On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote:
> > > Before I write a custom rule to add points to anything passing through
> > > a constantcontact.com relay, I was wondering if anybody here had
> > > thoughts on this.
> I lied. I actually wrote a rule and stuck it in my testing area. As
> always, don't forget to adjust the wrapping and lint your rules before
> going live.
>
> rawbody __CCM_UNSUB
> /"https?:..visitor\.constantcontact.com\/[^<>]{60,200}>SafeUnsubscribe</
Ouch! Rawbody, that hurts.
If you really can't tell from the / a link URI alone, you'd better have
a look at the URIDetail plugin instead. The anchor text of an HTML link
is part of the internal URI data structure.
> meta KHOP_CONSTANTCONTACT __CCM_UNSUB && RCVD_IN_HOSTKARMA_W
> describe KHOP_CONSTANTCONTACT Remove DNS WL blessing for spam relayer
Inappropriate description.
Inappropriate logic. IFF the terminology used would be appropriate, you
rather should take the then-false listing up with the whitelist.
> If you're not checking against a whitelist to undo it but rather
> trying to block outright, I'd use something more like this:
>
> header __CCM_RELAY X-Spam-Relays-Untrusted =~ /^[^\]]+
> rdns=ccm\d\d\.constantcontact\.com\s/
> meta KHOP_CONSTANTCONTACT __CCM_UNSUB && __CCM_RELAY
> describe KHOP_CONSTANTCONTACT Constant Contact is a known spammer
> score KHOP_CONSTANTCONTACT 4 # increase as needed
Wholly inappropriate, IMHO. Seriously.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
