Re: Spam Pattern

On Feb 14, 2014, at 1:04 PM, Adam Katz wrote: > Noo, don't do that. (?:\s*\w+)+ is a ReDoS bomb (and you have it ten > times!) which will destroy your Whoops, you're very right. Removing the + after the \w (that is, turning it to (?:\s*\w)+ ) should match the same things but without th

Re: Spam Pattern

On 02/14/2014 11:23 AM, Amir Caspi wrote: > To be clear, that wasn't my sample; I am not the originator of this > thread. Whoops, my bad. My point was clear anyway. > What about this, a variant of what I posted earlier? It requires 10 > matches, but I believe it does the same thing as yours exc

Re: Spam Pattern

On Feb 14, 2014, at 11:53 AM, Adam Katz wrote: > some of your sample's strings had an extra character on the end. > To be clear, that wasn't my sample; I am not the originator of this thread. > This version of the rule is more expensive, but is safer to score higher > (maybe 3-4 points): body

Re: Spam Pattern

Ha! I checked my mail before sending this; we're on the same wavelength yet our emails are out of sync. You just suggested the same thing I was leaning on. On 02/14/2014 10:53 AM, John Hardin wrote: > S/O is a little surprising: > > http://ruleqa.spamassassin.org/?daterev=20140213-r1567864-n&rul

Re: check_for_numeric_helo() function wreaking havoc

On Fri, 14 Feb 2014, Jeffrey Starin wrote: So, here is the issue: Email sent from our server website in which all of the appropriate configuration for exim has been signed off by hostgator (our web hosting company) as correct, is being detected by mail-tester.com as violating the FSL_HELO_BARE

Re: Spam Pattern

On Fri, 14 Feb 2014, Adam Katz wrote: Yes, there is an increased FP risk due to the ability to match different hex strings (e.g. a list of checksums). That's probably where the current Rule QA FPs come from. Good point. Perhaps it should be /\s[

Re: Spam Pattern

On Feb 14, 2014, at 11:00 AM, Adam Katz mailto:antis...@khopis.com>> wrote: >> >> Given the nature of the content, I'd go the other direction and not >> require the word boundary. This removes the wildcard, though it >> doesn't short circuit as quickly, so one could debate which version >> is more

Re: Spam Pattern

On Fri, 14 Feb 2014, Amir Caspi wrote: Another problem with the above code is that you require only a short word (1-10 chars) prior to the hex string. Some perfectly legitimate, or even illegitimate, words could be longer than 10 chars. I'd increase the upper limit to something like 15ish

Re: Spam Pattern

On Fri, 14 Feb 2014, Adam Katz wrote: Given the nature of the content, I'd go the other direction and not require the word boundary. This removes the wildcard, though it doesn't short circuit as quickly, so one could debate which version is more efficient. body __HEXHASHWORD /\b[a-z]{1,

check_for_numeric_helo() function wreaking havoc

Hello, I am new to Spam Assassin and I am coming at it from a web administrator point of view. I do not manage SpamAssassin but I along with my websites are on the receiving end of it's work via the email we do (and do not) receive/send for our websites. I am not an Exim maven although I know a

Re: Spam Pattern

On Feb 14, 2014, at 11:00 AM, Adam Katz wrote: > Given the nature of the content, I'd go the other direction and not require > the word boundary. This removes the wildcard, though it doesn't short > circuit as quickly, so one could debate which version is more efficient. > body __HEXHASHW

Re: Spam Pattern

On 02/12/2014 01:46 PM, John Hardin wrote: > On Wed, 12 Feb 2014, Axb wrote: >> On 02/12/2014 10:06 PM, John Hardin wrote: >>> Perhaps something like this: >>> >>> body __HEXHASHWORD /\b[0-9a-f]{30,}\s[a-z]{1,10}\b/ >>> tflags__HEXHASHWORD multiple maxhits=5 >>> meta HEXHASH_W

Re: spamassassin 3.4.0 spec file for rhel4 rhel5 rhel6 and compatible os's

Hi, I am a working on it although quite rusty on spec file study, comparison, and editing etc. Yet since I don't know everything about 3.4.0... Would someone with a known good working spamassassin spec file that works well with rhel4 - rhel6 machines please share? I've been able to adapt the