On Tue, Jun 05, 2012 at 11:39:29AM -0400, Kevin A. McGrail wrote: > A) These are just sub rules for use in a meta. As a specialist in > meta rules, just because you hit a sub rule doesn't matter. What > matters is if it triggers a scoring rule. Does it? > > B) I don't recognize those rules or know where they came from. > Where did they come from? >
The scoring rule is 4.0 JM_SOUGHT_3, which is one of the "sought channel" rules distributed (and regularly updated) by the sought.rules.yerp.org channel in SpamAssassin [1]. That link is a little dated, but the channel is not. It comes stock now with `yum install spamassassin` on RHEL 6, and can be added to a local installation of SA by following the instructions in the link above. The specific path for my vanilla install is: /var/lib/spamassassin/3.003002/sought_rules_yerp_org/20_sought.cf As far as I can tell (admittedly, I haven't studied source), it's simply doing regex matching on a variety of spammy content. Nothing terribly sophisticated -- the pattern matching is straight up "does this exact string exist?" The problem is it's picked up artifacts of CKEditor, a common CRM/CMS editor. I was able to demonstrate the problem using CKEditor's demo page [2], and posted the SO question Brett cited earlier [3]. One option for us would be to disable the WYSIWYG, but I can't imagine we're the only ones affected. The CKEditor user page lists a variety of large companies and bulk email providers, including MailChimp [4]. [1] http://taint.org/2007/08/15/004348a.html [2] http://ckeditor.com/demo [3] http://stackoverflow.com/questions/10890407/ckeditors-html-artifacts-trigger-spamassassin-can-you-turn-ckeditors-html-mod [4] http://ckeditor.com/who-is-using-ckeditor -- Christopher Tiwald
