You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Aleksandar Ivanovski <al...@euronetcom.com.mk> on 2007/02/02 13:45:35 UTC

Begginer questions regarding rules

Hi list for the first time,

I am new to spamassassin installed it on sles9 with amavisd-new, amavis 
deamon is starting it.

I have a FW in front of the mail server that once finds a spam message , 
adds (SPAM) or (SPAM 2) or (SPAM x) to the subject (depends on the level).
It also adds  X-Spam-Gateway: F200XB324440600202 in the header
I have created simple rule (i would like mails that come with spam in 
the subjects to be discarded):

header SPAM_SUBJ     Subject =~ /SPAM/i
describe SPAM_SUBJ   Subject contains spam
score SPAM_SUBJ 100.5

the other settings are :  
# How many hits before a message is considered spam.
required_hits           5.0

However once changes take effect not only that the emails containig spam 
in the subject get hits < 3 but also ham mails that were ok before are 
getting hist>100 and getting discarded ????

I guess I am doing something stupid here?

thanks.
AI






-- 
Aleksandar Ivanovski
Hardware and System Support Manager
EuroNetCom
Sv.Kliment Ohridski 68a
tel: +389 2 3 290 580
cel: +389 75 327 924
fax: +389 2 3 290 580
email: aleksandar.ivanovski@euronetcom.com.mk
http://www.euronetcom.com.mk

Re: Begginer questions regarding rules

Posted by Loren Wilton <lw...@earthlink.net>.

> I have a FW in front of the mail server that once finds a spam message , 
> adds (SPAM) or (SPAM 2) or (SPAM x) to the subject (depends on the level).
> It also adds  X-Spam-Gateway: F200XB324440600202 in the header
> I have created simple rule (i would like mails that come with spam in the 
> subjects to be discarded):
>
> header SPAM_SUBJ     Subject =~ /SPAM/i
> describe SPAM_SUBJ   Subject contains spam
> score SPAM_SUBJ 100.5
>
> However once changes take effect not only that the emails containig spam 
> in the subject get hits < 3 but also ham mails that were ok before are 
> getting hist>100 and getting discarded ????
>
> I guess I am doing something stupid here?

Your rule could be written a bit more safely, but I can't see anything in 
what you show that should be causing the results you describe.  I beleive 
Amvis is one of the programs that rewrites the spam results from SA, 
discarding the markup SA itself creates.  So you could have a problem with 
some part of the Amvis config.  I'm not familiar with it, so can't really 
help there.

I would suggest changing your rule to be something like

> header SPAM_SUBJ     Subject =~ /\(SPAM\b/

or perhaps

> header SPAM_SUBJ     Subject =~ /\(SPAM(?:\s\d+)\)/i

If the (SPAM) is the first thing in the subject line then I'd add an ^ at 
the start of the regex to anchor it to the start of the subject.  Any of 
those things should reduce the chances that you will get a false hit in some 
word in a subject.

        Loren