Re: Rule Help - not sure what is wrong with my syntax
On Thu, 12 Jan 2023, John Hardin wrote: On Thu, 12 Jan 2023, Martin Gregorie wrote: On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote: Hello All, I created this rule to check for email addresses matching a list to get added some negative value. I also tried it with just domains so it would be more efficient, but I can't seem to get them to run. Any suggestions? Use a database to store addresses you accept mail from. Apart from the database, you'll need a Perl module to let SA look up addresses in the database. Simpler as it involves no new coding: a local DNS server and a DNSBL lookup rule with a negative score. There are instructions for setting such up for local blacklists, that works equally well for a local whitelist. Ah, whoops. I had it in my head that emailBL had been implemented. Never mind! -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The difference is that Unix has had thirty years of technical types demanding basic functionality of it. And the Macintosh has had fifteen years of interface fascist users shaping its progress. Windows has the hairpin turns of the Microsoft marketing machine and that's all.-- Red Drag Diva --- 5 days until Benjamin Franklin's 317th Birthday
Re: Rule Help - not sure what is wrong with my syntax
On Thu, 12 Jan 2023, Martin Gregorie wrote: On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote: Hello All, I created this rule to check for email addresses matching a list to get added some negative value. I also tried it with just domains so it would be more efficient, but I can't seem to get them to run. Any suggestions? Use a database to store addresses you accept mail from. Apart from the database, you'll need a Perl module to let SA look up addresses in the database. Simpler as it involves no new coding: a local DNS server and a DNSBL lookup rule with a negative score. There are instructions for setting such up for local blacklists, that works equally well for a local whitelist. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- USMC Rules of Gunfighting #20: The faster you finish the fight, the less shot you will get. --- 5 days until Benjamin Franklin's 317th Birthday
Re: Rule Help - not sure what is wrong with my syntax
There's no need for any rules: whitelist_to us...@example.com whitelist_to *@domain.com And adjust USER_IN_WHITELIST_TO for score. (welcomelist_to / USER_IN_WELCOMELIST_TO in 4.0) On Wed, Jan 11, 2023 at 04:56:21PM -0800, Loren Wilton wrote: > ? > Why not do a simple rule rather than inventing some Perl code? > > header TO_SPECIFIC_EMAIL To:addr ~= '(?:\b[1]us...@example.com|\b[2] > us...@example.com|\b[3]us...@example.com)' > describe TO_SPECIFIC_EMAIL Mail to a specific email address > score TO_SPECIFIC_EMAIL -2 > > header TO_SPECIFIC_DOMAIN To:addr '(?:'\@example1\.com | \@example2\.com | \ > @example3\.com)' > describe TO_SPECIFIC_DOMAIN Mail to specific email domain > score TO_SPECIFIC_DOMAIN -2 > > or possibly > > header TO_SPECIFIC_DOMAIN To:addr '\@(?:example1\.com | example2\.com | > example3\.com)$' > > > Loren > > - Original Message - > From: [4]Joey J > To: [5]users@spamassassin.apache.org > Sent: Wednesday, January 11, 2023 3:39 PM > Subject: Rule Help - not sure what is wrong with my syntax > > Hello All, > > I created this rule to check for email addresses matching a list to get > added some negative value. > I also tried it with just domains so it would be more efficient, but I > can't seem to get them to run. > Any suggestions? > > header TO_SPECIFIC_EMAIL eval:check_to_specific_email() > describe TO_SPECIFIC_EMAIL Mail to a specific email address > > score TO_SPECIFIC_EMAIL -2 > > sub check_to_specific_email { > my ($self) = @_; > my $to = lc($self->get('To:addr')); > my $list_of_address = qr/[6]us...@example.com|[7]us...@example.com|[8] > us...@example.com/; > if ($to =~ $list_of_address) { > return 1; > } > return 0; > } > > > > > This version was to simply check for the domain matches, but can't seem to > get it to work > > > header TO_SPECIFIC_DOMAIN eval:check_to_specific_domain() > describe TO_SPECIFIC_DOMAIN Mail to specific email domain > > score TO_SPECIFIC_DOMAIN -2 > > sub check_to_specific_domain { > my ($self) = @_; > my $to = lc($self->get('To:addr')); > if ($to =~ /\@example1\.com$|\@example2\.com$|\@example3\.com$/) { > return 1; > } > return 0; > } > > > > > > > -- > Thanks! > Joey > > > > References: > > [1] mailto:bus...@example.com > [2] mailto:bus...@example.com > [3] mailto:bus...@example.com > [4] mailto:jacklistm...@gmail.com > [5] mailto:users@spamassassin.apache.org > [6] mailto:us...@example.com > [7] mailto:us...@example.com > [8] http://us...@example.com/
Re: Rule Help - not sure what is wrong with my syntax
On Wed, 2023-01-11 at 16:56 -0800, Loren Wilton wrote: > Why not do a simple rule rather than inventing some Perl code? > > header TO_SPECIFIC_EMAIL To:addr ~= > '(?:\bus...@example.com|\bus...@example.com|\bus...@example.com)' > describe TO_SPECIFIC_EMAIL Mail to a specific email address > score TO_SPECIFIC_EMAIL -2 > > header TO_SPECIFIC_DOMAIN To:addr '(?:'\@example1\.com | > \@example2\.com | \@example3\.com)' > describe TO_SPECIFIC_DOMAIN Mail to specific email domain > score TO_SPECIFIC_DOMAIN -2 > > or possibly > > header TO_SPECIFIC_DOMAIN To:addr '\@(?:example1\.com | example2\.com > | example3\.com)$' > > Agreed, though after a while the regex can get rather long and unwieldy, but its easy enough to keep the address list as a simple text file (one address per line) and write a simple program to create a syntactically correct SA rule from the list. That is easily done with Perl or (better) an awk script. Martin
Re: Rule Help - not sure what is wrong with my syntax
On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote: > Hello All, > > I created this rule to check for email addresses matching a list to > get > added some negative value. > I also tried it with just domains so it would be more efficient, but I > can't seem to get them to run. > Any suggestions? > Use a database to store addresses you accept mail from. Apart from the database, you'll need a Perl module to let SA look up addresses in the database. How to populate the database is up to you: but adding addresses you send mail to and having your SA interface mark these addresses as not-spam is unlikely to cause false positives. My preferred way of populating the database depends on you running a local copy of Postfix. Configure Postfix to BCC all mail to a mailbox thats's scanned for outgoing mail and run an overnight process to add destination addresses from outbound mail to the database and discard the messages as they're processed. That said, I use this mechanism to populate a mail archive and a view to select the addresses I've sent mail to from the archive. This approach runs adequately fast and requires minimal maintenance apart from a weekly backup. HTH, Martin