On Fri, 16 May 2008, Jeff Aitken wrote:
I'm thinking you're probably right that this is a timing issue. I just
checked another message that had different scoring results. The initial
message was received on 5/15 at 1156UTC and did not hit URIBL_BLACK. I
fed it to SA manually at 1203UTC and
On Thu, May 15, 2008 at 08:53:57PM +0200, Karsten Br?ckelmann wrote:
> Yes. Hence my question about mail hitting URIBL_BLACK on the first run,
> unlike that one example.
>
> The point is, whether *no* mail hits URIBL_BLACK, or at least *some*
> mail does. Do you get any URIBL_BLACK hits at all? Is
On Thu, 2008-05-15 at 16:20 +, Jeff Aitken wrote:
> On Thu, May 15, 2008 at 05:35:52PM +0200, Karsten Br?ckelmann wrote:
> > Do you see hits URIBL_BLACK hits in the incoming stream at all?
>
> Not sure exactly what you're asking here... but I included the entire
> X-Spam-Status and X-Spam-Rep
On Thu, May 15, 2008 at 05:35:52PM +0200, Karsten Br?ckelmann wrote:
> No DNSBLs in the original result... This *may* be due to the BLs
> catching up, and the second run being done later. This specifically
> seems to be the case for Razor (which hit in both run, just differently)
> and likely for U
On Thu, 2008-05-15 at 14:19 +, Jeff Aitken wrote:
> For example, a message that was just delivered to my inbox contained the
> following report from SA:
>
> X-Spam-Report:
> * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> * [score: 1.]
>
On Wed, 1 Nov 2006, Mark wrote:
> > > rawbody IMG_SRC_CID /src\s*=\s*"?cid:/i
>
> Well, that matches newlines, too (really, even without /m). So, you want:
>
> rawbody IMG_SRC_CID /src[ \t]*=[ \t]*"?cid:/i
Why? Newlines there are syntactically valid, are they not?
--
John Hard
> -Original Message-
> From: Loren Wilton [mailto:[EMAIL PROTECTED]
> Sent: woensdag 1 november 2006 15:11
> To: users@spamassassin.apache.org
> Subject: Re: Inconsistent scoring
>
>
> Also, while I've never seen it done, I think it is
> theoretically p
On Wed, Nov 01, 2006 at 08:14:39AM -0500, Tim Boyer wrote:
> Last week I added a rule to tag those annoying .gif pump-and-dump emails.
> Nothing fancy:
> rawbody IMG_SRC_CID /src\=(\"c|c)id\:/i
There are several issues with this rule IMO, but there's already a very
similar rule available v
>
> This seems rather odd. I suppose you did lint your rules to
> make sure that you don't have a problem somewhere? It is
> known that SA can do things like dropping most of the rules
> file following a rule with an error in it.
>
Yup; no lint problems at all.
> Maybe you are using Amvis-
This seems rather odd. I suppose you did lint your rules to make sure that
you don't have a problem somewhere? It is known that SA can do things like
dropping most of the rules file following a rule with an error in it.
Maybe you are using Amvis-new or one of the other tools that does its own
10 matches
Mail list logo
