Christian,
when you reply to people, dont put their email address in the post.
please stop that.
again, if you would read the posts slowly and correctly, i was not attacking
you or your ideas.
see the word not there...
this is a discussion list, not a discrediting list.
in terms of negation,
On Mit, 2011-11-23 at 14:55 -0300, Christian Grunfeld wrote:
[]
Flaws ?
False positivesyes, ONLY the first time for each sender! just
answer your good mails and they´ll become ham next time. Mails not
answered (spam) remains as spam next and next and next !
1) That might look
On Fri, 25 Nov 2011 00:03:20 -0800, R - elists wrote:
when you reply to people, dont put their email address in the post.
maillists often not remove originating sender addr, if thay did how can
i get all that private emails orinating from maillists ?
On 11/23/2011 2:17 PM, Sergio wrote:
is there a place where I could have MCP rules for my server?
MCP = Message Content? As opposed to pathway analysis, etc.?
I want to block LOAN, EDUCATION DEGREES, JOB OFFERS, etc. and maybe
there is a place where to get them.
On Fri, 25 Nov 2011 08:57:45 -0500
Kevin A. McGrail wrote:
On 11/23/2011 2:17 PM, Sergio wrote:
is there a place where I could have MCP rules for my server?
MCP = Message Content? As opposed to pathway analysis, etc.?
MCP appears to be a MailScanner term
On 11/25/2011 12:23 AM, Alex wrote:
Some time ago we created the following rule on this list to identify
mail with less than 200 characters in the body:
uri __HAS_HTTP_URI m~^https?://~
rawbody __KB_RAWBODY_200/^.{0,200}$/s
metaLOC_SHORT (__HAS_HTTP_URI
Thank you Kevin!
@ RW,
you are right I use MailScanner and all my rules are created under the
MCP, it works really great and all the rules that I create are there, so I
don't mess with Spam Assassin rules.
Best Regards,
Sergio
On Fri, Nov 25, 2011 at 8:08 AM, RW
On 11/25/2011 11:06 AM, Kevin A. McGrail wrote:
On 11/25/2011 12:23 AM, Alex wrote:
Some time ago we created the following rule on this list to identify
mail with less than 200 characters in the body:
uri __HAS_HTTP_URI m~^https?://~
rawbody __KB_RAWBODY_200/^.{0,200}$/s
I have the following rule where I wrote all the HELO spammers that SA
didn't caught, I insert the new HELO everytime that I found one. My concern
is, is too much for just one rule or the rule can grow without limit?
header CHARLY_RULE1ALL =~
On Fri, 2011-11-25 at 11:49 -0600, Sergio wrote:
I have the following rule where I wrote all the HELO spammers that SA
didn't caught, I insert the new HELO everytime that I found one. My concern
is, is too much for just one rule or the rule can grow without limit?
When I asked this question a
Thank you Martin,
I will give it a try to your pormanteu, appreciated for sharing it.
Regards,
Sergio
On Fri, Nov 25, 2011 at 12:13 PM, Martin Gregorie mar...@gregorie.orgwrote:
On Fri, 2011-11-25 at 11:49 -0600, Sergio wrote:
I have the following rule where I wrote all the HELO spammers
On Fri, 25 Nov 2011, Kevin A. McGrail wrote:
On 11/25/2011 11:06 AM, Kevin A. McGrail wrote:
On 11/25/2011 12:23 AM, Alex wrote:
Some time ago we created the following rule on this list to identify
mail with less than 200 characters in the body:
rawbody __KB_RAWBODY_200
On 2011-11-25 18:49, Sergio wrote:
I have the following rule where I wrote all the HELO spammers that SA
didn't caught, I insert the new HELO everytime that I found one. My concern
is, is too much for just one rule or the rule can grow without limit?
header CHARLY_RULE1ALL =~
On Fri, 25 Nov 2011 18:13:32 +, Martin Gregorie wrote:
http://www.libelle-systems.com/free/portmanteau/portmanteau.tgz
I was thinking of using a server plus plugin to do this but was
convinced that this 'portmanteau rule' approach was better: it
certainly
works well for me.
thanks for
On Fri, 2011-11-25 at 11:49 -0500, Kevin A. McGrail wrote:
On 11/25/2011 12:23 AM, Alex wrote:
Some time ago we created the following rule on this list to identify
mail with less than 200 characters in the body:
rawbody __KB_RAWBODY_200/^.{0,200}$/s
I'm finding that it's
On Fri, 25 Nov 2011, Karsten Bräckelmann wrote:
rawbody __KB_MIMEPART_200 /^.{2,200}$/s
And my suggested alternative should probably be adjusted in the same
manner.
Any comment on what I suggested (the 1 LE + 0 GT approach)?
--
John Hardin KA7OHZ
Hi,
I'm looking at try to write some rules to detect these. Specifically,
I'd like to target btinternet.com accounts (one of the largest UK
telecom companies) who have recently outsourced their email to Yahoo.
An example (spam) crossed my path today that only hit bayes_99. Looking
at the
@Axb,
just curious.. what are you trying to achieve by running these domains
through ALL headers?
catch senders? received headers?
there headers that comes with the following:
Received: from [66.85.187.123] *(helo=vpn123.layeredvpnzervices.com)*
by izabal.espacioydominio.com with esmtp
And my suggested alternative should probably be adjusted in the same
manner.
Any comment on what I suggested (the 1 LE + 0 GT approach)?
Yup, it needs the same adjustment as I just explained, a minimum of at
least 2 chars.
On Fri, 2011-11-25 at 10:52 -0800, John Hardin wrote:
rawbody
On 2011-11-25 21:36, Sergio wrote:
@Axb,
just curious.. what are you trying to achieve by running these domains
through ALL headers?
catch senders? received headers?
there headers that comes with the following:
Received: from [66.85.187.123] *(helo=vpn123.layeredvpnzervices.com)*
by
Just to mention two examples, well, the point is that in a lot of spam
emails the HELO is the same for a lot of different email addresses, so, I
am trying to block that.
Is there a better way than checking all the header?
@ Christian Grunfeld
a blacklist lookup table can achieve the
On Fri, 2011-11-25 at 20:42 +0100, Karsten Bräckelmann wrote:
On Fri, 2011-11-25 at 11:49 -0500, Kevin A. McGrail wrote:
It was a brilliantly simple idea but this concept won't work if I am
looking at things correctly. The loop for the pattern test appears to
test line by line. So if a
@ Axb,
look at it this way.. the less a rule has to do the faster it is and less
prone to error/FPs
If you check ALL headers, SA will go thru long DKIM headers for a pattern
which will not show up in DKIM header, it will look in X headers, From,
To, etc,etc.. big waste of time and CPU cycles
On Fri, 2011-11-25 at 20:27 +, Ned Slider wrote:
header__L_BT_YAHOO_WEBMAIL01 Received =~ /from
\[86\.1[2-9][0-9]\.\d{1,3}\.\d{1,3}] by
web\d{4,6}\.mail\.\w{3}\.yahoo\.com via HTTP/i
but it would be far easier if I could somehow do a rDNS lookup on the
IP, see if it
24 matches
Mail list logo
