Text => Rule
---- ----
1) Received: from [109.42.168.192] by 24.193.45.130 with HTTP => Received =~ /with HTTP/i
That works..
2) Subject: ?ISO-8859-1? => Subject =~ /(ISO-8859|iso-8859)/ (score = 3.0)
Won't work.. that's a character encoding tag which will be decoded normally, use Subject:raw =~ instead.
NEVER use | to get character insensitive searches unless you explicitly do not want to match mixed-case versions.. just append i after the last slash. I can't see any reason to waste CPU time looking for ISO or iso, when really a single case-insensitive search for iso will work fine.
I'd also suggest including the ?'s, but you need to precede them with a \ to prevent them from being interpreted as part of the regex.
Improved rule:
Subject:raw =~ /\?ISO-8859\?/i3) X-Authentication-Warning: iwdwgt vbwss kiyixtg => exists:X-Authentication-Warning (score 2.75)
Valid, but I would NOT give this such a high score.. lots of nonspam mail has these warnings. ie: my monthly MCI bill has such a warning, some people who email me generate one too.
Are the above correct?
Mostly
Will I bounce legit mail with it?
I'd really recommend running these rules in a "test phase" with scores no greater than 1.0.. after you've seen what they do and do not match on, you can bump the score up.
I also prescribe a dose of reading the rule-writing guide:
http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
