reasonable ceiling).
There are also Spam I’ve seen where words have been deliberately misspelled as
a way of avoiding exact matches, with doubled letters being dropped, similar
letters being transposed (’n’ for ‘m’, ‘z’ for ’s’, ‘k’ for ‘c’, etc) so simply
replacing non-ASCII letters with their ASCII
t trigger the problem...
*headdesk* Knowing about the last-char-of-first-address issue now I can
see how some of the tests I tried would produce odd results. I have a
feeling I also got some of the sets of changes munged together.
-kgd
On Thu, 29 Apr 2010, Kris Deugau wrote:
John Hardin wrote:
> > On 4/28/10 3:13 PM, Kris Deugau wrote:
> > >0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
> > >0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
> > >1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, dire
John Hardin wrote:
On 4/28/10 3:13 PM, Kris Deugau wrote:
> 0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
> 0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
> 1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
There was a bug in handling bare addresses in the f
to-MX
so. its also obviously bulk email.
I don't know how these rules positively identify a message as "bulk". Taking
them at face value, they certainly represent "not following best-practices".
Hmm. I'm not even sure how they fired; the From and To are bare
also obviously bulk email.
I don't know how these rules positively identify a message as "bulk".
Taking them at face value, they certainly represent "not following
best-practices".
sorry, usually if the to and from are the same, its bulk. looks like the
regex's
Michael Scheidell wrote:
On 4/28/10 3:13 PM, Kris Deugau wrote:
0.0 TO_EQ_FM_HTML_ONLY To == From and HTML only
0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.7 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
so. its also obviously bulk email.
I don't
--- Michael Grant <[EMAIL PROTECTED]> wrote:
> On 4/4/07, J. <[EMAIL PROTECTED]> wrote:
> >
> > --- Matt Kettler <[EMAIL PROTECTED]> wrote:
> >
> > > J. wrote:
> > > > I've been doing this sort of thing to block connections which
> is
> > > > somewhat more satisfying than just scoring the email h
Is it possible they are coming from zombie machines? Machines which
have been infected by a sort of virus which a spammer can take over
and send out mail from remotely.
Michael Grant
On 4/4/07, J. <[EMAIL PROTECTED]> wrote:
--- Matt Kettler <[EMAIL PROTECTED]> wrote:
> J. wrote:
> > I've bee
--- Matt Kettler <[EMAIL PROTECTED]> wrote:
> J. wrote:
> > I've been doing this sort of thing to block connections which is
> > somewhat more satisfying than just scoring the email higher, but
> these
> > rascals seems to be able to use multiple ip addresses even within a
> > single mailing:
> >
J. wrote:
> I've been doing this sort of thing to block connections which is
> somewhat more satisfying than just scoring the email higher, but these
> rascals seems to be able to use multiple ip addresses even within a
> single mailing:
>
> 123.156.189.:allow,RBLSMTPD="-Connections refused. domain
I've been doing this sort of thing to block connections which is
somewhat more satisfying than just scoring the email higher, but these
rascals seems to be able to use multiple ip addresses even within a
single mailing:
123.156.189.:allow,RBLSMTPD="-Connections refused. domain.com seems to
ignore
On Tue, Nov 28, 2006 at 11:42:41AM -0500, Fred T wrote:
> notification? I checked the docs and didn't find anything about it so
> I'm guessing I'm crazy but I swear this isn't how it always worked.
They've always been case insensitive. If that wasn't the case at some point,
it was a bug, but I d
Hello SA User's,
I have often used the syntax:
header FOO_EXISTSexists:X-Header-Foo
Today I noticed that the exists header doesn't care about case of the
header.
Create a message with a lower case To header and create a test for:
header LOWER_CASE_TO to =~ /\S{5}/ [if-unset: NOPE]
I w
Hi Daryl!
> Since those headers are munged pretty badly, I'll have to just say you
> probably need to manually configure your trusted_networks.
>
> Does "mail.gmx.net" eq "mail.external-domain.com"?
Yes, mail.gmx.net is the same as mail.external-domain.com.
I changed the names of the users and s
Christian Reiter wrote:
Hi!
I have a problem with my Spamassassin 3.1.1 installation here.
I have Postfix as MTA and Amavids-new 2.3.3
The Rule RCVD_IN_SORBS_DUL matches also the first hop of the
received Headers. If i understand correctly the first hop should
not be matched as a user could
Hi!
I have a problem with my Spamassassin 3.1.1 installation here.
I have Postfix as MTA and Amavids-new 2.3.3
The Rule RCVD_IN_SORBS_DUL matches also the first hop of the
received Headers. If i understand correctly the first hop should
not be matched as a user could use a dynamic/dialup IP
We have made the experimental SC2 data into the production SC
list. The new version has been tested to catch about 10% more
spam than the old version with no significant increase in false
positives.
Along with this change is the use of a new data engine which has
a shorter cycle time of 5 minutes
From: "einheit" <[EMAIL PROTECTED]>
> Pierre Thomson wrote:
>
> >SpamAssassin flagged this just now, and MailScanner removed it from the
stream. The main hits were DCC and RBL related.
> >
> >Good work, SA!
> >
> >http://frodo.bruderhof.com/redhat.txt
> >
> >
> Nice - SA detected bogosity in this
Good day, all,
On Sat, 23 Oct 2004, Pierre Thomson wrote:
> SpamAssassin flagged this just now, and MailScanner removed it from the
> stream. The main hits were DCC and RBL related.
>
> http://frodo.bruderhof.com/redhat.txt
I'm glad to see the offending file has been removed from
Stanf
Kenneth Porter wrote:
--On Saturday, October 23, 2004 3:35 PM -0700 einheit
<[EMAIL PROTECTED]> wrote:
Those sorts of "honor-system viruses" for unix are quite common, but
hardly ever work, up to now, since they require someone with both root
access to a unix system, and a lack of sophistication,
--On Saturday, October 23, 2004 3:35 PM -0700 einheit
<[EMAIL PROTECTED]> wrote:
Those sorts of "honor-system viruses" for unix are quite common, but
hardly ever work, up to now, since they require someone with both root
access to a unix system, and a lack of sophistication, two qualities
which h
John Andersen wrote:
Instead of laughing at it, has anyone actually LOOKED at what
this would install on a redhat system?
Feel free - it's likely some rude hack to bypass tcp wrappers, and allow
ssh access from anywhere, or install some sort of innocuous-sounding
daemon which listens for passw
On Saturday 23 October 2004 09:43 am, einheit wrote:
> Pierre Thomson wrote:
> >SpamAssassin flagged this just now, and MailScanner removed it from the
> > stream. The main hits were DCC and RBL related.
> >
> >Good work, SA!
> >
> >http://frodo.bruderhof.com/redhat.txt
>
> Nice - SA detected bogos
Pierre Thomson wrote:
SpamAssassin flagged this just now, and MailScanner removed it from the stream. The main hits were DCC and RBL related.
Good work, SA!
http://frodo.bruderhof.com/redhat.txt
Nice - SA detected bogosity in this message, though differently than a
human would (If I had gott
SpamAssassin flagged this just now, and MailScanner removed it from the stream.
The main hits were DCC and RBL related.
Good work, SA!
http://frodo.bruderhof.com/redhat.txt
I hope sysadmins are smart enough to check sources before applying an OS
patch!!!
Pierre Thomson
BIC
26 matches
Mail list logo
