You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2012/03/15 20:52:34 UTC
Understanding AXB_X_AOL_SEZ_S
Hi,
I've noticed that a number of hams have been tagged with
AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
simple pattern in the body that would cause so many fp's for me?
Here's an example:
http://pastebin.com/raw.php?i=5USWwdQT
What is it in this that is hitting? Here's a line from the debug output:
Mar 15 15:50:36.547 [18426] dbg: rules: ran header rule
AXB_X_AOL_SEZ_S ======> got hit: "S"
Thanks for any ideas.
Alex
Re: Understanding AXB_X_AOL_SEZ_S
Posted by Benny Pedersen <me...@junc.org>.
Den 2012-03-15 20:52, Alex skrev:
> I've noticed that a number of hams have been tagged with
> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
> simple pattern in the body that would cause so many fp's for me?
AOL SAYS ITS SPAM
whitelist_auth dbeltz2428@aol.com
in local.cf or user_prefs
btw where is spf pass ?
Re: Understanding AXB_X_AOL_SEZ_S
Posted by Benny Pedersen <me...@junc.org>.
Den 2012-03-15 21:32, Alex skrev:
> That's basically a poison pill rule...
ask aol why thay add it ?
Re: Understanding AXB_X_AOL_SEZ_S
Posted by Alex <my...@gmail.com>.
Hi,
>> I've noticed that a number of hams have been tagged with
>> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
>> simple pattern in the body that would cause so many fp's for me?
>>
> cluestick:
> find where your updated rules live.
> (locate MIRRORED.BY)
>
> grep AXB_X_AOL_SEZ_S *
Yes, I shouldn't have assumed that it was obvious I already did that.
However, it seems to be just too simplistic of a pattern to apply 3
pts:
72_active.cf:##{ AXB_X_AOL_SEZ_S
72_active.cf:header AXB_X_AOL_SEZ_S
x-aol-global-disposition =~ /^S$/
72_active.cf:describe AXB_X_AOL_SEZ_S AOL said this is S
72_active.cf:##} AXB_X_AOL_SEZ_S
72_scores.cf:score AXB_X_AOL_SEZ_S 2.799 2.999 2.799 2.999
I've found nearly every AOL mail has that header, no?
That's basically a poison pill rule...
Thanks,
Alex
Re: Understanding AXB_X_AOL_SEZ_S
Posted by Michael Scheidell <mi...@secnap.com>.
On 3/15/12 3:52 PM, Alex wrote:
> Hi,
>
> I've noticed that a number of hams have been tagged with
> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
> simple pattern in the body that would cause so many fp's for me?
>
cluestick:
find where your updated rules live.
(locate MIRRORED.BY)
grep AXB_X_AOL_SEZ_S *
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________
Re: Understanding AXB_X_AOL_SEZ_S
Posted by Alex <my...@gmail.com>.
Hi,
>> I've noticed that a number of hams have been tagged with
>> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
>> simple pattern in the body that would cause so many fp's for me?
>>
>> Here's an example:
>>
>> http://pastebin.com/raw.php?i=5USWwdQT
>>
>> What is it in this that is hitting? Here's a line from the debug output:
>>
>> Mar 15 15:50:36.547 [18426] dbg: rules: ran header rule
>> AXB_X_AOL_SEZ_S ======> got hit: "S"
>>
>> Thanks for any ideas.
>> Alex
>
>
> Aol tag its outbound messages with
>
> x-aol-global-disposition: S
>
> x-aol-global-disposition: G
>
> assuming
> S: spam
> G: good
>
> See
> http://ruleqa.spamassassin.org/20120314-r1300482-n/AXB_X_AOL_SEZ_S/detail
>
> AOL is telling you their user's mail is spam and the rule helps you tag it.
>
> As always, if the score is to high for you, you can lower or disable the
> rule completely
Ah, thanks. I never even thought there could be a meaning defined by
AOL behind those headers that would be so helpful. Still learning.
Thanks,
Alex
Re: Understanding AXB_X_AOL_SEZ_S
Posted by Axb <ax...@gmail.com>.
On 03/15/2012 08:52 PM, Alex wrote:
> Hi,
>
> I've noticed that a number of hams have been tagged with
> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
> simple pattern in the body that would cause so many fp's for me?
>
> Here's an example:
>
> http://pastebin.com/raw.php?i=5USWwdQT
>
> What is it in this that is hitting? Here's a line from the debug output:
>
> Mar 15 15:50:36.547 [18426] dbg: rules: ran header rule
> AXB_X_AOL_SEZ_S ======> got hit: "S"
>
> Thanks for any ideas.
> Alex
Aol tag its outbound messages with
x-aol-global-disposition: S
x-aol-global-disposition: G
assuming
S: spam
G: good
See
http://ruleqa.spamassassin.org/20120314-r1300482-n/AXB_X_AOL_SEZ_S/detail
AOL is telling you their user's mail is spam and the rule helps you tag it.
As always, if the score is to high for you, you can lower or disable the
rule completely
A quick google for ""x-aol-global-disposition: S" will help clarify.