On 2011-11-23 15:13, Simon Loewenthal wrote:
I have spam that hits on these rules.
X-Spam-Report:
* 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: europjobs.eu]
* 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: europjobs.eu]
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable
relay lines
* 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.5000]
* 1.1 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
* 1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
* 0.3 DIGEST_MULTIPLE Message hits more than one network digest check
* 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
What I fail to understand is why it did not hit on this local.cf rule:
describe RBODY_JOB_DOMAINS1 English language job opportunity1
rawbody RBODY_JOB_DOMAINS1
/\@(?:axeabout|career-lists|careers-consult|eur-exlusive|europe-career|europ-exlusive|it-jobsearch\.com|uk-exlusive|tech-newposition|new-joboffers|joblists|web-newcarer|world-jobsearch|gb-totaljob|simple-jobneed|sprytex-it|europjobs.eu|businesinsiders.com)\./
score RBODY_JOB_DOMAINS1 4.5
( I tried the same by replacing |europjobs.eu| with |europjobs\.eu| in
case it helped, but made no difference)
I should have thought that this would pick it up. I missed something
:( Anyone know what it was?
first thing I see:
remove the last \.
atm, your regex expects to see a
europjobs.eu\.
also make sure you escape all periods.
make up your mind if you want to not use tlds after the the domain name.
for tidyness, use up sepatrate rules /tld
