On Tue, 25 May 2010 22:01:12 +0200
Benny Pedersen <m...@junc.org> wrote:
> On Tue 25 May 2010 08:38:29 PM CEST, Karsten Bräckelmann wrote
>
> > On Tue, 2010-05-25 at 14:20 +0200, Benny Pedersen wrote:
> >> i see spam mails that using Http://example.com
> >
> > Yes, it is a known issue. Fixed in SVN already, and will be shipped
> > with the next release 3.3.2.
>
> super
>
> # save rule as 99_local_bugs_331.cf
> # SA = 3.3.1
> if (version == 3.003001)
> uri __PROTOCOL_OK m{^https?://\w+}
> meta PROTOCOL_FIX (!__PROTOCOL_OK)
> describe PROTOCOL_FIX protocol in uri is not lowercase
> score PROTOCOL_FIX 5.0
> endif # sa 3.3.1 only i hope
>
> above rule is a imidate fix until 3.3.2, works for me
IMO something like this should be added via sa-update and left there as
long as spammers are doing this - not just until 3.3.2 is released.
