| 1 |
Can anyone help me with the format of custom rules |
| 2 |
in /etc/mail/spamassassin/local.cf? The perldoc |
| 3 |
Mail::SpamAssassin::Conf page says: |
| 4 |
|
| 5 |
header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset: |
| 6 |
STRING] |
| 7 |
Define a test. "SYMBOLIC_TEST_NAME" is a symbolic test name, |
| 8 |
such as |
| 9 |
'FROM_ENDS_IN_NUMS'. "header" is the name of a mail header, |
| 10 |
such as 'Sub- |
| 11 |
ject', 'To', etc. |
| 12 |
|
| 13 |
Appending ":raw" to the header name will inhibit decoding of |
| 14 |
quoted-printable |
| 15 |
or base-64 encoded strings. |
| 16 |
|
| 17 |
Appending ":addr" to the header name will cause everything |
| 18 |
except the first |
| 19 |
email address to be removed from the header. For example, |
| 20 |
all of the follow- |
| 21 |
ing will result in "example@foo": |
| 22 |
|
| 23 |
example@foo |
| 24 |
example@foo (Foo Blah) |
| 25 |
*)$/i |
| 26 |
|
| 27 |
header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset: |
| 28 |
STRING] |
| 29 |
Define a test. "SYMBOLIC_TEST_NAME" is a symbolic test name, such |
| 30 |
as |
| 31 |
'FROM_ENDS_IN_NUMS'. "header" is the name of a mail header, such |
| 32 |
as 'Sub- |
| 33 |
ject', 'To', etc. |
| 34 |
|
| 35 |
Appending ":raw" to the header name will inhibit decoding of |
| 36 |
quoted-printable |
| 37 |
or base-64 encoded strings. |
| 38 |
|
| 39 |
Appending ":addr" to the header name will cause everything except |
| 40 |
the first |
| 41 |
email address to be removed from the header. For example, all of |
| 42 |
the follow- |
| 43 |
ing will result in "example@foo": |
| 44 |
|
| 45 |
example@foo |
| 46 |
example@foo (Foo Blah) |
| 47 |
example@foo, example@bar |
| 48 |
display: example@foo (Foo Blah), example@bar ; |
| 49 |
Foo Blah <example@foo> |
| 50 |
"Foo Blah" <example@foo> |
| 51 |
"'Foo Blah'" <example@foo> |
| 52 |
|
| 53 |
Appending ":name" to the header name will cause everything except |
| 54 |
the first |
| 55 |
real name to be removed from the header. For example, all of the |
| 56 |
following |
| 57 |
will result in "Foo Blah" |
| 58 |
|
| 59 |
example@foo (Foo Blah) |
| 60 |
example@foo (Foo Blah), example@bar |
| 61 |
display: example@foo (Foo Blah), example@bar ; |
| 62 |
Foo Blah <example@foo> |
| 63 |
"Foo Blah" <example@foo> |
| 64 |
"'Foo Blah'" <example@foo> |
| 65 |
There are several special pseudo-headers that can be specified: |
| 66 |
|
| 67 |
"ALL" can be used to mean the text of all the message's headers. |
| 68 |
"ToCc" can be used to mean the contents of both the 'To' and 'Cc' |
| 69 |
headers. |
| 70 |
"EnvelopeFrom" is the address used in the 'MAIL FROM:' phase of |
| 71 |
the SMTP |
| 72 |
transaction that delivered this message, if this data has been |
| 73 |
made available |
| 74 |
by the SMTP server. |
| 75 |
"MESSAGEID" is a symbol meaning all Message-Id's found in the |
| 76 |
message; some |
| 77 |
mailing list software moves the real 'Message-Id' to |
| 78 |
'Resent-Message-Id' or |
| 79 |
'X-Message-Id', then uses its own one in the 'Message-Id' header. |
| 80 |
The value |
| 81 |
returned for this symbol is the text from all 3 headers, separated |
| 82 |
by new- |
| 83 |
lines. |
| 84 |
|
| 85 |
"op" is either "=~" (contains regular expression) or "!~" (does |
| 86 |
not contain |
| 87 |
regular expression), and "pattern" is a valid Perl regular |
| 88 |
expression, with |
| 89 |
"modifiers" as regexp modifiers in the usual style. Note that |
| 90 |
multi-line |
| 91 |
rules are not supported, even if you use "x" as a modifier. Also |
| 92 |
note that |
| 93 |
the "#" character must be escaped ("\#") or else it will be |
| 94 |
considered to be |
| 95 |
the start of a comment and not part of the regexp. |
| 96 |
|
| 97 |
If the "[if-unset: STRING]" tag is present, then "STRING" will be |
| 98 |
used if the |
| 99 |
header is not found in the mail message. |
| 100 |
|
| 101 |
Test names should not start with a number, and must contain only |
| 102 |
alphanumer- |
| 103 |
ics and underscores. It is suggested that lower-case characters |
| 104 |
not be used, |
| 105 |
and names have a length of no more than 22 characters, as an |
| 106 |
informal conven-tion. Dashes are not allowed. |
| 107 |
|
| 108 |
Note that test names which begin with '__' are reserved for |
| 109 |
meta-match |
| 110 |
sub-rules, and are not scored or listed in the 'tests hit' |
| 111 |
reports. Test |
| 112 |
names which begin with 'T_' are reserved for tests which are |
| 113 |
undergoing QA, |
| 114 |
and these are given a very low score. |
| 115 |
|
| 116 |
If you add or modify a test, please be sure to run a sanity check |
| 117 |
afterwards |
| 118 |
by running "spamassassin --lint". This will avoid confusing error |
| 119 |
messages, |
| 120 |
or other tests being skipped as a side-effect. |
| 121 |
|
| 122 |
|
| 123 |
This wasn't very helpful, and the example did not provide enough |
| 124 |
information, but I decided to try it anyway. We get frequent spam |
| 125 |
emails with the subject "The Ultimate Online Pharmacy". I put a new |
| 126 |
rule in /etc/mail/spamassassin/local.cf: |
| 127 |
|
| 128 |
header ULTIMATE_ONLINE_PHARMACY Subject ~= /The Ultimate Online |
| 129 |
Pharmacy/ |
| 130 |
|
| 131 |
I happened to have one of these spammish emails in my inbox, so I ran |
| 132 |
|
| 133 |
spamassassin -tD < /var/spool/mail/michael | more |
| 134 |
|
| 135 |
It took awhile (I took a shower while it was running) and when I came |
| 136 |
back it had finished, but it had not flagged the email as spam. How do |
| 137 |
I format the rules to block particular strings of text? |
| 138 |
|
| 139 |
-- |
| 140 |
gentoo-user@g.o mailing list |
Archives