Well Gosh,
* 2.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in
* digit (mb2365[at]gmail.com)
I swear when I recently helped a loved one apply for a Gmail account,
Gmail offered names like vippenheimer321, snordsberd123,
nipplovitz246, as the non
On lør 17 apr 2010 12:26:35 CEST, wrote
Anyway, It's
score FREEMAIL_ENVFROM_END_DIGIT 0.1
for me from now on.
add to that rule
else
score
gmail is both spf and dkim meta this for this score in a else, where
one score is real users that use gmail properly, and one that dont :=)
so here
On 4/17/2010 6:26 AM, jida...@jidanni.org wrote:
Well Gosh,
* 2.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in
* digit (mb2365[at]gmail.com)
I swear when I recently helped a loved one apply for a Gmail account,
Gmail offered names like
SA 3.3.0, Mandriva 2010, not a mail server just a single user desktop.
As shown below the ham/spam scan times have been increasing steadily
since the 4th of April and I can't figure out why. I have named running
as a local caching name server
04/04/2010
Email: 23 Autolearn: 0 AvgScore:
add to that rule
else
score
gmail is both spf and dkim meta this for this score in a
else, where one score is real users that use gmail properly,
and one that dont :=)
so here the rule will give 2 scores when it mathes depending
on dkim/spf pass
benny,
what do you mean
Hi,
I'm hoping someone can help me with a rule to catch URI spam variation
from freemail domains:
http://pastebin.com/SkrKykYj
This one is another urlshortener. How is this class of redirection
spam being stopped by everyone these days?
I've tried to adapt the ones I have, but this is very
On Sat, 17 Apr 2010, Alex wrote:
I'm hoping someone can help me with a rule to catch URI spam variation
from freemail domains:
http://pastebin.com/SkrKykYj
You might want to look into the old Chickenpox rule.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
On lør 17 apr 2010 20:04:58 CEST, R-Elists wrote
i am asking for list archive reasons because you do not make it 100% clear
to those that dont havea clue
meta FREEMAIL_ENVFROM_END_DIGIT_UNPAID (FREEMAIL_ENVFROM_END_DIGIT
(SPF_PASS || DKIM_VALID))
score FREEMAIL_ENVFROM_END_DIGIT_UNPAID
Hi,
http://pastebin.com/SkrKykYj
You might want to look into the old Chickenpox rule.
Yes, big help. That did it, using the default scores. This was written
a number of years ago. Do you think it's still safe to use the default
scores?
I still wish I had a better grasp on regex so I could
Hi Adam,
Some time ago you posted that you were investigating the stats and
effectiveness of a few rules in your masschecks sandbox, and thought I
would see if you had made any progress, and found anything helpful?
Posted below...
Thanks,
Alex
On Mon, Nov 23, 2009 at 8:34 PM, Adam Katz
On Sat, 17 Apr 2010, Alex wrote:
http://pastebin.com/SkrKykYj
You might want to look into the old Chickenpox rule.
Yes, big help. That did it, using the default scores. This was written
a number of years ago. Do you think it's still safe to use the default
scores?
I think the problems
On tir 13 apr 2010 16:57:26 CEST, Patrick Schmidt wrote
Do SPF_FAIL hit, because of SPF_HELO_FAIL or the existing SPF record of
mail.isrigb.co.uk ?
i have seen SPF_PASS with a SPF_HELO_FAIL
meta SPF_FULL_PASS (SPF_PASS SPF_HELO_PASS)
describe SPF_FULL_PASS Meta: both spf test got pass
You might want to look into the old Chickenpox rule.
On 04/17/2010 03:04 PM, Alex wrote:
Yes, big help. That did it, using the default scores. This was
written a number of years ago. Do you think it's still safe to use
the default scores?
NO!
I put some of the (previously) better-performing
Hi,
Yes, big help. That did it, using the default scores. This was
written a number of years ago. Do you think it's still safe to use
the default scores?
NO!
I put some of the (previously) better-performing chickenpox rules into
my sandbox a while ago to investigate this. It's still
On fre 16 apr 2010 15:19:59 CEST, John Hardin wrote
Fix your glue to bypass SA on list-id and received.
when i need it i will, maillists that talk about spam also have ham so
not a big problem for me to not fix it :=)
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
On Sat, 17 Apr 2010, Benny Pedersen wrote:
meta SPF_FULL_PASS (SPF_PASS SPF_HELO_PASS)
if one of the corpus maintainers like to add it into there rule set, then
please do, John ?
Checked into my sandbox as __SPF_FULL_PASS
It should appear on ruleqa in a couple of days.
--
John Hardin
All I know is my friend send me a mail from her FROM_END_DIGIT account
there at Gmail, and there was
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;...
DomainKey-Signature: a=rsa-sha1; c=nofws;...
in the headers too even. And still it got slapped with
17 matches
Mail list logo
