> On Aug 3, 2016, at 4:37 PM, John Hardin wrote:
>
> On Wed, 3 Aug 2016, Ryan Coleman wrote:
>
>> So your script dings my websites because I use .php as an extension without
>> doing SEO?
>>
>> That seems really silly. Many websites use internal pages without SEO
>> because of the royal PITB
On Wed, 3 Aug 2016, Ryan Coleman wrote:
So your script dings my websites because I use .php as an extension without
doing SEO?
That seems really silly. Many websites use internal pages without SEO
because of the royal PITB they can be to program all the little
variables. For crying out loud
So your script dings my websites because I use .php as an extension without
doing SEO?
That seems really silly. Many websites use internal pages without SEO because
of the royal PITB they can be to program all the little variables. For crying
out loud most unsubscribe links are scripts with var
New tests lead me to the following rule. It works
and is now deployed on production servers.
full B_PLL /(?:(?!<\/p>).){2000}/msi
describe B_PLL Paragraph Length Limit
score B_PLL 1.5
rawbody has a hidden bug: it breaks the above rule too.
I am re-writing all local rules to "full" until "rawbody"
On Wed, 3 Aug 2016, Ruga wrote:
Pointless. Why set the "multiple" flag if you're going to set "maxhits=1"??
To really stop at the first match.
That is the behavior if the "multiple" flag is not provided. "multiple"
exists specifically to allow you to *NOT* stop at the first match.
--
Joh
>Looks like a SA bug to me.
At last...
> rawbody __B_PLL /(?:(?!).){999}/msi
Well done.
>> tflags __B_PLL multiple maxhits=1
>Pointless. Why set the "multiple" flag if you're going to set "maxhits=1"??
To really stop at the first match.
> simply having a paragraph longer than 999 characters is
Copy paste the entire message, including headers to pastebin.com which is the
preferred action, as the spam filters on this list may well filter it out if
sent as an email anyway.
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Pho
I cannot post the original spam message.
Protonmail checks the outgoing messages:
if they are spammy, then the sender is banned.
I managed to send you a stripped version of
the original without loosing my account.
Be happy with it, because it is as close as you will ever get to the ugliness
of the
Sent from ProtonMail Mobile
On Wed, Aug 3, 2016 at 6:59 PM, Matus UHLAR - fantomas <'uh...@fantomas.sk'>
wrote:
On 03.08.16 12:42, Ruga wrote:
>This is the stripped test. The number of characters is reduced to 72
>from the original 999: make your own choice. The attached e-mail
>triggers the rul
On 3 Aug 2016, at 6:07, Ruga wrote:
Hello,
We received a new type of spam, twice, and we are not willing to give
them a third chance.
The body includes a long html paragraph (...) of headlines from
the news.
The following works at the command line:
perl -p0e 's/((?:(?!<\/p>).){999,}<\/p>)/-
On 03.08.16 12:42, Ruga wrote:
This is the stripped test. The number of characters is reduced to 72
from the original 999: make your own choice. The attached e-mail
triggers the rule *if* I remove at least one "example" string.
Perl: 5.22.2
SA: 3.4.1
rawbody B_PLL m|(?:(?!).){72,}|msi
describe
Why are you doing a "tflags __B_PLL multiple maxhits=1" ?
If you have "maxhits=1" what's the point of "multiple" at all?
On 03.08.16 12:31, Ruga wrote:
To limit the number of possible matches to a single one.
you did not get it. what you describe is the standard behaviour.
you need "tflags mu
> Use a 'full' not 'rawbody' rule.
I do not need to parse the header.
>Why are you doing a "tflags __B_PLL multiple maxhits=1" ?
>If you have "maxhits=1" what's the point of "multiple" at all?
To limit the number of possible matches to a single one.
On Wed, 3 Aug 2016, Robert Boyl wrote:
Hi, everyone
I have a very nice regex a friend passed me that catches those emails that have
an HTML attached with a redirect html command to
some malefic website.
He has some tool in Exim that scans text in attachments. But I wanted to use a
spamassass
Use a 'full' not 'rawbody' rule.
IE:
full B_PLL /(?:(?!<\/p>).){999,}<\/p>/msi
Why are you doing a "tflags __B_PLL multiple maxhits=1" ?
If you have "maxhits=1" what's the point of "multiple" at all?
On Wed, 3 Aug 2016, Ruga wrote:
Hello,
We received a new type of spam, twice, and we are no
On 2016-08-03 14:13, Robert Boyl wrote:
I have a very nice regex a friend passed me that catches those emails
that have an HTML attached with a redirect html command to some
malefic website.
bravo
He has some tool in Exim that scans text in attachments. But I wanted
to use a spamassassin rul
Hi, everyone
I have a very nice regex a friend passed me that catches those emails that
have an HTML attached with a redirect html command to some malefic website.
He has some tool in Exim that scans text in attachments. But I wanted to
use a spamassassin rule.
Is there some plugin/way in Spamas
OK
Sent from ProtonMail Mobile
On Wed, Aug 3, 2016 at 12:58 PM, Ryan Coleman <'ryan.cole...@cwis.biz'> wrote:
Keep in mind we do not know that. It is better to not reply and wait a few
hours than get Reindl worked up. :)
> On Aug 3, 2016, at 5:55 AM, Ruga wrote:
>
> I am AWAY for my office.
Am 03.08.2016 um 12:55 schrieb Ruga:
I am AWAY for my office
then reply when you are back
Real spam truly unnecessary
says who in case of writing a sane rule?
to understand the context it is necessary and in any case prefered to
dig in the dark with some isolated stuff
On Wed, Aug 3,
Keep in mind we do not know that. It is better to not reply and wait a few
hours than get Reindl worked up. :)
> On Aug 3, 2016, at 5:55 AM, Ruga wrote:
>
> I am AWAY for my office.
> Real spam truly unnecessary.
>
> Sent from ProtonMail Mobile
>
>
> On Wed, Aug 3, 2016 at 12:51 PM, Reind
I am AWAY for my office.
Real spam truly unnecessary.
Sent from ProtonMail Mobile
On Wed, Aug 3, 2016 at 12:51 PM, Reindl Harald <'h.rei...@thelounge.net'> wrote:
Am 03.08.2016 um 12:49 schrieb Ruga:
> echo "$( cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold
> -w 999 | head -n 1 )"
Am 03.08.2016 um 12:49 schrieb Ruga:
echo "$( cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold
-w 999 | head -n 1 )" >example.txt
spamassassin -t -D B_LLL.rule
you where asked for a real *mail* example instead some generic stuff
On Wed, Aug 3, 2016 at 12:15 PM, Axb <'axb.li...@g
echo "$( cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 999
| head -n 1 )" >example.txt
spamassassin -t -D B_LLL.rule wrote
please pastebin a sample msg
On 08/03/2016 12:07 PM, Ruga wrote:
Hello,
We received a new type of spam, twice, and we are not willing to give them a
third chance.
The body includes a long html paragraph (...) of headlines from the news.
The following works at the command line:
perl -p0e 's/((?:(?!<\/p>).){999,}<\/p>)/-->$
>I would be most grateful if you could spot the but in the above rule.
The *bug*, sorry.
Hello,
We received a new type of spam, twice, and we are not willing to give them a
third chance.
The body includes a long html paragraph (...) of headlines from the news.
The following works at the command line:
perl -p0e 's/((?:(?!<\/p>).){999,}<\/p>)/-->$1<--/msig' example.eml
perl -n0e '/((?
Am 03.08.2016 um 01:43 schrieb Benny Pedersen:
On 2016-08-02 17:03, Matus UHLAR - fantomas wrote:
you can not, but you could check util_rb_2tld and util_rb_3tld
directives
to see if it fits your needs
use them will disable spam test on this tld aswell
just look at
/var/lib/spamassassin/
27 matches
Mail list logo
