On Sat, Feb 19, 2005 at 08:33:10PM -0800, Robert Menschel wrote: > >I have updated the RDJ snippet for uri.cf to point to the new uri0.cf >file, and added snippets for the other files as well. I believe I've >done this correctly, but as I don't use and cannot test RDJ, I can't >be sure.
I'm overloaded and haven't had the chance to try... >George Georgalis (and others): I've made a first pass at incorporating >your suggestions for a change log into these files. There's a new >file, http://www.rulesemporium.com/rules/70_sare_uri.log, which >contains the full change log. The >http://www.rulesemporium.com/rules/70_sare_uri0.cf file contains the >change log for this update only. Is this the type of thing you were >hoping to see? What can we do to improve it? That looks good! A couple minors, I would keep it consistent and simple, my next step will be parsing this to see how changes pertain to local configurations. So a limited, fixed set of categories should be defined. I would change 'Expanded' to 'Changed' so their are fewer standard categories. On the user end "Removed" makes more sense than "Archived" - either way, SARE_URI_DMEDZD should be in the gone list. My first thought was 'these should be formatted to 80 cols to conform to email standard' but considering they will be grep-ed, I have rethought that and now think the various line types should have no breaks and no commas. Then the following (untested) can be used. CHANGED=$(grep '^#@@#.*Changed' $cf | sed 's/^#@@#.*Changed//') REMOVED=$(grep '^#@@#.*Removed' $cf | sed 's/^#@@#.*Removed//') NEW=$(grep '^#@@#.*New' $cf | sed 's/^#@@#.*New//') Changed, Removed and New being the limited number of machine readable categories I'll be looking for. The other lines are still informative but could be formatted in any convenient human readable way. # SARE Spammer URI Rule Set for SpamAssassin - file 0 # Version: 01.01.00 # Created: 2004-09-13 # Modified: 2005-02-19 # Usage instructions and documentation are found in 70_sare_uri0.cf #@@# Revision History: Full Revision History stored in 70_sare_uri.log #@@# 01.01.00: Split to multiple files depending on efficiency #@@# Added SARE_URI_NO_THANKS, SARE_URI_VISIT_US, SARE_URI_4_BIZ, SARE_URI_HGH, SARE_URI_OFF, SARE_URI_OPTOUT, SARE_URI_REPLICA, #@@# SARE_URI_RM, SARE_URI_HEX32, SARE_URI_DOM_ENDU, SARE_URI_NUM_SUBDOM, SARE_URI_RAW_ONLY, SARE_URI_SHARE_DIG, SARE_URI_NO_MORE, #@@# SARE_URI_MIXED_CASE #@@# Replaced SARE_URI_DMEDZD with SARE_URI_DMEDZDc #@@# Minor score tweaks based on recent mass-checks #@@# Defined SARE_URI_H0 rule to verify that 70_sare_uri0.cf is present if any other URI rules file is used. #@@# Archived SARE_URI_SUCCEZZ, SARE_URI_HOUSE, SARE_URI_P8, SARE_URI_REFID2, SARE_URI_REFID3, SARE_URI_AFF_DIG, SARE_URI_IPPORT3333, #@@# SARE_URI_SQUARE #@@# Expanded SARE_URI_SIXCAPS # # License: Artistic - see http://www.rulesemporium.com/license.txt # Current Maintainer: Bob Menschel - [EMAIL PROTECTED] # Current Home: http://www.rulesemporium.com/rules/70_sare_uri0.cf I'm not sure why "Usage instructions and documentation" are referenced here. And, I don't see a log: http://www.rulesemporium.com/rules/70_sare_uri.log Is there any reason why http://www.rulesemporium.com/rules/ is not available?(to see all snipits and rules, in a directory format) Regarding the comment on too much disclosure in the logs, there is nothing keeping spammers from diff-ing the cf files, I would refer to the quote "Rogues are very keen in their profession, and already know much more than we can teach them respecting their several kinds of roguery." http://www.deter.com/unix/papers/treatise_locks.html Rudimentary Treatise on the Construction of Locks, 1853 (excerpt) -- Charles Tomlinson // George -- George Georgalis, systems architect, administrator Linux BSD IXOYE http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED]
