Jo Rhett wrote:
Daryl C. W. O'Shea wrote:
Jo Rhett wrote:
Included below is a legitimate e-mail on a legitimate payment that I
did make.
I've looked at the rule, and I can't figure out why it failed.
After unwrapping the mail included in your message body, I can't
reproduce this under SA 3.1.8-r454679 using the ruleset
70_sare_spoof_cf_sare_sa-update_dostech_net/200607251600.cf.
If you can provide a copy that triggers this in an attachment I'll
take another look.
Yeah, I was eyeballing it but couldn't figure it out either. Very odd.
Even after doing my best to fix the body wrap mangling of your sample, I
can't get it to FP. It IS working as it should (ie. not hitting on the
sample). That's why I asked for a copy sent as an attachment.
Can you not reproduce it, using just 'spamassassin', either?
Is there any part of this rule that might be affected by using Amavisd
or testing via Milter? (I do both)
If whatever handled the message for scanning didn't fudge the "Received:
from bigfootinteractive.com" header like it should be then this
would happen.
Unrelated, but might I suggest for readability that next time you do an
update, change CHASE_B to BIGFOOT or something?
Of course you can. Although, since I didn't write the rules, or even
know who did, you'll have to track them down to make that suggestion. :)
I just provide the SARE rules as found on the SARE website (checked
every few minutes) via sa-update channels. Beyond that, I have nothing
to do with them.
Daryl
