On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote: > > > Before I write a custom rule to add points to anything passing through > > > a constantcontact.com relay, I was wondering if anybody here had > > > thoughts on this.
> I lied. I actually wrote a rule and stuck it in my testing area. As > always, don't forget to adjust the wrapping and lint your rules before > going live. > > rawbody __CCM_UNSUB > /"https?:..visitor\.constantcontact.com\/[^<>]{60,200}>SafeUnsubscribe</ Ouch! Rawbody, that hurts. If you really can't tell from the / a link URI alone, you'd better have a look at the URIDetail plugin instead. The anchor text of an HTML link is part of the internal URI data structure. > meta KHOP_CONSTANTCONTACT __CCM_UNSUB && RCVD_IN_HOSTKARMA_W > describe KHOP_CONSTANTCONTACT Remove DNS WL blessing for spam relayer Inappropriate description. Inappropriate logic. IFF the terminology used would be appropriate, you rather should take the then-false listing up with the whitelist. > If you're not checking against a whitelist to undo it but rather > trying to block outright, I'd use something more like this: > > header __CCM_RELAY X-Spam-Relays-Untrusted =~ /^[^\]]+ > rdns=ccm\d\d\.constantcontact\.com\s/ > meta KHOP_CONSTANTCONTACT __CCM_UNSUB && __CCM_RELAY > describe KHOP_CONSTANTCONTACT Constant Contact is a known spammer > score KHOP_CONSTANTCONTACT 4 # increase as needed Wholly inappropriate, IMHO. Seriously. -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}