spam assassin rule to block a From address
Tom Hendrikx
tom at whyscream.net
Thu Oct 13 09:37:15 CEST 2016
Hi,
You should probably also match only the address, not the full From line,
especially when you're anchoring:
header SPAM11OctF1 From:addr =~ /^aireco....
Regards,
Tom
On 13-10-16 05:58, Indunil Jayasooriya wrote:
>>
>> I think that the parenthesis are not necessary and the @ must be escaped
>
>
> I sometimes use brackets to filter Subject (some times multiple
> Subjects). They work.
>
> see one rule I use below . It is for Subject with brackets. Not for From address
>
>
> file /etc/mail/spamassassin/SPAM_12AUG2016_Subject_1.cf
>
> header SPAMS1 Subject =~ /(special offer|Marketing Strategy|amazing
> offer|intake|Enroll Now)/i
> describe SPAMS1 Email contains the above words
> score SPAMS1 9.0
>
>
> anyway, I removed brackets this time. Let's see what happens now. I
> think \@ is a good point I should think of.
>
> this is my new rule
>
>
> file /etc/mail/spamassassin/SPAM_11Oct2016_From_1.cf
>
> header SPAM11OctF1 From =~ /^airecom612\+97d7d60a91d9695c9a4240f92d5c3cae\@/i
> describe SPAM11OctF1 From address contains the word airecom612@
> score SPAM11OctF1 10.0
>
>
>
>
>
>>
>>
>> ^.*airecom612\+97d7d60a91d9695c9a4240f92d5c3cae\@
>>
>> for check on https://regex101.com you can try the regex on complete mail source code like this:
>>
>> ......
>> ......
>>
>> X-Received: by 10.194.204.198 with SMTP id la6mr8163648wjc.2.1476250191474;
>> Tue, 11 Oct 2016 22:29:51 -0700 (PDT)
>> MIME-Version: 1.0
>> Received: by 10.194.122.104 with HTTP; Tue, 11 Oct 2016 22:29:51 -0700 (PDT)
>> From: Indunil Jayasooriya <indunil75 at gmail.com>
>> Date: Wed, 12 Oct 2016 10:59:51 +0530
>> Message-ID: <CAJF2yJRrygrg6myKO_Trd=2OQUP7Qd3LkObE=XH=4h3he848Ew at mail.gmail.com>
>> Subject: spam assassin rule to block a From address
>> To: amavis-users at amavis.org
>> Content-Type: text/plain; charset=UTF-8
>> X-BeenThere: amavis-users at amavis.org
>> ......
>> .......
>>
>>
>>
>>>
>>> are you for usage of '^' ? because the string not start with sender address, you can try withou it.
>>
>>
>>
>> ^ - start matching from the beginning of the string in regex
>>
>> anyway, without it, I can try.
>>
>>
>>
>> here's my new file ( without ^ )
>>
>> my /etc/mail/spamassassin/SPAM_11Oct2016_From_1.cf file
>>
>> header SPAM11OctF1 From =~ /(airecom612\+97d7d60a91d9695c9a4240f92d5c3cae)@/i
>> describe SPAM11OctF1 From address contains the word airecom612@
>> score SPAM11OctF1 10.0
>>
>>
>>>
>>>
>>> Can you post to us a source code of spam mail?
>>
>>
>> here's the log.
>>
>> Oct 12 02:55:37 mailgw amavis[1054]: (01054-03) Passed CLEAN [190.123.45.119] [190.123.45.119] airecom612+97d7d60a91d9695c9a4240f92d5c3cae at therealizationofhealth.net - rept at mydomain.com Message-ID: 97d7d60a91d9695c9a4240f92d5c3cae at therealizationofhealth.net mail_id: dOZ+MykHl9Z2 Hits: -0.047 size: 11977 queued_as: 32CE11084D 9548 ms
>>
>>
>> Ideas are welcome.
>>
>>
>>
>>
>>> 12 Calcinaia (PI)
>>> Tel +39058759108
>>> cell 340 8398772
>>> E-mail: maurizio at etarom.com
>>> Assistenza: assistenza at etarom.com
>>> P.E.C. etarom at pec.etarom.com
>>>
>>> Non indugiare oltre!, attiva adesso la tua casella di Posta Elettronica Certificata, per maggiori informazioni consulta la nostra news qui
>>>
>>>
>>> ****************************************
>>> Qualora questo messaggio fosse da Voi ricevuto per errore vogliate cortesemente darcene notizia a mezzo telefax o e-mail e distruggere il messaggio ricevuto erroneamente. Quanto precede ai fini del rispetto del D.Lgs 196/03 sulla tutela dei dati personali.
>>> ****************************************
>>
>>
>>
>>
>> --
>> cat /etc/motd
>>
>> Thank you
>> Indunil Jayasooriya
>> http://www.theravadanet.net/
>> http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
>>
>>
>>
>> --
>>
>>
>> Via del Tiglio 45
>> 56012 Calcinaia (PI)
>> Tel +39058759108
>> cell 340 8398772
>> E-mail info at etarom.com
>> P.E.C. etarom at pec.etarom.com
>>
>> Non indugiare oltre!, attiva adesso la tua casella di Posta Elettronica Certificata, per maggiori informazioni consulta la nostra news qui
>>
>>
>> ****************************************
>> Qualora questo messaggio fosse da Voi ricevuto per errore vogliate cortesemente darcene notizia a mezzo telefax o e-mail e distruggere il messaggio ricevuto erroneamente. Quanto precede ai fini del rispetto del D.Lgs 196/03 sulla tutela dei dati personali.
>> ****************************************
>
>
>
>
More information about the amavis-users
mailing list