Hello.
From: Arvid Picciani
Subject: Re: SORBS bites the dust
Date: Tue, 23 Jun 2009 22:17:03 +0200
> Should i care to investigate and maybe reject the the entire block? I'm
> pretty new on hunting down sources. All I know is the whois databse
> which is mostly useless for that purpose.
ex.
Hi, all.
From: "Mike Cisar" <[EMAIL PROTECTED]>
Subject: fdf spam
Date: Fri, 10 Aug 2007 09:10:26 -0600
> Has anyone else been seeing the empty-body "PDF" spam, but with a .fdf file
> extension. Had a whole pile in my inbox here this morning.
>
> Cheers,
> > Mike <
Here are 2 rules f
Hello Kenneth-san.
From: Kenneth Porter <[EMAIL PROTECTED]>
Subject: Re: span float obfuscation
Date: Mon, 01 May 2006 07:53:12 -0700
> On Saturday, April 29, 2006 8:28 PM +0900 MATSUDA Yoh-ichi <[EMAIL
> PROTECTED]>
> wrote:
>
> > BTW, I have more rules for c
posting to Bugzilla
(2) directly posting new rules to Bugzilla
From: Kenneth Porter <[EMAIL PROTECTED]>
Subject: Re: span float obfuscation
Date: Fri, 28 Apr 2006 10:05:56 -0700
> On Saturday, April 29, 2006 1:48 AM +0900 MATSUDA Yoh-ichi <[EMAIL
> PROTECTED]>
> wrote:
>
&
Hello, Kenneth-san and all spamassassiners.
From: Kenneth Porter <[EMAIL PROTECTED]>
Subject: span float obfuscation (was: one SPAM)
Date: Fri, 28 Apr 2006 07:52:25 -0700
> On Sunday, April 23, 2006 3:36 PM +0900 MATSUDA Yoh-ichi <[EMAIL PROTECTED]>
> wrote:
>
> >
Hello, Razvan-san.
I searched in my this ML's mailbox for finding "span float" spam,
so I found your mail.
From: Razvan Cosma <[EMAIL PROTECTED]>
Subject: Re: one SPAM
Date: Thu, 20 Apr 2006 15:48:20 +0300
> Hi,
>
> Michael Monnerie wrote:
> > On Donnerstag, 20. April 2006 14:28 Razvan Cosma w
y
> infected by viruses. Comcast is usually fairly good about having RDNS for all
> these.
But, almost all IPs on comcast.net are set FQDNs.
So, comcast.net's IPs are easier to decide whether dynamic IPs or not
than asian ISPs IPs.
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/ (only Japanese)
3}_\d{4}_\w{8}\.\w{8}(\r|\n)Content\-Type:
text\/plain\;(\r|\n)\tcharset=\"Windows-1252\"(\r|\n)Content-Transfer-Encoding:
quoted-printable(\r|\n){2,}/
meta MULTIEMPTY99 MULTIPART_EMPTY && BAYES_99
score MULTIEMPTY99 5.0
meta MULTIEMPTYFUTURE DATE_IN_FUTURE_06_12 && MULTIPART_EMPTY
score MULTIEMPTYFUTURE 3.5
#---
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/ (only Japanese)
(,|\!) \w/
meta IMGONLYHTML2 ___OBSCURED_TEXT1 && ___OBSCURED_TEXT2 && ___HTMLIMG &&
BAYES_99
## --- rule examples ---
There are several types of image only spams.
I wrote two types image spams in a hurry.
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/ (only Japanese)
From: Theo Van Dinter <[EMAIL PROTECTED]>
Subject: Re: MIMEHeader plugin doesn't seem to be working
Date: Thu, 29 Dec 2005 01:30:18 -0500
> On Wed, Dec 28, 2005 at 11:42:26AM +0900, MATSUDA Yoh-ichi wrote:
> > > > [29490] info: config: SpamAssassin failed to parse line
Hello,
From: Theo Van Dinter <[EMAIL PROTECTED]>
Subject: Re: MIMEHeader plugin doesn't seem to be working
Date: Tue, 27 Dec 2005 21:29:02 -0500
> On Wed, Dec 28, 2005 at 11:10:11AM +0900, MATSUDA Yoh-ichi wrote:
> > mimeheader MIMETXTUSASCII Content-Type =~/text/
> >
pping: mimeheader
MIMETXTUSASCII Content-Type =~/text/
WHY?
Why is the simple rule error?
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/ (only Japanese)
-ne 'print if m{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i'
spamdirectory/*
or
$ perl -ne 'print "$ARGV:$_" if m{[\d\.]+ *\$? *(?:[\\/]|per) *d.?o.?s.?e}i'
spamdirectory/*
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/ (only Japanese)
on really high
> >>scores, so the message can then be stoped by postfix at the mta level?
> >>
> >>
>
> --
> Highest Regards,
>
> Rodney Richison
> RCR Computing
> http://www.rcrnet.net
> 118 N. Broadway
> Cleveland, OK 74020
> 918-358-
>
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/ (only Japanese)
From: MATSUDA Yoh-ichi <[EMAIL PROTECTED]>
Subject: Re: Explosion in uk.geocities.com spam
Date: Wed, 12 Oct 2005 09:21:24 +0900 (JST)
> Hello.
(snip)
> I found that the 'uk.geo' spammer uses ISP in China.
> The host IP addresses are changed dynamically, so sometimes w
RI strings in a message body.
We have to strictly detect whether the mail is spam or not.
For doing this, we need more information about the spam.
I found that the 'uk.geo' spammer uses ISP in China.
The host IP addresses are changed dynamically, so sometimes we failed
registering to
TIES 0.5
So, you'll be able to catch the "uk.geocities" spams by META rule.
meta CHINAUKGEO (CHINANET || CRTC) && UKGEOCITIES && BAYES_99
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/ (only Japanese)
seen western language spams hit this rule.
So, I have to reconfigure their scores to 0.1.
Both two rulesets seem to be obsolete, I think.
Regards,
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/ (only Japanese)
From: Matt Kettler <[EMAIL PROTECTED]>
Subject: Re: How to disable AWL in ~/.user_prefs
Date: Thu, 22 Sep 2005 11:59:47 -0400
> MATSUDA Yoh-ichi wrote:
> > Hello, spamassassiners.
> >
> > I have upgraded SA 3.1.0 im my Debian box, using my scamping patch.
> >
&
7;t find out AWL switch in SA's documents.
Is AWL function setting only systemwide /etc/spamassassin/v310.pre ?
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/ (only Japanese)
samplespam_result.txt.gz
Description: Binary data
Hi, all.
From: [EMAIL PROTECTED] (Justin Mason)
Subject: Re: problem of extracting IP string from header (bug?)
Date: Tue, 16 Aug 2005 19:05:19 -0700
> > For example, below header string, SA failed to execute DNSBLs.
> >
> > | Received: from makorsha.biz ([218.64.103.25])by mxg509.nifty.com wi
Hello, spamassassiners.
Nowadays, many people discuss 'uk.geocities.com' redirecting spam.
I also received the many spams, too.
By the way, I found a problem of SpamAssassin's extracting IP string
function.
My SpamAssassin (3.0.4) failed to detect almost of all 'uk.geo' spam's
host IP and execut
BL and Bayesian filter.
--
Nothing but a peace sign.
MATSUDA Yoh-ichi(yoh)
mailto:[EMAIL PROTECTED]
http://www.flcl.org/~yoh/diary/
Matt san, thanks a lot!
Your detailed description made my question clear.
From: Matt Kettler <[EMAIL PROTECTED]>
Subject: Re: AWL questions (faq?)
Date: Tue, 12 Oct 2004 20:22:32 -0400
> At 08:25 AM 10/13/2004 +0900, MATSUDA Yoh-ichi wrote:
> >(1) How to monitor AWL regi
Hello, spamassassinners.
I have some question about AWL, perhaps they're classified in novis class.
If my questions are FAQ, simply give me only pointer to the documents,
please.
(1) How to monitor AWL registered listings?
In my spambox, there are many various scored mail address.
I want
25 matches
Mail list logo
