On Thu, 8 Sep 2016 15:53:00 -0500 (CDT)
Shane Williams wrote:
> Hey all,
>
> I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in
> digging deeper, I realize that there are zero hits on this rule for
> the two weeks prior to Aug. 31, and now I'm seeing it thousands of
> times per w
Am 08.09.2016 um 22:53 schrieb Shane Williams:
I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in
digging deeper, I realize that there are zero hits on this rule for
the two weeks prior to Aug. 31, and now I'm seeing it thousands of
times per week (not just against google IPs).
I’m seeing the same thing here, I’ve had to adjust that score lower. Also
seeing lots of RCVD_IN_SORBS_WEB false-positives.
On 9/8/16, 4:53 PM, "Shane Williams" wrote:
Hey all,
I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in
digging deeper, I realize that t
Hey all,
I'm seeing google IP ranges hit the RCVD_IN_SORBS_SPAM rule, and in
digging deeper, I realize that there are zero hits on this rule for
the two weeks prior to Aug. 31, and now I'm seeing it thousands of
times per week (not just against google IPs).
Was this rule added/changed/re-scored
> On Sep 8, 2016, at 10:05 AM, apache.org+spamassas...@daniel-rudolf.de wrote:
>
> As you can see, SA will increase the score by 0.5 when the From: and
> Return-Path: headers don't match ("ne" for "not equal").
This particular rule will FP for most mailing list emails... including this
one. (R
On Thu, 8 Sep 2016, Chip M. wrote:
Last week, I sent John Hardin some spamples, and he very kindly
wrote & masschecked rules over the long weekend (Geek!). :)
He found a significant FP risk.
It's possible meta'ing with some of the conditions mentioned above would
reduce the FPs.
Unfortunate
Hi,
I would like to share my (pretty simple) SA plugin I've developed
recently to do a pretty basic task: Comparing message headers against
each other.
It is mostly useful to compare the various address headers of an email,
a frequent use case might be to compare the Return-Path: and From: h
On Thu, 8 Sep 2016, Chip M. wrote:
On Sat, 3 Sep 2016, John Hardin wrote:
I've tweaked the FP avoidance a bit, maybe that will be enough
to get the S/O up high enough to publish it.
John, do you have any detailed info about the Ham hits?
It's possible to look up what rules hit those message
On Thu, 2016-09-08 at 13:44 +, Chip M. wrote:
> On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote:
> >
> > i get a diff-output per mail each time the mailserver configs
> > are changing
> That's a completely valid approach, and I am a big fan of
> pre-emptive first strike (only as applied to p
On 09 Jul 2016, at 08:32, jaso...@mail-central.com wrote:
>
> Fwiw, atm I block all of the following TLDs
> [big list]
> That list is auto-generated. Any & all TLDs that have sent > 100 messages
> within the last year *AND* have a spam/reject rate >= 99% get blocked by TLD,
> never get past b
Am 08.09.2016 um 15:44 schrieb Chip M.:
On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote:
i get a diff-output per mail each time the mailserver configs
are changing
That's a completely valid approach, and I am a big fan of
pre-emptive first strike (only as applied to potentially evil
email)
On Thu, 8 Sep 2016, "lists [at] rhsoft.net" wrote:
>i get a diff-output per mail each time the mailserver configs
>are changing
That's a completely valid approach, and I am a big fan of
pre-emptive first strike (only as applied to potentially evil
email).
However, the vast majority of those TLDs
Am 08.09.2016 um 10:33 schrieb Chip M.:
On Sat, 09 Jul 2016, jasonsu wrote:
Fwiw, atm I block all of the following TLDs
...
men,
..
That list is auto-generated. Any & all TLDs that have
sent > 100 messages within the last year *AND* have a
Great approach Jason! :)
".men" just recently ap
On Sat, 09 Jul 2016, jasonsu wrote:
>Fwiw, atm I block all of the following TLDs
...
>men,
..
>That list is auto-generated. Any & all TLDs that have
>sent > 100 messages within the last year *AND* have a
Great approach Jason! :)
".men" just recently appeared in my data, and is not showing up
on
Spample:
http://puffin.net/software/spam/samples/0043_driveby_from-rn_in_url.txt
I removed 19 (of 20 original) email addresses out of the
To header, ST:TOS munged all remaining email addresses, and
munged the target URL to match the other mungings.
Everything else is exactly as received, im
On Sat, 3 Sep 2016, John Hardin wrote:
>I've tweaked the FP avoidance a bit, maybe that will be enough
>to get the S/O up high enough to publish it.
John, do you have any detailed info about the Ham hits?
I just datamined my three best corpora, from the beginning of
2014 thru this weekend, and fo
16 matches
Mail list logo
