On Wed, 4 Dec 2019 12:40:27 -0800
Chris Mulcahy wrote:
> Hi.
>
> I’m relatively new to complex custom rules. I have plenty of simple
> and some multi-condition rules but need something custom.
>
> My approach to using my domain name is bad but I started it in the
> 90s so… I have some sites where
On Wed, 4 Dec 2019 12:40:27 -0800
Chris Mulcahy wrote:
> Hi.
>
> I’m relatively new to complex custom rules. I have plenty of simple
> and some multi-condition rules but need something custom.
>
> My approach to using my domain name is bad but I started it in the
> 90s so… I have some sites whe
On Wed, 2019-12-04 at 14:22 -0800, Chris Mulcahy wrote:
> Actually, I want it to score if there ISN’T a match. If I get an email
> addressed to slashdot@example.com from an address that isn’t from
> slashdot, it’s likely spam.
>
> Currently, I am doing like you mentioned with a bunch of indivi
From: Martin Gregorie
Reply: mar...@gregorie.org
Date: December 4, 2019 at 4:12:22 PM
To: users@spamassassin.apache.org
Subject: Re: Custom rule help
On Wed, 2019-12-04 at 12:40 -0800, Chris Mulcahy wrote:
> I want a rule that scores if “sitename” is not in the From: line. If
> the
On Wed, 2019-12-04 at 12:40 -0800, Chris Mulcahy wrote:
> I want a rule that scores if “sitename” is not in the From: line. If
> they send from i...@sitename.com, I’ll assume it’s legit. If sitename
> does not exist, I’ll tick up the score a bit. I have done this for
> some specific domains but th
Hi.
I’m relatively new to complex custom rules. I have plenty of simple and
some multi-condition rules but need something custom.
My approach to using my domain name is bad but I started it in the 90s so…
I have some sites where I gave them my email address as “
sitename@mydomain.com” so I
On 21.11.19 13:24, Dave Goodrich wrote:
I know I will incur some wrath for this but I have the Mayor breathing down my
neck. We stop nearly all spam now, but some does get through. Mostly it has
been mail from gmail and outlook servers that pass DKIM and SPF.
This morning a large number of mes
On Fri, 2019-11-22 at 13:01 +, RW wrote:
> On Fri, 22 Nov 2019 00:00:53 +
> Martin Gregorie wrote:
>
>
> > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor
> > header __SM1 From:name =~ /^John M Mayor$/
> > header __SM2 From:addr =~ /^john\@cityhall\.com$/
On Fri, 22 Nov 2019 00:00:53 +
Martin Gregorie wrote:
> describe SPOOFED_MAYOR Check for spoofed mail from the Mayor
> header __SM1 From:name =~ /^John M Mayor$/
> header __SM2 From:addr =~ /^john\@cityhall\.com$/
> meta SPOOFED_MAYOR (__SM1 && ! __SM2) || ! _SM1
> sco
Are you using or able to use 3.4.3-rc6 because there is a new feature
for this that you can implement called subjprefix that can mark external
emails with External in the subject. Depends on your usage.
On 11/21/2019 1:24 PM, Dave Goodrich wrote:
> Good day,
>
> I know I will incur some wrath for
On 2019-11-22 01:00, Martin Gregorie wrote:
describe SPOOFED_MAYOR Check for spoofed mail from the Mayor
header __SM1 From:name =~ /^John M Mayor$/
header __SM2 From:addr =~ /^john\@cityhall\.com$/
meta SPOOFED_MAYOR (__SM1 && ! __SM2) || ! _SM1
scoreSPOOFED_MAYOR 5.0
On Thu, 2019-11-21 at 14:22 -0700, Grant Taylor wrote:
> I like the logic.
>
> Unfortunately, you need to be very careful as you start to run into
> all the text permutations / homograph attacks.
>
Fair comment. What you saw was hacked together to show the principle,
but not tested.
Here's a te
On Thu, 2019-11-21 at 14:22 -0700, Grant Taylor wrote:
> On 11/21/19 12:14 PM, Martin Gregorie wrote:
> > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor
> > header __SM1 From:name /display name/
> > header __SM2 From:addr /email address/
> > meta SPOOFED_MAYO
On Thu, 21 Nov 2019 11:12:47 -0800
Alan Hodgson wrote:
> Make sure your real mail streams are authenticated with DKIM and
> you're setup to use the whitelist_from_dkim rule; which I believe
> requires the header added by opendkim on received mail.
It doesn't.
On 11/21/19 12:14 PM, Martin Gregorie wrote:
describe SPOOFED_MAYOR Check for spoofed mail from the Mayor
header __SM1 From:name /display name/
header __SM2 From:addr /email address/
meta SPOOFED_MAYOR
(__VM1 && ! __VM2)
scoreSPOOFED_MAYOR 5.0
I like the logic.
Un
On Thu, 2019-11-21 at 13:24 -0500, Dave Goodrich wrote:
>
> Any thoughts on that or has anyone done something similar?
>
I have a similar rule that spotsfires on From: headers with @ in the
name and a space in the address. I wrote it to spot rather obvious false
senders, but something like the fol
eader added by opendkim on received mail.
whitelist_from_dkim *@yourdomain your_signing_domain
Then you can add a custom rule to add a large score to From =~ /mayor's
name/ and variants , possibly meta'd with FREEMAIL_FROM if you're only
concerned about gmail spoofs.
It'll
Good day,
I know I will incur some wrath for this but I have the Mayor breathing down my
neck. We stop nearly all spam now, but some does get through. Mostly it has
been mail from gmail and outlook servers that pass DKIM and SPF.
This morning a large number of messages appearing to come from th
On 9/15/2019 10:53 PM, Bert Van de Poel wrote:
> Dear fellow Spamassassin users,
>
> I'm contacting you as a member of ULYSSIS. ULYSSIS is a student
> non-profit organisation at the University of Leuven trying to make
> computers and technology more approachable and available to students.
> As pa
Dear fellow Spamassassin users,
I'm contacting you as a member of ULYSSIS. ULYSSIS is a student
non-profit organisation at the University of Leuven trying to make
computers and technology more approachable and available to students. As
part of this objective, we run a hosting service within ou
On 27 Jun 2018, at 22:17, J Doe wrote:
I went back to “man Mail::SpamAssassin::Conf” and can see mention
of the shortcircuit plugin . . . is there more documentation (perhaps
in another man or perldoc), where the shortcircuit keyword is
mentioned ?
perldoc Mail::SpamAssassin::Plugin::Shortci
On 28/06/2018 04:17, J Doe wrote:
I went back to “man Mail::SpamAssassin::Conf” and can see mention of the
shortcircuit plugin . . . is there more documentation (perhaps in another man
or perldoc), where the shortcircuit keyword is mentioned ?
I'd say a good starting point would be
https://
> On Jun 27, 2018, at 6:20 AM, Daniele Duca wrote:
> Hi,
>
> I'd say that a better solution would be to use shortcircuit:
> body __BODY_TEST1 . . .
> body __BODY_TEST2 . . .
> meta CUSTOM_RULE1(__BODY_TEST1 && __BODY_TEST2)
> shortcircuit CUSTOM_RULE1 spam
>
> At least that saves computin
On 27/06/2018 02:15, J Doe wrote:
Hi John,
Ok, good to know.
Is it possible with the SA grammar to have variables ? I was thinking
I’d have something like the following in my: /etc/spamassassin/local.cf
POISON_PILL = 100
Hi,
I'd say that a better solution would be to use shortcircu
if the custom rule ever matches, it
automatically scores the amount required to flag
the message as spam because the score applied is the value of required_score.
That's called a "poison pill rule", and generally you don't worry about hitting
the required score exactly, yo
> On Jun 26, 2018, at 12:13 AM, John Hardin <mailto:jhar...@impsec.org>> wrote:
>
>> Hello,
>>
>> I was wondering if it is possible to assign a score to a custom rule that
>> will evaluate to the value that required_score is set to.
>>
>> My
On Mon, 25 Jun 2018, J Doe wrote:
Hello,
I was wondering if it is possible to assign a score to a custom rule that will
evaluate to the value that required_score is set to.
My thinking here is that if this rule ever passes, it should not add a small
value to the score but push the score up
Hello,
I was wondering if it is possible to assign a score to a custom rule that will
evaluate to the value that required_score is set to.
My thinking here is that if this rule ever passes, it should not add a small
value to the score but push the score up to the value
that required_score is
On Mon, 2 Apr 2018, Pedro David Marco wrote:
Yeah, just confirmed. A non-obfuscated URI in plain-text body part is
recognized and extracted for uri rules.
Thanks John... can you provide any pastebein sample please??...
It's trivially easy to add a URI to the text body part of any test m
>Yeah, just confirmed. A non-obfuscated URI in plain-text body part is
>recognized and extracted for uri rules.
Thanks John... can you provide any pastebein sample please??...
PedroD
On 01/04/18 19:18, John Hardin wrote:
On Sun, 1 Apr 2018, John Hardin wrote:
On Sun, 1 Apr 2018, Matus UHLAR - fantomas wrote:
On 01.04.18 05:47, Pedro David Marco wrote:
This is a problem i see oftenly...
what if the URL is only in the TEXT part and not in the HTML? many
email aplicatio
On Sun, 1 Apr 2018, John Hardin wrote:
On Sun, 1 Apr 2018, Matus UHLAR - fantomas wrote:
On 01.04.18 05:47, Pedro David Marco wrote:
This is a problem i see oftenly...
what if the URL is only in the TEXT part and not in the HTML? many email
aplications show those URLs as clickable as if th
On Sun, 1 Apr 2018, Matus UHLAR - fantomas wrote:
On 01.04.18 05:47, Pedro David Marco wrote:
This is a problem i see oftenly...
what if the URL is only in the TEXT part and not in the HTML? many email
aplications show those URLs as clickable as if they were valid HTML HREFs
when they are n
On 01/04/18 07:10, Matus UHLAR - fantomas wrote:
On 01.04.18 05:47, Pedro David Marco wrote:
This is a problem i see oftenly...
what if the URL is only in the TEXT part and not in the HTML? many
email aplications show those URLs as clickable as if they were valid
HTML HREFs when they are no
2018-04-01 2:47 GMT-03:00 Pedro David Marco :
> This is a problem i see oftenly...
>
> what if the URL is only in the TEXT part and not in the HTML? many email
> aplications show those URLs as clickable as if they were valid HTML HREFs
> when they are not...
>
We have a script that can extract
On 01.04.18 05:47, Pedro David Marco wrote:
This is a problem i see oftenly...
what if the URL is only in the TEXT part and not in the HTML? many email
aplications show those URLs as clickable as if they were valid HTML HREFs when
they are not...
in this case, body rule matches, but uri doe
This is a problem i see oftenly...
what if the URL is only in the TEXT part and not in the HTML? many email
aplications show those URLs as clickable as if they were valid HTML HREFs when
they are not...
-PedroD
On 31/03/18 22:39, John Hardin wrote:
On Sat, 31 Mar 2018, Sebastian Arcus wrote:
I have a really simple rule looking for custom text string contained
in spam urls in the body of the email, like so:
body SHORT_BITCOIN_DATING /specific_string_here/i
score SHORT_BITCOIN_DATING 3
On Sat, 31 Mar 2018, Sebastian Arcus wrote:
I have a really simple rule looking for custom text string contained in spam
urls in the body of the email, like so:
body SHORT_BITCOIN_DATING/specific_string_here/i
score SHORT_BITCOIN_DATING3.0
describe SHORT_BITCOIN_DATINGBod
I have a really simple rule looking for custom text string contained in
spam urls in the body of the email, like so:
body SHORT_BITCOIN_DATING/specific_string_here/i
score SHORT_BITCOIN_DATING3.0
describe SHORT_BITCOIN_DATINGBody URL signature of spam
I just realised that
On 2018-02-23 (02:15 MST), saqariden wrote:
>
> our mailing service is not for external use, So the users are not supposed to
> send or receive B64 encoded mails.
I've never seen anyone *intentionally* sent base64 mails (I mean, people, not
spammers). That is a decision made by the MUA. Sounds
On 22/02/2018 17:48, RW wrote:
On Thu, 22 Feb 2018 10:35:48 -0600 (CST)
David B Funk wrote:
On Thu, 22 Feb 2018, RW wrote:
On Thu, 22 Feb 2018 15:54:45 +0100
saqariden wrote:
Hello guys,
I have the following SA rule which is supposed to block base64
encoded mails:
This may be dangerou
On 2018-02-22 (07:54 MST), saqariden wrote:
>
> I have the following SA rule which is supposed to block base64 encoded mails:
Wow. You are going to block a lot of legitimate email that way.
> bodyEN_BASE64_B/(Content-Transfer-Encoding:
> base64\sContent-Type: text\/(pl
On Thu, 22 Feb 2018 10:35:48 -0600 (CST)
David B Funk wrote:
> On Thu, 22 Feb 2018, RW wrote:
>
> > On Thu, 22 Feb 2018 15:54:45 +0100
> > saqariden wrote:
> >
> >> Hello guys,
> >>
> >> I have the following SA rule which is supposed to block base64
> >> encoded mails:
> >
> > This may be dan
On Thu, 22 Feb 2018, RW wrote:
On Thu, 22 Feb 2018 15:54:45 +0100
saqariden wrote:
Hello guys,
I have the following SA rule which is supposed to block base64
encoded mails:
This may be dangerous. If someone doesn't wish to use 8bit text then
base64 encoding of UTF-8 is a sensible choice; Q
On Thu, 22 Feb 2018 15:54:45 +0100
saqariden wrote:
> Hello guys,
>
> I have the following SA rule which is supposed to block base64
> encoded mails:
This may be dangerous. If someone doesn't wish to use 8bit text then
base64 encoding of UTF-8 is a sensible choice; QP is very inefficient
unless
Hello guys,
I have the following SA rule which is supposed to block base64 encoded
mails:
bodyEN_BASE64_B/(Content-Transfer-Encoding:
base64\sContent-Type: text\/(plain|html);
charset="?utf-8"?)|(Content-Type: text\/(plain|html);
charset="?utf-8"?\sContent-Transfer-
On 2/20/2017 6:54 AM, aquilinux wrote:
Hi all, i noticed that a custom rule i created (in
/etc/spamassassin/local.cf <http://local.cf>) is not applied in the
regular postfix + spamassassin flow but it is when i pipe the mail to
spamc or spamassassin.
1) normal flow with postfix
spamas
Hi all, i noticed that a custom rule i created (in /etc/spamassassin/
local.cf) is not applied in the regular postfix + spamassassin flow but it
is when i pipe the mail to spamc or spamassassin.
1) normal flow with postfix
spamassassinunix- n n - 30 pipe
On 1/31/2017 3:22 PM, Zinski, Steve wrote:
Sorry for the trouble, everyone… I had been forwarding the spam through my
personal IMAP account (to test my rule) which was apparently blocking it. I
forwarded it using my gmail account and my new rule fired. I feel like an idiot.
Steve
I suggest yo
On 1/31/2017 3:22 PM, Zinski, Steve wrote:
Sorry for the trouble, everyone… I had been forwarding the spam through my
personal IMAP account (to test my rule) which was apparently blocking it. I
forwarded it using my gmail account and my new rule fired. I feel like an idiot.
No worries. Rookie
y rule __BUGGED_IMG
==> got hit: "http://trc.spam_domain_redacted.com/redirect.php?email=re";
> On 1/31/17, 11:36 AM, "John Hardin" wrote:
>
>On Tue, 31 Jan 2017, Zinski, Steve wrote:
>
>> I’m trying to write a custom rule to block
On Tue, 2017-01-31 at 11:53 -0800, John Hardin wrote:
> On Tue, 31 Jan 2017, Zinski, Steve wrote:
>
> > Here’s the “view source” of the message in question.
> >
> > http://pastebin.com/AnwkAf9t
> >
> > Again, it’s line 88 that I’m trying to match.
>
> ...let's try this again...
>
> A uri rule hi
=re";
On 1/31/17, 11:36 AM, "John Hardin" wrote:
On Tue, 31 Jan 2017, Zinski, Steve wrote:
> I’m trying to write a custom rule to block a certain type of spam. When I
view the message source, the very last lines of the spam look like this:
>
>
> h
Here’s the “view source” of the message in question.
http://pastebin.com/AnwkAf9t
Again, it’s line 88 that I’m trying to match.
Thanks.
On 1/31/17, 11:36 AM, "John Hardin" wrote:
On Tue, 31 Jan 2017, Zinski, Steve wrote:
> I’m trying to write a custom rule to bl
On Tue, 31 Jan 2017, Zinski, Steve wrote:
I’m trying to write a custom rule to block a certain type of spam. When I view
the message source, the very last lines of the spam look like this:
http://trc.spammersdomain.com/redirect.php?email=redac...@richmond.edu";>
Every single r
On 1/31/2017 10:45 AM, Zinski, Steve wrote:
Hello, I have a problem that I hope someone can help me with.
I’m trying to write a custom rule to block a certain type of spam.
When I view the message source, the very last lines of the spam look
like this:
src="http://trc.spammersdomai
Hello, I have a problem that I hope someone can help me with.
I’m trying to write a custom rule to block a certain type of spam. When I view
the message source, the very last lines of the spam look like this:
http://trc.spammersdomain.com/redirect.php?email=redac...@richmond.edu";>
On Tuesday 31 January 2017 at 16:45:34, Zinski, Steve wrote:
> Hello, I have a problem that I hope someone can help me with.
>
> I’m trying to write a custom rule to block a certain type of spam. When I
> view the message source, the very last lines of the spam look like this:
On 24/10/16 16:46, John Hardin wrote:
Paul:
I haven't looked at the plugin myself yet, but here's a suggestion:
have a mode where you can mark a RE as capturing a numeric value, and
the rule's hit value is the value that the RE captured. This would
(for example) let the AWL/TXREP mean be capt
On 24/10/16 16:46, John Hardin wrote:
Paul:
I haven't looked at the plugin myself yet, but here's a suggestion:
have a mode where you can mark a RE as capturing a numeric value, and
the rule's hit value is the value that the RE captured. This would
(for example) let the AWL/TXREP mean be captu
On Mon, 24 Oct 2016, SimpleRezo wrote:
So, to the OP: try the tagmatch plugin to look at where _AWLMEAN_ is
(e.g.) <= -1 and _AWLCOUNT_ is greater than (e.g.) 10 and that may get you
what you want for a meta to use with the rules you want to control.
Thank you Paul & John, it looks like I will
065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123131.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Fri, 21 Oct 2016, Paul Stead wrote:
On 21/10/16 18:40, Paul Stead wrote:
On 21/10/16 16:22, John Hardin wrote:
> I was going to say: you can't write a rule based on the *current* AWL
> adjustment because that's calculated after all the rules have hit. But
> SA *could* potentially have a
On 21/10/16 18:40, Paul Stead wrote:
On 21/10/16 16:22, John Hardin wrote:
I was going to say: you can't write a rule based on the *current* AWL
adjustment because that's calculated after all the rules have hit. But
SA *could* potentially have a rule that checks the current historical
average
On 21/10/16 18:53, Paul Stead wrote:
tagmatch TAGMATCH_TXREP_IP_LOWSCORE _TXREP_IP_MEAN_
/^\-[0-9]{2,}(?:\.[0-9]+)?$/
describe TAGMATCH_TXREP_IP_LOWSCORE TxRep mean score quite low
scoreTAGMATCH_TXREP_IP_HIGHSCORE -0.1
Also - typo on score rulename!
--
Paul Stead
Systems Engineer
Zen Inte
On 21/10/16 18:40, Paul Stead wrote:
A plugin I've developed could be handy here:
https://github.com/fmbla/spamassassin-tagmatch
tagmatch TAGMATCH_TXREP_IP_HIGHSCORE _TXREP_IP_MEAN_
/^[1-9][0-9]+(?:\.[0-9]+)?$/
describe TAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large
scoreTAGMATCH
On 21/10/16 16:22, John Hardin wrote:
I was going to say: you can't write a rule based on the *current* AWL
adjustment because that's calculated after all the rules have hit. But
SA *could* potentially have a rule that checks the current historical
average that AWL uses...
I suggest you file a N
On Fri, 21 Oct 2016, Axb wrote:
On 10/21/2016 04:43 PM, Bill Cole wrote:
The blocker to that approach has already been stated: they have no
mechanism for users to add their contacts to the SA static whitelist.
Imo, this you'd normally do at MTA and/or glue level to bypass expensive SA
cont
On Fri, 21 Oct 2016, Kevin Golding wrote:
On Fri, 21 Oct 2016 11:48:41 +0100, simplerezo wrote:
> very unknown users can't by definition hit AWL.
That's why my wanted rule is score(AWL) > -1 : all users that have not yet
send enough not-spam mails can not, for example, send me invoices as zi
On 10/21/2016 04:43 PM, Bill Cole wrote:
The blocker to that approach has already been stated: they have no
mechanism for users to add their contacts to the SA static whitelist.
Imo, this you'd normally do at MTA and/or glue level to bypass expensive
SA content scanning and save time & cycles.
On 20 Oct 2016, at 12:14, Ian Zimmerman wrote:
Whitelisted senders get a _huge_ bonus (I think it's 100 points by
default, maybe customizable), so they won't be affected if you do it
right.
The blocker to that approach has already been stated: they have no
mechanism for users to add their con
On 10/21/2016 6:48 AM, simplerezo wrote:
it also helps frequent spammers known to spam to prevent false negative.
Absolutely.
very unknown users can't by definition hit AWL.
That's why my wanted rule is score(AWL) > -1 : all users that have not yet
send enough not-spam mails can not, for exam
On Fri, 21 Oct 2016 11:48:41 +0100, simplerezo
wrote:
very unknown users can't by definition hit AWL.
That's why my wanted rule is score(AWL) > -1 : all users that have not
yet
send enough not-spam mails can not, for example, send me invoices as zip
attachment (yes, there is some big com
On 20/10/16 17:44, Nicola Piazzi wrote:
Why not try my powerful plugin to reduce score of known users ?
Is based on people that answer to us and in my case, after 3 week of learning,
it HIT 70% of incoming messages that are absolutely ham
Looks really interesting. How it behaves in ipv6 environ
On Fri, 21 Oct 2016 03:48:41 -0700 (MST)
simplerezo wrote:
> > it also helps frequent spammers known to spam to prevent false
> > negative.
>
> Absolutely.
>
> > very unknown users can't by definition hit AWL.
>
> That's why my wanted rule is score(AWL) > -1 : all users that have
> not yet
- this requires my users to configure this, and most of them are already
finding IT too much complicated :)
--
Clement
SimpleRezo
http://www.simplerezo.com/
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123102.html
Sent
On 20.10.16 08:34, simplerezo wrote:
My understanding is that AWL is helping frequent senders who are known to not
send spam to "reduce" their spam score, preventing false positive.
it also helps frequent spammers known to spam to prevent false negative.
That's
exactly what I want to rely on
On Thu, 20 Oct 2016, Bowie Bailey wrote:
On 10/20/2016 12:55 PM, David B Funk wrote:
On Thu, 20 Oct 2016, John Hardin wrote:
> On Thu, 20 Oct 2016, Ian Zimmerman wrote:
>
> > On 2016-10-20 08:34, simplerezo wrote:
> >
> > > My understanding is that AWL is helping frequent senders who are
On 10/20/2016 12:55 PM, David B Funk wrote:
On Thu, 20 Oct 2016, John Hardin wrote:
On Thu, 20 Oct 2016, Ian Zimmerman wrote:
On 2016-10-20 08:34, simplerezo wrote:
My understanding is that AWL is helping frequent senders who are known
to not send spam to "reduce" their spam score, preventi
On 10/20/2016 06:44 PM, Nicola Piazzi wrote:
Why not try my powerful plugin to reduce score of known users ? Is
based on people that answer to us and in my case, after 3 week of
learning, it HIT 70% of incoming messages that are absolutely ham
http://saplugin.16mb.com/
If you mean your OW plu
On Thu, 20 Oct 2016, John Hardin wrote:
On Thu, 20 Oct 2016, Ian Zimmerman wrote:
On 2016-10-20 08:34, simplerezo wrote:
My understanding is that AWL is helping frequent senders who are known
to not send spam to "reduce" their spam score, preventing false
positive. That's exactly what I want
Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-Messaggio originale-
Da: John Hardin [mailto:jhar...@impsec.org]
Inviato: giovedì 20 ottobre 2016 18:36
A: users@spamassassin.apache.org
Oggetto: Re: Custom rule based on AWL score
On Thu, 20 Oct
On Thu, 20 Oct 2016, Ian Zimmerman wrote:
On 2016-10-20 08:34, simplerezo wrote:
My understanding is that AWL is helping frequent senders who are known
to not send spam to "reduce" their spam score, preventing false
positive. That's exactly what I want to rely on for my rules: adding
score for
On Thu, 20 Oct 2016 08:34:04 -0700 (MST)
simplerezo wrote:
> My understanding is that AWL is helping frequent senders who are
> known to not send spam to "reduce" their spam score, preventing false
> positive.
Which is why I pointed you towards a short paragraph that describes
what it actually do
On 2016-10-20 08:34, simplerezo wrote:
> My understanding is that AWL is helping frequent senders who are known
> to not send spam to "reduce" their spam score, preventing false
> positive. That's exactly what I want to rely on for my rules: adding
> score for mail with "invoice" pretention and an
or very unknown users (or
spammers).
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123091.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Thu, 20 Oct 2016 08:01:17 -0700 (MST)
simplerezo wrote:
> Because our users cannot easyly add all theirs contacts to whitelist.
>
> AWL is a great feature, and it's working well: so it would be nice
> for us to put some restrictives rules only active for "unknown" users
> (example: "invoices"
ext:
http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087p123089.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Thu, 20 Oct 2016 03:55:29 -0700 (MST)
simplerezo wrote:
> Hi,
>
> Is it possible to write rule based on AWL score?
No
> We have some customs rules that we don't want to enable for
> "well-known" contacts...
Why not just whitelist them?
_AWL -0.01
But it does not seems to work...
--
View this message in context:
http://spamassassin.1065346.n5.nabble.com/Custom-rule-based-on-AWL-score-tp123087.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
On Mon, 11 Jan 2016 10:17:21 +0100
Melters, Fabian wrote:
> Hi,
>
> is it possible to create custom rules based in the score of other
> rule(s)?
>
> for example:
>TEST1 finished with a score of 1.24, TEST2 finished with a score
> of 0.8.
>Now we create a meta test which is only matching
Am 11.01.2016 um 10:17 schrieb Melters, Fabian:
Hi,
is it possible to create custom rules based in the score of other rule(s)?
for example:
TEST1 finished with a score of 1.24, TEST2 finished with a score of 0.8.
Now we create a meta test which is only matching if TEST1+TEST2>2.0
and
On 01/11/2016 10:17 AM, Melters, Fabian wrote:
Hi,
is it possible to create custom rules based in the score of other rule(s)?
for example:
TEST1 finished with a score of 1.24, TEST2 finished with a score of 0.8.
Now we create a meta test which is only matching if TEST1+TEST2>2.0
and th
Hi,
is it possible to create custom rules based in the score of other
rule(s)?
for example:
TEST1 finished with a score of 1.24, TEST2 finished with a score of
0.8.
Now we create a meta test which is only matching if TEST1+TEST2>2.0
and then gives additional 2 Points.
thanks in advanc
Hi,
many thanks for your feedback. This is to confirm the following rule seems to
work:
header French_Spam10 ALL =~ / e\d{1,2}\.\S+\.fr /i
score French_Spam10 3.5
Many thanks for all those that supported me in the troubleshooting process.
Best regards
Sebastian
> Am 02.01.2016 um 15:11 schrie
On Sat, 2 Jan 2016, Bill Cole wrote:
On 2 Jan 2016, at 9:11, RW wrote:
1. \d{1,2}+ doesn't make any sense, you need either {1,2} or +
It's a bit esoteric, but here's what the perlre man page says:
{n,m}+ Match at least n but not more than m times and give nothing
back
Put anoth
On 2 Jan 2016, at 9:11, RW wrote:
1. \d{1,2}+ doesn't make any sense, you need either {1,2} or +
It's a bit esoteric, but here's what the perlre man page says:
{n,m}+ Match at least n but not more than m times and give
nothing back
Put another way: possessive but not greedy. In
On Fri, 1 Jan 2016 19:37:26 +0100
Sebastian Wolfgarten wrote:
> Dear all,
>
> I wish you and your families a happy, prosperous and healthy year
> 2016!
>
> As for me, I am spending the first day of the new year battling with
> some custom SA rule that seems to be ignored:
>
> header FR_Spam2 Re
Dear Kevin,
many thanks for your quick response. Unfortunately, there is no output
generated except for a warning message that I have no description defined for
my custom rule:
# spamassassin -tD < ./test\:2\,Sdj 2>&1 | grep -i FR_Spam2
Jan 1 20:08:56.590 [60105] dbg: config: w
1 - 100 of 302 matches
Mail list logo
