Dear all, I wish you and your families a happy, prosperous and healthy year 2016!
As for me, I am spending the first day of the new year battling with some
custom SA rule that seems to be ignored:
header FR_Spam2 Received =~ /e\d{1,2}+\.(.*)\.fr/i
score FR_Spam2 3.5
Is this rule correct from a syntactical perspective? I would say yes as
pcregrep is fine with it.
Anyway, here is the scenario that I am trying to handle: I am getting *lots* of
spam messages in French with random text with each of them contains a line like
"Received from e(1 or 2 digit number).(some random hostname sometimes with
dashes and sometimes without).fr“ - here is an example:
(...)
Received: from e4.mailsclub.fr (e4.mailsclub.fr [212.83.145.185])
by mail.wolfgarten.com (Postfix) with ESMTP id 359217DCC0
for <sebast...@wolfgarten.com>; Fri, 1 Jan 2016 11:47:01 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key; d=e4.mailsclub.fr;
h=Message-ID:Date:Subject:From:Reply-To:To:MIME-Version:Content-Type:List-Unsubscribe;
i=s...@e4.mailsclub.fr;
bh=gbtf9vK5d2PMdkJu/hIUduylbcQ=;
b=t2BrXmPpOX3yVZ1kMGZzm+aIE2nTKU02gxlG8jwOsxrHGdXWDnbQxrmaOU5xcDw5It1UDA4jxw+b
2XJET5xUV/c66L6hwxtOt757o1F1UD2ezM+sd0BHAh9LjTV+icb4k38w89FwHHumycRj2V2xh/3G
imoFha6WLhNxDVsKSQY=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key; d=e4.mailsclub.fr;
b=k0K9oJ5XP+rOa4oSNa3ZWJ1gCWdnu7khO+hdWAOJv7trKEAlZ0IHfSGRWwWq+4cl1xUnVqv6I2G3
z6pROvLHeaPo7Ue2K5MQzZUA/VFDhDApEMEc7bBr5cB3mpxfSAUo69eZDtPyLsjCd27LMQ+FMGwi
xddezXrzEhGlMeVLsHw=;
(...)
Any thoughts on how to best deal with this?
Many thanks.
Kind regards
Sebastian
signature.asc
Description: Message signed with OpenPGP using GPGMail
