Le 10/01/2025 à 15:35, Bill Cole a écrit :
On 2025-01-10 at 08:49:04 UTC-0500 (Fri, 10 Jan 2025 14:49:04 +0100)
John Wilcock
is rumored to have said:
Hi all,
I'm using Spamassassin 4.0.1 on Gentoo and I've recently switched to
using MySQL (actually Mariadb 10.6) for Bayes stor
Hi all,
I'm using Spamassassin 4.0.1 on Gentoo and I've recently switched to
using MySQL (actually Mariadb 10.6) for Bayes storage.
I'm seeing "WARNING: MYSQL_OPT_RECONNECT is deprecated and will be
removed in a future version" warnings.
$ spamassassin --lint --debug=bayes
Jan 10 14:45:02.8
The problem with your analogy is that you are not just interacting with
one unwelcome neighbour with a defective washing machine, but with
dozens of neighbours whose washing machines work perfectly but who
happen to share the same plumber as the unwelcome one. And in many cases
these people are
On 2020-08-01 21:23, bugzilla-dae...@spamassassin.apache.org wrote:
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7826
>
> --- Comment #58 from Kevin A. McGrail ---
> (In reply to John Hardin from comment #57) (In reply to Kevin A. McGrail from
> comment #55)
>
> This isn't a plugin to
On 2020-07-10 10:36, Matus UHLAR - fantomas wrote:
> On 10.07.20 08:50, Axb wrote:
>
>> the US problems won't be fixed with renaming B&W lists.
>> Seriously.. you have more important issues...
>
> while I am not a fan of renaming, I think that
> "welcome list" and "block list" are more informat
Le 03/05/2020 à 05:27, Grant Taylor a écrit :
On 5/2/20 1:47 PM, Loren Wilton wrote:
The compromised password is already in plain text in the subject of
the message; there isn't much point in hiding it other than
embarassment.
What if the email server with the list of plain text passwords is
Le 21/03/2019 à 14:52, John Wilcock a écrit :
Le 20/03/2019 à 20:19, Bill Cole a écrit :
I've added these lines to the block that defines MIXED_ES which may
help some sites:
lang pl score MIXED_ES 0.01
lang cz score MIXED_ES 0.01
lang sk score MIXED_ES 0.01
la
Le 20/03/2019 à 20:19, Bill Cole a écrit :
I've added these lines to the block that defines MIXED_ES which may help
some sites:
lang pl score MIXED_ES 0.01
lang cz score MIXED_ES 0.01
lang sk score MIXED_ES 0.01
lang hr score MIXED_ES 0.01
lang el score MIXED_E
Le 23/02/2019 à 01:42, David B Funk a écrit :
IIWY I'd just redefine the HTML_IMAGE_ONLY_XX rules in the form
body __HTML_IMAGE_ONLY_28 eval:html_image_only('2400','2800')
meta HTML_IMAGE_ONLY_28 __HTML_IMAGE_ONLY_28 && !L_O365_USER
That's one way, but given that HTML_IMAGE_ONLY_28 is a core
Le 02/02/2017 à 15:50, RW a écrit :
On Thu, 2 Feb 2017 05:43:24 -0500
Kevin A. McGrail wrote:
...
I will score much higher since it is in the wild. Can you throw a
spample up on pastebin?
Perhaps text/html makes a big difference, but base64 encoded utf-8
text is not uncommon these days - part
Le 28/09/2016 à 16:56, SA a écrit :
what .cf file includes that rule on your system?
That was the point: I can't find it. I've done a grep for NOTSAME on
usr/share/spamassassin/*.cf but got nothing. Is there another place I
should be looking?
/etc/mail/spamassassin is another likely place, bu
Le 28/06/2016 à 16:13, David Jones a écrit :
From: RW
That wont work in this example because nothing has actually been
spoofed.
...
All it takes is a compromised account on a trusted mail server (happens
all of the time) to provide a conduit for this type of phishing email. Very
easy to
Le 05/11/2015 15:54, Matthias Apitz a écrit :
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on c720-r276659
X-Spam-Flag: YES
X-Spam-Level: **
X-Spam-Status: Yes, score=1000.0 required=3.0 tests=GTUBE,NO_RECEIVED,
NO_RELAYS autolea
Le 08/10/2015 17:34, Reindl Harald a écrit :
Content-Type: text/plain; charset=utf-16
Content-Transfer-Encoding: base64
no custom body rules hit like they do for ISO/UTF8 :-(
What is your normalize_charsets setting?
--
John
Le 02/07/2015 04:23, Alex a écrit :
Not sure if the Unicode replace stuff will catch it, but you might try this:
>
> body FUZZY_DETAILS /(?:etails)/i
> replace_rules FUZZY_DETAILS
It doesn't catch it, and I don't know enough about replace_rules to
figure it out.
Shouldn't that ?:
Le 02/07/2015 04:50, John Hardin a écrit :
Is there supposed to be an existing FUZZY_DETAILS rule?
I don't think so.
If you were to envisage such a rule, it's worth noting that it would
almost certainly need a special case to avoid FPs on genuine French
"détails" with an acute accent. There
Le 04/06/2015 17:47, Kevin A. McGrail a écrit :
As noted, I think the users@ might welcome the information especially if
it is filterable. But someone will have to step up and work on that
script.
If someone does see the need for this and volunteer to improve the
script, perhaps it could be c
Le 26/11/2014 19:56, Christian Grunfeld a écrit :
even /64 DNSxLs will be expensive !
/64 lists will have 2^32 times more entries than IPv4 lists.
/64 lists can *theoretically* have that many entries, yes, but it'll be
a very long time before there are 2^32 times as many *allocated* IPv6
/64s
Le 29/10/2014 16:54, Mark Martinec a écrit :
2014-10-29 16:26, Joe Acquisto-j4 wrote:
Comments on the ZD net article that claims shellshock exploit via
crafty SMTP headers? Just asking, that's all . . .
I attached a link to it below, please excuse if that is improper
behavior.
http://www.zd
Le 20/10/2014 17:03, Reindl Harald a écrit :
Am 20.10.2014 um 17:00 schrieb motty cruz:
yes you're right I am trying to "reject" emails that end with *.eu and
*.link. can I do a wild card *.eu? *.link?
http://www.postfix.org/access.5.html
http://www.postfix.org/regexp_table.5.html
http://www.p
Le 16/09/2014 13:29, Reindl Harald a écrit :
works, however, the penalty of 2 for 'List-Unsubscribe' without 'List-Id'
feels a little bit unfair
What's unfair about being penalised for not being standards-compliant?
RFC2919 states that a mailing list SHOULD add a List-Id header, just as
RFC23
Le 16/09/2014 12:24, Reindl Harald a écrit :
score LIST_PARTIAL 2.000 1.999 2.000 1.999
that feels too high, as example we add "List-Unsubscribe"
headers in case of ordiany newsletters to support MUA
which read that header (for TB a extension exists)
IMHO that penalty hits senders which try to
Le 26/08/2014 21:03, Reindl Harald a écrit :
i just don't know how to do that with the setup and mailflow
by just start "spamassassin -D dns" which runs the process
but how to get the mail there?
You need a copy of the message as a text file on your SA machine, then
you simply run, from the co
Le 05/07/2014 19:08, Philip Prindeville a écrit :
As for encoding a cyrillic small a: there are many ways to do this.
iso-8859-4, utf-8, jp2212, gb2312, win1252, etc. I don’t think this
would be very efficient—there are just too many charsets possible.
Normalising the input message to UTF-8 bef
Le 15/11/2013 16:39, Jay G. Scott a écrit :
About the only thing we can get past the "air gap"
(not a true air gap, but it's the shortest way to
describe it) is email. Management has all these
grandfathered requirements about stuff they must
have_and_ stuff I can't do (e.g.,no RBLs)_and_
(so it
Le 11/06/2013 10:28, Mike Brown a écrit :
I'm running 3.3.2 on two FreeBSD 8.3 systems on different networks. Both
systems are configured roughly identically with regard to SpamAssassin. One
system runs Perl 5.16 (not sure if that matters) and can run sa-update without
error, but the other runs P
Le 10/06/2013 17:38, David F. Skoll a écrit :
That's an interesting honeypot. I've seen spammers crack SMTP AUTH
passwords, but in most cases the first thing they do is send an email
to a freemail account with a subject like:
192.168.33.55,user,passwd
and if they don't get the round-tr
Le 05/02/2013 16:20, Marc Perkel a écrit :
is there a way I can put something in a rule that would cause bayes not
to learn - such as a rule that detects bayes poisoning?
Yep - tflags RULENAME noautolearn
John.
--
-- Over 5000 webcams from ski resorts around the world - www.snoweye.com
-- Tr
Le 30/11/2012 18:18, John Hardin a écrit :
header __AJB_HAS_XEROXX-Mailer =~ /WorkCentre \d{3,5}/
header __AJB_XEROX_SUBJ Subject =~ /Scan from a Xerox/
Thanks! I will add those to my sandbox.
Question: how often do you see that subject _without_ that X-Mailer?
Whenever s
Le 19/10/2012 13:22, Ian Turner a écrit :
I meant something to specifically pick out words like phArmACy.
You could try a rule with a negative lookahead to exclude the correct
casing, something like this (untested):
header SUBJ_MIXED_CASE_PHARMACY Subject =~
/(?![Pp]harmacy)[Pp][Hh][Aa][Rr]
Le 16/10/2012 07:57, Frederic De Mees a écrit :
When I receive mails from servers hosted in IP address space 5.0.0.0/8,
SA tags them with RCVD_ILLEGAL_IP. This address space is currently
heavily distributed in Europe.
I have found a bug report #6810
(https://issues.apache.org/SpamAssassin/show_b
Le 26/09/2012 17:40, Alexandre Boyer a écrit :
Note that you may look upon a X-Envelope-From header also, depending on
your MTA and how and when it may log it in the headers.
Or, provided your spamassassin glue is configured properly, you can test
on the sa-provided EnvelopeFrom pseudo-header.
Le 06/09/2012 18:34, John Hardin a écrit :
...yeah, the _PARTIAL versions are intended to catch a form that's
spread out over several paragraphs or HTML sections. Unfortunately
there's no way to tell a rule to match multiple times but not for a
string it has already matched.
Yes, I've seen simi
Le 12/09/2011 15:20, Tomasz Chmielewski a écrit :
Is there a way to get ALL rule names used by a given spamassassin
installation, together with their descriptions?
grep -R describe /var/lib/spamassassin/3.003002/
would probably be a good place to start
John.
--
-- Over 4000 webcams from ski
Le 01/09/2011 16:23, J4K a écrit :
meta PRIVATE_RULE1 (__PR1&& __PR2)
...
meta PRIVATE_PHONICA2 (__PR1&& __PR2)
Spamassassin -D -lint records this:
Sep 1 15:45:56.313 [11484] dbg: rules: PRIVATE_PHONICA2 merged
duplicates: PRIVATE_RULE1
What is this really telling me, and why is th
Le 09/08/2011 09:06, eprint email a écrit :
One of my customers has sent mail through Nokia mobile. SpamAssassin has
marked it as spam. When I examined the individual score components, I
found RCVD_ILLEGAL_IP with 3.4 score.
I've examined the Received headers for restricted IP addresses. I could
Le 06/07/2011 17:44, tonym302 a écrit :
I get an assortment of domain changing high importance spam email (mostly
sales stuff, some hip replacement info LOL) and want to know if it is
possible to block all high priority stuff liek this. It has the red
exclamation point when it arrives. I tried
Le 19/05/2011 04:46, John Hardin a écrit :
Sure. Well, not a _single_ rule, but you can achieve what you want...
First, write a rule that hits on all messages and assign it a positive
score:
meta RELAYCOUNTRY_ALL__HAS_RCVD
describe RELAYCOUNTRY_ALLRelayed through any country
sc
Le 28/02/2011 20:34, Adam Katz a écrit :
I agree. I have fixed those two specific examples on SA trunk at svn
revision 1075489.
Please note that this sort of thing is better handled as a bug request,
and complaints directed at this list tend not to get such prompt
attention. Try filing it in h
Le 18/01/2011 10:46, Jeff Chan a écrit :
2. Some of the areas are very difficult to resolve into spam or
ham. Some more aggressive anti-spammers may say all of the above
is spam, but others may disagree, and the mail may be legal.
I'd suggest that SA ought to be classifying e-mail in *three*
Le 04/01/2011 17:01, Rob McEwen a écrit :
I've thought this through and... best case scenario is that spammers
then get 5+ years of play time because it will take at least that time
for those other techniques to catch up. Great damage will happen in the
meantime.
That scenario assumes rapid ado
Le 02/12/2010 11:47, Martin Gregorie a écrit :
On Thu, 2010-12-02 at 08:28 +0100, John Wilcock wrote:
I wish I could say the same - at work we have at least a dozen clients
who use challenge/response, and when it's for business you can't just
ignore the challenges, let alone blac
Le 02/12/2010 09:57, Massimiliano Giovine a écrit :
No chance to reproduce this beavior with postfix?
Not with postfix on its own, no. SpamAssassin returns a score, you
decide what action to take.
There are various "glue" systems to do this for you. My personal
recommendation would be MailS
Le 02/12/2010 01:02, Karsten Bräckelmann a écrit :
Personally, I have *never* received a legit C/R. Every single one that
ended up on my machines have been in response to spam sent with a forged
sender address.
I wish I could say the same - at work we have at least a dozen clients
who use chal
Le 24/11/2010 09:50, Tom Kinghorn a écrit :
Subject:
=?windows-1252?Q?100%_Finance_with_No_Deposit_Required_:_Stands_in_a_Pristine_West_Coast_Beachside_Security_Village?=
I would like to match
_Stands_in_a_Pristine_West_Coast_Beachside_Security_Village
By default, header rules work on the *de
Le 23/11/2010 15:36, Ger Apeldoorn a écrit :
You are absolutely right! I have disabled this blocklist in the
Mailscanner config. (I was under the impression that Mailscanner left
all checking to Spamassassin...:( )
While MailScanner *can* check RBLs itself, doing so is only recommended
in ca
Le 06/10/2010 17:13, Mark Martinec a écrit :
Updating to a recent version of IO::Socket::INET6 would probably
solve the issue and would be advised anyway - the 2.51 is pretty
ancient, from October 2004.
Thanks. Updating to 2.63 did indeed solve the problem. I'll file a
gentoo bug to get the ve
Just installed spamassassin on a gentoo box with perl 5.12.
sa-update gives:
Constant subroutine IO::Socket::INET6::AF_INET6 redefined at
/usr/lib64/perl5/5.12.2/Exporter.pm line 64.
at /usr/lib64/perl5/vendor_perl/5.12.2/IO/Socket/INET6.pm line 16
Prototype mismatch: sub IO::Socket::INET6::A
Le 04/10/2010 17:02, Kris Deugau a écrit :
Not sure exactly what this test actually checks (since it's an eval rule
I gave up on tracing after the third layer of
"$self->callanotherfunction"), but it should not be triggering at all on
this set of Received: headers IMO:
...
The entire /16 is ass
Le 22/06/2010 17:09, David Michaels a écrit :
I don't mean to be stupid.. and I know that this should be done with
sieve but..
Is there a obvious reason this doesn't work?
I think it's the "To" thats messing up..
header __GK__PHARMS_01 To =~ micha...@ucrwcu.rwc.uc.edu
header __GK__PHARMS_02 S
Le 22/04/2010 15:13, John Hardin a écrit :
Bayes 50 is neutral and you're scoring it at 0.8?
Agreed that's not a good idea.
Except that 0.8 is the default score for BAYES_50 under 3.3.0 and 3.3.1...
John.
--
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Transla
I've seen a few FPs on this rule from genuine ham sent by one of my
colleagues using Thunderbird 3.0.4 - not all her mail, but specifically
replies to certain messages with UTF-8 encoding.
Anyone else seeing this?
John.
--
-- Over 4000 webcams from ski resorts around the world - www.snoweye.c
Le 25/02/2010 17:06, Charles Gregory a écrit :
On Thu, 25 Feb 2010, John Hardin wrote:
i still see lot of junk mail coming with different charecters, i do not
even read them clearly
how can i stop those kind of emails
Reject languages you can't read at SMTP time?
I've been noticing more 'f
Le 30/01/2010 10:32, Ned Slider a écrit :
There is already a "from Hotmail" rule in 20_head_tests.cf for use in
meta rules that may suffice?
header __FROM_HOTMAIL_COMFrom =~ /\...@hotmail\.com\b/i
Bear in mind, however, that not all hotmail users have hotmail.com
domains. There are plen
Le 27/01/2010 22:31, Kai Schaetzl a écrit :
John Wilcock wrote on Wed, 27 Jan 2010 17:43:56 +0100:
someone forgot to include 72_active.cf and 80_additional.cf in the
sa-update files.
Now I understand. However, why am I not getting these warnings with a
spamassassin --lint?
Presumably
Le 27/01/2010 18:57, Justin Mason a écrit :
Either someone forgot to delete all these rules, or (more likely IMO)
someone forgot to include 72_active.cf and 80_additional.cf in the sa-update
files.
I think you're dead right. It appears one of the build scripts does
the wrong thing with the 3.3
Le 27/01/2010 17:31, Kai Schaetzl a écrit :
John Wilcock wrote on Wed, 27 Jan 2010 15:27:17 +0100:
Me too... 463 of them, to be exact.
Do you want to say that you changed the score of 463 rules?
No, absolutely not. On this test box I haven't changed the scores of any
rules. Ther
Le 27/01/2010 07:30, Ed Kasky a écrit :
Also - is anyone else getting a lot of "warning: score set for
non-existent rule" errors? I ran sa-update after teand continue to get
a slew of them...
Me too... 463 of them, to be exact.
With the exception of ACCESSDB where the score is set to 0 anyway
Le 02/11/2009 18:36, Matt Garretson a écrit :
Good point. It will be fun when grandma loses her glasses and
clicks on a link to ämazon.com or þankofamerica.com
That's the real risk here from an anti-spam point of view, and no doubt
some new sorts of URI rule will be needed once we see what
I'd be happy to see them. I'm working on updating the Advance Fee 419
ruleset and your samples would be welcome. Feel free to gzip up a mbox
and send it to me.
I have a ruleset at http://www.tradoc.fr/spamassassin/fraude_fr.cf that,
while it hasn't been actively updated for a while, still hits
Le 28/07/2009 15:31, Mike Cardwell a écrit :
For those using Thunderbird, I have an addon installed named "Reply to
mailing list" which adds a button "Reply list" inbetween "Reply" and
"Reply All" which has been very useful.
For that matter, for those using Thunderbird 3.0b3, this feature is
b
Le 26/07/2009 04:00, McDonald, Dan a écrit :
>From: Robert [mailto:list...@abbacomm.net]
>> There are no doubt lots of ways, but how about:
>>
>> egrep 'whitelist_from[^_]' local.cf | awk '{FS="@"; print $2"
>> TXT";}' | xargs dig | grep "v=spf1"
>what is this supposed to do?
select all o
Le 24/07/2009 04:09, MySQL Student a écrit :
I don't doubt that if we removed a substantial amount of them that SA
would do what's right, but there doesn't seem to be any scientific way
to do that successfully.
Can't you just look at the scores that the whitelisted messages are
getting and see
Le 22/07/2009 17:48, MySQL Student a écrit :
So, forever I have been using whitelist_from and have probably a
thousand entries.
Firstly, before you convert all these to whitelist_from_rcvd, perhaps
you ought to ask yourself whether you really need 1000 entries on your
whitelist. Does mail fro
Le 06/07/2009 14:22, RW a écrit :
http://pelorus.org/spammy.txt
>
That's odd, I get MISSING_DATE, MISSING_HB_SEP, MISSING_HEADERS,
MISSING_MID, MISSING_SUBJECT too, even though all the headers are there.
So do I until I get rid of the extraneous carriage return in the
following received lin
Le 03/07/2009 12:19, Justin Mason a écrit :
Going by bug 5905 though, and this report, we should probably remove
it from the whitelist.
Is there any *clean* way (i.e. something that could be put in local.cf
or equivalent in order to override files updated by sa-update) for users
to remove thi
Le 30/06/2009 17:16, John Hardin a écrit :
... looking at the www peter got an impression of ...
(-> www.peter.got?)
TLDs are limited and prevent FPs of that particular nature.
Sure, but there are lots of ccTLDs that could be confused with English
words, never mind other languages.
D
Le 21/06/2009 12:04, Jeremy Morton a écrit :
OK, so I just got one of those www medsXX com spams, and even though it
hit my rule and got 2.0 added to it, it still didn't even get over 3
points. Looks like it was sent from quite a legit host. What rules do
other people get matching for this e-mail
Le 14/05/2009 13:30, Alvaro Marín a écrit :
It seems that there is a problem resolving DNS records of that domain so I
want to whitelist it. If I add:
whitelist_from_spf *...@orange.es
You're misunderstanding the purpose of whitelist_from_spf. It is
intended for whitelisting mail from an addr
Le 30/04/2009 15:23, Jean-Paul Natola a écrit :
If anyone can shed some light here , I would appreciate it.
ftp://ftp.fcimail.org/IT/SA/headers.txt
Content-Type: image/png;
name="DSC0080.png"
Over the last week or so I'd been having some success looking for this
pattern, suggested
Le 29/04/2009 02:40, Adam Katz a écrit :
replaces the @ with a dot (not an underscore, that's not a legal
character).
Won't that pose problems distinguishing between fred.blo...@example.tld
and f...@bloggs.example.tld ?
John.
--
-- Over 3000 webcams from ski resorts around the world - www.s
Le 24/04/2009 12:55, Michael Scheidell a écrit :
this spam, http://pastebin.com/m504b4262
one line in email, word document. I didn't see it trigger any of the
space ratio rules.
Nor me.
I also don't see the 'ALL CAPS' rule anymore?
I suspect, without having checked the eval code, that sub
Le 19/03/2009 11:27, John Hardin a écrit :
No reason it shouldn't be. I'd suggest something like a rawbody match on
/]/i meta'd with HTML_MESSAGE should be worth a few (dozen)
points.
FWIW, MailScanner has had the option of disarming and
tags for ages.
John.
--
-- Over 3000 webcams from s
Le 04/03/2009 10:38, Matus UHLAR - fantomas a écrit :
I should note that some policy rules and rules with manually updated scores
(SPF_PASS, BAYES_*) may need to be exempted from this.
We don't want SPF_PASS to generate high positive score, do we?
It could probably be argued both ways. There mi
Le 03/03/2009 17:42, Matus UHLAR - fantomas a écrit :
I have been already thinking about possibility to combine every two rules
and do a masscheck over them. Then, optionally repeating that again,
skipping duplicates. Finally gather all rules that scored>=0.5 ||<=-0.5
- we could have interesting
Le 21/01/2009 17:41, Rejaine Monteiro a écrit :
But, I'm receive a *lot* of spam like this... (another case abelow) and
I don't no how stop this ...
Perhaps if you posted a few *complete* samples with *full headers*,
others could see which rules are hit and suggest improvements...
John.
--
Le 21/01/2009 14:23, Rejaine Monteiro a écrit :
the text suggests a link to a pdf file, but in the truth it is not.
In this specific case perhaps, but there's absolutely nothing to stop a
legitimate php script (or any other URL for that matter) generating a
legitimate PDF file. The only way
Yet Another Ninja a écrit :
http://www.rulesemporium.com/rules/90_2tld.cf
# Last Mod: 11/1/2008
At first I wondered why you were posting now about an update from 11
January - until I realised that this was US date format. How about
2008-11-01 (ISO 8601) as a universal format?
John.
--
-
Mariusz Kruk a écrit :
On czw, 2008-09-11 at 07:53 -0500, Jack L. Stone wrote:
Folks, I'm trying to capture/grep specific given info from the subject
output, like this:
#spamassassin -D --lint | grep database
I KNOW that doesn't work, but describes my issue at hand. I've spent an
hour+ searchi
score RCVD_IN_NJABL_SPAM 15.0
Thanks for that i did add this rule in local.cf can you tell me what it
will do.
It will add 15 points (instead of the 2.072 points in the default
ruleset) to any messages which are received by a relay in the NJABL
blacklist, ensuring that they are pret
Greg Troxel a écrit :
What I want, basically is
domains_exclude WHOIS_MYPRIVREG nabble.com
AFAIK the best you can do is
uridnsbl_skip_domainnabble.com
which excludes nabble from all URIBL lookups.
John.
--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Tr
RCVD_IN_NJABL_SPAM
In local.cf
score RCVD_IN_NJABL_SPAM 15.0
That's a bit drastic - any blacklist can have false positives. In any
case only one of the original poster's samples was on that list anyway.
I've tried a few of the samples which also hit LOTTERY_PH_004470 (from
sa-update to 3.2
Justin Mason a écrit :
John GALLET writes:
Well, thanks for writing it. I think its main weak point for French and
other accented languages is handling the different encodings for a same
char with an accent, some kind of "synonyms" list. The same letter, say "a
with an accent", can be misspell
John GALLET a écrit :
What happens with the agrave htmlentity ? I mean if the received spam is
htmlentity encoded, or mixes utf-8 accents and ascii-htmlentity ?
SA deals with that for you. Body rules are applied to text that has
already been decoded, so you don't need to take account of html
In a similar vein to the "Nigerian" advance fee fraud, here's a ruleset
for French-language scams, often originating from Côte d'Ivoire.
http://www.tradoc.fr/spamassassin/fraude_fr.cf
All comments welcome.
John.
--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Tr
John GALLET a écrit :
I think I have a newbye simple problem of philosophy/strategy: my
approach, for what it's worth, was that I flag anything that contains
some unsubscribe links and French law reminders because anyway all the
ones I receive are spam, and I add the opt-in mailing/newsletter I
Yet Another Ninja a écrit :
If these are hit rates with a very minimal daily corpus, don't know if
the present ruleset is ready for production unless you have 0 tolerance
for any bulk, period
I'm afraid I must agree. I don't have a confirmed and sorted corpus per
se, but after a single night'
John GALLET a écrit :
Any feedback on the results (not enough in corpus, bad rules, good
rules, etc.) appreciated.
Looking at the rules, I'm worried about false positives on genuine
opt-in advertising. I have a number of users who choose to receive all
kinds of advertising blurb, so I'll run
Matt Kettler wrote:
You can use generic words in trademarks (ie: Windows). However, the fact
that your mark is generic will prevent you from trying to claim
infringement against someone using it in a market outside the one you've
registered the mark for. You can only do that if your mark is consi
Jim Maul wrote:
It is somewhat confusing as if you were to read the documentation, it
says the default is 0.1. However, if you were to download SA and
install it without any modifications, the value that would be used for
this threshold would be -1. Being that devs can release conf changes
w
Andy Spiegl wrote:
But the score for SUBJECT_ENCODED_TWICE is pretty high:
1.723
How does that justify?
No doubt it is "justified" by the fact that the corpora used to
determine SpamAssassin scores don't contain enough non-English-language
content.
You'll almost certainly find that you wa
John D. Hardin wrote:
That looks kinda fragile in the face of multiple TO addresses.
Agreed, though that's not a scenario that I personally see very often.
In any case it was only meant as a simplified example from which the
original poster could build his own rule.
John.
--
-- Over 3000 w
Evan Platt wrote:
At 07:10 AM 3/1/2007, Steven W. Orr wrote:
Sometimes messages get through but something I see that we could maybe
do something about is the full name.
If the message is sent to [EMAIL PROTECTED] and joedoe's fullname is
Joe Doe, then I'd like to get SA to see that
To: Heav
Michael Scheidell wrote:
Maybe extent the regex?
I'm using /\s[+-]\d\d(?!00|30|45)\d\d$/ which seems to be working well
(though so far all the spam it's hit has been scored pretty high by
other rules anyway).
John.
--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
One of my users just received a totally empty message from a friend
(sent as a test message, but unwisely with no subject or body).
This hit EMPTY_MESSAGE and MISSING_SUBJECT for a total of 4.1 points.
Fair enough - I've seen plenty of empty spam (presumably due to buggy
spamware or as trial r
Brian Ipsen wrote:
Recently I've noticed at lot of spammer emails in html format containg
entries like:
perfume
The text/word in the SPAN tags is random Has anyone implemented a rule
to assign a high score for messages, which matches this pattern (with the
"display: none" style) ??
I u
Craig Jackson wrote:
See that return path? The domain ends in .mx
I have rule that checks for that type of domain and gives the email 5
points for it.
Not all Mexicans are spammers, you know :-) Beware of rules like that
which arbitrarily discriminate against foreign countries.
In this case
Jeff Chan wrote:
Is there an SA rule to detect URIs that have ridiculously large
numbers of subdomain levels? If not, perhaps it could be useful
(perhaps even more useful than wildcard DNS). Note that it may
not be feasible to resolve domains found in message body URIs
to even detect wildcards.
Chris Lear wrote:
They're in my header0.cf from sare/rules du jour. And in header.cf with
a lower score as well. Have I got the wrong files?
Methinks you have an old header0.cf that is no longer being updated -
these rules aren't in the current header0 on rulesemporium.com.
And in any case you sh
Chris Lear wrote:
But today I noticed that several e-mails are hitting both
SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251. These are ham, sent from
(one specific address in) Ukraine to a Ukrainian in England, written in
English.
The scoring is such that the e-mail gets a score of 3.333 PLUS 4.0 - so
1 - 100 of 113 matches
Mail list logo