Re: Matching at end of body
>$ at the end as usual in regex while "bgins with" would be ^ at begin Thanks Reindl, but $ matches at the end of each paragraph, not at the end of body... PedroD
Matching at end of body
Please, any idea for a regex to match any text at the very end of the body? Thx... PedroD
Re: IADB whitelist - again
On 06/03/2018 14:18, Dave Warren wrote: > On 2018-03-04 05:46, David Jones wrote: > >> That's great. It means you know what you are doing when you change the >> default threshold to less than 5.0. In that case you need to change a lot >> of other scores down too including RCVD_IN_IADB_* and the KAM.cf rules >> probably score way too high for you as well. > > Maybe this is just me, but I'm a firm believer that if you change the > thresholds, you don't get to complain about the scores of any rules. The > rules are all balanced against the target threshold of 5.0, and if you set > your threshold differently it is quite likely that some rules will be scored > too highly or two low for your needs. or maybe its because the default rules were allowing way too much spam into users inboxes, setting teh threshold lower, our users needs were met - less spam. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: IADB whitelist - again
On 06/03/2018 04:42, Luis E. Muñoz wrote: > I would argue that the current scores work very well for default installs. My experience shows otherwise >> That would be acceptable :) > > I disagree. Knee-jerk changes to rule scores based on a single report that > contradicts what others are seeing is detrimental to the stability of SA. I'm > either responsible or consult for filters that process ~10 million messages > per day at a few corporate organizations where SA is used extensively in only 10 million a day? thats not much, my experience is with large national ISP's, wjhere we have to cater for all types, techies, nerds, mums and dads, and grandparents who do nothing more than send email or skype, as well as businesses, hosting servers run teh same rules residential systems use, these have been refined over a great number of years. > both the inbound and outbound. Not a particularly large number nor more than > a few samples. Yet in all those cases I keep the default IADB scores in place > as they work well with our rule sets. The only message that was marked as > spam and triggered one of the IADB rules in my archive was sent by an > ex-customer of the IADB. > > Based on my data, I'm seeing more false positives from other rules -- yet I'm > not proposing to change the default SA configuration because of this. I > understand that factors such as geography or my user base change > effectiveness. false positives from bad guys scoring is one thing, being over reaching with whitelisting scoring is another, trust can only be earned, who I trust will differ from who you trust, and so on, its why we score 0 many common whitelist rules -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
Re: IADB whitelist - again
On 04/03/2018 22:46, David Jones wrote: >> Some us have very fine tuned SA's, and use less than 5.0 which was >> acceptable 10 years ago, but not in recent times, so a few .1's can mean >> user gets spam, V user doesnt get spam - I know what I prefer. > > That's great. It means you know what you are doing when you change the > default threshold to less than 5.0. In that case you need to change a lot of > other scores down too including RCVD_IN_IADB_* and the KAM.cf rules probably > score way too high for you as well. They do, we have a largish list of custom scores, as most admins who know what they are doing would have, since SA never can cater for all sites in any default configuration, thus allowing us to fine tune scores to suite our own regions. > From what I have seen on this mailing list recommended for most SA admins is > to leave the default threshold of 5.0 and bump up the BAYES scores once you > have a well-trained Bayes DB. Augment default scores with meta rules that > combine rule hits to "amplify" some scores a bit based on your mail flow and > current spam campaigns. The default is exactly that, a default, it doesnt mean its the be all and end all, its just a fall back average for those who dont want to fine tune their systems. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument
