On 2/6/2013 7:41 PM, John Hardin wrote:
On Wed, 6 Feb 2013, John Hardin wrote:
On Wed, 6 Feb 2013, Eliezer Croitoru wrote:
body __HBRW_CHARS/[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
body __TOTAL_CHARS /[\x30-\x39\x41-\x5A\x61-\x7A\x80-\xFF]?/
Eliezer:
Apoligies for not noticing this the
On Wed, 6 Feb 2013, David B Funk wrote:
It's also easier to do an edit s/T_/__/g when you've got things working
to your satisfaction to move from testing to production.
s/ T_/ __/ please! :)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALa
On Wed, 6 Feb 2013, Martin Gregorie wrote:
On Wed, 2013-02-06 at 17:45 +0200, Eliezer Croitoru wrote:
Sorry but I didn't had much time to understand all of the rules syntax.
When developing a meta rule that combines subrules there';s littlew
point in writing descriptions for the subrules. In
On Wed, 6 Feb 2013, John Hardin wrote:
On Wed, 6 Feb 2013, Eliezer Croitoru wrote:
body __HBRW_CHARS/[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
body __TOTAL_CHARS /[\x30-\x39\x41-\x5A\x61-\x7A\x80-\xFF]?/
Eliezer:
Apoligies for not noticing this the first time through: lose the question
ma
On Wed, 6 Feb 2013, Martin Gregorie wrote:
body HSHCH /[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
body HSTCH /[\x30-\x39\x41-\x5A\x61-\x7A\x80-\xFF]?/
Why the question marks? They make the character optional, which in this
case makes the *entire RE* optional, which is a bad idea, esp
On Wed, 2013-02-06 at 17:45 +0200, Eliezer Croitoru wrote:
> Sorry but I didn't had much time to understand all of the rules syntax.
>
When developing a meta rule that combines subrules there';s littlew
point in writing descriptions for the subrules. In addition I find its
helpful to do the initi
>Subrules (those beginning with __) are not scored. Those score lines
have no effect, and should probably be removed to avoid confusion that
they actually *do* have an effect.
this might be the reason.
I will check later.
On 2/6/2013 5:40 PM, John Hardin wrote:
Typo. s/b FROM_FORM. Perhaps
On Wed, 6 Feb 2013, Eliezer Croitoru wrote:
Thanks,
I have checked the suggested rules like this:
header FROM_FORM From =~ /spamadmin\@ngtech.co.il/i
score FROM_FORM -0.1
body __HBRW_ENCODING /charset=\"windows-1255\"/
The fact that the charset= isn't a body part has already been menti
On 2/6/2013 11:04 AM, Wolfgang Zeikat wrote:
In an older episode, on 2013-02-06 09:53, Eliezer Croitoru wrote:
body __HBRW_ENCODING /charset=\"windows-1255\"/
score __HBRW_ENCODING -0.1
I use a rule
mimeheader LOCAL_1251_CHARSETContent-Type =~
/charset=.{0,3}windows-1251/i
IMHO, charset
In an older episode, on 2013-02-06 09:53, Eliezer Croitoru wrote:
body __HBRW_ENCODING /charset=\"windows-1255\"/
score __HBRW_ENCODING -0.1
I use a rule
mimeheader LOCAL_1251_CHARSETContent-Type =~
/charset=.{0,3}windows-1251/i
IMHO, charset is a MIME header, not a part of the message
Thanks,
I have checked the suggested rules like this:
header FROM_FORM From =~ /spamadmin\@ngtech.co.il/i
score FROM_FORM -0.1
body __HBRW_ENCODING /charset=\"windows-1255\"/
score __HBRW_ENCODING -0.1
body __HBRW_CHARS/[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
score __HBRW_CHARS -0.1
tflags
On Sun, 3 Feb 2013, Eliezer Croitoru wrote:
On 2/3/2013 7:23 AM, John Hardin wrote:
body __HBRW_CHARS/[\xc0-\xcb\xcd-\xdb\xdf-\xfb]/
tflags __HBRW_CHARSmultiple
body __TOTAL_CHARS /\S/
tflags __TOTAL_CHARS multiple
meta __HBRW_PCT ((__HBRW_CHARS * 100
On 2/3/2013 7:23 AM, John Hardin wrote:
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
I wrote something in ruby which actually works fine as a starter.
#code start
spam_content = "the long part from the
mail".force_encoding("Windows-1255")
template_hebrew_chars = 270
def hebrew_char(char)
if
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
I wrote something in ruby which actually works fine as a starter.
#code start
spam_content = "the long part from the mail".force_encoding("Windows-1255")
template_hebrew_chars = 270
def hebrew_char(char)
if (223..251).member?(char.unpack("H*")[0].
On 2/2/2013 11:01 PM, John Hardin wrote:
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
Yes I do understand that it's hard.
I worked a bit with perl so I might be able to write something that
will do that if dosn't exists already.
That's probably what it will take.
I will try to explain even m
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
Yes I do understand that it's hard.
I worked a bit with perl so I might be able to write something that will do
that if dosn't exists already.
That's probably what it will take.
I will try to explain even more.
The problem is that I get the mail w
On 2/2/2013 8:58 PM, John Hardin wrote:
That's the difficult part.
It's easy to look for specific strings in the body, or specific things
like the ratio of text to whitespace or text to images, but trying to
*interpret* the text to do something like detect which language it is in
is a *hard* pro
On Sat, 2013-02-02 at 20:23 +0200, Eliezer Croitoru wrote:
> On 2/2/2013 7:39 PM, Martin Gregorie wrote:
> > In that case something like this would work:
> >
> > describe EC_BANNED_ADDRESS Mail from a spamming address
> > header EC_BANNED_ADDRESS From =~ sender@spamming_address
> > scoreEC_BA
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
I just need to know about a pattern match in the content since it's a form.
There are existing rules to detect fill-in-the-form emails. Are any of the
FILL_FORM family of rules hitting those messages?
If the form text is in hebrew it likely won't;
On 2/2/2013 7:39 PM, Martin Gregorie wrote:
In that case something like this would work:
describe EC_BANNED_ADDRESS Mail from a spamming address
header EC_BANNED_ADDRESS From =~ sender@spamming_address
scoreEC_BANNED_ADDRESS 10.0
There's no point in writing rules against the message body
On Sat, 2013-02-02 at 19:26 +0200, Eliezer Croitoru wrote:
> I have specific mail address which I get messages couple times with a
> basic pattern which I want to block.
>
> I started reading:
> http://wiki.apache.org/spamassassin/WritingRules
>
> And I would be very happy to get some notes and
I have specific mail address which I get messages couple times with a
basic pattern which I want to block.
I started reading:
http://wiki.apache.org/spamassassin/WritingRules
And I would be very happy to get some notes and help about it.
- The mail is from specific mail address.
- The mail bod
22 matches
Mail list logo