Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
How to define rule?
joea at j4computers
Jan 27, 2020, 1:21 PM
Post #1 of 3 (239 views)
Permalink
Not sure how to phrase the question, but I wonder about creating a rule.

In /etc/mail/spamassassin/local.cf I see the following, and believe it is a long forgotten custom rule:

header PW_IS_BAD_TLD From =~ /\.pw\b/
describe PW_IS_BAD_TLD PW TLD ABUSE
score PW_IS_BAD_TLD 4.0

Could someone describe the basics of this, or point me to a good starting point to figure it out? I presume the "header" part defining "From" with a Regex, the assigning a weight with "score".



--
+++++++++++++++++++++++
joea@@j4computers.com
https://www.j4computers.com
845-687-3734
+++++++++++++++++++++++
Re: How to define rule? [ In reply to ]
joea at j4computers
Jan 27, 2020, 1:45 PM
Post #2 of 3 (239 views)
Permalink
>>>
> Not sure how to phrase the question, but I wonder about creating a rule.
>
> In /etc/mail/spamassassin/local.cf I see the following, and believe it is a
> long forgotten custom rule:
>
> header PW_IS_BAD_TLD From =~ /\.pw\b/
> describe PW_IS_BAD_TLD PW TLD ABUSE
> score PW_IS_BAD_TLD 4.0
>
> Could someone describe the basics of this, or point me to a good starting
> point to figure it out? I presume the "header" part defining "From" with a
> Regex, the assigning a weight with "score".
>

Well, never mind, for now anyway. It was easier to find an easy to follow guide than I feared.


--
+++++++++++++++++++++++
joea@@j4computers.com
https://www.j4computers.com
845-687-3734
+++++++++++++++++++++++
Re: How to define rule? [ In reply to ]
sausers-20150205 at billmail
Jan 27, 2020, 1:58 PM
Post #3 of 3 (239 views)
Permalink
On 27 Jan 2020, at 16:21, Joe Acquisto-j4 wrote:

> Not sure how to phrase the question, but I wonder about creating a
> rule.
>
> In /etc/mail/spamassassin/local.cf I see the following, and believe
> it is a long forgotten custom rule:
>
> header PW_IS_BAD_TLD From =~ /\.pw\b/
> describe PW_IS_BAD_TLD PW TLD ABUSE
> score PW_IS_BAD_TLD 4.0
>
> Could someone describe the basics of this, or point me to a good
> starting point to figure it out?

Running "perldoc Mail::SpamAssassin::Conf" will give you a near-complete
rundown of how rules are structured, and what's not there isn't involved
here and almost no one needs. (it IS documented in other SA modules)


> I presume the "header" part defining "From" with a Regex, the
> assigning a weight with "score".

Yes. Each line that is part of a rule definition starts with a keyword
stating what type of configuration info the line contains (e.g. a
'header' rule) followed by the name of the rule it is part of (in this
case, PW_IS_BAD_TLD) and then the config info itself, which varies
depending on the first token.

With a "header" rule, the remainder of the line contains a header name
(From, in this case) a matching operator (=~ is a positive match, !~ for
a negative match) and a Perl regular expression between 2 / characters,
which in this case is '/\.pw\b/' which translates to ".pw not
immediately followed by a word-type character."

And, obviously, the 'score' line gives the PW_IS_BAD_TLD rule a robust
score of 4.0. Since the default spam threshold is 5.0, this is not quite
an absolute condemnation, but it leaves little space for weaker spam
signs to match.

The 'describe' line for PW_IS_BAD_TLD contains the obscure quasi-phrase
"PW TLD ABUSE" which is, I presume, a reference to the fact that the
'pw' top-level domain was badly abused by spammers when it first opened
up with a very cheap price on domains.

Hope that helps...

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal