On 2/6/2013 7:41 PM, John Hardin wrote:
On Wed, 6 Feb 2013, John Hardin wrote:
On Wed, 6 Feb 2013, Eliezer Croitoru wrote:
body __HBRW_CHARS/[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
body __TOTAL_CHARS /[\x30-\x39\x41-\x5A\x61-\x7A\x80-\xFF]?/
Eliezer:
Apoligies for not noticing this the
On Wed, 6 Feb 2013, David B Funk wrote:
It's also easier to do an edit s/T_/__/g when you've got things working
to your satisfaction to move from testing to production.
s/ T_/ __/ please! :)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALa
On Wed, 6 Feb 2013, Martin Gregorie wrote:
On Wed, 2013-02-06 at 17:45 +0200, Eliezer Croitoru wrote:
Sorry but I didn't had much time to understand all of the rules syntax.
When developing a meta rule that combines subrules there';s littlew
point in writing descriptions for the subrules. In
On Wed, 6 Feb 2013, John Hardin wrote:
On Wed, 6 Feb 2013, Eliezer Croitoru wrote:
body __HBRW_CHARS/[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
body __TOTAL_CHARS /[\x30-\x39\x41-\x5A\x61-\x7A\x80-\xFF]?/
Eliezer:
Apoligies for not noticing this the first time through: lose the question
ma
On Wed, 6 Feb 2013, Martin Gregorie wrote:
body HSHCH /[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
body HSTCH /[\x30-\x39\x41-\x5A\x61-\x7A\x80-\xFF]?/
Why the question marks? They make the character optional, which in this
case makes the *entire RE* optional, which is a bad idea, esp
On Wed, 2013-02-06 at 17:45 +0200, Eliezer Croitoru wrote:
> Sorry but I didn't had much time to understand all of the rules syntax.
>
When developing a meta rule that combines subrules there';s littlew
point in writing descriptions for the subrules. In addition I find its
helpful to do the initi
>Subrules (those beginning with __) are not scored. Those score lines
have no effect, and should probably be removed to avoid confusion that
they actually *do* have an effect.
this might be the reason.
I will check later.
On 2/6/2013 5:40 PM, John Hardin wrote:
Typo. s/b FROM_FORM. Perhaps
On Wed, 6 Feb 2013, Eliezer Croitoru wrote:
Thanks,
I have checked the suggested rules like this:
header FROM_FORM From =~ /spamadmin\@ngtech.co.il/i
score FROM_FORM -0.1
body __HBRW_ENCODING /charset=\"windows-1255\"/
The fact that the charset= isn't a body part has already been menti
On 2/6/2013 11:04 AM, Wolfgang Zeikat wrote:
In an older episode, on 2013-02-06 09:53, Eliezer Croitoru wrote:
body __HBRW_ENCODING /charset=\"windows-1255\"/
score __HBRW_ENCODING -0.1
I use a rule
mimeheader LOCAL_1251_CHARSETContent-Type =~
/charset=.{0,3}windows-1251/i
IMHO, charset
In an older episode, on 2013-02-06 09:53, Eliezer Croitoru wrote:
body __HBRW_ENCODING /charset=\"windows-1255\"/
score __HBRW_ENCODING -0.1
I use a rule
mimeheader LOCAL_1251_CHARSETContent-Type =~
/charset=.{0,3}windows-1251/i
IMHO, charset is a MIME header, not a part of the message
Thanks,
I have checked the suggested rules like this:
header FROM_FORM From =~ /spamadmin\@ngtech.co.il/i
score FROM_FORM -0.1
body __HBRW_ENCODING /charset=\"windows-1255\"/
score __HBRW_ENCODING -0.1
body __HBRW_CHARS/[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
score __HBRW_CHARS -0.1
tflags
On Sun, 3 Feb 2013, Eliezer Croitoru wrote:
On 2/3/2013 7:23 AM, John Hardin wrote:
body __HBRW_CHARS/[\xc0-\xcb\xcd-\xdb\xdf-\xfb]/
tflags __HBRW_CHARSmultiple
body __TOTAL_CHARS /\S/
tflags __TOTAL_CHARS multiple
meta __HBRW_PCT ((__HBRW_CHARS * 100
On 2/3/2013 7:23 AM, John Hardin wrote:
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
I wrote something in ruby which actually works fine as a starter.
#code start
spam_content = "the long part from the
mail".force_encoding("Windows-1255")
template_hebrew_chars = 270
def hebrew_char(char)
if
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
I wrote something in ruby which actually works fine as a starter.
#code start
spam_content = "the long part from the mail".force_encoding("Windows-1255")
template_hebrew_chars = 270
def hebrew_char(char)
if (223..251).member?(char.unpack("H*")[0].
On 2/2/2013 11:01 PM, John Hardin wrote:
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
Yes I do understand that it's hard.
I worked a bit with perl so I might be able to write something that
will do that if dosn't exists already.
That's probably what it will take.
I will try to explain even m
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
Yes I do understand that it's hard.
I worked a bit with perl so I might be able to write something that will do
that if dosn't exists already.
That's probably what it will take.
I will try to explain even more.
The problem is that I get the mail w
On 2/2/2013 8:58 PM, John Hardin wrote:
That's the difficult part.
It's easy to look for specific strings in the body, or specific things
like the ratio of text to whitespace or text to images, but trying to
*interpret* the text to do something like detect which language it is in
is a *hard* pro
On Sat, 2013-02-02 at 20:23 +0200, Eliezer Croitoru wrote:
> On 2/2/2013 7:39 PM, Martin Gregorie wrote:
> > In that case something like this would work:
> >
> > describe EC_BANNED_ADDRESS Mail from a spamming address
> > header EC_BANNED_ADDRESS From =~ sender@spamming_address
> > scoreEC_BA
On Sat, 2 Feb 2013, Eliezer Croitoru wrote:
I just need to know about a pattern match in the content since it's a form.
There are existing rules to detect fill-in-the-form emails. Are any of the
FILL_FORM family of rules hitting those messages?
If the form text is in hebrew it likely won't;
On 2/2/2013 7:39 PM, Martin Gregorie wrote:
In that case something like this would work:
describe EC_BANNED_ADDRESS Mail from a spamming address
header EC_BANNED_ADDRESS From =~ sender@spamming_address
scoreEC_BANNED_ADDRESS 10.0
There's no point in writing rules against the message body
On Sat, 2013-02-02 at 19:26 +0200, Eliezer Croitoru wrote:
> I have specific mail address which I get messages couple times with a
> basic pattern which I want to block.
>
> I started reading:
> http://wiki.apache.org/spamassassin/WritingRules
>
> And I would be very happy to get some notes and
I have specific mail address which I get messages couple times with a
basic pattern which I want to block.
I started reading:
http://wiki.apache.org/spamassassin/WritingRules
And I would be very happy to get some notes and help about it.
- The mail is from specific mail address.
- The mail bod
On Sat, 9 Oct 2004 15:41:37 -0600 (CST)
Ryan Thompson <[EMAIL PROTECTED]> wrote:
> Robin Lynn Frank wrote to users@spamassassin.apache.org:
>
> > We use SA 3.0.0 with MySQL so we can extract certain AWL data and
> > use it at the MTA level. However, since SA doesn't have an
> > auto-blacklist fe
- Original Message -
From: "Ryan Thompson" <[EMAIL PROTECTED]>
> Robin Lynn Frank wrote to users@spamassassin.apache.org:
>
> > We use SA 3.0.0 with MySQL so we can extract certain AWL data and use
> > it at the MTA level. However, since SA doesn't have an auto-blacklist
> > feature,
>
>
Robin Lynn Frank wrote to users@spamassassin.apache.org:
We use SA 3.0.0 with MySQL so we can extract certain AWL data and use
it at the MTA level. However, since SA doesn't have an auto-blacklist
feature,
Hi Robin,
Actually, "AutoWhiteList" (AWL) is a bit of a misnomer. AWL maintains
average mess
We use SA 3.0.0 with MySQL so we can extract certain AWL data and use it
at the MTA level. However, since SA doesn't have an auto-blacklist
feature, I'd like to find a relatively simple way to extract IP
addresses from emails that contain spam. If it is of any importance, we
invoke SA via amavisd
26 matches
Mail list logo
