You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Aleksandar Ivanovski <al...@euronetcom.com.mk> on 2007/02/02 13:45:35 UTC
Begginer questions regarding rules
Hi list for the first time,
I am new to spamassassin installed it on sles9 with amavisd-new, amavis
deamon is starting it.
I have a FW in front of the mail server that once finds a spam message ,
adds (SPAM) or (SPAM 2) or (SPAM x) to the subject (depends on the level).
It also adds X-Spam-Gateway: F200XB324440600202 in the header
I have created simple rule (i would like mails that come with spam in
the subjects to be discarded):
header SPAM_SUBJ Subject =~ /SPAM/i
describe SPAM_SUBJ Subject contains spam
score SPAM_SUBJ 100.5
the other settings are :
# How many hits before a message is considered spam.
required_hits 5.0
However once changes take effect not only that the emails containig spam
in the subject get hits < 3 but also ham mails that were ok before are
getting hist>100 and getting discarded ????
I guess I am doing something stupid here?
thanks.
AI
--
Aleksandar Ivanovski
Hardware and System Support Manager
EuroNetCom
Sv.Kliment Ohridski 68a
tel: +389 2 3 290 580
cel: +389 75 327 924
fax: +389 2 3 290 580
email: aleksandar.ivanovski@euronetcom.com.mk
http://www.euronetcom.com.mk
Re: Begginer questions regarding rules
Posted by Loren Wilton <lw...@earthlink.net>.
> I have a FW in front of the mail server that once finds a spam message ,
> adds (SPAM) or (SPAM 2) or (SPAM x) to the subject (depends on the level).
> It also adds X-Spam-Gateway: F200XB324440600202 in the header
> I have created simple rule (i would like mails that come with spam in the
> subjects to be discarded):
>
> header SPAM_SUBJ Subject =~ /SPAM/i
> describe SPAM_SUBJ Subject contains spam
> score SPAM_SUBJ 100.5
>
> However once changes take effect not only that the emails containig spam
> in the subject get hits < 3 but also ham mails that were ok before are
> getting hist>100 and getting discarded ????
>
> I guess I am doing something stupid here?
Your rule could be written a bit more safely, but I can't see anything in
what you show that should be causing the results you describe. I beleive
Amvis is one of the programs that rewrites the spam results from SA,
discarding the markup SA itself creates. So you could have a problem with
some part of the Amvis config. I'm not familiar with it, so can't really
help there.
I would suggest changing your rule to be something like
> header SPAM_SUBJ Subject =~ /\(SPAM\b/
or perhaps
> header SPAM_SUBJ Subject =~ /\(SPAM(?:\s\d+)\)/i
If the (SPAM) is the first thing in the subject line then I'd add an ^ at
the start of the regex to anchor it to the start of the subject. Any of
those things should reduce the chances that you will get a false hit in some
word in a subject.
Loren