RE: country in africa
> > No. Scoring based on single-words is pretty much the > opposite of the SA approach. That's all I was saying. > karsten, i get the SA approach and to the no answer, baloney this word should get a *HIT* no mattter how small it is scored. - rh
RE: country in africa
> > You must not be looking very hard. It's there, both in the > default ruleset and in the updated ruleset, but not as a > single-word rule: > > grep -i nigeria > /var/db/spamassassin/3.002005/updates_spamassassin_org/* > jo...@chip:~$ grep -i nigeria > /var/db/spamassassin/3.002005/updates_spamassassin_org/* > /var/db/spamassassin/3.002005/updates_spamassassin_org/20_adva nce_fee.cf:# > SpamAssassin rules file: advance fee fraud rules (Nigerian > 419 scams) > /var/db/spamassassin/3.002005/updates_spamassassin_org/20_adva nce_fee.cf:body # SNIPPERS # > > /Jonas > -- > Jonas Eckerman, FSDB & Fruktträdet looking hard? of course i did. you guys must think i just fell off the truck or something... ;-) i get the *in general* thing about SA not just using single words for scoring as a general principle YET, this the word Nigeria. when an email comes in with the word nigeria in it, it should get scored something. point, billionth of a point, whatever. it should get a hit. how many legitimate emails a day do you people get with the work Nigeria in it? yeah, that is what i thought. :-) when i get an nigerian email scam email that hits squat, well you get the idea. - rh
Re: html experts: empty
On Fri, 2009-01-30 at 12:56 -0800, Kenneth Porter wrote: > IE had a nasty habit of ignoring the MIME type in HTTP headers and > rendering HTML even when one wanted it displayed as text/plain. So it > wouldn't surprise me if Outlook (Express) had the same annoying > "helpfulness". > I've wasted more time than I care to remember sorting out the so-called HTML in MS LookOut messages I've wanted to save for later reference. Almost without exception they fail HTMLtidy verification in spectacular fashion. Now I manually annotate the plaintext part because that's quicker than fixing the HTML part. The problem is independent of LookOut version: MicroSerfs just don't 'get' HTML. Martin
Re: html experts: empty
--On Friday, January 30, 2009 4:41 PM +0100 Matus UHLAR - fantomas wrote: Aren't there any MUAs that try to autodetect the right content type? Even from microsoft? IE had a nasty habit of ignoring the MIME type in HTTP headers and rendering HTML even when one wanted it displayed as text/plain. So it wouldn't surprise me if Outlook (Express) had the same annoying "helpfulness".
Re: please help, getting hammered with snowshoe spam
On Fri, 2009-01-30 at 18:28 +0100, Benny Pedersen wrote: > On Fri, January 23, 2009 17:36, Dennis Hardy wrote: > > > Yes already done: http://pastebin.com/m4400a74d > > why not get it listed on http://uribl.com/ ? Benny, this is going to help how? Dennis clearly stated a *week* ago that the "domains change too quickly" (actual quote). Getting them listed will not help him. Oh, and don't you think he would have created a trivial uri rule already, if that would get them caught? -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: please help, getting hammered with snowshoe spam
Benny Pedersen wrote: > On Fri, January 23, 2009 17:36, Dennis Hardy wrote: > >> Yes already done: http://pastebin.com/m4400a74d >> > why not get it listed on http://uribl.com/? > Both uribl and ivmURI listed this domain back on January 23rd. But it is unclear exactly *when* this spam sample was sent because the person who started this thread didn't include full headers. So it is unclear if the message hit this guy's server before these two URI blacklists listed that domain? or after? (I'm guessing after?) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: vbounce and out of office messages
On Fri, 2009-01-30 at 13:12 -0500, sa-li...@techsuperpowers.com wrote: > On Jan 29, 2009, at 9:47 AM, Michael Scheidell wrote: > > > maybe its just me, but was there really an issue with out of office > > messages? > > (except in this mailing list :-) > i noticed the same thing when we first started using vbounce; i just > edited the rule to allow that language through (specifically, as best > i can recall, anyway, i disabled the OOO checks, but left the rest > alone.) > > i'm not sure i'd recommend it, since any upgrade will replace the > edited file; but i keep a copy of my edits in a safe place, and it Hmm, exactly the reason for my earlier post about "disabling the sub rules"... > works for us. since then we've had almost no backscatter complaints > from our users, but OOOs come through just fine. Rather than messing with *any* file that will be overwritten by sa-update, you should just disable the (sub-)tests. It is generally strongly advised against editing the stock rules directly -- for the reason you mentioned. :) meta __BOUNCE_OOO_1 0 Just as an example. You should do the same in local.cf with any rules you disabled locally by editing the stock rules. FWIW, and to make Michael happy, I just caught one today -- hit another rule, __BOUNCE_OOO_3. Sadly, it also hit __BOUNCE_AUTO_REPLY. So there's more to disable... -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: html experts: empty
On Thu, 29 Jan 2009 18:00:47 -0800, Kelson wrote: >On the subject of vs