Re: AXB_X_FF_SEZ_S not fired
On 8/14/2014 9:03 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using spamassassin-3.4, and I tested it on another spam (from the
quarantine, where it had already fired) and it was triggered there
just fine.
##{ AXB_X_FF_SEZ_S
header AXB_X_FF_SEZ_S X-Forefront-Antispam-Report =~ /^SFV\:SPM/
describeAXB_X_FF_SEZ_S Forefront sez this is spam
##} AXB_X_FF_SEZ_S
##{ AXB_X_FF_SEZ_S if (version = 3.004000)
if (version = 3.004000)
tflags AXB_X_FF_SEZ_S autolearn_force
endif
##} AXB_X_FF_SEZ_S if (version = 3.004000)
This is also one of those short-body URI spams, so I hoped it would
have been caught just based on that, so ideas on what else is missing
would also be appreciated...
Works for me. I added your rule and tested it against your sample...
* 1.0 AXB_X_FF_SEZ_S Forefront sez this is spam
Are you sure you put the rule in the right place and reloaded spamd?
--
Bowie
Re: AXB_X_FF_SEZ_S not fired
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the X-Forefront-Antispam-Report
header is found. I have a sample which has this header, yet the rule
doesn't fire, and wondered if someone could help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using spamassassin-3.4, and I tested it on another spam (from the
quarantine, where it had already fired) and it was triggered there just
fine.
##{ AXB_X_FF_SEZ_S
header AXB_X_FF_SEZ_S X-Forefront-Antispam-Report =~ /^SFV\:SPM/
describeAXB_X_FF_SEZ_S Forefront sez this is spam
##} AXB_X_FF_SEZ_S
##{ AXB_X_FF_SEZ_S if (version = 3.004000)
if (version = 3.004000)
tflags AXB_X_FF_SEZ_S autolearn_force
endif
##} AXB_X_FF_SEZ_S if (version = 3.004000)
This is also one of those short-body URI spams, so I hoped it would have
been caught just based on that, so ideas on what else is missing would also
be appreciated...
Works for me. I added your rule and tested it against your sample...
* 1.0 AXB_X_FF_SEZ_S Forefront sez this is spam
Are you sure you put the rule in the right place and reloaded spamd?
Thanks for checking for me. This is even when running spamassassin -t
directly.
Hmm.. I'm looking at it more closely, and even the rule as it appears
above, and it has no score.
What file is the score supposed to be in, 72_scores.cf? My 72_scores.cf is
dated Jul 28th.
# ls -l 72_scores.cf
-rw-r--r-- 1 root root 8174 Jul 28 04:49 72_scores.cf
# md5sum 72_scores.cf
9f82b967a373e44a373c3be30ad21e23 72_scores.cf
Thanks,
Alex
Re: AXB_X_FF_SEZ_S not fired
On 8/15/2014 3:05 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using spamassassin-3.4, and I tested it on another spam (from
the quarantine, where it had already fired) and it was triggered there
just fine.
##{ AXB_X_FF_SEZ_S
header AXB_X_FF_SEZ_S X-Forefront-Antispam-Report =~
/^SFV\:SPM/
describeAXB_X_FF_SEZ_S Forefront sez this is spam
##} AXB_X_FF_SEZ_S
##{ AXB_X_FF_SEZ_S if (version = 3.004000)
if (version = 3.004000)
tflags AXB_X_FF_SEZ_S autolearn_force
endif
##} AXB_X_FF_SEZ_S if (version = 3.004000)
This is also one of those short-body URI spams, so I hoped it would
have been caught just based on that, so ideas on what else is missing
would also be appreciated...
Works for me. I added your rule and tested it against your sample...
* 1.0 AXB_X_FF_SEZ_S Forefront sez this is spam
Are you sure you put the rule in the right place and reloaded spamd?
Thanks for checking for me. This is even when running spamassassin -t
directly.
Hmm.. I'm looking at it more closely, and even the rule as it appears
above, and it has no score.
What file is the score supposed to be in, 72_scores.cf
http://72_scores.cf? My 72_scores.cf http://72_scores.cf is dated
Jul 28th.
# ls -l 72_scores.cf http://72_scores.cf
-rw-r--r-- 1 root root 8174 Jul 28 04:49 72_scores.cf
http://72_scores.cf
# md5sum 72_scores.cf http://72_scores.cf
9f82b967a373e44a373c3be30ad21e23 72_scores.cf http://72_scores.cf
This isn't one of the stock rules, so it shouldn't be in that file (or
directory). The files there (/var/lib/spamassassin/3.004000/ on my
system) are stock rules and any manual changes will be squashed by
sa_update.
Custom rules (and their scores) should go in local.cf (or another *.cf
file) in your local rules directory (/etc/mail/spamassassin/ on my system).
Rules with no score assigned are automatically scored at 1.0.
--
Bowie
Re: AXB_X_FF_SEZ_S not fired
On 08/15/2014 10:07 PM, Bowie Bailey wrote:
On 8/15/2014 3:05 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using spamassassin-3.4, and I tested it on another spam (from
the quarantine, where it had already fired) and it was triggered there
just fine.
##{ AXB_X_FF_SEZ_S
header AXB_X_FF_SEZ_S X-Forefront-Antispam-Report =~
/^SFV\:SPM/
describeAXB_X_FF_SEZ_S Forefront sez this is spam
##} AXB_X_FF_SEZ_S
##{ AXB_X_FF_SEZ_S if (version = 3.004000)
if (version = 3.004000)
tflags AXB_X_FF_SEZ_S autolearn_force
endif
##} AXB_X_FF_SEZ_S if (version = 3.004000)
This is also one of those short-body URI spams, so I hoped it would
have been caught just based on that, so ideas on what else is missing
would also be appreciated...
Works for me. I added your rule and tested it against your sample...
* 1.0 AXB_X_FF_SEZ_S Forefront sez this is spam
Are you sure you put the rule in the right place and reloaded spamd?
Thanks for checking for me. This is even when running spamassassin -t
directly.
Hmm.. I'm looking at it more closely, and even the rule as it appears
above, and it has no score.
What file is the score supposed to be in, 72_scores.cf
http://72_scores.cf? My 72_scores.cf http://72_scores.cf is dated
Jul 28th.
# ls -l 72_scores.cf http://72_scores.cf
-rw-r--r-- 1 root root 8174 Jul 28 04:49 72_scores.cf
http://72_scores.cf
# md5sum 72_scores.cf http://72_scores.cf
9f82b967a373e44a373c3be30ad21e23 72_scores.cf http://72_scores.cf
This isn't one of the stock rules, so it shouldn't be in that file (or
directory). The files there (/var/lib/spamassassin/3.004000/ on my
system) are stock rules and any manual changes will be squashed by
sa_update.
Custom rules (and their scores) should go in local.cf (or another *.cf
file) in your local rules directory (/etc/mail/spamassassin/ on my system).
Rules with no score assigned are automatically scored at 1.0.
This is a sandbox rule which was autopromoted/published by sa-update.
Due to lack of hits I removed it and re-added back yesterday.
It may be republished if masschecks decide it is worth it.
Axb
Re: AXB_X_FF_SEZ_S not fired
On 8/15/2014 4:19 PM, Axb wrote:
On 08/15/2014 10:07 PM, Bowie Bailey wrote:
On 8/15/2014 3:05 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using spamassassin-3.4, and I tested it on another spam (from
the quarantine, where it had already fired) and it was triggered there
just fine.
##{ AXB_X_FF_SEZ_S
header AXB_X_FF_SEZ_S X-Forefront-Antispam-Report =~
/^SFV\:SPM/
describeAXB_X_FF_SEZ_S Forefront sez this is spam
##} AXB_X_FF_SEZ_S
##{ AXB_X_FF_SEZ_S if (version = 3.004000)
if (version = 3.004000)
tflags AXB_X_FF_SEZ_S autolearn_force
endif
##} AXB_X_FF_SEZ_S if (version = 3.004000)
This is also one of those short-body URI spams, so I hoped it would
have been caught just based on that, so ideas on what else is missing
would also be appreciated...
Works for me. I added your rule and tested it against your sample...
* 1.0 AXB_X_FF_SEZ_S Forefront sez this is spam
Are you sure you put the rule in the right place and reloaded spamd?
Thanks for checking for me. This is even when running spamassassin -t
directly.
Hmm.. I'm looking at it more closely, and even the rule as it appears
above, and it has no score.
What file is the score supposed to be in, 72_scores.cf
http://72_scores.cf? My 72_scores.cf http://72_scores.cf is dated
Jul 28th.
# ls -l 72_scores.cf http://72_scores.cf
-rw-r--r-- 1 root root 8174 Jul 28 04:49 72_scores.cf
http://72_scores.cf
# md5sum 72_scores.cf http://72_scores.cf
9f82b967a373e44a373c3be30ad21e23 72_scores.cf http://72_scores.cf
This isn't one of the stock rules, so it shouldn't be in that file (or
directory). The files there (/var/lib/spamassassin/3.004000/ on my
system) are stock rules and any manual changes will be squashed by
sa_update.
Custom rules (and their scores) should go in local.cf (or another *.cf
file) in your local rules directory (/etc/mail/spamassassin/ on my system).
Rules with no score assigned are automatically scored at 1.0.
This is a sandbox rule which was autopromoted/published by sa-update.
Due to lack of hits I removed it and re-added back yesterday.
It may be republished if masschecks decide it is worth it.
Ok. I didn't recognize the prefix and didn't find it in my rules
directory, so I assumed it was custom.
Since you removed it, it is possible that the rule wasn't hitting for
the OP because he ran sa_update and the rule was removed.
--
Bowie
Re: AXB_X_FF_SEZ_S not fired
Hi, This is a sandbox rule which was autopromoted/published by sa-update. Due to lack of hits I removed it and re-added back yesterday. It may be republished if masschecks decide it is worth it. Ok. I didn't recognize the prefix and didn't find it in my rules directory, so I assumed it was custom. Since you removed it, it is possible that the rule wasn't hitting for the OP because he ran sa_update and the rule was removed. Thanks for your help. There was in fact a difference in rules on two separate systems. It also helped me find a potential configuration issue with updates, so appreciate that. Thanks, Alex
