You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by jh...@apache.org on 2021/08/01 20:18:07 UTC

svn commit: r1891951 - /spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Author: jhardin
Date: Sun Aug  1 20:18:07 2021
New Revision: 1891951

URL: http://svn.apache.org/viewvc?rev=1891951&view=rev
Log:
__URI_LONG_REPEAT hit on shorter repeat host+domain parts, spammers are using shorter ones now

Modified:
    spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf

Modified: spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
URL: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf?rev=1891951&r1=1891950&r2=1891951&view=diff
==============================================================================
--- spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf (original)
+++ spamassassin/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf Sun Aug  1 20:18:07 2021
@@ -3938,9 +3938,9 @@ meta       XM_LONG_DUP_TO              _
 # public PDF hosting abused for phishing redirects
 uri        __OPENTEXT_PDF              m;://core.opentext.com/pdfjs/web/viewer.html?shortLink=;i
 
-uri        __URI_LONG_REPEAT           m;(?:://|@)(?:\w+\.)*(\w{10,}\.)\1;i
+uri        __URI_LONG_REPEAT           m;(?:://|@)(?:\w+\.)*(\w{7,}\.)\1;i
 meta       URI_LONG_REPEAT             __URI_LONG_REPEAT
-describe   URI_LONG_REPEAT             Very long identical host+domain
+describe   URI_LONG_REPEAT             Long identical host+domain
 score      URI_LONG_REPEAT             2.500	# limit
 tflags     URI_LONG_REPEAT             publish