Re: URI parser problems

>Perhaps a smaller step that would be useful would be to have the parser >require the second-level domain name have > 1 character. >How often would we see a valid registered domain name like "x.info" for >example? maybe the best way to know whether it is a URI or not is to ask the DNS...

Re: MSBL Email Blocklist (EBL) SA usage query

On 5 December 2017 18:40:15 GMT-05:00, Benny Pedersen wrote: >Michael Grant skrev den 2017-12-05 19:01: > >> loadplugin Mail::SpamAssassin::Plugin::HashBL HashBL.pm > >this line must not be in cf file but should be in pre file > ># cat hashbl.pre >loadplugin

Re: URI parser problems

On 5 Dec 2017, at 14:59, John Hardin wrote: How often would we see a valid registered domain name like "x.info" for example? This is not as rare as you would think. Those names are more expensive, but not insanely so. https://uniregistry.link/premium-domain-names/ Best regards -lem

Re: MSBL Email Blocklist (EBL) SA usage query

Michael Grant skrev den 2017-12-05 19:01: loadplugin Mail::SpamAssassin::Plugin::HashBL HashBL.pm this line must not be in cf file but should be in pre file # cat hashbl.pre loadplugin Mail::SpamAssassin::Plugin::HashBL /path-to-custom-sa-plugins/HashBL.pm # cat hashbl.cf ifplugin

Re: URI parser problems

On Tue, 5 Dec 2017, RW wrote: On Tue, 5 Dec 2017 16:25:28 -0500 Alex wrote: Hi, I have the following rule that is used to detect some of the less common URIs: uriURI_RARE_TLD

Re: URI parser problems

On Tue, 5 Dec 2017 16:25:28 -0500 Alex wrote: > Hi, I have the following rule that is used to detect some of the less > common URIs: > > uriURI_RARE_TLD >

URI parser problems

Hi, I have the following rule that is used to detect some of the less common URIs: uriURI_RARE_TLD

Re: TO_NO_BRKTS_DYNIP

>> Those high scores are from the score set without Bayes or net rules >> where there's often not a lot to go on. >> >> The score for TO_NO_BRKTS_DYNIP is autogenerated, the two scores >> probably add up to exactly 5.000 for good reason. >> >> Maybe some special handling for amazonaws.com would be

Re: Does This Look Right?

Am 05.12.2017 um 19:29 schrieb Colony.three: >> Am 05.12.2017 um 19:13 schrieb Colony.three: >> >>> On 12/05/2017 01:17 AM, Colony.three wrote: >>> >>> |Looks like it's doing what it's supposed to, but just >>> checking... What do you think it's supposed to be happening >>> below?

Re: Does This Look Right?

Am 05.12.2017 um 19:13 schrieb Colony.three: >> On 12/05/2017 01:17 AM, Colony.three wrote: >> >>> Looks like it's doing what it's supposed to, but just checking... >>> >>> What do you think it's supposed to be happening below? Those are just >>> normal hacking attempts from China to do SMTP

Re: Does This Look Right?

On 12/05/2017 01:17 AM, Colony.three wrote: >> Looks like it's doing what it's supposed to, but just checking... >> >> What do you think it's supposed to be happening below? Those are just >> normal hacking attempts from China to do SMTP authentication to try to >> abuse your server by sending

Re: MSBL Email Blocklist (EBL) SA usage query

N.B. that the HASHBL_EMAIL initial installed -- as distributed -- SCORE is set to a lowly 1 in hashbl.cf, viz.: loadplugin Mail::SpamAssassin::Plugin::HashBL HashBL.pm ifplugin Mail::SpamAssassin::Plugin::HashBL header HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org') describe

Re: Does This Look Right?

On 12/05/2017 01:17 AM, Colony.three wrote: Looks like it's doing what it's supposed to, but just checking... What do you think it's supposed to be happening below? Those are just normal hacking attempts from China to do SMTP authentication to try to abuse your server by sending spam

Re: HTML_IMAGE_ONLY_* generating too many FP's

On 02/12/17 18:45, David Jones wrote: On 12/02/2017 11:22 AM, Sebastian Arcus wrote: On 02/12/17 13:06, Matus UHLAR - fantomas wrote: On 12/01/2017 11:17 AM, Sebastian Arcus wrote: -0.2 RCVD_IN_MSPIKE_H2  RBL: Average reputation (+2) [212.227.126.131 listed

Re: TO_NO_BRKTS_DYNIP

Amazon AWS machines sending out to the Internet should have a PTR record, or else they will be on a lot of blacklists as well. Amazon works with a number of blacklist providers and automatically has IPs without a static PTR record blacklisted. When you request a PTR record from Amazon, they then