At 10:48 AM -0700 06/17/2013, John Hardin wrote:
On Mon, 17 Jun 2013, Amir 'CG' Caspi wrote:
I am now seeing STYLE_GIBBERISH hitting on a lot of spam in the
past day or so, since the new rules hit the distribution. So far,
all TPs, no FPs.
Yay!
But, I found one today that should have hit
Hi,
On Mon, Jun 17, 2013 at 10:39 PM, Benny Pedersen wrote:
> John Hardin skrev den 2013-06-17 20:52:
>
>>> http://pastebin.com/qwdtSqJd
>>
>> Well, that *is* gibberish in a STYLE tag. Bad coder, no biscuit.
>>
>> If it persists I can add an exclusion for mail from groupon.com
>
> Content analysi
John Hardin skrev den 2013-06-17 20:52:
http://pastebin.com/qwdtSqJd
Well, that *is* gibberish in a STYLE tag. Bad coder, no biscuit.
If it persists I can add an exclusion for mail from groupon.com
Content analysis details: (-2.4 points, 5.0 required)
pts rule name descript
Hi,
I am now seeing STYLE_GIBBERISH hitting on a lot of spam in the past day
or so, since the new rules hit the distribution. So far, all TPs, no
FPs.
>>>
>>>
>>> Yay!
>>
>>
>> I've also noticed the latest iteration hitting now quite a bit, but
>> also found an FP from groupon:
>>
Hi,
I've been working with a rule to catch forged mail from gmail and
yahoo, however, it's hitting some ham now and hoped someone could
help. Doesn't gmail allow for configurations where they just relay
mail for your hosted domain?
This domain is whitelisted, or it otherwise would have hit.
http
On Mon, 17 Jun 2013, Alex wrote:
Hi,
On Mon, Jun 17, 2013 at 1:48 PM, John Hardin wrote:
On Mon, 17 Jun 2013, Amir 'CG' Caspi wrote:
At 7:20 PM -0700 06/15/2013, John Hardin wrote:
I took a closer look at this and it seems they're working around trivial
gibberish detection by putting a va
Hi,
On Mon, Jun 17, 2013 at 1:48 PM, John Hardin wrote:
> On Mon, 17 Jun 2013, Amir 'CG' Caspi wrote:
>
>> At 7:20 PM -0700 06/15/2013, John Hardin wrote:
>>>
>>> I took a closer look at this and it seems they're working around trivial
>>> gibberish detection by putting a valid CSS property at th
On Mon, June 17, 2013 11:48 am, John Hardin wrote:
> Well, that's a much harder problem. STYLE tags have a specified format,
> and content not matching that format is (fairly) easy to detect. Comments
> are freeform text - "gibberish" has the same meaning there that it does in
> regular body text.
On Mon, 17 Jun 2013, Amir 'CG' Caspi wrote:
At 7:20 PM -0700 06/15/2013, John Hardin wrote:
I took a closer look at this and it seems they're working around trivial
gibberish detection by putting a valid CSS property at the very beginning
of the style tag.
Revising the rules...
I am now se
At 7:20 PM -0700 06/15/2013, John Hardin wrote:
I took a closer look at this and it seems they're working around
trivial gibberish detection by putting a valid CSS property at the
very beginning of the style tag.
Revising the rules...
I am now seeing STYLE_GIBBERISH hitting on a lot of spam
On 17.06.13 13:34, emailitis.com wrote:
We get quite a lot of Spam at present which is getting Bayes 00 so I know it
is mis-reporting. I just don't know why or what to do about it:
So what is the easiest way to re-learn Spam with low Bayes?
pipe the spam to "spamassassin -r" or "spamc -L spa
Thanks for the reply.
We get quite a lot of Spam at present which is getting Bayes 00 so I know it
is mis-reporting. I just don't know why or what to do about it:
Jun 17 12:23:31 plesk3 spamd[3268]: spamd: result: . 4 -
BAD_CREDIT,BAYES_00,HTML_IMAGE_RATIO_08,HTML_MESSAGE,RCVD_IN_XBL,RP_MATCHES
On Mon, 17 Jun 2013 10:48:34 +1200
Jason Haar wrote:
> Just a FYI but SA scores failures of "~all" much stronger than it does
> for "-all"
They all score under one point.
>
> http://spamassassin.1065346.n5.nabble.com/default-score-for-SPF-HELO-FAIL-too-low-td13894.html
>
>
> That's it - I'm r
On Mon, 2013-06-17 at 18:51 +1200, Jason Haar wrote:
> On 17/06/13 16:14, Benny Pedersen wrote:
> > Jason Haar skrev den 2013-06-17 00:48:
> >
> >> That's it - I'm removing SPF...
> >
> > hardfail is for mta, softfails is for spamassassin, if your mta accept
> > hardfail spf, then you self ask for
On 17.06.13 11:52, emailitis.com wrote:
Autolearn is turned on. I don't think we allow users to train without
review - is there a way I can confirm? We have Plesk 10 and are using SA
through qmail-scanner. Even a high Bayes seems to have been mis-classified:
Jun 17 11:44:04 plesk3 spamd[186
Autolearn is turned on. I don't think we allow users to train without
review - is there a way I can confirm? We have Plesk 10 and are using SA
through qmail-scanner. Even a high Bayes seems to have been mis-classified:
Jun 17 11:44:04 plesk3 spamd[18601]: spamd: result: . 3 -
BAYES_99,FORGED
Autolearn is turned on. I don't think we allow users to train without
review - is there a way I can confirm? We have Plesk 10 and are using SA
through qmail-scanner. Even a high Bayes seems to have been mis-classified:
Jun 17 11:44:04 plesk3 spamd[18601]: spamd: result: . 3 -
BAYES_99,FORGED
Jason Haar skrev den 2013-06-17 08:51:
?? SA scores hardfails as 0.0 due to the high positive rate.
Therefore
blocking on SPF hardfails must lead to a high FP rate too? If your
organization is willing to live with valid email being bounced, fine
-
but I'm going to listen to our SA overlords
18 matches
Mail list logo
