I personally am probably not interested in mail from people who don't
know how to set their system's time but you could implement it using
a threshold. To me that's a lot better than assuming an n hour
difference b/w Received and Date: etc which the sender can easily
forge. Unless the Recei
Robert Nicholson wrote:
If you converted all times to GMT and compared them against now and if
they were > now how often would that be FPing?
I suppose that the spam hit rate would go up a little for the
DATE_IN_FUTURE_* rules, while the ham hit rate (caused by the thousands
of people who don
If you converted all times to GMT and compared them against now and if they were > now how often would that be FPing?On Sep 10, 2006, at 2:21 PM, Daryl C. W. O'Shea wrote: Accepting to folder lists/unix/spamassassin-usersFrom: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]>Date: September 10, 2006 2:21
I haven't read any of the rest of this thread, but I'll respond to the
latest...
Robert Nicholson wrote:
Well either way. Assuming that the lowest numbered date diff represents
the real receive time is niave at best.
As is assuming that the rule assumes that the times are real.
Comparing the
Well either way. Assuming that the lowest numbered date diff
represents the real receive time is niave at best.
On Sep 10, 2006, at 2:03 PM, Daryl C. W. O'Shea wrote:
Robert Nicholson wrote:
This looks to be something Spammers are deliberately working
around as how could you possibly get t
Robert Nicholson wrote:
This looks to be something Spammers are deliberately working around as
how could you possibly get two received headers with the same date, time
to the second?
That's like saying how could you possibly get two received headers with
the same date, time to the minute or
So if I use the following instead it then fires the rule # use the date with the smallest absolute difference # (experimentally, this results in the fewest false positives) @diffs = sort { abs($a) <=> abs($b) } @diffs; # pick the first one that isn't 0 foreach my $diff (@diffs) { next if
i'm guessing what happened here was that it took the first Received header... which is the same as the Date: header.What i'd rather it take though is the header closest to me.so instead of usingReceived: from [61.15.158.107] (helo=[71353437]) by caching4-true.asianet.co.th with smtp (Exim 4.60 (Fre