Why does your rule not work? It looks good to me, if you're trying to detect
a subject consisting of (for example): "hi it's John" or something. Can you
give some exact samples of subject lines you're trying to flag?
If this string ("hi it's xxxx") is the only thing in those subject fields -
nothing else at all - then it might be wise to anchor your regex to the
start and end of the field using ^ and $ as follows:
header HI_ITS_NAME Subject =~ /^hi it's +[a-z]+$/i
...That way, you avoid potential false positives.
Cheers,
Jeremy
"Simon" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>I was getting these spam emails with the subject "Name wrote:", so
> someone suggested i update SA and run sa-update. Which i have and its
> now solved that issue - nice.
>
> But now im getting subject "hi it's Name", does someone have a custom
> ruleset for this spam please? Im trying to write one myself with no
> luck:
>
> header HI_ITS_NAME Subject =~ /\bhi\sit's\s+[a-z]/i
> describe HI_ITS_NAME Hi It's Name in Subject
> score HI_ITS_NAME 6.5
>
