On 8/14/2014 9:03 PM, Alex wrote:
Hi,
AXB_X_FF_SEZ_S is a rule that fires when the
X-Forefront-Antispam-Report header is found. I have a sample which has
this header, yet the rule doesn't fire, and wondered if someone could
help me figure out why:
http://pastebin.com/vRQXxgJH
I'm using spamassassin-3.4, and I tested it on another spam (from the
quarantine, where it had already fired) and it was triggered there
just fine.
##{ AXB_X_FF_SEZ_S
header AXB_X_FF_SEZ_S X-Forefront-Antispam-Report =~ /^SFV\:SPM/
describe AXB_X_FF_SEZ_S Forefront sez this is spam
##} AXB_X_FF_SEZ_S
##{ AXB_X_FF_SEZ_S if (version >= 3.004000)
if (version >= 3.004000)
tflags AXB_X_FF_SEZ_S autolearn_force
endif
##} AXB_X_FF_SEZ_S if (version >= 3.004000)
This is also one of those short-body URI spams, so I hoped it would
have been caught just based on that, so ideas on what else is missing
would also be appreciated...
Works for me. I added your rule and tested it against your sample...
* 1.0 AXB_X_FF_SEZ_S Forefront sez this is spam
Are you sure you put the rule in the right place and reloaded spamd?
--
Bowie
