[BlueOnyx:26365] Re: AV-Spam rule expression
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Wed Jul 19 10:50:18 -05 2023
Hi Michael,
On 7/19/2023 10:14 AM, Michael Stauber via Blueonyx wrote:
> You want the rule to trigger on the subject (not body) and generally I
> also would throw a /i at the end of the rule to make it case
> insensitive. So it'll even trigger if some or all parts of the search
> text are capitalized. In that case the complete rule would look like
> this:
>
> header BTC_EXT0815 Subject =~ /I recorded you/i
> describe BTC_EXT0815 Bitcoin extortion scam
> score BTC_EXT0815 100
>
Thanks for this input.
For the sake of clarity in case this topic is searched in the future (I
tend to cross my own wake like that), I've been using the rule editor
contained in the AV-SPAM GUI pages by clicking to Server Management >
Network Services > AV-SPAM > SpamAssassin Rule Editor. I've found
that creates the rules stored in /etc/mail/spamassassin/globalextrarules.cf.
By checking the output of the rule in that file as entered, I determined
that it's not necessary to add any sort of expression syntax other than
what you want to match. (ie: no regex in the Expression field for the
AV-SPAM GUI.) The Rule Editor will then output the desired syntax
into the globalextrarules.cf file, including the /i on the end for
case-insensitivity.
In my case, it looks like this in the GUI:
Rule Name: RECORDEDYOU
Check: Subject: header
Expression: I recorded you
Score: 100
Description: Scammy "I RECORDED YOU!" message
That generates the following output in
/etc/mail/spamassassin/globalextrarules.cf:
header RECORDEDYOU Subject =~ /I recorded you/i
score RECORDEDYOU 100
describe RECORDEDYOU Scammy "I RECORDED YOU!" message
So it looks like things are on the right track. Now we'll just let
SpamAssassin do its thing. Feed it the spam and let it eat!
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
More information about the Blueonyx
mailing list