Actually...I'm looking more carefully at the "Regex/Bombs" section in the web interface, and I see a separate section for "regular expression to identify spam in header part" and the expression there is:
\d\s+(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+\d\d\d\d\s+\d\d:\d\d(:\d\d)?\s+[+\-]\d\d[6-9]\dJust wondering why this signifies spam in the header, and if I should just disable "Use header regular expression" (which is currently set to "score")
AK? On 4/22/2014 3:51 PM, aklist wrote:
Hi TS: I'm hoping you can answer a question about the regex bomb scoring in the data part of a message. I had a legitimate incoming message going over my spam counter limit because of this hit: [scoring:25] -- bombRe: '2 apr 2014 10:14:32 -0700 (25)'; I'm looking at my bombre.txt file and it's full of stuff like "[o0]+nline d+rugs" and other spammy text parts, but I see near the top there's also: \d+\s+(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\s+\d\d\d\d\s+\d\d\:\d\d(\:\d\d)?\s+[+\-]\d\d(?!00|30|45)\d\d and \d\s+(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\s+\d\d\d\d\s+\d\d\:\d\d(\:\d\d)?\s+[+\-]\d\d[6-9]\d which I presume caused the match on that string. That string in the actual email is in the "received" header: Received: from AFC-SERVER1.AmericanFrame.local ([173.193.193.122] helo=AFC-SERVER1.AmericanFrame.local) by assp.myserver.com with ESMTP (ASSP 1.9); 22 Apr 2014 10:14:32 -0700 my question is, is that a default bombRE rule, or did it get added to the bombRE file by me reporting spam through the email interface? I'm not sure why this would be in the bombRE file, unless I created it accidentally? Do you have a similar rule in place, and would there be any harm in removing it? TIA, AK Circle The Wagons manage: //www.freelists.org/list/ctw post: mailto:ctw@xxxxxxxxxxxxx unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe search: //www.freelists.org/archives/ctw faq: //www.freelists.org/wiki/the_faq
Circle The Wagonsmanage: //www.freelists.org/list/ctw post: mailto:ctw@xxxxxxxxxxxxx
unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe search: //www.freelists.org/archives/ctw faq: //www.freelists.org/wiki/the_faq