The OPT_HEADER (in 2.5x and 2.6x) rule does not make much sense to me:
header __OPT_HEADER_SUBJ ALL =~ /^(?:Resent-)?Subject:.*opt.?(in|out|oem|ed|ion-in|[EMAIL PROTECTED])(?:\b|\d|\@)/im
header __OPT_HEADER_ALL ALL =~ /opt.?(?:in|out|oem|ed|ion-in|[EMAIL PROTECTED])(?:\b|\d|\@)/i
meta OPT_HEADER (__OPT_HEADER_ALL && !__OPT_HEADER_SUBJ)
describe OPT_HEADER Headers include an "opt"ed phrase
It triggers on a message that has an "opt" phrase in the headers but *not* in the subject. So, a spammer can avoid the rule by putting "opt-out" in the Subject.
Aye... I think the intention was to check if it was present anywhere other than the subject.. mostly because it matches "opted".. which might exist in a real subject.
However, the implementation is slightly different than the intention, but at least it leans towards missing.
Also, this rule triggers on all mail into and out of the domains opt2.net, opt2.biz, and opt2.com, a company that claims to be a non-spamming web host provider. Was this rule intentionally targeted at these domains (the description doesn't indicate so)?
I think it was written to target [EMAIL PROTECTED] and friends. This rule does have some odd-ball collateral damage cases and probably needs some tweaking. Much like the FROM_ENDS_IN_NUMS and related rules.
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
