SNIP
subject =~ /\b(?!cartoon|croatan|carroon)c[arto]{5}n\b/i
subject =~ /\b(?!downloadable)d[ownladb]{10}e\b/i
subject =~ /\b(?!dripping)d[ripn]{6}g\b/i
subject =~ /\b(?!ejaculating|enunciating)e[jacultin]{9}g\b/i
You can't use rules like this. The pattern can matches your first
Hello.
Following discussions on this list about obfuscating words to
avoid spam
detection, and not being a ninja, I'd like some feedback about the
possible efficacy or pitfalls on rules like the following.
As noted in other discussions, words with scrambled letters
between the
first and
Daniel
What would a suggested initial score be?
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Daniel Quinlan wrote:
Something close to this will be in 3.1, so you'll want to remove the
rule then, maybe name it something else too.
uri
Hello Daniel,
Thursday, February 3, 2005, 6:58:47 PM, you wrote:
DQ Something close to this will be in 3.1, so you'll want to remove
DQ the rule then, maybe name it something else too.
DQ uri URI_SCHEME_MIXED_CASE /^(?![a-z]{3,6}:|[A-Z]{3,6})[A-Za-z]{3,6}:\//
DQ describe
-Original Message-
From: MIKE YRABEDRA [mailto:[EMAIL PROTECTED]
Sent: Monday, January 10, 2005 11:02 AM
To: users@spamassassin.apache.org
Subject: Rule causing timeout
This is a follow up to last weeks post. I found that one of my
custom rules
was causing my server to bog down and
At 11:01 AM 1/10/2005, MIKE YRABEDRA wrote:
This is a follow up to last weeks post. I found that one of my custom rules
was causing my server to bog down and process real slow.
It started again today, so I started deleting rules one-by-one to see what
happened.
I deleted the Mangled rule and
I deleted the Mangled rule and instantly things improved 100%!
Any ideas or thoughts on this?
We'd have to see the rule, but it probably contains something like .*
someplace.
Loren
At 01:56 PM 1/7/2005, [EMAIL PROTECTED] wrote:
Is there a way to create a rule that use a external command ? I'd like to
do a rule to filter unknown domain.
Assuming 3.0.x this is possible. For Older versions, it's not without
hacking the SA code.
You'll need to write a perl plugin to do that.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Murty --
It should be easy enough to write a plugin which
- - registers an eval rule function
- - calls $permsgstatus-get_decoded_stripped_body_text_array() in that, to
get the array of decoded lines in the message (HTML stripped, MIME
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, January 03, 2005 1:18 PM
To: Murty Rompalli
Cc: users@spamassassin.apache.org
Subject: Re: Rule based on English words
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Murty --
It should be easy
At 08:29 AM 10/27/2004 -0500, you wrote:
Knowing that the more rules sets you add, the longer it takes to scan a
message, what rule sets do you recommend? I have found several sites with
sure sets such as The Rules Emporium and the SA wiki but I am certain I do
not need every rule set from those
On Wed, 6 Oct 2004 09:42:48 -0700, Loren Wilton wrote:
Haven't seen these myself, but if they are drug spams, make sure you have
the obfu drug rules installed and maybe up the score on some of them.
Should have gotten about 4 hits in that first sentence.
Yes, the drug rules are catching them,
[EMAIL PROTECTED] wrote:
Jay Hall wrote:
I am experiencing a problem with one of my rules that I
cannot seem to find.
I have the following rules defined.
rawbody __RAW_EXE_ATTACHMENT/filename=\.*\.exe\/i
rawbody __RAW_VBS_ATTACHMENT/filename=\.*\.exe\/i
rawbody __RAW_COM_ATTACHMENT
On 29 Sep 2004, at 16:10, Jay Hall wrote:
I changed the rules as you suggested, but e-mails with exe attachments
are still not being marked as SPAM. However, others are. Following
are the headers from an e-mail sent with an exe attachment.
div class=JediThese are not the headers you are
Jay Hall wrote:
I am experiencing a problem with one of my rules that I
cannot seem to find.
I have the following rules defined.
rawbody __RAW_EXE_ATTACHMENT /filename=\.*\.exe\/i
rawbody __RAW_VBS_ATTACHMENT /filename=\.*\.exe\/i
rawbody __RAW_COM_ATTACHMENT
[EMAIL PROTECTED] wrote:
Jay Hall wrote:
I am experiencing a problem with one of my rules that I
cannot seem to find.
I have the following rules defined.
rawbody __RAW_EXE_ATTACHMENT/filename=\.*\.exe\/i
rawbody __RAW_VBS_ATTACHMENT/filename=\.*\.exe\/i
rawbody __RAW_COM_ATTACHMENT
In my logic, there is no valid reason that a remote
sender would connect directly to our SMTP server from
their dynamic/DSL/cable IP to send our customer's an
email ... I think ? Valid 'remote to local' emails
being sent from these DSL/cable/dialup IP would
normally be relayed via
On Mon, 20 Sep 2004, Sherwood Botsford wrote:
In this case, you should get a smart host on some other mail server, and
authenticate against that. You are still an endpoint, and should not be
directly talking to mail servers. Only mail servers should talk to mail
servers.
-Dan
In my logic,
At 09:25 AM 9.20.2004 -0600, Sherwood Botsford wrote:
In my logic, there is no valid reason that a remote
sender would connect directly to our SMTP server from
their dynamic/DSL/cable IP to send our customer's an
email ... I think ? Valid 'remote to local' emails
being sent from these
The school I work at is some 20 km from the nearest phone
exchange. DSL, ADSL, Cable are all non-starters here. We
connect through DirecPC oneway. So our outbound connection
is thorugh Telus, our local phone company. They refuse to
give out a static IP.
Ok, so run your smtp through their
Loren Wilton wrote:
In my logic, there is no valid reason that a remote sender would connect
directly to our SMTP server from their dynamic/DSL/cable IP to send our
customer's an email ... I think ? Valid 'remote to local' emails being
sent from these DSL/cable/dialup IP would normally
Dan Mahoney, System Admin wrote:
(What's really annoying is that sendmail doesn't log the ip of the
remote connection until it's done (if you're blocking them) -- I'd love
to be able to create an RBL on this and nip it in the bud).
We use a variation of rumplekiller.pl for exactly this purpose:
On Wed, 15 Sep 2004, Matt Kettler wrote:
At 07:13 PM 9/15/2004, Dan Mahoney, System Admin wrote:
For example, my father's wife peggy has the domain peggytaggart.com, she
ONLY gives out the peggy@ email address for this.
For some unknown reason, the whole domain is popular with spammers. I've
Dan Mahoney, System Admin wrote:
Yes, I know this. I actually wrote something to create a RBL based on
virus senders. I'd just like to be able to drop (or maybe teergrube)
the connection in the BEGINNING instead of after the hangup.
Look into the sendmail config option BAD_RCPT_THROTTLE. The
On Wed, 15 Sep 2004, Kelson wrote:
Dan Mahoney, System Admin wrote:
Yes, I know this. I actually wrote something to create a RBL based on
virus senders. I'd just like to be able to drop (or maybe teergrube) the
connection in the BEGINNING instead of after the hangup.
Look into the sendmail
On Wed, 15 Sep 2004, Dan Mahoney, System Admin wrote:
Guys,
Given that some spammers like to just slam mail at everyone at an entire
domain, is there an option to greylist these addresses?
For example, my father's wife peggy has the domain peggytaggart.com, she
ONLY gives out the peggy@
Dan Mahoney, System Admin wrote:
Guys,
Given that some spammers like to just slam mail at everyone at an entire
domain, is there an option to greylist these addresses?
For example, my father's wife peggy has the domain peggytaggart.com, she
ONLY gives out the peggy@ email address for this.
For
On Thu, 16 Sep 2004, David B Funk wrote:
On Wed, 15 Sep 2004, Dan Mahoney, System Admin wrote:
Guys,
Given that some spammers like to just slam mail at everyone at an entire
domain, is there an option to greylist these addresses?
For example, my father's wife peggy has the domain peggytaggart.com,
901 - 928 of 928 matches
Mail list logo