Re: Rule Help - not sure what is wrong with my syntax

2023-01-14 Thread Loren Wilton 
> header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test\.com|test\.net)$/

That for efficiency really should use a non-capturing grouping:

header TO_SPECIFIC_DOMAIN To:addr =~ /\@(?:test\.com|test\.net)$/

Note the "?:" after the left parend.

Loren

Re: Rule Help - not sure what is wrong with my syntax

2023-01-13 Thread Benny Pedersen 

David B Funk skrev den 2023-01-14 08:35:

On Sat, 14 Jan 2023, Benny Pedersen wrote:


Benny Pedersen skrev den 2023-01-14 03:59:

header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email 
addresses

score TO_SPECIFIC_DOMAIN -0.5

tested works if i mail myself :=)


Benny,

Does it work if you mail To: 
Note that having an '>' character at the end of an address is valid if
it has a matching '<' but that should fail your "(com|net|eu)$/" test
because of the anchoring '$'


yes

To: Benny Pedersen 

roundcube does not use

To: "Benny Pedersen"

Re: Rule Help - not sure what is wrong with my syntax

2023-01-13 Thread David B Funk 

On Sat, 14 Jan 2023, Benny Pedersen wrote:


Benny Pedersen skrev den 2023-01-14 03:59:

header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email addresses
score TO_SPECIFIC_DOMAIN -0.5

tested works if i mail myself :=)


Benny,

Does it work if you mail To: 
Note that having an '>' character at the end of an address is valid if it has a 
matching '<' but that should fail your "(com|net|eu)$/" test because of the 
anchoring '$'



--
Dave Funk   University of Iowa
 College of Engineering
319/335-5751   FAX: 319/384-05491256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include 
Better is not better, 'standard' is better. B{

Re: Rule Help - not sure what is wrong with my syntax

2023-01-13 Thread Benny Pedersen 

Benny Pedersen skrev den 2023-01-14 03:59:

header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email 
addresses

score TO_SPECIFIC_DOMAIN -0.5

tested works if i mail myself :=)

Re: Rule Help - not sure what is wrong with my syntax

2023-01-13 Thread Benny Pedersen 

Joey J skrev den 2023-01-14 03:42:


header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test\.com|test\.net)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email 
addresses

score TO_SPECIFIC_DOMAIN -2.0


header TO_SPECIFIC_DOMAIN To:addr ~= /\@test\.(com|net)$/

should work

Re: Rule Help - not sure what is wrong with my syntax

2023-01-13 Thread Joey J 
Thanks to everyone's suggestions.

I will try to respond to everyone in this 1 message:

This was intended for people who get both filtering inbound and outbound
form the mail gateway.
At times certain legit content gets flagged on the way OUT, so this was to
try and add a little negative score, so it would say, OK we know we send
this guy, lets say the word million etc.
We didn't want to simply whitelist the TO address, because in theory if
computers get hacked, they could potentially send out malicios
attachments/links etc, so we want to allow something that scores a very
high score, we won't allow that to go out, but if its a moderate score,
make sure it doesn't get rejected.

In respect to Henrik K, i tried using the rule but SA with lint didn't like
the evaluation of the header you suggested.
I was able to try it a litte different and got this to work, should anyone
else want to use it:

header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test\.com|test\.net)$/
describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email
addresses
score TO_SPECIFIC_DOMAIN -2.0

*As always, thank you to everyone who helps support this list!*

On Thu, Jan 12, 2023 at 9:57 PM John Hardin  wrote:

> On Thu, 12 Jan 2023, John Hardin wrote:
>
> > On Thu, 12 Jan 2023, Martin Gregorie wrote:
> >
> >>  On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote:
> >>>  Hello All,
> >>>
> >>>  I created this rule to check for email addresses matching a list to
> >>>  get
> >>>  added some negative value.
> >>>  I also tried it with just domains so it would be more efficient, but I
> >>>  can't seem to get them to run.
> >>>  Any suggestions?
> >>
> >>  Use a database to store addresses you accept mail from. Apart from the
> >>  database, you'll need a Perl module to let SA look up addresses in the
> >>  database.
> >
> > Simpler as it involves no new coding: a local DNS server and a DNSBL
> lookup
> > rule with a negative score. There are instructions for setting such up
> for
> > local blacklists, that works equally well for a local whitelist.
>
> Ah, whoops. I had it in my head that emailBL had been implemented. Never
> mind!
>
>
> --
>   John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
>   jhar...@impsec.org pgpk -a jhar...@impsec.org
>   key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> ---
>The difference is that Unix has had thirty years of technical
>types demanding basic functionality of it. And the Macintosh has
>had fifteen years of interface fascist users shaping its progress.
>Windows has the hairpin turns of the Microsoft marketing machine
>and that's all.-- Red Drag Diva
> ---
>   5 days until Benjamin Franklin's 317th Birthday
>


-- 
Thanks!
Joey

Re: Rule Help - not sure what is wrong with my syntax

2023-01-12 Thread John Hardin 

On Thu, 12 Jan 2023, John Hardin wrote:


On Thu, 12 Jan 2023, Martin Gregorie wrote:


 On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote:

 Hello All,

 I created this rule to check for email addresses matching a list to
 get
 added some negative value.
 I also tried it with just domains so it would be more efficient, but I
 can't seem to get them to run.
 Any suggestions?


 Use a database to store addresses you accept mail from. Apart from the
 database, you'll need a Perl module to let SA look up addresses in the
 database.


Simpler as it involves no new coding: a local DNS server and a DNSBL lookup 
rule with a negative score. There are instructions for setting such up for 
local blacklists, that works equally well for a local whitelist.


Ah, whoops. I had it in my head that emailBL had been implemented. Never 
mind!



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.org pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  The difference is that Unix has had thirty years of technical
  types demanding basic functionality of it. And the Macintosh has
  had fifteen years of interface fascist users shaping its progress.
  Windows has the hairpin turns of the Microsoft marketing machine
  and that's all.-- Red Drag Diva
---
 5 days until Benjamin Franklin's 317th Birthday

Re: Rule Help - not sure what is wrong with my syntax

2023-01-12 Thread John Hardin 

On Thu, 12 Jan 2023, Martin Gregorie wrote:


On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote:

Hello All,

I created this rule to check for email addresses matching a list to
get
added some negative value.
I also tried it with just domains so it would be more efficient, but I
can't seem to get them to run.
Any suggestions?


Use a database to store addresses you accept mail from. Apart from the
database, you'll need a Perl module to let SA look up addresses in the
database.


Simpler as it involves no new coding: a local DNS server and a DNSBL 
lookup rule with a negative score. There are instructions for setting such 
up for local blacklists, that works equally well for a local whitelist.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.org pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  USMC Rules of Gunfighting #20: The faster you finish the fight,
  the less shot you will get.
---
 5 days until Benjamin Franklin's 317th Birthday

Re: Rule Help - not sure what is wrong with my syntax

2023-01-12 Thread Henrik K 


There's no need for any rules:

whitelist_to us...@example.com
whitelist_to *@domain.com

And adjust USER_IN_WHITELIST_TO for score.

(welcomelist_to / USER_IN_WELCOMELIST_TO in 4.0)


On Wed, Jan 11, 2023 at 04:56:21PM -0800, Loren Wilton wrote:
> ?
> Why not do a simple rule rather than inventing some Perl code?
>  
> header TO_SPECIFIC_EMAIL To:addr ~= '(?:\b[1]us...@example.com|\b[2]
> us...@example.com|\b[3]us...@example.com)'
> describe TO_SPECIFIC_EMAIL Mail to a specific email address
> score TO_SPECIFIC_EMAIL -2
>  
> header TO_SPECIFIC_DOMAIN To:addr '(?:'\@example1\.com | \@example2\.com | \
> @example3\.com)'
> describe TO_SPECIFIC_DOMAIN Mail to specific email domain
> score TO_SPECIFIC_DOMAIN -2
>  
> or possibly
>  
> header TO_SPECIFIC_DOMAIN To:addr '\@(?:example1\.com | example2\.com |
> example3\.com)$'
>  
>  
> Loren
> 
> - Original Message -
> From: [4]Joey J
> To: [5]users@spamassassin.apache.org
> Sent: Wednesday, January 11, 2023 3:39 PM
> Subject: Rule Help - not sure what is wrong with my syntax
> 
> Hello All,
> 
> I created this rule to check for email addresses matching a list to get
> added some negative value.
> I also tried it with just domains so it would be more efficient, but I
> can't seem to get them to run.
> Any suggestions?
> 
> header TO_SPECIFIC_EMAIL eval:check_to_specific_email()
> describe TO_SPECIFIC_EMAIL Mail to a specific email address
> 
> score TO_SPECIFIC_EMAIL -2
> 
> sub check_to_specific_email {
> my ($self) = @_;
> my $to = lc($self->get('To:addr'));
> my $list_of_address = qr/[6]us...@example.com|[7]us...@example.com|[8]
> us...@example.com/;
> if ($to =~ $list_of_address) {
> return 1;
> }
> return 0;
> }
> 
> 
> 
> 
> This version was to simply check for the domain matches, but can't seem to
> get it to work
> 
> 
> header TO_SPECIFIC_DOMAIN eval:check_to_specific_domain()
> describe TO_SPECIFIC_DOMAIN Mail to specific email domain
> 
> score TO_SPECIFIC_DOMAIN -2
> 
> sub check_to_specific_domain {
> my ($self) = @_;
> my $to = lc($self->get('To:addr'));
> if ($to =~ /\@example1\.com$|\@example2\.com$|\@example3\.com$/) {
> return 1;
> }
> return 0;
> }
> 
> 
> 
> 
> 
> 
> --
> Thanks!
> Joey
> 
> 
> 
> References:
> 
> [1] mailto:bus...@example.com
> [2] mailto:bus...@example.com
> [3] mailto:bus...@example.com
> [4] mailto:jacklistm...@gmail.com
> [5] mailto:users@spamassassin.apache.org
> [6] mailto:us...@example.com
> [7] mailto:us...@example.com
> [8] http://us...@example.com/

Re: Rule Help - not sure what is wrong with my syntax

2023-01-12 Thread Martin Gregorie 
On Wed, 2023-01-11 at 16:56 -0800, Loren Wilton wrote:
> Why not do a simple rule rather than inventing some Perl code?
> 
> header TO_SPECIFIC_EMAIL To:addr ~=
> '(?:\bus...@example.com|\bus...@example.com|\bus...@example.com)'
> describe TO_SPECIFIC_EMAIL Mail to a specific email address
> score TO_SPECIFIC_EMAIL -2
> 
> header TO_SPECIFIC_DOMAIN To:addr '(?:'\@example1\.com |
> \@example2\.com | \@example3\.com)'
> describe TO_SPECIFIC_DOMAIN Mail to specific email domain
> score TO_SPECIFIC_DOMAIN -2
> 
>     or possibly
> 
> header TO_SPECIFIC_DOMAIN To:addr '\@(?:example1\.com | example2\.com
> | example3\.com)$'
> 
> 
Agreed, though after a while the regex can get rather long and unwieldy,
but its easy enough to keep the address list as a simple text file (one
address per line) and write a simple program to create a syntactically
correct SA rule from the list. That is easily done with Perl or (better)
an awk script.


Martin

Re: Rule Help - not sure what is wrong with my syntax

2023-01-12 Thread Martin Gregorie 
On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote:
> Hello All,
> 
> I created this rule to check for email addresses matching a list to
> get
> added some negative value.
> I also tried it with just domains so it would be more efficient, but I
> can't seem to get them to run.
> Any suggestions?
> 
Use a database to store addresses you accept mail from. Apart from the
database, you'll need a Perl module to let SA look up addresses in the
database. How to populate the database is up to you: but adding
addresses you send mail to and having your SA interface mark these
addresses as not-spam is unlikely to cause false positives. 

My preferred way of populating the database depends on you running a
local copy of Postfix. Configure Postfix to BCC all mail to a mailbox
thats's scanned for outgoing mail and run an overnight process to add
destination addresses from outbound mail to the database and discard the
messages as they're processed.

That said, I use this mechanism to populate a mail archive and a view to
select the addresses I've sent mail to from the archive. 

This approach runs adequately fast and requires minimal maintenance
apart from a weekly backup. 

HTH, Martin

Re: Rule Help - not sure what is wrong with my syntax

2023-01-11 Thread Loren Wilton 
Why not do a simple rule rather than inventing some Perl code?

header TO_SPECIFIC_EMAIL To:addr ~= 
'(?:\bus...@example.com|\bus...@example.com|\bus...@example.com)'
describe TO_SPECIFIC_EMAIL Mail to a specific email address
score TO_SPECIFIC_EMAIL -2

header TO_SPECIFIC_DOMAIN To:addr '(?:'\@example1\.com | \@example2\.com | 
\@example3\.com)'
describe TO_SPECIFIC_DOMAIN Mail to specific email domain
score TO_SPECIFIC_DOMAIN -2

or possibly

header TO_SPECIFIC_DOMAIN To:addr '\@(?:example1\.com | example2\.com | 
example3\.com)$'


Loren
  - Original Message - 
  From: Joey J 
  To: users@spamassassin.apache.org 
  Sent: Wednesday, January 11, 2023 3:39 PM
  Subject: Rule Help - not sure what is wrong with my syntax


  Hello All,


  I created this rule to check for email addresses matching a list to get added 
some negative value.
  I also tried it with just domains so it would be more efficient, but I can't 
seem to get them to run.
  Any suggestions?


  header TO_SPECIFIC_EMAIL eval:check_to_specific_email()
  describe TO_SPECIFIC_EMAIL Mail to a specific email address


  score TO_SPECIFIC_EMAIL -2


  sub check_to_specific_email {
  my ($self) = @_;
  my $to = lc($self->get('To:addr'));
  my $list_of_address = 
qr/us...@example.com|us...@example.com|us...@example.com/;
  if ($to =~ $list_of_address) {
  return 1;
  }
  return 0;
  }






  
  This version was to simply check for the domain matches, but can't seem to 
get it to work
  


  header TO_SPECIFIC_DOMAIN eval:check_to_specific_domain()
  describe TO_SPECIFIC_DOMAIN Mail to specific email domain


  score TO_SPECIFIC_DOMAIN -2


  sub check_to_specific_domain {
  my ($self) = @_;
  my $to = lc($self->get('To:addr'));
  if ($to =~ /\@example1\.com$|\@example2\.com$|\@example3\.com$/) {
  return 1;
  }
  return 0;
  }












  -- 

  Thanks!
  Joey

Rule Help - not sure what is wrong with my syntax

2023-01-11 Thread Joey J 
Hello All,

I created this rule to check for email addresses matching a list to get
added some negative value.
I also tried it with just domains so it would be more efficient, but I
can't seem to get them to run.
Any suggestions?

header TO_SPECIFIC_EMAIL eval:check_to_specific_email()
describe TO_SPECIFIC_EMAIL Mail to a specific email address

score TO_SPECIFIC_EMAIL -2

sub check_to_specific_email {
my ($self) = @_;
my $to = lc($self->get('To:addr'));
my $list_of_address = qr/us...@example.com|us...@example.com|
us...@example.com/;
if ($to =~ $list_of_address) {
return 1;
}
return 0;
}




This version was to simply check for the domain matches, but can't seem to
get it to work


header TO_SPECIFIC_DOMAIN eval:check_to_specific_domain()
describe TO_SPECIFIC_DOMAIN Mail to specific email domain

score TO_SPECIFIC_DOMAIN -2

sub check_to_specific_domain {
my ($self) = @_;
my $to = lc($self->get('To:addr'));
if ($to =~ /\@example1\.com$|\@example2\.com$|\@example3\.com$/) {
return 1;
}
return 0;
}






-- 
Thanks!
Joey