Hi Regis,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
[EMAIL PROTECTED] On Behalf Of Regis Wilson
Sent: Monday, January 26, 2004 4:57 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] [RD] Justified text
Got some new variants on the justified text ratware. By
Hi Bob,
Along the same lines, I had the following:
describe MY_RBDY_INVTXTSZ1 MY: Invisible text size
rawbody MY_RBDY_INVTXTSZ1 /font\s+.*\bsize=.-\d\D/i
scoreMY_RBDY_INVTXTSZ1 0.5
describe MY_RBDY_INVTXTSZ2 MY: Invisible text size with style
rawbody MY_RBDY_INVTXTSZ2 /size=.-\d\D
-Original Message-
From: Robert Menschel [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 22, 2004 8:13 PM
To: Larry Gilson
Cc: Spamassassin-Talk (E-mail)
Subject: Re[2]: [SAtalk] SA missed an 'invisible font'?
Hello Larry,
Wednesday, January 21, 2004, 11:37:09 PM, you wrote
, Larry Gilson wrote:
Hi Bob,
Along the same lines, I had the following:
describe MY_RBDY_INVTXTSZ1 MY: Invisible text size
rawbody MY_RBDY_INVTXTSZ1 /font\s+.*\bsize=.-\d\D/i
scoreMY_RBDY_INVTXTSZ1 0.5
I have something similar. The style rule just wasn't getting nearly all
-Original Message-
From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
[EMAIL PROTECTED] On Behalf Of Chris Santerre
Sent: Wednesday, January 21, 2004 11:27 AM
To: '[EMAIL PROTECTED]';
[EMAIL PROTECTED]
Subject: RE: [SAtalk] [OT] - The current state spam.
Yeah, we have had this
Thanks Chris!
--Larry
-Original Message-
From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
[EMAIL PROTECTED] On Behalf Of Chris Santerre
Sent: Tuesday, January 20, 2004 3:39 PM
To: Spamassassin-Talk (E-mail)
Subject: [SAtalk] Bigevil updated again :)
Just posted 2.06M wich
Thanks Matt!
--Larry
-Original Message-
From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
[EMAIL PROTECTED] On Behalf Of Matt Yackley
Sent: Monday, January 19, 2004 11:57 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] New Ruleset: EvilNumbers
Inspired by classic hits such as
Look at:
http://useast.spamassassin.org/doc/Mail_SpamAssassin_Conf.html#learning%20op
tions
bayes_ignore_header header_name
If you receive mail filtered by upstream mail systems, like a spam-filtering
ISP or mailing list, and that service adds new headers (as most of them do),
these headers may
-Original Message-
From: Ross Vandegrift [mailto:[EMAIL PROTECTED]
Sent: Monday, January 19, 2004 4:07 PM
To: Larry Gilson
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Bayes mis-learning problem
On Mon, Jan 19, 2004 at 03:21:06PM -0500, Larry Gilson wrote:
http
Hi Scott,
I tried the link and wound up with a 404 page not found error message.
Thanks,
Larry
-Original Message-
From: [EMAIL PROTECTED]
[mailto:spamassassin-talk-
[EMAIL PROTECTED] On Behalf Of Scott Lambert
Sent: Monday, January 19, 2004 7:32 PM
To: [EMAIL PROTECTED]
Cc:
Thanks for clarifying Justin!
--Larry
-Original Message-
From: [EMAIL PROTECTED]
Sent: Monday, January 19, 2004 11:35 PM
To: Larry Gilson
Cc: 'Ross Vandegrift'; [EMAIL PROTECTED]
Subject: Re: [SAtalk] Bayes mis-learning problem
Larry Gilson writes:
In a broader sense though
You will want to put your custom .cf files in /etc/mail/spamassassin. You
can put them in /usr/share/spamassassin but they will be deleted during an
upgrade so it really does not make sense. The rules will not be seen in
~/.spamassassin/.
Review the Priveleged Settings section of
-Original Message-
From: S. M. C. Butler [mailto:[EMAIL PROTECTED]
Thx for the info larry. Can I place a blacklists.cf file in
/etc/mail/spamassassin and will it be read in conjunction to
any blacklist information I place in my ~/.spamassassin/local.cf
file?
Yes, SA will read
Sorry about that Chris, I forgot your disclaimer! Apologies!
--Larry
-Original Message-
From: Larry Gilson [mailto:[EMAIL PROTECTED]
Sent: Friday, December 19, 2003 2:18 PM
To: 'Chris Santerre'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Bigevil 2.05 posted just now
Hi Chris
Round 2 . . .
Does anyone have an idea about this?
Thanks,
Larry
-Original Message-
From: Larry Gilson
Sent: Wednesday, December 17, 2003 10:17 AM
To: Spamassassin-Talk (E-mail)
Subject: SORBS in SA 2.55?
Is it possible to implement the SORBS tests in 2.55? I am
CONGRADULATIONS to all the devs!! You deserve it!
Yes congratulations - and thanks for your hard work and dedication!
I can't think of any other program that has made me happier
the SA. OK, maybe MacPlaymate ;)
You dog!
---
This
Does anyone have up-to-date source RPMs for DCC (1.2.22) and Razor2 (2.36
including the patch)?
Thanks,
Larry
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for
Thanks Theo!
--Larry
-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
I have Razor at
http://www.kluge.net/ftp/pub/felicity/SRPMS/razor-agents-2.36-1tvd.src.rpm
---
This SF.net email is sponsored by: IBM
I was thinking of tackling this problem from the other end. Below are some
options from the Exchange list I subscribe to. I asked the question as to
how to extract the message to a text file. Presumably, the message would be
raw. The thought is that the extraction method would be a solution
1.888.ON.GO.YET
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Larry Gilson
Sent: Thursday, December 18, 2003 12:58 PM
To: 'Spamassassin-List'
Subject: RE: [SAtalk] importing spam from exchange users for
sa-learn?
I was thinking of tackling
Thanks Kris!
--Larry
-Original Message-
From: Kris Deugau [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 18, 2003 2:38 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Source RPMs - Razor2 and DCC
Larry Gilson wrote:
Does anyone have up-to-date source RPMs for DCC (1.2.22
Is it possible to implement the SORBS tests in 2.55? I am a little confused
looking at the tests. I normally see 'eval:check_rbl' but I notice that
2.61 also uses 'eval:check_rbl_sub'. Should I remove the '_sub' or not
implement the tests?
Thanks and Regards,
Larry
Just find the testname:
http://useast.spamassassin.org/tests.html
I'll just use SORBS as an _example_:
Test name: RCVD_IN_SORBS
local.cf or custom .cf entry:
score RCVD_IN_SORBS 0
Setting the score to 0 will prohibit the test from running.
--Larry
-Original Message-
From:
-Original Message-
From: Fred
Hello,
I am out the door on my way to work but we need a rule for a
new IE exploit just released, Visit this page, the exploit is
harmless but to the spoofer, it's man's best friend.
http://www.zapthedingbat.com/security/ex01/vun1.htm
I think
I have a Perl subroutine called from a CGI I call deliver. It was designed
to deliver quarantined messages to whatever location I desired. Although I
call a file to create a message array in which I pass the reference $msgref,
you could just create the array from the form. The RCPT TO array is
Hi Mitchell,
-Original Message-
From: Mitchell Baker
I am wanting to setup that any message from systems within
our domain don't get sent to spamd... I have the following
in the /etc/procmailrc
file:
:0:
* [EMAIL PROTECTED]
${DEFAULT}
# From system.rose-hulman.edu
:0:
*
Thanks Chris - great work!
--Larry
-Original Message-
From: Chris Santerre
BIG HUGE NEWS
A major breakthrough has taken place
ALL EVILRULES FILES HAVE BEEN COMBINED!! 2622 domains into
178 rules!!! Ramdon/tracking hosts tags removed!
They only increase spamd
Hi Bob,
Sorry for the long delay in my response. I have taken a little break.
Thanks for running the rules through masscheck against your corpus. I have
no where near the corpus that you do and find the testing methodology in
your first and second run, and results very interesting. Thanks
-Original Message-
From: Jennifer Wheeler
Yes so I found out, but too be fair he did say it might be too
restrictive and in my case it is. I am now looking at enabling
bayes unless anyone has any other suggestions.
I have been using Bayes for about 3 weeks to a month now.
Hi Julia,
-Original Message-
From: McWhirter,Julia
Larry/Jennifer,
I have copied the chickenpox and popcorn rules which are
working fine thanks very much Jennifer. Larry my install is
also outside the firewall and therefore needs site-wide
config and not user based and
-Original Message-
From: Larry Gilson
Sent: Tuesday, November 25, 2003 3:30 PM
To: 'Tony Bunce'; '[EMAIL PROTECTED]'
Subject: RE: [SAtalk] Ideas
Attached is a custom rule file. It has been working rather well and I will
be increasing the score from 0.5 to 1.0. The cf file also has
Hi Logan,
First, thanks for addressing the list. I think it takes integrity and guts
to respond rather than just run away.
-Original Message-
From: Logan Harbaugh [mailto:[EMAIL PROTECTED]
Sent: Monday, November 24, 2003 8:05 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] An Open Letter
THANKS! I don't know what was worse - having my MTA 550 the attempted
message or listening to talk of it every day. ;) Seriously though, thank
you!
--Larry
-Original Message-
From: [EMAIL PROTECTED]
Sent: Thursday, November 20, 2003 3:49 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk]
-Original Message-
From: spamassassin
Sent: Thursday, November 20, 2003 2:05 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] How to mark spam for certain users and
still deliver it?
Hello,
I have one client who wants to receive any emails they get,
irrespective of SPAM (they
-Original Message-
From: ian douglas
Sent: Thursday, November 20, 2003 4:19 PM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] font color=#FF
Just my $0.02, but I'd make it this:
color=(?\#?F[0-9A-F]F[0-9A-F]F[0-9A-F]?|?white
FYI, you should also change
color=
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 20, 2003 4:53 PM
To: Alex van den Bogaerdt; [EMAIL PROTECTED]
Subject: Re: {SPAM} [SAtalk] FYI
At 10:08 AM 11/18/2003, you wrote:
Spammers now send templates to use... how nice of them!
Hey Mike,
-Original Message-
From: MIKE YRABEDRA
Sent: Wednesday, November 19, 2003 8:55 AM
To: SPAMASSASSIN
Subject: Re: [SAtalk] font color=#FF
on 11/17/03 3:13 PM, Michael Weber at [EMAIL PROTECTED] wrote:
I've had a rule filtering out that font color for several
-Original Message-
From: Ralf Guenthner
Sent: Wednesday, November 19, 2003 12:08 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Rule for naughty words containing dots?
Hi list
Recently I've seen an increase in spam mails like the one below.
Using SA 2.60 with a spam threshold of
You just missed a discussion about a custom rule. If you are not familiar
with custom rules, I suggest some reading and examples:
http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
http://www.exit0.us/
Hey Jennifer,
Just a quick note to let you know that I abondoned my effort to consolidate
your rules. While they worked for the most part, the were not as effective
as yours. I still don't like the lack of effeciency of multiple rules, the
effectiveness can not be beat!
Thanks,
Larry
I have been experimenting with rules that will catch periods and pipes
obfuscating text. Attached is my punctuation.cf file. It caught your
example.
* 0.5 -- BODY: MY: Word obfu by periods (a.bcd)
* 0.5 -- BODY: MY: Word obfu by periods (abcde.fghij)
* 0.5 -- BODY: MY: Word obfu by
-Original Message-
From: jennifer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2003 8:45 PM
To: 'Larry Gilson'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] [RD] second weeds set
Hi Larry,
I agree, it would be nice if there was a way to consolidate,
and maybe
Hi Kevin,
Any .cf file will be processed in /etc/mail/spamassassin and
/usr/share/spamassassin. However, you are advised to avoid
/usr/share/spamassassin as an update/upgrade will delete the directory and
install a new - one so any custom rules will be wiped out. The links below
will help you
-Original Message-
From: Jacob S.
On Mon, 17 Nov 2003 21:01:24 -0500
Larry Gilson [EMAIL PROTECTED] wrote:
I am running Postfix with SA, Procmail, and Webmin on Red Hat
8.0. I want to move away from RH and am soliciting opinions.
snip
Well, you've heard the Slackware
Hi Rikhardur,
-Original Message-
From: [EMAIL PROTECTED]
Since we upgraded to Microsoft Exchange 2000, we´re not getting
the X-Spam-* headers any more.
The Headers begin by the line : Microsoft Mail Internet
Headers Version 2.0 and most useful information has either
been
SA 2.55
I am aware that HTML tags and line breaks are remvoed for 'body' rule tests.
I was wondering what the line breaks are replaced with. Are they replaced
with spaces? If I start or end a search with a space, like:
body MY_BDY_PDS_S3P1/ [a-z]{3}\.[a-z]{1}/i
body MY_BDY_PDS_1P3S
Hey Chris,
I may be oversimplifying the problem, but I don't think the db code is
elaborate. I wrote Perl DB_File routines for squidGuard. What is needed is
a hook to develop custom eval functions. Otherwise you run the risk of the
eval function not surviving updates. Even if one would
I am running Postfix with SA, Procmail, and Webmin on Red Hat 8.0. I want
to move away from RH and am soliciting opinions. I figure that for me, I
have 3 viable choices: FreeBSD, Debian, and Slackware. I want a free OS so
I don't want to use SuSE, Mandrake, or the like. Nothing against the
the job and do it well. I have one Slack
Mailserver with 400+ days uptime and one or two FreeBSD systems with
more than 200 days uptime.
HTH's
Regards,
Rick
Larry Gilson wrote:
I am running Postfix with SA, Procmail, and Webmin on Red Hat 8.0. I
want to move away from RH
/SpamAssassin integration
--On Friday, November 07, 2003 12:42 AM -0500 Larry Gilson
[EMAIL PROTECTED] wrote:
You might want to look at SecuritySage for some configuration
details.
http://www.securitysage.com/guides/postfix_uce.html
I just got some mail bounced by an ISP using
than
they already do by adding the complexity of Bayes for a population that
size?
--Larry
-Original Message-
From: Covington, Chris
Sent: Wednesday, November 12, 2003 12:10 PM
To: Larry Gilson; [EMAIL PROTECTED]
Subject: RE: [SAtalk] scoring system and values...
Definitely
I have a thought that might work but is high maintenance. First, dump the
POP3 connector. Second, setup your Postfix server as a relay using
relay_recipient_maps. Using Procmail, or similar, you could forward tagged
messages to a Public Folder setup for each user.
Public Folders
-Possible
-Original Message-
From: David B Funk
Sent: Wednesday, November 12, 2003 2:45 AM
To: Larry Gilson
Cc: 'Robban'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] SMTP gateway/filter
On Tue, 11 Nov 2003, Larry Gilson wrote:
The preferred method is any way you prefer. ;) That is really
I don't know if this really fits in this subject or not. However, I keep
thinking while reading this thread if anyone considers real opt-in
advertisements/messages that get tagged by SA (like from OshKosh,
Travelocity, Lands' End, etc.) to be a FP or not. Do site-wide Bayes
installs have a hard
Just tossing this out as an idea . . .
I have been working on the random text strings. I have talked about this a
little before but only really had one rule. I have started looking at
consonant-vowel-consonant combinations rather than just the long consonant
strings. I checked these
-Original Message-
From: Tim Merkel [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 11, 2003 6:08 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Bounce all but whitelist
I have a client who wishes to only allow mail into his inbox
that is explicitly allowed via his white list.
The preferred method is any way you prefer. ;) That is really an honest
answer. Everyone has their own preferred method and a lot of times it
depends on your specific situation. Some people will pipe to a filter shell
script, Procmail, maildrop, or spamc directly. I prefer Procmail as it
Or, you could just say any redirection is not a good thing.
describe MY_URI_REDIRECTMY: Trying to hide real URL by redirect
uri MY_URI_REDIRECT/https?:\/\/.*\/\*http:\/\//i
scoreMY_URI_REDIRECT4.0
--Larry
-Original Message-
From: Mike Kuentz (2) [mailto:[EMAIL
-Original Message-
From: Keith C. Ivey
Larry Gilson [EMAIL PROTECTED] wrote:
Or, you could just say any redirection is not a good thing.
describe MY_URI_REDIRECTMY: Trying to hide real URL by redirect
uri MY_URI_REDIRECT/https?:\/\/.*\/\*http:\/\//i
score
I agree with the fact that the lock is not needed on spamc, but I don't
understand why this would produce an error. There are a lot of individuals
that use the lock with both spamassassin and spamc as a load control. Is it
possible that by using DROPPRIVS=yes removes the permissions necessary
Thanks for clarifying Pete!
--Larry
-Original Message-
From: Pete Hanson [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 06, 2003 2:52 PM
To: Larry Gilson; [EMAIL PROTECTED]
Subject: RE: [SAtalk] lock problems with SPAMC
At 11:18 AM -0500 11/6/03, Larry Gilson wrote:
I
Hi Mike,
Thanks for the tip. I did not know about the dictionary. I have had a rule
testing the following:
4c-1/2v-3c
/[0-9bcdfghjklmnpqrstvwxz]{4,}[aeiouy]{1,2}[0-9bcdfghjklmnpqrstvwxz]{3,}/i
This would yield 52 FPs.
Varying the combination results in the following:
5c-1/2v-3c - 2 FP
Sounds more like you need to fix a Postfix configuration problem rather than
masking the problem by not sending notifications. Was your configuration
working during tests, before you put it into production?
You might want to look at SecuritySage for some configuration details.
-Original Message-
From: Carlos Jorge Santos [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 8:14 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Avoid Double check
Hi all,
I've searched for this subject in the list archives, but
couldn't find any relevant
-Original Message-
From: Andrew
Sent: Monday, November 03, 2003 7:35 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] URI Rule
Fellow Assassins,
Here is an example of some of the URLs coming through in spam mail.
http://#119;#119;#119
Would a rule like /#119;/ match this?
-Original Message-
From: Bob Apthorpe
Sent: Friday, October 31, 2003 1:03 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Rule for reverse lookup similarities
--snip--
The big problem is when ISPs don't differentiate their static
allocations from their dynamic allocations,
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Friday, October 31, 2003 10:21 AM
To: 'Patrick Morris'; Steven Manross
Cc: SA Mailing list
Subject: RE: [SAtalk] Rule for reverse lookup similarities
Steven Manross wrote:
I'm seeing a few/lot
-Original Message-
From: Dan Tappin [mailto:[EMAIL PROTECTED]
Sent: Friday, October 31, 2003 11:19 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] Log Question...
Below is a snippet from a recent post to the list:
Oct 30 14:12:40 ns1 MailScanner[3201]: Message h9UMAPR07828 from
In addition to the Popcorn/Backhair rules chris mentioned, also look for a
rawbody rule to catch the *invisible* text:
font color=#FF
My rule looks like:
describe MY_RBDY_INVSTXTMY: Invisible text color
rawbody MY_RBDY_INVSTXT/font\s?.*
color=(?\#?F[0-9A-F]?|?white?).*/i
did not see
them.
--Larry
-Original Message-
From: Larry Gilson
Sent: Wednesday, October 29, 2003 9:35 AM
To: Mark Ritchie; [EMAIL PROTECTED]
Subject: RE: [SAtalk] Exessive HTML Code
Yes, this would be possible.
describe MY_RBDY_EXSV_TAGMY: Excessive HTML Tags
rawbody
-Original Message-
From: Vasantha Narayanan
Sent: Thursday, October 30, 2003 11:06 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] updating rules without upgrading SpamAssassin
Hi,
I would like to know if there is a way to update the rules with out
updating SpamAssassin.
The
Nice stats Mike! Custom script?
-Original Message-
From: mikea
Sent: Thursday, October 30, 2003 1:19 PM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Significant increase in spam lately
On Thu, Oct 30, 2003 at 01:01:49PM -0500, Colin A. Bartlett wrote:
Chris Santerre Sent:
Everyone has an opinion so since you ask, I'll give you mine. Your script
includes stats on SA so therefore it is SA related. Anything that can help
me keep a grip on what is happening to my mailservers is worthwhile. Logs
and stats really help in this area and your stats include SA. So as far
Yes, this would be possible.
describe MY_RBDY_EXSV_TAGMY: Excessive HTML Tags
rawbody MY_RBDY_EXSV_TAG/[bi]\/[bi]/i
scoreMY_RBDY_EXSV_TAG4.0
Backhair did not hit because the number of characters within the tag is
fewer than 6. Creating rules to match fewer than 6 characters
For those who don't already know:
MIT Room 26-100
January 16, 2004, 9 am to 6 pm
The 2003 spam conference worked well, so we plan to do much the same thing
in 2004. There will be none of the cruft that usually accumulates on
conferences; just a series of quick, concentrated talks, and then we
Hi Jennifer,
-Original Message-
From: Jennifer Wheeler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 9:51 AM
To: 'Larry Gilson'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] [RD] 4c-2v-3c
Hi Larry
I have had some very good success with a rawbody and subject test
I can tell you how to pass the information to SA it if you use Postfix and
Procmail. Otherwise, you will need to figure out how to make your MTA pass
that information along to SA. You will also need a custom rule. MAIL FROM
and RCPT TO data are not passed along as part of a message.
--Larry
Hi Joe,
I think you might want to look at Meta rules.
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
http://www.exit0.us/
http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt
--Larry
-Original Message-
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Wednesday,
-Original Message-
From: Keith C. Ivey
Thanks for the reply Keith and sorry for the long dely in my response.
Larry Gilson [EMAIL PROTECTED] wrote:
full MY_FULL_OBFU_HTML /[\s]\w+[\w\s\/\$;]{1,6}\w+/
It seems to me that you'd want to catch the obfuscating
pesudo
I am using 2.55. If the answer is different for 2.60, please answer with
respect to 2.60 as I will be upgrading *very* soon.
I am experimenting with Bayes in a site-wide/gateway configuration. One
thing that I believe is affecting my tests is the external Procmail
whitelist. I find the number
I have had some very good success with a rawbody and subject test which
looks for
4 or more consonants
followed by 1 or 2 vowels
followed by 3 or more consonants or digits
This is the match:
/[0-9bcdfghjklmnpqrstvwxz]{4,}[aeiouy]{1,2}[0-9bcdfghjklmnpqrstvwxz]{3,}/i
This catches the junk
I have been testing the HTML obfuscation with the pattern match for the junk
within the tags ranging from 1 to 5.
full MY_FULL_OBFU_HTML /[\s]\w+[\w\s\/\$;]{1,6}\w+/
This is the results of my testing.
{1} have not noticed false positives
{2} false positives with br
{3} false positives
-Original Message-
From: Satya [mailto:[EMAIL PROTECTED]
Sent: Saturday, October 25, 2003 8:22 AM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] [OT] What is next step?
On Oct 24, 2003 at 22:06, Larry Gilson wrote:
business because they tighten the grips. One thing they can
ATT aborts plan to block e-mail
http://www.msnbc.com/news/983380.asp?vts=102220031806
I thought this was an interesting article in light of this thread.
--Larry
---
This SF.net email is sponsored by: The SF.net Donation Program.
Do you
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Friday, October 24, 2003 10:50 AM
To: 'Larry Gilson'; 'Colin A. Bartlett'; Patrick Morris
Cc: [EMAIL PROTECTED]
Subject: RE: [SAtalk] [RD] yahoo redirect
/^https?\:\/\/w*\.yahoo\.com\/.*\/\*http/i
-Original Message-
From: Matt Kettler
Sent: Friday, October 24, 2003 6:32 PM
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [SAtalk] Whitelist / Rule Question...
At 01:34 PM 10/24/2003, Dan Tappin wrote:
rawbody USERNAME /username/i
describe USERNAME
score USERNAME
-Original Message-
From: Chris Santerre
Sent: Friday, October 24, 2003 12:26 PM
To: 'Larry Gilson'; '[EMAIL PROTECTED]'
Subject: RE: [SAtalk] [OT] What is next step?
ATT aborts plan to block e-mail
http://www.msnbc.com/news/983380.asp?vts=102220031806
I thought
Search the archives a custom rule discussion with the subject Popcorn,
Backhair, and Weeds.
Links:
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm
http://spamhammers.nxtek.net/
--Larry
-Original Message-
From: jenni baier [mailto:[EMAIL PROTECTED]
Sent: Thursday,
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 23, 2003 3:08 PM
To: 'Colin A. Bartlett'; Patrick Morris
Cc: [EMAIL PROTECTED]
Subject: RE: [SAtalk] [RD] yahoo redirect
This is what it is now:
Hi Arlo,
-Original Message-
From: Arlo Gilbert [mailto:[EMAIL PROTECTED]
Sent: Monday, October 20, 2003 4:58 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] dcc returns letters not numbers. docs say
to limit #'s
I'm hopeful that somebody can explain the dcc results to me.
i
Hi Arlo,
-Original Message-
From: Arlo Gilbert [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 22, 2003 8:48 AM
To: Larry Gilson
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] dcc returns letters not numbers. docs
say to limit # 's
Thanks Larry,
I do understand that 9
Hi Michael,
There is definitely a dependency order. You need to upate installed RPM.
If you want to update each RPM, one at a time, you will need to use the
--nodeps option. Just understand that if you update each RPM one at a time,
you *have* to update them all. Otherwise you will have one
About a year and a half ago I was on a quest to find a management panel for
an Email gateway. I never found one but what I did find was Webmin
(http://www.webmin.com/). Webmin is a web-based interface for system
administration for Unix. It is entirely written in Perl/CGI. The base uses
a
Hi Jennifer,
-Original Message-
From: jennifer
Sent: Sunday, October 19, 2003 7:03 PM
To: 'Larry Gilson'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] [RD] Popcorn, Backhair, and Weeds
Hi Larry,
(I added RD since this has turned into rule discussion. Hope that is
ok
Hi Mike,
This is great! Thanks!
--Larry
-Original Message-
From: Mike Kuentz (2) [mailto:[EMAIL PROTECTED]
Sent: Monday, October 20, 2003 3:14 PM
To: Larry Gilson; Chris Santerre
Cc: SA
Subject: RE: [SAtalk] Popcorn, Backhair, and Weeds
Little behind in my reading here, so
Hi Michael,
-Original Message-
From: Michael Balamuth [mailto:[EMAIL PROTECTED]
Sent: Monday, October 20, 2003 3:27 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] filter documentation
Just wondering if there is any specific documentation on how to write
additional filters for SA?
Hi Marco,
-Original Message-
From: Marco Calistri [mailto:[EMAIL PROTECTED]
Sent: Monday, October 20, 2003 4:19 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] My first question here[SA DCC]
Hello, first of all I want to make my compliments to the
developers that are spending
Hi Matt,
I really don't know. If you do, you would find them in:
/usr/share/doc/spamassassin-tools-2.xx (whatever your vers ## is)
--Larry
-Original Message-
From: Matt Van Gordon [mailto:[EMAIL PROTECTED]
Sent: Friday, October 17, 2003 12:55 PM
To: 'Larry Gilson'; '[EMAIL
-Original Message-
From: Michael W.Cocke [mailto:[EMAIL PROTECTED]
Sent: Friday, October 17, 2003 8:37 AM
To: [EMAIL PROTECTED]
Subject: Re: [SAtalk] CPAN or RPM's?
--snip--
And, to bring this post back toward the stated subject, I was never
able to successfully install SA from
I'd be lucky to see the post in a half hour.
--Larry
-Original Message-
From: Colin A. Bartlett [mailto:[EMAIL PROTECTED]
Sent: Friday, October 17, 2003 10:38 AM
To: [EMAIL PROTECTED]
Subject: [SAtalk] slow list
Moderately Off Topic:
Does anyone else have trouble getting
1 - 100 of 296 matches
Mail list logo