in-talk&m=107408986927266&w=2
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti
--
tent-Type: text/plain; charset=us-ascii
...
(Two dashes in the boundary itself, plus upper letters.) So, I've changed
to this here:
Content-Type =~ /boundary=\"-*[A-Z]*\d{13,}\"/
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethe
ot; as the host might trigger this
rule, so I added an exception for that host.
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti
;t quoted.]
Sometimes the space is left out: "font-size:0pt"
Sometimes it's a 1-point font, equally bogus: "font-size: 1pt"
Sometimes I see "px" instead of "pt": "font-size: 1px"
[Don't know if "px" is ev
Message-Id is all upper-case
score BCS_UPPER_MESSID 2.0
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://t
you mean the body has those random words, and the
X-Originating-IP header is in the form:
X-Originating-IP: [53x.comIP]
If it's the latter, that's a piece of ratware that is detectable. See the
latest rnd_uc_char.cf ruleset at
http://kepler.acns.bethel.edu/~bjn/spamassassin/
l=spamassassin-talk&m=107409131129110&w=2
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti
|org|biz).*IP\]/
describe XOIP_RND_UC_CHAR X-Originating-IP fits RND_UC_CHAR pattern
score XOIP_RND_UC_CHAR 2.0
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on
as more than 8 upper-case letters. So here's
the revised rule I'm now using which will catch both kinds of subject:
Subject =~ /^Re:\s[A-Z]{2,},(\d+,)?\s[a-z]+\s[a-z]+\s[a-z]+\s*$/
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethe
e a way to write a rule that tests for a header whose name matches
a certain pattern?
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://
ITY_UNREG ALL=~ /X-UnityUser:\sUnregistered\sUser/
but that technique doesn't work either; my guess is because the space on
which the pattern space is operating is only the value. Any other ideas?
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler
On Mon, 22 Dec 2003, Brent J. Nordquist <[EMAIL PROTECTED]> wrote:
> I've noticed several messages (all spam) with this header:
>
> X-MT-17: 1906684
> X-MT-25: 1906684
> etc.
>
> Is there a way to write a rule that tests for a header whose name
> matches a cer
ow
> do you expect me to believe that
I have one spam in my corpus with the following, so I added a second rule
to catch the case where the only numbers are bunched at the end.
X-Mailer: caesar pithy splotch1454
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other cont
se
.cf files are available here:
http://kepler.acns.bethel.edu/~bjn/spamassassin/
Feedback very welcome!
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fas
OPwebMail X-Mailer =~ /mPOP Web-Mail/
>
> I don't find any indication anywhere on the Web that mPOP is used for
> anything but spam.
Thanks for the corpus data on this; I've been wondering about that. I
have that in my ruleset n
.edu/~bjn/spamassassin/
--
Brent J. Nordquist <[EMAIL PROTECTED]> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti
---
This
On Wed, 14 Jan 2004, Larry Starr <[EMAIL PROTECTED]> wrote:
> On Wednesday 14 January 2004 08:33 am, Brent J. Nordquist wrote:
>
> > uri BCS_URI_2E_OBFU /=2[Ee]/
>
> A posting from David Funk, correctly points out that "=2E" is valid
> Quoted-P
On Wed, 14 Jan 2004, Chr. von Stuckrad <[EMAIL PROTECTED]> wrote:
> Does somebody have/know a rule to catch 'unnecessary encodings'?
Please check the archive before you post. Keith C. Ivey just posted a
rule for this exact thing earlier today. Search for "Munged&q
18 matches
Mail list logo