[SAtalk] Oddball SA custom-rule bug(s)?

Mon, 14 Jul 2003 13:39:10 -0700 

I've been adminning SA (currently 2.55) on a server at work for almost a
year now, and I've yet to have any serious trouble with it.  (Longer on
a private server.)

However, I've just today run into some *very* odd behaviour.

I have a long and growing list of custom rules for message elements
found in spams that slipped through SA.  Among others, I have a set of
rules for URIs.  The regexes for most look like:

/(domain1|domain2|domain3|domain4)\.(com|net|org)/i

However, in the false-negative messages submitted by users over the
weekend, there's one that should have been tagged because it matched one
of my URI rules.

I've attached the message I'm playing with right now (as a zip because
SourceForge rejected it the first time);  here's the rule
that's failing to trigger:

uri SPAM_SITE_11        /(domainsforpeople|pandabearperks)\.com/i
describe SPAM_SITE_11   Body contains a spamserver site address
score SPAM_SITE_11      2

I've tried it as uri, body, and rawbody;  at least one of those *should*
have matched, no?

Rules above and below it are triggering just fine.  (I have to split up
local.cf sometime;  it's getting a little large.)

I've tried running spamassassin -D <{message}, which doesn't help much,
and spamassassin -D rulesrun=255 <{message}, which helps a bit more
(apparently, that rule isn't getting run....  but why?).  The
documentation on -D suboptions is...  limited.  I tried -D all=255, with
no obvious *errors*...  but no additional information.

What perfectly obvious thing have I broken or missed somewhere?

More generally, for future reference, what suboptions can I pass with -D
to give an excessive volume of extra information?  (ie, complete detail
on *EVERYTHING* SA did while processing the message.  The only one
documented is "rulesrun".)

The body is "text/plain", like so:
============

Do it yourself domain name registration for just $14.95. 

Full flexibility to manage and move your domain. 

http://www.domainsforpeople.com 







[EMAIL PROTECTED] me 0ff:
http://www.domainsforpeople.com/cgi-bin/off_list.pl

Oqimcm

==========

No extra formatting or any special characters that I saw;  I didn't look
in detail.

-kgd
-- 
<erno> hm. I've lost a machine.. literally _lost_. it responds to
ping, it works completely, I just can't figure out where in my
apartment it is.

Attachment: missed-rule.zip
Description: Zip compressed data

Reply via email to