Re: rule enlist_uri_host not work
On Fri, 17 Nov 2017, Emanuel Gonzalez wrote: AH.!!! it only analyzes the existence of the extensions inside the body of the message, I understood that it worked at field level from. Any recommendation? Possibly (untested): header FROM_UNWANTED_TLDFrom:addr =~ /\.(?:tk|uk|ru|tr|cn|kr|vn|us|za)>?$/i De: John Hardin Enviado: viernes, 17 de noviembre de 2017 14:01:49 Para: users@spamassassin.apache.org Asunto: Re: rule enlist_uri_host not work On Fri, 17 Nov 2017, Emanuel Gonzalez wrote: enlist_uri_host (MED) tk uk ru tr cn kr vn us za From: en...@enviando.tk From address is not a URI. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It's easy to be noble with other people's money. -- John McKay, _The Welfare State: No Mercy for the Middle Class_ --- 232 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: rule enlist_uri_host not work
AH.!!! it only analyzes the existence of the extensions inside the body of the message, I understood that it worked at field level from. Any recommendation? Regards, Emanuel. De: John Hardin Enviado: viernes, 17 de noviembre de 2017 14:01:49 Para: users@spamassassin.apache.org Asunto: Re: rule enlist_uri_host not work On Fri, 17 Nov 2017, Emanuel Gonzalez wrote: > enlist_uri_host (MED) tk uk ru tr cn kr vn us za > > From: en...@enviando.tk >From address is not a URI. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It's easy to be noble with other people's money. -- John McKay, _The Welfare State: No Mercy for the Middle Class_ --- 232 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: rule enlist_uri_host not work
On Fri, 17 Nov 2017, Emanuel Gonzalez wrote: enlist_uri_host (MED) tk uk ru tr cn kr vn us za From: en...@enviando.tk From address is not a URI. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It's easy to be noble with other people's money. -- John McKay, _The Welfare State: No Mercy for the Middle Class_ --- 232 days since the first commercial re-flight of an orbital booster (SpaceX)
rule enlist_uri_host not work
Hello,
I create this rule in my custom_rules.
enlist_uri_host (HIGH) date win faith racing top bid website stream link xyz
fun fyi loan club party trade click men ninja cricket download
enlist_uri_host (MED) tk uk ru tr cn kr vn us za
header DW_OTHER_BAD_TLD eval:check_uri_host_listed('HIGH')
scoreDW_OTHER_BAD_TLD 3
describe URI_HOST_LOW Host or domain found in URI is listed in the HIGH list
#describe DW_OTHER_BAD_TLD Other untrustworthy TLDs
# MEDIUM LEVEM INBOUND SPAM
header DW_OTHER_BAD_TLD eval:check_uri_host_listed('MED')
scoreDW_OTHER_BAD_TLD 1.5
describe URI_HOST_LOW Host or domain found in URI is listed in the MED list
But not detected the TLD .TK
From: en...@enviando.tk
To: user@domain
pts rule name description
-- --
4.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.]
-0.0 SPF_PASS SPF: sender matches SPF record
1.4 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.]
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNEDMessage has a DKIM or DK signature, not
necessarily valid
0.8 RDNS_NONE Delivered to internal network by a host with no
rDNS
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
X-Spam-Threshold: 60
X-Spam-Status: Yes
Subject: test
Regards.!!!
