We don't run Postfix here, but we can probably look for it elsewhere in
our stack instead.
Thanks to everyone that answered :)
On 23/07/2021 10.43, Laurent S. wrote:
Hi,
I know we are on the spamassassin mailing list, but another more radical
way to block those is directly in postfix with a header_check before
giving it to spamassassin
/^X-Spam-Flag: Yes/ REJECT Outscatter
/^X-(Spam|AES)-Category: (SPAM|PHISHING)/ REJECT Outscatter
But as a forewarning, the rare FPs can get quite frustrating if you use
this method.
Cheers,
Laurent
On 22.07.21 21:31, RW wrote:
On Thu, 22 Jul 2021 20:09:19 +0300
Henrik K wrote:
On Thu, Jul 22, 2021 at 08:06:15PM +0300, Henrik K wrote:
On Thu, Jul 22, 2021 at 05:15:54PM +0200, Martin Flygenring wrote:
Is there a limitation to SpamAssassin so it doesn't accept
looking for the two X-Spam-headers, or can you spot why this rule
isn't matching?
SA removes all X-Spam-* headers from the message, it's not possible
to match on them.
... except with a kludgy full rule that matches the whole pristine
message:
full X_SPAM_FOOBAR /^X-Spam-Foobar: xyz/m
There's no perfect way of doing this. The above has the problem of
going through the whole email, including big attachment. It can also
match falsely inside the body.
The test can be constrained within the headers, but that causes problems
with the debug capture.
This version captures a lot too much:
full X_SPAM_FOOBAR /^(?:.+\n)*X-Spam-Foobar: xyz/
This version capture nothing:
full X_SPAM_FOOBAR /^(?=(?:.+\n)*X-Spam-Foobar: xyz)/
I'd go for the latter.
All of the above is untested.
--
Martin Flygenring (maf)
Systems Engineer, One.com
