spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: matching headers/body of rfc822 attachment

matching headers/body of rfc822 attachment

From: Matus UHLAR - fantomas <uhlar_at_nospam>
Date: Fri Dec 02 2011 - 11:17:06 GMT


I have made a few rules to match bodies of e-mail forwarded to our
abuse account. they should match if IP from our range appears in the
abuse report:

body __GTSSK_IP04 /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/

should match any IP from range


I have received a complaint containing RFC822 attachment with this line
in headers of the attachment:

Received: from ([] by with esmtp (Exim 4.72) (envelope-from <>) id 1RUaIh-0000zs-8d for; Sun, 27 Nov 2011 09:41:28 +0100

Neither the body rule above, neither rule changed to header matched:

header __GTSSK_IP04 Received =~ /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/

even if "pcregrep" with same pattern matched the line...

I have tried to use "rawbody" rule but still no match.

I have SA 3.3.1 with perl 5.8.8 on gentoo linux...
can either of those cause the problem?
-- Matus UHLAR - fantomas, ; Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that.