Can anyone help me with the format of custom rules
in /etc/mail/spamassassin/local.cf? The perldoc
Mail::SpamAssassin::Conf page says:
header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset:
STRING]
Define a test. "SYMBOLIC_TEST_NAME" is a symbolic test name,
such as
'FROM_ENDS_IN_NUMS'. "header" is the name of a mail header,
such as 'Sub-
ject', 'To', etc.
Appending ":raw" to the header name will inhibit decoding of
quoted-printable
or base-64 encoded strings.
Appending ":addr" to the header name will cause everything
except the first
email address to be removed from the header. For example,
all of the follow-
ing will result in "[EMAIL PROTECTED]":
[EMAIL PROTECTED]
[EMAIL PROTECTED] (Foo Blah)
*)$/i
header SYMBOLIC_TEST_NAME header op /pattern/modifiers [if-unset:
STRING]
Define a test. "SYMBOLIC_TEST_NAME" is a symbolic test name, such
as
'FROM_ENDS_IN_NUMS'. "header" is the name of a mail header, such
as 'Sub-
ject', 'To', etc.
Appending ":raw" to the header name will inhibit decoding of
quoted-printable
or base-64 encoded strings.
Appending ":addr" to the header name will cause everything except
the first
email address to be removed from the header. For example, all of
the follow-
ing will result in "[EMAIL PROTECTED]":
[EMAIL PROTECTED]
[EMAIL PROTECTED] (Foo Blah)
[EMAIL PROTECTED], [EMAIL PROTECTED]
display: [EMAIL PROTECTED] (Foo Blah), [EMAIL PROTECTED] ;
Foo Blah <[EMAIL PROTECTED]>
"Foo Blah" <[EMAIL PROTECTED]>
"'Foo Blah'" <[EMAIL PROTECTED]>
Appending ":name" to the header name will cause everything except
the first
real name to be removed from the header. For example, all of the
following
will result in "Foo Blah"
[EMAIL PROTECTED] (Foo Blah)
[EMAIL PROTECTED] (Foo Blah), [EMAIL PROTECTED]
display: [EMAIL PROTECTED] (Foo Blah), [EMAIL PROTECTED] ;
Foo Blah <[EMAIL PROTECTED]>
"Foo Blah" <[EMAIL PROTECTED]>
"'Foo Blah'" <[EMAIL PROTECTED]>
There are several special pseudo-headers that can be specified:
"ALL" can be used to mean the text of all the message's headers.
"ToCc" can be used to mean the contents of both the 'To' and 'Cc'
headers.
"EnvelopeFrom" is the address used in the 'MAIL FROM:' phase of
the SMTP
transaction that delivered this message, if this data has been
made available
by the SMTP server.
"MESSAGEID" is a symbol meaning all Message-Id's found in the
message; some
mailing list software moves the real 'Message-Id' to
'Resent-Message-Id' or
'X-Message-Id', then uses its own one in the 'Message-Id' header.
The value
returned for this symbol is the text from all 3 headers, separated
by new-
lines.
"op" is either "=~" (contains regular expression) or "!~" (does
not contain
regular expression), and "pattern" is a valid Perl regular
expression, with
"modifiers" as regexp modifiers in the usual style. Note that
multi-line
rules are not supported, even if you use "x" as a modifier. Also
note that
the "#" character must be escaped ("\#") or else it will be
considered to be
the start of a comment and not part of the regexp.
If the "[if-unset: STRING]" tag is present, then "STRING" will be
used if the
header is not found in the mail message.
Test names should not start with a number, and must contain only
alphanumer-
ics and underscores. It is suggested that lower-case characters
not be used,
and names have a length of no more than 22 characters, as an
informal conven-tion. Dashes are not allowed.
Note that test names which begin with '__' are reserved for
meta-match
sub-rules, and are not scored or listed in the 'tests hit'
reports. Test
names which begin with 'T_' are reserved for tests which are
undergoing QA,
and these are given a very low score.
If you add or modify a test, please be sure to run a sanity check
afterwards
by running "spamassassin --lint". This will avoid confusing error
messages,
or other tests being skipped as a side-effect.
This wasn't very helpful, and the example did not provide enough
information, but I decided to try it anyway. We get frequent spam
emails with the subject "The Ultimate Online Pharmacy". I put a new
rule in /etc/mail/spamassassin/local.cf:
header ULTIMATE_ONLINE_PHARMACY Subject ~= /The Ultimate Online
Pharmacy/
I happened to have one of these spammish emails in my inbox, so I ran
spamassassin -tD < /var/spool/mail/michael | more
It took awhile (I took a shower while it was running) and when I came
back it had finished, but it had not flagged the email as spam. How do
I format the rules to block particular strings of text?
--
gentoo-user@gentoo.org mailing list
