Ok, your headers sample finally showed up.
On Thu, 16 Aug 2018, Michael D. Maus Jr. wrote:
I have attached the full header from the recipient to this email in a
.txt file as well as the msg from the source computer.
None of these headers are from base SpamAssassin:
X-CMAE-Verdict: spam
X-CMA
On Mon, 29 Sep 2014, Marcin Mirosław wrote:
W dniu 10.09.2014 o 06:57, John Hardin pisze:
On Tue, 9 Sep 2014, Marcin Mirosław wrote:
W dniu 09.09.2014 o 15:19, John Hardin pisze:
On Tue, 9 Sep 2014, Marcin Mirosław wrote:
Hi again,
I noticed FP on mentioned rule when checking ham email. Du
W dniu 10.09.2014 o 06:57, John Hardin pisze:
> On Tue, 9 Sep 2014, Marcin Mirosław wrote:
>
>> W dniu 09.09.2014 o 15:19, John Hardin pisze:
>>> On Tue, 9 Sep 2014, Marcin Mirosław wrote:
>>>
Hi again,
I noticed FP on mentioned rule when checking ham email. Due to
confidential cont
On Tue, 9 Sep 2014, Marcin Mirosław wrote:
W dniu 09.09.2014 o 15:19, John Hardin pisze:
On Tue, 9 Sep 2014, Marcin Mirosław wrote:
Hi again,
I noticed FP on mentioned rule when checking ham email. Due to
confidential content I don't want to share it on ML. Is somebody willing
to improve ment
On Tue, 9 Sep 2014, Marcin Mirosław wrote:
Hi again,
I noticed FP on mentioned rule when checking ham email. Due to
confidential content I don't want to share it on ML. Is somebody willing
to improve mentioned rule or one case is not enough to look at it? If
somebody would like to look insight i
Hi,
Raising an old thread again, I'm also seeing FPs on this one. No real
changes have been made as far as I can see: a high score and no increase
of number of recipients (nor anything else)...
Regards,
Tom
On 10/02/2013 01:37 PM, Daniel McDonald wrote:
> On 10/2/13 6:30 AM, "Tony Finch"
On 10/18/2013 03:34 PM, Marcin Mirosław wrote:
W dniu 18.10.2013 15:23, Axb pisze:
On 10/18/2013 03:07 PM, Marcin Mirosław wrote:
Hi!
I'm not sure if false positives should be reported here or in bugzilla.
If I choosen wrong place please let me know.
Innocent phrase in Polish language "brakuje
W dniu 18.10.2013 15:23, Axb pisze:
> On 10/18/2013 03:07 PM, Marcin Mirosław wrote:
>> Hi!
>> I'm not sure if false positives should be reported here or in bugzilla.
>> If I choosen wrong place please let me know.
>> Innocent phrase in Polish language "brakuje Ci aliasów"[1] triggers
>> rules ment
On 10/18/2013 03:07 PM, Marcin Mirosław wrote:
Hi!
I'm not sure if false positives should be reported here or in bugzilla.
If I choosen wrong place please let me know.
Innocent phrase in Polish language "brakuje Ci aliasów"[1] triggers
rules mentioned above.
[1] - it means: "[...] you are missin
John Hardin skrev den 2013-10-03 02:55:
header KHOP_BIG_TO_CC ToCc =~
/(?:[^,\@]{1,60}\@[^,]{4,25},){10}/
describe KHOP_BIG_TO_CC Sent to 10+ recipients instaed of Bcc or
a list
scoreKHOP_BIG_TO_CC 3.199 3.399 3.199 3.399
score KHOP_BIG_TO_CC (-1.5) (-1.5) (-1.5) (-1.5)
...are
On Thu, 3 Oct 2013, Benny Pedersen wrote:
Tony Finch skrev den 2013-10-02 13:30:
We've had a report from a user about a false positive involving
KHOP_BIG_TO_CC which has a score of 3.4. This seems like an excessive
penalty for perfectly reasonable behaviour.
header KHOP_BIG_TO_CC ToCc =
Tony Finch skrev den 2013-10-02 13:30:
We've had a report from a user about a false positive involving
KHOP_BIG_TO_CC which has a score of 3.4. This seems like an excessive
penalty for perfectly reasonable behaviour.
header KHOP_BIG_TO_CC ToCc =~ /(?:[^,\@]{1,60}\@[^,]{4,25},){10}/
describe K
On 10/2/13 6:30 AM, "Tony Finch" wrote:
> We've had a report from a user about a false positive involving
> KHOP_BIG_TO_CC which has a score of 3.4. This seems like an excessive
> penalty for perfectly reasonable behaviour.
I've also seen false positives on this. I was going to change it to 25
Kevin A. McGrail skrev den 2013-10-01 06:19:
On 9/30/2013 11:37 PM, Karsten Bräckelmann wrote:
See below for the important part of my previous reply. Your message
was being classified spam due to custom rules -- rules, think of it as
patterns matching a message, that have been written by the re
On 9/30/2013 11:37 PM, Karsten Bräckelmann wrote:
See below for the important part of my previous reply. Your message
was being classified spam due to custom rules -- rules, think of it as
patterns matching a message, that have been written by the recipient's
mail admin. We don't know what thes
On Tue, 2013-10-01 at 11:57 +0900, 岩崎洋佑 wrote:
> Karsten,Thank you for your reply.
>
> Maybe I shouldn't have modified the domain names and some other
> information for security purposes...
> Below is the same one with real information.
Heh. Masking information like names, accounts and domains i
Karsten,Thank you for your reply.
Maybe I shouldn't have modified the domain names and some other
information for security purposes...
Below is the same one with real information.
Something wrong with the domain or possibly with the content of the message?
On Fri, 2013-09-27 at 10:47 +0900, 岩崎洋佑 wrote:
> Some e-mails sent from my account are recognized as spam mails.
> Could anyone tell me the cause?
>
> Below is the header information of one of those spam mails.
> Return-Path:
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-
Den 2012-06-27 12:22, Ed Abbott skrev:
nearly perfect, remove domain-name-servers in request
Thanks Benny. I have removed domain-name-servers
in the request.
would be nice if debian/ubuntu maintainers read it if it can be some
suggestion on spamassassin install notes, since the default was
Benny Pedersen wrote
>
> nearly perfect, remove domain-name-servers in request
>
Thanks Benny. I have removed domain-name-servers
in the request.
Here's the version of /etc/dhcp/dhclient.conf with
domain-name-servers removed:
http://spamassassin.1065346.n5.nabble.com/file/n100618/dhclient.co
Den 2012-06-22 16:20, Ed Abbott skrev:
Now that I have access to block lists, life is so much easier.
nearly perfect, remove domain-name-servers in request
Reko Turja wrote
>
>
>> Looks like resolv.conf is overwritten each time I reboot.
>> I'll implement your "chattr +i" suggestion after I've convinced
>> myself that I have a stable solution that works each and every
>> time.
>
> Dont know what flavor of dhclient linux is running, but in freebsd
Reko Turja wrote:
> I'm myself bit leery for making stuff immutable that update scripts etc.
> usually assume having preset flags. Immutable in wrong place can make
> stuff fail in pretty interesting ways.
Well, my reason for *setting* the immutable bit was that by definition,
any automated widget
Ed Abbott wrote:
Reko Turja wrote:
Sorry for butting in a bit late...
Dont know what flavor of dhclient linux is running, but in freebsd this
kind
of unpleasantness can be avoided by editing /etc/dhclient.conf as
follows:
interface "" {
supersede domain-name "your.internal.tl
Den 2012-06-13 14:24, Ed Abbott skrev:
In other words, It would be nice to set my
nameserver to localhost permanently.
no one stops anyone from changing ones own dhcpd server to say
nameserver is 127.0.0.1, or other ip in rfc1918
its more simple doing it right in the router then fight all c
Reko Turja wrote:
>
> Sorry for butting in a bit late...
>
> Dont know what flavor of dhclient linux is running, but in freebsd this
> kind
> of unpleasantness can be avoided by editing /etc/dhclient.conf as follows:
>
> interface "" {
> supersede domain-name "your.internal.t
Sorry for butting in a bit late...
Ed Abbott wrote:
Kris Deugau wrote:
Just keep in mind that NetworkManager may meddle with your resolv.conf,
so you can either keep a watch and manually fix it, or do as I've taken
to doing and setting the immutable bit with "chattr +i" so it can't be
changed
Den 2012-06-09 12:53, Martin Gregorie skrev:
I see little or no advantage in using DHCP.
its nice to see when friends stop by to add there laptops to your lan
:=)
it just take a second
what i have done is to set all my own lan computers with static lan,
and all dynamic get dynamic ip, eg
On Fri, 2012-06-08 at 15:21 -0700, Ed Abbott wrote:
>
> Looks like resolv.conf is overwritten each time I reboot.
> I'll implement your "chattr +i" suggestion after I've convinced
> myself that I have a stable solution that works each and every
> time.
>
In the current Fedora releases (since F15
On Fri, 8 Jun 2012 18:30:25 -0700 (PDT)
John Hardin wrote:
> A piece of advice: take a look at the rcs/ci/co commands, and use
> them to "version control" your configuration files.
Or use etckeeper: http://joeyh.name/code/etckeeper/
On Debian and Ubuntu, it's just an apt-get away...
Regards,
On Fri, 8 Jun 2012, Ed Abbott wrote:
Kris Deugau wrote:
Just keep in mind that NetworkManager may meddle with your resolv.conf,
so you can either keep a watch and manually fix it, or do as I've taken
to doing and setting the immutable bit with "chattr +i" so it can't be
changed.
Looks like r
Den 2012-06-09 00:21, Ed Abbott skrev:
Looks like resolv.conf is overwritten each time I reboot.
I'll implement your "chattr +i" suggestion after I've convinced
myself that I have a stable solution that works each and every
time.
chattr is not a gui for dhcp servers
For now, I'm using the "c
Kris Deugau wrote:
>
>
> Just keep in mind that NetworkManager may meddle with your resolv.conf,
> so you can either keep a watch and manually fix it, or do as I've taken
> to doing and setting the immutable bit with "chattr +i" so it can't be
> changed.
>
>
Looks like resolv.conf is over
Axb wrote:
>
> now try:
>
> host incek.ru.multi.uribl.com
>
> you should get
>
> incek.ru.multi.uribl.com has address 127.0.0.2
>
>
Thanks! Here's what happened when I tried what
you suggested:
$ host incek.ru.multi.uribl.com
incek.ru.multi.uribl.com has address 127.0.0.2
Thanks for al
Benny Pedersen wrote:
>
> Den 2012-06-08 19:30, Ed Abbott skrev:
>
>> Is it really this simple?
>
> can i hire you now ? :=)
>
I should hire you! Thanks for all your
help!
Ed
--
View this message in context:
http://old.nabble.com/False-Positive-on-Domain-Name-tp33975030p33983799.html
Benny Pedersen wrote:
>
> Den 2012-06-08 19:30, Ed Abbott skrev:
>
>> Is it really this simple?
>
> can i hire you now ? :=)
>
I should hire you! Thanks for all your
help!
Ed
--
View this message in context:
http://old.nabble.com/False-Positive-on-Domain-Name-tp33975030p33983800.html
Benny Pedersen wrote:
>
> Den 2012-06-08 19:30, Ed Abbott skrev:
>
>> Is it really this simple?
>
> can i hire you now ? :=)
>
Thanks for all your help! You
are the one who should be hired.
Ed
--
View this message in context:
http://old.nabble.com/False-Positive-on-Domain-Name-tp33975
Benny Pedersen wrote:
>
> Den 2012-06-08 19:30, Ed Abbott skrev:
>
>> Is it really this simple?
>
> can i hire you now ? :=)
>
Thanks for all your help! You
are the one who should be hired.
Ed
--
View this message in context:
http://old.nabble.com/False-Positive-on-Domain-Name-tp33975
On Fri, 8 Jun 2012, Ed Abbott wrote:
Ed Abbott wrote:
I've contacted Time-Warner via online chat. Technical support responded
to my request to turn off DNS forwarding by saying "We don't offer DNS
forwarding." In other words, they had no idea what I was talking about.
Ed Abbott
My error.
On Fri, 8 Jun 2012, Ed Abbott wrote:
John Hardin wrote:
Ed, you said you've already installed BIND, that covers the "local,
caching" part. Now configure it to not forward requests.
Thank you John!
I think you may have given me the only answer that is going to
work. I've tried to get my ISP
On Fri, 8 Jun 2012, Benny Pedersen wrote:
Den 2012-06-08 20:29, Kevin A. McGrail skrev:
I think we can agree that local caching name server is the correct
solution in 99.9% of the cases, yes?
is 0.1% the geek people on spamassassin ? :=)
i just tryin to find where forwards is usefull when d
On 06/08/2012 07:30 PM, Ed Abbott wrote:
It works! The following test works!
$ cat spam.mbox | spamassassin -dt>temp
In other words, websiterepairguy.com is
passing all the tests and is no longer generating
false positives.
The 'spam.mbox' email is the one that was causing
false positives on
On 6/8/2012 12:57 PM, Ed Abbott wrote:
>
> John Hardin wrote:
>>
>> Ed, you said you've already installed BIND, that covers the "local,
>> caching" part. Now configure it to not forward requests.
>>
>>
> Thank you John!
>
> I think you may have given me the only answer that is going to
> work. I'
Den 2012-06-08 20:29, Kevin A. McGrail skrev:
I think we can agree that local caching name server is the correct
solution in 99.9% of the cases, yes?
is 0.1% the geek people on spamassassin ? :=)
i just tryin to find where forwards is usefull when dig +trace
example.org is not using forwards
Ed Abbott wrote:
> Here's my "new" resolv.conf:
>
> # Generated by NetworkManager
> domain maine.rr.com
> search maine.rr.com
> # nameserver 209.18.47.61
> # nameserver 209.18.47.62
> nameserver 127.0.0.1
>
> It works! The following test works!
>
> $ cat spam.mbox | spamassassin -dt >temp
>
>
Den 2012-06-08 19:30, Ed Abbott skrev:
Is it really this simple?
can i hire you now ? :=)
Den 2012-06-08 18:57, Ed Abbott skrev:
I think you may have given me the only answer that is going to
work. I've tried to get my ISP to allow me to opt out of DNS
redirection. No luck.
you can modify any files in your own host ?, where is the problem with
your isp delivery you wodka ? :=)
On 6/8/2012 2:12 PM, Benny Pedersen wrote:
Den 2012-06-08 18:22, Kevin A. McGrail skrev:
On 6/8/2012 12:17 PM, Ed Abbott wrote:
Any foreseeable problem with using Google Public DNS instead?
Yes. Google Public DNS can get blocked from RBLs because they end up
with too many queries. Your best
Den 2012-06-08 18:23, Ed Abbott skrev:
I'm sure I'm using the DNS servers for
my ISP as I've never done anything to
alter the servers I'm using. Here's my
/etc/resolv.conf:
[snip]
this is what dynamic clients such as dhcp client will use, servers
should have no problem running there own loc
Den 2012-06-08 18:22, Kevin A. McGrail skrev:
On 6/8/2012 12:17 PM, Ed Abbott wrote:
Any foreseeable problem with using Google Public DNS instead?
Yes. Google Public DNS can get blocked from RBLs because they end up
with too many queries. Your best bet with SA is to use your own
local
cach
Den 2012-06-08 18:17, Ed Abbott skrev:
The also said they do not support spamassassin. That's
understandable.
However, I wasn't asking them to support spamassassin. I just wanted
DNS to work properly.
if thay dont want to provide dns for your softare, whats more do thay
dont want to provid
Kris Deugau wrote:
>
>
> Remove the current nameserver entries, and add "nameserver 127.0.0.1".
>
>
Here's my "new" resolv.conf:
# Generated by NetworkManager
domain maine.rr.com
search maine.rr.com
# nameserver 209.18.47.61
# nameserver 209.18.47.62
nameserver 127.0.0.1
It works! The f
Kris Deugau wrote:
>
>
> OK. The first two lines can stay as-is.
>
> Remove the current nameserver entries, and add "nameserver 127.0.0.1".
>
>
Thank you! You are so kind!
You're telling me how to set up a non-forwarding
DNS server right? By using, 127.0.0.1, I'm using
localhost which i
Ed Abbott wrote:
>
>
> I've contacted Time-Warner via online chat. Technical support responded
> to my request to turn off DNS forwarding by saying "We don't offer DNS
> forwarding." In other words, they had no idea what I was talking about.
>
> Ed Abbott
>
My error. I meant to say DNS r
John Hardin wrote:
>
>
> Ed, you said you've already installed BIND, that covers the "local,
> caching" part. Now configure it to not forward requests.
>
>
Thank you John!
I think you may have given me the only answer that is going to
work. I've tried to get my ISP to allow me to opt out
Ed Abbott wrote:
> domain maine.rr.com
> search maine.rr.com
> nameserver 209.18.47.61
> nameserver 209.18.47.62
>
> rr stands for Road Runner and Road
> Runner is my ISP, also known as
> Time-Warner Cable.
OK. The first two lines can stay as-is.
Remove the current nameserver entries, and add "
Ed Abbott wrote:
> I've contacted Time-Warner via online chat. Technical support responded
> to my request to turn off DNS forwarding by saying "We don't offer DNS
> forwarding." In other words, they had no idea what I was talking about.
>From the blog link you posted, it sounds like there's an
Benny Pedersen wrote:
>
>
> are you using isp dns servers ?
>
> show /etc/resolv.conf if unsure
>
>
Hi Benny,
Thanks for replying!
I'm sure I'm using the DNS servers for
my ISP as I've never done anything to
alter the servers I'm using. Here's my
/etc/resolv.conf:
# Generated by Netwo
On 6/8/2012 12:17 PM, Ed Abbott wrote:
Any foreseeable problem with using Google Public DNS instead?
Yes. Google Public DNS can get blocked from RBLs because they end up
with too many queries. Your best bet with SA is to use your own local
caching nameserver.
Regards,
KAM
Kris Deugau wrote:
>
>
> Based on that blog link you *should* be able to opt-out of this
> nuisance, and if it keeps coming back, take the path one respondent
> noted about a cron job to request the opt-out on a regular basis (I
> think every 5 minutes is probably overkill, but...)
>
>
Than
Den 2012-06-07 21:03, David F. Skoll skrev:
It makes ISPs money from search and ad referrals. That's a good
[sic]
enough reason to lie to your customers, apparently.
counting how many ips is in spamhaus drop, where isp says thay stopped
bgp routíng to such bastards and in the same time clai
Den 2012-06-07 20:04, Ed Abbott skrev:
It looks like uribl.org is ignoring requests for both of these
domains and letting them time out. Is this a correct assumption?
are you using isp dns servers ?
show /etc/resolv.conf if unsure
uribl and dnsbl have startede to block dns querries from abbu
Den 2012-06-07 19:35, John Hardin skrev:
/etc/resolv.conf is where you'd start. If that says localhost (which
it should to use a local nameserver), then look at the configuration
of your local DNS server (likely BIND, likely /etc/bind/named.conf or
/etc/named/named.conf).
#/etc/resolv.conf
name
Kris Deugau wrote:
>
>
> A few remote rules rely on other remote lookups (eg, Vipul's Razor, DCC,
> pyzor) but the stock DNS-based rules alone can catch somewhere up to
> about 85-90% of the spam all by themselves, in my experience. And the
> non-DNS rules still rely on DNS lookups to be able
Ed Abbott wrote:
> You are helping clear up a lot of confusion. It seems
> that Time-Warner regularly hijacks DNS. Here's a blog
> post that details the experience of one user:
>
> http://blog.jonudell.net/2010/09/13/hijack-my-dns-and-i-will-be-annoyed-blame-me-and-i-will-go-ballistic/
> I assu
On Thu, 07 Jun 2012 14:57:27 -0400
Kris Deugau wrote:
> If that seems clean, it's possible that your ISP has gone to the
> effort of silently redirecting all DNS requests to their own
> servers. (I can't think of any good reasons to do this, but some
> major ISPs seem to get bizarre directives f
Ed Abbott wrote:
> $ host websiterepairguy.com.multi.surbl.org
> websiterepairguy.com.multi.surbl.org has address 184.106.15.239
> websiterepairguy.com.multi.surbl.org has address 69.16.143.110
> Host websiterepairguy.com.multi.surbl.org not found: 3(NXDOMAIN)
The first two responses here indicate
John Hardin wrote:
>
>
> It would also be useful if (before changing your config) you provided the
> results of DNSBL lookups at your site for some large known-clean domains
> like google.com, microsoft.com, etc. If they are all FPing, then the
> problem is as I stated above and the fix is
Kris Deugau wrote:
>
>
> If you're still getting hits on these rules there's a good chance that
> the DNS cache you're using is either modifying the negative results (ie,
> similar to http://www.surbl.org/faqs#opendns) or has been making too
> many requests to SURBL, and is now either receivin
On Thu, 7 Jun 2012, Ed Abbott wrote:
Axb wrote:
Are you forwarding your queries to a third party DNS?
Axb
Not intentionally. Am I doing so out of ignorance?
Maybe.
I'm a lone individual working from a home computer
and Time-Warner cable is my ISP. Do DNS queries
normally go to Time-Wa
Kris Deugau wrote:
>
> or has been making too
> many requests to SURBL, and is now either receiving "yes it's listed"
> for any request, or is generating that response for some reason.
>
That's entirely possible. It's only through doing research that
I learned that I'm supposed to set up bin
Ralf Hildebrandt wrote:
>
>> host websitereapirguy.com.multi.uribl.com
>
> websiterepairguy.com.multi.uribl.com
> (note the typo)
>
>
Thank you for correcting my typo! The
corrected domain is, as you state,
websiterepairguy.com
I should have copied and pasted rather
than re-typed. That
Axb wrote:
>
> Are you forwarding your queries to a third party DNS?
>
> Axb
>
Not intentionally. Am I doing so out of ignorance?
Maybe.
I'm a lone individual working from a home computer
and Time-Warner cable is my ISP. Do DNS queries
normally go to Time-Warner first? I don't know.
I as
On Thu, 7 Jun 2012, Kris Deugau wrote:
Ed Abbott wrote:
My domain name, websiterepairguy.com, is causing
spamassassin to give a false positive.
Checking from where I'm sitting, I don't see it listed.
If you're still getting hits on these rules there's a good chance that
the DNS cache you're
Ed Abbott wrote:
>
> My domain name, websiterepairguy.com, is causing
> spamassassin to give a false positive.
>
> Here are the tests that all give a false positive for
> websiterepairguy.com:
>
> 1.5 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
> 0.6 URIBL_PH_SURBL
On 06/07/2012 01:37 PM, Ralf Hildebrandt wrote:
* Axb:
in console check with:
host websitereapirguy.com.multi.uribl.com
websiterepairguy.com.multi.uribl.com
(note the typo)
Doh! - copy/paste previous author's error
(rndc flushname websitereapirguy.com)
anyway, still:
Host websiterepair
> I've now refreshed the DNS cache and restarted spamassassin by
> rebooting Linux. No change in result.
Maybe YOUR server is querying an upstream DNS server which has the
data cached.
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCa
* Axb :
> in console check with:
>
> host websitereapirguy.com.multi.uribl.com
websiterepairguy.com.multi.uribl.com
(note the typo)
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de
On 06/07/2012 01:19 PM, Ed Abbott wrote:
Robert Schetterer wrote:
perhaps try refreshing your dns caches and/or restart spamassassin
afterwards
I've flushed the cache with this command:
rndc flushname websitereapirguy.com
So far, no change.
I'll restart spamassassin by rebooting my
mac
Robert Schetterer wrote:
>
>
> perhaps try refreshing your dns caches and/or restart spamassassin
> afterwards
>
>
I've now refreshed the DNS cache and restarted spamassassin by
rebooting Linux. No change in result.
Ed Abbott
--
View this message in context:
http://old.nabble.com/False-
Robert Schetterer wrote:
>
> perhaps try refreshing your dns caches and/or restart spamassassin
> afterwards
>
I've flushed the cache with this command:
rndc flushname websitereapirguy.com
So far, no change.
I'll restart spamassassin by rebooting my
machine next. Not sure that I'm running
Am 07.06.2012 12:53, schrieb Ed Abbott:
> I've checked here to see if my domain is blocked:
>
> https://admin.uribl.com/
>
> When I lookup websiterepairguy,com, I get the
> following reply:
>
> NOT Listed on URIBL
perhaps try refreshing your dns caches and/or restart spamassassin
afterwards
--
On 01/05/2010 06:39 PM, Joseph Brennan wrote:
Ned Slider wrote:
body LOCAL_BODY_CIALIS /\bcialis/i
That's probably what the rule is, and it will match 'spe/cialistes'.
Joseph Brennan
Columbia University Information Technology
Yep, my apologies, I missed the broken spe/cial... in the o
Ned Slider wrote:
bodyLOCAL_BODY_CIALIS /\bcialis/i
That's probably what the rule is, and it will match 'spe/cialistes'.
Joseph Brennan
Columbia University Information Technology
On Tue, 5 Jan 2010 07:19:15 -0800 (PST)
cmvhk wrote:
> 2.0 LOCAL_BODY_CIALIS BODY: Mentions viagra clone 'cialis'
>
> ...
> Could the rule be rewritten so as not to catch instances such as
> this?
It's not a default rule and "LOCAL_" looks like a prefix used by
your admin for local r
On 01/05/2010 03:19 PM, cmvhk wrote:
An email sent to me containing a book review in French was recently falsely
classified as spam, largely because it failed the LOCAL_BODY_CIALIS rule:
2.0 LOCAL_BODY_CIALIS BODY: Mentions viagra clone 'cialis'
I quote offending part of the message:
...
Cmvhk wrote on Tue, 5 Jan 2010 07:19:15 -0800 (PST):
> 2.0 LOCAL_BODY_CIALIS BODY: Mentions viagra clone 'cialis'
Sure, that this rule is part of standard SA? I can't find it in 3.2.5 or
3.3.0.
Apart from this, if that message came out as spam with these additional 2
points it must have al
On 05.01.10 07:19, cmvhk wrote:
> An email sent to me containing a book review in French was recently falsely
> classified as spam, largely because it failed the LOCAL_BODY_CIALIS rule:
>
> 2.0 LOCAL_BODY_CIALIS BODY: Mentions viagra clone 'cialis'
>
> I quote offending part of the message:
Another FP, reported some Monday from a customer:
212.62.57.38 == mtaout3.isp.ptt.rs
Which is a clear sign for an ISP. So please, again, check also their
mtaout1 ... mtaout9 or whatever and include all these in YELLOW.
Also, I've offered you a list of ISPs MX from Austria. We have an ISP
Associ
On Mittwoch 21 Oktober 2009 Marc Perkel wrote:
> Michael Monnerie wrote:
> http://ipadmin.junkemailfilter.com/remove.php?ip=62.40.128.130
> Just received this FP from a customer. That IP is indeed an MX for
> kabsi.at, a big cable provider in Austria. Please put it on YELLOW.
Please, Marc, you fi
Fixed
Michael Monnerie wrote:
http://ipadmin.junkemailfilter.com/remove.php?ip=62.40.128.130
Just received this FP from a customer. That IP is indeed an MX for
kabsi.at, a big cable provider in Austria. Please put it on YELLOW.
mfg zmi
I haven't looked at the rules at all (yet)...
On Mon, May 4, 2009 at 20:00, John Hardin wrote:
> On Mon, 4 May 2009, Michael Monnerie wrote:
>
>> On Montag 04 Mai 2009 Justin Mason wrote:
>>>
>>> yep, it's certainly useful -- even if the "fix" is just to include
>>> the FP messages in a mass-chec
On Mon, 4 May 2009, Michael Monnerie wrote:
On Montag 04 Mai 2009 Justin Mason wrote:
yep, it's certainly useful -- even if the "fix" is just to include
the FP messages in a mass-checked
corpus for the next time FRT_VALIUM1's score is calculated, ensuring
that it'll get a lower
score.
It's in
On Montag 04 Mai 2009 Justin Mason wrote:
> yep, it's certainly useful -- even if the "fix" is just to include
> the FP messages in a mass-checked
> corpus for the next time FRT_VALIUM1's score is calculated, ensuring
> that it'll get a lower
> score.
It's in my mass corpus already, but I wonder i
yep, it's certainly useful -- even if the "fix" is just to include the
FP messages in a mass-checked
corpus for the next time FRT_VALIUM1's score is calculated, ensuring
that it'll get a lower
score.
--j.
On Mon, May 4, 2009 at 10:19, Michael Monnerie
wrote:
> On Montag 04 Mai 2009 Raymond Dijkx
On Montag 04 Mai 2009 Raymond Dijkxhoorn wrote:
> > So what's next? There's a known big bug where several Valium rules
> > misfire at german messages. Should I open another bug?
> > I found bugs 6060 and 6086 reporting it, both are NEW. I've
> > commented both of them now, hope we get a quick optim
Hi!
I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and
FUZZY_VLIUM with a german announcement from Paypal about changing
their general terms and conditions. Maybe those rules can be
optimized?
This came up back in March. I'm a little surprised there hasn't been
any action on it, as a
On Sonntag 03 Mai 2009 John Hardin wrote:
> > I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and
> > FUZZY_VLIUM with a german announcement from Paypal about changing
> > their general terms and conditions. Maybe those rules can be
> > optimized?
>
> This came up back in March. I'm a littl
On Sonntag 03 Mai 2009 Benny Pedersen wrote:
> use whitelist_from_spf to turn it into a ham msg
That's the wrong way. The mail has *nothing* to do with spam nor VALIUM,
but fires 3 Valium Rules and FUZZY_CREDIT, and ALL of them are false
positives. I know I can change scores or do other nifty st
On Sun, 3 May 2009, Michael Monnerie wrote:
I've got a false positive with FRT_VALIUM1, FRT_VALIUM2 and FUZZY_VLIUM
with a german announcement from Paypal about changing their general
terms and conditions. Maybe those rules can be optimized?
This came up back in March. I'm a little surprised
1 - 100 of 239 matches
Mail list logo
