You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Geert Batsleer <ba...@gmail.com> on 2009/03/04 10:10:39 UTC
blacklist_from
all,
I'm trying to blacklist email frcm '*Vegas Club Casino' *Hi wich is being
sent from different email adressess but always with the same 'From' in the
header.
Tried putting it in local.cf as blacklist_from Vegas Club Casino
but those mails keep coming.
How can I filter just on the from tag without using an email adress but the
name.
best regards,
Geert
PS I'm using p spamassassin-3.2.5-1.el4.rf with score 3
Re: blacklist_from
Posted by Yet Another Ninja <sa...@alexb.ch>.
On 3/4/2009 10:18 AM, Matus UHLAR - fantomas wrote:
> On 04.03.09 10:10, Geert Batsleer wrote:
>> I'm trying to blacklist email frcm '*Vegas Club Casino' *Hi wich is being
>> sent from different email adressess but always with the same 'From' in the
>> header.
>>
>> Tried putting it in local.cf as blacklist_from Vegas Club Casino
>> but those mails keep coming.
>
> If you look at the docs, you'll see that *blacklist_* only apply for
> adresses
>
>> How can I filter just on the from tag without using an email adress but the
>> name.
>
> a rule will be needed
>
header FROM_BLAH From:name =~ /\bBLAH\b/i
should do the trick
Re: blacklist_from
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 04.03.09 10:10, Geert Batsleer wrote:
> I'm trying to blacklist email frcm '*Vegas Club Casino' *Hi wich is being
> sent from different email adressess but always with the same 'From' in the
> header.
>
> Tried putting it in local.cf as blacklist_from Vegas Club Casino
> but those mails keep coming.
If you look at the docs, you'll see that *blacklist_* only apply for
adresses
> How can I filter just on the from tag without using an email adress but the
> name.
a rule will be needed
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
Re: NOTICE: mail delivery status.
Posted by mouss <mo...@ml.netoyen.net>.
Geert Batsleer a écrit :
> 2009/3/7 mouss <mouss@ml.netoyen.net <ma...@ml.netoyen.net>>
>
> Matus UHLAR - fantomas a écrit :
>
> >>
> >> header FROM_CASINO From:name =~ /\Vegas Club Casino\b/i
> >> descrbibe FROM_CASINO Casino Club Casino filter 04/03/09
>
> and ii should be "describe", not "descrbibe"...
>
>
> >> score FROM_CASINO 10.0
> >
> > \V is unknown to me, and apparently to perl too.
> >
> > Also, score 10 is too much. combined with BAYES_99 with standard
> score of
> > 3.5 and standard required score of 5.0, 1.505 should be enough
> even for cases
> > the sender has correct SPF, DKIM or whatever tests that give small
> negative
> > score..
> >
>
> but if the goal is to blacklist, then 10 or even 100 is better.
> this way, he doesn't even need to check his quarantine...
>
> got it finally working right, with Mailer:from nothing seemd to get
> flagged but with 'Sobject=' it works like a charm :)
>
> header LOCAL_CASINO_RULE Subject=~ /Vegas Club Casino/i
> describe LOCAL_CASINO_RULE Casino Club Casino filter 09 maart 2009
> score LOCAL_CASINO_RULE 6.0
>
> Is local.cf <http://local.cf> a good place to store this ule or will it
> get overwritten when I upgrade with a yum or apt-get command?
>
local.cf is your file. it shouldn't be touched by an upgrade.
now, you can call the file joe.cf if you want (but put it in the same
fir as local.cf).
Re: NOTICE: mail delivery status.
Posted by Geert Batsleer <ba...@gmail.com>.
2009/3/7 mouss <mo...@ml.netoyen.net>
> Matus UHLAR - fantomas a écrit :
>
> >>
> >> header FROM_CASINO From:name =~ /\Vegas Club Casino\b/i
> >> descrbibe FROM_CASINO Casino Club Casino filter 04/03/09
>
> and ii should be "describe", not "descrbibe"...
>
>
> >> score FROM_CASINO 10.0
> >
> > \V is unknown to me, and apparently to perl too.
> >
> > Also, score 10 is too much. combined with BAYES_99 with standard score of
> > 3.5 and standard required score of 5.0, 1.505 should be enough even for
> cases
> > the sender has correct SPF, DKIM or whatever tests that give small
> negative
> > score..
> >
>
> but if the goal is to blacklist, then 10 or even 100 is better. this way,
> he doesn't even need to check his quarantine...
>
> got it finally working right, with Mailer:from nothing seemd to get flagged
but with 'Sobject=' it works like a charm :)
header LOCAL_CASINO_RULE Subject=~ /Vegas Club Casino/i
describe LOCAL_CASINO_RULE Casino Club Casino filter 09 maart 2009
score LOCAL_CASINO_RULE 6.0
Is local.cf a good place to store this ule or will it get overwritten when I
upgrade with a yum or apt-get command?
-Geert
Re: NOTICE: mail delivery status.
Posted by mouss <mo...@ml.netoyen.net>.
Matus UHLAR - fantomas a écrit :
> On 05.03.09 16:01, Geert Batsleer wrote:
>> I added this to my local.cf, is this syntax OK or will this block 'Club'
>> 'Casion' and 'Vegas' if used seperate?
>>
>>
>> header FROM_CASINO From:name =~ /\Vegas Club Casino\b/i
>> descrbibe FROM_CASINO Casino Club Casino filter 04/03/09
and ii should be "describe", not "descrbibe"...
>> score FROM_CASINO 10.0
>
> \V is unknown to me, and apparently to perl too.
>
> Also, score 10 is too much. combined with BAYES_99 with standard score of
> 3.5 and standard required score of 5.0, 1.505 should be enough even for cases
> the sender has correct SPF, DKIM or whatever tests that give small negative
> score..
>
but if the goal is to blacklist, then 10 or even 100 is better. this
way, he doesn't even need to check his quarantine...
since OP is using postfix, he can use header_checks:
/^From:.*Vegas Club Casino/ REJECT Our Casino is better
> But what do tou mean "if used separate"?
> defining score for each word separate would work, athough this way it's more
> reliable (words vegas, club, casino can appear in From: lines of mant
> mails).
>
> Using ReplaceTags could help you if anyone starts obfuscating that...
>
>> 1173. [14547] warn: Unrecognized escape \V passed through at
>> /etc/mail/spamassassin/local.cf, rule FROM_CASINO, line 1.
>
Re: NOTICE: mail delivery status.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 05.03.09 16:01, Geert Batsleer wrote:
> I added this to my local.cf, is this syntax OK or will this block 'Club'
> 'Casion' and 'Vegas' if used seperate?
>
>
> header FROM_CASINO From:name =~ /\Vegas Club Casino\b/i
> descrbibe FROM_CASINO Casino Club Casino filter 04/03/09
> score FROM_CASINO 10.0
\V is unknown to me, and apparently to perl too.
Also, score 10 is too much. combined with BAYES_99 with standard score of
3.5 and standard required score of 5.0, 1.505 should be enough even for cases
the sender has correct SPF, DKIM or whatever tests that give small negative
score..
But what do tou mean "if used separate"?
defining score for each word separate would work, athough this way it's more
reliable (words vegas, club, casino can appear in From: lines of mant
mails).
Using ReplaceTags could help you if anyone starts obfuscating that...
> 1173. [14547] warn: Unrecognized escape \V passed through at
> /etc/mail/spamassassin/local.cf, rule FROM_CASINO, line 1.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
Re: NOTICE: mail delivery status.
Posted by Benny Pedersen <me...@junc.org>.
On Thu, March 5, 2009 16:01, Geert Batsleer wrote:
> header FROM_CASINO From:name =~ /\Vegas Club Casino\b/i
header FROM_CASINO From:name =~ /\bVegas Club Casino\b/i
--
http://localhost/ 100% uptime and 100% mirrored :)
Re: NOTICE: mail delivery status.
Posted by Geert Batsleer <ba...@gmail.com>.
I added this to my local.cf, is this syntax OK or will this block 'Club'
'Casion' and 'Vegas' if used seperate?
header FROM_CASINO From:name =~ /\Vegas Club Casino\b/i
descrbibe FROM_CASINO Casino Club Casino filter 04/03/09
score FROM_CASINO 10.0
I got the following response from my MTA
Reporting-MTA: dns; mail.removed.be
X-Postfix-Queue-ID: A047E104436
X-Postfix-Sender: rfc822; ruben@removed.be
<https://secure.studioo.be/gbmail/src/compose.php?send_to=ruben.dobbelaere%40sovoarte.be>
Arrival-Date: Thu, 5 Mar 2009 11:35:51 +0100 (CET)
Final-Recipient: rfc822; hendrika@mail.removed.be
<https://secure.studioo.be/gbmail/src/compose.php?send_to=hendrika%40mail.studioo.be>
Original-Recipient: rfc822; team@removed.be
<https://secure.studioo.be/gbmail/src/compose.php?send_to=team%40sovoarte.be>
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; can't create user output file. Command output:
[14547] warn: Unrecognized escape \V passed through in regex; marked by <--
HERE in m/(?i)\V <-- HERE egas Club Casino\b/ at
/usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Conf/Parser.pm line
1173. [14547] warn: Unrecognized escape \V passed through at
/etc/mail/spamassassin/local.cf, rule FROM_CASINO, line 1.