On 2018-11-16 09:52, Matus UHLAR - fantomas wrote: > such spam should be filtered at mailing list level before this happens.
And it almost always is. Not in this case. > what can help you > - BAYES understood, I am trying to do without Bayes for now, because I want to avoid the maintenance (training and, especially, expiring). > - network rules those are on > - URI blacklists those are on > did you enable/install razor, pyzor, dcc, spf and dkim libraries? not dcc, but it would be useless in this case (mailing list is bulk by definition). The others are on. > apparently it does not contain any URI. It does. Two web (bitly, masking a redirection to Facebook; plus wecareusa) and one mailto. Three followup questions about this last point: 1. Am I correct in assuming that SA decodes base64 MIME parts so it does act on these links? Reading the -D output surely indicates so. 2. I remember some discussion here about following shortener links like bitly. What is the resolution of that? Does SA currently (as of 3.4.2) follow such links, to see (for example) that the link in my spample led to Facebook? 3. The documentation for the HashBL plugin shows how to set it up to check addresses from headers. Is there a way to also check addresses from mailto links in the body? If not now, is anything like that planned for upcoming releases? Thanks -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
