On 27.09.22 07:56, Kevin A. McGrail wrote:
I use upstream filtering all the time to add points with SA but I
typically due it with headers. Does Fortinet add any headers?
it does for spam detection, not when it removed suspicious attachments.
Especially depending on the size of emails, the
Hi matus,
I use upstream filtering all the time to add points with SA but I
typically due it with headers. Does Fortinet add any headers?
Especially depending on the size of emails, the attachment parsing
plugins like OCR you might have, etc. your rule could get pretty heavy
in terms of
Hello,
some of mailservers I admin are behind fortinet device that does content
inspection and removes viruses by replacing them with content:
--=_NextPart_000_0012_F7463AA1.9316ADCB
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Length: 221
Connection:
Do you test on a production server, other (test) server, or local
mbox with Mutt as your client?
There are lots of possibilities. I test using a big (and growing) spam
collection, which I keep so I can regression test my current rule set.
Thats quite crude: if everything in the collection is
On 2015-07-18 04:54, Martin Gregorie wrote:
There are lots of possibilities. I test using a big (and growing) spam
collection, which I keep so I can regression test my current rule set.
Thats quite crude: if everything in the collection is recognised as
spam, nothing gets flagged up during the
on an attachment
Hope this helps and perhaps you can edit our wiki and add any ideas you
find useful for others!
After searching, I'm still having a hard time understanding
conventional SA rule checking/debugging methods. I've been going my
own route so far, but I would like to have a basic
On 2015-07-17 16:49, Kevin A. McGrail wrote:
We use maildir most of the time on our servers. Is that a problem or
are you referring to a mbox file on a client machine? I never ran
spamassassin on a client before. Sorry, just trying to understand your
test environment.
I usually am working
On 7/17/2015 5:39 PM, a...@satester.com wrote:
On 2015-07-17 09:27, Kevin A. McGrail wrote:
On 7/16/2015 8:00 PM, Allen Marsalis wrote:
Can you elaborate on the macros any?
Sure. Mutt is a very powerful little mail client and it's perfect for
me for analysis of mbox files.
We use maildir
On 2015-07-17 09:27, Kevin A. McGrail wrote:
On 7/16/2015 8:00 PM, Allen Marsalis wrote:
Can you elaborate on the macros any?
Sure. Mutt is a very powerful little mail client and it's perfect for
me for analysis of mbox files.
We use maildir most of the time on our servers. Is that a
On 7/15/2015 6:41 PM, a...@satester.com wrote:
I started writing SA rules about a year ago. Although I am new to this
list, I have been lurking for quite a while. I would like to thank
Kevin McGrail and others for providing rules and tips that inspires me
to write my own custom rules.
Today
On 7/16/2015 8:28 AM, a...@satester.com wrote:
On 2015-07-16 04:53, Kevin A. McGrail wrote:
You might find the regression_tests.cf in the trunk rules/ dir
interesting. It's a way of giving strings you want to hit/not-hit on
rules and see if it properly hits/doesn't hit as you expect.
I also
On 16.07.2015 14:28, a...@satester.com wrote:
On 2015-07-16 04:53, Kevin A. McGrail wrote:
You might find the regression_tests.cf in the trunk rules/ dir
interesting. It's a way of giving strings you want to hit/not-hit on
rules and see if it properly hits/doesn't hit as you expect.
I also
On 2015-07-16 04:53, Kevin A. McGrail wrote:
You might find the regression_tests.cf in the trunk rules/ dir
interesting. It's a way of giving strings you want to hit/not-hit on
rules and see if it properly hits/doesn't hit as you expect.
I also use mutt and a few macros such as one that run
On 2015-07-16 07:32, Axb wrote:
header __KAM_NOTINMYNETWORK1 X-No-Relay =~ /./i
header __KAM_MULTIPLE_FROM From =~ /^./
I think I get the first one (if anything exists in X-No-Relay) but
I'll
have to look deeper to understand why you would trigger on any From
address. Anyway I'm having fun,
spamassassin -t
21 with a prompt for a keyword. Helpful for debugging.
Can you elaborate on the macros any? After searching, I'm still having a
hard time understanding conventional SA rule checking/debugging methods.
I've been going my own route so far, but I would like to have a basic
Anyone experinced SA rule URIBL (spammhaus/local.cf) score false positive?
—
uridnsbl URIBL_SBLXBL sbl-xbl.spamhaus.orghttp://sbl-xbl.spamhaus.org. TXT
body URIBL_SBLXBL eval:check_uridnsbl('URIBL_SBLXBL’)
—
All of a sudden, it scores 40-50% false positive, latest 2-3 days. All summin
On 12/19/2014 11:55 AM, Dharma Monie wrote:
Anyone experinced SA rule URIBL (spammhaus/local.cf) score false positive?
—
uridnsbl URIBL_SBLXBL sbl-xbl.spamhaus.orghttp://sbl-xbl.spamhaus.org. TXT
body URIBL_SBLXBL eval:check_uridnsbl('URIBL_SBLXBL’)
—
All of a sudden, it scores 40-50
on this is most welcome.
// Dharma Moniemailto:dha...@dharmacode.se
On 19 Dec 2014, at 12:01, Axb axb.li...@gmail.commailto:axb.li...@gmail.com
wrote:
On 12/19/2014 11:55 AM, Dharma Monie wrote:
Anyone experinced SA rule URIBL (spammhaus/local.cf) score false positive?
—
uridnsbl
hit that lookup?
// Dharma Moniemailto:dha...@dharmacode.se
On 19 Dec 2014, at 12:01, Axb axb.li...@gmail.commailto:axb.li...@gmail.com
wrote:
On 12/19/2014 11:55 AM, Dharma Monie wrote:
Anyone experinced SA rule URIBL (spammhaus/local.cf) score false positive?
—
uridnsbl URIBL_SBLXBL
sbl
On 12/19/2014 12:28 PM, Dharma Monie wrote:
The rule is shipped with SA by default,
regarding if it’s enabled by default - checking against that exact uribl - I’m
affraid I can’t provide you with
a satisfying answer there, as I was not the initial admin configuring “this”
file.
On 19.12.14
On Fri, 19 Dec 2014 14:12:47 +0100
Matus UHLAR - fantomas wrote:
On 12/19/2014 12:28 PM, Dharma Monie wrote:
The rule is shipped with SA by default,
regarding if it?s enabled by default - checking against that exact
uribl - I?m affraid I can?t provide you with a satisfying answer
there, as I
Acording to this
https://twitter.com/spamhaus/status/545139926191575040 , 2 days ago
Spamhaus DBL had an issue and flagged all .net .
Perhaps it's related somehow .
José Borges Ferreira
On Fri, Dec 19, 2014 at 10:55 AM, Dharma Monie dha...@dimachosting.net wrote:
Anyone experinced SA rule
On 28. jun. 2014 22.46.48 CEST, RW rwmailli...@googlemail.com wrote:
remove_header clear_headers and add_header control the new headers
that are added at the end of the scan. The preexisting X-Spam-* headers
are all stripped before the header tests begin.
On 29.06.14 04:11, Benny Pedersen
On Fri, 27 Jun 2014 20:43:19 -0500 (CDT)
David B Funk wrote:
Looking at my mail streams I see evidence that spammers sometimes
add faked SpamAssassin headers to their messages (I assume to try
to trick recipients into thinking that the message has already been
given a clean bill-of-health).
On 06/28/2014 03:43 AM, David B Funk wrote:
Looking at my mail streams I see evidence that spammers sometimes
add faked SpamAssassin headers to their messages (I assume to try
to trick recipients into thinking that the message has already been
given a clean bill-of-health).
I wrote a few test
On Sat, 28 Jun 2014 15:05:00 +0200
Axb wrote:
On 06/28/2014 03:43 AM, David B Funk wrote:
Checking the SA source I found in PerMsgStatus.pm a line of code:
$self-{msg}-delete_header('X-Spam-.*');
that ran before any tests. So looking for SA headers inside of SA
is pointless.
see
On 06/28/2014 03:21 PM, RW wrote:
On Sat, 28 Jun 2014 15:05:00 +0200
Axb wrote:
On 06/28/2014 03:43 AM, David B Funk wrote:
Checking the SA source I found in PerMsgStatus.pm a line of code:
$self-{msg}-delete_header('X-Spam-.*');
that ran before any tests. So looking for SA headers
On Sat, 28 Jun 2014, RW wrote:
On Fri, 27 Jun 2014 20:43:19 -0500 (CDT)
David B Funk wrote:
Looking at my mail streams I see evidence that spammers sometimes
add faked SpamAssassin headers to their messages (I assume to try
to trick recipients into thinking that the message has already been
On Sat, 28 Jun 2014 15:30:44 +0200
Axb wrote:
On 06/28/2014 03:21 PM, RW wrote:
I don't see how that helps. It allows you to customize the headers
written by SA, but it doesn't stop it stripping all the pre-existing
X-Spam-* headers.
remove_header ham
and only leave the pre tagged
On 28. jun. 2014 22.46.48 CEST, RW rwmailli...@googlemail.com wrote:
remove_header clear_headers and add_header control the new headers
that are added at the end of the scan. The preexisting X-Spam-* headers
are all stripped before the header tests begin.
this potently breaks dkim signed mails
Looking at my mail streams I see evidence that spammers sometimes
add faked SpamAssassin headers to their messages (I assume to try
to trick recipients into thinking that the message has already been
given a clean bill-of-health).
I wrote a few test rules to look for these pre-existing X-Spam-
28.06.2014 04:43, David B Funk kirjoitti:
Looking at my mail streams I see evidence that spammers sometimes
add faked SpamAssassin headers to their messages (I assume to try
to trick recipients into thinking that the message has already been
given a clean bill-of-health).
I wrote a few test
28.06.2014 05:47, Jari Fredriksson kirjoitti:
28.06.2014 04:43, David B Funk kirjoitti:
Looking at my mail streams I see evidence that spammers sometimes
add faked SpamAssassin headers to their messages (I assume to try
to trick recipients into thinking that the message has already been
given
On 6/17/2010 2:19 PM, gwilodailo wrote:
I've discovered that some mail between two of my clients (on separate hosts)
is getting flagged as spam, because of this rule (FH_HOST_IN_ADDRARPA). I'm
not at all an expert with spamassassin, and I'm having some difficulty
finding what this rule is
help would be greatly appreciated.
Thanks!
--
View this message in context:
http://old.nabble.com/Please-Help-with-SA-Rule%3A-FH_HOST_IN_ADDRARPA-tp28917943p28917943.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Thu, 17 Jun 2010, gwilodailo wrote:
I've discovered that some mail between two of my clients (on separate hosts)
is getting flagged as spam, because of this rule (FH_HOST_IN_ADDRARPA). I'm
not at all an expert with spamassassin, and I'm having some difficulty
finding what this rule is about
the rule is flagging the fact that the servers are using
non-assigned address space.
On 6/17/2010 2:19 PM, gwilodailo wrote:
Hello all,
I've discovered that some mail between two of my clients (on separate hosts)
is getting flagged as spam, because of this rule (FH_HOST_IN_ADDRARPA).
Does anyone know how a rule can be written to compare two header markers for
similar info? I don't think SA can do variable storage so I was thinking maybe
a regex rule that normalizes what I want to focus on from a header in the regex
search of another header. For example, let's say that I
On Fri, 30 Oct 2009, Rose, Bobby wrote:
Does anyone know how a rule can be written to compare two header markers
for similar info?
Take a look at MAILER_EQ_ORG here:
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?view=log
--
John Hardin KA7OHZ
Adam,
That example may have been overly simplistic, but I thought it conveyed
the idea. To see a real-world example, see KHOP_DNSBL_ADJ in
http://khopesh.com/sa/khop-bl/khop-bl.cf (though please use the actual
channel if you're going to use my rules, otherwise you won't get updates).
Btw,
Mark Martinec wrote:
Adam,
Btw, channels only provide the khop-sc-neighbors.sa.khopesh.com for
SA 3.3.0, but not the khop-bl.sa.khopesh.com,
khop-blessed.sa.khopesh.com, and khop-general.sa.khopesh.com .
First: It's awesome to see interest in my channels!
Second: you are correct. I do
Karsten Bräckelmann wrote:
Here's my workaround. It involves some redundancy, but it does the trick:
After some brief moment of head scratching...
The workaround basically is just weighting sub-rules in the meta, and
works regardless if it is meant to be the individual sub-rules' scores
I have a Postgres database containing an automatically generated list of
addresses to which I have sent at least one mail message. I would like
to whitelist mail received from any of them.
Is it possible to write a local rule that whitelists any address that is
selected from the view?
I've
Martin Gregorie wrote:
I have a Postgres database containing an automatically generated list of
addresses to which I have sent at least one mail message. I would like
to whitelist mail received from any of them.
You could write a plugin that queries your database for this info.
Or, if the
-Original Message-
From: Martin Gregorie [mailto:[EMAIL PROTECTED]
Sent: Monday, February 04, 2008 12:28 PM
I have a Postgres database containing an automatically generated list
of
addresses to which I have sent at least one mail message. I would like
to whitelist mail received
the reverse correctly configured. I have
seen a lot of IPs that have some reverse name, but that name does not
point back to the IP address.
Best to block that in your MTA, it probally already does a RNS.
Ask for help on your MTA list, or read below for fix for broken SA rule:
is it possible
that does not have the reverse correctly configured. I have
seen a lot of IPs that have some reverse name, but that name does not
point back to the IP address.
Best to block that in your MTA, it probally already does a RNS.
Ask for help on your MTA list, or read below for fix for broken SA
Alex Woick wrote:
...very nice analysis of rule trimmed...
Thank you very much for taking the time to look so closely at that
rule. I still think it is not behaving as it was originally intended
and as such is scoring too heavily. I filed a bug on this issue so
that it would not get lost.
Bob Proulx schrieb am 02.11.2007 18:24:
body FRT_OPPORTUN1 /inter SP2post P2(?!opportun)OPPORTUN/I
body FRT_OPPORTUN2 /inter W0post P2(?!opportun)OPPORTUN/I
Huh? How are those rules matching? I am missing something. That
can't the right rule that is being hit here. Can someone educate
A misclassified message caused me to look at the FRT_OPPORTUN1 and
FRT_OPPORTUN2 rules. I think they are much too aggressive. Here is
the summary from a false positive.
Content analysis details: (5.4 points, 5.0 required)
pts rule name description
--
Wow! If someone sends a message and misspells oppportunity by using
three letter p's instead of two then they get tagged for 3.7 points!
I think that is way too agressive. Scan this message to observe the
problem.
That may be that the likelyness a human make a miss spelling using 3
Ps is
: ([EMAIL PROTECTED]).+\nSubject:\s*Fw:
.{0,30}\s*\1\b/i
That covers Fw: userid and Fw: (some word[s]) userid.
--
View this message in context:
http://www.nabble.com/SA-rule-for-userid-in-subject--tf1261071.html#a12119080
Sent from the SpamAssassin - Users mailing list archive
/i
Loren
Loren answered that a month ago. Is in the archives. You may use:
header RULE_NAME ALL =~ /\nTo: ([EMAIL PROTECTED]).+\nSubject:\s*Fw:
.{0,30}\s*\1\b/i
That covers Fw: userid and Fw: (some word[s]) userid.
--
View this message in context:
http://www.nabble.com/SA
Is it possible to have a rule that looks at the SA checks already
performed and score based off that. For example, I'm thinking about a
rule that offsets a negative Bayes/CRM114 value if DCC and RAZOR or some
other rules checks have tripped.
-=B
On Wed, Aug 01, 2007 at 12:15:55PM -0400, Rose, Bobby wrote:
Is it possible to have a rule that looks at the SA checks already
performed and score based off that. For example, I'm thinking about a
rule that offsets a negative Bayes/CRM114 value if DCC and RAZOR or some
other rules checks have
Running a latest sa update compile on,
spamassassin --version
SpamAssassin version 3.3.0-r534407
running on Perl version 5.8.8
I'm seeing BOTH a command failed! COMPILE DONE.
That's a bit confusing. Can someone please clarify?
...
[18965] dbg: check:
Hi,
On Wed, Nov 29, 2006 at 04:46:32PM -0800, John D. Hardin told us:
On Wed, 29 Nov 2006, Loren Wilton wrote:
for mangled viagra and other stuff ..is there any simple rule??
such as following text...
Mangled rules are never simple rules.
I have a perl script that will take a word
for mangled viagra and other stuff ..is there any simple rule??
such as following text...
Mangled rules are never simple rules. The SARE rules contain a lot of
these, as does the antidrug stuff in SA itself. It may be that these
specific cases aren't caught though.
Loren
On Wed, 29 Nov 2006, Loren Wilton wrote:
for mangled viagra and other stuff ..is there any simple rule??
such as following text...
Mangled rules are never simple rules.
I have a perl script that will take a word list and generate REs for
obfuscated versions of those words.
There's a lot of spam lately, which contains urls with subdirectories, such
as http://spamdomain.org/gal/ms/.
I have thus set up the following rule:
body BODY_ADDS_22 /(\/za\/|\/wd\/|\/iu\/|\/xi\/|\/gal\|\/tx\/|\/nu\/)/i
However, when I send a testmail that conatins the string /gal the rule is
On 8/28/2006 3:53 AM, Whisky wrote:
There's a lot of spam lately, which contains urls with subdirectories, such
as http://spamdomain.org/gal/ms/.
I have thus set up the following rule:
body BODY_ADDS_22 /(\/za\/|\/wd\/|\/iu\/|\/xi\/|\/gal\|\/tx\/|\/nu\/)/i
However, when I send a testmail
On Monday, August 28, 2006 at 7:53:40 AM, Whisky confabulated:
There's a lot of spam lately, which contains urls with subdirectories, such
as http://spamdomain.org/gal/ms/.
I have thus set up the following rule:
body BODY_ADDS_22
/(\/za\/|\/wd\/|\/iu\/|\/xi\/|\/gal\|\/tx\/|\/nu\/)/i
Yes, Duane, we are using quite a number of network tests but somehow these
mails don't get caught...
-Ursprüngliche Nachricht-
Von: Duane Hill [mailto:[EMAIL PROTECTED]
Gesendet: Montag, 28. August 2006 14:18
An: Whisky
Cc: users@spamassassin.apache.org
Betreff: Re: Question: SA Rule
Hello
One thing I've noticed about almost ALL spam that gets through at this
point is that they have a LOT of misspelled (and obfuscated) words.
Could SpamAssassin benefit from a filter that would actually check the
spelling of the text parts of the message, and if misspelled words
exceeds, for
Gustafson, Tim wrote:
Could SpamAssassin benefit from a filter that would actually check the
spelling of the text parts of the message, and if misspelled words
exceeds, for example, 50%, then we can add a few points to the SPAM
score? I'm not sure how to begin coding this, but I think it
Gustafson, Tim wrote:
Hello
One thing I've noticed about almost ALL spam that gets through at this
point is that they have a LOT of misspelled (and obfuscated) words.
Could SpamAssassin benefit from a filter that would actually check the
spelling of the text parts of the message, and if
Paolo Cravero as2594 writes:
Gustafson, Tim wrote:
Could SpamAssassin benefit from a filter that would actually check the
spelling of the text parts of the message, and if misspelled words
exceeds, for example, 50%, then we can add a few points to the SPAM
score? I'm not sure how to
1) FPs on highly technical mail due to words not known to the spell
checker.
I hadn't thought of that, but people who are dealing with highly
technical e-mails would probably also be able to customize their
local.cf file to effectively turn off the rule.
2) FPs on email sent by folks of the
And how would you deal with messages in other languages? Over here 99%
of messages in English are spam! AFAIK there's no language indicator
in
email messages.
I wouldn't deal with messages in other languages. My clients are all
english speaking Americans, and we already block all foreign
Gustafson, Tim wrote:
3) FPs on email sent by lazy/stupid folks that can't spell.
(Translation: management material)
I don't mind these getting blocked. In fact, I'd love it if every time
someone sent me a very poorly written e-mail they got a bounce message
back telling them to turn on the
Gustafson, Tim [EMAIL PROTECTED] schrieb am 05.04.2006 17:11:10:
1) FPs on highly technical mail due to words not known to the spell
checker.
I hadn't thought of that, but people who are dealing with highly
technical e-mails would probably also be able to customize their
local.cf file to
Rule No.1: If a rule is likely to hit more
ham then spam due to certain circumstances,
it is not a rule to consider implementing unless
you know you'll never meet the circumstances -
but then it's up to YOU to modify your local.cf
and implement the rule ;)
You say to-may-to, I say
Gustafson, Tim wrote:
1) FPs on highly technical mail due to words not known to the spell
checker.
I hadn't thought of that, but people who are dealing with highly
technical e-mails would probably also be able to customize their
local.cf file to effectively turn off the rule.
Well,
Also, the rule probably wouldn't detect misuses of then in place of
than. ;-)
(Nothing personal, lots of people, make that mistake, as well as
insure/ensure, effect/affect and many similar ones.)
Seriously though, I get the feeling that a well-trained bayes database, which
to a big extent is
Magnus Holmgren wrote:
Also, the rule probably wouldn't detect misuses of then in place of
than.
grin type=evil/
May bee yore you sirs half goad spelling, oar naught. Orphan, there
justice likely two right pore lee. Eye no this is write cause
Thunderbird excepts it. They're are know read
Matt Kettler wrote:
Gustafson, Tim wrote:
Hello
One thing I've noticed about almost ALL spam that gets through at this
point is that they have a LOT of misspelled (and obfuscated) words.
Could SpamAssassin benefit from a filter that would actually check the
spelling of the text parts of the
Daryl C. W. O'Shea wrote:
Gustafson, Tim wrote:
3) FPs on email sent by lazy/stupid folks that can't spell.
(Translation: management material)
I don't mind these getting blocked. In fact, I'd love it if every time
someone sent me a very poorly written e-mail they got a bounce
Matt Kettler wrote:
Of course you could train your spell checker to your companies local
mail words.. however, at that point you've implemented a low-quality
version of a bayes checker.
and he can just use a bayesian classifier to implement his feature.
training is easy:
- ham = all words
Philip Prindeville wrote:
litre, and if I'm feeling really silly, aluminium (I hate that word).
Aluminium rocks! Especially aluminium foil and aluminium airplanes.
I'm running SpamAssassin 3.1.0 with sendmail, and I think it's great.
I'm using milter-spamc to interface with SpamAssassin running as a daemon.
It doesn't /quite/ catch everything, and some (very little, actually)
SPAM gets through untagged.
I spent some time looking at the SPAM and
Barry Callahan wrote:
I'm running SpamAssassin 3.1.0 with sendmail, and I think it's great.
I'm using milter-spamc to interface with SpamAssassin running as a daemon.
It doesn't /quite/ catch everything, and some (very little, actually)
SPAM gets through untagged.
I spent some time
On Thu, Mar 16, 2006 at 05:15:58PM -0500, Barry Callahan wrote:
I spent some time looking at the SPAM and compared it it to the
legitimate email I receive.
:)
So, I was wondering if the following set of logic would be possible to
implement in SpamAssassin, either as a collection of rules,
Barry Callahan wrote:
On a large percentage of the SPAM that gets through, the only
Received: header that exists was put there by my mailserver.
The legitimate email, on the other hand ALL has at least one
additional Received: header, OR the machine it was received from is
allowed to
On 3/16/2006 5:49 PM, [EMAIL PROTECTED] wrote:
Barry Callahan wrote:
On a large percentage of the SPAM that gets through, the only
Received: header that exists was put there by my mailserver.
The legitimate email, on the other hand ALL has at least one
additional Received: header, OR the
Barry Callahan:
On a large percentage of the SPAM that gets through, the only
Received: header that exists was put there by my mailserver.
BTW, it seems weird to me that you see these results.
58.171 62.4003 34.85560.642 0.820.01 T_RECEIVED_COUNT_01
I did up a quick check to
Theo Van Dinter wrote:
BTW, it seems weird to me that you see these results.
58.171 62.4003 34.85560.642 0.820.01 T_RECEIVED_COUNT_01
Interesting. I don't seem to have that rule. Which ruleset is it in?
I used grep to search for RECEIVED_COUNT in all of my installed
On Thu, Mar 16, 2006 at 09:28:11PM -0500, Barry Callahan wrote:
58.171 62.4003 34.85560.642 0.820.01 T_RECEIVED_COUNT_01
I did up a quick check to gather some stats from my corpus (last 14 days).
Interesting. I don't seem to have that rule. Which ruleset is it in?
I used grep to
-
De: Matt Kettler [mailto:[EMAIL PROTECTED]]
Enviado el: viernes, 10 de marzo de 2006 21:57
Para: Ruben Cardenal
CC: users@spamassassin.apache.org
Asunto: Re: SA rule for userid in subject?
Ruben Cardenal wrote:
Hi,
Loren answered that a month ago. Is in the archives. You may us
hello assassin-types,
I'm seeing a lot of image-only spam of the following form:
rcpt to: userid@domain.com
Subject: Fw: userid
Is there a way to create a simple spamassassin rule that will hit on
this? I could use () and \1 in regular expressions and a giant,
multi-line matching RE
Jonathan Engbrecht wrote:
hello assassin-types,
I'm seeing a lot of image-only spam of the following form:
rcpt to: userid@domain.com
Subject: Fw: userid
Is there a way to create a simple spamassassin rule that will hit on
this? I could use () and \1 in regular expressions and a
]
Enviado el: viernes, 10 de marzo de 2006 21:17
Para: Jonathan Engbrecht
CC: users@spamassassin.apache.org
Asunto: Re: SA rule for userid in subject?
Jonathan Engbrecht wrote:
hello assassin-types,
I'm seeing a lot of image-only spam of the following form:
rcpt to: userid
On Fri, Mar 10, 2006 at 02:59:09PM -0500, Jonathan Engbrecht wrote:
I'm seeing a lot of image-only spam of the following form:
rcpt to: userid@domain.com
Subject: Fw: userid
Yeah, there's a lot of that.
Is there a way to create a simple spamassassin rule that will hit on
this? I could
Ruben Cardenal wrote:
Hi,
Loren answered that a month ago. Is in the archives. You may use:
header RULE_NAME ALL =~ /\nTo: ([EMAIL PROTECTED]).+\nSubject:\s*Fw:
.{0,30}\s*\1\b/i
That covers Fw: userid and Fw: (some word[s]) userid.
True, but that's using () and \1, which is
el: viernes, 10 de marzo de 2006 21:57
Para: Ruben Cardenal
CC: users@spamassassin.apache.org
Asunto: Re: SA rule for userid in subject?
Ruben Cardenal wrote:
Hi,
Loren answered that a month ago. Is in the archives. You may use:
header RULE_NAME ALL =~ /\nTo: ([EMAIL PROTECTED
Hi all,
I've created a custom SA rule for myself to block spams that contain URLs
which aren't yet listed by SURBL or URIBL. My rule looks like this:
uri BAD_URI/baddomain1\.com|baddomain2\.com|baddomain3\.com/i
describe BAD_URIBody contains blacklisted URL
score BAD_URI
I've created a custom SA rule for myself to block spams that contain URLs
which aren't yet listed by SURBL or URIBL. My rule looks like this:
uri BAD_URI/baddomain1\.com|baddomain2\.com|baddomain3\.com/i
describe BAD_URIBody contains blacklisted URL
score BAD_URI5.0
Hello,
I'm running SA 2.63, and I have a rule I would like to create that
would only be a positive number/match if two checks both were matched.
I don't want one rule checking To and another checking Subject, I want
to combine to the two rules so that if To and Subject both match
On Thu, Mar 03, 2005 at 01:52:53PM -0500, Steve Dimoff wrote:
I don't want one rule checking To and another checking Subject, I want
to combine to the two rules so that if To and Subject both match
something then to give it a positive score.
RTFM for meta rules. :)
--
Randomly Generated
At 01:52 PM 3/3/2005, Steve Dimoff wrote:
I'm running SA 2.63, and I have a rule I would like to create that
would only be a positive number/match if two checks both were matched.
I don't want one rule checking To and another checking Subject, I want
to combine to the two rules so that if
Perfect!
Thanks!!!
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 03, 2005 2:10 PM
To: Steve Dimoff; Spamassassin-Users
([EMAIL PROTECTED])
Subject: Re: SA Rule - Matching on From AND Subject
At 01:52 PM 3/3/2005, Steve Dimoff wrote:
I'm
1 - 100 of 101 matches
Mail list logo