Thanks for the info. I checked the update folder and see these scores:
score TO_EQ_FM_DOM_HTML_ONLY2.800 0.001 2.800 0.001
The way I read it is that you made the change you where talking about
and now the rule really only gets used for faked senders. Thanks a lot,
that
Hi,
There are a few emails which I had already blocked their emails, but I still
getting spammed from them.
Example below. Is there a way to block the sender name, AndyTheCoach
instead?
Return-Path: andyn...@singnet.com.sg
Delivered-To: m...@emailaddress.com
Received: (qmail 31173 invoked by
On 24.02.13 12:17, Hendrik Haddorp wrote:
Thanks for the info. I checked the update folder and see these scores:
score TO_EQ_FM_DOM_HTML_ONLY2.800 0.001 2.800 0.001
The way I read it is that you made the change you where talking about
and now the rule really only gets used
On 24.02.13 12:17, Hendrik Haddorp wrote:
Thanks for the info. I checked the update folder and see these scores:
score TO_EQ_FM_DOM_HTML_ONLY2.800 0.001 2.800 0.001
The way I read it is that you made the change you where talking
about and now the rule really only gets used
On Sun, 2013-02-24 at 19:20 +0800, Nicholas C. wrote:
Hi,
There are a few emails which I had already blocked their emails, but I still
getting spammed from them.
Example below. Is there a way to block the sender name, AndyTheCoach
instead?
header NAMEBLOCKER From =~ /AndyTheCoach/
or,
Hi there,
Specifically checking name is:
header LOL From:name =~ AndyTheCoach
Meta this with the excellent suggestion from Martin (header
MSGID_BLOCKER Message-ID =~ /AndyNgPC/) to minimize false positive risk.
Best regards,
Alex, from osmosed.
Bow before me, for I am root.
On 24/02/13
Marc Perkel skrev den 2013-02-22 21:20:
We need a rule to catch this. It looks like more data than it is but
it's really little more than a single link. Like to see a rule that
identifies it.
http://www.mywot.com/en/scorecard/fox-enws.com/
http://www.trustpilot.com/review/fox-enws.com
is
David F. Skoll skrev den 2013-02-22 21:27:
HeaderMatches RegExp ^To:(.*?@.*?){5} AND
Envelope Sender Ends with@yahoo.com AND
MessageSize 6000
Well, ok... the MessageSize condition is tricky. And this rule does
kick up some
On 02/24/2013 06:29 PM, Benny Pedersen wrote:
Marc Perkel skrev den 2013-02-22 21:20:
We need a rule to catch this. It looks like more data than it is but
it's really little more than a single link. Like to see a rule that
identifies it.
http://www.mywot.com/en/scorecard/fox-enws.com/
Kevin A. McGrail skrev den 2013-02-22 21:56:
describeKAM_YAHOO Compromised Yahoo! Accounts Sending
Spam
inccorect, if thay are dkim signed its yahoo, if not its a silly
spammer
blacklist_from (all-yahoo-domains)
def_whitelist_from all-yahoo-domains)
would be more simple
the
Axb skrev den 2013-02-24 18:35:
http://www.mywot.com/en/scorecard/fox-enws.com/
http://www.trustpilot.com/review/fox-enws.com
is there a possible to implement it ?
imho surbl using it, but it would be nice to have it live tested
What you're seeing is other way round - mywot uses SURBL
If
At 13:42 21-02-2013, Kevin A. McGrail wrote:
Unless betting for minor sums such as a beer or a happy meal, I
generally won't get into RFC compliance arguments with DFS. My
reading was similar though there are some other RFCs that extend
SMTP and say things like if you use ESMTP, you have to
On 02/24/2013 06:48 PM, Benny Pedersen wrote:
Axb skrev den 2013-02-24 18:35:
http://www.mywot.com/en/scorecard/fox-enws.com/
http://www.trustpilot.com/review/fox-enws.com
is there a possible to implement it ?
imho surbl using it, but it would be nice to have it live tested
What you're
Axb skrev den 2013-02-24 19:02:
I obviosuly didn't understand you , nor do I understand you now
doesn't matter...
now you understand why you are developper and i am not ? :=)))
i rember some that sayed it :(
On 2/24/2013 12:58 PM, SM wrote:
At 13:42 21-02-2013, Kevin A. McGrail wrote:
Unless betting for minor sums such as a beer or a happy meal, I
generally won't get into RFC compliance arguments with DFS. My
reading was similar though there are some other RFCs that extend SMTP
and say things
On 2/23/2013 10:56 AM, Kevin A. McGrail wrote:
Though I need to check if they have started forging as well through
other servers.
Just following up on this and checking the Yahoo! spam that I've been
researching, all of it is sent by Yahoo! accounts through Yahoo! with
real DKIM signatures.
On 2/23/2013 5:49 PM, Hans van Kranenburg wrote:
...
It sounds quite normal to me that people send each other shortened
links, why should this rule trigger a score completely on its own, and
why such a high contribution to the total score?
SHORTENED_URL_HREF might be more like a rule that helps
At 11:07 24-02-2013, Kevin A. McGrail wrote:
I'm referring to other RFCs such as 1651 which says:
That's an obsoleted RFC. It might be better to refer to RFC 5321
(Section 4.4) for information about the Received: header.
Regards,
-sm
On 02/24/2013 08:22 PM, Kevin A. McGrail wrote:
On 2/23/2013 5:49 PM, Hans van Kranenburg wrote:
...
It sounds quite normal to me that people send each other shortened
links, why should this rule trigger a score completely on its own, and
why such a high contribution to the total score?
On Sun, 24 Feb 2013 18:35:04 +0100
Benny Pedersen m...@junc.eu wrote:
David could you make this as a clamav logical signature ?, and test
it ?
I don't know how to do that... sorry.
Regards,
David.
20 matches
Mail list logo
