spam assassin rule to block a From address

Indunil Jayasooriya indunil75 at gmail.com
Fri Oct 14 09:47:57 CEST 2016 

On Fri, Oct 14, 2016 at 2:21 AM, Tom Hendrikx <tom at whyscream.net> wrote:
>
>
>
> On 13-10-16 10:12, Indunil Jayasooriya wrote:
>>>
>>> You should probably also match only the address, not the full From line,
>>> especially when you're anchoring:
>>
>>
>> what's the difference between From and From:addr ?
>>
>
> Considering the header:
>
> From: Indunil Jayasooriya <indunil75 at example.com>
>
> A rule "header From =~" will perform matching against the string:
> "Indunil Jayasooriya <indunil75 at example.com>"
>
> A rule "header From:addr =~" will perform matching against the string:
> "indunil75 at example.com"


Tom,

Thank you very much for your effort.


> When you're anchoring your regex, that makes a huge difference.
>
> Kind regards,
>         Tom
>
>>
>>>
>>> header SPAM11OctF1 From:addr =~ /^aireco....
>>
>> Can you complete this ? anyway here I complete it.
>>
>>
>> header SPAM11OctF1 From:addr =~
>> /^airecom612\+97d7d60a91d9695c9a4240f92d5c3cae\@/i
>> describe SPAM11OctF1 From address contains the word airecom612@
>> score SPAM11OctF1 10.0
>>
>> Is it OK?
>>
>>
>> what are the sites to learn spam-assassin rules?
>>
>>
>> anyway, I get spam mails with below addressees.
>>
>>
>> bounce-mc.us8_29275787.517673-wer=mynet.com at mail172.atl61.mcsv.net
>> ml-bounce-mc.us8_29275787.517673-hewe=mynet.com at mail172.atl61.mcsv.net
>>
>>
>> I wrote  below  rule to block it. it does NOT seem to work.
>>
>> header SPAM13OctF1 From =~ /.*bounce.*\@/i
>> describe SPAM13OctF1 From address contains the word bounce.
>> score SPAM13OctF1 10.0
>>
>>
>> should I change from From to From:addr ?
>>
>> Can you complete it?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>>>>
>>>>> my /etc/mail/spamassassin/SPAM_11Oct2016_From_1.cf file
>>>>>
>>>>> header SPAM11OctF1 From =~ /(airecom612\+97d7d60a91d9695c9a4240f92d5c3cae)@/i
>>>>> describe SPAM11OctF1 From address contains the word airecom612@
>>>>> score SPAM11OctF1 10.0
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>> Can you post to us a source code of spam mail?
>>>>>
>>>>>
>>>>> here's the log.
>>>>>
>>>>> Oct 12 02:55:37 mailgw amavis[1054]: (01054-03) Passed CLEAN [190.123.45.119] [190.123.45.119] airecom612+97d7d60a91d9695c9a4240f92d5c3cae at therealizationofhealth.net - rept at mydomain.com Message-ID: 97d7d60a91d9695c9a4240f92d5c3cae at therealizationofhealth.net mail_id: dOZ+MykHl9Z2 Hits: -0.047 size: 11977 queued_as: 32CE11084D 9548 ms
>>>>>
>>>>>
>>>>> Ideas are welcome.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> 12 Calcinaia (PI)
>>>>>> Tel +39058759108
>>>>>> cell 340 8398772
>>>>>> E-mail: maurizio at etarom.com
>>>>>> Assistenza: assistenza at etarom.com
>>>>>> P.E.C. etarom at pec.etarom.com
>>>>>>
>>>>>> Non indugiare oltre!, attiva adesso la tua casella di Posta Elettronica Certificata, per maggiori informazioni consulta la nostra news qui
>>>>>>
>>>>>>
>>>>>> ****************************************
>>>>>> Qualora questo messaggio fosse da Voi ricevuto per errore vogliate cortesemente darcene notizia a mezzo telefax o e-mail e distruggere il messaggio ricevuto erroneamente. Quanto precede ai fini del rispetto del D.Lgs 196/03 sulla tutela dei dati personali.
>>>>>> ****************************************
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> cat /etc/motd
>>>>>
>>>>> Thank you
>>>>> Indunil Jayasooriya
>>>>> http://www.theravadanet.net/
>>>>> http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala Fonts
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>> Via del Tiglio 45
>>>>> 56012 Calcinaia (PI)
>>>>> Tel +39058759108
>>>>> cell 340 8398772
>>>>> E-mail info at etarom.com
>>>>> P.E.C. etarom at pec.etarom.com
>>>>>
>>>>> Non indugiare oltre!, attiva adesso la tua casella di Posta Elettronica Certificata, per maggiori informazioni consulta la nostra news qui
>>>>>
>>>>>
>>>>> ****************************************
>>>>> Qualora questo messaggio fosse da Voi ricevuto per errore vogliate cortesemente darcene notizia a mezzo telefax o e-mail e distruggere il messaggio ricevuto erroneamente. Quanto precede ai fini del rispetto del D.Lgs 196/03 sulla tutela dei dati personali.
>>>>> ****************************************
>>>>
>>>>
>>>>
>>>>
>>
>>
>>
>
>



-- 
cat /etc/motd

Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala Fonts

More information about the amavis-users mailing list