You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by David Michaels <mi...@ucrwcu.rwc.uc.edu> on 2010/06/22 17:09:27 UTC
header To =~ question
I don't mean to be stupid.. and I know that this should be done with
sieve but..
Is there a obvious reason this doesn't work?
I think it's the "To" thats messing up..
header __GK__PHARMS_01 To =~ michaedi@ucrwcu.rwc.uc.edu
header __GK__PHARMS_02 Subject =~ /PHARMA|PHARMACY/
meta TR_GK__PHARMS (__GK_PHARMS_01 && __GK_PHARMS_02)
score TR_GK__PHARMS 6.0
Re: header To =~ question
Posted by David Michaels <mi...@ucrwcu.rwc.uc.edu>.
Quoting "John Hardin" <jh...@impsec.org>:
> On Tue, 22 Jun 2010, David Michaels wrote:
>
>> Is there a obvious reason this doesn't work?
>>
>> header __GK__PHARMS_01 To =~ michaedi@ucrwcu.rwc.uc.edu
>
> That looks insufficiently punctuated. Try:
>
> header __GK__PHARMS_01 To =~ /michaedi\@ucrwcu\.rwc\.uc\.edu/i
>
>> header __GK__PHARMS_02 Subject =~ /PHARMA|PHARMACY/
>
> That alternation isn't needed. "PHARMA" will hit on "PHARMACY".
>
> What does a lint check have to say about your original version?
>
> You _did_ lint it, didn't you? :)
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> Win95: Where do you want to go today?
> Vista: Where will Microsoft allow you to go today?
> -----------------------------------------------------------------------
> 12 days until the 234th anniversary of the Declaration of Independence
>
I'm going to go hide in the server room... I can not believe I didnt
run lint on this.... My new GF is distracting me.. (yeahh blame her,
its all her fault) thanks...
Re: header To =~ question
Posted by John Hardin <jh...@impsec.org>.
On Tue, 22 Jun 2010, David Michaels wrote:
> Is there a obvious reason this doesn't work?
>
> header __GK__PHARMS_01 To =~ michaedi@ucrwcu.rwc.uc.edu
That looks insufficiently punctuated. Try:
header __GK__PHARMS_01 To =~ /michaedi\@ucrwcu\.rwc\.uc\.edu/i
> header __GK__PHARMS_02 Subject =~ /PHARMA|PHARMACY/
That alternation isn't needed. "PHARMA" will hit on "PHARMACY".
What does a lint check have to say about your original version?
You _did_ lint it, didn't you? :)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Win95: Where do you want to go today?
Vista: Where will Microsoft allow you to go today?
-----------------------------------------------------------------------
12 days until the 234th anniversary of the Declaration of Independence
Re: header To =~ question
Posted by David Michaels <mi...@ucrwcu.rwc.uc.edu>.
Quoting "Bowie Bailey" <Bo...@BUC.com>:
> David Michaels wrote:
>>
>> I don't mean to be stupid.. and I know that this should be done with
>> sieve but..
>>
>> Is there a obvious reason this doesn't work?
>>
>> I think it's the "To" thats messing up..
>>
>> header __GK__PHARMS_01 To =~ michaedi@ucrwcu.rwc.uc.edu
>> header __GK__PHARMS_02 Subject =~ /PHARMA|PHARMACY/
>> meta TR_GK__PHARMS (__GK_PHARMS_01 && __GK_PHARMS_02)
>> score TR_GK__PHARMS 6.0
>
> A couple of things.
>
> The "To" match should look like this:
>
> header __GK__PHARMS_01 To =~ /michaedi\@ucrwcu\.rwc\.uc\.edu/
>
> You need the / delimiters around the regex and then you need to escape
> special characters like period and @.
>
> Also, the pharmacy match is redundant as John already pointed out:
>
> header __GK__PHARMS_02 Subject =~ /\bPHARMA(?:CY)?\b/
>
> The \b matches a word boundary and ensures that you are only matching on
> full words. If you don't care about partial matches, you can do a
> simpler match:
>
> header __GK__PHARMS_02 Subject =~ /PHARMA/
>
> --
> Bowie
>
Thanks for re writing the subject for me.. I like the more
sophisticated match.. I will try again...
Re: header To =~ question
Posted by Bowie Bailey <Bo...@BUC.com>.
David Michaels wrote:
>
> I don't mean to be stupid.. and I know that this should be done with
> sieve but..
>
> Is there a obvious reason this doesn't work?
>
> I think it's the "To" thats messing up..
>
> header __GK__PHARMS_01 To =~ michaedi@ucrwcu.rwc.uc.edu
> header __GK__PHARMS_02 Subject =~ /PHARMA|PHARMACY/
> meta TR_GK__PHARMS (__GK_PHARMS_01 && __GK_PHARMS_02)
> score TR_GK__PHARMS 6.0
A couple of things.
The "To" match should look like this:
header __GK__PHARMS_01 To =~ /michaedi\@ucrwcu\.rwc\.uc\.edu/
You need the / delimiters around the regex and then you need to escape
special characters like period and @.
Also, the pharmacy match is redundant as John already pointed out:
header __GK__PHARMS_02 Subject =~ /\bPHARMA(?:CY)?\b/
The \b matches a word boundary and ensures that you are only matching on
full words. If you don't care about partial matches, you can do a
simpler match:
header __GK__PHARMS_02 Subject =~ /PHARMA/
--
Bowie
Re: header To =~ question
Posted by John Hardin <jh...@impsec.org>.
On Tue, 22 Jun 2010, David Michaels wrote:
>> > header __GK__PHARMS_01 To =~ michaedi@ucrwcu.rwc.uc.edu
>> > header __GK__PHARMS_02 Subject =~ /PHARMA|PHARMACY/
>> > meta TR_GK__PHARMS (__GK_PHARMS_01 && __GK_PHARMS_02)
>
> I'm still not matching
Count the underscores in your rule names...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Pork (n): (political) The manifestation of the principle that it is
a felony to bribe a legislator, unless you are also a legislator.
-----------------------------------------------------------------------
12 days until the 234th anniversary of the Declaration of Independence
Re: header To =~ question
Posted by Bowie Bailey <Bo...@BUC.com>.
David Michaels wrote:
>
> I'm still not matching it the rule is a derivative of this other that
> does work for me..
>
> header __GK_CANA_PHARMS_01 Subject =~
> /DISCOUNT|GOOD|CANADA|FREE|ONLINE|SALE|STORE|BEST|USA|Product|BUY/i
> header __GK_CANA_PHARMS_02 Subject =~ /PHARMA|cialis|MEDICAL/i
> meta TR_GK_CANA_PHARMS (__GK_CANA_PHARMS_01 && __GK_CANA_PHARMS_02)
> score TR_GK_CANA_PHARMS 6.0
>
> This one both matches are based on the Subject.. and it works well..
Post your current rules and then put a sample message in a pastebin so
we can see exactly what you are trying to match.
--
Bowie
Re: header To =~ question
Posted by David Michaels <mi...@ucrwcu.rwc.uc.edu>.
Quoting "John Wilcock" <jo...@tradoc.fr>:
> Le 22/06/2010 17:09, David Michaels a écrit :
>>
>> I don't mean to be stupid.. and I know that this should be done with
>> sieve but..
>>
>> Is there a obvious reason this doesn't work?
>>
>> I think it's the "To" thats messing up..
>>
>> header __GK__PHARMS_01 To =~ michaedi@ucrwcu.rwc.uc.edu
>> header __GK__PHARMS_02 Subject =~ /PHARMA|PHARMACY/
>> meta TR_GK__PHARMS (__GK_PHARMS_01 && __GK_PHARMS_02)
>> score TR_GK__PHARMS 6.0
>
> First and foremost, you're missing the // on either side of the To regex.
>
> As an aside, PHARMA will always match PHARMACY! Depending on exectly
> what you're trying to achieve, you can either simplify your regex to
> just /PHARMA/ or bound it with word separators /\bPHARMA(CY)?\b/
>
>
> John.
>
> --
> -- Over 4000 webcams from ski resorts around the world - www.snoweye.com
> -- Translate your technical documents and web pages - www.tradoc.fr
>
I'm still not matching it the rule is a derivative of this other that
does work for me..
header __GK_CANA_PHARMS_01 Subject =~
/DISCOUNT|GOOD|CANADA|FREE|ONLINE|SALE|STORE|BEST|USA|Product|BUY/i
header __GK_CANA_PHARMS_02 Subject =~ /PHARMA|cialis|MEDICAL/i
meta TR_GK_CANA_PHARMS (__GK_CANA_PHARMS_01 && __GK_CANA_PHARMS_02)
score TR_GK_CANA_PHARMS 6.0
This one both matches are based on the Subject.. and it works well..
thanks
dm
Re: header To =~ question
Posted by David Michaels <mi...@ucrwcu.rwc.uc.edu>.
Quoting "John Wilcock" <jo...@tradoc.fr>:
> Le 22/06/2010 17:09, David Michaels a écrit :
>>
>> I don't mean to be stupid.. and I know that this should be done with
>> sieve but..
>>
>> Is there a obvious reason this doesn't work?
>>
>> I think it's the "To" thats messing up..
>>
>> header __GK__PHARMS_01 To =~ michaedi@ucrwcu.rwc.uc.edu
>> header __GK__PHARMS_02 Subject =~ /PHARMA|PHARMACY/
>> meta TR_GK__PHARMS (__GK_PHARMS_01 && __GK_PHARMS_02)
>> score TR_GK__PHARMS 6.0
>
> First and foremost, you're missing the // on either side of the To regex.
>
> As an aside, PHARMA will always match PHARMACY! Depending on exectly
> what you're trying to achieve, you can either simplify your regex to
> just /PHARMA/ or bound it with word separators /\bPHARMA(CY)?\b/
>
>
> John.
>
> --
> -- Over 4000 webcams from ski resorts around the world - www.snoweye.com
> -- Translate your technical documents and web pages - www.tradoc.fr
>
I think I tried it first with the // and also escaping the dot's and
@.. Thats hilarious I didn't see the double match.. thanks :)
Re: header To =~ question
Posted by John Wilcock <jo...@tradoc.fr>.
Le 22/06/2010 17:09, David Michaels a écrit :
>
> I don't mean to be stupid.. and I know that this should be done with
> sieve but..
>
> Is there a obvious reason this doesn't work?
>
> I think it's the "To" thats messing up..
>
> header __GK__PHARMS_01 To =~ michaedi@ucrwcu.rwc.uc.edu
> header __GK__PHARMS_02 Subject =~ /PHARMA|PHARMACY/
> meta TR_GK__PHARMS (__GK_PHARMS_01 && __GK_PHARMS_02)
> score TR_GK__PHARMS 6.0
First and foremost, you're missing the // on either side of the To regex.
As an aside, PHARMA will always match PHARMACY! Depending on exectly
what you're trying to achieve, you can either simplify your regex to
just /PHARMA/ or bound it with word separators /\bPHARMA(CY)?\b/
John.
--
-- Over 4000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr