You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Pete Russell <pe...@enitech.com.au> on 2007/04/03 16:37:25 UTC
How would i write this rule?
We have a parent company that uses a completely different domain name.
We are on the same network (and therefore trusted_networks).
Some of the users in sub company have email addresses in the parwent
company and these are forwarded to email acocunts in the sub company.
When spam is sent the parent company email address they ahve a rule of
not scanning for spam, it is then forwarded onto the sub companys
gateway and scanned - but since its from a trusted network none of the
network tests fire and we end up with heaps of spam being forwarded.
The from address one these spam is always an external one.
I have no control over the mail routing affairs. I have to deal with the
mail that arrives at the sub company.
How do i write a rule that says;
if mail is recieved from parent company email gateway/s AND the from
address is not from the parent company domain THEN give XX score.
Appreciate any help/tips/suggestions
Many thanks
Pete
Re: How would i write this rule?
Posted by Adam Lanier <ad...@krusty.madoff.com>.
Peter Russell wrote:
>
> Sorry last question - seems the parent company is doing spam checks
> and adds the spam score to the headers.
>
> How could i add/change the second condition for a spam score greater
> than 10.00 ?
>
> the header is X-Spam-Score: *********** (11.507)
>
> Many thanks
> Pete
To ask the obvious question, why are you doing spam checks if the
upstream relay is also doing them?
Based on my performance yesterday, there's almost assuredly something
wrong with the following but...
header __HIGH_SA_SCORE X-Spam-Score =~ /\*{10,}/
meta SPAM_FROM_RELAY __GATEWAY_RELAY && __NOT_PAR_DOMAIN &&
__HIGH_SA_SCORE
Re: How would i write this rule?
Posted by Peter Russell <pe...@enitech.com.au>.
adam lanier wrote:
> On Tue, 2007-04-03 at 16:06 +0000, Duane Hill wrote:
>> On Tue, 3 Apr 2007, adam lanier wrote:
>> Shouldn't it be:
>>
>> From !~ /\@mydomain\.com$/i
>>
>>> meta SPAM_FROM_RELAY __GATEWAY_RELAY && __NOT_PAR_DOMAIN
>
> yep, i'm 0 for 2 today, time to keep quiet.
Sorry last question - seems the parent company is doing spam checks and
adds the spam score to the headers.
How could i add/change the second condition for a spam score greater
than 10.00 ?
the header is X-Spam-Score: *********** (11.507)
Many thanks
Pete
Re: How would i write this rule?
Posted by adam lanier <ad...@krusty.madoff.com>.
On Tue, 2007-04-03 at 16:06 +0000, Duane Hill wrote:
> On Tue, 3 Apr 2007, adam lanier wrote:
> Shouldn't it be:
>
> From !~ /\@mydomain\.com$/i
>
> > meta SPAM_FROM_RELAY __GATEWAY_RELAY && __NOT_PAR_DOMAIN
yep, i'm 0 for 2 today, time to keep quiet.
Re: How would i write this rule?
Posted by Duane Hill <d....@yournetplus.com>.
On Tue, 3 Apr 2007, adam lanier wrote:
> On Wed, 2007-04-04 at 00:37 +1000, Pete Russell wrote:
>>
>> How do i write a rule that says;
>>
>> if mail is recieved from parent company email gateway/s AND the from
>> address is not from the parent company domain THEN give XX score.
>
> Something like?
>
> header __GATEWAY_RELAY Received =~ /\[111\.222\.333\]/
> header__NOT_PAR_DOMAIN From =! /\@mydomain\.com$/i
Shouldn't it be:
From !~ /\@mydomain\.com$/i
> meta SPAM_FROM_RELAY __GATEWAY_RELAY && __NOT_PAR_DOMAIN
>
>
>
Re: How would i write this rule?
Posted by adam lanier <ad...@krusty.madoff.com>.
On Wed, 2007-04-04 at 00:55 +1000, Pete Russell wrote:
>
> adam lanier wrote:
> > On Wed, 2007-04-04 at 00:37 +1000, Pete Russell wrote:
> >> How do i write a rule that says;
> > header __GATEWAY_RELAY Received =~ /\[111\.222\.333\]/
> so in this line the ip address is only the 1st 3 sections. Will it match
> anything in the 4th? eg 111.222.333.xxx?
>
> > header__NOT_PAR_DOMAIN From =! /\@mydomain\.com$/i
> I know . are important in regexp, the domain is .com.au can i just
> change the above line to /\@mydomain\.com.au$/i
>
> > meta SPAM_FROM_RELAY __GATEWAY_RELAY && __NOT_PAR_DOMAIN
> and score SPAM_FROM_RELAY 5 ?
> >
Sorry, trying to dash off a response while doing ten other things.
The ip address should probably match exactly if you only have one relay
machine:
header __GATEWAY_RELAY Received =~ /\[111\.222\.333\.444\]/
If you have multiple relays/ip addresses:
header __GATEWAY_RELAY Received =~ /(?:\[111\.222\.333\]|\[444\.555\.666
\.777\])/
You should probably escape all the '.' in a domain literal just to be
safe:
/\@my\.domain\.com\.au$/i
Re: How would i write this rule?
Posted by Pete Russell <pe...@enitech.com.au>.
adam lanier wrote:
> On Wed, 2007-04-04 at 00:37 +1000, Pete Russell wrote:
>> How do i write a rule that says;
>>
>> if mail is recieved from parent company email gateway/s AND the from
>> address is not from the parent company domain THEN give XX score.
>
> Something like?
>
> header __GATEWAY_RELAY Received =~ /\[111\.222\.333\]/
so in this line the ip address is only the 1st 3 sections. Will it match
anything in the 4th? eg 111.222.333.xxx?
> header__NOT_PAR_DOMAIN From =! /\@mydomain\.com$/i
I know . are important in regexp, the domain is .com.au can i just
change the above line to /\@mydomain\.com.au$/i
> meta SPAM_FROM_RELAY __GATEWAY_RELAY && __NOT_PAR_DOMAIN
and score SPAM_FROM_RELAY 5 ?
>
>
many thanks for taking the time to response in that much detail for me.
Regards
Pete
Re: How would i write this rule?
Posted by adam lanier <ad...@krusty.madoff.com>.
On Wed, 2007-04-04 at 00:37 +1000, Pete Russell wrote:
>
> How do i write a rule that says;
>
> if mail is recieved from parent company email gateway/s AND the from
> address is not from the parent company domain THEN give XX score.
Something like?
header __GATEWAY_RELAY Received =~ /\[111\.222\.333\]/
header__NOT_PAR_DOMAIN From =! /\@mydomain\.com$/i
meta SPAM_FROM_RELAY __GATEWAY_RELAY && __NOT_PAR_DOMAIN