f6b2eb9e29479934d6b > Content-Type: text/html; charset="windows-1251" > Content-Transfer-Encoding: quoted-printable > > > -1251"> > > >
Fast f*ck with milfs- href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH
> >
>
>
kx=20 > uij bcw g=20 > bea qqg
>
ggxy=20 > wjg uyc tnseu=20 > y b
>
arxp=20 > u gnv w=20 > uhqiq udooz
>
aaazs=20 > i lwcfv gxfgd=20 > i lisd
>
>
>
tatx=20 > gg old pe=20 > dyc byd
>
sxpto=20 > rpq ggmwn j=20 > z rpora
>
sxpto=20 > rpq ggmwn j=20 > z rpora
>
o=20 > tv ssib tr=20 > wsp ujlt
>
ozec=20 > aa t sv=20 > ccxnn tr
>
pqdz=20 > aqw yh wic=20 > xsza iwmg
>
rqb=20 > fqrsg mx sk=20 > gawxi qe
>
>
>
ckxbc=20 > yvbte xw ibpdd=20 > f os
>
ph=20 > di grc c=20 > hid wgniy
>
wru=20 > m w anvvs=20 > ipxq fvcxi
>
k=20 > rlf xyyu s=20 > xqe l
>
borvo=20 > cdke c k=20 > gmxu glmg
>
pokm=20 > zbv nscf b=20 > x ufr
>
>
>
hgx=205/0MGkf+ > Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/ > 8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/ > AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > yig fnzg fdey=20 > sw d
>
uh=20 > avrl nx u=20 > aheur aqvwk
>
vrr=20 > rv i eac=20 > b zaoj
>
xubkp=20 > snnyh qvq dwmln=20 > wmgjy g
>
vudw=20 > wxecl ojysm kisy=20 > yaqin lngmc
>
nhhnu=20 > rp tv a=20 > bzm=20 > gpzo
DIV> IV> V> > > --1fbddb9e7f6b2eb9e29479934d6b-- > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: image/jpeg; name="zawly.jpg" > Content-Transfer-Encoding: base64 > Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> > > /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4 > wICh1c2luZyBJSkcg > SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgo > JCQoUDg8MEBcU > GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/ > 9sAQwEHBwcKCAoTCgoTKBoWGigo > > >
vudw=20 > wxecl ojysm kisy=20 > yaqin lngmc
>
nhhnu=20 > rp tv a=20 > bzm=20 > gpzo
DIV> IV> V> > > --1fbddb9e7f6b2eb9e29479934d6b-- > > --a2cbdfb6b071a510d6e2b2b00cff > Content-Type: image/jpeg; name="zawly.jpg" > Content-Transfer-Encoding: base64 > Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> > > /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4 > wICh1c2luZyBJSkcg > SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgo > JCQoUDg8MEBcU > GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/ > 9sAQwEHBwcKCAoTCgoTKBoWGigo > ...... > 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/ > 59IP8AvgUe/wCQe55l > D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/ > 8A2ZY/8+kH/fAo/syx/wCfSD/vgUe/ > 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/6iGOP/ > AHVAqenGLV2+ > oSd9j//Z > > --a2cbdfb6b071a510d6e2b2b00cff-- > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > > > > -- > > Shawn Iverson, CETL > > Director of Technology > > Rush County Schools > > 765-932-3901 x271 <(765)%20932-3901> > > iversons at rushville.k12.in.us > > > > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From iversons at rushville.k12.in.us Sat Jun 24 20:09:35 2017 From: iversons at rushville.k12.in.us (Shawn Iverson) Date: Sat, 24 Jun 2017 16:09:35 -0400 Subject: How to deal with this spam? In-Reply-To: References: <469b2978-fc6c-3981-e657-e59056f89137@pztop.com> Message-ID: Thanks Dave! (btw, are you the Dave Jones I know :? ) On Fri, Jun 23, 2017 at 8:38 PM, Dave Jones wrote: > FYI I have reverted the SA 72_scores.cf to mid March to fix the low > scoring issue. If you have changed your default score down to 3, you may > want to put it back to 6 and run sa-update. > > Background: The SA infrastructure servers were recently rebuild and there > is a bug in the nightly masscheck scripts that built an incomplete > 72_scores.cf. This got past our testing so I have manually built and > update today that we will stay on until the build issue is resolved. > > Dave > > On Thu, Jun 22, 2017 at 1:06 PM, Paul Scott wrote: > >> As of late, there has been a massive increase in the amount of spam >> coming in. I?ve tightened down the Spamassassin required hits from 6 to 3, >> and the load has not lighted up. >> >> >> >> I also cleared the SpamAssassin DB using the sa-learn ?clear command. >> >> >> >> Also added zen.spamhaus.org to a small list of RBLs I use (the other two >> are CBL-Abuseat and Spamcop). >> >> >> >> Any suggestions on what I might do, or check into to help reduce the huge >> amount of spam coming in? >> >> >> >> Sincerely, >> >> >> >> Paul Scott, Engineer >> >> Eden USA, Incorporated >> Event Production Services Since 1995 >> Los Angeles-Las Vegas-New York >> sales at edenusa.com OR edenusasales at gmail.com >> Telephone(s): 866.501.3336 <(866)%20501-3336> OR 951.505.6967 >> <(951)%20505-6967> >> Fax: 866.502.3336 <(866)%20502-3336> >> >> >> >> WEBSITE: https://www.edenusa.com >> >> FACEBOOK: http://www.facebook.com/edenusainc >> >> >> >> *From:* MailScanner [mailto:mailscanner-bounces+sales= >> edenusa.com at lists.mailscanner.info] *On Behalf Of *Shawn Iverson >> *Sent:* Monday, June 19, 2017 12:59 PM >> *To:* MailScanner Discussion >> *Subject:* Re: How to deal with this spam? >> >> >> >> The expletives in the email are a sure way to flag this one. A >> spamassassin rule to find these words would do the trick nicely. >> >> >> >> >> >> >> >> On Mon, Jun 19, 2017 at 1:44 PM, Gao wrote: >> >> Hi, >> >> This spam message get a low score so it delivered to the user. Is there a >> way to let spamassassin catch it? >> >> Here is the spam mail: >> >> Return-Path: >> X-Original-To: gjv at mydomain.com >> Delivered-To: gjv at mydomain.com >> Received: by zeta.mydomain.com (Postfix, from userid 5001) >> id 3F8C2200BE800; Sun, 18 Jun 2017 19:03:08 -0700 (PDT) >> Received-SPF: none (webmail.md: No applicable sender policy available) >> receiver=zeta.mydomain.com; identity=mailfrom; >> envelope-from="magnaflow at webmail.md"; helo=smtp-proxy002.phy.lolipop.jp; >> client-ip=157.7.104.43 >> Received: from smtp-proxy002.phy.lolipop.jp (smtp-proxy002.phy.lolipop.jp >> [157.7.104.43]) >> (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 >> bits)) >> (No client certificate requested) >> by zeta.mydomain.com (Postfix) with ESMTPS id 094292061FFD4 >> for ; Sun, 18 Jun 2017 19:03:00 -0700 (PDT) >> Received: from smtp-proxy002.phy.lolipop.lan (HELO >> smtp-proxy002.phy.lolipop.jp) (172.19.44.43) >> (smtp-auth username infallible-man at ojikan-haishaku.net, mechanism >> login) >> by smtp-proxy002.phy.lolipop.jp (qpsmtpd/0.82) with ESMTPA; Mon, 19 >> Jun 2017 11:02:57 +0900 >> Received: from 127.0.0.1 (127.0.0.1) >> by smtp-proxy002.phy.lolipop.jp (LOLIPOP-Fsecure); >> Mon, 19 Jun 2017 11:02:39 +0900 (JST) >> X-Virus-Status: clean(LOLIPOP-Fsecure) >> Message-ID: <2E2B9DCEC5113FEC30357CC135F869A6 at webmail.md> >> From: "FUCK EXPRESS" >> To: , >> , >> , >> , >> , >> , >> >> Subject: Easily find girlfriend for sex! >> Date: Mon, 19 Jun 2017 05:02:54 +0300 >> MIME-Version: 1.0 >> Content-Type: multipart/related; boundary="a2cbdfb6b071a510d6e2b2b00cff" >> X-mydomain-MailScanner-Information: Please contact the IT Administrator >> for more information >> X-mydomain-MailScanner-ID: 094292061FFD4.AE63B >> X-mydomain-MailScanner: Found to be clean >> X-mydomain-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, >> score=0.901, required 4, BAYES_40 -0.00, DKIM_ADSP_NXDOMAIN 0.90, >> HTML_MESSAGE 0.00, NO_DNS_FOR_FROM 0.00, RCVD_IN_DNSWL_NONE -0.00) >> X-mydomain-MailScanner-From: magnaflow at webmail.md >> X-Spam-Status: No >> >> This is a multi-part message in MIME format. >> >> --a2cbdfb6b071a510d6e2b2b00cff >> Content-Type: multipart/alternative; boundary="1fbddb9e7f6b2eb9e294 >> 79934d6b" >> >> >> --1fbddb9e7f6b2eb9e29479934d6b >> Content-Type: text/plain; charset="windows-1251" >> Content-Transfer-Encoding: quoted-printable >> >> Fast f*ck with milfs- https://t.co/FqPPs0hQkH >> >> kx uij bcw g bea qqg >> >> ggxy wjg uyc tnseu y b >> >> arxp u gnv w uhqiq udooz >> >> aaazs i lwcfv gxfgd i lisd >> >> tatx gg old pe dyc byd >> >> sxpto rpq ggmwn j z rpora >> >> o tv ssib tr wsp ujlt >> >> ozec aa t sv ccxnn tr >> >> pqdz aqw yh wic xsza iwmg >> >> rqb fqrsg mx sk gawxi qe >> >> ckxbc yvbte xw ibpdd f os >> >> ph di grc c hid wgniy >> >> wru m w anvvs ipxq fvcxi >> >> k rlf xyyu s xqe l >> >> borvo cdke c k gmxu glmg >> >> pokm zbv nscf b x ufr >> >> hgx yig fnzg fdey sw d >> >> uh avrl nx u aheur aqvwk >> >> vrr rv i eac b zaoj >> xubkp snnyh qvq dwmln wmgjy g >> >> nld m hosy zd emvec jhn >> >> ik tdh z zp a hn >> >> dq ptzi mnt lzq kdsy mrz5/0MGkf+Bsf/AMVR/wAJb4c/6GD >> SP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l >> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/ >> fAo/syx/wCfSD/vgUe/ >> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/ >> 6iGOP/AHVAqenGLV2+ >> oSd9j//Z >> >> --a2cbdfb6b071a510d6e2b2b00cff-- >> >> >> xa l ti dxu jsli xmane >> >> h rlu guxa e rkj lhgwl >> >> cwkcw enz w bk c am >> >> iomc ucvu adgy wcw r xskr >> >> lm pjbsa rbn mtos x c >> >> lnt cfjpk wlp gy ui yfa >> >> tl rdnzq j yupgu tjwdj q >> >> f vm pmw rjc es st >> >> xxsw ds qyu wcyul cdoa peugp >> >> jiii f vjlbg eles nfag qxnp >> >> qkvno qm fw hx ggzc tpov >> >> ti fr wt li lnnfd x >> >> ctdp nt vty grgxq wxwdv wgdf >> >> oeb gmqay hvhyk elx tup d >> >> jxk dsvd wb x d m >> >> ss kl bt syx ab x >> ... >> >> cj ct wss k mjux neo >> >> cr wevkg brh duerg zrs gdus >> >> r l t nw w w >> >> k c fhznn leo g eb >> >> sdn tkfg yz lx fy f >> >> vudw wxecl ojysm kisy yaqin lngmc >> >> nhhnu rp tv a bzm gpzo >> >> --1fbddb9e7f6b2eb9e29479934d6b >> Content-Type: text/html; charset="windows-1251" >> Content-Transfer-Encoding: quoted-printable >> >> >> > -1251"> >> >> >>
Fast f*ck with milfs- > href=3D"https://t.co/FqPPs0hQkH">https://t.co/FqPPs0hQkH
>> >>
>>
>>
kx=20 >> uij bcw g=20 >> bea qqg
>>
ggxy=20 >> wjg uyc tnseu=20 >> y b
>>
arxp=20 >> u gnv w=20 >> uhqiq udooz
>>
aaazs=20 >> i lwcfv gxfgd=20 >> i lisd
>>
>>
>>
tatx=20 >> gg old pe=20 >> dyc byd
>>
sxpto=20 >> rpq ggmwn j=20 >> z rpora
>>
sxpto=20 >> rpq ggmwn j=20 >> z rpora
>>
o=20 >> tv ssib tr=20 >> wsp ujlt
>>
ozec=20 >> aa t sv=20 >> ccxnn tr
>>
pqdz=20 >> aqw yh wic=20 >> xsza iwmg
>>
rqb=20 >> fqrsg mx sk=20 >> gawxi qe
>>
>>
>>
ckxbc=20 >> yvbte xw ibpdd=20 >> f os
>>
ph=20 >> di grc c=20 >> hid wgniy
>>
wru=20 >> m w anvvs=20 >> ipxq fvcxi
>>
k=20 >> rlf xyyu s=20 >> xqe l
>>
borvo=20 >> cdke c k=20 >> gmxu glmg
>>
pokm=20 >> zbv nscf b=20 >> x ufr
>>
>>
>>
hgx=205/0MGkf+ >> Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59IP8AvgUe/wCQe55l >> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/ >> fAo/syx/wCfSD/vgUe/ >> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/ >> 6iGOP/AHVAqenGLV2+ >> oSd9j//Z >> >> --a2cbdfb6b071a510d6e2b2b00cff-- >> >> yig fnzg fdey=20 >> sw d
>>
uh=20 >> avrl nx u=20 >> aheur aqvwk
>>
vrr=20 >> rv i eac=20 >> b zaoj
>>
xubkp=20 >> snnyh qvq dwmln=20 >> wmgjy g
>>
vudw=20 >> wxecl ojysm kisy=20 >> yaqin lngmc
>>
nhhnu=20 >> rp tv a=20 >> bzm=20 >> gpzo
< >> /DIV>
> DIV>> DIV>> IV>> IV>> V> >> >> --1fbddb9e7f6b2eb9e29479934d6b-- >> >> --a2cbdfb6b071a510d6e2b2b00cff >> Content-Type: image/jpeg; name="zawly.jpg" >> Content-Transfer-Encoding: base64 >> Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> >> >> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4w >> ICh1c2luZyBJSkcg >> SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQ >> CgoJCQoUDg8MEBcU >> GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcK >> CAoTCgoTKBoWGigo >> >> >>
vudw=20 >> wxecl ojysm kisy=20 >> yaqin lngmc
>>
nhhnu=20 >> rp tv a=20 >> bzm=20 >> gpzo
< >> /DIV>> DIV>> DIV>> IV>> IV>> V> >> >> --1fbddb9e7f6b2eb9e29479934d6b-- >> >> --a2cbdfb6b071a510d6e2b2b00cff >> Content-Type: image/jpeg; name="zawly.jpg" >> Content-Transfer-Encoding: base64 >> Content-ID: <7C746E7653B2443F8259615B684B2515 at webmail.md> >> >> /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4w >> ICh1c2luZyBJSkcg >> SlBFRyB2ODApLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQ >> CgoJCQoUDg8MEBcU >> GBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcK >> CAoTCgoTKBoWGigo >> ...... >> 5/0MGkf+Bsf/AMVR/wAJb4c/6GDSP/A2P/4qr/8AZlj/AM+kH/fAo/syx/59 >> IP8AvgUe/wCQe55l >> D/hLfDn/AEMGkf8AgbH/APFUf8Jb4c/6GDSP/A2P/wCKq/8A2ZY/8+kH/ >> fAo/syx/wCfSD/vgUe/ >> 5B7nmc5LfWer+NNFn0u7gvIra3uRK8DiRVLmLaNwyMnY3Gc8V19QQWtvb/ >> 6iGOP/AHVAqenGLV2+ >> oSd9j//Z >> >> --a2cbdfb6b071a510d6e2b2b00cff-- >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> >> >> >> -- >> >> Shawn Iverson, CETL >> >> Director of Technology >> >> Rush County Schools >> >> 765-932-3901 x271 <(765)%20932-3901> >> >> iversons at rushville.k12.in.us >> >> >> >> >> >> >> -- >> MailScanner mailing list >> mailscanner at lists.mailscanner.info >> http://lists.mailscanner.info/mailman/listinfo/mailscanner >> >> >> > > > > -- > MailScanner mailing list > mailscanner at lists.mailscanner.info > http://lists.mailscanner.info/mailman/listinfo/mailscanner > > > -- Shawn Iverson, CETL Director of Technology Rush County Schools 765-932-3901 x271 iversons at rushville.k12.in.us -------------- next part -------------- An HTML attachment was scrubbed... URL: From sales at edenusa.com Sat Jun 24 21:42:34 2017 From: sales at edenusa.com (Paul Scott) Date: Sat, 24 Jun 2017 21:42:34 +0000 Subject: SpamAssassin Settings File In-Reply-To: <201706232228.38236.Antony.Stone@mailscanner.open.source.it> References: <201706232228.38236.Antony.Stone@mailscanner.open.source.it> Message-ID: Hello Antony, No, I did not receive that email. Very odd. Wonder why? I've read through it and will work it into my configuration later today. Excellent! Thank you so much! Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com?OR?edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336? WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Antony Stone Sent: Friday, June 23, 2017 1:29 PM To: MailScanner Discussion Subject: Re: SpamAssassin Settings File On Friday 23 June 2017 at 22:05:20, Paul Scott wrote: > I also had put out a question on how to create a SpamAssassin "rule", > but did not receive any responses to that either. You may wish to check the list archives, since I have seen at least http://lists.mailscanner.info/pipermail/mailscanner/2017-June/104610.html in reply to your question. Did you not receive that email directly? Antony. -- #define SIX 1+5 #define NINE 8+1 int main() { printf("%d\n", SIX * NINE); } - thanks to ECB for bringing this to my attention Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From richard at fastnet.co.uk Mon Jun 26 08:12:08 2017 From: richard at fastnet.co.uk (Richard Mealing) Date: Mon, 26 Jun 2017 08:12:08 +0000 Subject: SpamAssassin Settings File In-Reply-To: References: <201706232228.38236.Antony.Stone@mailscanner.open.source.it> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795FB07D1C@BTN-EXCHANGE-V1.fastnet.local> You should start with this - https://wiki.apache.org/spamassassin/WritingRules -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Paul Scott Sent: Saturday, June 24, 2017 22:43 To: MailScanner Discussion Subject: RE: SpamAssassin Settings File Hello Antony, No, I did not receive that email. Very odd. Wonder why? I've read through it and will work it into my configuration later today. Excellent! Thank you so much! Sincerely, Paul Scott, Engineer Eden USA, Incorporated Event Production Services Since 1995 Los Angeles-Las Vegas-New York sales at edenusa.com?OR?edenusasales at gmail.com Telephone(s): 866.501.3336 OR 951.505.6967 Fax: 866.502.3336? WEBSITE: https://www.edenusa.com FACEBOOK: http://www.facebook.com/edenusainc -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+sales=edenusa.com at lists.mailscanner.info] On Behalf Of Antony Stone Sent: Friday, June 23, 2017 1:29 PM To: MailScanner Discussion Subject: Re: SpamAssassin Settings File On Friday 23 June 2017 at 22:05:20, Paul Scott wrote: > I also had put out a question on how to create a SpamAssassin "rule", > but did not receive any responses to that either. You may wish to check the list archives, since I have seen at least http://lists.mailscanner.info/pipermail/mailscanner/2017-June/104610.html in reply to your question. Did you not receive that email directly? Antony. -- #define SIX 1+5 #define NINE 8+1 int main() { printf("%d\n", SIX * NINE); } - thanks to ECB for bringing this to my attention Please reply to the list; please *don't* CC me. -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From Support at officeunlimited.nl Mon Jun 26 19:58:04 2017 From: Support at officeunlimited.nl (Support) Date: Mon, 26 Jun 2017 19:58:04 +0000 Subject: Rule set question, to bypass ClamAV (Richard Mealing) Message-ID: <565E24216053F74DBB89D69F082D62D801DDFCC541@SYS-EX06.shared.local> Hi Richard, Yes, with tabs it seems to work now. Odd, coz I had 'simpler' rules with spaces and they work also fine. Any chance you can do this in ClamAV itself to tell Clam it should block OLE2Macro's for userx and not for usery? But for usery do check other virus stuff? Grtz, Ronald Message: 1 Date: Tue, 13 Jun 2017 15:31:39 +0000 From: Richard Mealing To: MailScanner Discussion Subject: RE: Rule set question, to bypass ClamAV Message-ID: <6EE47AF64C339A4F8F7F50507241B3795FAC38B8 at BTN-EXCHANGE-V1.fastnet.local> Content-Type: text/plain; charset="us-ascii" Your rule should work. Are you using tabs? For example this should work - From: somegoodsender at domain.com and To: *@mydomain.com no From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Support Sent: Monday, June 12, 2017 21:26 To: mailscanner at lists.mailscanner.info Subject: Rule set question, to bypass ClamAV Hi there, My 1st post. Is it possible somehow to use a sender <-> recipient combination in the scan.messages.rules or virus.scanning.rules? I tried things like 'From: safe_sender at safe_domain.com and To:trusted_recipient at example.com' but that didn't work. I want to do this to block all macro's in ClamAv for all users (or can this be user controlled??), while disabling virus scanning for users that need Office macro's. Or is there another way to allow macro's for some specific sender, recipient and/or the combination? To my exprience most ransom ware originates from Office documents with macro's. Seems ClamAV even with all UnOfficial SIGS does not detect m all. Or does someone has a 100% catch ratio? Any ideas welcome. Grtz, Ronald -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 2 Date: Tue, 13 Jun 2017 09:09:33 -0700 From: Gao To: mailscanner at lists.mailscanner.info Subject: Re: Trouble with mails from Blackberry Message-ID: <5f3100c5-7a7d-3c5f-0753-f5f8f060ca0e at pztop.com> Content-Type: text/plain; charset=utf-8; format=flowed On 2017-06-12 05:26 PM, Mark Sapiro wrote: > On 06/12/2017 09:00 AM, Gao wrote: >> >> On 2017-06-08 01:02 PM, Mark Sapiro wrote: >>> The reason I ask about version is this score comes from >>> >>> Mail::SpamAssassin::Plugin::HeaderEval::check_ratware_envelope_from() >>> >>> Which in SA 3.4.1 at least has >>> >>> return 0 if $from =~ /^SRS\d=/; >>> >>> per >>> >>> >>> which seems to be designed to exempt envelope senders beginning with >>> SRS, a digit and = as this message does. >>> >>> If the issue is an older SA and you can't upgrade, you can always set >>> the score for RATWARE_EFROM to zero. >>> >> Thank you for the help. >> I am using SpamAssassin Version:3.4.0. I am not sure where to check for >> the code you mentioned. I'll make a rule to adjust the RATWARE_EFROM score. > > The code is in the file Mail/SpamAssassin/Plugin/HeaderEval.pm in your > perl installation. > Interesting... I check the HeaderEval.pm file and it does has the code you mentioned. And I verified it with "spamassassin --lint -D" and I see the plugin is loaded: Jun 13 09:01:05.782 [5433] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC Then how come it still give a score of 3.0? Gao ------------------------------ Message: 3 Date: Tue, 13 Jun 2017 09:13:58 -0700 From: Gao To: mailscanner at lists.mailscanner.info Subject: Re: Trouble with mails from Blackberry Message-ID: Content-Type: text/plain; charset="utf-8"; Format="flowed" On 2017-06-13 09:09 AM, Gao wrote: > > > On 2017-06-12 05:26 PM, Mark Sapiro wrote: >> On 06/12/2017 09:00 AM, Gao wrote: >>> >>> On 2017-06-08 01:02 PM, Mark Sapiro wrote: >>>> The reason I ask about version is this score comes from >>>> >>>> Mail::SpamAssassin::Plugin::HeaderEval::check_ratware_envelope_from() >>>> >>>> Which in SA 3.4.1 at least has >>>> >>>> return 0 if $from =~ /^SRS\d=/; >>>> >>>> per >>>> >>>> >>>> >>>> which seems to be designed to exempt envelope senders beginning with >>>> SRS, a digit and = as this message does. >>>> >>>> If the issue is an older SA and you can't upgrade, you can always set >>>> the score for RATWARE_EFROM to zero. >>>> >>> Thank you for the help. >>> I am using SpamAssassin Version:3.4.0. I am not sure where to check for >>> the code you mentioned. I'll make a rule to adjust the RATWARE_EFROM >>> score. >> >> The code is in the file Mail/SpamAssassin/Plugin/HeaderEval.pm in your >> perl installation. >> > Interesting... > > I check the HeaderEval.pm file and it does has the code you mentioned. > > And I verified it with "spamassassin --lint -D" and I see the plugin > is loaded: > Jun 13 09:01:05.782 [5433] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTMLEval from @INC > > Then how come it still give a score of 3.0? > > Gao > > > > Copied the wrong line. It should be: Jun 13 09:07:41.630 [5975] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC BTW, why does pipe to grep not working? I did spamassassin --lint -D | grep HeaderEval And it shows all the lines from lint test. -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 4 Date: Tue, 13 Jun 2017 09:44:27 -0700 From: Mark Sapiro To: mailscanner at lists.mailscanner.info Subject: Re: Trouble with mails from Blackberry Message-ID: <495322f8-bd11-c75e-f4ed-dbe3a28fbedd at msapiro.net> Content-Type: text/plain; charset=utf-8 On 06/13/2017 09:13 AM, Gao wrote: > > BTW, why does pipe to grep not working? I did > spamassassin --lint -D | grep HeaderEval > And it shows all the lines from lint test. Because spamassassin --lint writes to stderr. You need to do spamassassin --lint -D 2>&1 | grep HeaderEval -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------ Message: 5 Date: Tue, 13 Jun 2017 09:51:31 -0700 From: Mark Sapiro To: mailscanner at lists.mailscanner.info Subject: Re: Trouble with mails from Blackberry Message-ID: <010e59f0-ece1-f407-e9e2-0d093d495015 at msapiro.net> Content-Type: text/plain; charset=utf-8 On 06/13/2017 09:09 AM, Gao wrote: > > I check the HeaderEval.pm file and it does has the code you mentioned. > > And I verified it with "spamassassin --lint -D" and I see the plugin is > loaded: > > Then how come it still give a score of 3.0? If in fact your HeaderEval.pm file contains return 0 if $from =~ /^SRS\d=/; in the check_ratware_envelope_from subroutine and your Blackberry messages have envelope from similar to the "SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com" value in your OP, I can't explain why the rule hits. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------ Subject: Digest Footer -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ------------------------------ End of MailScanner Digest, Vol 138, Issue 12 ******************************************** From richard at fastnet.co.uk Tue Jun 27 08:31:23 2017 From: richard at fastnet.co.uk (Richard Mealing) Date: Tue, 27 Jun 2017 08:31:23 +0000 Subject: Rule set question, to bypass ClamAV (Richard Mealing) In-Reply-To: <565E24216053F74DBB89D69F082D62D801DDFCC541@SYS-EX06.shared.local> References: <565E24216053F74DBB89D69F082D62D801DDFCC541@SYS-EX06.shared.local> Message-ID: <6EE47AF64C339A4F8F7F50507241B3795FB091C8@BTN-EXCHANGE-V1.fastnet.local> Hi Ronald, As far as I am aware you can only white list signatures in clamd. The engine that uses clamd is MailScanner, so that is the ideal place to put your white lists. Thanks, Rich -----Original Message----- From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Support Sent: Monday, June 26, 2017 20:58 To: mailscanner at lists.mailscanner.info Subject: RE: Rule set question, to bypass ClamAV (Richard Mealing) Hi Richard, Yes, with tabs it seems to work now. Odd, coz I had 'simpler' rules with spaces and they work also fine. Any chance you can do this in ClamAV itself to tell Clam it should block OLE2Macro's for userx and not for usery? But for usery do check other virus stuff? Grtz, Ronald Message: 1 Date: Tue, 13 Jun 2017 15:31:39 +0000 From: Richard Mealing To: MailScanner Discussion Subject: RE: Rule set question, to bypass ClamAV Message-ID: <6EE47AF64C339A4F8F7F50507241B3795FAC38B8 at BTN-EXCHANGE-V1.fastnet.local> Content-Type: text/plain; charset="us-ascii" Your rule should work. Are you using tabs? For example this should work - From: somegoodsender at domain.com and To: *@mydomain.com no From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Support Sent: Monday, June 12, 2017 21:26 To: mailscanner at lists.mailscanner.info Subject: Rule set question, to bypass ClamAV Hi there, My 1st post. Is it possible somehow to use a sender <-> recipient combination in the scan.messages.rules or virus.scanning.rules? I tried things like 'From: safe_sender at safe_domain.com and To:trusted_recipient at example.com' but that didn't work. I want to do this to block all macro's in ClamAv for all users (or can this be user controlled??), while disabling virus scanning for users that need Office macro's. Or is there another way to allow macro's for some specific sender, recipient and/or the combination? To my exprience most ransom ware originates from Office documents with macro's. Seems ClamAV even with all UnOfficial SIGS does not detect m all. Or does someone has a 100% catch ratio? Any ideas welcome. Grtz, Ronald -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 2 Date: Tue, 13 Jun 2017 09:09:33 -0700 From: Gao To: mailscanner at lists.mailscanner.info Subject: Re: Trouble with mails from Blackberry Message-ID: <5f3100c5-7a7d-3c5f-0753-f5f8f060ca0e at pztop.com> Content-Type: text/plain; charset=utf-8; format=flowed On 2017-06-12 05:26 PM, Mark Sapiro wrote: > On 06/12/2017 09:00 AM, Gao wrote: >> >> On 2017-06-08 01:02 PM, Mark Sapiro wrote: >>> The reason I ask about version is this score comes from >>> >>> Mail::SpamAssassin::Plugin::HeaderEval::check_ratware_envelope_from( >>> ) >>> >>> Which in SA 3.4.1 at least has >>> >>> return 0 if $from =~ /^SRS\d=/; >>> >>> per >>> >> sassin_1_1Plugin_1_1HeaderEval.html#ab8531c37621db88b28eb3c7dc5c97d5 >>> 8> >>> >>> which seems to be designed to exempt envelope senders beginning with >>> SRS, a digit and = as this message does. >>> >>> If the issue is an older SA and you can't upgrade, you can always >>> set the score for RATWARE_EFROM to zero. >>> >> Thank you for the help. >> I am using SpamAssassin Version:3.4.0. I am not sure where to check >> for the code you mentioned. I'll make a rule to adjust the RATWARE_EFROM score. > > The code is in the file Mail/SpamAssassin/Plugin/HeaderEval.pm in your > perl installation. > Interesting... I check the HeaderEval.pm file and it does has the code you mentioned. And I verified it with "spamassassin --lint -D" and I see the plugin is loaded: Jun 13 09:01:05.782 [5433] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC Then how come it still give a score of 3.0? Gao ------------------------------ Message: 3 Date: Tue, 13 Jun 2017 09:13:58 -0700 From: Gao To: mailscanner at lists.mailscanner.info Subject: Re: Trouble with mails from Blackberry Message-ID: Content-Type: text/plain; charset="utf-8"; Format="flowed" On 2017-06-13 09:09 AM, Gao wrote: > > > On 2017-06-12 05:26 PM, Mark Sapiro wrote: >> On 06/12/2017 09:00 AM, Gao wrote: >>> >>> On 2017-06-08 01:02 PM, Mark Sapiro wrote: >>>> The reason I ask about version is this score comes from >>>> >>>> Mail::SpamAssassin::Plugin::HeaderEval::check_ratware_envelope_from >>>> () >>>> >>>> Which in SA 3.4.1 at least has >>>> >>>> return 0 if $from =~ /^SRS\d=/; >>>> >>>> per >>>> >>> ssassin_1_1Plugin_1_1HeaderEval.html#ab8531c37621db88b28eb3c7dc5c97 >>>> d58> >>>> >>>> >>>> which seems to be designed to exempt envelope senders beginning >>>> with SRS, a digit and = as this message does. >>>> >>>> If the issue is an older SA and you can't upgrade, you can always >>>> set the score for RATWARE_EFROM to zero. >>>> >>> Thank you for the help. >>> I am using SpamAssassin Version:3.4.0. I am not sure where to check >>> for the code you mentioned. I'll make a rule to adjust the >>> RATWARE_EFROM score. >> >> The code is in the file Mail/SpamAssassin/Plugin/HeaderEval.pm in >> your perl installation. >> > Interesting... > > I check the HeaderEval.pm file and it does has the code you mentioned. > > And I verified it with "spamassassin --lint -D" and I see the plugin > is loaded: > Jun 13 09:01:05.782 [5433] dbg: plugin: loading > Mail::SpamAssassin::Plugin::HTMLEval from @INC > > Then how come it still give a score of 3.0? > > Gao > > > > Copied the wrong line. It should be: Jun 13 09:07:41.630 [5975] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC BTW, why does pipe to grep not working? I did spamassassin --lint -D | grep HeaderEval And it shows all the lines from lint test. -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Message: 4 Date: Tue, 13 Jun 2017 09:44:27 -0700 From: Mark Sapiro To: mailscanner at lists.mailscanner.info Subject: Re: Trouble with mails from Blackberry Message-ID: <495322f8-bd11-c75e-f4ed-dbe3a28fbedd at msapiro.net> Content-Type: text/plain; charset=utf-8 On 06/13/2017 09:13 AM, Gao wrote: > > BTW, why does pipe to grep not working? I did spamassassin --lint -D > | grep HeaderEval And it shows all the lines from lint test. Because spamassassin --lint writes to stderr. You need to do spamassassin --lint -D 2>&1 | grep HeaderEval -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------ Message: 5 Date: Tue, 13 Jun 2017 09:51:31 -0700 From: Mark Sapiro To: mailscanner at lists.mailscanner.info Subject: Re: Trouble with mails from Blackberry Message-ID: <010e59f0-ece1-f407-e9e2-0d093d495015 at msapiro.net> Content-Type: text/plain; charset=utf-8 On 06/13/2017 09:09 AM, Gao wrote: > > I check the HeaderEval.pm file and it does has the code you mentioned. > > And I verified it with "spamassassin --lint -D" and I see the plugin is > loaded: > > Then how come it still give a score of 3.0? If in fact your HeaderEval.pm file contains return 0 if $from =~ /^SRS\d=/; in the check_ratware_envelope_from subroutine and your Blackberry messages have envelope from similar to the "SRS0=HaG/vD=5N=mydomain.com=gjv at srs.bis6.us.blackberry.com" value in your OP, I can't explain why the rule hits. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------ Subject: Digest Footer -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner ------------------------------ End of MailScanner Digest, Vol 138, Issue 12 ******************************************** -- MailScanner mailing list mailscanner at lists.mailscanner.info http://lists.mailscanner.info/mailman/listinfo/mailscanner From tim at wcs-tech.com Fri Jun 30 18:34:17 2017 From: tim at wcs-tech.com (Tim Wright) Date: Fri, 30 Jun 2017 18:34:17 +0000 Subject: Get Detailed SpamAssassin logging Message-ID: For some reason I have notice that SpamAssassin has just stop doing RBL lookups. If I take a known bad message and run the command line directly feeding in that file, it get the SPAM level I would expect, very high. But when it was run during the MailScanner process it was allowed through with a score of 1.2. How do I get the SA details? How do I get MailScanner to put the details in maillog or some other log file that I can confirm the details. Thanks Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From danita at caledonia.net Fri Jun 30 23:14:38 2017 From: danita at caledonia.net (Danita Zanre) Date: Fri, 30 Jun 2017 16:14:38 -0700 Subject: Per Domain Settings Message-ID: I?m sorry that this is such a silly question, but I can?t find the way to make settings per domain. ?Specifically, I have a domain where I want to ?mark and deliver? the mail to the recipients. ?Normally we quarantine them for view in MailWatch. ?How can I do this? Thanks! Danita Zanr?, Move Out of the Office I love my job, and you can too! Tel: (720) 319-7530 - Caledonia.Net?LLC Tel: (720) 319-8240 - Move Out of the Office -------------- next part -------------- An HTML attachment was scrubbed... URL: