You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Harald Binkle <bi...@jam-software.com> on 2009/01/19 12:59:41 UTC
RE: [SpamAssassin] RE: [SpamAssassin] Re: eval function comparing
the matches of two regular expression? - AWL is fooled without
Hi,
thanks for coming back on this.
I didn't set the trusted and internal networks yet.
Since your last mail I did this and it seemed to solve the problem as far as I can see by now.
Greetings
Harry
> -----Original Message-----
> From: Karsten Bräckelmann [mailto:guenther@rudersport.de]
> Sent: Monday, January 19, 2009 12:55 PM
> To: dev@spamassassin.apache.org
> Subject: [SpamAssassin] RE: [SpamAssassin] Re: eval function comparing the
> matches of two regular expression? - AWL is fooled without
>
> On Fri, 2009-01-09 at 08:25 +0100, Harald Binkle wrote:
> > Hi,
> > Here is the header of one of those spam mails coming through:
> >
> > X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) * on
> > hermes.intranet.jam-software.com * at Wed, 07 Jan 2009 14:56:26 +0100
> > X-Spam-Status: No, hits=2.0, required= 5.0, autolearn=no, shortcircuit=no
> > X-Spam-Report: * 0.3 JAM_DO_STH_HERE BODY: Body contains
> Click/Order/Press... Here
> > * 0.2 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to
> image area
> > * 1.6 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes
> of words
> > * 0.0 HTML_MESSAGE BODY: HTML included in message
> > * 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
> > * [score: 0.9875]
> > * 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> > * 0.9 SARE_UN7 RAW: SARE_UN7
> > * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
> > * [41.209.78.136 listed in zen.spamhaus.org]
> > * -6.3 AWL AWL: From: address is in the auto white-list
>
> > Received: from hacos (41.209.78.136) by Hermes.intranet.jam-software.com
> > (192.168.123.96) with Microsoft SMTP Server id 8.1.291.1; Wed, 7 Jan 2009
> > 14:55:37 +0100
>
> Assuming that's the IP used for AWL, your AWL database seems to be dirty
> or broken. Unless you actually are physically located in Sudan...
>
>
> > X-Originating-IP: [20.447.77.419]
>
> This is just plain wrong. :)
>
>
> > So as you can see the AWL is the only applied rule which made this spam come
> through.
> > And of cause our own addresses are not on the whitelist.
>
> I guess I'd carefully check the AWL database. Or maybe just start over
> fresh. Any chance of wrong (possibly auto) learned messages?
>
> guenther
>
>
> --
> char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
----------------------------------------------------
JAM Software GmbH
Geschäftsführer: Joachim Marder
Max-Planck-Str. 22 * 54296 Trier * Germany
Tel: 0700-70707050 * Fax: 0700-70707059
(max. 12,4 ct/min, Preise aus Mobilfunknetzen können abweichen)
Handelsregister Nr. HRB 4920 (AG Wittlich) http://www.jam-software.de
Re: eval function comparing the matches of two regular
expression? - AWL is fooled without
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2009-01-19 at 12:59 +0100, Harald Binkle wrote:
> thanks for coming back on this.
> I didn't set the trusted and internal networks yet.
Ah -- that briefly crossed my mind, too, though I didn't think they are
involved at all in AWL and the associated net ranges. Also they tend to
be guessed correctly by default.
> Since your last mail I did this and it seemed to solve the problem as
> far as I can see by now.
Good to hear the problem is fixed. Thanks for the feedback. :)
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}