Re: Custom rule not hitting suddenly?

Mon, 08 Sep 2014 18:02:48 -0700 

On Mon, 8 Sep 2014, Amir Caspi wrote:


Since I'm not running 3.4, this particular grep doesn't work for me, but with 
John Hardin's advice I set up the following rule, which should catch all URIs:

 uri     ALL_URI   /.*/
 tflags  ALL_URI   multiple

Debug output shows the following:

Sep  8 20:02:58.896 [9267] dbg: rules: ran uri rule AC_ALL_URI ======> got hit: 
"http://iMotors.com";
Sep  8 20:02:58.897 [9267] dbg: rules: ran uri rule AC_ALL_URI ======> got hit: 
"negative match"
Sep  8 20:02:58.897 [9267] dbg: rules: ran uri rule AC_ALL_URI ======> got hit: 
"mailto:u...@domain.com";
Sep  8 20:02:58.897 [9267] dbg: rules: ran uri rule AC_ALL_URI ======> got hit: 
"negative match"
Sep  8 20:02:58.897 [9267] dbg: rules: ran uri rule AC_ALL_URI ======> got hit: 
"u...@domain.com"
Sep  8 20:02:58.897 [9267] dbg: rules: ran uri rule AC_ALL_URI ======> got hit: 
"negative match"

So, for some reason, the URI engine is not picking out these .club URIs, it's getting 
"negative match."  Is it because the engine in 3.3.2 doesn't like that TLD?  To 
test this, I manually changed the TLD of the second spam URI (out.blah) to .us or .org, 
and then the engine picked it out just fine:

Sep  8 20:03:43.151 [9197] dbg: rules: ran uri rule AC_ALL_URI ======> got hit: 
"http://out.dosearchcarsonsale.us";
Sep  8 20:04:35.578 [9227] dbg: rules: ran uri rule AC_ALL_URI ======> got hit: 
"http://out.dosearchcarsonsale.org";

So, it seems to me that the URI engine is barfing on the TLD, and that's the 
problem...

[snip..]

Nope, it does not.  Per above, it seems that SA 3.3.2 doesn't like the TLD.

Is there a patch I can apply that would fix this, until I can upgrade to 3.4?

Thanks.

--- Amir


Amir,

You need to update your "RegistrarBoundaries.pm" spamassasin Utility module
(or update your whole SA kit). See the '"colors" TLDs in spam' thread of mine
from a month ago.

BTW, saw my first spam with URIs in the ".rocks" TLD.

--
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Reply via email to