I am clearly missing something with these rules but I lack the experience to
see what it is:
score RAW_BLANK_LINES_05 0.5
rawbody RAW_BLANK_LINES_05 /(\r?\n){5,9}/i
describe RAW_BLANK_LINES_05 Raw body contains 5 or more consecutive empty lines
score RAW_BLANK_LINES_10 1.0
rawbody RAW_BLANK_LINES_10 /(\r?\n){10,24}/i
describe RAW_BLANK_LINES_10 Raw body contains 10 or more consecutive empty lines
score RAW_BLANK_LINES_15 1.5
rawbody RAW_BLANK_LINES_15 /(\r?\n){25}/
describe RAW_BLANK_LINES_15 Raw body contains 25 or more consecutive empty lines
I created a test file that consisted of nought but newlines (shown as $
characters using vim set list).
I passed it to spamassassin from the command line with the above rules in
/etc/mail/spamassassin/local.cf and nothing was reported. I used an actual
message body from a spam message received and only the RAW_BLANK_LINES_05 test
is tripped even though the body of that message has 18 consecutive blank
lines, also consisting of nothing but \n characters.
So what is it about the regexp I am using that I evidently do not understand?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
