You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Christian Nygaard <ch...@gmail.com> on 2007/10/24 17:54:59 UTC

Received from rule?

How do I write a local spamassassin rule that matches received from header
mail?.example.com . I've tried
writing a header matching rule but it doesnt seem to work. Can you show a
short example
of a working header matching rule for received from?

Received: from mail3.example.com

Kind regards,
Christian

Re: Received from rule?

Posted by "Mr. Gus" <mr...@disco-zombie.net>.

Christian Nygaard wrote:
> How do I write a local spamassassin rule that matches received from 
> header mail?.example.com . I've tried
> writing a header matching rule but it doesnt seem to work. Can you show 
> a short example
> of a working header matching rule for received from?
> 
> Received: from mail3.example.com <http://mail3.example.com>

Something like

header	HappyRuleName	Received =~ /mail\d\.example\.com/i

or

header	HappyRuleName	Received =~ /^from mail\d+\.example\.com/i

?

-- 
Gus

Re: Received from rule?

Posted by Matt Kettler <mk...@verizon.net>.

Christian Nygaard wrote:
> How do I write a local spamassassin rule that matches received from
> header mail?.example.com . I've tried
> writing a header matching rule but it doesnt seem to work. Can you
> show a short example
> of a working header matching rule for received from?
>
> Received: from mail3.example.com <http://mail3.example.com>

Adam Lanier and Mr Gus already posted working rule examples.

Might I also suggest reading the Wiki article on basic rule writing? It 
covers a lot of stuff that may be helpful.

http://wiki.apache.org/spamassassin/WritingRules

Disclaimer: I wrote a lot of the text here, so I've got some personal
bias. However, I think it would be helpful to you.

Re: Received from rule?

Posted by Christian Nygaard <ch...@gmail.com>.

Thanks for all helpful replies regarding writing the header rule!

You are very right Karsten in what was the issue!

header FROM_EXAMPLE_COM         Received =~ /from mail3\.example\.com/i

The ? mark was the issue, I replaced that with a . and now things works much
better.

Greets,
Chris

On 10/24/07, Karsten Bräckelmann <gu...@rudersport.de> wrote:
>
>
>
>
> In RE syntax, the question mark means "optional". Thus, a SA rule
> containing "mail?" will match "mai" or "mail", but it will *not* match
> "mail3"...
>
>
>

Re: Received from rule?

Posted by Karsten Bräckelmann <gu...@rudersport.de>.

On Wed, 2007-10-24 at 17:54 +0200, Christian Nygaard wrote:
> How do I write a local spamassassin rule that matches received from
> header mail?.example.com . I've tried writing a header matching rule
         ^^^^^^^^^^^^^^^^^
>  but it doesnt seem to work. Can you show a short example of a working
> header matching rule for received from? 
> 
> Received: from mail3.example.com
                 ^^^^^^^^^^^^^^^^^

Just a guess, since you failed to paste any example of the rules you
tried already -- however, given the above, I guess the reason your rules
didn't match is, cause you confused wildcards for REs.

In RE syntax, the question mark means "optional". Thus, a SA rule
containing "mail?" will match "mai" or "mail", but it will *not* match
"mail3"...

Maybe this will help writing your custom rules, in addition to the
already posted examples.

Also, you're not trying to create some rules to subtract points for
trusted SMTP relays, are you? In that case, you should have a look at
the trusted_networks option instead, I guess.

  guenther

-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Received from rule?

Posted by Adam Lanier <ad...@krusty.madoff.com>.

On Wed, 2007-10-24 at 17:54 +0200, Christian Nygaard wrote:
> How do I write a local spamassassin rule that matches received from
> header mail?.example.com . I've tried
> writing a header matching rule but it doesnt seem to work. Can you
> show a short example
> of a working header matching rule for received from? 
> 
> Received: from mail3.example.com

header   MADF_T2MR3		Received =~ /t2mr3\.com/i

or if you wanted to match the literal 'from' as well:

header FROM_EXAMPLE_COM		Received =~ /from mail3\.example\.com/i

Re: Received from rule?

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 24.10.07 17:54, Christian Nygaard wrote:
> How do I write a local spamassassin rule that matches received from header
> mail?.example.com . I've tried
> writing a header matching rule but it doesnt seem to work. Can you show a
> short example
> of a working header matching rule for received from?
> 
> Received: from mail3.example.com

the mail3.example.com may be (and probably is) a HELO string. It can be
faked. If you want to score according to ReceivedL lines, better check
X-Spam-Relays-Trusted or X-Spam-Relays-Untrusted, following instructions in 
http://wiki.apache.org/spamassassin/TrustPath
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.