> header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test\.com|test\.net)$/
That for efficiency really should use a non-capturing grouping:
header TO_SPECIFIC_DOMAIN To:addr =~ /\@(?:test\.com|test\.net)$/
Note the "?:" after the left parend.
Loren
David B Funk skrev den 2023-01-14 08:35:
On Sat, 14 Jan 2023, Benny Pedersen wrote:
Benny Pedersen skrev den 2023-01-14 03:59:
header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email
addresses
score TO_SPECIFIC_D
On Sat, 14 Jan 2023, Benny Pedersen wrote:
Benny Pedersen skrev den 2023-01-14 03:59:
header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email addresses
score TO_SPECIFIC_DOMAIN -0.5
tested works if i mail myself :=
Benny Pedersen skrev den 2023-01-14 03:59:
header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email
addresses
score TO_SPECIFIC_DOMAIN -0.5
tested works if i mail myself :=)
Joey J skrev den 2023-01-14 03:42:
header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test\.com|test\.net)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email
addresses
score TO_SPECIFIC_DOMAIN -2.0
header TO_SPECIFIC_DOMAIN To:addr ~= /\@test\.(com|net)$/
should work
Thanks to everyone's suggestions.
I will try to respond to everyone in this 1 message:
This was intended for people who get both filtering inbound and outbound
form the mail gateway.
At times certain legit content gets flagged on the way OUT, so this was to
try and add a little negative score, so
On Thu, 12 Jan 2023, John Hardin wrote:
On Thu, 12 Jan 2023, Martin Gregorie wrote:
On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote:
Hello All,
I created this rule to check for email addresses matching a list to
get
added some negative value.
I also tried it with just domains so it wou
On Thu, 12 Jan 2023, Martin Gregorie wrote:
On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote:
Hello All,
I created this rule to check for email addresses matching a list to
get
added some negative value.
I also tried it with just domains so it would be more efficient, but I
can't seem to get th
There's no need for any rules:
whitelist_to us...@example.com
whitelist_to *@domain.com
And adjust USER_IN_WHITELIST_TO for score.
(welcomelist_to / USER_IN_WELCOMELIST_TO in 4.0)
On Wed, Jan 11, 2023 at 04:56:21PM -0800, Loren Wilton wrote:
> ?
> Why not do a simple rule rather than inventi
On Wed, 2023-01-11 at 16:56 -0800, Loren Wilton wrote:
> Why not do a simple rule rather than inventing some Perl code?
>
> header TO_SPECIFIC_EMAIL To:addr ~=
> '(?:\bus...@example.com|\bus...@example.com|\bus...@example.com)'
> describe TO_SPECIFIC_EMAIL Mail to a specific email address
> score
On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote:
> Hello All,
>
> I created this rule to check for email addresses matching a list to
> get
> added some negative value.
> I also tried it with just domains so it would be more efficient, but I
> can't seem to get them to run.
> Any suggestions?
>
U
Why not do a simple rule rather than inventing some Perl code?
header TO_SPECIFIC_EMAIL To:addr ~=
'(?:\bus...@example.com|\bus...@example.com|\bus...@example.com)'
describe TO_SPECIFIC_EMAIL Mail to a specific email address
score TO_SPECIFIC_EMAIL -2
header TO_SPECIFIC_DOMAIN To:addr '(?:'\@exa
At 03:31 PM 9/26/2015, jdow wrote:
On 2015-09-26 07:12, RW wrote:
On Fri, 25 Sep 2015 10:28:42 -0400
Dianne Skoll wrote:
On Fri, 25 Sep 2015 14:21:50 +
Dave wrote:
I am trying to create a rule that scores TLD's in received headers
if they are not certain TLD's. What I have so far:
You
At 03:31 PM 9/26/2015, jdow wrote:
On 2015-09-26 07:12, RW wrote:
On Fri, 25 Sep 2015 10:28:42 -0400
Dianne Skoll wrote:
On Fri, 25 Sep 2015 14:21:50 +
Dave wrote:
I am trying to create a rule that scores TLD's in received headers
if they are not certain TLD's. What I have so far:
You
On 2015-09-26 07:12, RW wrote:
On Fri, 25 Sep 2015 10:28:42 -0400
Dianne Skoll wrote:
On Fri, 25 Sep 2015 14:21:50 +
Dave wrote:
I am trying to create a rule that scores TLD's in received headers
if they are not certain TLD's. What I have so far:
Your logic is wrong. And you can do it
On Fri, 25 Sep 2015 10:28:42 -0400
Dianne Skoll wrote:
> On Fri, 25 Sep 2015 14:21:50 +
> Dave wrote:
>
> > I am trying to create a rule that scores TLD's in received headers
> > if they are not certain TLD's. What I have so far:
>
> Your logic is wrong. And you can do it all with one rege
On 9/25/2015 10:28 AM, Dianne Skoll wrote:
On Fri, 25 Sep 2015 14:21:50 +
Dave wrote:
I am trying to create a rule that scores TLD's in received headers if
they are not certain TLD's. What I have so far:
Your logic is wrong. And you can do it all with one regex:
header GC_TLD_COM Receiv
On Fri, 25 Sep 2015 14:21:50 +
Dave wrote:
> I am trying to create a rule that scores TLD's in received headers if
> they are not certain TLD's. What I have so far:
Your logic is wrong. And you can do it all with one regex:
header GC_TLD_COM Received !~/\.(?:com|net|org|edu|uk)\b/i
I won'
On Wed, 28 May 2014, Rejaine Monteiro wrote:
So, I doing this:
header __ORCAMENTO_H Subject =~ /or.*amento|planilha|urgente/i
body __ORCAMENTO_B /or.*amento|planilha|urgente/i
...is redundant. The subject text is included in body rules.
--
John Hardin KA7OHZhttp://www.im
On 5/28/2014 11:14 AM, Martin Gregorie wrote:
On Wed, 2014-05-28 at 10:19 -0300, Rejaine Monteiro wrote:
So, I doing this:
header __ORCAMENTO_H Subject =~ /or.*amento|planilha|urgente/i
body __ORCAMENTO_B /or.*amento|planilha|urgente/i
uri __ORCAMENTO_U
/orcamento\.php|/orcamento\.pdf|planilha\
In fact, there was this error, even after fixing it still didn't work.
I believe that the problem was occurring because the message had a HMTL
attached and in turn had a link to the file. I decided to change and do
as follows:
header __ORCAMENTO_H Subject =~ /or.*amento|planilha|urgente/i
bod
On 5/28/2014 9:19 AM, Rejaine Monteiro wrote:
Hi
I need a rule to block spam contains
Subject or Body contains words 'or.*amento' or 'planilha' or 'urgente'
AND URI contains links to orcamento or panilha (php or pdf)
So, I doing this:
header __ORCAMENTO_H Subject =~ /or.*amento|planilha|urgent
Hi,
>> If so, can I pull the messages out, unlearn them, then re-learn them
>> as spam instead?
>
> I don't think this makes sense. You don't know which messages biased your
> db in the wrong way. It's better to start over.
Bayes has such a substantial role in the messages that get tagged, I
coul
On Sat, 06 Mar 2010 16:31:21 +0100
Kai Schaetzl wrote:
> Rw wrote on Sat, 6 Mar 2010 14:20:15 +:
>
> > I mean that a similar spam from the same spammer that's not been
> > learned will hit 50.
>
> That depends on your definition of "similar". If it doesn't score
> it's not "similar".
they
I trigger on the X-Originating-IP header. You'll probably want to do
64.72.123 and 64.72.124 also.
Sample rule:
header TBI_HOTMAIL_IP9X-Originating-IP =~
/\[(83\.37\.86\.|189\.156\.198\.|190\.78\.95\.|189\.111\.56\.|125\.163\.120\.|115\.118\.23\.|123\.201\.175\.|64\.72\.122\.|83\.
Rw wrote on Sat, 6 Mar 2010 14:20:15 +:
> I mean that a similar spam from the same spammer that's not been
> learned will hit 50.
That depends on your definition of "similar". If it doesn't score it's
not "similar".
Anyway, as I said I interpreted his remark as doing some testing right
aft
On Sat, 06 Mar 2010 11:31:17 +0100
Kai Schaetzl wrote:
> Rw wrote on Sat, 6 Mar 2010 01:04:20 +:
>
> > There's nothing odd about that, it's common that hard to learn spam
> > is identified correctly on retesting.
>
> I'm not sure what you want to say. Do you want to say that a message
> tes
Alex wrote on Fri, 5 Mar 2010 21:55:35 -0500:
> However,
> searching through the quarantine to see how many with a similar
> pattern have been caught, I see there are a large number of emails
> with BAYES_00. Is this a sure sign of a problem with bayes?
Maybe.
> If so, can I pull the messages ou
Rw wrote on Sat, 6 Mar 2010 01:04:20 +:
> There's nothing odd about that, it's common that hard to learn spam is
> identified correctly on retesting.
I'm not sure what you want to say. Do you want to say that a message tested
right
after learning may get 99, but next day it will have 50 aga
Hi,
> As Kai said, check your Bayes is actually working. I've been seeing dozens
> of these daily for what seems like ages, and Bayes now has no trouble
> nailing them although it understandably missed them when they first started
> arriving.
If I try to learn the same message again, sa-learn say
On Fri, 05 Mar 2010 18:39:25 +0100
Kai Schaetzl wrote:
> Alex wrote on Fri, 5 Mar 2010 11:02:35 -0500:
>
> > I've trained probably 50 of these, yet they still have BAYES_50.
>
> I trained your example and it went from 50 to 99. With *1* message!
> There may be something wrong with your Bayes. W
On 2010-03-05 14:51, Henrik K wrote:
On Fri, Mar 05, 2010 at 11:02:35AM -0500, Alex wrote:
Hi all,
I'm having trouble with an elusive spam for the past few days with
just "re" in the subject. It looks to be routed through hotmail.com,
but doesn't have an SPF signature, so I don't really underst
On Fri, Mar 05, 2010 at 11:02:35AM -0500, Alex wrote:
> Hi all,
>
> I'm having trouble with an elusive spam for the past few days with
> just "re" in the subject. It looks to be routed through hotmail.com,
> but doesn't have an SPF signature, so I don't really understand.
> Here's an example:
>
>
Alex wrote:
Hi all,
I'm having trouble with an elusive spam for the past few days with
just "re" in the subject. It looks to be routed through hotmail.com,
but doesn't have an SPF signature, so I don't really understand.
SPF doesn't sign anything (perhaps you are thinking of dkim), and
anyway
Alex wrote on Fri, 5 Mar 2010 11:02:35 -0500:
> I've trained probably 50 of these, yet they still have BAYES_50.
I trained your example and it went from 50 to 99. With *1* message!
There may be something wrong with your Bayes. With 400.000 tokens in the
db.
Why did you replace the @? And please
Man, I wish I'd tried asking my question here a LONG time ago. You guys have
been so helpful! Thanks a ton! You rock!
--
View this message in context:
http://www.nabble.com/Rule-help-needed-tf2260084.html#a6287909
Sent from the SpamAssassin - Users forum at Nabble.com.
Thanks for your VERY helpful input. That's exactly the kind of stuff they
don't tend to cover in a general overview of how to write rules, and exactly
the kind of stuff I need to know.
Unfortunately SpamAssassin is pretty hobbled on a Cpanel account on a shared
server. I contacted the help desk t
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
On Tue, Sep 12, 2006 at 08:47:19PM -0700, jdow wrote:
I've been contemplating that to a degree. It would be nice if I could
use the standard rule paths and designate one extra directory for
included rules from it. Then I could run, for a two user insta
On Tue, Sep 12, 2006 at 08:47:19PM -0700, jdow wrote:
> I've been contemplating that to a degree. It would be nice if I could
> use the standard rule paths and designate one extra directory for
> included rules from it. Then I could run, for a two user installation,
> a pair of spamd processes with
From: "Theo Van Dinter" <[EMAIL PROTECTED]>
It's also worth noting that allow_user_rules makes spamd less efficient,
at a minimum because it has to rebuild all of the rule eval strings for
every message.
IMO, don't enable allow_user_rules unless you really need to do it.
I've been contemplati
On Tue, Sep 12, 2006 at 11:24:37PM -0400, Matt Kettler wrote:
> might discover and publish and exploit for. Keeping allow_user_rules off
> protects you from future exploits in this area if you have untrusted users.
It's also worth noting that allow_user_rules makes spamd less efficient, at a
minim
Bowie Bailey wrote:
> kavaXtreme wrote:
>
>> I've read and read and read till my mind feels like spaghetti puree.
>> I'm really hoping someone here can help with my question.
>>
>> My main question is, why doesn't the following rule work:
>> header ROMPE_BADRECIPS To =~ /(uucp|majordomo|ro
header ROMPE_BADRECIPS To =~ /(uucp|majordomo|root)[EMAIL PROTECTED]/i
Bowie has answered your questions. A couple of comments on the regex above.
You should be using (?: instead of just ( to introduce the group. Without
the ?: it is a capturing group that will capture the text found.
Bowie Bailey wrote:
> kavaXtreme wrote:
> > I've read and read and read till my mind feels like spaghetti puree.
> > I'm really hoping someone here can help with my question.
> >
> > My main question is, why doesn't the following rule work:
> > header ROMPE_BADRECIPS To =~
> > /(uucp|majordo
kavaXtreme wrote:
> I've read and read and read till my mind feels like spaghetti puree.
> I'm really hoping someone here can help with my question.
>
> My main question is, why doesn't the following rule work:
> header ROMPE_BADRECIPS To =~ /(uucp|majordomo|root)[EMAIL PROTECTED]/i
> score
mouss wrote:
David Gibbs wrote:
Folks:
[...]
My particular example ...
I want to create a rule that will assign a specific score if the subject
contains the word 'euromillion', but have a lower score if the subject
contains 'million'.
Obviously if I put two separate rules with the 'euromil
David Gibbs wrote:
Folks:
I'm trying to create a rule that are basically exclusive of each other.
That is ... if rule 1 is matched, then ignore rule 2.
My particular example ...
I want to create a rule that will assign a specific score if the subject
contains the word 'euromillion', but have
On Sat, Jan 21, 2006 at 02:17:50PM -0600, Rob Poe wrote:
> I need a custom rule that looks for
> X-Status: F
> In the header, and adds a value to the score. (i.e. 2.5)
> If anyone has some direction .. :)
header X_STATUS_F X-Status =~ /^F$/
score X_STATUS_F 2.5
--
Randomly Generated Tagl
48 matches
Mail list logo
