spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: matching headers/body of rfc822 attachment

matching headers/body of rfc822 attachment

From: Matus UHLAR - fantomas <uhlar_at_nospam>
Date: Fri Dec 02 2011 - 11:17:06 GMT
To: users@spamassassin.apache.org

Hello,

I have made a few rules to match bodies of e-mail forwarded to our
abuse account. they should match if IP from our range appears in the
abuse report:

body __GTSSK_IP04 /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/

should match any IP from range 213.215.64.0/18

However:

I have received a complaint containing RFC822 attachment with this line
in headers of the attachment:

Received: from a43.pbi.bn.cust.gts.sk ([213.215.106.107] helo=smtp.pbi.sk) by mail.kontaktco.at with esmtp (Exim 4.72) (envelope-from <info@hi5.com>) id 1RUaIh-0000zs-8d for gerhard.gollner@kontaktco.at; Sun, 27 Nov 2011 09:41:28 +0100

Neither the body rule above, neither rule changed to header matched:

header __GTSSK_IP04 Received =~ /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/

even if "pcregrep" with same pattern matched the line...

I have tried to use "rawbody" rule but still no match.

I have SA 3.3.1 with perl 5.8.8 on gentoo linux...
can either of those cause the problem?
-- Matus UHLAR - fantomas, uhlar_at_fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that.