[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-users
Subject: Re: From header required
From: Benny Pedersen <me () junc ! eu>
Date: 2013-07-14 21:10:11
Message-ID: 3d303500daff6ac45477cfc0dcf2fcc9 () junc ! eu
[Download RAW message or body]
Karsten Bräckelmann skrev den 2013-07-11 04:57:
> I left that out deliberately, because it is >= 3.4 IIRC, not 3.3. And
> with a rather limited string like ALL, headers only, it hardly is
> worth
> the additional maxhit test for each match anyway.
maxhits is a chicken and egg problem on its own, pcre will be wasted
before we can limit with maxhits, or is there some magic sa use to limit
pcre ?
>> and i have head attache with abcde.html 5 chars matching in urls
>> like
>> http://example.org/abcde.html
>> all i tryed fails
> Sorry, I don't get what you're about. "5 chars matching", URL?
yep failing rule creating in another problem i like to create a rule
for, random url domains with exactly 5 chars and a dot ending in either
html or htm, now that spammer know i know possible this will stop :)
rawbody 5STARS /[a-z]{5}\.(html|htm)/i
not ok ?
> One time? The OP from Andreas states the following:
> Are there SA Rules to score a missing or multiple from header?
yep, what i had was rules for From: in 2 header lines, not From: with
multiple senders
> What do you mean, not necessary because one time?
multiple From: is long gone, but replaced by multiple senders in one
From: line
> That reads zero or more than one time to me.
wish there was more corpus samples from Andreas :)
> Which is the exact opposite of what you just wrote. No?
lost in thread now :(
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic