After a week, i'm finally getting to grips with MS and spam assisin, however, could anyone suggest a custom SA rule to score these.
We get a number of spam where the from field contains a valid user with = followed by domainand @
eg: anyword-user=mydomain.co.uk@spammersdomain.com
Basically I'm looking to add a score if the 'from field' contains the exact phrase '=mydomain.co.uk@'
can anyone suggest a custom SA rule
Re: can anyone suggest a custom SA rule
example headers from one of the emails
Received: from mail208.atl61.xxxx.net ([xxx.xx.xxx.xxx]:20649)
by my.server.co.uk with esmtp (Exim 4.89)
(envelope-from <bounce-mc.us4_8899577.1056541-sales=mydomain.co.uk@mail208.atl61.xxxx.net>)
id 1dLVyp-0001AS-3Z
Received: from mail208.atl61.xxxx.net ([xxx.xx.xxx.xxx]:20649)
by my.server.co.uk with esmtp (Exim 4.89)
(envelope-from <bounce-mc.us4_8899577.1056541-sales=mydomain.co.uk@mail208.atl61.xxxx.net>)
id 1dLVyp-0001AS-3Z
Re: can anyone suggest a custom SA rule
this seems to work
header MY_RULE_NAME Received =~ /bounce/
score MY_RULE_NAME 1..0
I'm still experimenting with a domain name
header MY_RULE_NAME Received =~ /bounce/
score MY_RULE_NAME 1..0
I'm still experimenting with a domain name
Re: can anyone suggest a custom SA rule
I'm still struggling with this one if anyone can help at all.
(envelope-from <bounce-mc.us4_8899577.1056541-sales=mydomain.co.uk@mail208.atl61.xxxx.net>)
I'm looking to score this phrase "sales=mydomain.co.uk@"
I see a rule in SA which may do the trick if I could get the rejex right.
header LOCAL_DEMONSTRATION_ALL ALL =~ /test\.com/i
score LOCAL_DEMONSTRATION_ALL 0.1
(envelope-from <bounce-mc.us4_8899577.1056541-sales=mydomain.co.uk@mail208.atl61.xxxx.net>)
I'm looking to score this phrase "sales=mydomain.co.uk@"
I see a rule in SA which may do the trick if I could get the rejex right.
header LOCAL_DEMONSTRATION_ALL ALL =~ /test\.com/i
score LOCAL_DEMONSTRATION_ALL 0.1
Re: can anyone suggest a custom SA rule
After a number of experiments and waiting for these emails to arrive, I may have figured it out.
Just in case anyone else needs this, this is what I came up with.
header FROM_YOURRULENAME ALL =~ /mydomain\.co\.uk@/i
score FROM_YOURRULENAME 0.1
Giving it a very low score for testing purposes.
Just in case anyone else needs this, this is what I came up with.
header FROM_YOURRULENAME ALL =~ /mydomain\.co\.uk@/i
score FROM_YOURRULENAME 0.1
Giving it a very low score for testing purposes.
Re: can anyone suggest a custom SA rule
Hi, Keat63.
SA rules have a lot of futures that make them to run faster or slow when you check the email.
If you want to check for a FROM domain or email address the best way on doing this is to use "From:" instead of "All", The reason is very simple, FROM will check only that, header while ALL will check all headers in a message and make that more time consuming for your server.
The rule that you want will be better as:
header FROM_YOURRULENAME From: =~ /mydomain\.co\.uk@/i
score FROM_YOURRULENAME 0.1
describe FROM_YOURRULENAME Blocked domain
The "describe" section is optional but I like to use in all my SA rules as MailScanner will save that info to show what rule has been triggered.
Sergio
SA rules have a lot of futures that make them to run faster or slow when you check the email.
If you want to check for a FROM domain or email address the best way on doing this is to use "From:" instead of "All", The reason is very simple, FROM will check only that, header while ALL will check all headers in a message and make that more time consuming for your server.
The rule that you want will be better as:
header FROM_YOURRULENAME From: =~ /mydomain\.co\.uk@/i
score FROM_YOURRULENAME 0.1
describe FROM_YOURRULENAME Blocked domain
The "describe" section is optional but I like to use in all my SA rules as MailScanner will save that info to show what rule has been triggered.
Sergio