Re: Rule Help - not sure what is wrong with my syntax
> header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test\.com|test\.net)$/ That for efficiency really should use a non-capturing grouping: header TO_SPECIFIC_DOMAIN To:addr =~ /\@(?:test\.com|test\.net)$/ Note the "?:" after the left parend. Loren
Re: Rule Help - not sure what is wrong with my syntax
David B Funk skrev den 2023-01-14 08:35: On Sat, 14 Jan 2023, Benny Pedersen wrote: Benny Pedersen skrev den 2023-01-14 03:59: header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/ describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email addresses score TO_SPECIFIC_DOMAIN -0.5 tested works if i mail myself :=) Benny, Does it work if you mail To: Note that having an '>' character at the end of an address is valid if it has a matching '<' but that should fail your "(com|net|eu)$/" test because of the anchoring '$' yes To: Benny Pedersen roundcube does not use To: "Benny Pedersen"
Re: Rule Help - not sure what is wrong with my syntax
On Sat, 14 Jan 2023, Benny Pedersen wrote: Benny Pedersen skrev den 2023-01-14 03:59: header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/ describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email addresses score TO_SPECIFIC_DOMAIN -0.5 tested works if i mail myself :=) Benny, Does it work if you mail To: Note that having an '>' character at the end of an address is valid if it has a matching '<' but that should fail your "(com|net|eu)$/" test because of the anchoring '$' -- Dave Funk University of Iowa College of Engineering 319/335-5751 FAX: 319/384-05491256 Seamans Center, 103 S Capitol St. Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include Better is not better, 'standard' is better. B{
Re: Rule Help - not sure what is wrong with my syntax
Benny Pedersen skrev den 2023-01-14 03:59: header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test|junc)\.(com|net|eu)$/ describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email addresses score TO_SPECIFIC_DOMAIN -0.5 tested works if i mail myself :=)
Re: Rule Help - not sure what is wrong with my syntax
Joey J skrev den 2023-01-14 03:42: header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test\.com|test\.net)$/ describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email addresses score TO_SPECIFIC_DOMAIN -2.0 header TO_SPECIFIC_DOMAIN To:addr ~= /\@test\.(com|net)$/ should work
Re: Rule Help - not sure what is wrong with my syntax
Thanks to everyone's suggestions. I will try to respond to everyone in this 1 message: This was intended for people who get both filtering inbound and outbound form the mail gateway. At times certain legit content gets flagged on the way OUT, so this was to try and add a little negative score, so it would say, OK we know we send this guy, lets say the word million etc. We didn't want to simply whitelist the TO address, because in theory if computers get hacked, they could potentially send out malicios attachments/links etc, so we want to allow something that scores a very high score, we won't allow that to go out, but if its a moderate score, make sure it doesn't get rejected. In respect to Henrik K, i tried using the rule but SA with lint didn't like the evaluation of the header you suggested. I was able to try it a litte different and got this to work, should anyone else want to use it: header TO_SPECIFIC_DOMAIN To:addr =~ /\@(test\.com|test\.net)$/ describe TO_SPECIFIC_DOMAIN Mail sent to test.com or test.net email addresses score TO_SPECIFIC_DOMAIN -2.0 *As always, thank you to everyone who helps support this list!* On Thu, Jan 12, 2023 at 9:57 PM John Hardin wrote: > On Thu, 12 Jan 2023, John Hardin wrote: > > > On Thu, 12 Jan 2023, Martin Gregorie wrote: > > > >> On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote: > >>> Hello All, > >>> > >>> I created this rule to check for email addresses matching a list to > >>> get > >>> added some negative value. > >>> I also tried it with just domains so it would be more efficient, but I > >>> can't seem to get them to run. > >>> Any suggestions? > >> > >> Use a database to store addresses you accept mail from. Apart from the > >> database, you'll need a Perl module to let SA look up addresses in the > >> database. > > > > Simpler as it involves no new coding: a local DNS server and a DNSBL > lookup > > rule with a negative score. There are instructions for setting such up > for > > local blacklists, that works equally well for a local whitelist. > > Ah, whoops. I had it in my head that emailBL had been implemented. Never > mind! > > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > jhar...@impsec.org pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- >The difference is that Unix has had thirty years of technical >types demanding basic functionality of it. And the Macintosh has >had fifteen years of interface fascist users shaping its progress. >Windows has the hairpin turns of the Microsoft marketing machine >and that's all.-- Red Drag Diva > --- > 5 days until Benjamin Franklin's 317th Birthday > -- Thanks! Joey
Re: Rule Help - not sure what is wrong with my syntax
On Thu, 12 Jan 2023, John Hardin wrote: On Thu, 12 Jan 2023, Martin Gregorie wrote: On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote: Hello All, I created this rule to check for email addresses matching a list to get added some negative value. I also tried it with just domains so it would be more efficient, but I can't seem to get them to run. Any suggestions? Use a database to store addresses you accept mail from. Apart from the database, you'll need a Perl module to let SA look up addresses in the database. Simpler as it involves no new coding: a local DNS server and a DNSBL lookup rule with a negative score. There are instructions for setting such up for local blacklists, that works equally well for a local whitelist. Ah, whoops. I had it in my head that emailBL had been implemented. Never mind! -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The difference is that Unix has had thirty years of technical types demanding basic functionality of it. And the Macintosh has had fifteen years of interface fascist users shaping its progress. Windows has the hairpin turns of the Microsoft marketing machine and that's all.-- Red Drag Diva --- 5 days until Benjamin Franklin's 317th Birthday
Re: Rule Help - not sure what is wrong with my syntax
On Thu, 12 Jan 2023, Martin Gregorie wrote: On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote: Hello All, I created this rule to check for email addresses matching a list to get added some negative value. I also tried it with just domains so it would be more efficient, but I can't seem to get them to run. Any suggestions? Use a database to store addresses you accept mail from. Apart from the database, you'll need a Perl module to let SA look up addresses in the database. Simpler as it involves no new coding: a local DNS server and a DNSBL lookup rule with a negative score. There are instructions for setting such up for local blacklists, that works equally well for a local whitelist. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.org pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- USMC Rules of Gunfighting #20: The faster you finish the fight, the less shot you will get. --- 5 days until Benjamin Franklin's 317th Birthday
Re: Rule Help - not sure what is wrong with my syntax
There's no need for any rules: whitelist_to us...@example.com whitelist_to *@domain.com And adjust USER_IN_WHITELIST_TO for score. (welcomelist_to / USER_IN_WELCOMELIST_TO in 4.0) On Wed, Jan 11, 2023 at 04:56:21PM -0800, Loren Wilton wrote: > ? > Why not do a simple rule rather than inventing some Perl code? > > header TO_SPECIFIC_EMAIL To:addr ~= '(?:\b[1]us...@example.com|\b[2] > us...@example.com|\b[3]us...@example.com)' > describe TO_SPECIFIC_EMAIL Mail to a specific email address > score TO_SPECIFIC_EMAIL -2 > > header TO_SPECIFIC_DOMAIN To:addr '(?:'\@example1\.com | \@example2\.com | \ > @example3\.com)' > describe TO_SPECIFIC_DOMAIN Mail to specific email domain > score TO_SPECIFIC_DOMAIN -2 > > or possibly > > header TO_SPECIFIC_DOMAIN To:addr '\@(?:example1\.com | example2\.com | > example3\.com)$' > > > Loren > > - Original Message - > From: [4]Joey J > To: [5]users@spamassassin.apache.org > Sent: Wednesday, January 11, 2023 3:39 PM > Subject: Rule Help - not sure what is wrong with my syntax > > Hello All, > > I created this rule to check for email addresses matching a list to get > added some negative value. > I also tried it with just domains so it would be more efficient, but I > can't seem to get them to run. > Any suggestions? > > header TO_SPECIFIC_EMAIL eval:check_to_specific_email() > describe TO_SPECIFIC_EMAIL Mail to a specific email address > > score TO_SPECIFIC_EMAIL -2 > > sub check_to_specific_email { > my ($self) = @_; > my $to = lc($self->get('To:addr')); > my $list_of_address = qr/[6]us...@example.com|[7]us...@example.com|[8] > us...@example.com/; > if ($to =~ $list_of_address) { > return 1; > } > return 0; > } > > > > > This version was to simply check for the domain matches, but can't seem to > get it to work > > > header TO_SPECIFIC_DOMAIN eval:check_to_specific_domain() > describe TO_SPECIFIC_DOMAIN Mail to specific email domain > > score TO_SPECIFIC_DOMAIN -2 > > sub check_to_specific_domain { > my ($self) = @_; > my $to = lc($self->get('To:addr')); > if ($to =~ /\@example1\.com$|\@example2\.com$|\@example3\.com$/) { > return 1; > } > return 0; > } > > > > > > > -- > Thanks! > Joey > > > > References: > > [1] mailto:bus...@example.com > [2] mailto:bus...@example.com > [3] mailto:bus...@example.com > [4] mailto:jacklistm...@gmail.com > [5] mailto:users@spamassassin.apache.org > [6] mailto:us...@example.com > [7] mailto:us...@example.com > [8] http://us...@example.com/
Re: Rule Help - not sure what is wrong with my syntax
On Wed, 2023-01-11 at 16:56 -0800, Loren Wilton wrote: > Why not do a simple rule rather than inventing some Perl code? > > header TO_SPECIFIC_EMAIL To:addr ~= > '(?:\bus...@example.com|\bus...@example.com|\bus...@example.com)' > describe TO_SPECIFIC_EMAIL Mail to a specific email address > score TO_SPECIFIC_EMAIL -2 > > header TO_SPECIFIC_DOMAIN To:addr '(?:'\@example1\.com | > \@example2\.com | \@example3\.com)' > describe TO_SPECIFIC_DOMAIN Mail to specific email domain > score TO_SPECIFIC_DOMAIN -2 > > or possibly > > header TO_SPECIFIC_DOMAIN To:addr '\@(?:example1\.com | example2\.com > | example3\.com)$' > > Agreed, though after a while the regex can get rather long and unwieldy, but its easy enough to keep the address list as a simple text file (one address per line) and write a simple program to create a syntactically correct SA rule from the list. That is easily done with Perl or (better) an awk script. Martin
Re: Rule Help - not sure what is wrong with my syntax
On Wed, 2023-01-11 at 18:39 -0500, Joey J wrote: > Hello All, > > I created this rule to check for email addresses matching a list to > get > added some negative value. > I also tried it with just domains so it would be more efficient, but I > can't seem to get them to run. > Any suggestions? > Use a database to store addresses you accept mail from. Apart from the database, you'll need a Perl module to let SA look up addresses in the database. How to populate the database is up to you: but adding addresses you send mail to and having your SA interface mark these addresses as not-spam is unlikely to cause false positives. My preferred way of populating the database depends on you running a local copy of Postfix. Configure Postfix to BCC all mail to a mailbox thats's scanned for outgoing mail and run an overnight process to add destination addresses from outbound mail to the database and discard the messages as they're processed. That said, I use this mechanism to populate a mail archive and a view to select the addresses I've sent mail to from the archive. This approach runs adequately fast and requires minimal maintenance apart from a weekly backup. HTH, Martin
Re: Rule Help - not sure what is wrong with my syntax
Why not do a simple rule rather than inventing some Perl code? header TO_SPECIFIC_EMAIL To:addr ~= '(?:\bus...@example.com|\bus...@example.com|\bus...@example.com)' describe TO_SPECIFIC_EMAIL Mail to a specific email address score TO_SPECIFIC_EMAIL -2 header TO_SPECIFIC_DOMAIN To:addr '(?:'\@example1\.com | \@example2\.com | \@example3\.com)' describe TO_SPECIFIC_DOMAIN Mail to specific email domain score TO_SPECIFIC_DOMAIN -2 or possibly header TO_SPECIFIC_DOMAIN To:addr '\@(?:example1\.com | example2\.com | example3\.com)$' Loren - Original Message - From: Joey J To: users@spamassassin.apache.org Sent: Wednesday, January 11, 2023 3:39 PM Subject: Rule Help - not sure what is wrong with my syntax Hello All, I created this rule to check for email addresses matching a list to get added some negative value. I also tried it with just domains so it would be more efficient, but I can't seem to get them to run. Any suggestions? header TO_SPECIFIC_EMAIL eval:check_to_specific_email() describe TO_SPECIFIC_EMAIL Mail to a specific email address score TO_SPECIFIC_EMAIL -2 sub check_to_specific_email { my ($self) = @_; my $to = lc($self->get('To:addr')); my $list_of_address = qr/us...@example.com|us...@example.com|us...@example.com/; if ($to =~ $list_of_address) { return 1; } return 0; } This version was to simply check for the domain matches, but can't seem to get it to work header TO_SPECIFIC_DOMAIN eval:check_to_specific_domain() describe TO_SPECIFIC_DOMAIN Mail to specific email domain score TO_SPECIFIC_DOMAIN -2 sub check_to_specific_domain { my ($self) = @_; my $to = lc($self->get('To:addr')); if ($to =~ /\@example1\.com$|\@example2\.com$|\@example3\.com$/) { return 1; } return 0; } -- Thanks! Joey
Rule Help - not sure what is wrong with my syntax
Hello All, I created this rule to check for email addresses matching a list to get added some negative value. I also tried it with just domains so it would be more efficient, but I can't seem to get them to run. Any suggestions? header TO_SPECIFIC_EMAIL eval:check_to_specific_email() describe TO_SPECIFIC_EMAIL Mail to a specific email address score TO_SPECIFIC_EMAIL -2 sub check_to_specific_email { my ($self) = @_; my $to = lc($self->get('To:addr')); my $list_of_address = qr/us...@example.com|us...@example.com| us...@example.com/; if ($to =~ $list_of_address) { return 1; } return 0; } This version was to simply check for the domain matches, but can't seem to get it to work header TO_SPECIFIC_DOMAIN eval:check_to_specific_domain() describe TO_SPECIFIC_DOMAIN Mail to specific email domain score TO_SPECIFIC_DOMAIN -2 sub check_to_specific_domain { my ($self) = @_; my $to = lc($self->get('To:addr')); if ($to =~ /\@example1\.com$|\@example2\.com$|\@example3\.com$/) { return 1; } return 0; } -- Thanks! Joey