You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Steve <sp...@shic.co.uk> on 2008/01/16 18:08:08 UTC
A rule to match patterns on recipient name.
I'm looking for suggestions as to the best way to do this.
I've a catch-all mail strategy for a domain, and a number of users have
accounts - say - fred@domain.com; wilma@domain.com etc. When engaging
with a new contact, or mailing list, a new email address is generated.
For example:
spamassassin.users_fred@domain.com
dixons_fred@domain.com
GWBush_wilma@domain.com
etc. etc. etc.
Valid email addresses have a well-known structure (i.e. [A-z.]*_NAME)
so, for example 38373763563@domain.com is clearly a bogus address.
Is there a straightforward way to establish rules to validate the
intended recipient using spamassassin? Is the spamassassin level the
best way to go about exploiting this clear spam-trait, or is it better
exploited at the MTA level. Any ideas?
An idea for the future might well be to add to the spam-score of
messages sent to an individual contact's email address which doesn't
originate from the expected domain.
Re: A rule to match patterns on recipient name.
Posted by Loren Wilton <lw...@earthlink.net>.
>> header __GOOD_NAME To =~
>> /[A-Za-z]{1,30}_[A-Za-z\d\.]{2,40}\@(?i:domain\.com)/
>> meta BAD_NAME !__GOOD_NAME
>> score BAD_NAME 2
>>
>> Above is based on the assumption that "NAME" includes only letters,
>> numbers, and dots. If it can also have underscores then you could just
>> do \w{2,40} or the like for the second part.
> Hmmm - not a bad start, I guess. If I were to put something like this in
> individual users' .spamassassin/user_prefs - then I could be even more
> restrictive about NAME. I am concerned, however, that this might not cope
> well with mailing lists (where To is the mailing list name) or in
> circumstances where the user is CC'd rather than addressed directly.
It will surely fail on mailing lists and Bcc items, which is why I gave it a
relatively low score.
You had seemingly specifically said "To" previously. You can use ToCc in
place of To in the rule and catch both To and CC.
Loren
Re: A rule to match patterns on recipient name.
Posted by Steve <sp...@shic.co.uk>.
Loren Wilton wrote:
>> Valid email addresses have a well-known structure (i.e. [A-z.]*_NAME)
>> so, for example 38373763563@domain.com is clearly a bogus address.
>
> Off the top of my head you might be able to do something like (untested):
>
> header __GOOD_NAME To =~
> /[A-Za-z]{1,30}_[A-Za-z\d\.]{2,40}\@(?i:domain\.com)/
> meta BAD_NAME !__GOOD_NAME
> score BAD_NAME 2
>
> Above is based on the assumption that "NAME" includes only letters,
> numbers, and dots. If it can also have underscores then you could
> just do \w{2,40} or the like for the second part.
Hmmm - not a bad start, I guess. If I were to put something like this
in individual users' .spamassassin/user_prefs - then I could be even
more restrictive about NAME. I am concerned, however, that this might
not cope well with mailing lists (where To is the mailing list name) or
in circumstances where the user is CC'd rather than addressed directly.
Re: A rule to match patterns on recipient name.
Posted by Loren Wilton <lw...@earthlink.net>.
> Valid email addresses have a well-known structure (i.e. [A-z.]*_NAME) so,
> for example 38373763563@domain.com is clearly a bogus address.
Off the top of my head you might be able to do something like (untested):
header __GOOD_NAME To =~
/[A-Za-z]{1,30}_[A-Za-z\d\.]{2,40}\@(?i:domain\.com)/
meta BAD_NAME !__GOOD_NAME
score BAD_NAME 2
Above is based on the assumption that "NAME" includes only letters, numbers,
and dots. If it can also have underscores then you could just do \w{2,40}
or the like for the second part.
Loren