On Tuesday 31 January 2017 at 16:45:34, Zinski, Steve wrote: > Hello, I have a problem that I hope someone can help me with. > > I’m trying to write a custom rule to block a certain type of spam. When I > view the message source, the very last lines of the spam look like this:
How are you seeing this? Asking your mail client to "show source", or looking at the email as it appears whilst going through your mail server? > </table> > <img > src="http://trc.spammersdomain.com/redirect.php?email=redac...@richmond.ed > u"> </body> > </html> > > Every single rule that I’ve written fails to detect that redirect.php URI. > I’ve even tried a rule that simply reads: > > Full my_rule /redirect/is > Score my_rule 10.0 > > No match. I’ve tried full, rawbody, uri, and body, all to no avail. I’ve > even shortened the search string to “redi” (it’s a unique word) and still > no match. I’ve been writing rules for many years and this is the first > time I’ve seen this behavior. Any ideas? Is the email as seen by SpamAssassin Base-64 encoded? Antony. -- APL [is a language], in which you can write a program to simulate shuffling a deck of cards and then dealing them out to several players, in four characters, none of which appear on a standard keyboard. - David Given Please reply to the list; please *don't* CC me.
