On 05/26/2010 05:29 PM, Karsten Bräckelmann wrote:
Also, these Hotmail injected footers always use long-ish URIs with a
path, no? In that case, a meta with __URI_NO_PATH could help. Something
like this.
uri __URI_NO_PATH m~^https?://[^/]+/?$~
That's possibly a good idea. I was thinking
> > I see quite a few of these from hotmail orginating from China.
> X-Originating-IP: [123.161.74.4]
>
> is listed in Spamhaus (SPL) and I deep parse headers so I got a hit on this.
Unlike PBL and XBL, Spamhaus SBL is safe for deep-parsing. Which SA does
for this part (only) of ZEN.
> Unfortun
On 05/26/2010 09:33 PM, Lennart Johansson wrote:
My first post, please don't kill me for doing some things wrong.
I see quite a few of these from hotmail orginating from China.
http://pastebin.com/q308E7ZG
SA score:
Score Matching Rule Descriptioncached not
result=0.002
