[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: SARE_SPOOF included in base rules?
From:       jm () jmason ! org (Justin Mason)
Date:       2008-05-30 9:42:04
Message-ID: 20080530094204.7E9C4300865 () jmason ! org
[Download RAW message or body]


Bowie Bailey writes:
> I just got an email that hit the following:
> 
>  *  2.0 SPOOF_COM2OTH URI: URI contains ".com" in middle
>  *  2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end
>  *  2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
>  *  2.5 SARE_SPOOF_COM2COM URI: a.com.b.com
> 
> Did the SARE_SPOOF rules get included in the base ruleset while I wasn't
> looking?
> 
> The rule definitions are almost the same.
> 
> uri SARE_SPOOF_COM2OTH  m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
> uri SPOOF_COM2OTH       m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2}}i
> 
> uri SPOOF_COM2COM       m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
> uri SARE_SPOOF_COM2COM  m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2,}}i

They've been part of the base ruleset since:

  r106217 | quinlan | 2004-11-22 20:45:19 +0000 (Mon, 22 Nov 2004) | 2 lines

  promote best URI-based T_SPOOF_* rules


--j.
[prev in list] [next in list] [prev in thread] [next in thread]