On 28.12.22 12:55, John Stimson via users wrote:
The machine has bind9 running locally to provide DNS for its own
domain, and uses it for name resolution.
On Wed, 28 Dec 2022, Matus UHLAR - fantomas wrote:
This is the problem:
Bind9 is configured to use OpenDNS and Google as forwarders.
On Wed, 28 Dec 2022, Matus UHLAR - fantomas wrote:
On 28.12.22 12:55, John Stimson via users wrote:
The machine has bind9 running locally to provide DNS for its own domain,
and uses it for name resolution.
This is the problem:
Bind9 is configured to use OpenDNS and Google as forwarders.
On 2022-12-28 at 12:55:20 UTC-0500 (Wed, 28 Dec 2022 12:55:20 -0500)
John Stimson via users
is rumored to have said:
[...]
On 2022/12/28 15:07:31 Bill Cole wrote:
Perhaps your DNS resolution is to blame. Are you using a local
recursive
resolver that does no forwarding?
The machine has bin
On 2022-12-28 at 12:32:39 UTC-0500 (Wed, 28 Dec 2022 12:32:39 -0500)
Greg Troxel
is rumored to have said:
It would be great if someone(tm) went through the blackhat pdf and
wrote
rules for all the evasions, and fixed the MTAs etc.
From the cited page:
For more technical details, please se
Brent Clark:
> Something to see and keep an eye on (Read: Why build this tool)
>
> https://www.kitploit.com/2022/01/espoofer-email-spoofing-testing-tool.html
This is old news. The espoofer tool and research were presented I think
in 2020 and were widely discussed then. And bug fixes
On 28.12.22 12:55, John Stimson via users wrote:
The machine has bind9 running locally to provide DNS for its own
domain, and uses it for name resolution.
This is the problem:
Bind9 is configured to use
OpenDNS and Google as forwarders.
BIND does NOT need forwarders and by using it, you mo
John,
No offence meant, but I would like to suggest you to also look at your
mail client and/or mail server configuration, especially some silly
"privacy" filters touching on headers.
It looks like something in your set up is preventing the two headers
References, and In-Reply-To from your c
On 2022/12/28 15:09:36 Matus UHLAR - fantomas wrote:
> spamassassin service is not needed when you use amavis, you can stop and
> disable it.
Good to know.
On 2022/12/28 15:09:36 Matus UHLAR - fantomas wrote:
> >~amavis/.spamassassin contains a file user.prefs that has only comment
> >lines. Co
On 12/28/22 10:32 AM, Greg Troxel wrote:
It would be great if someone(tm) went through the blackhat pdf and
wrote rules for all the evasions, and fixed the MTAs etc.
I have seen and heard discussion about the raft number of bugs fixed 30
- 90 days after the annual Blackhat / Pwn2Own conference
It would be great if someone(tm) went through the blackhat pdf and wrote
rules for all the evasions, and fixed the MTAs etc.
On 12/28/22 6:17 AM, Kevin A. McGrail wrote:
Sigh. Yet another borderline ethical posting / tool like far too many
pentesters who think transparency is the ultimate way to move the needle
of security
Many tools can be used for both good and evil.
I have yet to find a kitchen knife that can te
On 2022/12/28 12:45:48 Matus UHLAR - fantomas wrote:
have you reloaded amavisd?
On 28.12.22 08:50, John Stimson via users wrote:
I restarted the amavisd-new.service and spamassassin.service after
editing /etc/spamassassin/local.cf
spamassassin service is not needed when you use amavis, you
On 2022-12-28 at 08:50:35 UTC-0500 (Wed, 28 Dec 2022 08:50:35 -0500)
John Stimson via users
is rumored to have said:
Updates:
On 2022/12/28 12:45:48 Matus UHLAR - fantomas wrote:
have you reloaded amavisd?
I restarted the amavisd-new.service and spamassassin.service after
editing /etc/spa
Updates:
On 2022/12/28 12:45:48 Matus UHLAR - fantomas wrote:
> have you reloaded amavisd?
I restarted the amavisd-new.service and spamassassin.service after
editing /etc/spamassassin/local.cf
> do you have anything set in amavis' home directory?
> usually ~amavis/.spamassassin
~amavis/.spa
On 12/28/2022 8:11 AM, Brent Clark wrote:
Something to see and keep an eye on (Read: Why build this tool)
Sigh. Yet another borderline ethical posting / tool like far too many
pentesters who think transparency is the ultimate way to move the needle
of security while thinly veiling their se
Good day Guys
Something to see and keep an eye on (Read: Why build this tool)
https://www.kitploit.com/2022/01/espoofer-email-spoofing-testing-tool.html
HTH
Regards
Brent Clark
On 27.12.22 17:28, John Stimson via users wrote:
I have a single SMTP server with single public IP address. I have set
trusted_networks my.ip.num.ber
internal_networks my.ip.num.ber
and removed the clear_originating_ip_headers line. I also added the line
add_header all RelaysUntrusted _RELA
John Stimson via users skrev den 2022-12-27 23:28:
I have a single SMTP server with single public IP address. I have set
trusted_networks my.ip.num.ber
this can have all external trusted ips aswell, but minimal it should be
a list of ips you have ssh root access on, nothing more nothing less
I have a single SMTP server with single public IP address. I have set
trusted_networks my.ip.num.ber
internal_networks my.ip.num.ber
and removed the clear_originating_ip_headers line. I also added the line
add_header all RelaysUntrusted _RELAYSUNTRUSTED_
based on the suggestion in the Trust
On 2022/12/26 23:47:41 Benny Pedersen wrote:
X-Originating-Ip should not be used for whitelists, only for blacklist
rbl, even on only blacklist its unsafe to use, rules maintainers can
remove it, now that spamassassin 4.0.0 is out :)
read "perldoc Mail::SpamAssassin::Conf" to see how this header
On 2022/12/26 23:47:41 Benny Pedersen wrote:
> X-Originating-Ip should not be used for whitelists, only for blacklist
> rbl, even on only blacklist its unsafe to use, rules maintainers can
> remove it, now that spamassassin 4.0.0 is out :)
>
> read "perldoc Mail::SpamAssassin::Conf" to see how th
John Stimson via users skrev den 2022-12-27 16:34:
I'm sorry; I should have included the version information.
all versions do in this case here the same
I am running spamassassin with the default installation from kubuntu
18.04 LTS, updated to kubuntu 20.04. It is version 3.4.4. It is
calle
I'm sorry; I should have included the version information.
I am running spamassassin with the default installation from kubuntu
18.04 LTS, updated to kubuntu 20.04. It is version 3.4.4. It is called
by amavisd-new, also a default installation.
My local.cf sets up the Bayesian classifier and
John Stimson via users skrev den 2022-12-26 21:44:
Here's an example header:
X-Originating-Ip: [40.92.91.45]
this header is expanded in spamassassin and sure currently gives
https://dnswl.org/s/?s=1357
i consider trust here not good to use forged header info to whitelist
ips, when this ip
John Stimson via users skrev den 2022-12-26 21:44:
My second question is where to report an SMTP server that passes SPF,
but is passing spam with forged Received headers.
Here's an example header:
Received: from aznavrchol.cz (unknown [85.204.116.245])
by idsfa.net (Postfix) with ESMT
Hello,
I have lately seen an increase in the number of spam messages passing
spamassassin. Checking the X-Spam-Status header, I see that the common
reason they are all passing is that they hit the DNSWL_HI test to get a
-5 adjustment to their spam score. However, when I check the IP address
i like to see ARC testing in Mail::DKIM used in spamassassin DKiM
plugin, its imho not much code changes to make that work, if DKIM plugin
do this it would be possible to add it to AuthRes aswell, and maybe
finaly do DMARC test in spamassassin, but this last step do require
AuthRes is done
On Sat, 24 Apr 2021, Steve Dondley wrote:
And if you want to test your rules against a corpus rather than
testing against a few one-off spamples, then look into setting up a
local masscheck instance. You don't need to upload the results to SA,
but it will give you a good overview of
And if you want to test your rules against a corpus rather than
testing against a few one-off spamples, then look into setting up a
local masscheck instance. You don't need to upload the results to SA,
but it will give you a good overview of how a rule behaves against
multiple messages.
your rules against a corpus rather than testing
against a few one-off spamples, then look into setting up a local
masscheck instance. You don't need to upload the results to SA, but it
will give you a good overview of how a rule behaves against multiple
messages.
--
Joh
has a copy of all the live SA
configuration files. Alongside this I have a directory filled with
examples of spam to function as testing input.
Along with I have a bash script or two which is used to do things like:
1) start SA in debug mode to check the testing config for errors.
No message
guration files. Alongside this I have a directory filled with
examples of spam to function as testing input.
Along with I have a bash script or two which is used to do things like:
1) start SA in debug mode to check the testing config for errors.
No messages are processed - its just looking for
I'm experimenting with writing a library of my own SA rules and scores.
I'd like to be sure that the rules I write don't turn ham into spam and
vice versa. I figured the best way to do this would be to run SA against
an existing collection of ham and spam to make sure emails are still
scored ac
Thanks. Right now 3.4.4 is built, has the votes to release and will be
closing it's voting tomorrow at 10PM EST at which point I expect to
publish it.
On 1/26/2020 9:03 AM, Shawn Iverson wrote:
> So far testing is looking good for 3.4.4-rc1.
>
> Packaging went well and more testi
So far testing is looking good for 3.4.4-rc1.
Packaging went well and more testing is underway. Package is out in my
testing repo and have others giving it a go.
On Tue, 10 Apr 2018, Rupert Gallagher wrote:
Microsoft shits on your head, and you pay for it. Go on, enjoy it.
On Tue, Apr 10, 2018 at 17:19, Reindl Harald wrote:
Am 10.04.2018 um 17:17 schrieb Rupert Gallagher: > Microsoft should be blacklisted globally, until they fix
their > own softwar
Microsoft shits on your head, and you pay for it. Go on, enjoy it.
Sent from ProtonMail Mobile
On Tue, Apr 10, 2018 at 17:19, Reindl Harald wrote:
> Am 10.04.2018 um 17:17 schrieb Rupert Gallagher: > Microsoft should be
> blacklisted globally, until they fix their > own software. go on - you
>Microsoft should be blacklisted globally, until they fix their own software.
They even change the order of many headers (Receiveds included) remove the
ones they do not like, etc... i am sure they like playing dices...
PedroD
Microsoft should be blacklisted globally, until they fix their own software.
On Tue, Apr 10, 2018 at 16:00, Sebastian Arcus wrote:
> Hence why I have to have a local whitelist and skip verification for all MX's
> of the form *.outlook.com (which include Microsoft cloud hosted domains).
On 10/04/18 08:41, Daniele Duca wrote:
On 09/04/2018 20:40, Sebastian Arcus wrote:
This might not really answer your question, but I've had really good
results leaving all this to the MTA (Exim in my case). I actually go
for the whole hog full callout verification - checking with the MX
th
On 09/04/2018 20:40, Sebastian Arcus wrote:
This might not really answer your question, but I've had really good
results leaving all this to the MTA (Exim in my case). I actually go
for the whole hog full callout verification - checking with the MX
that the sender really exists. I know that
On 09/04/18 15:24, David Jones wrote:
I was wondering if anyone knows of an SA plugin or another method to
determine if the envelope-from domain has a valid MX record that is
listening on TCP port 25. I don't think it would be a major scorer but
it could be useful in meta rules.
This might
On Mon, 9 Apr 2018 09:24:23 -0500
David Jones wrote:
> I was wondering if anyone knows of an SA plugin or another method to
> determine if the envelope-from domain has a valid MX record that is
> listening on TCP port 25. I don't think it would be a major scorer
> but it could be useful in meta
Kevin A. McGrail skrev den 2018-04-09 16:46:
If you are interested, let me know.
i am interested to learn how to setup mimedefang, not how to test mx :=)
that will always be a job for mta to make sure this is valid
David Jones skrev den 2018-04-09 16:24:
I was wondering if anyone knows of an SA plugin or another method to
determine if the envelope-from domain has a valid MX record that is
listening on TCP port 25. I don't think it would be a major scorer
but it could be useful in meta rules.
thats a job
On 09/04/2018 16:24, David Jones wrote:
Been playing around with rspamd over the weekend to see how it
compares and so far not that impressed. It has a few features that
are interesting like the MX check but other than that it's not as
impressive as the author makes it out to be on the webs
Well, here's the code I use in filter_sender in MD to check for a validMX.
The module needs a public release with some updates and doesn't work great
with IPv6 but the code is solid and been in use for a long time at my firm.
#IF NOT A BOUNCE, THEN CHECK VALID MX RECORDS
if ($sender ne '<>') {
On 04/09/2018 09:58 AM, Dianne Skoll wrote:
On Mon, 9 Apr 2018 09:56:20 -0500
David Jones wrote:
On 04/09/2018 09:44 AM, Reindl Harald wrote:
you simply don't want connect to every innocent MX which inbound
mail is forged because for the sake of god you are attacking the
victim of spoofed mai
On Mon, 9 Apr 2018 09:56:20 -0500
David Jones wrote:
> On 04/09/2018 09:44 AM, Reindl Harald wrote:
> > you simply don't want connect to every innocent MX which inbound
> > mail is forged because for the sake of god you are attacking the
> > victim of spoofed mails and you are easily part of a di
On 04/09/2018 09:46 AM, Kevin A. McGrail wrote:
Hi Dave,
I do similar work in MIMEDefang using the a redis backend for caching
valid recipients combined with Net::validMX that can check to see if a
sender has valid MX before sending. I have a release of Net::validMX
I'm about to post this we
On 04/09/2018 09:44 AM, Reindl Harald wrote:
Am 09.04.2018 um 16:24 schrieb David Jones:
I was wondering if anyone knows of an SA plugin or another method to
determine if the envelope-from domain has a valid MX record that is
listening on TCP port 25. I don't think it would be a major scorer
Hi Dave,
I do similar work in MIMEDefang using the a redis backend for caching valid
recipients combined with Net::validMX that can check to see if a sender has
valid MX before sending. I have a release of Net::validMX I'm about to
post this week in fact.
If you are interested, let me know.
Reg
I was wondering if anyone knows of an SA plugin or another method to
determine if the envelope-from domain has a valid MX record that is
listening on TCP port 25. I don't think it would be a major scorer but
it could be useful in meta rules.
Been playing around with rspamd over the weekend to
Jerry Malcolm skrev den 2017-09-20 17:32:
I didn't "misguide" anyone. Even if you can't think of a reason to
use it or don't want to use it, then don't use it. There's no reason
to disparage the service. It found all kinds of problems with my
email. I fixed them. I haven't had any problems s
On 09/20/2017 09:51 AM, Benny Pedersen wrote:
RW skrev den 2017-01-11 16:11:
Try mail-tester.com
it have badly working MX checks, MX rr is only needed if mailserver is
diffrent ip then A/ records, i wont trust it as long this error is
there
While it may be technically true in an RFC
I didn't "misguide" anyone. Even if you can't think of a reason to use
it or don't want to use it, then don't use it. There's no reason to
disparage the service. It found all kinds of problems with my email. I
fixed them. I haven't had any problems since.
Don't misguide people!
On 9/20/
RW skrev den 2017-01-11 16:11:
Try mail-tester.com
it have badly working MX checks, MX rr is only needed if mailserver is
diffrent ip then A/ records, i wont trust it as long this error is
there
and why use a mail-tester if it gets URIBL_BLOCKED
its silly
dont missguide people
I have been working with Michael from Lashback RBL to improve the false
positive hits from major mail providers. I would like to ask for others
to help test and provide some feedback by saving this file in the same
location as the local.cf (usually /etc/mail/spamassassin):
https://pastebin.co
tony,
>>
>> I don't think that would work because it would not test the domain,
>> the IP, the received headers, DNS records and so on.
>
> Maybe I don't understand your mail setup fully, but why would any inbound
> email to your server contain those things *about your
On Wednesday 11 January 2017 at 16:22:13, Michael B Allen wrote:
> On Wed, Jan 11, 2017 at 10:03 AM, Antony Stone wrote:
> > On Wednesday 11 January 2017 at 15:57:20, Michael B Allen wrote:
> >> Is it possible to send a message to myself to see what SA thinks of my
> >> mail rig?
> >>
> >> If I j
On Wed, Jan 11, 2017 at 10:03 AM, Antony Stone
wrote:
> On Wednesday 11 January 2017 at 15:57:20, Michael B Allen wrote:
>
>> Is it possible to send a message to myself to see what SA thinks of my mail
>> rig?
>
>> If I just send a message from one account to another, of course it
>> never leaves
On Wed, 11 Jan 2017 09:57:20 -0500
Michael B Allen wrote:
> Is it possible to send a message to myself to see what SA thinks of
> my mail rig?
>
> I'm using CentOS 7.2, spamassassin 3.4.0 and postfix 2.10 and running
> spamd + spamc in postfix master.cf > sendmail > procmail > .Spam
> folder.
>
On Wed, 11 Jan 2017, Michael B Allen wrote:
Is it possible to send a message to myself to see what SA thinks of my mail rig?
I'm using CentOS 7.2, spamassassin 3.4.0 and postfix 2.10 and running
spamd + spamc in postfix master.cf > sendmail > procmail > .Spam
folder.
If I just send a message f
On Wednesday 11 January 2017 at 15:57:20, Michael B Allen wrote:
> Is it possible to send a message to myself to see what SA thinks of my mail
> rig?
> If I just send a message from one account to another, of course it
> never leaves the server and thus dodges SA. Is there a clever way to
> tempo
Is it possible to send a message to myself to see what SA thinks of my mail rig?
I'm using CentOS 7.2, spamassassin 3.4.0 and postfix 2.10 and running
spamd + spamc in postfix master.cf > sendmail > procmail > .Spam
folder.
If I just send a message from one account to another, of course it
never
On Tue, 18 Aug 2015 10:48:54 +0100
"MailBlacklist.com Management" wrote:
> Regards,
> MailBlacklist.com Management.
Really? That's your name?
This sounds very fishy, sorry.
Regards,
Dianne.
Am 18.08.2015 um 12:27 schrieb Axb:
> This is becoming higly offtopic.
>
> Don't think the SA list is the ideal place to promote services, no
> matter how well meant it all may be.
>
> At this point you should stop turning this list into your support/dev
> channel, and run your own mailing list.
This is becoming higly offtopic.
Don't think the SA list is the ideal place to promote services, no
matter how well meant it all may be.
At this point you should stop turning this list into your support/dev
channel, and run your own mailing list. Interested followers will subscribe.
Axb
Apa
Am 18.08.2015 um 11:48 schrieb MailBlacklist.com Management:
Good Morning,
@David - Thank you for your feedback 127.0.0.2 is now back in our RBL.
It was removed yesterday while we were updating our response codes,
getting ready for our announcement of another major feed provider.
@Noel - You a
Good Morning,
@David - Thank you for your feedback 127.0.0.2 is now back in our RBL. It
was removed yesterday while we were updating our response codes, getting
ready for our announcement of another major feed provider.
@Noel - You are right there are some feeds we cannot disclose due to NDA's
be
On 17.08.2015 23:03, Bill Cole wrote:
On 17 Aug 2015, at 9:26, Axb wrote:
On 17.08.2015 15:19, MailBlacklist.com Management wrote:
MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK
who
is providing many ISPs globally with free to use DNS Lookup services.
domain's Creation
On Mon, 17 Aug 2015, MailBlacklist.com Management wrote:
Spam Assassin & MailBlacklist.com Integration Testing Phase 1
We would like to welcome users of the Spam Assassin project to test our high
availability DNS-RBL / DNS-RWL within their
configurations.
[snip..]
For DNS-RBL
On 18/08/2015 06:32, sebast...@debianfan.de wrote:
> Where do you get your blacklist-data?
>
> Am 17.08.2015 um 14:38 schrieb MailBlacklist.com Management:
In fairness to them, that might be commercially sensitive, for instance
the service I part manage uses internally gathered over many yea
Am 17.08.2015 um 23:47 schrieb MailBlacklist.com Management:
Thank you for your feedback, Points 1-5 are being addressed and will be
very transparent within the next working week.
Once that information is available to public we will release an update
to this feed.
honestly my problem is start
Thank you for your feedback, Points 1-5 are being addressed and will be
very transparent within the next working week.
Once that information is available to public we will release an update to
this feed.
On Mon, Aug 17, 2015 at 10:03 PM, Bill Cole <
sausers-20150...@billmail.scconsult.com> wrote:
On 17 Aug 2015, at 9:26, Axb wrote:
On 17.08.2015 15:19, MailBlacklist.com Management wrote:
MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK
who
is providing many ISPs globally with free to use DNS Lookup services.
domain's Creation Date: 2015-08-04
under what name/bran
Where do you get your blacklist-data?
Am 17.08.2015 um 14:38 schrieb MailBlacklist.com Management:
Spam Assassin & MailBlacklist.com Integration Testing Phase 1
We would like to welcome users of the Spam Assassin project to test
our high availability DNS-RBL / DNS-RWL within t
Hello Dave,
Thank you for testing our RBL/RWL Service, The IP in question above was
listed 23 hours ago due to hitting a pristine spam trap source more than 10
times within the same day. The listings are time based and are removed once
the timeout period has exceeded or manual delisting with
>From: MailBlacklist.com Management
>Sent: Monday, August 17, 2015 7:38 AM
>To: users@spamassassin.apache.org
>Subject: MailBlacklist.com Integration Testing Phase
> Spam Assassin & MailBlacklist.com Integration Testing Phase 1
>We would like to welcome user
On 17.08.2015 15:19, MailBlacklist.com Management wrote:
MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK who
is providing many ISPs globally with free to use DNS Lookup services.
domain's Creation Date: 2015-08-04
under what name/brand have you been "providing many ISPs gl
MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK who
is providing many ISPs globally with free to use DNS Lookup services.
We are happy to answer any questions you my have. We will also seek
permission to disclose our Spam Feed Providers to give you a little bit
more informati
On 17.08.2015 14:38, MailBlacklist.com Management wrote:
We would like to welcome users of the Spam Assassin project to test our
high availability DNS-RBL / DNS-RWL within their configurations.
whois is "we"
Attached Txt File with Configuration for MailBlacklist.com
On Mon, Aug 17, 2015 at 1:38 PM, MailBlacklist.com Management <
managem...@mailblacklist.com> wrote:
> Spam Assassin & MailBlacklist.com Integration Testing Phase 1
>
> We would like to welcome users o
Spam Assassin & MailBlacklist.com Integration Testing Phase 1
We would like to welcome users of the Spam Assassin project to test our
high availability DNS-RBL / DNS-RWL within their configurations.
--- Configuration Below ---
ifplugin Mail::SpamAssassin::Plugin::DNS
You can try https://validator.messagesystems.com
It does require registration, but you get some pretty detailed information
back.
~
Matt Vernhout
@emailkarma
http://emailkarma.net
Please excuse any typos or short forms, sent from my iPhone
> On May 20, 2015, at 20:20, Philip Prindeville
> w
Philip Prindeville skrev den 2015-05-21 02:20:
Anyone know of a site that you can send an email to in order to test
your SPF and/or DKIM configuration?
https://dmarcian.com/
I’ve set it up but every once in a while I get back weird messages
about being blocked from certain sites and I’m wonde
On 5/20/2015 8:20 PM, Philip Prindeville wrote:
Anyone know of a site that you can send an email to in order to test your SPF
and/or DKIM configuration?
I’ve set it up but every once in a while I get back weird messages about being
blocked from certain sites and I’m wondering if something is w
Anyone know of a site that you can send an email to in order to test your SPF
and/or DKIM configuration?
I’ve set it up but every once in a while I get back weird messages about being
blocked from certain sites and I’m wondering if something is wrong at my end or
are they just misconfigured at
Kevin A. McGrail skrev den 2015-05-02 05:10:
Test of the list.
spf helo test
Test of the list.
Regards,
KAM
On 1/30/2015 6:25 PM, Marc Perkel wrote:
just checking. My email doesn't seem to be posting.
Appears to be on ASF's side of things. Lots of email coming through all
the sudden.
Regards,
KAM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
It is ;-)
>just checking. My email doesn't seem to be posting.
- --
CHUNKZ.NET - dodgy DIYer and computer technician
Bertrand Caplet, Flers (FR)
Feel free to send encrypted/signed messages
Key ID: FF395BD9
GPG FP: DE10 73FD 17EB 5544 A491 B385 1ED
just checking. My email doesn't seem to be posting.
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
On 11/15/2014 11:20 AM, Paul Stead wrote:
A few more examples:
WP_POMO - http://pastebin.com/ZeEEcPpN
LOC_POMO - http://pastebin.com/1zJmXnXD - not hitting very often
SUBJECT_REPEAT - http://pastebin.com/Q7ZHgFV8 http://pastebin.com/P1LBzGZ0
--
Paul Stead
Systems Engineer
Zen Internet
If some
A few more examples:
WP_POMO - http://pastebin.com/ZeEEcPpN
LOC_POMO - http://pastebin.com/1zJmXnXD - not hitting very often
SUBJECT_REPEAT - http://pastebin.com/Q7ZHgFV8 http://pastebin.com/P1LBzGZ0
--
Paul Stead
Systems Engineer
Zen Internet
On 13/11/14 17:07, Paul Stead wrote:
FROM_2_EMAILS - inspired by the Khopesh rule of the same name. Matches
when the from name contains an email address different to the from
address, such as:
From: "t...@example.com"
8<
header __PDS_FROM_2_EMAILS From =~
/^\W+([\w+.-]+\@[\w.-]+\.\
On 13/11/14 18:01, John Hardin wrote:
On Thu, 13 Nov 2014, Paul Stead wrote:
TO_EQ_FROM_NAME will match headers that look like the following:
From: "t...@example.com"
To: t...@example.com
I'll review that and add it to my sandbox with the other TO_EQ_FROM rules.
I've noticed my describe
On 13/11/14 18:01, John Hardin wrote:
There's already hacked-wordpress rules in testing. I'll compare to
existing and see if this is already covered, can be merged neatly, or
would be a variant subrule.
The testing sub-rule was mine - this is slightly adjusted. The rules in
s
Sending examples for testing:
http://pastebin.com/J0R1AYdw - SUBJECT_REPEAT
http://pastebin.com/v6BD4m2V - TO_EQ_FROM_NAME / FROM_2_EMAILS
http://pastebin.com/pbqUn9qw - FROM_2_EMAILS
Paul
On 13/11/14 17:55, Paul Stead wrote:
I was under the assumption that header matches only match the
On 11/13/2014 06:55 PM, Paul Stead wrote:
I was under the assumption that header matches only match the single line,
The subject repeat one:
Subject: Re: Hello
Re: Hello
Wouldn't the second line become the "Re:" header?
The same with the From:/To: headers - I'm comparing the two headers - is
1 - 100 of 313 matches
Mail list logo
