Actually...I'm looking more carefully at the "Regex/Bombs" section in the web interface, and I see a separate section for "regular expression to identify spam in header part" and the expression there is:
\d\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+\d\d:\d\d(:\d\d)?\s+[+\-]\d\d[6-9]\dJust wondering why this signifies spam in the header, and if I should just disable "Use header regular expression" (which is currently set to "score")
AK? On 4/22/2014 3:51 PM, aklist wrote:
Hi TS: I'm hoping you can answer a question about the regex bomb scoring
in the data part of a message.
I had a legitimate incoming message going over my spam counter limit
because of this hit:
[scoring:25] -- bombRe: '2 apr 2014 10:14:32 -0700 (25)';
I'm looking at my bombre.txt file and it's full of stuff like
"[o0]+nline d+rugs" and other spammy text parts, but I see near the top
there's also:
\d+\s+(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\s+\d\d\d\d\s+\d\d\:\d\d(\:\d\d)?\s+[+\-]\d\d(?!00|30|45)\d\d
and
\d\s+(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\s+\d\d\d\d\s+\d\d\:\d\d(\:\d\d)?\s+[+\-]\d\d[6-9]\d
which I presume caused the match on that string. That string in the
actual email is in the "received" header:
Received: from AFC-SERVER1.AmericanFrame.local ([173.193.193.122]
helo=AFC-SERVER1.AmericanFrame.local) by assp.myserver.com with ESMTP
(ASSP 1.9); 22 Apr 2014 10:14:32 -0700
my question is, is that a default bombRE rule, or did it get added to
the bombRE file by me reporting spam through the email interface?
I'm not sure why this would be in the bombRE file, unless I created it
accidentally?
Do you have a similar rule in place, and would there be any harm in
removing it?
TIA, AK
Circle The Wagons
manage: //www.freelists.org/list/ctw post: mailto:ctw@xxxxxxxxxxxxx
unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe
search: //www.freelists.org/archives/ctw
faq: //www.freelists.org/wiki/the_faq
Circle The Wagonsmanage: //www.freelists.org/list/ctw post: mailto:ctw@xxxxxxxxxxxxx
unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe search: //www.freelists.org/archives/ctw faq: //www.freelists.org/wiki/the_faq
