On Mon, 12 Oct 2015, emailitis.com wrote:
I have created 2 rules because almost everything from zcsend is Spam.
Rules are:
# zcsend Spam
header CGK_ZCSEND_1 All =~ /\@zcsend\.net/
score CGK_ZCSEND_1 2.5
# zcsend Spam
header CGK_ZCSEND_2 From =~ /\@zcsend\.net/
score CGK_ZCSEND_2 2.5
You're aware that both will hit on a From: address in that domain?
and extract from maillog is:
/root/weeklymail/Frimaillog:Oct 8 11:24:18 plesk3
/var/qmail/bin/relaylock[11463]: /var/qmail/bin/relaylock: mail from
74.201.84.45:60684 (sender45.zcsend.net)
/root/weeklymail/Frimaillog:Oct 8 11:24:29 plesk3 qmail-scanner-queue.pl:
qmail-scanner[11470]: Clear:RC:0(74.201.84.45):SA:0(2.2/4.0): 9.449095 69145
bounce_30599158+a.19c2d631a56d610_11699e4c327d324_v21
<mailto:bounce_30599158+a.19c2d631a56d610_11699e4c327d324_...@zcsend.net>
@zcsend.net p...@domain.co.uk <mailto:p...@domain.co.uk>
Business_Finance_available_quickly_for_HMRC_Debt
<zcb.11287eca46c335.19c2d631a56d610.1444299856...@zcsend.net
<mailto:zcb.11287eca46c335.19c2d631a56d610.1444299856...@zcsend.net> >
orig-plesk3.hostname.co.uk144429985979711470:69145
1444299859.11474-0.plesk3. hostname.co.uk:63279
Can a regex expert help me identify why that did not trigger one of the
CGK_ZCSEND_x rules?
Which one did not hit? _2 on the From address? There's no clear indication
from that log info that the From: header did contain that domain, those
might all be envelope Froms. Please provide the message headers as well as
the MTA log.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Vista "security improvements" consist of attempting to shift blame
onto the user when things go wrong.
-----------------------------------------------------------------------
