On Mon, May 23, 2022 at 10:48:51PM -0600, Philip Prindeville wrote:
>
>
> > On May 11, 2022, at 1:53 AM, Henrik K wrote:
> >
> > On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
> >> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
> >>> On Tue, May 10, 2022 at 06:19:38PM
> On May 11, 2022, at 1:53 AM, Henrik K wrote:
>
> On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
>> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
>>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
See my original message.
I can't
> On May 11, 2022, at 9:24 AM, John Hardin wrote:
>
> On Tue, 10 May 2022, Philip Prindeville wrote:
>
>> Anyone have a rule to detect the following nonsense headers seen in this
>> message I got?
>>
>> Return-Path:
>> Received: from cp24.deluxehosting.com (cp24.deluxehosting.com
>>
On Fri, May 13, 2022 at 12:22:48PM -0600, Philip Prindeville wrote:
>
> How do you look at what a rule is matching? I've never figured that out...
Debug output:
spamassassin -t -D rules < message.eml 2>&1 | grep 'got hit'
> On May 11, 2022, at 1:53 AM, Henrik K wrote:
>
> On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
>> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
>>> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
See my original message.
I can't
> On May 11, 2022, at 1:44 AM, Henrik K wrote:
>
> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
>> See my original message.
>>
>> I can't think of a single way to match each header, and then test for any of
>> them not matching the pattern...
>
> Simply use regex
On Tue, 10 May 2022, Philip Prindeville wrote:
Anyone have a rule to detect the following nonsense headers seen in this
message I got?
Return-Path:
Received: from cp24.deluxehosting.com (cp24.deluxehosting.com [207.55.244.13])
by mail (envelope-sender ) (MIMEDefang) with ESMTP
id
On Wed, May 11, 2022 at 10:49:32AM +0300, Henrik K wrote:
> On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
> > On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
> > > See my original message.
> > >
> > > I can't think of a single way to match each header, and then
On Wed, May 11, 2022 at 10:44:05AM +0300, Henrik K wrote:
> On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
> > See my original message.
> >
> > I can't think of a single way to match each header, and then test for any
> > of them not matching the pattern...
>
> Simply use
On Tue, May 10, 2022 at 06:19:38PM -0600, Philip Prindeville wrote:
> See my original message.
>
> I can't think of a single way to match each header, and then test for any of
> them not matching the pattern...
Simply use regex negative lookahead.
ALL =~ /^(?!Foo|Bar):/m
It will hit any line
On Tue, 2022-05-10 at 18:19 -0600, Philip Prindeville wrote:
> I can't think of a single way to match each header, and then test for
> any of them not matching the pattern...
>
>
I had in mind a subrule that triggers on valid header names, combined
with a meta rule that inverts the subrule
On 2022-05-10 at 20:20:14 UTC-0400 (Tue, 10 May 2022 18:20:14 -0600)
Philip Prindeville
is rumored to have said:
On May 10, 2022, at 5:57 PM, Martin Gregorie
wrote:
On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
You're correct that they're different in every message
On 2022-05-10 at 18:10:23 UTC-0400 (Tue, 10 May 2022 16:10:23 -0600)
Philip Prindeville
is rumored to have said:
Anyone have a rule to detect the following nonsense headers seen in
this message I got?
No, and complicating your circumstance: RFC6648
Here's the title & abstract:
Minicomputers-Exhume: sides
Malthus-Films: 88976dea
Parasitic-Homogeneity: db5da28ba3e69a
Capitalizations-Grievously: oilers
It looks like the pattern is
/[A-Z][a-z]{1,20}-[A-Z][a-z]{1.20}\:\s{1,10}[\w\d]{3,20}/
or something close to that.
Obviously it can mutate, but generally these are
> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote:
>
> On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
>>
>> You're correct that they're different in every message received.
>>
> So write a rule that fires on any header name that *doesn't* match
> anything in the list of
> On May 10, 2022, at 5:57 PM, Martin Gregorie wrote:
>
> On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
>>
>> You're correct that they're different in every message received.
>>
> So write a rule that fires on any header name that *doesn't* match
> anything in the list of
On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote:
>
> You're correct that they're different in every message received.
>
So write a rule that fires on any header name that *doesn't* match
anything in the list of legit headers as defined in the relevant RFCs.
Of course you may need to
> On May 10, 2022, at 4:58 PM, Kevin A. McGrail wrote:
>
> On 5/10/2022 6:10 PM, Philip Prindeville wrote:
>> Anyone have a rule to detect the following nonsense headers seen in this
>> message I got?
>
> Interesting. Those look more like something that Bayesian learning would be
> best to
On 5/10/2022 6:10 PM, Philip Prindeville wrote:
Anyone have a rule to detect the following nonsense headers seen in this
message I got?
Interesting. Those look more like something that Bayesian learning would
be best to handle.
But, have you built a corpora of spam and ham? Do a list of
19 matches
Mail list logo
