Re: protocol is caSE sensitive, but should not be
On Tue 25 May 2010 10:01:12 PM CEST, Benny Pedersen wrote # save rule as 99_local_bugs_331.cf # SA = 3.3.1 if (version == 3.003001) uri __PROTOCOL_OK m{^https?://\w+} meta PROTOCOL_FIX (!__PROTOCOL_OK) describe PROTOCOL_FIX protocol in uri is not lowercase score PROTOCOL_FIX 5.0 endif # sa 3.3.1 only i hope above rule is a imidate fix until 3.3.2, works for me ups it hits when there is no url in body, how to fix this ? -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: protocol is caSE sensitive, but should not be
Benny Pedersen wrote: On Tue 25 May 2010 10:01:12 PM CEST, Benny Pedersen wrote # save rule as 99_local_bugs_331.cf # SA = 3.3.1 if (version == 3.003001) uri __PROTOCOL_OK m{^https?://\w+} meta PROTOCOL_FIX (!__PROTOCOL_OK) describe PROTOCOL_FIX protocol in uri is not lowercase score PROTOCOL_FIX 5.0 endif # sa 3.3.1 only i hope above rule is a imidate fix until 3.3.2, works for me ups it hits when there is no url in body, how to fix this ? That's what you told it to do. (! __PROTOCOL_OK) == true if there is not a match on your uri rule. Try something like this: uri PROTOCOL_FIX m{^(?!https?://)[hH][tT][tT][pP][sS]?://} There may be a more elegant way to do this, but it should match whenever there is an uppercase letter in there somewhere. -- Bowie
Re: protocol is caSE sensitive, but should not be
On Tue, 25 May 2010 22:01:12 +0200 Benny Pedersen m...@junc.org wrote: On Tue 25 May 2010 08:38:29 PM CEST, Karsten Bräckelmann wrote On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote: i see spam mails that using Http://example.com Yes, it is a known issue. Fixed in SVN already, and will be shipped with the next release 3.3.2. super # save rule as 99_local_bugs_331.cf # SA = 3.3.1 if (version == 3.003001) uri __PROTOCOL_OK m{^https?://\w+} meta PROTOCOL_FIX (!__PROTOCOL_OK) describe PROTOCOL_FIX protocol in uri is not lowercase score PROTOCOL_FIX 5.0 endif # sa 3.3.1 only i hope above rule is a imidate fix until 3.3.2, works for me IMO something like this should be added via sa-update and left there as long as spammers are doing this - not just until 3.3.2 is released.
RE: protocol is caSE sensitive, but should not be
Yes, it is a known issue. Fixed in SVN already, and will be shipped with the next release 3.3.2. when will 3.3.2 be pushed out? - rh
RE: protocol is caSE sensitive, but should not be
On Wed, 2010-05-26 at 11:14 -0700, R-Elists wrote: Yes, it is a known issue. Fixed in SVN already, and will be shipped with the next release 3.3.2. when will 3.3.2 be pushed out? We're gearing up towards a release. See the dev list. ;) -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: protocol is caSE sensitive, but should not be
On Wed 26 May 2010 07:39:53 PM CEST, RW wrote # save rule as 99_local_bugs_331.cf # SA = 3.3.1 if (version == 3.003001) uri __PROTOCOL_OK m{^https?://\w+} meta PROTOCOL_FIX (!__PROTOCOL_OK) describe PROTOCOL_FIX protocol in uri is not lowercase score PROTOCOL_FIX 5.0 endif # sa 3.3.1 only i hope above rule is a imidate fix until 3.3.2, works for me IMO something like this should be added via sa-update and left there as long as spammers are doing this - not just until 3.3.2 is released. it just hits on no url aswell, and i dont know how to solve this :( -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
protocol is caSE sensitive, but should not be
i see spam mails that using Http://example.com to bypass url hits :( where http://example.com is url blacklisted in 3.3.1 -- xpoint
Re: protocol is caSE sensitive, but should not be
On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote: i see spam mails that using Http://example.com Yes, it is a known issue. Fixed in SVN already, and will be shipped with the next release 3.3.2. -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: protocol is caSE sensitive, but should not be
On Tue 25 May 2010 08:38:29 PM CEST, Karsten Bräckelmann wrote On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote: i see spam mails that using Http://example.com Yes, it is a known issue. Fixed in SVN already, and will be shipped with the next release 3.3.2. super # save rule as 99_local_bugs_331.cf # SA = 3.3.1 if (version == 3.003001) uri __PROTOCOL_OK m{^https?://\w+} meta PROTOCOL_FIX (!__PROTOCOL_OK) describe PROTOCOL_FIX protocol in uri is not lowercase score PROTOCOL_FIX 5.0 endif # sa 3.3.1 only i hope above rule is a imidate fix until 3.3.2, works for me -- xpoint http://www.unicom.com/pw/reply-to-harmful.html