Can anyone help me with the format of custom rules in /etc/mail/spamassassin/local.cf? The perldoc Mail::SpamAssassin::Conf page says:
header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset: STRING] Define a test. "SYMBOLIC_TEST_NAME" is a symbolic test name, such as 'FROM_ENDS_IN_NUMS'. "header" is the name of a mail header, such as 'Sub- ject', 'To', etc. Appending ":raw" to the header name will inhibit decoding of quoted-printable or base-64 encoded strings. Appending ":addr" to the header name will cause everything except the first email address to be removed from the header. For example, all of the follow- ing will result in "[EMAIL PROTECTED]": [EMAIL PROTECTED] [EMAIL PROTECTED] (Foo Blah) *)$/i header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset: STRING] Define a test. "SYMBOLIC_TEST_NAME" is a symbolic test name, such as 'FROM_ENDS_IN_NUMS'. "header" is the name of a mail header, such as 'Sub- ject', 'To', etc. Appending ":raw" to the header name will inhibit decoding of quoted-printable or base-64 encoded strings. Appending ":addr" to the header name will cause everything except the first email address to be removed from the header. For example, all of the follow- ing will result in "[EMAIL PROTECTED]": [EMAIL PROTECTED] [EMAIL PROTECTED] (Foo Blah) [EMAIL PROTECTED], [EMAIL PROTECTED] display: [EMAIL PROTECTED] (Foo Blah), [EMAIL PROTECTED] ; Foo Blah <[EMAIL PROTECTED]> "Foo Blah" <[EMAIL PROTECTED]> "'Foo Blah'" <[EMAIL PROTECTED]> Appending ":name" to the header name will cause everything except the first real name to be removed from the header. For example, all of the following will result in "Foo Blah" [EMAIL PROTECTED] (Foo Blah) [EMAIL PROTECTED] (Foo Blah), [EMAIL PROTECTED] display: [EMAIL PROTECTED] (Foo Blah), [EMAIL PROTECTED] ; Foo Blah <[EMAIL PROTECTED]> "Foo Blah" <[EMAIL PROTECTED]> "'Foo Blah'" <[EMAIL PROTECTED]> There are several special pseudo-headers that can be specified: "ALL" can be used to mean the text of all the message's headers. "ToCc" can be used to mean the contents of both the 'To' and 'Cc' headers. "EnvelopeFrom" is the address used in the 'MAIL FROM:' phase of the SMTP transaction that delivered this message, if this data has been made available by the SMTP server. "MESSAGEID" is a symbol meaning all Message-Id's found in the message; some mailing list software moves the real 'Message-Id' to 'Resent-Message-Id' or 'X-Message-Id', then uses its own one in the 'Message-Id' header. The value returned for this symbol is the text from all 3 headers, separated by new- lines. "op" is either "=~" (contains regular expression) or "!~" (does not contain regular expression), and "pattern" is a valid Perl regular expression, with "modifiers" as regexp modifiers in the usual style. Note that multi-line rules are not supported, even if you use "x" as a modifier. Also note that the "#" character must be escaped ("\#") or else it will be considered to be the start of a comment and not part of the regexp. If the "[if-unset: STRING]" tag is present, then "STRING" will be used if the header is not found in the mail message. Test names should not start with a number, and must contain only alphanumer- ics and underscores. It is suggested that lower-case characters not be used, and names have a length of no more than 22 characters, as an informal conven-tion. Dashes are not allowed. Note that test names which begin with '__' are reserved for meta-match sub-rules, and are not scored or listed in the 'tests hit' reports. Test names which begin with 'T_' are reserved for tests which are undergoing QA, and these are given a very low score. If you add or modify a test, please be sure to run a sanity check afterwards by running "spamassassin --lint". This will avoid confusing error messages, or other tests being skipped as a side-effect. This wasn't very helpful, and the example did not provide enough information, but I decided to try it anyway. We get frequent spam emails with the subject "The Ultimate Online Pharmacy". I put a new rule in /etc/mail/spamassassin/local.cf: header ULTIMATE_ONLINE_PHARMACY Subject ~= /The Ultimate Online Pharmacy/ I happened to have one of these spammish emails in my inbox, so I ran spamassassin -tD < /var/spool/mail/michael | more It took awhile (I took a shower while it was running) and when I came back it had finished, but it had not flagged the email as spam. How do I format the rules to block particular strings of text? -- gentoo-user@gentoo.org mailing list