efa-project.org

Hi,

We have a Watchguard Firewall with spamblocker license. The firewall marks all spam with ***SPAM***, then the e-mails are sent to the eFa server for a double check. I searched everywhere but what I found didn't work for me.
I've tried to create a rule that checks incoming e-mail message with the subject started with ***SPAM***, to be quarantined by the eFa.
I've tried in mailscanner.cf and also in local.cf, none with positive results.... all these files in /etc/mail/spamassassin

Here is my rule:

header MYRULE Subject =~ /***SPAM***/i
score MYRULE 10

What am I doing wrong??? Any help?

Thank you
Paulo Resende

one example from the headers:

From: Yolanda <huixinsoft40@foxmail.com>
Sender: Yolanda <lkeq@fpor.com>
To: inovacao@mydomain.com
Reply-To: Yolanda <huixinsoft40@foxmail.com>
Date: 24 Feb 2016 22:15:07 +0800
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
X-WatchGuard-Spam-ID: str=0001.0A0B0203.56CDBB36.0112,ss=4,re=0.000,recu=0.000,reip=0.000,pt=F_41101088,cl=4,cld=1,fgs=524
X-WatchGuard-Spam-Score: 4, spam; 0, virus threat unknown
X-WatchGuard-Mail-Client-IP: 223.240.81.143
X-WatchGuard-Mail-From: lkeq@fpor.com
X-WatchGuard-Mail-Recipients: inovacao@mydomain.com
Subject: ***SPAM*** pls send exhibition booth details to me
Message-Id: <20160224141620.37A5E104D3@ns2.mydomain.com>

Hi

a modification of \etc\mail\spamassassin\KAM.cf
should help. Try a modification of This code gives mails with the subject "[SPAM]" +10 points

I made it... but with a small trick...
Problem was regex in rule, it won't accept ***SPAM*** check.
The solution was to program firewall antipsam to rewrite SPAM and not ***SPAM***
I didn't lose time to check the right regex code to check for ***SPAM*** on the subject header.

Thanks.
Paulo

The ***'s are throwing you off, they need escaped