On Fri, 7 Jun 2019, Henrik K wrote:
On Fri, Jun 07, 2019 at 07:48:56AM -0700, John Hardin wrote:
On Fri, 7 Jun 2019, Henrik K wrote:
Just committed a simple log suppressor for these kinds of spam..
Jun 7 11:25:44.264 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.264 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.264 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.264 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.265 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.265 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.265 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.265 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.265 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.265 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e"
Jun 7 11:25:44.269 [1569] dbg: --- last message repeated 21 times ---
Veto doing that. That information is very useful when debugging rules.
Well the information is there. In many places. You are saying you are
consistently using things like spamassassin -t -D | grep __LOWER_E | wc -l
to debug your rules?
If I'm working on a multiple rule that is something complex (like the text
variations in the bitcoin extortion and fraud rules) then I want to see
all the hits and, more importantly, what hit on each.
Now if the hits were duplicates, and we logged something like:
Jun 7 11:25:44.265 [1569] dbg: rules: ran body rule __LOWER_E ======> got hit:
"e" (100)
...where we're not collapsing on solely the rule name, I'd accept that.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The ["assault weapons"] ban is the moral equivalent of banning red
cars because they look too fast. -- Steve Chapman, Chicago Tribune
-----------------------------------------------------------------------
3 days until the 52nd anniversary of Israel's victory in the Six-Day War
