Re: rule enlist_uri_host not work
On Fri, 17 Nov 2017, Emanuel Gonzalez wrote: AH.!!! it only analyzes the existence of the extensions inside the body of the message, I understood that it worked at field level from. Any recommendation? Possibly (untested): header FROM_UNWANTED_TLDFrom:addr =~ /\.(?:tk|uk|ru|tr|cn|kr|vn|us|za)>?$/i De: John Hardin Enviado: viernes, 17 de noviembre de 2017 14:01:49 Para: users@spamassassin.apache.org Asunto: Re: rule enlist_uri_host not work On Fri, 17 Nov 2017, Emanuel Gonzalez wrote: enlist_uri_host (MED) tk uk ru tr cn kr vn us za From: en...@enviando.tk From address is not a URI. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It's easy to be noble with other people's money. -- John McKay, _The Welfare State: No Mercy for the Middle Class_ --- 232 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: rule enlist_uri_host not work
AH.!!! it only analyzes the existence of the extensions inside the body of the message, I understood that it worked at field level from. Any recommendation? Regards, Emanuel. De: John Hardin Enviado: viernes, 17 de noviembre de 2017 14:01:49 Para: users@spamassassin.apache.org Asunto: Re: rule enlist_uri_host not work On Fri, 17 Nov 2017, Emanuel Gonzalez wrote: > enlist_uri_host (MED) tk uk ru tr cn kr vn us za > > From: en...@enviando.tk >From address is not a URI. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It's easy to be noble with other people's money. -- John McKay, _The Welfare State: No Mercy for the Middle Class_ --- 232 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: rule enlist_uri_host not work
On Fri, 17 Nov 2017, Emanuel Gonzalez wrote: enlist_uri_host (MED) tk uk ru tr cn kr vn us za From: en...@enviando.tk From address is not a URI. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It's easy to be noble with other people's money. -- John McKay, _The Welfare State: No Mercy for the Middle Class_ --- 232 days since the first commercial re-flight of an orbital booster (SpaceX)
rule enlist_uri_host not work
Hello, I create this rule in my custom_rules. enlist_uri_host (HIGH) date win faith racing top bid website stream link xyz fun fyi loan club party trade click men ninja cricket download enlist_uri_host (MED) tk uk ru tr cn kr vn us za header DW_OTHER_BAD_TLD eval:check_uri_host_listed('HIGH') scoreDW_OTHER_BAD_TLD 3 describe URI_HOST_LOW Host or domain found in URI is listed in the HIGH list #describe DW_OTHER_BAD_TLD Other untrustworthy TLDs # MEDIUM LEVEM INBOUND SPAM header DW_OTHER_BAD_TLD eval:check_uri_host_listed('MED') scoreDW_OTHER_BAD_TLD 1.5 describe URI_HOST_LOW Host or domain found in URI is listed in the MED list But not detected the TLD .TK From: en...@enviando.tk To: user@domain pts rule name description -- -- 4.0 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.] -0.0 SPF_PASS SPF: sender matches SPF record 1.4 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% [score: 1.] 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNEDMessage has a DKIM or DK signature, not necessarily valid 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid X-Spam-Threshold: 60 X-Spam-Status: Yes Subject: test Regards.!!!