Michael Dilworth wrote on Sat, 27 Feb 2010 18:45:20 -0800:
rawbody STYLE_IN_BODY /\body\.*\style\/si not match?
because the HTML doesn't contain style? Maybe you wanted:
rawbody STYLE_IN_BODY /\body\.*\style.*\/si
Also, you don't have to escape the angle brackets, just makes the
expression
Daryl C. W. O'Shea wrote:
Are you still having this issue?
yes indeed
Wow. That's an incredibly bad idea. Allowing sa-update to install
Perl, or other, code (--allowplugins) without verifying that the code is
signed (--nogpg) is pretty risky. If a mirror gets hacked you'll run
On getting pgp to work... Following HOWTO at
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
wget http://daryl.dostech.ca/sa-update/sare/GPG.KEY; worked fine
$ sa-update --import GPG.KEY
gpg: keyblock resource
`/usr/local/etc/mail/spamassassin/sa-update-keys/secring.gpg': No
nevermind, it eventually created the directory and jeyring files... not
quite sure how that happened..
Lee Dilkie wrote:
On getting pgp to work... Following HOWTO at
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
wget http://daryl.dostech.ca/sa-update/sare/GPG.KEY; worked
Hi all.
I've very recently had the problem of sorting out my work's email spam
dropped on my lap and to be honest, I know a little but a little knowledge
can be a dangerous thing...
Anyhow.
Having spent the last few days making as sure as I can be that the network
and exchange is all up to
On Sun, 2010-02-28 at 05:50 -0800, damuz wrote:
Having spent the last few days making as sure as I can be that the network
and exchange is all up to date I'm now looking at our email hosting and
seeing what can be done there to cut things down a bit.
Enabling the spamassassin (which was
Hi - I created a FULL rule that works fine with html in plain text.
However, if the html is base64 encoded, FULL rules don't appear to
work. A RAWBODY rule doesn't work either, because it doesn't ignore
line breaks. Any ideas? Thanks. - Mark
On Sat, 27 Feb 2010, Michael Dilworth wrote:
style
garbage...
/style
If you're looking for nonsense STYLE content, take a look in my sandbox.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key:
On Sun, 2010-02-28 at 12:00 -0500, Mark London wrote:
Hi - I created a FULL rule that works fine with html in plain text.
However, if the html is base64 encoded, FULL rules don't appear to
work. A RAWBODY rule doesn't work either, because it doesn't ignore
line breaks. Any ideas?
full
On søn 28 feb 2010 18:00:13 CET, Mark London wrote
Hi - I created a FULL rule that works fine with html in plain text.
However, if the html is base64 encoded, FULL rules don't appear to
work. A RAWBODY rule doesn't work either, because it doesn't ignore
line breaks. Any ideas?
ripmime
On Sun, 2010-02-28 at 18:23 +0100, Benny Pedersen wrote:
On søn 28 feb 2010 18:00:13 CET, Mark London wrote
Hi - I created a FULL rule that works fine with html in plain text.
However, if the html is base64 encoded, FULL rules don't appear to
work. A RAWBODY rule doesn't work
/s didn't appear to work for rawbody in version 3.1.8 But I just tried
it on a different system running 3.2.5, and it works there. Sorry about
posting my question before testing my problem on a newer version! - Mark
Karsten Bräckelmann wrote:
On Sun, 2010-02-28 at 12:00 -0500, Mark London
I believe I checked 916929: 2010-02-27 08:50:01 twice today, and got
different numbers each time. Is that because it wasn't complete? Is there
a way to tell if it's complete?
Also, Is there no preflight check data, only nightlies and weekly
network checks?
I'm probably going to end up
On Fri, Feb 26, 2010 at 4:38 PM, Benny Pedersen m...@junc.org wrote:
I do the following but from my MTA. I don't know if you're using
Postfix or Sendmail but I have the following 'helo_checks.pcre' in my
Postfix directory:
/^localhost$/ 550 Don't use my own domain
Martin Gregorie-2 wrote:
How is SA used by your hosted email MTA, IOW is Spamassasin called in
pre-queue before the mail has been accepted or is it called later?
How much control do you have over that server? Can you set up
grey-listing for your domain on it?
If you're getting
On 2/28/2010 11:35 AM, Carlos Williams wrote:
On Fri, Feb 26, 2010 at 4:38 PM, Benny Pedersenm...@junc.org wrote:
I do the following but from my MTA. I don't know if you're using
Postfix or Sendmail but I have the following 'helo_checks.pcre' in my
Postfix directory:
/^localhost$/
On 2/28/2010 8:50 AM, damuz wrote:
Hi all.
I've very recently had the problem of sorting out my work's email spam
dropped on my lap and to be honest, I know a little but a little knowledge
can be a dangerous thing...
Anyhow.
Having spent the last few days making as sure as I can be that
On Sun, 2010-02-28 at 12:13 -0800, an anonymous Nabble user wrote:
Martin Gregorie wrote:
It would be better to let the MTA reject unknown users as part of
pre-queue processing because that puts less processing load on the main
chain. Do you have enough access to do this?
Since you didn't
Karsten Bräckelmann-2 wrote:
Since you didn't get back to this part, to translate it: Do not use
catch-all.
What I recall from your initial post, I also wondered whether you are
accepting *all* messages to *any* address, including non-existent ones.
Catch-all.
If you do, don't. But
Folks,
For what ever reason, my sa-update to 3.30 has buggered itself. In my
efforts to debug it's now at the situation that SA has no rules to run
and I'm getting swamped.
How, if it's possible, can I tell SA and sa-update to use the 3.2
version of the ruleset? Simply deleting the tree and
On søn 28 feb 2010 20:35:51 CET, Carlos Williams wrote
/^mail\.ideorlando.\org$/ 550 Don't use my own hostname!
one more error :)
Where and what is the error? Can you show me what you're finding wrong
in my syntax?
/^mail\.ideorlando\.org$/ 550 Don't use my own hostname!
I'm seeing a spate of PayPal/bank phishes that use an html attachment
(base-64 encoded) as the vehicle for the payload.
The body has some innocuous verbiage about problems with the recipients
account and an admonition to complete the attached form to remove
the limitations.
The attached form is
On Sun, 28 Feb 2010, David B Funk wrote:
Is there any way to get SA to treat that attachment as text to feed to
the rule engine?
I've suggested this before, but the current position appears to be if the
MUA doesn't display it automatically, why should we scan it?
Justin, I would
On Sun, 2010-02-28 at 18:44 -0500, Lee Dilkie wrote:
For what ever reason, my sa-update to 3.30 has buggered itself. In my
efforts to debug it's now at the situation that SA has no rules to run
and I'm getting swamped.
The first sentence is seriously confusing. You can not sa-update to
3.3.0.
On man 01 mar 2010 02:37:37 CET, John Hardin wrote
I've suggested this before, but the current position appears to be
if the MUA doesn't display it automatically, why should we scan it?
same goes for just enter this url when the sender was tired of doing
it right, fuzzyocr solved this
On 28-Feb-10 17:25, David B Funk wrote:
I'm seeing a spate of PayPal/bank phishes that use an html attachment
(base-64 encoded) as the vehicle for the payload.
SPF!
runs; ducking, shucking, and weaving
Is there any way to get SA to treat that attachment as text to feed to
the rule engine?
26 matches
Mail list logo