You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2012/03/15 20:52:34 UTC

Understanding AXB_X_AOL_SEZ_S

Hi,

I've noticed that a number of hams have been tagged with
AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
simple pattern in the body that would cause so many fp's for me?

Here's an example:

http://pastebin.com/raw.php?i=5USWwdQT

What is it in this that is hitting? Here's a line from the debug output:

Mar 15 15:50:36.547 [18426] dbg: rules: ran header rule
AXB_X_AOL_SEZ_S ======> got hit: "S"

Thanks for any ideas.
Alex

Re: Understanding AXB_X_AOL_SEZ_S

Posted by Benny Pedersen <me...@junc.org>.

Den 2012-03-15 20:52, Alex skrev:

> I've noticed that a number of hams have been tagged with
> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
> simple pattern in the body that would cause so many fp's for me?

AOL SAYS ITS SPAM

whitelist_auth dbeltz2428@aol.com

in local.cf or user_prefs

btw where is spf pass ?

Re: Understanding AXB_X_AOL_SEZ_S

Posted by Benny Pedersen <me...@junc.org>.

Den 2012-03-15 21:32, Alex skrev:

> That's basically a poison pill rule...

ask aol why thay add it ?

Re: Understanding AXB_X_AOL_SEZ_S

Posted by Alex <my...@gmail.com>.

Hi,

>> I've noticed that a number of hams have been tagged with
>> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
>> simple pattern in the body that would cause so many fp's for me?
>>
> cluestick:
> find where your updated rules live.
> (locate MIRRORED.BY)
>
> grep AXB_X_AOL_SEZ_S *

Yes, I shouldn't have assumed that it was obvious I already did that.
However, it seems to be just too simplistic of a pattern to apply 3
pts:

72_active.cf:##{ AXB_X_AOL_SEZ_S
72_active.cf:header          AXB_X_AOL_SEZ_S
x-aol-global-disposition =~ /^S$/
72_active.cf:describe        AXB_X_AOL_SEZ_S         AOL said this is S
72_active.cf:##} AXB_X_AOL_SEZ_S
72_scores.cf:score AXB_X_AOL_SEZ_S                       2.799 2.999 2.799 2.999

I've found nearly every AOL mail has that header, no?

That's basically a poison pill rule...

Thanks,
Alex

Re: Understanding AXB_X_AOL_SEZ_S

Posted by Michael Scheidell <mi...@secnap.com>.

On 3/15/12 3:52 PM, Alex wrote:
> Hi,
>
> I've noticed that a number of hams have been tagged with
> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
> simple pattern in the body that would cause so many fp's for me?
>
cluestick:
find where your updated rules live.
(locate MIRRORED.BY)

grep AXB_X_AOL_SEZ_S *


-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
 >*| *SECNAP Network Security Corporation

    * Best Mobile Solutions Product of 2011
    * Best Intrusion Prevention Product
    * Hot Company Finalist 2011
    * Best Email Security Product
    * Certified SNORT Integrator

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________

Re: Understanding AXB_X_AOL_SEZ_S

Posted by Alex <my...@gmail.com>.

Hi,

>> I've noticed that a number of hams have been tagged with
>> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
>> simple pattern in the body that would cause so many fp's for me?
>>
>> Here's an example:
>>
>> http://pastebin.com/raw.php?i=5USWwdQT
>>
>> What is it in this that is hitting? Here's a line from the debug output:
>>
>> Mar 15 15:50:36.547 [18426] dbg: rules: ran header rule
>> AXB_X_AOL_SEZ_S ======>  got hit: "S"
>>
>> Thanks for any ideas.
>> Alex
>
>
> Aol tag its outbound messages with
>
> x-aol-global-disposition: S
>
> x-aol-global-disposition: G
>
> assuming
> S: spam
> G: good
>
> See
> http://ruleqa.spamassassin.org/20120314-r1300482-n/AXB_X_AOL_SEZ_S/detail
>
> AOL is telling you their user's mail is spam and the rule helps you tag it.
>
> As always, if the score is to high for you, you can lower or disable the
> rule completely

Ah, thanks. I never even thought there could be a meaning defined by
AOL behind those headers that would be so helpful. Still learning.

Thanks,
Alex

Re: Understanding AXB_X_AOL_SEZ_S

Posted by Axb <ax...@gmail.com>.

On 03/15/2012 08:52 PM, Alex wrote:
> Hi,
>
> I've noticed that a number of hams have been tagged with
> AXB_X_AOL_SEZ_S, creating false positives. Is this looking for a
> simple pattern in the body that would cause so many fp's for me?
>
> Here's an example:
>
> http://pastebin.com/raw.php?i=5USWwdQT
>
> What is it in this that is hitting? Here's a line from the debug output:
>
> Mar 15 15:50:36.547 [18426] dbg: rules: ran header rule
> AXB_X_AOL_SEZ_S ======>  got hit: "S"
>
> Thanks for any ideas.
> Alex

Aol tag its outbound messages with

x-aol-global-disposition: S

x-aol-global-disposition: G

assuming
S: spam
G: good

See 
http://ruleqa.spamassassin.org/20120314-r1300482-n/AXB_X_AOL_SEZ_S/detail

AOL is telling you their user's mail is spam and the rule helps you tag it.

As always, if the score is to high for you, you can lower or disable the 
rule completely



A quick google for ""x-aol-global-disposition: S" will help clarify.