Michael Scheidell wrote:
yes, but they are disabled unless you have specific whitelists. the
'original-message content' you are looking for.
vbounce rules are disabled, even if you enable them unless you also have
this in *.cf
whitelist_bounce_relays {your outbound mail servers}
As I said:
"*nod* And after a quick check, I've apparently had those rules active
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
for quite a while. (In fact, one of the subrules for my metas is
^^^^^^^^^^^^^^^^^
BOUNCE_MESSAGE.)"
They're active, they're hitting, I can use them in metas to boost or
control further custom rule hits... but I **CAN NOT** score them
significantly higher than the default advisory scores.
I'm looking for ways to match *on the real spam content* - which
unfortunately doesn't always include the spam body, and which I've
observed hitting my extra, more-specific rules using mimeheader only on
the bounces where the original is actually a proper RFC822 attachment,
not some kind of inline garbage (which sometimes matches on body rules,
sometimes on rawbody, and IIRC in one case didn't match any of them).
For instance:
mimeheader T_YOUR_ORDER_VIRUS_G Subject =~ /Apple (?:App)?-?Store Order
(?:id:|\#)\d+-\d+/
This will only work if the bounce-generating system attaches some
portion of the original as an RFC822 message; if the bounce was
generated by qmail it fails. I don't want to have to maintain two (or
more) copies of the same regex using different rule types.
I could swear there's another variation I've come across that neither
rawbody *or* mimeheader will match, but I can't find an example at the
moment.
-kgd
