You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Jeremy <jf...@hotmail.com> on 2005/10/27 10:17:28 UTC

Help with SA rule

Hi all,
I've created a custom SA rule for myself to block spams that contain URLs
which aren't yet listed by SURBL or URIBL. My rule looks like this:

uri          BAD_URI    /baddomain1\.com|baddomain2\.com|baddomain3\.com/i
describe BAD_URI    Body contains blacklisted URL
score     BAD_URI    5.0

What I'd like to know is this: is it possible to have the rule actually list
the domain name it triggered upon, in the SA rules summary in the headers? I
mean in the same way that the SURBL rules do - for example if a spam
contains a URL listed in SURBL, the following is shown in the spam report
within the email's headers:

    8.0 URIBL_SBL Body contains URL listed in the SpamHaus SURBL blacklist
    [URIs: baddomain.com]

Note the domain itself is listed on the 2nd line. That's what I'd like to
have for my own custom rule - the domain listed on the 2nd line too - so
that I can see exactly which blacklisted domain of mine has triggered my
custom rule (eg. baddomain1.com, baddomain2.com or whatever).

Is this possible to do with SA?

Thanks,
Jeremy

Re: Help with SA rule

Posted by Loren Wilton <lw...@earthlink.net>.

> I've created a custom SA rule for myself to block spams that contain URLs
> which aren't yet listed by SURBL or URIBL. My rule looks like this:
>
> uri          BAD_URI    /baddomain1\.com|baddomain2\.com|baddomain3\.com/i
> describe BAD_URI    Body contains blacklisted URL
> score     BAD_URI    5.0
>
> What I'd like to know is this: is it possible to have the rule actually
list
> the domain name it triggered upon, in the SA rules summary in the headers?
I

Not without creating a plugin or eval type rule.  In standard rules there is
no way that you can do text substitution in the description part.  The
simplest way to get what you want would be to create a separate rule for
each domain, and give it its own description.

You should be submitting these bad domains to SpamCop or other method that
feeds them into the SURBL stream rather than just writing local rules
against them.

        Loren