On Thu, 03 Nov 2016 13:38:30 -0400
Kris Deugau wrote:
> header RCVD_IN_XBL eval:check_rbl('zen-lastexternal',
> 'zen.spamhaus.org.', '^127\.0\.0\.[45678]$')
>
> Why are you (re)defining a near-duplicate of this? Was the stock rule
> as above also misbehaving?
>
> Note that the Spa
Alex wrote:
> Hi,
>
> On Wed, Nov 2, 2016 at 10:36 AM, Kris Deugau wrote:
>> Alex wrote:
>>> I've had to lower the score on my header XBL check because it was
>>> triggering on so many dynamic IPs that were clearly reassigned to new
>>> users, then being blacklisted. I'd appreciate it if anyone c
Hi,
On Wed, Nov 2, 2016 at 10:36 AM, Kris Deugau wrote:
> Alex wrote:
>> I've had to lower the score on my header XBL check because it was
>> triggering on so many dynamic IPs that were clearly reassigned to new
>> users, then being blacklisted. I'd appreciate it if anyone could
>> provide additi
Alex wrote:
> I've had to lower the score on my header XBL check because it was
> triggering on so many dynamic IPs that were clearly reassigned to new
> users, then being blacklisted. I'd appreciate it if anyone could
> provide additional input on how they might use something like this.
>
> heade
Hi,
>>> Well, I find this quite useful with very few false positives:
>>>
>>> uridnsblURIBL_SBLXBLsbl-xbl.spamhaus.org. TXT
>>> bodyURIBL_SBLXBLeval:check_uridnsbl('URIBL_SBLXBL')
>>> describeURIBL_SBLXBLContains a URL listed in the SBL/XBL
block
On 1 Nov 2016, at 20:31, Alex wrote:
Hi,
On Mon, Oct 31, 2016 at 9:11 PM, Bill Cole
wrote:
On 31 Oct 2016, at 20:38, Alex wrote:
Hi all,
We keep receiving variations of this dropbox phish that's never
tagged
properly. I was hoping someone had some ideas for catching them.
I've added a f
Hi,
On Mon, Oct 31, 2016 at 9:11 PM, Bill Cole
wrote:
> On 31 Oct 2016, at 20:38, Alex wrote:
>
>> Hi all,
>>
>> We keep receiving variations of this dropbox phish that's never tagged
>> properly. I was hoping someone had some ideas for catching them.
>>
>> I've added a few more body rules, and s
On Mon, 31 Oct 2016 21:11:06 -0400
Bill Cole wrote:
> Well, I find this quite useful with very few false positives:
>
> uridnsblURIBL_SBLXBLsbl-xbl.spamhaus.org. TXT
> bodyURIBL_SBLXBLeval:check_uridnsbl('URIBL_SBLXBL')
> describeURIBL_SBLXBLContains a U
On 31 Oct 2016, at 20:38, Alex wrote:
Hi all,
We keep receiving variations of this dropbox phish that's never tagged
properly. I was hoping someone had some ideas for catching them.
I've added a few more body rules, and some header rules to block this
"drpbox" spelling variation, but I hoped s
