Karsten Bräckelmann wrote: > On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote: >> rawbody __CCM_UNSUB >> /"https?:..visitor\.constantcontact.com\/[^<>]{60,200}>SafeUnsubscribe</ > > Ouch! Rawbody, that hurts. > > If you really can't tell from the / a link URI alone, you'd better have > a look at the URIDetail plugin instead. The anchor text of an HTML link > is part of the internal URI data structure.
Interesting. I didn't know about that. ifplugin Mail::SpamAssassin::Plugin::URIDetail uri_detail __CCM_UNSUB domain =~ /\bvisitor\.constantcontact.com$/ raw =~ /\?.{40}/ text =~ /^SafeUnsubscribe$/ else rawbody __CCM_UNSUB /"https?:..visitor\.constantcontact.com\/[^<>]{60,200}>SafeUnsubscribe</ endif >> meta KHOP_CONSTANTCONTACT __CCM_UNSUB && RCVD_IN_HOSTKARMA_W >> describe KHOP_CONSTANTCONTACT Remove DNS WL blessing for spam relayer > > Inappropriate description. > > Inappropriate logic. IFF the terminology used would be appropriate, you > rather should take the then-false listing up with the whitelist. Already did. I've requested the Constant Contact IPs find their way to HostKarma's Yellow or NOBL lists and out of the White list. >> If you're not checking against a whitelist to undo it but rather >> trying to block outright, I'd use something more like this: >> >> header __CCM_RELAY X-Spam-Relays-Untrusted =~ /^[^\]]+ >> rdns=ccm\d\d\.constantcontact\.com\s/ > >> meta KHOP_CONSTANTCONTACT __CCM_UNSUB && __CCM_RELAY >> describe KHOP_CONSTANTCONTACT Constant Contact is a known spammer >> score KHOP_CONSTANTCONTACT 4 # increase as needed > > Wholly inappropriate, IMHO. Seriously. Given ConstantContact's size, yes. However, it should safely discriminate against CC's bulk mail without catching anything else by accident, which is what "R-Elists" requested. Note my starting value of 4 so that nobody takes this too far out of context and into trouble.