Re: [SAtalk] Whitelist for Charlie Root

Note that whitelisting from 'root' is probably a bad idea: 593 eep:spam/raw> grep -i "^From: .*root" * | wc 19 56 841 weekly run output, however, is far safer: 595 eep:spam/raw> grep -i 'weekly run' * | wc 0 0 0 -Dave On Sat, Mar 16, 2002 at 04:58:14PM -060

[SAtalk] Matching on attribution lines (was Re: Misc. rule ideas)

Kerry Nice just mooed: > > Here are some rules I added to my local.cf that seem > to be catching a few things. > > #this one will only work for me, but if it there, it > is 100% GUARANTEED to be spam > #not sure how to make a general case for this > header KERRYSUBJECT Subject =~ /kerry_ni

Re: [SAtalk] Misc. rule ideas

Matthew Cline just mooed: > First a few rules to match non-spam: > > body SIGNATURE_DELIM/^-- $/ > describe SIGNATURE_DELIMStandard signature delimiter present > > While there would be no effort in faking this, it might take a while for some of the >spammers to catch o

Re: [SAtalk] last false positive from 2.11 (7/7)

least 3 non-A components. -Dave David G. Andersen just mooed: > One thing to try, for your particular situation. > This rule could match in some strange base-64 > encoded files, but it's extremely unlikely -- I ran it through > my spam corpus, and it hit 7 lines out of 2

Re: [SAtalk] last false positive from 2.11 (7/7)

e the regexp really slow. I wouldn't recommend this rule for general consumption, obviously, but if you're in the habit of getting genetics data... -Dave Geoff Gibbs just mooed: > David G. Andersen wrote: > > > > > anyone else seeing false-positives more often with 2.11