I am finding several stock rules and a custom rule that are not hitting when
used on my SA 3.4 install.
They do hit on the same email on systems with SA 3.2.2 .
Can anyone confirm that these rules hit on their 3.4 install?
I noticed that consumermoneywatch11.net is not in the message.
Why does the URL in the email get translated to consumermoneywatch11.net in
3.2.2? But not in 3.4
I am concerned about what would happen on a lower scoring message if these
rules are not firing.
I understand that URIBL rules are time sensitive that is why I ran the scans
several times.
Note: URIBL_BLACK does hit on both systems.
These stock rules are not hitting on 3.4:
2.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
[URIs: consumermoneywatch11.net]
2.8 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: consumermoneywatch11.net]
3.0 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: consumermoneywatch11.net]
This custom rule is not hitting on 3.4:
1.9 SEM_FRESH_15 Contains a domain registered less than 15 days ago
[URIs: consumermoneywatch11.net]
Here is the pastebin of the email message:
http://pastebin.com/4vYEbxiV
Here is the pastebin of the 3.4 Debug output
http://pastebin.com/cBqxjtSB
Here is the pastebin of the 3.2.2 Debug
http://pastebin.com/Cc3arzu8
Here is the custom rule SEM_FRESH_15 that is not hitting on my 3.4 system
#
urirhssub SEM_FRESH_15 fresh15.spameatingmonkey.net. A 2
body SEM_FRESH_15 eval:check_uridnsbl('SEM_FRESH_15')
describe SEM_FRESH_15 Contains a domain registered less than 15
days ago
tflags SEM_FRESH_15 net
score SEM_FRESH_15 1.9
Thanks,
Scott Ostrander
