You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Joey J <ja...@gmail.com> on 2023/04/28 15:04:23 UTC
Assistance with rule
Hello all,
I have this rule which I thought looked good, but doesn't seem to ever kick
in.
header FROM_TEST_IP_AND_EMAIL From =~ /sender@sender\.com/i && Received =~
/from 138\.193\.30\.7/
score FROM_TEST_IP_AND_EMAIL -8.0
I was hoping to find the senders email address, then if it's found, see the
sending IP, if that matches gives a negative score.
Is there a better way?
Also is there some kind of rule tester you can use where you put a rule,
put some headers and see what it evaluates?
--
Thanks!
Joey
Re: Assistance with rule
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 28.04.23 12:11, Joey J wrote:
>I haven't written many of these with Meta, but wanted to make sure how this
>works.
>If the meta FROM_TEST from FROM_TEST_EMAIL && FROM_TEST_IP is false, does
>that mean the next line score will not be added/executed?
>In my mind, I feel like (top down logic ) the score will happen all the
>time.
>
>Also, does this look like the right idea?
>
>Thanks!!
>
>header FROM_TEST_EMAIL From =~ /user@test\.com/i
>header FROM_TEST_IP Received =~ /from 1\.2\.3\.4/i
>meta FROM_TEST from FROM_TEST_EMAIL && FROM_TEST_IP
>score FROM_TEST -1.0
giving negative score to any rule based on headers than can be faked is a
bad idea.
That's why I advised using X-Spam-Relays-Trusted header (maybe
X-Spam-Relays-Internal)
FROM_TEST_EMAIL and FROM_TEST_IP have both default positive score 1.0.
you should perhaps use __FROM_TEST_EMAIL and __FROM_TEST_IP instead
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.
Re: Assistance with rule
Posted by Joey J <ja...@gmail.com>.
I haven't written many of these with Meta, but wanted to make sure how this
works.
If the meta FROM_TEST from FROM_TEST_EMAIL && FROM_TEST_IP is false, does
that mean the next line score will not be added/executed?
In my mind, I feel like (top down logic ) the score will happen all the
time.
Also, does this look like the right idea?
Thanks!!
header FROM_TEST_EMAIL From =~ /user@test\.com/i
header FROM_TEST_IP Received =~ /from 1\.2\.3\.4/i
meta FROM_TEST from FROM_TEST_EMAIL && FROM_TEST_IP
score FROM_TEST -1.0
On Fri, Apr 28, 2023 at 11:48 AM Matus UHLAR - fantomas <uh...@fantomas.sk>
wrote:
> On 28.04.23 11:04, Joey J wrote:
> >I have this rule which I thought looked good, but doesn't seem to ever
> kick
> >in.
>
> >header FROM_TEST_IP_AND_EMAIL From =~ /sender@sender\.com/i && Received
> =~ /from 138\.193\.30\.7/
>
> >I was hoping to find the senders email address, then if it's found, see
> the
> >sending IP, if that matches gives a negative score.
> >
> >Is there a better way?
> >
> >Also is there some kind of rule tester you can use where you put a rule,
> >put some headers and see what it evaluates?
>
> you must create two separate rules and a meta rule for that.
>
> I also recommend using X-Spam-Relays-Trusted pre-paresed pseudo-header:
>
> https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Conf.html
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> You have the right to remain silent. Anything you say will be misquoted,
> then used against you.
>
--
Thanks!
Joey
Re: Assistance with rule
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 28.04.23 11:04, Joey J wrote:
>I have this rule which I thought looked good, but doesn't seem to ever kick
>in.
>header FROM_TEST_IP_AND_EMAIL From =~ /sender@sender\.com/i && Received =~ /from 138\.193\.30\.7/
>I was hoping to find the senders email address, then if it's found, see the
>sending IP, if that matches gives a negative score.
>
>Is there a better way?
>
>Also is there some kind of rule tester you can use where you put a rule,
>put some headers and see what it evaluates?
you must create two separate rules and a meta rule for that.
I also recommend using X-Spam-Relays-Trusted pre-paresed pseudo-header:
https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Conf.html
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you.