Re: Custom rule help

On Wed, 4 Dec 2019 12:40:27 -0800 Chris Mulcahy wrote: > Hi. > > I’m relatively new to complex custom rules. I have plenty of simple > and some multi-condition rules but need something custom. > > My approach to using my domain name is bad but I started it in the > 90s so… I have some sites where

Re: Custom rule help

On Wed, 4 Dec 2019 12:40:27 -0800 Chris Mulcahy wrote: > Hi. > > I’m relatively new to complex custom rules. I have plenty of simple > and some multi-condition rules but need something custom. > > My approach to using my domain name is bad but I started it in the > 90s so… I have some sites whe

Re: Custom rule help

On Wed, 2019-12-04 at 14:22 -0800, Chris Mulcahy wrote: > Actually, I want it to score if there ISN’T a match. If I get an email > addressed to slashdot@example.com from an address that isn’t from > slashdot, it’s likely spam. > > Currently, I am doing like you mentioned with a bunch of indivi

Re: Custom rule help

From: Martin Gregorie Reply: mar...@gregorie.org Date: December 4, 2019 at 4:12:22 PM To: users@spamassassin.apache.org Subject: Re: Custom rule help On Wed, 2019-12-04 at 12:40 -0800, Chris Mulcahy wrote: > I want a rule that scores if “sitename” is not in the From: line. If > the

Re: Custom rule help

On Wed, 2019-12-04 at 12:40 -0800, Chris Mulcahy wrote: > I want a rule that scores if “sitename” is not in the From: line. If > they send from i...@sitename.com, I’ll assume it’s legit. If sitename > does not exist, I’ll tick up the score a bit. I have done this for > some specific domains but th

Re: Custom rule to please the Mayor

On 21.11.19 13:24, Dave Goodrich wrote: I know I will incur some wrath for this but I have the Mayor breathing down my neck. We stop nearly all spam now, but some does get through. Mostly it has been mail from gmail and outlook servers that pass DKIM and SPF. This morning a large number of mes

Re: Custom rule to please the Mayor

On Fri, 2019-11-22 at 13:01 +, RW wrote: > On Fri, 22 Nov 2019 00:00:53 + > Martin Gregorie wrote: > > > > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor > > header __SM1 From:name =~ /^John M Mayor$/ > > header __SM2 From:addr =~ /^john\@cityhall\.com$/

Re: Custom rule to please the Mayor

On Fri, 22 Nov 2019 00:00:53 + Martin Gregorie wrote: > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor > header __SM1 From:name =~ /^John M Mayor$/ > header __SM2 From:addr =~ /^john\@cityhall\.com$/ > meta SPOOFED_MAYOR (__SM1 && ! __SM2) || ! _SM1 > sco

Re: Custom rule to please the Mayor

Are you using or able to use 3.4.3-rc6 because there is a new feature for this that you can implement called subjprefix that can mark external emails with External in the subject.  Depends on your usage. On 11/21/2019 1:24 PM, Dave Goodrich wrote: > Good day, > > I know I will incur some wrath for

Re: Custom rule to please the Mayor

On 2019-11-22 01:00, Martin Gregorie wrote: describe SPOOFED_MAYOR Check for spoofed mail from the Mayor header __SM1 From:name =~ /^John M Mayor$/ header __SM2 From:addr =~ /^john\@cityhall\.com$/ meta SPOOFED_MAYOR (__SM1 && ! __SM2) || ! _SM1 scoreSPOOFED_MAYOR 5.0

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 14:22 -0700, Grant Taylor wrote: > I like the logic. > > Unfortunately, you need to be very careful as you start to run into > all the text permutations / homograph attacks. > Fair comment. What you saw was hacked together to show the principle, but not tested. Here's a te

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 14:22 -0700, Grant Taylor wrote: > On 11/21/19 12:14 PM, Martin Gregorie wrote: > > describe SPOOFED_MAYOR Check for spoofed mail from the Mayor > > header __SM1 From:name /display name/ > > header __SM2 From:addr /email address/ > > meta SPOOFED_MAYO

Re: Custom rule to please the Mayor

On Thu, 21 Nov 2019 11:12:47 -0800 Alan Hodgson wrote: > Make sure your real mail streams are authenticated with DKIM and > you're setup to use the whitelist_from_dkim rule; which I believe > requires the header added by opendkim on received mail. It doesn't.

Re: Custom rule to please the Mayor

On 11/21/19 12:14 PM, Martin Gregorie wrote: describe SPOOFED_MAYOR Check for spoofed mail from the Mayor header __SM1 From:name /display name/ header __SM2 From:addr /email address/ meta SPOOFED_MAYOR (__VM1 && ! __VM2) scoreSPOOFED_MAYOR 5.0 I like the logic. Un

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 13:24 -0500, Dave Goodrich wrote: > > Any thoughts on that or has anyone done something similar? > I have a similar rule that spotsfires on From: headers with @ in the name and a space in the address. I wrote it to spot rather obvious false senders, but something like the fol

Re: Custom rule to please the Mayor

On Thu, 2019-11-21 at 13:24 -0500, Dave Goodrich wrote: > Good day, > I know I will incur some wrath for this but I have the Mayor breathing > down my neck. We stop nearly all spam now, but some does get through. > Mostly it has been mail from gmail and outlook servers that pass DKIM > and SPF. > T

Re: Custom rule aware of occurrences

On 9/15/2019 10:53 PM, Bert Van de Poel wrote: > Dear fellow Spamassassin users, > > I'm contacting you as a member of ULYSSIS. ULYSSIS is a student > non-profit organisation at the University of Leuven trying to make > computers and technology more approachable and available to students. > As pa

Re: Custom rule don't match without empty line before the string!

On 2018-02-23 (02:15 MST), saqariden wrote: > > our mailing service is not for external use, So the users are not supposed to > send or receive B64 encoded mails. I've never seen anyone *intentionally* sent base64 mails (I mean, people, not spammers). That is a decision made by the MUA. Sounds

Re: Custom rule don't match without empty line before the string!

On 22/02/2018 17:48, RW wrote: On Thu, 22 Feb 2018 10:35:48 -0600 (CST) David B Funk wrote: On Thu, 22 Feb 2018, RW wrote: On Thu, 22 Feb 2018 15:54:45 +0100 saqariden wrote: Hello guys, I have the following SA rule which is supposed to block base64 encoded mails: This may be dangerou

Re: Custom rule don't match without empty line before the string!

On 2018-02-22 (07:54 MST), saqariden wrote: > > I have the following SA rule which is supposed to block base64 encoded mails: Wow. You are going to block a lot of legitimate email that way. > bodyEN_BASE64_B/(Content-Transfer-Encoding: > base64\sContent-Type: text\/(pl

Re: Custom rule don't match without empty line before the string!

On Thu, 22 Feb 2018 10:35:48 -0600 (CST) David B Funk wrote: > On Thu, 22 Feb 2018, RW wrote: > > > On Thu, 22 Feb 2018 15:54:45 +0100 > > saqariden wrote: > > > >> Hello guys, > >> > >> I have the following SA rule which is supposed to block base64 > >> encoded mails: > > > > This may be dan

Re: Custom rule don't match without empty line before the string!

On Thu, 22 Feb 2018, RW wrote: On Thu, 22 Feb 2018 15:54:45 +0100 saqariden wrote: Hello guys, I have the following SA rule which is supposed to block base64 encoded mails: This may be dangerous. If someone doesn't wish to use 8bit text then base64 encoding of UTF-8 is a sensible choice; Q

Re: Custom rule don't match without empty line before the string!

On Thu, 22 Feb 2018 15:54:45 +0100 saqariden wrote: > Hello guys, > > I have the following SA rule which is supposed to block base64 > encoded mails: This may be dangerous. If someone doesn't wish to use 8bit text then base64 encoding of UTF-8 is a sensible choice; QP is very inefficient unless

Re: Custom rule not applied when running Postfix + SA

On 2/20/2017 6:54 AM, aquilinux wrote: Hi all, i noticed that a custom rule i created (in /etc/spamassassin/local.cf ) is not applied in the regular postfix + spamassassin flow but it is when i pipe the mail to spamc or spamassassin. 1) normal flow with postfix spamassassin

Re: Custom rule problem

On 1/31/2017 3:22 PM, Zinski, Steve wrote: Sorry for the trouble, everyone… I had been forwarding the spam through my personal IMAP account (to test my rule) which was apparently blocking it. I forwarded it using my gmail account and my new rule fired. I feel like an idiot. Steve I suggest yo

Re: Custom rule problem

On 1/31/2017 3:22 PM, Zinski, Steve wrote: Sorry for the trouble, everyone… I had been forwarding the spam through my personal IMAP account (to test my rule) which was apparently blocking it. I forwarded it using my gmail account and my new rule fired. I feel like an idiot. No worries. Rookie

Re: Custom rule problem

Sorry for the trouble, everyone… I had been forwarding the spam through my personal IMAP account (to test my rule) which was apparently blocking it. I forwarded it using my gmail account and my new rule fired. I feel like an idiot. Steve On 1/31/17, 2:53 PM, "John Hardin" wrote: On Tue,

Re: Custom rule problem

On Tue, 2017-01-31 at 11:53 -0800, John Hardin wrote: > On Tue, 31 Jan 2017, Zinski, Steve wrote: > > > Here’s the “view source” of the message in question. > > > > http://pastebin.com/AnwkAf9t > > > > Again, it’s line 88 that I’m trying to match. > > ...let's try this again... > > A uri rule hi

Re: Custom rule problem

On Tue, 31 Jan 2017, Zinski, Steve wrote: Here’s the “view source” of the message in question. http://pastebin.com/AnwkAf9t Again, it’s line 88 that I’m trying to match. ...let's try this again... A uri rule hits that here: Jan 31 09:21:07.423 [21842] dbg: rules: ran uri rule __ALL_URI ===

Re: Custom rule problem

Here’s the “view source” of the message in question. http://pastebin.com/AnwkAf9t Again, it’s line 88 that I’m trying to match. Thanks. On 1/31/17, 11:36 AM, "John Hardin" wrote: On Tue, 31 Jan 2017, Zinski, Steve wrote: > I’m trying to write a custom rule to block a certain t

Re: Custom rule problem

On Tue, 31 Jan 2017, Zinski, Steve wrote: I’m trying to write a custom rule to block a certain type of spam. When I view the message source, the very last lines of the spam look like this: http://trc.spammersdomain.com/redirect.php?email=redac...@richmond.edu";> Every single rule that I’ve

Re: Custom rule problem

On 1/31/2017 10:45 AM, Zinski, Steve wrote: Hello, I have a problem that I hope someone can help me with. I’m trying to write a custom rule to block a certain type of spam. When I view the message source, the very last lines of the spam look like this: src="http://trc.spammersdomain.com/r

Re: Custom rule problem

On Tuesday 31 January 2017 at 16:45:34, Zinski, Steve wrote: > Hello, I have a problem that I hope someone can help me with. > > I’m trying to write a custom rule to block a certain type of spam. When I > view the message source, the very last lines of the spam look like this: How are you seeing

Re: Custom rule based on AWL score

On 24/10/16 16:46, John Hardin wrote: Paul: I haven't looked at the plugin myself yet, but here's a suggestion: have a mode where you can mark a RE as capturing a numeric value, and the rule's hit value is the value that the RE captured. This would (for example) let the AWL/TXREP mean be capt

Re: Custom rule based on AWL score

On 24/10/16 16:46, John Hardin wrote: Paul: I haven't looked at the plugin myself yet, but here's a suggestion: have a mode where you can mark a RE as capturing a numeric value, and the rule's hit value is the value that the RE captured. This would (for example) let the AWL/TXREP mean be captu

Re: Custom rule based on AWL score

On Mon, 24 Oct 2016, SimpleRezo wrote: So, to the OP: try the tagmatch plugin to look at where _AWLMEAN_ is (e.g.) <= -1 and _AWLCOUNT_ is greater than (e.g.) 10 and that may get you what you want for a meta to use with the rules you want to control. Thank you Paul & John, it looks like I will

Re: Custom rule based on AWL score

>So, to the OP: try the tagmatch plugin to look at where _AWLMEAN_ is >(e.g.) <= -1 and _AWLCOUNT_ is greater than (e.g.) 10 and that may get you >what you want for a meta to use with the rules you want to control. Thank you Paul & John, it looks like I will be able to achieve what I want with t

Re: Custom rule based on AWL score

On Fri, 21 Oct 2016, Paul Stead wrote: On 21/10/16 18:40, Paul Stead wrote: On 21/10/16 16:22, John Hardin wrote: > I was going to say: you can't write a rule based on the *current* AWL > adjustment because that's calculated after all the rules have hit. But > SA *could* potentially have a

Re: Custom rule based on AWL score

On 21/10/16 18:40, Paul Stead wrote: On 21/10/16 16:22, John Hardin wrote: I was going to say: you can't write a rule based on the *current* AWL adjustment because that's calculated after all the rules have hit. But SA *could* potentially have a rule that checks the current historical average

Re: Custom rule based on AWL score

On 21/10/16 18:53, Paul Stead wrote: tagmatch TAGMATCH_TXREP_IP_LOWSCORE _TXREP_IP_MEAN_ /^\-[0-9]{2,}(?:\.[0-9]+)?$/ describe TAGMATCH_TXREP_IP_LOWSCORE TxRep mean score quite low scoreTAGMATCH_TXREP_IP_HIGHSCORE -0.1 Also - typo on score rulename! -- Paul Stead Systems Engineer Zen Inte

Re: Custom rule based on AWL score

On 21/10/16 18:40, Paul Stead wrote: A plugin I've developed could be handy here: https://github.com/fmbla/spamassassin-tagmatch tagmatch TAGMATCH_TXREP_IP_HIGHSCORE _TXREP_IP_MEAN_ /^[1-9][0-9]+(?:\.[0-9]+)?$/ describe TAGMATCH_TXREP_IP_HIGHSCORE TXRep mean score quite large scoreTAGMATCH

Re: Custom rule based on AWL score

On 21/10/16 16:22, John Hardin wrote: I was going to say: you can't write a rule based on the *current* AWL adjustment because that's calculated after all the rules have hit. But SA *could* potentially have a rule that checks the current historical average that AWL uses... I suggest you file a N

Re: Custom rule based on AWL score

On Fri, 21 Oct 2016, Axb wrote: On 10/21/2016 04:43 PM, Bill Cole wrote: The blocker to that approach has already been stated: they have no mechanism for users to add their contacts to the SA static whitelist. Imo, this you'd normally do at MTA and/or glue level to bypass expensive SA cont

Re: Custom rule based on AWL score

On Fri, 21 Oct 2016, Kevin Golding wrote: On Fri, 21 Oct 2016 11:48:41 +0100, simplerezo wrote: > very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for example, send me invoices as zi

Re: Custom rule based on AWL score

On 10/21/2016 04:43 PM, Bill Cole wrote: The blocker to that approach has already been stated: they have no mechanism for users to add their contacts to the SA static whitelist. Imo, this you'd normally do at MTA and/or glue level to bypass expensive SA content scanning and save time & cycles.

Re: Custom rule based on AWL score

On 20 Oct 2016, at 12:14, Ian Zimmerman wrote: Whitelisted senders get a _huge_ bonus (I think it's 100 points by default, maybe customizable), so they won't be affected if you do it right. The blocker to that approach has already been stated: they have no mechanism for users to add their con

Re: Custom rule based on AWL score

On 10/21/2016 6:48 AM, simplerezo wrote: it also helps frequent spammers known to spam to prevent false negative. Absolutely. very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for exam

Re: Custom rule based on AWL score

On Fri, 21 Oct 2016 11:48:41 +0100, simplerezo wrote: very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for example, send me invoices as zip attachment (yes, there is some big com

Re: Custom rule based on AWL score

On Fri, 21 Oct 2016 03:48:41 -0700 (MST) simplerezo wrote: > > it also helps frequent spammers known to spam to prevent false > > negative. > > Absolutely. > > > very unknown users can't by definition hit AWL. > > That's why my wanted rule is score(AWL) > -1 : all users that have > not yet

Re: Custom rule based on AWL score

> it also helps frequent spammers known to spam to prevent false negative. Absolutely. > very unknown users can't by definition hit AWL. That's why my wanted rule is score(AWL) > -1 : all users that have not yet send enough not-spam mails can not, for example, send me invoices as zip attachment

Re: Custom rule based on AWL score

On 20.10.16 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. it also helps frequent spammers known to spam to prevent false negative. That's exactly what I want to rely on

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016, Bowie Bailey wrote: On 10/20/2016 12:55 PM, David B Funk wrote: On Thu, 20 Oct 2016, John Hardin wrote: > On Thu, 20 Oct 2016, Ian Zimmerman wrote: > > > On 2016-10-20 08:34, simplerezo wrote: > > > > > My understanding is that AWL is helping frequent senders who are

Re: Custom rule based on AWL score

On 10/20/2016 12:55 PM, David B Funk wrote: On Thu, 20 Oct 2016, John Hardin wrote: On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventi

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016, John Hardin wrote: On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. That's exactly what I want

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016, Ian Zimmerman wrote: On 2016-10-20 08:34, simplerezo wrote: My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. That's exactly what I want to rely on for my rules: adding score for

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016 08:34:04 -0700 (MST) simplerezo wrote: > My understanding is that AWL is helping frequent senders who are > known to not send spam to "reduce" their spam score, preventing false > positive. Which is why I pointed you towards a short paragraph that describes what it actually do

Re: Custom rule based on AWL score

On 2016-10-20 08:34, simplerezo wrote: > My understanding is that AWL is helping frequent senders who are known > to not send spam to "reduce" their spam score, preventing false > positive. That's exactly what I want to rely on for my rules: adding > score for mail with "invoice" pretention and an

Re: Custom rule based on AWL score

My understanding is that AWL is helping frequent senders who are known to not send spam to "reduce" their spam score, preventing false positive. That's exactly what I want to rely on for my rules: adding score for mail with "invoice" pretention and an attachment but only for very unknown users (or

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016 08:01:17 -0700 (MST) simplerezo wrote: > Because our users cannot easyly add all theirs contacts to whitelist. > > AWL is a great feature, and it's working well: so it would be nice > for us to put some restrictives rules only active for "unknown" users > (example: "invoices"

Re: Custom rule based on AWL score

Because our users cannot easyly add all theirs contacts to whitelist. AWL is a great feature, and it's working well: so it would be nice for us to put some restrictives rules only active for "unknown" users (example: "invoices" ...). -- View this message in context: http://spamassassin.1065346

Re: Custom rule based on AWL score

On Thu, 20 Oct 2016 03:55:29 -0700 (MST) simplerezo wrote: > Hi, > > Is it possible to write rule based on AWL score? No > We have some customs rules that we don't want to enable for > "well-known" contacts... Why not just whitelist them?

Re: custom rule based on score of other rule(s)

On Mon, 11 Jan 2016 10:17:21 +0100 Melters, Fabian wrote: > Hi, > > is it possible to create custom rules based in the score of other > rule(s)? > > for example: >TEST1 finished with a score of 1.24, TEST2 finished with a score > of 0.8. >Now we create a meta test which is only matching

Re: custom rule based on score of other rule(s)

Am 11.01.2016 um 10:17 schrieb Melters, Fabian: Hi, is it possible to create custom rules based in the score of other rule(s)? for example: TEST1 finished with a score of 1.24, TEST2 finished with a score of 0.8. Now we create a meta test which is only matching if TEST1+TEST2>2.0 and

Re: custom rule based on score of other rule(s)

On 01/11/2016 10:17 AM, Melters, Fabian wrote: Hi, is it possible to create custom rules based in the score of other rule(s)? for example: TEST1 finished with a score of 1.24, TEST2 finished with a score of 0.8. Now we create a meta test which is only matching if TEST1+TEST2>2.0 and th

RE: Custom Rule

>Hi All I am completely new to writing rules in Spamassassin and would love >some help. I have a Domain called say domain.com and of course if anyone sends >mail from outside the domain addressed as coming from u...@domain.com it >should be spam. I want to block all these as spam except if it is

Re: Custom Rule

On Thu, 26 Feb 2015, Peter Fraser wrote: Hi All I am completely new to writing rules in Spamassassin and would love some help. I have a Domain called say domain.com and of course if anyone sends mail from outside the domain addressed as coming from u...@domain.com it should be spam. I want to bl

Re: Custom Rule

On February 26, 2015 5:59:22 PM Peter Fraser wrote: Anyone ever done this before or could help me with this? thats a job for spf, and can be done in mta stage if wanted suggest pypolicyd-spf, and configure spamassassin to reuse the recieved-spf header

Re: Custom Rule

Am 26.02.2015 um 17:58 schrieb Peter Fraser: Hi All I am completely new to writing rules in Spamassassin and would love some help. I have a Domain called say domain.com and of course if anyone sends mail from outside the domain addressed as coming from u...@domain.com

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Mon, 2014-09-08 at 23:05 -0600, Amir Caspi wrote: > An automated method would prevent a number of problems, and since the > allowed TLDs are evolving, I think it makes the most sense. I can't > speak to a specific implementation, but -something- automated... > Same here: I pick up new SA versio

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Sep 8, 2014, at 7:45 PM, Karsten Bräckelmann wrote: > > Opinions? Discussion in here, or should I move this to dev? Given that TLDs can and do change on a timescale more frequent than many people update their version of SA (myself included), I would vote for a method that treats this as a c

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Tue, Sep 09, 2014 at 03:45:33AM +0200, Karsten Bräckelmann wrote: > > There is one down side: A new dependency on Regexp::List [1]. The RE > pre-compile one-time upstart penalty should be negligible. > > [1] Well, or a really, really f*cking ugly option that takes a > pre-optimzed qr// blo

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On 9. sep. 2014 04.29.55 Karsten Bräckelmann wrote: Apart from that nitpick, I understand you would be in favor of a Valid TLD option, rather than hard-coded. Noted. Perl programmer make there signature in perl code Well i still thinking about url reputation, but since nearly all kind of si

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

>>embedded in the rules. > ^ >Code, not rules. Which basically is the issue here... Just read what I *mean* and not what I type. ;-) -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com "...Life is not a journey to the grave with the intention of arriving safely in one pretty

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Mon, 2014-09-08 at 21:45 -0500, Dave Pooser wrote: > On 9/8/14 8:45 PM, "Karsten Bräckelmann" wrote: > > >There is one down side: A new dependency on Regexp::List [1]. The RE > >pre-compile one-time upstart penalty should be negligible. > > > >[1] Well, or a really, really f*cking ugly option

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Mon, 2014-09-08 at 22:37 -0400, listsb-spamassas...@bitrate.net wrote: > On Sep 8, 2014, at 21.45, Karsten Bräckelmann wrote: > > > Some discussion of the underlying issue. > > > > On Tue, 2014-09-09 at 02:59 +0200, Karsten Bräckelmann wrote: > >> At the time of the 3.3.2 release, the .club T

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On 9/8/14 8:45 PM, "Karsten Bräckelmann" wrote: >There is one down side: A new dependency on Regexp::List [1]. The RE >pre-compile one-time upstart penalty should be negligible. > >[1] Well, or a really, really f*cking ugly option that takes a >pre-optimzed qr// blob containing the VALID_TLDS

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Sep 8, 2014, at 21.45, Karsten Bräckelmann wrote: > Some discussion of the underlying issue. > > On Tue, 2014-09-09 at 02:59 +0200, Karsten Bräckelmann wrote: >> At the time of the 3.3.2 release, the .club TLD simply didn't exist. It >> has been accepted by IANA just recently. Of course I was

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

On Mon, 2014-09-08 at 22:15 -0400, Daniel Staal wrote: > --As of September 9, 2014 3:45:33 AM +0200, Karsten Bräckelmann is alleged > to have said: > > > This incidence is part of the initial round of IANA accepting generic > > TLDs. There's hundreds in this wave, and some are abused early. This

Re: Valid TLDs (was: Re: Custom rule not hitting suddenly?)

--As of September 9, 2014 3:45:33 AM +0200, Karsten Bräckelmann is alleged to have said: This incidence is part of the initial round of IANA accepting generic TLDs. There's hundreds in this wave, and some are abused early. This is moonshine registration, nothing like new TLDs being accepted in

Valid TLDs (was: Re: Custom rule not hitting suddenly?)

Some discussion of the underlying issue. On Tue, 2014-09-09 at 02:59 +0200, Karsten Bräckelmann wrote: > At the time of the 3.3.2 release, the .club TLD simply didn't exist. It > has been accepted by IANA just recently. Of course I was conveniently > using a trunk checkout for testing and kind of

Re: Custom rule not hitting suddenly?

On Sep 8, 2014, at 6:59 PM, Karsten Bräckelmann wrote: > It also should be possible to simply replace that Perl module > with the current trunk version. It seems like this is doable, and I just tried it... a test run on the previous spample now hits my template. Hopefully just dropping the tru

Re: Custom rule not hitting suddenly?

On Mon, 8 Sep 2014, Amir Caspi wrote: Since I'm not running 3.4, this particular grep doesn't work for me, but with John Hardin's advice I set up the following rule, which should catch all URIs: uri ALL_URI /.*/ tflags ALL_URI multiple Debug output shows the following: Sep 8 20:0

Re: Custom rule not hitting suddenly?

On Mon, 2014-09-08 at 18:08 -0600, Amir Caspi wrote: > On Sep 8, 2014, at 4:09 PM, Karsten Bräckelmann > wrote: > > > Pulled the sample from pastebin and fed to spamassassin -D with your > > custom rule added as additional configuration. That rule hits. > > It does not hit on mine, and I think

Re: Custom rule not hitting suddenly?

On Mon, 8 Sep 2014, Amir Caspi wrote: Nope, it does not. Per above, it seems that SA 3.3.2 doesn't like the TLD. Nope, it doesn't: https://svn.apache.org/viewvc/spamassassin/branches/3.3/lib/Mail/SpamAssassin/Util/RegistrarBoundaries.pm?view=markup Is there a patch I can apply that would f

Re: Custom rule not hitting suddenly?

On Sep 8, 2014, at 4:09 PM, Karsten Bräckelmann wrote: > Pulled the sample from pastebin and fed to spamassassin -D with your > custom rule added as additional configuration. That rule hits. It does not hit on mine, and I think I've figured out why. I'm using SA 3.3.2 with perl 5.8.8 on CentOS

Re: Custom rule not hitting suddenly?

On Mon, 2014-09-08 at 11:35 -0600, Amir Caspi wrote: > One of my spammy URI template rules is, for some reason, not hitting > any more. Spample here: > > http://pastebin.com/jy6WZhWW > > In my local.cf sandbox I have the following: > > uri __AC_STOPRANDDOM_URI1 > /(?:stop|halt|quit|leave|l

Re: Custom rule not hitting suddenly?

On Sep 8, 2014, at 12:06 PM, Axb wrote: >> imo, an URI rule shouldn't have a boundary delimiter I normally have one to signify the end of the URI, as this is intended to reduce FPs (just in case some legitimate email might match this but have something after the domain). This delimiter normal

Re: Custom rule not hitting suddenly?

On 09/08/2014 08:03 PM, Axb wrote: On 09/08/2014 07:35 PM, Amir Caspi wrote: Hi all, One of my spammy URI template rules is, for some reason, not hitting any more. Spample here: http://pastebin.com/jy6WZhWW In my local.cf sandbox I have the following: uri __AC_STOPRANDDOM_URI1 /(?:stop|halt

Re: Custom rule not hitting suddenly?

On 09/08/2014 07:35 PM, Amir Caspi wrote: Hi all, One of my spammy URI template rules is, for some reason, not hitting any more. Spample here: http://pastebin.com/jy6WZhWW In my local.cf sandbox I have the following: uri __AC_STOPRANDDOM_URI1 /(?:stop|halt|quit|leave|leavehere|out|exit|disal

Re: Custom rule in local.cf

On Tue, 2011-09-06 at 10:43 +0200, J4K wrote: > body __PR1/(Employment opportunity|Job offer match, > respond to apply|Employment you've been searching|Job > opportunity|Career opportunity inside|Position opening in your area|Work > offer inside|Vacancy - apply online|Job ad -

Re: Custom rule in local.cf

On 09/06/2011 12:07 PM, Axb wrote: > On 2011-09-06 12:03, J4K wrote: >> On 09/06/2011 10:58 AM, Axb wrote: >>> On 2011-09-06 10:43, J4K wrote: Hi, I know that this is probably the hundredth time I have emailed to the list about my custom rules. Usually, someone point

Re: Custom rule in local.cf

On 2011-09-06 12:03, J4K wrote: On 09/06/2011 10:58 AM, Axb wrote: On 2011-09-06 10:43, J4K wrote: Hi, I know that this is probably the hundredth time I have emailed to the list about my custom rules. Usually, someone points out the blindingly obvious when I fail to note it. This has be

Re: Custom rule in local.cf

On 09/06/2011 10:58 AM, Axb wrote: > On 2011-09-06 10:43, J4K wrote: >> Hi, >> >> I know that this is probably the hundredth time I have emailed to >> the list about my custom rules. Usually, someone points out the >> blindingly obvious when I fail to note it. This has been going on for >> mo

Re: Custom rule in local.cf

On 2011-09-06 10:43, J4K wrote: Hi, I know that this is probably the hundredth time I have emailed to the list about my custom rules. Usually, someone points out the blindingly obvious when I fail to note it. This has been going on for months. I'll have a last hack at this, and then be qu

Re: custom rule help

On 2010/11/24 02:55 PM, John Wilcock wrote: Le 24/11/2010 09:50, Tom Kinghorn a écrit : By default, header rules work on the *decoded* subject, not the raw quoted-printable-encoded subject you've quoted. So you need to replace the underscores with spaces in your regex. Alternatively (though

Re: custom rule help

Le 24/11/2010 09:50, Tom Kinghorn a écrit : Subject: =?windows-1252?Q?100%_Finance_with_No_Deposit_Required_:_Stands_in_a_Pristine_West_Coast_Beachside_Security_Village?= I would like to match _Stands_in_a_Pristine_West_Coast_Beachside_Security_Village By default, header rules work on the *de

Re: custom rule help

On Wed, 2010-11-24 at 10:50 +0200, Tom Kinghorn wrote: > My last attempt was: > > header VM_WESTCOAST_SUB Subject =~ > /.*:_Stands_in_a_Pristine_West_Coast_Beachside_Security_Village/ > > any help would be appreciated. > How are you testing your rules? If you want to test and/or deve

RE: custom rule help

Try /\:_Stands_in_a_Pristine_West_Coast_Beachside_Security_Village/ Cheers, Phil -- Phil Randal | Infrastructure Engineer NHS Herefordshire & Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260

Re: Custom Rule Location

On Sun, 2009-11-22 at 19:57 +, rich...@buzzhost.co.uk wrote: > Almost, I'm looking to have SA to include one or two extra directories > where one or many .cf files may be: > > include /path/to/other/custom_rules_johndoe/* > include /path/to/other/custom_rules_janedoe/* > If you're not already

Re: Custom Rule Location

On Sun, 2009-11-22 at 14:17 -0500, Alex wrote: > Hi, > > > What I'm looking to do is have SA look in these directories in addition > > to the default locations. I don't have a problem putting rules there > > Benny. I have a problem getting SA to look there for them :-) > > Are you talking about d

  1   2   >