Quoting Justin Mason :

> Jack Pepper writes:
>> I guess I don't need those rules. I see now that INVALID_MSGID was
>> already catching them.
>> apologies for the noise on the list.


I found my problem in the faq. I was missing the "m" on the end ogf
the regex:

score BOBAX_GEN_SPAM 1.800
header BOBAX_GEN_SPAM ALL =~ /^Message-Id:.*EJXVWDA/m
describe BOBAX_GEN_SPAM Has Bobax Generated Message-Id

getting hits on it now. nice.

Framework? I don't need no steenking framework!

@fferent Security Labs: Isolate/Insulate/Innovate