# 2005/07/29, http://www.apnic.net/db/ranges.html
header RCVD_VIA_APNIC Received =~
/[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(?:\]|\)|
)/
describe RCVD_VIA_APNIC Received through a relay in Asia/Pacific Network
Adam Katz had this rule in one of his chan
On 09/24/09 09:21, quoth Benny Pedersen:
> On tor 24 sep 2009 04:57:57 CEST, "Steven W. Orr" wrote
>> Since I haven't *ever* touched this table for cleanup, the above
>> described cron job will not delete any rows for that period of time.
>
> you will have less problems with innodb then myisam
>
On Fri, 02 Oct 2009 00:14:52 +0200
mouss wrote:
> RW wrote:
> > The term false-positive can apply to any test. A test for ham
> > that matches a spam is a false-positive, it's a matter of context.
>
> spam too can be (re)defined. and actually any term. but it is assumed
> here that we talk abo
On Oct 1, 2009, at 18:36, Karsten Bräckelmann
wrote:
Same for RCVD_IN_DNSWL. If it positively matches, it either it is
correct, or wrong. A false positive is a match, that is wrong. No
matter
the score you assign the test.
Lke others havecsaid, you can make the words mean whatever you wa
On Fri, 2009-10-02 at 00:08 +0200, mouss wrote:
> Karsten Bräckelmann wrote:
> > False positive. Something, that matches (positive) the criterion for a
> > certain test, but should not (false).
I stand to what I said.
> you can certainly devise a system to detect alpha(foo) where alpha is a
> fun
RW wrote:
> On Wed, 30 Sep 2009 23:35:31 +0200
> mouss wrote:
>
>> Warren Togami wrote:
>>> I scanned my spam folders and found a few false positives that hit
>>> on either DNSWL
>> FP with DNSWL?
>>
>> FP = False Positive = legitimaite mail tagged as spam
>> DNSWL = Whitelist
>
> The term
Karsten Bräckelmann wrote:
> On Wed, 2009-09-30 at 23:35 +0200, mouss wrote:
>> Warren Togami wrote:
>>> I scanned my spam folders and found a few false positives that hit on
>>> either DNSWL
>> FP with DNSWL?
>>
>> FP = False Positive = legitimaite mail tagged as spam
>> DNSWL = Whitelist
>
On Thu, 1 Oct 2009, Warren Togami wrote:
The "Oddity" I was pointing out at the beginning of the thread is not
prevalence of .cn URI's, but rather most of them appear to be exactly 8
characters long. Could someone please commit my T_CN_8_URL rule to the
sandbox so we can see if that trend hol
From: "Ned Slider"
Sent: Thursday, 2009/October/01 10:48
Warren Togami wrote:
On 10/01/2009 01:05 PM, John Hardin wrote:
On Thu, 1 Oct 2009, jdow wrote:
From: "John Hardin"
Yours may still hit .cn in the path part. May I suggest:
m;^https?://[^/?]+\.cn\b;
Regardless of their correctn
From: "Warren Togami"
Sent: Thursday, 2009/October/01 10:24
On 10/01/2009 01:16 PM, Warren Togami wrote:
On 10/01/2009 01:05 PM, John Hardin wrote:
On Thu, 1 Oct 2009, jdow wrote:
From: "John Hardin"
Yours may still hit .cn in the path part. May I suggest:
m;^https?://[^/?]+\.cn\b;
R
Warren Togami wrote:
On 10/01/2009 01:05 PM, John Hardin wrote:
On Thu, 1 Oct 2009, jdow wrote:
From: "John Hardin"
Yours may still hit .cn in the path part. May I suggest:
m;^https?://[^/?]+\.cn\b;
Regardless of their correctness, would you care to expound on the
success
of these two
Updated that as well.
R-Elists wrote:
marc
dont forget this one
http://wiki.apache.org/spamassassin/MarcPerkelsExperiments
- rh
From:
Marc Perkel [mailto:m...@perkel.com]
snip
Yes - the wiki is updated.
SM wrote:
Hi Marc,
At 09:32 30-09-2009, Marc Perkel wrote:
I have a lot of mighty servers set up ad have servers at 4 locations.
I have 50mb bought and using about 30 of it now. I am not sure what
it takes to support a default SA inclusion. Does anyone know if what
I described sounds like it
On 10/01/2009 01:16 PM, Warren Togami wrote:
On 10/01/2009 01:05 PM, John Hardin wrote:
On Thu, 1 Oct 2009, jdow wrote:
From: "John Hardin"
Yours may still hit .cn in the path part. May I suggest:
m;^https?://[^/?]+\.cn\b;
Regardless of their correctness, would you care to expound on the
On 10/01/2009 01:05 PM, John Hardin wrote:
On Thu, 1 Oct 2009, jdow wrote:
From: "John Hardin"
Yours may still hit .cn in the path part. May I suggest:
m;^https?://[^/?]+\.cn\b;
Regardless of their correctness, would you care to expound on the success
of these two rules, John? I like what
On Thu, 1 Oct 2009, jdow wrote:
From: "John Hardin"
Yours may still hit .cn in the path part. May I suggest:
m;^https?://[^/?]+\.cn\b;
Regardless of their correctness, would you care to expound on the success
of these two rules, John? I like what works not political correctness.
I
On 10/01/2009 12:42 PM, jdow wrote:
From: "Marc Perkel"
Sent: Wednesday, 2009/September/30 16:41
Blaine Fleming wrote: Marc Perkel wrote:
I like it.
RCVD_IN_HOSTKARMA_BL
RCVD_IN_HOSTKARMA_WL
RCVD_IN_HOSTKARMA_YL
RCVD_IN_HOSTKARMA_BR
Let's go with it.
Marc, have you updated your wiki to re
From: "Marc Perkel"
Sent: Wednesday, 2009/September/30 16:41
Blaine Fleming wrote:
Marc Perkel wrote:
I like it.
RCVD_IN_HOSTKARMA_BL
RCVD_IN_HOSTKARMA_WL
RCVD_IN_HOSTKARMA_YL
RCVD_IN_HOSTKARMA_BR
Let's go with it.
Marc, have you updated your wiki to reflect the new rules? I think
On tor 01 okt 2009 18:09:38 CEST, "to...@starbridge.org" wrote
thank for your answers.
It's done:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6214
also
spamassassin 2>&1 -D -t msg > output.log
and another time with the plugin disabled shows it work (this time
with >>output.log)
On Thu, 1 Oct 2009, Benny Pedersen wrote:
On tor 01 okt 2009 18:26:01 CEST, John Hardin wrote
m;^https?://[^/?]+\.cn\b;
replace ; with / no ?
m/\bhttps?://[^/?]+\.cn\b/i
No. The point to m; is so that you can embed / in the RE without escaping
them. You are changing the RE delimiters.
m
From: "John Hardin"
Sent: Thursday, 2009/October/01 09:26
On Thu, 1 Oct 2009, Ned Slider wrote:
John Hardin wrote:
On Thu, 1 Oct 2009, Warren Togami wrote:
> uri T_CN_URL /[^\/]+\.cn(?:$|\/|\?)/i
> describe T_CN_URL Contains a URL in the .cn domain
>
> uri T_CN_8_URL /[\/.]+\
On tor 01 okt 2009 18:26:01 CEST, John Hardin wrote
m;^https?://[^/?]+\.cn\b;
replace ; with / no ?
m/\bhttps?://[^/?]+\.cn\b/i
--
xpoint
On Thu, 1 Oct 2009, Ned Slider wrote:
John Hardin wrote:
On Thu, 1 Oct 2009, Warren Togami wrote:
> uri T_CN_URL /[^\/]+\.cn(?:$|\/|\?)/i
> describe T_CN_URL Contains a URL in the .cn domain
>
> uri T_CN_8_URL /[\/.]+\w{8}\.cn(?:$|\/|\?)/i
> describe T_CN_8_URL Contains a URL i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Mason a écrit :
> On Thu, Oct 1, 2009 at 16:15, John Hardin wrote:
>> On Thu, 1 Oct 2009, Zdenek Herman wrote:
>>
>>> I have same problem.
>>> Any solution ?
>>>
>>> to...@starbridge.org napsal(a):
>>>
i'm running SA 3.3.0 (3.3.0-alpha3-r8
John Hardin wrote:
On Thu, 1 Oct 2009, Warren Togami wrote:
uri T_CN_URL /[^\/]+\.cn(?:$|\/|\?)/i
describe T_CN_URL Contains a URL in the .cn domain
uri T_CN_8_URL /[\/.]+\w{8}\.cn(?:$|\/|\?)/i
describe T_CN_8_URL Contains a URL in the .cn domain of exactly 8
characters long
http:
On Thu, 1 Oct 2009, Justin Mason wrote:
On Thu, Oct 1, 2009 at 16:15, John Hardin wrote:
On Thu, 1 Oct 2009, Zdenek Herman wrote:
I have same problem.
Any solution ?
to...@starbridge.org napsal(a):
i'm running SA 3.3.0 (3.3.0-alpha3-r808953) and i've some problem with
compiled rules.
sa-
On Thu, Oct 1, 2009 at 16:15, John Hardin wrote:
> On Thu, 1 Oct 2009, Zdenek Herman wrote:
>
>> I have same problem.
>> Any solution ?
>>
>> to...@starbridge.org napsal(a):
>>
>>> i'm running SA 3.3.0 (3.3.0-alpha3-r808953) and i've some problem with
>>> compiled rules.
>>>
>>> sa-compile runs wi
On Thu, 1 Oct 2009, Zdenek Herman wrote:
I have same problem.
Any solution ?
to...@starbridge.org napsal(a):
i'm running SA 3.3.0 (3.3.0-alpha3-r808953) and i've some problem with
compiled rules.
sa-compile runs without errors, and SA seems to works fine when
restarted. But some body rules
On Thu, 1 Oct 2009, Warren Togami wrote:
uri T_CN_URL /[^\/]+\.cn(?:$|\/|\?)/i
describe T_CN_URL Contains a URL in the .cn domain
uri T_CN_8_URL /[\/.]+\w{8}\.cn(?:$|\/|\?)/i
describe T_CN_8_URL Contains a URL in the .cn domain of exactly 8 characters
long
http://ruleqa.spamassassi
I have same problem.
Any solution ?
Regards
Zdenek Herman
zdenek.her...@ille.cz
tel: 777 730 218
http://www.cistaposta.cz
to...@starbridge.org napsal(a):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
> i'm running SA 3.3.0 (3.3.0-alpha3-r808953) and i've some problem with
> compile
more logs
Oct 1 13:22:20 mail amavis[17226]: (17226-02) LMTP< RCPT
TO: ORCPT=rfc822;u...@example.com\r\n
Oct 1 13:22:20 mail amavis[17226]: (17226-02) LMTP> 250 2.1.5 Recipient
u...@example.com OK
Oct 1 13:22:20 mail amavis[17226]: (17226-02) LMTP::10024
/var/lib/amavis/tmp/amavis-20091001T131
31 matches
Mail list logo