Re: Custome rule problem. Resolved
On Thu, 19 Feb 2009 08:01:48 -0800 (PST), John Hardin jhar...@impsec.org wrote: On Thu, 19 Feb 2009, Nigel Frankcom wrote: Testing was done through spamassassin --lint and with debug. I used a mail that *should* have hit the rules. --lint is not for testing rule performance, as it uses an internally-generated test message. It's just to check for syntax errors. As has been requested, can you post a complete sample message on pastebin for us to see? Many thanks to all... I have the rule working. As usual it was a syntactical error (typo). For anyone else getting the live.com emails with google groups links the following works: # Live.com spam #rev: #Nigel Frankcom: 19/02/2009 12:56:07~ works with 3.0.x, 3.1.x, 3.2.x # Tested on 3.0.4, 3.0.5, 3.1.0, 3.2.x header __NFheader ALL =~ /live\.com/i uri __NFuri m{^https?\://www\.google\.com/groups?}i meta NFheader_Details (__NFheader __NFuri) describe NFheader_Details live dot com spam. score NFheader_Details 7.0 My default is 5.0 but the AWL puts live with a positive score. I'm noting stuff from yahoo as well so will adjust this to suit. Feel free to mangle it, I'd appreciate a copy of any wider ranging working versions though. Kind regards and many thanks to all. Nigel
Re: Custome rule problem. Resolved
On Thu, 2009-02-19 at 16:37 +, Nigel Frankcom wrote: Many thanks to all... I have the rule working. As usual it was a syntactical error (typo). ;) Good to see it fixed. uri __NFuri m{^https?\://www\.google\.com/groups?}i Aha, so it's not m,groups/, with a trailing slash, as in your original post. :) Just as a reminder, that's exactly where you should use -D and check the sub-rules hit. No wild-goose chase, the missing sub is where to look at closer. Anyway, there's another (potential) issue with that RE. If it is a literal question-mark, then it needs to be escaped. And if it isn't, the s *and* the question-mark are useless -- a plain /group/ does the same. guenther -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Custome rule problem. Resolved
Feel free to mangle it, I'd appreciate a copy of any wider ranging working versions though. Here's what I've been using for quite a while. It was written when there was a spate of spam punting LiveSpace websites: header __MG_LSP1 From =~ /spaces\.live\.com/i uri __MG_LSP2 /^http:.{1,40}\.spaces\.live\.com/i describe MG_LIVESP Contains spaces.live.com URI but not from there. meta MG_LIVESP (!__MG_LSP1 __MG_LSP2) scoreMG_LIVESP 2.5 This works for me since I've never seen anything I'd want to read, either e-mail or USENET, that contained a LiveSpace URL. Martin