Re: protocol is caSE sensitive, but should not be

2010-05-26 Thread Benny Pedersen 

On Tue 25 May 2010 10:01:12 PM CEST, Benny Pedersen wrote


# save rule as 99_local_bugs_331.cf
# SA = 3.3.1
if (version == 3.003001)
uri __PROTOCOL_OK m{^https?://\w+}
meta PROTOCOL_FIX (!__PROTOCOL_OK)
describe PROTOCOL_FIX protocol in uri is not lowercase
score PROTOCOL_FIX 5.0
endif # sa 3.3.1 only i hope

above rule is a imidate fix until 3.3.2, works for me


ups it hits when there is no url in body, how to fix this ?


--
xpoint http://www.unicom.com/pw/reply-to-harmful.html

Re: protocol is caSE sensitive, but should not be

2010-05-26 Thread Bowie Bailey 
Benny Pedersen wrote:
 On Tue 25 May 2010 10:01:12 PM CEST, Benny Pedersen wrote

 # save rule as 99_local_bugs_331.cf
 # SA = 3.3.1
 if (version == 3.003001)
 uri __PROTOCOL_OK m{^https?://\w+}
 meta PROTOCOL_FIX (!__PROTOCOL_OK)
 describe PROTOCOL_FIX protocol in uri is not lowercase
 score PROTOCOL_FIX 5.0
 endif # sa 3.3.1 only i hope

 above rule is a imidate fix until 3.3.2, works for me

 ups it hits when there is no url in body, how to fix this ?

That's what you told it to do. 

(! __PROTOCOL_OK)   == true if there is not a match on your uri rule.

Try something like this:

uri PROTOCOL_FIX m{^(?!https?://)[hH][tT][tT][pP][sS]?://}

There may be a more elegant way to do this, but it should match whenever
there is an uppercase letter in there somewhere.

-- 
Bowie

Re: protocol is caSE sensitive, but should not be

2010-05-26 Thread RW 
On Tue, 25 May 2010 22:01:12 +0200
Benny Pedersen m...@junc.org wrote:

 On Tue 25 May 2010 08:38:29 PM CEST, Karsten Bräckelmann wrote
 
  On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:
  i see spam mails that using Http://example.com
 
  Yes, it is a known issue. Fixed in SVN already, and will be shipped
  with the next release 3.3.2.
 
 super
 
 # save rule as 99_local_bugs_331.cf
 # SA = 3.3.1
 if (version == 3.003001)
  uri __PROTOCOL_OK m{^https?://\w+}
  meta PROTOCOL_FIX (!__PROTOCOL_OK)
  describe PROTOCOL_FIX protocol in uri is not lowercase
  score PROTOCOL_FIX 5.0
 endif # sa 3.3.1 only i hope
 
 above rule is a imidate fix until 3.3.2, works for me

IMO something like this should be added via sa-update and left there as
long as spammers are doing this - not just until 3.3.2 is released.

RE: protocol is caSE sensitive, but should not be

2010-05-26 Thread R-Elists 
 

 
 Yes, it is a known issue. Fixed in SVN already, and will be 
 shipped with the next release 3.3.2.
 
 

when will 3.3.2 be pushed out?

 - rh

RE: protocol is caSE sensitive, but should not be

2010-05-26 Thread Karsten Bräckelmann 
On Wed, 2010-05-26 at 11:14 -0700, R-Elists wrote:
  Yes, it is a known issue. Fixed in SVN already, and will be 
  shipped with the next release 3.3.2.
 
 when will 3.3.2 be pushed out?

We're gearing up towards a release. See the dev list. ;)


-- 
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128  (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: protocol is caSE sensitive, but should not be

2010-05-26 Thread Benny Pedersen 

On Wed 26 May 2010 07:39:53 PM CEST, RW wrote


# save rule as 99_local_bugs_331.cf
# SA = 3.3.1
if (version == 3.003001)
 uri __PROTOCOL_OK m{^https?://\w+}
 meta PROTOCOL_FIX (!__PROTOCOL_OK)
 describe PROTOCOL_FIX protocol in uri is not lowercase
 score PROTOCOL_FIX 5.0
endif # sa 3.3.1 only i hope
above rule is a imidate fix until 3.3.2, works for me

IMO something like this should be added via sa-update and left there as
long as spammers are doing this - not just until 3.3.2 is released.


it just hits on no url aswell, and i dont know how to solve this :(

--
xpoint http://www.unicom.com/pw/reply-to-harmful.html

protocol is caSE sensitive, but should not be

2010-05-25 Thread Benny Pedersen 


i see spam mails that using Http://example.com to bypass url hits :(

where http://example.com is url blacklisted

in 3.3.1

--
xpoint

Re: protocol is caSE sensitive, but should not be

2010-05-25 Thread Karsten Bräckelmann 
On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:
 i see spam mails that using Http://example.com

Yes, it is a known issue. Fixed in SVN already, and will be shipped with
the next release 3.3.2.


-- 
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128  (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: protocol is caSE sensitive, but should not be

2010-05-25 Thread Benny Pedersen 

On Tue 25 May 2010 08:38:29 PM CEST, Karsten Bräckelmann wrote


On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:

i see spam mails that using Http://example.com


Yes, it is a known issue. Fixed in SVN already, and will be shipped with
the next release 3.3.2.


super

# save rule as 99_local_bugs_331.cf
# SA = 3.3.1
if (version == 3.003001)
uri __PROTOCOL_OK m{^https?://\w+}
meta PROTOCOL_FIX (!__PROTOCOL_OK)
describe PROTOCOL_FIX protocol in uri is not lowercase
score PROTOCOL_FIX 5.0
endif # sa 3.3.1 only i hope

above rule is a imidate fix until 3.3.2, works for me

--
xpoint http://www.unicom.com/pw/reply-to-harmful.html