* Loren Wilton wrote (24/12/2005 00:23):
Does anyone have any suggestions, apart from simply reducing the score
for SARE_URI_EQUALS? Is this a spamassassin bug, or is there no way to
guarantee that only real uris are parsed as such?
Several.
Hi. Thanks for the response. I'm replying rather
Mouss wrote on Tue, 27 Dec 2005 00:04:34 +0100:
Is foo.tld=bar a valid hostname part in a URI?
foo.tld=bar is a valid URL with foo.tld being the hostname and =bar
being the query part.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
List Mail User wrote on Mon, 26 Dec 2005 16:46:00 -0800 (PST):
How about the case of http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F
inside of HTML? i.e. http://www.cnn.com/2003/ - from a phishing spam,
the full line was:
You mean it displayed like this in the mail agent *after* Q decoding and
Kai Schaetzl a écrit :
Mouss wrote on Tue, 27 Dec 2005 00:04:34 +0100:
Is foo.tld=bar a valid hostname part in a URI?
foo.tld=bar is a valid URL with foo.tld being the hostname and =bar
being the query part.
are you sure? my understanding is that query part must be in the
url-path,
On Tue, Dec 27, 2005 at 09:17:09PM +0100, mouss wrote:
are you sure? my understanding is that query part must be in the
url-path, so must come after at least one slash. something like
I don't know about =bar, but if it were ?bar, many browsers will assume
there's supposed to be a / before the
List Mail User a écrit :
How about the case of http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F
inside of HTML? i.e. http://www.cnn.com/2003/ - from a phishing spam,
the full line was:
=3Chttp=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2FWORLD=2Fafrica=2F07=2F20=2Fkenya=2Ecrash=2Findex=2Ehtml=3E
I
...
List Mail User wrote on Mon, 26 Dec 2005 16:46:00 -0800 (PST):
How about the case of http=3A=2F=2Fwww=2Ecnn=2Ecom=2F2003=2F
inside of HTML? i.e. http://www.cnn.com/2003/ - from a phishing spam,
the full line was:
You mean it displayed like this in the mail agent *after* Q decoding and
List Mail User a écrit :
updated.by - check http://www.tld.by/cgi-bin/registry.cgi
You'll see that update.by is a registered domain! Therefore
updated.by is indeed a URI. QED
the question is: if foo.example-DEMUNGED is listed in uribl/surbl, does
that make it a bad string in
Loren Wilton a écrit :
Does anyone have any suggestions, apart from simply reducing the score
for SARE_URI_EQUALS? Is this a spamassassin bug, or is there no way to
guarantee that only real uris are parsed as such?
Several.
1.Change your report generator to remove the extraneous dot
...
Mouss,
List Mail User a écrit :
updated.by - check http://www.tld.by/cgi-bin/registry.cgi
You'll see that update.by is a registered domain! Therefore
updated.by is indeed a URI. QED
the question is: if foo.example-DEMUNGED is listed in uribl/surbl, does
that make it a
...
Is foo.tld=bar a valid hostname part in a URI? I doubt that. now, would
a MUA show that as a URI followed by bar?
I think that SA should provide an option to enable/disable:
uri_broken_mua, so that people not caring for broken MUAs can avoid
such false positives.
How about the case
I'm getting false positives for SARE_URI_EQUALS, which scores 5 and is
therefore skewing the scoring of some mail quite badly.
The weird thing is that the uris that spamassassin is complaining about
aren't uris at all. The mail in question is auto-created reports of cvs
diffs, so it's slightly
From: Chris Lear [EMAIL PROTECTED]
I'm getting false positives for SARE_URI_EQUALS, which scores 5 and is
therefore skewing the scoring of some mail quite badly.
The weird thing is that the uris that spamassassin is complaining about
aren't uris at all. The mail in question is auto-created
* jdow wrote (23/12/05 11:26):
From: Chris Lear [EMAIL PROTECTED]
I'm getting false positives for SARE_URI_EQUALS, which scores 5 and is
therefore skewing the scoring of some mail quite badly.
The weird thing is that the uris that spamassassin is complaining about
aren't uris at all. The
From: Chris Lear [EMAIL PROTECTED]
* jdow wrote (23/12/05 11:26):
From: Chris Lear [EMAIL PROTECTED]
I'm getting false positives for SARE_URI_EQUALS, which scores 5 and is
therefore skewing the scoring of some mail quite badly.
The weird thing is that the uris that spamassassin is complaining
* jdow wrote (23/12/05 12:06):
From: Chris Lear [EMAIL PROTECTED]
* jdow wrote (23/12/05 11:26):
From: Chris Lear [EMAIL PROTECTED]
I'm getting false positives for SARE_URI_EQUALS, which scores 5 and is
therefore skewing the scoring of some mail quite badly.
The weird thing is that the uris
updated.by - check http://www.tld.by/cgi-bin/registry.cgi
You'll see that update.by is a registered domain! Therefore
updated.by is indeed a URI. QED
Paul Shupak
[EMAIL PROTECTED]
Hello Chris,
Friday, December 23, 2005, 3:04:29 AM, you wrote:
CL I'm getting false positives for SARE_URI_EQUALS, which scores 5 and is
CL therefore skewing the scoring of some mail quite badly. ...
CL Does anyone have any suggestions, apart from simply reducing the
CL score for
Does anyone have any suggestions, apart from simply reducing the score
for SARE_URI_EQUALS? Is this a spamassassin bug, or is there no way to
guarantee that only real uris are parsed as such?
Several.
1.Change your report generator to remove the extraneous dot between
updated and by. Or
19 matches
Mail list logo
