You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Forrest <th...@gmail.com> on 2015/05/21 19:31:51 UTC
user_prefs custom rules, not matching
I'm having a problem with a spammer who is using Google Groups as a
base. They manage to re-subscribe people, etc., and it's hosted on a
private domain, so I can't get to the panel to report the domain.
In any case, I wrote a couple of simple rules in user_prefs that
/should/ match, but they don't. I set the score really high, so it
would get rejected by spamass-milter. Here they are:
header SPAM_MARKETEERS1 To =~/emarketeerz/
describe SPAM_MARKETEERS1 Spam from a Google Group
score SPAM_MARKETEERS1 1000
header SPAM_MARKETEERS2 To =~/mktg.mgrr\@outlook.com/
describe SPAM_MARKETEERS2 Spam from a Google Group
score SPAM_MARKETEERS2 1000
header SPAM_MARKETEERS3 From =~/mktg.mgrr1\@outlook.com/
describe SPAM_MARKETEERS3 Spam from a Google Group
score SPAM_MARKETEERS3 1000
I have other similar tests that check the Subject that I've used before
that work, but they change the subject line here.
I don't understand why these are not working. Here is a sample SMTP
header from a message today (sanitized):
Return-Path: <mk...@emarketeerz4.com>
Received: from domain.com ([unix socket])
by mail.domain.com (Cyrus v2.4.17-Invoca-RPM-2.4.17-7) with LMTPA;
Thu, 21 May 2015 04:19:17 -0400
X-Sieve: CMU Sieve 2.4
X-Envelope-From: mktg42+bncBDFYXD7ERMLRB7VJ62VAKGQEHMPQWXY@emarketeerz4.com
X-Envelope-To: <us...@domain.com>
X-Originating-IP: 209.85.223.198
Received: from mail-ie0-f198.google.com (mail-ie0-f198.google.com
[209.85.223.198])
by domain.com (envelope-from
mktg42+bncBDFYXD7ERMLRB7VJ62VAKGQEHMPQWXY@emarketeerz4.com)
(8.13.8/8.13.8) with ESMTP id t4L8J9EZ005720
(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL)
for <us...@domain.com>; Thu, 21 May 2015 04:19:15 -0400
Received: by ieqf18 with SMTP id f18sf6062788ieq.3
for <us...@domain.com>; Thu, 21 May 2015 01:19:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:message-id:content-type:reply-to:from:to:subject
:date:importance:in-reply-to:references:mime-version
:x-original-sender:x-original-authentication-results:precedence
:mailing-list:list-id:list-post:list-help:list-archive
:list-subscribe:list-unsubscribe;
bh=vd0EI/d4aRTHygvZym5oYdFiNaokMVBCCwLaW2YDBbk=;
b=N0JuamZ7K1VJxDBmc2PHkDiDEhpSvycYOZcCuxGZ0dpJWjolbLBOsUbslPrBb3z8CJ
YwkDI/8VLtPQ5Ks4raPUuScVsAhCSUBUsdfnVFqoDLW2Qg1eEfpBPbWi3BZ25d+1HTh2
8lnAuDd22OZVUuNJZicBPlzn3xCsmsWWP0sKVrfxMfDKoRteBekbdXDXLPWd6I5JlA7D
cP7AToZ4aKzgMR6WzMXciwHH0bzbraRMs+OB9H8P4MKyX7PtEWahebkzLc2lPpHtvNoL
eD7iKbM11GmWSILlS2eOXF2kybdlT1bXW/QHrBGVbtdVtZZvOjX5vZNbqJuPHAr3ijGv
OeTQ==
X-Gm-Message-State:
ALoCoQkamrP9SDnCBg35yuNH/PYh6G7Jw+eFrhEazO/NeF9OO0NPwQ8abSTcSLlL9FOLi03BMKiK
X-Received: by 10.42.107.76 with SMTP id c12mr2608456icp.11.1432196350333;
Thu, 21 May 2015 01:19:10 -0700 (PDT)
X-BeenThere: mktg42@emarketeerz4.com
Received: by 10.107.153.1 with SMTP id b1ls887746ioe.70.gmail; Thu, 21 May
2015 01:19:10 -0700 (PDT)
X-Received: by 10.66.100.163 with SMTP id ez3mr1895951pab.38.1432196349518;
Thu, 21 May 2015 01:19:09 -0700 (PDT)
X-BeenThere: group09@emarketeerz4.com
Received: by 10.182.85.197 with SMTP id j5ls515966obz.56.gmail; Thu, 21 May
2015 01:19:09 -0700 (PDT)
X-Received: by 10.202.186.214 with SMTP id
k205mr1260309oif.10.1432196349210;
Thu, 21 May 2015 01:19:09 -0700 (PDT)
Received: from SNT004-OMC3S33.hotmail.com (snt004-omc3s33.hotmail.com.
[65.55.90.172])
by mx.google.com with ESMTPS id
a9si1190911obj.64.2015.05.21.01.19.09
for <gr...@emarketeerz4.com>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Thu, 21 May 2015 01:19:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of mktg.mgrr1@outlook.com
designates 65.55.90.172 as permitted sender) client-ip=65.55.90.172;
Received: from SNT150-W71 ([65.55.90.135]) by SNT004-OMC3S33.hotmail.com
over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
Thu, 21 May 2015 01:19:08 -0700
X-TMN: [lOyh6+qghnQRcL1M157wD1Dyw+k8u6uD]
X-Originating-Email: [mktg.mgrr1@outlook.com]
Message-ID: <SN...@phx.gbl>
Content-Type: multipart/related;
boundary="_eb2160ae-fe52-4714-8f5b-445336a30ab3_"
Reply-To: <in...@outlook.com>
From: E- Marketeers <mk...@outlook.com>
To: "group09@emarketeerz3.com" <gr...@emarketeerz3.com>
Subject: Global Holidays Travel And Tours Online Booking
Date: Thu, 21 May 2015 08:19:08 +0000
Importance: Normal
In-Reply-To: <SN...@phx.gbl>
References:
<CA...@phx.gbl>
MIME-Version: 1.0
X-OriginalArrivalTime: 21 May 2015 08:19:08.0745 (UTC)
FILETIME=[CF665390:01D0939E]
X-Original-Sender: mktg.mgrr1@outlook.com
X-Original-Authentication-Results: mx.google.com; spf=pass
(google.com:
domain of mktg.mgrr1@outlook.com designates 65.55.90.172 as permitted
sender)
smtp.mail=mktg.mgrr1@outlook.com; dmarc=pass (p=NONE dis=NONE)
header.from=outlook.com
Precedence: list
Mailing-list: list mktg42@emarketeerz4.com; contact
mktg42+owners@emarketeerz4.com
List-ID: <mktg42.emarketeerz4.com>
X-Google-Group-Id: 346729582280
List-Post:
<http://groups.google.com/a/emarketeerz4.com/group/mktg42/post>,
<ma...@emarketeerz4.com>
List-Help:
<http://support.google.com/a/emarketeerz4.com/bin/topic.py?topic=25838>,
<ma...@emarketeerz4.com>
List-Archive: <http://groups.google.com/a/emarketeerz4.com/group/mktg42/>
List-Subscribe:
<http://groups.google.com/a/emarketeerz4.com/group/mktg42/subscribe>,
<ma...@emarketeerz4.com>
List-Unsubscribe:
<ma...@googlegroups.com>,
<http://groups.google.com/a/emarketeerz4.com/group/mktg42/subscribe>
Can someone point out what I'm doing wrong with the above rules?
Thanks!
Re: user_prefs custom rules, not matching
Posted by Benny Pedersen <me...@junc.eu>.
Reject list-id in mta stage, and this template have no unsubscribe links,
what a catcher
Re: user_prefs custom rules, not matching
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 26 May 2015, at 11:34, Forrest wrote:
> On 5/21/15 1:41 PM, Axb wrote:
>> does this work?
>>
>> header LIST_ID_MARKET_EEK List-ID =~ /emarketeerz/
>>
>
> I've tried this, and it doesn't appear to be working. I just received
> another message today, here are the headers (sanitized).
It seems quite likely that you're putting rules in a file that SA isn't
using, because SOME of these should match. Are you sure that your server
is configured to use SA in a manner that includes looking at the
specific user_prefs file you are trying to use?
> I would think that a simple match on "emarketeerz" would be
> sufficient. I am using sendmail, but I believe Postfix might be able
> to catch this using simple regex. But, shouldn't SpamAssassin be able
> to do the same? Are my rules incorrect?
>
>
> header SPAM_MARKETEERS From =~ /marketeerz/
> describe SPAM_MARKETEERS Spam from a Google Group
> score SPAM_MARKETEERS 1000
Use "EnvelopeFrom" there instead of "From" to catch the Return-Path
header, where that string actually occurs.
>
> header LIST_ID_MARKET_EEK List-ID =~ /emarketeerz/
> describe LIST_ID_MARKET_EEK Spam from a Google group
> score LIST_ID_MARKET_EEK 1000
Should match.
> header SPAM_MARKETEERS1 To =~ /emarketeerz/
> describe SPAM_MARKETEERS1 Spam from a Google Group
> score SPAM_MARKETEERS1 1000
Should match.
> header SPAM_MARKETEERS2 To =~ /mktg.mgrr\@outlook.com/
> describe SPAM_MARKETEERS2 Spam from a Google Group
> score SPAM_MARKETEERS2 1000
> header SPAM_MARKETEERS3 From =~ /mktg.mgrr1\@outlook.com/
> describe SPAM_MARKETEERS3 Spam from a Google Group
> score SPAM_MARKETEERS3 1000
Both of these won't match the message you included. These patterns
instead would, AND would be generally safe:
# Match anything sent To any address in any emarketeerz[number].com
domain
header SPAM_MARKETEERS2 To =~ /\@emarketeerz[0-9]*\.com/
# Match any mktg.mgrr[digit]@outlook.com address
header SPAM_MARKETEERS3 From =~ /mktg\.mgrr[0-9]\@outlook.com/
> Return-Path:
> <mk...@emarketeerz4.com>
> Received: from user.com ([unix socket])
> by mail.user.com (Cyrus v2.4.17-Invoca-RPM-2.4.17-7) with LMTPA;
> Tue, 26 May 2015 05:46:37 -0400
> X-Sieve: CMU Sieve 2.4
> X-Envelope-From:
> mktg42+bncBCZL7C5K4YHBB5UBSGVQKGQE3F3UTTQ@emarketeerz4.com
> X-Envelope-To: <us...@domain.com>
> X-Originating-IP: 209.85.217.199
> Received: from mail-lb0-f199.google.com (mail-lb0-f199.google.com
> [209.85.217.199])
> by user.com (envelope-from
> mktg42+bncBCZL7C5K4YHBB5UBSGVQKGQE3F3UTTQ@emarketeerz4.com)
> (8.13.8/8.13.8) with ESMTP id t4Q9kTFL002451
> (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL)
> for <us...@domain.com>; Tue, 26 May 2015 05:46:35 -0400
> Received: by lbcue7 with SMTP id ue7sf9691718lbc.3
> for <us...@domain.com>; Tue, 26 May 2015 02:46:31 -0700 (PDT)
> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=1e100.net; s=20130820;
> h=x-gm-message-state:message-id:content-type:reply-to:from:to:subject
> :date:importance:in-reply-to:references:mime-version
> :x-original-sender:x-original-authentication-results:precedence
> :mailing-list:list-id:list-post:list-help:list-archive
> :list-subscribe:list-unsubscribe;
> bh=tQKbOuNQxBaG0vMnfAIKy4lF2IfQb8mCh2RxyI48vls=;
> b=FL32hufVCFV7GxagYXQsfJ1MhriDhegHCr1OD06Hb79aX+PdfD3QL0LoMEAnLXj2gF
> me4MBLqi+5g7gcILqHudbw2T1NjyFW4oLhjy40UWZl/N0fT43Ix82jNLiDkNu+YKjT3c
> TX1wDdirWjxo97DrsV/YP6/pdVkSj8AonCIDxxg6SrOpKbazCsgtPHHjLCg0O+TG7ZhO
> 8/kKvOLq5cVRBj/Qmcb8d5F26noNQ6jLJ3HBtJQID2veaN1JE90Xsy5iXmPyInlkp/6J
> ojR5iOqshwbsxhkZIOr+qx03baOAGkuNZHoDgM3YvGVHelCDnah1c1RlTsjPAUoR/UuP
> JZKA==
> X-Gm-Message-State:
> ALoCoQnqPLPa6rhoF3z+7+Hz2wXhoBGh0Wmum/H1TF8gVLM11v9eZZwFsmkeW7kvE/eWxqrRG3aT
> X-Received: by 10.112.26.5 with SMTP id
> h5mr26850091lbg.4.1432633590821;
> Tue, 26 May 2015 02:46:30 -0700 (PDT)
> X-BeenThere: mktg42@emarketeerz4.com
> Received: by 10.180.77.228 with SMTP id v4ls588047wiw.2.gmail; Tue, 26
> May
> 2015 02:46:30 -0700 (PDT)
> X-Received: by 10.180.106.10 with SMTP id
> gq10mr22835810wib.0.1432633590087;
> Tue, 26 May 2015 02:46:30 -0700 (PDT)
> X-BeenThere: group09@emarketeerz4.com
> Received: by 10.180.82.166 with SMTP id j6ls597426wiy.18.gmail; Tue,
> 26 May
> 2015 02:46:29 -0700 (PDT)
> X-Received: by 10.180.106.137 with SMTP id
> gu9mr33343490wib.54.1432633589759;
> Tue, 26 May 2015 02:46:29 -0700 (PDT)
> Received: from BAY004-OMC1S23.hotmail.com (bay004-omc1s23.hotmail.com.
> [65.54.190.34])
> by mx.google.com with ESMTPS id
> m11si17165852wij.110.2015.05.26.02.46.28
> for <gr...@emarketeerz4.com>
> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
> Tue, 26 May 2015 02:46:29 -0700 (PDT)
> Received-SPF: pass (google.com: domain of mktg.mgrr2@outlook.com
> designates 65.54.190.34 as permitted sender) client-ip=65.54.190.34;
> Received: from BAY182-W6 ([65.54.190.59]) by
> BAY004-OMC1S23.hotmail.com over TLS secured channel with Microsoft
> SMTPSVC(7.5.7601.22751);
> Tue, 26 May 2015 02:46:27 -0700
> X-TMN: [pCOlxaTz0MWrTdeOzRhweKR2/GM/+1J8]
> X-Originating-Email: [mktg.mgrr2@outlook.com]
> Message-ID: <BA...@phx.gbl>
> Content-Type: multipart/related;
> boundary="_4244e123-67c3-4066-8866-ff54405e25de_"
> Reply-To: <in...@outlook.com>
> From: E- Marketeers <mk...@outlook.com>
> To: "group09@emarketeerz1.com" <gr...@emarketeerz1.com>
> Subject: Global Holidays Travel And Tours Online Booking
> Date: Tue, 26 May 2015 09:46:26 +0000
> Importance: Normal
> In-Reply-To: <BA...@phx.gbl>
> References:
> <CA...@phx.gbl>
> MIME-Version: 1.0
> X-OriginalArrivalTime: 26 May 2015 09:46:27.0031 (UTC)
> FILETIME=[D5BA1670:01D09798]
> X-Original-Sender: mktg.mgrr2@outlook.com
> X-Original-Authentication-Results: mx.google.com; spf=pass
> (google.com:
> domain of mktg.mgrr2@outlook.com designates 65.54.190.34 as permitted
> sender)
> smtp.mail=mktg.mgrr2@outlook.com; dmarc=pass (p=NONE dis=NONE)
> header.from=outlook.com
> Precedence: list
> Mailing-list: list mktg42@emarketeerz4.com; contact
> mktg42+owners@emarketeerz4.com
> List-ID: <mktg42.emarketeerz4.com>
> X-Google-Group-Id: 346729582280
> List-Post:
> <http://groups.google.com/a/emarketeerz4.com/group/mktg42/post>,
> <ma...@emarketeerz4.com>
> List-Help:
> <http://support.google.com/a/emarketeerz4.com/bin/topic.py?topic=25838>,
> <ma...@emarketeerz4.com>
> List-Archive:
> <http://groups.google.com/a/emarketeerz4.com/group/mktg42/>
> List-Subscribe:
> <http://groups.google.com/a/emarketeerz4.com/group/mktg42/subscribe>,
> <ma...@emarketeerz4.com>
> List-Unsubscribe:
> <ma...@googlegroups.com>,
> <http://groups.google.com/a/emarketeerz4.com/group/mktg42/subscribe>
Re: user_prefs custom rules, not matching
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 26.05.15 11:34, Forrest wrote:
>Subject: Re: user_prefs custom rules, not matching
>On 5/21/15 1:41 PM, Axb wrote:
>>does this work?
>>
>>header LIST_ID_MARKET_EEK List-ID =~ /emarketeerz/
>>
>
>I've tried this, and it doesn't appear to be working. I just
>received another message today, here are the headers (sanitized).
did you enable allow_user_rules in system config?
users are not enabled to define their own rules by default.
Have you tried to put those rules into system-wide config?
If only some users need them, you can give them with score 0 and only users
requiring them will set their own score (this is enabled by default)
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges.
Re: user_prefs custom rules, not matching
Posted by Forrest <th...@gmail.com>.
On 5/21/15 1:41 PM, Axb wrote:
> does this work?
>
> header LIST_ID_MARKET_EEK List-ID =~ /emarketeerz/
>
I've tried this, and it doesn't appear to be working. I just received
another message today, here are the headers (sanitized).
I would think that a simple match on "emarketeerz" would be
sufficient. I am using sendmail, but I believe Postfix might be able
to catch this using simple regex. But, shouldn't SpamAssassin be able
to do the same? Are my rules incorrect?
header SPAM_MARKETEERS From =~ /marketeerz/
describe SPAM_MARKETEERS Spam from a Google Group
score SPAM_MARKETEERS 1000
header LIST_ID_MARKET_EEK List-ID =~ /emarketeerz/
describe LIST_ID_MARKET_EEK Spam from a Google group
score LIST_ID_MARKET_EEK 1000
header SPAM_MARKETEERS1 To =~ /emarketeerz/
describe SPAM_MARKETEERS1 Spam from a Google Group
score SPAM_MARKETEERS1 1000
header SPAM_MARKETEERS2 To =~ /mktg.mgrr\@outlook.com/
describe SPAM_MARKETEERS2 Spam from a Google Group
score SPAM_MARKETEERS2 1000
header SPAM_MARKETEERS3 From =~ /mktg.mgrr1\@outlook.com/
describe SPAM_MARKETEERS3 Spam from a Google Group
score SPAM_MARKETEERS3 1000
Return-Path: <mk...@emarketeerz4.com>
Received: from user.com ([unix socket])
by mail.user.com (Cyrus v2.4.17-Invoca-RPM-2.4.17-7) with LMTPA;
Tue, 26 May 2015 05:46:37 -0400
X-Sieve: CMU Sieve 2.4
X-Envelope-From: mktg42+bncBCZL7C5K4YHBB5UBSGVQKGQE3F3UTTQ@emarketeerz4.com
X-Envelope-To: <us...@domain.com>
X-Originating-IP: 209.85.217.199
Received: from mail-lb0-f199.google.com (mail-lb0-f199.google.com
[209.85.217.199])
by user.com (envelope-from
mktg42+bncBCZL7C5K4YHBB5UBSGVQKGQE3F3UTTQ@emarketeerz4.com)
(8.13.8/8.13.8) with ESMTP id t4Q9kTFL002451
(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL)
for <us...@domain.com>; Tue, 26 May 2015 05:46:35 -0400
Received: by lbcue7 with SMTP id ue7sf9691718lbc.3
for <us...@domain.com>; Tue, 26 May 2015 02:46:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:message-id:content-type:reply-to:from:to:subject
:date:importance:in-reply-to:references:mime-version
:x-original-sender:x-original-authentication-results:precedence
:mailing-list:list-id:list-post:list-help:list-archive
:list-subscribe:list-unsubscribe;
bh=tQKbOuNQxBaG0vMnfAIKy4lF2IfQb8mCh2RxyI48vls=;
b=FL32hufVCFV7GxagYXQsfJ1MhriDhegHCr1OD06Hb79aX+PdfD3QL0LoMEAnLXj2gF
me4MBLqi+5g7gcILqHudbw2T1NjyFW4oLhjy40UWZl/N0fT43Ix82jNLiDkNu+YKjT3c
TX1wDdirWjxo97DrsV/YP6/pdVkSj8AonCIDxxg6SrOpKbazCsgtPHHjLCg0O+TG7ZhO
8/kKvOLq5cVRBj/Qmcb8d5F26noNQ6jLJ3HBtJQID2veaN1JE90Xsy5iXmPyInlkp/6J
ojR5iOqshwbsxhkZIOr+qx03baOAGkuNZHoDgM3YvGVHelCDnah1c1RlTsjPAUoR/UuP
JZKA==
X-Gm-Message-State:
ALoCoQnqPLPa6rhoF3z+7+Hz2wXhoBGh0Wmum/H1TF8gVLM11v9eZZwFsmkeW7kvE/eWxqrRG3aT
X-Received: by 10.112.26.5 with SMTP id h5mr26850091lbg.4.1432633590821;
Tue, 26 May 2015 02:46:30 -0700 (PDT)
X-BeenThere: mktg42@emarketeerz4.com
Received: by 10.180.77.228 with SMTP id v4ls588047wiw.2.gmail; Tue, 26 May
2015 02:46:30 -0700 (PDT)
X-Received: by 10.180.106.10 with SMTP id gq10mr22835810wib.0.1432633590087;
Tue, 26 May 2015 02:46:30 -0700 (PDT)
X-BeenThere: group09@emarketeerz4.com
Received: by 10.180.82.166 with SMTP id j6ls597426wiy.18.gmail; Tue, 26 May
2015 02:46:29 -0700 (PDT)
X-Received: by 10.180.106.137 with SMTP id
gu9mr33343490wib.54.1432633589759;
Tue, 26 May 2015 02:46:29 -0700 (PDT)
Received: from BAY004-OMC1S23.hotmail.com (bay004-omc1s23.hotmail.com.
[65.54.190.34])
by mx.google.com with ESMTPS id
m11si17165852wij.110.2015.05.26.02.46.28
for <gr...@emarketeerz4.com>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 26 May 2015 02:46:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of mktg.mgrr2@outlook.com
designates 65.54.190.34 as permitted sender) client-ip=65.54.190.34;
Received: from BAY182-W6 ([65.54.190.59]) by BAY004-OMC1S23.hotmail.com
over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
Tue, 26 May 2015 02:46:27 -0700
X-TMN: [pCOlxaTz0MWrTdeOzRhweKR2/GM/+1J8]
X-Originating-Email: [mktg.mgrr2@outlook.com]
Message-ID: <BA...@phx.gbl>
Content-Type: multipart/related;
boundary="_4244e123-67c3-4066-8866-ff54405e25de_"
Reply-To: <in...@outlook.com>
From: E- Marketeers <mk...@outlook.com>
To: "group09@emarketeerz1.com" <gr...@emarketeerz1.com>
Subject: Global Holidays Travel And Tours Online Booking
Date: Tue, 26 May 2015 09:46:26 +0000
Importance: Normal
In-Reply-To: <BA...@phx.gbl>
References:
<CA...@phx.gbl>
MIME-Version: 1.0
X-OriginalArrivalTime: 26 May 2015 09:46:27.0031 (UTC)
FILETIME=[D5BA1670:01D09798]
X-Original-Sender: mktg.mgrr2@outlook.com
X-Original-Authentication-Results: mx.google.com; spf=pass
(google.com:
domain of mktg.mgrr2@outlook.com designates 65.54.190.34 as permitted
sender)
smtp.mail=mktg.mgrr2@outlook.com; dmarc=pass (p=NONE dis=NONE)
header.from=outlook.com
Precedence: list
Mailing-list: list mktg42@emarketeerz4.com; contact
mktg42+owners@emarketeerz4.com
List-ID: <mktg42.emarketeerz4.com>
X-Google-Group-Id: 346729582280
List-Post:
<http://groups.google.com/a/emarketeerz4.com/group/mktg42/post>,
<ma...@emarketeerz4.com>
List-Help:
<http://support.google.com/a/emarketeerz4.com/bin/topic.py?topic=25838>,
<ma...@emarketeerz4.com>
List-Archive: <http://groups.google.com/a/emarketeerz4.com/group/mktg42/>
List-Subscribe:
<http://groups.google.com/a/emarketeerz4.com/group/mktg42/subscribe>,
<ma...@emarketeerz4.com>
List-Unsubscribe:
<ma...@googlegroups.com>,
<http://groups.google.com/a/emarketeerz4.com/group/mktg42/subscribe>
Re: user_prefs custom rules, not matching
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 21 May 2015, at 17:36, Benny Pedersen wrote:
> On May 21, 2015 11:08:28 PM "Bill Cole"
> <sa...@billmail.scconsult.com> wrote:
>
>> On 21 May 2015, at 14:42, Benny Pedersen wrote:
>>
>> > Note that plus addressing, users can only subscribe, is 2 + valid
>> in
>> > mailto: ?
>>
>> Sure, why not? See RFC's 821, 822, 2821, 2822, 5321, and 5322 :)
>>
>> There is nothing special about '+' in an email address in SMTP or in
>> the
>> email data format. It is only special to some delivery agents that
>> may
>> be configured to treat it specially.
>
> Here my mail client replaced + with a space char so ended to a invalid
> addr, why would anyone like to reply to 3rd party spammers to
> unsubscribe, well nice to see that my mail client does not support
> this even if its a bug in rfc
I misunderstood your original question.
The bug is in your client and to a lesser degree in Google's
construction of the 'mailto:' URIs in the various List-* headers. For
best interoperability they should be encoding '+' as '%2B' because it is
a widespread, longstanding, and well-known bug in interpreters of
mailto: URIs that they (incorrectly) decode '+' to ' ' as if they are
decoding HTTP form submission data.
Re: user_prefs custom rules, not matching
Posted by Larry Rosenman <le...@lerctr.org>.
On 2015-05-21 16:47, Forrest wrote:
> On 5/21/15 5:36 PM, Benny Pedersen wrote:
>> On May 21, 2015 11:08:28 PM "Bill Cole"
>> <sa...@billmail.scconsult.com> wrote:
>>
>>> On 21 May 2015, at 14:42, Benny Pedersen wrote:
>>>
>>> > Note that plus addressing, users can only subscribe, is 2 + valid in
>>> > mailto: ?
>>>
>>> Sure, why not? See RFC's 821, 822, 2821, 2822, 5321, and 5322 :)
>>>
>>> There is nothing special about '+' in an email address in SMTP or in
>>> the
>>> email data format. It is only special to some delivery agents that
>>> may
>>> be configured to treat it specially.
>>
>> Here my mail client replaced + with a space char so ended to a invalid
>> addr, why would anyone like to reply to 3rd party spammers to
>> unsubscribe, well nice to see that my mail client does not support
>> this even if its a bug in rfc
>
> These spammers have been active on Google Groups for a while -- why
> they haven't been shut down is beyond me. But, does anyone know what
> alerts or other info a Groups admin gets with people who unsubscribe?
> If anything, they are clever in exploiting the Google service to do
> all their bidding, seemingly without any notice from Google. You
> can't even get to the groups page.
Lot's of Java and other apps that validate e-mail addresses think the +
sign is a URL encoded SPACE and REJECT it. :(
RFC's be damned.
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: ler@lerctr.org
US Mail: 108 Turvey Cove, Hutto, TX 78634-5688
Re: user_prefs custom rules, not matching
Posted by Forrest <th...@gmail.com>.
On 5/21/15 5:36 PM, Benny Pedersen wrote:
> On May 21, 2015 11:08:28 PM "Bill Cole"
> <sa...@billmail.scconsult.com> wrote:
>
>> On 21 May 2015, at 14:42, Benny Pedersen wrote:
>>
>> > Note that plus addressing, users can only subscribe, is 2 + valid in
>> > mailto: ?
>>
>> Sure, why not? See RFC's 821, 822, 2821, 2822, 5321, and 5322 :)
>>
>> There is nothing special about '+' in an email address in SMTP or in the
>> email data format. It is only special to some delivery agents that may
>> be configured to treat it specially.
>
> Here my mail client replaced + with a space char so ended to a invalid
> addr, why would anyone like to reply to 3rd party spammers to
> unsubscribe, well nice to see that my mail client does not support
> this even if its a bug in rfc
These spammers have been active on Google Groups for a while -- why they
haven't been shut down is beyond me. But, does anyone know what alerts
or other info a Groups admin gets with people who unsubscribe? If
anything, they are clever in exploiting the Google service to do all
their bidding, seemingly without any notice from Google. You can't even
get to the groups page.
Re: user_prefs custom rules, not matching
Posted by Benny Pedersen <me...@junc.eu>.
On May 21, 2015 11:08:28 PM "Bill Cole"
<sa...@billmail.scconsult.com> wrote:
> On 21 May 2015, at 14:42, Benny Pedersen wrote:
>
> > Note that plus addressing, users can only subscribe, is 2 + valid in
> > mailto: ?
>
> Sure, why not? See RFC's 821, 822, 2821, 2822, 5321, and 5322 :)
>
> There is nothing special about '+' in an email address in SMTP or in the
> email data format. It is only special to some delivery agents that may
> be configured to treat it specially.
Here my mail client replaced + with a space char so ended to a invalid
addr, why would anyone like to reply to 3rd party spammers to unsubscribe,
well nice to see that my mail client does not support this even if its a
bug in rfc
Re: user_prefs custom rules, not matching
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 21 May 2015, at 14:42, Benny Pedersen wrote:
> Note that plus addressing, users can only subscribe, is 2 + valid in
> mailto: ?
Sure, why not? See RFC's 821, 822, 2821, 2822, 5321, and 5322 :)
There is nothing special about '+' in an email address in SMTP or in the
email data format. It is only special to some delivery agents that may
be configured to treat it specially.
Re: user_prefs custom rules, not matching
Posted by Benny Pedersen <me...@junc.eu>.
Note that plus addressing, users can only subscribe, is 2 + valid in mailto: ?
Re: user_prefs custom rules, not matching
Posted by Axb <ax...@gmail.com>.
does this work?
header LIST_ID_MARKET_EEK List-ID =~ /emarketeerz/
On 21.05.2015 19:31, Forrest wrote:
> I'm having a problem with a spammer who is using Google Groups as a
> base. They manage to re-subscribe people, etc., and it's hosted on a
> private domain, so I can't get to the panel to report the domain.
>
> In any case, I wrote a couple of simple rules in user_prefs that
> /should/ match, but they don't. I set the score really high, so it
> would get rejected by spamass-milter. Here they are:
>
> header SPAM_MARKETEERS1 To =~/emarketeerz/
> describe SPAM_MARKETEERS1 Spam from a Google Group
> score SPAM_MARKETEERS1 1000
>
> header SPAM_MARKETEERS2 To =~/mktg.mgrr\@outlook.com/
> describe SPAM_MARKETEERS2 Spam from a Google Group
> score SPAM_MARKETEERS2 1000
>
> header SPAM_MARKETEERS3 From =~/mktg.mgrr1\@outlook.com/
> describe SPAM_MARKETEERS3 Spam from a Google Group
> score SPAM_MARKETEERS3 1000
>
>
> I have other similar tests that check the Subject that I've used before
> that work, but they change the subject line here.
>
> I don't understand why these are not working. Here is a sample SMTP
> header from a message today (sanitized):
>
> Return-Path: <mk...@emarketeerz4.com>
> Received: from domain.com ([unix socket])
> by mail.domain.com (Cyrus v2.4.17-Invoca-RPM-2.4.17-7) with LMTPA;
> Thu, 21 May 2015 04:19:17 -0400
> X-Sieve: CMU Sieve 2.4
> X-Envelope-From: mktg42+bncBDFYXD7ERMLRB7VJ62VAKGQEHMPQWXY@emarketeerz4.com
> X-Envelope-To: <us...@domain.com>
> X-Originating-IP: 209.85.223.198
> Received: from mail-ie0-f198.google.com (mail-ie0-f198.google.com
> [209.85.223.198])
> by domain.com (envelope-from
> mktg42+bncBDFYXD7ERMLRB7VJ62VAKGQEHMPQWXY@emarketeerz4.com)
> (8.13.8/8.13.8) with ESMTP id t4L8J9EZ005720
> (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL)
> for <us...@domain.com>; Thu, 21 May 2015 04:19:15 -0400
> Received: by ieqf18 with SMTP id f18sf6062788ieq.3
> for <us...@domain.com>; Thu, 21 May 2015 01:19:10 -0700 (PDT)
> X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=1e100.net; s=20130820;
> h=x-gm-message-state:message-id:content-type:reply-to:from:to:subject
> :date:importance:in-reply-to:references:mime-version
> :x-original-sender:x-original-authentication-results:precedence
> :mailing-list:list-id:list-post:list-help:list-archive
> :list-subscribe:list-unsubscribe;
> bh=vd0EI/d4aRTHygvZym5oYdFiNaokMVBCCwLaW2YDBbk=;
> b=N0JuamZ7K1VJxDBmc2PHkDiDEhpSvycYOZcCuxGZ0dpJWjolbLBOsUbslPrBb3z8CJ
> YwkDI/8VLtPQ5Ks4raPUuScVsAhCSUBUsdfnVFqoDLW2Qg1eEfpBPbWi3BZ25d+1HTh2
> 8lnAuDd22OZVUuNJZicBPlzn3xCsmsWWP0sKVrfxMfDKoRteBekbdXDXLPWd6I5JlA7D
> cP7AToZ4aKzgMR6WzMXciwHH0bzbraRMs+OB9H8P4MKyX7PtEWahebkzLc2lPpHtvNoL
> eD7iKbM11GmWSILlS2eOXF2kybdlT1bXW/QHrBGVbtdVtZZvOjX5vZNbqJuPHAr3ijGv
> OeTQ==
> X-Gm-Message-State:
> ALoCoQkamrP9SDnCBg35yuNH/PYh6G7Jw+eFrhEazO/NeF9OO0NPwQ8abSTcSLlL9FOLi03BMKiK
>
> X-Received: by 10.42.107.76 with SMTP id c12mr2608456icp.11.1432196350333;
> Thu, 21 May 2015 01:19:10 -0700 (PDT)
> X-BeenThere: mktg42@emarketeerz4.com
> Received: by 10.107.153.1 with SMTP id b1ls887746ioe.70.gmail; Thu, 21 May
> 2015 01:19:10 -0700 (PDT)
> X-Received: by 10.66.100.163 with SMTP id ez3mr1895951pab.38.1432196349518;
> Thu, 21 May 2015 01:19:09 -0700 (PDT)
> X-BeenThere: group09@emarketeerz4.com
> Received: by 10.182.85.197 with SMTP id j5ls515966obz.56.gmail; Thu, 21 May
> 2015 01:19:09 -0700 (PDT)
> X-Received: by 10.202.186.214 with SMTP id
> k205mr1260309oif.10.1432196349210;
> Thu, 21 May 2015 01:19:09 -0700 (PDT)
> Received: from SNT004-OMC3S33.hotmail.com (snt004-omc3s33.hotmail.com.
> [65.55.90.172])
> by mx.google.com with ESMTPS id
> a9si1190911obj.64.2015.05.21.01.19.09
> for <gr...@emarketeerz4.com>
> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
> Thu, 21 May 2015 01:19:09 -0700 (PDT)
> Received-SPF: pass (google.com: domain of mktg.mgrr1@outlook.com
> designates 65.55.90.172 as permitted sender) client-ip=65.55.90.172;
> Received: from SNT150-W71 ([65.55.90.135]) by SNT004-OMC3S33.hotmail.com
> over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
> Thu, 21 May 2015 01:19:08 -0700
> X-TMN: [lOyh6+qghnQRcL1M157wD1Dyw+k8u6uD]
> X-Originating-Email: [mktg.mgrr1@outlook.com]
> Message-ID: <SN...@phx.gbl>
> Content-Type: multipart/related;
> boundary="_eb2160ae-fe52-4714-8f5b-445336a30ab3_"
> Reply-To: <in...@outlook.com>
> From: E- Marketeers <mk...@outlook.com>
> To: "group09@emarketeerz3.com" <gr...@emarketeerz3.com>
> Subject: Global Holidays Travel And Tours Online Booking
> Date: Thu, 21 May 2015 08:19:08 +0000
> Importance: Normal
> In-Reply-To: <SN...@phx.gbl>
> References:
> <CA...@phx.gbl>
>
> MIME-Version: 1.0
> X-OriginalArrivalTime: 21 May 2015 08:19:08.0745 (UTC)
> FILETIME=[CF665390:01D0939E]
> X-Original-Sender: mktg.mgrr1@outlook.com
> X-Original-Authentication-Results: mx.google.com; spf=pass
> (google.com:
> domain of mktg.mgrr1@outlook.com designates 65.55.90.172 as permitted
> sender)
> smtp.mail=mktg.mgrr1@outlook.com; dmarc=pass (p=NONE dis=NONE)
> header.from=outlook.com
> Precedence: list
> Mailing-list: list mktg42@emarketeerz4.com; contact
> mktg42+owners@emarketeerz4.com
> List-ID: <mktg42.emarketeerz4.com>
> X-Google-Group-Id: 346729582280
> List-Post:
> <http://groups.google.com/a/emarketeerz4.com/group/mktg42/post>,
> <ma...@emarketeerz4.com>
> List-Help:
> <http://support.google.com/a/emarketeerz4.com/bin/topic.py?topic=25838>,
> <ma...@emarketeerz4.com>
> List-Archive: <http://groups.google.com/a/emarketeerz4.com/group/mktg42/>
> List-Subscribe:
> <http://groups.google.com/a/emarketeerz4.com/group/mktg42/subscribe>,
> <ma...@emarketeerz4.com>
> List-Unsubscribe:
> <ma...@googlegroups.com>,
> <http://groups.google.com/a/emarketeerz4.com/group/mktg42/subscribe>
>
>
>
> Can someone point out what I'm doing wrong with the above rules?
>
>
> Thanks!
>
>
>