spam assassin rule to block a From address

Indunil Jayasooriya indunil75 at gmail.com
Thu Oct 13 05:58:51 CEST 2016 

>
> I think that the parenthesis are not necessary and the @ must be escaped


    I sometimes use brackets to filter Subject (some times multiple
Subjects). They work.

see one rule I use below . It is for Subject with brackets. Not for From address


file /etc/mail/spamassassin/SPAM_12AUG2016_Subject_1.cf

header SPAMS1 Subject =~ /(special offer|Marketing Strategy|amazing
offer|intake|Enroll Now)/i
describe SPAMS1 Email contains the above words
score SPAMS1 9.0


anyway, I removed brackets this time. Let's see what happens now. I
think \@ is a good point I should think of.

this is my new rule


file  /etc/mail/spamassassin/SPAM_11Oct2016_From_1.cf

header SPAM11OctF1 From =~ /^airecom612\+97d7d60a91d9695c9a4240f92d5c3cae\@/i
describe SPAM11OctF1 From address contains the word airecom612@
score SPAM11OctF1 10.0





>
>
> ^.*airecom612\+97d7d60a91d9695c9a4240f92d5c3cae\@
>
> for check on https://regex101.com you can try the regex on complete mail source code like this:
>
> ......
> ......
>
> X-Received: by 10.194.204.198 with SMTP id la6mr8163648wjc.2.1476250191474;
>  Tue, 11 Oct 2016 22:29:51 -0700 (PDT)
> MIME-Version: 1.0
> Received: by 10.194.122.104 with HTTP; Tue, 11 Oct 2016 22:29:51 -0700 (PDT)
> From: Indunil Jayasooriya <indunil75 at gmail.com>
> Date: Wed, 12 Oct 2016 10:59:51 +0530
> Message-ID: <CAJF2yJRrygrg6myKO_Trd=2OQUP7Qd3LkObE=XH=4h3he848Ew at mail.gmail.com>
> Subject: spam assassin rule to block a From address
> To: amavis-users at amavis.org
> Content-Type: text/plain; charset=UTF-8
> X-BeenThere: amavis-users at amavis.org
> ......
> .......
>
>
>
>>
>> are you for usage of '^' ? because the string not start with sender address, you can try withou it.
>
>
>
> ^ - start matching from the beginning of the string in regex
>
> anyway, without it, I can try.
>
>
>
> here's my new file ( without ^ )
>
> my /etc/mail/spamassassin/SPAM_11Oct2016_From_1.cf file
>
> header SPAM11OctF1 From =~ /(airecom612\+97d7d60a91d9695c9a4240f92d5c3cae)@/i
> describe SPAM11OctF1 From address contains the word airecom612@
> score SPAM11OctF1 10.0
>
>
>>
>>
>> Can you post to us a source code of spam mail?
>
>
> here's the log.
>
> Oct 12 02:55:37 mailgw amavis[1054]: (01054-03) Passed CLEAN [190.123.45.119] [190.123.45.119] airecom612+97d7d60a91d9695c9a4240f92d5c3cae at therealizationofhealth.net - rept at mydomain.com Message-ID: 97d7d60a91d9695c9a4240f92d5c3cae at therealizationofhealth.net mail_id: dOZ+MykHl9Z2 Hits: -0.047 size: 11977 queued_as: 32CE11084D 9548 ms
>
>
> Ideas are welcome.
>
>
>
>
>> 12 Calcinaia (PI)
>> Tel +39058759108
>> cell 340 8398772
>> E-mail: maurizio at etarom.com
>> Assistenza: assistenza at etarom.com
>> P.E.C. etarom at pec.etarom.com
>>
>> Non indugiare oltre!, attiva adesso la tua casella di Posta Elettronica Certificata, per maggiori informazioni consulta la nostra news qui
>>
>>
>> ****************************************
>> Qualora questo messaggio fosse da Voi ricevuto per errore vogliate cortesemente darcene notizia a mezzo telefax o e-mail e distruggere il messaggio ricevuto erroneamente. Quanto precede ai fini del rispetto del D.Lgs 196/03 sulla tutela dei dati personali.
>> ****************************************
>
>
>
>
> --
> cat /etc/motd
>
> Thank you
> Indunil Jayasooriya
> http://www.theravadanet.net/
> http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala Fonts
>
>
>
> --
>
>
> Via del Tiglio 45
> 56012 Calcinaia (PI)
> Tel +39058759108
> cell 340 8398772
> E-mail info at etarom.com
> P.E.C. etarom at pec.etarom.com
>
> Non indugiare oltre!, attiva adesso la tua casella di Posta Elettronica Certificata, per maggiori informazioni consulta la nostra news qui
>
>
> ****************************************
> Qualora questo messaggio fosse da Voi ricevuto per errore vogliate cortesemente darcene notizia a mezzo telefax o e-mail e distruggere il messaggio ricevuto erroneamente. Quanto precede ai fini del rispetto del D.Lgs 196/03 sulla tutela dei dati personali.
> ****************************************




-- 
cat /etc/motd

Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala Fonts

More information about the amavis-users mailing list