On Wed, 18 Jan 2017 11:13:20 -0600 Ken Johnson wrote: > Hi, > > I would like to write a rule to compare the rDNS lookup of the > sender's IP address to a regular expression. I have written super > simple URI rules for /etc/spamassassin/local.cf (Debian Linux system) > like this: > > uri LOCAL_AWSURI /.*amazonaws\.com/ > score LOCAL_AWSURI 2.6 > describe LOCAL_AWSURI Links to site at amazonaws.com > > which work as expected. But my Google searches for examples or > discussion must be the wrong search terms, as the search results are > about other topics, not the one I want. > > Can someone provide an example or point me toward documentation of > how to write such a rule?
It depends on what you are trying to, but all of the following look for a hostname on example.com. header LOCAL_TEST1 X-Spam-Relays-External =~ /^[^\]]+ rdns=\S+\.example\.com /i header LOCAL_TEST2 X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=\S+\.example\.com /i header LOCAL_TEST3 X-Spam-Relays-Untrusted =~ / rdns=\S+\.example\.com /i LOCAL_TEST1 looks the last-external rDNS which is suitable for positive scoring rules that can't safely be run deeply. LOCAL_TEST2 looks at the first-trusted rDNS which is suitable for negative scoring rules where you don't want to allow forged headers to be used. LOCAL_TEST3 is for positive-scoring tests that can safely run deeply (on any relay outside your trusted network). X-Spam-Relays-External and X-Spam-Relays-Untrusted are pseudo-headers that are constructed from information parsed out of the received headers. You don't have to add either to use them, but it's worth doing so just to see what they are like.
