Bowie Bailey wrote: > kavaXtreme wrote: > >> I've read and read and read till my mind feels like spaghetti puree. >> I'm really hoping someone here can help with my question. >> >> My main question is, why doesn't the following rule work: >> header ROMPE_BADRECIPS To =~ /(uucp|majordomo|root)[EMAIL PROTECTED]/i >> score ROMPE_BADRECIPS 4.5 >> describe ROMPE_BADRECIPS Spam trap recipient >> >> (Background: used on a Cpanel account in a manually-edited user_prefs >> file.) >> > > Make sure you have allowed user rules. By default, you cannot create > rules in a user_prefs file. To allow it, add this to your local.cf > file: > > allow_user_rules 1 > Clarification: Currently this only applies if you're using spamd/spamc, which most folks do use. However, if you test using the "spamassassin" script, the rules will run, so be aware of the difference.
Note: the user rule restriction is done to prevent security holes where a user constructs a malicious rule with a regex that tries to execute shell commands. SA tries to prevent this by checking the regexes, and being strict about setuid'ing spamd before running the rules. However, you never know what might have slipped through the cracks that someone might discover and publish and exploit for. Keeping allow_user_rules off protects you from future exploits in this area if you have untrusted users. > >> Secondary questions. If this rule can be made to work: >> 1. Will the Bayes filter learn from msgs this rule flags? >> > > Yes. > Clarification: First, I assume you're talking about bayes autolearning. In which case, Yes this rule will contribute to triggering autolearning. However, be aware that you don't just need points to cause spam autolearning. You need at least 3.0 header rule points AND 3.0 body rule points. This rule would contribute to the header rule tally, but you'll need other rules to cover the body criteria.
