You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by NFN Smith <wo...@mail.com> on 2011/04/29 19:29:18 UTC
Header handling question
One of my spamtraps is getting a lot of traffic of messages with
Facebook and Twitter URLs. This is content that is coming from Yahoo
servers, although shows non-Yahoo return addresses, and some portion
have missing subject lines.
On further inspection, I find that the MISSING_SUBJECT, and in turn, I
see by inspecting the message headers, that the subject header is
rendered as "subject:" (with lower-case "s"), rather than "Subject:"
Is case-sensitivity causing that particular rule to miss, and is there a
way to set a regexp to look specifically for that particular pattern?
I think I've found enough other rules hits to make for a distinct
fingerprint, so that I can go after this stuff with a local rule, but to
me, the case error in the header coming from a misconfigured robomailer
seems to be a pretty reliable indicator.
Smith
Re: Header handling question
Posted by John Hardin <jh...@impsec.org>.
On Fri, 29 Apr 2011, NFN Smith wrote:
> is there a way to set a regexp to look specifically for that particular
> pattern?
Three is a rule in my sandbox that fires if more than one header in a
short list (including subject:) is oddly capitalized, including
all-lowercase for the one-word headers.
Unfortunately a lot of ham (> 4.5% of the corpus) appears to be sloppy
this way, so this is only useful in a meta with other tests.
http://ruleqa.spamassassin.org/?rule=%2FHDRS_LCASE&srcpath=jhardin
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Taking my gun away because I *might* shoot someone is like cutting
my tongue out because I *might* yell "Fire!" in a crowded theater.
-- Peter Venetoklis
-----------------------------------------------------------------------
9 days until the 66th anniversary of VE day