Spammers are using a lot of different ways of using the word "publicidad",
I had a few different rules to block them, but since now I saw that there
was a character "¡" used an "i" and at the same time an "i " followed by an
space.
So, I used the .?. and it catches the "i" and the space and just i
On Mon, 2011-11-21 at 17:49 -0600, Sergio wrote:
> Thank you Karsten for your input.
>
> I have modified the rule to the following and is working great:
>
> header ADVERTISE_RULE8Subject =~ /publ.?.c.?.dad/i
I see you wildcarded both instances of 'i', with an additional, optional
second ch
On Tue, 2011-11-22 at 01:47 +0100, Jesper Wallin wrote:
> On 11/22/2011 12:35 AM, Karsten Bräckelmann wrote:
> > > I also noticed that my old database only had 11k tokens while the new
> > > one got about 60k (both the old and new server has hapaxes enabled and
> > > was trained using a corpus of
On Mon, 21 Nov 2011, Sergio wrote:
Unfortunately, it seems that MCP doesn't like the rule:
header __ENV_FROM_DHLReceived =~ /envelope-from [^
@]+@dhl(?:[-_][^ .]+)?\.com/i
header __FROM_DHLFrom =~ /\bdhl(?:[-_][^ .]+)?\.com/i
header __ENV_FROM_UPS Re
Hi again and thanks for your quick reply..
On 11/22/2011 12:35 AM, Karsten Bräckelmann wrote:
On Mon, 2011-11-21 at 23:31 +0100, Jesper Wallin wrote:
I also noticed that my old database only had 11k tokens while the new
one got about 60k (both the old and new server has hapaxes enabled and
was
Thank you Karsten for your input.
I have modified the rule to the following and is working great:
header ADVERTISE_RULE8Subject =~ /publ.?.c.?.dad/i
describe ADVERTISE_RULE8Encripted word
scoreADVERTISE_RULE811
If I see there are a lot of false positives I will modify it a bit,
On Mon, 2011-11-21 at 23:31 +0100, Jesper Wallin wrote:
> I also noticed that my old database only had 11k tokens while the new
> one got about 60k (both the old and new server has hapaxes enabled and
> was trained using a corpus of about 600 spam and 200 ham)
Is that "old" database the original
On Mon, 2011-11-21 at 23:31 +0100, Jesper Wallin wrote:
> I recently upgraded to SA 3.4.0-rsvnunknown (using
> https://launchpad.net/~spamassassin/+archive/spamassassin-old on Ubuntu
> 10.04 LTS) from SA 3.3.2 on different machine running ArchLinux. I use
> MySQL to store user preferences as wel
Hi,
I recently upgraded to SA 3.4.0-rsvnunknown (using
https://launchpad.net/~spamassassin/+archive/spamassassin-old on Ubuntu
10.04 LTS) from SA 3.3.2 on different machine running ArchLinux. I use
MySQL to store user preferences as well as Bayesin data. No AWL, no
autolearning of the Bayesin
On Mon, 2011-11-21 at 14:46 -0600, Sergio wrote:
> I block a lot of spam searching for strings on the subject, but
> sometimes the subject in the header comes in EVAL, like this:
> Subject:
> =?iso-8859-1?B?LlZlbnRhIGRlIENBTkFTVEFTIE5BVklERdFBUyAtIHB1YmyhY2kgZGFk?=
Not "eval", but encoded -- in th
That's an excellent question. My systems receive this as well
-Original Message-
From: Sergio
Date: Mon, 21 Nov 2011 14:46:35
To:
Subject: In subject how to detect a word in an EVAL string?
I block a lot of spam searching for strings on the subject, but sometimes
the subject in the
That was the error, the @ has to be escaped \@, now it is working.
Thank you all for your help on this rule.
Regards,
Sergio
On Mon, Nov 21, 2011 at 1:16 PM, Bowie Bailey wrote:
> On 11/21/2011 1:30 PM, Sergio wrote:
> > Unfortunately, it seems that MCP doesn't like the rule:
> >
> > header
On 11/21/2011 1:30 PM, Sergio wrote:
> Unfortunately, it seems that MCP doesn't like the rule:
>
> header __ENV_FROM_DHLReceived =~ /envelope-from [^
> @]+@dhl(?:[-_][^ .]+)?\.com/i
> header __FROM_DHLFrom =~ /\bdhl(?:[-_][^ .]+)?\.com/i
> header __ENV_FROM_UP
Did you try to monitor the log looking if the rule was detected?
El 21/11/2011 02:00 p.m., Sergio escribió:
Unfortunately, it seems that MCP doesn't like the rule:
header __ENV_FROM_DHLReceived =~ /envelope-from [^
@]+@dhl(?:[-_][^ .]+)?\.com/i
header __FROM_DHL
Hello dar...@chaosreigns.com,
Am 2011-11-17 12:29:41, hacktest Du folgendes herunter:
> There could be a useful correlation there, but I need to point out that if
> a domain has no MX records, the correct thing to do is to send email to the
> A record for the domain, and I've seen legit domains co
Unfortunately, it seems that MCP doesn't like the rule:
header __ENV_FROM_DHLReceived =~ /envelope-from [^
@]+@dhl(?:[-_][^ .]+)?\.com/i
header __FROM_DHLFrom =~ /\bdhl(?:[-_][^ .]+)?\.com/i
header __ENV_FROM_UPS Received =~ /envelope-from [^
@]+@ups\.c
Hello Kevin A. McGrail,
Am 2011-11-17 10:56:52, hacktest Du folgendes herunter:
> For example, I've seen .info domains used a lot by spammers. I'm
> sure there is a patter there with a registrar probably.
Here I can say, the DOT INFO spam is nearly 60%.
Thanks, Greetings and nice Day/Evening
Hello Marc,
Am 2011-11-17 07:27:51, hacktest Du folgendes herunter:
> determine if it's spam or ham in itself. Yahoo is a serious domain
> and there's lost of spam. Serious domains should not be blacklisted
Ehm?
I block <@yahoo.com> on SMTP level (on my corporated Server), because if
I remove th
On 11/21/2011 11:35 AM, John Hardin wrote:
> On Mon, 21 Nov 2011, Bowie Bailey wrote:
>
>> On 11/20/2011 10:02 PM, Sergio wrote:
>>> header __ENV_FROM_DHLReceived =~ /envelope-from [^ @]+@dhl[^
>>> .]+\.com/i
>>> header __FROM_DHLFrom =~ /\bdhl[^ .]+\.com/i
>> These will match any d
On Mon, 21 Nov 2011, Bowie Bailey wrote:
On 11/20/2011 10:02 PM, Sergio wrote:
header __ENV_FROM_DHLReceived =~ /envelope-from [^ @]+@dhl[^
.]+\.com/i
header __FROM_DHLFrom =~ /\bdhl[^ .]+\.com/i
These will match any domain that starts with "dh" and ends with ".com".
You ov
On Mon, 21 Nov 2011 13:50:05 +
RW wrote:
> On Mon, 21 Nov 2011 03:11:48 -0800 (PST)
> pipjg wrote:
> > RuleTotal Ham % Spam%
> > RP_MATCHES_RCVD 161,165 142,559 88.5
> > 18,606 11.5 RCVD_IN_RP_SAFE22,405 22,399
> describe RP_MATCHES_RCV
On 11/21/2011 10:53 AM, dar...@chaosreigns.com wrote:
> On 11/21, pipjg wrote:
>> dumn here? Does the T_ mean something I don't know?
> Yes, it means there is a bug in the way spamassassin rules are being
> published. It stands for "testing".
>
> "rules with a T_ prefix to their names are never pu
On 11/21, pipjg wrote:
> dumn here? Does the T_ mean something I don't know?
Yes, it means there is a bug in the way spamassassin rules are being
published. It stands for "testing".
"rules with a T_ prefix to their names are never published"
- http://wiki.apache.org/spamassassin/SaUpdateBackend
On 11/21, ercibrest wrote:
> Maybe there is a problem of configuration because all of my emails come from
> the same IP. From internet, email send to my domain is receive from my
> provider and then, the provider relay mails to my mailscanner 's server.
Add that IP to your trusted_networks setting
On 11/20/2011 10:02 PM, Sergio wrote:
>
> header __ENV_FROM_DHLReceived =~ /envelope-from [^ @]+@dhl[^
> .]+\.com/i
> header __FROM_DHLFrom =~ /\bdhl[^ .]+\.com/i
These will match any domain that starts with "dh" and ends with ".com".
For example, they will match "someu...@dhalail
On Mon, 21 Nov 2011 03:11:48 -0800 (PST)
pipjg wrote:
>
> Hi,
>
> Was wondering if could have some advice, and I probably know what I'm
> going to do anyway, just wanted a few others opinions..
>
> I've been analysing a load of mail which is having it's SA score
> reduced by what looks like pai
On Mon, 21 Nov 2011 03:11:48 -0800 (PST), pipjg wrote:
Has anyone else seen this or got any advice on this matter? Should we
be
trusting a paid for whitelist?
where do you pay ?
why not report spam to returnpath ?
but feel free to set scores to zero, if you like to pay :-)
Hi,
Was wondering if could have some advice, and I probably know what I'm going
to do anyway, just wanted a few others opinions..
I've been analysing a load of mail which is having it's SA score reduced by
what looks like paid for whitelists. A view of the SA scores I'm seeing is:
RuleTotal
need to see the rule hits for the negative scores..
also I don't see any RBL, URIBL, pyzor or razor scores in there, have you
disabled network tests? these are really valuable - just make sure you
only choose a couple of the RBL's (see
http://wiki.mailscanner.info/doku.php?id=maq:index#getting_th
Hello and sorry for my english.
I have got mailscanner, postfix 2.8.2, spamassassin 3.3.1. I don t have
pyzor ou razor. Mailscanner is only a gateway for my exchange 2010
In Spamassassin, i have really very bad score or negative score, for example
the last emails and score from spamassassin :
-
Hello and sorry for my english.
I have got mailscanner, postfix 2.8.2, spamassassin 3.3.1. I don t have
pyzor ou razor. Mailscanner is only a gateway for my exchange 2010
In Spamassassin, i have really very bad score or negative score, for example
the last emails and score from spamassassin :
-
Hello and sorry for my english.
I have got mailscanner, postfix 2.8.2, spamassassin 3.3.1. I don t have
pyzor ou razor. Mailscanner is only a gateway for my exchange 2010
In Spamassassin, i have really very bad score or negative score, for example
the last emails and score from spamassassin :
-
32 matches
Mail list logo
