Thanks,
I have checked the suggested rules like this:
header FROM_FORM From =~ /spamadmin\@ngtech.co.il/i
score FROM_FORM -0.1
body __HBRW_ENCODING /charset=\"windows-1255\"/
score __HBRW_ENCODING -0.1
body __HBRW_CHARS /[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
score __HBRW_CHARS -0.1
tflags __HBRW_CHARS multiple
body __TOTAL_CHARS /[\x30-\x39\x41-\x5A\x61-\x7A\x80-\xFF]?/
score __TOTAL_CHARS -0.1
#body __TOTAL_CHARS /\S/
tflags __TOTAL_CHARS multiple
#since there is a possibility of dividing by zero I added the + 1 which
suppose to be harmless in this kind email sizes.
meta __HBRW_PCT ( (__HBRW_CHARS * 100) / (__TOTAL_CHARS + 1 ) )
score __HBRW_PCT -0.1
#tried this to make sure one thing or another dosn't work.
meta HBRW_SPAM FROM_FORM && __HBRW_ENCODING
#disabled after the basic tests didn't worked.
#meta HBRW_SPAM (__HBRW_PCT < 1) && FROM_FROM && __HBRW_ENCODING
score HBRW_SPAM 10.3
The only part which is being logged by SA in headers is the FROM_FORM rule.
example:
X-Spam-Status: No, score=2.322 tagged_above=2 required=6.2
tests=[FROM_FORM_IL=-0.1, FROM_ILLEGAL_CHARS=2.059,
NORMAL_HTTP_TO_IP=0.001, RDNS_DYNAMIC=0.363, SPF_PASS=-0.001]
autolearn=no
so i'm kind of do not understand what's wrong.
I have tried couple ways to find Hebrew encoding.
I understood it's a part of the body and not a header so, maybe there is
something I dont understand or know about it?
Thanks,
On 2/3/2013 7:53 PM, John Hardin wrote:
Followup note: __TOTAL_CHARS includes punctuation, if you do try this
you might want to do something like this instead:
body __TOTAL_CHARS /[\x30-\x39\x41-\x5a\x61-\x7a\x80-\xff]/
to exclude punctuation, whitespace and control characters.
--
Eliezer Croitoru
http://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
