Hello,
We're running Spamassassin 2.63 on FreeBSD.
Recently, I received a spam message with the following web site reference in
it:
hTTp://pqgru.12wmeds.com/gP/DEfAuLt.asp?id=RM
I added a custom rule like this to try and catch it:
uri MY_SPAMMER_URL /\b(?:12wmeds\.com)/i
However, the custom rule didn't hit when I ran this message through
Spamassassin. Just as an experiment, I edited the body of the spam message
to show
http://pqgru.12wmeds.com/gP/DEfAuLt.asp?id=RM
and scanned it again, and the rule hit.
Is the uri rule case-sensitive so it only scans URIs starting with http, and
doesn't recognize URIs starting with hTTp, hTtp, etc? And if so, is this a
bug that should be reported to bugzilla? (I searched bugzilla and couldn't
find anything on this.)
Obviously I can get around this by doing a body rule, but would rather use
the uri rule if possible since I understand it's more effiecient.
Thanks for any input!
Sandy S.
We're running Spamassassin 2.63 on FreeBSD.
Recently, I received a spam message with the following web site reference in
it:
hTTp://pqgru.12wmeds.com/gP/DEfAuLt.asp?id=RM
I added a custom rule like this to try and catch it:
uri MY_SPAMMER_URL /\b(?:12wmeds\.com)/i
However, the custom rule didn't hit when I ran this message through
Spamassassin. Just as an experiment, I edited the body of the spam message
to show
http://pqgru.12wmeds.com/gP/DEfAuLt.asp?id=RM
and scanned it again, and the rule hit.
Is the uri rule case-sensitive so it only scans URIs starting with http, and
doesn't recognize URIs starting with hTTp, hTtp, etc? And if so, is this a
bug that should be reported to bugzilla? (I searched bugzilla and couldn't
find anything on this.)
Obviously I can get around this by doing a body rule, but would rather use
the uri rule if possible since I understand it's more effiecient.
Thanks for any input!
Sandy S.