RE: [SAtalk] Exessive HTML Code

2003-10-29 Thread Scott Sprunger
Something like this should work, although I am still learning so feel free to correct. rawbody T_OBFU_EMPTY_TAGS /<(i|b|u)><\/\1>/i score T_OBFU_EMPTY_TAGS 0.1 The intended result would be any HTML , or tag followed immediately by a closing tag, with no intervening characters. I did find a s

[SAtalk] [RD] Weeds changes

2003-11-03 Thread Scott Sprunger
This past weekend a flood of new spam arrived which circumvented the weeds rules by using leading zeros and hex values (both legal from an HTML perspective). I've updated my local rules as below. Hope this is useful. BTW, Jennifer thanks for an incredible set of rules! -- Scott describe J_WEEDS

RE: [SAtalk] [RD] Weeds changes

2003-11-03 Thread Scott Sprunger
ercises - No Prescription Necessary - Doctor Designed & Endorsed -Original Message- From: jennifer [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 10:18 AM To: 'Scott Sprunger'; [EMAIL PROTECTED] Subject: RE: [SAtalk] [RD] Weeds changes Hi Scott, Thanks for the head

RE: [SAtalk] [RD] Meta rules vs. SA version

2003-11-03 Thread Scott Sprunger
FWIW, This type of rule works fine for me with v2.55 and v2.60. The only difference I see is an enclosing parenthesis. ((__TEST1 + __TEST2 + __TEST3) > 1) -- Scott -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 1:51 PM To: Spamassassin

RE: [SAtalk] [RD] Weeds changes

2003-11-04 Thread Scott Sprunger
97)|x0*(41|61));/i TO REPLACE /(\&\#0*65\;|\&\#0*97\;|\&\#x0*41;|\&\#x0*61;)/i -- Scott -Original Message- From: jennifer [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 10:18 AM To: 'Scott Sprunger'; [EMAIL PROTECTED] Subject: RE: [SAtalk] [RD] Weeds ch

RE: [SAtalk] Offsetting rules?

2003-11-06 Thread Scott Sprunger
You can use a meta rule to look for a combination of rules returning true. Using this with either custom rules or the existing rules may do what you are looking for. I'm not positive on the exact syntax, both something like this might work. metaMY_MULTI_RBL RCVD_IN_BL_SPAMCOP_NET && RCVD_IN_

RE: [SAtalk] scoring system and values...

2003-11-07 Thread Scott Sprunger
Wow! Matt this is an incredibly informative post. Thank you! -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2003 12:43 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [SAtalk] scoring system and values... At 10:29 AM 11/7/2003, Maart

RE: [SAtalk] rule to whitelist Listserv (tm) list traffic

2003-11-10 Thread Scott Sprunger
I'm still a beginner myself, but I believe that you could use the "whitelist_from_rcvd" option. whitelist_from_rcvd*listserv.tamu.edu It seems that this would allow any from address so long as the received headers contained your domain. Complete information is at http://spamassassin.redi

RE: [SAtalk] [RD] simple rule for consumption

2003-11-11 Thread Scott Sprunger
Regis, I had several false positives today based on the BAD_X_HEADERS rule. I'm using the rules from Chris' site (Nov02). The legitimate emails had an "X-URL" header. All of the FPs where from a single mailing list. For what ever reason, they are providing a valid link to some content within th

[SAtalk] [RD] Help with Subject rule

2003-12-09 Thread Scott Sprunger
Hello Folks, I wanted to test a theory so I've been trying to come up with a rule that will catch encoded strings in the subject of a message. So far I've tried the rules below, but none of them are hitting. Any suggestions? rawbody T_SBJT_ENC /^Subject: ?=\?(us\-ascii|iso\-8859\-1|windows\-12

RE: [SAtalk] IMAP only?

2003-12-09 Thread Scott Sprunger
We use Cyrus, Sendmail, SpamAssassin and Sieve. Sendmail uses an INPUT_MAIL_FILTER directive to send to the milter and thus to SA. Once sendmail gets to calling Cyrus deliver, Sieve is used to move the messages into a spam folder with a rule like the one below. require "fileinto"; if header