Something like this should work, although I am still learning so feel free
to correct.
rawbody T_OBFU_EMPTY_TAGS /<(i|b|u)><\/\1>/i
score T_OBFU_EMPTY_TAGS 0.1
The intended result would be any HTML , or tag followed
immediately by a closing tag, with no intervening characters.
I did find a s
This past weekend a flood of new spam arrived which circumvented the weeds
rules by using leading zeros and hex values (both legal from an HTML
perspective). I've updated my local rules as below. Hope this is useful.
BTW, Jennifer thanks for an incredible set of rules!
-- Scott
describe J_WEEDS
ercises
- No Prescription Necessary
- Doctor Designed & Endorsed
-Original Message-
From: jennifer [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 10:18 AM
To: 'Scott Sprunger'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] [RD] Weeds changes
Hi Scott,
Thanks for the head
FWIW, This type of rule works fine for me with v2.55 and v2.60. The only
difference I see is an enclosing parenthesis.
((__TEST1 + __TEST2 + __TEST3) > 1)
-- Scott
-Original Message-
From: Chris Santerre [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 1:51 PM
To: Spamassassin
97)|x0*(41|61));/i
TO REPLACE
/(\&\#0*65\;|\&\#0*97\;|\&\#x0*41;|\&\#x0*61;)/i
-- Scott
-Original Message-
From: jennifer [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 10:18 AM
To: 'Scott Sprunger'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] [RD] Weeds ch
You can use a meta rule to look for a combination of rules returning true.
Using this with either custom rules or the existing rules may do what you
are looking for.
I'm not positive on the exact syntax, both something like this might work.
metaMY_MULTI_RBL RCVD_IN_BL_SPAMCOP_NET && RCVD_IN_
Wow! Matt this is an incredibly informative post. Thank you!
-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Friday, November 07, 2003 12:43 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [SAtalk] scoring system and values...
At 10:29 AM 11/7/2003, Maart
I'm still a beginner myself, but I believe that you could use the
"whitelist_from_rcvd" option.
whitelist_from_rcvd*listserv.tamu.edu
It seems that this would allow any from address so long as the received
headers contained your domain.
Complete information is at
http://spamassassin.redi
Regis,
I had several false positives today based on the BAD_X_HEADERS rule. I'm
using the rules from Chris' site (Nov02). The legitimate emails had an
"X-URL" header. All of the FPs where from a single mailing list. For what
ever reason, they are providing a valid link to some content within th
Hello Folks,
I wanted to test a theory so I've been trying to come up with a rule that
will catch encoded strings in the subject of a message. So far I've tried
the rules below, but none of them are hitting. Any suggestions?
rawbody T_SBJT_ENC /^Subject:
?=\?(us\-ascii|iso\-8859\-1|windows\-12
We use Cyrus, Sendmail, SpamAssassin and Sieve.
Sendmail uses an INPUT_MAIL_FILTER directive to send to the milter and thus
to SA.
Once sendmail gets to calling Cyrus deliver, Sieve is used to move the
messages into a spam folder with a rule like the one below.
require "fileinto";
if header
11 matches
Mail list logo