On 23/11/11 15:31, Axb wrote:
> On 2011-11-23 15:13, Simon Loewenthal wrote:
>>
>> I have spam that hits on these rules.
>>
>> X-Spam-Report:
>> * 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
>> * [URIs: europjobs.eu]
>> * 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
>> blocklist
>> * [URIs: europjobs.eu]
>> * 0.0 UNPARSEABLE_RELAY Informational: message has unparseable
>> relay lines
>> * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
>> * [score: 0.5000]
>> * 1.1 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
>> * 1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
>> * 0.3 DIGEST_MULTIPLE Message hits more than one network digest
>> check
>> * 0.8 RDNS_NONE Delivered to internal network by a host with no
>> rDNS
>>
>> What I fail to understand is why it did not hit on this local.cf rule:
>>
>> describe RBODY_JOB_DOMAINS1 English language job opportunity1
>> rawbody RBODY_JOB_DOMAINS1
>> /\@(?:axeabout|career-lists|careers-consult|eur-exlusive|europe-career|europ-exlusive|it-jobsearch\.com|uk-exlusive|tech-newposition|new-joboffers|joblists|web-newcarer|world-jobsearch|gb-totaljob|simple-jobneed|sprytex-it|europjobs.eu|businesinsiders.com)\./
>>
>> score RBODY_JOB_DOMAINS1 4.5
>>
>> ( I tried the same by replacing |europjobs.eu| with |europjobs\.eu| in
>> case it helped, but made no difference)
>>
>> I should have thought that this would pick it up. I missed something
>> :( Anyone know what it was?
>
> first thing I see:
>
> remove the last \.
>
> atm, your regex expects to see a
>
> europjobs.eu\.
>
> also make sure you escape all periods.
>
> make up your mind if you want to not use tlds after the the domain name.
>
> for tidyness, use up sepatrate rules /tld
>
>
>
>
>
Thank-you very much. This did the trick.
