1 |
Can anyone help me with the format of custom rules |
2 |
in /etc/mail/spamassassin/local.cf? The perldoc |
3 |
Mail::SpamAssassin::Conf page says: |
4 |
|
5 |
header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset: |
6 |
STRING] |
7 |
Define a test. "SYMBOLIC_TEST_NAME" is a symbolic test name, |
8 |
such as |
9 |
'FROM_ENDS_IN_NUMS'. "header" is the name of a mail header, |
10 |
such as 'Sub- |
11 |
ject', 'To', etc. |
12 |
|
13 |
Appending ":raw" to the header name will inhibit decoding of |
14 |
quoted-printable |
15 |
or base-64 encoded strings. |
16 |
|
17 |
Appending ":addr" to the header name will cause everything |
18 |
except the first |
19 |
email address to be removed from the header. For example, |
20 |
all of the follow- |
21 |
ing will result in "example@foo": |
22 |
|
23 |
example@foo |
24 |
example@foo (Foo Blah) |
25 |
*)$/i |
26 |
|
27 |
header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset: |
28 |
STRING] |
29 |
Define a test. "SYMBOLIC_TEST_NAME" is a symbolic test name, such |
30 |
as |
31 |
'FROM_ENDS_IN_NUMS'. "header" is the name of a mail header, such |
32 |
as 'Sub- |
33 |
ject', 'To', etc. |
34 |
|
35 |
Appending ":raw" to the header name will inhibit decoding of |
36 |
quoted-printable |
37 |
or base-64 encoded strings. |
38 |
|
39 |
Appending ":addr" to the header name will cause everything except |
40 |
the first |
41 |
email address to be removed from the header. For example, all of |
42 |
the follow- |
43 |
ing will result in "example@foo": |
44 |
|
45 |
example@foo |
46 |
example@foo (Foo Blah) |
47 |
example@foo, example@bar |
48 |
display: example@foo (Foo Blah), example@bar ; |
49 |
Foo Blah <example@foo> |
50 |
"Foo Blah" <example@foo> |
51 |
"'Foo Blah'" <example@foo> |
52 |
|
53 |
Appending ":name" to the header name will cause everything except |
54 |
the first |
55 |
real name to be removed from the header. For example, all of the |
56 |
following |
57 |
will result in "Foo Blah" |
58 |
|
59 |
example@foo (Foo Blah) |
60 |
example@foo (Foo Blah), example@bar |
61 |
display: example@foo (Foo Blah), example@bar ; |
62 |
Foo Blah <example@foo> |
63 |
"Foo Blah" <example@foo> |
64 |
"'Foo Blah'" <example@foo> |
65 |
There are several special pseudo-headers that can be specified: |
66 |
|
67 |
"ALL" can be used to mean the text of all the message's headers. |
68 |
"ToCc" can be used to mean the contents of both the 'To' and 'Cc' |
69 |
headers. |
70 |
"EnvelopeFrom" is the address used in the 'MAIL FROM:' phase of |
71 |
the SMTP |
72 |
transaction that delivered this message, if this data has been |
73 |
made available |
74 |
by the SMTP server. |
75 |
"MESSAGEID" is a symbol meaning all Message-Id's found in the |
76 |
message; some |
77 |
mailing list software moves the real 'Message-Id' to |
78 |
'Resent-Message-Id' or |
79 |
'X-Message-Id', then uses its own one in the 'Message-Id' header. |
80 |
The value |
81 |
returned for this symbol is the text from all 3 headers, separated |
82 |
by new- |
83 |
lines. |
84 |
|
85 |
"op" is either "=~" (contains regular expression) or "!~" (does |
86 |
not contain |
87 |
regular expression), and "pattern" is a valid Perl regular |
88 |
expression, with |
89 |
"modifiers" as regexp modifiers in the usual style. Note that |
90 |
multi-line |
91 |
rules are not supported, even if you use "x" as a modifier. Also |
92 |
note that |
93 |
the "#" character must be escaped ("\#") or else it will be |
94 |
considered to be |
95 |
the start of a comment and not part of the regexp. |
96 |
|
97 |
If the "[if-unset: STRING]" tag is present, then "STRING" will be |
98 |
used if the |
99 |
header is not found in the mail message. |
100 |
|
101 |
Test names should not start with a number, and must contain only |
102 |
alphanumer- |
103 |
ics and underscores. It is suggested that lower-case characters |
104 |
not be used, |
105 |
and names have a length of no more than 22 characters, as an |
106 |
informal conven-tion. Dashes are not allowed. |
107 |
|
108 |
Note that test names which begin with '__' are reserved for |
109 |
meta-match |
110 |
sub-rules, and are not scored or listed in the 'tests hit' |
111 |
reports. Test |
112 |
names which begin with 'T_' are reserved for tests which are |
113 |
undergoing QA, |
114 |
and these are given a very low score. |
115 |
|
116 |
If you add or modify a test, please be sure to run a sanity check |
117 |
afterwards |
118 |
by running "spamassassin --lint". This will avoid confusing error |
119 |
messages, |
120 |
or other tests being skipped as a side-effect. |
121 |
|
122 |
|
123 |
This wasn't very helpful, and the example did not provide enough |
124 |
information, but I decided to try it anyway. We get frequent spam |
125 |
emails with the subject "The Ultimate Online Pharmacy". I put a new |
126 |
rule in /etc/mail/spamassassin/local.cf: |
127 |
|
128 |
header ULTIMATE_ONLINE_PHARMACY Subject ~= /The Ultimate Online |
129 |
Pharmacy/ |
130 |
|
131 |
I happened to have one of these spammish emails in my inbox, so I ran |
132 |
|
133 |
spamassassin -tD < /var/spool/mail/michael | more |
134 |
|
135 |
It took awhile (I took a shower while it was running) and when I came |
136 |
back it had finished, but it had not flagged the email as spam. How do |
137 |
I format the rules to block particular strings of text? |
138 |
|
139 |
-- |
140 |
gentoo-user@g.o mailing list |