I know I must be missing something really obvious here, but I don't normally rely on Bomb detection as I have had issues in the past with False Positives. After installing that RegEx I am seeing log entries where bombDataRe says [scoring] rather than something like [scoring:10]:
Apr-30-10 08:19:31 37169-08932 [BombSubject] 204.8.217.138 <[email protected]> to: [email protected] [scoring:10] -- bombSubjectRe: 'Free' -- [Dish Network Free Install Free DVR HD]; Apr-30-10 08:19:31 37169-08932 [RWL] 204.8.217.138 <[email protected]> to: [email protected] [whiting] Received-RWL: listed by (exemptions.ahbl.org->127.0.0.2,trust=2; ) client-ip=204.8.217.138; Apr-30-10 08:19:34 37169-08932 [bombDataRe] 204.8.217.138 <[email protected]> to: [email protected] [scoring] -- bombDataRe: 'http://mail.dishdealsonline.co.c' -- [Dish Network Free Install Free DVR HD]; Apr-30-10 08:19:34 37169-08932 [bombRe] 204.8.217.138 <[email protected]> to: [email protected] [scoring] -- bombRe: 'Save 70%' -- [Dish Network Free Install Free DVR HD]; Apr-30-10 08:19:34 37169-08932 204.8.217.138 <[email protected]> to: [email protected] ClamAV: scanned 4563 bytes in message - OK ; Apr-30-10 08:19:34 37169-08932 [MessageOK] 204.8.217.138 <[email protected]> to: [email protected] -- Message OK -- [Dish Network Free Install Free DVR HD] -> /usr/share/assp/okmail/Dish_Network_Free_Install_Free__2621.eml; You can see that both bombDataRe and bombRe do the same thing with an acknowledgment that they are scoring but no score is assigned, and so ultimately the message makes it. I can't seem to find a Penalty Box value that applies to these settings. I changed bombReMaxHits and bombDataReMaxHits to 1 but that didn't change things. Any suggestions? Thanks, Alex On Mon, Apr 26, 2010 at 9:44 AM, Alex Davidson <[email protected]> wrote: > > Thanks for that! > > On Mon, Apr 26, 2010 at 8:32 AM, Paul K. Dickson > <[email protected]> wrote: >> >> For instance: >> >> Apr-26-10 10:13:39 91219-13449 [bombDataRe][sl] 216.34.181.88 >> <[email protected]> to: [email protected] [spam >> passed] -- passing because spamlover, otherwise blocked (bombDataRe: >> 'http://hikari-navi.jp/ , http://xs.to/') -- [SPAM Dear assp user owner >> Catch 77 discounts iriz] -> /usr/local/assp/spam/13449.eml; >> >> >> >> > >> > For catching foreign URL¹s or email addresses in the body of an email. >> > Email¹s with foreign country codes can be blocked as part of ASSP¹s native >> > functionality, but that does not protect against a lot of phishing/viagra >> > sales attempts that come from US domains(yahoo, hotmail), but that have >> > obvious spam links in them. >> > >> > Put in bombDataRe. Score if you want. Obviously remove or comment out >> > country codes that you don¹t want scored if in the body of an email. I can >> > send a full txt of all country specific domains if you want. Request off >> > the list please. >> > >> > The following catches URL¹s or emails with the country code for Nigeria. >> > >> > (http\:\/\/|@)\S{1,255}\.NG(\s(\r|$)|\/|\.\s\w|\.?\r) >> > >> > >> > Oh, and I suggest you comment out .PL. PL will likely match perl scripts. ------------------------------------------------------------------------------ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
