On Tue, 2010-09-14 at 17:03 -0400, Glendon Solsberry wrote:
> Care to show me where? The only place I see it is part of the
> spamassassin -D call, and I'm not sure where that came from.
Right, that's where it is, presumably derived from
141641-web1.networldalliance.com.
The rule is:
uri URI_HEX m%^https?://[^/?]*\b[0-9a-f]{6,}\b%i
describe URI_HEX URI hostname has long hexadecimal sequence
URI_HEX is doing what its supposed to do, triggering on a hostname that
contains a long (at least 6, if I'm reading it correctly) sequence of
hexadecimals.
Similarly, uribl-black objects to backup.sh
I'm not surprised that a message like this hits a number of rules.
> On Tue, Sep 14, 2010 at 4:54 PM, Richard Doyle
> <rdo...@islandnetworks.com> wrote:
> > On Tue, 2010-09-14 at 16:46 -0400, Glendon Solsberry wrote:
> >> I have messages that are being flagged via URI_HEX, without having
> >> *any* 'http' in them. Any help would be greatly appreciated.
> >
> > Snippage contains http://141641
> >
> > <snip>
> >
> >
