Hello I have a custom rule-
header NH_TDIALIN X-Spam-Relays-Untrusted =~ /^[^\]]+ rdns=.*dip\.t-dialin\.net/i score NH_TDIALIN 1.61 describe NH_TDIALIN Received directly from dynamic t-dialin.net address Now the regex should only match on anything in the first [...] block of the X-Spam-Relays-Untrusted header (Note the ^[^\]]+ part of the pattern; that skips anything but "]" characters, ensuring that the match will only happen within the first [...] block of the pseudo-header string. so says the page at http://wiki.apache.org/spamassassin/TrustedRelays), however the rule is being triggered by this- [ ip=212.227.17.8 rdns=moutng.kundenserver.de helo=moutng.kundenserver.de by=mail.redbus.holtain.net ident= envfrom= intl=0 id= auth= msa=0 ] [ ip=84.165.216.65 rdns=p54A5D841.dip.t-dialin.net helo=labsco.de by=mrelayeu.kundenserver.de ident= envfrom= intl=0 id=0MLOoU-1QCibS31jm-000eF3 auth= msa=0 ] where the t-dialin.net rdns is clearly in the second [...] block and indeed if I put the regex and the header in to my regex tester I get no match as expected. So why does Spamassassin find a match? -- Best regards, Niamh mailto:ni...@fullbore.co.uk
pgpFVtzPPjGIp.pgp
Description: PGP signature
