[Esd-l] Have Updated Local Rules: Expected Behavior?
John D. Hardin
jhardin at impsec.org
Sun Aug 31 09:42:42 PDT 2003
On Sun, 31 Aug 2003, Mike McCandless wrote:
> I updated my local rules (yesterday) almost verbatim from what the
> Web site has. I then received a number of email, in my OE inbox.
> I've cut/paste the text from one below. Is this what should
> happen? I thought the action of DISCARD meant the messages hit
> the "bit bucket", or at least I'd never see them in the inbox.
That's what it should do.
> X-Content-Security: [minnie.prismbiz.com] NONOTIFY
> X-Content-Security: [minnie.prismbiz.com] DISCARD
> X-Content-Security: [minnie.prismbiz.com] REPORT: Trapped SoBig.F worm -
> http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
So it found the attack and inserted the handling tokens...
> X-Spam-Status: No, hits=4.8 required=10.0
> tests=DATE_IN_PAST_06_12,INVALID_DATE,MICROSOFT_EXECUTABLE,
> MISSING_MIMEOLE,NO_REAL_NAME,SPAM_PHRASE_00_01,
> USER_AGENT_OE
> version=2.41
> X-Spam-Level: ****
Then (it appears) spamassassin processed the message.
What are the order of your rules in your /etc/procmailrc? Ideally
local-rules should run immediately before the sanitizer.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
66 days until Matrix Revolutions
More information about the esd-l
mailing list