You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jorge Valdes <jv...@intercom.com.sv> on 2008/10/25 02:35:17 UTC
Bad SARE Rule
I have just discovered a small bug in 70_sare_header.cf:
header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru/i
which should be:
header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru$/i
otherwise it will always match other stuff like: @mail.runner.com, etc.
--
Jorge Valdes
Intercom El Salvador
jvaldes@intercom.com.sv
Re: Bad SARE Rule
Posted by Yet Another Ninja <sa...@alexb.ch>.
On 10/27/2008 9:59 AM, Matus UHLAR - fantomas wrote:
>> "Jorge Valdes" <jv...@intercom.com.sv> wrote in message
>> news:490269C5.1090807@intercom.com.sv...
>>> I have just discovered a small bug in 70_sare_header.cf:
>>>
>>> header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru/i
>>>
>>> which should be:
>>>
>>> header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru$/i
>>>
>>> otherwise it will always match other stuff like: @mail.runner.com, etc.
>
> On 27.10.08 09:49, Jeremy wrote:
>> Wouldn't it be best like this?
>>
>> header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru\b/i
>
> I'm afrair it matched strings like ru. and ru- which may also produce FP's.
Updated:
70_sare_header.cf
70_sare_header3.cf
NEW:
header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru$/i
will take time to replicate to mirrors.
Re: Bad SARE Rule
Posted by Henrik K <he...@hege.li>.
On Mon, Oct 27, 2008 at 12:39:58PM +0200, Henrik K wrote:
>
> The workaround would be something like:
> From =~ /\@mail\.ru(?:\b|[^.-])/i
Blah, for those who care, here is a somewhat working and "safe" kludge..
/\@mail\.ru\.?([^a-z0-9.-]|$)/
Time to create some complex regex for :addr..
Re: Bad SARE Rule
Posted by Henrik K <he...@hege.li>.
On Mon, Oct 27, 2008 at 11:48:13AM +0200, Henrik K wrote:
> On Mon, Oct 27, 2008 at 10:20:14AM +0100, Matus UHLAR - fantomas wrote:
> > > On Mon, Oct 27, 2008 at 09:59:42AM +0100, Matus UHLAR - fantomas wrote:
> > > > > "Jorge Valdes" <jv...@intercom.com.sv> wrote in message
> > > > > news:490269C5.1090807@intercom.com.sv...
> > > > > >I have just discovered a small bug in 70_sare_header.cf:
> > > > > >
> > > > > >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru/i
> > > > > >
> > > > > >which should be:
> > > > > >
> > > > > >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru$/i
> > > > > >
> > > > > >otherwise it will always match other stuff like: @mail.runner.com, etc.
> > > >
> > > > On 27.10.08 09:49, Jeremy wrote:
> > > > > Wouldn't it be best like this?
> > > > >
> > > > > header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru\b/i
> > > >
> > > > I'm afrair it matched strings like ru. and ru- which may also produce FP's.
> >
> > On 27.10.08 11:07, Henrik K wrote:
> > > Thus the correct way:
> > >
> > > From:addr =~ /\@mail\.ru$/i
> >
> > this will not match "@mail.ru>" or "@mail.ru ...".
> > If this is the desired effect, no problem.
>
> Replying a bit too fast, ey? Did you notice the :addr part?
>
> http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#item_header_symbolic_test_name_header_op__2fpattern_2fm
I guess I'm slightly guilty of the same. It's always more fun to bring up
some actual facts.
So, the "official" way (From:addr) doesn't seem to work like one would
perhaps imagine.
Works:
From: sdsdf <fo...@mail.ru>
.. etc documented cases
Doesn't work:
From: foo@mail.ru>
From: foo@mail.ru ...
Actually Outlook was happy to reply to those addresses as foo@mail.ru. Very
smart of it..
I think I will post enhancement to bugzilla so that :addr actually grabs
emails from the noise.
The workaround would be something like:
>From =~ /\@mail\.ru(?:\b|[^.-])/i
Then again, the whole concept is a bit awkward. If you want to know mail is
from mail.ru, perhaps you should check EnvelopeFrom instead. If you like to
catch From-obfuscations, then you probably want different kind of rules
anyway, and maybe check Reply-To also.
Re: Bad SARE Rule
Posted by Henrik K <he...@hege.li>.
On Mon, Oct 27, 2008 at 10:20:14AM +0100, Matus UHLAR - fantomas wrote:
> > On Mon, Oct 27, 2008 at 09:59:42AM +0100, Matus UHLAR - fantomas wrote:
> > > > "Jorge Valdes" <jv...@intercom.com.sv> wrote in message
> > > > news:490269C5.1090807@intercom.com.sv...
> > > > >I have just discovered a small bug in 70_sare_header.cf:
> > > > >
> > > > >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru/i
> > > > >
> > > > >which should be:
> > > > >
> > > > >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru$/i
> > > > >
> > > > >otherwise it will always match other stuff like: @mail.runner.com, etc.
> > >
> > > On 27.10.08 09:49, Jeremy wrote:
> > > > Wouldn't it be best like this?
> > > >
> > > > header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru\b/i
> > >
> > > I'm afrair it matched strings like ru. and ru- which may also produce FP's.
>
> On 27.10.08 11:07, Henrik K wrote:
> > Thus the correct way:
> >
> > From:addr =~ /\@mail\.ru$/i
>
> this will not match "@mail.ru>" or "@mail.ru ...".
> If this is the desired effect, no problem.
Replying a bit too fast, ey? Did you notice the :addr part?
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html#item_header_symbolic_test_name_header_op__2fpattern_2fm
Re: Bad SARE Rule
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Mon, Oct 27, 2008 at 09:59:42AM +0100, Matus UHLAR - fantomas wrote:
> > > "Jorge Valdes" <jv...@intercom.com.sv> wrote in message
> > > news:490269C5.1090807@intercom.com.sv...
> > > >I have just discovered a small bug in 70_sare_header.cf:
> > > >
> > > >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru/i
> > > >
> > > >which should be:
> > > >
> > > >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru$/i
> > > >
> > > >otherwise it will always match other stuff like: @mail.runner.com, etc.
> >
> > On 27.10.08 09:49, Jeremy wrote:
> > > Wouldn't it be best like this?
> > >
> > > header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru\b/i
> >
> > I'm afrair it matched strings like ru. and ru- which may also produce FP's.
On 27.10.08 11:07, Henrik K wrote:
> Thus the correct way:
>
> From:addr =~ /\@mail\.ru$/i
this will not match "@mail.ru>" or "@mail.ru ...".
If this is the desired effect, no problem.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
Re: Bad SARE Rule
Posted by Henrik K <he...@hege.li>.
On Mon, Oct 27, 2008 at 09:59:42AM +0100, Matus UHLAR - fantomas wrote:
> > "Jorge Valdes" <jv...@intercom.com.sv> wrote in message
> > news:490269C5.1090807@intercom.com.sv...
> > >I have just discovered a small bug in 70_sare_header.cf:
> > >
> > >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru/i
> > >
> > >which should be:
> > >
> > >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru$/i
> > >
> > >otherwise it will always match other stuff like: @mail.runner.com, etc.
>
> On 27.10.08 09:49, Jeremy wrote:
> > Wouldn't it be best like this?
> >
> > header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru\b/i
>
> I'm afrair it matched strings like ru. and ru- which may also produce FP's.
Thus the correct way:
From:addr =~ /\@mail\.ru$/i
Re: Bad SARE Rule
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> "Jorge Valdes" <jv...@intercom.com.sv> wrote in message
> news:490269C5.1090807@intercom.com.sv...
> >I have just discovered a small bug in 70_sare_header.cf:
> >
> >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru/i
> >
> >which should be:
> >
> >header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru$/i
> >
> >otherwise it will always match other stuff like: @mail.runner.com, etc.
On 27.10.08 09:49, Jeremy wrote:
> Wouldn't it be best like this?
>
> header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru\b/i
I'm afrair it matched strings like ru. and ru- which may also produce FP's.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]
Re: Bad SARE Rule
Posted by Jeremy <je...@fairbrass.co.nz>.
"Jorge Valdes" <jv...@intercom.com.sv> wrote in message news:490269C5.1090807@intercom.com.sv...
>I have just discovered a small bug in 70_sare_header.cf:
>
> header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru/i
>
> which should be:
>
> header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru$/i
>
> otherwise it will always match other stuff like: @mail.runner.com, etc.
>
> --
> Jorge Valdes
> Intercom El Salvador
> jvaldes@intercom.com.sv
>
Wouldn't it be best like this?
header SARE_FREE_WEBM_RuMail From =~ /\@mail\.ru\b/i
That way, it would match a From header like this:
From: Joe Spammer <sp...@mail.ru>
Using the $ in the regex means the above line would not match.
Cheers,
Jeremy