|Main Archive Page > Month Archives > spamassassin-users archives|
>Matus UHLAR - fantomas wrote:
>>I have made a few rules to match bodies of e-mail forwarded to our abuse
>>account. they should match if IP from our range appears in the abuse
>>body __GTSSK_IP04 /\b213\.215\.(6[4-9]|[7-9][0-9]|1[0-9]|12[0-7])\.\d/
>>should match any IP from range 188.8.131.52/18
On 02.12.11 10:31, Kris Deugau wrote:
>Only if this content is in the normal message body; if it's in an
>attachment or in the outer message headers this won't match.
>>header __GTSSK_IP04 Received =~
>If you're trying to match on RFC822 attached emails, you'll need to
>use the "mimeheader" rule type,
I am afraid this does not apply to Received: headers.
At least this rule:
mimeheader T_BLAH Received =~ /62\.168\.116\.69/
did not match this line:
Received: from [184.108.40.206] (helo=ns.nitranet.sk)
> with some negating rules to prevent
>hits on the outer message's headers. *sigh*
well, that is something I would like to avoid...
It's quite possible that received messages will have ouy IP ranges in
>>I have tried to use "rawbody" rule but still no match.
>>I have SA 3.3.1 with perl 5.8.8 on gentoo linux...
>>can either of those cause the problem?
>I've had the same sort of trouble matching the rejected message
>header in backscatter bounces. (If someone can explain to me why I
>should allow structurally legitimate postmaster notices responding to
>fake Twitter, Facebook, Linked, etc messages into customer's email
>accounts, I'm listening...)
>I've found I need to have a rawbody rule *and* mimeheader+(!header)
>in order to catch all of the variations assorted mail systems and
>mail clients generate. :(
which SA version?
-- Matus UHLAR - fantomas, uhlar_at_fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its friends are...