a few days you'll see it getting hits on the 15th, then
I restored the match-capture version and nothing since.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411
Sadly this isn't like the Google redirector where the target URL is
actually present and can be captured - or did you remove that part?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 --
On Fri, 4 Aug 2023, Jared Hall wrote:
Is it possible to come up with arobynrauschbi...@icloud.com filter to keep
this list clean?
User blocked, cleanup underway.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
Are you
On Sun, 17 Jul 2022, Kevin A. McGrail wrote:
That's not a project domain.
Yeah, I know.
I think it might be Darxus' who always had
some helpful scripts.
That's why I pinged here, I didn't remember who was hosting it.
On Sun, Jul 17, 2022, 18:08 John Hardin wrote:
My browser home
s.com"
The DNS server returned:
Name Error: The domain name does not exist.
Forgot to renew the domain registration, perhaps? :(
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 --
On Sun, 15 May 2022, Michael Storz wrote:
Just use a different sigil than $. Perl uses $, @, %, & and *. Looking at my
keyboard, I see §
Difficult on US keyboards and possibly others, but compose-able.
and #
Comment start, must be escaped.
which could be used.
--
John Hardin KA
SpamAssassin src tree and work on it out-of-tree.
+1
+1
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
work on
it..
This is my preferred way, would vote +1
you have my +1
Axb
My +1 as well.
My initial acceptance vote for these changes was predicated on them being
low-impact. That hasn't turned out to be the case.
This work should be happening on a branch.
--
John Hardin KA7OHZ
ng process frequently poisons
bayes data, I think bayes_auto_learn should be enabled only if you know
what you are doing and not by default.
I understand that changing a default value now could be a problem for
users.
Giovanni
--
John Hardin KA7OHZhttp://www.impsec.org/~jhar
s welcomelist change a day or so back?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76
On Wed, 12 May 2021, Loren Wilton wrote:
Let me see if I can explain this problem in simple words:
...yer preachin' t'th'choir here, Loren. :)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key
On Sun, 9 May 2021, Henrik K wrote:
On Tue, Apr 20, 2021 at 07:21:04AM -0700, John Hardin wrote:
On Sun, 18 Apr 2021, bugzilla-dae...@spamassassin.apache.org wrote:
Referenced Bugs:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6901
[Bug 6901] untie db first to fix "bayes db vers
On Sat, 8 May 2021, Henrik K wrote:
On Fri, May 07, 2021 at 02:44:48PM -0700, John Hardin wrote:
On Fri, 7 May 2021, Loren Wilton wrote:
The only nitpick I'd offer is that I'd prefer that the capture tokens be
at a single level, like rule names. So you might get:
$pms->{captured_val
e risk with that is rules from multiple sources using colliding
variable names.
body MATCHER /My name is ${FROM_NAME:NAME}/
...is explicit and doesn't carry that risk.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -
(single) match in a
variable named after the rule (kept separate from the rule's score) for
later use, but I like the explicit nature of this approach.
Would :capture play well with (e.g.) :addr, :name, :raw, etc?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar
such things and capture the names of the variables and create the variables.
I've been wanting this for years.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C
On Sat, 1 May 2021, Henrik K wrote:
On Fri, Apr 30, 2021 at 10:58:09PM +0300, Henrik K wrote:
On Fri, Apr 30, 2021 at 09:36:00PM +0300, Henrik K wrote:
On Fri, Apr 30, 2021 at 11:30:37AM -0700, John Hardin wrote:
Generating a RE fragment that would match on any of the extracted to/cc
header
addresses would probably be fairly easy as part of this. But
how would we incorporate that fragment in rules?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C
On Fri, 30 Apr 2021, Bill Cole wrote:
On 30 Apr 2021, at 10:29, John Hardin wrote:
On Fri, 30 Apr 2021, Henrik K wrote:
Please do not commit anything without make/lint check. :-(
-header __HAS_LIST_ID exists:List-Id
+meta__HAS_LIST_ID __ML2
Also, this should
"the header exists", and if you
want to alias it then make the *other* rule with the nonstandard name the
meta.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4
On Thu, 22 Apr 2021, Axb wrote:
On 4/22/21 4:07 AM, John Hardin wrote:
Prompted by seeing this sort of thing in SA Users List spams:
Unsubscribe
https://u21002357.ct.sendgrid.net/asm/unsubscribe/?mumblemumble
Should we add "util_rb_3tld ct.sendgrid.net" so that maybe URIBL
Prompted by seeing this sort of thing in SA Users List spams:
Unsubscribe
https://u21002357.ct.sendgrid.net/asm/unsubscribe/?mumblemumble
Should we add "util_rb_3tld ct.sendgrid.net" so that maybe URIBL could
help out with catching abusive sendgrid accounts?
--
John Har
, aborting! at
/home/jhardin-masscheck/spamassassin/masscheckwork/nightly_mass_check/masses/../lib/Mail/SpamAssassin/BayesStore/DBM.pm
line 202.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key:
that are affected.
I do have on my own rules. So dunno, what is the timeline for a 4.0
release..
"Not Soon Enough".
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C
On Sat, 27 Mar 2021, John Hardin wrote:
Folks:
When I renamed the RP rules I didn't notice that they were not explicitly
marked for publication (missing "tflags publish") and this was an unpleasant
surprise in this morning's masscheck log:
# tflags net
-RCVD_IN_VALIDITY
-# tflags net
-RCVD_IN_VALIDITY_SAFE
-
I've added tflags publish, and some transition support metas, but the
current masscheck run will probably not include them.
Can we suppress publication of last night's masscheck results?
--
John Hardin KA7OHZhttp://www.impsec.or
On Fri, 19 Mar 2021, Sidney Markowitz wrote:
Oh, are you saying to be more explicit in the part of the policy about how to
write those commit messages and what to say in public about the commit? Yes,
that would be a good idea.
Yes, that.
--
John Hardin KA7OHZhttp
...
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
/40_local_azurephish.cf?view=log
https://ruleqa.spamassassin.org/20210314-r1887624-n/PHISH_AZURE_CLOUDAPP/detail
On Sat, Mar 13, 2021 at 11:38 PM John Hardin wrote:
On Sat, 13 Mar 2021, Kevin A. McGrail wrote:
If you have spamples and they aren't able to be blocked otherwise, a 4tld
is certainly
On Fri, Jan 22, 2021 at 11:55 AM John Hardin wrote:
Folks:
I've been seeing more frequently lately phishing that leverages web apps
hosted by Google and Microsoft as a collection point.
I couple of days ago I added firebaseapp.com and web.app to the default
util_rb_2tld list to cover firebase
On Sun, 28 Feb 2021, RW wrote:
On Sun, 28 Feb 2021 07:42:42 -0800 (PST)
John Hardin wrote:
On Sun, 28 Feb 2021, Michael Grant wrote:
I've traced through the AskDNS plugin and it's definitely only
looking at the first response that gets returned in this case. I
also tried a regex submatch
to add a util_rb_4tld for this?
Related: does URIBL register names that deep?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
Does anyone know whether smf (Steve Freegard) is still around?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
On Thu, 7 Jan 2021, RW wrote:
On Wed, 6 Jan 2021 19:50:08 -0800 (PST)
John Hardin wrote:
The rule was looking at X-Spam-Relays-External envfrom= to determine
the envelope sender domain. When running the message in my testbed, I
found that the envfrom= was not populated at all, and this is why
* rules fall afoul of this.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
On Wed, 6 Jan 2021, Benny Pedersen wrote:
does not --lint currently
All of my pre-commit lint tests pass, base tests (for the stuff I have
installed) pass. Base SA looks OK. Don't have KAM's stuff so I can't test
that.
Reporting the actual error is helpful.
--
John Hardin KA7OHZ
in addition to the body-based 419
scam tests.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-
to check out rules/ as well, but I'd want
to dig deeper before changing it to a root update.
On Fri, Jan 1, 2021, 11:48 John Hardin wrote:
On Fri, 1 Jan 2021, Kevin A. McGrail wrote:
So I logged onto sa-vm and sudo'd to automc, when to svn/trunk and did
svn
update in rules. See below. [1
tly |
/usr/bin/tee /var/www/automc.spamassassin.org/mkupdates/mkupdates.txt
{much snippage}
--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171
On Fri, Jan 1, 2021 at 10:35 AM John Hardin wrote
-zero exit status: 1
Files=3, Tests=6, 4 wallclock secs ( 0.02 usr 0.00 sys + 3.44 cusr 0.36
csys = 3.82 CPU)
Result: FAIL
Failed 1/3 test programs. 1/6 subtests failed.
make: *** [Makefile:1380: test_dynamic] Error 1
+ exit
--
John Hardin KA7OHZhttp://www.impsec.or
: *** [Makefile:1380: test_dynamic] Error 1
+ exit
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
a full test, so I don't know about the regression tests
Giovanni reported.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
On Tue, 29 Dec 2020, Kevin A. McGrail wrote:
I will take a look tomorrow am but how can i re-create your error?
Basically: set up a custom .pre file that excludes the WLBLEval plugin and
run a regular lint test.
On Tue, Dec 29, 2020, 20:55 John Hardin wrote:
On Tue, 29 Dec 2020
' for USER_IN_WELCOMELIST_TO
...I think those modifications may be missing an ifplugin somewhere - or
perhaps we still have issues with nested if-else-endif in configs?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar
On Mon, 21 Sep 2020, bugzilla-dae...@spamassassin.apache.org wrote:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7857
--- Comment #6 from AXB ---
(In reply to John Hardin from comment #5)
Do we want to backport this to 3.4?
if you can, that would be great,
I just checked
themselves.
We've also worked with them before:
https://issues.apache.org/jira/browse/INFRA-14163
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822
T_ prefix, or do a regex search with a
leading slash (e.g. /BONUS)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6
why a rule would simply be ignored like
that?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
hiding it from rules.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-
y accident.
Perhaps the spammer's message composing tool isn't hiding invisible text
when it generates the plaintext body part from the HTML part?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key:
On Sat, 12 Sep 2020, John Hardin wrote:
It's possible that the HTML parser needs some work to exclude HTML-hidden
text from the BODY text.
For this particular message that wouldn't help - the big block of
"invisible" text is explicitly included in the plaintext message part; it
l
On Mon, 31 Aug 2020, John Hardin wrote:
I'm running full tests, which I don't usually do as I normally just hack at
rules, and t/hashcash.t is failing in my sandbox.
This surprises me a bit - hashcash is still a thing?
Apparently not - t/hashcash.t isn't actually *in* SVN any more. I have
: plugin: Mail::SpamAssassin::Plugin::HashCash is deprecated, remove
loadplugin clause from your configuration
There aren't any hashcash rules.
Can we remove this test?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk
If someone on this list works for Tesla, could you drop me a line
privately? Thanks!
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6
On Tue, 25 Aug 2020, Joe Quinn wrote:
On 8/25/20 2:01 PM, John Hardin wrote:
On Tue, 25 Aug 2020, RW wrote:
On Tue, 25 Aug 2020 10:11:13 -0700 (PDT)
John Hardin wrote:
Does anybody know of a command-line (NOT interactive!) tool that will
generate a minimal "or" RE from a lis
On Tue, 25 Aug 2020, Giovanni Bechis wrote:
On 8/25/20 7:11 PM, John Hardin wrote:
Does anybody know of a command-line (NOT interactive!) tool that will generate a minimal
"or" RE from a list of terms?
For example, given input like:
17118720
17159892
17179275
On Tue, 25 Aug 2020, RW wrote:
On Tue, 25 Aug 2020 10:11:13 -0700 (PDT)
John Hardin wrote:
Does anybody know of a command-line (NOT interactive!) tool that will
generate a minimal "or" RE from a list of terms?
For example, given input like:
17118720
17159892
9892|79275|8(?:0740|2828)))
I don't want to reinvent the wheel... :)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6
potential FPs on other replace_tag rules.
Agreed. Something like that would be much better addressed by rules like
/(?:|)(?:|)/ rather than broadening to match
letters that aren't reasonable in other cases.
Just my €0.02, FWIW!
John
Le 12/08/2020 à 21:48, John Hardin a écrit :
Can anybody suggest
Can anybody suggest a plausible reason for the replace tag to match
the letters "g", "r" and "o" and the numeral zero?
I'm trying to figure out why it's like this:
replace_tag A (?:[gra…0o]|…)
...and has been that way since creation of the pl
On Mon, 3 Aug 2020, John Wilcock wrote:
On 2020-08-01 21:23, bugzilla-dae...@spamassassin.apache.org wrote:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7826
--- Comment #58 from Kevin A. McGrail ---
(In reply to John Hardin from comment #57) (In reply to Kevin A. McGrail from
king about general utility of "alias" - can anyone
think of a use case that makes it attractive outside backwards
compatibility?
I think it would be better to control feature_block_welcome from the
4.0pre file rather than having to make a code change, regardless of how
small. Is that f
st-SA processing until it could be updated to look for
USER_IN_WELCOMELIST_TO instead.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 --
nterpreted as if they had been
written for RULENAME_2 instead.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507
ut this one.
I suspect having "meta XXX" remove "alias XXX" will open the risk of
unexpected behaviors especially with respect to scoring, so I'm leaning
towards a "report" option on the alias directive and having "meta XXX"
emit a lint error if "
On Tue, 21 Jul 2020, Kevin A. McGrail wrote:
Don't let a vocal minority drive change.
Your saying this is painfully ironic to me, because for many of us a vocal
minority *is* what is driving this change.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar
offering backwards compatibility behind a config option (as Oliver
suggests), and which is never removed absent a compelling technical
reason, be a reasonable compromise?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar
and are currently disabled; they are
included for completeness.)
It would be helpful if we could be informed whether anyone has post-SA
processing that looks for these rulenames in the SA hit results, e.g. for
making message delivery decisions.
Thank you.
--
John Hardin KA7OHZhttp
On Sun, 19 Jul 2020, Kevin A. McGrail wrote:
On 7/19/2020 9:29 PM, John Hardin wrote:
I was mulling the utility of a new config directive in 4.0 to address
backwards compatibility of rule names:
alias RULENAME RULENAME_2
...which would recognize any config-file directives for RULENAME
On Sun, 19 Jul 2020, Kevin A. McGrail wrote:
On 7/19/2020 7:39 PM, John Hardin wrote:
The non-can_welcome_block branch should not be renaming the rule.
Doing that breaks existing production installs.
I agree is causing unexpected local rules and local rule scoring issues
trying to get pre
mainstream (i.e. the can_welcome_block branch
starts being used) and the needed rule name changes in local
customizations can be covered in the UPGRADE document.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar
USER_IN_WHITELIST_TO Backwards compatibility rule name
scoreUSER_IN_WHITELIST_TO 0.001
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
UNT eval:check_tag("_TXREPEMAILCOUNT_", "0.0")
tag BAYES_90 eval:exist_tag("BAYES_90")
This plugin will make all tags publicly accessible and it could need a new
keyword (it doesn't evaluate the email but it only postprocess the tag).
Comments ? Ideas ?
Giovanni
--
John Hardin
On Mon, 13 Apr 2020, Giovanni Bechis wrote:
On 4/11/20 9:06 PM, John Hardin wrote:
On Thu, 9 Apr 2020, John Hardin wrote:
On Thu, 9 Apr 2020, RW wrote:
On Thu, 9 Apr 2020 09:59:16 +0200
Giovanni Bechis wrote:
Hi,
I am trying to let __COPY_PASTE_EN match this message:
https://pastebin.com
On Thu, 9 Apr 2020, John Hardin wrote:
On Thu, 9 Apr 2020, RW wrote:
On Thu, 9 Apr 2020 09:59:16 +0200
Giovanni Bechis wrote:
Hi,
I am trying to let __COPY_PASTE_EN match this message:
https://pastebin.com/QfungfGY
The message has the relevant text obfuscated, I tried with
replace_tags
've been working on expanding the coverage but it's been piecemeal.
I'll try to add the missing ones soon, unless somebody else tackles it.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79
correspond with someone who sends problematic
images, it would be handy to be able to do something like:
whitelist_auth_ocr always_sends_big...@example.com
to bypass scanning (vs. applying a score offset).
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar
.
The reason why I suggested L is that it's terse. The idea was to avoid
collisions without having to resort to long prefixes.
And there are length limits, at least by convention.
A useful compromise might be LCL_ and __LCL_
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin
fragile...
On 2020-01-16 12:43 p.m., Kevin A. McGrail wrote:
I would recommend local rules are named based on your initials. That's
been the collision avoidance for nearly 2 decades. Does that not solve the
issue at hand?
On Thu, Jan 16, 2020, 14:53 John Hardin <mailto:jhar...@impsec.
that purpose with a guarantee that the base
rules will never use them (potentially with build process enforcement).
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411
would only be noticed after the FPs.
+1
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6
On Fri, 6 Dec 2019, Giovanni Bechis wrote:
On 12/1/19 6:30 PM, John Hardin wrote:
On Sun, 1 Dec 2019, Giovanni Bechis wrote:
in this bitcoin spam email (https://pastebin.com/da6qgg83) __BITCOIN_ID rule
does not trigger
because the bitcoin address has been divided in two pieces; any idea
, then combinations, then HTML formatting...
I've added the whitespace, and some of the German-language bits. It's
hitting BITCOIN_EXTORT now. Thanks for the sample.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar
On Wed, 20 Nov 2019, Kevin A. McGrail wrote:
+1 to the one line change from info to dbg
Me too.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76
On Sun, 1 Sep 2019, John Hardin wrote:
On Sun, 1 Sep 2019, Henrik K wrote:
On Sun, Sep 01, 2019 at 09:36:55AM -0700, John Hardin wrote:
On Sun, 1 Sep 2019, Henrik K wrote:
On Sat, Aug 31, 2019 at 12:08:31PM -0700, John Hardin wrote:
All:
I'd like to add "use POSIX" to some
On Sun, 1 Sep 2019, Henrik K wrote:
On Sun, Sep 01, 2019 at 09:36:55AM -0700, John Hardin wrote:
On Sun, 1 Sep 2019, Henrik K wrote:
On Sat, Aug 31, 2019 at 12:08:31PM -0700, John Hardin wrote:
All:
I'd like to add "use POSIX" to some code used in ruleqa - anybody know
whether
On Sun, 1 Sep 2019, Henrik K wrote:
On Sat, Aug 31, 2019 at 12:08:31PM -0700, John Hardin wrote:
All:
I'd like to add "use POSIX" to some code used in ruleqa - anybody know
whether that would break ruleqa because that module isn't installed?
It's core module, so it's no
All:
I'd like to add "use POSIX" to some code used in ruleqa - anybody know
whether that would break ruleqa because that module isn't installed?
Thx!
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pg
penspf.net seems to be having consistent problems lately according to
https://notopening.com/site/openspf.net
...same with opensfp.org (same IP address):
https://notopening.com/site/openspf.org
Is openspf.net defunct? If so, perhaps we should change this to a working
SPF test site...
--
J
consider. As frequently as every other day would probably
be best if the resource usage from doing that isn't problematic.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4
On Thu, 27 Jun 2019, Henrik K wrote:
On Thu, Jun 27, 2019 at 08:21:07AM -0700, John Hardin wrote:
On Thu, 27 Jun 2019, Henrik K wrote:
PS. Perhaps try make distclean too
That did it. Thanks!
Still getting this, though:
"-T" is on the #! line, it must also be used on the co
e command line at
t/basic_meta.t line 1.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76
line at
t/basic_lint.t line 1.
"-T" is on the #! line, it must also be used on the command line at
t/basic_meta.t line 1.
Is this just me?
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB
points for
considering auto-quarantine or auto-discard.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
mails (i.e. actually subscribed to) in the masscheck ham
corpora and thus can't really be tuned.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822
On Fri, 14 Jun 2019, Henrik K wrote:
On Fri, Jun 14, 2019 at 08:11:11AM -0700, John Hardin wrote:
On Fri, 14 Jun 2019, Paul Stead wrote:
On Fri, 14 Jun 2019 at 12:37, Paul Stead wrote:
existing setup work
* work is a relative term, hopefully by Sunday's masscheck and rescore
things
making any manual
score changes.
I'm much more concerned about why the S/O for __STYLE_GIBBERISH_1 went so
far south so suddenly...
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79
Whoa. I was not aware its S/O had deteriorated that badly...
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
fix it.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
1 - 100 of 462 matches
Mail list logo
