Re: Custome rule problem. Resolved
On Thu, 19 Feb 2009 08:01:48 -0800 (PST), John Hardin
jhar...@impsec.org wrote:
On Thu, 19 Feb 2009, Nigel Frankcom wrote:
Testing was done through spamassassin --lint and with debug. I used a
mail that *should* have hit the rules.
--lint is not for testing rule performance, as it uses an
internally-generated test message. It's just to check for syntax errors.
As has been requested, can you post a complete sample message on pastebin
for us to see?
Many thanks to all... I have the rule working. As usual it was a
syntactical error (typo).
For anyone else getting the live.com emails with google groups links
the following works:
# Live.com spam
#rev:
#Nigel Frankcom: 19/02/2009 12:56:07~ works with 3.0.x, 3.1.x,
3.2.x
# Tested on 3.0.4, 3.0.5, 3.1.0, 3.2.x
header __NFheader ALL =~ /live\.com/i
uri __NFuri m{^https?\://www\.google\.com/groups?}i
meta NFheader_Details (__NFheader __NFuri)
describe NFheader_Details live dot com spam.
score NFheader_Details 7.0
My default is 5.0 but the AWL puts live with a positive score. I'm
noting stuff from yahoo as well so will adjust this to suit.
Feel free to mangle it, I'd appreciate a copy of any wider ranging
working versions though.
Kind regards and many thanks to all.
Nigel
Re: Custome rule problem. Resolved
On Thu, 2009-02-19 at 16:37 +, Nigel Frankcom wrote:
Many thanks to all... I have the rule working. As usual it was a
syntactical error (typo).
;) Good to see it fixed.
uri __NFuri m{^https?\://www\.google\.com/groups?}i
Aha, so it's not m,groups/, with a trailing slash, as in your original
post. :) Just as a reminder, that's exactly where you should use -D and
check the sub-rules hit. No wild-goose chase, the missing sub is where
to look at closer.
Anyway, there's another (potential) issue with that RE. If it is a
literal question-mark, then it needs to be escaped. And if it isn't, the
s *and* the question-mark are useless -- a plain /group/ does the same.
guenther
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Custome rule problem. Resolved
Feel free to mangle it, I'd appreciate a copy of any wider ranging
working versions though.
Here's what I've been using for quite a while. It was written when there
was a spate of spam punting LiveSpace websites:
header __MG_LSP1 From =~ /spaces\.live\.com/i
uri __MG_LSP2 /^http:.{1,40}\.spaces\.live\.com/i
describe MG_LIVESP Contains spaces.live.com URI but not from there.
meta MG_LIVESP (!__MG_LSP1 __MG_LSP2)
scoreMG_LIVESP 2.5
This works for me since I've never seen anything I'd want to read,
either e-mail or USENET, that contained a LiveSpace URL.
Martin
