On 12/20/18 8:34 PM, Grant Taylor wrote:
I'm going back through and analyzing how I'm extracting data and trying
to satisfactorily explain some oddities.
Out of 244,921 messages there are 16,528 unique addresses, this is how
the messages break down for
Here's how the dots in the user parts o
On 12/20/18 8:36 PM, Benny Pedersen wrote:
and xxx is a real tld,
Yes.
so you ddos maillist members now
How so?
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
Grant Taylor skrev den 2018-12-21 03:49:
Note: These are what I considered legitimate enough to keep in my
mail structure. I don't keep spam for very long. This corpus goes
back to 2001.
and xxx is a real tld, so you ddos maillist members now
On 12/20/18 7:54 PM, Amir Caspi wrote:
Some of the ones with equal-signs look like bounce addresses from
envelopes, that would not be in the From header.
I'm going back through and analyzing how I'm extracting data and trying
to satisfactorily explain some oddities. I don't think there will b
On 12/20/18 7:54 PM, Amir Caspi wrote:
Are these in the From: header or the envelope-from (Return-Path)?
These are all the From: header.
Some of the ones with equal-signs look like bounce addresses from
envelopes, that would not be in the From header. Or did you just look for
any email addr
On Dec 20, 2018, at 7:49 PM, Grant Taylor wrote:
>
> So here's the user parts (left hand side of the @) of emails.
Are these in the From: header or the envelope-from (Return-Path)? Some of the
ones with equal-signs look like bounce addresses from envelopes, that would not
be in the From heade
On 12/20/18 7:36 PM, Grant Taylor wrote:
I don't know. I'm re-running the command to scan my mailbox extracting
From: addresses. (I'm logging to a file this time.) I'll do some
analysis and let you know.
I don't know what sort of characterization you may want. So here's the
user parts (le
On 12/20/18 6:16 PM, Amir Caspi wrote:
I never intended for the rule to be applied on its own, but far more
likely that it would become part of a meta rule with other spammy
indicators.
Ah. That makes more sense.
That being said, it is your server and you're free to run it however you
want.
On Dec 20, 2018, at 5:13 PM, Noel Butler wrote:
> I have to agree with Grant, two dots is crazy low, you might as well score at
> one dot. A lot of emails are firstname.initial.surname even many government
> departments in this part of the world use two dot format.
>
I never intended for the
On 21/12/2018 09:52, Grant Taylor wrote:
> On 12/20/2018 03:11 PM, Amir Caspi wrote:
>
>> Two or more dots in the From username seems to be rather spammy (and we've
>> talked about it before on the list).
>
> I feel obligated to comment that my wife's email address (Gmail) has two dots
> in i
On 12/20/2018 03:11 PM, Amir Caspi wrote:
Two or more dots in the From username seems to be rather spammy (and
we've talked about it before on the list).
I feel obligated to comment that my wife's email address (Gmail) has two
dots in it. (Gmail is it's own can of worms for dots as they strip
On 20 Dec 2018, at 17:54, Bill Cole wrote:
If you cannot wait 5 more hours and have an updated SVN checkout of
the 'trunk' code, you can run:
make clean ; echo |perl Makefile.PL ; make build_rules
That will leave a proper set of rules files in the rules/ directory.
If you copy rules/72_a
On 20 Dec 2018, at 17:56, Kevin A. McGrail wrote:
We've had a few occurrences of essentially the same problem (a bad
rules package due to an ignored lint failure in a nightly update)
over
the past few years. In addition to correcting the problematic rule I
have also fixed the script which inte
On 12/20/2018 5:54 PM, Bill Cole wrote:
> On 20 Dec 2018, at 13:41, Bill Cole wrote:
>
>> This should now be fixed for the next rules update.
>
> And, On 20 Dec 2018, at 17:04, (ignoring an explicit Reply-To header
> in a direct message to me!) Frank Giesecke wrote:
>
>> How can I force the rules u
On 20 Dec 2018, at 13:41, Bill Cole wrote:
This should now be fixed for the next rules update.
And, On 20 Dec 2018, at 17:04, (ignoring an explicit Reply-To header in
a direct message to me!) Frank Giesecke wrote:
How can I force the rules update?
You cannot. The "rules update" I referre
On Thu, 20 Dec 2018, Amir Caspi wrote:
John, would you mind sandboxing a rule?
Two or more dots in the From username seems to be rather spammy (and
we've talked about it before on the list). Would you mind sandboxing this test
rule to see if it would be helpful as a main rule? I get
John, would you mind sandboxing a rule?
Two or more dots in the From username seems to be rather spammy (and
we've talked about it before on the list). Would you mind sandboxing this test
rule to see if it would be helpful as a main rule? I get a lot of spam locally
that hits this...
On Thu, 20 Dec 2018 13:26:30 -0700
Grant Taylor wrote:
> On 12/20/2018 12:34 PM, Grant Taylor wrote:
> > Does SpamAssassin even handle two true From:addr(esses)?
>
> I'm hoping someone will comment on the above question.
>
> > I'll have to go back and read pertinent RFCs to see how
> > struth
On 12/20/2018 12:34 PM, Grant Taylor wrote:
Does SpamAssassin even handle two true From:addr(esses)?
I'm hoping someone will comment on the above question.
I'll have to go back and read pertinent RFCs to see how
struth...@psfc.mit.edu is interpreted, seeing as how it's outside of
double quot
On 12/20/2018 10:30 AM, Mark London wrote:
Hi - What's the best rule to catch email with multiple addresses in the
From: line?
¯\_(ツ)_/¯
I realize thatrfc2822allows it.
Does SpamAssassin even handle two true From:addr(esses)? I.e.:
From: ,
Does From:addr contain both of the from addr
On 20 Dec 2018, at 11:55, Marcus Schopen wrote:
> Am Donnerstag, den 20.12.2018, 12:35 +0100 schrieb Marcus Schopen:
>> Hi,
>>
>> I get a warning, when updating the channel:
>>
>> --
>> config: warning: description exists for non-existent rule EXCUSE_24
>>
>> channel: lint check of update fail
Sorry, I meant this doesn't work:
header BAD_FROM_PSFCFrom: =~ /^\S+\@psfc.mit.edu,/i
Without the ^ It does work:
header BAD_FROM_PSFCFrom: =~ /\S+\@psfc.mit.edu,/i
So I just tried:
header BAD_FROM_PSFCFrom: =~ /^\W*\S+\@psfc.mit.edu
On Thu, 2018-12-20 at 10:26 -0600, Rick Gutierrez wrote:
> Hi , what would be the correct way to see the spamassassin report?
>
I've added
report_safe 1
to my SA configuration.
This has no effect on ham, but spam is treated the same way bounced e-
mails: a wrapper message is created containi
Hi - What's the best rule to catch email with multiple addresses in the From:
line? I realize thatrfc2822allows it. But the only email we've ever received
with multiple addresses, were spam, and even GMAIL.COM doesn't allow it:
<<< 550-5.7.1 Messages with multiple addresses in From:
<<< 550 5
Am Donnerstag, den 20.12.2018, 12:35 +0100 schrieb Marcus Schopen:
> Hi,
>
> I get a warning, when updating the channel:
>
> --
> config: warning: description exists for non-existent rule EXCUSE_24
>
> channel: lint check of update failed, channel failed
> sa-update failed for unknown reason
El jue., 20 dic. 2018 a las 10:36, Reindl Harald
() escribió:
>
>
> Am 20.12.18 um 17:26 schrieb Rick Gutierrez:
> > add_header all Report _REPORT_
>
> you got already the correct answer and since it is a header you need to
> look at the raw-source of the message to see it
>
> report_safe 0
> a
El lun., 17 dic. 2018 a las 8:37, Kevin A. McGrail
() escribió:
>
> On 12/16/2018 4:35 PM, RW wrote:
> > On Sun, 16 Dec 2018 08:30:58 -0500
> > Kevin A. McGrail wrote:
> >
> >
> >> On Sat, Dec 15, 2018, 17:25 RW >>
> >>> On Sat, 15 Dec 2018 22:26:17 +0100
> >>> sebast...@debianfan.de wrote:
> >>>
Hi,
I get a warning, when updating the channel:
--
config: warning: description exists for non-existent rule EXCUSE_24
channel: lint check of update failed, channel failed
sa-update failed for unknown reasons
--
Cheers
Marcus
W dniu 19.12.2018 o 16:16, Kris Deugau pisze:
> RW wrote:
>> It looks like sa-update has lost support for paths in mirror URLs. The
>> SA mirrors don't currently have paths, but the commented-out dostech
>> entry suggests that they have been supported in the past.
>
> I came across this myself sin
29 matches
Mail list logo
