Corpus here doesn't seem to understand that your can get blacklisted if you
email host puts you on a shared server with a spammer. Therefore, by no
fault of your own, you are effectively blacklisted. Furthermore, it is more
than likely that the spammer on my shared server does not have an email
ad
On Fri, 2011-04-22 at 17:38 -0400, Dimitri Yioulos wrote:
> > Well, that does not explain why or how the
> > stock rules ended up in your site config dir --
> > neither why their version changes, though *not*
> > in sync with the installed sa-learn script.
> >
> > Did you perhaps run sa-update with
On Friday 22 April 2011 5:17:20 pm Karsten
Bräckelmann wrote:
> On Fri, 2011-04-22 at 16:55 -0400, Dimitri
Yioulos wrote:
> > Don't know how I managed to mangle my SA
> > configuration, but how you all will help me
> > untangle. I used the Dag repo for version
> > 3.2.5, but ran rpmbuild against
On Fri, 2011-04-22 at 16:55 -0400, Dimitri Yioulos wrote:
> Don't know how I managed to mangle my SA configuration, but how you all
> will help me untangle. I used the Dag repo for version 3.2.5, but ran
> rpmbuild against the SA tarball for 3.3.1 (I can almost see you
> grimacing). Previous vers
On Friday 22 April 2011 4:44:57 pm Karsten
Bräckelmann wrote:
> On Fri, 2011-04-22 at 16:19 -0400, Dimitri
Yioulos wrote:
> > Over the past few days, I've had some spam
> > leaking through what has been an old, but
> > reliable system (consisting of the latest
> > Sendmail, MailScanner, clamav, M
On Friday 22 April 2011 4:31:37 pm Bowie Bailey
wrote:
> On 4/22/2011 4:19 PM, Dimitri Yioulos wrote:
> > Greetz, all.
> >
> > My question may have been answered in the
> > past, but I wouldn't even know what search
> > terms to use. Apologies if that's the case
> >
> > Over the past few days, I'
On Fri, 2011-04-22 at 16:19 -0400, Dimitri Yioulos wrote:
> Over the past few days, I've had some spam leaking through what has
> been an old, but reliable system (consisting of the latest Sendmail,
> MailScanner, clamav, MailWatch, and an older Spamassassin, all running
> on a CentOS box). Up to
On 4/22/2011 4:19 PM, Dimitri Yioulos wrote:
> Greetz, all.
>
> My question may have been answered in the past,
> but I wouldn't even know what search terms to
> use. Apologies if that's the case
>
> Over the past few days, I've had some spam leaking
> through what has been an old, but reliable
Please keep the thread on-list. Do reply to the list, rather than to
individuals.
On Sat, 2011-04-23 at 01:32 +0530, shiva prasad wrote:
> Hi Karsten,
> Thanks for the reply.I am using a Propriety router
> with its own handlers and hooks that uses Spamassasin in turn with
> d
Greetz, all.
My question may have been answered in the past,
but I wouldn't even know what search terms to
use. Apologies if that's the case
Over the past few days, I've had some spam leaking
through what has been an old, but reliable system
(consisting of the latest Sendmail, MailScanner,
Very useful feedback, thanks Warren and Bowie!
Morten
On Apr 22, 2011, at 12:43 PM, Warren Togami Jr. wrote:
> On 4/22/2011 6:32 AM, Morten wrote:
>>
>> Hi folks,
>>
>> I'm looking at upgrading a SA 3.2.5 installation. I see that there's a 3.3.1
>> release, but that's more than a year old. I
On 4/22/2011 6:32 AM, Morten wrote:
Hi folks,
I'm looking at upgrading a SA 3.2.5 installation. I see that there's a 3.3.1
release, but that's more than a year old. Is there some shared rules repository
out there that's more recent?
Thanks,
Morten
http://www.spamtips.org/p/ultimate-setup
On Sat, 2011-04-23 at 00:36 +0530, shiva prasad wrote:
> Hi guyzz,
>I need info as to what exactly is the spamassasin
> behavior in the following scenarios
It depends.
Any such characteristic would only be one (tiny) part of the final
score. There are a *lot* more rules and tests
Adam Katz wrote:
> Getting back to a viable solution to your actual spam problem...
>
>> Adam Katz wrote:
>>> How about this rule instead:
>>>
>>> blacklist_from *@regionstargpsupdates.com
>
> On 04/21/2011 04:37 PM, Kevin Miller wrote:
>> Yes, but then I'm playing whack-a-mole. Looking at the
Hi guyzz,
I need info as to what exactly is the spamassasin behavior in
the following scenarios
1) Empty mail with no subject/body (I have this treated as SPAM in my
local pc with default configuration of spamassasin0
2) Email with subject in only numbers with nobody
Regards
shi
Hello Karsten,
Friday, April 22, 2011, 7:09:06 PM, you wrote:
KB> Not permitting square brackets will indeed prevent a relay border
KB> between the rdns= key and the matched value, but since spaces are
KB> allowed, it happily matches e.g. helo= or by= values.
That did click eventually:)
--
Getting back to a viable solution to your actual spam problem...
> Adam Katz wrote:
>> How about this rule instead:
>>
>> blacklist_from *@regionstargpsupdates.com
On 04/21/2011 04:37 PM, Kevin Miller wrote:
> Yes, but then I'm playing whack-a-mole. Looking at the spam in html
> format (i.e.,
On 04/22/2011 07:02 AM, Joseph Brennan wrote:
> I'd be cautious with this.
>
> I have tried scoring for multiple and also for more than ten
> closing in a row, but unless you score very low, you'll get
> false positives. Unfortunately some legitimate software products
> translate their native
On 04/21/2011 05:22 PM, John Hardin wrote:
> On Thu, 21 Apr 2011, Adam Katz wrote:
>
>> rawbody LOCAL_5X_BR_TAGS /(?:[\s\r\n]{0,4}){5}/mi
>
> ...when does \s{0,4} not match the same text as [\s\r\n]{0,4} ?
>
> (i.e. \r and \n are whitespace, no?)
I believe they are identical assuming /msi fla
On Fri, 2011-04-22 at 18:55 +0100, Niamh Holding wrote:
> KB> What you want instead is to match anything BUT a space /[^ ]+/. That
> KB> will prevent this part from matching beyond borders. More specifically,
> KB> it prevents matching any other data point and ensures the right hand
> KB> part actu
Hello Karsten,
Friday, April 22, 2011, 6:53:28 PM, you wrote:
KB> /^[^\]]+ rdns=[^ ]+\.no\.space\.there /
Ah I see what you meant now, and that wouldn't match where the
dip.tdialin.net was in the helo and not the rdns.
Thanks.
--
Best regards,
Niamhmailto:ni...@f
Hello Karsten,
Friday, April 22, 2011, 4:31:25 PM, you wrote:
KB> What you want instead is to match anything BUT a space /[^ ]+/. That
KB> will prevent this part from matching beyond borders. More specifically,
KB> it prevents matching any other data point and ensures the right hand
KB> part act
On Fri, 2011-04-22 at 17:51 +0100, Niamh Holding wrote:
> KB> What you want instead is to match anything BUT a space /[^ ]+/. That
> KB> will prevent this part from matching beyond borders. More specifically,
> KB> it prevents matching any other data point and ensures the right hand
> KB> part actu
Hello Michael,
Friday, April 22, 2011, 5:55:49 PM, you wrote:
MS> how about 'msa=0 \] \[ ip=.*rdns=.*dip\.t-dialin\.net/i'
But that'll definitely match into the second block, what I need is to
end the matching at the end of the first block ie the first ]
--
Best regards,
Niamh
On 4/22/2011 12:32 PM, Morten wrote:
> Hi folks,
>
> I'm looking at upgrading a SA 3.2.5 installation. I see that there's a 3.3.1
> release, but that's more than a year old. Is there some shared rules
> repository out there that's more recent?
The base rules are updated via sa-update on a somewh
On 4/22/11 12:51 PM, Niamh Holding wrote:
Hello Karsten,
Friday, April 22, 2011, 4:31:25 PM, you wrote:
KB> What you want instead is to match anything BUT a space /[^ ]+/. That
KB> will prevent this part from matching beyond borders. More specifically,
KB> it prevents matching any other data
Hello Karsten,
Friday, April 22, 2011, 4:31:25 PM, you wrote:
KB> What you want instead is to match anything BUT a space /[^ ]+/. That
KB> will prevent this part from matching beyond borders. More specifically,
KB> it prevents matching any other data point and ensures the right hand
KB> part act
Hi folks,
I'm looking at upgrading a SA 3.2.5 installation. I see that there's a 3.3.1
release, but that's more than a year old. Is there some shared rules repository
out there that's more recent?
Thanks,
Morten
The MTA is not controlled by me. The mails are received at a Google Apps
email address. Hence I don't have the option to implement SpamAssassin at
the front end( before the mail is delivered to the mailbox)
On Fri, Apr 22, 2011 at 8:46 PM, Martin Gregorie wrote:
> On Fri, 2011-04-22 at 20:04 +053
On Thu, 21 Apr 2011 15:37:02 -0800, Kevin Miller
>>> body CBJ_GiveMeABreak /\[""]{5,}/
>>> describe CBJ_GiveMeABreak Messages with multiple consecutave break
>>> characters score CBJ_GiveMeABreak 0.01
> I'm wading through it, trying to understand it all. Printed some regex
> tutor
On Fri, 2011-04-22 at 16:07 +0100, Niamh Holding wrote:
> I have a custom rule-
>
> header NH_TDIALIN X-Spam-Relays-Untrusted =~ /^[^\]]+
> rdns=.*dip\.t-dialin\.net/i
^^
The rdns= part correctly is in the first block. The above mar
On 4/22/11 11:07 AM, Niamh Holding wrote:
Hello
I have a custom rule-
header NH_TDIALIN X-Spam-Relays-Untrusted =~ /^[^\]]+
rdns=.*dip\.t-dialin\.net/i
scoreNH_TDIALIN 1.61
describe NH_TDIALIN Received directly from dynamic t-dialin.net address
postfix? #1, just reject at mta.!
if not,
On Fri, 2011-04-22 at 20:04 +0530, Shankar wrote:
> Introduction:
> I have a ticket system in PHP. People report tickets over email. A mail
> parser connects to the mailbox using IMAP, downloads the email and parses it
> to create a ticket which can be viewed/updated over the web interface.
>
Who c
Hello
I have a custom rule-
header NH_TDIALIN X-Spam-Relays-Untrusted =~ /^[^\]]+
rdns=.*dip\.t-dialin\.net/i
scoreNH_TDIALIN 1.61
describe NH_TDIALIN Received directly from dynamic t-dialin.net address
Now the regex should only match on anything in the first [...] block
of the X-Spam-Re
On 4/22/2011 10:34 AM, Shankar wrote:
> Introduction:
> I have a ticket system in PHP. People report tickets over email. A
> mail parser connects to the mailbox using IMAP, downloads the email
> and parses it to create a ticket which can be viewed/updated over the
> web interface.
>
> My requiremen
On 4/22/11 10:34 AM, Shankar wrote:
Introduction:
I have a ticket system in PHP. People report tickets over email. A
mail parser connects to the mailbox using IMAP, downloads the email
and parses it to create a ticket which can be viewed/updated over the
web interface.
My requirement:
I want
Introduction:
I have a ticket system in PHP. People report tickets over email. A mail
parser connects to the mailbox using IMAP, downloads the email and parses it
to create a ticket which can be viewed/updated over the web interface.
My requirement:
I want my application to check if the downloaded
On 4/21/2011 7:47 PM, Kevin Miller wrote:
>
> Great. I've changed my rule to that, and am going to look at Adam's somewhat
> enhanced version to understand what all it's doing. To wit:
> rawbody LOCAL_5X_BR_TAGS /(?:[\s\r\n]{0,4}){5}/mi
It matches:
or followed by 0 to 4 whitespace or ret
I'd be cautious with this.
I have tried scoring for multiple and also for more than ten
closing in a row, but unless you score very low, you'll get
false positives. Unfortunately some legitimate software products
translate their native format into HTML with ugly code like that.
It could be th
39 matches
Mail list logo
