Please forgive me if these are easy/common questions. I have done some
searching and haven't found any clear answers.
I'm running SpamAssassin 3.4.4 in a cPanel environment.
1. What is the smallest increment for a rule score? I see some
indications that it's 0.1, others seem to say it is 0.01. Can I go to
0.001? Lower?
The reason for asking is that I want to use SpamAssassin to flag some
things that are suspicious but only when other conditions are met for
specific users. I'd like to have SA insert the rule text, eg.
LOCAL_SOME_RULE so that I can have an exim filter check for a specific
form of to address plus this rule match before removing the message. But
at the same time I don't want messages that match this rule generate
false positives for other users.
2. I would like to match against some suspicious URLs that contain long
sequences of random characters, but only have the rule match if I find
multiple URLs that follow the same pattern. Normally I would use
/(some-regex){5}/ but it seems that the rawbody command only looks at
smaller chunks of the message (in this case the spammer is sending
messages that are in the 11KB range and I have adjusted exim to pass
enough in $message_body to capture enough URLs to fire a rule).
Is it possible to configure SA to look at bigger chunks? 8 KB or even 16
KB would work. If not, is there a way to write a rule that counts the
total number of matches of a regex against the raw body?
searching and haven't found any clear answers.
I'm running SpamAssassin 3.4.4 in a cPanel environment.
1. What is the smallest increment for a rule score? I see some
indications that it's 0.1, others seem to say it is 0.01. Can I go to
0.001? Lower?
The reason for asking is that I want to use SpamAssassin to flag some
things that are suspicious but only when other conditions are met for
specific users. I'd like to have SA insert the rule text, eg.
LOCAL_SOME_RULE so that I can have an exim filter check for a specific
form of to address plus this rule match before removing the message. But
at the same time I don't want messages that match this rule generate
false positives for other users.
2. I would like to match against some suspicious URLs that contain long
sequences of random characters, but only have the rule match if I find
multiple URLs that follow the same pattern. Normally I would use
/(some-regex){5}/ but it seems that the rawbody command only looks at
smaller chunks of the message (in this case the spammer is sending
messages that are in the 11KB range and I have adjusted exim to pass
enough in $message_body to capture enough URLs to fire a rule).
Is it possible to configure SA to look at bigger chunks? 8 KB or even 16
KB would work. If not, is there a way to write a rule that counts the
total number of matches of a regex against the raw body?