[Esd-l] Have Updated Local Rules: Expected Behavior?

Mike McCandless michael at prismbiz.com
Sun Aug 31 18:31:12 PDT 2003 

John Hardin writes:
> Then (it appears) spamassassin processed the message.
>
Spamassassin did.

> What are the order of your rules in your /etc/procmailrc? Ideally
> local-rules should run immediately before the sanitizer.
- local-rules
- html-trap
- spamassassin

----- Original Message ----- 
From: "John D. Hardin" <jhardin at impsec.org>
To: "Mike McCandless" <michael at prismbiz.com>
Cc: <esd-l at spconnect.com>
Sent: Sunday, August 31, 2003 12:42 PM
Subject: Re: [Esd-l] Have Updated Local Rules: Expected Behavior?


> On Sun, 31 Aug 2003, Mike McCandless wrote:
>
> > I updated my local rules (yesterday) almost verbatim from what the
> > Web site has.  I then received a number of email, in my OE inbox.
> > I've cut/paste the text from one below.  Is this what should
> > happen?  I thought the action of DISCARD meant the messages hit
> > the "bit bucket", or at least I'd never see them in the inbox.
>
> That's what it should do.
>
> > X-Content-Security: [minnie.prismbiz.com] NONOTIFY
> > X-Content-Security: [minnie.prismbiz.com] DISCARD
> > X-Content-Security: [minnie.prismbiz.com] REPORT: Trapped SoBig.F worm -
> >
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
>
> So it found the attack and inserted the handling tokens...
>
> > X-Spam-Status: No, hits=4.8 required=10.0
> >  tests=DATE_IN_PAST_06_12,INVALID_DATE,MICROSOFT_EXECUTABLE,
> >        MISSING_MIMEOLE,NO_REAL_NAME,SPAM_PHRASE_00_01,
> >        USER_AGENT_OE
> >  version=2.41
> > X-Spam-Level: ****
>
> Then (it appears) spamassassin processed the message.
>
> What are the order of your rules in your /etc/procmailrc? Ideally
> local-rules should run immediately before the sanitizer.
>
> --
>  John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
>  jhardin at impsec.org                        pgpk -a jhardin at impsec.org
>  key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   ...the Fates notice those who buy chainsaws...
>                                               -- www.darwinawards.com
> -----------------------------------------------------------------------
>    66 days until Matrix Revolutions

More information about the esd-l mailing list