On Wed, 17 Apr 2019 08:44:32 -0400 buy wrote: > Hi, > > I've been encountering spammers putting whitespace in the > domain area of a url. My rule is not catching them. > ... > Spamassassin rule looks like this (NO MATCH): > -------------------------------------------- > uri NC_SPAM292 /https?\:\/\/(?:\w*\.)*\s*miwilurt\.\s*com\// > score NC_SPAM292 50
presumably it either hasn't been parsed as a uri or the spaces have been removed. Try a body or rawbody rule.
