I (and a few other people) have reported this with Tripwire, but I've just
installed Backhair and now the problem is much worse.
Basically those two rulesets output an entry in the report for every hit on
each of a gazillion rules. This is nice FYI stuff, but it results in headers
that exceed a size limit in Exim. It gives the following message in the
paniclog (about once or twice per minute with our mail volume):
2004-01-26 09:14:34 1AlAJl-0003wi-2D string_sprintf expansion was longer than
8192
Is there any way the rules can be condensed into a meta-rule or something that
would just show the total score, rather than each hit? I realize my header
report may be more verbose than some, but eventually even the more terse
version could hit the limit (but I'm sure others do a longer report too).
Here's an example of a spam report header that DIDN'T trigger the error, but
it's easy to see how a few more hits would have pushed it over the line (I've
done s/BACKHAIR/BH/ because having 'BACKHAIR' show up in our headers isn't
terribly professional. ;-)):
X-Spam-Score: 33.6 (+++++++++++++++++++++++++++++++++)
X-Spam-Report: Content analysis details: (33.6 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
4.1 SUBJ_HAS_SPACES Subject contains lots of white space
0.1 TW_JC BODY: Odd Letter Triples with JC
0.1 TW_JS BODY: Odd Letter Triples with JS
0.1 TW_JX BODY: Odd Letter Triples with JX
0.1 TW_KJ BODY: Odd Letter Triples with KJ
0.1 TW_KK BODY: Odd Letter Triples with KK
0.1 TW_KQ BODY: Odd Letter Triples with KQ
0.1 TW_KX BODY: Odd Letter Triples with KX
0.1 TW_LB BODY: Odd Letter Triples with LB
0.1 TW_LG BODY: Odd Letter Triples with LG
0.1 TW_LP BODY: Odd Letter Triples with LP
0.1 TW_MW BODY: Odd Letter Triples with MW
0.1 TW_MX BODY: Odd Letter Triples with MX
0.1 TW_OV BODY: Odd Letter Triples with OV
0.1 TW_PZ BODY: Odd Letter Triples with PZ
0.1 TW_QB BODY: Odd Letter Triples with QB
0.1 TW_QC BODY: Odd Letter Triples with QC
0.1 TW_QL BODY: Odd Letter Triples with QL
0.1 TW_RW BODY: Odd Letter Triples with RW
0.1 TW_RX BODY: Odd Letter Triples with RX
0.1 TW_TX BODY: Odd Letter Triples with TX
0.1 TW_UQ BODY: Odd Letter Triples with UQ
0.1 TW_VC BODY: Odd Letter Triples with VC
0.1 TW_VL BODY: Odd Letter Triples with VL
0.1 TW_VQ BODY: Odd Letter Triples with VQ
0.1 TW_WC BODY: Odd Letter Triples with WC
0.1 TW_WQ BODY: Odd Letter Triples with WQ
0.1 TW_WX BODY: Odd Letter Triples with WX
0.1 TW_XD BODY: Odd Letter Triples with XD
0.1 TW_XF BODY: Odd Letter Triples with XF
0.1 TW_XT BODY: Odd Letter Triples with XT
0.1 TW_XV BODY: Odd Letter Triples with XV
0.1 TW_YT BODY: Odd Letter Triples with YT
0.1 TW_ZD BODY: Odd Letter Triples with ZD
0.1 TW_BD BODY: Odd Letter Triples with BD
0.1 TW_BG BODY: Odd Letter Triples with BG
0.1 TW_BQ BODY: Odd Letter Triples with BQ
0.1 TW_CM BODY: Odd Letter Triples with CM
0.1 TW_DB BODY: Odd Letter Triples with DB
0.1 TW_DK BODY: Odd Letter Triples with DK
2.7 SAVE_THOUSANDS BODY: Save big money
0.1 TW_FJ BODY: Odd Letter Triples with FJ
0.1 TW_FX BODY: Odd Letter Triples with FX
0.1 TW_GL BODY: Odd Letter Triples with GL
2.1 BAYES_90 BODY: Bayesian spam probability is 90 to
99%
[score: 0.9006]
2.0 HTML_FONT_INVISIBLE BODY: HTML font color is same as background
0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.1 HTML_MESSAGE BODY: HTML included in message
0.6 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset
3.8 USERPASS URI: URL contains username and (optional)
password
0.1 BIZ_TLD URI: Contains a URL in the BIZ top-level
domain
1.0 J_BH_12 BODY: 1 letters - Unsightly html tag - 2
letters
1.0 J_BH_13 BODY: 1 letters - Unsightly html tag - 3
letters
1.0 J_BH_15 BODY: 1 letters - Unsightly html tag - 5
letters
1.0 J_BH_51 BODY: 5 letters - Unsightly html tag - 1
letters
1.0 J_BH_35 BODY: 3 letters - Unsightly html tag - 5
letters
1.0 J_BH_53 BODY: 5 letters - Unsightly html tag - 3
letters
1.0 J_BH_22 BODY: 2 letters - Unsightly html tag - 2
letters
1.0 J_BH_42 BODY: 4 letters - Unsightly html tag - 2
letters
3.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received:
date
2.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
1.2 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
--
Matt
Systems Administrator
Local Access Communications
360.330.5535
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
