Re: AXB_X_FF_SEZ_S not fired

Fri, 15 Aug 2014 13:20:09 -0700 

On 08/15/2014 10:07 PM, Bowie Bailey wrote:

On 8/15/2014 3:05 PM, Alex wrote:

Hi,

>> AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
>>
>> http://pastebin.com/vRQXxgJH
>>
>> I'm using spamassassin-3.4, and I tested it on another spam (from
the quarantine, where it had already fired) and it was triggered there
just fine.
>>
>> ##{ AXB_X_FF_SEZ_S
>> header          AXB_X_FF_SEZ_S X-Forefront-Antispam-Report =~
/^SFV\:SPM/
>> describe        AXB_X_FF_SEZ_S          Forefront sez this is spam
>> ##} AXB_X_FF_SEZ_S
>> ##{ AXB_X_FF_SEZ_S if (version >= 3.004000)
>> if (version >= 3.004000)
>> tflags          AXB_X_FF_SEZ_S  autolearn_force
>> endif
>> ##} AXB_X_FF_SEZ_S if (version >= 3.004000)
>>
>> This is also one of those short-body URI spams, so I hoped it would
have been caught just based on that, so ideas on what else is missing
would also be appreciated...
>
>
> Works for me.  I added your rule and tested it against your sample...
>
>         *  1.0 AXB_X_FF_SEZ_S Forefront sez this is spam
>
> Are you sure you put the rule in the right place and reloaded spamd?

Thanks for checking for me. This is even when running spamassassin -t
directly.

Hmm.. I'm looking at it more closely, and even the rule as it appears
above, and it has no score.

What file is the score supposed to be in, 72_scores.cf
<http://72_scores.cf>? My 72_scores.cf <http://72_scores.cf> is dated
Jul 28th.

# ls -l 72_scores.cf <http://72_scores.cf>
-rw-r--r-- 1 root root 8174 Jul 28 04:49 72_scores.cf
<http://72_scores.cf>
# md5sum 72_scores.cf <http://72_scores.cf>
9f82b967a373e44a373c3be30ad21e23 72_scores.cf <http://72_scores.cf>


This isn't one of the stock rules, so it shouldn't be in that file (or
directory).  The files there (/var/lib/spamassassin/3.004000/ on my
system) are stock rules and any manual changes will be squashed by
sa_update.

Custom rules (and their scores) should go in local.cf (or another *.cf
file) in your local rules directory (/etc/mail/spamassassin/ on my system).

Rules with no score assigned are automatically scored at 1.0.



This is a sandbox rule which was autopromoted/published by sa-update.
Due to lack of hits I removed it and re-added back yesterday.
It may be republished if masschecks decide it is worth it.

Axb

Reply via email to