Re: svn commit: r1889364 - /spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/Esp.pm

On Fri, 7 May 2021 07:58:18 -0700 (PDT) John Hardin wrote: > On Sun, 2 May 2021, Loren Wilton wrote: > > > Now consider variable capture from the message: > > > > header __SUB_CAP Subject:Capture /Your (\w+) Order/i > > $(__COMPANY)=\1 > > I like this syntax. I was thinking that the capture w

Re: X-Spam-Relays-External envfrom= not reliable

On Wed, 6 Jan 2021 19:50:08 -0800 (PST) John Hardin wrote: > The rule was looking at X-Spam-Relays-External envfrom= to determine > the envelope sender domain. When running the message in my testbed, I > found that the envfrom= was not populated at all, and this is why the > rule missed. > > The

Re: sa-update plugins

On Thu, 17 Sep 2020 06:54:57 -0700 Michael Peddemors wrote: > On 2020-09-17 6:13 a.m., Giovanni Bechis wrote: > > Hi, > > on trunk I would like to remove support for sa-update > > --allowplugins option, is there any reason not to do it ? > > > > Cheers > >Giovanni > > > > While the 'all

Re: "or" RE generator?

On Tue, 25 Aug 2020 10:11:13 -0700 (PDT) John Hardin wrote: > Does anybody know of a command-line (NOT interactive!) tool that will > generate a minimal "or" RE from a list of terms? > > For example, given input like: > > 17118720 > 17159892 > 17179275 > 17180740 >

Re: DMARC plugin

On Wed, 20 May 2020 11:51:42 +0200 Giovanni Bechis wrote: > Hi, > for those that might be interested, I developed a DMARC plugin for > SpamAssassin, code is at https://github.com/bigio/spamassassin-dmarc. The use of uri_to_domain() looks wrong: $dmarc->envelope_to($self->uri_to_domain($pms->get(

Re: [replace_tags] help with a rule

On Mon, 13 Apr 2020 22:54:56 +0200 Giovanni Bechis wrote: > On 4/11/20 9:06 PM, John Hardin wrote: > > On Thu, 9 Apr 2020, John Hardin wrote: > > > >> On Thu, 9 Apr 2020, RW wrote: > >>> It's because the letter tags have incomplete coverage of IS

Re: [replace_tags] help with a rule

On Thu, 9 Apr 2020 09:59:16 +0200 Giovanni Bechis wrote: > Hi, > I am trying to let __COPY_PASTE_EN match this message: > https://pastebin.com/QfungfGY > > The message has the relevant text obfuscated, I tried with > replace_tags with the following rule but it doesn't seems to work, > any hints ?

Re: Local rules prefix

On Thu, 16 Jan 2020 17:47:32 -0500 Kevin A. McGrail wrote: > I'm fine with any PMC member who wants to create a wiki for this and > add code to the masscheck/qa to enforce that the stock rules won't > use some prefix. I suggest LOCAL and __LOCAL so it's 100% clear. The reason why I suggested L i

Re: Local rules prefix

On Thu, 16 Jan 2020 17:37:48 +0200 Henrik K wrote: > On Thu, Jan 16, 2020 at 03:03:40PM +0000, RW wrote: > > > > > It would seem more productive to actually make spamassassin --lint > > > output info messages (not errors) when rules are redefined. And > > &g

Re: Local rules prefix

On Wed, 15 Jan 2020 07:55:59 +0200 Henrik K wrote: > On Tue, Jan 14, 2020 at 10:42:48PM +, > bugzilla-dae...@spamassassin.apache.org wrote: > > https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7366 > > (In reply to RW from comment #8) > > > It's not abou

Re: Creating a plugin with dynamic scoring

On Sun, 29 Sep 2019 19:52:32 -0400 Larry Nedry wrote: > Hello, > > I'm developing a plugin that adds a dynamic rule score to the SA > calculated score. It works well except when the SA calculated score > is less than the required_score and the final score is greater that > the required_score. In

Re: English specific stop words in Bayes plugin

On Tue, 11 Jun 2019 13:43:35 +0300 Henrik K wrote: > Does the current stoplist actually do anything useful? Someone > should try 10-fold cross validation with and without.. My understanding is that it was intended purely as a speed-up. The words are chosen to be neutral tokens that wont affect

Re: svn commit: r1856009 - /spamassassin/trunk/rules/73_sandbox_manual_scores.cf

On Fri, 22 Mar 2019 07:12:42 +0200 Henrik K wrote: > Please describe changes in any case, "pds" tells nothing about what > the score was even for. Everyone else did in that file. > There looks to be something missing: $ grep -hr 'askdns.*dkimwl' /var/db/spamassassin askdns __DKIMW

Re: Sendgrid is hitting HELO_DYNAMIC_IPADDR

On Tue, 19 Feb 2019 19:12:31 -0500 Kevin A. McGrail wrote: > Hi All, > > Thoughts on how to fix this issue where sendgrid is hitting this rule? > > > 3.2 HELO_DYNAMIC_IPADDR    Relay HELO'd using suspicious hostname (IP >     addr 1) > > Example helo: o168-245-122-130.o

Re: Razor2 razor_fork

On Tue, 16 Oct 2018 18:53:07 +0300 Henrik K wrote: > Trunk now supports pyzor_fork 1. Please give it a try, I would like > to use these as default settings if nothing funny happens. Seems to > be working stable here. > These rule currently run with positive priority priority DCC_CHECK

v342.pre

v342.pre contains: # allow URI rules to look at DKIM headers if they exist parse_dkim_uris 1 This looks like something that's been left in by accident. parse_dkim_uris is defaulted to 1 in Conf.pm, so the line doesn't do anything.

Re: [GitHub] spamassassin pull request #2: Fixed Spelling.

On Sun, 29 Jul 2018 20:56:22 -0400 Kevin A. McGrail wrote: > I moderated this through.  Any one know about this github for SA? > FWIW it's not a spelling mistake, it's just less common. http://www.thefreedictionary.com/publically

Re: lint error ?

On Tue, 22 May 2018 10:53:40 -0700 (PDT) John Hardin wrote: > On Tue, 22 May 2018, Benny Pedersen wrote: > > > header __REPTO_MULTI_ADDR Reply-To:address =~ /,/ > > > > imho its > > > > header __REPTO_MULTI_ADDR Reply-To:addr =~ /,/ > > I have a fairly thorough lint che

Re: Re GSoC

On Tue, 22 May 2018 00:26:43 +0530 Saahil Sirowa wrote: > Does spamassassin currently have non-text support for emails? I think you're going to have to elaborate if you want an answer.

Re: multi-byte URI obfuscation

On Sat, 12 May 2018 13:11:06 -0700 (PDT) John Hardin wrote: > On Sat, 12 May 2018, RW wrote: > > > On Sat, 12 May 2018 10:24:32 -0700 (PDT) > > John Hardin wrote: > > > > > >> It has the fairly-common tactic of putting a spam website domain > >>

Re: multi-byte URI obfuscation

On Sat, 12 May 2018 10:24:32 -0700 (PDT) John Hardin wrote: > It has the fairly-common tactic of putting a spam website domain into > the message subject, but it has a new twist: it replaces the period > with a fairly-equivalent multibyte glyph. > I looked it up and it's an "Ideographic Full St

Re: svn commit: r1828937 - /spamassassin/trunk/rules/60_whitelist_auth.cf

On Wed, 11 Apr 2018 18:18:36 -0400 Bill Cole wrote: > On 11 Apr 2018, at 17:50 (-0400), Dave Jones wrote: > > Besides, this *@*.google.com shouldn't be that common under a > > subdomain of google.com. It's not *@google.com which would be a > > higher risk. > > No, *@google.com is still appa

Re: Queries Regarding GSoC Project

On Sun, 18 Mar 2018 03:46:58 +0530 Saahil Sirowa wrote: > Temporary Draft of my GSoC Proposal > GSoC 2018 Proposal > A few points. You're placing too much emphasis on the lack of statistical indep

Re: Extending the entries in 60_whitelist_spf.cf

On Tue, 28 Nov 2017 09:18:50 -0500 Bill Cole wrote: > Well, the actual *COMMIT TO TRUNK* > (http://svn.apache.org/viewvc?rev=1816394&view=rev) uses > whitelist_auth for 6 entities, which IMHO is a terrible idea for the > reasons I noted in my prior message. The original post talked about extendi

Re: Extending the entries in 60_whitelist_spf.cf

On Sun, 26 Nov 2017 23:54:12 -0500 Bill Cole wrote: > Any whitelisting in the default ruleset should carry MUCH lower > weight than local explicit whitelisting ... NO sender should get a > default -100 just because we (SA maintainers) think they generally > mean well. This isn't new functionali

Re: Update to the Pyzor plugin (Re: bug 6108)

On Sun, 26 Feb 2017 19:35:11 +1000 James Birkett wrote: > Hi, > > Bug 6108 says is that the pyzor plugin ignores whitelisting entirely, > and a comment on that bug suggests updating the Pyzor plugin to use > Wilson Score formula described here > http://www.evanmiller.org/how-not-to-sort-by-averag

Re: how to tell when DNS is not working

On Tue, 24 Jan 2017 08:38:44 -0800 (PST) John Hardin wrote: > On Tue, 24 Jan 2017, RW wrote: > > > On Tue, 24 Jan 2017 00:04:16 -0800 > > frede...@ofb.net wrote: > > > >> Thanks for the replies. > >> > >> Should I open a bugzilla bug for t

Re: how to tell when DNS is not working

On Tue, 24 Jan 2017 00:04:16 -0800 frede...@ofb.net wrote: > Thanks for the replies. > > Should I open a bugzilla bug for this? > > I remember seeing URIBL_BLOCKED once. > > But lately it doesn't appear. I'm not sure what would go in "|| etc." The others misunderstood what you are asking for,

Re: Poor performance for rule based on 8-bit chars in supposedly text/plain, 7bit message

On Mon, 31 Oct 2016 12:28:27 -0600 Philip Prindeville wrote: > > PP_MIME_FAKE_ASCII_TEXT: bad, avg S/O=0.62 avg Spam%=0.64 avg > > Ham%=0.36 > I’m going back through the performance of this rule and I have to say > I’m disappointed that it performed so poorly on the general corpus. > > It w

COMPENSATION & __LOCAL_PP_NONPPURL

The meta rule COMPENSATION is defined: meta COMPENSATION __COMPENSATION && ... && !__LOCAL_PP_NONPPURL ... with uri __LOCAL_PP_NONPPURL m'https?://(?:[A-Za-z0-9-_]+)\.(?!paypal\.com)(?:[A-Za-z0-9-_\.]+)'i The name suggests to me that it was intended to hit bogus paypal links. But it ac

Re: Rule URIBL_SBL

On Fri, 03 Jun 2016 14:43:20 +0300 Jari Fredriksson wrote: > >It's not the domain that's listed. As the descriptions say, the IP > >addresses of the web-server and it's DNS server are listed in the SBL > >blocklist. > > The SENDER webserver and dns? That is ibm.com ... or something > related.

Re: Rule URIBL_SBL

On Fri, 03 Jun 2016 11:32:16 +0300 Jari Fredriksson wrote: > I guess that is just some external list causing the hit, but I got > these in a 190% HAM: > > > 1.6 URIBL_SBL Contains an URL's NS IP listed in the SBL > blocklist > [URIs: .com] > 0.1 URIBL_

Re: sa-update without internet breaks spamd/amavisd

On Tue, 1 Dec 2015 17:38:26 -0800 (PST) John Hardin wrote: > On Wed, 2 Dec 2015, RW wrote: > > > On Tue, 1 Dec 2015 14:57:14 -0800 (PST) > > John Hardin wrote: > > > >> I don't think this is a problem in base SA, it sounds more like a > >> pro

Re: sa-update without internet breaks spamd/amavisd

On Tue, 1 Dec 2015 14:57:14 -0800 (PST) John Hardin wrote: > I don't think this is a problem in base SA, it sounds more like a > problem in the packaging addon code provided by RH/Centos. It does sound like that might have been exposed by a SA regression: https://bz.apache.org/SpamAssassin/sho

Re: Why not Neural networks ??

On Wed, 15 Apr 2015 17:34:18 +0530 Sarang Shrivastava wrote: > https://www.google-melange.com/gsoc/proposal/review/student/google/gsoc2015/xlr_24/5629499534213120 I got "You are not logged in as the user in the URL". > but I got some papers that prove that ANNs can be applied to spam > filterin

Re: bayes_ignore_header

On Sat, 04 Oct 2014 11:32:17 +0200 Axb wrote: > Unless somebody thinks this a terribly bad idea, I'll be adding a > 20_bayes_ignore_header.cf to the SA default rules to replace the few > (unmantained) bayes_ignore_header entries in local.cf > > comments? I'd like to see some evidence that these

Re: Add an IP to the DNSBL checks

On Mon, 16 Jun 2014 17:03:31 -0230 spamassas...@lcwsoft.com wrote: > > originating_ip_headers X-WebmailclientIP > > Actually, that might meet my needs in a better way, as I could add a > custom header and then set that. I don't think that's a good idea, originating IP addresses may legitimatel

Re: Add an IP to the DNSBL checks

On Mon, 16 Jun 2014 12:06:02 -0400 Kevin A. McGrail wrote: > It would be nice if SA would evaluate "X-WebmailclientIP: " > > as in > > X-ngMessageSubType: MessageSubType_MAIL > X-WebmailclientIP: 23.27.220.31 > > against RBLs You can already do that by adding the following line to local.cf

Re: tons of forged bills in german

On Wed, 22 Jan 2014 22:44:31 +0100 Benny Pedersen wrote: > On 2014-01-22 19:04, Michael Monnerie wrote: > > Can we check this? > > basics first: > > http:// can be forged > https:// can be forged but will make warn in browsers if there is > another http:// url > > spf have nothing to do with u

Re: Proposed spamc patch: override threshold score

On Sun, 13 Jan 2013 13:24:14 + Jeremy Morton wrote: > Hi, > > I attach a proposed patch for the spamc client which I have tested - > it seems to be working well. It's based off the latest SVN I got > from: http://svn.apache.org/repos/asf/spamassassin/trunk > > It adds the option -T to allow

Re: Future of SA's bayes implementation

On Fri, 9 Nov 2012 12:48:11 -0500 dar...@chaosreigns.com wrote: > I haven't done as much testing on this as I'd like, but I've gotten > away from it, and wanted to get my thoughts in here before I forget > them. > > I have a strong suspicion that SA's bayes implementation sucks. > > The two majo

Re: "jarif" corpus on Spamassassin masschecks

On Mon, 2 Jul 2012 12:01:32 -0700 (PDT) John Hardin wrote: > On Mon, 2 Jul 2012, Jari Fredriksson wrote: > > > On 2.7.2012 19:23, dar...@chaosreigns.com wrote: > >> On 07/02, Jari Fredriksson wrote: > >>> I follow the wiki page. I have now implemented the following > >> > >> It seems you are inte

Re: Bayes token atime

On Mon, 5 Mar 2012 09:58:38 +0100 Oli Schacher wrote: > Hi list > > I'm working on a custom bayes storage module. > Haven't been able to figure out if the token atime is used for > anything else than expiration or if it's required for the bayes > classifier. It's just for expiry