Karsten Bräckelmann wrote:
> On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote:
>> rawbody __CCM_UNSUB
>> /"https?:..visitor\.constantcontact.com\/[^<>]{60,200}>SafeUnsubscribe</
>
> Ouch! Rawbody, that hurts.
>
> If you really can't tell from the / a link URI alone, you'd better have
> a look at the URIDetail plugin instead. The anchor text of an HTML link
> is part of the internal URI data structure.
Interesting. I didn't know about that.
ifplugin Mail::SpamAssassin::Plugin::URIDetail
uri_detail __CCM_UNSUB domain =~ /\bvisitor\.constantcontact.com$/
raw =~ /\?.{40}/ text =~ /^SafeUnsubscribe$/
else
rawbody __CCM_UNSUB
/"https?:..visitor\.constantcontact.com\/[^<>]{60,200}>SafeUnsubscribe</
endif
>> meta KHOP_CONSTANTCONTACT __CCM_UNSUB && RCVD_IN_HOSTKARMA_W
>> describe KHOP_CONSTANTCONTACT Remove DNS WL blessing for spam relayer
>
> Inappropriate description.
>
> Inappropriate logic. IFF the terminology used would be appropriate, you
> rather should take the then-false listing up with the whitelist.
Already did. I've requested the Constant Contact IPs find their way
to HostKarma's Yellow or NOBL lists and out of the White list.
>> If you're not checking against a whitelist to undo it but rather
>> trying to block outright, I'd use something more like this:
>>
>> header __CCM_RELAY X-Spam-Relays-Untrusted =~ /^[^\]]+
>> rdns=ccm\d\d\.constantcontact\.com\s/
>
>> meta KHOP_CONSTANTCONTACT __CCM_UNSUB && __CCM_RELAY
>> describe KHOP_CONSTANTCONTACT Constant Contact is a known spammer
>> score KHOP_CONSTANTCONTACT 4 # increase as needed
>
> Wholly inappropriate, IMHO. Seriously.
Given ConstantContact's size, yes. However, it should safely
discriminate against CC's bulk mail without catching anything else by
accident, which is what "R-Elists" requested. Note my starting value
of 4 so that nobody takes this too far out of context and into trouble.
