Hi,
I'm having some additional difficulty with body URI rules and hoped
someone could help.
rawbody __BODY_ONLY_URI
/^[^a-z]{0,10}(http:\/\/|www\.)(\w+\.)+(com|net|org|biz|cn|ru)\/?[^
]{0,20}[a-z]{0,10}$/msi
This doesn't seem to catch a quoted-printable body and I can't figure
out how to
On 3/23/2010 2:49 PM the voices made Charles Gregory write:
On Tue, 23 Mar 2010, Alex wrote:
This is what I have:
/^[^a-z]{0,10}(http:\/\/|www\.)(\w+\.)+(com|net|org|biz|cn|ru)\/?[^
]{0,20}[a-z]{0,10}$/msi
My bad. I got an option wrong. Please remove the 'm' above.
I always get it backwards.
Hi Charles,
/^[^a-z]{0,10}(http:\/\/|www\.)(\w+\.)+(com|net|org|biz|cn|ru)\/?[^
]{0,20}[^a-z]{0,10}$/msi
This allows for some amount (up to ten chars?) of text before and
after the URI if I'm reading that right, correct?
Nope. With the /ms flags ^ and $ at beginning and end match the
On Tue, 2010-03-23 at 13:18 -0400, Alex wrote:
Hi Charles,
/^[^a-z]{0,10}(http:\/\/|www\.)(\w+\.)+(com|net|org|biz|cn|ru)\/?[^
]{0,20}[^a-z]{0,10}$/msi
This is what I have:
/^[^a-z]{0,10}(http:\/\/|www\.)(\w+\.)+(com|net|org|biz|cn|ru)\/?[^
]{0,20}[a-z]{0,10}$/msi
^
On Tue, 23 Mar 2010, Alex wrote:
This is what I have:
/^[^a-z]{0,10}(http:\/\/|www\.)(\w+\.)+(com|net|org|biz|cn|ru)\/?[^
]{0,20}[a-z]{0,10}$/msi
My bad. I got an option wrong. Please remove the 'm' above.
I always get it backwards. According to 'man perlre' (the definitive
resource for SA
On Mon, 22 Mar 2010, Alex wrote:
rawbody __BODY_ONLY_URI
/^[^a-z]{0,10}(http:\/\/|www\.)(\w+\.)+(com|net|org|biz|cn|ru)\/?[^
]{0,20}[^a-z]{0,10}$/msi
This allows for some amount (up to ten chars?) of text before and
after the URI if I'm reading that right, correct?
Nope. With the /ms flags ^
Hi,
Lots of ham may contain a URI, but how much ham contains ONLY a URI?
Rough outline of rule, untested.
rawbody __BODY_ONLY_URI
/^[^a-z]{0,10}(http:\/\/|www\.)(\w+\.)+(com|net|org|biz|cn|ru)\/?[^
]{0,20}[a-z]{0,10}$/msi
Combine that with 'frequent abusers' like Yahoo, and you've
On Thu, 18 Mar 2010, Ned Slider wrote:
If that's not an option, how about a meta rule for FROM_YAHOO and
__HAS_ANY_URI (this rule exists in SA).
Lots of ham may contain a URI, but how much ham contains ONLY a URI?
Rough outline of rule, untested.
rawbody __BODY_ONLY_URI
Hi,
I'm having a real problem with this persistent spam that contains just
a URL as the body, and is always from yahoo. I've got an example here:
http://pastebin.com/UqzhDHEu
'example.com' is my change. I'm using SA v3.2.5 with postfix/amavis.
I'm concerned that the bayes score is always low. I
On Thu, 2010-03-18 at 18:05 -0400, Alex wrote:
Hi,
I'm having a real problem with this persistent spam that contains just
a URL as the body, and is always from yahoo. I've got an example here:
http://pastebin.com/UqzhDHEu
'example.com' is my change. I'm using SA v3.2.5 with
On Thu, 18 Mar 2010 22:31:04 +
Martin Gregorie mar...@gregorie.org wrote:
There's something odd about the message as posted: I'm getting hits on
MISSING_SUBJECT and MISSING_DATE (SA 3.3.0).
Some of the wrapped headers aren't properly indented. Probably happened
on editing.
11 matches
Mail list logo