> -----Original Message----- > From: Christian Recktenwald [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 16, 2006 2:13 AM > To: David B Funk > Cc: users@spamassassin.apache.org > Subject: Re: simple TZ test (Re: current stock scams are easy to spot) > > > On Wed, Nov 15, 2006 at 11:14:12PM -0600, David B Funk wrote: > > > > You're trying too hard. > > Look at that 'Date:' header, they've got a bogus time-zone > value. It's > > syntactically RFC-2822 correct but nonsense. (One of my > favorites was > > "-0480" ;) > > > > Simple rule, so far no FPs: > > > > # bogus timzones in date (EG: Date: Wed, 15 Nov 2006 > 21:29:24 -0180 ) > > header L_SPAM_TOOL_13 Date =~ /\s[+-]\d\d[124-9]\d$/ > > describe L_SPAM_TOOL_13 Bogus time-zone > > score L_SPAM_TOOL_13 3.1 > > there are valid TZ values besides that: > > NEPAL +0545 (postings seen on this list) > AUSTRALIA +0845 (ACWS) > NEW ZEALAND +1245 (CHAST) > NEW ZEALAND +1345 (CHADT) > > Also seen -0000
Maybe extent the regex? Or build it into a meta rule where the -0000 and +[0-1]][5823]45 TZ is accounted for? Or, a plugin? is there a perl module for checking valid Time.? ( in php, I can use imap_rfc822_parse_headers )
