In order to guard against malicious macros, we have banned all macro-enabled
Office document formats, i.e. added the following to $banned_filename_re:
# block macro-enabled office files
qr'.\.(xlsm|xltm|xlam|docm|dotm|pptm|potm|ppam|ppsm|sldm)$'i,
Since modern Office documents are technic
@amavis.org] On
Behalf Of Kai Risku
Sent: Tuesday, April 5, 2016 2:54 AM
To: amavis-users@amavis.org
Subject: Banning .docm gives misleading error message
In order to guard against malicious macros, we have banned all macro-enabled
Office document formats, i.e. added the following to
://www.arrak.fi
-Original Message-
From: amavis-users [mailto:amavis-users-bounces+kai.risku=arrak...@amavis.org]
On Behalf Of Mark Martinec
Sent: Tuesday, April 26, 2016 18:22
To: amavis-users@amavis.org
Subject: RE: Banning .docm gives misleading error message
On 2016-04-05 10:21, Kai
Appending the modifier “:addr” to a header name will remove everything from
that header except the first email address. If you are using an anchored regexp
on the email address, then the From:addr test should work, i.e.
header SPAM11OctF1 From:addr ~=
/^airecom612\+97d7d60a91d
Put this in your local.cf
score BAYES_996.0
Personally I think 6.0 is a bit high. There is significant risk of false
positive if one single rule can give enough points to block the message.
Are you using network tests (RBL blocklists, etc.)? These are usually very
effective. S
,}\@/i
--
kai.ri...@arrak.fi GSM +358-40-767 8282
Oy Arrak Software Ab http://www.arrak.fi
-Original Message-
From: Indunil Jayasooriya [mailto:induni...@gmail.com]
Sent: Friday, October 14, 2016 11:03 AM
To: Kai Risku
Cc: amavis-users@amavis.org
Subject: Re: spam assassin rule to
16 or more hexadecimal characters just before the
@-sign.
--
kai.ri...@arrak.fi GSM +358-40-767 8282
Oy Arrak Software Ab http://www.arrak.fi
-Original Message-
From: Indunil Jayasooriya [mailto:induni...@gmail.com]
Sent: Friday, October 14, 2016 11:56 AM
To: Kai Risku
Cc: amavi