On Wed, 28 Apr 2021 18:20:08 +0200
Benny Pedersen wrote:
> On 2021-04-28 16:57, Matus UHLAR - fantomas wrote:
>
> > i was curious too, and found this:
> >
> > tflags SYMBOLIC_TEST_NAME flags
> > nice
> > The test is intended to compensate for common false
> >
On 28 Apr 2021, at 9:54, Alex wrote:
Hi,
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen
list
manager
I have disabled his rule some time ago.
Many spammers use mailing list or their signatures.
Where is the score coming from for this rule?
On 2021-04-28 16:57, Matus UHLAR - fantomas wrote:
i was curious too, and found this:
tflags SYMBOLIC_TEST_NAME flags
nice
The test is intended to compensate for common false
positives,
and should be assigned a negative score.
what will nice do
>-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
>manager
I have disabled his rule some time ago.
Many spammers use mailing list or their signatures.
On 28.04.21 09:54, Alex wrote:
Where is the score coming from for this rule? There isn't
On 27 Apr 2021, at 23:01, John Hardin wrote:
What catches my eye about that header is that it appears to be base64
encoded, and is *not* "properly" annotated with a character set
Indeed, all of the examples decode to strings matching
'\d{7}-\d{3,6}-\d{2}'
--
Bill Cole
b...@scconsult.com or
On Wed, 28 Apr 2021, Giovanni Bechis wrote:
On 4/28/21 11:44 AM, Matus UHLAR - fantomas wrote:
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
I have disabled his rule some time ago.
Many spammers use mailing list or their
Hi,
> >-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
> >manager
>
> I have disabled his rule some time ago.
> Many spammers use mailing list or their signatures.
Where is the score coming from for this rule? There isn't an explicit
"score"
On 2021-04-28 13:10, Giovanni Bechis wrote:
~8% of my daily spam hits MAILING_LIST_MULTI and only 0.2% hits both
MAILING_LIST_MULTI and FREEMAIL_FROM for me.
meta DIRECT_MAILLIST_NOT_FREEMAIL_FROM (MAILING_LIST_MULTI &&
!(FREEMAIL_FROM || DKIM_VALID_EF))
DKIM_VALID_EF is valid only on
On 4/28/21 12:59 PM, Matus UHLAR - fantomas wrote:
>>> On 4/28/21 11:44 AM, Matus UHLAR - fantomas wrote:
> -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
> manager
I have disabled his rule some time ago.
Many spammers use
On 4/28/21 11:44 AM, Matus UHLAR - fantomas wrote:
-1.0 MAILING_LIST_MULTI Multiple indicators imply a
widely-seen list
manager
I have disabled his rule some time ago.
Many spammers use mailing list or their signatures.
On 2021-04-28 11:55, Giovanni Bechis
On 2021-04-28 11:55, Giovanni Bechis wrote:
On 4/28/21 11:44 AM, Matus UHLAR - fantomas wrote:
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen
list
manager
I have disabled his rule some time ago.
Many spammers use mailing list or their
On 4/28/21 11:44 AM, Matus UHLAR - fantomas wrote:
>
>> -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
>> manager
>
> I have disabled his rule some time ago.
> Many spammers use mailing list or their signatures.
Same here, is it worth to keep
On 27.04.21 12:51, Steve Dondley wrote:
Spam report:
Content analysis details: (-2.3 points, 5.0 required)
pts rule name description
--
--
-2.5 RCVD_IN_HOSTKARMA_WRBL: Sender listed in HOSTKARMA-WHITE
On Tue, 27 Apr 2021, @lbutlr wrote:
On 27 Apr 2021, at 11:57, Steve Dondley wrote:
On 2021-04-27 01:19 PM, Dave Wreski wrote:
Invalid List-ID. You can then use that with other weirdness in a meta.
header__LIST_ID_DOMAIN_IN_BRACKETS List-id =~ /<([\w-]+)(\.[\w-]+)+>/
meta
On 27 Apr 2021, at 11:57, Steve Dondley wrote:
> On 2021-04-27 01:19 PM, Dave Wreski wrote:
>> Invalid List-ID. You can then use that with other weirdness in a meta.
>> header__LIST_ID_DOMAIN_IN_BRACKETS List-id =~ /<([\w-]+)(\.[\w-]+)+>/
>> meta LIST_ID_IMPROPER_FORMAT __HAS_LIST_ID &&
On 2021-04-27 03:03 PM, Dave Wreski wrote:
Invalid List-ID. You can then use that with other weirdness in a
meta.
header __LIST_ID_DOMAIN_IN_BRACKETS List-id =~
/<([\w-]+)(\.[\w-]+)+>/
meta LIST_ID_IMPROPER_FORMAT __HAS_LIST_ID &&
!__LIST_ID_DOMAIN_IN_BRACKETS
score
Invalid List-ID. You can then use that with other weirdness in a meta.
header __LIST_ID_DOMAIN_IN_BRACKETS List-id =~
/<([\w-]+)(\.[\w-]+)+>/
meta LIST_ID_IMPROPER_FORMAT __HAS_LIST_ID &&
!__LIST_ID_DOMAIN_IN_BRACKETS
score LIST_ID_IMPROPER_FORMAT 0.001
describe
Hi,
Investigate adding the SEM_FRESH rules - this domain was created less
than five days ago.
https://spameatingmonkey.com/services
OK, how do I get those rules installed? I've only installed KAM rules
using a channel. I don't see anything similar for SEM rules. I see the
page you linked to
On 2021-04-27 02:23 PM, Reindl Harald wrote:
Am 27.04.21 um 19:57 schrieb Steve Dondley:
On 2021-04-27 01:19 PM, Dave Wreski wrote:
Investigate adding the SEM_FRESH rules - this domain was created less
than five days ago.
https://spameatingmonkey.com/services
OK, how do I get those rules
On 2021-04-27 01:19 PM, Dave Wreski wrote:
-2.5 RCVD_IN_HOSTKARMA_W RBL: Sender listed in HOSTKARMA-WHITE
[185.41.28.7 listed in
hostkarma.junkemailfilter.com]
We've reduced this score to -1 locally.
-1.0 BAYES_00 BODY: Bayes spam probability is 0
Steve Dondley writes:
> On 2021-04-27 01:12 PM, Greg Troxel wrote:
>> As always, if you have a problem stemming from a dns-based or similar
>> reputation list, you need to report problems to those lists.
>>
>> If you aren't running greylisting with aggressive delays for SBL/XBL
>> and
>>
On 2021-04-27 01:12 PM, Greg Troxel wrote:
As always, if you have a problem stemming from a dns-based or similar
reputation list, you need to report problems to those lists.
If you aren't running greylisting with aggressive delays for SBL/XBL
and
moderate for dialup, do that too.
What does
-2.5 RCVD_IN_HOSTKARMA_W RBL: Sender listed in HOSTKARMA-WHITE
[185.41.28.7 listed in
hostkarma.junkemailfilter.com]
We've reduced this score to -1 locally.
-1.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
Needs to be trained, obviously.
On 2021-04-27 18:51, Steve Dondley wrote:
Got this: https://pastebin.com/Gfz951dh
Spam report:
Content analysis details: (-2.3 points, 5.0 required)
pts rule name description
--
--
-2.5
As always, if you have a problem stemming from a dns-based or similar
reputation list, you need to report problems to those lists.
If you aren't running greylisting with aggressive delays for SBL/XBL and
moderate for dialup, do that too.
signature.asc
Description: PGP signature
Got this: https://pastebin.com/Gfz951dh
Spam report:
Content analysis details: (-2.3 points, 5.0 required)
pts rule name description
--
--
-2.5 RCVD_IN_HOSTKARMA_WRBL: Sender listed in
26 matches
Mail list logo
