On Fri, 3 Jan 2020 16:21:21 -0700
Philip Prindeville wrote:
> rawbody __L_UNNEEDED_META_CT /^ /m
>
> meta T_BLOCK_MISC47 __L_UNNEEDED_META_CT
> describe T_BLOCK_MISC47 Why do this when a
> Content-Type: header works? score T_BLOCK_MISC47 20.0
>
> And that
On Fri, 3 Jan 2020 15:29:40 -0700
Philip Prindeville wrote:
> > On Jan 3, 2020, at 11:34 AM, RW wrote:
> >
> > On Fri, 3 Jan 2020 10:09:21 -0800 (PST)
> > John Hardin wrote:
> >> Try this instead, to actually match the header(s):
> >>
> >> header __L_RECEIVED_SPF Received-SPF =~ /^./
> On Jan 3, 2020, at 3:45 PM, Philip Prindeville
> wrote:
>
>
>
>> On Jan 2, 2020, at 4:08 PM, Philip Prindeville
>> wrote:
>>
>> I’m getting the following Spam.
>>
>> http://www.redfish-solutions.com/misc/bluechew.eml
>>
>> And this is notable for having:
>>
>>
>>
>> GUID1
>>
> On Jan 2, 2020, at 4:08 PM, Philip Prindeville
> wrote:
>
> I’m getting the following Spam.
>
> http://www.redfish-solutions.com/misc/bluechew.eml
>
> And this is notable for having:
>
>
>
> GUID1
> GUID2
> GUID3
> GUID4
> …
>
One other question that occurs to me: why would we even
> On Jan 3, 2020, at 11:34 AM, RW wrote:
>
> On Fri, 3 Jan 2020 10:09:21 -0800 (PST)
> John Hardin wrote:
>
>> On Fri, 3 Jan 2020, Pedro David Marco wrote:
>>
>>> header __L_RECEIVED_SPFexists:Received-SPF
>>> tflags __L_RECEIVED_SPFmultiple maxhits=20
>>>
>>> meta
On Fri, 3 Jan 2020 10:09:21 -0800 (PST)
John Hardin wrote:
> On Fri, 3 Jan 2020, Pedro David Marco wrote:
>
> > header __L_RECEIVED_SPF exists:Received-SPF
> > tflags __L_RECEIVED_SPF multiple maxhits=20
> >
> > meta L_RECEIVED_SPF (__L_RECEIVED_SPF >= 10)
> > describe
On Fri, 3 Jan 2020, Pedro David Marco wrote:
header __L_RECEIVED_SPF exists:Received-SPF
tflags __L_RECEIVED_SPF multiple maxhits=20
meta L_RECEIVED_SPF (__L_RECEIVED_SPF >= 10)
describe L_RECEIVED_SPF Crazy numbers of Received-SFP headers
score L_RECEIVED_SPF
Hi Philipe...
try this:
full __L_RECEIVED_SPF /^Received-SPF: \w/mtflags __L_RECEIVED_SPF
multiple maxhits=11
meta L_RECEIVED_SPF (__L_RECEIVED_SPF >= 10)describe L_RECEIVED_SPF
Crazy numbers of Received-SFP headersscore L_RECEIVED_SPF 4
-Pedro.
Philip Prindeville wrote:
I’m getting the following Spam.
http://www.redfish-solutions.com/misc/bluechew.eml
Received: from phylobago.mysecuritycamera.org
(ec2-34-210-5-63.us-west-2.compute.amazonaws.com [34.210.5.63])
I have a local rule adding a couple of points for anything coming