[Mimedefang] Re: Rejecting spam
Jim McCullars
jim at info.uah.edu
Mon Jul 14 11:33:21 EDT 2008
On Sat, 12 Jul 2008, Nigel Allen wrote:
> Given I'm not a perl accolyte, can anyone tell me exactly what is the
> string we expect to get back in $report? In fact what comes back in
> $names too?
Let's start with the easy one first. $names is simply a
comma-separated list of all SA tests that passed. It might look something
like this:
FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,HTML_MESSAGE
$report is basically the same as what you would get if you ran the
spamassassin program from the command line. It looks something like this:
Content analysis details: (36.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 UAH_GREET_11 Envelope sender is egreetings.com
0.0 MISSING_MID Missing Message-Id: header
0.0 MISSING_DATE Missing Date: header
1.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see
http://www.openspf.org/why.html?sender=egreeting%40egreetings.com&ip=210.0.78.38&receiver=smtp-in1]
2.5 MISSING_HB_SEP Missing blank line between message header and
body
1.6 MISSING_HEADERS Missing To: header
3.0 UAH_GREET_1 BODY: Greeting card phrase
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: linewill.com]
0.9 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
[URIs: linewill.com]
2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: linewill.com]
1.6 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
[URIs: linewill.com]
5.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: linewill.com]
2.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
[URIs: linewill.com]
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: linewill.com]
5.0 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: linewill.com]
So if you look at the regexp that I originally posted:
/URIBL_(SC|WS)_SURBL.+\n\s+\[URIs:\s(.+)]/
It looks for either URIBL_SC_SURBL or URIBL_WS_SURBL followed by some
number of characters, then a linefeed, then the string [URIS: then a
space, then the domain that the hit was on, then the closing bracket. It
puts the domain in $2 because of the parentheses.
Hmm, now that I look at it, because perl regexps do greedy matching, my
test should probably be putting the entire two lines below URIBL_WS_SURBL
into $2 rather than just the domain (linewill.com, in this case). It
probably just happens that URIBL_WS_SURBL is usually the last line of the
report and I'm just lucky. But I digress...
Hope this helps...
Jim McCullars
University of Alabama in Huntsville
More information about the MIMEDefang
mailing list