Re: repeating tflags difrective
On 2/5/2018 11:48 AM, Benny Pedersen wrote: Kevin A. McGrail skrev den 2018-02-05 10:46: tflags TEST_RULE nice Then in a later file you decide to add: tflags TEST_RULE net tflags TEST_RULE config=inherit net could be usefull :=) tflags TEST_RULE config=override net that way we have a choice to use defaults still Elegant idea but such an edge case the work isn't justified in my opinion. Regards, KAM
Re: repeating tflags difrective
Kevin A. McGrail skrev den 2018-02-05 10:46: tflags TEST_RULE nice Then in a later file you decide to add: tflags TEST_RULE net tflags TEST_RULE config=inherit net could be usefull :=) tflags TEST_RULE config=override net that way we have a choice to use defaults still
Re: repeating tflags difrective
On 2/5/2018 4:07 AM, Matus UHLAR - fantomas wrote: then I repeatedly use the "tflags" directive in official rules and locally: So I think you are saying you have a rule in one file, for example, a default cf file with this line: tflags TEST_RULE nice Then in a later file you decide to add: tflags TEST_RULE net The outcome I expect is that whichever config file is parsed later overrides all the flags because the value for that setting is just overwritten just like score. Looking at the code their is nothing special that would do otherwise Regards, KAM
repeating tflags difrective
Hello, then I repeatedly use the "tflags" directive in official rules and locally: Does second appearance of "tflags" override the old value or just adds new flags? in other words: Do I have to repeat all flags in tflags directive, or is it enough to add new flag? there are rules with high negative score that I don't want to trigger autolearn. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. A day without sunshine is like, night.
tflags repeated
Hello, when "tflags" is repeated (e.g. in local.cf and /var/lib/spamassassin), are all flags set or does the next appearance clear flags set formerly? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. A day without sunshine is like, night.
Re: tflags
On 3 Aug 2017, at 11:21, John Hardin wrote: On Thu, 3 Aug 2017, John Schmerold wrote: I don't understand the purpose of tflags. Where is this parameter explained? man Mail::SpamAssassin::Conf That will USUALLY work on most Unix-like systems that have SA installed, but sometimes will not or will bring up a stale document. You can also use: perldoc Mail::SpamAssassin::Conf Which has the advantage of using the version of perl in your $PATH (hopefully the same one your SA installation is using) and extracting the documentation directly from the currently installed module instead of looking for a pre-rendered man page.
Re: tflags
On Thu, 3 Aug 2017, Kris Deugau wrote: Ian Zimmerman wrote: On 2017-08-03 10:38, sha...@shanew.net wrote: The most common ones that I make use of are "multiple" and "maxhits" in order to allow a rule to be scored for each time it hits, but to stop counting after some threshold. I also use the "net" tflag so that RBL checks only run when a net-based ruleset is loaded. Where is the concept of "ruleset" in general documented, and in particular what makes it "net-based"? Not in Mail::SpamAssassin::Conf. "Ruleset" is a somewhat fuzzy term that depends on context - it could refer to a single rule, a cluster of rules in a single file, a group of files, or "all active rules files". It's not a formal definition within SpamAssassin. In this case it's referring to one rule - tflags are only set on a per-rule basis. Any net-based rule is one that relies on a working Internet connection to do a data lookup - most commonly DNS lookups, but rules for eg Vipul's Razor (RAZOR_* rules), DCC, or Pyzor are also considered net rules since they do a lookup against a network service somewhere. More to the point, if you look at the "spamd" documentation for the "-L" flag you'll see: -L, --local Perform only local tests on all mail. In other words, skip DNS and other network tests. Works the same as the "-L" flag to spamassassin(1). So all "net-based" rules (as indicated by intrinsic coding or the tflags 'net') get ignored when running in --local mode. -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{
Re: tflags
Apologies, I should have used the phrase "score set" rather than ruleset. The "score" section of Mail::SpamAssassin::Conf talks about it briefly, as does the this wiki page: https://wiki.apache.org/spamassassin/WritingRules On Thu, 3 Aug 2017, Ian Zimmerman wrote: On 2017-08-03 10:38, sha...@shanew.net wrote: The most common ones that I make use of are "multiple" and "maxhits" in order to allow a rule to be scored for each time it hits, but to stop counting after some threshold. I also use the "net" tflag so that RBL checks only run when a net-based ruleset is loaded. Where is the concept of "ruleset" in general documented, and in particular what makes it "net-based"? Not in Mail::SpamAssassin::Conf. -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT CompSci =--+--- All syllogisms contain three lines | sha...@shanew.net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: tflags
Ian Zimmerman wrote: On 2017-08-03 10:38, sha...@shanew.net wrote: The most common ones that I make use of are "multiple" and "maxhits" in order to allow a rule to be scored for each time it hits, but to stop counting after some threshold. I also use the "net" tflag so that RBL checks only run when a net-based ruleset is loaded. Where is the concept of "ruleset" in general documented, and in particular what makes it "net-based"? Not in Mail::SpamAssassin::Conf. "Ruleset" is a somewhat fuzzy term that depends on context - it could refer to a single rule, a cluster of rules in a single file, a group of files, or "all active rules files". It's not a formal definition within SpamAssassin. In this case it's referring to one rule - tflags are only set on a per-rule basis. Any net-based rule is one that relies on a working Internet connection to do a data lookup - most commonly DNS lookups, but rules for eg Vipul's Razor (RAZOR_* rules), DCC, or Pyzor are also considered net rules since they do a lookup against a network service somewhere. -kgd
Re: tflags
On 2017-08-03 10:38, sha...@shanew.net wrote: > The most common ones that I make use of are "multiple" and "maxhits" > in order to allow a rule to be scored for each time it hits, but to > stop counting after some threshold. I also use the "net" tflag so > that RBL checks only run when a net-based ruleset is loaded. Where is the concept of "ruleset" in general documented, and in particular what makes it "net-based"? Not in Mail::SpamAssassin::Conf. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. Do obvious transformation on domain to reply privately _only_ on Usenet.
Re: tflags
The Mail::SpamAssassin::Conf man page includes a section on tflags and their various functions, but generally speaking tflags allow you to alter the way in which a rule is processed. The most common ones that I make use of are "multiple" and "maxhits" in order to allow a rule to be scored for each time it hits, but to stop counting after some threshold. I also use the "net" tflag so that RBL checks only run when a net-based ruleset is loaded. As an example, I have various uri rules to detect emails from questionable journals. Since it's possible that someone might be having a legitimate mail conversation about that journal and share the URL to their site, I want to count how many times the URL appears, so I add a "multiple" tflag for the rule. More appearances means the mail is more likely to be advertising the journal or soliciting articles. On the other hand, once it's been seen eight time (or 15 or whatever), there's a diminishing return on that rule's ability to tell me anything more about the email, so I use "maxhits=8" to keep it from continuing to look for the uri (and to stop scoring additional points). On Thu, 3 Aug 2017, John Schmerold wrote: I don't understand the purpose of tflags. Where is this parameter explained? -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT CompSci =--+--- All syllogisms contain three lines | sha...@shanew.net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: tflags
On Thu, 3 Aug 2017, John Schmerold wrote: I don't understand the purpose of tflags. Where is this parameter explained? man Mail::SpamAssassin::Conf Basically it allows setting some per-rule metadata that affects how the rule behaves. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The United States has become a place where entertainers and professional athletes are mistaken for people of importance. -- Maureen Johnson Smith Long --- Tomorrow: the 282nd anniversary of John Peter Zenger's acquittal
tflags
I don't understand the purpose of tflags. Where is this parameter explained? -- John Schmerold Katy Computer Systems, Inc https://katy.com St Louis
Re: tflags multiple and header exists:
On Sep 29, 2015, at 10:09 AM, Philip Prindeville <philipp_s...@redfish-solutions.com> wrote: > Can you use something like: > > header __L_X_NO_RELAY exists:X-No-Relay > tflags __L_X_NO_RELAY multiple Actually, that should probably be bounded to something like: tflags __L_X_NO_RELAY multiple maxhits=10 > > meta MULTIPLE_X_NO_RELAY __L_X_NO_RELAY >= 8 > describe MULTIPLE_X_NO_RELAY Saw an inordinate number of X-No-Relay: headers > score MULTIPLE_X_NO_RELAY 10.0 > > I couldn’t get the first 2 lines to work together. I had to resort to: > > header __L_X_NO_RELAY ALL =~ /^x-no-relay:/msi > > instead for the first line. Is this a known constraint? > > -Philip >
Re: tflags multiple and header exists:
On Tue, 29 Sep 2015, Philip Prindeville wrote: Can you use something like: header __L_X_NO_RELAY exists:X-No-Relay Are you seeing empty X-No-Relay headers? How about: header__HAS_NO_RELAYX-No-Relay =~ /./ ...which is in my sandbox, but just for eval, it's not scored yet: http://ruleqa.spamassassin.org/20150926-r1705400-n/__HAS_NO_RELAY/detail tflags __L_X_NO_RELAY multiple meta MULTIPLE_X_NO_RELAY__L_X_NO_RELAY >= 8 If you're doing that, do TFLAGS multiple, maxhits=9 I'll add this to my sandbox. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- I'm seriously considering getting one of those bright-orange prison overalls and stencilling PASSENGER on the back. Along with the paper slippers, I ought to be able to walk right through security. -- Brian Kantor in a.s.r ---
tflags multiple and header exists:
Can you use something like: header __L_X_NO_RELAY exists:X-No-Relay tflags __L_X_NO_RELAY multiple meta MULTIPLE_X_NO_RELAY__L_X_NO_RELAY >= 8 describe MULTIPLE_X_NO_RELAYSaw an inordinate number of X-No-Relay: headers score MULTIPLE_X_NO_RELAY 10.0 I couldn’t get the first 2 lines to work together. I had to resort to: header __L_X_NO_RELAY ALL =~ /^x-no-relay:/msi instead for the first line. Is this a known constraint? -Philip
Re: tflags multiple and header exists:
On Tue, 29 Sep 2015, John Hardin wrote: On Tue, 29 Sep 2015, Philip Prindeville wrote: Can you use something like: header __L_X_NO_RELAY exists:X-No-Relay Are you seeing empty X-No-Relay headers? How about: header__HAS_NO_RELAYX-No-Relay =~ /./ Oops. If you're going to multiple that, do this: header__HAS_NO_RELAYX-No-Relay =~ /^./ ...which is in my sandbox, but just for eval, it's not scored yet: http://ruleqa.spamassassin.org/20150926-r1705400-n/__HAS_NO_RELAY/detail tflags __L_X_NO_RELAY multiple meta MULTIPLE_X_NO_RELAY __L_X_NO_RELAY >= 8 If you're doing that, do TFLAGS multiple, maxhits=9 I'll add this to my sandbox. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- I'm seriously considering getting one of those bright-orange prison overalls and stencilling PASSENGER on the back. Along with the paper slippers, I ought to be able to walk right through security. -- Brian Kantor in a.s.r ---
Re: tflags multiple and header exists:
On Tue, 29 Sep 2015, Philip Prindeville wrote: Can you use something like: header __L_X_NO_RELAY exists:X-No-Relay tflags __L_X_NO_RELAY multiple See also DUP_SUSP_HDR, which is in my sandbox but isn't performing well enough against the corpora to get published: http://ruleqa.spamassassin.org/20150926-r1705400-n/%2FDUP_SUSP_HDR -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Homeland Security: Specializing in Tactical Band-aids for Strategic Problems. -- Eric K. in Bruce Schneier's blog ---
Re: tflags multiple and header exists:
On Sep 29, 2015, at 10:44 AM, John Hardin <jhar...@impsec.org> wrote: > On Tue, 29 Sep 2015, Philip Prindeville wrote: > >> Can you use something like: >> >> header __L_X_NO_RELAYexists:X-No-Relay > > Are you seeing empty X-No-Relay headers? How about: No, not empty. Typically they say: X-No-Relay: not in my network > > header__HAS_NO_RELAYX-No-Relay =~ /./ > > ...which is in my sandbox, but just for eval, it's not scored yet: No, that ends up matching once per character… But /.*/ works. > > http://ruleqa.spamassassin.org/20150926-r1705400-n/__HAS_NO_RELAY/detail > >> tflags __L_X_NO_RELAYmultiple >> >> meta MULTIPLE_X_NO_RELAY __L_X_NO_RELAY >= 8 > > If you're doing that, do TFLAGS multiple, maxhits=9 > > I'll add this to my sandbox. > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
Re: tflags multiple and header exists:
On Tue, 29 Sep 2015, Philip Prindeville wrote: On Sep 29, 2015, at 10:44 AM, John Hardin <jhar...@impsec.org> wrote: On Tue, 29 Sep 2015, Philip Prindeville wrote: Can you use something like: header __L_X_NO_RELAY exists:X-No-Relay Are you seeing empty X-No-Relay headers? How about: No, not empty. Typically they say: X-No-Relay: not in my network Yeah, multiples of that is what I was seeing too. Memories are reviving. I don't think the tflags multiple for a single-header rule will work, as SA collapses identical headers. It has to be a header ALL rule. That's why I did DUP_SUSP_HDR. Unfortunately that's not seen enough in the masscheck corpus to be scored and published. The "collapse multiple identical headers" is probably why the multiple exists doesn't work. No, that ends up matching once per character… But /.*/ works. Yeah, oops. /^./ would be a bit more efficient. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Any time law enforcement becomes a revenue center, the system becomes corrupt. ---
Re: score=19.9 points, tflags=autolearn_force; = autolearn=no autolearn_force=no; WTF?
On 4/21/2015 11:48 PM, David B Funk wrote: I've got some home-grown rules that I trust to which have added tflags autolearn_force Recently I've seen some spam that hit those rules and racked up enough points that they should have auto-learned. But the scoring analysis explicitly says autolearn=no autolearn_force=no. What's going on here? Different rules are categorized differently and you likely aren't hitting the requirements: The score threshold above which a mail has to score, to be fed into SpamAssassin's learning systems automatically as a spam message. Note: SpamAssassin requires at least 3 points from the header, and 3 points from the body to auto-learn as spam. Therefore, the minimum working value for this option is 6. If the test option autolearn_force is set, the minimum value will remain at 6 points but there is no requirement that the points come from body and header rules. This option is useful for autolearning with rules that are considered to be extremely safe indicators of the spaminess of a message. is the autolearn_force being ignored because of the initial BAYES_00 score? Is there a 'autolearn_force_yes_I_really_mean_it' tflag that can be used to overcome that inhibition? I'd run with debug and look for these debugs: dbg(learn: auto-learn: autolearn_force flagged for a rule. Removing seperate body and head point threshold. Body Only Points: $body_only_points ($required_body_points req'd) / Head Only Points: $head_only_points ($required_head_points req'd)); dbg(learn: auto-learn: autolearn_force flagged because of rule(s): $force_autolearn_names); } else { dbg(learn: auto-learn: autolearn_force not flagged for a rule. Body Only Points: $body_only_points ($required_body_points req'd) / Head Only Points: $head_only_points ($required_head_points req'd)); } regards, KAM
Re: score=19.9 points, tflags=autolearn_force; = autolearn=no autolearn_force=no; WTF?
On Tue, 21 Apr 2015 22:48:46 -0500 (CDT) David B Funk wrote: is the autolearn_force being ignored because of the initial BAYES_00 score? Yes, a Bayes point in the opposite direction prevents auto-training. All the force flag does is override the 3+3 rule. Is there a 'autolearn_force_yes_I_really_mean_it' tflag that can be used to overcome that inhibition? Not as such, but it is possible to get that behaviour by transferring the score of BAYES_00 into two mutually exclusive meta-rules, one marked learn, and the other noautolearn. The former will retain the sanity-check and the latter wont.
score=19.9 points, tflags=autolearn_force; = autolearn=no autolearn_force=no; WTF?
I've got some home-grown rules that I trust to which have added tflags autolearn_force Recently I've seen some spam that hit those rules and racked up enough points that they should have auto-learned. But the scoring analysis explicitly says autolearn=no autolearn_force=no. What's going on here? # spamc -R /tmp/food-0 19.9/6.0 Checker-Version SpamAssassin 3.4.0 (2014-02-07) on xyzzy.engr.uiowa.edu Content analysis details: (19.9 points, 6.0 required, autolearn=no autolearn_force=no) pts rule name description -- -- 10 SURBL_URI_DBF4 Contains an URL in My SURBL list 4 [URIs: zxrich.com] 4.0 SURBL_URI_DBF2 Contains an URL in My SURBL list 2 [URIs: zxrich.com] -0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [178.23.244.208 listed in wl.mailspike.net] 0.0 MISSING_HEADERSMissing To: header -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.] 1.1 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 2.0 KAM_OBFObfuscated Porn Spams 0.8 KAM_ASCII_DIVIDERS Spam that uses ascii formatting tricks -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 1.0 TO_CC_NONE No To: or Cc: header -0.0 T__RECEIVED_2 More than one untrusted relay 0.1 KHOP_SC_CIDR8 Relay CIDR /8 is among worst in SpamCop The odd thing is that if I manually explicitly learn them with sa-learn --spam --mbox /tmp/food-0 then suddenly the 'autolearn_force=yes' takes effect. (with no other change, exact same message, seconds later). # spamc -R /tmp/food-0 23.8/6.0 Checker-Version SpamAssassin 3.4.0 (2014-02-07) on xyzzy.engr.uiowa.edu Content analysis details: (23.8 points, 6.0 required, autolearn=unavailable autolearn_force=yes (SURBL_URI_DBF4)) pts rule name description -- -- 10 SURBL_URI_DBF4 Contains an URL in My SURBL list 4 [URIs: zxrich.com] 4.0 SURBL_URI_DBF2 Contains an URL in My SURBL list 2 [URIs: zxrich.com] 0.0 MISSING_HEADERSMissing To: header -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4) [178.23.244.208 listed in wl.mailspike.net] 2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% [score: 0.9197] 1.1 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 2.0 KAM_OBFObfuscated Porn Spams 0.8 KAM_ASCII_DIVIDERS Spam that uses ascii formatting tricks -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 1.0 TO_CC_NONE No To: or Cc: header -0.0 T__RECEIVED_2 More than one untrusted relay 0.1 KHOP_SC_CIDR8 Relay CIDR /8 is among worst in SpamCop is the autolearn_force being ignored because of the initial BAYES_00 score? Is there a 'autolearn_force_yes_I_really_mean_it' tflag that can be used to overcome that inhibition? -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
tflags userconf
Hallo! Back on topic :) I happened to notice that 'tflags userconf' was specified for a few tests that, as far as I could tell have on user configurable parameters. Example (3.2.5): 25_spf.cf:tflags SPF_PASS nice userconf So what 'user configuration' is needed for SPF_PASS that is NOT needed for SPF_FAIL? In general, what does a 'userconf' specification 'look for' before permitting a test to run? - C
Re: tflags userconf
On Fri, 26 Feb 2010 10:20:06 -0500 (EST) Charles Gregory cgreg...@hwcn.org wrote: I happened to notice that 'tflags userconf' was specified for a few tests that, as far as I could tell have on user configurable parameters. Example (3.2.5): 25_spf.cf:tflags SPF_PASS nice userconf So what 'user configuration' is needed for SPF_PASS that is NOT needed for SPF_FAIL? In general, what does a 'userconf' specification 'look for' before permitting a test to run? I don't think userconf determines whether a rule runs. I think it's intended to flag that the rule may change its behaviour according to how it's configured. AFAIK in SA itself its only effect is that userconf rules are excluded from the autolearning and AWL. I'm guessing it's also used to exclude rules from score optimization. There is a comment in 25_spf.cf: # these are userconf so that scores are set by hand tflags SPF_PASS nice userconf net tflags SPF_HELO_PASSnice userconf net
Re: tflags userconf
On Fri, 26 Feb 2010, RW wrote: I'm guessing it's also used to exclude rules from score optimization. There is a comment in 25_spf.cf: # these are userconf so that scores are set by hand tflags SPF_PASS nice userconf net tflags SPF_HELO_PASSnice userconf net Ah. I didn't see that because I was grepping * for 'SPF'... :) Thanks. - C
Re: tflags multiple with mimeheader rules
Jeremy Fairbrass [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Can the tflags multiple setting be used with mimeheader rules? Or only with header, body, rawbody, uri, and full tests? Also, where can I find some further info on how tflags multiple should be used - perhaps with an example or two? I can't find anything in the SpamAssassin wiki on this, and the brief description at http://spamassassin.apache.org/full/3.2.x/dist/doc/Mail_SpamAssassin_Conf.html isn't much help either. Cheers, Jeremy Can anybody offer some help?! :) - Jeremy
tflags multiple with mimeheader rules
Hi all, Can the tflags multiple setting be used with mimeheader rules? Or only with header, body, rawbody, uri, and full tests? Also, where can I find some further info on how tflags multiple should be used - perhaps with an example or two? I can't find anything in the SpamAssassin wiki on this, and the brief description at http://spamassassin.apache.org/full/3.2.x/dist/doc/Mail_SpamAssassin_Conf.html isn't much help either. Cheers, Jeremy