2010/9/14 Karsten Bräckelmann :
> As for "there's no 'http' in the message" from the OP: SA does detect
> URIs without protocol. A later normalization will add a version with the
> protocol in that case, to help write URI rules -- weather or not the
> spammer uses a protocol, it is always safe to u
On Tue, 2010-09-14 at 15:41 -0700, Richard Doyle wrote:
> On Tue, 2010-09-14 at 17:03 -0400, Glendon Solsberry wrote:
> > Care to show me where? The only place I see it is part of the
> > spamassassin -D call, and I'm not sure where that came from.
>
> Right, that's where it is, presumably derived
On Tue, 2010-09-14 at 17:03 -0400, Glendon Solsberry wrote:
> Care to show me where? The only place I see it is part of the
> spamassassin -D call, and I'm not sure where that came from.
Right, that's where it is, presumably derived from
141641-web1.networldalliance.com.
The rule is:
uri URI_HEX
On 14.09.10 16:46, Glendon Solsberry wrote:
> I have messages that are being flagged via URI_HEX, without having
> *any* 'http' in them. Any help would be greatly appreciated.
>
> Full text of the message:
...
> Received: from 141641-web1.networldalliance.com (unknown [67.192.58.43])
> by f
Hi,
On 14 Sep 2010, at 21:46, Glendon Solsberry wrote:
> I have messages that are being flagged via URI_HEX, without having
> *any* 'http' in them. Any help would be greatly appreciated.
>
> Full text of the message:
Buried in the (vast) body of that are loads of IP addresses and hostnames.
Care to show me where? The only place I see it is part of the
spamassassin -D call, and I'm not sure where that came from.
On Tue, Sep 14, 2010 at 4:54 PM, Richard Doyle
wrote:
> On Tue, 2010-09-14 at 16:46 -0400, Glendon Solsberry wrote:
>> I have messages that are being flagged via URI_HEX, wit
On Tue, 2010-09-14 at 16:46 -0400, Glendon Solsberry wrote:
> I have messages that are being flagged via URI_HEX, without having
> *any* 'http' in them. Any help would be greatly appreciated.
Snippage contains http://141641
