After turning on TxRep I get these lines in my /var/log/spamd.log file.
Wed Mar 16 08:21:55 2016 [16629] warn: Use of uninitialized value
$msgscore in addition (+) at /etc/spamassassin/TxRep.pm line 1414.
Wed Mar 16 08:21:55 2016 [16629] warn: Use of uninitialized value
$msgscore in subtraction
I've enabled outgoing white listing using the TxRep plugin is there a
way to find out if outbound emails are actually being white listed? A
log somewhere... a file being updated?
--
Phil
So lately I'm getting LOTS of emails coming directly though the filters
so most likely time to investigate how to create one.
The subject is always 'hey'
Subject: hey
Date: Mon, 29 Jan 2018 09:07:40 +0300
From: Darya Message-ID: <8f35b00fb4e07d18ce82448ec9747...@112it4u.ro>
X-Mailer: PHPMailer
How do you load custom rules... is it as simple as dropping the .cf file
in the spamassassin directory and restart?
I'm looking at these: https://wiki.apache.org/spamassassin/CustomRulesets
Phil
Hi there,
Providers like Linode assign a single IPv6 address from a /64. I had to
request my own block of /64 to use on my server as my IP neighbors were
always getting the /64 blocked... since I've had my own I've been all
good. Before this my IPv6 IP was getting blocked daily because of
so
I've added TxRep to spamassassin and set in my local.cf. Following the
instructions:
http://truxoft.com/resources/txrep.htm
# TXTREP
use_txrep 1
Is there a way to test that it's actually working?
Phil
Morning List,
Lately I'm getting a bunch of emails that are showing up with two email
addresses in the From: field.
From: "Persons Name "
When you look in your mail client (Outlook, Thunderbird) it's showing
only "Persons Name "
Is there a way I can mark From: that has 2 email addresses i
How do I white list this mailing list for some reason all the messages
are now going to spam.
ldct.sendgrid.net
>
> Inside your loca.cf
>
> And while you are at it also add:
>
> util_rb_2tldpage.link
>
> Bye, Raymond
Hmmm… not my experience.
I’ve been calling out phishing from the same (IP) address for 10 days without
any apparent (observable) action from Sendgrid.
At this point I’m wondering if they have compromised relays.
-Philip
I just add an extra 5.0 points for coming from Sendgrid now so it goes straight
to the Junk folder.
Users can pull it out of there if they really want it.
Sendgrid is becoming to ASP’s what OVH and Softlayer are to ISP's.
> On Jun 27, 2020, at 3:56 AM, Niels Kobschätzki wrote:
>
> Sendgrid i
> On Aug 21, 2020, at 1:28 PM, Rob McEwen wrote:
>
> ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for
> Sendgrid-spams!
>
> ...a collection of a new TYPE of DNSBL, with the FIRST of these having a
> focus on Sendgrid-sent spams. AND - there is a FREE version of this
Is anyone else using this database?
I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to block
countries since Maxmind retired support for GeoIP on RHEL.
But I keep running into cases where parts of the database are very obviously
wrong. It’s showing about 50% of 183.128.0
> On Nov 15, 2020, at 11:48 AM, Dominic Raferd wrote:
>
>
>
> On Sun, 15 Nov 2020, 18:27 Philip Prindeville,
> wrote:
> Is anyone else using this database?
>
> I’ve been using it with xt_geoip and Mimedefang and Plugin::URILocalBL to
> block countries sin
Free Speech doesn’t require anyone to pay for your soap box or megaphone.
But Spam is exactly that: having other people subsidize your speech through the
theft of services.
> On Nov 19, 2020, at 2:25 PM, Kevin A. McGrail wrote:
>
> Afternoon Everyone,
>
> So over the years, I have gotten a
Actually, the notion is much older than that… 12th or 13th century I believe.
Students of universities (like Oxford or Sorbonne or Geneve) would get
together, interview professors, and pay them directly.
There was no “administration”. The professors marketed their knowledge and
insight directl
azor/razor-agent.conf
Which contains one line:
logfile none
Anyone else seeing a similar issue or know a fix?
Thanks,
-Philip
Asked and answered:
http://forum.centos-webpanel.com/index.php?topic=5505.0
Need to open outgoing port 2703 (TCP) for the mail server.
> On Aug 14, 2021, at 12:37 PM, Philip Prindeville
> wrote:
>
> Hi all,
>
> A few days ago, I started seeing this in my /var/log/maillog:
_LOWER_E ==> got
hit: "e"
Should this be capped to a maximum number of matches the way __HIGHBITS is?
And I'm not sure I want messages that haven't been fully scanned being
delivered. Should I crank TIME_LIMIT_EXCEEDED to 20.0?
Thanks,
-Philip
ech conveyed to me decades ago: "Problem's leaving
> here fine!"
>
> Google should practice what they preach: SANITIZE USER INPUT. Instead, their
> careless attitude presents a security threat to us all.
>
> -- Jared Hall
>
What... you mean "do no evil" is just lip-service? I'm so... so...
disillusioned!
-Philip
> On Nov 12, 2021, at 8:49 PM, John Hardin wrote:
>
> On Fri, 12 Nov 2021, Philip Prindeville wrote:
>
>> I got the message, saved it to a flat file, and ran "spamassassin -t -D
>> rules < netdev.eml" and saw:
>>
>> ...
>>
Nov 15 16:16:00.876 [54834] dbg: async: timing: 385.726 X NS:http.sh
...
Why would resolving http.sh take this long? And can we bring down the timeout?
Hard to imagine DNS requests taking more than a couple of seconds.
-Philip
> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote:
>
>
> Philip Prindeville writes:
>
>> Ah, the rule _eval_tests_type11_pri0_set1() took 4:20.
>>
>> Why can't I even find the rule?
>
> That looks very familiar. I was having timeouts, and saw
Replies... some duplication of conversation on "mimedefang".
> On Nov 15, 2021, at 10:34 PM, Bill Cole
> wrote:
>
> On 2021-11-15 at 18:08:20 UTC-0500 (Mon, 15 Nov 2021 16:08:20 -0700)
> Philip Prindeville
> is rumored to have said:
>
>>> On Nov
> On Nov 15, 2021, at 11:12 PM, Henrik K wrote:
>
> On Mon, Nov 15, 2021 at 04:25:55PM -0700, Philip Prindeville wrote:
>>
>>
>>> On Nov 12, 2021, at 10:35 PM, Henrik K wrote:
>>>
>>> On Fri, Nov 12, 2021 at 07:49:00PM -0800, John Hardin wr
> On Nov 16, 2021, at 3:30 AM, Martin Gregorie wrote:
>
> On Mon, 2021-11-15 at 17:12 -0700, Philip Prindeville wrote:
>>
>>
>>> On Nov 15, 2021, at 5:06 PM, Greg Troxel wrote:
>>>
>>>
>>> Philip Prindeville writes:
>&g
e SPF records... So how is
this score arrived at?
And of Ham, how much of it has a valid SPF?
And of Spam, how much of it lacks a valid SPF?
Has anyone run some numbers?
Thanks,
-Philip
HTML-Entity naming, which is also ASCII-friendly,
i.e. é instead of Latin1 é etc. or raw 8bit characters.
-Philip
> On Nov 30, 2021, at 1:10 PM, Matija Nalis wrote:
>
> On Tue, Nov 30, 2021 at 12:03:15PM -0700, Philip Prindeville wrote:
>>> On Nov 17, 2021, at 9:50 AM, Bill Cole
>>> wrote:
>>> SpamAssassin rules are not laws in any sense. They do not prescribe or
&
> On Nov 16, 2021, at 8:03 PM, Henrik K wrote:
>
> On Tue, Nov 16, 2021 at 01:08:16PM -0700, Philip Prindeville wrote:
>>
>> Or http.sh points to an NS that's offline...
>
> Your resolver shoukd time out _way_ sooner than some minutes.
>
>> Can the
*none* of the headers are standard ones, so that
won't work... I really need to examine the headers one-by-one.
Thanks,
-Philip
> On May 10, 2022, at 4:58 PM, Kevin A. McGrail wrote:
>
> On 5/10/2022 6:10 PM, Philip Prindeville wrote:
>> Anyone have a rule to detect the following nonsense headers seen in this
>> message I got?
>
> Interesting. Those look more like something that Bayesian l
> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote:
>
> On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
>>
>> You're correct that they're different in every message received.
>>
> So write a rule that fires on any header name that *
> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote:
>
> On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
>>
>> You're correct that they're different in every message received.
>>
> So write a rule that fires on any header name that *
> On May 11, 2022, at 1:44 AM, Henrik K wrote:
>
> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>> See my original message.
>>
>> I can't think of a single way to match each header, and then test for any of
>> them not matchin
> On May 11, 2022, at 1:53 AM, Henrik K wrote:
>
> On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
>> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
>>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>>>> See my
> On May 11, 2022, at 9:24 AM, John Hardin wrote:
>
> On Tue, 10 May 2022, Philip Prindeville wrote:
>
>> Anyone have a rule to detect the following nonsense headers seen in this
>> message I got?
>>
>> Return-Path:
>> Received: from cp24
> On May 11, 2022, at 1:53 AM, Henrik K wrote:
>
> On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
>> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
>>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>>>> See my
otherwise.
Insights?
Thanks,
-Philip
Oh, and this is on Fedora, so I'm running 3.4.6...
> On Apr 24, 2023, at 2:32 PM, Philip Prindeville
> wrote:
>
> Hi,
>
> I have the following line:
>
> whitelist_from_rcvd *@ceipalmm.com mailgun.net
>
> And tried it on a message that had:
>
> On Apr 25, 2023, at 6:28 AM, Bill Cole
> wrote:
>
> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0600)
> Philip Prindeville
> is rumored to have said:
>
>> I thought the matching included subdomains, and seem to remember that
>> working
> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote:
>
>
>
> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>> On Apr 25, 2023, at 6:28 AM, Bill Cole
>>> wrote:
>>>
>>> On 2023-04-24 at 16:32:55 UTC-0400 (Mon, 24 Apr 2023 14:32:55 -0
> On Apr 28, 2023, at 12:17 PM, Philip Prindeville
> wrote:
>
>
>
>> On Apr 28, 2023, at 10:24 AM, Reindl Harald wrote:
>>
>>
>>
>> Am 28.04.23 um 18:11 schrieb Philip Prindeville:
>>>> On Apr 25, 2023, at 6:28 AM, Bill Cole
&
> On May 1, 2023, at 3:48 AM, Reindl Harald wrote:
>
>
>
> Am 30.04.23 um 20:54 schrieb Philip Prindeville:
>>> On Apr 28, 2023, at 12:17 PM, Philip Prindeville
>>> wrote:
>>>
>>>
>>>
>>>> On Apr 28, 2023, at 10:
Is there a way to add scoring that says, "If the sending domain has DKIM
records, but there's no DKIM signature on this message, then attach a high
score to it?"
We seem to attach negative scores when DKIM is present and valid, but what
about the opposite direction?
If it's absent, but it shou
> On May 2, 2023, at 9:37 AM, Thomas Johnson wrote:
>
>
>> On May 2, 2023, at 8:27 AM, Philip Prindeville
>> wrote:
>>
>> Is there a way to add scoring that says, "If the sending domain has DKIM
>> records, but there's no DKIM signature
We're being blacklisted by att.net with the following message:
(reason: 550 5.7.1 Connections not accepted from servers without a valid
sender domain.flph840 Fix reverse DNS for 24.116.100.90)
I don't know what the hell is up with these pinheads:
philipp@ubuntu22:~$ dig -tmx redfish-solution
ce of “FWS” preceding the first
instance of “utext” in “unstructured”?
-Philip
signature.asc
Description: Message signed with OpenPGP using GPGMail
ceding the first
instance of “utext” in “unstructured”?
-Philip
On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail wrote:
> On 12/29/2015 3:38 PM, Philip Prindeville wrote:
>> Is there a reason that headers are left with leading spaces?
>>
>> I’ve noticed that I have to write rules as:
>>
>> Subject =~ /^ Great [Jj]ob [Oo]
On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail wrote:
> On 12/29/2015 3:46 PM, Philip Prindeville wrote:
>> On Dec 29, 2015, at 1:42 PM, Kevin A. McGrail wrote:
>>
>>> On 12/29/2015 3:38 PM, Philip Prindeville wrote:
>>>> Is there a reason that
On Dec 29, 2015, at 2:39 PM, Kevin A. McGrail wrote:
> On 12/29/2015 4:29 PM, Philip Prindeville wrote:
>> On Dec 29, 2015, at 2:14 PM, Kevin A. McGrail wrote:
>>
>>> On 12/29/2015 3:46 PM, Philip Prindeville wrote:
>>>> On Dec 29, 2015, at 1:42 PM, Kevin
On Dec 29, 2015, at 3:15 PM, Kevin A. McGrail wrote:
> On 12/29/2015 5:12 PM, Philip Prindeville wrote:
>> I did recall that I used the patch here:
>>
>> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6360#c4
>>
>> to be able to debug my rules, using a ru
stderr: Use of uninitialized value $2 in concatenation (.) or string at
/usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/URIDNSBL.pm line 1042.
I’m seeing these right after upgrading from Fedora 23 (EOL) to Fedora 24 so
evidently a bunch of files got updated…
-Philip
> On Feb 2, 2017, at 5:06 PM, Reindl Harald wrote:
>
>
>
> Am 02.02.2017 um 23:41 schrieb Martin Gregorie:
>> On Thu, 2017-02-02 at 15:23 -0700, Philip Prindeville wrote:
>>> Anyone else seeing this?
>>>
>> Yes - in Fedora 25
>
>
so I can dedicated time to the process.
>
> Regards,
> KAM
Good to hear.
While we’re waiting for that, can I just grab Util.pm and Plugin/URIDNSBL.pm
out of trunk, or are there more dependencies than that to splice the fix back
into 3.4.1?
Thanks,
-Philip
Having been through the process of authoring 2 RFC’s, perhaps I can shed some
light on the process for you.
All proposed standards started life as draft RFC’s (this was before the days of
IDEA’s but after the days of IEN’s).
If it were validated by the working group and passed up to the IAB and
What an incredible waste of time:
https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19
I actually think I might be dialoging with a highly argumentative variant of
Eliza.
In which case, it’s passed the Turing Test.
> On Feb 12, 2017, at 4:53 PM, Philip Prindeville
> wrote:
>
> What an incredible waste of time:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=417942#c19
>
> I actually think I might be dialoging with a highly argumentative variant of
> Eliza.
>
> In w
themselves—and sometimes not even those correctly, since I’ll see
Spam addresses to Message-Id: values, References: values, etc.
Thanks,
-Philip
, conversely, they could simply not put any full name field in at all
and just use the raw email address…
It’s like someone made the conscious decision to choose the worst of both
worlds…
> On Jul 13, 2017, at 11:49 AM, Philip Prindeville
> wrote:
>
> I’m getting more and m
On 10/29/10 9:18 AM, Michael Scheidell wrote:
On 10/29/10 12:11 PM, Mark Martinec wrote:
Sure, go ahead, can't hurt. The patch is now in the SA trunk.
Is it worth opening a ticket and putting it into the 3.3 branch too?
Mark
looks like Freebsd ports has an older version, so it should be ok.
On 11/2/10 7:35 PM, Mark Martinec wrote:
One suggestion: currently it is not possible to store 0 and 1
as a data item associated with each net, because a 0 is treated
the same as undef and replaced by the key.
And the AF_NET6 argument to new() needs to be documented in a POD.
Thanks for your e
On 11/7/10 9:19 PM, Philip Prindeville wrote:
Try the following patch. If it works for you, I'll rerelease as 1.19:
Actually, I released it as Net-Patricia-1.18_01
https://rt.cpan.org/Public/Bug/Display.html?id=32362
and represents a defect in Socket6. The work-around is to include Socket
before Socket6.
-Philip
On 11/8/10 5:58 PM, Mark Martinec wrote:
Philip,
Thanks for your off-list reply. Unfortunately I cannot
reply, as your mailer is refusing connections:
$ host -t mx redfish-solutions.com
redfish-solutions.com mail is handled by 10 mail.redfish-solutions.com.
$ telnet -s mail4.ijs.si
14:22:21 PST
if (/ via HTTP$/&&/^\[(${IP_ADDRESS})\] by (\S+) via HTTP$/) {
$ip = $1; $by = $2; goto enough;
}
(I note that HTTP$ seldom matches, by the way, since all of my examples have "via
HTTP;" instead.)
Is it worth having an explicit rule for this?
Thanks,
-Philip
On 11/10/10 11:39 AM, John Williams wrote:
No on my server I have a hard requirement to run SELinux. I cannot turn that
off. I find that when i enable SA with SELinux turned on, my CPU rate sky
rockets eventually forcing my system to stop responding. I've seen this thread
several times through
rsue legal recourse if we need to).
I figured out that:
ird.yahoo.com = Ireland
tp2.yahoo.com = Taipei
sp2.yahoo.com = Spain
Anyone know what the entirety of domains are for Yahoo?
Thanks,
-Philip
act by adding an
excursion detection system, that watches for bursty outbound traffic patterns,
like a sudden spike in outbound SMTP or HTTP connections to a wide spread of
addresses.
-Philip
It's been released for F13 and F14. And of course, it's upstream on CPAN.
It's the promotion of the development version 1.18_81 to production.
Aruba.it so poorly reputed?
g
I can't speak for their reputation, but when an entire ISP's CIDR blocks get
blacklisted (like we did with iWeb.ca) it's usually because they aren't very
responsive in dealing with issues when they occur and not proactive about
trying to prevent them.
-Philip
convert the '@' to a '.' as is the format still used in SOA
records.
Not just SOA records, but the MB records were supposed to use this as well.
They just never caught on.
-Philip
f=... And port 587 forces a
different rule than 25 does.
This can't be forged.
-Philip
On 2/7/11 1:28 AM, Matus UHLAR - fantomas wrote:
On Tue, 1 Feb 2011 09:49:36 -0500
Michael Scheidell wrote:
because HELO doesn't match RDNS.
On 01.02.11 09:54, David F. Skoll wrote:
Rejecting on that basis would also cause tons of false-positives.
It's also violation of all SMTP RFCs (forme
'm not familiar with perl-String-Approx... reading up on it, it uses the
Levenshtein distances just like agrep does... so it would be ideal for doing
approximate matches.
http://search.cpan.org/~jhi/String-Approx-3.26/Approx.pm
-Philip
t pure ham messages, but I've checked a
message that got a score of 10.7 and there are no headers in it.
What am I misunderstanding or what have I overlooked?
Thanks.
Philip
Thanks, Karsten, for your explanation. That makes sense and I'll have to
see whether the lack of headers is going to cause problems going forwards
or if looking in syslog will suffice.
Regards
Philip
On 26 September 2013 16:33, Karsten Bräckelmann wrote:
> On Thu, 2013-09-26 at 14:
I'm trying to write a rule that gives some spamminess score to messages
received from any host that resolves to protection.outlook.com.
I tried to use _REMOTEHOSTNAME_ to do this, but I think I got the header syntax
wrong.
Can someone set me straight?
Thanks,
-Philip
On Oct 19, 2013, at 5:28 PM, Karsten Bräckelmann wrote:
> On Fri, 2013-10-18 at 18:34 -0600, Philip Prindeville wrote:
>> I'm trying to write a rule that gives some spamminess score to messages
>> received from any host that resolves to protection.outlook.com.
&
there an easy way to do a domain lookup on the host portion of the URL and
then filter it if it’s in this subnet?
Thanks,
-Philip
On Jun 6, 2014, at 3:50 PM, Axb wrote:
> If you have to post a spam sample, pls use pastebin and post the full msg
>
Here’s a prototype:
http://ur1.ca/hgxkx
database without network access, it
could happen synchronously…
Thanks,
-Philip
On Jun 6, 2014, at 3:50 PM, Axb wrote:
> If you have to post a spam sample, pls use pastebin and post the full msg
>
> On 06/06/2014 11:32 PM, Philip Prindeville wrote:
>> We’re getting a lot of spam that contains URL’s which look like (remove the
>> ):
>>
On Jun 9, 2014, at 3:10 PM, Axb wrote:
> On 06/09/2014 11:03 PM, Philip Prindeville wrote:
>>
>> On Jun 6, 2014, at 3:50 PM, Axb wrote:
>>
>>> If you have to post a spam sample, pls use pastebin and post the full msg
>>>
>>> On 06/06/201
On Jun 9, 2014, at 3:36 PM, John Hardin wrote:
> On Mon, 9 Jun 2014, Axb wrote:
>
>> On 06/09/2014 10:46 PM, Philip Prindeville wrote:
>>> I’d like to add a plugin (and eventually share it once the bugs are
>>> out) that uses either Net::CIDR::Lite to allo
On Jun 9, 2014, at 4:25 PM, John Hardin wrote:
> On Mon, 9 Jun 2014, Philip Prindeville wrote:
>
>>>>>> We’re getting a lot of spam that contains URL’s which look like (remove
>>>>>> the ):
>>>>>>
>>&g
On Jun 9, 2014, at 4:27 PM, John Hardin wrote:
> On Mon, 9 Jun 2014, Philip Prindeville wrote:
>
>>
>> On Jun 9, 2014, at 3:36 PM, John Hardin wrote:
>>
>>> On Mon, 9 Jun 2014, Axb wrote:
>>>
>>>> On 06/09/2014 10:46 PM, Philip
On Jun 11, 2014, at 2:27 PM, Philip Prindeville
wrote:
> Okay, might have a module ready to test.
Here’s what I came up with.
I should probably add uri_block_isp as well, but this is more problematic.
It requires a licensed database which the user may or may not have, so I have
to det
I’ve been seeing spam with such as:
and the style=“VISIBILITY: hidden” is also dubious (why would normal mail have
hidden text???).
Anyone have rules to catch these they could point me at? Or any empirical
evidence about how successful they’ve been with such?
Thanks,
-Philip
I was surprised that my SPAM filters didn’t find this.
Not sure what code page it’s using… whatever 0x04xx is in… what? Is this UTF-8?
There’s no explicit charset given.
Also, I noticed that a lot of these types of SPAMs have ‘b’ replaced by
cyrillic soft sound, i.e. the word “about” is writte
individual mime part.
It doesn’t do me any good if there’s one text/plain section that is 7bit,
followed by another text/html section that’s “base64” which fires the
BODY_8BITS rule too.
On Jun 25, 2014, at 2:21 PM, Philip Prindeville
wrote:
> I was surprised that my SPAM filters didn’t find t
On Jun 25, 2014, at 3:09 AM, Axb wrote:
> On 06/25/2014 03:07 AM, Philip Prindeville wrote:
>
>> Anyone have rules to catch these they could point me at? Or any empirical
>> evidence about how successful they’ve been with such?
>
> Wouldn't use this for a rule
On Jun 25, 2014, at 2:58 PM, Axb wrote:
> On 06/25/2014 10:21 PM, Philip Prindeville wrote:
>
>> http://pastebin.com/qLyKx40b
>
> "This paste has been removed!" :(
I’ve temporarily posted it on ftp://ftp.redfish-solutions.com/pub/harp.eml
>
>&g
On Jun 25, 2014, at 3:00 PM, Axb wrote:
> On 06/25/2014 10:37 PM, Philip Prindeville wrote:
>>
>> On Jun 25, 2014, at 3:09 AM, Axb wrote:
>>
>>> On 06/25/2014 03:07 AM, Philip Prindeville wrote:
>>>
>>>> Anyone have rules to ca
On Jun 25, 2014, at 5:29 PM, RW wrote:
> On Wed, 25 Jun 2014 14:21:33 -0600
> Philip Prindeville wrote:
>
>
>> Here’s the other thing I don’t get.
>>
>> The message claims to be 7-bit and text/plain, yet it uses encoded
>> characters which exceed 7-bi
On Jun 25, 2014, at 3:47 PM, John Hardin wrote:
> On Wed, 25 Jun 2014, Philip Prindeville wrote:
>
>> Including 6 distinct UUID’s would seem to be useful. Including the same
>> UUID 6 times seems broken.
>>
>> Perhaps a pattern like:
>>
>> body /((
On Jun 26, 2014, at 7:02 PM, Philip Prindeville
wrote:
>
> On Jun 25, 2014, at 5:29 PM, RW wrote:
>
>> On Wed, 25 Jun 2014 14:21:33 -0600
>> Philip Prindeville wrote:
>>
>>
>>> Here’s the other thing I don’t get.
>>>
>>> The me
On Jun 26, 2014, at 7:31 PM, John Hardin wrote:
> On Thu, 26 Jun 2014, Philip Prindeville wrote:
>
>> On Jun 25, 2014, at 3:47 PM, John Hardin wrote:
>>
>>> That still doesn't hit *only* the same GUID repeated. Try this:
>>>
>>> rawbody L_RE
On Jun 27, 2014, at 7:30 AM, RW wrote:
>
> As I mentioned before, the real violation is in the previous mime
> section, which claims 7bit, but contains octets with the high-bit set.
Yup. Just submitted a patch for this:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7063
multi.uribl.com. A 2
body L_URIBL_BLACK eval:check_uridnsbl('L_URIBL_BLACK')
describe L_URIBL_BLACK Contains a URL listed in the URIBL blacklist
tflags L_URIBL_BLACK net
score L_URIBL_BLACK4.95
But like I said, the canned rules should already include URIBL_BLACK.
-Philip
1 - 100 of 395 matches
Mail list logo
