> > I'm getting a bit of HTML spam with lines like
> >
> > right" face=Arial> w
> >
> > To catch this style of obfuscation, I did two rules,
> > being unsure how to escape the carets:
> >
> > rawbody htmlobscu1 /\>\s*\w\s*\<\//
> > rawbody htmlobscu2 />\s*\w\s*<\//
>
> Hmm... from th
Hi,
I'm getting a bit of HTML spam with lines like
right" face=Arial> w
To catch this style of obfuscation, I did two rules,
being unsure how to escape the carets:
rawbody htmlobscu1 /\>\s*\w\s*\<\//
rawbody htmlobscu2 />\s*\w\s*<\//
both with scores and descriptions of course. Bu
> Damn shame that's not a cooking blog. Turkey with bacon, damn good
> eats.
Get the new, nutritious and very satiating SOYLENT GREEN! Better tasting
than SOYLENT BLUE and better looking than SOYLENT RED!
;)
(Anyone seen any soylent spam yet?)
Regs,
Sven
Title: RE: Question regarding meta rule handling
Hi,
> On Wed, Aug 03, 2005 at 08:18:16AM +0200, Sven Riedel wrote:
> > header __X Content-Type =~ /^(message|multipart)/i
> > rawbody __Y /\S/
> > meta Z ( !X && !Y )
> >
> > and yet the rule trigger
Hi,
a while back someone kindly posted a rule here that matches on
empty mails:
header __X Content-Type =~ /^(message|multipart)/i
rawbody __Y /\S/
meta Z ( !X && !Y )
Now I find that Z matches on all mails - investigation shows
that Y matches on all non-whitespaces as it should, and X
doesn't
Hi,
>I am using Spamassassin on our SMTP servers with almost 2 mails
> an hour. The problem is the machine is almost always heavily loaded.
> Spamassassin takes a lot of time and I think the Bayes checking /
> learning is the real cpu hog ?
Depending on how much and how often you're lear
Title: RE: Seeing where SpamAssassin rules hit
Hi,
I've added the possibiliy to read mail via stdin, the option to turn off the
X-Spam-Status behaviour and the possibility to explicity give existing rule
names to test against in the commandline.
Fixed the bug with rules matching despite none
Title: RE: Seeing where SpamAssassin rules hit
> tried the frist obvious test with:
>
> cat | sa_hits
>
> which results in a Usage message.
Yes, currently no piping of mail to stdin, as stated on the webpage :)
> Next try with:
>
> [EMAIL PROTECTED]:~/spam> sa_hits 5742
> Use of uniniti
Title: Seeing where SpamAssassin rules hit
Hi,
I've thrown together a perl script to show me where SA rules hit a mail by highlighting and colorizing the given areas, after looking for and not finding a similar tool. I originally did this to see where false positives come from with the more
Hi,
does anyone know offhand of a fairly comprehensive list of
Mail headers used, with a short explanation as to what
program adds what X-Header?
I've tried searching in google, but looking for something
like "Mail Header From: To: Subject: Received X-" will
of course return lots and lots of cru
Title: RE: SA vulnerability notice: spamd or perl class files?
> Perl module files, anyone using the Mail::SpamAssassin interface should
> upgrade.
Ok, thanks for clearing that up. :)
Regs,
Sven
Hi,
the SA vulnerability notice was a bit sparse regarding
what parts of SA are affected. Is the problem with
spamc/spamd or the perl class files? If it's the
later case, as someone using amavis as a SA frontend
would be hit, and would need to update too. :)
Regs,
Sven
--
Hi,
my bayesian databases are frequently broken (why, I'm not sure -
spamassassin is called via amavisd-new, the training takes place
via sa-lean and nothing else is accessing the databases).
I've included db_recover to my amavisd-new startup script, to
migitate the breakages. Somehow db_recover
Hi,
> Check out the interesting idea at www.rulesemporium.com/forums/
> entitled: Image attachment MD5 footprint RBL
Yes, that sounds cool. I wouldn't use MD5 though, since it would
be rather easy to work around cryptographical hashes with simple
automation.
Not going into details here, don't
Hi,
> I did receive an email with a lot of recipients but all of
> them where on a
> new line. Is this a spamsign?
Not only a spammer, but stupid as well.
In my experience very few spammers use those kind of headers.
Some still use multiple recipient in one To: or CC: header,
but even those
Hi,
has anyone developed a good strategy against spams
that contain a random text and the actual spam in
an image within a multipart/alternative mail?
Short of entirely blocking mails containing images, that
is.
Regs,
Sven
--
BAGHUS GmbH
EDV und Internet
> I suspect that you could do this as a plugin, but I also
> suspect you would
> have to take ugly liberties with the internal data storage in SA. For
> instance, I suspect (but do not know) that plugins are
> probably not supposed
> to modify the mail text.
Well, the modification would not be
> Or one could do like Theo, and strip all HTML content from
> the emails. :)
Or do that. I'd love to do that. But unfortunately, some users
actually like html mails. No accounting for taste :)
> The problem with the normalization, is like anything else.
> One mans ham,
> anothers spam. Repetit
Hi,
since a lot of spam nowadays tries to get past the filters
by multiplying random letters, wouldn't it make sense to
introduce normalization plugins to spamassassin?
These would run over the mail once before the actual scanning
starts, and perform transformations on the decoded mail body.
Some
Hi,
I've recently started getting spams that contain as a body the exact
same string as the subject and one URI underneath.
Is there any way to carry the result of one match forward to another?
Regs,
Sven
Hi,
is there a way to see how often a certain rule would
match in a mail (besides the obvious
body /.*.* ad nauseum/
) ?
I sometimes stumble across patterns that might be
legit once or twice in a mail, but they appear
a lot more often than that...
Regs,
Sven
21 matches
Mail list logo
