You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Niamh Holding <ni...@fullbore.co.uk> on 2022/04/02 17:09:20 UTC
sub-test syntax
Hello
Will this work to check 2 ip address responses, or do I have to write separate ruled for 127.0.0.2 & 127.0.0.6
header __NH_HOLTRBL_X1 eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.(2|6)')
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: sub-test syntax
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2022-04-04 at 01:45 +0200, Matija Nalis wrote:
> On Mon, Apr 04, 2022 at 12:19:23AM +0100, Martin Gregorie wrote:
> > For instance, I whitelist any email sender who I've previously sent
> > mail
> > to. To do this I maintain am email archive held in a PostgreSQL
> > database and wrote an SA plugin that searches the archive for any
> > message(s) I've previously sent to the sender of the message being
> > checked: if I've sent mail to them they get whitelisted.
>
> That sounds interesting, is it published somewhere?
>
https://www.libelle-systems.com/mailarchive/
The mail archive schema may suit you or not, but that's not very
important since the SA plugin uses an SQL view to check whether I've
ever sent mail to the sender of a message I've received: if you don't
want a mail archive you could use a single table database with
the table containing same columns and indices as my SQL View.
More important points:
- I use Postscript's BCC facility to send copies of every mail I send
or receive to a mail queue and a daily cron job to load the contents
of this queue into the database.
- The loader program is written in Java and will need modification (read
simplification) if you don't want a mail archive. In this case I
assume that you'd replace the SQL View with an equivalent table as
described above and rewrite the MAloader program so that it only adds
unrecorded outbound mail addresses to the new table.
- The loader and a couple of interactive programs are also written in
Java. These:
- search the database and optionally send copies of archived mail to
a nominated local MUA
- remove unwanted mail from the database
These are not needed if you don't want a mail archive.
- I retrieve mail from my inbox at my ISP using getmail plus a small
C program which passes mail to SA, accepts the mail as returned by MA
and uses the spam score to decide whether to quarentine it or pass it
to Postfix for delivery. You don't need to use getmail if you let your
local MTA retrieve mail from your ISP, but you'd still want to run a
local MTA, preferably Postfix, so it can pass incoming mail though SA,
quarentine of discard spam and you can use its BCC facility to send
copies of incoming and outgoing mail to the loader's input queue.
- Postfix delivers outgoing mail directly to my ISP's outbox.
Martin
Re: sub-test syntax
Posted by Matija Nalis <mn...@voyager.hr>.
On Mon, Apr 04, 2022 at 12:19:23AM +0100, Martin Gregorie wrote:
> For instance, I whitelist any email sender who I've previously sent mail
> to. To do this I maintain am email archive held in a PostgreSQL
> database and wrote an SA plugin that searches the archive for any
> message(s) I've previously sent to the sender of the message being
> checked: if I've sent mail to them they get whitelisted.
That sounds interesting, is it published somewhere?
--
Opinions above are GNU-copylefted.
Re: sub-test syntax
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2022-04-04 at 00:13 +0200, Matija Nalis wrote:
> On Sun, Apr 03, 2022 at 10:06:51AM +0100, Niamh Holding wrote:
> > Hello Matija,
> > Saturday, April 2, 2022, 7:12:42 PM, you wrote:
> >
> > MN> grep -r check_rbl_sub /var/lib/spamassassin
> > MN> for examples of what's possible and how (e.g. 25_dnswl.cf)
> >
> > Looking there I see nothing equivalent to alternates like in
> > ordinary regexes (2|6) for 2 or 6
>
> It shows how command must look to be able to correctly use regexes
> there (instead of plain string).
>
> "grep" command above should've returned more examples for you...
>
Using 'grep -P ' is better because it forces grep to use Perl regex
notation - SA is written in Perl so uses Perl regular expression (regex)
syntax.
If you want to write your own SA rules its also a good idea to have a
copy of the 'Camel Book' ("Programing PERL" by Wall, Christiansen and
Orwant, pub. O'Reilly) because SA is written in Perl. his means it uses
the Perl dialect of regex expressions, and the book will also help a lot
if/when you want to write your own SA plugins.
For instance, I whitelist any email sender who I've previously sent mail
to. To do this I maintain am email archive held in a PostgreSQL
database and wrote an SA plugin that searches the archive for any
message(s) I've previously sent to the sender of the message being
checked: if I've sent mail to them they get whitelisted.
> Then you can use similar principle to look for any other things you
> want to accomplish in the future, simply by looking how others have
> used it. That's why I provided it that way instead of simple
> copy/pasting the
> final result.
>
Good advice.
Martin
Re: sub-test syntax
Posted by Matija Nalis <mn...@voyager.hr>.
On Mon, Apr 04, 2022 at 07:45:02AM +0100, Niamh Holding wrote:
> Hello Matija,
> Sunday, April 3, 2022, 11:13:13 PM, you wrote:
>
> MN> For closer example to yours requirements then, perhaps look into 72_active.cf
> MN> regex for RCVD_IN_IADB_LISTED
>
> So you suggest [26] instead of (2|6)
I suggest you have to use *all* parts of the syntax as shown in that
example, not *only* character class [26].
Otherwise (for example if you do not escape the dots, or don't add
beggining/end anchors, etc), you're likely NOT going to be matching
correctly.
--
Opinions above are GNU-copylefted.
Re: sub-test syntax
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Matija,
Sunday, April 3, 2022, 11:13:13 PM, you wrote:
MN> For closer example to yours requirements then, perhaps look into 72_active.cf
MN> regex for RCVD_IN_IADB_LISTED
So you suggest [26] instead of (2|6)
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: sub-test syntax
Posted by Matija Nalis <mn...@voyager.hr>.
On Sun, Apr 03, 2022 at 10:06:51AM +0100, Niamh Holding wrote:
> Hello Matija,
> Saturday, April 2, 2022, 7:12:42 PM, you wrote:
>
> MN> grep -r check_rbl_sub /var/lib/spamassassin
> MN> for examples of what's possible and how (e.g. 25_dnswl.cf)
>
> Looking there I see nothing equivalent to alternates like in ordinary regexes (2|6) for 2 or 6
It shows how command must look to be able to correctly use regexes there (instead of plain string).
"grep" command above should've returned more examples for you...
Then you can use similar principle to look for any other things you
want to accomplish in the future, simply by looking how others have used it.
That's why I provided it that way instead of simple copy/pasting the final result.
For closer example to yours requirements then, perhaps look into 72_active.cf
regex for RCVD_IN_IADB_LISTED
--
Opinions above are GNU-copylefted.
Re: sub-test syntax
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Matija,
Saturday, April 2, 2022, 7:12:42 PM, you wrote:
MN> grep -r check_rbl_sub /var/lib/spamassassin
MN> for examples of what's possible and how (e.g. 25_dnswl.cf)
Looking there I see nothing equivalent to alternates like in ordinary regexes (2|6) for 2 or 6
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: sub-test syntax
Posted by Matija Nalis <mn...@voyager.hr>.
On Sat, Apr 02, 2022 at 06:09:20PM +0100, Niamh Holding wrote:
> Will this work to check 2 ip address responses, or do I have to write separate ruled for 127.0.0.2 & 127.0.0.6
>
> header __NH_HOLTRBL_X1 eval:check_rbl_sub('holtrbl-lastexternal','127.0.0.(2|6)')
You can do it one rule, but you have to learn to use correct regexses for check_rbl_sub().
Do a:
grep -r check_rbl_sub /var/lib/spamassassin
for examples of what's possible and how (e.g. 25_dnswl.cf)
--
Opinions above are GNU-copylefted.