SARE_SPOOF included in base rules? - SpamAssassin

This is a discussion on SARE_SPOOF included in base rules? - SpamAssassin ; I just got an email that hit the following: * 2.0 SPOOF_COM2OTH URI: URI contains ".com" in middle * 2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end * 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c * 2.5 SARE_SPOOF_COM2COM URI: a.com.b.com Did ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: SARE_SPOOF included in base rules?

  1. SARE_SPOOF included in base rules?

    I just got an email that hit the following:

    * 2.0 SPOOF_COM2OTH URI: URI contains ".com" in middle
    * 2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end
    * 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
    * 2.5 SARE_SPOOF_COM2COM URI: a.com.b.com

    Did the SARE_SPOOF rules get included in the base ruleset while I wasn't
    looking?

    The rule definitions are almost the same.

    uri SARE_SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
    uri SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2}}i

    uri SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
    uri SARE_SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2,}}i

    --
    Bowie


  2. Re: SARE_SPOOF included in base rules?




    > From: Bowie Bailey
    > Date: Thu, 29 May 2008 15:25:36 -0400
    > To: "Spamassassin List (E-mail)"
    > Subject: SARE_SPOOF included in base rules?
    >
    > SPOOF_COM2OTH


    Been a couple of weeks I think. You are running sa-update, right. I
    remember seeing that rule in my list of 'duplicates' when I ran some
    diagnostics a while back.

    Also, I downloaded latest 70_sare_spoof.cf and its still there, so I
    manually removed them from my copy.


    --
    Michael Scheidell, CTO
    >|SECNAP Network Security

    Winner 2008 Network Products Guide Hot Companies
    FreeBSD SpamAssassin Ports maintainer

    __________________________________________________ _______________________
    This email has been scanned and certified safe by SpammerTrap(r).
    For Information please see http://www.spammertrap.com
    __________________________________________________ _______________________


  3. Re: SARE_SPOOF included in base rules?


    Bowie Bailey writes:
    > I just got an email that hit the following:
    >
    > * 2.0 SPOOF_COM2OTH URI: URI contains ".com" in middle
    > * 2.3 SPOOF_COM2COM URI: URI contains ".com" in middle and end
    > * 2.5 SARE_SPOOF_COM2OTH URI: a.com.b.c
    > * 2.5 SARE_SPOOF_COM2COM URI: a.com.b.com
    >
    > Did the SARE_SPOOF rules get included in the base ruleset while I wasn't
    > looking?
    >
    > The rule definitions are almost the same.
    >
    > uri SARE_SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
    > uri SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2}}i
    >
    > uri SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.)+?com}i
    > uri SARE_SPOOF_COM2COM m{^https?://(?:\w+\.)+?com\.(?:\w+\.){2,}}i


    They've been part of the base ruleset since:

    r106217 | quinlan | 2004-11-22 20:45:19 +0000 (Mon, 22 Nov 2004) | 2 lines

    promote best URI-based T_SPOOF_* rules


    --j.


+ Reply to Thread