You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Tony Finch <do...@dotat.at> on 2013/10/02 13:30:50 UTC
false positive: KHOP_BIG_TO_CC
We've had a report from a user about a false positive involving
KHOP_BIG_TO_CC which has a score of 3.4. This seems like an excessive
penalty for perfectly reasonable behaviour.
header KHOP_BIG_TO_CC ToCc =~ /(?:[^,\@]{1,60}\@[^,]{4,25},){10}/
describe KHOP_BIG_TO_CC Sent to 10+ recipients instaed of Bcc or a list
score KHOP_BIG_TO_CC 3.199 3.399 3.199 3.399
Tony.
--
f.anthony.n.finch <do...@dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
Re: false positive: KHOP_BIG_TO_CC
Posted by Benny Pedersen <me...@junc.eu>.
John Hardin skrev den 2013-10-03 02:55:
>>> header KHOP_BIG_TO_CC ToCc =~
>>> /(?:[^,\@]{1,60}\@[^,]{4,25},){10}/
>>> describe KHOP_BIG_TO_CC Sent to 10+ recipients instaed of Bcc or
>>> a list
>>> score KHOP_BIG_TO_CC 3.199 3.399 3.199 3.399
>>
>> score KHOP_BIG_TO_CC (-1.5) (-1.5) (-1.5) (-1.5)
>
> ...are you being sarcastic?
is this aloowed ? :=)
Re: false positive: KHOP_BIG_TO_CC
Posted by John Hardin <jh...@impsec.org>.
On Thu, 3 Oct 2013, Benny Pedersen wrote:
> Tony Finch skrev den 2013-10-02 13:30:
>> We've had a report from a user about a false positive involving
>> KHOP_BIG_TO_CC which has a score of 3.4. This seems like an excessive
>> penalty for perfectly reasonable behaviour.
>>
>> header KHOP_BIG_TO_CC ToCc =~ /(?:[^,\@]{1,60}\@[^,]{4,25},){10}/
>> describe KHOP_BIG_TO_CC Sent to 10+ recipients instaed of Bcc or a list
>> score KHOP_BIG_TO_CC 3.199 3.399 3.199 3.399
>
> score KHOP_BIG_TO_CC (-1.5) (-1.5) (-1.5) (-1.5)
...are you being sarcastic?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The social contract exists so that everyone doesn't have to squat
in the dust holding a spear to protect his woman and his meat all
day every day. It does not exist so that the government can take
your spear, your meat, and your woman because it knows better what
to do with them. -- Dagny @ Ace of Spades
-----------------------------------------------------------------------
2 days until the 9th anniversary of SpaceshipOne winning the X-prize
Re: false positive: KHOP_BIG_TO_CC
Posted by Benny Pedersen <me...@junc.eu>.
Tony Finch skrev den 2013-10-02 13:30:
> We've had a report from a user about a false positive involving
> KHOP_BIG_TO_CC which has a score of 3.4. This seems like an excessive
> penalty for perfectly reasonable behaviour.
>
> header KHOP_BIG_TO_CC ToCc =~ /(?:[^,\@]{1,60}\@[^,]{4,25},){10}/
> describe KHOP_BIG_TO_CC Sent to 10+ recipients instaed of Bcc or a
> list
> score KHOP_BIG_TO_CC 3.199 3.399 3.199 3.399
score KHOP_BIG_TO_CC (-1.5) (-1.5) (-1.5) (-1.5)
in local.cf or user_prefs should solve it
Re: false positive: KHOP_BIG_TO_CC
Posted by Tom Hendrikx <to...@whyscream.net>.
Hi,
Raising an old thread again, I'm also seeing FPs on this one. No real
changes have been made as far as I can see: a high score and no increase
of number of recipients (nor anything else)...
Regards,
Tom
On 10/02/2013 01:37 PM, Daniel McDonald wrote:
> On 10/2/13 6:30 AM, "Tony Finch" <do...@dotat.at> wrote:
>
>> We've had a report from a user about a false positive involving
>> KHOP_BIG_TO_CC which has a score of 3.4. This seems like an excessive
>> penalty for perfectly reasonable behaviour.
>
> I've also seen false positives on this. I was going to change it to 25
> addresses locally, but haven't gotten around to it yet.
>
>>
>> header KHOP_BIG_TO_CC ToCc =~ /(?:[^,\@]{1,60}\@[^,]{4,25},){10}/
>> describe KHOP_BIG_TO_CC Sent to 10+ recipients instaed of Bcc or a list
>> score KHOP_BIG_TO_CC 3.199 3.399 3.199 3.399
>>
>> Tony.
>
Re: false positive: KHOP_BIG_TO_CC
Posted by Daniel McDonald <da...@austinenergy.com>.
On 10/2/13 6:30 AM, "Tony Finch" <do...@dotat.at> wrote:
> We've had a report from a user about a false positive involving
> KHOP_BIG_TO_CC which has a score of 3.4. This seems like an excessive
> penalty for perfectly reasonable behaviour.
I've also seen false positives on this. I was going to change it to 25
addresses locally, but haven't gotten around to it yet.
>
> header KHOP_BIG_TO_CC ToCc =~ /(?:[^,\@]{1,60}\@[^,]{4,25},){10}/
> describe KHOP_BIG_TO_CC Sent to 10+ recipients instaed of Bcc or a list
> score KHOP_BIG_TO_CC 3.199 3.399 3.199 3.399
>
> Tony.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281