Re: Custom rule help

On Wed, 4 Dec 2019 12:40:27 -0800 Chris Mulcahy wrote: > Hi. > > I’m relatively new to complex custom rules. I have plenty of simple > and some multi-condition rules but need something custom. > > My approach to using my domain name is bad but I started it in the > 90s so… I have some sites where

Re: Custom rule help

On Wed, 4 Dec 2019 12:40:27 -0800 Chris Mulcahy wrote: > Hi. > > I’m relatively new to complex custom rules. I have plenty of simple > and some multi-condition rules but need something custom. > > My approach to using my domain name is bad but I started it in the > 90s so… I have some sites

Re: Custom rule help

On Wed, 2019-12-04 at 14:22 -0800, Chris Mulcahy wrote: > Actually, I want it to score if there ISN’T a match. If I get an email > addressed to slashdot@example.com from an address that isn’t from > slashdot, it’s likely spam. > > Currently, I am doing like you mentioned with a bunch of

Re: Custom rule help

From: Martin Gregorie Reply: mar...@gregorie.org Date: December 4, 2019 at 4:12:22 PM To: users@spamassassin.apache.org Subject: Re: Custom rule help On Wed, 2019-12-04 at 12:40 -0800, Chris Mulcahy wrote: > I want a rule that scores if “sitename” is not in the From: line. If > the

Re: Custom rule help

On Wed, 2019-12-04 at 12:40 -0800, Chris Mulcahy wrote: > I want a rule that scores if “sitename” is not in the From: line. If > they send from i...@sitename.com, I’ll assume it’s legit. If sitename > does not exist, I’ll tick up the score a bit. I have done this for > some specific domains but

Custom rule help

Hi. I’m relatively new to complex custom rules. I have plenty of simple and some multi-condition rules but need something custom. My approach to using my domain name is bad but I started it in the 90s so… I have some sites where I gave them my email address as “ sitename@mydomain.com” so I

Re: Custom rule to please the Mayor

On 21.11.19 13:24, Dave Goodrich wrote: I know I will incur some wrath for this but I have the Mayor breathing down my neck. We stop nearly all spam now, but some does get through. Mostly it has been mail from gmail and outlook servers that pass DKIM and SPF. This morning a large number of

Re: Custom rule to please the Mayor

On Fri, 2019-11-22 at 13:01 +, RW wrote: > On Fri, 22 Nov 2019 00:00:53 + > Martin Gregorie wrote: > > > > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor > > header __SM1 From:name =~ /^John M Mayor$/ > > header __SM2 From:addr =~ /^john\@cityhall\.com$/

Re: Custom rule to please the Mayor

On Fri, 22 Nov 2019 00:00:53 + Martin Gregorie wrote: > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor > header __SM1 From:name =~ /^John M Mayor$/ > header __SM2 From:addr =~ /^john\@cityhall\.com$/ > meta SPOOFED_MAYOR (__SM1 && ! __SM2) || ! _SM1 >

Re: Custom rule to please the Mayor

Are you using or able to use 3.4.3-rc6 because there is a new feature for this that you can implement called subjprefix that can mark external emails with External in the subject.  Depends on your usage. On 11/21/2019 1:24 PM, Dave Goodrich wrote: > Good day, > > I know I will incur some wrath

Re: Custom rule to please the Mayor

On 2019-11-22 01:00, Martin Gregorie wrote: describe SPOOFED_MAYOR Check for spoofed mail from the Mayor header __SM1 From:name =~ /^John M Mayor$/ header __SM2 From:addr =~ /^john\@cityhall\.com$/ meta SPOOFED_MAYOR (__SM1 && ! __SM2) || ! _SM1 scoreSPOOFED_MAYOR

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 14:22 -0700, Grant Taylor wrote: > I like the logic. > > Unfortunately, you need to be very careful as you start to run into > all the text permutations / homograph attacks. > Fair comment. What you saw was hacked together to show the principle, but not tested. Here's a

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 14:22 -0700, Grant Taylor wrote: > On 11/21/19 12:14 PM, Martin Gregorie wrote: > > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor > > header __SM1 From:name /display name/ > > header __SM2 From:addr /email address/ > > meta

Re: Custom rule to please the Mayor

On Thu, 21 Nov 2019 11:12:47 -0800 Alan Hodgson wrote: > Make sure your real mail streams are authenticated with DKIM and > you're setup to use the whitelist_from_dkim rule; which I believe > requires the header added by opendkim on received mail. It doesn't.

Re: Custom rule to please the Mayor

On 11/21/19 12:14 PM, Martin Gregorie wrote: describe SPOOFED_MAYOR Check for spoofed mail from the Mayor header __SM1 From:name /display name/ header __SM2 From:addr /email address/ meta SPOOFED_MAYOR (__VM1 && ! __VM2) scoreSPOOFED_MAYOR 5.0 I like the logic.

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 13:24 -0500, Dave Goodrich wrote: > > Any thoughts on that or has anyone done something similar? > I have a similar rule that spotsfires on From: headers with @ in the name and a space in the address. I wrote it to spot rather obvious false senders, but something like the

Re: Custom rule to please the Mayor

mail. whitelist_from_dkim *@yourdomain your_signing_domain Then you can add a custom rule to add a large score to From =~ /mayor's name/ and variants , possibly meta'd with FREEMAIL_FROM if you're only concerned about gmail spoofs. It'll only be so useful but at least you can catch the strai

Custom rule to please the Mayor

Good day, I know I will incur some wrath for this but I have the Mayor breathing down my neck. We stop nearly all spam now, but some does get through. Mostly it has been mail from gmail and outlook servers that pass DKIM and SPF. This morning a large number of messages appearing to come from

Re: Custom rule aware of occurrences

On 9/15/2019 10:53 PM, Bert Van de Poel wrote: > Dear fellow Spamassassin users, > > I'm contacting you as a member of ULYSSIS. ULYSSIS is a student > non-profit organisation at the University of Leuven trying to make > computers and technology more approachable and available to students. > As

Custom rule aware of occurrences

Dear fellow Spamassassin users, I'm contacting you as a member of ULYSSIS. ULYSSIS is a student non-profit organisation at the University of Leuven trying to make computers and technology more approachable and available to students. As part of this objective, we run a hosting service within

Re: Method of setting score for a custom rule to be the required_score ?

On 27 Jun 2018, at 22:17, J Doe wrote: I went back to “man Mail::SpamAssassin::Conf” and can see mention of the shortcircuit plugin . . . is there more documentation (perhaps in another man or perldoc), where the shortcircuit keyword is mentioned ? perldoc

Re: Method of setting score for a custom rule to be the required_score ?

On 28/06/2018 04:17, J Doe wrote: I went back to “man Mail::SpamAssassin::Conf” and can see mention of the shortcircuit plugin . . . is there more documentation (perhaps in another man or perldoc), where the shortcircuit keyword is mentioned ? I'd say a good starting point would be

Re: Method of setting score for a custom rule to be the required_score ?

> On Jun 27, 2018, at 6:20 AM, Daniele Duca wrote: > Hi, > > I'd say that a better solution would be to use shortcircuit: > body __BODY_TEST1 . . . > body __BODY_TEST2 . . . > meta CUSTOM_RULE1(__BODY_TEST1 && __BODY_TEST2) > shortcircuit CUSTOM_RULE1 spam > > At least that saves

Re: Method of setting score for a custom rule to be the required_score ?

On 27/06/2018 02:15, J Doe wrote: Hi John, Ok, good to know. Is it possible with the SA grammar to have variables ?  I was thinking I’d have something like the following in my: /etc/spamassassin/local.cf     POISON_PILL = 100 Hi, I'd say that a better solution would be to use

Re: Method of setting score for a custom rule to be the required_score ?

is way, if the custom rule ever matches, it automatically scores the amount required to flag the message as spam because the score applied is the value of required_score. That's called a "poison pill rule", and generally you don't worry about hitting the required score exactly, you just set

Re: Method of setting score for a custom rule to be the required_score ?

> On Jun 26, 2018, at 12:13 AM, John Hardin <mailto:jhar...@impsec.org>> wrote: > >> Hello, >> >> I was wondering if it is possible to assign a score to a custom rule that >> will evaluate to the value that required_score is set to. >> >>

Re: Method of setting score for a custom rule to be the required_score ?

On Mon, 25 Jun 2018, J Doe wrote: Hello, I was wondering if it is possible to assign a score to a custom rule that will evaluate to the value that required_score is set to. My thinking here is that if this rule ever passes, it should not add a small value to the score but push the score up

Method of setting score for a custom rule to be the required_score ?

Hello, I was wondering if it is possible to assign a score to a custom rule that will evaluate to the value that required_score is set to. My thinking here is that if this rule ever passes, it should not add a small value to the score but push the score up to the value that required_score

Re: BODY custom rule not working if text and html parts are different?

On Mon, 2 Apr 2018, Pedro David Marco wrote: Yeah, just confirmed. A non-obfuscated URI in plain-text body part is recognized and extracted for uri rules. Thanks John...  can you provide any pastebein sample please??...  It's trivially easy to add a URI to the text body part of any test

Re: BODY custom rule not working if text and html parts are different?

>Yeah, just confirmed. A non-obfuscated URI in plain-text body part is >recognized and extracted for uri rules. Thanks John...  can you provide any pastebein sample please??...  PedroD

Re: BODY custom rule not working if text and html parts are different?

On 01/04/18 19:18, John Hardin wrote: On Sun, 1 Apr 2018, John Hardin wrote: On Sun, 1 Apr 2018, Matus UHLAR - fantomas wrote: On 01.04.18 05:47, Pedro David Marco wrote: This is a problem i see oftenly... what if the URL is only in the TEXT part  and not in the HTML?  many email

Re: BODY custom rule not working if text and html parts are different?

On Sun, 1 Apr 2018, John Hardin wrote: On Sun, 1 Apr 2018, Matus UHLAR - fantomas wrote: On 01.04.18 05:47, Pedro David Marco wrote: This is a problem i see oftenly... what if the URL is only in the TEXT part  and not in the HTML?  many email aplications show those URLs as clickable as if

Re: BODY custom rule not working if text and html parts are different?

On Sun, 1 Apr 2018, Matus UHLAR - fantomas wrote: On 01.04.18 05:47, Pedro David Marco wrote: This is a problem i see oftenly... what if the URL is only in the TEXT part  and not in the HTML?  many email aplications show those URLs as clickable as if they were valid HTML HREFs when they are

Re: BODY custom rule not working if text and html parts are different?

On 01/04/18 07:10, Matus UHLAR - fantomas wrote: On 01.04.18 05:47, Pedro David Marco wrote: This is a problem i see oftenly... what if the URL is only in the TEXT part  and not in the HTML?  many email aplications show those URLs as clickable as if they were valid HTML HREFs when they are

Re: BODY custom rule not working if text and html parts are different?

2018-04-01 2:47 GMT-03:00 Pedro David Marco : > This is a problem i see oftenly... > > what if the URL is only in the TEXT part and not in the HTML? many email > aplications show those URLs as clickable as if they were valid HTML HREFs > when they are not... > We have a

Re: BODY custom rule not working if text and html parts are different?

On 01.04.18 05:47, Pedro David Marco wrote: This is a problem i see oftenly... what if the URL is only in the TEXT part  and not in the HTML?  many email aplications show those URLs as clickable as if they were valid HTML HREFs when they are not... in this case, body rule matches, but uri

Re: BODY custom rule not working if text and html parts are different?

This is a problem i see oftenly... what if the URL is only in the TEXT part  and not in the HTML?  many email aplications show those URLs as clickable as if they were valid HTML HREFs when they are not... -PedroD

Re: BODY custom rule not working if text and html parts are different?

On 31/03/18 22:39, John Hardin wrote: On Sat, 31 Mar 2018, Sebastian Arcus wrote: I have a really simple rule looking for custom text string contained in spam urls in the body of the email, like so: body  SHORT_BITCOIN_DATING    /specific_string_here/i score SHORT_BITCOIN_DATING   

Re: BODY custom rule not working if text and html parts are different?

On Sat, 31 Mar 2018, Sebastian Arcus wrote: I have a really simple rule looking for custom text string contained in spam urls in the body of the email, like so: body SHORT_BITCOIN_DATING/specific_string_here/i score SHORT_BITCOIN_DATING3.0 describe SHORT_BITCOIN_DATING

BODY custom rule not working if text and html parts are different?

I have a really simple rule looking for custom text string contained in spam urls in the body of the email, like so: body SHORT_BITCOIN_DATING/specific_string_here/i score SHORT_BITCOIN_DATING3.0 describe SHORT_BITCOIN_DATINGBody URL signature of spam I just realised that

Re: Custom rule don't match without empty line before the string!

On 2018-02-23 (02:15 MST), saqariden wrote: > > our mailing service is not for external use, So the users are not supposed to > send or receive B64 encoded mails. I've never seen anyone *intentionally* sent base64 mails (I mean, people, not spammers). That is

Re: Custom rule don't match without empty line before the string!

On 22/02/2018 17:48, RW wrote: On Thu, 22 Feb 2018 10:35:48 -0600 (CST) David B Funk wrote: On Thu, 22 Feb 2018, RW wrote: On Thu, 22 Feb 2018 15:54:45 +0100 saqariden wrote: Hello guys, I have the following SA rule which is supposed to block base64 encoded mails: This may be

Re: Custom rule don't match without empty line before the string!

On 2018-02-22 (07:54 MST), saqariden wrote: > > I have the following SA rule which is supposed to block base64 encoded mails: Wow. You are going to block a lot of legitimate email that way. > bodyEN_BASE64_B/(Content-Transfer-Encoding:

Re: Custom rule don't match without empty line before the string!

On Thu, 22 Feb 2018 10:35:48 -0600 (CST) David B Funk wrote: > On Thu, 22 Feb 2018, RW wrote: > > > On Thu, 22 Feb 2018 15:54:45 +0100 > > saqariden wrote: > > > >> Hello guys, > >> > >> I have the following SA rule which is supposed to block base64 > >> encoded mails: > > > > This may be

Re: Custom rule don't match without empty line before the string!

On Thu, 22 Feb 2018, RW wrote: On Thu, 22 Feb 2018 15:54:45 +0100 saqariden wrote: Hello guys, I have the following SA rule which is supposed to block base64 encoded mails: This may be dangerous. If someone doesn't wish to use 8bit text then base64 encoding of UTF-8 is a sensible choice;

Re: Custom rule don't match without empty line before the string!

On Thu, 22 Feb 2018 15:54:45 +0100 saqariden wrote: > Hello guys, > > I have the following SA rule which is supposed to block base64 > encoded mails: This may be dangerous. If someone doesn't wish to use 8bit text then base64 encoding of UTF-8 is a sensible choice; QP is very inefficient

Custom rule don't match without empty line before the string!

Hello guys, I have the following SA rule which is supposed to block base64 encoded mails: bodyEN_BASE64_B/(Content-Transfer-Encoding: base64\sContent-Type: text\/(plain|html); charset="?utf-8"?)|(Content-Type: text\/(plain|html);

Re: Custom rule not applied when running Postfix + SA

On 2/20/2017 6:54 AM, aquilinux wrote: Hi all, i noticed that a custom rule i created (in /etc/spamassassin/local.cf <http://local.cf>) is not applied in the regular postfix + spamassassin flow but it is when i pipe the mail to spamc or spamassassin. 1) normal flow with postfix spamas

Custom rule not applied when running Postfix + SA

Hi all, i noticed that a custom rule i created (in /etc/spamassassin/ local.cf) is not applied in the regular postfix + spamassassin flow but it is when i pipe the mail to spamc or spamassassin. 1) normal flow with postfix spamassassinunix- n n - 30 pipe

Re: Custom rule problem

On 1/31/2017 3:22 PM, Zinski, Steve wrote: Sorry for the trouble, everyone… I had been forwarding the spam through my personal IMAP account (to test my rule) which was apparently blocking it. I forwarded it using my gmail account and my new rule fired. I feel like an idiot. Steve I suggest

Re: Custom rule problem

On 1/31/2017 3:22 PM, Zinski, Steve wrote: Sorry for the trouble, everyone… I had been forwarding the spam through my personal IMAP account (to test my rule) which was apparently blocking it. I forwarded it using my gmail account and my new rule fired. I feel like an idiot. No worries.

Re: Custom rule problem

body rule __BUGGED_IMG ==> got hit: "http://trc.spam_domain_redacted.com/redirect.php?email=re; > On 1/31/17, 11:36 AM, "John Hardin" <jhar...@impsec.org> wrote: > >On Tue, 31 Jan 2017, Zinski, Steve wrote: > >>

Re: Custom rule problem

On Tue, 2017-01-31 at 11:53 -0800, John Hardin wrote: > On Tue, 31 Jan 2017, Zinski, Steve wrote: > > > Here’s the “view source” of the message in question. > > > > http://pastebin.com/AnwkAf9t > > > > Again, it’s line 88 that I’m trying to match. > > ...let's try this again... > > A uri rule

Re: Custom rule problem

/31/17, 11:36 AM, "John Hardin" <jhar...@impsec.org> wrote: On Tue, 31 Jan 2017, Zinski, Steve wrote: > I’m trying to write a custom rule to block a certain type of spam. When I view the message source, the very last lines of the spam look like this: >

Re: Custom rule problem

Here’s the “view source” of the message in question. http://pastebin.com/AnwkAf9t Again, it’s line 88 that I’m trying to match. Thanks. On 1/31/17, 11:36 AM, "John Hardin" <jhar...@impsec.org> wrote: On Tue, 31 Jan 2017, Zinski, Steve wrote: > I’m trying to

Re: Custom rule problem

On Tue, 31 Jan 2017, Zinski, Steve wrote: I’m trying to write a custom rule to block a certain type of spam. When I view the message source, the very last lines of the spam look like this: http://trc.spammersdomain.com/redirect.php?email=redac...@richmond.edu;> Every single rule that I

Re: Custom rule problem

On 1/31/2017 10:45 AM, Zinski, Steve wrote: Hello, I have a problem that I hope someone can help me with. I’m trying to write a custom rule to block a certain type of spam. When I view the message source, the very last lines of the spam look like this: src="http://trc.spammersdomai

Custom rule problem

Hello, I have a problem that I hope someone can help me with. I’m trying to write a custom rule to block a certain type of spam. When I view the message source, the very last lines of the spam look like this: http://trc.spammersdomain.com/redirect.php?email=redac...@richmond.edu;> Ev

Re: Custom rule problem

On Tuesday 31 January 2017 at 16:45:34, Zinski, Steve wrote: > Hello, I have a problem that I hope someone can help me with. > > I’m trying to write a custom rule to block a certain type of spam. When I > view the message source, the very last lines of the spam look like this:

Re: Custom rule based on AWL score

On 24/10/16 16:46, John Hardin wrote: Paul: I haven't looked at the plugin myself yet, but here's a suggestion: have a mode where you can mark a RE as capturing a numeric value, and the rule's hit value is the value that the RE captured. This would (for example) let the AWL/TXREP mean be

Re: Custom rule based on AWL score

On 24/10/16 16:46, John Hardin wrote: Paul: I haven't looked at the plugin myself yet, but here's a suggestion: have a mode where you can mark a RE as capturing a numeric value, and the rule's hit value is the value that the RE captured. This would (for example) let the AWL/TXREP mean be

Re: Custom rule based on AWL score

On Mon, 24 Oct 2016, SimpleRezo wrote: So, to the OP: try the tagmatch plugin to look at where _AWLMEAN_ is (e.g.) <= -1 and _AWLCOUNT_ is greater than (e.g.) 10 and that may get you what you want for a meta to use with the rules you want to control. Thank you Paul & John, it looks like I

Re: Custom rule based on AWL score

065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123131.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Custom rule based on AWL score

On Fri, 21 Oct 2016, Paul Stead wrote: On 21/10/16 18:40, Paul Stead wrote: On 21/10/16 16:22, John Hardin wrote: > I was going to say: you can't write a rule based on the *current* AWL > adjustment because that's calculated after all the rules have hit. But > SA *could* potentially have a

Re: Custom rule based on AWL score

On 21/10/16 18:40, Paul Stead wrote: On 21/10/16 16:22, John Hardin wrote: I was going to say: you can't write a rule based on the *current* AWL adjustment because that's calculated after all the rules have hit. But SA *could* potentially have a rule that checks the current historical average

Re: Custom rule based on AWL score

On 21/10/16 18:53, Paul Stead wrote: tagmatch TAGMATCH_TXREP_IP_LOWSCORE _TXREP_IP_MEAN_ /^\-[0-9]{2,}(?:\.[0-9]+)?$/ describe TAGMATCH_TXREP_IP_LOWSCORE TxRep mean score quite low scoreTAGMATCH_TXREP_IP_HIGHSCORE -0.1 Also - typo on score rulename! -- Paul Stead Systems Engineer Zen

Re: Custom rule based on AWL score

On 21/10/16 18:40, Paul Stead wrote: A plugin I've developed could be handy here: https://github.com/fmbla/spamassassin-tagmatch tagmatch TAGMATCH_TXREP_IP_HIGHSCORE _TXREP_IP_MEAN_ /^[1-9][0-9]+(?:\.[0-9]+)?$/ describe TAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large score

Re: Custom rule based on AWL score

On 21/10/16 16:22, John Hardin wrote: I was going to say: you can't write a rule based on the *current* AWL adjustment because that's calculated after all the rules have hit. But SA *could* potentially have a rule that checks the current historical average that AWL uses... I suggest you file a

Re: Custom rule based on AWL score

On Fri, 21 Oct 2016, Axb wrote: On 10/21/2016 04:43 PM, Bill Cole wrote: The blocker to that approach has already been stated: they have no mechanism for users to add their contacts to the SA static whitelist. Imo, this you'd normally do at MTA and/or glue level to bypass expensive SA

Re: Custom rule based on AWL score

On Fri, 21 Oct 2016, Kevin Golding wrote: On Fri, 21 Oct 2016 11:48:41 +0100, simplerezo wrote: > very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for example,

Re: Custom rule based on AWL score

On 10/21/2016 04:43 PM, Bill Cole wrote: The blocker to that approach has already been stated: they have no mechanism for users to add their contacts to the SA static whitelist. Imo, this you'd normally do at MTA and/or glue level to bypass expensive SA content scanning and save time &

Re: Custom rule based on AWL score

On 20 Oct 2016, at 12:14, Ian Zimmerman wrote: Whitelisted senders get a _huge_ bonus (I think it's 100 points by default, maybe customizable), so they won't be affected if you do it right. The blocker to that approach has already been stated: they have no mechanism for users to add their

Re: Custom rule based on AWL score

On 10/21/2016 6:48 AM, simplerezo wrote: it also helps frequent spammers known to spam to prevent false negative. Absolutely. very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for

Re: R: Custom rule based on AWL score

On 20/10/16 17:44, Nicola Piazzi wrote: Why not try my powerful plugin to reduce score of known users ? Is based on people that answer to us and in my case, after 3 week of learning, it HIT 70% of incoming messages that are absolutely ham Looks really interesting. How it behaves in ipv6

Re: Custom rule based on AWL score

On Fri, 21 Oct 2016 03:48:41 -0700 (MST) simplerezo wrote: > > it also helps frequent spammers known to spam to prevent false > > negative. > > Absolutely. > > > very unknown users can't by definition hit AWL. > > That's why my wanted rule is score(AWL) > -1 : all users that have > not yet

Re: Custom rule based on AWL score

my users to configure this, and most of them are already finding IT too much complicated :) -- Clement SimpleRezo http://www.simplerezo.com/ -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123102.html Sent from the SpamAssassi

Re: Custom rule based on AWL score

On 20.10.16 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. it also helps frequent spammers known to spam to prevent false negative. That's exactly what I want to rely

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016, Bowie Bailey wrote: On 10/20/2016 12:55 PM, David B Funk wrote: On Thu, 20 Oct 2016, John Hardin wrote: > On Thu, 20 Oct 2016, Ian Zimmerman wrote: > > > On 2016-10-20 08:34, simplerezo wrote: > > > > > My understanding is that AWL is helping frequent senders who

Re: Custom rule based on AWL score

On 10/20/2016 12:55 PM, David B Funk wrote: On Thu, 20 Oct 2016, John Hardin wrote: On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score,

Re: R: Custom rule based on AWL score

On 10/20/2016 06:44 PM, Nicola Piazzi wrote: Why not try my powerful plugin to reduce score of known users ? Is based on people that answer to us and in my case, after 3 week of learning, it HIT 70% of incoming messages that are absolutely ham http://saplugin.16mb.com/ If you mean your OW

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016, John Hardin wrote: On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. That's exactly what I

R: Custom rule based on AWL score

Bologna - Italia Tel.  +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it -Messaggio originale- Da: John Hardin [mailto:jhar...@impsec.org] Inviato: giovedì 20 ottobre 2016 18:36 A: users@spamassassin.apache.org Oggetto: Re: Custom rule based on AWL score On Thu, 20 Oct

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. That's exactly what I want to rely on for my rules: adding score

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016 08:34:04 -0700 (MST) simplerezo wrote: > My understanding is that AWL is helping frequent senders who are > known to not send spam to "reduce" their spam score, preventing false > positive. Which is why I pointed you towards a short paragraph that describes what it actually

Re: Custom rule based on AWL score

On 2016-10-20 08:34, simplerezo wrote: > My understanding is that AWL is helping frequent senders who are known > to not send spam to "reduce" their spam score, preventing false > positive. That's exactly what I want to rely on for my rules: adding > score for mail with "invoice" pretention and

Re: Custom rule based on AWL score

r very unknown users (or spammers). -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123091.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016 08:01:17 -0700 (MST) simplerezo wrote: > Because our users cannot easyly add all theirs contacts to whitelist. > > AWL is a great feature, and it's working well: so it would be nice > for us to put some restrictives rules only active for "unknown" users > (example: "invoices"

Re: Custom rule based on AWL score

http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123089.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016 03:55:29 -0700 (MST) simplerezo wrote: > Hi, > > Is it possible to write rule based on AWL score? No > We have some customs rules that we don't want to enable for > "well-known" contacts... Why not just whitelist them?

Custom rule based on AWL score

-0.01 But it does not seems to work... -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: custom rule based on score of other rule(s)

Am 11.01.2016 um 10:17 schrieb Melters, Fabian: Hi, is it possible to create custom rules based in the score of other rule(s)? for example: TEST1 finished with a score of 1.24, TEST2 finished with a score of 0.8. Now we create a meta test which is only matching if TEST1+TEST2>2.0

custom rule based on score of other rule(s)

Hi, is it possible to create custom rules based in the score of other rule(s)? for example: TEST1 finished with a score of 1.24, TEST2 finished with a score of 0.8. Now we create a meta test which is only matching if TEST1+TEST2>2.0 and then gives additional 2 Points. thanks in

Re: custom rule based on score of other rule(s)

On 01/11/2016 10:17 AM, Melters, Fabian wrote: Hi, is it possible to create custom rules based in the score of other rule(s)? for example: TEST1 finished with a score of 1.24, TEST2 finished with a score of 0.8. Now we create a meta test which is only matching if TEST1+TEST2>2.0 and

Re: custom rule based on score of other rule(s)

On Mon, 11 Jan 2016 10:17:21 +0100 Melters, Fabian wrote: > Hi, > > is it possible to create custom rules based in the score of other > rule(s)? > > for example: >TEST1 finished with a score of 1.24, TEST2 finished with a score > of 0.8. >Now we create a meta test which is only

Re: Support for custom rule, rule seems to be ignored

On Fri, 1 Jan 2016 19:37:26 +0100 Sebastian Wolfgarten wrote: > Dear all, > > I wish you and your families a happy, prosperous and healthy year > 2016! > > As for me, I am spending the first day of the new year battling with > some custom SA rule that seems to be ignored: > > header FR_Spam2

Re: Support for custom rule, rule seems to be ignored

On Sat, 2 Jan 2016, Bill Cole wrote: On 2 Jan 2016, at 9:11, RW wrote: 1. \d{1,2}+ doesn't make any sense, you need either {1,2} or + It's a bit esoteric, but here's what the perlre man page says: {n,m}+ Match at least n but not more than m times and give nothing back Put

Re: Support for custom rule, rule seems to be ignored

Hi, many thanks for your feedback. This is to confirm the following rule seems to work: header French_Spam10 ALL =~ / e\d{1,2}\.\S+\.fr /i score French_Spam10 3.5 Many thanks for all those that supported me in the troubleshooting process. Best regards Sebastian > Am 02.01.2016 um 15:11

Re: Support for custom rule, rule seems to be ignored

On 2 Jan 2016, at 9:11, RW wrote: 1. \d{1,2}+ doesn't make any sense, you need either {1,2} or + It's a bit esoteric, but here's what the perlre man page says: {n,m}+ Match at least n but not more than m times and give nothing back Put another way: possessive but not greedy. In

Support for custom rule, rule seems to be ignored

Dear all, I wish you and your families a happy, prosperous and healthy year 2016! As for me, I am spending the first day of the new year battling with some custom SA rule that seems to be ignored: header FR_Spam2 Received =~ /e\d{1,2}+\.(.*)\.fr/i score FR_Spam2 3.5 Is this rule correct from

Re: Support for custom rule, rule seems to be ignored

On 1/1/2016 1:37 PM, Sebastian Wolfgarten wrote: Dear all, I wish you and your families a happy, prosperous and healthy year 2016! As for me, I am spending the first day of the new year battling with some custom SA rule that seems to be ignored: header FR_Spam2 Received =~

  1   2   3   >