You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Benny Pedersen <me...@junc.org> on 2010/05/25 14:20:33 UTC
protocol is caSE sensitive, but should not be
i see spam mails that using Http://example.com to bypass url hits :(
where http://example.com is url blacklisted
in 3.3.1
--
xpoint
RE: protocol is caSE sensitive, but should not be
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-05-26 at 11:14 -0700, R-Elists wrote:
> > Yes, it is a known issue. Fixed in SVN already, and will be
> > shipped with the next release 3.3.2.
>
> when will 3.3.2 be pushed out?
We're gearing up towards a release. See the dev list. ;)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: protocol is caSE sensitive, but should not be
Posted by R-Elists <li...@abbacomm.net>.
>
> Yes, it is a known issue. Fixed in SVN already, and will be
> shipped with the next release 3.3.2.
>
>
when will 3.3.2 be pushed out?
- rh
Re: protocol is caSE sensitive, but should not be
Posted by Benny Pedersen <me...@junc.org>.
On Wed 26 May 2010 07:39:53 PM CEST, RW wrote
>> # save rule as 99_local_bugs_331.cf
>> # SA = 3.3.1
>> if (version == 3.003001)
>> uri __PROTOCOL_OK m{^https?://\w+}
>> meta PROTOCOL_FIX (!__PROTOCOL_OK)
>> describe PROTOCOL_FIX protocol in uri is not lowercase
>> score PROTOCOL_FIX 5.0
>> endif # sa 3.3.1 only i hope
>> above rule is a imidate fix until 3.3.2, works for me
> IMO something like this should be added via sa-update and left there as
> long as spammers are doing this - not just until 3.3.2 is released.
it just hits on no url aswell, and i dont know how to solve this :(
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: protocol is caSE sensitive, but should not be
Posted by RW <rw...@googlemail.com>.
On Tue, 25 May 2010 22:01:12 +0200
Benny Pedersen <me...@junc.org> wrote:
> On Tue 25 May 2010 08:38:29 PM CEST, Karsten Bräckelmann wrote
>
> > On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:
> >> i see spam mails that using Http://example.com
> >
> > Yes, it is a known issue. Fixed in SVN already, and will be shipped
> > with the next release 3.3.2.
>
> super
>
> # save rule as 99_local_bugs_331.cf
> # SA = 3.3.1
> if (version == 3.003001)
> uri __PROTOCOL_OK m{^https?://\w+}
> meta PROTOCOL_FIX (!__PROTOCOL_OK)
> describe PROTOCOL_FIX protocol in uri is not lowercase
> score PROTOCOL_FIX 5.0
> endif # sa 3.3.1 only i hope
>
> above rule is a imidate fix until 3.3.2, works for me
IMO something like this should be added via sa-update and left there as
long as spammers are doing this - not just until 3.3.2 is released.
Re: protocol is caSE sensitive, but should not be
Posted by Bowie Bailey <Bo...@BUC.com>.
Benny Pedersen wrote:
> On Tue 25 May 2010 10:01:12 PM CEST, Benny Pedersen wrote
>
>> # save rule as 99_local_bugs_331.cf
>> # SA = 3.3.1
>> if (version == 3.003001)
>> uri __PROTOCOL_OK m{^https?://\w+}
>> meta PROTOCOL_FIX (!__PROTOCOL_OK)
>> describe PROTOCOL_FIX protocol in uri is not lowercase
>> score PROTOCOL_FIX 5.0
>> endif # sa 3.3.1 only i hope
>>
>> above rule is a imidate fix until 3.3.2, works for me
>
> ups it hits when there is no url in body, how to fix this ?
That's what you told it to do.
(! __PROTOCOL_OK) == true if there is not a match on your uri rule.
Try something like this:
uri PROTOCOL_FIX m{^(?!https?://)[hH][tT][tT][pP][sS]?://}
There may be a more elegant way to do this, but it should match whenever
there is an uppercase letter in there somewhere.
--
Bowie
Re: protocol is caSE sensitive, but should not be
Posted by Benny Pedersen <me...@junc.org>.
On Tue 25 May 2010 10:01:12 PM CEST, Benny Pedersen wrote
> # save rule as 99_local_bugs_331.cf
> # SA = 3.3.1
> if (version == 3.003001)
> uri __PROTOCOL_OK m{^https?://\w+}
> meta PROTOCOL_FIX (!__PROTOCOL_OK)
> describe PROTOCOL_FIX protocol in uri is not lowercase
> score PROTOCOL_FIX 5.0
> endif # sa 3.3.1 only i hope
>
> above rule is a imidate fix until 3.3.2, works for me
ups it hits when there is no url in body, how to fix this ?
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: protocol is caSE sensitive, but should not be
Posted by Benny Pedersen <me...@junc.org>.
On Tue 25 May 2010 08:38:29 PM CEST, Karsten Bräckelmann wrote
> On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:
>> i see spam mails that using Http://example.com
>
> Yes, it is a known issue. Fixed in SVN already, and will be shipped with
> the next release 3.3.2.
super
# save rule as 99_local_bugs_331.cf
# SA = 3.3.1
if (version == 3.003001)
uri __PROTOCOL_OK m{^https?://\w+}
meta PROTOCOL_FIX (!__PROTOCOL_OK)
describe PROTOCOL_FIX protocol in uri is not lowercase
score PROTOCOL_FIX 5.0
endif # sa 3.3.1 only i hope
above rule is a imidate fix until 3.3.2, works for me
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: protocol is caSE sensitive, but should not be
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:
> i see spam mails that using Http://example.com
Yes, it is a known issue. Fixed in SVN already, and will be shipped with
the next release 3.3.2.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}