Axb wrote: > On 03/16/2015 11:28 AM, Per Jessen wrote: >> Axb wrote: >> >>> On 03/16/2015 11:05 AM, Axb wrote: >>>> On 03/16/2015 10:54 AM, Per Jessen wrote: >>>>> I've recently upgraded to SA 3.4.0 - I'm seeing >>>>> URI_DOTDOT_LOW_CNTRST scoring on many legitimate mails. E.g. from >>>>> linkedin and distrelec. >>>>> >>>>> For instance: >>>>> >> http://files.jessen.ch/Tektronix-4-Kanal-Oszilloskop-deutlich-reduziert-TDS-2024C.eml >>>>> >>>>> >>>>> When the above was processed I noticed this in the log: >>>>> >>>>> spamd[865]: dns: new_dns_packet (domain=chde..distrelec.com. >>>>> type=A class=IN) failed: a domain name contains a null label >>>>> >>>>> As far as I can tell, the email above contains no such uri. >>>>> >>>>> I grep'ed a bit and found some more: >>>>> >>>>> http://files.jessen.ch/more-dotdot.txt >>>>> >>>>> I'm pretty certain 99% of those are false positives. Probably a >>>>> hiccup on my installation, I was just wondering if anyone else is >>>>> seeing this? >>>> >>>> Which .cf file is this in? >>>> Can't find it in SA trunk's .cf files. >>>> >>> >>> ok.. sorry - found it but atm it seems it isn't being autopromoted >>> >>> >>> have you run a recent sa-update ? >> >> I think the ruleset is from the tarball from the apache page. Hmm, >> it would appear to be quite old ?? >> >> http://mirror.reverse.net/pub/apache//spamassassin/source/Mail-SpamAssassin-rules-3.4.0.r1565117.tgz >> >> Dated 20Feb2014. >> >> Is there a recent tarball somewhere? > > iirc, that is the 3.4 release rules version > > sa-update would provide the latest ruleset
Yup, got it. Might not be a bad idea if the apache downloads page had a link to the most recent rule-set too. (or even instead of the original). Anyway, problem solved, thanks. -- Per Jessen, Zürich (8.4°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
