2012-06-12 16:36:44 +0100, Martin Gregorie:
> Today I got a piece of spam carrying the URL chasovik.it.gg as its
> payload. I was intrigued because I didn't think .gg was a valid tld and
> looked it up with 'whois'. Sure enough, no match was found. However,
> 'host' resolved it as 80.190.202.40 and
2012-04-02 12:40:27 -0400, Kris Deugau:
> Can anyone point out what bit of stupidity I'm committing in trying
> to use this:
>
> rawbody OVERSIZE_COMMENTm|).{32000,}|s
>
> to match messages that are mostly very very long HTML comment(s)?
>
> Testing the same regex against the whole raw m
2012-03-28 17:37:25 +0200, Axb:
[...]
> >But even if it were, wouldn't that score be a bit excessive?
> >Aren't FH_HELO_EQ_D_D_D_D and HELO_DYNAMIC_IPADDR
> >redundant/overlapping?
>
> FH_HELO_EQ_D_D_D_D will be removed with next sa-update
>
> meanwhile
>
> score FH_HELO_EQ_D_D_D_D 0
[...]
OK.
Hello, we've had a false positive reported for those headers:
Return-Path: <...@northernnetworking.co.uk>
X-Spam-Flag: YES
X-Spam-Score: 3.679
X-Spam-Level: ***
X-Spam-Status: Yes, score=3.679 tagged_above=0 required=3.1
tests=[BAYES_00=-3.599, DYN_RDNS_AND_INLINE_IMAGE=1.168,
FH_H
