2:54 AM
EyePulp has quit
2:54 AM
EyePulp joined the channel
4:24 AM
GitHubBot
7:58 AM
knutix has quit
8:12 AM
knutix joined the channel
8:40 AM
doublemalt__ joined the channel
9:28 AM
golden_receiver_ has quit
9:33 AM
golden_receiver joined the channel
9:47 AM
tasansga has quit
9:56 AM
tasansga joined the channel
10:07 AM
SynchroM joined the channel
11:11 AM
EyePulp joined the channel
11:16 AM
EyePulp has quit
13:27 PM
EyePulp joined the channel
13:32 PM
EyePulp has quit
13:39 PM
baudehlo
morning
13:52 PM
howitdo joined the channel
13:52 PM
howitdo has quit
13:52 PM
howitdo joined the channel
14:22 PM
EyePulp joined the channel
15:02 PM
godsflaw joined the channel
15:21 PM
_smf_
morning
15:21 PM
baudehlo
happy birthday _smf_
15:26 PM
_smf_
Thanks baudehlo
15:27 PM
Have you forgiven your cat yet ;-)
15:27 PM
That photo gave me a good laugh - I remember those days!
15:35 PM
EyePulp
Happy BD _smf_ =)
15:49 PM
baudehlo
_smf_: yeah just about. Stupid bastard.
15:51 PM
_smf_
Thanks EyePulp!
15:52 PM
EyePulp
16:06 PM
_smf_
EyePulp: thanks for this. I read a less technical article about this earlier and was looking for something more in-depth like this.
16:19 PM
knutix has quit
16:23 PM
doublemalt_ joined the channel
16:26 PM
EyePulp
16:26 PM
doublemalt__ has quit
17:12 PM
knutix joined the channel
17:20 PM
knutix joined the channel
17:24 PM
knutix_ joined the channel
17:30 PM
mattsimerson joined the channel
17:30 PM
mattsimerson is now known as msimerson
17:46 PM
knutix joined the channel
17:49 PM
knutix_ has quit
18:21 PM
GitHubBot
18:21 PM
13Haraka/06master 143d574b2 15Matt Simerson: ignore undefined socket.remoteAddress (#1846)...
18:21 PM
18:21 PM
13Haraka/06master 1434b934e 15Matt Simerson: URL to manual was 404, point to Plugins.md (#1844)
18:22 PM
msimerson
18:58 PM
knutix has quit
19:21 PM
EyePulp
msimerson: I didn't grasp the finer points of that PR, but I'm happy to argue for or against it in a loud and obnoxious manner. Just let me know.
19:22 PM
msimerson
LOL. want more explanation?
19:22 PM
RE previous discussions this AM, happy birthday _smf_
19:22 PM
and...
19:23 PM
I just got a phishing email (target: apple icloud credentials) delivered to my inbox by gmail. SpamAssassin score=-0.1, rspamd is_spam: false, score: 4.35. That's a mighty effective spam delivery system someone owns.
20:18 PM
d4rkmatter has quit
20:29 PM
_smf_
Thanks msimerson!
20:29 PM
msimerson
🍻
20:30 PM
knutix joined the channel
20:30 PM
_smf_
msimerson: can you gist the phish message?
20:30 PM
msimerson
sure
20:31 PM
_smf_
Re: 1847 - FWIW - I long since stopped using smtp_forward and now have a dedicated list of domain destinations and forced MX records for each.
20:31 PM
msimerson
20:31 PM
d4rkmatter joined the channel
20:33 PM
forced MX is partly what 1847 is adding to smtp_forward. Since you're queueing, how are you managing all the bounces?
20:33 PM
_smf_
What bounces?
20:34 PM
That phish scores: 9.1 in SA here.
20:34 PM
Content analysis details: (9.1 points, 5.0 required)
20:34 PM
pts rule name description
20:34 PM
---- ---------------------- --------------------------------------------------
20:34 PM
2.5 URIBL_ZRD Contains URL's listed in the Spamhaus ZRD blocklist
20:34 PM
[URIs: apple-secureaccount.ga]
20:34 PM
0.0 FSL_TO_DISP_EQ_ADDR Display name is the same as the address
20:34 PM
1.0 FSL_FROM_INFO_DOM From address is in .info
20:34 PM
3.0 FSL_NOT_APPLE Display name says "Apple .. but address doesn't
20:34 PM
20:34 PM
trust
20:34 PM
20:34 PM
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
20:34 PM
20:34 PM
-0.0 SPF_PASS SPF: sender matches SPF record
20:34 PM
0.0 HTML_MESSAGE BODY: HTML included in message
20:34 PM
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
20:34 PM
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
20:35 PM
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
20:35 PM
domain
20:35 PM
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
20:35 PM
msimerson
Yes, they usually do 15 minutes *after* a spam run starts.
20:35 PM
_smf_
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
20:35 PM
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
20:35 PM
0.0 FSL_TO_LE_5_RCPTS Addressed to <=5 recipients
20:35 PM
0.0 FSL_GOOGLE_VIA_SMTP Message injected via SMTP and not Google Mail
20:35 PM
1.5 FSL_MIME_MPA multipart/alternative without both text and html parts
20:35 PM
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
20:35 PM
0.0 FSL_TO_2_RCPTS Addressed to two recipients
20:35 PM
True enough
20:35 PM
However - you won't be using the Spamhaus ZRD, and that isn't susceptable to that.
20:36 PM
And as you can see it hit a bunch of non-network related rules.
20:59 PM
msimerson
So _smf_, when you say, "forced MX records", I understand that to mean you're using outbound, right?
21:00 PM
doublemalt_ has quit
21:37 PM
tasansga has quit
21:45 PM
tasansga joined the channel
22:13 PM
SynchroM has quit
22:38 PM
stezzle2 joined the channel
22:39 PM
stezzle has quit
22:42 PM
stezzle2 has quit
22:43 PM
stezzle joined the channel
23:05 PM
stezzle has quit
23:06 PM
stezzle joined the channel
23:33 PM
EyePulp has quit
23:38 PM
GitHubBot
23:38 PM
13Haraka/06greenkeeper/eslint-3.17.1 14d085663 15greenkeeper[bot]: chore(package): update eslint to version 3.17.1...
23:53 PM
sammy joined the channel
23:58 PM
sammy has quit