On Fri, 2008-05-09 at 01:44 +0200, Benny Pedersen wrote:
On Thu, May 8, 2008 23:19, mouss wrote:
configure postfix to replace previous ones
/^(X\-Envelope\-From:.*)/ REPLACE X-$1
envelope from can here be forged
Precisely what I am afraid of. But the issue is whatever header I use
Jeremy Fairbrass wrote:
Hi, could someone kindly tell me what the file triplets.txt is used
for, and if I need to have it in my rules directory or not?
It's used for the TextCat plugin (which provides the ok_languages
option). While you should have it in your rules directory, it won't
All a spam program would have to do is say [EMAIL PROTECTED] posts lots
to that list. His address must be a trusted subscriber. Well, here's
one more post from him, muhahaha.
If Bob posts a lot to a list(s) and is respected within said list(s),
then the other subs of that list will immediately
Kevin W. Gagel writes:
- Original Message -
Do you have a reference for discussion of this IE Parsing bug that led
you to mention this oddball URI annotation format in the first place?
There might be references in that to the definition of the format.
John,
I'm not sure if
Benny Pedersen [EMAIL PROTECTED] wrote:
i just started this thread to be sure IE parse bug is not in sa aswell
since i could see domains not detecked in spam, but i got it now
You know about it being an IE parse bug, and that seems to be news to
the rest of us. How'd you hear about it?
On Fri, May 09, 2008 at 08:16:29AM -0400, Matt Kettler wrote:
Hi, could someone kindly tell me what the file triplets.txt is used
for, and if I need to have it in my rules directory or not?
It's used for the TextCat plugin (which provides the ok_languages
option). While you should have it
Hi:
Our users are getting false positives with hits on
4.2 FORGED_MUA_OUTLOOK
and are saying they are 100% certain that the email was sent from MS
Outlook Express. Is this a known problem or are these users doing something
wrong?
Best Regards,
Jeff Koch
Benny Pedersen wrote:
On Thu, May 8, 2008 23:19, mouss wrote:
configure postfix to replace previous ones
/^(X\-Envelope\-From:.*)/ REPLACE X-$1
envelope from can here be forged
the header check above will rewrite any such header received from the
internet. so forgery is not
ram wrote:
On Fri, 2008-05-09 at 01:44 +0200, Benny Pedersen wrote:
On Thu, May 8, 2008 23:19, mouss wrote:
configure postfix to replace previous ones
/^(X\-Envelope\-From:.*)/ REPLACE X-$1
envelope from can here be forged
Precisely what I am afraid of. But the issue
I am not sure how to ask this
We have a test URIBL
#
#
#
###
#
urirhssub URIBL_TEST uri.test.local.A 2
body URIBL_TEST eval:check_uridnsbl('URIBL_TEST')
describe URIBL_TEST Contains an URL listed in the TEST
On Fri, 9 May 2008 at 09:42 -0700, [EMAIL PROTECTED] confabulated:
I am not sure how to ask this
We have a test URIBL
#
#
#
###
#
urirhssub URIBL_TEST uri.test.local.A 2
body URIBL_TEST
If you are referring to this:
[42778] warn: config: SpamAssassin failed to parse line, test_rule .1 is
not valid for score, skipping: score test_rule .1
[42778] warn: lint: 1 issues detected, please rerun with debug enabled for
more information
You have to prefix all decimal score
On 09.05.08 12:08, Jeff Koch wrote:
Our users are getting false positives with hits on
4.2 FORGED_MUA_OUTLOOK
and are saying they are 100% certain that the email was sent from MS
Outlook Express. Is this a known problem or are these users doing something
wrong?
may be... can you show
On Fri, May 09, 2008 at 11:21:01AM -0400, Theo Van Dinter wrote:
On Fri, May 09, 2008 at 08:16:29AM -0400, Matt Kettler wrote:
Hi, could someone kindly tell me what the file triplets.txt is used
for, and if I need to have it in my rules directory or not?
It's used for the TextCat plugin
score URIBL_TEST 0 1 0 1
this works... :-)
score URIBL_TEST 0 .1 0 .1
And the above presumably doesn't work.
As far as the SA parser is concerned, a number needs to start with a digit,
so .1 is invalid.
score URIBL_TEST 0.0 0.1 0.0 0.1
Should work.
Loren
Hi Matus:
Here's the header. We're seeing a lot of these now:
Received: from unknown (HELO jade.xx.com) (216.99.193.136)
by 0 with ESMTPS (DHE-RSA-AES256-SHA encrypted); 6 May 2008 19:13:06 -
Received: from server (216-99-214-161.dsl.aracnet.com [216.99.214.161])
by
Jeff Koch wrote:
Hi Matus:
Here's the header. We're seeing a lot of these now:
Received: from unknown (HELO jade.xx.com) (216.99.193.136)
by 0 with ESMTPS (DHE-RSA-AES256-SHA encrypted); 6 May 2008 19:13:06
-
Received: from server (216-99-214-161.dsl.aracnet.com
Hi Randy - here's the whole thing:
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 26003 invoked by uid 89); 6 May 2008 19:13:09 -
Received: by simscan 1.3.1 ppid: 25931, pid: 25942, t: 2.6786s
scanners: clamav: 0.88/m:45/d:5939 spam: 3.2.4
Received:
Jeff Koch wrote:
Hi Randy - here's the whole thing:
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 26003 invoked by uid 89); 6 May 2008 19:13:09 -
Received: by simscan 1.3.1 ppid: 25931, pid: 25942, t: 2.6786s
scanners: clamav: 0.88/m:45/d:5939
Randy Ramsdell wrote:
Jeff Koch wrote:
Hi Randy - here's the whole thing:
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 26003 invoked by uid 89); 6 May 2008 19:13:09 -
Received: by simscan 1.3.1 ppid: 25931, pid: 25942, t: 2.6786s
scanners:
On Fri, May 9, 2008 08:55, ram wrote:
Precisely what I am afraid of. But the issue is whatever header I use
for envelope-from all of them can be trivially forged
I am trying replacing all the X-Envelope headers before sending them to
scan servers
dont change headers on trusted routes, you
On Fri, May 9, 2008 15:42, Joseph Brennan wrote:
You know about it being an IE parse bug, and that seems to be news to
the rest of us. How'd you hear about it?
enabled spam_admin in amavisd-new and readed my logs :-)
one SARE hit on IE bug
Benny Pedersen
Need more webspace ?
On Fri, May 9, 2008 15:27, Justin Mason wrote:
so does SpamAssassin parse the URI correctly, or not?
as i can see it does, but just currently not pickup the uri in redir.html
can webredirect plugin do this ?
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
23 matches
Mail list logo
