On Sunday 23 March 2008 14:10:18 The Doctor wrote:
> Where should this be added?
to your custom rules.
i suggest editing local.cf and adding the following line:
include /etc/spamassassin/myrules
then make that directory and put your custom rules in it (one file is one
rule)
you can also put all ru
On Sat, Mar 22, 2008 at 09:26:39PM -0400, Joseph Brennan wrote:
>
>> thats a dynamic ip from telecomitalia. i'm getting lots of spam from
>> there but the ips are in no dynamic list. is there a more complete list
>> of dynamic hosts?
>
> We are currently doing this:
>
>
> # Telecomitalia. ISP wi
On Sunday 23 March 2008 02:26:39 Joseph Brennan wrote:
> > thats a dynamic ip from telecomitalia. i'm getting lots of spam from
> > there but the ips are in no dynamic list. is there a more complete list
> > of dynamic hosts?
>
> We are currently doing this:
http://sarah.ibcsolutions.de/~aep/sa/7
On Saturday 22 March 2008 21:31:13 Karsten Bräckelmann wrote:
> On Sat, 2008-03-22 at 19:31 +0100, Arvid Ephraim Picciani wrote:
> > > http://rafb.net/p/S95P6c12.html
>
> Yes, this is a spam alright. The Message-Id alone tells so. See my rule
> KB_RATWARE_MSGID in bug 5830 [1].
> [1] https://issues
thats a dynamic ip from telecomitalia. i'm getting lots of spam from
there but the ips are in no dynamic list. is there a more complete list
of dynamic hosts?
We are currently doing this:
# Telecomitalia. ISP with a big spam problem
# A rare exception found had a .it tld sender, so let's
mouss wrote:
Arvid Ephraim Picciani wrote:
On Saturday 22 March 2008 19:52:46 SM wrote:
He was referring to the URL that is wrapped into two lines with the
quoted-printable encoding. It is parsed correctly.
so thats no error or invalid markup? ok well in this case... sorry
for the fals
> you need to show the raw body. http://ec=xz... is invalid and results
> in an error when I click on. even with quoted printable, it is still
> invalid because '=' must be followed by hex characters (0-9a-fA-F).
Dude, see the OP. :) He did provide the full, raw message.
This very snippet is
On Sat, 2008-03-22 at 19:31 +0100, Arvid Ephraim Picciani wrote:
> > http://rafb.net/p/S95P6c12.html
Yes, this is a spam alright. The Message-Id alone tells so. See my rule
KB_RATWARE_MSGID in bug 5830 [1].
> second, i'd love to go and slap some ISPs a round a little for not even
> having
> an
Arvid Ephraim Picciani wrote:
On Saturday 22 March 2008 19:52:46 SM wrote:
He was referring to the URL that is wrapped into two lines with the
quoted-printable encoding. It is parsed correctly.
so thats no error or invalid markup? ok well in this case... sorry for the
false alert.
At 11:37 22-03-2008, Arvid Ephraim Picciani wrote:
een">http://ec=xzpmi.oldbuild.cn/?175217540350";>Das b
see the "="?
imo it should be takes as spam sign. no sane person pasts such urls unless
he/she intends to bypass url checks.
The sender's MUA formats and encodes the message. The URL may
On Saturday 22 March 2008 19:52:46 SM wrote:
> He was referring to the URL that is wrapped into two lines with the
> quoted-printable encoding. It is parsed correctly.
so thats no error or invalid markup? ok well in this case... sorry for the
false alert.
--
best regards/Mit freundlichen Grüße
At 11:27 22-03-2008, Justin Mason wrote:
what is the URL you think it's missing?
He was referring to the URL that is wrapped into two lines with the
quoted-printable encoding. It is parsed correctly.
Regards,
-sm
On Saturday 22 March 2008 19:27:15 Justin Mason wrote:
> works for me:
> Content analysis details: (14.3 points, 5.0 required)
wow that was fast. 5 minutes ago it was in none of those lists. now i get 14.8
points too.
> what is the URL you think it's missing?
that one:
> Contains an URL list
On Saturday 22 March 2008 19:10:03 Arvid Ephraim Picciani wrote:
> http://rafb.net/p/S95P6c12.html
i forgot two things:
thats a dynamic ip from telecomitalia. i'm getting lots of spam from there but
the ips are in no dynamic list. is there a more complete list of dynamic
hosts? i've seen sorbs d
Arvid Ephraim Picciani writes:
> Hi,
> seems that spammers are leaving encoding characters in the urls to make SA
> unable to parse it. my mailprogram (kmail currently) displays those urls
> _without_ the leftovers.
> http://rafb.net/p/S95P6c12.html
> i suggest taking this kind of obfuscation as
On Fri, 17 Nov 2006, Jeff Chan wrote:
> It seems that the particular URI obfuscation in:
>
> http://www.surbl.org/evidence/seruikiontunhfasnde.com.txt
>
> successfully confuses SpamAssassin 3.1.6 into not detecting the
> SURBL blacklisted URI.
How about a rule that adds points for a link with
> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED]
> Sent: Saturday, November 18, 2006 10:29 AM
> To: Michael Scheidell
> Cc: users@spamassassin.apache.org
> Subject: Re: URI obfuscation that confuses SA
>
>However, it's just doing a se
Michael Scheidell wrote:
> When I past that (with the munged) in it I get a nasa web site.
> (maybe google built into firefox finds the nasa site)
>
>
> http://8ZC*2/F3B.seruikiontuMUNGED.com/?LHN-+IA-
>
>
> Scarry crap.
>
> Hey nasa: is this even something you want public?
> I will send you link i
On Sat, November 18, 2006 14:45, Justin Mason wrote:
> http://8ZC*2/F3B.seruikiontuMUNGED.com/?LHN-+IA- >
> link
> Surely that doesn't work. certainly doesn't with any of my MUAs! anyone
> got a copy of Lookout or Outlook Express they can test with?
fedora core 6 x86_64 firefox 1.5.0.8 display
.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Saturday, November 18, 2006 8:46 AM
> To: Matt Kettler
> Cc: Jeff Chan; SpamAssassin Users
> Subject: Re: URI obfuscation that confuses SA
>
>
>
> Matt Kettler writes:
> > Jeff
Matt Kettler writes:
> Jeff Chan wrote:
> > It seems that the particular URI obfuscation in:
> >
> > http://www.surbl.org/evidence/seruikiontunhfasnde.com.txt
> >
> > successfully confuses SpamAssassin 3.1.6 into not detecting the
> > SURBL blacklisted URI.
> >
>
> Does that even work as a l
Jeff Chan wrote:
> It seems that the particular URI obfuscation in:
>
> http://www.surbl.org/evidence/seruikiontunhfasnde.com.txt
>
> successfully confuses SpamAssassin 3.1.6 into not detecting the
> SURBL blacklisted URI.
>
Does that even work as a link? Doesn't seem to work in firefox or IE
Jeff Chan <[EMAIL PROTECTED]> writes:
> SpamCop got fooled by this URI obfuscation, so I wrote them about
> it. Would someone please feed it through SA to see if it handles
> it correctly:
It doesn't matter because the message had a score of 19. In 2.64, it
had a score of 11.
With network test
Jeff Chan wrote to SpamAssassin Users:
Update on the previous, interestingly the HTML renderer in The Bat!
1.62q did not make the link clickable, but the plaintext message
renderer did.
That's because the HTML did not actually contain a link (anchor); just
the plaintext URI. Many plaintext renderer
Update on the previous, interestingly the HTML renderer in The
Bat! 1.62q did not make the link clickable, but the plaintext
message renderer did.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
25 matches
Mail list logo
