Hi,
We have a Watchguard Firewall with spamblocker license. The firewall marks all spam with ***SPAM***, then the e-mails are sent to the eFa server for a double check. I searched everywhere but what I found didn't work for me.
I've tried to create a rule that checks incoming e-mail message with the subject started with ***SPAM***, to be quarantined by the eFa.
I've tried in mailscanner.cf and also in local.cf, none with positive results.... all these files in /etc/mail/spamassassin
Here is my rule:
header MYRULE Subject =~ /***SPAM***/i
score MYRULE 10
What am I doing wrong??? Any help?
Thank you
Paulo Resende
one example from the headers:
From: Yolanda <huixinsoft40@foxmail.com>
Sender: Yolanda <lkeq@fpor.com>
To: inovacao@mydomain.com
Reply-To: Yolanda <huixinsoft40@foxmail.com>
Date: 24 Feb 2016 22:15:07 +0800
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
X-WatchGuard-Spam-ID: str=0001.0A0B0203.56CDBB36.0112,ss=4,re=0.000,recu=0.000,reip=0.000,pt=F_41101088,cl=4,cld=1,fgs=524
X-WatchGuard-Spam-Score: 4, spam; 0, virus threat unknown
X-WatchGuard-Mail-Client-IP: 223.240.81.143
X-WatchGuard-Mail-From: lkeq@fpor.com
X-WatchGuard-Mail-Recipients: inovacao@mydomain.com
Subject: ***SPAM*** pls send exhibition booth details to me
Message-Id: <20160224141620.37A5E104D3@ns2.mydomain.com>
Updated -Rule for archive mail with ***SPAM*** in subject
Re: Updated -Rule for archive mail with ***SPAM*** in subject
Hi
a modification of \etc\mail\spamassassin\KAM.cf
should help. Try a modification of
This code gives mails with the subject "[SPAM]" +10 points
a modification of \etc\mail\spamassassin\KAM.cf
Code: Select all
#PREV MARK
header __KAM_MARK1 Subject =~ /[\[\<](?:ADV|SPAM)[\>\]]/i
meta KAM_MARK (__KAM_MARK1 >= 1)
describe KAM_MARK Email arrived marked as Spam
score KAM_MARK 10.0Code: Select all
header __KAM_MARK1 Subject =~ /[\[\<](?:ADV|SPAM)[\>\]]/iRe: Updated -Rule for archive mail with ***SPAM*** in subject
I made it... but with a small trick...
Problem was regex in rule, it won't accept ***SPAM*** check.
The solution was to program firewall antipsam to rewrite SPAM and not ***SPAM***
I didn't lose time to check the right regex code to check for ***SPAM*** on the subject header.
Thanks.
Paulo
Problem was regex in rule, it won't accept ***SPAM*** check.
The solution was to program firewall antipsam to rewrite SPAM and not ***SPAM***
I didn't lose time to check the right regex code to check for ***SPAM*** on the subject header.
Thanks.
Paulo
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Updated -Rule for archive mail with ***SPAM*** in subject
The ***'s are throwing you off, they need escaped