RE: How would i write this rule?
Adam Lanier wrote:
> Peter Russell wrote:
>
> >
> > Sorry last question - seems the parent company is doing spam checks
> > and adds the spam score to the headers.
> >
> > How could i add/change the second condition for a spam score
> > greater than 10.00 ?
> >
> > the header is X-Spam-Score: *** (11.507)
> >
> > Many thanks
> > Pete
>
> To ask the obvious question, why are you doing spam checks if the
> upstream relay is also doing them?
>
> Based on my performance yesterday, there's almost assuredly something
> wrong with the following but...
>
> header__HIGH_SA_SCOREX-Spam-Score =~ /\*{10,}/
> meta SPAM_FROM_RELAY__GATEWAY_RELAY && __NOT_PAR_DOMAIN &&
> __HIGH_SA_SCORE
Since you don't care what the actual score is and you are not anchoring
the end of the expression, you can simplify this to:
header__HIGH_SA_SCOREX-Spam-Score =~ /\*{10}/
In other words... Match if the header contains ten asterisks. You
don't care if it has exactly ten or more than ten. As long as there are
ten asterisks in there somewhere, it will match.
--
Bowie
Re: How would i write this rule?
Peter Russell wrote:
Sorry last question - seems the parent company is doing spam checks
and adds the spam score to the headers.
How could i add/change the second condition for a spam score greater
than 10.00 ?
the header is X-Spam-Score: *** (11.507)
Many thanks
Pete
To ask the obvious question, why are you doing spam checks if the
upstream relay is also doing them?
Based on my performance yesterday, there's almost assuredly something
wrong with the following but...
header__HIGH_SA_SCOREX-Spam-Score =~ /\*{10,}/
meta SPAM_FROM_RELAY__GATEWAY_RELAY && __NOT_PAR_DOMAIN &&
__HIGH_SA_SCORE
Re: How would i write this rule?
adam lanier wrote: On Tue, 2007-04-03 at 16:06 +, Duane Hill wrote: On Tue, 3 Apr 2007, adam lanier wrote: Shouldn't it be: From !~ /[EMAIL PROTECTED]/i meta SPAM_FROM_RELAY__GATEWAY_RELAY && __NOT_PAR_DOMAIN yep, i'm 0 for 2 today, time to keep quiet. Sorry last question - seems the parent company is doing spam checks and adds the spam score to the headers. How could i add/change the second condition for a spam score greater than 10.00 ? the header is X-Spam-Score: *** (11.507) Many thanks Pete
Re: How would i write this rule?
On Tue, 2007-04-03 at 16:06 +, Duane Hill wrote: > On Tue, 3 Apr 2007, adam lanier wrote: > Shouldn't it be: > >From !~ /[EMAIL PROTECTED]/i > > > meta SPAM_FROM_RELAY__GATEWAY_RELAY && __NOT_PAR_DOMAIN yep, i'm 0 for 2 today, time to keep quiet. signature.asc Description: This is a digitally signed message part
Re: How would i write this rule?
On Tue, 3 Apr 2007, adam lanier wrote: On Wed, 2007-04-04 at 00:37 +1000, Pete Russell wrote: How do i write a rule that says; if mail is recieved from parent company email gateway/s AND the from address is not from the parent company domain THEN give XX score. Something like? header __GATEWAY_RELAY Received =~ /\[111\.222\.333\]/ header__NOT_PAR_DOMAIN From =! /[EMAIL PROTECTED]/i Shouldn't it be: From !~ /[EMAIL PROTECTED]/i meta SPAM_FROM_RELAY__GATEWAY_RELAY && __NOT_PAR_DOMAIN
Re: How would i write this rule?
adam lanier wrote: On Wed, 2007-04-04 at 00:37 +1000, Pete Russell wrote: How do i write a rule that says; if mail is recieved from parent company email gateway/s AND the from address is not from the parent company domain THEN give XX score. Something like? header __GATEWAY_RELAY Received =~ /\[111\.222\.333\]/ so in this line the ip address is only the 1st 3 sections. Will it match anything in the 4th? eg 111.222.333.xxx? header__NOT_PAR_DOMAIN From =! /[EMAIL PROTECTED]/i I know . are important in regexp, the domain is .com.au can i just change the above line to /[EMAIL PROTECTED]/i meta SPAM_FROM_RELAY__GATEWAY_RELAY && __NOT_PAR_DOMAIN and score SPAM_FROM_RELAY 5 ? many thanks for taking the time to response in that much detail for me. Regards Pete
Re: How would i write this rule?
On Wed, 2007-04-04 at 00:37 +1000, Pete Russell wrote: > > How do i write a rule that says; > > if mail is recieved from parent company email gateway/s AND the from > address is not from the parent company domain THEN give XX score. Something like? header __GATEWAY_RELAY Received =~ /\[111\.222\.333\]/ header__NOT_PAR_DOMAIN From =! /[EMAIL PROTECTED]/i meta SPAM_FROM_RELAY__GATEWAY_RELAY && __NOT_PAR_DOMAIN signature.asc Description: This is a digitally signed message part
Re: How would i write this rule?
On Wed, 2007-04-04 at 00:55 +1000, Pete Russell wrote: > > adam lanier wrote: > > On Wed, 2007-04-04 at 00:37 +1000, Pete Russell wrote: > >> How do i write a rule that says; > > header __GATEWAY_RELAY Received =~ /\[111\.222\.333\]/ > so in this line the ip address is only the 1st 3 sections. Will it match > anything in the 4th? eg 111.222.333.xxx? > > > header__NOT_PAR_DOMAIN From =! /[EMAIL PROTECTED]/i > I know . are important in regexp, the domain is .com.au can i just > change the above line to /[EMAIL PROTECTED]/i > > > meta SPAM_FROM_RELAY__GATEWAY_RELAY && __NOT_PAR_DOMAIN > and score SPAM_FROM_RELAY 5 ? > > Sorry, trying to dash off a response while doing ten other things. The ip address should probably match exactly if you only have one relay machine: header __GATEWAY_RELAY Received =~ /\[111\.222\.333\.444\]/ If you have multiple relays/ip addresses: header __GATEWAY_RELAY Received =~ /(?:\[111\.222\.333\]|\[444\.555\.666 \.777\])/ You should probably escape all the '.' in a domain literal just to be safe: /[EMAIL PROTECTED]/i signature.asc Description: This is a digitally signed message part
