On Wed, 1 Jul 2009, Karsten Bräckelmann wrote:
Be careful with 'full' rules. You'd better paranoidly anchor your RE and
strictly limit matching
(nod) This is why my original question was about using the 'capture'
function. What I WANT to use for a ruleset is something like:
header LOC_FR
On Wed, 2009-07-01 at 08:01 -0400, Charles Gregory wrote:
> On Wed, 1 Jul 2009, Karsten Bräckelmann wrote:
> > header FROM_EQ_XM ALL =~
> > /^From: [...@]+\@(?:[^.]+\.)?([^.]+\.[^.]+)>?\$.{0,400}^X-Mailer: \1\$/msi
>
> Firstly, my thanks. This syntax provides the functionality I was asking
> for
On Wed, 1 Jul 2009, Karsten Bräckelmann wrote:
header FROM_EQ_XM ALL =~
/^From: [...@]+\@(?:[^.]+\.)?([^.]+\.[^.]+)>?\$.{0,400}^X-Mailer: \1\$/msi
Firstly, my thanks. This syntax provides the functionality I was asking
for in another thread where I wanted to capture things like the appearance
> > Both of you. ;)
>
> Mea culpa. I _never_ think of header ALL rules.
See my RATWARE_OUTLOOK rule. ;)
Reminds me of an important bit I meant to add, but forgot. It's pretty
important to properly anchor matches and limit wildcard matching with
multi-line RE's -- otherwise they can easily bog do
On Wed, 1 Jul 2009, Karsten Br?ckelmann wrote:
On Tue, 2009-06-30 at 16:50 -0700, John Hardin wrote:
On Wed, 1 Jul 2009, Benny Pedersen wrote:
From: "Compare and Cover Life"
X-Mailer: webguide103.com
How would I construct a spamassassin rule to check for this?
impossible without a pluging
On Tue, 2009-06-30 at 16:50 -0700, John Hardin wrote:
> On Wed, 1 Jul 2009, Benny Pedersen wrote:
> > > From: "Compare and Cover Life"
> > > X-Mailer: webguide103.com
> > > How would I construct a spamassassin rule to check for this?
> >
> > impossible without a pluging
Meep. Wrong!
> ...unless
On Wed, 2009-07-01 at 00:23 +0100, Mike Cardwell wrote:
> I've started seeing spam email containing an X-Mailer header which is
> the domain name of the From header. Eg:
>
> From: "Compare and Cover Life"
> X-Mailer: webguide103.com
The *first* question should be, how are these scoring generall
On Wed, 1 Jul 2009, Benny Pedersen wrote:
On Wed, July 1, 2009 01:23, Mike Cardwell wrote:
From: "Compare and Cover Life"
X-Mailer: webguide103.com
> How would I construct a spamassassin rule to check for this?
impossible without a pluging
...unless you just do a loose X-Mailer-looks-like
On Wed, July 1, 2009 01:23, Mike Cardwell wrote:
> From: "Compare and Cover Life"
> X-Mailer: webguide103.com
> How would I construct a spamassassin rule to check for this?
impossible without a pluging, would be faster to reject sender in mta
--
xpoint
