On 1/31/2017 10:45 AM, Zinski, Steve wrote:
Hello, I have a problem that I hope someone can help me with.
I’m trying to write a custom rule to block a certain type of spam.
When I view the message source, the very last lines of the spam look
like this:
</table>
<img
src="http://trc.spammersdomain.com/redirect.php?email=redac...@richmond.edu">
</body>
</html>
Every single rule that I’ve written fails to detect that redirect.php
URI. I’ve even tried a rule that simply reads:
Full my_rule /redirect/is
Score my_rule 10.0
No match. I’ve tried full, rawbody, uri, and body, all to no avail.
I’ve even shortened the search string to “redi” (it’s a unique word)
and still no match. I’ve been writing rules for many years and this is
the first time I’ve seen this behavior. Any ideas?
So I use some old school methods for custom rule development.
I always use my initials and then I like to use mutt as my mail client
and bind ctrl y (as in why is this spam) with something like this:
macro index \cy "<pipe-message>spamassassin -t -D 2>&1 | grep -e KAM -e
Content\\ analysis<enter>\n" "Test Message with Apache SpamAssassin for KAM"
mutt is very old school and let's me see if the message format is
something odd. Perhaps the issue you are seeing. Throw the email up on
pastebin in mbox format and I'll tell you what I see at least.
Regards,
KAM