You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2006/12/22 11:16:13 UTC

Re: Capturing regular expression while testing new rule?

Theo Van Dinter writes:
> On Thu, Dec 21, 2006 at 06:09:23PM -0700, Kelly Jones wrote:
> > Many people write test rules w/ small negative scores like this:
> > header SUBJ_FOO_BAR_TEST Subject =~ /foo.*bar/
> 
> Really?  Why would you write a rule like that?
> 
> > header SUBJ_FOO_BAR_TEST Subject =~ /foo(.*)bar/
> > will the parentheses capture and log the $1 match above?
> 
> No.
> 
> > If not, how can I log the string a given rule matches?
> 
> Short of writing your own plugin/code, you can't.
> 
> > Can I log the psuedo-headers X-Spam-Relays-Trusted and
> > X-Spam-Relays-Untrusted?
> 
> If you write code.

Actually, if you run with -D, like:
    
    spamassassin -D -Lt < spam.txt

part of the debug output is

1. the Relays-Trusted etc lines

[17124] dbg: metadata: X-Spam-Relays-Trusted:
[17124] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=121.36.138.28 rdns= helo=121.36.138.28 by=dogma.boxhost.net ident= envfrom= intl=0 id=E1913310090 auth= ]
[17124] dbg: metadata: X-Spam-Relays-Internal:
[17124] dbg: metadata: X-Spam-Relays-External: [ ip=121.36.138.28 rdns= helo=121.36.138.28 by=dogma.boxhost.net ident= envfrom= intl=0 id=E1913310090 auth= ]


2. the parts of the message text that caused any body rules
to fire:

[17124] dbg: rules: ran body rule T__FRAUD_DBI_7 ======> got hit: "$19000 M"
[17124] dbg: rules: ran body rule __KAM_NUMBER2 ======> got hit: "2007"
[17124] dbg: rules: ran body rule T__FRAUD_DBI_3 ======> got hit: "$19000 M"
[17124] dbg: rules: ran body rule T__FRAUD_DBI ======> got hit: "$19000 M"
[17124] dbg: rules: ran body rule T__FRAUD_DBI_4 ======> got hit: "$19000 M"
[17124] dbg: rules: ran body rule T__FRAUD_DBI_1 ======> got hit: "$19000 M"
[17124] dbg: rules: ran body rule T__FRAUD_DBI_5 ======> got hit: "$19000 M"
[17124] dbg: rules: ran body rule __HAS_ANY_EMAIL ======> got hit: "a@37.c"
[17124] dbg: rules: ran body rule T__FRAUD_DBI_2 ======> got hit: "$19000 M"
[17124] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "�"
[17124] dbg: rules: ran body rule __HIGHBITS ======> got hit: "��������"
[17124] dbg: rules: ran body rule __DRUGS_SLEEP2 ======> got hit: " Sonata "


--j.

Re: Capturing regular expression while testing new rule?

Posted by Theo Van Dinter <fe...@apache.org>.

On Fri, Dec 22, 2006 at 10:16:13AM +0000, Justin Mason wrote:
> Actually, if you run with -D, like:
>     spamassassin -D -Lt < spam.txt
> part of the debug output is
> 1. the Relays-Trusted etc lines
> 2. the parts of the message text that caused any body rules
> to fire:

Right, so true, one thing I missed is running spamd in debug mode and likely
specifying the channels you want to see, and then that stuff would get sent to
syslog.

My thought when previously answering was about only logging at very specific
points (ie: just the text in between the words in the rule, not the results
from all rules, etc,) which would require code of some form.

-- 
Randomly Selected Tagline:
Are you a turtle?