On Wed, 2019-12-04 at 12:40 -0800, Chris Mulcahy wrote: > I want a rule that scores if “sitename” is not in the From: line. If > they send from i...@sitename.com, I’ll assume it’s legit. If sitename > does not exist, I’ll tick up the score a bit. I have done this for > some specific domains but they are all individual rules hardcoding the > domain name. > Presumably, you mean that if it matches, add a positive value to push it toward spam. If no match, ignore.
One way would be to build a giant list of alternates along the lines of header MYRULE M:addr =~ /(site1\.com\@mydomain\.com| site2....@mydomain.com|....)/ but note that this needs to be all on a single line. You can build that with a test editor, adding alternates as you find them - unless you kept a list, jut its a real pain editing an alternates list thats more than 100 characters or so. I did something similar some years back, but I first designed a definition file that was easy to edit: it has fixed details such as the descriptive comments, the rule name and score on a set of lines at the front of the file. This is followed by the list of alternates, each on a separate line. It helps maintenance and the addition of new terms if you keep the alternates in alphabetic sequence too. Then I wrote a script that reads the definition and spits out a .cf file containing a correctly formatted SA rule. This is a bash script that runs a gawk script to do the heavy lifting. I used gawk because i know and like it, but any scriptable language should do: Perl, Python or even Javascript or BASIC are all possibilities. You can download my solution from here: libelle-systems.com/free/portmanteau/portmanteau.tgz and modify to suit your own purposes ...but be patient - the site is rather slow at present. If you can't get through, yell and I'll send you the archive. Alternatively, if you know Perl and SQL, you may want to write yourself an SA plugin to access a database containing your personal blacklist. Or, there are blacklist handlers around that would serve the same purpose as thje database + plugin. I haven't used any of them, so can't give names or recommendations. Martin
