Hey. Kinda feel wierd putting this up, but I guess this is the place
for it.
I've been tweaking my own spam recipes lately, and I have one false
positive I can't explain. Thought someone else here might have some
ideas. I've even tried egrepping the keys from the crypt sig, but no
hits. I need to understand this so I can improve the recipe.
Here is the recipe that caused the false positive:
#####################################
:0DBHfhw
* ^Subject:.*SEX|FREE SEX|LESBIANS| XXX |HARDCORE|GAY
| formail -Y -f -A "X-Spammer: Porn crap"
:0A
{ FOLDER=spam }
#####################################
Here is the log info:
#####################################
procmail: [57745] Fri Nov 16 10:26:15 2001
procmail: Assigning "JFDIR=/usr/local/etc/junkfilter"
procmail: Assigning "PMDIR=/usr/local/etc/junkfilter"
procmail: Assigning "LOGABSTRACT=all"
procmail: Assigning "INCLUDERC=/etc/myspamkillrc"
procmail: No match on "^Subject:.*ADV.*"
procmail: No match on "^X-Advertisement:.*"
procmail: No match on "To:.*undisclosed"
procmail: No match on "^From:.*XXX"
procmail: No match on ! "^From:.*"
procmail: No match on "Content-Type: text/html"
procmail: Match on ! "^Subject:.*spam.*"
procmail: No match on "To be removed.*(excite|aol|yahoo|netscape|juno|
china)|university diploma|university degree|one time mailing|
no need to.*remove|charset=.*ks_c_5601-1987|MONEY BACK GUARANTEE|
To be removed f(ro|or)m our (email list|mailings)|REMOVE on the subject|
cannot be considered spam|POSTMASTERDIRECT|
our records show that you have requested|your address has been registered|
click.here.*to.be.removed|Attention Site Administrators|
LEGALLY ORDAINED MINISTER|ARE YOU TIRED OF MAKING YOUR BOSS RICH|
SEND.* BULK E-MAIL LEGALLY|1-206-222-2829|service offering|
This message is an advertisement|Does this headline look familiar|
http://[0-9][0-9][0-9][0-9]|www.removeyou.com|
mailto.*Remove Me From Your List|explosivetraffic|mysprintfast|
bill.*301.*1618.*remove|charset=euc-kr|bill.*S.1618|Bill HR 1910|
Free Shopping Spree|Win \$|permanently remove|NO STRINGS attached|
Fast Cash|OptinGlobal|from future mailings|up30CREDIT CARD PROCESSING|
Credit Problems|you accept credit cards|ABSOLUTELY FREE|
to be excluded from further communication|FREE SHIPPING|
wholesale liquidators|ORDER VIAGRA ONLINE|excess (pounds|weight)|
weight loss secret|(melt|melts) away (pounds|inches)|Learn English|
HOME *EMPLOYMENT"
procmail: Match on "^Subject:.*SEX|FREE SEX|LESBIANS|XXX|HARDCORE|GAY"
procmail: Executing "formail,-Y,-f,-A,X-Spammer: Porn crap"
procmail: Assigning "FOLDER=spam"
procmail: No match on "pictures of me and my sexy friends|eroasia"
procmail: Assigning "INCLUDERC=/home/leblanc/.procmailrc"
procmail: Match on ! "trash"
procmail: No match on ! "spam"
procmail: Match on ! "trash"
procmail: No match on ! "spam"
procmail: Match on "."
procmail: Executing "deliver,-q,-m,spam,--,leblanc"
procmail: Assigning "LASTFOLDER=deliver -q -m spam -- leblanc"
Subject: Re: indexing createTimestamp
Folder: deliver -q -m spam -- leblanc 7439
#####################################
And hopefully, you will find the entire message attached.
I am at a loss, because it looks like the message has some kind of
pornographic reference, but I am unable to find it.
Any help is appreciated
Lou
--
Louis LeBlanc leblanc(_at_)keyslapper(_dot_)org
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://www.keyslapper.org ԿԬ
This is the first age that's paid much attention to the future, which
is a little ironic since we may not have one.
-- Arthur Clarke
--- Begin Message ---
John Morrissey wrote:
Is it possible to index the createTimestamp attribute? When I try to put an
equality index on that attribute, slapd complains:
Starting slapd: /etc/openldap/slapd.conf: line 55: equality index of
attribute "createTimestamp" disallowed
Check teh schema file,
find the createTimestamp attribute
and see what indexes are allowed/disallowed
It should be somewhere there
thanks,
john
Kuba
smime.p7s
Description: S/MIME Cryptographic Signature
--- End Message ---