[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-users
Subject: Re: SARE_SPOOF included in base rules?
From: jm () jmason ! org (Justin Mason)
Date: 2008-05-30 9:42:04
Message-ID: 20080530094204.7E9C4300865 () jmason ! org
[Download RAW message or body]
Bowie Bailey writes:
> I just got an email that hit the following:
>
> * 2.0 SPOOF_COM2OTH URI: URI contains ".com" in middle
> * 2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end
> * 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
> * 2.5 SARE_SPOOF_COM2COM URI: a.com.b.com
>
> Did the SARE_SPOOF rules get included in the base ruleset while I wasn't
> looking?
>
> The rule definitions are almost the same.
>
> uri SARE_SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
> uri SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2}}i
>
> uri SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
> uri SARE_SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2,}}i
They've been part of the base ruleset since:
r106217 | quinlan | 2004-11-22 20:45:19 +0000 (Mon, 22 Nov 2004) | 2 lines
promote best URI-based T_SPOOF_* rules
--j.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic