On Thu, 2009-02-19 at 14:50 +0000, Nigel Frankcom wrote: > Hi All, > > I've written the following rule to deal with spam a particular set of > users are getting hit by that very few of my rules are hitting. > > Using --lint the rule come back clean but on testing it appears to be > ignored. It's in the spamassassin directory. > > Am I missing something stupid? (Wouldn't be the 1st time) > > header __NFheader ALL =~ /live\.com/i > score __NFheader 0.1 > uri __NFuri /www\.google\.com\/groups\// > score __NFuri 0.1 > meta NFheader_Details (__NFheader && __NFuri) > describe NFheader_Details live dot com spam > score NFheader_Details 5.0 > As others have said, meta subrules don't have scores.
I prefer to develop a meta rule without adding the __ prefix to the subrules because then you can see which subrules fire. When you're happy that everything is working you can either add the __ prefix (and remember to change the meta rule to match) or simply add low scores to the subrules. I use spamc/spamd for live running and test new rules like this: 1) login as root. Edit local rules, which are in /etc/mail/spamassassin. Check for errors by running "spamassassin --lint -D" as root. When there are no errors, restart spamd 2) check the new rule by using "spamc <testmsg" to check that the rule does in fact recognise the messag(es) that it should tag as spam. 3) check that the new rule doesn't generate false positives by regression testing against my entire test message collection. If it hits any other messages, see why and correct it as necessary. Feeding test messages through spamc has the advantage that I know that spamd is running in the same environment during testing as it will use for live operation. If I'm concerned that rules being tested might hit the live message stream I can easily enough stop Postfix for 5-10 minutes while I do the tests. A subsidiary benefit is that I can keep the test messages in a standard login directory. Martin
