[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: From header required
From:       Benny Pedersen <me () junc ! eu>
Date:       2013-07-14 21:10:11
Message-ID: 3d303500daff6ac45477cfc0dcf2fcc9 () junc ! eu
[Download RAW message or body]

Karsten Bräckelmann skrev den 2013-07-11 04:57:

> I left that out deliberately, because it is >= 3.4 IIRC, not 3.3. And
> with a rather limited string like ALL, headers only, it hardly is 
> worth
> the additional maxhit test for each match anyway.

maxhits is a chicken and egg problem on its own, pcre will be wasted 
before we can limit with maxhits, or is there some magic sa use to limit 
pcre ?

>> and i have head attache with abcde.html 5 chars matching in urls 
>> like
>> http://example.org/abcde.html
>> all i tryed fails
> Sorry, I don't get what you're about. "5 chars matching", URL?

yep failing rule creating in another problem i like to create a rule 
for, random url domains with exactly 5 chars and a dot ending in either 
html or htm, now that spammer know i know possible this will stop :)

rawbody 5STARS /[a-z]{5}\.(html|htm)/i

not ok ?

> One time? The OP from Andreas states the following:
> Are there SA Rules to score a missing or multiple from header?

yep, what i had was rules for From: in 2 header lines, not From: with 
multiple senders

> What do you mean, not necessary because one time?

multiple From: is long gone, but replaced by multiple senders in one 
 From: line

> That reads zero or more than one time to me.

wish there was more corpus samples from Andreas :)

> Which is the exact opposite of what you just wrote. No?

lost in thread now :(
[prev in list] [next in list] [prev in thread] [next in thread]