[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-users
Subject: Re: yahoo X-YMail-OSG
From: Adam Katz <antispam () khopis ! com>
Date: 2010-05-24 23:14:48
Message-ID: 4BFB0868.7080404 () khopis ! com
[Download RAW message or body]
My original rule:
>>>> header SINGLE_HEADER_2K ALL:raw =~ /^(?=.{2048,3071}$)/m
Karsten Bräckelmann noted:
>>> It does not match a single header, let alone a *specific*
>>> header as the one mentioned, but ALL headers. It effectively
>>> checks the entire headers' size.
Karsten then corrected himself:
>> Err, nope -- the size between the beginning and end of a line.
Yup, my test was a single-line header. Fixed.
header SINGLE_HEADER_2K ALL:raw =~
/(?-xim:(?=(?:^|\n)[^\s\n]+:(?:.(?!\n\S)){2048,3071}.(?:\n\S|$)))/s
Perhaps a regexp efficiency expert should clean it up ... the large
match in the middle using "(?:.(?!\n\S)){2048,3071}" to keep within a
single header might not be so hot on the PCRE parser; that's a LOT of
looking ahead. Maybe "(?!.{0,2048}\n\S).{2048}" and then use meta
rules to exclude larger hits?
> Being the one credited with suggesting it, I would rather just look
> at the X-Ymail-OSG header. I can EASILY get my MTA to block (at the
> gateway) any email with a random header > xxxxx in size.
>
> if X-Ymail-OSG is > 1024 bytes, its just about guaranteed to be
> spam.
Yes, I just wanted to see what examining /any/ header for that kind of
thing would look like. I've add tests specific to that so we don't
get bogged down waiting for results.
header MS_XYMOSG_1K X-YMail-OSG =~ /^(?=.{1024,2047}$)/s
header MS_XYMOSG_2K X-YMail-OSG =~ /^(?=.{2048,3071}$)/s
header MS_XYMOSG_3K X-YMail-OSG =~ /^(?=.{3072,4095}$)/s
header MS_XYMOSG_4K X-YMail-OSG =~ /^(?=.{4096,5119}$)/s
header MS_XYMOSG_5K X-YMail-OSG =~ /^(?=.{4096})/s
(I fully expect these to all fold into one or two rules, but it's nice
to see where things sit beforehand.)
Committed revision 947854.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic