spam assassin rule to block a From address

Tom Hendrikx tom at whyscream.net
Thu Oct 13 22:51:01 CEST 2016




On 13-10-16 10:12, Indunil Jayasooriya wrote:
>>
>> You should probably also match only the address, not the full From line,
>> especially when you're anchoring:
> 
> 
> what's the difference between From and From:addr ?
> 

Considering the header:

From: Indunil Jayasooriya <indunil75 at example.com>

A rule "header From =~" will perform matching against the string:
"Indunil Jayasooriya <indunil75 at example.com>"

A rule "header From:addr =~" will perform matching against the string:
"indunil75 at example.com"

When you're anchoring your regex, that makes a huge difference.

Kind regards,
	Tom

> 
>>
>> header SPAM11OctF1 From:addr =~ /^aireco....
> 
> Can you complete this ? anyway here I complete it.
> 
> 
> header SPAM11OctF1 From:addr =~
> /^airecom612\+97d7d60a91d9695c9a4240f92d5c3cae\@/i
> describe SPAM11OctF1 From address contains the word airecom612@
> score SPAM11OctF1 10.0
> 
> Is it OK?
> 
> 
> what are the sites to learn spam-assassin rules?
> 
> 
> anyway, I get spam mails with below addressees.
> 
> 
> bounce-mc.us8_29275787.517673-wer=mynet.com at mail172.atl61.mcsv.net
> ml-bounce-mc.us8_29275787.517673-hewe=mynet.com at mail172.atl61.mcsv.net
> 
> 
> I wrote  below  rule to block it. it does NOT seem to work.
> 
> header SPAM13OctF1 From =~ /.*bounce.*\@/i
> describe SPAM13OctF1 From address contains the word bounce.
> score SPAM13OctF1 10.0
> 
> 
> should I change from From to From:addr ?
> 
> Can you complete it?
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>>>>
>>>> my /etc/mail/spamassassin/SPAM_11Oct2016_From_1.cf file
>>>>
>>>> header SPAM11OctF1 From =~ /(airecom612\+97d7d60a91d9695c9a4240f92d5c3cae)@/i
>>>> describe SPAM11OctF1 From address contains the word airecom612@
>>>> score SPAM11OctF1 10.0
>>>>
>>>>
>>>>>
>>>>>
>>>>> Can you post to us a source code of spam mail?
>>>>
>>>>
>>>> here's the log.
>>>>
>>>> Oct 12 02:55:37 mailgw amavis[1054]: (01054-03) Passed CLEAN [190.123.45.119] [190.123.45.119] airecom612+97d7d60a91d9695c9a4240f92d5c3cae at therealizationofhealth.net - rept at mydomain.com Message-ID: 97d7d60a91d9695c9a4240f92d5c3cae at therealizationofhealth.net mail_id: dOZ+MykHl9Z2 Hits: -0.047 size: 11977 queued_as: 32CE11084D 9548 ms
>>>>
>>>>
>>>> Ideas are welcome.
>>>>
>>>>
>>>>
>>>>
>>>>> 12 Calcinaia (PI)
>>>>> Tel +39058759108
>>>>> cell 340 8398772
>>>>> E-mail: maurizio at etarom.com
>>>>> Assistenza: assistenza at etarom.com
>>>>> P.E.C. etarom at pec.etarom.com
>>>>>
>>>>> Non indugiare oltre!, attiva adesso la tua casella di Posta Elettronica Certificata, per maggiori informazioni consulta la nostra news qui
>>>>>
>>>>>
>>>>> ****************************************
>>>>> Qualora questo messaggio fosse da Voi ricevuto per errore vogliate cortesemente darcene notizia a mezzo telefax o e-mail e distruggere il messaggio ricevuto erroneamente. Quanto precede ai fini del rispetto del D.Lgs 196/03 sulla tutela dei dati personali.
>>>>> ****************************************
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> cat /etc/motd
>>>>
>>>> Thank you
>>>> Indunil Jayasooriya
>>>> http://www.theravadanet.net/
>>>> http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala Fonts
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>> Via del Tiglio 45
>>>> 56012 Calcinaia (PI)
>>>> Tel +39058759108
>>>> cell 340 8398772
>>>> E-mail info at etarom.com
>>>> P.E.C. etarom at pec.etarom.com
>>>>
>>>> Non indugiare oltre!, attiva adesso la tua casella di Posta Elettronica Certificata, per maggiori informazioni consulta la nostra news qui
>>>>
>>>>
>>>> ****************************************
>>>> Qualora questo messaggio fosse da Voi ricevuto per errore vogliate cortesemente darcene notizia a mezzo telefax o e-mail e distruggere il messaggio ricevuto erroneamente. Quanto precede ai fini del rispetto del D.Lgs 196/03 sulla tutela dei dati personali.
>>>> ****************************************
>>>
>>>
>>>
>>>
> 
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20161013/3b8849c9/attachment.sig>


More information about the amavis-users mailing list