protocol is caSE sensitive, but should not be

[Benny Pedersen <me...@junc.org>]

i see spam mails that using Http://example.com to bypass url hits :(

where http://example.com is url blacklisted

in 3.3.1

-- 
xpoint

RE: protocol is caSE sensitive, but should not be

[Karsten Bräckelmann <gu...@rudersport.de>]

On Wed, 2010-05-26 at 11:14 -0700, R-Elists wrote:
> > Yes, it is a known issue. Fixed in SVN already, and will be 
> > shipped with the next release 3.3.2.
> 
> when will 3.3.2 be pushed out?

We're gearing up towards a release. See the dev list. ;)


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

RE: protocol is caSE sensitive, but should not be

[R-Elists <li...@abbacomm.net>]

 

> 
> Yes, it is a known issue. Fixed in SVN already, and will be 
> shipped with the next release 3.3.2.
> 
> 

when will 3.3.2 be pushed out?

 - rh

Re: protocol is caSE sensitive, but should not be

[Benny Pedersen <me...@junc.org>]

On Wed 26 May 2010 07:39:53 PM CEST, RW wrote

>> # save rule as 99_local_bugs_331.cf
>> # SA = 3.3.1
>> if (version == 3.003001)
>>      uri __PROTOCOL_OK m{^https?://\w+}
>>      meta PROTOCOL_FIX (!__PROTOCOL_OK)
>>      describe PROTOCOL_FIX protocol in uri is not lowercase
>>      score PROTOCOL_FIX 5.0
>> endif # sa 3.3.1 only i hope
>> above rule is a imidate fix until 3.3.2, works for me
> IMO something like this should be added via sa-update and left there as
> long as spammers are doing this - not just until 3.3.2 is released.

it just hits on no url aswell, and i dont know how to solve this :(

-- 
xpoint http://www.unicom.com/pw/reply-to-harmful.html

Re: protocol is caSE sensitive, but should not be

[RW <rw...@googlemail.com>]

On Tue, 25 May 2010 22:01:12 +0200
Benny Pedersen <me...@junc.org> wrote:

> On Tue 25 May 2010 08:38:29 PM CEST, Karsten Bräckelmann wrote
> 
> > On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:
> >> i see spam mails that using Http://example.com
> >
> > Yes, it is a known issue. Fixed in SVN already, and will be shipped
> > with the next release 3.3.2.
> 
> super
> 
> # save rule as 99_local_bugs_331.cf
> # SA = 3.3.1
> if (version == 3.003001)
>      uri __PROTOCOL_OK m{^https?://\w+}
>      meta PROTOCOL_FIX (!__PROTOCOL_OK)
>      describe PROTOCOL_FIX protocol in uri is not lowercase
>      score PROTOCOL_FIX 5.0
> endif # sa 3.3.1 only i hope
> 
> above rule is a imidate fix until 3.3.2, works for me

IMO something like this should be added via sa-update and left there as
long as spammers are doing this - not just until 3.3.2 is released.

Re: protocol is caSE sensitive, but should not be

[Bowie Bailey <Bo...@BUC.com>]

Benny Pedersen wrote:
> On Tue 25 May 2010 10:01:12 PM CEST, Benny Pedersen wrote
>
>> # save rule as 99_local_bugs_331.cf
>> # SA = 3.3.1
>> if (version == 3.003001)
>>     uri __PROTOCOL_OK m{^https?://\w+}
>>     meta PROTOCOL_FIX (!__PROTOCOL_OK)
>>     describe PROTOCOL_FIX protocol in uri is not lowercase
>>     score PROTOCOL_FIX 5.0
>> endif # sa 3.3.1 only i hope
>>
>> above rule is a imidate fix until 3.3.2, works for me
>
> ups it hits when there is no url in body, how to fix this ?

That's what you told it to do. 

(! __PROTOCOL_OK)   == true if there is not a match on your uri rule.

Try something like this:

uri PROTOCOL_FIX m{^(?!https?://)[hH][tT][tT][pP][sS]?://}

There may be a more elegant way to do this, but it should match whenever
there is an uppercase letter in there somewhere.

-- 
Bowie

Re: protocol is caSE sensitive, but should not be

[Benny Pedersen <me...@junc.org>]

On Tue 25 May 2010 10:01:12 PM CEST, Benny Pedersen wrote

> # save rule as 99_local_bugs_331.cf
> # SA = 3.3.1
> if (version == 3.003001)
>     uri __PROTOCOL_OK m{^https?://\w+}
>     meta PROTOCOL_FIX (!__PROTOCOL_OK)
>     describe PROTOCOL_FIX protocol in uri is not lowercase
>     score PROTOCOL_FIX 5.0
> endif # sa 3.3.1 only i hope
>
> above rule is a imidate fix until 3.3.2, works for me

ups it hits when there is no url in body, how to fix this ?


-- 
xpoint http://www.unicom.com/pw/reply-to-harmful.html

Re: protocol is caSE sensitive, but should not be

[Benny Pedersen <me...@junc.org>]

On Tue 25 May 2010 08:38:29 PM CEST, Karsten Bräckelmann wrote

> On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:
>> i see spam mails that using Http://example.com
>
> Yes, it is a known issue. Fixed in SVN already, and will be shipped with
> the next release 3.3.2.

super

# save rule as 99_local_bugs_331.cf
# SA = 3.3.1
if (version == 3.003001)
     uri __PROTOCOL_OK m{^https?://\w+}
     meta PROTOCOL_FIX (!__PROTOCOL_OK)
     describe PROTOCOL_FIX protocol in uri is not lowercase
     score PROTOCOL_FIX 5.0
endif # sa 3.3.1 only i hope

above rule is a imidate fix until 3.3.2, works for me

-- 
xpoint http://www.unicom.com/pw/reply-to-harmful.html

Re: protocol is caSE sensitive, but should not be

[Karsten Bräckelmann <gu...@rudersport.de>]

On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:
> i see spam mails that using Http://example.com

Yes, it is a known issue. Fixed in SVN already, and will be shipped with
the next release 3.3.2.


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}