Mailing List Archive

> meta FROM_CLIENT_TEST from FROM_CLIENT_EMAIL && FROM_CLIENT_IP

Is that a typo when you were making this mail, or is it actually how the line is coded? There is an extra "from" there.

Even if you fix that, you won't get the results you expect. Both FROM_CLIENT_EMAIL and FROM_CLIENT_IP will score as 1 point each if they hit, so your final adjusted score will be +1, not -1.

You can fix that in several ways:

header FROM_CLIENT_EMAIL From =~ /client@client\.com/i

score FROM_CLIENT_EMAIL 0.01

header FROM_CLIENT_IP Received =~ /from 138\.31\230\.222/

score FROM_CLIENT_IP 0.01



Or



header FROM_CLIENT_EMAIL From =~ /client@client\.com/i

header FROM_CLIENT_IP Received =~ /from 138\.31\230\.222/

meta FROM_CLIENT_TEST FROM_CLIENT_EMAIL && FROM_CLIENT_IP

score FROM_CLIENT_TEST -3.0



Or the probably best way once you have the tests debugged and you know they both hit correctly:



header __FROM_CLIENT_EMAIL From =~ /client@client\.com/i

header __FROM_CLIENT_IP Received =~ /from 138\.31\230\.222/

meta FROM_CLIENT_TEST __FROM_CLIENT_EMAIL && __FROM_CLIENT_IP

score FROM_CLIENT_TEST -1.0



The double underscore on the front of the rule will keep it from contributing a score of it's own, and it will not show in the list of hit rules. Thus you will only see the result of the meta.



Loren

On 2023-06-05 at 22:04:47 UTC-0400 (Mon, 5 Jun 2023 22:04:47 -0400)
<jacklistmail@gmail.com>
is rumored to have said:

> Hello All,
>
>
>
> I know this isn't the best method, I have to learn some of the
> previous
> suggestions, but I would like to get this rule to work.
>
> Not sure where I went wrong.
>
>
>
> header FROM_CLIENT_EMAIL From =~ /client@client\.com/i

Escape the @ with a \
SA uses Perl, so you need to escape %, @, and $ in regular expressions.

I think "spamassassin --lint" will catch unescaped special characters in
rules, and it is always a good idea to run that when you add or change
rules.

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Hello,


Thanks, it looks like there was an extra from in my code, it was that line
that gave me the error with -lint, it actually passed it with the @ escaped
or not will conduct ome test to make sure.





From: Loren Wilton <lwilton@earthlink.net>
Sent: Monday, June 5, 2023 11:15 PM
To: users@spamassassin.apache.org
Subject: Re: Help with rule



> meta FROM_CLIENT_TEST from FROM_CLIENT_EMAIL && FROM_CLIENT_IP



Is that a typo when you were making this mail, or is it actually how the
line is coded? There is an extra "from" there.



Even if you fix that, you won't get the results you expect. Both
FROM_CLIENT_EMAIL and FROM_CLIENT_IP will score as 1 point each if they
hit, so your final adjusted score will be +1, not -1.



You can fix that in several ways:



header FROM_CLIENT_EMAIL From =~ /client@client\.com/i

score FROM_CLIENT_EMAIL 0.01

header FROM_CLIENT_IP Received =~ /from 138\.31\230\.222/

score FROM_CLIENT_IP 0.01



Or





header FROM_CLIENT_EMAIL From =~ /client@client\.com/i

header FROM_CLIENT_IP Received =~ /from 138\.31\230\.222/

meta FROM_CLIENT_TEST FROM_CLIENT_EMAIL && FROM_CLIENT_IP

score FROM_CLIENT_TEST -3.0



Or the probably best way once you have the tests debugged and you know they
both hit correctly:



header __FROM_CLIENT_EMAIL From =~ /client@client\.com/i

header __FROM_CLIENT_IP Received =~ /from 138\.31\230\.222/

meta FROM_CLIENT_TEST __FROM_CLIENT_EMAIL && __FROM_CLIENT_IP

score FROM_CLIENT_TEST -1.0



The double underscore on the front of the rule will keep it from
contributing a score of it's own, and it will not show in the list of hit
rules. Thus you will only see the result of the meta.



Loren

On 05.06.23 22:04, jacklistmail@gmail.com wrote:
>I know this isn't the best method, I have to learn some of the previous
>suggestions, but I would like to get this rule to work.
>
>Not sure where I went wrong.
>
>header FROM_CLIENT_EMAIL From =~ /client@client\.com/i

I recommend to use From:addr, so you won't allow someone like:

"client@client.com <attacker@example.com>"

>header FROM_CLIENT_IP Received =~ /from 138\.31\230\.222/

This can be also tricked, I recommend using X-Spam-Relays-Trusted
pseudo-header:

https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustedRelays

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...

On Mon, 5 Jun 2023, jacklistmail@gmail.com wrote:

> header FROM_CLIENT_IP Received =~ /from 138\.31\230\.222/

Missing a period in that one.

> meta FROM_CLIENT_TEST from FROM_CLIENT_EMAIL && FROM_CLIENT_IP

Extra "from" already noted.

If you're looking to whitelist specific senders coming from specific IP
addresses, there's already built-in features for that. Look into
whitelist_from_rcvd, it may do exactly what you want.


--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
It is not the business of government to make men virtuous
or religious, or to preserve the fool from the consequences
of his own folly. -- Henry George
-----------------------------------------------------------------------
Today: the 79th anniversary of D-Day