-Original Message-
From: Christian Recktenwald [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 16, 2006 2:13 AM
To: David B Funk
Cc: users@spamassassin.apache.org
Subject: Re: simple TZ test (Re: current stock scams are easy to spot)
On Wed, Nov 15, 2006 at 11:14:12PM -0600
Michael Scheidell wrote:
Maybe extent the regex?
I'm using /\s[+-]\d\d(?!00|30|45)\d\d$/ which seems to be working well
(though so far all the spam it's hit has been scored pretty high by
other rules anyway).
John.
--
-- Over 3000 webcams from ski resorts around the world -
John Wilcock writes:
Michael Scheidell wrote:
Maybe extent the regex?
I'm using /\s[+-]\d\d(?!00|30|45)\d\d$/ which seems to be working well
(though so far all the spam it's hit has been scored pretty high by
other rules anyway).
SVN trunk has:
header AXB_FAKETZ Date =~
On Thu, 16 Nov 2006, Christian Recktenwald wrote:
On Wed, Nov 15, 2006 at 11:14:12PM -0600, David B Funk wrote:
You're trying too hard.
Look at that 'Date:' header, they've got a bogus time-zone value.
It's syntactically RFC-2822 correct but nonsense.
(One of my favorites was -0480 ;)
On 11/16/2006 12:55 PM, Justin Mason wrote:
John Wilcock writes:
Michael Scheidell wrote:
Maybe extent the regex?
I'm using /\s[+-]\d\d(?!00|30|45)\d\d$/ which seems to be working well
(though so far all the spam it's hit has been scored pretty high by
other rules anyway).
SVN trunk has:
On Fri, 10 Nov 2006, Tony Finch wrote:
They have a forged Received: line which has a by field containing the
domain of the recipient address, a for field which matches the From:
header, and an id field of the form XX-XX-XX (similar to Exim's
queue IDs, though Exim IDs are always
On Wed, Nov 15, 2006 at 11:14:12PM -0600, David B Funk wrote:
You're trying too hard.
Look at that 'Date:' header, they've got a bogus time-zone value.
It's syntactically RFC-2822 correct but nonsense.
(One of my favorites was -0480 ;)
Simple rule, so far no FPs:
# bogus timzones in
Loren Wilton writes:
Well, that's all fine and dandy, but what do we do about them?
Since we know they all have a common element, we need to figure out a way
to stop them using that info.
Well, just from the description and knowing the existance of header ALL,
it would be
They have a forged Received: line which has a by field containing the
domain of the recipient address, a for field which matches the From:
header, and an id field of the form XX-XX-XX (similar to Exim's
queue IDs, though Exim IDs are always 1X-0X-XX).
Received: from
Well, that's all fine and dandy, but what do we do about
them? Since we know they all have a common element, we need to figure out
a way to stop them using that info.
At 04:03 PM 11/10/2006 +, Tony Finch wrote:
They have a forged Received: line which has a by field containing
Well, that's all fine and dandy, but what do we do about them?
Since we know they all have a common element, we need to figure out a way
to stop them using that info.
Well, just from the description and knowing the existance of header ALL,
it would be pretty trivial to write about
11 matches
Mail list logo