It looks like you are blocking countries, it much better to do this at the
transport level of your MTA instead of accepting the *whole* email including
the data stream and then sending it to spamassassin to find out if it is
from an undesireable country. Example: If the HELOing MTA's name ends in .br I
hang up the phone and end the conversation right then and there.
I block unwanted countries at the helo greeting and at <mail from> address
using postfix.
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 11:57 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Rule Effeciency
/[EMAIL
PROTECTED](nl|ie|de|fr|pl|co\.za|co\.nz|dk|ch|ru|fi|mx|il|tw|ca|cz|lu|lt|ar).?$/i
^^ ^^
^^^
> The third marked part feels incorrect as well. Do you really
> want chars there? This can result in FP with (sub)-domains
> ending with the given TLDs, like "foo.de.edu".
RE: the third part. I see from fields ending in " and ) so I wanted a
complete wildcard here (though now im thinking [^\w] may have worked well
too?). After re-reading the ? option, I realize why I did this because
? means zero or one time. So .?$ matches zero or 1 character at the end of the
line after the expression. So it shouldn't FP on foo.de.edu. Right?
>
> >From =~ /[EMAIL PROTECTED](nl|ie|de|...|ar)>?$/
>
> The above RE will only trigger on TLDs that are at the end of
> the From: header (no real name) or ending with the optional
> ">" (with real name).
When I read this RE, it says match @.(nl|ie|de|...|ar) at the end of
the line. So it wouldn't match @foo.com.de. Am I missing something?
> > I apologize if anyone from the list is from any of these countries,
> > please don't take it personally.. ;)
>
> Although this is not SPAM, I get added half a point. Spammy me... ;-)
Spamassassin scored you 2.5 points for saying "this is not SPAM." :)
Thanks for the help! I've learned more about regex in the past 20 mins
then I have reading regex guides for 2 days.
