Thanks for your VERY helpful input. That's exactly the kind of stuff they don't tend to cover in a general overview of how to write rules, and exactly the kind of stuff I need to know.
Unfortunately SpamAssassin is pretty hobbled on a Cpanel account on a shared server. I contacted the help desk to clarify, and neither of my web hosts allows custom rules (or Razor2, DCC, Pyzor). And I'm not ready to spring for a dedicated server right now. So, it looks like I'm going to have to use a less elegant approach: have SpamAssassin flag spam, have e-mail filters send spam with a high score to a mailbox for SA to learn from, and use a script to process the contents. Oh well. Loren Wilton wrote: > >> header ROMPE_BADRECIPS To =~ /(uucp|majordomo|root)[EMAIL PROTECTED]/i > > Bowie has answered your questions. A couple of comments on the regex > above. > > You should be using (?: instead of just ( to introduce the group. Without > the ?: it is a capturing group that will capture the text found. But you > aren't using the captured text, so this just considerably slows down the > regex processing. > > You also should escape the dot in .com. What you have now will match any > character, not just a dot. > > You should probably also make sure that there is a word break before the > username, so that you don't inadvertantly hit on mymajordomo or similar. > > So you end up with: > > To =~ /\b(?:uucp|majordomo|root)[EMAIL PROTECTED]/i > > > Loren > > > -- View this message in context: http://www.nabble.com/Rule-help-needed-tf2260084.html#a6287888 Sent from the SpamAssassin - Users forum at Nabble.com.
