Thanks,
I have checked the suggested rules like this:
header FROM_FORM From =~ /spamadmin\@ngtech.co.il/i
score FROM_FORM -0.1
body __HBRW_ENCODING /charset=\windows-1255\/
score __HBRW_ENCODING -0.1
body __HBRW_CHARS/[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
score __HBRW_CHARS -0.1
tflags
In an older episode, on 2013-02-06 09:53, Eliezer Croitoru wrote:
body __HBRW_ENCODING /charset=\windows-1255\/
score __HBRW_ENCODING -0.1
I use a rule
mimeheader LOCAL_1251_CHARSETContent-Type =~
/charset=.{0,3}windows-1251/i
IMHO, charset is a MIME header, not a part of the message
On 2/6/2013 11:04 AM, Wolfgang Zeikat wrote:
In an older episode, on 2013-02-06 09:53, Eliezer Croitoru wrote:
body __HBRW_ENCODING /charset=\windows-1255\/
score __HBRW_ENCODING -0.1
I use a rule
mimeheader LOCAL_1251_CHARSETContent-Type =~
/charset=.{0,3}windows-1251/i
IMHO, charset
On Wed, 6 Feb 2013, Eliezer Croitoru wrote:
Thanks,
I have checked the suggested rules like this:
header FROM_FORM From =~ /spamadmin\@ngtech.co.il/i
score FROM_FORM -0.1
body __HBRW_ENCODING /charset=\windows-1255\/
The fact that the charset= isn't a body part has already been
On 2/1/2013 12:00 PM, John Hardin wrote:
On Fri, 1 Feb 2013, Ben Johnson wrote:
John, thanks for pointing-out the problems associated with re-sending
the messages via sendmail.
I threw a line out to the Dovecot users group and learned how to move
messages without going through the MTA.
Subrules (those beginning with __) are not scored. Those score lines
have no effect, and should probably be removed to avoid confusion that
they actually *do* have an effect.
this might be the reason.
I will check later.
On 2/6/2013 5:40 PM, John Hardin wrote:
Typo. s/b FROM_FORM. Perhaps
On 2/1/2013 7:58 PM, John Hardin wrote:
On Sat, 2 Feb 2013, RW wrote:
ALLOWING APPENDS
By appends we mean the case of mail moving when the source folder is
unknown, e.g. when you move from some other account or with tools
like offlineimap. You should be careful with allowing
On Wed, 2013-02-06 at 17:45 +0200, Eliezer Croitoru wrote:
Sorry but I didn't had much time to understand all of the rules syntax.
When developing a meta rule that combines subrules there';s littlew
point in writing descriptions for the subrules. In addition I find its
helpful to do the
On Wed, 6 Feb 2013, Ben Johnson wrote:
On 2/1/2013 7:58 PM, John Hardin wrote:
That latter brings up another concern for the vetted-corpora model: if a
message is *removed* from a training corpora mailbox rather than
reclassified, you'd have to wipe and retrain your database from scratch
to
On Wed, 6 Feb 2013, Martin Gregorie wrote:
body HSHCH /[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
body HSTCH /[\x30-\x39\x41-\x5A\x61-\x7A\x80-\xFF]?/
Why the question marks? They make the character optional, which in this
case makes the *entire RE* optional, which is a bad idea,
On Wed, 6 Feb 2013, John Hardin wrote:
On Wed, 6 Feb 2013, Eliezer Croitoru wrote:
body __HBRW_CHARS/[\xC0-\xCB\xCD-\xDB\xDF-\xFB]?/
body __TOTAL_CHARS /[\x30-\x39\x41-\x5A\x61-\x7A\x80-\xFF]?/
Eliezer:
Apoligies for not noticing this the first time through: lose the question
On Wed, 6 Feb 2013, Martin Gregorie wrote:
On Wed, 2013-02-06 at 17:45 +0200, Eliezer Croitoru wrote:
Sorry but I didn't had much time to understand all of the rules syntax.
When developing a meta rule that combines subrules there';s littlew
point in writing descriptions for the subrules.
On Wed, 6 Feb 2013, David B Funk wrote:
It's also easier to do an edit s/T_/__/g when you've got things working
to your satisfaction to move from testing to production.
s/ T_/ __/ please! :)
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.org
Matus UHLAR - fantomas skrev den 2013-02-04 09:25:
port 25 open. There are multiple ways to detect dynamic IPs (rDNS
patterns,
PBL, SORBS-DUL, MAPS-DYNA) which I found more safe than TCP port 25
open.
On 04.02.13 17:27, Benny Pedersen wrote:
i never write only but my point is that if port 25
Matus UHLAR - fantomas wrote:
Matus UHLAR - fantomas skrev den 2013-02-04 09:25:
port 25 open. There are multiple ways to detect dynamic IPs (rDNS
patterns,
PBL, SORBS-DUL, MAPS-DYNA) which I found more safe than TCP port 25
open.
On 04.02.13 17:27, Benny Pedersen wrote:
i never write only but
Hi,
we have real problems with SA spam scoring of some hosts that that are in
list.dnswl.org
with a hight trust level (RCVD_IN_DNSWL_HI). This in SA gives a negative score
of -5.0.
The description at the dnswl website says:
Recommended Usage: Skip spam filtering for medium and high ranked
16 matches
Mail list logo
