You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/07/01 22:31:15 UTC

Re: Hello -- question about the "Rules" 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


FWIW, it should be fine to set that score to 0, I haven't seen one
of those in a long time ;)

- --j.

Pierre Thomson writes:
> Hello Ellen,
> 
> I also run 2.63; there's absolutely nothing wrong with it.  With the
> SURBL patch and a couple add-on rule sets, it's catching more than
> 98% of the spam site-wide.
> 
> Here's the BUGGY_CGI test from 2.63:
> 
> header __NMS_CGI_NOT_BUGGY      X-Mailer =~ /^NMS FormMail\.pl.*v\d/
> body __BUGGY_CGI                /Below is the result of your feedback form/
> meta BUGGY_CGI                  __BUGGY_CGI && !__NMS_CGI_NOT_BUGGY
> describe BUGGY_CGI              Broken CGI script message
> 
> If the email body (including subject) contains the exact string
> "Below is the result of your feedback form" and the X-Mailer field is
> not "NMS FormMail.pl" , this rule will trigger.  That looks like it
> could generate false positivs, since any legitimate form could insert
> that text.  I would simply zero the score for that rule in your
> local.cf file to disable it:
> 
> score BUGGY_CGI   0
> 
> Regards,
> Pierre Thomson
> BIC
> 
> -----Original Message-----
> From: Ellen Sleeter [mailto:sleeter@main.morris.org]
> Sent: Friday, July 01, 2005 4:07 PM
> To: users@spamassassin.apache.org
> Subject: Hello -- question about the "Rules"
> 
> [Oh... Not of the LIST, but of Spam-A]
> 
> I'm a new subscriber.
> 
> Q:  Is there a source on the Spam-A site or elsewhere that actually
> elaborates on the definition of each rule?
> 
> E.g., one which is causing come consternation in-house, because we can't
> tell what is being violated, is the rule of
> 
>    BUGGY_CGI 2.6
> 
> Since we've set the Spam score to 4.2, 2.6 is a pretty big byte out of
> that spam score, and we're gotten it on every form since we've moved to a
> new (for us), externally hosted webserver.
> 
> I admit to using 2.63, which is prior to the guidelines of the list, but
> the docu for this version is fully available on the Spam-A site.  But I
> don't see an explanation of what is actually tested by each rule.
> 
> Some rules are pretty easy to understand.  But not this one, which is
> offending the powers that be....Please show me the way to an explanation
> of the actual tests performed.  Merci!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCxagTMJF5cimLx9ARAksOAJ99iQ/fsdjX4hbTk662uQ4EeF0MYgCgnePY
w+xSQGJQWE8Kg5/qW87Fp40=
=ggot
-----END PGP SIGNATURE-----